Packet Classification

1
Packet Classification

• Presented by
• Bhupendra kumar

2
Introduction

• The process of categorizing packets into flows
  in an internet router is called packet
  classification
• All packets belonging to the same flow obey a
  pre-defined rule and are processed in a similar
  manner by the router.
• Packet classification is needed for services that
  require the capability to distinguish and isolate
  traffic in different flows for suitable
  processing.

3
Introduction

• Packet classification on multiple fields is a
  difficult problem.
• Variety of algorithms of different categories
• Scalable packet classification

4
Introduction

• Routers provide different qualities of service to
  different applications.
• That require the router to distinguish packets
  belonging to different flows.
• Flows are specified by rules applied to incoming
  packets. Collection of rules is a classifier.

L4-SP 16b
L4-DP 16b
PROTO 8b
L3-SA 32b
L3-DA 32b
L3-Proto 8b
L2-SA 48b
L2-DA 48b
PAYLOAD
5
Services

• Packet filtering
• Policy routing
• Accounting billing
• Traffic rate limiting
• Traffic shaping
• Intrusion detection

6
Performance metrics

• Search speed
• Fast update
• Scalability in the number of header fields used
  for classification
• Flexibility in specification algorithm should
  support general rules, including prefixes,
  operators and wildcards

7
General View
Routing
Reservation, Signaling Management
Classifier
State
IP input Processing
IP output Processing
Filter
Action
IP Packet
Scheduler
IP Packet
Input driver
Output driver
8
General framework

• Candidate fields
• Destination address, 32 bits.
• Source address, 32 bits.
• Protocol field, 8 bits.
• Destination port, 16 bits.
• Source Port, 16 bits.
• TCP flags, 8 bits.

9
General framework

• Type of matching on fields
• Exact match the field of packet and filter
  exactly match.
• Prefix match- such as IP source or destination
  address match. Good for blocking packets from
  some networks
• Range match- The packet header is in the range
  specified in the rule, like range of ports.

10
Categories of algorithms
Category
Algorithms Basic data structures
linear search, caching,
hierarchical tries,
set pruning tries Geometry
based Grid of tries, AQT,
FIS Heuristic
RFC, tuple- space search Hardware based
Ternary CAM,
bitmap-intersection
11
Classification algorithms

• Rule F1
  F2
• R1 00
  00
• R2 0
  01
• R3 1
  0
• R4 00
  0
• R5 0
  1
• R6
  1

12
Hierarchical tries

• First construct 1 dimensional tries F1 on set of
  prefixes Rj1
• For each prefix p in F1 trie, recursively
  construct (d-1) dimensional hierarchical trie on
  those rules which specify exactly p in dimension
  F1.
• Prefix p is linked to trie Tp using next pointer.

13
Hierarchical tries
1
0
0
Field F1
Next pointer
0
1
1
0
0
Field F2
R4
R6
R5
R3
0
1
R2
R1
14
Set pruning tries

• Same as hierarchical trie, with reduced query
  time obtained by replicating rules to eliminate
  recursive traversal.
• Rules are replicated to ensure that every
  matching rule will be encountered in the path.
• The query algorithm for an incoming packet
  (V1,V2,Vd) need only traverse the F1 trie to
  find the longest prefix of V1, follow its next
  pointer, traverse the F2 trie to find longest
  matching prefix of V2.

15
Set pruning tries
1
0
0
0
1
1
0
1
0
1
R4
R5
R5
R6
R3
R6
0
1
1
R1
R2
R2
16
Grid of tries

• Reduces storage space by allocating a rule to
  only one trie node as in hierarchical trie and
  achieves low query time by pre-computing and
  storing a switch pointer in some trie nodes.
• The switch pointer eliminates need for
  backtracking in hierarchical trie without the
  storage of set pruning trie.
• Use of switch pointer makes it more difficult to
  update.

17
Grid of tries
1
0
0
1
1
1
1
0
0
0
R4
R5
R6
R3
1
1
0
R1
R2
18
Ternary CAM

• much faster than algorithmic approaches
• CAMs are composed of conventional semiconductor
  memory (usually SRAM) with added comparison
  circuitry that enable a search operation.
• Core cells contain both storage and comparison
  circuitry.

19
Ternary CAM block diagram
Memory location
Memory array
TCAM
matched
Priority encoder
Action
RAM
20
Ternary CAM
Search lines
Match line
00
1
0
1
X
X
01
01
0
1
1
0
X
encoder
10
0
1
1
X
X
11
1
0
0
1
1
Search line driver
Search data 0 1 1 0 1
21
Scalable algorithm

• Previous discussed algorithm scale poorly in the
  growing environment.
• Lucent bit vector scheme (BV)
• Aggregated Bit Vector (ABV)

22
Lucent Bit Vector algorithm

• The Lucent bit vector algorithm divides the
  matching problem into several independent
  sub-matching problems one for each field.
• searches the corresponding field of rules in the
  rule database and finds all the rules that match
  that field.
• all the results are combined together to find the
  rule that matches all the fields of the packet

23
Lucent Bit Vector algorithm

• implemented with a trie structure.
• A trie is constructed for each field in the rule
  database to show the rules that match a prefix.
• Each node in the trie denotes a prefix and
  having a bit vector of length equal to no. of
  rules.
• The prefix is specified by the path from the root
  to the current node in the trie.

24
Lucent Bit Vector algorithm

• RULE DATABASE EXAMPLE
• Rule Field 1
  Field 2
• R0 00
  00
• R1 00
  01
• R2 10
  11
• R3 11
  10
• R4 0
  10
• R5 11
  11
• R6 0
  0
• R7 10
  01
• R8 1
  01

25
Aggregated Bit Vector (ABV)

• We observed two
• 1. The set bits in bit vectors are sparse.
• 2. A packet matches only a few rules.
• ABV take advantage of these two observations
• rule aggregation
• rule rearrangement

26
Rule aggregation

• construct a reduced size bit vector that captures
  partial information from the whole bit vector.
• The construction of the aggregated bit vector
  should be efficient.
• An aggregation size A is selected to optimize the
  performance of the algorithm.

27
Rule aggregation

• Reduce the number of memory accesses.
• Leads to false matches
• worst case occurs when a false match occurs
  for every aggregate bit.

28
Rule Rearrangement

• To reduce the probability of false matches, the
  rules are rearranged before aggregation.
• Multiple rules matching a specific prefix are
  placed close to each other.

29
Rule Rearrangement

• Sorting the rules according to one field.
• Rules are grouped together according to the
  length of prefixes within that field in a
  non-decreasing order.
• Rules are sorted by prefix value within each
  group
• Rules are sorted by the other fields in each
  group with the same prefix

30
Aggregated Bit Vector (ABV)

• Rule Field 1 Field 2
  
• R6 0
  0
• R4 0
  10
• R8 1
  01
• R0 00
  00
• R1 00
  01
• R7 10
  01
• R2 10
  11
• R3 11
  10
• R5 11
  11

31
References

• 1.Ji Li, Haiyang Liu, Karen Sollins
• MIT Laboratory for Computer Science
• April, 2003
• 2. Florin Baboescu, George Varghese
• University of California
• 3.Pankaj Gupta and Nick McKeown
• Computer Systems Laboratory, Stanford
  University
• 4.Sherii Azgomi, using CAM for network
  application

32
Thank you