A Multi-dimension Rule Update in a TCAM-based High-Performance Network Security System

A
AINA
2006
20th International Conference on Advanced Information Networking and Applications - Volume 2 (AINA'06)
Abstract - A Multi-dimension Rule Update in a TCAM-based High-Performance Network Security System

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Hae-Jin Jeong Articles by Il-Seop Song Articles by Taeck-Geun Kwon Articles by Yoo-Kyoung Lee

20th International Conference on Advanced Information Networking and Applications - Volume 2 (AINA'06)

Vienna, Austria

April 18-April 20

ISBN: 0-7695-2466-4

	ASCII Text	x
	Hae-Jin Jeong, Il-Seop Song, Taeck-Geun Kwon, Yoo-Kyoung Lee, "A Multi-dimension Rule Update in a TCAM-based High-Performance Network Security System," Advanced Information Networking and Applications, International Conference on, vol. 2, pp. 62-66, 20th International Conference on Advanced Information Networking and Applications - Volume 2 (AINA'06), 2006.

	BibTex	x
	@article{ 10.1109/AINA.2006.37, author = {Hae-Jin Jeong and Il-Seop Song and Taeck-Geun Kwon and Yoo-Kyoung Lee}, title = {A Multi-dimension Rule Update in a TCAM-based High-Performance Network Security System}, journal ={Advanced Information Networking and Applications, International Conference on}, volume = {2}, year = {2006}, issn = {1550-445X}, pages = {62-66}, doi = {http://doi.ieeecomputersociety.org/10.1109/AINA.2006.37}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Advanced Information Networking and Applications, International Conference on TI - A Multi-dimension Rule Update in a TCAM-based High-Performance Network Security System SN - 1550-445X SP62 EP66 A1 - Hae-Jin Jeong, A1 - Il-Seop Song, A1 - Taeck-Geun Kwon, A1 - Yoo-Kyoung Lee, PY - 2006 KW - null VL - 2 JA - Advanced Information Networking and Applications, International Conference on ER -

Hae-Jin Jeong, Chungnam National University, Korea

Il-Seop Song, Chungnam National University, Korea

Taeck-Geun Kwon, Chungnam National University, Korea

Yoo-Kyoung Lee, Electronics Telecommunication Research Institute, Korea

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/AINA.2006.37

Network security systems such as firewall and intrusion prevention system (IPS) have packet classification rule to allow or protect the network traffic. In addition, they are forced to provide multi-gigabit speed in order to deploy the current Internet backbone which requires gigabit Ethernet (GbE), 10 GbE, OC-192, etc. In order to support highperformance packet classification in the network security system, a Ternary Content Addressable Memory, i.e., TCAM accelerates flow identification with classification rules. The TCAM, however, matches the first rule among multiple matched rules, so the ordering of TCAM entries is strictly kept while rules are added or deleted. To keep the ordering in a TCAM, some existing TCAM entries should move to other empty space which impacts the data path processing in the network security system. In this paper, we have proposed a rule update algorithm which reduces the number of TCAM entry movement by the partial ordering of TCAM entry groups instead of the sequential ordering. Our simulation results justify the significant decrement of movement operations where we have applied both generated random rules and real IPS rules, i.e., Snort rules.

Citation:

Hae-Jin Jeong, Il-Seop Song, Taeck-Geun Kwon, Yoo-Kyoung Lee, "A Multi-dimension Rule Update in a TCAM-based High-Performance Network Security System," aina, vol. 2, pp.62-66, 20th International Conference on Advanced Information Networking and Applications - Volume 2 (AINA'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.