Packet Classifiers In Ternary CAMs Can Be Smaller

1
Packet Classifiers InTernary CAMs Can Be Smaller
SIGMETRICS 2006

• Qunfeng Dong (University of Wisconsin-Madison)
• Suman Banerjee (University of Wisconsin-Madison)
• Jia Wang (ATT Laboratories Research)
• Dheeraj Agrawal (University of Wisconsin-Madison)
• Ashutosh Shukla (University of Wisconsin-Madison)

2
Outline

• Introduction
• TCAM is the favoured solution for wire speed
  packet classification in backbone routers.
• TCAM suffers size explosion on range
  specifications.
• Previous techniques require modification to
  packet processors.
• Motivation
• Trimming rules
• Expanding rules
• Adding rules
• Merging rules
• Design
• Evaluation
• Summary
• Future work

3
Introduction

• Packet classification SVSW98,LS98
• Use a set of rules for finer differentiation of
  packets based on multiple packet header fields.
• Is the foundation of many Internet functions
  (e.g. security, QoS, VPN, etc).
• Each rule specifies a range clause on each
  relevant field
• e.g. the source port must be in the range 5000,
  65535
• Prefix, single value and wildcard are all special
  ranges.
• A rule matches a packet iff every range clause is
  satisfied.
• Objective
• For each incoming packet, find the first (i.e.,
  highest priority) rule that matches the packet.

4
Introduction

• TCAM is the favoured solution for packet
  classification.
• Pure software solutions are becoming increasingly
  difficult as the gap between wire speeds and
  memory speeds keeps widening.
• Unfortunately, TCAM suffers size explosion on
  range clauses and accounts for a significant
  portion of the cost of a router line card.
• Each range clause can take many TCAM entries.
• The total amount of TCAM entries needed is the
  product of the number of TCAM entries needed to
  represent individual range clauses.

5

• Rule
• TCAM

Field A Decision
64, 127 Deny
Field A Decision
01 0
6

• Rule
• TCAM

Field A Decision
80, 127 Deny
Field A Decision
0101 0
011 0
7

• Fact
• A range clause defined on a k-bit
• field may take 2k-2 TCAM entries
• to represent.

8

• Rule
• TCAM

Field A Decision
80, 127 Deny
Field A Decision
0101 0
011 0
9

• Rule
• TCAM

Field A Field B Decision
80, 127 80, 127 Deny
Field A Field B Decision
0101 0101 0
0101 011 0
011 0101 0
011 011 0
10

• Fact
• The total number of TCAM entries
• needed to represent a rule is the product
• of the number of TCAM entries needed
• to represent its range clauses!

11

• Fact
• A rule that specifies range clauses on
• the 16-bit source port and destination
• port can take (216-2) (216-2)
• 900 TCAM entries to represent!

12
Our Objective Approach

• Our objective
• To be cost efficient, we want to reduce the
  amount of TCAM entries needed to implement a
  given rule set.
• Without modifying its semantics!
• Our approach is to transform the given rule set
  into a semantically equivalent rule set that
  requires less TCAM entries to represent.
• Previously proposed techniques
• Represent rules in a new format (e.g.,
  SIGCOMM05)
• Need to modify packet processor hardware to
  interpret the new format.
• Our techniques do not change the format of rule
  sets and hence do not require any hardware
  modification
• Trimming rules
• Expanding rules
• Adding rules
• Merging rules

13
Trimming Rules

• Rule TCAM
• Rule TCAM

Field A Decision
96, 127 Deny
100, 255 Permit
Field A Decision
011 0
011001 1
01101 1
0111 1
1 1
Field A Decision
96, 127 Deny
128, 255 Permit
Field A Decision
011 0
1 1
14
Expanding Rules

• Rule TCAM
• Rule TCAM

Field A Decision
32, 79 Deny
72, 255 Permit
Field A Decision
001 0
0100 0
01001 1
0101 1
011 1
1 1
Field A Decision
001 0
0100 0
01 1
1 1
Field A Decision
32, 79 Deny
64, 255 Permit
15
Adding Rules

• Rule TCAM
• Rule TCAM

Field A Decision
64, 119 Deny
0, 255 Permit
Field A Decision
010 0
0110 0
01110 0
1
Field A Decision
120, 127 Permit
64, 127 Deny
0, 255 Permit
Field A Decision
01111 1
01 0
1 1
16
Merging Rules

• Rule TCAM
• Rule TCAM

Field A Decision
96, 111 Permit
64, 95 Deny
100, 127 Deny
0, 255 Permit
Field A Decision
0110 1
010 0
011001 0
01101 0
0111 0
1
Field A Decision
96, 111 Permit
64, 127 Deny
0, 255 Permit
Field A Decision
0110 1
01 0
1 1
17

• Question
• How to define a systematic solution?

18
Framework
Trim Rule Set

Get Next Rule
YES
Expanding will help?
Expand Rule
NO
YES
Adding a rule will help?
Add A Rule
NO
YES
Merge with other rules will help?
Merge Rules
NO
NO
Last Rule?
YES
Remove Redundancy
19
Trim Rule

Get Next Rule
Core region is the part of a rules definition
region that is not covered by higher rules or
lower rules of the same color
Compute the core region of each rule
To preserve the semantics of the rule set
Trim the rule to be the minimum hypercube
that encloses its core region
To avoid unnecessary increase in the number of
TCAM entries needed
If a range clause originally specifies a prefix,
expand it to be the minimum prefix
NO
Last Rule?
YES
20
Expand Rule

A minimum expansion of the chosen clause should
lead to the largest decrease in the number of
TCAM entries needed
Pick a range clause to expand
NO
Expansion allowed?
YES
Perform a minimum expansion of the chosen range
clause
YES
Any range clause can be expand?
NO
21
Expand with Adding Rules

22
Expand with Adding Rules

23
Expand with Adding Rules

24
Expand with Adding Rules

A minimum expansion of the chosen clause should
lead to the largest decrease in the number of
TCAM entries needed
Pick a range clause to expand
NO
Expansion allowed?
Add a rule before and expand the current rule
YES
NO
Semantics of the rule set preserved?
Perform a minimum expansion of the chosen range
clause
YES
YES
YES
NO
Number of TCAM entries of the rule reduced?
Any range clause can be expand?
Roll back
NO
25
Expand with Adding/Merging Rules

26
Expand with Adding/Merging Rules

27
Expand with Adding/Merging Rules

A minimum expansion of the chosen clause should
lead to the largest decrease in the number of
TCAM entries needed
Pick a range clause to expand
NO
Expansion allowed?
Add a rule before and expand the current rule
YES
NO
Semantics of the rule set preserved?
Perform a minimum expansion of the chosen range
clause
YES
YES
YES
Number of TCAM entries of the rule reduced?
Any range clause can be expand?
NO
NO
Remove redundancy
YES
NO
Number of TCAM entries of the rule set reduced?
Roll back
28
Evaluation

• Real rule sets
• 1000 real rule sets from the network of a tier-1
  ISP
• Each rule specifies clauses on source IP,
  destination IP, source port, destination port and
  protocol type.
• Action doesnt matter here.

29
Evaluation real rule sets

30
Evaluation real rule sets

31
Evaluation

• Ramdom rule sets
• 100 randomly generated rule sets
• IP addresses ? a random prefix
• Protocol type ? a random number
• Port range ? a random sub-range of 0, 65535
• Action ? randomly selected from actions in real
  rule sets

32
Evaluation random rule sets

33
Evaluation random rule sets

34
Summary

• Packet classification is the foundation of many
  Internet functions.
• TCAM is the favoured solution for packet
  classification.
• Pure software solutions are becoming increasingly
  difficult as the gap between wire speeds and
  memory speeds keeps widening.
• TCAM suffers size explosion on range clauses.
• TCAM accounts for a significant portion of the
  cost of router line cards.
• We propose (a set of techniques) to define
  smaller but semantically equivalent rule sets.
• Do not require any hardware modification.
• Become even more effective with more range
  clauses!

35
Future Work

• We have tried to compress TCAM.
• Question
• Can we totally eliminate TCAM?

36
Future Work

• Work in progress
• Wire Speed Packet Classification Without TCAM
• One More Register (And A Bit of Logic) Is Enough
• Poster _at_ ACM SIGCOMM 2006
• Pisa, Italy
• 9.11 9.15

37
Future Work

• More coming
• Besides packet classification based on
• the standard 5-tuple, deep packet
• classification based on payload is another
• important topic of interest.

38
Thank you!
SIGMETRICS 2006

• Qunfeng Dong
• University of Wisconsin - Madison
• Email qunfeng_at_cs.wisc.edu