Packet Classifiers In Ternary CAMs Can Be Smaller Qunfeng Dong (University of Wisconsin-Madison) Suman Banerjee (University of Wisconsin-Madison) Jia Wang (AT&T Laboratories – Research) Dheeraj Agrawal (University of Wisconsin-Madison) Ashutosh Shukla (University of Wisconsin-Madison) SIGMETRICS 2006

 Introduction  TCAM is the favoured solution for wire speed packet classification in backbone routers.  TCAM suffers size explosion on range specifications.  Previous techniques require modification to packet processors.  Motivation  Trimming rules  Expanding rules  Adding rules  Merging rules  Design  Evaluation  Summary  Future work Outline

 Packet classification [SVSW98,LS98]  Use a set of rules for finer differentiation of packets based on multiple packet header fields.  Is the foundation of many Internet functions (e.g. security, QoS, VPN, etc).  Each rule specifies a range clause on each relevant field  e.g. the source port must be in the range [5000, 65535]  Prefix, single value and wildcard are all special ranges. matches  A rule matches a packet iff every range clause is satisfied.  Objective:  For each incoming packet, find the first (i.e., highest priority) rule that matches the packet. Introduction

 TCAM is the favoured solution for packet classification.  Pure software solutions are becoming increasingly difficult as the gap between wire speeds and memory speeds keeps widening.  Unfortunately, TCAM suffers size explosion on range clauses and accounts for a significant portion of the cost of a router line card.  Each range clause can take many TCAM entries.  The total amount of TCAM entries needed is the product of the number of TCAM entries needed to represent individual range clauses. Introduction

Rule: TCAM: Field A Decision [64, 127] Deny Field A Decision 01×××××× 0

Rule: TCAM: Field A Decision [80, 127] Deny Field A Decision 0101×××× 0 011××××× 0

Fact: A range clause defined on a k-bit field may take 2k-2 TCAM entries to represent.

Rule: TCAM: Field A Decision [80, 127] Deny Field A Decision 0101×××× 0 011××××× 0

Rule: TCAM: Field A Field B Decision [80, 127] Deny Field A Field B Decision 0101×××× 0 011××××× ×××× 0 011××××× 0

Fact: The total number of TCAM entries needed to represent a rule is the product of the number of TCAM entries needed to represent its range clauses!

Fact: A rule that specifies range clauses on the 16-bit source port and destination port can take (2×16-2) × (2×16-2) = 900 TCAM entries to represent!

 Our objective  To be cost efficient, we want to reduce the amount of TCAM entries needed to implement a given rule set.  Without modifying its semantics!  Our approach is to transform the given rule set into a semantically equivalent rule set that requires less TCAM entries to represent.  Previously proposed techniques:  Represent rules in a new format (e.g., [SIGCOMM’05])  Need to modify packet processor hardware to interpret the new format.  Our techniques do not change the format of rule sets and hence do not require any hardware modification  Trimming rules  Expanding rules  Adding rules  Merging rules Our Objective & Approach

Rule: TCAM: Trimming Rules Field A Decision [96, 127] Deny [100, 255] Permit Field A Decision 011××××× ×× ×××1 0111××××1 1×××××××1 Field A Decision [96, 127] Deny [128, 255] Permit Field A Decision 011××××× 0 1×××××××1

Rule: TCAM: Expanding Rules Field A Decision [32, 79] Deny [72, 255] Permit Field A Decision 001××××× ×××× ×××1 0101××××1 011×××××1 1×××××××1 Field A Decision [32, 79] Deny [64, 255] Permit Field A Decision 001××××× ×××× 0 01××××××1 1×××××××1

Rule: TCAM: Adding Rules Field A Decision [64, 119] Deny [0, 255] Permit Field A Decision 010××××× ×××× ××× 0 ××××××××1 Field A Decision [120, 127] Permit [64, 127] Deny [0, 255] Permit Field A Decision 01111××× 1 01×××××× 0 1×××××××1

Rule: TCAM: Merging Rules Field A Decision [96, 111] Permit [64, 95] Deny [100, 127] Deny [0, 255] Permit Field A Decision 0110×××× 1 010××××× ×× ××× ×××× 0 ××××××××1 Field A Decision [96, 111] Permit [64, 127] Deny [0, 255] Permit Field A Decision 0110×××× 1 01×××××× 0 1×××××××1

Question: How to define a systematic solution?

Framework Expanding will help? NO YES Last Rule? YES NO Remove Redundancy Trim Rule Set Expand Rule Adding a rule will help? NO YES Add A Rule Merge with other rules will help? NO YES Merge Rules Get Next Rule

Last Rule? YES NO Compute the core region of each rule Trim the rule to be the minimum hypercube that encloses its core region If a range clause originally specifies a prefix, expand it to be the minimum prefix Trim Rule To preserve the semantics of the rule set To avoid unnecessary increase in the number of TCAM entries needed Core region is the part of a rule’s definition region that is not covered by higher rules or lower rules of the same color Get Next Rule

Expansion allowed? YES NO Perform a minimum expansion of the chosen range clause Expand Rule A minimum expansion of the chosen clause should lead to the largest decrease in the number of TCAM entries needed Pick a range clause to expand Any range clause can be expand? NO YES

Expand with Adding Rules

Expansion allowed? YES NO Perform a minimum expansion of the chosen range clause Expand with Adding Rules A minimum expansion of the chosen clause should lead to the largest decrease in the number of TCAM entries needed Pick a range clause to expand Any range clause can be expand? NO YES Add a rule before and expand the current rule Semantics of the rule set preserved? YES NO Roll back Number of TCAM entries of the rule reduced? YESNO

Expand with Adding/Merging Rules

Expansion allowed? YES NO Perform a minimum expansion of the chosen range clause A minimum expansion of the chosen clause should lead to the largest decrease in the number of TCAM entries needed Pick a range clause to expand Any range clause can be expand? NO YES Add a rule before and expand the current rule Semantics of the rule set preserved? NO Roll back Number of TCAM entries of the rule set reduced? YESNO YES Number of TCAM entries of the rule reduced? Remove redundancy YES Expand with Adding/Merging Rules

 Real rule sets  real rule sets from the network of a tier-1 ISP  Each rule specifies clauses on source IP, destination IP, source port, destination port and protocol type.  Action doesn’t matter here. Evaluation

Evaluation: real rule sets

 Ramdom rule sets  100 randomly generated rule sets  IP addresses  a random prefix  Protocol type  a random number  Port range  a random sub-range of [0, 65535]  Action  randomly selected from actions in real rule sets Evaluation

Evaluation: random rule sets

 Packet classification is the foundation of many Internet functions.  TCAM is the favoured solution for packet classification.  Pure software solutions are becoming increasingly difficult as the gap between wire speeds and memory speeds keeps widening.  TCAM suffers size explosion on range clauses.  TCAM accounts for a significant portion of the cost of router line cards.  We propose (a set of techniques) to define smaller but semantically equivalent rule sets.  Do not require any hardware modification.  Become even more effective with more range clauses! Summary

We have tried to compress TCAM. Question: Can we totally eliminate TCAM? Future Work

Work in progress: Wire Speed Packet Classification Without TCAM: One More Register (And A Bit of Logic) Is Enough ACM SIGCOMM 2006 Pisa, Italy 9.11 ~ 9.15 Future Work

More coming… Besides packet classification based on the standard 5-tuple, deep packet classification based on payload is another important topic of interest. Future Work

Thank you! Qunfeng Dong University of Wisconsin - Madison SIGMETRICS 2006