DeepMatch: Practical Deep Packet Inspection in the Data Plane using Network Processors
Joel Hypolite,
John Sonchack,
Shlomo Hershkop,
Nathan Dautenhahn,
André DeHon, and
Jonathan M. Smith
Proceedings of the International Conference on emerging
Networking EXperiments and Technologies
(CoNEXT, December 1--4, 2020)
|
|
Restricting data plane processing to packet headers precludes analysis of
payloads to improve routing and security decisions. DeepMatch delivers
line-rate regular expression matching on payloads using Network Processors
(NPs). It further supports packet re-ordering to match patterns in flows
that cross packet boundaries. Our evaluation shows that an implementation
of DeepMatch, on a 40 Gbps Netronome NFP-6000 SmartNIC, achieves up to line
rate for streams of unrelated packets and up to 20 Gbps when searches span
multiple packets within a flow. In contrast with prior work, this
throughput is data-independent and adds no burstiness. DeepMatch opens new
opportunities for programmable data planes.
|
