Packet Classification Using Multi-Iteration RFC

Packet Classification Using Multi-Iteration RFC

Author:Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung WangPublisher:2013 IEEE 37th Annual Computer Software and Applications Conference WorkshopsPresenter:Chun-Sheng Hsueh

Date:2013/12/11

1

INTRODUCTION

Recursive Flow Classification (RFC) is a notable high-speed scheme

for packet classification. However, it may incur high memory

consumption in generating the pre-computed cross-product tables.

In this paper, the author propose a new scheme to reduce the memory

consumption by partitioning a rule database into several subsets.

The performance of a packet classification algorithm is measured by its

memory consumption and number of memory accesses to accomplish a

classification.

2

INTRODUCTION Currently, packet classification algorithms have different tradeoffs

between storage and speed performance.

◦ The algorithms based on hash tables have superior space

performance, but their speed performance cannot be guaranteed.

◦ Decision-tree-based algorithms use a decision tree to divide rules

into multiple linear-search groups. The speed and the storage

performance would vary according to the characteristics of rule

databases.

◦ TCAMs have been widely used to lookup rules. However,

TCAMs cannot store ranges; thus, range-to-prefix transformation

is required to degrade storage efficiency.3

PROPOSED SCHEME

This paper aim at improving the storage efficiency of RFC by

employing multiple RFC instances.

First, the author partition a rule database into several subsets. The

rules of each subset are stored in an independent RFC data

structure.

Each subset is then represented by an index rule and each index

rule points to the corresponding RFC data structure.

4

PROPOSED SCHEME

If we partition the database into k subsets, then k index rules are

created. These index rules are stored in another RFC data structure

(index RFC).

With the index RFC, we can determine which subsets an incoming

packet matches.

Next, the corresponding RFC data structures are accessed to

determine the matching rules.

5

PROPOSED SCHEME

The author describe the reasoning

for partitioning a rule database

by using an example.

6

PROPOSED SCHEME

An effective partitioning algorithm should meet several

requirements.

◦ The rules which are geometrically close to each other should be

categorized in the same subset. This requirement can avoid the

search procedure to access all subsets.

◦ Each rule should reside in exact one subset. A less efficient

partitioning technique may incur replicated rules to result in

extra storage.

◦ The number of rule subsets should be adjustable to accommodate

different rule databases.

7

PROPOSED SCHEME

In the following, we investigate the current techniques for

partitioning a rule database.

◦ The idea of tuple space divides a rule database into tuples based

on the number of bits specified in each field and the resulting set

of tuples is called tuple space.

◦ The decision-tree algorithms can divide a database into subsets

by using field attributes of a rule. When the attribute used for

partitioning a database is the field values, decision tree provides

a geometrical approach that the rules in the same subset are close

to each other.

8

PROPOSED SCHEME

As compared with tuple-based partitioning approaches, rule replication

is only one problem to overcome for using decision tree to partition a

rule database.

Our approach first generates a balanced binary decision tree where each

internal node divides the associated rules into two subsets. In the

procedure of constructing a decision tree, any replicated rules are

moved to the second decision tree.

After generating all decision trees, the rules in a leaf node are inserted

into an RFC data structure. Thus, the number of RFC data structures is

equal to the total number of leaf nodes in all decision trees.

9

PROPOSED SCHEME

10

PROPOSED SCHEME

For each RFC data structure, five filter fields are split into seven

chunks, including six 16-bit chunks and one 8-bit chunk in the first

phase.

For each chunk, a 2W-entry index array is constructed for accessing

the equivalence class ID (eqID) corresponding to the value of a

packet header field.

Each eqID is associated with a class bitmap to indicate the rules

matching the chunk equivalence set.

12

PROPOSED SCHEME

Two or three chunks are combined to generate a chunk in the next

phase by crossproducting their eqIDs. The class bitmap of a new

chunk is equal to the intersection of the class bitmaps of the merged

eqIDs.

Each distinct class bitmap represents an equivalence set in the new

phase.

The new eqIDs are stored in an index array whose size is equal to

the multiplication of the number of merged eqIDs. The procedure

proceeds until all chunks are merged.

13

PROPOSED SCHEME

For an incoming packet, the search procedure in an RFC data

structure starts by splitting the packet header into seven chunks.

The value of each chunk is used to access the eqID in the index

array.

If there is any subsequent phase, then the search procedure uses the

combination of the fetched eqID to generate the index of the next

phase.

As the procedure traverses to the last phase and fetches the eqID,

the class bitmap corresponding to the eqID is accessed to determine

the matching rules.

14

PROPOSED SCHEME

For an incoming packet, the complete search procedure starts by

traversing the index RFC data structure to find the matching index

rules.

Then, the search procedure proceeds to search the subsets of the

matching index rules by accessing the corresponding RFC data

structures.

The framework of our algorithm consists of six RFC data

structures, five for the resulted subsets and one for the index rules.

15

PROPOSED SCHEME

Table IV shows the crossproducting table entries in each phase for

the original RFC and our algorithm. In this example, this paper

reduce 63% entries of the original RFC.

16

REFINEMENTS

Merging Small Subsets:

◦ While partitioning a rule database, small subsets could be

generated.

◦ These small subsets would result in less efficient RFC data

structure. Extra memory accesses to these data structures are also

incurred.

17

REFINEMENTS

Merging the First Phases of Different RFCs:

◦ As mentioned above, we need k+1 RFC data structures for a

database partitioned into k groups. Since each of RFC data

structure is traversed independently, we need 7*(k+1) memory

accesses to retrieve eqIDs in the index arrays of the first phase.

◦ To reduce the number of memory accesses, we merge the index

arrays of the same chunk from different RFC data structures,

where each entry in the new array has k+1 fields.

◦ The number of memory accesses is thus reduced from 7*(k+1) to

seven for the first phase of all RFCs.18

REFINEMENTS

Merging the First Phases of Different RFCs:

◦ The lookup table of each 16-bit chunk is a 2^16-entry index

array and that for the 8-bit chunk is a 2^8-entry index array. If

we partition a database into k subsets, we will need

6*2^16*(k+1)+2^8*(k+1) array entries in the first phase.

◦ In order to reduce the memory consumption, we replace the

index array with a binary-search array for the first-phase eqIDs.

◦ For each index array, the eqIDs stored in contiguous entries

could be the same. We can merge them into an interval, which

starts from the first entry to the last entry with the same eqID.19

EXPERIMENTAL RESULTS

20


21


22


23


24


25


26

Packet Classification Using Multi-Iteration RFC

Documents

Transcript of Packet Classification Using Multi-Iteration RFC