skip to main content
10.1145/1323548.1323550acmconferencesArticle/Chapter ViewAbstractPublication PagesancsConference Proceedingsconference-collections
research-article

Ruler: high-speed packet matching and rewriting on NPUs

Published: 03 December 2007 Publication History

Abstract

Programming specialized network processors (NPU) is inherently difficult. Unlike mainstream processors where architectural features such as out-of-order execution and caches hide most of the complexities of efficient program execution, programmers of NPUs face a 'bare-metal' view of the architecture. They have to deal with a multithreaded environment with a high degree of parallelism, pipelining and multiple, heterogeneous, execution units and memory banks. Software development on such architectures is expensive. Moreover, different NPUs, even within the same family, differ considerably in their architecture, making portability of the software a major concern. At the same time expensive network processing applications based on deep packet inspection are both in-creasingly important and increasingly difficult to realize due to high link rates. They could potentially benefit greatly from the hardware features offered by NPUs, provided they were easy to use. We therefore propose to use more abstract programming models that hide much of the complexity of 'bare-metal' architectures from the programmer. In this paper, we present one such programming model: Ruler, a flexible high-level language for deep packet in-spection (DPI) and packet rewriting that is easy to learn, platform independent and lets the programmer concentrate on the functionality of the application. Ruler provides packet matching and rewrit-ing based on regular expressions. We describe our implementa-tion on the Intel IXP2xxx NPU and show how it provides versatile packet processing at gigabit line rates.

References

[1]
A. V. Aho and M. J. Corasick. Efficient string matching: an aid to bibliographic search. Commun. ACM, 18(6):333--340, 1975.
[2]
Z. K. Baker and V. K. Prasanna. High-throughput linked-pattern matching for intrusion detection systems. In ANCS '05: Proceedings of the 2005 symposium on Architecture for networking and communications systems, pages 193--202, New York, NY, USA, 2005. ACM Press.
[3]
H. Bos and K. Huang. Towards software-based signature detection for intrusion prevention on the network card. In Proceedings of Eighth International Symposium on Recent Advances in Intrusion Detection (RAID2005), Seattle, WA, September 2005.
[4]
B. C. Brodie, D. E. Taylor, and R. K. Cytron. A scalable architecture for high-throughput regular-expression pattern matching. In ISCA '06: Proceedings of the 33rd annual international symposium on Computer Architecture, pages 191--202, Washington, DC, USA, 2006. IEEE Computer Society.
[5]
S. Carr and P. Sweany. Automatic data partitioning for the agere payload plus network processor. In CASES '04: Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systems, pages 238--247, New York, NY, USA, 2004. ACM Press.
[6]
R. K. Cunningham, R. P. Lippmann, D. J. Fried, S. L. Garfinkel, I. Graf, K. R. Kendall, S. E. Webster, D. Wyschogrod, and M. A. Zissman. Evaluating intrusion detection systems without attacking your friends: The 1998 DARPA intrusion detection evaluation. In SANS 1999, 1999.
[7]
1998 DARPA intrusion detection evaluation data set. webpage. www.ll.mit.edu/IST/ideval/data/1998/1998_data_index.html.
[8]
W. de Bruijn, A. Slowinska, K. van Reeuwijk, T. Hruby, L. Xu, and H. Bos. Safecard: a gigabit ips on the network card. In Proceedings of 9th International Symposium on Recent Advances in Intrusion Detection (RAID'06), Hamburg, Germany, September 2006.
[9]
S. Dharmapurikar and J. Lockwood. Fast and scalable pattern matching for content filtering. In ANCS '05: Proceedings of the 2005 symposium on Architecture for networking and communications systems, pages 183--192, New York, NY, USA, 2005. ACM Press.
[10]
U. Erlingsson, M. S. Krishnamoorthy, and T. V. Raman. Efficient multiway radix search trees. Information Processing Letters, 60(3):115--120, 1996.
[11]
J. Gait. Hash table methods for case statements. In ACM-SE 20: Proceedings of the 20th annual Southeast regional conference, pages 211--216, New York, NY, USA, 1982. ACM Press.
[12]
G. Gilder. Telecosm: how infinite bandwidth will revolutionise our world. Audio-Teck Business Book Summaries, 9(12):9--24, Dec. 2000.
[13]
Intel. Intel c IXP2XXX Product Line of Network Processors. http://www.intel.com/design/network/products/npfamily/ixp2xxx.htm.
[14]
Intel. Intel c XScale Technology. http://www.intel.com/design/intelxscale/.
[15]
S. J., O. R., and A. Kuznetsov. Beyond Softnet. In 5th Annual Linux Showcase and Conference, pages 165--172, November 2001.
[16]
S. Kumar, S. Dharmapurikar, F. Yu, P. Crowley, and J. Turner. Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In SIGCOMM '06: Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, pages 339--350, New York, NY, USA, 2006. ACM Press.
[17]
S. Kumar, J. Turner, and J. Williams. Advanced algorithms for fast and scalable deep packet inspection. In ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems, pages 81--92, New York, NY, USA, 2006. ACM Press.
[18]
L. Lamport. A new solution of Dijkstra's concurrent programming problem. Commun. ACM, 17(8):453--455, 1974.
[19]
V. Laurikari. NFAs with tagged transitions, their conversion to deterministic automata and application to regular expressions. SPIRE, 00:181, 2000.
[20]
P. Piyachon and Y. Luo. Efficient memory utilization on network processors for deep packet inspection. In ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems, pages 71--80, New York, NY, USA, 2006. ACM Press.
[21]
M. Roesch. Snort - lightweight intrusion detection for networks. In Proceedings of the 13th Conference on Systems Administration (LISA-99), pages 229--238. USENIX, November 1999.
[22]
J. Wagner and R. Leupers. C compiler design for an industrial network processor. In LCTES '01: Proceedings of the ACM SIGPLAN workshop on Languages, compilers and tools for embedded systems, pages 155--164, New York, NY, USA, 2001. ACM Press.
[23]
F. Yu, Z. Chen, Y. Diao, T. V. Lakshman, and R. H. Katz. Fast and memory-efficient regular expression matching for deep packet inspection. In ANCS'06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems, pages 93--102, New York, NY, USA, 2006. ACM Press.
[24]
F. Yu, R. H. Katz, and T. V. Lakshman. Gigabit rate packet pattern-matching using TCAM. In ICNP '04: Proceedings of the Network Protocols, 12th IEEE International Conference on (ICNP'04), pages 174--183, Washington, DC, USA, 2004. IEEE Computer Society.

Cited By

View all
  • (2016)A NEaT Design for Reliable and Scalable Network StacksProceedings of the 12th International on Conference on emerging Networking EXperiments and Technologies10.1145/2999572.2999579(359-373)Online publication date: 6-Dec-2016
  • (2016)Modeling Distributed Real-Time Systems in TIOA and UPPAALACM Transactions on Embedded Computing Systems10.1145/296420216:1(1-26)Online publication date: 23-Oct-2016
  • (2015)Architectural Support for Dynamic LinkingACM SIGARCH Computer Architecture News10.1145/2786763.269439243:1(691-702)Online publication date: 14-Mar-2015
  • Show More Cited By

Index Terms

  1. Ruler: high-speed packet matching and rewriting on NPUs

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      ANCS '07: Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
      December 2007
      212 pages
      ISBN:9781595939456
      DOI:10.1145/1323548
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 03 December 2007

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. TDFA
      2. deep packet inspection
      3. network processors
      4. regular expressions

      Qualifiers

      • Research-article

      Conference

      ANCS07

      Acceptance Rates

      ANCS '07 Paper Acceptance Rate 20 of 70 submissions, 29%;
      Overall Acceptance Rate 88 of 314 submissions, 28%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)5
      • Downloads (Last 6 weeks)2
      Reflects downloads up to 11 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2016)A NEaT Design for Reliable and Scalable Network StacksProceedings of the 12th International on Conference on emerging Networking EXperiments and Technologies10.1145/2999572.2999579(359-373)Online publication date: 6-Dec-2016
      • (2016)Modeling Distributed Real-Time Systems in TIOA and UPPAALACM Transactions on Embedded Computing Systems10.1145/296420216:1(1-26)Online publication date: 23-Oct-2016
      • (2015)Architectural Support for Dynamic LinkingACM SIGARCH Computer Architecture News10.1145/2786763.269439243:1(691-702)Online publication date: 14-Mar-2015
      • (2015)GPU ConcurrencyACM SIGARCH Computer Architecture News10.1145/2786763.269439143:1(577-591)Online publication date: 14-Mar-2015
      • (2015)Freecursive ORAMACM SIGARCH Computer Architecture News10.1145/2786763.269435343:1(103-116)Online publication date: 14-Mar-2015
      • (2015)Synchronization Using Remote-Scope PromotionACM SIGARCH Computer Architecture News10.1145/2786763.269435043:1(73-86)Online publication date: 14-Mar-2015
      • (2015)Modeling complex packet filters with finite state automataIEEE/ACM Transactions on Networking10.1109/TNET.2013.229073923:1(42-55)Online publication date: 1-Feb-2015
      • (2013)DandelionProceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles10.1145/2517349.2522715(49-68)Online publication date: 3-Nov-2013
      • (2013)Synthesis of biological models from mutation experimentsACM SIGPLAN Notices10.1145/2480359.242912548:1(469-482)Online publication date: 23-Jan-2013
      • (2013)Universal properties of impure programming languagesACM SIGPLAN Notices10.1145/2480359.242909148:1(179-192)Online publication date: 23-Jan-2013
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media