Packet Classification using Rule Caching
Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras
Publisher: IISA, 2013 Fourth International Conference
Presenter: Chih-Hsun Wang
Date: 2014/12/10
Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
Introduction
Different packet classification schemes have been developed but they require a number of memory accesses as classification is complex and memory is slow.
We propose a scheme based on memory cache to support packet classification.
We present various packet classification caching schemes for performing classification and provide the cache hit ratio results for various traffic models generated with Class bench.
National Cheng Kung University CSIE Computer & Internet Architecture Lab
2
Method (1/9)
Use the concept of caching of rules using the least-recently used (LRU) policy to replace information in the cache.
Create two tries, one for the source IP and the other one for the destination IP
Priority Bit• (1) there does not exist any rule which could be matched if r is
matched. • (2) there exists no rule of higher precedence which could be matched
if rule r is matched.
National Cheng Kung University CSIE Computer & Internet Architecture Lab
3
Method (2/9)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
4
Method (3/9)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
5
R1,R2,R3,R4,R5,R6
R1,R2,R6
R4,R6
R5,R6
R3,R5,R6
R5,R6
R5,R6
R6
R6
R6
R6R6
Method (4/9)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
6
R1,R2,R3,R4,R5,R6
R1,R2,R6
R4,R6
R4,R6
R5,R6
R5,R6
R5,R6
R3,R5,R6
Method (5/9)
We can decrease the number of steps in trie traversing by directly checking the rules that could be matched and those that have a priority higher than the rules in the cache.
To achieve this, we need to store two address pointers, the source IP trie address pointer and the destination IP trie address pointer.
National Cheng Kung University CSIE Computer & Internet Architecture Lab
7
Method (6/9)
Data Structure• Source IP, Destination IP• Source port range, Destination port range• Protocol• Flags• Priority bit• Source IP trie address, Destination IP trie address
National Cheng Kung University CSIE Computer & Internet Architecture Lab
8
Method (7/9)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
9
Incoming Packet
Source IP Destination IP Source Port
Des. Port
1100* 111* 6 17
Cache
R1
R2
Search
R2 will match in cache but it’s priority bit is 0
Rule # SIP DIP SP DP PB AP
R1 1100* 111* 0:5 16:20 1 S11,D6
R2 1100* 111* 0:65535 16:20 0 S11,D6
Method (8/9)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
10
Search
Rule # SIP DIP SP DP PB AP
R1 1100* 111* 0:5 16:20 1 S11,D6
R2 1100* 111* 0:65535 16:20 0 S11,D6
Method (9/9)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
11
Search
Rule # SIP DIP SP DP PB AP
R1 1100* 111* 0:5 16:20 1 S11,D6
R2 1100* 111* 0:65535 16:20 0 S11,D6
Incoming Packet
Source IP Destination IP Source Port
Des. Port
1100* 111* 6 17
match R2
Problem (1/3)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
12
Problem (2/3)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
13
Incoming Packet
Source IP Destination IP Source Port Des. Port
69.63.137.234 81.170.248.180 750 113
Best matchR11
Problem (3/3)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
14
Incoming Packet
Source IP Destination IP Source Port Des. Port
69.63.137.234 Not 81.170.248.180 750 113
Best matchR16
Solution (1/3)
Create additional 256-bit vector and information about the dependent rules.
Change the position of the bit pointed to by the value in the byte to 1.
Keep the bit vector that contains the smallest number of 1’s along with the marker signifying the byte number of the bit vector
National Cheng Kung University CSIE Computer & Internet Architecture Lab
15
Solution (2/3)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
16
R16 for example
Dependent rules:R11, R12, R13
Solution (3/3)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
17
R16 for example
Pick
Implemented Method(1/17)
Method I• Use a simple LRU scheme.• Use a priority bit without the 256-bit vector.
Method II• Use a simple LRU scheme.• Use a priority bit and the 256-bit vector.
National Cheng Kung University CSIE Computer & Internet Architecture Lab
18
Implemented Method(2/17)
Method III• Use the frequency-based replacement method.• Cache is divided into three sections: NEW, MID
and OLD sections.• Every rule in the cache has a reference count
associated with it.
National Cheng Kung University CSIE Computer & Internet Architecture Lab
19
Implemented Method(3/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
20
NEW
R1,1
MID OLD
R1 match
Implemented Method(4/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
21
NEW
R2,1
R1,1
MID OLD
R2 match
Implemented Method(5/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
22
NEW
R3,1
R2,1
R1,1
MID OLD
R3 match
Implemented Method(6/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
23
NEW
R4,1
R3,1
R2,1
MID
R1,1
OLD
R4 match
Implemented Method(7/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
24
NEW
R1,2
R4,1
R3,1
MID
R2,1
OLD
R1 match
If the rule hit is in the MID section, then its count is incremented and the rule is moved to the head of the NEW section.
Implemented Method(8/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
25
NEW
R4,1
R1,2
R3,1
MID
R2,1
OLD
R4 match
The reference count of the rule is not incremented in the NEW and OLD sections.
Implemented Method(9/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
26
NEW
R4,1
R1,2
R3,1
MID
R2,1
R5,1
R6,1
OLD
R7,1
R8,2
R9,1
R10 match
If the cache is full, then we remove from the OLD section the rule that has the least count.
Implemented Method(10/17)
Method IV• Separate count for the rule in the main memory
and cache.• Do not cache the rule until the count for the rule
crosses a threshold.• Maintain a sampling window of T time slots (i.e.,
incoming packet counts). At every t=n*T, for n=1, 2, 3, …, we transfer into the cache the rules that have counts bigger than the chosen threshold.
National Cheng Kung University CSIE Computer & Internet Architecture Lab
27
Implemented Method(11/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
28
Main Memory
R1,3
R2,0
R3,0
R4,0
R5,0
R6,0Incoming Packet match R1, R1, R1
Cache
Threshold = 2, t = n*T, n = 1
Implemented Method(13/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
29
At every t=n*T, for n= 1, 2, 3, …, we transfer into the cache the rules that have counts bigger than the chosen threshold. F
Main Memory
R1,1
R2,0
R3,0
R4,0
R5,0
R6,0
Cache
R1,1
Threshold = 2, t = n*T, n = 1
Implemented Method(14/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
30
Main Memory
R1,1
R2,1
R3,1
R4,1
R5,1
R6,1
Cache
R1,1
R3,1
R4,2
Threshold = 2, t = n*T, n = 1
Incoming Packet match R5, R6, R5
Implemented Method(15/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
31
Main Memory
R1,1
R2,1
R3,1
R4,1
R5,3
R6,2
Cache
R1,1
R3,1
R4,2
Incoming Packet match R5, R6, R5
Threshold = 2, t = n*T, n = 1
Implemented Method(16/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
32
Main Memory
R1,1
R2,1
R3,1
R4,1
R5,1
R6,2
Cache
R5,1
R1,1
R4,1
Threshold = 2, t = n*T, n = 1
R3 has be replaced
Method V• This method is very similar to the method III.• Remove the MID section in the cache.• Increment counts in the OLD section.• The OLD section is very wide containing 768
locations.
National Cheng Kung University CSIE Computer & Internet Architecture Lab
33
Implemented Method(17/17)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
34
Experimental Results (1/4)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
35
Experimental Results (2/4)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
36
Experimental Results (3/4)
National Cheng Kung University CSIE Computer & Internet Architecture Lab
37
Experimental Results (4/4)