Presentation is loading. Please wait.

Presentation is loading. Please wait.

Applied Research Laboratory Edward W. Spitznagel 24 October 20151 Packet Classification using Extended TCAMs Edward W. Spitznagel, Jonathan S. Turner,

Published byCandace Short Modified over 9 years ago

Similar presentations

Presentation on theme: "Applied Research Laboratory Edward W. Spitznagel 24 October 20151 Packet Classification using Extended TCAMs Edward W. Spitznagel, Jonathan S. Turner,"— Presentation transcript:

1 Applied Research Laboratory Edward W. Spitznagel 24 October 20151 Packet Classification using Extended TCAMs Edward W. Spitznagel, Jonathan S. Turner, David E. Taylor Supported by NSF ANI-9813723, DARPA N660001-01-1-8930

2 Applied Research Laboratory Edward W. Spitznagel 24 October 20152 Packet Classification Problem Suppose you are a firewall, or QoS router, or network monitor... You are given a list of rules (filters) to determine how to process incoming packets, based on the packet header fields –Some fields in the rules are specified with bit masks; others with ranges Goal: when a packet arrives, find the first rule that matches the packet’s header fields Source Address Destination Address Filter Source Port Destination Port Protocol 11xx01xxa2-40-15TCP 01xx0010b3-15 UDP 0101xxxxc3** 1101101xd--ICMP Action fwd 7 fwd 2 deny fwd 5

3 Applied Research Laboratory Edward W. Spitznagel 24 October 20153 Packet Classification Problem Example: packet arrives with header (0101, 0010, 3, 5, UDP) –classification result: filter b is matched –filter c also matches, but, b occurs before c in the list Easy to do when we have only a few rules; very difficult when we have 100,000 rules and packets arrive at 40 Gb/s Source Address Destination Address Filter Source Port Destination Port Protocol 11xx01xxa2-40-15TCP 01xx0010b3-15 UDP 0101xxxxc3** 1101101xd--ICMP Action fwd 7 fwd 2 deny fwd 5

4 Applied Research Laboratory Edward W. Spitznagel 24 October 20154 Geometric Representation Filters with K fields can be represented geometrically in K dimensions Example: 2640 2 6 4 0 Source Address Source Port Source AddressSource PortFilter xxx2-3a 010 0-7bxx17c a b cccc

5 Applied Research Laboratory Edward W. Spitznagel 24 October 20155 Related Work TCAM-based parallel classification –CoolCAMs (Narlikar, Basu, Zane) for IP lookup SRAM-based sequential classification –Recursive Flow Classification (Gupta, McKeown) –HiCuts (Gupta, McKeown) –Extended Grid of Tries (Baboescu, Singh, Varghese) –HyperCuts (Singh, Baboescu, Varghese, Wang) SRAM: 6 transistors per bit (vs. 16 for TCAM), but the SRAM approaches use more bits per filter

6 Applied Research Laboratory Edward W. Spitznagel 24 October 20156 Most popular practical approach to high-performance packet classification Hardware compares query word (packet header) to all stored words (filters) in parallel –each bit of a stored word can be 0, 1, or X (don’t care) Very fast, but not without drawbacks: –High power consumption limits scalability –inefficient representation of ranges Ternary CAMs

7 Applied Research Laboratory Edward W. Spitznagel 24 October 20157 Source Address Destination Address Filter 11xxxxxxa 0xxx01xxb xxxx0110c 11100110 Query: Match! Doesn’t Match Match! Entry 0 (filter a) is the first matching filter 11100110 Packet: Src. Addr.Dest. Addr. ContentsAddress 11xxxxxx0 0xxx01xx1 xxxx01102 TCAM Ternary CAM - Example

8 Applied Research Laboratory Edward W. Spitznagel 24 October 20158 Range Matching in TCAMs Convert ranges into sets of prefixes –1-4 becomes 001, 01*, and 100 –3-5 becomes 011 and 10* 2640 2 6 4 0 Source Port Destination Port F Source PortDestination PortFilter 1-43-5F

9 Applied Research Laboratory Edward W. Spitznagel 24 October 20159 Range Matching in TCAMs With two 16-bit range fields, a single rule could require up to 900 TCAM entries! Typical case: entire filter set expands by a factor of 2 to 6 2640 2 6 4 0 Source Port Destination Port bc ef a d Source PortDestination PortFilter 00110*a01*10*b10010*c001011d01*011e100011f

10 Applied Research Laboratory Edward W. Spitznagel 24 October 201510 Extended TCAMs Extend standard TCAM architecture to enable classification with larger rulesets Partitioned TCAM, for reduced power –inspired by CoolCAMs –differences in indexing, search and partitioning algorithms Support range matching directly in hardware

11 Applied Research Laboratory Edward W. Spitznagel 24 October 201511 Use of Partitioned TCAM Main component of power use in TCAM search is proportional to number of entries searched Partitioning the TCAM: –divide TCAM into blocks of entries –each block is enabled for search via an associated index filter

12 Applied Research Laboratory Edward W. Spitznagel 24 October 201512 Use of Partitioned TCAM Example: suppose we are given the following filters: 0-15, 0xxx 0-6, 1xxx 7-15, 1xxx 0-15, xxxx 1-13, 001x 2-3, 00xx 11-14, 011x 12-12, 01xx 0-5, 1110 1-2, 11xx 7-7, 110x 13-14, 11xx 11-15, 111x 9-10, xxxx 0-14, 1010 index filters: filter blocks: a.1-13, 001x b.2-3, 00xx c.9-10, xxx1 d.11-14, 011x e.12-13, 0xxx f.0-14, 1010 g.7-7, 110x h.0-5, 1110 i.1-2, 1x1x j.13-14, 11xx k.11-15, 111x A real Extended TCAM would have more blocks, and more filters per block.

13 Applied Research Laboratory Edward W. Spitznagel 24 October 201513 Use of Partitioned TCAM Example: classify packet with header values (2, 1010) –index block: second and fourth filters match –search second and fourth filter blocks –find matching filters (1-2, 1x1x) and (0-14, 1010) 0-15, 0xxx 0-6, 1xxx 7-15, 1xxx 0-15, xxxx 1-13, 001x 2-3, 00xx 11-14, 011x 12-12, 01xx 0-5, 1110 1-2, 11xx 7-7, 110x 13-14, 11xx 11-15, 111x 9-10, xxxx 0-14, 1010 index filters: filter blocks:

14 Applied Research Laboratory Edward W. Spitznagel 24 October 201514 Use of Partitioned TCAM The key to minimizing power consumption: Organize filters so that only a few TCAM blocks must be searched to find the filters matching a packet. –Use a filter grouping algorithm 0-15, 0xxx 0-6, 1xxx 7-15, 1xxx 0-15, xxxx 1-13, 001x 2-3, 00xx 11-14, 011x 12-12, 01xx 0-5, 1110 1-2, 11xx 7-7, 110x 13-14, 11xx 11-15, 111x 9-10, xxxx 0-14, 1010 index filters: filter blocks:

15 Applied Research Laboratory Edward W. Spitznagel 24 October 201515 12214108640 12 2 14 10 8 6 4 0 f c a.1-13, 001x b.2-3, 00xx c.9-10, xxxx d.11-14, 011x e.12-13, 0xxx f.0-14, 1010 g.7-7, 110x h.0-5, 1110 i.1-2, 11xx j.13-14, 11xx k.11-15, 111x a b d e h i g k j 0-15, 0xxx Index entry filters a, b, d, e 24 October 201515

16 Applied Research Laboratory Edward W. Spitznagel 24 October 201516 12214108640 12 2 14 10 8 6 4 0 f c a.1-13, 001x b.2-3, 00xx c.9-10, xxxx d.11-14, 011x e.12-13, 0xxx f.0-14, 1010 g.7-7, 110x h.0-5, 1110 i.1-2, 11xx j.13-14, 11xx k.11-15, 111x g k j 0-15, 0xxx Index entry filters a, b, d, e 0-6, 1xxx h, i h i 24 October 201516

17 Applied Research Laboratory Edward W. Spitznagel 24 October 201517 12214108640 12 2 14 10 8 6 4 0 f c a.1-13, 001x b.2-3, 00xx c.9-10, xxxx d.11-14, 011x e.12-13, 0xxx f.0-14, 1010 g.7-7, 110x h.0-5, 1110 i.1-2, 11xx j.13-14, 11xx k.11-15, 111x g k j 0-15, 0xxx Index entry filters a, b, d, e 0-6, 1xxx h, i 7-15, 1xxx g, j, k 24 October 201517

18 Applied Research Laboratory Edward W. Spitznagel 24 October 201518 12214108640 12 2 14 10 8 6 4 0 a.1-13, 001x b.2-3, 00xx c.9-10, xxxx d.11-14, 011x e.12-13, 0xxx f.0-14, 1010 g.7-7, 110x h.0-5, 1110 i.1-2, 11xx j.13-14, 11xx k.11-15, 111x 0-6, 1xxx 7-15, 1xxx 0-15, 0xxx Index entry filters a, b, d, e h, i g, j, k 0-15, xxxx c, f Next phase: f c 24 October 201518

19 Applied Research Laboratory Edward W. Spitznagel 24 October 201519 12214108640 12 2 14 10 8 6 4 0 a.1-13, 001x b.2-3, 00xx c.9-10, xxxx d.11-14, 011x e.12-13, 0xxx f.0-14, 1010 g.7-7, 110x h.0-5, 1110 i.1-2, 11xx j.13-14, 11xx k.11-15, 111x 0-6, 1xxx 7-15, 1xxx 0-15, 0xxx Index entry filters a, b, d, e h, i g, j, k 0-15, xxxx c, f Next phase: 24 October 201519

20 Applied Research Laboratory Edward W. Spitznagel 24 October 201520 Creating a set of partitions At most k filters per region (k = block size) Regions within the same partition do not overlap Total number of regions equals the index size

21 Applied Research Laboratory Edward W. Spitznagel 24 October 201521 Range Matching Store a pair of values (lo, hi ) for each range match field Range check circuitry compares query values against lo and hi to determine if query is in range –Transistors per bit of range field is twice that of ordinary TCAM –But, for typical IPv4 applications, this results in just a 22% increase in overall transistor count

22 Applied Research Laboratory Edward W. Spitznagel 24 October 201522 Performance Metrics Power Fraction = –a measure of power usage, relative to a standard TCAM –smaller is better Storage Efficiency = –higher is better; 1 is optimal index size + (# of partitions)(block size) number of filters index size + (# of blocks)(block size)

23 Applied Research Laboratory Edward W. Spitznagel 24 October 201523 Different Block Sizes Block size=256 Block size=64 Block size =32 Block size=16 Block size=128

24 Applied Research Laboratory Edward W. Spitznagel 24 October 201524 Results: Power Fraction Block size = 32Block size = 64Block size = 128 Block size = 256 Basic Algorithm Refined

25 Applied Research Laboratory Edward W. Spitznagel 24 October 201525 Results: Storage Efficiency Block size = 32Block size = 64Block size = 128 Block size = 256 Basic Algorithm Refined

26 Applied Research Laboratory Edward W. Spitznagel 24 October 201526 Current/Future Work Computational complexity of filter grouping problem Filter updates (add/delete operations) Multi-level indices Different partitioning algorithms Application to SRAM/DRAM-based classification techniques

27 Applied Research Laboratory Edward W. Spitznagel 24 October 201527 Summary Packet Classification is important for many advanced network services TCAMs scale poorly due to power consumption and inefficient range match representations Extended TCAMs: solve these issues by using partitioned TCAM and hardware support for range matching –power consumption greatly reduced (typically to 5% or less of power used by a standard TCAM) –range match hardware: avoid inefficiency in representing ranges

28 Applied Research Laboratory Edward W. Spitznagel 24 October 201528 Questions? ?

Download ppt "Applied Research Laboratory Edward W. Spitznagel 24 October 20151 Packet Classification using Extended TCAMs Edward W. Spitznagel, Jonathan S. Turner,"

Similar presentations

A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.

A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.
Router/Classifier/Firewall Tables Set of rules—(F,A)  F is a filter Source and destination addresses. Port number and protocol. Time of day.  A is an.

Router/Classifier/Firewall Tables Set of rules—(F,A)  F is a filter Source and destination addresses. Port number and protocol. Time of day.  A is an.
1 IP-Lookup and Packet Classification Advanced Algorithms & Data Structures Lecture Theme 08 – Part I Prof. Dr. Th. Ottmann Summer Semester 2006.

1 IP-Lookup and Packet Classification Advanced Algorithms & Data Structures Lecture Theme 08 – Part I Prof. Dr. Th. Ottmann Summer Semester 2006.
Balajee Vamanan, Gwendolyn Voskuilen, and T. N. Vijaykumar School of Electrical & Computer Engineering SIGCOMM 2010.

Balajee Vamanan, Gwendolyn Voskuilen, and T. N. Vijaykumar School of Electrical & Computer Engineering SIGCOMM 2010.
A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.
Spring 2006CS 685 Network Algorithmics1 Principles in Practice CS 685 Network Algorithmics Spring 2006.

Spring 2006CS 685 Network Algorithmics1 Principles in Practice CS 685 Network Algorithmics Spring 2006.
1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.

1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.
Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.

Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.
Ultra-High Throughput Low-Power Packet Classification

Ultra-High Throughput Low-Power Packet Classification
A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.

A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.
ClassBench: A Packet Classification Benchmark

ClassBench: A Packet Classification Benchmark
Low Power TCAM Forwarding Engine for IP Packets Authors: Alireza Mahini, Reza Berangi, Seyedeh Fatemeh and Hamidreza Mahini Presenter: Yi-Sheng, Lin (

Low Power TCAM Forwarding Engine for IP Packets Authors: Alireza Mahini, Reza Berangi, Seyedeh Fatemeh and Hamidreza Mahini Presenter: Yi-Sheng, Lin (
Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,

Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,
Fast Filter Updates for Packet Classification using TCAM Authors: Haoyu Song, Jonathan Turner. Publisher: GLOBECOM 2006, IEEE Present: Chen-Yu Lin Date:

Fast Filter Updates for Packet Classification using TCAM Authors: Haoyu Song, Jonathan Turner. Publisher: GLOBECOM 2006, IEEE Present: Chen-Yu Lin Date:
CSIE NCKU High-performance router architecture 高效能路由器的架構與設計.

CSIE NCKU High-performance router architecture 高效能路由器的架構與設計.
Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)

Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)
Packet Classification on Multiple Fields Pankaj Gupta and Nick McKeown Stanford University {pankaj, September 2, 1999.

Packet Classification on Multiple Fields Pankaj Gupta and Nick McKeown Stanford University {pankaj, September 2, 1999.
1 Memory-Efficient 5D Packet Classification At 40 Gbps Authors: Ioannis Papaefstathiou, and Vassilis Papaefstathiou Publisher: IEEE INFOCOM 2007 Presenter:

1 Memory-Efficient 5D Packet Classification At 40 Gbps Authors: Ioannis Papaefstathiou, and Vassilis Papaefstathiou Publisher: IEEE INFOCOM 2007 Presenter:
CS 268: Lectures 13/14 (Route Lookup and Packet Classification) Ion Stoica April 1/3, 2002.

CS 268: Lectures 13/14 (Route Lookup and Packet Classification) Ion Stoica April 1/3, 2002.
CS 268: Route Lookup and Packet Classification Ion Stoica March 11, 2003.

CS 268: Route Lookup and Packet Classification Ion Stoica March 11, 2003.

Similar presentations

Ads by Google