P43: Deep Packet/Flow Analysis Using GPUs
Abstract: Deep packet inspection (DPI) faces severe challenges in high-speed networks as it requires high I/O throughputs and intensive computations. The parallel architecture of GPUs fits exceptionally well for per-packet traffic processing. However, TCP data stream need to be reconstructed in a per-flow level to deliver a consistent content analysis. Since the flow-centric operations are naturally anti-parallel and often require large memory space for buffering out-of-sequence packets, they can be problematic for GPUs. Here, we present a highly efficient DPI framework, which includes a purely GPU-implemented TCP flow tracking and stream reassembly. Instead of buffering till the TCP packets become in sequence, we process the packets in batch with pattern matching states between consecutive batches connected by a Aho-Corasick with a prefix-/suffix- tree method. Evaluation shows that our code can reassemble tens of millions of packets per second and conduct a signature-based DPI at 55 Gbit/s using an NVIDIA K40 GPU.
Award: Best Poster Finalist (BP): no
Two-page extended abstract: pdf