Applied Research Laboratory Edward W. Spitznagel 24 October 20151 Packet Classification using Extended TCAMs Edward W. Spitznagel, Jonathan S. Turner,

Slides:

Advertisements

Similar presentations

A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.

Advertisements

Router/Classifier/Firewall Tables Set of rules—(F,A)  F is a filter Source and destination addresses. Port number and protocol. Time of day.  A is an.

1 IP-Lookup and Packet Classification Advanced Algorithms & Data Structures Lecture Theme 08 – Part I Prof. Dr. Th. Ottmann Summer Semester 2006.

Balajee Vamanan, Gwendolyn Voskuilen, and T. N. Vijaykumar School of Electrical & Computer Engineering SIGCOMM 2010.

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

Spring 2006CS 685 Network Algorithmics1 Principles in Practice CS 685 Network Algorithmics Spring 2006.

1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.

Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.

Ultra-High Throughput Low-Power Packet Classification

A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.

ClassBench: A Packet Classification Benchmark

Low Power TCAM Forwarding Engine for IP Packets Authors: Alireza Mahini, Reza Berangi, Seyedeh Fatemeh and Hamidreza Mahini Presenter: Yi-Sheng, Lin (

Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,

Fast Filter Updates for Packet Classification using TCAM Authors: Haoyu Song, Jonathan Turner. Publisher: GLOBECOM 2006, IEEE Present: Chen-Yu Lin Date:

CSIE NCKU High-performance router architecture 高效能路由器的架構與設計.

Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)

Packet Classification on Multiple Fields Pankaj Gupta and Nick McKeown Stanford University {pankaj, September 2, 1999.

1 Memory-Efficient 5D Packet Classification At 40 Gbps Authors: Ioannis Papaefstathiou, and Vassilis Papaefstathiou Publisher: IEEE INFOCOM 2007 Presenter:

CS 268: Lectures 13/14 (Route Lookup and Packet Classification) Ion Stoica April 1/3, 2002.

CS 268: Route Lookup and Packet Classification Ion Stoica March 11, 2003.

1 Partition Filter Set for Power- Efficient Packet Classification Authors: Haibin Lu, MianPan Publisher: IEEE GLOBECOM 2006 Present: Chen-Yu Lin Date:

Efficient Multi-Match Packet Classification with TCAM Fang Yu

1 Energy Efficient Packet Classification Hardware Accelerator Alan Kennedy, Xiaojun Wang HDL Lab, School of Electronic Engineering, Dublin City University.

Two stage packet classification using most specific filter matching and transport level sharing Authors: M.E. Kounavis *,A. Kumar,R. Yavatkar,H. Vin Presenter:

Packet Classification George Varghese. Original Motivation: Firewalls Firewalls use packet filtering to block say ssh and force access to web and mail.

CS 268: Route Lookup and Packet Classification

Algorithms for Advanced Packet Classification with TCAMs Karthik Lakshminarayanan UC Berkeley Joint work with Anand Rangarajan and Srinivasan Venkatachary.

EaseCAM: An Energy And Storage Efficient TCAM-based IP-Lookup Architecture Rabi Mahapatra Texas A&M University;

Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)

Computer Networks Switching Professor Hui Zhang

Cs6390 summer 2000 Tradeoffs for Packet Classification 1 Tradeoffs for Packet Classification Members: Jinxiao Song & Yan Tong.

1 Efficient packet classification using TCAMs Authors: Derek Pao, Yiu Keung Li and Peng Zhou Publisher: Computer Networks 2006 Present: Chen-Yu Lin Date:

ECE 526 – Network Processing Systems Design Network Processor Architecture and Scalability Chapter 13,14: D. E. Comer.

Layered Interval Codes for TCAM-based Classification David Hay, Politecnico di Torino Joint work with Anat Bremler-Barr (IDC), Danny Hendler (BGU) and.

Access Control List ACL. Access Control List ACL.

Applied Research Laboratory Edward W. Spitznagel 7 October Packet Classification for Core Routers: Is there an alternative to CAMs? Paper by: Florin.

Applied research laboratory David E. Taylor Users Guide: Fast IP Lookup (FIPL) in the FPX Gigabit Kits Workshop 1/2002.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Minimizing Rulesets for TCAM Implementation.

Timothy Whelan Supervisor: Mr Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University Hardware based packet filtering.

GLOBECOM (Global Communications Conference), 2012

ORange: Multi Field OpenFlow based Range Classifier Liron Schiff Tel Aviv University Yehuda Afek Tel Aviv University Anat Bremler-Barr Inter Disciplinary.

Wire Speed Packet Classification Without TCAMs ACM SIGMETRICS 2007 Qunfeng Dong (University of Wisconsin-Madison) Suman Banerjee (University of Wisconsin-Madison)

Packet Classification on Multiple Fields 참고 논문 : Pankaj Gupta and Nick McKeown SigComm 1999.

Packet Classifiers In Ternary CAMs Can Be Smaller Qunfeng Dong (University of Wisconsin-Madison) Suman Banerjee (University of Wisconsin-Madison) Jia Wang.

Multi-Field Range Encoding for Packet Classification in TCAM Author: Yeim-Kuan Chang, Chun-I Lee and Cheng-Chien Su Publisher: INFOCOM 2011 Presenter:

CA-RAM: A High-Performance Memory Substrate for Search-Intensive Applications Sangyeun Cho, J. R. Martin, R. Xu, M. H. Hammoud and R. Melhem Dept. of Computer.

EECB 473 DATA NETWORK ARCHITECTURE AND ELECTRONICS PREPARED BY JEHANA ERMY JAMALUDDIN Basic Packet Processing: Algorithms and Data Structures.

1 Packet Classification تنظیم : محمدعلی عظیمی. Classifier Example 2.

Efficient Cache Structures of IP Routers to Provide Policy-Based Services Graduate School of Engineering Osaka City University

A Smart Pre-Classifier to Reduce Power Consumption of TCAMs for Multi-dimensional Packet Classification Yadi Ma, Suman Banerjee University of Wisconsin-Madison.

TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK Phase-I Review Supervised By, Presented By, MRS. SHARMILA,M.E., M.ARULMOZHI, AP/CSE.

High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.

CS 740: Advanced Computer Networks IP Lookup and classification Supplemental material 02/05/2007.

1 Bit Weaving: A Non-Prefix Approach to Compressing Packet Classifiers in TCAMs Author: Chad R. Meiners, Alex X. Liu, and Eric Torng Publisher: IEEE/ACM.

Relational Operator Evaluation. overview Projection Two steps –Remove unwanted attributes –Eliminate any duplicate tuples The expensive part is removing.

Packet Classification Using Multidimensional Cutting Sumeet Singh (UCSD) Florin Baboescu (UCSD) George Varghese (UCSD) Jia Wang (AT&T Labs-Research) Reviewed.

On-Chip Logic Minimization Roman Lysecky & Frank Vahid* Department of Computer Science and Engineering University of California, Riverside *Also with the.

Hierarchical packet classification using a Bloom filter and rule-priority tries Source : Computer Communications Authors : A. G. Alagu Priya 、 Hyesook.

Author : Lynn Choi, Hyogon Kim, Sunil Kim, Moon Hae Kim Publisher/Conf : IEEE/ACM TRANSACTIONS ON NETWORKING Speaker : De yu Chen Data :

Packet Classification Using Multi- Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: 2013 IEEE 37th Annual Computer Software.

DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors 2008 YU-ANTL Lab Seminar June 11, 2008 JeongKi Park Advanced Networking Technology Lab. (YU-ANTL)

IP Address Lookup Masoud Sabaei Assistant professor Computer Engineering and Information Technology Department, Amirkabir University of Technology.

IP Routers – internal view

Toward Advocacy-Free Evaluation of Packet Classification Algorithms

Transport Layer Systems Packet Classification

Packet Classification Using Coarse-Grained Tuple Spaces

Jason Klaus, Duncan Elliott Confidential

Scalable Multi-Match Packet Classification Using TCAM and SRAM

Authors: Ding-Yuan Lee, Ching-Che Wang, An-Yeu Wu Publisher: 2019 VLSI

Packet Classification Using Binary Content Addressable Memory

Presentation transcript:

Applied Research Laboratory Edward W. Spitznagel 24 October Packet Classification using Extended TCAMs Edward W. Spitznagel, Jonathan S. Turner, David E. Taylor Supported by NSF ANI , DARPA N

Applied Research Laboratory Edward W. Spitznagel 24 October Packet Classification Problem Suppose you are a firewall, or QoS router, or network monitor... You are given a list of rules (filters) to determine how to process incoming packets, based on the packet header fields –Some fields in the rules are specified with bit masks; others with ranges Goal: when a packet arrives, find the first rule that matches the packet’s header fields Source Address Destination Address Filter Source Port Destination Port Protocol 11xx01xxa TCP 01xx0010b3-15 UDP 0101xxxxc3** xd--ICMP Action fwd 7 fwd 2 deny fwd 5

Applied Research Laboratory Edward W. Spitznagel 24 October Packet Classification Problem Example: packet arrives with header (0101, 0010, 3, 5, UDP) –classification result: filter b is matched –filter c also matches, but, b occurs before c in the list Easy to do when we have only a few rules; very difficult when we have 100,000 rules and packets arrive at 40 Gb/s Source Address Destination Address Filter Source Port Destination Port Protocol 11xx01xxa TCP 01xx0010b3-15 UDP 0101xxxxc3** xd--ICMP Action fwd 7 fwd 2 deny fwd 5

Applied Research Laboratory Edward W. Spitznagel 24 October Geometric Representation Filters with K fields can be represented geometrically in K dimensions Example: Source Address Source Port Source AddressSource PortFilter xxx2-3a bxx17c a b cccc

Applied Research Laboratory Edward W. Spitznagel 24 October Related Work TCAM-based parallel classification –CoolCAMs (Narlikar, Basu, Zane) for IP lookup SRAM-based sequential classification –Recursive Flow Classification (Gupta, McKeown) –HiCuts (Gupta, McKeown) –Extended Grid of Tries (Baboescu, Singh, Varghese) –HyperCuts (Singh, Baboescu, Varghese, Wang) SRAM: 6 transistors per bit (vs. 16 for TCAM), but the SRAM approaches use more bits per filter

Applied Research Laboratory Edward W. Spitznagel 24 October Most popular practical approach to high-performance packet classification Hardware compares query word (packet header) to all stored words (filters) in parallel –each bit of a stored word can be 0, 1, or X (don’t care) Very fast, but not without drawbacks: –High power consumption limits scalability –inefficient representation of ranges Ternary CAMs

Applied Research Laboratory Edward W. Spitznagel 24 October Source Address Destination Address Filter 11xxxxxxa 0xxx01xxb xxxx0110c Query: Match! Doesn’t Match Match! Entry 0 (filter a) is the first matching filter Packet: Src. Addr.Dest. Addr. ContentsAddress 11xxxxxx0 0xxx01xx1 xxxx01102 TCAM Ternary CAM - Example

Applied Research Laboratory Edward W. Spitznagel 24 October Range Matching in TCAMs Convert ranges into sets of prefixes –1-4 becomes 001, 01*, and 100 –3-5 becomes 011 and 10* Source Port Destination Port F Source PortDestination PortFilter F

Applied Research Laboratory Edward W. Spitznagel 24 October Range Matching in TCAMs With two 16-bit range fields, a single rule could require up to 900 TCAM entries! Typical case: entire filter set expands by a factor of 2 to Source Port Destination Port bc ef a d Source PortDestination PortFilter 00110*a01*10*b10010*c001011d01*011e100011f

Applied Research Laboratory Edward W. Spitznagel 24 October Extended TCAMs Extend standard TCAM architecture to enable classification with larger rulesets Partitioned TCAM, for reduced power –inspired by CoolCAMs –differences in indexing, search and partitioning algorithms Support range matching directly in hardware

Applied Research Laboratory Edward W. Spitznagel 24 October Use of Partitioned TCAM Main component of power use in TCAM search is proportional to number of entries searched Partitioning the TCAM: –divide TCAM into blocks of entries –each block is enabled for search via an associated index filter

Applied Research Laboratory Edward W. Spitznagel 24 October Use of Partitioned TCAM Example: suppose we are given the following filters: 0-15, 0xxx 0-6, 1xxx 7-15, 1xxx 0-15, xxxx 1-13, 001x 2-3, 00xx 11-14, 011x 12-12, 01xx 0-5, , 11xx 7-7, 110x 13-14, 11xx 11-15, 111x 9-10, xxxx 0-14, 1010 index filters: filter blocks: a.1-13, 001x b.2-3, 00xx c.9-10, xxx1 d.11-14, 011x e.12-13, 0xxx f.0-14, 1010 g.7-7, 110x h.0-5, 1110 i.1-2, 1x1x j.13-14, 11xx k.11-15, 111x A real Extended TCAM would have more blocks, and more filters per block.

Applied Research Laboratory Edward W. Spitznagel 24 October Use of Partitioned TCAM Example: classify packet with header values (2, 1010) –index block: second and fourth filters match –search second and fourth filter blocks –find matching filters (1-2, 1x1x) and (0-14, 1010) 0-15, 0xxx 0-6, 1xxx 7-15, 1xxx 0-15, xxxx 1-13, 001x 2-3, 00xx 11-14, 011x 12-12, 01xx 0-5, , 11xx 7-7, 110x 13-14, 11xx 11-15, 111x 9-10, xxxx 0-14, 1010 index filters: filter blocks:

Applied Research Laboratory Edward W. Spitznagel 24 October Use of Partitioned TCAM The key to minimizing power consumption: Organize filters so that only a few TCAM blocks must be searched to find the filters matching a packet. –Use a filter grouping algorithm 0-15, 0xxx 0-6, 1xxx 7-15, 1xxx 0-15, xxxx 1-13, 001x 2-3, 00xx 11-14, 011x 12-12, 01xx 0-5, , 11xx 7-7, 110x 13-14, 11xx 11-15, 111x 9-10, xxxx 0-14, 1010 index filters: filter blocks:

Applied Research Laboratory Edward W. Spitznagel 24 October f c a.1-13, 001x b.2-3, 00xx c.9-10, xxxx d.11-14, 011x e.12-13, 0xxx f.0-14, 1010 g.7-7, 110x h.0-5, 1110 i.1-2, 11xx j.13-14, 11xx k.11-15, 111x a b d e h i g k j 0-15, 0xxx Index entry filters a, b, d, e 24 October

Applied Research Laboratory Edward W. Spitznagel 24 October f c a.1-13, 001x b.2-3, 00xx c.9-10, xxxx d.11-14, 011x e.12-13, 0xxx f.0-14, 1010 g.7-7, 110x h.0-5, 1110 i.1-2, 11xx j.13-14, 11xx k.11-15, 111x g k j 0-15, 0xxx Index entry filters a, b, d, e 0-6, 1xxx h, i h i 24 October

Applied Research Laboratory Edward W. Spitznagel 24 October f c a.1-13, 001x b.2-3, 00xx c.9-10, xxxx d.11-14, 011x e.12-13, 0xxx f.0-14, 1010 g.7-7, 110x h.0-5, 1110 i.1-2, 11xx j.13-14, 11xx k.11-15, 111x g k j 0-15, 0xxx Index entry filters a, b, d, e 0-6, 1xxx h, i 7-15, 1xxx g, j, k 24 October

Applied Research Laboratory Edward W. Spitznagel 24 October a.1-13, 001x b.2-3, 00xx c.9-10, xxxx d.11-14, 011x e.12-13, 0xxx f.0-14, 1010 g.7-7, 110x h.0-5, 1110 i.1-2, 11xx j.13-14, 11xx k.11-15, 111x 0-6, 1xxx 7-15, 1xxx 0-15, 0xxx Index entry filters a, b, d, e h, i g, j, k 0-15, xxxx c, f Next phase: f c 24 October

Applied Research Laboratory Edward W. Spitznagel 24 October a.1-13, 001x b.2-3, 00xx c.9-10, xxxx d.11-14, 011x e.12-13, 0xxx f.0-14, 1010 g.7-7, 110x h.0-5, 1110 i.1-2, 11xx j.13-14, 11xx k.11-15, 111x 0-6, 1xxx 7-15, 1xxx 0-15, 0xxx Index entry filters a, b, d, e h, i g, j, k 0-15, xxxx c, f Next phase: 24 October

Applied Research Laboratory Edward W. Spitznagel 24 October Creating a set of partitions At most k filters per region (k = block size) Regions within the same partition do not overlap Total number of regions equals the index size

Applied Research Laboratory Edward W. Spitznagel 24 October Range Matching Store a pair of values (lo, hi ) for each range match field Range check circuitry compares query values against lo and hi to determine if query is in range –Transistors per bit of range field is twice that of ordinary TCAM –But, for typical IPv4 applications, this results in just a 22% increase in overall transistor count

Applied Research Laboratory Edward W. Spitznagel 24 October Performance Metrics Power Fraction = –a measure of power usage, relative to a standard TCAM –smaller is better Storage Efficiency = –higher is better; 1 is optimal index size + (# of partitions)(block size) number of filters index size + (# of blocks)(block size)

Applied Research Laboratory Edward W. Spitznagel 24 October Different Block Sizes Block size=256 Block size=64 Block size =32 Block size=16 Block size=128

Applied Research Laboratory Edward W. Spitznagel 24 October Results: Power Fraction Block size = 32Block size = 64Block size = 128 Block size = 256 Basic Algorithm Refined

Applied Research Laboratory Edward W. Spitznagel 24 October Results: Storage Efficiency Block size = 32Block size = 64Block size = 128 Block size = 256 Basic Algorithm Refined

Applied Research Laboratory Edward W. Spitznagel 24 October Current/Future Work Computational complexity of filter grouping problem Filter updates (add/delete operations) Multi-level indices Different partitioning algorithms Application to SRAM/DRAM-based classification techniques

Applied Research Laboratory Edward W. Spitznagel 24 October Summary Packet Classification is important for many advanced network services TCAMs scale poorly due to power consumption and inefficient range match representations Extended TCAMs: solve these issues by using partitioned TCAM and hardware support for range matching –power consumption greatly reduced (typically to 5% or less of power used by a standard TCAM) –range match hardware: avoid inefficiency in representing ranges

Applied Research Laboratory Edward W. Spitznagel 24 October Questions? ?