Outline Introduction Related work on packet classification Grouper Performance Empirical Evaluation Conclusions
Introducing Grouper A packet classification algorithm Parameterized by the amount of memory available to it Trades classification speed for memory efficiency Obtains good performance under real-world memory constraints
Quick (Over|Re)view of Packet Classifiers Takes in a list of rules, each specifying a class of packets matched by that rule The rules are usually arranged by priority Example policy here New slide: The classifier’s job is to input packets, and for every input, output a corresponding class number Typically, by outputting class number n for packet p, the classifier indicates that rule number n in its rule list was matched
Related Work: range rule patterns Existing software solutions (e.g., …) focus heavily on range and prefix pattern rules Range rule: dest_port = [1024 – 65535] Prefix rule: 192.168.* For many applications, these types of rules are not expressive enough e.g., match odd-numbered ports > 1023 Requires X range/prefix rules Worst-case number of patterns required… 2^b-1 New slide: Noncontiguous bitmasks have comparatively more power. Bitmask rule: 1011***01**1
Related Work: relative inefficiency of range p- atterns Remove: Prefix rules are a strict subset of bitmask rules Name1 et al. recently showed that every b-bit range rule can be converted into b bitmask rules. An arbitrary b-bit bitmask rule may require O(2 b ) range rules to express Noncontiguous bitmask rules are therefore more efficiently expressible than range or prefix rules
Related Work: noncontiguous-bitmask rule pattterns Some existing software algorithms handle noncontiguous bitmasks RFC handles them, but uses prohibitively large amounts of memory for large rule sets (> 6000 rules) TCAMs (a hardware solution) are the de facto industry standard and use bitmask rules, but they [take from paper].
Related Work: regular- expression rule patterns Some software algorithms, such as ESAs XFAs and BDDs can handle regular expression rules, which are more expressive than bitmasks Unfortunately, all of these suffer from exponential classification time in the worst case.
The Grouper Packet- classification Algorithm Grouper is a software algorithm that handles bitmask rules It works by partitioning the bits of a packet into approximately equal sized groups [pic1: use a medium-size bit grouping] It uses the value of each of these groups to look up the set (expressed as a bitmap) of classes that match that group of bits [pic2] Then it takes the intersection (bitwise-AND) of all matching sets of rules to obtain the final matching class [pic3] The final result is an n-length bitmap representing the set of all classes the input packet belongs to. We can either return the highest priority class that matches, or all matching classes (Our implementation does the former). [pic4]
Observation: dimension independence Note that grouper is “blind” to packet fields/dimensions. As far as Grouper is concerned, every packet is simply an array of bits, groups do not necessarily correspond to packet fields. Doesn’t suffer from problems of other classification algorithms (e.g., geometric algorithms) whose performance is exponential in number of dimensions
Observation: Efficiency via Uniformity Grouper guarantees that all groups will be roughly equal in size (either floor(b/t) bits or ceil(b/t) bits). This property minimizes overall memory use compared to unevenly sized groups.
Performance at the Extremes of Group Sizes By controlling the size of the bit groupings, Grouper can trade memory for classification speed [illustration: 2 pics, 1 big and 1 small group sizes] [maybe 2 more slides for what follows] Larger groups mean larger lookup tables but less table lookups and less intersections: this is one extreme of classification algorithm, using a single lookup table—large memory requirements but fast lookup time Small group sizes correspond to other extreme of classification algorithm: linear search
Grouper’s Performance in General (Running Time) Grouper uses t lookup tables to classify b bits according to n rules/classes [reshow pic of 3,3,2] Each lookup table maps either floor(b/t) or ceil(b/t) of the b packet bits to an n-length bitmap representing the set of all classes those bits could possibly match We say the b/t bits used to index a table are grouped together
Grouper in Depth [these ideas go into what is now slide 13] There is a special case when t = 1, since n intersections need to occur, if we only care about the highest priority match, we can simply store that class number at the corresponding row in the table, instead of a bitmap. This only requires log(n) bits per row, rather than n bits Obviously this is impractical for all but the smallest values of b
Grouper in Depth [same] On the other extreme, when t = b, it turns out that the space required for b tables is equal to the space required for b/2 tables. Because of this, the maximum number of groups is ceiling(b/2)
Grouper’s Performance in General (Memory Usage) Grouper uses t tables, each with O(2(b/t)) entries Each entry is an n-length bitmap consuming O(n/w) machines words (where w is the word size of the machine in bits). Total memory is therefore O((2 b/t tn)/w)
Grouper in Depth The exact memory usage of Grouper is given by: Talk about binary search for t value, given m