Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prof. Younghee Lee 1 1 Computer Networks u Lecture 5: IP Addressing-route lookup Younghee Lee.

Similar presentations


Presentation on theme: "Prof. Younghee Lee 1 1 Computer Networks u Lecture 5: IP Addressing-route lookup Younghee Lee."— Presentation transcript:

1 Prof. Younghee Lee 1 1 Computer Networks u Lecture 5: IP Addressing-route lookup Younghee Lee

2 Prof. Younghee Lee 2 2 The Internet Protocol u Identifier: A sequence number to identify a datagram uniquely. u Flag: More bit(indicates the last fragment in original datagram), Don’t Fragment bit(can be discarded at some subnet->source routing advisable) u Fragment offset:: indicate where in the original datagram this fragment belongs u Time to live: somewhat similar to a hop count u Protocol: the next higher-level protocol

3 Prof. Younghee Lee 3 3 Type of Service u TOS subfield: guidance to the IP entity indicating the type or quality of service –The way in which a router learns which routes support which TOS »Domain administrator preconfigure the TOS associated with the routes »A routing protocol monitor the TOS along the routes monitoring delays, throughputs, and dropped datagrams.(ex: OSPF) u Typically ignored now u Replaced by DiffServ

4 Prof. Younghee Lee 4 4 IPv4 Options u Security: –Security label to be attached to a datagram u Source routing –A sequenced list of router addresses that specifies the routes to be followed. May be strict or loose u Route recording –allocated to record the sequence of routers visited by the datagram u Timestamping –The source IP entity and some intermediate routers add a time stamp (precision to milliseconds)

5 Prof. Younghee Lee 5 5 Naming and Addressing u Naming versus addressing –naming is typically a high-level description –addresses refer to specific physical resources –distinction hard to define but often clear: »icu.ac.kr »128.9.23.93 »D74A049C2384 u Naming/addressing formats –structure: flat versus partitioned (hierarchical) –duration: dynamic versus static –scope: local versus global u Domain Name System (DNS) names are names of hosts u DNS binds host names to interfaces u Routing binds interface names to paths

6 Prof. Younghee Lee 6 6 Name/Address Structure u Hierarchical address space –address space has structure: sequence of fields »fields identify autonomous organizations, geographical location,.. –hierarchical can simplifies routing –easily supports distributed assignment of addresses –can result in inefficient use of the address space –example: IP addresses, postal address, telephone numbers,.. u Flat address space –address has no structure: single field –easier to use full address space –lacks support for routing –example: IEEE addresses (48 bits)

7 Prof. Younghee Lee 7 7 IP Addressing: introduction u IP address: 32-bit identifier for host, router interface u interface: connection between host, router and physical link –router’s typically have multiple interfaces –host may have multiple interfaces –IP addresses associated with interface, not host, router 223.1.1.1 223.1.1.2 223.1.1.3 223.1.1.4 223.1.2.9 223.1.2.2 223.1.2.1 223.1.3.2 223.1.3.1 223.1.3.27 223.1.1.1 = 11011111 00000001 00000001 00000001 223 111

8 Prof. Younghee Lee 8 8 IP addresses: how to get one? Hosts (host portion): u hard-coded by system admin in a file u DHCP: Dynamic Host Configuration Protocol: dynamically get address: “plug-and-play” –host broadcasts “DHCP discover” msg –DHCP server responds with “DHCP offer” msg –host requests IP address: “DHCP request” msg –DHCP server sends address: “DHCP ack” msg u Auto-configuration –IPv6 stateless autoconfiguration –MANET AUTOCONF : »Standalone »With gateway: can be relatively simple but how to select gateway? »Stand-alone for most of the time but temporarily connected to the infrastructured network u e.g. car network connected while parked and disconnected otherwise »Strong DAD, Prophet, AROD

9 Prof. Younghee Lee 9 9 Hierarchical addressing: route aggregation “Send me anything with addresses beginning 200.23.16.0/20” 200.23.16.0/23200.23.18.0/23200.23.30.0/23 Fly-By-Night-ISP Organization 0 Organization 7 Internet Organization 1 ISPs-R-Us “Send me anything with addresses beginning 199.31.0.0/16” 200.23.20.0/23 Organization 2...... Hierarchical addressing allows efficient advertisement of routing information:

10 Prof. Younghee Lee 10 IP addressing: the last word... Q: How does an ISP get block of addresses? A: ICANN: Internet Corporation for Assigned Names and Numbers –allocates addresses –manages DNS –assigns domain names, resolves disputes

11 Prof. Younghee Lee 11 Addressing in IP v4 u Addresses are hierarchical. –address contains hint about location u Original design: 4 classes of subnets.: classful u Total IP address size: 4 billion –Class A: 128 networks, 16M hosts –Class B: 16K networks, 64K hosts –Class C: 2M networks, 256 hosts –Class D: for multicast –Class E: 1111, for experiment u 127.0.0.1: local host (a.k.a. the loopback address) u Host bits all set to 0: network address u Host bits all set to 1: broadcast address type network host A 0724 B 101416 C 110218 D 1110 28

12 Prof. Younghee Lee 12 Subnetting u Hierarchy can be extended to more than two layers. u Makes it possible to break up a network in multiple subnets. –provides flexibility to manage networks –packet forwarding between subnets is also done using routers, I.e. same as in Internet u Provides autonomy. –subnets inside network are not visible outside the network 10 NetworkHost NetworkHost Sub Net Subnet 1 Subnet 3 Subnet 2

13 Prof. Younghee Lee 13 IP Addressing: Issues u Running out of IP address space: short term solutions. –Classless inter-domain routing –Dynamic address assignment –Network address translation u Longer term solution for IP address shortage: IPv6. –Move to longer addresses: IPv6

14 Prof. Younghee Lee 14 IP Address Utilization (‘98) http://www.caida.org/outreach/resources/learn/ipv4space/

15 Prof. Younghee Lee 15 Problems with Simple Address Structure u Address space is not used very efficiently. –Address spaces for networks can only be 2**8, 2**16, 2**24 in size »Sizes differ by two orders of magnitude –Organizations that do not fit in smaller network (e.g. 257 hosts) need to use a size that is significantly larger u Running out of addresses. –Especially true for mid-sized networks –Class B – greatest problem »Sparsely populated – but people refuse to give it back –Class C too small for most domains –Very few class A – IANA (Internet Assigned Numbers Authority) very careful about giving u Routing tables are becoming too big. –100 of thousands of entries

16 Prof. Younghee Lee 16 Ideas Behind Classless Inter-Domain Routing u Use address space more efficiently by relaxing the strict address structure. –length of network address is variable –generalization of subnetting idea –makes network use more efficient u Have Internet service providers hand out blocks of addresses to their customers. –customers of ISPs appear like subnets of the ISP to other ISPs –reduces size of the routing tables

17 Prof. Younghee Lee 17 CIDR Addressing u Length of network address is variable and specified using a netmask. –Can make the address space just large enough u Can merge a group of adjacent class C addresses to form a larger network address. NetworkHosts0 NetworkHosts1 10 NetworkHosts 10

18 Prof. Younghee Lee 18 CIDR Address Allocation: Example ISP: 128.5.X.X Customer 1: 128.5.010xxxxx.X Customer 2: 128.5.110xxxxx.X Customer 3: 128.5.011xxxxx.X ISP 4 ISP Customer 1 Customer 1 Host Customer 2 Customer 2 Host Customer 3 Customer 3 Host ISP 5 ISP 3 ISP 2 Host Single route entry: 128.5/16

19 Prof. Younghee Lee 19 Route Lookup with CIDR u Need to store a netmask with each entry to indicate the size of the network identifier. –can no longer rely on type field u Problem: with CIDR there can be multiple matches when looking up an address. –Can for example happen when a customer switches ISPs but keeps addresses u Solution: lookup is based on longest prefix match. –when there are multiple matches, the match with the most bits (longest netmask) wins –Complicates route lookup! 10110110 10110110 010 10110110 010 0100011 Ex-ISP My Entry -> ISP 1 -> ISP 2

20 Prof. Younghee Lee 20 Shortcomings of CIDR u CIDR does not help with the large number of addresses that were already assigned before CIDR was introduced. u Many exceptions to CIDR addresses. –Customer receives a block of addresses and then moves to a different ISP »Typically keeps the same addresses –Many customers subscribe with several ISPs for redundancy »Example: 45 Mbs with a primary ISP, and 5 Mbs with two backup ISPs »Can only have one set of addresses

21 Prof. Younghee Lee 21 B IP NATs u NAT maps (private source IP, source port) onto (public source IP, unique source port) –reverse mapping on the way back –destination host does not know that is process is happening u Very simple working solution. –NAT functionality fits well with firewalls Publ A IP B IP A Port’ B Port Priv A IP B IP A Port B Port Publ A IP B Port B IP Priv A IP B Port A Port A Port’ A B

22 Prof. Younghee Lee 22 NAT Considerations u NAT has to be consistent during a session. –Set up mapping at the beginning of a session and maintain it during the session –Recycle the mapping that the end of the session »May be hard to detect u NAT only work for certain applications. –Some applications (e.g. ftp) pass IP information in payload –Need application level gateways to do a matching translation u NAT has to be consistent with other protocols. –ICMP, routing, … u Many flavors of NAT exist. –Basic, network address port translation (NAPT), bi-directional,..

23 Prof. Younghee Lee 23 NAT/firewall traversal of VoIP u Types of NAT functionality. –Full Cone If a host behind a NAT sends a packet from address:port {A:B}, the NAT process translates the address:port {A:B} to {X:Y} and causes a binding of {A:B} to {X:Y}. Any incoming packets (from any address) destined for {X:Y} are translated to {A:B}. –Partial/Restricted Cone full cone, However, once that first packet comes inward, the bindings are turned into complete four- component bindings. This enforces only packets from that source to be accepted and NATed from now onward. · –Symmetric Cone If a host behind a NAT sends a packet from address:port {A:B} to {C:D}, the NAT process translates the source address:port {A:B} to {X:Y} and causes a binding of {A:B} to {C:D} to {X:Y}. Only packets from {C:D} to {X:Y} are accepted in the reverse direction and these are NATed to {A:B}.

24 Prof. Younghee Lee 24 NAT/firewall traversal of VoIP

25 Prof. Younghee Lee 25 NAT/firewall traversal of VoIP u NAT problem –‘Bindings’ can only be initiated by outgoing traffic. –Unsolicited incoming calls cannot be supported. »Like incoming call of PABX can’t be translated without attendant.

26 Prof. Younghee Lee 26 NAT/firewall traversal of VoIP u Solutions to NAT problem –Universal Plug and Play (UPnP) »limited to small installations. –Simple Traversal of UDP Through Network Address Translation devices (STUN) »STUN does not work with the type most commonly found in corporate networks - the symmetric NAT. –TURN –ICE –Application Layer Gateway –Manual Configuration –Tunnel Techniques

27 Prof. Younghee Lee 27 NAT/firewall traversal of VoIP u STUN –The STUN protocol enables a SIP client to discover whether it is behind a NAT, and to determine the type of NAT. »STUN server: “This is what I see as the source address and port” u TURN –Server that is inserted in the media and signalling path. This TURN server is located either in the customers DMZ or in the Service Provider network. »Increase latency and packet loss

28 Prof. Younghee Lee 28 Skype : From the KaZaA community  A peer-to-peer VoIP client developed by KaZaa in 2003 : P2P – SIP u It has better voice quality than the MSN and Yahoo IM applications u It encrypts calls end-to-end, and stores user information in a decentralized fashion u Auto-detect NAT/firewall settings –STUN and TURN u Allows searching a user (e.g., kun*) u Promote to super node –Based on availability, capacity u Conferencing

29 Prof. Younghee Lee 29 Kazaa u FastTrack (aka Kazaa) –Modifies the Gnutella protocol into two-level hierarchy »Hybrid of Gnutella and Napster –Group leader »Nodes that have better connection to Internet »Act as temporary directory servers for other nodes in group »Maintains database, mapping names of content to IP address of its group member »Not a dedicated server; an ordinary server –Bootstrapping node »A peer wants to join the network contacts this node. »This node can designate this peer as new bootstrapping node. –Standard nodes »Connect to super nodes and report list of files »Allows slower nodes to participate –Broadcast (Gnutella-style) search across Group leader peer; Query flooding –Drawbacks »Fairly complex protocol to construct and maintain the overlay network »Group leader have more responsibility. Not truly decentralized »Still not purely serverless(Bootstrapping node is on “always up server”) Overlay peer Group leader peer Neighboring relationships In overlay network

30 Prof. Younghee Lee 30 IPv6 u Initial motivation: 32-bit address space completely allocated by 2008. –=> 128 bit address u Additional motivation: –header format helps speed processing/forwarding –header changes to facilitate QoS –new “anycast” address: route to “best” of several replicated servers u IPv6 datagram format: –fixed-length 40 byte header –no fragmentation allowed

31 Prof. Younghee Lee 31 IPv6 Header (Cont) Priority: identify priority among datagrams in flow Flow Label: identify datagrams in same “flow.” (concept of“flow” not well defined). Next header: identify upper layer protocol for data

32 Prof. Younghee Lee 32 IPv6 Header: Flow Label u A flow: –A sequence of packets sent from a particular source to a particular (unicast or multicast) destination for which the source desires special handling by the intervening routers. »A flow may comprise multiple TCP connections: file transfer application »A single application may generate multiple flow: multimedia conferencing u one flow for audio, one for graphic window,.. With different requirements u Rules applied to the flow label –The source assigns a flow label to a flow. Chosen randomly in range 1 to 2 24 -1. * a table with 2 24 (16 million) entries: memory burden. * on entry in the table per active flow: search the entire table => hash table approach, CAM?

33 Prof. Younghee Lee 33 Other Changes from IPv4 u Checksum: removed entirely to reduce processing time at each hop u Options: allowed, but outside of header, indicated by “Next Header” field u ICMPv6: new version of ICMP –additional message types, e.g. “Packet Too Big” –multicast group management functions u IPv6 eliminates fragmentation u Easy configuration –Provides stateless auto-configuration using hardware MAC address to provide unique base u Additional requirements –Support for security –Support for mobility

34 Prof. Younghee Lee 34 Migration from IPv4 to IPv6 u Interoperability with IPv4 is necessary for gradual deployment. u Two mechanisms: –dual stack operation: IPv6 nodes support both address types –tunneling: tunnel IPv6 packets through IPv4 clouds u Unfortunately there is little motivation for any one organization to move to IPv6. –the challenge is the existing hosts (using IPv4 addresses) –little benefit unless one can consistently use IPv6 »can no longer talk to IPv4 nodes –stretching address space through address translation seems to work reasonably well

35 Prof. Younghee Lee 35 Dual Stack Approach

36 Prof. Younghee Lee 36 Tunneling IPv6 inside IPv4 where needed

37 Prof. Younghee Lee 37 IPv6 Addresses u A interface may have multiple unicast addresses. –Allow subscriber that uses multiple access providers across the same interface to have separate addresses aggregated under each provider’s address space u Longer Internet addresses allow for aggregating addresses by hierarchies of network, access provider, geography, corporation… –smaller routing tables, faster table lookups u Address types –Unicast: an identifier for a single interface –Anycast: an identifier for a set of interface. Delivered to one of the interface(the “nearest” one for example) –Multicast: an identifier for a set of interfaces. Delivered to all interface.

38 Prof. Younghee Lee 38 IPv6 Stateless Autoconfiguration u Local communication with no intervention –Generate link-local address »corresponds to installed Ethernet network adapters. The last 64 bits of the IPv6 address is known as the interface identifier. It is derived from the 48-bit MAC address of the network adapter. »Perform Duplicate Address Detection –This looks like this: »FE80:0:0:0:XXXX:XXXX:XXXX:XXXX: prefix of FE80::/64 »The X’s are the EUI-64 address.(extended unique identifier; 24 for company id) »They could be a random 64 bit address also. »The only requirement is that the address be unique. –Start sending data u Global communication with no stateful server u Adds devices with no user configuration u Stateful configuration: DHCP

39 Prof. Younghee Lee 39 Routing : source routing u Source routing –List entire path in packet u Router processing –Examine first step in directions –Strip first step from packet –Forward to step just stripped off u Advantages –Switches can be very simple and fast u Disadvantages –Variable (unbounded) header size –Sources must know or discover topology (e.g., failures) u Typical use –Ad-hoc networks (DSR) –Machine room networks (Myrinet)

40 Prof. Younghee Lee 40 Routing : Virtual Circuits/Tag Switching u Connection setup phase –Each router allocates flow ID on local link –VC connection id u Each packet carries connection ID u Router processing –Lookup flow ID – simple table lookup –Replace flow ID with outgoing flow ID –Forward to output port u Advantages –More efficient lookup (simple table lookup) –More flexible (different path for each flow) –QoS: reserve bandwidth at connection setup –Easier for hardware implementations u Disadvantages –Complex signalling to route connection setup request : stateful –More complex failure recovery – must recreate connection state u Typical uses –ATM – combined with fix sized cells –MPLS – tag switching for IP networks

41 Prof. Younghee Lee 41 Routing : IP routing u Each switch has forwarding table of destination  next hop u Distributed routing algorithm for calculating forwarding tables u Routing table size –One entry for every host on the Internet »100M entries,doubling every year –One entry for every LAN »Every host on LAN shares prefix »Still too many, doubling every year –One entry for every organization »Every host in organization shares prefix »Requires careful address allocation u Advantages –Stateless – simple error recovery u Disadvantages –Every switch knows about every destination »Potentially large tables –All packets to destination take same route

42 Prof. Younghee Lee 42 Longest Prefix Match: is Harder than Exact Match u The destination address of an arriving packet does not carry with it the information to determine the length of the longest matching prefix u Hence, one needs to search among the space of all prefix lengths; as well as the space of all prefixes of a given length u Metrics for Lookup Algorithms –Speed (= number of memory accesses) –Storage requirements (= amount of memory) –Low update time (support ~5K updates/s) –Scalability »With length of prefix: IPv4 unicast (32b), Ethernet (48b), IPv4 multicast (64b), IPv6 unicast (128b) »With size of routing table: (sweetspot for today ’ s designs = 1 million) –Flexibility in implementation –Low preprocessing time

43 Prof. Younghee Lee 43 Longest Prefix Match u LPM in IPv4 Use 32 exact match algorithms for LPM! Exact match against prefixes of length 1 Exact match against prefixes of length 2 Exact match against prefixes of length 32 Network Address Port Priority Encode and pick

44 Prof. Younghee Lee 44 Patricia Tries u Trie: Use binary tree paths to encode prefixes u Advantage: simple to implement u Disadvantage: one lookup may take O(m), where m is number of bits (32 in the case of IPv4) 001xx 2 0100x 3 10xxx 1 01100 5 0 1 0 1 0 1 1 0 0 0 0 2 3 5 1

45 Prof. Younghee Lee 45 Skip Count vs. Path Compression u Removing one way branches ensures # of trie nodes is at most twice # of prefixes; (case: trie containing a small number of very long strings) –Patricia tries u Using a skip count requires exact match at end and backtracking on failure  path compression simpler P1 P2 P3P4 0 0 0 1 1 1 1 P1 P2 P3 P4 0 0 01 (Skip count) Skip 2 or 11 (path compressed) 1

46 Prof. Younghee Lee 46 Fast Longest Prefix Match u Lulea’s Routing Lookup Algorithm (Sigcomm’97) –use a three-level data structure u Multi-bit Tries u Controlled Prefix Expansion [Sri98] u Binary Search on Prefix Intervals [Lampson98] u Binary search on prefixes : Waldvogel – Sigcomm 97 u Longest prefix matching using bloom filters Longest prefix matching using bloom filters u Route caches –Temporal locality –Many packets to same destination

47 Prof. Younghee Lee 47 Fast Longest Prefix Match u Content addressable memory (CAM) –Hardware based route lookup –Input = tag, output = value associated with tag –Requires exact match with tag »Multiple cycles (1 per prefix searched) with single CAM »Multiple CAMs (1 per prefix) searched in parallel –Ternary CAM »0,1,don’t care values in tag match »Priority (I.e. longest prefix) by order of entries in CAM

48 Prof. Younghee Lee 48 Performance Comparison: Complexity AlgorithmLookupStorageUpdate Binary trieWNWW PatriciaW2W2 NW Path-compressed trieWNW Multi-ary trieW/kN*2 k - LC trieWN- Lulea--- Binary search on trie levelslogWNlogW- Binary search on intervalslog(2N)N- TCAM1NW

49 Prof. Younghee Lee 49 Performance Comparison AlgorithmLookup (ns)Storage (KB) Patricia (BSD)25003262 Multi-way fixed-stride optimal trie (3-levels)2981930 Multi-way fixed-stride optimal trie (5-levels)428660 LC trie-700 Lulea409160 Binary search on trie levels6501600 6-way search on intervals490950 Lookups with direct access15-609-33 * 1000 TCAM15-20512

50 Prof. Younghee Lee 50 Packet classification u Packet classification –The process of categorizing packets into “flows” in an Internet router –All packets belonging to the same flow obey a predefined rule and are processed in a similar manner by the router u Flow-aware router: keeps track of flows and perform similar processing on packets in a flow –Non best effort services, firewalls, QoS u Flow-unaware router (packet-by-packet router): treats each incoming packet individually

51 Prof. Younghee Lee 51 Example of Classification Rules u Access-control in firewalls –Deny all e-mail traffic from ISP-X to Y u Policy-based routing –Route IP telephony traffic from X to Y via ATM u Differentiate quality of service –Ensure that no more than 50 Mbps are injected from ISP-X u Committed Access Rate (rate limiting) –Rate limit WWW traffic from sub ­ interface#739 to 10Mbps

52 Prof. Younghee Lee 52 Complexity: Hard Problem u N rules and k header fields for k > 2 –O(log N k-1 ) time and O(N) space –O(log N) time and O(N k ) space u How many rules? –Largest for firewalls & similar  1700 –Diffserv/QoS  much larger  100k (?)

53 Prof. Younghee Lee 53 Multi-field Packet Classification Given a classifier with N rules, find the action associated with the highest priority rule matching an incoming packet. Example: packet (5.168.3.32, 152.133.171.71, …, TCP) Field 1Field 2…Field kAction Rule 15.3.90/212.13.8.11/32…UDPA1A1 Rule 25.168.3/24152.133/16…TCPA2A2 ……………… Rule N5.168/16152/8…ANYANAN

54 Prof. Younghee Lee 54 Special processin g Control Datapath: per-packet processing Routing lookup Flow-aware Router: Basic Architectural Components Routing, resource reservation, admission control, SLAs Packet classificatio n Switching Scheduling

55 Prof. Younghee Lee 55 Packet Classification: Problem Definition Given a classifier C with N rules, Rj, 1  j  N, where Rj consists of three entities: 1)A regular expression Rj[i], 1  i  d, on each of the d header fields, 2)A number, pri(Rj), indicating the priority of the rule in the classifier, and 3)An action, referred to as action(Rj). For an incoming packet P with the header considered as a d-tuple of points (P1, P2, …, Pd), the d-dimensional packet classification problem is to find the rule Rm with the highest priority among all the rules Rj matching the d-tuple; i.e., pri(Rm) > pri(Rj),  j  m, 1  j  N, such that Pi matches Rj[i], 1  i  d. We call rule Rm the best matching rule for packet P.

56 Prof. Younghee Lee 56 Example 4D classifier RuleL3-DAL3-SAL4-DPL4-PROTAction R1 152.163.190.69/255.2 55.255.255 152.163.80.11/255. 255.255.255 **Deny R2 152.168.3/255.255.25 5 152.163.200.157/2 55.255.255.255 eq wwwudpDeny R3 152.168.3/255.255.25 5 152.163.200.157/2 55.255.255.255 range 20-21udpPermit R4 152.168.3/255.255.25 5 152.163.200.157/2 55.255.255.255 eq wwwtcpDeny R5 ****Deny

57 Prof. Younghee Lee 57 Example Classification Results Pkt Hdr L3-DAL3-SAL4-DPL4-PROTRule, Action P1 152.163.190.69152.163.80.11wwwtcpR1, Deny P2 152.168.3.21152.163.200.157wwwudpR2, Deny

58 Prof. Younghee Lee 58 Classification is a Generalization of Lookup u Classifier = routing table u One-dimension (destination address) u Rule = routing table entry u Regular expression = prefix u Action = (next-hop-address, port) u Priority = prefix-length

59 Prof. Younghee Lee 59 Example u Two-dimension space, i.e., classification based on two fields u Complexity depends on the layout, i.e., how many distinct regions are created

60 Prof. Younghee Lee 60 Classification algorithm u Linear search –The simplest data structure is a linked list of rules stored in order of decreasing priority

61 Prof. Younghee Lee 61 Recursive Flow Classification [Gupta99] u Difficult to achieve both high classification rate and reasonable storage in the worst case u Real classifiers exhibit structure and redundancy u A practical scheme could exploit this structure and redundancy Observations:

62 Prof. Younghee Lee 62 RFC: Classifier Dataset u 793 classifiers from 101 ISP and enterprise networks with a total of 41505 rules. –Classifier (policy database) u 40 classifiers: more than 100 rules. Biggest classifier had 1733 rules. u Maximum of 4 fields per rule: source IP address, destination IP address, protocol and destination port number.

63 Prof. Younghee Lee 63 RFC: u Problem formulation: –Map S bits (i.e., the bits of all the F fields) to T bits (i.e., the class identifier) u Main idea: –Create a 2 S size table with pre-computed values; each entry contains the class identifier »Only one memory access needed –…but this is impractical  require huge memory –Use recursion: trade speed (number of memory accesses) for memory footprint

64 Prof. Younghee Lee 64 The RFC Algorithm u At each stage the algorithm maps one set of values to a smaller set –A set of memories return a value shorter than the index of the memory access u Split the F fields in chunks 1. Use the value of each chunk to index into a table Indexing is done in parallel 2. Combine results from previous phase, and repeat 3. In the final phase we obtain only one value that is action

65 Prof. Younghee Lee 65 Chunking of a Packet Source L3 Address Destination L3 Address L4 protocol and flags Source L4 port Destination L4 port Type of Service Packet Header Chunk #0 Chunk #7

66 Prof. Younghee Lee 66 The RFC Algorithm

67 Prof. Younghee Lee 67 Complete Example indx=c02*6+c03*3+c05 indx=c10*5+c11

68 Prof. Younghee Lee 68

69 Prof. Younghee Lee 69 Choice of Reduction Tree 3 2 1 0 5 4 Number of phases = P = 3 10 memory accesses 3 2 1 0 5 4 Number of phases = P = 4 11 memory acceses

70 Prof. Younghee Lee 70 RFC: Classification Time u Pipelined hardware: 30 Mpps (worst case OC192) using two 4Mb SRAMs and two 64Mb SDRAMs at 125MHz. u Software: (3 phases) 1 Mpps in the worst case and 1.4-1.7 Mpps in the average case. (average case OC48) [performance measured using Intel Vtune simulator on a windows NT platform]

71 Prof. Younghee Lee 71 RFC: Pros and Cons Advantages  Exploits structure of real-life classifiers  Suitable for multiple fields  Supports non-contiguous masks  Fast accesses Disadvantages  Depends on structure of classifiers  Large pre-processing time  Incremental updates slow  Large worst-case storage requirements

72 Prof. Younghee Lee 72 Summary of classification schemes

73 Prof. Younghee Lee 73 u Lookup/Classification Chip Vendors –Switch-on –Fastchip –Agere –Solidum –Siliconaccess –TCAM vendors: Netlogic, Lara, Sibercore, Mosaid, Klsi etc. u Packet classification still an area of active research Summary of classification schemes


Download ppt "Prof. Younghee Lee 1 1 Computer Networks u Lecture 5: IP Addressing-route lookup Younghee Lee."

Similar presentations


Ads by Google