封包分析在今日的網路架構的任何一個角落都已經是一個不可或缺的功能，他可以支援封包分類和提供資訊安全處理所需要的資訊。由於近年來對於網路頻寬和安全依賴日增，不論是用戶或是頻寬的需求都日益增加，為了應付這些需求，我們需要開發一個更為優良的封包處理方法，並需要仰賴硬體平台提供的多管線設計來提高處理速度。未來的快速網路必須依靠強而有力的路由器來達成，例如：防火牆處理、服務品質、虛擬私人網路和其他服務等等。為了提供這些功能，路由器要依照預先定義的規則去檢查封包頭裡面每一維的值是否符合，並將封包分成不同的類別，這個能力稱之為多維封包分類。在以前的網路環境，封包分類只需要考慮五個維度的欄位，但在需求越來越多樣化的今日，五個維度已經不夠使用。OpenFlow交換機的出現就是為了解決這些複雜的需求，它利用更多的規則並具有豐富定義的軟硬體界面。我們提出的方法是以Bit-Vector為基礎，新增對於Range欄位的支援並加以改善。這篇論文是使用OpenFlow1.0來當作測試數據的規則集，具有十二個維度。為了顯示出效能以及和其他提出的方法做比較，我們將我們提出的封包分類之改善Range搜尋的方法作在不同版本的FPGA平台上，實驗結果的數據顯示我們的方法可以支援5120條以上的OpenFlow規則，據我們所知，我們提出的方法是第一個能夠支援Range欄位，速度又能夠到達380MHz以上的。

Packet parsing has been a necessary facility at all points in the modern networking infrastructure, to support packet classification and security functions. Increasing bandwidth and security requirements for high-speed networks rely on advanced hardware packet processing solutions. The future of the fast Internet needs powerful routers to support abundant network functionalities, such as firewall processing, quality of service, virtual private networks, and other services. To provide these services, the routers need to classify the packets into different categories based on a set of predefined rules, so-called multi-field packet classification. Traditional packet classification method that usually considersonly5tuple fields is not sufficient for today's complicated network management requirements. OpenFlow switch was born to take care of these complex requirements by using a rule set with rich definition as the software-hardware interface. Our proposed scheme called Enhanced Range Lookup (ERL) scheme for packet classification optimize Bit-Vector algorithm in order to support range field matching. This paper considers OpenFlow1.0 as our experimental rule sets, consisting of 12 tuple header fields[2].To show the performance and compare with other proposed schemes, we implement the proposed ERL scheme on multiple version of Field Programmable Gate Array (FPGA) devices. Experimental results show that our method can handle 5K OpenFlow rules. To our knowledge, our proposed scheme is the first range supported method that can sustain the clock rate of more than 380 MHz.

[1] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, “OpenFlow: Enabling innovation in campus networks.” SIGCOMM Comput. Commun. Rev., vol. 38, no.2, pp. 69–74, 2008.
[2] OpenFlow Foundation, “OpenFlow Switch Specification Version 1.0.0.”Available:http://www.openflowswitch.org/documents/openflow-spec-v1.0.0.pdf
[3] W. Jiang and V. K. Prasanna. “Field-split parallel architecture for high performance multi-match packet classification using FPGA.”In Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures, SPAA ’09, pages 188–196, New York, NY, USA, 2009. ACM.
[4] P. Gupta and N. McKeown. “Packet classification on multiple fields.”In Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication, SIGCOMM ’99,pages 147–160, New York, NY, USA, 1999. ACM.
[5] S. Singh, F. Baboescu, G. Varghese, and J. Wang. “Packet classification using multidimensional cutting.”In Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, SIGCOMM ’03, pages 213–224, New York, NY, USA,2003. ACM.
[6] H. Song and J. W. Lockwood. “Efficient packet classification for network intrusion detection using FPGA.” In Proceedings of the 2005ACM/SIGDA 13th international symposium on Field-programmable gate arrays, FPGA ’05, pages 238–245, New York, NY, USA, 2005. ACM.
[7] P. Gupta and N. McKeown. “Classifying packets with hierarchical intelligent cuttings.” Micro, IEEE, 20(1):34–41, Jan/Feb 2000.
[8] OpenFlow Foundation, “OpenFlow Switch Specification Version 1.1.0.”Available:https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifi cations/openflow/openflow-spec-v1.1.0.pdf.
[9] OpenFlow Foundation, “OpenFlow Switch Specification Version 1.3.1.”Available:https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifi cations/openflow/openflow-spec-v1.3.1.pdf.
[10] P. Gupta and N. McKeown, “Algorithms for packet classification.” IEEE Network, vol.15, no. 2, pp.24–32, 2001.
[11] F. Yu, R. H. Katz, and T. V. Lakshman, “Efficient Multi match Packet Classification and Lookup with TCAM.” IEEE Micro, vol. 25, no. 1, pp. 50-59, 2005.
[12] K. Lakshminarayanan, A. Rangarajan, and S. Venkatachary, “Algorithms for Advanced Packet Classification with Ternary CAMs.” in Proc. ACMSIGCOMM, 2005, pp. 193-204.
[13] S. Yi, B.-k. Kim, J. Oh, J. Jang, G. Kesidis, and C. R. Das, “Memory-efficient Content Filtering Hardware for High-speed Intrusion Detection Systems.” in Proc. of the 2007 ACM Symposium on Applied Computing(SAC), 2007, pp. 264-269.
[14] A. Majumdar, S. Cadambi, M. Becchi, S. T. Chakradhar, and H. P. Graf, “A Massively Parallel, Energy Efficient Programmable Accelerator for Learning and Classification.” ACM Trans. Archit. Code Optim., vol. 9, no. 1, pp. 6:1-6:30, 2012.
[15] T. Ganegedara and V. K. Prasanna, “StrideBV: Single Chip 400G+ Packet Classification.” In 13th IEEE International Conference on High Performance Switching and Routing (HPSR), 2012, pp. 1-6.
[16] Snort. Snort: Network intrusion prevention and detection system (ips/ids). Available : http://www.snort.org/.
[17] T. Sasao. “On the complexity of classification functions.”In Multiple Valued Logic, 2008.ISMVL 2008. 38th International Symposium on, pages 57–63, may 2008.
[18] Yun R. Qu, Shijie Zhou, and Viktor K. Prasanna, “High-performance architecture for dynamically updatable packet classification on FPGA.”ANCS, 2013.
[19] Xilinx, “7 Series FPGAs Overview” Available: http://www.xilinx.com/support/documentation/data_sheets/ds180_7Series_Overview.pdf.
[20] Xilinx, “Virtex-6 Family Overview” Available:http://www.xilinx.com/support/documentation/data_sheets/ds150.pdf
[21] W. Jiang and V. K. Prasanna, “Scalable Packet Classification on FPGA, ”IEEE Trans. VLSI Syst., vol. 20, no. 9, pp. 1668–1680, 2012.
[22] T. Ganegedara, W. Jiang, and V. K. Prasanna.“A Scalable and Modular Architecture forHigh-Performance Packet Classification,” TPDS, 2013.