Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)

Slides:

Advertisements

Similar presentations

Compressing Forwarding Tables Ori Rottenstreich (Technion, Israel) Joint work with Marat Radan, Yuval Cassuto, Isaac Keslassy (Technion, Israel) Carmi.

Advertisements

August 17, 2000 Hot Interconnects 8 Devavrat Shah and Pankaj Gupta

Fast Updating Algorithms for TCAMs Devavrat Shah Pankaj Gupta IEEE MICRO, Jan.-Feb

Packet Classification using Hierarchical Intelligent Cuttings

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.

Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.

Bio Michel Hanna M.S. in E.E., Cairo University, Egypt B.S. in E.E., Cairo University at Fayoum, Egypt Currently is a Ph.D. Student in Computer Engineering.

M. Waldvogel, G. Varghese, J. Turner, B. Plattner Presenter: Shulin You UNIVERSITY OF MASSACHUSETTS, AMHERST – Department of Electrical and Computer Engineering.

HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Author: Wenjun Li, Xianfeng Li Publisher: 2013 IEEE 21 st Annual Symposium.

Outline Introduction Related work on packet classification Grouper Performance Empirical Evaluation Conclusions.

A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.

1 TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs Department of Computer Science and Information Engineering National.

On the Code Length of TCAM Coding Schemes Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel) 1.

Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,

Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)

Packet Classification on Multiple Fields Pankaj Gupta and Nick McKeown Stanford University {pankaj, September 2, 1999.

CS 268: Lectures 13/14 (Route Lookup and Packet Classification) Ion Stoica April 1/3, 2002.

Efficient Multidimensional Packet Classification with Fast Updates Author: Yeim-Kuan Chang Publisher: IEEE TRANSACTIONS ON COMPUTERS, VOL. 58, NO. 4, APRIL.

1 Range Encoding Cheng-Chien Su. 2 Outline DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors  Hao Che, Zhijun Wang, Kai Zheng, Bin Liu  IEEE.

1 DRES:Dynamic Range Encoding Scheme for TCAM Coprocessors Authors: Hao Che, Zhijun Wang, Kai Zheng and Bin Liu Publisher: IEEE Transactions on Computers,

PEDS: Parallel Error Detection Scheme for TCAM Devices David Hay, Politecnico di Torino Joint work with Anat Bremler Barr (IDC), Danny Hendler (BGU) and.

Two stage packet classification using most specific filter matching and transport level sharing Authors: M.E. Kounavis *,A. Kumar,R. Yavatkar,H. Vin Presenter:

SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification Fang Yu 1 T. V. Lakshman 2 Martin Austin Motoyama 1 Randy H. Katz 1 1 EECS.

An Efficient IP Lookup Architecture with Fast Update Using Single-Match TCAMs Author: Jinsoo Kim, Junghwan Kim Publisher: WWIC 2008 Presenter: Chen-Yu.

Packet Classification George Varghese. Original Motivation: Firewalls Firewalls use packet filtering to block say ssh and force access to web and mail.

Algorithms for Advanced Packet Classification with TCAMs Karthik Lakshminarayanan UC Berkeley Joint work with Anand Rangarajan and Srinivasan Venkatachary.

Fast binary and multiway prefix searches for pachet forwarding Author: Yeim-Kuan Chang Publisher: COMPUTER NETWORKS, Volume 51, Issue 3, pp , February.

Existing Range Encoding Schemes Presenter: Kai-Yang, Liu Date: 2011/11/23.

1 Efficient packet classification using TCAMs Authors: Derek Pao, Yiu Keung Li and Peng Zhou Publisher: Computer Networks 2006 Present: Chen-Yu Lin Date:

ECE 526 – Network Processing Systems Design Network Processor Architecture and Scalability Chapter 13,14: D. E. Comer.

PEDS: Parallel Error Detection Scheme for TCAM Devices David Hay, Politecnico di Torino Joint work with Anat Bremler Barr (IDC, Israel), Danny Hendler.

CoPTUA: Consistent Policy Table Update Algorithm for TCAM without Locking Zhijun Wang, Hao Che, Mohan Kumar, Senior Member, IEEE, and Sajal K. Das.

Layered Interval Codes for TCAM-based Classification David Hay, Politecnico di Torino Joint work with Anat Bremler-Barr (IDC), Danny Hendler (BGU) and.

Applied Research Laboratory Edward W. Spitznagel 7 October Packet Classification for Core Routers: Is there an alternative to CAMs? Paper by: Florin.

ORange: Multi Field OpenFlow based Range Classifier Liron Schiff Tel Aviv University Yehuda Afek Tel Aviv University Anat Bremler-Barr Inter Disciplinary.

Wire Speed Packet Classification Without TCAMs ACM SIGMETRICS 2007 Qunfeng Dong (University of Wisconsin-Madison) Suman Banerjee (University of Wisconsin-Madison)

Packet Classification on Multiple Fields 참고 논문 : Pankaj Gupta and Nick McKeown SigComm 1999.

Packet Classifiers In Ternary CAMs Can Be Smaller Qunfeng Dong (University of Wisconsin-Madison) Suman Banerjee (University of Wisconsin-Madison) Jia Wang.

Palette: Distributing Tables in Software-Defined Networks Yossi Kanizo (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel) and David Hay.

Multi-Field Range Encoding for Packet Classification in TCAM Author: Yeim-Kuan Chang, Chun-I Lee and Cheng-Chien Su Publisher: INFOCOM 2011 Presenter:

Applied Research Laboratory Edward W. Spitznagel 24 October Packet Classification using Extended TCAMs Edward W. Spitznagel, Jonathan S. Turner,

1. Outline Introduction Related work on packet classification Grouper Performance Analysis Empirical Evaluation Conclusions 2/42.

1 Space-Efficient TCAM-based Classification Using Gray Coding Anat Bremler – Barr Interdisciplianry Center Danny Hendler Ben-Gurion University Infocom.

On Finding an Optimal TCAM Encoding Scheme for Packet Classification Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)

The Bloom Paradox Ori Rottenstreich Joint work with Yossi Kanizo and Isaac Keslassy Technion, Israel.

StrideBV: Single chip 400G+ packet classification Author: Thilan Ganegedara, Viktor K. Prasanna Publisher: HPSR 2012 Presenter: Chun-Sheng Hsueh Date:

1 Fast packet classification for two-dimensional conflict-free filters Department of Computer Science and Information Engineering National Cheng Kung University,

Scalable High Speed IP Routing Lookups Scalable High Speed IP Routing Lookups Authors: M. Waldvogel, G. Varghese, J. Turner, B. Plattner Presenter: Zhqi.

IPv6-Oriented 4 OC768 Packet Classification with Deriving-Merging Partition and Field- Variable Encoding Scheme Mr. Xin Zhang Undergrad. in Tsinghua University,

A Smart Pre-Classifier to Reduce Power Consumption of TCAMs for Multi-dimensional Packet Classification Yadi Ma, Suman Banerjee University of Wisconsin-Madison.

High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.

The Bloom Paradox Ori Rottenstreich Joint work with Isaac Keslassy Technion, Israel.

AUTHOR: NIZAR BEN NEJI, ADEL BOUHOULA PUBLISHER: IEEE INTERNATIONAL CONFERENCE,2011 PRESENTER: KAI-YANG LIU DATE:2011/08/31 1 NAF Conversion: An Efficient.

Bit Weaving: A Non-Prefix Approach to Compressing Packet Classifiers in TCAMs Author: Chad R. Meiners, Alex X. Liu, and Eric Torng Publisher: 2012 IEEE/ACM.

Minimizing Delay in Shared Pipelines Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel) Yoram Revah, Aviran Kadosh.

Address Lookup and Classification

1 Bit Weaving: A Non-Prefix Approach to Compressing Packet Classifiers in TCAMs Author: Chad R. Meiners, Alex X. Liu, and Eric Torng Publisher: IEEE/ACM.

Packet Classification Using Multidimensional Cutting Sumeet Singh (UCSD) Florin Baboescu (UCSD) George Varghese (UCSD) Jia Wang (AT&T Labs-Research) Reviewed.

Dynamic Algorithms with Worst-case Performance for Packet Classification Pankaj Gupta and Nick McKeown Stanford University {pankaj,

Compression for Fixed-Width Memories Ori Rottenstriech, Amit Berman, Yuval Cassuto and Isaac Keslassy Technion, Israel.

1 Space-Efficient TCAM-based Classification Using Gray Coding Authors: Anat Bremler-Barr and Danny Hendler Publisher: IEEE INFOCOM 2007 Present: Chen-Yu.

DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors 2008 YU-ANTL Lab Seminar June 11, 2008 JeongKi Park Advanced Networking Technology Lab. (YU-ANTL)

By: Yaron Levy Supervisors: Dr. Shlomo Greenberg Mr. Hagai David.

The Variable-Increment Counting Bloom Filter

Transport Layer Systems Packet Classification

Yotam Harchol The Hebrew University of Jerusalem, Israel

Yotam Harchol The Hebrew University of Jerusalem, Israel

Worst-Case TCAM Rule Expansion

Packet Classification Using Binary Content Addressable Memory

Presentation transcript:

Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)

Packet Classification Action ---- RuleAction Policy Database (classifier) Packet Classification Forwarding Engine Incoming Packet HEADERHEADER

Power Consumption in a Router Sources: R.S. Tucker, based on Cisco CRS-1, 2009; D. Hay Packet Classification }

Towards a Hardware Solution  Rules in the policy database can be written in a ternary alphabet, using 0,1,  

Ternary Content-Addressable Memory (TCAM) Encoder Match lines Packet Header (Search Key) accept deny accept TCAM Array Each entry is a word in {0,1,  } W

Example Encoder Match lines deny log accept deny limit deny accept  00   11  00   0   10   0    1110  010  01   0  11   01  0010  10  01       

Outline  Packet Classification and TCAM devices  Representing range rules  Contributions  New upper bounds on the worst-case rule expansion  Linear expansion of multidimensional rules  New TCAM architectures  Conclusions

Range Rules RuleSource address Source port Dest- address Dest- port Prot ocol Action Rule / /32 80TCP Accept Rule /24> / TCP Deny Rule / UDP Accept Rule / TCP Limit Rule ICMP Log  Range rule = rule that contains range field  Usually source-port or dest-port

Range Rule Representation in TCAM  Assume we want to represent a range in a single field of W bits  Our objective: minimize the number of TCAM entries needed to encode the range  More TCAM entries represent more power consumption  Some ranges are easy to represent Example: W=3: [4, 7] = {100,101,110,111} = 1   But what about [1,6] ?

 Range [1,6] in tree of all elements with W=3 bits: (Internal) Encoding of [1,6] Known result: expansion in 2W-2 TCAM entries Here: 2W-2=4 TCAM entries

Prefix Expansion  Use multiple entries to code a single rule [1,6]= {001, 01 ,10 , 110} – 4 entries  Every rule that contains [1,6] needs 4 entries  Maximum expansion 2W-2 for range [1,2 W -2] (W is the field width)  For rules with two range fields, we need the Cartesian product of the expansion  Active research to reduce this cost: [Yu, Katz], [Spitznagel, Taylor and Turner], [Liu], [van Lunteren, Engbersen], [Che, Wang, Zheng, Liu] [Lakshminarayanan, Rangarajan, Venkatachary] … [Srinivasan, Varghese, Suri, Waldvogel; 1998]

Outline  Introduction  Worst-case range expansion  New TCAM architectures

External Encoding Here: W=3 TCAM entries (instead of 4) Idea to reduce number of TCAM entries: exploit TCAM entry order by encoding range complimentary as well

New upper bounds on the worst-case rule expansion  Theorem 1: Expansion of W-bit range in at most W TCAM entries  Note: W instead of 2W-2  Note: also in next talk  Theorem 2: W TCAM entries is optimal among prefix codes (not shown in this paper)  Theorem 3: Expansion of k W-bit ranges in k·W TCAM entries

Union of k ranges in kW R 1 =[1,5], R 2 =[7,7] R=R 1 UR 2 can be encoded using k·W=2·3=6 TCAM entries  Theorem 3: Expansion of k W-bit ranges in k·W TCAM entries  Example:

Multi-field Ranges Known result: range expansion in d W-bit fields in (2W-2) d TCAM entries Theorem 4: Expansion in O(d·W) TCAM entries (i.e. linear in d) without any additional logic

Outline  Introduction  Worst-case range expansion  New TCAM architectures

New TCAM architectures  Using additional logic to reduce expansion  Example for W=4

Example for W=4

(a) Known Architecture: Internal – Product  Expansion of 6·5 + 3·1 = 33

(a) Internal - Product header (range 1) PE (0) (1) (0)  Worst-case expansion of k·(2W-2)^d

(b) Combined - Product  Expansion of 3·4 + 3·1 = 15

(0) (1) header PE (range 1) (0) (1) (0) (b) Combined - Product  Worst-case expansion of k·W^d

(c) Combined – Sum  Expansion of =11

(0) (1) (0) header PE (range 1) (1) (c) Combined – Sum  Worst-case expansion of k·d·W

Architecture Summary known new

Experimental Results  On real-life rule set  120 separate rule files from various applications Firewalls, ACL-routers, Intrusion Prevention systems  215K rules  280 unique ranges  Used as a common benchmark in literature

Experimental Results 39% Better 57% Better

Implentation Considerations  Hot updates – Updates are easy to apply due to the TCAM’s devision into ranges  Multiple actions –No need to change the architecture in case of more actions than accept and deny

Future Directions  Coding scheme optimality ?  Over prefix encoding schemes  Over all encoding schemes  Over multidimensional ranges

Summary  Expansion of W-bit range in at most W TCAM entries (instead of 2W-2)  Optimal (among prefix codes)  Linear expansion for multi-field ranges  New TCAM architectures  Up to 39% less TCAM entries

Thank You