Improving IPS by network processors
作者: Pablo Cascón , Julio Ortega , Yan Luo , Eric Murray , Antonio Díaz
DOI: 10.1007/S11227-011-0558-8
关键词: Computer science 、 Network traffic control 、 Network scheduler 、 Network simulation 、 Computer network 、 Network architecture 、 Intelligent computer network 、 Packet processing 、 Network processor 、 Embedded system 、 Network interface
摘要: Many present applications usually require high communication throughputs. Multiprocessor nodes and multicore architectures, as well programmable NICs (Network Interface Cards) provide new opportunities to take advantage of the available multigigabits per second link bandwidths. Nevertheless, achieve adequate performance levels efficient parallel processing network tasks interfaces should be considered. In this paper, we leverage processors heterogeneous microarchitectures with several cores that implement multithreading are suited for packet processing, investigate on use accelerate interface, thus developed above it. More specifically, have implemented an intrusion prevention system (IPS) such a processor. We describe IPS after its offloaded implementation allows faster both normal corrupted traffic. The benefits from placing close network, by using specialized processors, give many times lower latency higher bandwidth legitimate
springer.com
sci-hub.se 参考文章(14)
Konstantinos Xinidis, Kostas G. Anagnostakis, Evangelos P. Markatos, Design and Implementation of a High-Performance Network Intrusion Prevention System information security conference. pp. 359- 374 ,(2005) , 10.1007/0-387-25660-1_24
Ryoichi Sasaki, Eiji Okamoto, Hiroshi Yoshiura, Sihan Qing, Security and Privacy in the Age of Ubiquitous Computing ,(2008)
Andrés Ortiz, Julio Ortega, Antonio F. Díaz, Alberto Prieto, Network interfaces for programmable NICs and multicore platforms Computer Networks. ,vol. 54, pp. 357- 376 ,(2010) , 10.1016/J.COMNET.2009.09.011
Li Zhao, Yan Luo, L.N. Bhuyan, R. Iyer, A Network Processor-Based, Content-Aware Switch IEEE Micro. ,vol. 26, pp. 72- 84 ,(2006) , 10.1109/MM.2006.46
G. Narayanaswamy, P. Balaji, W. Feng, Design of Interconnection Networks high performance interconnects. pp. 12- 12 ,(2007) , 10.1109/HOTI.2007.14
G. Regnier, S. Makineni, I. Illikkal, R. Iyer, D. Minturn, R. Huggahalli, D. Newell, L. Cline, A. Foong, TCP onloading for data center servers IEEE Computer. ,vol. 37, pp. 48- 58 ,(2004) , 10.1109/MC.2004.223
Willem de Bruijn, Herbert Bos, Model-T: Rethinking the OS for terabit speeds international conference on computer communications. pp. 1- 6 ,(2008) , 10.1109/INFOCOM.2008.4544642
Mihai Cristea, Kaiming Huang, Herbert Bos, Li Xu, Kees van Reeuwijk, Network intrusion prevention on the network card ,(2005)
Jianying Luo, Justin Pettit, Martin Casado, John Lockwood, Nick McKeown, An Analysis of 10-Gigabit Ethernet Protocol Stacks in Multicore Environments high performance interconnects. pp. 109- 116 ,(2007) , 10.1109/HOTI.2007.7
Pablo Cascón, Julio Ortega, Waseem M. Haider, Antonio F. Díaz, Ignacio Rojas, A Multi-Threaded Network Interface Using Network Processors parallel, distributed and network-based processing. pp. 196- 200 ,(2009) , 10.1109/PDP.2009.58