Packet Classifiers In Ternary CAMs Can Be Smaller Qunfeng Dong (University of Wisconsin-Madison)...
-
Upload
marilynn-tyler -
Category
Documents
-
view
216 -
download
2
Transcript of Packet Classifiers In Ternary CAMs Can Be Smaller Qunfeng Dong (University of Wisconsin-Madison)...
Packet Classifiers InPacket Classifiers InTernary CAMs Can Be SmallerTernary CAMs Can Be Smaller
Qunfeng Dong (University of Wisconsin-Madison)Qunfeng Dong (University of Wisconsin-Madison)
Suman Banerjee (University of Wisconsin-Madison)Suman Banerjee (University of Wisconsin-Madison)
Jia Wang (AT&T Laboratories – Research)Jia Wang (AT&T Laboratories – Research)
Dheeraj Agrawal (University of Wisconsin-Madison)Dheeraj Agrawal (University of Wisconsin-Madison)
Ashutosh Shukla (University of Wisconsin-Ashutosh Shukla (University of Wisconsin-
Madison)Madison)
SIGMETRICS 2006SIGMETRICS 2006
Introduction TCAM is the favoured solution for wire speed packet classification
in backbone routers. TCAM suffers size explosion on range specifications. Previous techniques require modification to packet processors.
Motivation Trimming rules Expanding rules Adding rules Merging rules
Design Evaluation Summary Future work
Outline
Packet classification [SVSW98,LS98] Use a set of rules for finer differentiation of packets based on
multiple packet header fields. Is the foundation of many Internet functions (e.g. security, QoS, VPN,
etc).
Each rule specifies a range clause on each relevant fielde.g. the source port must be in the range [5000, 65535]Prefix, single value and wildcard are all special ranges.
A rule matchesmatches a packet iff every range clause is satisfied. Objective:
For each incoming packet, find the first (i.e., highest priority) rule that matches the packet.
Introduction
TCAM is the favoured solution for packet classification. Pure software solutions are becoming increasingly difficult as the
gap between wire speeds and memory speeds keeps widening.
Unfortunately, TCAM suffers size explosion on range clauses and accounts for a significant portion of the cost of a router line card. Each range clause can take many TCAM entries. The total amount of TCAM entries needed is the product of the
number of TCAM entries needed to represent individual range clauses.
Introduction
Rule:
TCAM:
Field AField A DecisionDecision
[64, 127][64, 127] DenyDeny
Field AField A DecisionDecision
0101×××××××××××× 00
Rule:
TCAM:
Field AField A DecisionDecision
[80, 127][80, 127] DenyDeny
Field AField A DecisionDecision
010101××××01×××× 00
01011×××××1××××× 00
Rule:
TCAM:
Field AField A DecisionDecision
[80, 127][80, 127] DenyDeny
Field AField A DecisionDecision
010101××××01×××× 00
01011×××××1××××× 00
Rule:
TCAM:
Field AField A Field BField B DecisionDecision
[80, 127][80, 127] [80, 127][80, 127] DenyDeny
Field AField A Field BField B DecisionDecision
010101××××01×××× 010101××××01×××× 00
010101××××01×××× 01011×××××1××××× 00
01011×××××1××××× 010101××××01×××× 00
01011×××××1××××× 01011×××××1××××× 00
Fact:The total number of TCAM entries
needed to represent a rule is the product
of the number of TCAM entries needed
to represent its range clauses!
Fact:A rule that specifies range clauses on
the 16-bit source port and destination
port can take (2×16-2) × (2×16-2) =
900 TCAM entries to represent!
Our objective To be cost efficient, we want to reduce the amount of TCAM entries
needed to implement a given rule set.Without modifying its semantics!
Our approach is to transform the given rule set into a semantically equivalent rule set that requires less TCAM entries to represent. Previously proposed techniques:
Represent rules in a new format (e.g., [SIGCOMM’05]) Need to modify packet processor hardware to interpret the new format.
Our techniques do not change the format of rule sets and hence do not require any hardware modification
Trimming rulesExpanding rulesAdding rulesMerging rules
Our Objective & Approach
Rule: TCAM:
Rule: TCAM:
Trimming Rules
Field AField A DecisionDecision
[96, 127][96, 127] DenyDeny
[100, 255][100, 255] PermitPermit
Field AField A DecisionDecision
0011×××××11××××× 00
011001××011001×× 11
01101×××01101××× 11
0111××××0111×××× 11
1×××××××1××××××× 11
Field AField A DecisionDecision
[96, 127][96, 127] DenyDeny
[128, 255][128, 255] PermitPermit
Field AField A DecisionDecision
0011×××××11××××× 00
1×××××××1××××××× 11
Rule: TCAM:
Rule: TCAM:
Expanding Rules
Field AField A DecisionDecision
[32, 79][32, 79] DenyDeny
[72, 255][72, 255] PermitPermit
Field AField A DecisionDecision
0001×××××01××××× 00
010100××××00×××× 00
01001×××01001××× 11
0101××××0101×××× 11
011×××××011××××× 11
1×××××××1××××××× 11
Field AField A DecisionDecision
[32, 79][32, 79] DenyDeny
[64, 255][64, 255] PermitPermit
Field AField A DecisionDecision
0001×××××01××××× 00
010100××××00×××× 00
01××××××01×××××× 11
1×××××××1××××××× 11
Rule: TCAM:
Rule: TCAM:
Adding Rules
Field AField A DecisionDecision
[64, 119][64, 119] DenyDeny
[0, 255][0, 255] PermitPermit
Field AField A DecisionDecision
0010×××××10××××× 00
00110××××110×××× 00
001110×××1110××× 00
×××××××××××××××× 11
Field AField A DecisionDecision
[120, 127][120, 127] PermitPermit
[64, 127][64, 127] DenyDeny
[0, 255][0, 255] PermitPermit
Field AField A DecisionDecision
001111×××1111××× 11
001××××××1×××××× 00
1×××××××1××××××× 11
Rule: TCAM:
Rule: TCAM:
Merging Rules
Field AField A DecisionDecision
[96, 111][96, 111] PermitPermit
[64, 95][64, 95] DenyDeny
[100, 127][100, 127] DenyDeny
[0, 255][0, 255] PermitPermit
Field AField A DecisionDecision
00110××××110×××× 11
0010×××××10××××× 00
0011001××11001×× 00
001101×××1101××× 00
00111××××111×××× 00
×××××××××××××××× 11
Field AField A DecisionDecision
[96, 111][96, 111] PermitPermit
[64, 127][64, 127] DenyDeny
[0, 255][0, 255] PermitPermit
Field AField A DecisionDecision
00110××××110×××× 11
001××××××1×××××× 00
1×××××××1××××××× 11
Framework
Expandingwill help?
NO
YES
Last Rule?
YES
NO
Remove Redundancy
Trim Rule Set
Expand Rule
Adding a rulewill help?
NO
YESAdd A Rule
Merge with otherrules will help?
NO
YESMerge Rules
Get Next Rule
Last Rule?
YES
NO
Compute the coreregion of each rule
Trim the rule to be theminimum hypercube thatencloses its core region
If a range clause originallyspecifies a prefix, expand it
to be the minimum prefix
Trim Rule
To preserve the semantics of the rule set
To avoid unnecessary increase in the number of TCAM entries needed
Core region is the part of a rule’s definition region that is not covered by higher rules
or lower rules of the same color
Get Next Rule
Expansionallowed?
YES
NO
Perform a minimumexpansion of the chosen
range clause
Expand Rule
A minimum expansion of the chosen clause should lead to the largest decrease in the
number of TCAM entries neededPick a range clauseto expand
Any range clausecan be expand?
NO
YES
Expansionallowed?
YES
NO
Perform a minimumexpansion of the chosen
range clause
Expand with Adding Rules
A minimum expansion of the chosen clause should lead to the largest decrease in the
number of TCAM entries neededPick a range clauseto expand
Any range clausecan be expand?
NO
YES
Add a rule before andexpand the current rule
Semantics of therule set preserved?
YES
NO
Roll backNumber of TCAM entriesof the rule reduced?
YES NO
Expansionallowed?
YES
NO
Perform a minimumexpansion of the chosen
range clause
A minimum expansion of the chosen clause should lead to the largest decrease in the
number of TCAM entries neededPick a range clauseto expand
Any range clausecan be expand?
NO
YES
Add a rule before andexpand the current rule
Semantics of the rule set preserved?
NO
NO
Roll backNumber of TCAM entriesof the rule set reduced?
YES NO
YES
Number of TCAM entriesof the rule reduced?
Remove redundancy
YES
Expand with Adding/Merging Rules
Real rule sets 1000+ real rule sets from the network of a tier-1 ISP Each rule specifies clauses on source IP, destination IP, source
port, destination port and protocol type. Action doesn’t matter here.
Evaluation
Ramdom rule sets 100 randomly generated rule sets IP addresses a random prefix Protocol type a random number Port range a random sub-range of [0, 65535] Action randomly selected from actions in real rule sets
Evaluation
Packet classification is the foundation of many Internet functions.
TCAM is the favoured solution for packet classification. Pure software solutions are becoming increasingly difficult as the
gap between wire speeds and memory speeds keeps widening.
TCAM suffers size explosion on range clauses. TCAM accounts for a significant portion of the cost of router line
cards.
We propose (a set of techniques) to define smaller but semantically equivalent rule sets. Do not require any hardware modification. Become even more effective with more range clauses!
Summary
Work in progress:Wire Speed Packet Classification Without TCAM:
One More Register (And A Bit of Logic) Is Enough
Poster @ ACM SIGCOMM 2006
Pisa, Italy
9.11 ~ 9.15
Future Work
More coming…Besides packet classification based on
the standard 5-tuple, deep packet
classification based on payload is another
important topic of interest.
Future Work
Thank you!Thank you!Qunfeng DongQunfeng Dong
University of Wisconsin - MadisonUniversity of Wisconsin - Madison
Email: [email protected]: [email protected]
SIGMETRICS 2006SIGMETRICS 2006