Computer Science

Computer Science ›› 2017, Vol. 44 ›› Issue (3): 158-162.doi: 10.11896/j.issn.1002-137X.2017.03.035

Previous Articles     Next Articles

Research on High Performance Rule Matching Algorithm in IPV6 Networks

PANG Li-hui and JIANG Feng   

  • Online:2018-11-13 Published:2018-11-13

PDF (PC)

641

Abstract: As is known to al1,firewall is the core device to guarantee network security,and rule matching is one of the most important technologies to firewall.However,those high performance rule matching algorithms based on IPV4 are not suitable for IPV6 with the network derivation from IPV4 to IPV6.The main cause of this situation is that the range of IPV6 address is much bigger than the range of IPV4 address.Thus we suggested a high performance rule matching algorithm suitable for IPV6,named HiPRM (High Performance Rule Matching).HiPRM algorithm classifies the whole rule set into several parts with the protocol and destination port field of rules,and it selects special bits from the combination of source and destination IPV6 address of rules to construct binary trees.After the construction of binary trees,those rule sets are split into smaller rule sets.When a packet matches one of these smaller rule sets,the linear searching algorithm is used to find the matching rules in this small rule set.Analysis and experiment results show that HiPRM algorithm not only has good time and space performance,but also has better scalability with different rule sets.

Key words: Firewall,Rule matching,IPV6,Binary tree

[1] LAKSHMAN T V,STILIADIS D.High Speed Policy Based PacketForwarding Using Efficient Multidimensional Range Matching[J].ACM Computer Communication Review,1998,28(4):203-214.
[2] GUPTA P,MCKEOWN N.Packet Classification on MultipleFields [J].ACM SIGCOMM Computer Communication Review,1999,29(14):147-160.
[3] HiPAC [EB/OL].(2005-11-8) [2014-12-5].http://www.hi-pac.org.
[4] WANG Z L,WU Z J,YI L.HigH-Dimension Large-scale Packet Matching Algorithm in IPV6 [J].ACTA Electronica Sinica,2013,41(11):2181-2186.(in Chinese) 王则林,吴志健,尹兰.IPV6环境下的高维大规模分类算法[J].电子学报,2013,1(11):2181-2186.
[5] SINGH S,BABOESCU F,VARGHESE G,et al.Packet Classification Using Multi-dimensional Cutting[C]∥Proceedings of the 2003 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communications,2003.Karlsruhe:ACMSIGCOMM,2003:213-224.
[6] BABOESCU F,SINGH S,VARGHESE G.Packet Classification for Core Routers:Is There an Alternative to CAMs?[C]∥Proc of IEEE Infocom,2003.San Francisco,IEEE Infocom,2003:53-63.
[7] HAN W T,YI P,ZHANG X.Hybrid Cutting Algorithm for PacketClassification [J].Journal of Software,2014,25(11):2616-2626.(in Chinese) 韩伟涛,伊鹏,张霞.一种采用混合切分法的报文分类算法[J].软件学报,2014,5(11):2616-2626.
[8] KOGAN K,NIKOLENKO S,ROTTENSTEICH O,et al.SAX-PAC(Scalable and Expressive Packet Classification)[C]∥Proceedings of the 2014 ACM Conference on SIGCOMM,2014.Chicago,IL,USA:ACM Press,2014:15-26.
[9] TAYLOR D E,TURNER J S.ClassBench:A Packet Classification Benchmark [J].IEEE/ACM Trans.on Networking,2007,15(3):499-511.
[10] HAGER S,SELENT S,Scheuermann B.Trees in the List:Accelerating List-based Packet Classification Through Controlled Rule Set[C]∥Proc of ACM CoNEXT,2014.Sydney,Australia:ACM Press,2014:101-107.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.