ClassiPI A Classifier for next generation Content and Policy based Switches

1
ClassiPIA Classifier for next generation
Content and Policy based Switches

• SwitchOn Networks Inc.
• Sundar Iyer, Ajay Desai,
• Ajay Tambe, Ajit Shelat

2
Agenda

• Classification Overview
• Content Co-processor requirements
• ClassiPI Architecture
• Conclusion

3
Packet Processing Model

• Packet Processing Model
• Extract
• Classify
• Edit Actions

Classification Results
Extracted Fields Payload
3
1
Packet Classification
Packet Edit Actions
Extraction
2
Classification Based Lookups
External Memory
4
Content Processing - Sequenced Lookups
DIP
5-tuple
MAC

• Layer 2 SMAC, VLAN Learning
• Layer 2 DMAC, VLAN Forwarding
• Layer 4 5-tuple, ACL Filtering
• Layer 3 DIP Routing

5
Content Processing Packet Analysis
Layer 7
L2 L3 L4
URL, Cookies, Content, Application, User-name,

• Its 700 PM.

• Allow the session? Yes.

6
Packet Processing Performance
Content processing is the bottleneck!
7
Content Co-processor - Motivation

• Content Processing
• Is a memory intensive operation
• Involves extraction classification
• Requires sophisticated algorithms to perform
• Layer 3 Lookups
• Layer 4 ACLs
• Layer 7 scanning
• Layer 7 RegEx parsing
• A Content Co-processor requires a new architecture

8
Content Co-processor System view

• Content Co-processor should
• Perform all Data plane classification operations
• Allow implementation of classification sequences
  which reflect the packet processing flow on the
  Network processor
• Interface gluelessly with Network Processors
• Minimize Network processor bus bandwidth usage
• Perform classification related operations such as
  statistics collection
• Allow easy software integration

9
ClassiPI - Block Diagram
Results FIFO
Results

• Results

Rule Update
Policy Rule Database Parallel Lookup
Engine
FieldExtractionEngine
Intermediate Results
Sync SRAM
Cascade Interface
other ClassiPIs
Key

• Packet Data

System Interface
Control / Sequencer

• Cntrl Reg

E-RAM Interface

• ERAM Access

Sync SRAM
C-RAM
Stats
User
10
ClassiPI Architecture 1

• Look-up Operation Descriptor
• Defines classification parameters
• High level abstraction of a classification
  operation

..
Packet Data
..
Look-up Engine
Operation Descriptor
Result Gen
Results

• Field Extraction Spec
• Look-up/Search Type

Participating Policy RuleDatabase
Policy Rule Database

• Single Match or Multiple Match Generation

11
ClassiPI Architecture 2

• Field Extraction Engine
• Forms the Key using L3, L4, L4 and User defined
• Automatically generates sequence of keys
• Variable length, wide keys support

Multiple Field Extraction
Packet Data
Payload
Header
..
..
..
..
5-tuple
Any header fields
Long String Keys
Short String Keys
12
ClassiPI Architecture 3

• Parallel Look-up Engine
• Unique, flexible MISD architecture
• Array of Nano-processors perform look-ups
• Nano-processors have a powerful Policy Rule
  instruction set
• Nano-processors operate on per field basis
• Nano-processors and Policy Rule memory can be
  configured/partitioned to define an Operation

Extracted Key
Policy Rule Database
Results
Partition
13
ClassiPI Architecture 4

• Per rule statistics collection Byte count,
  Packet count, Timestamp
• Per rule User defined table look-up

One-to-One Correspondence
return
compare
Rule Memory
Statistics Associated Data
Data n
Rule Cell n
Data n1
Rule Cell n1
...
MATCH action
Statistics counter Update
...
.
.
Data z
Rule Cell z
Data z1
Rule Cell z1
14
ClassiPI Architecture 5

• Conditional look-up sequencing
• Fixed Look-up sequence
• Look-up result based sequence
• N-way branch capability

QoS
Ethernet MAC forwarding
ACL Filtering
IP Forwarding
URL Parsing
15
ClassiPI Architecture 6

• Instruction Set
• Relational/Arithmetic operations on a per field
  basis
• EQ, GT, LT, Ranges, Masking, etc.
• Logical operations between results
• AND, OR, NOT

16
ClassiPI Architecture 7

• Pattern/String Search
• Up to 192 byte patterns
• Case insensitive character/string matching
• Simultaneous multi-pattern search
• Reverse and forward search
• RegEx subset search capability

URL string
GET
HOST
Host name
URI
.jpeg
http
Look-up host server 1 host
server 2 host server 3

Look-up directory 1 directory
2 directory 3

Search tokens .HhOoSsTt ALSO
UuRrIi
Search \.jpeg
Search .GgEeTt.HhTtTtPp\\
17
ClassiPI Architecture 8

• Rule Complexity metric
• Number of possible operations per rule
• CAM rule complexity 1
• TCAM rule complexity 2
• ClassiPI rule complexity gt 1024
• Additional features
• Composite rules
• Look-up sequencing

18
ClassiPI - Overview

• Specifications
• 16K Policy rules per ClassiPI
• Up to 128K Policy rules in a cascade
• L2 through L7 Content processing
• On-chip IPv4 header extraction
• IPv6 ready
• Selectable look-up Key
• Up to 192 byte key
• 6.4 Gbps SSRAM compatible system interface
• Performance
• OC-192 capable Look-up Engine
• Designed to match Network Processor system
  interface requirements

19
ClassiPI Vital Statistics 1

• Lookup-Engine Performance
• Aggregate memory bandwidth
• 7.25 Tbits/sec to 58 Tbits/sec
• Processing power
• 256 GOPS to 2 TOPS

20
ClassiPI Vital Statistics 2

• 25M transistors
• 2M bits RAM
• 2M gates logic
• 0.18 micron
• 352 Pin BGA
• 200 MHz internal clock
• 100 MHz interface clock

Die Layout
21
ClassiPI - Power Consumption

• Power reduction mechanisms
• Custom low power embedded SRAM
• Selectable clock frequency
• Hierarchical bus design
• Rule utilization based power management
• Low standby power
• Maximum 4.5 Watts (estimated)

22
ClassiPI Architecture Scalability

• OC-192 performance
• with enhanced system interface
• OC-768 performance
• with silicon technology scaling
• Flexible architecture
• Cost, Performance and Power trade-offs

23
Conclusion

• ClassiPI architecture provides
• Functionality
• Flexibility
• Performance
• Scalability
• essential for Content Processing