Download presentation
Presentation is loading. Please wait.
1
1 ENTS689L: Packet Processing and Switching Classification Engines Classification Engines Vahid Tabatabaee Fall 2007
2
2 ENTS689L: Packet Processing and Switching Classification Engines References Pankaj Gupta, “Lookups and Classification presentation,” Lecture notes of EE384Y: Packet Switch Architecture” course of Prof. Nick McKeown in Stanford University” available online at http://www.stanford.edu/class/ee384y/ http://www.stanford.edu/class/ee384y/ Pnkaj Gupta, Nick McKeown, "Algorithms for Packet Classification,” IEEE Network, March 2001. Title: Network Processors Architectures, Protocols, and Platforms Author: Panos C. Lekkas, Publisher: McGraw-Hill
3
3 ENTS689L: Packet Processing and Switching Classification Engines Two General Classification Problems Look-up and Classification: It is mainly used in simple packet routing switching context. It consists of the identification of correct output port, channel or interface that the packet should be forwarded. This decision is based on the destination address. Deep Packet Classification: A packet must be distinguished among several others. It is based on several internal bit fields of variable length or format.
4
4 ENTS689L: Packet Processing and Switching Classification Engines Deep Packet Classification Distinguished: Different processing awaits each packet after it is singled out. These different types of processing corresponds to flows. Several: Simultaneous application of multiple rules. Internal: The bits may by buried deeper inside the packet and they are not conveniently located at fixed position on the header. Variable length or format: They are not as straight forward 32-bit addresses, but they can represent range of values and can be of variable length such Uniform Resource Locators (URL).
5
5 ENTS689L: Packet Processing and Switching Classification Engines Algorithms and Data Structures to Support Lookup and Forwarding
6
6 ENTS689L: Packet Processing and Switching Classification Engines Binary Search Trees In computer science, a binary search tree (BST) is a binary tree which has the following properties: Each node has a value. A total order is defined on these values. The left subtree of a node contains only values less than the node's value. The right subtree of a node contains only values greater than or equal to the node's value. Lookup time O(log N), but independent of address length From Wikipedia, the free encyclopedia
7
7 ENTS689L: Packet Processing and Switching Classification Engines Binary Search Tries In computer science, a trie, or prefix tree, is an ordered tree data structure that is used to store an associative array where the keys are strings. Looking up keys is faster. Looking up a key of length m takes worst case O(m) time. Independent of the table size. Tries can require less space when they contain a large number of short strings, because the keys are not stored explicitly and nodes are shared between keys O(NW). Tries help with longest-prefix matching, where we wish to find the key sharing the longest possible prefix with a given key efficiently. From Wikipedia, the free encyclopedia tennis tent
8
8 ENTS689L: Packet Processing and Switching Classification Engines Tries for Exact Matches in Ethernet Switches We do not need to chase one bit at a time. We can trade memory for search time. Pointer 0, means no children. Storage is O(NW), N number of entries and W is width of them. 16-ary Search Trie 0000, ptr1111, ptr 0000, 0 1111, ptr 000011110000 0000, 0 1111, ptr 111111111111 Source: http://www.stanford.edu/class/ee384x/
9
9 ENTS689L: Packet Processing and Switching Classification Engines Trade off between speed and memory size As the degree increases more and more pointers are 0 (wasted). Table produced from 2 15 randomly generated 48-bit addresses Source: http://www.stanford.edu/class/ee384x/
10
10 ENTS689L: Packet Processing and Switching Classification Engines Tries for Longest Prefix Match P1111*H1 P210*H2 P31010*H3 P410101H4 P2 P3 P4 P1 A B C G D F H E 1 0 0 1 1 1 1 next-hop-ptr (if prefix) left-ptr right-ptr Trie node
11
11 ENTS689L: Packet Processing and Switching Classification Engines Tries for Longest Prefix Match P1111*H1 P210*H2 P31010*H3 P410101H4 P2 P3 P4 P1 A B C G D F H E 1 0 0 1 1 1 1 Lookup 10111 next-hop-ptr (if prefix) left-ptr right-ptr Trie node
12
12 ENTS689L: Packet Processing and Switching Classification Engines Tries for Longest Prefix Match P1111*H1 P210*H2 P31010*H3 P410101H4 P2 P3 P4 P1 A B C G D F H E 1 0 0 1 1 1 1 Add P5=1110* I 0 P5 next-hop-ptr (if prefix) left-ptr right-ptr Trie node
13
13 ENTS689L: Packet Processing and Switching Classification Engines Radix Trie For W bit prefixes and N routes: Lookup Complexity: O(W) Storage Complexity: O(NW) Update Complexity: O(W) Advantages: Simplicity Extensible to wider fields and larger tables Disadvantage: Waste of memory Worst-case look-up slow
14
14 ENTS689L: Packet Processing and Switching Classification Engines Leaf Pushing Technique Leaf pushing reduces the amount of information stored in each table entry. The best match information is pushed to the leaf nodes. Each table entry contains either a pointer or next hop information. A B C G D E 1 0 0 1 1 left-ptr or next-hop Trie node right-ptr or next-hop P2 P4P3 P2 P1 111*H1 P210*H2 P31010*H3 P410101H4
15
15 ENTS689L: Packet Processing and Switching Classification Engines A B C G D E 1 0 0 1 1 P2 P4P3 P2 P1 P2 P3 P4 P1 A B C G D F H E 1 0 0 1 1 1 1 Leaf Pushing Technique
16
16 ENTS689L: Packet Processing and Switching Classification Engines Incremental Rebuilding with Leaf Pushing Information changes at a node close to the root can potentially change a large number of leaves. Add P5=1* A B C G D E 1 0 0 1 1 P2 P4P3 P2 P1 A B C G D E 1 0 0 1 1 P2 P4P3 P2 P1 P5
17
17 ENTS689L: Packet Processing and Switching Classification Engines Multi-bit Tries Faster Search Larger Memory Depth = W Degree = 2 Stride = 1 bit Binary trie W Depth = W/k Degree = 2 k Stride = k bits Multi-ary trie W/k
18
18 ENTS689L: Packet Processing and Switching Classification Engines Prefix Expansion with Multi-bit Tries If stride = k bits, prefix lengths that are not a multiple of k need to be expanded Maximum number of expanded prefixes corresponding to one non-expanded prefix = 2 k-1 PrefixExpanded prefixes 0*00*, 01* 11* E.g., k = 2:
19
19 ENTS689L: Packet Processing and Switching Classification Engines Example 4-ary Trie P2 P3P1 2 A B F 11 next-hop-ptr (if prefix) ptr00ptr01 A four-ary trie node P1 1 10 P4 2 H 11 P4 1 10 11 10 D C E G ptr10ptr11 Lookup 10111 P1111*H1 P210*H2 P31010*H3 P410101H4
20
20 ENTS689L: Packet Processing and Switching Classification Engines Memory expansion in Multi-bit Tries Replication of next-hop ptr (more leaf nodes) Greater number of unused (null) pointers in a node: (2 k child not only 2) Time ~ W/k Storage ~ NW/k * 2 k-1
21
21 ENTS689L: Packet Processing and Switching Classification Engines Generalization: Different Strides at different levels. 16-8-8 split 4-10-10-8 split 24-8 split 21-3-8 split
22
22 ENTS689L: Packet Processing and Switching Classification Engines Deep Packet Classification Checking Multiple Fields
23
23 ENTS689L: Packet Processing and Switching Classification Engines Motivation: Desire for Additional Services ISP1 NAP E1 ISP2 ISP3 X ServiceExample Differentiated Service Ensure that traffic from ISP2 is given higher priority over traffic from ISP3. Packet Filtering Deny all web traffic from ISP3 at interface X. Policy-based routing Ensure that all web traffic from ISP2 is sent via interface Z. Y Z Other examples: Accounting & billing, rate-limiting, etc.
24
24 ENTS689L: Packet Processing and Switching Classification Engines Special Processing Requires Identification of Flows All packets of a flow obey a pre-defined rule and are processed similarly by the router E.g. a flow = (src-IP-address, dst-IP-address), or a flow = (dst-IP-prefix, protocol) etc. Router needs to identify the flow of every incoming packet and then perform appropriate special processing based on negotiated service agreements
25
25 ENTS689L: Packet Processing and Switching Classification Engines Special processing Control Datapath: (per-packet processing) Routing lookup Flow-aware Router: Basic Architectural Components Routing, resource reservation, admission control, SLAs Packet classificati on Switching Scheduling
26
26 ENTS689L: Packet Processing and Switching Classification Engines Multi-field Packet Classification Packet Classification: Find the action associated with the highest priority rule matching an incoming packet header. Field 1Field 2…Field kAction Rule 15.3.40.0/212.13.8.11/32…UDPA1A1 Rule 25.168.3.0/24152.133.0.0/16…TCPA2A2 ……………… Rule N5.168.0.0/16152.0.0.0/8…ANYANAN Example: packet (5.168.3.32, 152.133.171.71, …, TCP) L3-DAL3-SAL4-PROT
27
27 ENTS689L: Packet Processing and Switching Classification Engines Example 4D Classifier RuleL3-DA (address/mask) L3-SA (address/mask) L4- Destination L4-PROTAction R1 152.163.190.69/ 255.255.255.255 152.163.80.11/ 255.255.255.255 **Deny R2 152.168.3/ 255.255.255 152.163.200.157/ 255.255.255.255 eq wwwudpDeny R3 152.168.3/ 255.255.255 152.163.200.157/ 255.255.255.255 range 20- 21 udpPermit R4 152.168.3/ 255.255.255 152.163.200.157/ 255.255.255.255 eq wwwtcpDeny R5 ****Deny
28
28 ENTS689L: Packet Processing and Switching Classification Engines Example Classification Results Pkt Hdr L3-DAL3-SAL4-DPL4- PROT Rule, Action P1 152.163.190.69152.163.80.11wwwtcpR1, Deny P2 152.168.3.21152.163.200.157wwwudpR2, Deny
29
29 ENTS689L: Packet Processing and Switching Classification Engines R5 Geometric Interpretation R4 R3 R1 R2 R7 Dimension 1 Dimension 2 R6 P2 P1 Packet classification problem: Find the highest priority rectangle containing an incoming point
30
30 ENTS689L: Packet Processing and Switching Classification Engines Metrics for Classification Algorithms Speed Storage requirements Ability to handle large classifiers Low preprocessing time Update time Scalability in the number of header fields Flexibility in rule specification
31
31 ENTS689L: Packet Processing and Switching Classification Engines Linear Search Keep rules in a linked list O(N) storage, O(N) lookup time, O(1) update complexity
32
32 ENTS689L: Packet Processing and Switching Classification Engines TCAMs (Recap) Advantages Extensible to multiple fields Fast: 6-8 ns today (133-150 searches per second) going to 250 Msps Simple to understand and use Disadvantages Inflexible: range-to-prefix blowup Power: ~15-20W @ 100Msps Cost: $200-$250 for ~2MByte Density: largest available in 2006 is ~2MB, i.e., 128K x 128 (can be cascaded) Tough memory soft-error problem
33
33 ENTS689L: Packet Processing and Switching Classification Engines Example Classifier RuleDestination Address Source Address R10*10* R20*01* R30*1* R400*1* R500*11* R610*1* R7*00*
34
34 ENTS689L: Packet Processing and Switching Classification Engines Hierarchical Tries Dimension DA O(NW) memory O(W 2 ) lookup RuleDASA R10*10* R20*01* R30*1* R400*1* R500*11* R610*1* R7*00* Search (000,010) Dimension SA R5R2R1 R3 R6 R7 R4
35
35 ENTS689L: Packet Processing and Switching Classification Engines Set-pruning Tries [Tsuchiya, Sri98] Reduced query time obtained by replicating rules to eliminate traversals Dimension DA RuleDASA R10*10* R20*01* R30*1* R400*1* R500*11* R610*1* R7*00* R7 Dimension SA R2R1R5R7R2R1 R3 R7 R6 R7 R4 O(WN 2 ) memory O(2W) lookup
36
36 ENTS689L: Packet Processing and Switching Classification Engines Set-pruning Tries [Tsuchiya, Sri98] Reduced query time obtained by replicating rules to eliminate traversals Dimension DA RuleDASA R10*10* R20*01* R30*1* R400*1* R500*11* R610*1* R7*00* R7 Dimension SA R2R1R5R7R2R1 R3 R7 R6 R7 R4 O(WN 2 ) memory O(2W) lookup Search (000,010)
37
37 ENTS689L: Packet Processing and Switching Classification Engines Recursive Flow Classification It looks at classification as mapping S bits onto T bits. S bits are concatenation of all fields T bits represent classification outcomes It breaks down the mapping task into multiple stages At each stage one set of values is mapped to a smaller set
38
38 ENTS689L: Packet Processing and Switching Classification Engines RFC Algorithm 1.In the first phase, fields of the packet header are split up into multiple chunks that are used to index into multiple memories in parallel. The contents of each memory are chosen so that the result of the lookup is narrower than the index. 2.In subsequent phases, memories are indexed using the results from earlier phases. 3.In the final phase, the memory yields the action d
39
39 ENTS689L: Packet Processing and Switching Classification Engines RFC Performance RFC is shown to perform 31.25 Mpps classification using a three-stage pipeline. It requires two 4Mb SRAM. Four banks of 64Mb SDRAM under 125 MHz clock rate. It is estimated to do 15000 rules in 10 Gbps
40
40 ENTS689L: Packet Processing and Switching Classification Engines Classification: What’s Used Out There? Majority of hardware platforms: TCAMs High performance, cost, power, determinstic worst- case Some others: Modifications of RFC Low speed, low cost DRAM-based, heuristic Works well in software platforms Some others: HyperCuts/HiCuts Others: nothing/linear search/simulated-parallel-search etc.
41
41 ENTS689L: Packet Processing and Switching Classification Engines Lookup: What’s Used Out There? Overwhelming majority of routers: Modifications of multi-bit tries (h/w optimized trie algorithms) DRAM (sometimes SRAM) based, large number of routes (>0.25M) Parallelism required for speed/storage becomes an issue Others mostly TCAM based Allows sharing the same TCAM for both lookup and classification
42
42 ENTS689L: Packet Processing and Switching Classification Engines Packet Classification: References F. Baboescu and G. Varghese, “Scalable packet classification,” Proc. Sigcomm 2001 [Lak98] T.V. Lakshman. D. Stiliadis. “High speed policy based packet forwarding using efficient multi-dimensional range matching”, Sigcomm 1998, pp 191-202 K. Lakshminarayanan, A. Rangarajan and S. Venkatachary. “Algorithms for advanced packet classification with Ternary CAMs”, Sigcomm 2005. [Sri98] V. Srinivasan, S. Suri, G. Varghese and M. Waldvogel. “Fast and scalable layer 4 switching”, Sigcomm 1998, pp 203-214 [Grid-of-tries, crossproducting] V. Srinivasan, G. Varghese, S. Suri. “Fast packet classification using tuple space search”, Sigcomm 1999, pp 135-146 P. Gupta, N. McKeown, “Packet classification using hierarchical intelligent cuttings,” Hot Interconnects VII, 1999 [Gupta99] P. Gupta, N. McKeown, “Packet classification on multiple fields,” Sigcomm 1999, pp 147-160 [RFC] P. Gupta, “Algorithms for routing lookups and packet classification”, PhD Thesis, Ch 1 and 4, Dec 2000, available at http://yuba.stanford.edu/ ~pankaj/phd.html [Background and introduction to Classification] P. Gupta and N. McKeown, “Algorithms for packet classification,” IEEE Network, March/April 2001, vol. 15, no. 2, pp 24-32 S. Singh, F. Baboescu, G. Varghese and J. Wang, “Packet classification using multidimensional cutting,” Proc. ACM Sigcomm 2003. [HyperCuts] S. Iyer, R.R. Kompella, and A. Shelat, “ClassiPI: An architecture for fast and flexible packet classification,” IEEE Network, March/April 2001, vol. 15, no. 2, pp 33-41 TCAM vendors: netlogicmicro.com, idt.com
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.