Applied Research Laboratory Edward W. Spitznagel 7 October Packet Classification for Core Routers: Is there an alternative to CAMs? Paper by: Florin Baboescu, Sumeet Singh, George Varghese Presentation by: Edward W. Spitznagel
Applied Research Laboratory Edward W. Spitznagel 7 October Outline Introduction Packet Classification Problem Extended Grid-of-Tries (EGT) –Grid-of-Tries –Extending Grid-of-Tries into EGT –Path Compression –Results Summary
Applied Research Laboratory Edward W. Spitznagel 7 October Packet Classification Problem Suppose you are a firewall, or QoS router, or network monitor... You are given a list of rules (filters) to determine how to process incoming packets, based on the packet header fields Goal: when a packet arrives, find the least-cost rule that matches the packet’s header fields Source Address 11* 01* Destination Address 01* 0010 * 101* Filter a b c d Source Port * Destination Port * * Protocol TCP UDP * ICMP Action fwd 7 fwd 2 deny fwd 5 Cost
Applied Research Laboratory Edward W. Spitznagel 7 October Packet Classification Problem Example: packet arrives with header (0101, 0010, 3, 5, UDP) –classification result: filter c –filter b also matches, but, c has lower cost Easy when we have only a few rules; very hard with 100,000 rules and packets arriving at 40 Gb/s Source Address 11* 01* Destination Address 01* 0010 * 101* Filter a b c d Source Port * Destination Port * * Protocol TCP UDP * ICMP Action fwd 7 fwd 2 deny fwd 5 Cost
Applied Research Laboratory Edward W. Spitznagel 7 October Packet Classification - Metrics Metrics for evaluating classification algorithms: –Time complexity of classifying a packet often expressed as the number of memory accesses required –Storage requirements of data structures –Number of fields that can be handled
Applied Research Laboratory Edward W. Spitznagel 7 October Packet Classification in Core Routers Many core routers have “fairly large” (e.g rule) databases –Expected to grow; in fact, may be limited by current technology Classification in core routers must be done quickly –Emerging core routers operate at 40Gb/s. With 40- byte packets, that means one packet every 8 nsec Thus the general belief that brute-force hardware (TCAMs) will be necessary to support packet classification in core routers
Applied Research Laboratory Edward W. Spitznagel 7 October Packet Classification - TCAM disadvantages Ternary CAMs (TCAM) have disadvantages –Density Scaling: transistors per bit of TCAM (vs. 4-6 transistors per bit of SRAM) –Power Scaling: due to performing all comparisons in parallel. –Time Scaling: 5-10 nsec for a TCAM operation –Extra Chips: requires TCAM chip(s) and bridge ASIC –Rule Multiplication for ranges: arbitrary ranges are represented by sets of prefixes; very inefficient. Thus, we consider an algorithmic solution...
Applied Research Laboratory Edward W. Spitznagel 7 October Packet Classification trends Packet classification in 2D: several good methods –Grid of Tries, Area-based QuadTrees, FIS-trees, Tuple- space search, range trees and fractional cascading Classification in k dimensions, where k>2, is hard –O(log K-1 N) time and linear space, or O(log N) time and O(NK) space, for N filters in K dimensions Modern algorithms: use heuristics to exploit the structure and properties that real-world filter databases tend to have. –Example: RFC and HiCuts algorithms
Applied Research Laboratory Edward W. Spitznagel 7 October Extended Grid of Tries (EGT) Observation: Core router tables studied have a low maximum filter depth in the 2D space defined by in this case, “low” means 20 or less i.e. no point in this 2D plot of filters is covered by more than 20 filters 0xFFFF 0 0 Source Address Dest.Address a b c d 0xFFFF
Applied Research Laboratory Edward W. Spitznagel 7 October Extended Grid of Tries (EGT) The Basic Idea: –Use an existing 2D scheme to classify with respect to Source IP and Dest. IP –Then, do linear search over a small list of possible matches (at most 20, but typically around 5) EGT: use Grid-of-Tries as the 2D scheme
Applied Research Laboratory Edward W. Spitznagel 7 October Grid of Tries - Intuition Imagine a search trie containing Dest. Address prefixes Now add a Source Address trie under each Dest. prefix –Filters are stored in these tries, perhaps multiple times
Applied Research Laboratory Edward W. Spitznagel 7 October Grid of Tries - Intuition Reduce storage by storing each filter only once –But we now need to backtrack to ancestors’ source tries during a search...
Applied Research Laboratory Edward W. Spitznagel 7 October Grid of Tries Use switch pointers to improve search efficiency –allows us to jump to the next source trie among ancestors, instead of backtracking
Applied Research Laboratory Edward W. Spitznagel 7 October Extended Grid of Tries EGT uses jump pointers instead of switch pointers –EGT requires the 2D search to return all filters matching in those dimensions –Thus, some of the nodes skipped by a switch pointer cannot be skipped in an EGT search So, search complexity is a bit higher than in ordinary Grid-of-Tries –worst case search takes W+(H+1)*W = (H+2)*W time, where W=time to find best prefix in a single trie, and H=max trie height (H=32 for IPv4) –but, the authors expect typically it takes L*W with L being a small value (reflecting the low maximum prefix containment seen in most filter databases)
Applied Research Laboratory Edward W. Spitznagel 7 October EGT with Path Compression (EGT-PC) EGT-PC adds Path Compression whereby single branching paths are removed –Improves search time and storage requirements, particularly for small filter sets
Applied Research Laboratory Edward W. Spitznagel 7 October EGT-PC: Results Storage requirements: impressively low (almost as low as TCAM!) –since we store each filter only once Storage, in terms of number of 32-bit words Classification time is good, but not as impressive –also a result of storing each filter once: we therefore may need to traverse multiple Source tries Memory accesses, in terms of 32-bit word accesses
Applied Research Laboratory Edward W. Spitznagel 7 October EGT-PC: Results Memory usage by component: Storage for list is proportional to number of filters Storage for trie is roughly proportional to number of filters Path compression reduces storage by a factor of 3, roughly
Applied Research Laboratory Edward W. Spitznagel 7 October EGT-PC: Results with larger databases Larger databases are generated using smaller ones as a core –randomly generated prefixes for Source Address and Destination Address, using the prefix length distributions from the original databases –Other fields are randomly derived from the distributions in the original databases Memory Accesses: still not bad, even for large databases Storage Requirements: still appear to be linear
Applied Research Laboratory Edward W. Spitznagel 7 October EGT-PC: Remarks May only work well with core routers Lookups: –faster than HiCuts; not as fast or as deterministic as RFC. –can easily be characterized by maximum 2D filter depth Storage requirements: quite good –using Grid-of-Tries for the 2D scheme is a wise choice (storage efficiency) Very nice to have results comparing several different algorithms (unlike nearly all previous papers) It is possible to apply the basic EGT idea, but with a different 2D scheme –Tuple Space, FIS-trees, RFC in 2D, and perhaps Area-based QuadTrees –The trick is that the 2D scheme must be modified to return all filters matching those 2 dimensions (rather than just the least-cost filter matching those 2 dimensions)
Applied Research Laboratory Edward W. Spitznagel 7 October Comparison of different algorithms BestWorst Lookup Speed Storage Requirements RFC Linear Search Linear Search EGT EGT-PC HiCuts-1TCAM EGT-PC HiCuts-4 BestWorst EGTHiCuts-1HiCuts-4
Applied Research Laboratory Edward W. Spitznagel 7 October Summary Packet Classification: Given packet P and list of filters F, find least cost filter in F that matches P –Important metrics: Lookup time, data structure size Extended Grid of Tries –Core routers have a low maximum filter depth in the 2D space defined by –Thus, we can perform a 2D search via Grid of Tries, and then and we can add path compression to the trie –Lookup time is fairly good; storage requirements are very good.
Applied Research Laboratory Edward W. Spitznagel 7 October Thanks -- Questions? ?
Applied Research Laboratory Edward W. Spitznagel 7 October Backup slides to follow...
Applied Research Laboratory Edward W. Spitznagel 7 October Geometric Representation Filters with K fields can be represented geometrically in K dimensions Example: Source Address Source Port Source AddressSource PortFilter xxx2-3a bxx17c a b cccc
Applied Research Laboratory Edward W. Spitznagel 7 October Most popular practical approach to high-performance packet classification Hardware compares query word (packet header) to all stored words (filters) in parallel –each bit of a stored word can be 0, 1, or X (don’t care) Very fast, but not without drawbacks: –High power consumption limits scalability –inefficient representation of ranges Ternary CAMs
Applied Research Laboratory Edward W. Spitznagel 7 October Source Address Destination Address Filter 11xxxxxxa 0xxx01xxb xxxx0110c Query: Match! Doesn’t Match Match! (Now perform priority resolution...) Packet: Src. Addr.Dest. Addr. ContentsAddress 11xxxxxx0 0xxx01xx1 xxxx01102 TCAM Ternary CAM - Example
Applied Research Laboratory Edward W. Spitznagel 7 October Range Matching in TCAMs Convert ranges into sets of prefixes –1-4 becomes 001, 01*, and 100 –3-5 becomes 011 and 10* Source Port Destination Port F Source PortDestination PortFilter F
Applied Research Laboratory Edward W. Spitznagel 7 October Range Matching in TCAMs With two 16-bit range fields, a single rule could require up to 900 TCAM entries! Typical case: entire filter set expands by a factor of 2 to Source Port Destination Port bc ef a d Source PortDestination PortFilter 00110*a01*10*b10010*c001011d01*011e100011f