IP Address Lookup and Packet Classification Algorithms

Similar documents
Data Structures for Packet Classification

Chapter 06 IP Address

Switch and Router Design. Packet Processing Examples. Packet Processing Examples. Packet Processing Rate 12/14/2011

Novel Hardware Architecture for Fast Address Lookups

IPv4 ACLs, identified by ACL numbers, fall into four categories, as shown in Table 1. Table 1 IPv4 ACL categories

Efficient hardware architecture for fast IP address lookup. Citation Proceedings - IEEE INFOCOM, 2002, v. 2, p

CS 268: Route Lookup and Packet Classification

Router Architectures

IEEE TRANSACTIONS ON COMPUTERS, VOL. 54, NO. 7, JULY An On-Chip IP Address Lookup Algorithm. Xuehong Sun and Yiqiang Q. Zhao, Member, IEEE

Three Different Designs for Packet Classification

Network Layer: Control/data plane, addressing, routers

Fast IP Routing Lookup with Configurable Processor and Compressed Routing Table

Master Course Computer Networks IN2097

Master Course Computer Networks IN2097

Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA

Binary Search Schemes for Fast IP Lookups

High-Performance Network Data-Packet Classification Using Embedded Content-Addressable Memory

Problem Statement. Algorithm MinDPQ (contd.) Algorithm MinDPQ. Summary of Algorithm MinDPQ. Algorithm MinDPQ: Experimental Results.

Configuring ACLs. ACL overview. ACL categories. ACL numbering and naming

Message Switch. Processor(s) 0* 1 100* 6 1* 2 Forwarding Table

FPX Architecture for a Dynamically Extensible Router

Hardware Acceleration in Computer Networks. Jan Kořenek Conference IT4Innovations, Ostrava

Configuring Network Security with ACLs

The iflow Address Processor Forwarding Table Lookups using Fast, Wide Embedded DRAM

Topics for Today. Network Layer. Readings. Introduction Addressing Address Resolution. Sections 5.1,

CIS-331 Final Exam Fall 2015 Total of 120 Points. Version 1

Module Contact: Dr Geoff McKeown, CMP Copyright of the University of East Anglia Version 1

4. The transport layer

Introduction CHAPTER 1

SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification. Fang Yu, T.V. Lakshman, Martin Austin Motoyama, Randy H.

Design principles in parser design

IPv4. Christian Grothoff.

High-Speed Network Processors. EZchip Presentation - 1

Dynamic Pipelining: Making IP- Lookup Truly Scalable

Last Lecture: Network Layer

A Hybrid Approach to CAM-Based Longest Prefix Matching for IP Route Lookup

Scalable Lookup Algorithms for IPv6

CIS-331 Final Exam Spring 2016 Total of 120 Points. Version 1

Midterm Review. Congestion Mgt, CIDR addresses,tcp processing, TCP close. Routing. hierarchical networks. Routing with OSPF, IS-IS, BGP-4

Flow Caching for High Entropy Packet Fields

ADDRESS LOOKUP SOLUTIONS FOR GIGABIT SWITCH/ROUTER

Network Processors. Nevin Heintze Agere Systems

Cisco ME 3400 Ethernet Access Switch Show Platform Commands

High-Performance Packet Classification on GPU

HIGH-PERFORMANCE PACKET PROCESSING ENGINES USING SET-ASSOCIATIVE MEMORY ARCHITECTURES

Implementing Access Lists and Prefix Lists

Forwarding and Routers : Computer Networking. Original IP Route Lookup. Outline

Efficient Packet Classification using Splay Tree Models

Application of TRIE data structure and corresponding associative algorithms for process optimization in GRID environment

Implementation of Boundary Cutting Algorithm Using Packet Classification

cs144 Midterm Review Fall 2010

Binary Search Schemes for Fast IP Lookups

Extended ACL Configuration Mode Commands

Towards Effective Packet Classification. J. Li, Y. Qi, and B. Xu Network Security Lab RIIT, Tsinghua University Dec, 2005

Homework 1 Solutions:

IP lookup with low memory requirement and fast update

ECE 4450:427/527 - Computer Networks Spring 2017

ECE697AA Lecture 21. Packet Classification

Network Layer/IP Protocols

ROUTING INTRODUCTION TO IP, IP ROUTING PROTOCOLS AND PROXY ARP

IPv6 Access Control Lists

Scalable Name-Based Packet Forwarding: From Millions to Billions. Tian Song, Beijing Institute of Technology

Parallel-Search Trie-based Scheme for Fast IP Lookup

Users Guide: Fast IP Lookup (FIPL) in the FPX

CSC 4900 Computer Networks: Network Layer

ECE 461 Internetworking Fall Quiz 1

HP FlexFabric 5930 Switch Series

EECS 122: Introduction to Computer Networks Switch and Router Architectures. Today s Lecture

Using NetFlow Filtering or Sampling to Select the Network Traffic to Track

Network Layer: outline

Scalable Packet Classification using Distributed Crossproducting of Field Labels

Understanding ACL Merge Algorithms and ACL Hardware Resources on Cisco Catalyst 6500 Switches

ITTC High-Performance Networking The University of Kansas EECS 881 Packet Switch I/O Processing

Selective Boundary Cutting For Packet Classification SOUMYA. K 1, CHANDRA SEKHAR. M 2

Read this before starting!

HP FlexFabric 7900 Switch Series

Computer Networking: A Top Down Approach Featuring the. Computer Networks with Internet Technology, William

Multi-way Search Trees. (Multi-way Search Trees) Data Structures and Programming Spring / 25

Contents. QoS overview 1

Background: disk access vs. main memory access (1/2)

HP 5920 & 5900 Switch Series

NAT Support for Multiple Pools Using Route Maps

Quality of Service. Understanding Quality of Service

IP Addressing and Subnetting

CIS-331 Final Exam Spring 2018 Total of 120 Points. Version 1

Configuring IPv6 ACLs

WCCP Network Integration with Cisco Catalyst 6500: Best Practice Recommendations for Successful Deployments

Network Layer PREPARED BY AHMED ABDEL-RAOUF

Network Protocols - Revision

TUPLE PRUNING USING BLOOM FILTERS FOR PACKET CLASSIFICATION

Router Construction. Workstation-Based. Switching Hardware Design Goals throughput (depends on traffic model) scalability (a function of n) Outline

History Page. Barracuda NextGen Firewall F

IP Address Lookup in Hardware for High-Speed Routing

Lecture 8. Network Layer (cont d) Network Layer 1-1

PACKET classification is an enabling function for a variety

An Ultra High Throughput and Memory Efficient Pipeline Architecture for Multi-Match Packet Classification without TCAMs

Disjoint Superposition for Reduction of Conjoined Prefixes in IP Lookup for Actual IPv6 Forwarding Tables

KUPF: 2-Phase Selection Model of Classification Records

A Multi Gigabit FPGA-based 5-tuple classification system

Introduction. Router Architectures. Introduction. Introduction. Recent advances in routing architecture including

Transcription:

IP Address Lookup and Packet Classification Algorithms Zhen Xu, Jeff Nie, Xuehong Sun, and Yiqiang Q. Zhao School of Mathematics and Statistics, Carleton University

Outline 1. Background 2. Two IP Address Lookup Algorithms a. Fast IP Address Lookup Using Index Table b. Fast IP Address Lookup Based on Comb Extraction Scheme 3. One Packet Classification Algorithm a. Packet Classification Using Independent Sets

Background of IP Address Lookup and Packet Classification

Architecture of Packet-by-packet routers Routing Process Routing Software Packet Forwarding Process Line Card Packet Processing Line Card Line Card Switch Fabric Line Card

An Example of Forwarding Table ENTRY DESTINATION NEXT-HOP NUM BER PREFIX 1 192.2.0.0/22 100.1.2.1 2 200.11.0.0/22 120.3.5.3 3 192.2.2.0/24 120.3.5.3 An Example of Classifier Rule Network-layer Dest. prefix R1 152.163.190.69 /32 Network-layer Sourc. prefix 152.163.80.11/ 32 Trans-layer Trans-layer Action Dest. protocol * * Deny R2 152.168.3.0/24 152.163.20.157 Eq http Udp Deny /32 R3 152.168.3.0/24 152.163.20.157 Range 20-21 Udp Permit /32 R4 152.163.198.4/ 152.163.0.0/16 Gt 1023 Tcp Deny 32 R5 * * * * Permit

Classification is a Generalization of Lookup Classifier = Forwarding Table One dimension (destination address) Rule = Forwarding Table Entry Action = (Next-hop-address, out port) Priority = Prefix Length

IP Address Lookup Algorithms

Fast IP Address Lookup Using Index Table Proposed by Jeff Nie

The Idea of the Proposed Algorithm The index table stores the length information of prefixes. IP address On-chip Index table Fast memory Group name Hash function prefetch Main memory Hash table Small Small search group group All prefix entries are stored in a hash table in which hash keys are bit strings of different length. Prefixes with the same key are grouped into a small table,called small search group. Cache or SRAM The number of prefixes in a small search group can be controlled. The small search group can be prefetched into fast on-chip memories on a generalpurpose CPU to improve the lookup rate.

Index Table An array with total 256 elements. Each element has two items head and sub_index_table. Head has four kinds of values 0, 1, 2 or 3, which represents that the first 0, 8, 16 or 24 bits of an IP address are extracted as hash key, respectively. A sub_index_table stores the state of the next 8 bits of a prefix. The decimal value of the next 8 bits of an IP address is used as index in index table If the head is equal to 3, the next 8 bits of the IP address are extracted to check its state in the sub_index_table. If its state is 1, the head is 3, otherwise the head is 2.

Index Table (cont.) Index table 0 1 2 191 192 254 255 Element Head Sub_index_table 3 Sub_index_table 0 1 2 3 4 5 6 7 2494754 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 1 0 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 140 141

An Example of Searching the Index Table P1= 11000000 01011001 01011100 11001011 192 89 P2= 00001100 01011001 01011100 11001011 12 P3= 00001000 01011001 01011100 11001011 8 0 1 8 12 192 254 255 Head 0 Head 1 or 2 Default hop, no hash lookup The first 8 or 16 bits of the address are used as hash key Head 3 sub_index_table 256 bits If the value of the next 8 bits of address is found, the first 24 bits are used as hash key, otherwise the first16 bits are used.

Hash Table Hash table is organized by string bit with different lengths Each element has two items a key and a pointer of information or of a small search group. A small amount of prefixes need to be extended to a certain length.

An Example of the Hash Table Key Hash Table Pointer Small Search Groups 00000001 198.32.136.124 00000010 198.32.136.27 Lookup 6.9.13.67 Lookup 61.58.136.204 Lookup 63.192.35.67 Lookup 63.237.21.65 00000110 00111101 00111010 00111111 11000000 00111111 11101101 00010101 P1 P2 P3 P4 00001001 198.32.136.81 00001010 198.32.136.36 000 198.32.136.124 100 198.32.136.31 11 198.32.136.27 0111 198.32.136.27 10010101 198.32.136.124 198.32.136.124

Small Search Groups An array of at most 16 items Each item is a structure consisting of two 32-bit words - The first word stands for the part of a prefix, extension flag and the prefix length. - The second word stands for the next hop. All items in small search group are ordered by decreasing length. All items are arranged on the consecutive memories so that they can be retrieved into the L1 cache on CPU with one memory access. The size of the small search group can be changed to fit it into different capacity RAM.

Search The next 8 bits 30 24 P 00011000 00011110 01101100 10101100 24.30.108.172 The first 8 bits Head= 3 Key 00011000 00011110 Use the first 16 bits as key Index Table Sub index table Not found Head = 2 Point Hash Table Next Hop 198.32.136.124 0 198.32.136.124 10 198.32.136.31 110 198.32.136.31 111 198.32.136.124 Small search group

Hash Table Size Average collision (%) 0.7 0.6 0.5 0.4 0.3 0.2 Mae-East Mae-West AADS PAIX 0.1 0 12,000 22,000 32,000 42,000 52,000 Hash table size Average collisions versus the hash table size

Memory Usage Memory Size (Kbytes) 1200 1000 800 600 400 Mae-East Mae-West AADS PAIX 200 0 12,000 22,000 32,000 42,000 52,000 Hash table size Memory usage versus the hash table size.

Hash lookup Times of hash lookup The hash lookup results on the simulation Mae-East Mae-West AADS PAIX Number % Number % Number % Number % 1 14696 73.34 15489 70.52 16089 71.17 8273 92.97 2 4514 22.53 5363 24.42 5286 23.38 591 6.64 3 739 3.69 985 4.48 1084 4.79 33 0.37 4 85 0.42 117 0.53 139 0.61 2 0.02 5 3 0.01 8 0.04 10 0.04 0 0 6 0 0 1 0.005 0 0 0 0 Average 1.31 1.35 1.35 1.07 Worst case 5 6 5 4

Frequency histogram of the number of items in the small search groups Frequency 30,000 25,000 20,000 15,000 Mae-East Mae-West AADS PAIX 10,000 5,000 0 1 2-5 6-9 10-12 13-15 16 Number of items in small search groups

Conclusions Using the index table reduces the searching range size from the whole database to a small search group. On the average, only one main memory access is needed. Index table is small enough to fit into primary cache. The small search group is prefetched into the primary cache on general purpose CPU to improve the lookup speed. The size of the small search group can be controlled so that the whole group can be retrieved into the L1 cache on CPU with one memory access. The update of a prefix only involves a few memory locations being modified. Compared with other algorithms, the algorithm provides some advantages.

IP Address Lookup Based on Comb Extraction Scheme Proposed by Zhen Xu

General Idea 1. One forwarding table is decomposed into two balanced smaller sub-forwarding tables. 2. An IP lookup can be converted into two parallel small sublookups 3. After comparing the information attached by matching subprefixes from both sub-lookups, the output of an incoming packet can be determined.

An Example of CES used in an IP Address 178. 200. 101. 147 10110010 11001000 01100101 10010011 Dotted-Decimal Notation Binary Notation 1101 1010 1000 1001 0100 1000 1011 0101 Two Artificial Sequence

An Example of CES used in an IP Address Prefix 178. 200. 101. 128 / 25 Prefix Length 10110010 11001000 01100101 1* 1101 1010 1000 1*/13 0100 1000 1011 */12 Lengths of Artificial Sequences

Splitting Forwarding Table No. 1 2 Des. Prefix 001* 010* Output Port 1 2 No. 1 2 3 4 Sub-Des. Prefix 00* 000* 01* 11* Forwarding Information 2(2), 3(5) 2(3) 1(1) 2(4), 4(6) 3 4 5 6 01000* 101* 0101* 111* 2 2 3 4 No. 1 2 Sub-Des. Prefix 0* 1* Forwarding Information 1(1), 2(4) 2(2), 4(6) 3 10* 2(3) 4 11* 3(5)

Structure of each sub-entry 1. The collection of forwarding unit a(b), which implies that the original prefix of this sub-prefix is forwarded to port a, and the associated index is b. 20-bit long sequence is enough to represent a forwarding unit. 2. a N-bit port indicator vector is associated with every sub-entry. A bit is set in the bit vector if and only if the port occurs in its forwarding information. Usually the width of it is no more than 128.

Features of the Sub-tables 1. CES makes the entries of two sub-tables well distributed. We define Pseudo-Hamming Distance (PHD) between two prefixes to determine the distance between two prefixes. MPHD is the mean of PHD of any two different prefixes in one table. 2. CES also balances the sub-prefix lengths in the two sub-tables. Mean Prefix Length(MPL) 3. CES makes the forwarding units well distributed in each sub-table. (a). of thei In each sub - table, the Basic Load of th where NP sub - entry BLFI i i? NP, i Forwarding Information (BLFI) is the total number of forwardingunits of thei th sub - entry.

(b). In each sub - table, the Mean Load of Forwarding Information (MLFI) of all sub - entries MLFI? K 1 K? i? 1 BLFI where K is the total number of sub - entries in thissub - table. i, (c). In each sub - table, the Standard Deviation offorwarding Information (SDFI) SDFI? K 1 K? i? 1 (BLFI MLFI) The smaller the SDFI, the better it is. 4. CES balances the comparison cost. i? 2. comparison cost factor (CCF) is used to judge whether the comparison load of those matching sub-prefixes in two sub-tables for an address lookup next is heavy or not. CCF is a statistical value from experiments, by counting the pairs really need to compare.

Entries Subentries MPHD MPL Max( BLFI) MLF I SDFI CCF Storage Cost (in Byte) 47206 Sub-table 1 4026 55.22 11.18 93 11.73 13.41 8 186.06K Sub-table 2 5341 56.56 11.18 86 8.84 9.71 209.15K 77002 Sub-table 1 5703 56.47 11.22 100 13.05 15.49 8 270.81K Sub-table 2 6989 57.84 11.22 78 11.02 12.57 241.95K Maeeast Maewest Aads 63980 Sub-table 1 5689 56.80 11.35 110 11.25 14.28 8 245.14K Sub-table 2 6735 57.45 11.35 89 9.50 10.84 261.44K Paix 22116 Sub-table 1 4077 54.59 11.15 40 5.42 5.35 7 117.65K Sub-table 2 4704 55.67 11.15 28 4.70 4.23 127.48K Table 1 Performance of sub-tables by using the CES Entries Sub-entries MPHD MPL Max(BLFI) MLFI SDFI Mae-east 47206 Sub-table 1 6939 59.85 16.00 280 6.80 13.63 Sub-table 2 1349 43.24 6.47 2735 34.99 93.62 Mae-west 77002 Sub-table 1 10794 23.32 16.00 253 7.13 15.33 Sub-table 2 1692 51.63 4.79 5939 45.50 164.45 Aads 63980 Sub-table 1 8314 61.54 16.00 465 7.69 16.65 Sub-table 2 3540 49.03 9.94 3385 18.07 73.38 Paix 22116 Sub-table 1 4540 59.68 16.00 128 4.87 7.98 Sub-table 2 1238 48.85 5.03 1406 17.86 49.95 Table 2 Performance of sub-tables by such a splitting rule extracting the higher 16 bits to form sub-table 1 and extracting the lower 16 bits to form sub-table 2

Comparison analyzing the matching sub-prefixes from two sub-tables common matching prefix. It can be implemented in an ASIC. 1. decide whether further comparing is necessary If? 1 then they should satisfy the following (1)? 2 and? only can be equal (2) In the two corresponding port indicator vectors,? i, i? N, PIV 2 are two the final matching sub - prefixes in the two - tables for an address, 1 i? PIV 2 i? to? 1 or? 2. compare the forwarding units 1-1; 1 (PIV is the port indicator vector). Entries Average delay (ns) Delay( 80% of comparisons) (ns) Mae-east 47206 2.24 <4.59 Mae-west 77002 3.36 <7.87 Aads 63980 1.96 <4.72 Paix 22116 0.56 <1.21

Search IP Address 01001100 00111101 11011000 01100111 00100110 10100101 10100111 11001011 Sub-table 1 Sub-table 2 Judge Yes Comparison Set Output port

Performance 1. The load of two sub-lookup systems keep in balance. 2. Overcome the problem of destination prefixes distribution dependent. 3. The heights of each extended LC trie is reduced. 4. Searching and comparison can work at the same time. 5. It is scalable for IPv6. 6. It can be extended to dynamic bits selection algorithms. 7. Since a forwarding table can be regarded as a 1-dimensional classifier, CES also can be used in packet classification.

Packet Classification Using Independent Sets Proposed by Xuehong Sun

General idea a multiple-field key forms a rule. The relation between any two rules is not equal Some of them are easy to distinguish (independent); others not. All the rules that are easy to distinguish are grouped. All the rules are partitioned into these groups. A data structure is proposed to make the search easy.

An example of an independent set

The corresponding graphs of the two dimension classifier

Merge sets of begin points into a master set

Add a virtual point to B_k

A data structure example

Experiments with different repeating factors f des rf src rf I-set 2 15422 1.95 14321 2.09 9 10 2807 10.69 2960 10.14 23 20 1422 21.10 1610 18.63 33 60 489 61.35 498 60.24 74

Experiments with different table sizes rules des rf rsc rf I-set 2000 65 30.8 62 32.3 34 10000 323 31 360 27.8 40 20000 677 29.5 710 28.2 43 100000 3499 28.6 3287 30.4 45 200000 7155 28 6567 30.5 48 1000000 32778 30.5 33698 29.7 61

Experiments with different percent of wildcards %wildcards Des rf Src rf I-set 10 1.46 1.46 6 30 1.59 1.58 7 50 1.72 1.72 6

Features inherently parallel very small memory requirements neither sensitive to the size of the rule table nor the percentage of wildcards in the fields scales well from two dimensional classifiers to high dimensional ones fast update easy to exploit the parallel and pipeline mechanism in the hardware

Thanks

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback