1 / 24

Packet Classification on Multiple Fields

Packet Classification on Multiple Fields. Pankaj Gupta and Nick McKeown Stanford University {pankaj, nickm}@stanford.edu. September 2, 1999. Multi-field Packet Classification.

catori
Download Presentation

Packet Classification on Multiple Fields

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Packet Classificationon Multiple Fields Pankaj Gupta and Nick McKeown Stanford University {pankaj, nickm}@stanford.edu September 2, 1999

  2. Multi-field Packet Classification Given a classifier with N rules, find the action associated with the highest priority rule matching an incoming packet. Example: A packet (152.168.3.32, 152.163.171.71, …, TCP) would have action A2 applied to it.

  3. Performance Metrics of a Classification Algorithm • Data structure storage requirements • Packet classification time • Preprocessing time • Incremental Update time

  4. Background Grid of Tries (V. Srinivasan et al [Sigcomm 98]) Bit-level Parallelism (D. Stiliadis et al [Sigcomm 98]) Hierarchical Cuttings (P. Gupta et al [Hot Interconnects 99])

  5. Space-time tradeoff Point Location among N non-overlapping regions in k dimensions: either O(log N) time with O(Nk) space, or O(logk-1N) time with O(N) space Need help: exploit structure in real-life classifiers.

  6. Our Dataset • 793 classifiers from 101 ISP and enterprise networks with a total of 41505 rules. • 40 classifiers: more than 100 rules. Biggest classifier had 1733 rules. • Maximum of 4 fields per rule: source IP address, destination IP address, protocol and destination port number.

  7. Structure of the Classifiers 4 regions R3 R2 R1

  8. {R2, R3} {R1, R2} {R1, R2, R3} Structure of the Classifiers 7 regions R3 R2 R1 Our dataset: 1733 rule classifier = 4316 distinct regions (worst case is 1013 !)

  9. One-Step Classification

  10. Recursive Flow Classification (RFC)

  11. Chunking of a packet Chunk #0 Source L3 Address Destination L3 Address L4 protocol and flags Source L4 port Destination L4 port Chunk #7 Type of Service Packet Header

  12. Reduction 16 8 14 Combination 16 8 16 8 16 128 64 32 16 Packet Flow index action Header Phase 0 Phase 1 Phase 2 Phase 3

  13. Example Classifier

  14. Formation of regions {20-21, HTTP, > 1023, *} 0 20 21 80 1024 65535

  15. Reduction 0 11 11 20 00 21 00 16 2 index eqID 80 01 1023 1024 10 10 65535 10

  16. Combination 16 2 L4 port 4 3 16 2 Protocol

  17. Regions/Equivalence Classes Successive reduction + combination: final action

  18. Packet Flow Reduction 16 8 16 8 16 8 index action Header Phase 0 Phase 1 Phase 2 Phase 3

  19. 0 1 2 3 4 5 Number of phases = P = 4 11 memory acceses Choice of Reduction Tree 0 1 2 3 4 5 Number of phases = P = 3 10 memory accesses

  20. Storage Requirements Memory in Mbytes Number of Rules

  21. Preprocessing Time Time in seconds Number of Rules 333Mhz Pentium-II with 96MB RAM running Linux.

  22. Classification Time • Pipelined hardware: 30 Mpps (worst case OC192) using two 4Mb SRAMs and two 64Mb SDRAMs at 125MHz. • Software: (3 phases)1 Mpps in the worst case and 1.4-1.7 Mpps in the average case. (average case OC48) [performance measured using Intel Vtune simulator on a windows NT platform]

  23. Larger classifiers Memory in Kbytes Number of Rules

  24. Conclusions • Difficult to achieve both high classification rate and reasonable storage in the worst case. • Real classifiers exhibit structure and redundancy. • The proposed classification scheme, RFC, seems to be of practical use where classifiers do not change very frequently.

More Related