SCALABLE PACKET PROCESSING FOR HIGH-SPEED NETWORKS
Rapid expansion of the Internet has led to the exponential growth of requirement for high speed packet processing, including both header processing and payload processing. In network applications such as Routers, Firewalls and Intrusion Detection Systems (IDS), there are three important issues needed to be designed efficiently to support today's high speed network: IP route lookup, packet classification and deep packet inspection. And these three procedures are usually implemented as different components, which make packet processing too slow to meet high-speed network's requirements. So how to design efficient packet processing components is very important. Special hardware, such as TCAMs, are widely used networking applications to achieve high throughput, but their disadvantages such as high cost and high power consumption usually limit their application. We focus on these issues and design efficient schemes to solve problems in today's and tomorrow's networks. Our approaches are based on the observation that all of these components contain redundancy and we can reduce the hardware consumption and increase the throughput if we can remove the redundancy efficiently. Furthermore, we remove the redundancy between different components to further improve the performance and we propose a new integrated architecture which integrates these three components efficiently. In order to design an efficient combined security gateway system, we first focus on how to design efficient three individual components, including routing table lookup, packet classification and deep packet inspection, and then propose an efficient combination approach to further reduce hardware consumption and increase overall throughput. Our approaches are mainly based on Ternary Content Addressable Memories (TCAMs) and the system can be easily implemented in a single FPGA.We focus on how to reduce redundancy in both individual components and integrated architecture to not only reduce the hardware consumption but also increase the overall throughput. The simulation results on both proposed individual components and integrated architecture show that we can achieve expected goals.