Packet Classification on Multiple Fields Pankaj Gupta and

  • Slides: 24
Download presentation
Packet Classification on Multiple Fields Pankaj Gupta and Nick Mc. Keown Stanford University {pankaj,

Packet Classification on Multiple Fields Pankaj Gupta and Nick Mc. Keown Stanford University {pankaj, nickm}@stanford. edu September 2, 1999

Multi-field Packet Classification Given a classifier with N rules, find the action associated with

Multi-field Packet Classification Given a classifier with N rules, find the action associated with the highest priority rule matching an incoming packet. Example: A packet (152. 168. 3. 32, 152. 163. 171. 71, …, TCP) would have action A 2 applied to it.

Performance Metrics of a Classification Algorithm Data structure storage requirements l Packet classification time

Performance Metrics of a Classification Algorithm Data structure storage requirements l Packet classification time l Preprocessing time l Incremental Update time l

Background Grid of Tries (V. Srinivasan et al [Sigcomm 98]) Bit-level Parallelism (D. Stiliadis

Background Grid of Tries (V. Srinivasan et al [Sigcomm 98]) Bit-level Parallelism (D. Stiliadis et al [Sigcomm 98]) Hierarchical Cuttings (P. Gupta et al [Hot Interconnects 99])

Space-time tradeoff Point Location among N non-overlapping regions in k dimensions: either O(log N)

Space-time tradeoff Point Location among N non-overlapping regions in k dimensions: either O(log N) time with O(Nk) space, or O(logk-1 N) time with O(N) space Need help: exploit structure in real-life classifiers.

Our Dataset 793 classifiers from 101 ISP and enterprise networks with a total of

Our Dataset 793 classifiers from 101 ISP and enterprise networks with a total of 41505 rules. l 40 classifiers: more than 100 rules. Biggest classifier had 1733 rules. l Maximum of 4 fields per rule: source IP address, destination IP address, protocol and destination port number. l

Structure of the Classifiers 4 regions R 3 R 2 R 1

Structure of the Classifiers 4 regions R 3 R 2 R 1

Structure of the Classifiers 7 regions R 3 {R 2, R 3} R 2

Structure of the Classifiers 7 regions R 3 {R 2, R 3} R 2 R 1 {R 1, R 2} {R 1, R 2, R 3} Our dataset: 1733 rule classifier = 4316 distinct regions (worst case is 1013 !)

One-Step Classification

One-Step Classification

Recursive Flow Classification (RFC)

Recursive Flow Classification (RFC)

Chunking of a packet Chunk #0 Source L 3 Address Destination L 3 Address

Chunking of a packet Chunk #0 Source L 3 Address Destination L 3 Address L 4 protocol and flags Chunk #7 Source L 4 port Destination L 4 port Type of Service Packet Header

Packet Flow 16 index 8 Reduction action 14 16 16 Header 128 8 8

Packet Flow 16 index 8 Reduction action 14 16 16 Header 128 8 8 Phase 0 Combination 16 64 Phase 1 32 Phase 2 16 Phase 3

Example Classifier

Example Classifier

Formation of regions {20 -21, HTTP, > 1023, *} 0 20 21 80 1024

Formation of regions {20 -21, HTTP, > 1023, *} 0 20 21 80 1024 65535

Reduction index 16 0 11 11 20 21 00 00 80 01 1023 1024

Reduction index 16 0 11 11 20 21 00 00 80 01 1023 1024 10 65535 10 10 2 eq. ID

Combination L 4 port Protocol 16 16 2 2 4 3

Combination L 4 port Protocol 16 16 2 2 4 3

Regions/Equivalence Classes Successive reduction + combination: final action

Regions/Equivalence Classes Successive reduction + combination: final action

Packet Flow 16 index 8 Reduction action 16 Header 16 8 8 Phase 0

Packet Flow 16 index 8 Reduction action 16 Header 16 8 8 Phase 0 Phase 1 Phase 2 Phase 3

Choice of Reduction Tree 0 0 1 1 2 2 3 4 5 5

Choice of Reduction Tree 0 0 1 1 2 2 3 4 5 5 Number of phases = P = 3 10 memory accesses Number of phases = P = 4 11 memory acceses

Memory in Mbytes Storage Requirements Number of Rules

Memory in Mbytes Storage Requirements Number of Rules

Time in seconds Preprocessing Time Number of Rules 333 Mhz Pentium-II with 96 MB

Time in seconds Preprocessing Time Number of Rules 333 Mhz Pentium-II with 96 MB RAM running Linux.

Classification Time Pipelined hardware: 30 Mpps (worst case OC 192) using two 4 Mb

Classification Time Pipelined hardware: 30 Mpps (worst case OC 192) using two 4 Mb SRAMs and two 64 Mb SDRAMs at 125 MHz. l Software: (3 phases)1 Mpps in the worst case and 1. 4 -1. 7 Mpps in the average case. (average case OC 48) [performance l measured using Intel Vtune simulator on a windows NT platform]

Memory in Kbytes Larger classifiers Number of Rules

Memory in Kbytes Larger classifiers Number of Rules

Conclusions Difficult to achieve both high classification rate and reasonable storage in the worst

Conclusions Difficult to achieve both high classification rate and reasonable storage in the worst case. l Real classifiers exhibit structure and redundancy. l The proposed classification scheme, RFC, seems to be of practical use where classifiers do not change very frequently. l