Presentation is loading. Please wait.

Presentation is loading. Please wait.

ClassiPI A Classifier for next generation Content and Policy based Switches SwitchOn Networks Inc. Sundar Iyer, Ajay Desai, Ajay Tambe, Ajit Shelat.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ClassiPI A Classifier for next generation Content and Policy based Switches SwitchOn Networks Inc. Sundar Iyer, Ajay Desai, Ajay Tambe, Ajit Shelat."— Presentation transcript:

1 ClassiPI A Classifier for next generation Content and Policy based Switches SwitchOn Networks Inc. Sundar Iyer, Ajay Desai, Ajay Tambe, Ajit Shelat

2 Agenda Classification Overview Content Co-processor requirements ClassiPI Architecture Conclusion

3 Packet Processing Model  Extract  Classify  Edit & Actions Extraction Packet Classification Packet Edit & Actions External Memory Extracted Fields & Payload Classification Results Classification Based Lookups 1 2 3

4 Content Processing - Sequenced Lookups Layer 2 – SMAC, VLAN Learning  Layer 2 – DMAC, VLAN Forwarding  Layer 4 – 5-tuple, ACL Filtering  Layer 3 – DIP Routing DIP 5-tupleMAC

5 Content Processing – Packet Analysis Layer 7 L2 L3 L4 Source MAC address is authenticated Packet is being sent from marketing network VP Marketing is accessing an external web server Server: yahoo.com identified File Type:.mp3, access to audio file identified File Name: American_Pie.mp3 It’s 7:00 PM. Allow the session? – Yes. URL, Cookies, Content, Application, User-name, …

6 Packet Processing Performance OC4 8 Content processing is the bottleneck!

7 Content Co-processor - Motivation Content Processing  Is a memory intensive operation  Involves extraction & classification  Requires sophisticated algorithms to perform u Layer 3 Lookups u Layer 4 ACLs u Layer 7 scanning u Layer 7 RegEx parsing A Content Co-processor requires a new architecture

8 Content Co-processor – System view Content Co-processor should  Perform all Data plane classification operations  Allow implementation of classification sequences which reflect the packet processing flow on the Network processor  Interface gluelessly with Network Processors  Minimize Network processor bus bandwidth usage  Perform classification related operations such as statistics collection  Allow easy software integration

9 ClassiPI - Block Diagram Sync SRAM other ClassiPIs System Interface Cascade Interface Results FIFO Control / Sequencer E-RAM Interface Policy Rule Database Parallel Lookup Engine Field Extraction Engine Rule Update Results Key C-RAMStats User Sync SRAM Intermediate Results

10 ClassiPI Architecture…1 Look-up Operation Descriptor  Defines classification parameters  High level abstraction of a classification operation Operation Descriptor -Field Extraction Spec -Look-up/Search Type Participating Policy Rule Database -Single Match or Multiple Match Generation Packet Data ….. Policy Rule Database Result Gen Look-up Engine Results

11 Multiple Field Extraction ClassiPI Architecture…2 Field Extraction Engine  Forms the Key using L3, L4, L4+ and User defined  Automatically generates sequence of keys  Variable length, wide keys support Packet Data ….. Header Payload 5-tupleAny header fieldsLong String KeysShort String Keys

12 Nano- Processor Nano- Processor ClassiPI Architecture…3 Parallel Look-up Engine  Unique, flexible MISD architecture  Array of Nano-processors perform look-ups  Nano-processors have a powerful Policy Rule instruction set  Nano-processors operate on per field basis  Nano-processors and Policy Rule memory can be configured/partitioned to define an Operation Nano- processor Policy Rule Database Partition Nano- Processor Nano- Processor Nano- processor Extracted Key Results

13 ClassiPI Architecture…4 Per rule statistics collection – Byte count, Packet count, Timestamp Per rule User defined table look-up Rule MemoryStatistics & Associated Data Rule Cell #n Rule Cell #n+1 Rule Cell #z Rule Cell #z+1 …... Data #n Data #n+1 Data #z Data #z+1 …... …. One-to-One Correspondence MATCH action Statistics counter Update return compare

14 ClassiPI Architecture…5 Conditional look-up sequencing  Fixed Look-up sequence  Look-up result based sequence  N-way branch capability Ethernet MAC forwarding ACL FilteringIP ForwardingURL Parsing QoS

15 ClassiPI Architecture…6 Instruction Set  Relational/Arithmetic operations on a per field basis u EQ, GT, LT, Ranges, Masking, etc.  Logical operations between results u AND, OR, NOT ….. Header Payload Combination Keys Single Keys Long String KeysShort String Keys Packet Data Operators: Exact Match Bit Mask Ranges Operators: Exact Match Bit Mask Ranges Operators: Exact Match Bit Mask Ranges Operators: Exact Match Bit Mask Ranges Operators: Exact Match Bit Mask Ranges Operators: Exact Match Bit Mask Ranges

16 ClassiPI Architecture…7 Pattern/String Search  Up to 192 byte patterns  Case insensitive character/string matching  Simultaneous multi-pattern search  Reverse and forward search  RegEx subset search capability Search.*[Gg][Ee][Tt].*[Hh][Tt][Tt][Pp][:][\][\] URL string “GET”“HOST:”Host name“URI:”“.jpeg”“http:” Search tokens.*[Hh][Oo][Ss][Tt][:] *ALSO* [Uu][Rr][Ii][:] Search [\.][jpeg] Look-up ‘directory 1’ ‘directory 2’ ‘directory 3’ : Look-up ‘host server 1’ ‘host server 2’ ‘host server 3’ :

17 ClassiPI Architecture…8 Rule Complexity metric  Number of possible operations per rule  CAM rule complexity = 1  TCAM rule complexity = 2  ClassiPI rule complexity > 1024 Additional features  Composite rules  Look-up sequencing

18 ClassiPI - Overview Specifications  16K Policy rules per ClassiPI  Up to 128K Policy rules in a cascade  L2 through L7 Content processing  On-chip IPv4 header extraction  IPv6 ready  Selectable look-up Key  Up to 192 byte key  6.4 Gbps SSRAM compatible system interface Performance  OC-192 capable Look-up Engine  Designed to match Network Processor system interface requirements

19 ClassiPI –Vital Statistics …1 Lookup-Engine Performance  Aggregate memory bandwidth 7.25 Tbits/sec to 58 Tbits/sec  Processing power 256 GOPS to 2 TOPS

20 ClassiPI –Vital Statistics …2 25M transistors  2M bits RAM  2M gates logic 0.18 micron 352 Pin BGA 200 MHz internal clock 100 MHz interface clock Die Layout

21 ClassiPI - Power Consumption Power reduction mechanisms  Custom low power embedded SRAM  Selectable clock frequency  Hierarchical bus design  Rule utilization based power management Low standby power Maximum 4.5 Watts (estimated)

22 ClassiPI Architecture Scalability OC-192 performance with enhanced system interface OC-768 performance with silicon technology scaling Flexible architecture Cost, Performance and Power trade-offs

23 Conclusion ClassiPI architecture provides Functionality Flexibility Performance Scalability essential for Content Processing

Download ppt "ClassiPI A Classifier for next generation Content and Policy based Switches SwitchOn Networks Inc. Sundar Iyer, Ajay Desai, Ajay Tambe, Ajit Shelat."

Similar presentations

SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, 2009 1:30 pm –

SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, :30 pm –
IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.

A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.
Programming Protocol-Independent Packet Processors

Programming Protocol-Independent Packet Processors
P4: specifying data planes

P4: specifying data planes
ENGINEERING WORKSHOP Compute Engineering Workshop P4: specifying data planes Mihai Budiu San Jose, March 11, 2015.

ENGINEERING WORKSHOP Compute Engineering Workshop P4: specifying data planes Mihai Budiu San Jose, March 11, 2015.
VCRIB: Virtual Cloud Rule Information Base Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan HotCloud 2012.

VCRIB: Virtual Cloud Rule Information Base Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan HotCloud 2012.
NetFPGA Project: 4-Port Layer 2/3 Switch Ankur Singla Gene Juknevicius

NetFPGA Project: 4-Port Layer 2/3 Switch Ankur Singla Gene Juknevicius
Forwarding Metamorphosis: Fast Programmable Match-Action Processing in Hardware for SDN Pat Bosshart, Glen Gibb, Hun-Seok Kim, George Varghese, Nick.

Forwarding Metamorphosis: Fast Programmable Match-Action Processing in Hardware for SDN Pat Bosshart, Glen Gibb, Hun-Seok Kim, George Varghese, Nick.
A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_b Subnetting,Supernetting, CIDR IPv6 Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.

TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_b Subnetting,Supernetting, CIDR IPv6 Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Multithreaded FPGA Acceleration of DNA Sequence Mapping Edward Fernandez, Walid Najjar, Stefano Lonardi, Jason Villarreal UC Riverside, Department of Computer.

Multithreaded FPGA Acceleration of DNA Sequence Mapping Edward Fernandez, Walid Najjar, Stefano Lonardi, Jason Villarreal UC Riverside, Department of Computer.
Chapter 8 Hardware Conventional Computer Hardware Architecture.

Chapter 8 Hardware Conventional Computer Hardware Architecture.
10.2 Characteristics of Computer Memory RAM provides random access Most RAM is volatile.

10.2 Characteristics of Computer Memory RAM provides random access Most RAM is volatile.
Using Cell Processors for Intrusion Detection through Regular Expression Matching with Speculation Author: C˘at˘alin Radu, C˘at˘alin Leordeanu, Valentin.

Using Cell Processors for Intrusion Detection through Regular Expression Matching with Speculation Author: C˘at˘alin Radu, C˘at˘alin Leordeanu, Valentin.
Co-Processors and the Role of Specialized Hardware Sundar Iyer, Senior Systems Architect, SwitchOn Networks. May 9, 2000.

Co-Processors and the Role of Specialized Hardware Sundar Iyer, Senior Systems Architect, SwitchOn Networks. May 9, 2000.
EE 122: Router Design Kevin Lai September 25, 2002.

EE 122: Router Design Kevin Lai September 25, 2002.
Content Addressable Memories

Content Addressable Memories

Similar presentations

Ads by Google