A criterion for speed evaluation of content inspection engines
The growing needs of network security and content-aware networking increasingly introduce content processing into the network devices as opposed to the network endpoints. The component of a network device responsible for content inspection is called Content Inspection Engine (CIE). As other components of a network device, the CIE needs to operate at wire-speed, posing a need to look for an appropriate speed-evaluation criterion for CIEs. For processes with constant or at most well-bounded per-packet analyzes (e.g., routing, multi-field packet classification), and processes with flat per-byte processing time (e.g., checksum calculation, encryption/decryption), operation speed is traditionally evaluated in terms of the number of packets or bits processed per second. Such metrics cannot be used for processes in which the processing time of a packet varies widely, depending on its content. We propose to define worst-case throughput as a criterion for evaluating the wire-speed processing capabilities of CIEs. We argue that one may build simple model of a CIE, whether hardware or software based, in the form of a directed graph with edges annotated by the length and processing time of the segments of input data. It is then possible to transform the problem of finding the worst-case throughput of a CIE to the minimum cost to time ratio problem, for which many efficient algorithms exist.
|Conference||International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies, ICN/ICONS/MCL'06|
Yazdani, M. (Mohammadreza), Fraczak, W. (Wojciech), Welfeld, F. (Feliks), & Lambadaris, I. (2006). A criterion for speed evaluation of content inspection engines. Presented at the International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies, ICN/ICONS/MCL'06. doi:10.1109/ICNICONSMCL.2006.8