Recent advances in network packet processing focus on packet payload inspection for various applications including content-based billing, layer-7 switching and Internet security. Most of the applications in this family need to search for predefined signatures in the packet payload. Hence an important building block of these processors is string matching infrastructure. Since conventional software-based algorithms for string matching have not kept pace with high network speeds, specialized high-speed hardware based solutions have started to gain popularity. We describe a technique based on Bloom filters for detecting predefined signatures (a string of bytes) in the packet payload. A Bloom filter is a data structure for representing a set of strings in order to support membership queries. We use hardware Bloom filters to isolate all packets that potentially contain predefined signatures and a software process to eliminate false positives. Our system throughput can scale to 2.4 Gbps (OC-48) link rate with $1700$ strings programmed on a virtex 2000E FPGA on the FPXplatform.
Keywords:
Protocol processing hardware
High speed packet processing engines
Network security technologies