Energy Efficient Multi-match Packet Classification with TCAM - PowerPoint PPT Presentation

About This Presentation
Title:

Energy Efficient Multi-match Packet Classification with TCAM

Description:

Energy Efficient Multimatch Packet Classification with TCAM – PowerPoint PPT presentation

Number of Views:106
Avg rating:3.0/5.0
Slides: 20
Provided by: Fan82
Category:

less

Transcript and Presenter's Notes

Title: Energy Efficient Multi-match Packet Classification with TCAM


1
Energy Efficient Multi-match Packet
Classification with TCAM
  • Fang Yu
  • fyu_at_eecs.berkeley.edu

2
Outline
  • Introduction to multi-match classification
  • Multi-match classification using TCAM
  • May create many intersections
  • Consume many TACM resources and high power
    consumption
  • Filter set splitting algorithm to remove
    intersections
  • Simulations results
  • Conclusions and future work

3
Packet Classification
  • Single-Match Classification
  • Assumption all the filters are associated with
    priorities
  • Only the highest priority match matters
  • E.g., longest prefix match

Packet header
Packet Payload
  • Multi-Match Classification
  • Report all matching results
  • No priority among filters
  • PNE (iBox) identify the all the relevant
    functions
  • Intrusion Detection System identify all the
    related rules
  • Need faster solutions because of the complex
    follow-up processing

4
Ternary-CAM (TCAM)
  • Fully associative memory compare input string
    with all the entries in parallel
  • If multiple matches, report the index of the
    first match
  • Each cell takes one of three logic states
  • 0, 1, and ?(dont care)
  • Current TCAM technology
  • Fast match time 4 ns
  • Size 1-2MB priced at 200-300

cell
entry
width
5
Ternary-CAM (TCAM)
  • Fully associative memory compare input string
    with all the entries in parallel
  • If multiple matches, report the index of the
    first match
  • Each cell takes one of three logic states
  • 0, 1, and ?(dont care)
  • Current TCAM technology
  • Fast match time 4 ns
  • Size 1-2MB priced at 200-300
  • Power consumption is high

6
Report Multi-match Results
  • Problem TCAM only reports the first matching
    result
  • For example, two filters have intersection
    relationship
  • Tcp SQL_SERVER 1433 EXTERNAL_NET any
  • Tcp Any Any Any 139
  • Tcp SQL_SERVER 1433 EXTERNAL_NET 139
  • Return a bit-vector of matched results?
    processing cost for the bit-vector can still be
    O(N)

Intersection
7
Report Multi-match Results (cont.)
  • Solution add additional intersection filters
  • Pros
  • High speed
  • Return the all the matching results within one
    cycle
  • Deterministic lookup time
  • Cons
  • May require high storage and is not energy
    efficient
  • Create 10N intersection filters for the Snort
    rule set
  • May create O(NF) intersection filters in the
    worst case
  • Not easily updatable

Goal decrease number of intersections
and easy for update
8
Observation
Original
Two sets
FN
Matching FN
F1
Matching F1 and FN
Matching F1
N filters O(N2) intersection 1 TCAM lookup
N filters 1 intersection 2 TCAM lookups
  • Split filters to two sets to reduce intersection
  • Report the union of results from all sets
  • No need to include the intersections of the
    filters from different sets
  • Decrease the number of filters in TCAM, decrease
    power consumption
  • Increase the number of TCAM access

9
Problem Definition
  • Given a set of filters F(F1,F2, ., FN)
  • Filters create a set of intersections I(I1,I2,
    ., IM)
  • e.g., I1 intersection of (F1,, F5, F6)
  • How to divide the filters into several sets
  • Residual intersection set I intersections from
    filters in the same set
  • N I lt TCAM size
  • Number of sets (TCAM accesses) is minimum
  • NP hard problem!

10
Split filters into Two Sets
  • Still an NP hard problem (known as maximum set
    splitting or maximum hypergraph cut )
  • Best known approximation algorithms
  • Yield a performance ratio of 0.72 to the optimum
    solution
  • Require quadratic programming ?slow when the
    number of filters is large
  • Our algorithm based on Johnsons algorithm
  • Remove at least half of the intersections
  • O(NM) complexity, where N is the total number of
    filters, and M is the total number of
    intersections

11
Maximum Satisfiability Problem
  • Maximum Satisfiability Problem
  • A set of literals F1, F1, F2, F2,.., FN, FN
  • A set of clauses, each clause is a subset of
    literals
  • E.g., C1F1 F5 F6
  • Goal Find an assignment of F to satisfy maximum
    number of clauses

12
Johnsons Algorithm to Maximum Satisfiability
Problem
  • Assign each clause a weight 2-c
  • E.g., weight of C1F1, F5 F6 is 2-3
  • Let Fi be any literal which hasnt been assigned
    value yet
  • If the weight of all clauses contain Fi is higher
    than the clauses contain Fi
  • Assign Fi a true value, remove all clauses
    containing Fi
  • Multiply the weight of all the clauses containing
    Fi by 2
  • Otherwise
  • Assign Fi a false value, remove all clauses
    containing Fi
  • Multiply the weight of all the clauses containing
    Fi by 2

13
Johnsons Theory
  • If all the clauses have at least k literals
  • Johnsons algorithm can satisfy at least
  • (2K-1)/ 2K percent of the total clauses
  • e.g., k2, satisfy at least ¾ of the clauses
  • It is proved that (2K-1)/ 2K is the best
    approximable bound for kgt2

14
Filter Split Algorithm
  • For any intersection (e.g., I1 intersection of
    F1,, F5, and F6), add two clauses
  • CF1, F5 F6 and CF1, F5 F6
  • Total number of clauses is 2M
  • Run Johnsons algorithm and assign each filter Fi
    either a true (put in set one) or a false value
    (put in set two)

15
Filter Split Algorithm (cont.)
  • According to Johnsons theory
  • At least ¾ of the clauses are satisfied ?
    2M3/41.5M
  • ?At least 0.5M of the intersections have both
    clauses satisfied
  • Suppose for intersection of F1,, F5, and F6 ,
    CF1,, F5, F6 and CF1,, F5, F6 both are
    satisfied
  • At least one of F1,, F5, F6 is true and at
    least one is false
  • F1,, F5, F6 are split into different sets, thus
    this intersection doesnt need to be presented in
    TCAM
  • ?At least 50 of the intersection is removed!

16
Simulation Results
  • SNORT intrusion detection rule set

Version Filter Set Size No split No split Split into 2 sets Split into 2 sets Split into 2 sets
Version Filter Set Size Unique Inter-sections TCAM Entries Remaining Inter-sections TCAM Entries Saving
2.0.0 240 3453 3,693 520 760 79.4
2.0.1 255 3754 4,009 556 811 79.7
2.1.0 257 3758 4,015 552 809 79.8
2.1.1 263 4067 4,330 596 859 80.1
17
Split filters into Multiple Sets
18
Conclusion
  • We propose a filter split algorithm to decrease
    the intersections
  • O(NM) complexity
  • Guarantee to remove 50 of the intersections each
    time the filter set splits
  • Save TCAM space
  • Reduce power consumption
  • Save 80 TCAM space and power consumption for
    the snort rule sets
  • With the cost of one more TCAM access

19
Ongoing Work
  • Narrow down the search region (Region Split)
  • E.g., tcp packet only needs to search tcp related
    filters
  • Use SRAM accesses to narrow down the search
    region

Region Splits Only Tree based algorithms Memory
access O(logN) Storage cost O(NF) Power
consumption min Update cost high
Filter Splits Only Accesses all filters in
TCAM Memory access of set Storage cost
O(N) Update cost low
Middle ground Hybrid SRAM and TCAM
approach Memory access several (e.g.,
lt5) Storage cost O(N) Power consumption
moderate Update cost moderate
Region Split (SRAM access)
Filter Split (TCAM accesses)
Write a Comment
User Comments (0)
About PowerShow.com