| dc.description.abstract | The design-space of network devices is constantly evolving, driven by the continual demand for increased global inter-connectivity, intelligent orchestration, and distributed computation between cloud and edge resources. Modern businesses are increasingly reliant on a connected world for a competitive advantage as well as essential operations. Meanwhile, there is an increasing number of attacks on critical communication infrastructure from a variety of malicious actors. Thus, there is an increasing urgency to improve all aspects of security in data communication networks.
Additionally, Software-Defined Networking (SDN) has increasingly gained traction and utility across data centers and network administration. SDN concepts enable increased flexibility for network operators, including the ability to implement a broad class of custom network functions for real-time diagnostics as well as traffic management. While SDN has notable advantages over traditional network appliances, current implementations are often more susceptible to malicious attacks due to increased complexity and abstractions imposed on packet classification and table management.
This dissertation investigates architectural techniques to improve the reliability and performance of data plane processing hardware. Our techniques are applicable to both traditional packet processing as well as SDN data plane architectures. The contributions of this research include two novel and complementary techniques to improve data plane performance through optimizing the use of available packet classification resources. By leveraging storage-efficient stochastic data structures and machine learning inspired replacement policies, our techniques improve data plane processing efficiency and predictability.
The first technique leverages a Bloom Filter to prioritize established traffic and prevent malicious starvation of expensive packet classification resources. This Pre-Classification technique is general enough to be considered for any classification pipeline with non-uniform processing requirements. The second technique, originally developed for speculative microprocessors, adapts the Hashed Perceptron binary classifier to flow table cache management. The proposed Flow Correlator mechanism leverages the Hashed Perceptron to correlate flow activity with temporal patterns and transport/network layer hints. This technique demonstrates the viability of associating temporal patterns to network flows enabling improvements in flow table cache management. Amenable to hardware implementations, both Flow Correlator and Pre-Classification techniques show promise in improving the reliability and performance of flow-centric packet processing architectures. | |
