Deep Packet/Flow Analysis using GPUs for High-Bandwidth Networks


Deep packet inspection (DPI) is widely used in content-aware network applications, such as surveillance, statistics gathering, and traffic control.

  Fermilab
Fermi National Accelerator Lab. (FNAL), Batavia, IL (United States)
USDOE Office of Science (SC), High Energy Physics (HEP) (SC-25)
The Greater Chicago Area Systems Research Workshop; Conference: 6th Greater Chicago Area Systems Research Workshop (GCASR), Illinois Institute of Technology, McCormick Tribune Campus Center, 04/24/2017
United States

  Deep packet inspection (DPI) faces severe performance challenges in high-speed networks (40/100 GE) as it requires a large amount of raw computing power and high I/O throughputs. Recently, researchers have tentatively used GPUs to address the above issues and boost the performance of DPI. Typically, DPI applications involve highly complex operations in both per-packet and per-flow data level, often in real-time. The parallel architecture of GPUs fits exceptionally well for per-packet network traffic processing. However, for stateful network protocols such as TCP, their data stream need to be reconstructed in a per-flow level to deliver a consistent content analysis. Since the flow-centric operations are naturally antiparallel and often require large memory space for buffering out-of-sequence packets, they can be problematic for GPUs, whose memory is normally limited to several gigabytes. In this work, we present a highly efficient GPU-based deep packet/flow analysis framework. The proposed design includes a purely GPU-implemented flow tracking and TCP stream reassembly. Instead of buffering and waiting for TCP packets to become in sequence, our framework process the packets in batch and uses a deterministic finite automaton (DFA) with prefix-/suffix- tree method to detect patterns across out-of-sequence packets that happen to be located in different batches. In conclusion, evaluation shows that our code can reassemble and forward tens of millions of packets per second and conduct a stateful signature-based deep packet inspection at 55 Gbit/s using an NVIDIA K40 GPU.
