ClassBench: A Packet Classification Benchmark

Slides:

Advertisements

Similar presentations

Ch. 2 Protocol Architecture. 2.1 The Need for a Protocol Architecture Same set of layered functions need to exist in the two communicating systems. Key.

Advertisements

Router/Classifier/Firewall Tables Set of rules—(F,A)  F is a filter Source and destination addresses. Port number and protocol. Time of day.  A is an.

Multi-dimensional Packet Classification on FPGA: 100Gbps and Beyond

Delivery and Forwarding of

Chapter 9: Access Control Lists

Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.

Fast Algorithms For Hierarchical Range Histogram Constructions

IP Routing Lookups Scalable High Speed IP Routing Lookups.

A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.

Tries Standard Tries Compressed Tries Suffix Tries.

Digital Search Trees & Binary Tries Analog of radix sort to searching. Keys are binary bit strings.  Fixed length – 0110, 0010, 1010,  Variable.

Network Layer and Transport Layer.

Collaborative Filtering in iCAMP Max Welling Professor of Computer Science & Statistics.

Using Structure Indices for Efficient Approximation of Network Properties Matthew J. Rattigan, Marc Maier, and David Jensen University of Massachusetts.

1 A Tree Based Router Search Engine Architecture With Single Port Memories Author: Baboescu, F.Baboescu, F. Tullsen, D.M. Rosu, G. Singh, S. Tullsen, D.M.Rosu,

Protocols and the TCP/IP Suite Chapter 4 (Stallings Book)

Privacy-Preserving Cross-Domain Network Reachability Quantification

1 Energy Efficient Packet Classification Hardware Accelerator Alan Kennedy, Xiaojun Wang HDL Lab, School of Electronic Engineering, Dublin City University.

William Stallings Data and Computer Communications 7 th Edition Chapter 2 Protocols and Architecture.

COE 342: Data & Computer Communications (T042) Dr. Marwan Abu-Amara Chapter 2: Protocols and Architecture.

Detection and Resolution of Anomalies in Firewall Policy Rules

Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.

1 Efficient packet classification using TCAMs Authors: Derek Pao, Yiu Keung Li and Peng Zhou Publisher: Computer Networks 2006 Present: Chen-Yu Lin Date:

Presented by Group 2: Presented by Group 2: Shan Gao ( ) Shan Gao ( ) Dayang Yu ( ) Dayang Yu ( ) Jiayu Zhou ( ) Jiayu Zhou.

NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.

Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

TCP/IP Yang Wang Professor: M.ANVARI.

William Stallings Data and Computer Communications 7 th Edition Data Communications and Networks Overview Protocols and Architecture.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

Multi-dimensional Packet Classification on FPGA 100 Gbps and Beyond Author: Yaxuan Qi, Jeffrey Fong, Weirong Jiang, Bo Xu, Jun Li, Viktor Prasanna Publisher:

Computer Networks. Introduction Computer Network2 A History Lesson of Networking 1969 – ARPANET, first packet switched network consist of UCLA, Stanford,

Vladimír Smotlacha CESNET Full Packet Monitoring Sensors: Hardware and Software Challenges.

ECE 526 – Network Processing Systems Design Packet Processing I: algorithms and data structures Chapter 5: D. E. Comer.

Packet Classification on Multiple Fields 참고 논문 : Pankaj Gupta and Nick McKeown SigComm 1999.

1 Networking Chapter Distributed Capabilities Communications architectures –Software that supports a group of networked computers Network operating.

Firewall Fingerprinting Amir R. Khakpour 1, Joshua W. Hulst 1, Zhihui Ge 2, Alex X. Liu 1, Dan Pei 2, Jia Wang 2 1 Michigan State University 2 AT&T Labs.

Applied Research Laboratory Edward W. Spitznagel 24 October Packet Classification using Extended TCAMs Edward W. Spitznagel, Jonathan S. Turner,

Page 1 Access Lists Lecture 7 Hassan Shuja 04/25/2006.

Chapter 2 Protocols and the TCP/IP Suite 1 Chapter 2 Protocols and the TCP/IP Suite.

StrideBV: Single chip 400G+ packet classification Author: Thilan Ganegedara, Viktor K. Prasanna Publisher: HPSR 2012 Presenter: Chun-Sheng Hsueh Date:

Unconstrained Endpoint Profiling Googling the Internet Ionut Trestian, Supranamaya Ranjan, Alekandar Kuzmanovic, Antonio Nucci Reviewed by Lee Young Soo.

1 Fast packet classification for two-dimensional conflict-free filters Department of Computer Science and Information Engineering National Cheng Kung University,

SCALABLE PACKET CLASSIFICATION USING INTERPRETING A CROSS-PLATFORM MULTI-CORE SOLUTION Author: Haipeng Cheng, Zheng Chen, Bei Hua and Xinan Tang Publisher/Conf.:

High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.

CS 740: Advanced Computer Networks IP Lookup and classification Supplemental material 02/05/2007.

Communication Architecture and Network Protocol Layering Networks and Protocols Prepared by: TGK First Prepared on: Last Modified on: Quality checked by:

Author: Weirong Jiang and Viktor K. Prasanna Publisher: ACM Symposium on Parallel Algorithms and Architectures, SPAA 2009 Presenter: Chin-Chung Pan Date:

Lightweight Traffic-Aware Packet Classification for Continuous Operation Author: Shariful Hasan Shaikot, Min Sik Kim Presenter: Yen-Chun Tseng Date: 2014/11/26.

Parallel tree search: An algorithmic approach for multi- field packet classification Authors: Derek Pao and Cutson Liu. Publisher: Computer communications.

Packet Classification Using Multidimensional Cutting Sumeet Singh (UCSD) Florin Baboescu (UCSD) George Varghese (UCSD) Jia Wang (AT&T Labs-Research) Reviewed.

Packet Classification Using Dynamically Generated Decision Trees

Author: Weirong Jiang and Viktor K. Prasanna Publisher: The 18th International Conference on Computer Communications and Networks (ICCCN 2009) Presenter:

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

Ch. 2 Protocol Architecture. 2.1 The Need for a Protocol Architecture Same set of layered functions need to exist in the two communicating systems. Key.

Hierarchical packet classification using a Bloom filter and rule-priority tries Source : Computer Communications Authors : A. G. Alagu Priya 、 Hyesook.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors 2008 YU-ANTL Lab Seminar June 11, 2008 JeongKi Park Advanced Networking Technology Lab. (YU-ANTL)

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Instructor & Todd Lammle

CCENT Study Guide Chapter 12 Security.

CS522 Advanced database Systems

IP Routers – internal view

Transport Layer Systems Packet Classification

תרגול 11 – אבטחה ברמת ה-IP – IPsec

Digital Search Trees & Binary Tries

Packet Classification Using Coarse-Grained Tuple Spaces

Scalable Multi-Match Packet Classification Using TCAM and SRAM

Presentation transcript:

ClassBench: A Packet Classification Benchmark David E. Taylor, Jonathan S. Turner Washington University in Saint Louis Presented by Jian-Meng Yang

[Figure from Professor Jonathan Chao’s book] Background Packet classification is an enabling technology A classifier example (5 tuples) [Figure from Professor Jonathan Chao’s book]

Background A packet classifier must compare header fields of every incoming packet To accelerate search time or reduce storage requirements No standard performance evaluation tools ClassBench is presented !

ClassBench A suite of tools for benchmarking packet classification algorithms and devices. Consists of three tools: Filter Set Analyzer Filter Set Generator Trace Generator

ClassBench Architecture General approach Construct a set of benchmark parameter files Generate a synthetic filter set Generate a sequence of packet headers

Analysis of Seed Filter Sets Understanding Filter Composition We can view a filter as having two major components: An address prefix pair An application specification Address prefix pair Identifies the communicating subnets by specifying a source address prefix and a destination address prefix.

Analysis of Seed Filter Sets Application Specification Identifies a specific application session by specifying the transport protocol, source port number, and destination port number. Address prefix pair The speed and efficiency of several longest prefix matching and packet classification algorithms depend upon The number of unique prefix lengths The distribution of filters across those unique values.

Analysis of Seed Filter Sets The number of unique prefix lengths acl: access control list fw: firewall ipc: IP chain

Analysis of Seed Filter Sets The distribution of filters across those unique values Real filter sets have unique prefix pair distributions that reflect the types of filters contained in the filter set. acl5:

Analysis of Seed Filter Sets 2 Distributions to facilitate construction of synthetic filter sets that accurately model seed filter sets: Branching Probability Distribution For each level in the tree, we compute the probability that a node has one child or two children. Skew Distribution For nodes with TWO children, we compute skew, which is a relative measure of the “weights” of the left and right subtrees of the node. Weight: The number of filters specifying prefixes in the subtree

Analysis of Seed Filter Sets Skew Distribution L heavy be the subtree with the largest weight light be the subtree with equal or less weight The Black nodes denote a prefix specified by a single filter. The subtrees denoted by triangles with associated weight.

Analysis of Seed Filter Sets Branching Probability Distribution Skew Distribution

Analysis of Seed Filter Sets Application Specification 3 useful characteristics Protocol:

Analysis of Seed Filter Sets Port Ranges WC, wildcard HI, ephemeral user port range [1024 : 65535] LO, well-known system port range [0 : 1023] AR, arbitrary range EM, exact match Port Pair Class The structure of source and destination port range pairs is a key point of interest for both modeling real filter sets and designing efficient search algorithms.

Parameter Files Given a seed filter set, the Filter Set Analyzer generates a parameter file. Parameter files contain Statistics and probability distributions that allow the Filter Set Generator to produce a synthetic filter set.

Parameter Files Parameter files includes Protocol specifications and the distribution of filters over those values. Port Pair Class Matrix Prefix pair length

Synthetic Filter Set Generator High-level input parameters size: Target size for the synthetic filter set. smoothing: Controls the number of new address aggregates. Scope: The measure of the number of possible packet headers covered by the filter.

Trace Generator Benchmarking a particular packet classification algorithm or device We must exercise the algorithm or device using a sequence of synthetic packet headers.

Comment It provides the network research scientists a good tool for evaluating their packet classifier performance. No information about how to get or generate the Seed filter set. How about the exceptions?