mtmt
Magyar Tudományos Művek Tára
XML
JSON
Átlépés a keresőbe
In English
Achieving 100Gbps intrusion prevention on a single server
Zhao, Z.
;
Sadok, H.
;
Atre, N.
;
Hoe, J.C.
;
Sekar, V.
;
Sherry, J.
Angol nyelvű Konferenciaközlemény (Egyéb konferenciaközlemény) Tudományos
Megjelent:
anon. (szerk.). 14th USENIX Symposium on Operating Systems Design and Implementation,OSDI 2020. (2020)
pp. 1083-1100
Azonosítók
MTMT: 31683687
Scopus:
85096750255
Intrusion Detection and Prevention Systems (IDS/IPS) are among the most demanding stateful network functions. Today's network operators are faced with securing 100Gbps networks with 100K+ concurrent connections by deploying IDS/IPSes to search for 10K+ rules concurrently. In this paper we set an ambitious goal: Can we do all of the above in a single server? Through the Pigasus IDS/IPS, we show that this goal is achievable, perhaps for the first time, by building on recent advances in FPGA-capable SmartNICs. Pigasus' design takes an FPGA-first approach, where the majority of processing, and all state and control flow are managed on the FPGA. However, doing so requires careful design of algorithms and data structures to ensure fast common-case performance while densely utilizing system memory resources. Our experiments with a variety of traces show that Pigasus can support 100Gbps using an average of 5 cores and 1 FPGA, using 38× less power than a CPU-only approach. © 2020 Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020. All rights reserved.
Idézett közlemények (1)
Hivatkozás stílusok:
IEEE
ACM
APA
Chicago
Harvard
CSL
Másolás
Nyomtatás
2024-10-04 13:06
×
Lista exportálása irodalomjegyzékként
Hivatkozás stílusok:
IEEE
ACM
APA
Chicago
Harvard
Nyomtatás
Másolás