Research And Realization Of Rule Management Technology Based On Large-capacity TCAM

With the rapid development of network technology as well as continual appearance of new network applications, the emerging network attacks have brought huge challenges to network security. Intrusion Detection System (IDS) is a efficient complement to the firewall which can not fully meet the demand of network security. IDS collects and analyses several key information in the computer network or computer systems to detect whether there is a violation to security strategies, as well as whether there is a system being attacked in the network or system.Real-time packet classification based on five tuple rule is one of key technologies in network Intrusion Detection System (NIDS). And TCAM was widely used in packet classification of NIDS because of its large capacity and rapid searching features. In order to manage those several 100,000 rules store in TCAM effectively, this dissertation studies TCAM model and related critical technologies.The main contributions of this dissertation are as follows:Firstly, we propose and study three TCAM rule management methods, these methods are realized by software-based mapping, TCAM instruction and collaboration of software and hardware respectively. Through comparison among these three methods , we find that adopting the first method to manage rules imposes the least influence on performance of packet classification and therefore is suitable for high-speed links NIDS.Secondly, we establish a rule management model of large-capacity TCAM using the method based on software mapping. To solve the problems met in the process of organizing and managing rules, this dissertation studies several key technologies such as using HASH table to store rules, updating rules statically, updating rules dynamically and using virtual clock mechanism to deal with timeout rules.Thirdly, we implement the large-capacity TCAM rule management model on 64_bit Linux Operating system to support TCAM rules management module with 64K five tuple rules. This model also meet the demand of CIA network card.This dissertation systematically introduces the rules management technology of large-capacity TCAM from theoretical analysis, algorithms and realization. In a word, research results have useful theoretical values and will play an important role in practical applications.