Fast and Scalable Layer 4 Switching - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Fast and Scalable Layer 4 Switching

Description:

Tomorrow: forwarding based on other ... nodes dont have any associated prefix. nodes have an ... Problem definition: Layer 4 filter lookup. 2-D Lookups ... – PowerPoint PPT presentation

Number of Views:63
Avg rating:3.0/5.0
Slides: 20
Provided by: srinivasan
Category:

less

Transcript and Presenter's Notes

Title: Fast and Scalable Layer 4 Switching


1
Fast and Scalable Layer 4 Switching
  • V. Srinivasan
  • Advisor Dr. George Varghese
  • Washington University in St Louis

2
Packet forwarding
Internet today Destination based forwarding
Tomorrow forwarding based on other fields too.
Even today Firewalls
Protocol, Dest Addr, Src Addr, Dest Port, Src
Port
Types Full match or wildcard, prefix, range
3
Prefix matching 1-D Trie
0
1
0 00 10
0
0
Brown
nodes have an associated prefix.
nodes dont have any associated prefix.
Red
Search for 100 returns 10
Search for 110 returns
4
Overview
  • Problem definition Layer 4 filter lookup
  • 2-D Lookups (Dest, Src)
  • Previous Linear, Backtracking, Set Pruning
  • New Grid-of-tries (870 nsec, linear memory)
  • Multi-dimension
  • 4-plane Grid-of-tries (Ports full spec or
    wildcard)
  • Crossproducting (Port ranges) (500 nsec)

5
Layer 4 Switching
  • Forwarding based on 5-tuple Layer 4
  • Firewall filters
  • QoS Routing (web traffic different route)
  • Flow Switching
  • Virtual Private Networks
  • Multicast
  • Some other fields if the need arises

6
An Example
lt TCP , 0 , 00 , 12-34 , 32-36 gt lt
, 00 , 0 , , gt
Search TCP , 0011 , 0000 , 30 , 34
Matches both filters chose the one with lower
cost
7
2-dimensional prefix matching
  • VPN, Multicast ltDest,Srcgt prefix pairs
  • N prefix pairs, max prefix length W
  • Find the least cost matching pair
  • Previous Schemes
  • Linear Search O(N)
  • Backtracking search Search O(W2)
  • Set Pruning Tries(DAG) Memory O(N2)

8
Linear Search
F1 0 , 10 F2 0 , 01 F3 0
, 1 F4 00 , 1 F5 00 , 11
F6 10 , 1 F7 , 00
Cost of F(J) J
Earliest matching filter.
O(N) Search
Search 01,10 matches F1 and F3. Search 00,11
matches F3,F4 and F5.
9
Backtracking Search
F1 0 , 10 F2 0 , 01 F3 0
, 1 F4 00 , 1 F5 00 , 11
F6 10 , 1 F7 , 00
Green 0
Blue 1
F4
F3
F6
F5
F2
F1
F7
O(W2) search
Search 01,10 Search 00,11
O(N) memory
10
Set Pruning Tries
F1 0 , 10 F2 0 , 01 F3 0
, 1 F4 00 , 1 F5 00 , 11
F6 10 , 1 F7 , 00
F4
F3
F3
F6
F5
F7
F2
F1
F7
F2
F1
F7
F7
Search 01,10 Search 00,11
Worst case memory O(N2)
Search O(W)
11
Avoid backtracking Precompute
  • With each null pointer in the source trie,
    precompute a switch pointer
  • Switch pointer points to a position in a higher
    source trie, which would be reached by following
    the same source prefix
  • Also, precompute best filter from this and all
    higher source tries.

12
Grid of Tries
F1 0 , 10 F2 0 , 01 F3 0
, 1 F4 00 , 1 F5 00 , 11
F6 10 , 1 F7 , 00
1
0
0
1
F3
F6
F4
F3
F5
Search O(W) Memory O(NW)
F1
F2
F7
Green 0
Blue 1
Search 00,10 bestmatch F3
13
Multi-dimensional filters
  • Arbitrary filters, including ranges (log N)(k-1)
    or W(k-1)
  • Ports or fully specified or wildcarded
  • 4-plane Grid-of-tries
  • (,) (Dst Port,) (,Src Port) (Dst Port, Src
    Port)
  • Port ranges Crossproducting
  • Concatenate results from each field lookup to
    make a crossproduct C
  • Theorem Best matching filter of P is the best
    matching filter of C

14
Crossproduct Cache
F1 001 , 0 , 0-1024 F2 0
, 011 , 0-1024 F3 001 , 0 , gt
1024
1
001
1
1
0
0-1024
2
011
2
1025-65535
0
2
C 1.2.1 F1 C 1.2.2 F3
15
Speed memory acceses
  • Reduce memory accesses multibit tries
  • 300 MHz Pentium II running Windows NT
  • Destination prefix 3-4 accesses
  • D-S filter 6-8 accesses
  • fully specified 7-9 accesses
  • crossproduct 10-12 accesses

16
4 plane Grid-of-tries
Planes correspond to (,), (P1,),(,P2), (P1,P2)
17
Crossproduct measurements
18
Summary
  • Grid-of-tries linear storage,fast for 2-D
    filters
  • 870 nsec (2 IP lookup times) for 2-D filters
  • Ports fully-specified or wildcarded with Dest-Src
    prefixes 3.6 usec
  • Crossproducting 500 nsec for small databases
  • On-demand for larger databases
  • Hardware parallelization

19
Conclusion
Faster Firewalls Today
Flexible and Fast Layer 4 Routing Tomorrow
Thank You
Write a Comment
User Comments (0)
About PowerShow.com