Packet Classification Using Multidimensional Cutting Sumeet Singh (UCSD) Florin Baboescu (UCSD) George Varghese (UCSD) Jia Wang (AT&T Labs-Research) Reviewed by Michela Becchi Discussion Leader Haoyu Song

Michela Becchi - 2/25/2016 Outline n Introduction n Related works »HiCuts n HyperCuts n Evaluation n Conclusions

Michela Becchi - 2/25/2016 Packet Classification n Rule-based packets’ handling »Destination address »Source address »Protocol type »Destination and source port »TCP flags RulesDestinationSourceDest. PortAction Rule1 * Block Rule ** Redirect

Michela Becchi - 2/25/2016 Applications n Security n QoS n Network address translation n Traffic shaping n Monitoring n …

Michela Becchi - 2/25/2016 Challenge n Classify packets at packets’ processing speed n Increasing link speed »14% links between core routers OC-768 (40 Gbps) »21% links between edge routers OC-192 (10 Gbps) n Memory-time tradeoff

Michela Becchi - 2/25/2016 Terminology n Classifier: N rules R 1,R 2,…,R N n Rule R j: array of k values (fields, dimensions ) n R j [ i ] : value of the i-th header field of a packet »Exact match: source address equal to »Prefix match: destination address matches * »Range match: destination port in range 0 to 255 n action j: action associated to R j E.g. R=( *,*,TCP,23,*), action=block »Pkt 1 =( , ,TCP,23,1025) »Pkt 2= ( , ,TCP,79,1025)

Michela Becchi - 2/25/2016 Memory-time tradeoff n Time-memory tradeoff: »O((log N)^(k-1)) time and linear space »Log N time and O(N^k) space n SRAM vs. DRAM n Hardware solutions: Ternary CAMs n Algorithmic solutions: »Linear search »EGT-PC »HiCuts Note: Update complexity not considered for core routers

Michela Becchi - 2/25/2016 TCAMs n Uses parallelism in hardware n Pros: »Low latency and high throughput »Simple on-chip management scheme n Cons: »Power scaling (parallel comparisons) »Density scaling (more board area) »Time scaling (highest match arbitration) »Rule Multiplication for ranges (prefix format) => Suitable for small classifiers

Michela Becchi - 2/25/2016 EGT-PC Extended Grid-Of-Tries with Path Compression n Idea: Regardless of database size, any packet matches only a few rules. This is true even when the rules are projected to only source or destination fields n Extend efficient two-field classification algorithm with linear search n Worst case search time ~ HiCuts optmized for speed n Memory requirement ~ HiCuts optmized for space

Michela Becchi - 2/25/2016 HiCuts Hierarchical Intelligent Cutting n Decision-tree based algorithm n Linear search on leaves n Storage ~ depth of tree n Local optimization decisions at each node to test next dimension to cut »Limit amount of linear search »Limit amount of storage increase n Range checks => cut=hyperplane

Michela Becchi - 2/25/2016 HiCuts: an example Field 2 Field 4 Field 3 R9 R10 R11 R8 R9 R10 R11 R7 R10 R11 R3 R7 R10 R11 R2 R7 R10 R11 R4 R7 R10 R11 R7 R10 R11 R7 R11 R0 R5 R6 R10 R7 R10 R11 Field 5 R1 R7 R10 R11 R0 R5 R6 R7 R10 R11 R2 R3 R4 R7 R10 R11 R0 R1 R5 R6 R7 R10 R Bucket size = 4 (0010,1101,00,01,TCP)

Michela Becchi - 2/25/2016 From HiCuts to Hypercuts n Multiple cuts per node possible »Reduce depth of the tree (memory) »Through array indexing one memory access per node n Hypercube instead of hyperspace

Michela Becchi - 2/25/2016 Hypercube * Slide taken from S. Singh’s presentation

Michela Becchi - 2/25/2016 Building Decision Tree (1) Step1: Select dimensions to cut n Goal: Pick dimensions leading to the most uniform distribution of rules n Alternatives: »Largest number of unique elements »# unique elements > mean of unique elements »# unique elements / size of region n Idea: dimensions with highest entropia

Michela Becchi - 2/25/2016 Building Decision Tree (2) Step2: Select number of cuts n Goal: Create search tree with minimal memory requirement n Alternative 1: »Minimum number of rules in each child node »Maximum number of children limited by space factor * sqrt(# rules in current node) n Alternative 2 (Greedy approach): »Determine local optimum nc(i) for each dimension »Determine iteratively best combination

Michela Becchi - 2/25/2016 Refinements (1) n Node Merging: nodes with same rules n Rule Overlap: overlapping rules and different priorities

Michela Becchi - 2/25/2016 Refinements (2) n Region Compaction: shrink the region of a node depending on its rules n Pushing Common Rule Subset Upwards: »rules to non-leaf nodes. »Bitmap in header to avoid extra memory accesses

Michela Becchi - 2/25/2016 Search Algorithm * Slide taken from S.Singh’s presentation

Michela Becchi - 2/25/2016 Search Algorithm * Slide taken from S.Singh’s presentation

Michela Becchi - 2/25/2016 Search Algorithm * Slide taken from S.Singh’s presentation

Michela Becchi - 2/25/2016 Search Algorithm * Slide taken from S.Singh’s presentation

Michela Becchi - 2/25/2016 Evaluation n Memory: up to an order of magnitude less than HiCuts optimized for memory and EGT-PC n Time: 3 to 10 times faster than HiCuts n On ERs: HyperCuts ~ HiCuts (only IP source and destination specified => 2 dimensions) n On FWs: wildcard-rules on IP addresses make HyperCuts ouperform HiCuts n Synthetic databases: memory requirement grows linearly with number of rules (except for FWs – wildcards)

Michela Becchi - 2/25/2016 Conclusions n Idea of cutting in more than one direction »Improvement in memory requirement »Still one access per node n Refinements to reduce memory wasting n Evaluation on industrial firewall databases and synthetic databases n Limited depth of the tree: possible hardware implementation using pipelining and on-chip SRAM

Michela Becchi - 2/25/2016 n Questions?

Michela Becchi - 2/25/2016 Evaluation Data (1)

Michela Becchi - 2/25/2016 Evaluation Data (2)