Resource allocation in network processors for network intrusion prevention systems

Yi Neng Lin*, Yao Chung Chang, Ying-Dar Lin, Yuan Chen Lai

*Corresponding author for this work

Research output: Contribution to journalArticle

4 Scopus citations

Abstract

Networking applications with high memory access overhead gradually exploit network processors that feature multiple hardware multithreaded processor cores along with a versatile memory hierarchy. Given rich hardware resources, however, the performance depends on whether those resources are properly allocated. In this work, we develop an NIPS (Network Intrusion Prevention System) edge gateway over the Intel IXP2400 by characterizing/mapping the processing stages onto hardware components. The impact and strategy of resource allocation are also investigated through internal and external benchmarks. Important conclusions include: (1) the system throughput is influenced mostly by the total number of threads, namely I × J, where I and J represent the numbers of processors and threads per processor, respectively, as long as the processors are not fully utilized, (2) given an application, algorithm and hardware specification, an appropriate (I, J) for packet inspection can be derived and (3) the effectiveness of multiple memory banks for tackling the SRAM bottleneck is affected considerably by the algorithms adopted.

Original languageEnglish
Pages (from-to)1030-1036
Number of pages7
JournalJournal of Systems and Software
Volume80
Issue number7
DOIs
StatePublished - 1 Jul 2007

Keywords

  • Benchmark
  • Bottleneck
  • Network intrusion and detection system
  • Network processor
  • Resource allocation

Fingerprint Dive into the research topics of 'Resource allocation in network processors for network intrusion prevention systems'. Together they form a unique fingerprint.

  • Cite this