EQC16: An Optimized Packet Classification Algorithm For Large Rule-Sets Author: Uday Trivedi, Mohan Lal Jangir Publisher: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI) Presenter: Chih-Hsun Wang Date: 2014/4/8 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
Introduction Packet classification is a well-researched field. However, none of the existing algorithms works well for very large rule-sets up to 128K rules. EQC16 uses 16 bit lookup to reduce memory accesses, min-max rule information to narrow down search scope, and combines two 8 bit fields for fast search. It has very high classification speed, reasonable memory requirement and small preprocessing time for large rule- sets and it supports real-time incremental updates. EQC16 can be termed as “Equivalence class with 16 bit” design. National Cheng Kung University CSIE Computer & Internet Architecture Lab 2
EQC16 Algorithm National Cheng Kung University CSIE Computer & Internet Architecture Lab 3 EQC16 borrows the initial idea from BV and ABV (Aggregated Bit-Vector) and optimizes it with multiple changes. The simplest data structure to describe BV with 8 bit lookup is a table with 256 rows and c columns where c is number of chunks.
EQC16 Algorithm National Cheng Kung University CSIE Computer & Internet Architecture Lab 4 With ABV algorithm, each table index stores N bit BV vector and ABV vector. BV vector is partitioned into k blocks, each of size A bits, where k = N/A where A is aggregation factor.
EQC16 Algorithm We noticed that many BV vectors at different row and column have eventually same bit vector data. However, there is no mechanism to find duplicate data in BV and ABV algorithms. Instead of having large BV vector at each table index, we can have one table which stores all unique bit vectors and use index value of this table entry to access that bit vector. Each unique entry is called an equivalence class and the table is called equivalence class table. National Cheng Kung University CSIE Computer & Internet Architecture Lab 5
EQC16 algorithm uses two primary tables as part of search database. Rule Index table: Rule index table contains indices to related EQC table entry. EQC table : This table stores all unique BV, ABV and miscellaneous data like number of set rules (set bits), reference count, minimum and maximum rule number in BV etc. Min and Max rule keep information about LSB and MSB bit set in BV. Reference count is used while adding/deleting an EQC entry. National Cheng Kung University CSIE Computer & Internet Architecture Lab 6 EQC16 Algorithm
National Cheng Kung University CSIE Computer & Internet Architecture Lab 7 EQC16 Algorithm
National Cheng Kung University CSIE Computer & Internet Architecture Lab 8 EQC16 Algorithm With this scheme, we allocate only 2432 bytes compared to 13K bytes required with min-max calculation
EQC16 Algorithm Preprocessing phase In preprocessing phase, rule-set file is read and search database is generated. We use one temporary table BT_TABLE with 1 column and rows and generate EQC classes chunk by chunk. After preprocessing phase, we can free this BT_TABLE memory as we have search database in EQC table and Rule index table. Entry at EQ ID 0 is called NULL rule entry. All bits in BV and ABV for that EQC entry are zero. All other field values are 0. National Cheng Kung University CSIE Computer & Internet Architecture Lab 9
EQC16 Algorithm National Cheng Kung University CSIE Computer & Internet Architecture Lab 10
EQC16 Algorithm Classification phase EQC16 uses Rule Index table to find all unique EQC entries referred by search key chunks. Once these unique EQC entries are found, min-max rule value is used and both ABV and BV vector intersection is done to get the matching rule(s). From all matching rule, highest priority rule is chosen as final matching rule. National Cheng Kung University CSIE Computer & Internet Architecture Lab 11
National Cheng Kung University CSIE Computer & Internet Architecture Lab 12
National Cheng Kung University CSIE Computer & Internet Architecture Lab 13
Optimization Combining 8 bit fields into single 16 bit chunk EQC16 algorithm takes advantage of 16 bit lookup by combining two 8 bit fields into one single chunk. No rule match optimization If any chunk value gives EQ ID with num_rules field as 0, we immediately confirm that there is no rule match and stop the search. Ignoring duplicate EQ IDs If multiple key chunks find same EQ ID, we ignore the duplicate EQ IDs and process only unique ID. Also, if an EQC entry has all rule bit set, it is ALL rule EQC entry. We do not need to intersect this EQC entry and thus ignore this EQC index. National Cheng Kung University CSIE Computer & Internet Architecture Lab 14
Optimization Min-Max rule checking Min rule and max rule of all unique EQC entries are used to check no match scenario and reduce the scope of further memory inspection. National Cheng Kung University CSIE Computer & Internet Architecture Lab 15
Test Setup and Results We coded EQC16, BV, ABV and RFC algorithm as C programs. Conducted our tests on Intel(R) Xeon(R) CPU E GHz with 3 GB memory. Two types of rule-sets: Standard rule-sets ACL, FW, IPC with around 16K rules, 13 bytes and 7 chunks and synthetic rule-sets with 128K rules, 21 bytes and 12 chunks. National Cheng Kung University CSIE Computer & Internet Architecture Lab 16
Test Setup and Results National Cheng Kung University CSIE Computer & Internet Architecture Lab 17
Test Setup and Results National Cheng Kung University CSIE Computer & Internet Architecture Lab 18
Test Setup and Results National Cheng Kung University CSIE Computer & Internet Architecture Lab 19
Test Setup and Results National Cheng Kung University CSIE Computer & Internet Architecture Lab 20
Test Setup and Results National Cheng Kung University CSIE Computer & Internet Architecture Lab 21
Test Setup and Results National Cheng Kung University CSIE Computer & Internet Architecture Lab 22