packet classification using extended tcams
DESCRIPTION
Packet Classification using Extended TCAMs. Edward W. Spitznagel, Jonathan S. Turner, David E. Taylor Supported by NSF ANI-9813723, DARPA N660001-01-1-8930. Packet Classification Problem. Filter. Source Address. Destination Address. Source Port. Destination Port. Protocol. Action. - PowerPoint PPT PresentationTRANSCRIPT
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 1
Packet Classification usingExtended TCAMs
Edward W. Spitznagel, Jonathan S. Turner, David E. Taylor
Supported by NSF ANI-9813723, DARPA N660001-01-1-8930
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 2
Packet Classification Problem• Suppose you are a firewall, or QoS router, or network monitor ...
• You are given a list of rules (filters) to determine how to process incoming packets, based on the packet header fields– Some fields in the rules are specified with bit masks; others with ranges
• Goal: when a packet arrives, find the first rule that matches the packet’s header fields
SourceAddress
DestinationAddress
FilterSource
PortDestination
PortProtocol
11xx 01xxa 2-4 0-15 TCP
01xx 0010b 3-15 3-15 UDP
0101 xxxxc 3 * *
1101 101xd - - ICMP
Action
fwd 7
fwd 2
deny
fwd 5
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 3
Packet Classification Problem
• Example: packet arrives with header (0101, 0010, 3, 5, UDP)– classification result: filter b is matched
– filter c also matches, but, b occurs before c in the list
• Easy to do when we have only a few rules; very difficult when we have 100,000 rules and packets arrive at 40 Gb/s
SourceAddress
DestinationAddress
FilterSource
PortDestination
PortProtocol
11xx 01xxa 2-4 0-15 TCP
01xx 0010b 3-15 3-15 UDP
0101 xxxxc 3 * *
1101 101xd - - ICMP
Action
fwd 7
fwd 2
deny
fwd 5
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 4
Geometric Representation• Filters with K fields can
be represented geometrically in K dimensions
• Example:
2 640
2
6
4
0
Source Address
Sou
rce
Por
t
Source Address Source PortFilter
xxx 2-3a
010 0-7b
xx1 7c
a
b
c c c c
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 5
Related Work
• TCAM-based parallel classification– CoolCAMs (Narlikar, Basu, Zane) for IP lookup
• SRAM-based sequential classification– Recursive Flow Classification (Gupta, McKeown)
– HiCuts (Gupta, McKeown)
– Extended Grid of Tries (Baboescu, Singh, Varghese)
– HyperCuts (Singh, Baboescu, Varghese, Wang)
• SRAM: 6 transistors per bit (vs. 16 for TCAM), but the SRAM approaches use more bits per filter
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 6
• Most popular practical approach to high-performance packet classification
• Hardware compares query word (packet header) to all stored words (filters) in parallel– each bit of a stored word can be 0, 1, or X (don’t care)
• Very fast, but not without drawbacks:– High power consumption limits scalability
– inefficient representation of ranges
Ternary CAMs
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 7
SourceAddress
DestinationAddress
Filter
11xx xxxxa
0xxx 01xxb
xxxx 0110c
11100110
11100110
11100110
11100110Query:
Match!
Doesn’t Match
Match!
Entry 0 (filter a) is thefirst matching filter
1110 0110Packet:Src. Addr. Dest. Addr.
ContentsAddress
11xxxxxx0
0xxx01xx1
xxxx01102
TCAM
Ternary CAM - Example
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 8
Range Matching in TCAMs
• Convert ranges intosets of prefixes– 1-4 becomes 001, 01*, and 100
– 3-5 becomes 011 and 10*
2 640
2
6
4
0
Source Port
Des
tina
tion
Por
t
F
Source Port Destination PortFilter
1-4 3-5F
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 9
Range Matching in TCAMs
• With two 16-bit range fields,a single rule could require upto 900 TCAM entries!
• Typical case: entire filter setexpands by a factor of 2 to 6
2 640
2
6
4
0
Source Port
Des
tina
tion
Por
t
b c
e f
a
d
Source Port Destination PortFilter
001 10*a
01* 10*b
100 10*c
001 011d
01* 011e
100 011f
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 10
Extended TCAMs
• Extend standard TCAM architecture to enable classification with larger rulesets
• Partitioned TCAM, for reduced power– inspired by CoolCAMs– differences in indexing, search and partitioning
algorithms
• Support range matching directly in hardware
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 11
Use of Partitioned TCAM
• Main component of power use in TCAM search is proportional to number of entries searched
• Partitioning the TCAM:– divide TCAM into blocks of entries– each block is enabled for search via an associated
index filter
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 12
Use of Partitioned TCAM• Example: suppose we are given
the following filters:
0-15, 0xxx0-6, 1xxx
7-15, 1xxx0-15, xxxx
1-13, 001x2-3, 00xx
11-14, 011x12-12, 01xx
0-5, 11101-2, 11xx
7-7, 110x13-14, 11xx11-15, 111x
9-10, xxxx0-14, 1010
index filters:
filter blocks:
a. 1-13, 001xb. 2-3, 00xxc. 9-10, xxx1d. 11-14, 011xe. 12-13, 0xxxf. 0-14, 1010g. 7-7, 110xh. 0-5, 1110i. 1-2, 1x1xj. 13-14, 11xxk. 11-15, 111x
A real Extended TCAM would have more blocks, and more filters per block.
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 13
Use of Partitioned TCAM
• Example: classify packet with header values (2, 1010)– index block: second and
fourth filters match
– search second and fourthfilter blocks
– find matching filters(1-2, 1x1x) and (0-14, 1010)
0-15, 0xxx0-6, 1xxx
7-15, 1xxx0-15, xxxx
1-13, 001x2-3, 00xx
11-14, 011x12-12, 01xx
0-5, 11101-2, 11xx
7-7, 110x13-14, 11xx11-15, 111x
9-10, xxxx0-14, 1010
index filters:
filter blocks:
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 14
Use of Partitioned TCAM
• The key to minimizing power consumption:
Organize filters so that only a few TCAM blocks must be searched to find the filters matching a packet.
– Use a filter grouping algorithm
0-15, 0xxx0-6, 1xxx
7-15, 1xxx0-15, xxxx
1-13, 001x2-3, 00xx
11-14, 011x12-12, 01xx
0-5, 11101-2, 11xx
7-7, 110x13-14, 11xx11-15, 111x
9-10, xxxx0-14, 1010
index filters:
filter blocks:
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 15122 14108640
12
2
14
10
8
6
4
0
f
c
a. 1-13, 001xb. 2-3, 00xxc. 9-10, xxxxd. 11-14, 011xe. 12-13, 0xxxf. 0-14, 1010g. 7-7, 110xh. 0-5, 1110i. 1-2, 11xxj. 13-14, 11xxk. 11-15, 111x
a
b
d
e
h
i g
k
j
0-15, 0xxxIndex entry filters a, b, d, e
April 20, 2023 15
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 16122 14108640
12
2
14
10
8
6
4
0
f
c
a. 1-13, 001xb. 2-3, 00xxc. 9-10, xxxxd. 11-14, 011xe. 12-13, 0xxxf. 0-14, 1010g. 7-7, 110xh. 0-5, 1110i. 1-2, 11xxj. 13-14, 11xxk. 11-15, 111x
g
k
j
0-15, 0xxxIndex entry filters a, b, d, e
0-6, 1xxx h, i
h
i
April 20, 2023 16
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 17122 14108640
12
2
14
10
8
6
4
0
f
c
a. 1-13, 001xb. 2-3, 00xxc. 9-10, xxxxd. 11-14, 011xe. 12-13, 0xxxf. 0-14, 1010g. 7-7, 110xh. 0-5, 1110i. 1-2, 11xxj. 13-14, 11xxk. 11-15, 111x
g
k
j
0-15, 0xxxIndex entry filters a, b, d, e
0-6, 1xxx h, i
7-15, 1xxx g, j, k
April 20, 2023 17
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 18122 14108640
12
2
14
10
8
6
4
0
a. 1-13, 001xb. 2-3, 00xxc. 9-10, xxxxd. 11-14, 011xe. 12-13, 0xxxf. 0-14, 1010g. 7-7, 110xh. 0-5, 1110i. 1-2, 11xxj. 13-14, 11xxk. 11-15, 111x
0-6, 1xxx
7-15, 1xxx
0-15, 0xxxIndex entry filters a, b, d, e
h, i
g, j, k
0-15, xxxx c, f
Next phase:
f
c
April 20, 2023 18
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 19122 14108640
12
2
14
10
8
6
4
0
a. 1-13, 001xb. 2-3, 00xxc. 9-10, xxxxd. 11-14, 011xe. 12-13, 0xxxf. 0-14, 1010g. 7-7, 110xh. 0-5, 1110i. 1-2, 11xxj. 13-14, 11xxk. 11-15, 111x
0-6, 1xxx
7-15, 1xxx
0-15, 0xxxIndex entry filters a, b, d, e
h, i
g, j, k
0-15, xxxx c, f
Next phase:
April 20, 2023 19
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 20
Creating a set of partitions
• At most k filters per region (k = block size)• Regions within the same partition do not overlap• Total number of regions equals the index size
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 21
Range Matching
• Store a pair of values (lo , hi ) for each range match field
• Range check circuitry compares query values against lo and hi to determine if query is in range– Transistors per bit of range field is twice that of ordinary TCAM
– But, for typical IPv4 applications, this results in just a 22% increase in overall transistor count
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 22
Performance Metrics
• Power Fraction =
– a measure of power usage, relative to a standard TCAM
– smaller is better
• Storage Efficiency =
– higher is better; 1 is optimal
index size + (# of partitions)(block size)
number of filters
number of filters
index size + (# of blocks)(block size)
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 23
0
0.05
0.1
0.15
0.2
0.25
0.3
1000 10000 100000
Number of Filters
Po
wer
Fra
ctio
n
Different Block Sizes
Block size=256
Block size=64
Block size =32
Block size=16
Block size=128
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 24
0
0.05
0.1
0.15
0.2
2000 4000 8000 16000 32000 64000 128000
# Filters
Po
wer
Fra
ctio
nResults: Power Fraction
Block size = 32 Block size = 64 Block size = 128Block
size = 256
Basic Algorithm
Refined
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 25
Results: Storage Efficiency
0
0.2
0.4
0.6
0.8
1
1.2
2000 4000 8000 16000 32000 64000 128000
# Filters
Sto
rag
e E
ffic
ien
cy
Block size = 32 Block size = 64 Block size = 128Block
size = 256
Basic Algorithm Refined
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 26
Current/Future Work
• Computational complexity of filter grouping problem
• Filter updates (add/delete operations)
• Multi-level indices
• Different partitioning algorithms
• Application to SRAM/DRAM-based classification techniques
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 27
Summary
• Packet Classification is important for many advanced network services
• TCAMs scale poorly due to power consumption and inefficient range match representations
• Extended TCAMs: solve these issues by using partitioned TCAM and hardware support for range matching– power consumption greatly reduced (typically to 5% or less of power used
by a standard TCAM)
– range match hardware: avoid inefficiency in representing ranges
Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel
April 20, 2023 28
Questions?
?