Practical Programmable Packets
نویسندگان
چکیده
We present SNAP (Safe and Nimble Active Packets), a new scheme for programmable (or active) packets centered around a new lowlevel packet language. Unlike previous active packet approaches, SNAP is practical: namely, adding significant flexibility over IP without compromising safety and security or efficiency. In this paper we show how to compile from the well-known active packet language PLAN [7] to SNAP, showing that SNAP retains PLAN’s flexibility; give proof sketches of its novel approach to resource control; and present experimental data showing SNAP attains performance very close to that of a software IP router.
منابع مشابه
Towards Practical Programmable Packets
Recent research in active networking has motivated the use of programmable, or active, packets in which a traditional packet header is replaced by a program that controls a packet’s actions in the network. Despite the popularity of this idea in the active networking community, it has not taken hold in general. We claim that this is because the current active packet systems are not sufficiently ...
متن کاملTwo-phase Pattern Matching for Regular Expressions in Intrusion Detection Systems
Regular expressions are used to describe security threats’ signatures in network intrusion detection (NID) systems. To identify suspicious packets using regular expression matching, many NID systems use memory-based deterministic finite-state automata (DFA) with one-pass-scanning model, which is fast and allows dynamic updates. However, a number of practical signature patterns commonly found in...
متن کاملLayered protocol wrappers for Internet packet processing in reconfigurable hardware
A library of layered protocol wrappers has been developed that process Internet packets in reconfigurable hardware. These wrappers can be used with a reprogrammable network platform called the Field Programmable Port Extender (FPX) to rapidly prototype hardware circuits for processing Internet packets. We present a framework to streamline and simplify the development of networking applications ...
متن کاملImplementation of a Content-Scanning Module for an Internet Firewall
A module has been implemented in Field Programmable Gate Array (FPGA) hardware that scans the content of Internet packets at Gigabit/second rates. All of the packet processing operations are performed using reconfigurable hardware within a single Xilinx Virtex XCV2000E FPGA. A set of layered protocol wrappers is used to parse the headers and payloads of packets for Internet protocol data. A con...
متن کاملProtecting an MPLS-based Programmable Virtual Network Using Distributed Firewall
In Programmable Virtual Network (PVN), network providers sell network resources including programmable/nonprogrammable nodes and links connecting the nodes to customers for building their virtual networks. PVN can use Multi-Protocol Label Switching (MPLS) for creating virtual channels and fast packet forwarding. By using special MPLS labels, PVN can identify customers’ packets that require proc...
متن کامل