Storing firewall rules in a prefix free data structure

OData support
Supervisor:
Kőrösi Attila
Department of Telecommunications and Media Informatics

TCAM is an associative memory, with rule patterns which contains not only zeros and ones, but also a wildcard symbol which matches for both zero and one. Their usage is getting popular in the field of firewalls and OpenFlow tables since both of them use header based grouping. However TCAMs are effective on this task, they consume too much energy and their usage is vague. This brings the question if a software based solution could replace them. For rule storing, it would be a simple idea to use graphs as a data modell. It is quite sure that the size of this graph won't be optimal so a compression method is also required. The task of the student is to implement this method which creates a graph that represents the original TCAM rules, using a tree-like structure where the take-off is the so called root element. The root has downgoind edges which represents the value of the rule's current bit (zero, one or wildcard). Then use a compression method that can reduce the memory needs of this software implementation.

Downloads

Please sign in to download the files of this thesis.