Fast Conflict Detection for Multi-Dimensional Packet Filters
نویسندگان
چکیده
To support advanced network services, Internet routers must perform packet classification based on a set of rules called filters. If two or more filters overlap, filter conflict will occur and lead to ambiguity in classification. Further, it may affect security even the correctness routing. Hence, is necessary detect conflicts avoid above problems. In recent years, many detection algorithms have been proposed, but most them for only prefix fields (i.e., source/destination IP address fields) For greater practicality, include non-prefix such as port protocol field. this study, we propose an efficient algorithm five-dimensional filters, which both fields. proposed algorithm, tiny lookup table created quickly filtering out large portion non-conflicting pairs, thereby reducing overall time. Experimental results show that our reduces time by 10% 28% compared with other 20 K databases. More importantly, can be used extend any existing two-dimensional fast
منابع مشابه
Fast Packet Classification for Two-Dimensional Conflict-Free Filters
Routers can use packet classification to support advanced functions such as QoS routing, virtual private networks and access control. Unlike traditional routers, which forward packets based on destination address only, routers with packet classification capability can forward packets based on multiple header fields, such as source address, protocol type, or application port numbers. The destina...
متن کاملAn Efficient Conflict Detection Algorithm for Packet Filters
Packet classification is essential for supporting advanced network services such as firewalls, quality-of-service (QoS), virtual private networks (VPN), and policy-based routing. The rules that routers use to classify packets are called packet filters. If two or more filters overlap, a conflict occurs and leads to ambiguity in packet classification. This study proposes an algorithm that can eff...
متن کاملFast and Scalable Conflict Detection for Packet Classifiers
Packet filters provide roles for classifying packets based on header fields. High speed packet classification has received much study. However, the twin problems of fast updates and fast conflict detection have not received fnuch attention. A conflict occurs when two classifiers overlap, potentially creating ambiguity for packets that match both filters. For example, if Rule 1 specifies that al...
متن کاملFFPF: Fairly Fast Packet Filters
FFPF is a network monitoring framework designed for three things: speed (handling high link rates), scalability (ability to handle multiple applications) and flexibility. Multiple applications that need to access overlapping sets of packets may share their packet buffers, thus avoiding a packet copy to each individual application that needs it. In addition, context switching and copies across t...
متن کاملGeometrical Algorithms for Packet Filter Conflict Detection (Offline)
We develop geometrical algorithms for conflict detection in Internet packet filter sets with arbitrary ranges and based on the best-rule-matches principle. Data structures originally devised for solving Klee’s measure problem are examined for their usability in this context. We then show how to solve the one-dimensional problem in O (n log n) time, how to solve the two-dimensional problem in O ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Algorithms
سال: 2022
ISSN: ['1999-4893']
DOI: https://doi.org/10.3390/a15080285