Results 1  10
of
14
HashBased Techniques for HighSpeed Packet Processing
"...
Hashing is an extremely useful technique for a variety of highspeed packetprocessing applications in routers. In this chapter, we survey much of the recent work in this area, paying particular attention to the interaction between theoretical and applied research. We assume very little background ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
Hashing is an extremely useful technique for a variety of highspeed packetprocessing applications in routers. In this chapter, we survey much of the recent work in this area, paying particular attention to the interaction between theoretical and applied research. We assume very little background in either the theory or applications of hashing, reviewing the fundamentals as necessary.
Spacetime tradeoffs in softwarebased deep packet inspection
 In IEEE HPSR, 2011
"... Abstract—Deep Packet Inspection (DPI) lies at the core of ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
Abstract—Deep Packet Inspection (DPI) lies at the core of
Offset Addressing Approach to MemoryEfficient IP Address Lookup
"... Abstract—This paper presents a novel offset encoding scheme for memoryefficient IP address lookup, called Offset Encoded Trie (OET). Each node in the OET contains only a next hop bitmap and an offset value, without the child pointers and the next hop pointers. Each traversal node uses the next hop ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract—This paper presents a novel offset encoding scheme for memoryefficient IP address lookup, called Offset Encoded Trie (OET). Each node in the OET contains only a next hop bitmap and an offset value, without the child pointers and the next hop pointers. Each traversal node uses the next hop bitmap and the offset value as two offsets to determine the location address of the next node to be searched. The onchip OET is searched to find the longest matching prefix, and then the prefix is used as a key to retrieve the corresponding next hop from an offchip prefix hash table. Experiments on real IP forwarding tables show that the OET outperforms previous multibit trie schemes in terms of the memory consumption. The OET facilitates the far more effective use of onchip memory for faster IP address lookup. I.
When Cycles are Cheap, Some Tables Can Be Huge
"... The goal of this paper is to raise a new question: What changes in operating systems and networks if it were feasible to have a (type of) lookup table that supported billions, or hundreds of billions, of entries, using only a few bits per entry. We do so by showing that the progress of Moore’s law, ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
The goal of this paper is to raise a new question: What changes in operating systems and networks if it were feasible to have a (type of) lookup table that supported billions, or hundreds of billions, of entries, using only a few bits per entry. We do so by showing that the progress of Moore’s law, continuing to give more and more transistors per chip, makes it possible to apply formerly ludicrous amounts of bruteforce parallel computation to find spacesavings opportunities. We make two primary observations: First, that some applications can tolerate getting an incorrect answer from the table if they query for a key that is not in the table. For these applications, we can discard the keys entirely, using storage space only for the values. Further, for some applications, the value is not arbitrary. If the range of output values is small, we can instead view the problem as one of set separation. These two observations allow us to shrink the size of the mapping by brute force searching for a “perfect mapping ” from inputs to outputs that (1) does not store the input keys; and (2) avoids collisions (and thus the related storage). Our preliminary results show that we can reduce memory consumption by an order of magnitude compared to traditional hash tables while providing competitive or better lookup performance. 1
A MultiDimensional Progressive Perfect Hashing for HighSpeed String Matching
 2011 Seventh ACM/IEEE Symposium on Architectures for Networking and Communications Systems 9780769545219/11 © 2011 IEEE
"... AhoCorasick (AC) automaton is widely used for multistring matching in today’s Network Intrusion Detection System (NIDS). With fastgrowing rule sets, implementing AC automaton with a small memory without sacrificing its performance has remained challenging in NIDS design. In this paper, we propose ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
AhoCorasick (AC) automaton is widely used for multistring matching in today’s Network Intrusion Detection System (NIDS). With fastgrowing rule sets, implementing AC automaton with a small memory without sacrificing its performance has remained challenging in NIDS design. In this paper, we propose a multidimensional progressive perfect hashing algorithm named P2Hashing, which allows transitions of an AC automaton to be placed in a compact hash table without any collision. P2Hashing is based on the observation that a hash key of each transition consists of two dimensions, namely a source state ID and an input character. When placing a transition in a hash table and causing a collision, we can change the value of a dimension of the hash key to rehash the transition to a new location of the hash table. For a given AC automaton, P2Hashing first divides all the transitions into many small sets based on the twodimensional values of the hash keys, and then places the sets of transitions progressively into the hash table until all are placed. Hash collisions that occurred during the insertion of a transition will only affect the transitions in the same set. The proposed P2Hashing has many unique properties, including fast hash index generation and zero memory overhead, which are very suitable for the AC automaton operation. The feasibility and performance of P2Hashing are investigated through simulations on the full Snort (6.4k rules) and ClamAV (54k rules) rule sets, each of which is first converted to a single AC automaton. Simulation results show that P2Hashing can successfully construct the perfect hash table even when the load factor of the hash table is as high as 0.91.
Hashed Patricia Trie: Efficient Longest Prefix Matching in PeertoPeer Systems
"... Abstract. The design of efficient search structures for peertopeer systems has attracted a lot of attention in recent years. In this paper we address the problem of longest prefix matching and present an efficient data structure called hashed Patricia trie. Our hashed Patricia trie supports Prefix ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The design of efficient search structures for peertopeer systems has attracted a lot of attention in recent years. In this paper we address the problem of longest prefix matching and present an efficient data structure called hashed Patricia trie. Our hashed Patricia trie supports Prefixsearch(x) and Insert(x) in O(log x) hash table accesses and Delete(x) in O(1) hash table accesses when x  is the number of bits used to encode x. That is the costs only depend on x  and not the size of the data structure. The hash table accesses may be realized by any distributed hash table (DHT). 1
ATOMIC TRANSFER FOR DISTRIBUTED SYSTEMS
, 2009
"... Building applications and information systems increasingly means dealing with concurrency and faults stemming from distribution of system components. Atomic transactions are a wellknown method for transferring the responsibility for handling concurrency and faults from developers to the software& ..."
Abstract
 Add to MetaCart
Building applications and information systems increasingly means dealing with concurrency and faults stemming from distribution of system components. Atomic transactions are a wellknown method for transferring the responsibility for handling concurrency and faults from developers to the software's execution environment, but incur considerable execution overhead. This dissertation investigates methods that shift some of the burden of concurrency control into the network layer, to reduce response times and increase throughput. It anticipates future programmable network devices, enabling customized highperformance network protocols. We propose Atomic Transfer (AT), a distributed algorithm to prevent race conditions due to messages crossing on a path of network switches. Switches check request messages for conflicts with response messages traveling in the opposite direction. Conflicting requests are dropped, obviating the request's receiving host from detecting and handling the conflict. AT is designed to perform well under high data contention, as concurrency control effort is balanced across a network instead of being handled by the contended endpoint hosts themselves. We use AT as the basis for a new optimistic transactional cache consistency algorithm, supporting execution of
1 A DFA with Extended Characterset for Fast Deep Packet Inspection
"... Abstract—Deep packet inspection (DPI), based on regular expressions, is expressive, compact, and efficient in specifying attack signatures. We focus on their implementations based on generalpurpose processors that are costeffective and flexible to update. In this paper, we propose a novel solution ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—Deep packet inspection (DPI), based on regular expressions, is expressive, compact, and efficient in specifying attack signatures. We focus on their implementations based on generalpurpose processors that are costeffective and flexible to update. In this paper, we propose a novel solution, called deterministic finite automata with extended characterset (DFA/EC), which can significantly decrease the number of states through doubling the size of the characterset. Unlike existing state reduction algorithms, our solution requires only a single main memory access for each byte in the traffic payload, which is the minimum. We perform experiments with several Snort rulesets. Results show that, compared to DFAs, DFA/ECs are very compact and are over four orders of magnitude smaller in the best cases; DFA/ECs also have smaller memory bandwidth and run faster. We believe that DFA/EC will lay a groundwork for a new type of state compression technique in fast packet inspection. Index Terms—Deep packet inspection, regular expression, deterministic finite automata, extended characterset. 1
1 Fast Deep Packet Inspection with a Dual Finite Automata
"... Abstract—Deep packet inspection, in which packet payloads are matched against a large set of patterns, is an important algorithm in many networking applications. Nondeterministic Finite Automaton (NFA) and Deterministic Finite Automaton (DFA) are the basis of existing algorithms. However, both NFA ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—Deep packet inspection, in which packet payloads are matched against a large set of patterns, is an important algorithm in many networking applications. Nondeterministic Finite Automaton (NFA) and Deterministic Finite Automaton (DFA) are the basis of existing algorithms. However, both NFA and DFA are not ideal for realworld rulesets: NFA has the minimum storage, but the maximum memory bandwidth; while DFA has the minimum memory bandwidth, but the maximum storage. Specifically, NFA and DFA cannot handle the presence of character sets, wildcards, and repetitions of character sets or wildcards in realworld rulesets. In this paper, we propose and evaluate a dual Finite Automaton (dual FA) to address these shortcomings. The dual FA consists of a linear finite automaton (LFA) and an extended deterministic finite automaton (EDFA). The LFA is simple to implement, and it provides an alternative approach to handle the repetition of character sets and wildcards (which could otherwise cause the state explosion problem in a DFA) without increasing memory bandwidth. We evaluate the automaton in realworld rulesets using different synthetic payload streams. The results show that dual FA can reduce the number of states up to five orders of magnitude while their memory bandwidth is close to minimum. Index Terms—Deep packet inspection, linear finite automaton (LFA), dual finite automaton (dual FA). 1
HashBased Data Structures for Extreme Conditions
, 2008
"... This thesis is about the design and analysis of Bloom filter and multiple choice hash table variants for application settings with extreme resource requirements. We employ a very flexible methodology, combining theoretical, numerical, and empirical techniques to obtain constructions that are both an ..."
Abstract
 Add to MetaCart
This thesis is about the design and analysis of Bloom filter and multiple choice hash table variants for application settings with extreme resource requirements. We employ a very flexible methodology, combining theoretical, numerical, and empirical techniques to obtain constructions that are both analyzable and practical. First, we show that a wide class of Bloom filter variants can be effectively implemented using very easily computable combinations of only two fully random hash functions. From a theoretical perspective, these results show that Bloom filters and related data structures can often be substantially derandomized with essentially no loss in performance. From a practical perspective, this derandomization allows for a significant speedup in certain query intensive applications. The rest of this work focuses on designing spaceefficient, openaddressed, multiple choice hash tables for implementation in highperformance router hardware. Using multiple hash functions conserves space, but requires every hash table operation to consider multiple hash buckets, forcing a tradeoff between the slow speed of examining these buckets serially