Architecture for a hardware-based, TCP/IP content-processing system

The transmission control protocol is the workhorse protocol of the Internet. Most of the data passing through the Internet transits the network using TCP layered atop the Internet protocol (IP). Monitoring, capturing, filtering, and blocking traffic on high-speed Internet links requires the ability...

Full description

Saved in:
Bibliographic Details
Published inIEEE MICRO Vol. 24; no. 1; pp. 62 - 69
Main Authors Schuehler, D.V., Moscola, J., Lockwood, J.W.
Format Journal Article
LanguageEnglish
Published Los Alamitos IEEE 01.01.2004
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Architecture
Band pass filters
Communication system traffic control
Computer architecture
Continuous processing
Engines
Information filtering
Information filters
Internet
IP (Internet Protocol)
IP networks
Monitoring
Monitors
Networks
Packet switched networks
Protocols
Search engines
TCP (protocol)
TCP-IP
TCP/IP (protocol)
TCPIP
Online AccessGet full text

Cover

More Information
Summary:The transmission control protocol is the workhorse protocol of the Internet. Most of the data passing through the Internet transits the network using TCP layered atop the Internet protocol (IP). Monitoring, capturing, filtering, and blocking traffic on high-speed Internet links requires the ability to directly process TCP packets in hardware. High-speed network intrusion detection and prevention systems guard against several types of threats. As the gap between network bandwidth and computing power widens, improved microelectronic architectures are needed to monitor and filter network traffic without limiting throughput. To address these issues, we've designed a hardware-based TCP/IP content-processing system that supports content scanning and flow blocking for millions of flows at gigabit line rates. The TCP splitter2 technology was previously developed to monitor TCP data streams, sending a consistent byte stream of data to a client application for every TCP data flow passing through the circuit. The content-scanning engine can scan the payload of packets for a set of regular expressions. The new TCP-based content-scanning engine integrates and extends the capabilities of the TCP splitter and the old content-scanning engine. IP packets travel to the TCP processing engine from the lower-layer-protocol wrappers. Hash tables are used to index memory that stores each flow's state.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ObjectType-Article-2
ObjectType-Feature-1
ISSN:0272-1732
1937-4143
DOI:10.1109/MM.2004.1269000