Presentation is loading. Please wait.

Presentation is loading. Please wait.

Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)"— Presentation transcript:

1 Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)

2 Packet Classification Action ---- RuleAction Policy Database (classifier) Packet Classification Forwarding Engine Incoming Packet HEADERHEADER

3 Power Consumption in a Router Sources: R.S. Tucker, based on Cisco CRS-1, 2009; D. Hay Packet Classification }

4 Towards a Hardware Solution  Rules in the policy database can be written in a ternary alphabet, using 0,1,  100110001010100000000011 

5 Ternary Content-Addressable Memory (TCAM) Encoder Match lines Packet Header (Search Key) 0 1 2 3 4 6 5 7 8 9 2 0 1 2 3 4 6 5 7 8 9 accept deny accept TCAM Array Each entry is a word in {0,1,  } W

6 Example Encoder Match lines 0 1 2 3 4 6 5 7 8 9 deny log accept deny limit deny accept 0011101101010  00  01001111  11  00  00001110  0  101000110  10  010100  0  0100011010  01000 001110  1110  010  01  0010101010  0  11  10010  01  0010  10  01   001110  10101010   111111111111111111111111  0011101010101001110001110001110 0 0 0 1 0 1 0 1 0 1 3 

7 Outline  Packet Classification and TCAM devices  Representing range rules  Contributions  New upper bounds on the worst-case rule expansion  Linear expansion of multidimensional rules  New TCAM architectures  Conclusions

8 Range Rules RuleSource address Source port Dest- address Dest- port Prot ocol Action Rule 1 123.25.0.0/1680255.2.3.4/32 80TCP Accept Rule 2 13.24.35.0/24>1023255.2.127.4/315556 TCP Deny Rule 3 16.32.223.1420-50255.2.3.4/3150-70 UDP Accept Rule 4 22.2.3.41-6255.2.3.0/2120-22 TCP Limit Rule 5 255.2.3.412-809255.2.3.417-190 ICMP Log  Range rule = rule that contains range field  Usually source-port or dest-port

9 Range Rule Representation in TCAM  Assume we want to represent a range in a single field of W bits  Our objective: minimize the number of TCAM entries needed to encode the range  More TCAM entries represent more power consumption  Some ranges are easy to represent Example: W=3: [4, 7] = {100,101,110,111} = 1   But what about [1,6] ?

10  Range [1,6] in tree of all elements with W=3 bits: (Internal) Encoding of [1,6] 010011001110100101 111000 Known result: expansion in 2W-2 TCAM entries Here: 2W-2=4 TCAM entries

11 Prefix Expansion  Use multiple entries to code a single rule [1,6]= {001, 01 ,10 , 110} – 4 entries  Every rule that contains [1,6] needs 4 entries  Maximum expansion 2W-2 for range [1,2 W -2] (W is the field width)  For rules with two range fields, we need the Cartesian product of the expansion  Active research to reduce this cost: [Yu, Katz], [Spitznagel, Taylor and Turner], [Liu], [van Lunteren, Engbersen], [Che, Wang, Zheng, Liu] [Lakshminarayanan, Rangarajan, Venkatachary] … [Srinivasan, Varghese, Suri, Waldvogel; 1998]

12 Outline  Introduction  Worst-case range expansion  New TCAM architectures

13 External Encoding 010011001110100101 111000 Here: W=3 TCAM entries (instead of 4) Idea to reduce number of TCAM entries: exploit TCAM entry order by encoding range complimentary as well

14 New upper bounds on the worst-case rule expansion  Theorem 1: Expansion of W-bit range in at most W TCAM entries  Note: W instead of 2W-2  Note: also in next talk  Theorem 2: W TCAM entries is optimal among prefix codes (not shown in this paper)  Theorem 3: Expansion of k W-bit ranges in k·W TCAM entries

15 Union of k ranges in kW 010011001 110 100101111 000 R 1 =[1,5], R 2 =[7,7] R=R 1 UR 2 can be encoded using k·W=2·3=6 TCAM entries  Theorem 3: Expansion of k W-bit ranges in k·W TCAM entries  Example:

16 Multi-field Ranges Known result: range expansion in d W-bit fields in (2W-2) d TCAM entries Theorem 4: Expansion in O(d·W) TCAM entries (i.e. linear in d) without any additional logic

17 Outline  Introduction  Worst-case range expansion  New TCAM architectures

18 New TCAM architectures  Using additional logic to reduce expansion  Example for W=4

19 Example for W=4

20 (a) Known Architecture: Internal – Product 5 6 3 1  Expansion of 6·5 + 3·1 = 33

21 (a) Internal - Product header 1000.0111 (range 1) PE (0) (1) (0)  Worst-case expansion of k·(2W-2)^d

22 (b) Combined - Product 5454 6 3 3 1  Expansion of 3·4 + 3·1 = 15

23 (0) (1) header 1000.0111 PE (range 1) (0) (1) (0) (b) Combined - Product  Worst-case expansion of k·W^d

24 (c) Combined – Sum 4 3 3 1  Expansion of 3+4 + 3+1=11

25 (0) (1) (0) header 1000.0111 PE (range 1) (1) (c) Combined – Sum  Worst-case expansion of k·d·W

26 Architecture Summary known new

27 Experimental Results  On real-life rule set  120 separate rule files from various applications Firewalls, ACL-routers, Intrusion Prevention systems  215K rules  280 unique ranges  Used as a common benchmark in literature

28 Experimental Results 39% Better 57% Better

29 Implentation Considerations  Hot updates – Updates are easy to apply due to the TCAM’s devision into ranges  Multiple actions –No need to change the architecture in case of more actions than accept and deny

30 Future Directions  Coding scheme optimality ?  Over prefix encoding schemes  Over all encoding schemes  Over multidimensional ranges

31 Summary  Expansion of W-bit range in at most W TCAM entries (instead of 2W-2)  Optimal (among prefix codes)  Linear expansion for multi-field ranges  New TCAM architectures  Up to 39% less TCAM entries

32 Thank You

Download ppt "Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)"

Similar presentations

Compressing Forwarding Tables Ori Rottenstreich (Technion, Israel) Joint work with Marat Radan, Yuval Cassuto, Isaac Keslassy (Technion, Israel) Carmi.

Compressing Forwarding Tables Ori Rottenstreich (Technion, Israel) Joint work with Marat Radan, Yuval Cassuto, Isaac Keslassy (Technion, Israel) Carmi.
August 17, 2000 Hot Interconnects 8 Devavrat Shah and Pankaj Gupta

August 17, 2000 Hot Interconnects 8 Devavrat Shah and Pankaj Gupta
Fast Updating Algorithms for TCAMs Devavrat Shah Pankaj Gupta IEEE MICRO, Jan.-Feb. 2001.

Fast Updating Algorithms for TCAMs Devavrat Shah Pankaj Gupta IEEE MICRO, Jan.-Feb
Packet Classification using Hierarchical Intelligent Cuttings

Packet Classification using Hierarchical Intelligent Cuttings
A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.
1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.

1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.
Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.

Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.
Bio Michel Hanna M.S. in E.E., Cairo University, Egypt B.S. in E.E., Cairo University at Fayoum, Egypt Currently is a Ph.D. Student in Computer Engineering.

Bio Michel Hanna M.S. in E.E., Cairo University, Egypt B.S. in E.E., Cairo University at Fayoum, Egypt Currently is a Ph.D. Student in Computer Engineering.
M. Waldvogel, G. Varghese, J. Turner, B. Plattner Presenter: Shulin You UNIVERSITY OF MASSACHUSETTS, AMHERST – Department of Electrical and Computer Engineering.

M. Waldvogel, G. Varghese, J. Turner, B. Plattner Presenter: Shulin You UNIVERSITY OF MASSACHUSETTS, AMHERST – Department of Electrical and Computer Engineering.
HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Author: Wenjun Li, Xianfeng Li Publisher: 2013 IEEE 21 st Annual Symposium.

HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Author: Wenjun Li, Xianfeng Li Publisher: 2013 IEEE 21 st Annual Symposium.
Outline Introduction Related work on packet classification Grouper Performance Empirical Evaluation Conclusions.

Outline Introduction Related work on packet classification Grouper Performance Empirical Evaluation Conclusions.
A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.

A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.
1 TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs Department of Computer Science and Information Engineering National.

1 TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs Department of Computer Science and Information Engineering National.
On the Code Length of TCAM Coding Schemes Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel) 1.

On the Code Length of TCAM Coding Schemes Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel) 1.
Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,

Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,
Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)

Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)
Packet Classification on Multiple Fields Pankaj Gupta and Nick McKeown Stanford University {pankaj, September 2, 1999.

Packet Classification on Multiple Fields Pankaj Gupta and Nick McKeown Stanford University {pankaj, September 2, 1999.
CS 268: Lectures 13/14 (Route Lookup and Packet Classification) Ion Stoica April 1/3, 2002.

CS 268: Lectures 13/14 (Route Lookup and Packet Classification) Ion Stoica April 1/3, 2002.
Efficient Multidimensional Packet Classification with Fast Updates Author: Yeim-Kuan Chang Publisher: IEEE TRANSACTIONS ON COMPUTERS, VOL. 58, NO. 4, APRIL.

Efficient Multidimensional Packet Classification with Fast Updates Author: Yeim-Kuan Chang Publisher: IEEE TRANSACTIONS ON COMPUTERS, VOL. 58, NO. 4, APRIL.
1 Range Encoding Cheng-Chien Su. 2 Outline DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors  Hao Che, Zhijun Wang, Kai Zheng, Bin Liu  IEEE.

1 Range Encoding Cheng-Chien Su. 2 Outline DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors  Hao Che, Zhijun Wang, Kai Zheng, Bin Liu  IEEE.

Similar presentations

Ads by Google