Packet Classification # 3

Slide Presentation

Paper List

  1. T. Lakshman, D. Stiliadis, "High-Speed Policy-based Packet Forwarding Using Efficient Multi-dimensional Range Matching" [Bit-Parallelism]
  2. F. Baboescu, G. Varghese, "Scalable Packet Classification" [ABV: Agregated Bit Vector]
  3. M. Buddhikot, S. Suri, M. Waldvogel, "Space Decomposition Techniques for Fast Layer-4 Switching" [Space Decomposition]
  4. V. Srinivasan, G. Varghese, S. Suri, M. Waldvogel, "Fast and Scalable Layer Four Switching" [Layer4]
  1.  Bit-Parallelism

    The ability to provide differentiated services to users with widely varying requirements is becoming increasingly important, and Internet Service Providers would like to provide these differentiated services using the same shared network infrastructure. The key mechanism, that enables differentiation in a connectionless network, is the packet classification function that parses the headers of the packets, and after determining their context, classifies them based on administrative policies or real-time reservation decisions. Packet classification, however, is a complex operation that can become the bottleneck in routers that try to support gigabit link capacities.

    The presented filtering or classification schemes can be used to classify packets for security policy enforcement, applying resource management decisions, flow identification for RSVP reservations, multicast look-ups, and for source-destination and policy based routing. The scalability and performance of the algorithms have been demonstrated by implementation and testing in a prototype system.

     

  2. [ABV: Agregated Bit Vector]

    3. Hardware solutions such as TCAMs do not scale to large classifiers. However,even for large classifiers(say 100,000 rules),any packet is likely to atch a few (say 10)rules. This paper seeks to exploit this observation to produce a scalable packet classi fication scheme called Aggregated Bit Vector (ABV). This paper takes the bit vector search algorithm (BV, which takes linear time) described by Lakshman et al in the paper "High speed policy-based packet forwarding using efficient multi-dimensional range matching". They add two new ideas,recursive aggregation of bit aps and filter rearrangement,to create ABV (which can take logarithmic time for many databases).We show that ABV outperforms BV by an order of agnitude using simulations on both industrial firewall databases and synthetically generated databases.

  3. Space Decomposition

    A new scheme, based on space decomposition is presented. Its search time is
    comparable to the best existing schemes, but which also offers fast worst-case filter update time. 
    The three key ideas in this algorithm are as follows: 
    (1) innovative data-structure based on quadtrees for a hierarchical representation of the recursively decomposed search space, 
    (2) fractional cascading and pre-computation to improve packet classification time, and 
    (3) prefix partitioning to improve update time. Depending on the actual requirements of the system this algorithm is deployed in, a single parameter can be used to tradeoff search time for update time. 

    Also, this algorithm is amenable to fast software and hardware implementation.

     

  4. Layer4

In Layer Four switching, the route and resources allocated to a packet are determined by the destination address as well as other header fields of the packet such as source address, TCP and UDP port numbers. Layer Four switching unifirewall processing, RSVP style resource reservation filters,QoS Routing, and normal unicast and multicast forwarding into a single framework. In this framework, the forwardingdatabase of a router consists of a potentially large number of filters on key header fields. A given packet header can match multiple filters, so each filter is given a cost, and the packet is forwarded using the least cost matching filter.

In this paper, two new algorithms for solving the least cost matching filter problem at high speeds are described.

-First algorithm is based on a grid-of-tries construction and works optimally for processing filters consisting of two prefix fields (such as destination-source filters) using linear space.

-Second algorithm, cross-producting, provides fast lookup times for arbitrary filters but potentially requires large storage. We describe a combination scheme that combines the advantages of both schemes. The combination scheme can be optimized to handle pure destination prefix filters in 4 memory accesses, destination-source filters in 8 memory accesses worst case, and all other filters in 11 memory accesses in the typical case.

 

References

1-Bit-Parallelism

  1. M.L. Bailey, B.Gopal, M.Pagels, L.L.Peterson, and P.Sarkar. PATHFINDER: A pattern-based packet classifier. In Proceedings of the First Symposium on Operating Systems Design adn Implementation, November 1994.
  2. M. De Berg, M. van Kreveld, and J. Snoeyink. Two- and three-dimensional point location in rectangular subdivisions. Journal of Algorithms, 18:256-277, 1995.
  3. P. Van Emde Boas, R. Kaas, and E. Zijlstra. Design and implementation of an efficient priority queue. Mathematical Systems Theory, 10:99-127, 1977.
  4. J. Boyle. RSVP Extensions for CIDR Aggregated Data Flows. In Internet Draft, http://www.internic.net/internet-drafts/draft-ietf-rsvp-cidr-ext-01.txt, 1997.

 

2-Agregated Bit Vector

  1. Baboescu and G.Varghese.Aggregated bit vector
    search algorithms for packet filter lookups.In UCSD
    T ch.Report,cs2001-0673 ,June 2001.
  2. T.V.Lakshman and D.Stidialis.High speed
    policy-based packet forwarding using e fficient
    ulti-dimensional range matching.In Proc.ACM
    Sigcomm ’98 ,Sept.1998.
  3. V.Srinivasan,S.Suri,and G.Varghese.Packet
    classi fication using tuple space search.In Proc.ACM
    Sigcomm ’99 ,Sept.1999.

3-Space Decomposition

  1. Buddhikot, M., Suri, S., and Waldvogel, S., “Space Decomposition Techniques for Fast Layer-4 Switching,” Bell Labs Technical Memorandum, BL011345-990726-06TM, Lucent Bell Labs, Holmdel, NJ, 1999.
  2.   Chazelle, B., and Guibas, J., L., “Fractional Cascading,” Digital Systems Research Center Technical Report, Palo Alto, June 1986.
  3.  Decasper, D., Dittia, Z., Parulkar, G., and Plattner, B., “Router Plugins: A Software Architecture for Next Generation Routers,” Proceedings of ACM SIGCOMM 98, Vancouver, Canada, pp. 229-240, Sept. 1998.
  4.  Kumar, V., P., Lakshman, T., V., and Stiliadis, D., “Beyond Best-Effort: Gigabit Routers for Tomorrow’s Internet,” IEEE Communications Magazine, pp. 152-164, May 1998.
  5.  Samet, H., “Design and Analysis of Spatial Data Structures,” Addison Wesley, ISBN 0-201-50255-0, 1990.
4-Layer4
  1.  M. Bailey et al. PathFinder. Proceedings of OSDI 94.
  2. S. Bradner. Next generation routers overview. Proc. of Networld Interop 97.
  3.  B. Chapman and E. Zwicky. Building Internet Firewalls. O'Reilly and Associates, 1995.
  4. B. Chazelle. Lower bounds for orthogonal range searching, I: The reporting case. J. of the ACM, 37, pp. 200-212, 1990.
  5. B. Chazelle. Lower bounds for orthogonal range searching, II: The Arithmetic model. J. of the ACM, 37, pp. 439-463, 1990.