Towards a GPU accelerated virtual machine for massively parallel packet classification and filtering

This paper considers the application of GPU co-processors to accelerate the analysis of packet data, particularly within extremely large packet traces spanning months or years of traffic. Discussion focuses on the construction, performance and limitations of the experimental GPF (GPU Packet Filter), which employs a prototype massively-parallel protocol-independent multi-match algorithm to rapidly compare packets against multiple arbitrary filters. The paper concludes with a consideration of mechanisms to expand the flexibility and power of the GPF algorithm to construct a fully programmable GPU packet classification virtual machine, which can perform massively parallel classification, data-mining and data-transformation to explore and analyse packet traces. This virtual machine is a component of a larger framework of capture analysis tools which together provide capture indexing, manipulation, filtering and visualisation functions.

[1]  David E. Taylor Survey and taxonomy of packet classification techniques , 2005, CSUR.

[2]  Angelos D. Keromytis,et al.  xPF: packet filtering for low-cost network monitoring , 2002, Workshop on High Performance Switching and Routing, Merging Optical and IP Technologie.

[3]  Antonius P. J. Engbersen,et al.  Fast and scalable packet classification , 2003, IEEE J. Sel. Areas Commun..

[4]  Viktor K. Prasanna,et al.  Large-scale wire-speed packet classification on FPGAs , 2009, FPGA '09.

[5]  Terence Parr The Definitive ANTLR Reference: Building Domain-Specific Languages , 2007 .

[6]  Alastair Nottingham,et al.  GPF : a framework for general packet classification on GPU co-processors , 2012 .

[7]  Alastair Nottingham,et al.  CaptureFoundry: a GPU accelerated packet capture analysis tool , 2012, SAICSIT '12.

[8]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[9]  Vinod Yegneswaran,et al.  Characteristics of internet background radiation , 2004, IMC '04.

[10]  Jonathan S. Turner,et al.  Packet classification using extended TCAMs , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[11]  Sotiris Ioannidis,et al.  Efficient packet monitoring for network management , 2002, NOMS 2002. IEEE/IFIP Network Operations and Management Symposium. ' Management Solutions for the New Communications World'(Cat. No.02CH37327).

[12]  Anand Rangarajan,et al.  Algorithms for advanced packet classification with ternary CAMs , 2005, SIGCOMM '05.

[13]  Zhenyu Wu,et al.  Swift: A Fast Dynamic Packet Filter , 2008, NSDI.

[14]  T. V. Lakshman,et al.  High-speed policy-based packet forwarding using efficient multi-dimensional range matching , 1998, SIGCOMM '98.

[15]  Viktor K. Prasanna,et al.  Field-split parallel architecture for high performance multi-match packet classification using FPGAs , 2009, SPAA '09.

[16]  Brian N. Bershad,et al.  Efficient Packet Demultiplexing for Multiple Endpoints and Large Messages , 1994, USENIX Winter.

[17]  Steven McCanne,et al.  BPF+: exploiting global data-flow optimization in a generalized packet filter architecture , 1999, SIGCOMM '99.

[18]  Sotiris Ioannidis,et al.  Gnort: High Performance Network Intrusion Detection Using Graphics Processors , 2008, RAID.

[19]  Eric Wustrow,et al.  Internet background radiation revisited , 2010, IMC '10.

[20]  Paul R. Borman,et al.  Flexible Packet Filtering: Providing a Rich Toolbox , 2002, BSDCon.

[21]  George Varghese,et al.  Packet classification for core routers: is there an alternative to CAMs? , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[22]  Filip De Turck,et al.  Efficient packet classification on network processors , 2008, Int. J. Commun. Syst..

[23]  Herbert Bos,et al.  FFPF: Fairly Fast Packet Filters , 2004, OSDI.