Packet filter technologies are facing new issues every day, as we had to re-engineer our computer networks in order to accommodate many new use cases. For instance, low-level network protocols are growing in number: new solutions, arising in particular for the purpose of network virtualization (e.g., 802QinQ, VXLAN), are rapidly transforming the Ethernet frames. The middle layers of the protocol stack are facing a similar metamorphosis: examples include the widespread adoption of Virtual Private Networks, or the necessity to transport IPv6 traffic over IPv4 networks. Packet filters are dramatically affected by those changes, as they become more complicated: it is important to be able to capture all the traffic we are interested in (e.g., web traffic), independently from the actual encapsulation used at lower layers. For this reason, the scientific research should embrace these new issues by proposing improvements over the traditional technologies, with the goal of maintaining the standards of efficiency of flexibility that we are used to. This dissertation addresses two specific issues: 1. How to preserve packet filter flexibility when specifying packet matching rules. We need a solution that allows a finer specification of matching rules, but that is also independent (if desired) on the specific encapsulation used at lower levels; moreover, the solution should support protocol definitions specified at run-time. Part I addresses the problem and describes in detail the proposed solution: NetPFL, a declarative language targeted to data-plane packet processing. 2. How to achieve efficiency when representing and combining multiple packet filters, even in case of bizarre and unusual network encapsulations. Part II outlines the issue and proposes two solutions: pFSA (described in Chapter 2) and its extension, xpFSA (delineated in Chapter 3).
High Speed and Flexible Network Processing / Leogrande, Marco. - (2014). [10.6092/polito/porto/2542314]
High Speed and Flexible Network Processing
LEOGRANDE, MARCO
2014
Abstract
Packet filter technologies are facing new issues every day, as we had to re-engineer our computer networks in order to accommodate many new use cases. For instance, low-level network protocols are growing in number: new solutions, arising in particular for the purpose of network virtualization (e.g., 802QinQ, VXLAN), are rapidly transforming the Ethernet frames. The middle layers of the protocol stack are facing a similar metamorphosis: examples include the widespread adoption of Virtual Private Networks, or the necessity to transport IPv6 traffic over IPv4 networks. Packet filters are dramatically affected by those changes, as they become more complicated: it is important to be able to capture all the traffic we are interested in (e.g., web traffic), independently from the actual encapsulation used at lower layers. For this reason, the scientific research should embrace these new issues by proposing improvements over the traditional technologies, with the goal of maintaining the standards of efficiency of flexibility that we are used to. This dissertation addresses two specific issues: 1. How to preserve packet filter flexibility when specifying packet matching rules. We need a solution that allows a finer specification of matching rules, but that is also independent (if desired) on the specific encapsulation used at lower levels; moreover, the solution should support protocol definitions specified at run-time. Part I addresses the problem and describes in detail the proposed solution: NetPFL, a declarative language targeted to data-plane packet processing. 2. How to achieve efficiency when representing and combining multiple packet filters, even in case of bizarre and unusual network encapsulations. Part II outlines the issue and proposes two solutions: pFSA (described in Chapter 2) and its extension, xpFSA (delineated in Chapter 3).File | Dimensione | Formato | |
---|---|---|---|
thesis.pdf
accesso aperto
Tipologia:
Tesi di dottorato
Licenza:
Creative commons
Dimensione
4.2 MB
Formato
Adobe PDF
|
4.2 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2542314
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo