Abstract:
As network link speeds increase, traditional application systems such as intrusion detection and traffic audit are unable to process high bandwidth traffic. Proposed in this paper is a novel parallel architecture for processing 10Gbps traffic in real-time. OC192 traffic is first classified and then filtered in this architecture. Filtered traffic is load-balanced to backend processors for detail processing. All kinds of statistics are collected during these procedures. A universal range-supported split TCAM structure (RSTCAM) is designed in the classification unit of this architecture. In RSTCAM each classification rule is split into 5 separate sub-rules according to its fields. These sub-rules are stored in 5 TCAMs separately. With RSTCAM, the following benefits can be obtained: resource and lower power consumption. It is demonstrated that it is very convenient for RSTCAM to imply range matching. A novel feedback based dynamic load balancing algorithm (FDLB) is also implemented in this architecture. FDLB dispatches traffic to backend processors based on their loads. As many applications require session integrality, FDLB guarantees this through table based hashing. Traffics are dispatched to specific processor by hashing their source and destination ip addresses. The prototype of the architecture is implemented in a FPGA. Experiment results show that the whole system can sustain OC192 traffic throughput with a processing delay of 4.2 microseconds.