1 / 10

SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification

SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification. Fang Yu 1 T. V. Lakshman 2 Martin Austin Motoyama 1 Randy H. Katz 1 1 EECS Department, UC Berkeley , 2 Bell Laboratories, Lucent Technologies. Multi-Match Packet Classification.

thomas-rodriguez
Download Presentation

SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification Fang Yu1 T. V. Lakshman2 Martin Austin Motoyama1 Randy H. Katz1 1EECS Department, UC Berkeley , 2Bell Laboratories, Lucent Technologies

  2. Multi-Match Packet Classification • Single-Match Classification • Assumption: all the filters are associated with priorities • Only the highest priority match matters • E.g., longest prefix match • Multi-Match Classification • Report all matching results • No priority among filters • Applications: • Intrusion Detection Systems: identify all the related rules • Accounting Applications: update multiple counters given one packet

  3. Ternary-CAM (TCAM) • Fully associative memory compare input string with all the entries in parallel • If multiple matches, report the index of the first match • Each cell takes one of three logic states : ‘0’, ‘1’, and ‘?’(don’t care) • Current TCAM technology • Fast match time: e.g., 4 ns • Size: 9Mbits – 18Mbits priced at $200-$300 • Power consumption is high • Grow linearly to the number of entries searched in parallel • Scales with the frequency of TCAM accesses.

  4. Previous Solutions: Geometric Intersection-based Solution [Hot Interconnects 04] • Add additional intersection filters • Return the all the matching results within one cycle • May require high storage and is not energy efficient • Create ~10N intersection filters for the Snort rule set • May create O(NF) intersection filters in the worst case • Not easily updatable

  5. Previous Solution: MUD [ Sigcomm 05] • Encode the index of the entry and include the encoded value in each TCAM entry • Search the TCAM with initial MUD as all don’t cares • After finding a matching result at index j, search again discriminator field value ‘greater than j’ • Require 1+d+(k-2)*(d-1) TCAM lookups to get k matching results • d is the logarithm of the number of entries in TCAM (d=log2N) • decreased to 1+d*(k-1)/r with DIRPE, where r (smaller than d) • All the entries in TCAMs are accessed each time  high power consumption. Our Goal: Find a memory and power efficient solution

  6. Observation Original Two sets FN • Split filters to two sets to reduce intersection • Perform separate TCAM accesses into different sets • Report the union of results from all sets Matching FN F1 Matching F1 and FN Matching F1 N filters +O(N2) intersection 1 TCAM lookup N filters + 1 intersection 2 TCAM lookups

  7. Analysis: Split Filters into K Sets • No need to include the intersections of the filters from different sets  low memory requirement • Perform one TCAM lookups into each set • Each filter is accessed only once  Low power consumption • Total number of lookups (K) is independent to the multi-matching degree of the packet Deterministic lookup rate • These lookups are can parallelized • Update is local to one of the set

  8. Split filters into Multiple Sets • Splitting filters into multiple sets is an NP hard problem • Splitting filters into two sets is still an NP hard problem (known as maximum set splitting or maximum hypergraph cut) • Best known approximation algorithms • Yield a performance ratio of 0.72 to the optimum solution • Require quadratic programming slow when the number of filters is large • We propose a set splitting algorithm (SSA) based on Johnson’s algorithm • Guarantee to remove at least 50% of the intersections • O(NM) complexity, where N is the total number of filters, and M is the total number of intersections

  9. Simulation Results on Snort Rule Sets Memory Consumption: Total number of TCAM entries Total number of extra intersections filters in TCAMs. Update cost in terms of newly inserted filters. Power Consumption: TCAM entries accessed per packet.

  10. Conclusion • SSA can solve multi-match classifying problem efficiently • O(NM) complexity • Guarantee to remove 50% of the intersections each time the filter set splits • Comparing to MUD • Use a similar amount of TCAM memory • Yield a 75% to 95% reduction in power consumption • Comparing to the Geometric Intersection-based Solution • Use 90% less TCAM memory and power • Require one additional TCAM lookup per packet.

More Related