1. winter 2008 Router Design1 Overview of Generic Router Architecture Input-Queued Switches (Routers) IP Address Look-up Algorithms Packet Classification Algorithms Readings: do required and optional readings if interested

2. winter 2008 Router Design Routers in a Network...

3. winter 2008 Router Design3 Sample Routers and Switches Cisco 12416 Router up to 160 Gb/s throughput up to 10 Gb/s ports 3Com 4950 24 port gigabit Ethernet switch Juniper Networks T640 Router up to 160 Gb/s throughput up to 10 Gb/s ports

4. winter 2008 Router Design4 High Capacity Router Cisco CRS-1 –up to 46 Tb/s thruput two rack types line card rack –640 Gb/s thruput –up to 16 line cards up to 40 Gb/s each –up to 72 racks switch rack –central switch stage –up to 8 racks in-service scaling

5. winter 2008 Router Design Components of a Basic Router Input/Output Interfaces (II, OI) –convert between optical signals and electronic signals –extract timing from received signals –encode (decode) data for transmission Input Port Processor (IPP) –synchronize signals –determine required OI or OIs from routing table Output Port Processor (OPP) –queue outgoing cells shared bus interconnects IPPs and OPPs n Control Processor (CP) »configures routing tables »coordinates end-to-end channel setup together with neighboring routers

6. winter 2008 Router Design6 Generic Router Architecture Lookup IP Address Update Header Header Processing Address Table Address Table Lookup IP Address Update Header Header Processing Address Table Address Table Lookup IP Address Update Header Header Processing Address Table Address Table Queue Packet Buffer Memory Buffer Memory Queue Packet Buffer Memory Buffer Memory Queue Packet Buffer Memory Buffer Memory DataHdr DataHdr DataHdr 1 2 N 1 2 N N times line rate

7. winter 2008 Router Design7 Switch Fabric: Three Design Approaches

8. winter 2008 Router Design8 Switch Fabric: First Generation Routers Traditional computers with switching under direct control of the CPU Packet copied to the system’s memory Speed limited by the memory bandwidth (two bus crossings per packet) Input Port Output Port Memory System Bus

9. winter 2008 Router Design9 Shared Memory (1 st Generation) Route Table CPU Buffer Memory Line Interface MAC Line Interface MAC Line Interface MAC Typically < 0.5Gbps aggregate capacity Limited by rate of shared memory Shared Backplane Line Interface CPU Memory

10. winter 2008 Router Design10 Switch Fabric: Switching Via a Bus Packet from input port memory to output port memory via a shared bus Bus contention: switching speed limited by bus bandwidth 1 Gbps bus, Cisco 1900: sufficient speed for access and enterprise routers (not regional or backbone)

11. winter 2008 Router Design11 Shared Bus (2 nd Generation) Route Table CPU Line Card Buffer Memory Line Card MAC Buffer Memory Line Card MAC Buffer Memory Fwding Cache Fwding Cache Fwding Cache MAC Buffer Memory Typically < 5Gb/s aggregate capacity; Limited by shared bus

12. winter 2008 Router Design12 Switch Fabric: Interconnection Network Banyan networks, other interconnection nets initially created for multiprocessors Advanced design: fragmenting packet into fixed length cells to send through the fabric Cisco 12000: switches Gbps through the interconnection network

13. winter 2008 Router Design13 Point-to-Point Switch (3 rd Generation) Line Card MAC Local Buffer Memory CPU Card Line Card MAC Local Buffer Memory Switched Backplane Line Interface CPU Memory Fwding Table Routing Table Fwding Table Typically < 50Gbps aggregate capacity

14. winter 2008 Router Design14 Buffer Placement: Output Port Queuing Buffering when the aggregate arrival rate exceeds the output line speed Memory must operate at very high speed

15. winter 2008 Router Design15 Simple model of output queued switch Link 1, ingressLink 1, egress Link 2, ingressLink 2, egress Link 3, ingressLink 3, egress Link 4, ingressLink 4, egress Link rate, R R R R R R R

16. winter 2008 Router Design16 Characteristics of an output queued (OQ) switch arriving packets immediately written into output queue, without intermediate buffering flow of packets to one output does not affect flow to another output OQ switch is work conserving: output line always busy when there is a packet in switch for it OQ switch has highest throughput, lowest average delay

17. winter 2008 Router Design17 Switching Speed-up Needed Lookup IP Address Update Header Header Processing Address Table Address Table Lookup IP Address Update Header Header Processing Address Table Address Table Lookup IP Address Update Header Header Processing Address Table Address Table Queue Packet Buffer Memory Buffer Memory Queue Packet Buffer Memory Buffer Memory Queue Packet Buffer Memory Buffer Memory DataHdr DataHdr DataHdr 1 2 N 1 2 N N times line rate

18. winter 2008 Router Design18 Buffer Placement: Input Port Queuing Fabric slower than input ports combined –So, queuing may occur at input queues Head-of-the-Line (HOL) blocking –Queued packet at the front of the queue prevents others in queue from moving forward

19. winter 2008 Router Design19 Simple model of input queued switch Link 1, ingress Link 1, egress Link 2, ingress Link 2, egress Link 3, ingressLink 3, egress Link 4, ingress Link 4, egress R R R R R R R R R1 Link 1 Link 2 Link 3 Link 4

20. winter 2008 Router Design20 Head-of-line Blocking Packet at the head of an input queue cannot be transferred, thus blocking the following packets (or cells – packets of fixed size) Cannot be transferred because output buffer full Cannot be transferred because is blocked by red packet Output 1 Output 2 Output 3 Input 1 Input 2 Input 3

21. winter 2008 Router Design21 Characteristics of an input queued (IQ) switch arriving packets written into input queue only one packet can be sent to output link at a time head-of-line blocking IQ switch cannot keep output links fully utilized

22. winter 2008 Router Design22 Buffer Placement: Design Trade-offs Output queues –Pro: work-conserving, so maximizes throughput –Con: memory must operate at speed N*R Input queues –Pro: memory can operate at speed R –Con: head-of-line blocking for access to output Work-conserving: output line is always busy when there is a packet in the switch for it Head-of-line blocking: head packet in a FIFO cannot be transmitted, forcing others to wait

23. winter 2008 Router Design23 What is capacity of IQ: Model [optional: Karol et al Globecom’86] Large input-queued switch with – single FIFO at each input – packet destinations i.i.d. (independently, identically distributed), uniform across outputs – HoL blocked packets not flushed throughput analysis – saturated switch (i.e., always arrival at each input queue) – ball/urns model: N balls, N urns – focus on first urn – X t - number of balls in urn at time t – D t - number balls removed from all ums at end of time t – D t is switch thruput

24. winter 2008 Router Design24 Model (cont’d) A t+1 - no. balls dropped into urn 1 at t+1 X t+1 = (X t -1) + + A t+1 where E(D t ) = ρN where ρ is output throughput for large N, binomial distribution can be approximated by Poisson distribution,

25. winter 2008 Router Design25 Model (cont’d) where EA = ρ, E(A 2 ) = ρ + ρ 2 therefore EX = 1, therefore and ρ =2-√2  58.6%

26. winter 2008 Router Design26 A Router with Input Queues Head of Line Blocking The best that any queueing system can achieve.

27. winter 2008 Router Design27 Solution to Avoid Head-of-line Blocking How to improve capacity without increasing switching fabric speed ? Maintain at each input N virtual queues, i.e., one per output –use non-FIFO scheduler, matching input/output Output 1 Output 2 Output 3 Input 1 Input 2 Input 3

28. winter 2008 Router Design28 Virtual Output Queueing assume fixed length packets each input manages separate queue per output at each time, matching scheduler finds best possible packets from inputs to said to outputs maximum-weight matching............ matching scheduler 1 1 N N

29. winter 2008 Router Design29 Matching L ij (t): no. of packets at input i for output j at t bipartite graph (V 1  V 2,E), E  V 1  V 2 –V 1,V 2 inputs, outputs –(i,j)  E iff L ij (t) > 0 matching: subset of E such that no two edges are adjacent input output

30. winter 2008 Router Design30 Matching problems maximum size matching –matching with largest number of edges – when traffic uniform, provides 100% utilization – network flow problem, O(N 5/2 ) maximum weight matching –add weight w ij to edge from i to j –matching with highest weight –when w ij = L ij (t) provides 100% utilization –equivalent to a network flow problem, O(N 3 ) –MWM algorithms involve backtracking: i.e. edges laid down in one iteration may be removed later  algorithm not amenable to pipelining

31. winter 2008 Router Design31 Scheduling Algorithms 19 3 4 21 18 7 1  Not stable  Stable  Not stable Practical Maximal Matchings Max Wt Matching 19 18 Max Size Matching 19 1 7

32. winter 2008 Router Design32 Switch Algorithms Stable, low backlogsNot stable Better performance Easier to implement Maximal matching Max Wt Matching 19 18 Max Size Matching 19 1 7 Not stable

33. winter 2008 Router Design33 Better Matching Algorithms Need simple algorithms that perform well –efficient packet processing packets at line speeds –high throughput –low latencies/backlogs Randomized algorithms with linear complexity available –Tassiulas’ Randomized Algorithm –LAURA –SERENA Use both randomization, history, problem structure and arrival information For more details, see “Efficient Randomized Algorithms for Input-Queued Switch Scheduling” by Shah, Giaccone and Prabhakar, IEEE Micro Vol 22, Issue 1, Jan 2002

34. winter 2008 Router Design34 Combined Input-Output Queued (CIOQ) Routers Both input and output interfaces store packets Advantages –Easy to built Utilization 1 can be achieved with limited input/output speedup (<= 2) Disadvantages –Harder to design algorithms Two congestion points Need to design flow control input interfaceoutput interface Backplane C RORO

35. winter 2008 Router Design35 Output Queue Emulation using CIOQ (with Speed-up) Stable Marriage Problem -- Gale Shapely Algorithm (GSA) As long as there is a free man m –m proposes to highest ranked women w in his list he hasn’t proposed yet –If w is free, m an w are engaged –If w is engaged to m’ and w prefers m to m’, w releases m’ Otherwise m remains free A stable matching exists for every set of preference lists Complexity: worst-case O(N 2 )

36. winter 2008 Router Design36 Stable Marriage Problem Consider N women and N men Each woman/man ranks each man/woman in the order of their preferences Stable matching, a matching with no blocking pairs Blocking pair; let p(i) denote the pair of i –There are matched pairs (k, p(k)) and (j, p(j)) such that k prefers p(j) to p(k), and p(j) prefers k to j

37. winter 2008 Router Design37 Example If men propose to women, the stable matching is –1 st round: (1,2), (2,1), (3,4), (4,1) -> w1 releases m2 –2 nd round: (2,4) ->w4 releases m3; –3 rd round: (3,3); –final match: (1,2), (2,4), (3,3), (4,1) What is the stable matching if women propose to men? 1 2 4 3 1 2 1 4 3 2 3 4 3 2 1 4 1 2 4 3 menpref. list 1 1 4 3 2 2 3 1 4 2 3 1 2 3 4 4 2 1 4 3 womenpref. list

38. winter 2008 Router Design38 OQ Emulation with a Speedup of 2 Each input and output maintains a preference list Input preference list: list of cells at that input ordered in the inverse order of their arrival Output preference list: list of all input cells to be forwarded to that output ordered by the times they would be served in an Output Queueing schedule Use GSA to match inputs to outputs –Outputs initiate the matching Can emulate all work-conserving schedulers

39. winter 2008 Router Design39 Line Cards Interfacing –Physical link –Switching fabric Packet handling –Packet forwarding (FIB) –Packet filtering (ACLs) –Buffer management –Link scheduling –Rate-limiting –Packet marking –Measurement to/from link to/from switch FIB Receive Transmit

40. winter 2008 Router Design40 Line Card: Abstract view Lookup IP Address Update Header Header Processing DataHdrDataHdr Address Table Address Table IP AddressNext Hop Queue Packet Buffer Memory Buffer Memory

41. winter 2008 Router Design41 Line Cards: Longest-Prefix Match Forwarding Forwarding Information Base in IP routers –Maps each IP prefix to next-hop link(s) Destination-based forwarding –Packet has a destination address –Router identifies longest-matching prefix –Pushing complexity into forwarding decisions 4.0.0.0/8 4.83.128.0/17 12.0.0.0/8 12.34.158.0/24 126.255.103.0/24 12.34.158.5 destination FIB Serial0/0.1 outgoing link

42. winter 2008 Router Design42 Line Cards: Packet Forwarding Evolution Software on the router CPU –Central processor makes forwarding decision –Not scalable to large aggregate throughput Route cache on the line card –Maintain a small FIB cache on each line card –Store (destination, output link) mappings –Cache misses handled by the router CPU Full FIB on each line card –Store the entire FIB on each line card –Apply dedicated hardware for longest-prefix match

43. winter 2008 Router Design43 Line Cards: Packet Filtering With Access Control Lists “Five tuple” for access control lists (ACLs) –Source and destination IP addresses –TCP/UDP source and destination ports –Protocol (e.g., UDP vs. TCP) Should arriving packet be allowed in? Departing packet let out?

44. winter 2008 Router Design44 ACL Examples Filter packets based on source address –Customer access link to the service provider –Source address should fall in customer prefix Filter packets based on port number –Block traffic for unwanted applications –Known security vulnerabilities, peer-to-peer, … Block pairs of hosts from communicating –Protect access to special servers –E.g., block the dorms from the grading server

45. winter 2008 Router Design45 Line Cards: Mapping Traffic to Classes Gold traffic –All traffic to/from President’s IP address –All traffic to/from the port number for DNS Silver traffic –All traffic to/from academic and administrative buildings Bronze traffic –All traffic on the public wireless network Then, schedule resources accordingly –50% for gold, 30% for silver, and 20% for bronze

46. winter 2008 Router Design46 Addressing and Look-up Flat address –Ethernet: 48 bit MAC address –ATM: 28 bit VPI/VCI –DS-0: timeslot location Limited scalability High speed lookup Hierarchical address –IP.. –Telephone: country.area.home Scalable Easy lookup if boundary is fixed –telephony Difficult lookup if boundary is flexible –longest prefix match for IP

47. winter 2008 Router Design47 Lookups Must be Fast 12540Gb/s2003 31.2510Gb/s2001 7.812.5Gb/s1999 1.94622Mb/s1997 40Byte packets (Mpkt/s) LineYear 1.lookup mechanism must be simple, easy to implement 2.memory access time long-term bottleneck

48. winter 2008 Router Design48 Memory Technology (2003-04) TechnologySingle chip density $/chip ($/MByte) Access speed Watts/chip Networking DRAM 64 MB$30-$50 ($0.50-$0.75) 40-80ns0.5-2W SRAM4 MB$20-$30 ($5-$8) 4-8ns1-3W TCAM1 MB$200-$250 ($200-$250) 4-8ns15-30W Note: price, speed, power manufacturer and market dependent

49. winter 2008 Router Design49 Lookup Mechanism is Protocol Dependent ProtocolMechanismTechniques MPLS, ATM, Ethernet Exact match search –Direct lookup –Associative lookup –Hashing –Binary/Multi-way Search Trie/Tree IPv4, IPv6Longest-prefix match search -Radix trie and variants -Compressed trie -Binary search on prefix intervals

50. winter 2008 Router Design50 Exact Matches in Ethernet Switches layer-2 addresses usually 48-bits long address global, not just local to link range/size of address not “negotiable” 2 48 > 10 12, therefore cannot hold all addresses in table and use direct lookup

51. winter 2008 Router Design51 Exact Matches in Ethernet Switches (Associative Lookup) associative memory (aka Content Addressable Memory, CAM) compares all entries in parallel against incoming data Network address Data Associative Memory (“CAM”) Address 48bits Match Location Address “Normal” Memory Data Port

52. winter 2008 Router Design52 Exact Matches in Ethernet Switches Hashing use pseudo-random hash function (relatively insensitive to actual function) bucket linearly searched (or could be binary search, etc.) unpredictable number of memory references Hashing Function Memory Address Data Network Address 48 16, say Pointer Memory Address Data List/Bucket List of network addresses in this bucket

53. winter 2008 Router Design53 Exact Matches Using Hashing Number of memory references Where: ER = Expected number of memory references M - Number of memory addresses in table N - Number of linked lists -  M/N =

54. winter 2008 Router Design54 Exact Matches in Ethernet Switches Perfect Hashing Hashing Function Memory Address Data Network Address 48 16, say Port There always exists perfect hash function Goal: With perfect hash function, memory lookup always takes O(1) memory references Problem: -finding perfect hash function very complex - updates?

55. winter 2008 Router Design55 Exact Matches in Ethernet Switches: Hashing advantages: –simple –expected lookup time is small disadvantages –inefficient use of memory –non-deterministic lookup time  attractive for software-based switches, but decreasing use in hardware platforms

56. winter 2008 Router Design IP Address Lookup routing tables contain (prefix, next hop) pairs address in packet compared to stored prefixes, starting at left prefix that matches largest number of address bits is desired match packet forwarded to specified next hop 01*5 110*3 1011*5 0001*0 10*7 0001 0*1 0011 00*2 1011 001*3 1011 010*5 0101 1*7 0100 1100*4 1011 0011*8 1001 1000*10 0101 1001*9 0100 110*6 prefix next hop routing table address: 1011 0010 1000 Problem - large router may have 100,000 prefixes in its list

57. winter 2008 Router Design57 Longest Prefix Match Harder than Exact Match destination address of arriving packet does not carry information to determine length of longest matching prefix need to search space of all prefix lengths; as well as space of prefixes of given length

58. winter 2008 Router Design58 LPM in IPv4: exact match Use 32 exact match algorithms Exact match against prefixes of length 1 Exact match against prefixes of length 2 Exact match against prefixes of length 32 Network Address Port Priority Encode and pick

59. winter 2008 Router Design59 prefixes “spelled” out by following path from root to find best prefix, spell out address in tree last green node marks longest matching prefix Lookup 10111 adding prefix easy Address Lookup Using Tries P1111*H1 P210*H2 P31010*H3 P410101H4 P2 P3 P4 P1 A B C G D F H E 1 0 0 1 1 1 1 add P5=1110* I 0 P5 next-hop-ptr (if prefix) left-ptr right-ptr Trie node

60. winter 2008 Router Design60 Binary Tries W-bit prefixes: O(W) lookup, O(NW) storage and O(W) update complexity Advantages  Simplicity  Extensible to wider fields Disadvantages  Worst case lookup slow  Wastage of storage space in chains

61. winter 2008 Router Design61 Leaf-pushed Binary Trie A B C G D E 1 0 0 1 1 left-ptr or next-hop Trie node right-ptr or next-hop P2 P4P3 P2 P1 111*H1 P210*H2 P31010*H3 P410101H4

62. winter 2008 Router Design62 PATRICIA Patricia tree internal node bit-position left-ptr right-ptr Lookup 10111 2 A B C E 1 0 1 3 P3 P4 P1 1 0 F G 5 111*H1 P210*H2 P31010*H3 P410101H4 Bitpos 12345 PATRICIA (practical algorithm to retrieve coded information in alphanumeric) –Eliminate internal nodes with only one descendant –Encode bit position for determining (right) branching P2 0

63. winter 2008 Router Design63 W-bit prefixes: O(W 2 ) lookup, O(N) storage and O(W) update complexity Advantages  decreased storage  extensible to wider fields Disadvantages  worst case lookup slow  backtracking makes implementation complex PATRICIA

64. winter 2008 Router Design64 Path-compressed Tree 1, , 2 A B C 1 0 10,P2,4 P4 P1 1 1 E D 1010,P3,5 bit-position left-ptrright-ptr variable-length bitstring next-hop (if prefix present) Path-compressed tree node structure Lookup 10111 P1111*H1 P210*H2 P31010*H3 P410101H4

65. winter 2008 Router Design65 W-bit prefixes: O(W) lookup, O(N) storage and O(W) update complexity Advantages  decreased storage Disadvantages  worst case lookup slow Path-compressed Tree

66. winter 2008 Router Design66 Multi-bit Tries Depth = W Degree = 2 Stride = 1 bit Binary trie W Depth = W/k Degree = 2 k Stride = k bits Multi-ary trie W/k

67. winter 2008 Router Design67 Prefix Expansion with Multi-bit Tries If stride = k bits, prefix lengths that are not a multiple of k need to be expanded PrefixExpanded prefixes 0*00*, 01* 11* E.g., k = 2: Maximum number of expanded prefixes corresponding to one non-expanded prefix = 2 k-1

68. winter 2008 Router Design68 4-ary Trie (k=2) P2 P3P1 2 A B F 11 next-hop-ptr (if prefix) ptr00ptr01 A four-ary trie node P1 1 10 P4 2 H 11 P4 1 10 11 10 D C E G ptr10ptr11 Lookup 10111 P1111*H1 P210*H2 P31010*H3 P410101H4

69. winter 2008 Router Design69 Prefix Expansion Increases Storage Consumption replication of next-hop ptr greater number of unused (null) pointers in a node Time ~ W/k Storage ~ NW/k * 2 k-1

70. winter 2008 Router Design70 Generalization: Different Strides at Each Trie Level 16-8-8 split 4-10-10-8 split 24-8 split 21-3-8 split

71. winter 2008 Router Design71 Choice of Strides: Controlled Prefix Expansion Given forwarding table and desired number of memory accesses in worst case (i.e., maximum tree depth, D) A dynamic programming algorithm to compute optimal sequence of strides that minimizes storage requirements: runs in O(W 2 D) time Advantages  Optimal storage under these constraints Disadvantages  Updates lead to sub- optimality anyway  Hardware implementation difficult

72. winter 2008 Router Design72 Fast IP Address Lookup Algorithms Lulea’s Algorithm (SIGCOMM 1997) –Key goal: compactly represent routing table in small memory (hopefully, within cache size), to minimize memory access –Use a three-level data structure Cut the look-up tree at level 16 and level 24 –Clever ways to design compact data structures to represent routing look-up info at each level Binary Search on Levels (SIGCOMM 1997) –Represent look-up tree as array of hash tables –Notion of “marker” to guide binary search –Prefix expansion to reduce size of array (thus memory accesses)

73. winter 2008 Router Design73 Packet Classification general router mechanism –firewalls –network address translation –web server load balancing –special processing for selected flows common form of based on 5 IP header fields –source/dest. addr. – either/both specified by prefixes –protocol field - may be “wild-card” –source/dest. port #s (TCP/UDP) - may be port ranges no ideal design –exhaustive search - slow links, few filters –ternary content-addressable memory – exhaustive search –efficient special cases - exact match, one or two address prefixes

74. winter 2008 Router Design74 Packet Classification Packet Classification: find action associated with highest priority rule matching incoming packet header Field 1Field 2…Field kAction Rule 15.3.40.0/212.13.8.11/32…UDPA1A1 Rule 25.168.3.0/24152.133.0.0/16…TCPA2A2 ……………… Rule N5.168.0.0/16152.0.0.0/8…ANYANAN Example: packet (5.168.3.32, 152.133.171.71, …, TCP) L3-DAL3-SAL4-PROT

75. winter 2008 Router Design75 Formal Problem Definition Given classifier C with N rules, Rj, 1  j  N, where Rj consists of three entities: 1)a regular expression Rj[i], 1  i  d, on each of the d header fields, 2)a number, pri(Rj), indicating the priority of the rule in the classifier, and 3)an action, referred to as action(Rj). For incoming packet P with header considered as d-tuple of points (P1, P2, …, Pd), the d-dimensional packet classification problem is to find rule Rm with highest priority among all rules Rj matching d-tuple; i.e., pri(Rm) > pri(Rj),  j  m, 1  j  N, such that Pi matches Rj[i], 1  i  d. Rule Rm is best matching rule for packet P.

76. winter 2008 Router Design76 Routing Lookup: Instance of 1D Classification one-dimension (destination address) forwarding table  classifier routing table entry  rule outgoing interface  action prefix-length  priority

77. winter 2008 Router Design77 Example 4D Classifier RuleL3-DAL3-SAL4-DPL3-PROTAction R1 152.163.190.69/255.25 5.255.255 152.163.80.11/255.25 5.255.255 **Deny R2 152.168.3/255.255.255152.163.200.157/255. 255.255.255 eq wwwudpDeny R3 152.168.3/255.255.255152.163.200.157/255. 255.255.255 range 20-21udpPermit R4 152.168.3/255.255.255152.163.200.157/255. 255.255.255 eq wwwtcpDeny R5 ****Deny

78. winter 2008 Router Design78 Example Classification Results Pkt Hdr L3-DAL3-SAL4-DPL3-PROTRule, Action P1 152.163.190.69152.163.80.11wwwtcpR1, Deny P2 152.168.3.21152.163.200.157wwwudpR2, Deny

79. winter 2008 Router Design79 Geometric Interpretation R5 R4 R3 R1 R2 R7 Dimension 1 Dimension 2 R6 e.g. (128.16.46.23, *) e.g. (144.24/24, 64/16) P2 P1 Packet classification problem: Find the highest priority rectangle containing an incoming point

80. winter 2008 Router Design80 Linear Search keep rules in a linked list O(N) storage, O(N) lookup time, O(1) update complexity

81. winter 2008 Router Design81 Ternary Match Operation Each TCAM entry stores a value, V, and mask, M Hence, two bits (Vi and Mi) for each bit position i (i=1..W) For an incoming packet header, H = {Hi}, the TCAM entry outputs a match if Hi matches Vi in each bit position for which Mi equals ‘1’. ViMiMatch in bit position i ? X0Yes 01Iff (Hi==0) 11Iff (Hi==1)

82. winter 2008 Router Design82 Lookups/Classification with Ternary CAM Memory array Priority encoder Action Memory Packet Header Action TCAMRAM 0 1 2 3 M 0 1 0 0 1 1.23.11.3, tcp 1.23.x.x, x

83. winter 2008 Router Design83 Lookups/Classification with Ternary CAM Memory array Priority encoder Action Memory Packet Header Action TCAMRAM 0 1 2 3 M 0 1 0 0 1 1.23.11.3 1.23.x.x P 32 P 31 P8P8 For LPM

84. winter 2008 Router Design84 Range-to-prefix Blowup prefixes easier to handle than ranges can transform ranges to prefixes Range-to-prefix blowup problem

85. winter 2008 Router Design85 Maximal Prefixes 0011, 01**, 10** 001*, 01** 01**, 10** 01** 0001, 001*, 01**, 10**, 110*, 1110 Range-to-prefix Blowup RuleRange R1[3,11] R2[2,7] R3[4,11] R4[4,7] R5[1,14] Maximum memory blowup = factor of (2W-2) d Luckily, real-life does not see too many arbitrary ranges.

86. winter 2008 Router Design86 TCAMs Advantages  extensible to multiple fields  fast: 10-16 ns today (66- 100 M searches per second) going to 250 Msps  simple to understand and use Disadvantages  inflexible: range-to-prefix blowup  high power, cost:  low density, largest available in 2003-4 is ~2MB, i.e., 128K x 128 (can be cascaded)

87. winter 2008 Router Design87 Example Classifier RuleDestination Address Source Address R10*10* R20*01* R30*1* R400*1* R500*11* R610*1* R7*00*

88. winter 2008 Router Design88 Hierarchical Tries O(NW) memory O(W 2 ) lookup RuleDASA R10*10* R20*01* R30*1* R400*1* R500*11* R610*1* R7*00* Dimension SA R5R2R1 R3 R6 R7 R4 Dimension DA    Search (000,010)

89. winter 2008 Router Design89 Set-pruning Tries RuleDASA R10*10* R20*01* R30*1* R400*1* R500*11* R610*1* R7*00* Dimension SA O(N 2 ) memory O(2W) lookup Dimension DA     R7R2R1R5R7R2R1 R3 R7 R6R4 Search (000,010)

90. winter 2008 Router Design90 Grid-of-Tries O(NW) memory O(2W) lookup RuleDASA R10*10* R20*01* R30*1* R400*1* R500*11* R610*1* R7*00* Dimension DA   Dimension SA R5R2R1 R3 R6 R7 R4     Search (000,010)  switch pointers

91. winter 2008 Router Design91 Grid-of-Tries Advantages  good solution for two dimensions Disadvantages  difficult to carry update  not easily extensible to more than two dimensions 20K 2D rules: 2MB, 9 memory accesses (with prefix-expansion)

92. winter 2008 Router Design92 Classification Algorithms: Speed vs. Storage Tradeoff O(log N) time with O(N d ) storage, or O(log d-1 N) time with O(N) storage Lower bounds for Point Location in N regions with d dimensions from Computational Geometry N = 100, d = 4, N d = 100 MBytes and log d-1 N = 350 memory accesses

93. winter 2008 Router Design93 Packet Classification Summary Algorithms discussed so far –good for two fields, doesn’t scale to more than two fields, OR –good for very small classifiers (< 50 rules) only, OR –have non-deterministic classification time, etc. Heuristic-Based Algorithms –Recursive Flow Classification (RFC) Exploit structure of classifiers, recursively reduce rule space –Hierarchical Intelligent Cuttings (HiCuts) Use heuristics to reduce d-dim search space into sub-spaces –Tuple Space Search decompose query into a number of exact match queries store rules into hash table

94. winter 2008 Router Design94 Example of Packet Flow in RFC

95. winter 2008 Router Design95 RFC Example Four fields  six chunks –Source and destination IP addresses  two chuncks each –Protocol number  one chunck –Destination port number  one chunck

96. winter 2008 Router Design96 Lookup: What’s Used Out There? overwhelming majority of routers: –modifications of multi-bit tries (h/w optimized trie algorithms) –DRAM (sometimes SRAM) based, large number of routes (>0.25M) –parallelism required for speed/storage becomes an issue others mostly TCAM based –for smaller number of routes (256K) –used more frequently in L2/L3 switches –power and cost main bottlenecks

97. winter 2008 Router Design97 Classification: What’s Used Out There? majority of hardware platforms: TCAMs –High performance, cost, power, deterministic worst-case some others: Modifications of RFC –Low speed, low cost DRAM-based, heuristic –Works well in software platforms some others: nothing/linear search/simulated- parallel-search etc.