Performance-driven Development of Deep Packet Inspection Systems on Commodity Platforms

Deep Packet Inspection (DPI) systems have been increasingly performed on dedicated hardware, as an attempt to speed up the packet processing for high speed links. This is mainly caused by the current demand for CPU-intensive processing required by regular expression functions, which investigate the packet payload trying to match patterns of application signatures. This study proposes and evaluates techniques to optimize DPI systems using commodity hardware. At first, it is designed a new optimized software architecture. In the following, this architecture is implemented into a DPI software and those optimization techniques are then integrated. Our results show that the time spent with regular expression matching was actually improved, besides the packet loss rate when realizing online measurements meanwhile. The evaluation results state that the performance of a typical DPI process on a Linux box can be improved in almost 100%, and the amount of classified traffic may be increased 220%.