Evaluating GPUs for Network Packet Signature Matching
| Sorted by Date | Classified by Publication Type | Classified by Project |
Randy Smith, Neelam Goyal, Justin Ormont, Karthikeyan Sankaralingam, and Cristian Estan. Evaluating GPUs for Network Packet Signature Matching. In Proceedings of the International Symposium on Performance Analysis of Systems and Software, 2009.
Download
Abstract
Modern network devices employ deep packet inspection to enablesophisticated services such as intrusion detection, traffic shaping,and load balancing. At the heart of such services is a signaturematching engine that must match packet payloads to multiple signaturesat line rates. However, the recent transition to complexregular-expression based signatures coupled with ever-increasingnetwork speeds has rapidly increased the performance requirements ofsignature matching. Solutions to meet these requirements range fromhardware-centric ASIC/FPGA implementations to software implementationsusing high-performance microprocessors.In this paper, we propose a programmable signature matching systemprototyped on an Nvidia G80 GPU. We first present a detailedarchitectural and microarchitectural analysis, showing that signaturematching is well suited for SIMD processing because of regular controlflow and parallelism available at the packet level. Next, we examinetwo approaches for matching signatures: standard deterministicfinite automata (DFAs) and extended finite automata (XFAs), which usefar less memory than DFAs but require specialized auxiliary memory andsmall amounts of computation in most states. We implement afully functional prototype on the SIMD-based G80 GPU.This system out-performs a Pentium4 by up to 9X and a Niagara-based 32-threadedsystem by up to 2.3X and shows that GPUs are a promising candidate forsignature matching.
BibTeX
@inproceedings{ispass2009:xfagpu,
author={Randy Smith and Neelam Goyal and Justin Ormont and Karthikeyan Sankaralingam and Cristian Estan},
title="{Evaluating GPUs for Network Packet Signature Matching}"
booktitle = "{Proceedings of the International Symposium on Performance Analysis of Systems and Software}",
year={2009}
abstract = {
Modern network devices employ deep packet inspection to enable
sophisticated services such as intrusion detection, traffic shaping,
and load balancing. At the heart of such services is a signature
matching engine that must match packet payloads to multiple signatures
at line rates. However, the recent transition to complex
regular-expression based signatures coupled with ever-increasing
network speeds has rapidly increased the performance requirements of
signature matching. Solutions to meet these requirements range from
hardware-centric ASIC/FPGA implementations to software implementations
using high-performance microprocessors.
In this paper, we propose a programmable signature matching system
prototyped on an Nvidia G80 GPU. We first present a detailed
architectural and microarchitectural analysis, showing that signature
matching is well suited for SIMD processing because of regular control
flow and parallelism available at the packet level. Next, we examine
two approaches for matching signatures: standard deterministic
finite automata (DFAs) and extended finite automata (XFAs), which use
far less memory than DFAs but require specialized auxiliary memory and
small amounts of computation in most states. We implement a
fully functional prototype on the SIMD-based G80 GPU.
This system out-performs a Pentium4 by up to 9X and a Niagara-based 32-threaded
system by up to 2.3X and shows that GPUs are a promising candidate for
signature matching.
}
bib_dl_pdf = {http://www.cs.wisc.edu/vertical/papers/2009/ispass09-xfagpu.pdf},
bib_dl_ppt = {http://www.cs.wisc.edu/vertical/talks/2009/ispass09-xfagpu.pdf},
bib_pubtype = {Refereed Conference},
bib_rescat = {proj-plug}
}
Generated by bib.pl (written by Patrick Riley ) on Sun Sep 26, 2021 16:14:28 time=1207019082