Packet Classification. George Varghese

Similar documents
ECE697AA Lecture 21. Packet Classification

Data Structures for Packet Classification

AN EFFICIENT HYBRID ALGORITHM FOR MULTIDIMENSIONAL PACKET CLASSIFICATION

Implementation of Boundary Cutting Algorithm Using Packet Classification

Problem Statement. Algorithm MinDPQ (contd.) Algorithm MinDPQ. Summary of Algorithm MinDPQ. Algorithm MinDPQ: Experimental Results.

DESIGN AND IMPLEMENTATION OF OPTIMIZED PACKET CLASSIFIER

Packet Classification for Core Routers: Is there an alternative to CAMs?

Homework 1 Solutions:

Performance Evaluation and Improvement of Algorithmic Approaches for Packet Classification

Towards Effective Packet Classification. J. Li, Y. Qi, and B. Xu Network Security Lab RIIT, Tsinghua University Dec, 2005

Priority Area-based Quad-Tree Packet Classification Algorithm and Its Mathematical Framework

EVERY Internet router today can forward entering Internet

Forwarding and Routers : Computer Networking. Original IP Route Lookup. Outline

ITTC High-Performance Networking The University of Kansas EECS 881 Packet Switch I/O Processing

Packet Classification Using Dynamically Generated Decision Trees

CS 268: Route Lookup and Packet Classification

Grid of Segment Trees for Packet Classification

TOWARDS EFFECTIVE PACKET CLASSIFICATION

Performance Improvement of Hardware-Based Packet Classification Algorithm

Design of a High Speed FPGA-Based Classifier for Efficient Packet Classification

Algorithms for Packet Classification

Fast Packet Classification Algorithms

Design of a Multi-Dimensional Packet Classifier for Network Processors

A middle ground between CAMs and DAGs for high-speed packet classification

Switch and Router Design. Packet Processing Examples. Packet Processing Examples. Packet Processing Rate 12/14/2011

Packet Classification: From Theory to Practice

Message Switch. Processor(s) 0* 1 100* 6 1* 2 Forwarding Table

IP Forwarding. CSU CS557, Spring 2018 Instructor: Lorenzo De Carli

Three Different Designs for Packet Classification

CS419: Computer Networks. Lecture 6: March 7, 2005 Fast Address Lookup:

Packet Classification via Improved Space Decomposition Techniques

Packet Classification Algorithms: A Survey

Towards High-performance Flow-level level Packet Processing on Multi-core Network Processors

Selective Boundary Cutting For Packet Classification SOUMYA. K 1, CHANDRA SEKHAR. M 2

Fast Firewall Implementations for Software and Hardware-based Routers

Recursive Flow Classification: An Algorithm for Packet Classification on Multiple Fields

Efficient Packet Classification using Splay Tree Models

Generic Architecture. EECS 122: Introduction to Computer Networks Switch and Router Architectures. Shared Memory (1 st Generation) Today s Lecture

A Scalable Approach for Packet Classification Using Rule-Base Partition

MULTI-MATCH PACKET CLASSIFICATION BASED ON DISTRIBUTED HASHTABLE

Routers: Forwarding EECS 122: Lecture 13

Packet Classification Using Standard Access Control List

EECS 122: Introduction to Computer Networks Switch and Router Architectures. Today s Lecture

Scalable Packet Classification for IPv6 by Using Limited TCAMs

Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA

Tree-Based Minimization of TCAM Entries for Packet Classification

Routers: Forwarding EECS 122: Lecture 13

Efficient Multi-Match Packet Classification with TCAM

Efficient TCAM Encoding Schemes for Packet Classification using Gray Code

HSM: A Fast Packet Classification Algorithm

Survey and Taxonomy of Packet Classification Techniques

Flow Caching for High Entropy Packet Fields

A STUDY & COMPARATIVE EVALUATION OF PACKET CLASSIFICATION ALGORITHMS

Router Design: Table Lookups and Packet Scheduling EECS 122: Lecture 13

Computer Networks 56 (2012) Contents lists available at SciVerse ScienceDirect. Computer Networks

Toward Predictable Performance in Decision Tree based Packet Classification Algorithms

ECE697AA Lecture 20. Forwarding Tables

A Multi Gigabit FPGA-based 5-tuple classification system

Real Time Packet Classification and Analysis based on Bloom Filter for Longest Prefix Matching

Packet Classification Algorithm Based on Geometric Tree by using Recursive Dimensional Cutting (DimCut)

Scalable Packet Classification

Proceedings of the UGC Sponsored National Conference on Advanced Networking and Applications, 27 th March 2015

Scalable Packet Classification on FPGA

ERFC: An Enhanced Recursive Flow Classification Algorithm

Packet Classification Algorithms: From Theory to Practice

Packet Classification for Core Routers: Is there an alternative to CAMs?

Multi-core Implementation of Decomposition-based Packet Classification Algorithms 1

DBS: A Bit-level Heuristic Packet Classification Algorithm for High Speed Network

Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA

Network layer (addendum) Slides adapted from material by Nick McKeown and Kevin Lai

Memory-Efficient 5D Packet Classification At 40 Gbps

Packet Classification using Rule Caching

SINCE the ever increasing dependency on the Internet, there

Packet classification using diagonal-based tuple space search q

All-Match Based Complete Redundancy Removal for Packet Classifiers in TCAMs

HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification

CS 457 Networking and the Internet. Network Overview (cont d) 8/29/16. Circuit Switching (e.g., Phone Network) Fall 2016 Indrajit Ray

SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification. Fang Yu, T.V. Lakshman, Martin Austin Motoyama, Randy H.

Multiway Range Trees: Scalable IP Lookup with Fast Updates

Survey on Multi Field Packet Classification Techniques

Hierarchical Intelligent Cuttings: A Dynamic Multi-dimensional Packet Classification Algorithm

Router Architectures

Cryptanalyzing the Polynomial Reconstruction based Public-Key System under Optimal Parameter Choice

incrementally update the data structure on insertion or deletion of classification rules. An algorithm that supports incremental updates is said to be

Midterm Review. Congestion Mgt, CIDR addresses,tcp processing, TCP close. Routing. hierarchical networks. Routing with OSPF, IS-IS, BGP-4

A Configurable Packet Classification Architecture for Software- Defined Networking

CS 268: Computer Networking

Strategies for Mitigating TCAM Space Bottlenecks

ALGORITHMS FOR ROUTING LOOKUPS AND PACKET CLASSIFICATION

15-744: Computer Networking. Routers

Bitmap Intersection Lookup (BIL) : A Packet Classification s Algorithm with Rules Updating

Lecture 11: Fragmentation & Addressing. CSE 123: Computer Networks Stefan Savage

Trees in the List: Accelerating List-based Packet Classification Through Controlled Rule Set Expansion

EffiCuts: Optimizing Packet Classification for Memory and Throughput

Improving QOS in IP Networks. Principles for QOS Guarantees

Lectures 8/9. 1 Overview. 2 Prelude:Routing on the Grid. 3 A couple of networks.

Chapter 6 Addressing the Network- IPv4

Fast and scalable conflict detection for packet classifiers

HEADER SPACE ANALYSIS

Scalable Packet Classification using Distributed Crossproducting of Field Labels

Transcription:

Packet Classification George Varghese

Original Motivation: Firewalls Firewalls use packet filtering to block say ssh and force access to web and mail via proxies. Still part of defense in depth today. Need fast wire speed packet filtering

Simplified Internet Message Format Dest and Src IP address (telephone numbers). Dst and Src Ports (extensions): indicate protocol For instance, Port 80 = Web, Mail = 25

Sample Firewall Database

Beyond firewalls today

Service differentiation via classification Every router in world: if packet addressed to router, do packet classification before LPM. Extract 5 (or more fields). If there is a match, treat packet as specified by highest match rule. Can use to drop packets, give some applications more QoS, different routes for some apps etc. Standard solution: CAMs. But lets look at some algorithmic solutions some of which are used. Routers often support 1000s of rules so linear search (despite parallel logic) is too slow.

Plan of Attack First, 2-field (2D) packet classification. Useful for measurement and multicast. Then we introduce a nice geometric model and move on to general K-field classification.

2D (two field) example

First attempt: Set Pruning Tries Each destination prefix D points to a trie containing all source prefixes in rules whose destination field is a prefix of D. O(N^2) memory!

Worst-case example for storage

Less memory via backtracking Source tries now only contain sources in rules whose destination is equal to D. O(W^2) time.

Grid of Tries (Srinvasan-Varghese) Use pre-computed switch pointers (dashed line). No backtracking and linear space.

Geometric Model (Lakshman-Staliadis) Example: F1 = (0*, 10*). Each field is a dimension in geometric space

Beyond 2D Bad News: Lower bound (computational geometry): O((W^k)/k!) time for linear storage. Good news: (Gupta-Mckeown): # of Disjoint classification regions in real databases is small. For example: theoretically in 2D we can have N^2 disjoint regions but practically we have O(N) Can we exploit this observation for speed with small storage. Yes, but not provably. Heuristics.

Divide and Conquer? Natural to try LPM in each field separately and combine. Concatenation does not work!

Aside: Range to Prefix Matches Real classifiers use ranges (e.g., < 1024 for well known ports). Theorem: Can write any range as the union of a logaritmic number of prefix ranges. Example: [8,12] in 5 bits. 01* does not work but 0100* and 0101* and 011000 does! Useful theorem for CAM vendors as well as they only support prefix ranges. Recall hardware!

Bit Vector (Lakshman-Staliadis) Store an N-bit vector with each field value M with bit J set in Field I if M matches Rule I in field J. AND and find first bit set. Priority Encoder.

Why is Lucent Fast? Since the bit vectors are O(N), from a CS perspective it is O(N), as bad as linear search. Really reduces constants uses wide memories. Nk/W memory accesses where W is width. Recall W = 1000 is feasible 1000 rule tables in a few accesses, many of which are parallel. Moral: Know hardware complexity measures!

Cross-Products (Srinivasan-Varghese) Theorem: Best matching rule for crossproduct is best matcing rule for packet.

Equivalenced Crossproducts (Gupta-Mckeown): aka RFC Idea: Instead of multiplying in 1 fell swoop, do 2 at a time and equivalence at each step. GSR 16 crossproducts but only 8 classes!

Hi Cuts (Gupta-Mckeown) Different idea: Decision tree in geemetric space to zero in on narrowest matching region.

State of Art Woo algorithm: Like HiCuts but uses bit testing and not range testing. Hypercuts (Singh): beyond Woo to test multiple bits at a time using arrays. Cisco CRS Space usage of Hypercuts/HiCuts can be employed using 2 parallel trees (Brian Alleyne) Efficuts (Purdue, SIGCOMM 2010) is a publicly available implementation of best ideas so far. CAMs still easier though need algorithmic tricks to reduce power.

Principles Used P1: Relax Specification (heuristics beyond 2D) P2: Degrees of freedom (HiCuts Hypercuts) P3: Shift Computation in Time (grid-of-tries) P4: Avoid Waste seen (Crossproducts RFC) P5: Add State for efficiency (switch pointers) P6: Hardware parallelism (Bit vector) P8: Finite universe methods (Bit vector) P9: Use algorithmic thinking (decision trees)

Students like you... PANKAJ CHEENU SUMEET Stanford Sahasra Netlogic Twitter UCSD Sahasra Netlogic Google UCSD NetSift Cisco SO DO A GREAT PROJECT! SOME MORE PAPERS UP

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback