Multicore Flow Processor with Wire‐Speed Flow Admission Control

We propose a flow admission control (FAC) for setting up a wire-speed connection for new flows based on their negotiated bandwidth. It also terminates a flow that does not have a packet transmitted within a certain period determined by the users. The FAC can be used to provide a reliable transmission of user datagram and transmission control protocol applications. If the period of flows can be set to a short time period, we can monitor active flows that carry a packet over networks during the flow period. Such powerful flow management can also be applied to security systems to detect a denial-of-service attack. We implement a network processor called a flow management network processor (FMNP), which is the second generation of the device that supports FAC. It has forty reduced instruction set computer core processors optimized for packet processing. It is fabricated in 65-nm CMOS technology and has a 40-Gbps process performance. We prove that a flow router equipped with an FMNP is better than legacy systems in terms of throughput and packet loss.

[1]  Vern Paxson,et al.  End-to-end Internet packet dynamics , 1997, SIGCOMM '97.

[2]  G. Amdhal,et al.  Validity of the single processor approach to achieving large scale computing capabilities , 1967, AFIPS '67 (Spring).

[3]  R. Govindarajan,et al.  Packet Reordering in Network Processors , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[4]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[5]  Brian E. Carpenter,et al.  IPv6 Flow Label Specification , 2004, RFC.

[6]  Nevil Brownlee,et al.  Traffic Flow Measurement: Architecture , 1999, RFC.

[7]  Jani Lakkakorpi,et al.  Flexible admission control for DiffServ access networks , 2003, SPIE ITCom.

[8]  Richard Mortier,et al.  Implicit admission control , 2000, IEEE Journal on Selected Areas in Communications.

[9]  Anurag Kumar,et al.  Nonintrusive TCP connection admission control for bandwidth management of an Internet access link , 2000, IEEE Commun. Mag..

[10]  Yi Cui,et al.  A Measurement Study on Video Acceleration Service , 2009, 2009 6th IEEE Consumer Communications and Networking Conference.

[11]  J. W. Roberts,et al.  Quality of Service by flow–aware networking , 2000, Philosophical Transactions of the Royal Society of London. Series A: Mathematical, Physical and Engineering Sciences.

[12]  Simon Oechsner,et al.  Modeling and performance evaluation of an OpenFlow architecture , 2011, 2011 23rd International Teletraffic Congress (ITC).

[13]  Seungwook Min,et al.  DDoS Detection Algorithm Using the Bidirectional Session , 2011, CN.

[14]  Kyung Ho Lee,et al.  Quality‐of‐Service Mechanisms for Flow‐Based Routers , 2008 .

[15]  Soon Seok Lee,et al.  Scalable flow-based network processor for premium network services , 2011, ICTC 2011.

[16]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[17]  Mark Handley,et al.  Datagram Congestion Control Protocol (DCCP) , 2006, RFC.