Efficient Management of Groups in TCAM-Based Network Security System
نویسنده
چکیده
To allow or protect the traffic in any network security system like firewalls and Intrusion Prevention System (IPS), a packet classification scheme is used along with the application of TCAM-based flow identification [1]. But these applications share a common demand, which is the ability to process, maintain, and correlate huge amount of events. In these applications, the rate of the events is usually much higher than applications in other areas. Furthermore, the ability to quickly search for some specific entry (e.g., scan attempts from the same source IP address) inside any group in TCAM is a key challenge in most cases. The TCAM, however, matches the first rule among multiple matched rules, so the ordering of TCAM entries is strictly kept while rules are added or deleted in groups. Partial ordering though have made some major improvements by decreasing sequential movements [1], but the problem still exists with efficient storing of entries into specific groups. In this paper, we have shown how this searching or insertion of entries into the TCAM groups can be improved by introducing the Ternary Tree data structure and lead to the wellorganized storing of entries [2].
منابع مشابه
Toward an energy efficient PKC-based key management system for wireless sensor networks
Due to wireless nature and hostile environment, providing of security is a critical and vital task in wireless sensor networks (WSNs). It is known that key management is an integral part of a secure network. Unfortunately, in most of the previous methods, security is compromised in favor of reducing energy consumption. Consequently, they lack perfect resilience and are not fit for applications ...
متن کاملDesigning an Expert System for Internet Connection Problems Troubleshooting for wired network users
Man, is living in an era that the knowledge is estimated to be doubled in a relatively short time. The fast rate of technology's growth in the "Century of information", is caused by fast growth of communication technologies like the internet which has become one of the best tools for a quick, cheap, effective and vastly supported communication. For an efficient and effective usage of tools and ...
متن کاملDesigning an Expert System for Internet Connection Problems Troubleshooting for wired network users
Man, is living in an era that the knowledge is estimated to be doubled in a relatively short time. The fast rate of technology's growth in the "Century of information", is caused by fast growth of communication technologies like the internet which has become one of the best tools for a quick, cheap, effective and vastly supported communication. For an efficient and effective usage of tools and ...
متن کاملEfficient packet classification using TCAMs
Multi-field packet classification is necessary to support advanced Internet functions, such as network security, quality of service provisioning, traffic policing, virtual private networking, etc. Ternary content addressable memory (TCAM) is currently the dominant solution method used by the industry because of its speed and the simplicity of filter table management. High cost and high power co...
متن کاملRange Encoding for Range Matching Using a TCAM Coprocessor
One of the most critical resource management issues using TCAM for packet classification is how to effectively support rules with ranges, known as range matching. Since in general, multiple TCAM entries have to be allocated to represent a rule with ranges, it raises the question about whether TCAM can effectively support range matching. In this paper, an efficient range encoding scheme is intro...
متن کامل