A Platform for Emerging Network Applications

The computational demands placed on high throughput network devices are both growing and changing. Demands are growing due to exponential increases in network line rates, while demands are changing because consumers and ISPs require increasingly sophisticated methods for managing and defending their resources. To meet these demands a new architecture is required, one that can provide worst-case throughput guarantees, can be easily programmed to handle a variety of next-generation network applications, and that can operate under tight power constraints. This is necessarily different than a traditional processor which is optimized to provide low-latency operation in the average case. Handling high-speed links requires that fast data plane algorithms, packet buffering, and security analysis can all be performed in a programmable yet high-concurrency manner. The NimbleNP research project aims at developing an architecture for backbone and high-throughput edge routers that is a feasible and affordable alternative to custom ASICs. Our approach is three fold - we focus on a solution that integrates novel network algorithm optimizations, computer architecture design, and the development of new network applications.

Code and HDL Releases

• String Matching Engine RuleCompiler: A small program (written in Lisp) that transforms a list of strings into bit-split state machines. These state machines, as described in "A High Throughput String Matching Architecture for Intrusion Detection and Prevention" from ISCA'05, can then be loaded into the tiled architecture below to search for strings in a streaming fashion.

• String Matching Engine HDL: Includes synthesizeable HDL code for the memory-tile based string matching architecture described in "A High Throughput String Matching Architecture for Intrusion Detection and Prevention" from ISCA'05.

Publications

• Banit Agrawal and Timothy Sherwood. Virtually Pipelined Network Memory, Proceedings of the International Symposium on Microarchitecture (Micro), December 2006. Orlando, FL

• Banit Agrawal and Timothy Sherwood. Guiding Architectural SRAM Models, Proceedings of the International Conference of Computer Design (ICCD), October 2006. San Jose, CA

• Lin Tan, Brett Brotherton, and Timothy Sherwood. Bit-Split String-Matching Engines for Intrusion Detection and Prevention, ACM Transactions on Architecture and Code Optimization (TACO), Vol 3 No 1, June 2006.

• Banit Agrawal and Timothy Sherwood. Modeling TCAM Power for Next Generation Network Devices. IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS'06), March 2006. Austin, Texas

• Lin Tan and Timothy Sherwood. Architectures for Bit-Split String Scanning in Intrusion Detection. IEEE Micro: Micro's Top Picks from Computer Architecture Conferences (IEEE Micro - top pick), January-February 2006.

• Lin Tan, Timothy Sherwood. A High Throughput String Matching Architecture for Intrusion Detection and Prevention, (errata) (ppt) In the proceedings of the 32nd Annual Intl. Symposium on Computer Architecture (ISCA 2005), June 2005. Madison, Wisconsin

• Nathan Tuck, Timothy Sherwood, Brad Calder, and George Varghese Deterministic Memory-Efficient String Matching Algorithms for Intrusion Detection. The 23rd Conference of the IEEE Communications Society (INFOCOM'04), March 2004.

• Timothy Sherwood, George Varghese, and Brad Calder. A Pipelined Memory Architecture for High Throughput Network Processors, In the proceedings of the 30th Annual Intl. Symposium on Computer Architecture (ISCA 2003), June 2003. San Diego, California