Category Archives: What’s new
Save power, save money
We can all do our teeny-weeny bit in conserving energy while using our PCs. There’s no rocket science involved. At the very basic level, just learn to tune your Windows PC’s built-in power saving schemes as per your needs. No, that snazzy screensaver will not help you save a joule of energy.
Instead go to Start > Control Panel > Power Options to tweak the settings that turn your monitor off, spin down the hard disk, and tell the system to standby/sleep/hibernate after an appropriate time interval of disuse. These much overlooked settings help cut down the consumption of energy by 20 to 60 per cent while getting back into action takes only a few seconds. And totted up, all these little factors will also help save many a pretty penny at the end of the day as well.
Other Applications of CAM
We see many in previous post, now we can see other applications of CAM.
1. MPLS switching at core and edge routers. MPLS switching involves label look up in place of an IP address look up. MPLS label consists of label value, QoS, stack flag and TTL (time to live). When a look up for such a data happens, the network processor can use the relevant information and decide the fate of the packet, i.e if the TTL has lapsed, it would drop the packet and so on.
2. Signature Recognition. With the performances and speeds (up to 10 Gbps) that current technologies are achieving in communication, the performance of the CAM is extremely important. One of the foremost applications that the internet needs is data protection. With new ways coming in vogue to hack an end point, the need for protection from such attacks, be it through a virus or a spam, is necessary. If such a process can be achieved in hardware, it improves the throughput drastically. CAMs can help in such a cause by maintaining a signature database and an associate processor (if it can be built to work at line speeds) can scan the packets for such signature and drop packets if necessary; such a functionality would add immense value to the content moved across the internet.
Applications of CAMs
1. Quality of service (QOS) through a CAM. CAMs generally have an associated SRAM. This SRAM contains routing information and QoS related data. This data helps the network processor to decide the fate of the received packet. Some of the QoS service includes,
a, Packet monitoring
b, Billing
c, Firewall
d, Content protection
2. Implementation of ARP, when a new hosts gets associated with a network the foremost thing that the network processor does it to update the network database with the MAC and IP addresses of the new hosts. This information update can happen using one of the very popular protocols of TCP/IP called the address resolution protocol and the new addresses get updated on the CAM table.
3. IP forwarding address translation (through ACL’s) When a packet arrives at the ingress port of the network processor, it has to decide on which port the data packet should be forwarded ACL’s also contain information regarding the rules that apply on a particular IP address such as permission for communication between two specific IP address and encryption of data during communication between two hosts or a host server and server. This information is stored in the associated SRAM.
Typical CAM usage
Typically, a network board consists of a network processor, associated memories and CAM’s (multiple cams used in cascade configuration when the table density is more) and the physical interface.
As shown below, the network processor has multiple interfaces:
1. Ingress/egress ports. Ports through which data exchange happens.
2. Host interfaces. This interface is used to access the network processor for configuration setting and the other updates to be carried out.
3. Associated SRAM interfaces. The associated SRAM holds the packet forwarding information such as the port numbers and QoS which is accessed by the network processor to process the packet received. The index or address for accessing the associated SRAM is typically driven by the search result received from the CAM.
4. CAM interface. This is used to access the cam, update the database, perform searches and access the results. The result of the searches performed is typically used by the network processor to link it to the associated SRAM address in order to access the forwarding related information.
Working of a CAM
Let us see how CAM works in hardware. As mentioned earlier CAM can be binary or ternary.
Binary CAM cell
CAM logic will simply have the storage circuitry and comparator logic to provide the match information for the searches performed. In this case a XOR gate is used to compare between the stored data and the searched data.
Ternary CAM cell
A Ternary cam as the name indicates has three states 0,1 and X. A “don’t care” condition exists in a ternary CAM to mask off certain bits for a partial match. The possibility of masking off of certain bits of the data opens up a wide range of applications where partial match is necessary; for instances at the edge of a router, where the router only worries about the destination network address and not the host ID.( An IP address consists of two fields: network ID and host ID).
Software and Hardware CAM
Hardware search engines are faster than algorithmic approaches for search intensive applications. Also, the turnaround time of a hardware CAM would be highly deterministic while that of software would depend on how efficiently the search-tree balancing algorithm is implemented. However, software would results in low costs. Hybrid CAMS integrate the robustness of a hardware CAM while providing the flexibility of high degree of software programming.
Types of CAMs
Fundamentally, CAM’s are of two types binary and ternary. As the name indicates a binary CAM has two bit states (’1′ and a ’0′), while a ternary CAM has ’1′, ’0′ and a third state called “don’t care”, so a search-hit on a ternary CAM would be an exact match or a partial match.
Currently, ternary CAMs are defacto in the industry. These bring the possibility of multiple match in a lookup table. All the access list tables for packet forwarding use a popular address resolution algorithm called the longest prefix match where the addresses are placed in the CAM based on certain priorities and the CAM by itself has priority encoder that helps in resolving the winning address.
Building a Content Address Memory (CAM)
When a forwarding device receives a packed on its ingress port, based on the layer at which the device is working, the device looks for the corresponding address in the CAM and identifies the next hop the packet needs to take to eventually reach its destination.
The two major functions of a CAM include storage of information and look up logic to find the data being searched for. Looking at these tasks a software geek may say that he would store the data in a regular memory and then have software sitting around it to do the look-up instead of using a special hardware. This is where we try to define the two ways of building a CAM:
1. Build a software wrapper around the memory (SRAM/DRAM) to perform the look-up functions for the searched data.
2. Build a hardware that stores data as well as performs the look-up.
Both the approaches have their pros and cons. In the second approach the entire functionality is carried out in the hardware. This, as observed practically, dramatically improves the throughput, which is of utmost importance when we talk about the line speeds which are approaching 10Gbps.
Functionality of CAM's
In order to get a true understanding of the functionality of CAM’s, you need to dig a little deeper into the domain in which these work. If you look at either the OSI reference model or the TCP/IP stack, you will find that the lower three layers are the ones that are concerned with the packet delivery to its peer, while all the other layers are more concerned with the content, its presentation and formatting.
The physical layer adopts analogue means of data transfer and is not concerned with acknowledgement of the transmitted data. This leaves the next two layers to make sure that the transmitted packet was indeed received in its original form – that is the order of information, encryption used for data protection, etc
Another important task that needs to be performed by these upper layers is to ensure delivery of the packet to its correct recipient. This is done in two ways.
1. Using MAC (media access control) address. This addressing scheme is adopted at layer 2 of the OSI layer. It is used in such network device as switches/bridges.
2. Using IP addresses. This addressing scheme is used to transmit any IP packet and communicate with its peer on the network, which is the data link layer on the destination. It is used in such network devices as routers and layer 3 switches.
CAM's : Memories Faster then RAM's
Content Addressable Memorys (CAM’s) in their most trivial form, work in a way opposite to conventional memories. While a random access memory (RAM) returns data upon providing the address, a CAM provides address when data is supplied. So effectively a CAM is a search tool that looks for the data in question within its data base.
CAM’s commonly work as hardware search engines in routers and switches to accelerate forwarding of packets on the destination route. We will talk about the various other applications that consider a CAM as an important processing engine as we proceed engine as we proceed in this article.
As indicated in its definition, CAM holds the address to be looked up for and returns the route associated information to the host processor to perform the successive tasks of forwarding the incoming packet. So we can also define a CAM as a network coprocessor to the central processor.
Note that TCP/IP and /or OSI models are taken here as reference to explain the concepts similar analogies may be drawn with other protocols like IPX/SPX, Apple Talk and UDP.
Software for Forensics
Investigators need software tools for file viewing, disk imaging, uncompressing files, identifying known files, performing string searches and accessing file metadata. WinHex software (www.x-ways.net) is used for making hard disk images, viewing files and recovering deleted files. ProDiscover (www.techpathways.com) is a forensic software which is used for disk imaging and file signature analysis to recover deleted files. This software is suitable for analysis of FAT, NTFS and Sun Solaris UFS. It also displays ADS streams in the file system. Encase is another popular tool used in the forensic field. This software safely previews a virtual boot disk image using VMW are to allow a first hand view of the system.
You can use SafeBack, Ghost, Mareware, FTK softwares for disk imaging. Process explorer, Auto Runs, WireShark, MD5Sum, EventCombMT are other free software tools for digital forensic purposes. These software tools will help you in protecting your system and empower you to watch out for hackers data on your computer.
