Home Services Projects Clients Partners Pubs Company Contact Us

Design
Services

SW Services

IXP2xxx Services

HW Services

SW Tools

SW Tools

SW Design
Methods

SW Methodology

Related Links

IXP2400 Snort Development

Snort Web Site

 

The Snort NIDS on the
Intel IXP2400 and IXP2800 NPU

Comm Logic Design, Inc. has developed an implementation of the Snort network intrusion detection system's detection engine in microcode running on the IXP2400.  The network detection engine is run in simulation on the Intel IXP2400 developer's workbench with Consystant StrataNP.

Consystant Snort Transactor

 

 

The snort detection engine relies upon a ternary CAM for performing a first stage of packet classification in the process of processing snort rules against a stream of packets.  The combination of the IXP2400 network processor and the TCAM enables the snort detection engine to perform the intrusion detection function at speeds not achievable on the platforms where the snort network intrusion detection system is typically run.

The snort simulation runs with a model of a "generic" TCAM implemented in the developer workbench's scripting language.  The snort microcode has been modified to support TCAM silicon available from the various TCAM vendors in the marketplace.  The snort application can be similarly simulated in StrataNP using a developer's workbench foreign model provided by the TCAM vendor.  The resulting microcode can also be executed on target hardware containing an IXP2400 and the vendor's TCAM.

The snort detection engine is implemented as an Intel Portability Framework "microblock".  The snort microblock provides several configuration options.  The microblock can also be combined with other microblocks enabling generation of microcode supporting several possible hardware configurations.

Comm Logic Design is licensing versions of the snort detection engine microblock that operate with various vendors TCAM and, search and classification engines, to parties interested in using the code as an IP "core" much like IP cores are available for FPGA and ASIC designs.

 

Last changed: 03/23/2011 17:49:27 Copyright 2003 through 2005 Comm Logic Design, Inc.