Presentation is loading. Please wait.

Presentation is loading. Please wait.

Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International.

Published byGarey Park Modified over 8 years ago

Similar presentations

Presentation on theme: "Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International."— Presentation transcript:

1 Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International Conference Presenter: Chih-Hsun Wang Date: 2014/12/10 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

2 Introduction Different packet classification schemes have been developed but they require a number of memory accesses as classification is complex and memory is slow. We propose a scheme based on memory cache to support packet classification. We present various packet classification caching schemes for performing classification and provide the cache hit ratio results for various traffic models generated with Class bench. National Cheng Kung University CSIE Computer & Internet Architecture Lab 2

3 Method (1/9) Use the concept of caching of rules using the least- recently used (LRU) policy to replace information in the cache. Create two tries, one for the source IP and the other one for the destination IP Priority Bit (1) there does not exist any rule which could be matched if r is matched. (2) there exists no rule of higher precedence which could be matched if rule r is matched. National Cheng Kung University CSIE Computer & Internet Architecture Lab 3

4 Method (2/9) National Cheng Kung University CSIE Computer & Internet Architecture Lab 4

5 Method (3/9) National Cheng Kung University CSIE Computer & Internet Architecture Lab 5 R1,R2,R3,R4,R5,R6 R1,R2,R6 R4,R6 R5,R6 R3,R5,R6 R5,R6 R6

6 Method (4/9) National Cheng Kung University CSIE Computer & Internet Architecture Lab 6 R1,R2,R3,R4,R5,R6 R1,R2,R6 R4,R6 R5,R6 R3,R5,R6

7 Method (5/9) We can decrease the number of steps in trie traversing by directly checking the rules that could be matched and those that have a priority higher than the rules in the cache. To achieve this, we need to store two address pointers, the source IP trie address pointer and the destination IP trie address pointer. National Cheng Kung University CSIE Computer & Internet Architecture Lab 7

8 Method (6/9) Data Structure Source IP, Destination IP Source port range, Destination port range Protocol Flags Priority bit Source IP trie address, Destination IP trie address National Cheng Kung University CSIE Computer & Internet Architecture Lab 8

9 Method (7/9) National Cheng Kung University CSIE Computer & Internet Architecture Lab 9 Incoming Packet Source IPDestination IPSource Port Des. Port 1100*111*617 Cache R1 R2 Search R2 will match in cache but it’s priority bit is 0 Rule #SIPDIPSPDPPBAP R11100*111*0:516:201S11,D6 R21100*111*0:6553516:200S11,D6

10 Method (8/9) National Cheng Kung University CSIE Computer & Internet Architecture Lab 10 Search Rule #SIPDIPSPDPPBAP R11100*111*0:516:201S11,D6 R21100*111*0:6553516:200S11,D6

11 Method (9/9) National Cheng Kung University CSIE Computer & Internet Architecture Lab 11 Search Rule #SIPDIPSPDPPBAP R11100*111*0:516:201S11,D6 R21100*111*0:6553516:200S11,D6 Incoming Packet Source IPDestination IPSource Port Des. Port 1100*111*617 match R2

12 Problem (1/3) National Cheng Kung University CSIE Computer & Internet Architecture Lab 12

13 Problem (2/3) National Cheng Kung University CSIE Computer & Internet Architecture Lab 13 Incoming Packet Source IPDestination IPSource PortDes. Port 69.63.137.23481.170.248.180750113 Best match R11

14 Problem (3/3) National Cheng Kung University CSIE Computer & Internet Architecture Lab 14 Incoming Packet Source IPDestination IPSource PortDes. Port 69.63.137.234Not 81.170.248.180750113 Best match R16

15 Solution (1/3) Create additional 256-bit vector and information about the dependent rules. Change the position of the bit pointed to by the value in the byte to 1. Keep the bit vector that contains the smallest number of 1’s along with the marker signifying the byte number of the bit vector National Cheng Kung University CSIE Computer & Internet Architecture Lab 15

16 Solution (2/3) National Cheng Kung University CSIE Computer & Internet Architecture Lab 16 R16 for example Dependent rules: R11, R12, R13

17 Solution (3/3) National Cheng Kung University CSIE Computer & Internet Architecture Lab 17 R16 for example Pick

18 Implemented Method (1/17) Method I Use a simple LRU scheme. Use a priority bit without the 256-bit vector. Method II Use a simple LRU scheme. Use a priority bit and the 256-bit vector. National Cheng Kung University CSIE Computer & Internet Architecture Lab 18

19 Implemented Method (2/17) Method III Use the frequency-based replacement method. Cache is divided into three sections: NEW, MID and OLD sections. Every rule in the cache has a reference count associated with it. National Cheng Kung University CSIE Computer & Internet Architecture Lab 19

20 Implemented Method (3/17) National Cheng Kung University CSIE Computer & Internet Architecture Lab 20 NEW R1,1 MIDOLD R1 match

21 Implemented Method (4/17) National Cheng Kung University CSIE Computer & Internet Architecture Lab 21 NEW R2,1 R1,1 MIDOLD R2 match

22 Implemented Method (5/17) National Cheng Kung University CSIE Computer & Internet Architecture Lab 22 NEW R3,1 R2,1 R1,1 MIDOLD R3 match

23 Implemented Method (6/17) National Cheng Kung University CSIE Computer & Internet Architecture Lab 23 NEW R4,1 R3,1 R2,1 MID R1,1 OLD R4 match

24 Implemented Method (7/17) National Cheng Kung University CSIE Computer & Internet Architecture Lab 24 NEW R1,2 R4,1 R3,1 MID R2,1 OLD R1 match If the rule hit is in the MID section, then its count is incremented and the rule is moved to the head of the NEW section.

25 Implemented Method (8/17) National Cheng Kung University CSIE Computer & Internet Architecture Lab 25 NEW R4,1 R1,2 R3,1 MID R2,1 OLD R4 match The reference count of the rule is not incremented in the NEW and OLD sections.

26 Implemented Method (9/17) National Cheng Kung University CSIE Computer & Internet Architecture Lab 26 NEW R4,1 R1,2 R3,1 MID R2,1 R5,1 R6,1 OLD R7,1 R8,2 R9,1 R10 match If the cache is full, then we remove from the OLD section the rule that has the least count.

27 Implemented Method (10/17) Method IV Separate count for the rule in the main memory and cache. Do not cache the rule until the count for the rule crosses a threshold. Maintain a sampling window of T time slots (i.e., incoming packet counts). At every t=n*T, for n=1, 2, 3, …, we transfer into the cache the rules that have counts bigger than the chosen threshold. National Cheng Kung University CSIE Computer & Internet Architecture Lab 27

28 Implemented Method (11/17) National Cheng Kung University CSIE Computer & Internet Architecture Lab 28 Main Memory R1,3 R2,0 R3,0 R4,0 R5,0 R6,0 Incoming Packet match R1, R1, R1 Cache Threshold = 2, t = n*T, n = 1

29 Implemented Method (13/17) National Cheng Kung University CSIE Computer & Internet Architecture Lab 29 At every t=n*T, for n= 1, 2, 3, …, we transfer into the cache the rules that have counts bigger than the chosen threshold. F Main Memory R1,1 R2,0 R3,0 R4,0 R5,0 R6,0 Cache R1,1 Threshold = 2, t = n*T, n = 1

30 Implemented Method (14/17) National Cheng Kung University CSIE Computer & Internet Architecture Lab 30 Main Memory R1,1 R2,1 R3,1 R4,1 R5,1 R6,1 Cache R1,1 R3,1 R4,2 Threshold = 2, t = n*T, n = 1 Incoming Packet match R5, R6, R5

31 Implemented Method (15/17) National Cheng Kung University CSIE Computer & Internet Architecture Lab 31 Main Memory R1,1 R2,1 R3,1 R4,1 R5,3 R6,2 Cache R1,1 R3,1 R4,2 Incoming Packet match R5, R6, R5 Threshold = 2, t = n*T, n = 1

32 Implemented Method (16/17) National Cheng Kung University CSIE Computer & Internet Architecture Lab 32 Main Memory R1,1 R2,1 R3,1 R4,1 R5,1 R6,2 Cache R5,1 R1,1 R4,1 Threshold = 2, t = n*T, n = 1 R3 has be replaced

33 Method V This method is very similar to the method III. Remove the MID section in the cache. Increment counts in the OLD section. The OLD section is very wide containing 768 locations. National Cheng Kung University CSIE Computer & Internet Architecture Lab 33 Implemented Method (17/17)

34 National Cheng Kung University CSIE Computer & Internet Architecture Lab 34 Experimental Results (1/4)

35 National Cheng Kung University CSIE Computer & Internet Architecture Lab 35 Experimental Results (2/4)

36 National Cheng Kung University CSIE Computer & Internet Architecture Lab 36 Experimental Results (3/4)

37 National Cheng Kung University CSIE Computer & Internet Architecture Lab 37 Experimental Results (4/4)

Download ppt "Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International."

Similar presentations

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:
Scalable Packet Classification Using Hybrid and Dynamic Cuttings Authors : Wenjun Li,Xianfeng Li Publisher : Engineering Lab on Intelligent Perception.

Scalable Packet Classification Using Hybrid and Dynamic Cuttings Authors : Wenjun Li,Xianfeng Li Publisher : Engineering Lab on Intelligent Perception.
Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.

Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.
Parallel IP Lookup using Multiple SRAM-based Pipelines Authors: Weirong Jiang and Viktor K. Prasanna Presenter: Yi-Sheng, Lin ( 林意勝 ) Date: 2008.12.10.

Parallel IP Lookup using Multiple SRAM-based Pipelines Authors: Weirong Jiang and Viktor K. Prasanna Presenter: Yi-Sheng, Lin ( 林意勝 ) Date:
Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.

Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.
An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.

An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.
1 Route Table Partitioning and Load Balancing for Parallel Searching with TCAMs Department of Computer Science and Information Engineering National Cheng.

1 Route Table Partitioning and Load Balancing for Parallel Searching with TCAMs Department of Computer Science and Information Engineering National Cheng.
OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.

OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.
High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.

High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.
HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Authors : Wenjun Li, Xianfeng Li Publisher : 2013 IEEE 21st Annual Symposium.

HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Authors : Wenjun Li, Xianfeng Li Publisher : 2013 IEEE 21st Annual Symposium.
Fast forwarding table lookup exploiting GPU memory architecture Author : Youngjun Lee,Minseon Jeong,Sanghwan Lee,Eun-Jin Im Publisher : Information and.

Fast forwarding table lookup exploiting GPU memory architecture Author : Youngjun Lee,Minseon Jeong,Sanghwan Lee,Eun-Jin Im Publisher : Information and.
Packet Classification Using Multi-Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: COMPSACW, 2013 IEEE 37th Annual (Computer.

Packet Classification Using Multi-Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: COMPSACW, 2013 IEEE 37th Annual (Computer.
Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:

Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:
A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,

A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,
High-Speed Packet Classification Using Binary Search on Length Authors: Hyesook Lim and Ju Hyoung Mun Presenter: Yi-Sheng, Lin ( 林意勝 ) Date: Jan. 14, 2008.

High-Speed Packet Classification Using Binary Search on Length Authors: Hyesook Lim and Ju Hyoung Mun Presenter: Yi-Sheng, Lin ( 林意勝 ) Date: Jan. 14, 2008.
A Hybrid IP Lookup Architecture with Fast Updates Author : Layong Luo, Gaogang Xie, Yingke Xie, Laurent Mathy, Kavé Salamatian Conference: IEEE INFOCOM,

A Hybrid IP Lookup Architecture with Fast Updates Author : Layong Luo, Gaogang Xie, Yingke Xie, Laurent Mathy, Kavé Salamatian Conference: IEEE INFOCOM,
Author : Guangdeng Liao, Heeyeol Yu, Laxmi Bhuyan Publisher : Publisher : DAC'10 Presenter : Jo-Ning Yu Date : 2010/10/06.

Author : Guangdeng Liao, Heeyeol Yu, Laxmi Bhuyan Publisher : Publisher : DAC'10 Presenter : Jo-Ning Yu Date : 2010/10/06.
EQC16: An Optimized Packet Classification Algorithm For Large Rule-Sets Author: Uday Trivedi, Mohan Lal Jangir Publisher: 2014 International Conference.

EQC16: An Optimized Packet Classification Algorithm For Large Rule-Sets Author: Uday Trivedi, Mohan Lal Jangir Publisher: 2014 International Conference.
Pattern-Based DFA for Memory- Efficient and Scalable Multiple Regular Expression Matching Author: Junchen Jiang, Yang Xu, Tian Pan, Yi Tang, Bin Liu Publisher:IEEE.

Pattern-Based DFA for Memory- Efficient and Scalable Multiple Regular Expression Matching Author: Junchen Jiang, Yang Xu, Tian Pan, Yi Tang, Bin Liu Publisher:IEEE.
Scalable Many-field Packet Classification on Multi-core Processors Authors : Yun R. Qu, Shijie Zhou, Viktor K. Prasanna Publisher : International Symposium.

Scalable Many-field Packet Classification on Multi-core Processors Authors : Yun R. Qu, Shijie Zhou, Viktor K. Prasanna Publisher : International Symposium.

Similar presentations

Ads by Google