Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Energy Efficient Multi-match Packet Classification with TCAM Fang Yu

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Energy Efficient Multi-match Packet Classification with TCAM Fang Yu"— Presentation transcript:

1 1 Energy Efficient Multi-match Packet Classification with TCAM Fang Yu fyu@eecs.berkeley.edu

2 2 Outline Introduction to multi-match classification Multi-match classification using TCAM –May create many intersections –Consume many TACM resources and high power consumption Filter set splitting algorithm to remove intersections Simulations results Conclusions and future work

3 3 Single-Match Classification –Assumption: all the filters are associated with priorities –Only the highest priority match matters –E.g., longest prefix match Packet headerPacket Payload Multi-Match Classification –Report all matching results –No priority among filters –PNE (iBox): identify the all the relevant functions –Intrusion Detection System: identify all the related rules –Need faster solutions because of the complex follow-up processing Packet Classification

4 4 Ternary-CAM (TCAM) Fully associative memory compare input string with all the entries in parallel –If multiple matches, report the index of the first match Each cell takes one of three logic states – ‘0’, ‘1’, and ‘?’(don’t care) Current TCAM technology –Fast match time: 4 ns –Size: 1-2MB priced at $200-$300 entry cell width

5 5 Ternary-CAM (TCAM) Fully associative memory compare input string with all the entries in parallel –If multiple matches, report the index of the first match Each cell takes one of three logic states – ‘0’, ‘1’, and ‘?’(don’t care) Current TCAM technology –Fast match time: 4 ns –Size: 1-2MB priced at $200-$300 –Power consumption is high

6 6 Report Multi-match Results Problem: TCAM only reports the first matching result –For example, two filters have intersection relationship – “Tcp $SQL_SERVER 1433 $EXTERNAL_NET any” – “Tcp Any Any Any 139” – “Tcp $SQL_SERVER 1433 $EXTERNAL_NET 139” –Return a bit-vector of matched results? processing cost for the bit-vector can still be O(N) Intersection:

7 7 Report Multi-match Results (cont.) Solution: add additional intersection filters Pros: –High speed –Return the all the matching results within one cycle –Deterministic lookup time Cons: –May require high storage and is not energy efficient Create ~10N intersection filters for the Snort rule set May create O(N F ) intersection filters in the worst case –Not easily updatable Goal: decrease number of intersectionsand easy for update

8 8 Observation Split filters to two sets to reduce intersection –Report the union of results from all sets –No need to include the intersections of the filters from different sets –Decrease the number of filters in TCAM, decrease power consumption –Increase the number of TCAM access N filters +O(N 2 ) intersection 1 TCAM lookup N filters + 1 intersection 2 TCAM lookups Original Two sets F1F1 FNFN Matching F 1 and F N Matching F 1 Matching F N

9 9 Problem Definition Given a set of filters F(F 1,F 2, …., F N ) Filters create a set of intersections I(I 1,I 2, …., I M ) –e.g., I 1 = intersection of (F 1,, F 5, F 6 ) How to divide the filters into several sets –Residual intersection set I’: intersections from filters in the same set –N + |I’| < TCAM size –Number of sets (TCAM accesses) is minimum –NP hard problem!

10 10 Split filters into Two Sets Still an NP hard problem (known as maximum set splitting or maximum hypergraph cut ) Best known approximation algorithms –Yield a performance ratio of 0.72 to the optimum solution –Require quadratic programming  slow when the number of filters is large Our algorithm based on Johnson’s algorithm –Remove at least half of the intersections –O(NM) complexity, where N is the total number of filters, and M is the total number of intersections

11 11 Maximum Satisfiability Problem –A set of literals {F 1, F 1, F 2, F 2,.., F N, F N} –A set of clauses, each clause is a subset of literals E.g., C 1 ={F 1 F 5 F 6 } –Goal: Find an assignment of F to satisfy maximum number of clauses

12 12 Johnson’s Algorithm to Maximum Satisfiability Problem Assign each clause a weight = 2 -|c| E.g., weight of C 1 ={F 1, F 5 F 6 } is 2 -3 Let F i be any literal which hasn’t been assigned value yet –If the weight of all clauses contain F i is higher than the clauses contain F i Assign F i a true value, remove all clauses containing F i Multiply the weight of all the clauses containing F i by 2 –Otherwise Assign F i a false value, remove all clauses containing F i Multiply the weight of all the clauses containing F i by 2

13 13 Johnson’s Theory If all the clauses have at least k literals –Johnson’s algorithm can satisfy at least (2 K -1)/ 2 K percent of the total clauses –e.g., k=2, satisfy at least ¾ of the clauses –It is proved that (2 K -1)/ 2 K is the best approximable bound for k>2

14 14 Filter Split Algorithm For any intersection (e.g., I 1 = intersection of F 1,, F 5, and F 6 ), add two clauses –C={F 1, F 5 F 6 } and C’={F 1, F 5 F 6 } –Total number of clauses is 2M Run Johnson’s algorithm and assign each filter F i either a true (put in set one) or a false value (put in set two)

15 15 Filter Split Algorithm (cont.) According to Johnson’s theory –At least ¾ of the clauses are satisfied  2M*3/4=1.5M  At least 0.5M of the intersections have both clauses satisfied Suppose for intersection of F 1,, F 5, and F 6, C={F 1,, F 5, F 6 } and C’={F 1,, F 5, F 6 } both are satisfied At least one of F 1,, F 5, F 6 is true and at least one is false F 1,, F 5, F 6 are split into different sets, thus this intersection doesn’t need to be presented in TCAM  At least 50% of the intersection is removed!

16 16 Simulation Results SNORT intrusion detection rule set VersionFilter Set Size No splitSplit into 2 sets Unique Inter- sections TCAM Entries Remaining Inter- sections TCAM Entries Saving 2.0.024034533,69352076079.4% 2.0.125537544,00955681179.7% 2.1.025737584,01555280979.8% 2.1.126340674,33059685980.1%

17 17 Split filters into Multiple Sets

18 18 Conclusion We propose a filter split algorithm to decrease the intersections –O(NM) complexity –Guarantee to remove 50% of the intersections each time the filter set splits Save TCAM space Reduce power consumption –Save ~80% TCAM space and power consumption for the snort rule sets With the cost of one more TCAM access

19 19 Ongoing Work Narrow down the search region (Region Split) –E.g., tcp packet only needs to search tcp related filters –Use SRAM accesses to narrow down the search region Filter Splits Only Accesses all filters in TCAM Memory access = # of set Storage cost =O(N) Update cost: low Region Splits Only Tree based algorithms Memory access =O(logN) Storage cost = O(N F ) Power consumption min Update cost: high Middle ground Hybrid SRAM and TCAM approach Memory access = several (e.g., <5) Storage cost =O(N) Power consumption: moderate Update cost: moderate Region Split (SRAM access) Filter Split (TCAM accesses)

Download ppt "1 Energy Efficient Multi-match Packet Classification with TCAM Fang Yu"

Similar presentations

1 SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification Fang Yu 1 T. V. Lakshman 2 Marti Austin Motoyama 1 Randy H. Katz 1 1 EECS.

1 SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification Fang Yu 1 T. V. Lakshman 2 Marti Austin Motoyama 1 Randy H. Katz 1 1 EECS.
Introduction to Algorithms NP-Complete

Introduction to Algorithms NP-Complete
Fast Updating Algorithms for TCAMs Devavrat Shah Pankaj Gupta IEEE MICRO, Jan.-Feb. 2001.

Fast Updating Algorithms for TCAMs Devavrat Shah Pankaj Gupta IEEE MICRO, Jan.-Feb
Multi-dimensional Packet Classification on FPGA: 100Gbps and Beyond

Multi-dimensional Packet Classification on FPGA: 100Gbps and Beyond
Bio Michel Hanna M.S. in E.E., Cairo University, Egypt B.S. in E.E., Cairo University at Fayoum, Egypt Currently is a Ph.D. Student in Computer Engineering.

Bio Michel Hanna M.S. in E.E., Cairo University, Egypt B.S. in E.E., Cairo University at Fayoum, Egypt Currently is a Ph.D. Student in Computer Engineering.
1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 

1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 
HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Author: Wenjun Li, Xianfeng Li Publisher: 2013 IEEE 21 st Annual Symposium.

HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Author: Wenjun Li, Xianfeng Li Publisher: 2013 IEEE 21 st Annual Symposium.
Outline Introduction Related work on packet classification Grouper Performance Empirical Evaluation Conclusions.

Outline Introduction Related work on packet classification Grouper Performance Empirical Evaluation Conclusions.
A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.

A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.
Reviewer: Jing Lu Gigabit Rate Packet Pattern- Matching Using TCAM Fang Yu, Randy H. Katz T. V. Lakshman UC Berkeley Bell Labs, Lucent ICNP’2004.

Reviewer: Jing Lu Gigabit Rate Packet Pattern- Matching Using TCAM Fang Yu, Randy H. Katz T. V. Lakshman UC Berkeley Bell Labs, Lucent ICNP’2004.
Lectures on Network Flows

Lectures on Network Flows
Asymptotic Growth Rate

Asymptotic Growth Rate
Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,

Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,
Fast Filter Updates for Packet Classification using TCAM Authors: Haoyu Song, Jonathan Turner. Publisher: GLOBECOM 2006, IEEE Present: Chen-Yu Lin Date:

Fast Filter Updates for Packet Classification using TCAM Authors: Haoyu Song, Jonathan Turner. Publisher: GLOBECOM 2006, IEEE Present: Chen-Yu Lin Date:
The Theory of NP-Completeness

The Theory of NP-Completeness
PC-DUOS: Fast TCAM Lookup and Update for Packet Classifiers Author: Tania Banerjee-Mishra, Sartaj Sahni,Gunasekaran Seetharaman Publisher: IEEE Symposium.

PC-DUOS: Fast TCAM Lookup and Update for Packet Classifiers Author: Tania Banerjee-Mishra, Sartaj Sahni,Gunasekaran Seetharaman Publisher: IEEE Symposium.
Efficient Multi-Match Packet Classification with TCAM Fang Yu

Efficient Multi-Match Packet Classification with TCAM Fang Yu
1 Gigabit Rate Multiple- Pattern Matching with TCAM Fang Yu Randy H. Katz T. V. Lakshman

1 Gigabit Rate Multiple- Pattern Matching with TCAM Fang Yu Randy H. Katz T. V. Lakshman
1 A Fast IP Lookup Scheme for Longest-Matching Prefix Authors: Lih-Chyau Wuu, Shou-Yu Pin Reporter: Chen-Nien Tsai.

1 A Fast IP Lookup Scheme for Longest-Matching Prefix Authors: Lih-Chyau Wuu, Shou-Yu Pin Reporter: Chen-Nien Tsai.
SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification Fang Yu 1 T. V. Lakshman 2 Martin Austin Motoyama 1 Randy H. Katz 1 1 EECS.

SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification Fang Yu 1 T. V. Lakshman 2 Martin Austin Motoyama 1 Randy H. Katz 1 1 EECS.

Similar presentations

Ads by Google