Packet Classification

1
Packet Classification

• Sartaj Sahni
• sahni_at_cise.ufl.edu
• www.cise.ufl.edu/sahni

2
Outline

• IP packet classification.
• Ternary CAMs.
• Data structures for 1D packet classification.
• Data structures for 2D packet classification.

3
Internet Packet Classifier

• Set of rules(F,A)
• F is a filter
• Source and destination addresses.
• Port number and protocol.
• Time of day.
• A is an action
• Drop packet.
• Forward to machine x (next hop).
• Reserve 10GB/sec bandwidth.

4
Example Filters

• QoS-router filter
• (source, destination, source port, destination
  port, protocol)
• Firewall filter
• gt 1 field
• Destination-based packet-forwarding filter
• Destination address
• 1-D filter
• Exactly 1 field destination address

5
Destination-Address Filters

• Range
• 35, 2096
• Address/mask pair
• 101100/011101 ?011?0
• Matches 101100, 101110, 001100, 001110.
• Prefix filter.
• Mask has 1s at left and 0s at right.
• 101100/110000 10 32, 47.
• Special case of a range filter.

6
Example Router Table

• P1 10
• P2 111
• P3 11001
• P4 1
• P5 0
• P6 1000
• P7 100000
• P8 1000000

P1 matches all addresses that begin with 10.
7
Tie Breakers

• First matching rule.
• Highest-priority rule.
• Most-specific rule.
• 2,4 is more specific than 1,6.
• 4,14 and 6,16 are not comparable.
• Longest-prefix rule.
• Longest matching-prefix.

8
Longest-Prefix Matching

• P1 10
• P2 111
• P3 11001
• P4 1
• P5 0
• P6 1000
• P7 100000
• P8 1000000

Destination 100000000
P1, P4, P6, P7, P8 match this destination
P8 is longest matching prefix
9
Static Dynamic Router Tables

• Static
• Lookup time.
• Preprocessing time.
• Storage requirement.
• Dynamic
• Lookup time.
• Insert a rule.
• Delete a rule.

10
Ternary CAMs

• 0010?
• 1100?
• 11???
• 01???
• 00???
• 1????

d 11001
11
Ternary CAMs

• 0010?
• 1100?
• 11???
• 01???
• 00???
• 1????

d 11001
Longest prefix matching Highest priority
matching Insert/Delete
12
Ternary CAMs

• Capacity
• Cost
• Power
• Board space
• Scalability to IPv6?
• Ranges?
• Multidimensional filters?

13
Data Structures For 1D Tables
Static tables.
14
Sets Of Equal-Length Prefixes

• Si all prefixes whose length is i.
• Augment Si with length i prefixes that are
  markers for longer-length prefixes for which i is
  on the binary-search search path.
• W 6
• Lengths 0, 1, 2, 3, 4, 5, 6
• 3 is on the path for 4, 5, 6 but not for 0, 1, 2.
• Si as hash table gt O(log W) expected lookup.
• Reduce lengths by prefix expansion.

15
Alternative O(log W) Structure

• Binary search on hash tables.
• Each hash table represents leaves at a level of a
  binary tree plus markers.
• Scheme works in O(log W) expected time for dgt1
  dimensions.
• H. Lu and S. Sahni, O(log W) multidimensional
  packet classification. IEEE/ACM Transactions on
  Networking, to appear.

16
1-Bit Trie
P5
P4

• P1 10
• P2 111
• P3 11001
• P4 1
• P5 0
• P6 1000
• P7 100000
• P8 1000000

P1
P2
P6
P3
P7
P8
17
Complexity
P5
P4
P1
P2

• O(W)/operation

P6
P3
P7
P8
18
Static Tables

• Reduce number of memory accesses for a lookup.
• Multibit trie.
• More succinct representations of a 1-bit trie.

19
Multibit Tries

• Branching at a node is done using gt 1 bit
  (rather than exactly 1 bit)
• Fixed stride
• Nodes on same level use same number of bits
• Variable stride

20
Fixed-Stride Tries

• Number of levels number of distinct prefix
  lengths.
• Use prefix expansion to reduce number of distinct
  lengths.

21
Prefix Expansion

• P1 10
• P2 111
• P3 11001
• P4 1
• P5 0
• P6 1000
• P7 100000
• P8 1000000

P1 10 P2a 11100 P2b 11101 P2c
11110 P2d 11111 P3 11001 P4a 11
P5a 00 P5b 01 P6a 10000 P6b 10001 P7a
1000001 P8 1000000
lengths 7
lengths 3
22
Fixed-Stride Trie
2
P5
P5
P1
P4
3
P6
P6




3
P3

P2
P2
P2
P2
2
P8
P7


23
Optimization Problem

• Find least memory fixed-stride trie whose height
  is at most k.

24
Variable-Stride Tries
2
P5
P5
P1
P4
3
P3

P2
P2
P2
P2
5
P8
P7
P6
P6
P6
P6
P6
P6



. . .
25
Dynamic Programming

• Memory optimal height constrained FSTs and VSTs
  may be found using dynamic programming. (IEEE
  Trans. On Networks)
• Extensions for pipelined architectures.

26
IPv4 Router Tables
27
Size of FST
28
Run Time
29
General Subtrie Packing
30
Dynamic Tables

• Binary Search Trees. (IEEE Trans. On Computers)
• B-trees. (IEEE Trans. On Computers)
• Priority Search Trees. (IEEE Trans. On Computers)
• Binary Tree on Binary Tree. (IEEE Trans. On
  Computers)

31
Prefixes Ranges
32
End-Point Table
33
Basic Interval Tree (BIT)
34
Prefix Trees
35
Insert A Prefix
36
New BIT
37
New Prefix Tree For P1
38
Insert Delete

• Operations on prefix trees
• Split
• Join

39
Memory ComparisonPaix
40
Search TimePaix
41
Insert TimePaix
42
Delete TimePaix
43
Two-Dimensional Filters

• Destination-Source pairs.
• d gt 2 may be mapped to d 2 using buckets
  number of filters in each bucket is small.
• d gt 2 may not be practical for security reasons.
• Least cost tie breaker.

44
2D Tries

• F1 (0, 1100, 1)
• F2 (0, 1110, 2)
• F3 (0, 1111, 3)
• F4 (000, 10, 4)
• F5 (000, 11, 5)
• F6 (0001, 000), 6)
• F7 (0, 1, 7)

45
2D Tries

• F1 (0, 1100, 1)
• F2 (0, 1110, 2)
• F3 (0, 1111, 3)
• F4 (000, 10, 4)
• F5 (000, 11, 5)
• F6 (0001, 000), 6)
• F7 (0, 1, 7)

46
Space-Optimal 2D Tries

• Given k.
• Find 2DMT that can be searched with lt k memory
  accesses and has minimum memory requirement.

47
Constrained 2DMTs

• 2DMTa(k)
• FST dest trie with height lt y
• Source tries have height lt z
• y (z 1) lt k

48
Constrained 2DMTs

• 2DMTb(k)
• FST dest trie
• Source tries that hang at the same level of the
  dest trie have same height constraint
• Sum of (source-trie heights1) on any search path
  lt k

49
Constrained 2DMTs

• 2DMTc(k)
• VST dest trie
• Source tries that hang from same dest trie node
  have same height constraint
• Sum of (source-trie heights1) on any search path
  lt k

50
Constrained 2DMTs

• 2DMTd
• VST dest trie
• Sum of (source-trie heights1) on any search path
  lt k

51
Constrained 2DMTs

• 2DMTa(k)
• lt 2DMTb(k)
• lt 2DMTc(k)
• lt 2DMTd(k)
• lt 2DMT(k)

52
Algorithms

• Dynamic programming algorithms for optimal
  2DMTabcd(k)
• Postprocessing algorithm for 2DMTabc(k)
• If a source trie is on no path with sum of
  (source-trie heights1) k, it may be replaced
  with a trie of larger height
• Heuristic for 2DMT with switch pointers
• Cant be used when 2D trie represents d gt 2
  classifier with bucket scheme

53
Experiments

• C
• Data from www.arl.wustl.edu/det3
• Generate 20,000 5D filters and discard all but
  destination and source prefixes
• Remove duplicate filters
• Left with between 5K and 20K 2D filters
• 12 data sets, each with 10 databases
• k in range 6, 30

54
Postprocessing

• Reduction in memory
• 2DMTa(k)0 to 96
• 2DMTb(k)0 to 69
• 2DMTc(k)0 to 31

55
ACL1
56
FW1
57
IPC1
58
IPC2
59
ACL1Switch Pointers
60
FW1Switch Pointers
61
IPC1Switch Pointers
62
IPC2Switch Pointers
63
Run Time
64
2DMTs

• 2DMTs may be searched with ¼½ memory accesses as
  required by 2D1BTs with same memory budget
• With 50 memory penalty, memory accesses fall to
  between 1/9 and 1/3
• Extensions to pipelined architectures.

65
Future Work

• Dynamic 2D structures
• IPv6