A Distributed TCAM Coprocessor Architecture for Integrated Policy Filtering and Content Filtering

Policy Filtering (PF) and Content Filtering (CF) are two important tasks in packet forwarding of today's Internet. It is both technologically and economically important to develop integrated solutions for executing both tasks to reduce cost. In this paper, we propose a distributed Ternary Content Addressable Memory (TCAM) coprocessor architecture to allow fast and integrated PF and CF. Due to significant requirement diversities in both lookup load and storage load between PF and CF, the integrated solution exploits the complementary characteristics of the two tasks and well balances both the lookup load and storage load among TCAMs. A prefix filtering based CF algorithm is designed to reduce the lookup load and a novel cache mechanism is developed to dynamically handle the lookups from overloaded TCAMs. Simulations based on real-world traffic traces show that the proposed solution can match 10Gbps line rate for executing both PF and CF with the similar costs as CF task only.

[1]  Huan Liu,et al.  Efficient mapping of range classifier into ternary-CAM , 2002, Proceedings 10th Symposium on High Performance Interconnects.

[2]  Anand Rangarajan,et al.  Algorithms for advanced packet classification with ternary CAMs , 2005, SIGCOMM '05.

[3]  Mehrdad Nourani,et al.  A TCAM-Based Parallel Architecture for High-Speed Packet Forwarding , 2007, IEEE Transactions on Computers.

[4]  Antonius P. J. Engbersen,et al.  Fast and scalable packet classification , 2003, IEEE J. Sel. Areas Commun..

[5]  Francis Zane,et al.  Coolcams: power-efficient TCAMs for forwarding engines , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[6]  Viktor K. Prasanna,et al.  Time and area efficient pattern matching on FPGAs , 2004, FPGA '04.

[7]  Nen-Fu Huang,et al.  Hierarchical multi-pattern matching algorithm for network content inspection , 2008, Inf. Sci..

[8]  Christopher Krügel,et al.  Stateful intrusion detection for high-speed network's , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[9]  Randy H. Katz,et al.  Efficient multi-match packet classification with TCAM , 2004, Proceedings. 12th Annual IEEE Symposium on High Performance Interconnects.

[10]  Bin Liu,et al.  A TCAM-based distributed parallel IP lookup scheme and performance analysis , 2006, IEEE/ACM Transactions on Networking.

[11]  Bin Liu,et al.  DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors , 2008, IEEE Transactions on Computers.

[12]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[13]  Viktor K. Prasanna,et al.  Beyond TCAMs: An SRAM-Based Parallel Multi-Pipeline Architecture for Terabit IP Lookup , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[14]  Huan Liu Routing Table Compaction in Ternary CAM , 2002, IEEE Micro.

[15]  W. Lu,et al.  Low-Power TCAMs for Very Large Forwarding Tables , 2010, IEEE/ACM Transactions on Networking.

[16]  Jonathan S. Turner,et al.  ClassBench: A Packet Classification Benchmark , 2005, IEEE/ACM Transactions on Networking.

[17]  Rina Panigrahy,et al.  Reducing TCAM power consumption and increasing throughput , 2002, Proceedings 10th Symposium on High Performance Interconnects.

[18]  John W. Lockwood,et al.  Rethinking Hardware Support for Network Analysis and Intrusion Prevention , 2006, HotSec.

[19]  Devavrat Shah,et al.  Fast Updating Algorithms for TCAMs , 2001, IEEE Micro.