Basic Data Structures for IP lookups and Packet Classification

Prefix Length format: bn-1…b0/l (l is prefix length) In IPv4, d3.d2.d1.d0/l can also be used. Mask format: bn-1…b0/mn-1…m0 (prefix length is l) mj = 1 for all n – 1  j  n – l+1, and mj =0 otherwise. d3.d2.d1.d0/ m3.m2.m1.m0 for IPv4. Ternary format: bn-1…bn-l+1*…* (prefix length is l) bj = 0 or 1 for n – 1  j  n – l + 1. If tk is *, then tj must also be * for all j < k. A single don’t care bit can be used to denote a series of don’t care bits, e.g., 1* denotes 1**** in the 5-bit address space.

Prefix (n+1)-bit format: bn-1…bn-l+110…0 (l is prefix len) or for the prefix bn-1…bn-l+1* of length l in ternary format, there is one trailing ‘1’ followed by n – l 0’s. or (n+1)-bit format: bn-1…bn-l+101…1 for the prefix bn-1…bn-l+1* of length l in ternary format, there is one trailing ‘0’ followed by n – l 1’s.

5-bit Prefixes: bn-1…bn-l+110…0 ***** 0**** 00*** 11*** 1 * * * 1 * 1 * 1 * 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 6-bit binary address space 000000 is not used

5-bit Prefixes: bn-1…bn-l+101…1 ***** 0**** 00*** 11*** 1 * * * 1 * 1 * 1 * 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 6-bit binary address space 111111 is not used

Prefix properties Disjoint prefixes: Prefix enclosure: Two prefixes are said to be disjoint if they do not share any address. Prefix enclosure: A = bn-1…bj…bi* and B = bn-1…bj* and j > i. Prefix A is enclosed by B (B  A) since the IP address space covered by A is a subset of that covered by B, where  is the enclosure operator. A special case of overlapping. Prefix comparison The inequality 0 < * < 1 is used to compare two prefixes in the ternary representation of prefixes.

Prefix properties The most specific prefixes (MSP): The prefixes that do not cover any others. Disjoint, so can be put in an array for binary search Grouping prefixes in layers based on MSP. Six layers at most for IPv4 tables 1 2 3 4 5

Prefix properties Database (year-month) AS6447 (2000-4) (2002-4) (2005-4) number of prefixes 79,530 124,798 163,535 Level-1 prefixes 73,891(92.9%) 114,745 (91.9%) 150,245 (91.9%) Level-2 prefixes 4,874 (6.1%) 8,496 (6.8%) 11,135 (6.8%) Level-3 prefixes 642 (0.8%) 1,290 (1%) 1,775 (1.1%) Level-4 prefixes 104 (0.1%) 235 (0.2%) 329 (0.2%) Level-5 prefixes 17 29 45 Level-6 prefixes 2 3 6

Prefix properties Number Prefix length

Prefix Forwarding table example Prefix Next-hop P1 111* H1 P2 10* H2 1010* H3 P4 10101 H4 P1 is disjoint from the other three prefixes. P2  P3  P4 Longest prefix match(LPM), not exact match enclosure makes (1) sorting prefixes and (2) binary searching prefixes difficult

Example Forwarding Table Prefix Next-hop P1 111* H1 P2 10* H2 P3 1010* H3 P4 10101 H4 Longest prefix match(LPM), not exact match Prefix enclosure makes (1) sorting prefixes and (2) binary searching prefixes difficult. So, trie based schemes emerge naturally

Binary Trie (Radix Trie) Trie node Lookup 10111 A next-hop-ptr (if prefix) 1 B left-ptr right-ptr P1 111* H1 P2 10* H2 P3 1010* H3 P4 10101 H4 1 C Add P5=1110* I P5 D P2 1 1 F E P1 G P3 1 H P4

Binomial spanning tree 1110 1111 1100 2 1 0000 3 1000 0000 3 1000 2 1100 1 1110 1111 A 4-cube and its corresponding binomial spanning tree.

Perfect code: Hamming code (7, 4) 7-cube example: 0000000 1000000 0100000 0010000 0001000 0000100 0000010 0000001 = 7-cube 24(16) one-level binomial spanning trees

Perfect code: Hamming code (7, 4) 1 1 0 1 1 0 0 1 0 1 1 0 1 0 0 1 1 1 0 0 1 H7 = G7 = 1 0 0 0 1 1 0 0 1 0 0 1 0 1 0 0 1 0 0 1 1 0 0 0 1 1 1 1 (a) Parity-check and generator matrices of Hamming code (7, 4). Syndrome ErrorPattern Inner product Transpose 000 0000-000 001 0000-001 010 0000-010 011 0010-000 100 0000-100 101 0100-000 110 1000-000 111 0001-000 r = received code Syndrome s = (s2 s1 s0) = r．H7T Corrected code = r + ErrorPattern[s] (c) Decoding table

Perfect code: Hamming code (7, 4) u Codeword 0000 0000-000 0001 0001-111 0010 0010-011 0011 0011-100 0100 0100-101 0101 0101-010 0110 0110-110 0111 0111-001 1000 1000-110 1001 1001-001 1010 1010-101 1011 1011-010 1100 1100-011 1101 1101-100 1110 1110-000 1111 1111-111 Generate 16 Codewords u．G7 16 codewords

Perfect code: Golay code (23, 12) 212 3-level binomial spanning trees C(23,0)+C(23, 1)+C(23,2)+C(23,3) = 1 + 23 + 23*22/2 +3*22*21/(3*2) = 24 + 23*11 + 23*11*7 = 24 + 253*8 = 24 + 2024 = 2048 = 211

Ranges Why ranges? Prefixes are special cases of ranges. Prefixes can also be represented by ranges. The source/destination port fields of rule tables for packet classification are ranges. Prefixes are special cases of ranges. Prefix bn-1…bn-l+1* of length l is the range of addresses from bn-1…bn-l+10…0 to bn-1…bn-l+11…0, denoted as [bn-1…bn-l+10…0, bn-1…bn-l+11…0]. Overlapping: Two ranges are overlapping if they are not disjoint. Partially overlapping: Two ranges are partially overlapping if they are neither disjoint nor enclosing.

Elementary Intervals for Ranges Definition: Let the set of k elementary intervals constructed from a set R of ranges in the address space of 0 … N – 1 be X = {Xi | Xi = [ei, fi], for i = 1 to k}. X must satisfy the following: e1 = 0 and fk = N – 1, fi = ei+1 – 1 for i = 1 to k – 1, all addresses in Xi are covered by the same subset of R (called the range matching set of Xi) denoted by EIi, and EIi  EIi+1, for i = 1 to k – 1.

Elementary Intervals for Ranges ID Prefix Range Minus-1 Traditional start finish start finish P1 000000/2 [0, 15] - 15 0 15 P2 010000/2 [16, 31] 15 31 16 31 P3 000100/4 [4, 7] 3 7 4 7 P4 100000/1 [32, 63] 31 - 32 63 P5 010110/5 [22, 23] 21 23 22 23 P6 110000/2 [48, 63] 47 - 48 63 P7 110000/4 [48, 51] 47 51 48 51 P8 110111/6 [55, 55] 54 55 55 55 P9 100000/3 [32, 39] 31 39 32 39

Elementary Intervals for Ranges Graphical view EI1 {P1} X1 [0, 3] EI2 {P1,P3} X2 [4, 7] EI3 {P1} X3 [8, 15] EI4 {P2} X4 [16, 21] EI5 {P2,P5} X5 [22, 23] EI6 {P2} X6 [24, 31] EI7 {P4,P9} X7 [32, 39] EI8 {P4} X8 [40, 47] EI9 {P4,P6,P7} X9 [48, 51] EI10 {P4,P6} X10 [52, 54] EI11 {P4,P6,P8} X11 [55, 55] EI12 {P4,P6} X12 [56, 63]

Segment Tree leaf node w 23 y z 7 47 P1 u v q g 3 15 31 54 P3 P1 P2 P2 X1 [0,3] X2 [4,7] X3 [8,15] P2 h X6 [24,31] P4 r s t 21 39 51 55 leaf node P5 P9 P7 P8 X4 [16,21] X5 [22,23] X7 [32,39] X8 [40,47] X9 [48,51] X10 [52,54] X11 [55,55] X12 [56,63]

Interval Tree Each node in an interval tree is associated with a key which must be covered by at least one range. Depending on whether a node can store 1 or 1+ range, fat interval tree each node is allowed to store more than one range. The number of nodes in the interval tree is O(N). To insert a range R = [e, f], if R covers root’s key, R is stored in the root. Otherwise, R is inserted in the left (right) subtree of the root when f is smaller (e is larger) than the key of the root. When R does not cover the key of any node which is traversed, a new node with the key selected from addresses e to f is created and inserted as the left or right child of the node which was last visited. O(logN + k) time, k is # of prefixes that match the given address. Prefix insertion and deletion are very expensive because ranges in some nodes may need relocations after tree rotations.

Interval Tree thin interval tree: each node of the interval tree stores exactly one range. Since ranges may overlap, two comparison rules are used to compare if a range is smaller or larger than another range. For two ranges R1 = [e1, f1] and R2 = [e2, f2], R1 < R2 if e1 < e2. If tie, the second rule applies. R1 < R2 if R2 is a subrange of R1 (i.e. e1 = e2 and f2 < f1). Also, a node stores a max value, Max(the finish endpoints of all ranges) stored in the subtree rooted at that node. In contrast with the fat interval tree, prefix insertion and deletion take O(logN) time. However, O(min{N, klogN}) time is needed to find the longest matching prefix as well as the highest-priority matching prefix, where k is the number of matched prefixes for a given address.

Hash Table Narrowing down the search space. Index = Hash_function(key)%m, where key may be the first k bits of IP addresses and m is the size of the hash table. Perfect hash: no collision Minimal perfect hash: A perfect hash, where the size of its hash table is k for k different hashing keys.

Hash Table Difficulties: prefixes and ranges can not be used as the keys of the hash functions directly. Array of m elements H(k1)%m k1 k2 H(k2)%m collision

Hash Table: 8-bit Segmentation table A 8-bit segmentation table is usually used for IPv4 forwarding tables because there is no prefix of length shorter than 8. Array of 256 elements Prefix: 0.x.y.z H(prefix)%256 (MSB 8 bits of prefix) 1 Prefixes with the same first 8 MSB bits Maybe empty set 255

Hash Table: 16-bit Segmentation table Prefixes of length <= 16 must be stored properly. For example, duplicate 0.0.b.c/15 into buckets 0 and 1 or store the port of 0.0.b.c/15 into elements 0 and 1. Put them into another set (good for update but need to search two sets in the worst case). Array of 216 elements Prefix: 0.0.y.z H(prefix)%216 (MSB 16 bits of prefix) 1 Prefixes with the same first 16 MSB bits Maybe empty set 216-1 Prefixes of length  16

Hash Table: Compression Since there are many empty elements in the segmentation table, we can use bitmap to compress the segmentation table. 216-Bitmap containing M 1’s Array of M elements Prefix: 0.0.y.z 1 . 1 Prefix: 0.1.y.z Prefixes with the same first 16 MSB bits Must be non-empty M-1

Bloom filter H1(key) = P1 H2(key) = P2 H3(key) = P3 H4(key) = P4 … Hk(key) = Pk Hi() is a hash function, e.g. MD5 Bit vector of m bits 1 1 m bits 1 1

Bloom filter After inserting n keys (kn bits), the probability that a particular bit is still 0 is (1-1/m)kn So, the probability of a false positive is p for the right-hand side is minimized when k = ln2m/n m/n = 6, k = 4: p = 0.0561 m/n = 8, k = 6: p = 0.0215 m/n=12, k = 8: p =0.00314 m/n=16, k=11: p =0.000458

Bloom filter Update: Update whole SC Threshold: when the digests differ beyond a threshold, say, 5% or 10%, Regular time intervals: every say 5 mins,

Counting Bloom filter Deletion operation for local digest: For each bit in the m-bit vector, use an l-bit counter to record the number of times that a particular bit is turned on by different URLs l = 4 by experience If deletion is not supported, cache summary must be rebuilt from scratch on a periodic basis to erase stale bits and prevent bit pollution