ACHIEVING 100 GB/S URL FILTERING WITH COTS MULTI-CORE SYSTEMS

10.7903/ijecs.1483

Surachai Chitpinityon；Surasak Sanguanpong；Supaporn Erjongmanee；Kasom Koht-Arsa

URL Filtering ； Web Filtering ； Session Hijacking ； 100 GbE ； COTS ； AVL

International Journal of Electronic Commerce Studies

8卷1期（2017 / 06 / 01）

77 - 95

英文

URL filtering is an essential tool used by Internet Service Providers (ISPs) and organizations to restrain clients from accessing non-secured or illegal web content. Designing a URL filtering method that achieves a high bit rate of 100 Gb/s and beyond for international ISPs is a challenging task. High-performance URL filtering with multi-gigabit rate capacity requires a fast URL matching algorithm and an enhanced packet processing technique. In this paper, we tackle these challenges by design and development of a software-based URL filtering system to support 100 Gb/s bandwidth. Our aim is to build a system that runs on a single commercial off-the-shelf (COTS) server with multi-core CPUs. We propose a compact URL representation using AVL tree and a multi-core/multi-thread filtering technique with session hijacking and fast packet processing framework. Performance measurements results show successful URL filtering operating at 100 Gb/s in a real network testbed.

1. DPDK, Data plane development kit for fast packet processing. Retrieved on January 10, 2016, from http://dpdk.org/
2. Sniffer10G, Complete packet capture in a cost-effective package. Retrieved on January 10, 2016, from http://www.cspi.com/ethernet-adapters/ software/sniffer10g/
3. Openonload, The high performance network stack. Retrieved on January 10, 2016, from http://www.openonload.org/
4. Banday, M.T.,Shah, N.A.(2016).A concise study of web filtering.Sprouts,10(31)
5. Breslow, A.,Zhang, D.,Greathouse, J.,Jayasena, N.,Tullsen, D.(2016).Horton tables: Fast hash tables for in-memory data-intensive computing.2016 USENIX Annual Technical Conference (USENIX ATC16),Denver, Colorado:
6. Chen, H.,Liu, R.,Chang, Y.,Huang, Y.,Wu, P.,Yeh, A.,Huang, N.(2002).The design and implementation of network-processor based gigabit web filtering system.Taiwan Area Network Conference (TANET2002),Hsin-Chu, Taiwan:
7. Deibert, J. G.(ed.)(2008).The practice and policy of global internet filtering.Cambridge MA:MIT Press.
8. Deri, L.,Martinelli, M.,Cardigliano, A.(2014).Realtime high-speed network traffic monitoring using ntopng.Proceedings of the 28th USENIX Conference on Large Installation System Administration Conference (LISA14),Seattle, Washington:
9. Enbody, R.,Du, H.(1988).Dynamic hashing schemes.ACM Computing Surveys,20(2),850-113.
10. Ferragina, P.,Manzini, G.(2005).Indexing compressed text.Journal of the ACM,52(4),552-581.
11. Garnica, J.,Lopez-Buedo, S.,Lopez, V.,Aracil, J.,Hidalgo, J.M.G.(2012).A FPGA-based scalable architecture for URL legal filtering in 100GbE Networks.International Conference on Reconfigurable Computing and FPGAs,Mexico:
12. Goodney, A.,Narayan, S.,Bhandwalkar, V.,Cho, Y.H.(2010).Pattern based packet filtering using NetFPGA in DETER Infrastructure.1st Asia NetFPGA Developers Workshop,Korea:
13. Koht-Arsa, K.(2003).Faculty of Engineering, Kasetsart University.
14. Lychev, R.,Jero, S.,Boldyreva, A.,Nita-Rotaru, C.(2015).How secure and quick is QUIC? Provable security and performance analyses.IEEE Symposium on Security and Privacy,San Jose:
15. Qian, Z.,Mao, Z.,Xie, Y.(2012).Collaborative TCP sequence number inference attack- how to crack sequence number under a second.Proceedings of the ACM conference on Computer and Communications Security,North Carolina:
16. Rizzo, L.(2012).Netmap: A novel framework for fast packet I/O.2012 USENIX Annual Technical Conference (USENIX ATC12),Boston, Massachusetts:
17. Sedgewick, R.,Wayne, K.(2011).Algorithms.Boston:Addison-Wesley Publishing.
18. Yuan, H.,Wun, B.,Crowley, P.(2010).Software-based implementations of updateable data structures for high-speed URL matching.6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS),La Jolla, California:
19. Zhou, Z.,Song, T.,Jia, Y.(2010).A high-performance URL lookup engine for URL filtering systems.IEEE International Conference on Communications (ICC),Cape Town:
20. Zink, T.,Waldvogel, M.(2015).Efficient hash tables for network applications.SpringerPlus,4(1),1-19.