algorithms for advanced packet classification with
play

Algorithms for Advanced Packet Classification with Ternary CAMs - PowerPoint PPT Presentation

Sep 06, 2023 •227 likes •603 views

Algorithms for Advanced Packet Classification with Ternary CAMs Karthik Lakshminarayanan UC Berkeley Joint work with Anand Rangarajan and Srinivasan Venkatachary (Cypress Semiconductor) Packet Processing Environment Rule: acl-id src-addr

  1. Algorithms for Advanced Packet Classification with Ternary CAMs Karthik Lakshminarayanan UC Berkeley Joint work with Anand Rangarajan and Srinivasan Venkatachary (Cypress Semiconductor)

  2. Packet Processing Environment Rule: acl-id src-addr src-port dst-addr dst-port proto (e.g. acl1231 128.32.0.0/8 0-1023 32.12.1.1/16 1024 tcp) Rule Action Hdr Payload permit/deny, update counter … … Search Key ACL Database • Packet matches a set of rules based on the header • Examples: routers, intrusion detection systems

  3. Packet Processing Environment Rule: acl-id src-addr src-port dst-addr dst-port proto (e.g. acl1231 128.32.0.0/8 0-1023 32.12.1.1/16 1024 tcp) Rule Action Hdr Payload permit/deny, update counter … … Search Key ACL Database How are the rules stored? • TCAMs gaining widespread deployment – 6 million TCAM devices deployed – Used in multi-gigabit systems that have O(10,000) rules

  4. Ternary Content Addressable Memory • RAM: input = address, output = value • CAM: input = value, output = address

  5. Ternary Content Addressable Memory • Memory device with fixed-width arrays • Each bit is 0, 1 or x (don’t care) • Search is performed against all entries in parallel and the first result is returned TCAM 00100x1x001110x0x row 1 Search key 01110xxx001100xxx row 2 Output 011101xx001100x10 is “2” … width = W bits 1111101x1101000xx row n width = W bits

  6. Ternary Content Addressable Memory • Benefits: Deterministic Search Throughput – single cycle search irrespective of search key TCAM 00100x1x001110x0x row 1 Search key 01110xxx001100xxx row 2 Output 011101xx001100x10 is “2” … width = W bits 1111101x1101000xx row n width = W bits

  7. Problems • Range Representation Problem • Multimatch Classification Problem No modifications to TCAMs and simple � � Easy to deploy � �

  8. Problems • Range Representation Problem • Multimatch Classification Problem

  9. Range Representation Problem • (Recall that rules contain prefixes and ranges) • Representing prefixes in ternary is trivial – IP address prefixes present in rules – e.g. 128.32.136.0/24 would contain 8 ‘x’s at the end • Representing arbitrary ranges is not easy though – port fields might contain ranges – e.g. some security applications may allow ports 1024-65535 only Problem Statement: Given a range R, find the minimum number of ternary entries to represent R

  10. Why is efficient range representation an important problem? Number of range rules has increased over time

  11. Why is efficient range representation an important problem? Number of unique ranges have increased over time

  12. Earlier Approaches – I Prefix expansion of ranges: – express ranges as a union of prefixes – have a separate TCAM entry for each prefix • Example: the range [3,12] over a 4-bit field would expand to: – 0011 (3), 01xx (4-7), 10xx (8-11) and 1100 (12) – expansion: the number of entries a rule expands to • Worst-case expansion for a W-bit field is 2W-2 – example: [1,14] would expand to 0001, 001x, 01xx, 10xx, 110x, 1110 – 16-bit port field expands to 30 entries

  13. Why is efficient range representation an important problem? Two range fields – multiplicative effect

  14. Earlier Approaches – II Database-dependent encoding: – observation: TCAM array has some unused bits – use these additional bits to encode commonly occurring ranges in the database • TCAMs with IP ACLs have ~ 36 extra bits – 144-bit wide TCAMs – 104-bits + 4-bits typically used for IP ACL rules

  15. Earlier Approaches – II Database-dependent encoding: – observation: TCAM array has some unused bits – use these additional bits to encode commonly occurring ranges in the database • Example: Address Port … 12.123.0.0/16 20-24 … Set extra bit to 1 32.12.13.0/24 1024- … Set extra bit to x 128.0.0.0/8 20-24 … Set extra bit to 1 If search key falls in 20-24, set extra bit to 1, else set it to 0

  16. Earlier Approaches – II Database-dependent encoding: – observation: TCAM array has some unused bits – use these additional bits to encode commonly occurring ranges in the database • Improved version: Region-based Range Encoding • Disadvantages: – database dependent � incremental update is hard

  17. Database-Independent Range Pre- Encoding (DIRPE) • Key insight: use additional bits in a database independent way – wider representation of ranges – reduce expansion in the worst-case

  18. DIRPE: Fence Encoding • Fence encoding (W-bit field) • Fence encoding (W-bit field) – total of 2 W -1 bits – total of 2 W -1 bits – Encoding(0) = 0000000 – Encoding(0) = 0000000 Encoding(2) = 0000011 Encoding(2) = 0000011 Encoding(4) = 0001111 Encoding(4) = 0001111 – Encoding[2,4] = 000xx11 – Encoding[2,4] = 000xx11 • Using 2 W -1 bits, fence encoding achieves an expansion of 1 • Theorem: For achieving a worst-case row expansion of 1 for a W-bit range, 2 W -1 bits are necessary

  19. DIRPE: Using the Available Extra Bits • Two extremes: – no extra bits � worst case expansion is 2W–2 – 2 W –W–1 extra bits � worst case expansion is 1 • Is there something in between? – appropriate worst-case based on number of extra bits available

  20. DIRPE: Splitting the Range Field • Procedure: – split W-bit field into multiple chunks – encode each chunk using fence encoding – “combine” the chunks to form ternary entries k 0 bits k 1 bits k 2 bits W bits Combining chunks: analogous to multi-bit tries

  21. Unibit view of DIRPE (Prefix expansion) • W=3, split into three 1-bit chunks; Range=[1,6] • Each level can contribute to at most 2 prefixes (but for the top level) [0-7] x x x x x x [0-3] [4-7] 0xx 1xx [0-1] [2-3] [4-5] [6-7] 00x 01x 10x 11x 000 001 010 011 100 101 110 111

  22. Multi-bit view of DIRPE Width of each encoded chunk = 2 3 -1 = 7 bits • 9-bit field (W=9) 0-7 0-7 0-7 • 3 chunks, 3 bits wide • Range = [11,54] … = [013, 066] 0-0 0-7 0-7 Worst case … … expansion [16,47] = 2W/k – 1 0-0 1-1 0-7 0-0 2-5 0-7 0-0 6-6 0-7 000 00xxx11 xxxxxxx Number of extra [11,15] … … [48,54] bits needed 0-0 1-1 3-7 0-0 1-1 0-6 = (2 k -1)W/k - W 000 0000001 xxxx111 000 0111111 0xxxxxx

  23. Comparison of Expansion Worst-case expansion Real-life expansion

  24. Region-based DIRPE Prefix DIRPE + Metric Encoding (with k -bit Expansion Region-based (with r regions) chunks) F((2 k -1) log 2 r ) F(W(2 k -1) F(log 2 r + 2n-1 k Extra bits 0 - W) 2n-1 k ) r + r Worst-case 2log 2 r 2W ) F ) F ( - 1 ( capacity (2W-2) F (2log 2 r) F k k degradation Cost of an W ) F ) O(( incremental O(N) O(W F ) O(N) k update Pre-computed Both pieces table of size: W.2 k Overhead on ) O( O((log 2 r+ 2n-1 of logic from ) F.2 W ) k the packet None r previous logic gates processor ( or ) two columns O(nF) comparators of width W bits

  25. DIRPE: Summary Database independent Scales well for large databases Good incremental update properties Additional bits needed Small logic needed for modifying search key Does not affect throughput

  26. Problems • Range Expansion Problem • Multimatch Classification Problem

  27. Multimatch Classification Problem • TCAM search primitive: return first matching entry for a key • Multimatch requirement: return k matches (or all matches) for a key – security applications where all signatures that match this packet need to be found – accounting applications where counters have to be updated for all matching entries

  28. Earlier Approaches Entry Invalidation scheme: – maintain state of multimatch using an additional bit in TCAM called “valid” bit TCAM array x 00100x1x001110x0x Search key x 01110xxx001100xxx 0 match 011101xx001100x10 1 … valid bit 1111101x1101000xx x valid bit

  29. Earlier Approaches Entry Invalidation scheme: – maintain state of multimatch using an additional bit in TCAM called “valid” bit • Disadvantage: – ill-suited for multi-threaded environments

  30. Earlier Approaches Geometric intersection scheme: – construct geometric intersection (cross- products) of the fields and place in TCAM – pre-processing step is expensive – search is fast • Disadvantage: – does not scale well in capacity – for router dataset: expansion of 25—100

  31. Multimatch Using Discriminators (MUD) • Observation: after index j is matched, the ACL has to be searched for all indices > j • Basic idea: – store a discriminator field with each row that encodes the index of the row – to search rows with index >j, the search key is expanded to prefixes that correspond to > j – multiple searches are then issued

  32. MUD: Example TCAM array rule 0 0000 Search key rule 1 0001 match xxxx 011101xx00 rule 2 0010 … discriminator discriminator field

  33. MUD: Example TCAM array rule 0 0000 001x Search key 01xx rule 1 0001 match 1xxx 011101xx00 rule 2 0010 … discriminator discriminator field

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Packet Classification Omid Mashayekhi Vaibhav Chidrewar What is Packet Classification?

Packet Classification Omid Mashayekhi Vaibhav Chidrewar What is Packet Classification?

Packet Classification Omid Mashayekhi Vaibhav Chidrewar What is Packet Classification? Definition: The function of identifying and categorizing packets of data moving across the network Rule Source IP Dest IP Action R1 152.163.190.69/

574 views • 15 slides
P leaving only 32 ns to classify a packet. This daunting task ACKET classification enables network

P leaving only 32 ns to classify a packet. This daunting task ACKET classification enables network

IEEE TRANSACTIONS ON COMPUTERS, VOL. 60, NO. 5, MAY 2011 723 Toward Advocacy-Free Evaluation of Packet Classification Algorithms Haoyu Song, Member , IEEE , and Jonathan S. Turner, Fellow , IEEE Abstract Understanding the real performance

318 views • 11 slides
Hashing Round-down Prefixes for Rapid Packet Classification Fong Pong and Nian-Feng Tzeng*

Hashing Round-down Prefixes for Rapid Packet Classification Fong Pong and Nian-Feng Tzeng*

Hashing Round-down Prefixes for Rapid Packet Classification Fong Pong and Nian-Feng Tzeng* *Center for Advanced Computer Studies University of Louisiana, Lafayette, USA 1 Outline Packet Classification Review of Existing Decision Tree

803 views • 31 slides
ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer

ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer

ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer Networks Packet Processing Algorithms and Data Structures 9/16/03 Tilman Wolf 1 Packet Processing Packet Processing Software processing of

525 views • 11 slides
Advanced Geophysical Classification Projects September 13, 2016 1 Advanced Geophysical

Advanced Geophysical Classification Projects September 13, 2016 1 Advanced Geophysical

Advanced Geophysical Classification Projects September 13, 2016 1 Advanced Geophysical Classification Advanced EMI sensors utilize multiple transmitter and receiver coils to acquire data from numerous angles and positions Rich dataset can

927 views • 8 slides
Packet Classification Peng He (Institute of Computing Technology, China) Gaogang Xie(Institute of

Packet Classification Peng He (Institute of Computing Technology, China) Gaogang Xie(Institute of

Meta-algorithms for Software based Packet Classification Peng He (Institute of Computing Technology, China) Gaogang Xie(Institute of Computing Technology, China) Kav Salamatian (University of Savoie, France) Laurent Mathy (University of

443 views • 31 slides
Multi-dimensional Packet Classification Yadi Ma, Suman Banerjee University of Wisconsin-Madison

Multi-dimensional Packet Classification Yadi Ma, Suman Banerjee University of Wisconsin-Madison

A Smart Pre-Classifier to Reduce Power Consumption of TCAMs for Multi-dimensional Packet Classification Yadi Ma, Suman Banerjee University of Wisconsin-Madison Packet classification S1 L1 D S2 R Internet L2 Subnet A Subnet B

921 views • 65 slides
Classification & Filtering Traffic Management October 2016 Chelsio T5/T6 Packet

Classification & Filtering Traffic Management October 2016 Chelsio T5/T6 Packet

Classification & Filtering Traffic Management October 2016 Chelsio T5/T6 Packet Classification and Filtering Features 1. Supported Match Fields with Optional Masks Up to 500K exact-match and 2K wildcard rules, 20M/sec lookup rate, 200K

92 views • 6 slides
Algorithms for NLP Classification I Sachin Kumar - CMU Slides: Dan Klein UC Berkeley, Taylor

Algorithms for NLP Classification I Sachin Kumar - CMU Slides: Dan Klein UC Berkeley, Taylor

Algorithms for NLP Classification I Sachin Kumar - CMU Slides: Dan Klein UC Berkeley, Taylor Berg-Kirkpatrick, Yulia Tsvetkov CMU Classification Image Digit Classification Document Category Classification Query + Web Pages

771 views • 73 slides
Algorithms for NLP Classification Sachin Kumar Slides: Dan Klein UC Berkeley, Taylor

Algorithms for NLP Classification Sachin Kumar Slides: Dan Klein UC Berkeley, Taylor

Algorithms for NLP Classification Sachin Kumar Slides: Dan Klein UC Berkeley, Taylor Berg-Kirkpatrick, Yulia Tsvetkov CMU Classification Image Digit Classification Document Category Classification Query + Web Pages Best

738 views • 73 slides
Advanced Algorithms (I) Chihao Zhang Shanghai Jiao Tong University Feb. 25, 2019 Advanced

Advanced Algorithms (I) Chihao Zhang Shanghai Jiao Tong University Feb. 25, 2019 Advanced

Advanced Algorithms (I) Chihao Zhang Shanghai Jiao Tong University Feb. 25, 2019 Advanced Algorithms (I) 1/14 Advanced Algorithms In the course, we will learn Approximation Algorithms linear programming, semi-definite programming spectral

646 views • 64 slides
Week 7 Video 3 Advanced Clustering Algorithms Today Multiple advanced algorithms for

Week 7 Video 3 Advanced Clustering Algorithms Today Multiple advanced algorithms for

Week 7 Video 3 Advanced Clustering Algorithms Today Multiple advanced algorithms for clustering Gaussian Mixture Models Often called EM-based clustering Kind of a misnomer in my opinion What distinguishes this algorithm

681 views • 21 slides
via Improved Space zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA Packet Classification

via Improved Space zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA Packet Classification

via Improved Space zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA Packet Classification Email: zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA { zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA Decomposition Techniques Filippo Geraci,

480 views • 9 slides
SAX-PAC (Scalable And eXpressive PAcket Classification) Kirill Kogan Purdue University and

SAX-PAC (Scalable And eXpressive PAcket Classification) Kirill Kogan Purdue University and

SAX-PAC (Scalable And eXpressive PAcket Classification) Kirill Kogan Purdue University and IMDEA Networks Sergey Nikolenko Steklov Institute of Mathematics at St. Petersburg and National Research University Higher School of Economics Ori

335 views • 16 slides
BI G OH NOTATI ON Classification of Algorithms The running time of most algorithms is

BI G OH NOTATI ON Classification of Algorithms The running time of most algorithms is

BI G OH NOTATI ON Classification of Algorithms The running time of most algorithms is proportional to one of the following functions : instructions run only once constant solve a big problem by log N transforming it into a smaller problem

476 views • 8 slides
Exploiting Order Independence for Scalable and Expressive Packet Classification Author: Kirill

Exploiting Order Independence for Scalable and Expressive Packet Classification Author: Kirill

Exploiting Order Independence for Scalable and Expressive Packet Classification Author: Kirill Kogan, Sergey I. Nikolenko, Ori Rottenstreich, William Culhane, and Patrick Eugster Presenter: Qing Lyu 2017/04/12 IEEE/ACM TRANSACTIONS ON

787 views • 64 slides
Johnson County COVID-19 Recovery Planning Task Force April 21, 2020 1 Goals for the Task Force

Johnson County COVID-19 Recovery Planning Task Force April 21, 2020 1 Goals for the Task Force

Johnson County COVID-19 Recovery Planning Task Force April 21, 2020 1 Goals for the Task Force (with reference materials for review) Determine the phasing of business reopening https://www.centerforhealthsecurity.org/our-

442 views • 8 slides
STUDY OF DYNAMIC AND PERMANENT INDENTATION OF LAMINATES SUBJECTED TO LOW-VELOCITY IMPACT U Debo

STUDY OF DYNAMIC AND PERMANENT INDENTATION OF LAMINATES SUBJECTED TO LOW-VELOCITY IMPACT U Debo

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS STUDY OF DYNAMIC AND PERMANENT INDENTATION OF LAMINATES SUBJECTED TO LOW-VELOCITY IMPACT U Debo Liu UP * P , U Zhidong Guan U ,Wei He, Jun Wang School of Aeronautics Science and Engineering,

272 views • 5 slides
electricforceandfieldpresentation320150929.notebook September 29, 2015 1

electricforceandfieldpresentation320150929.notebook September 29, 2015 1

electricforceandfieldpresentation320150929.notebook September 29, 2015 1 electricforceandfieldpresentation320150929.notebook September 29, 2015 Electric Force And Field www.njctl.org 2

2.25k views • 194 slides
Rooting Relationships within Family Narratives Lisa Garland & Emily Bradshaw Objectives

Rooting Relationships within Family Narratives Lisa Garland & Emily Bradshaw Objectives

Rooting Relationships within Family Narratives Lisa Garland & Emily Bradshaw Objectives Participants will consider new opportunities to recognize relationships within the lives of those whom we partner in our practice. Participants

647 views • 20 slides
to Printed Electronics Launching consumer products Making integrated systems possible

to Printed Electronics Launching consumer products Making integrated systems possible

Imagine Memory Everywhere Thin Film Electronics ASA: Bringing Rewriteable Memory to Printed Electronics Launching consumer products Making integrated systems possible Davor Sutija, CEO Annual General Meeting 10 May, 2011 Agenda

296 views • 17 slides
BIST at ICT?! ?!!?!?!?!?!?!?!?!?!?!?!? The view at 10,000 feet John Malian, Cisco Systems, Inc.

BIST at ICT?! ?!!?!?!?!?!?!?!?!?!?!?!? The view at 10,000 feet John Malian, Cisco Systems, Inc.

BIST at ICT?! ?!!?!?!?!?!?!?!?!?!?!?!? The view at 10,000 feet John Malian, Cisco Systems, Inc. Agenda Background Benefits Current Method Deployed Projects Challenges Future Considerations Background There is a

622 views • 23 slides
INDEX E2E overview Pricing comparison amongst Peers New Products added recently

INDEX E2E overview Pricing comparison amongst Peers New Products added recently

E2E N ETWORKS L IMITED Investor update- Presentation Dec 2019 S AFE H ARBOR This presentation contains statements that contain forward looking statements including, but without limitation, statements relating to the

987 views • 20 slides
Informatics Practices Class XI ( As per CBSE Board) Visit : python.mykvs.in for regular updates

Informatics Practices Class XI ( As per CBSE Board) Visit : python.mykvs.in for regular updates

New syllabus 2020-21 Chapter 2 Computer Memory Informatics Practices Class XI ( As per CBSE Board) Visit : python.mykvs.in for regular updates Computer Memory A Computer Memory - is just like a human brain,is used to store data and

337 views • 20 slides

More recommend