380 likes | 396 Views
Explore strategies to minimize TCAM entries in packet classifiers without altering semantics, enhancing efficiency and reducing costs.
E N D
SIGMETRICS 2006 Packet Classifiers InTernary CAMs Can Be Smaller Qunfeng Dong (University of Wisconsin-Madison) Suman Banerjee (University of Wisconsin-Madison) Jia Wang (AT&T Laboratories – Research) Dheeraj Agrawal (University of Wisconsin-Madison) Ashutosh Shukla (University of Wisconsin-Madison)
Outline • Introduction • TCAM is the favoured solution for wire speed packet classification in backbone routers. • TCAM suffers size explosion on range specifications. • Previous techniques require modification to packet processors. • Motivation • Trimming rules • Expanding rules • Adding rules • Merging rules • Design • Evaluation • Summary • Future work
Introduction • Packet classification [SVSW98,LS98] • Use a set of rules for finer differentiation of packets based on multiple packet header fields. • Is the foundation of many Internet functions (e.g. security, QoS, VPN, etc). • Each rule specifies a range clause on each relevant field • e.g. the source port must be in the range [5000, 65535] • Prefix, single value and wildcard are all special ranges. • A rule matches a packet iff every range clause is satisfied. • Objective: • For each incoming packet, find the first (i.e., highest priority) rule that matches the packet.
Introduction • TCAM is the favoured solution for packet classification. • Pure software solutions are becoming increasingly difficult as the gap between wire speeds and memory speeds keeps widening. • Unfortunately, TCAM suffers size explosion on range clauses and accounts for a significant portion of the cost of a router line card. • Each range clause can take many TCAM entries. • The total amount of TCAM entries needed is the product of the number of TCAM entries needed to represent individual range clauses.
Rule: TCAM:
Rule: TCAM:
Fact: A range clause defined on a k-bit field may take 2k-2 TCAM entries to represent.
Rule: TCAM:
Rule: TCAM:
Fact: The total number of TCAM entries needed to represent a rule is the product of the number of TCAM entries needed to represent its range clauses!
Fact: A rule that specifies range clauses on the 16-bit source port and destination port can take (2×16-2) × (2×16-2) = 900 TCAM entries to represent!
Our Objective & Approach • Our objective • To be cost efficient, we want to reduce the amount of TCAM entries needed to implement a given rule set. • Without modifying its semantics! • Our approach is to transform the given rule set into a semantically equivalent rule set that requires less TCAM entries to represent. • Previously proposed techniques: • Represent rules in a new format (e.g., [SIGCOMM’05]) • Need to modify packet processor hardware to interpret the new format. • Our techniques do not change the format of rule sets and hence do not require any hardware modification • Trimming rules • Expanding rules • Adding rules • Merging rules
Trimming Rules Rule: TCAM: Rule: TCAM:
Expanding Rules Rule: TCAM: Rule: TCAM:
Adding Rules Rule: TCAM: Rule: TCAM:
Merging Rules Rule: TCAM: Rule: TCAM:
Question: How to define a systematic solution?
Trim Rule Set Framework Get Next Rule YES Expanding will help? Expand Rule NO YES Adding a rule will help? Add A Rule NO YES Merge with other rules will help? Merge Rules NO NO Last Rule? YES Remove Redundancy
Trim Rule Get Next Rule Core region is the part of a rule’s definition region that is not covered by higher rules or lower rules of the same color Compute the core region of each rule To preserve the semantics of the rule set Trim the rule to be the minimum hypercube that encloses its core region To avoid unnecessary increase in the number of TCAM entries needed If a range clause originally specifies a prefix, expand it to be the minimum prefix NO Last Rule? YES
Expand Rule A minimum expansion of the chosen clause should lead to the largest decrease in the number of TCAM entries needed Pick a range clause to expand NO Expansion allowed? YES Perform a minimum expansion of the chosen range clause YES Any range clause can be expand? NO
Expand with Adding Rules A minimum expansion of the chosen clause should lead to the largest decrease in the number of TCAM entries needed Pick a range clause to expand NO Expansion allowed? Add a rule before and expand the current rule YES NO Semantics of the rule set preserved? Perform a minimum expansion of the chosen range clause YES YES YES NO Number of TCAM entries of the rule reduced? Any range clause can be expand? Roll back NO
Expand with Adding/Merging Rules A minimum expansion of the chosen clause should lead to the largest decrease in the number of TCAM entries needed Pick a range clause to expand NO Expansion allowed? Add a rule before and expand the current rule YES NO Semantics of the rule set preserved? Perform a minimum expansion of the chosen range clause YES YES YES Number of TCAM entries of the rule reduced? Any range clause can be expand? NO NO Remove redundancy YES NO Number of TCAM entries of the rule set reduced? Roll back
Evaluation • Real rule sets • 1000+ real rule sets from the network of a tier-1 ISP • Each rule specifies clauses on source IP, destination IP, source port, destination port and protocol type. • Action doesn’t matter here.
Evaluation • Ramdom rule sets • 100 randomly generated rule sets • IP addresses a random prefix • Protocol type a random number • Port range a random sub-range of [0, 65535] • Action randomly selected from actions in real rule sets
Summary • Packet classification is the foundation of many Internet functions. • TCAM is the favoured solution for packet classification. • Pure software solutions are becoming increasingly difficult as the gap between wire speeds and memory speeds keeps widening. • TCAM suffers size explosion on range clauses. • TCAM accounts for a significant portion of the cost of router line cards. • We propose (a set of techniques) to define smaller but semantically equivalent rule sets. • Do not require any hardware modification. • Become even more effective with more range clauses!
Future Work We have tried to compress TCAM. Question: Can we totally eliminate TCAM?
Future Work Work in progress: Wire Speed Packet Classification Without TCAM: One More Register (And A Bit of Logic) Is Enough Poster @ ACM SIGCOMM 2006 Pisa, Italy 9.11 ~ 9.15
Future Work More coming… Besides packet classification based on the standard 5-tuple, deep packet classification based on payload is another important topic of interest.
Qunfeng Dong University of Wisconsin - Madison Email: qunfeng@cs.wisc.edu SIGMETRICS 2006 Thank you!