Two stage packet classification using most specific filter matching and transport level sharing

1. Two stage packet classification using most specific filter matching and transport level sharing Authors: M.E. Kounavis *,A. Kumar,R. Yavatkar,H. Vin Presenter: Yi-Sheng, Lin (林意勝) Date: Publisher/Conf. : Computer Networks 51 (2007) Dept. of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

2. Outline • Introduction • Related Work • Most Specific Filter Matching • Transport Level Sharing • Hardware Acceleration of TLS • Evaluation

3. Introduction • We split the classification process into two stages. • First, we perform classification on source–destination IP prefix pairs using the most specific filter matching (MSFM) algorithm. • The basic idea behind MSFM is that significant amount of cross products which are stored as part of a classifier’s database can be removed from the database

4. Introduction • Second, we perform classification on transport level fields exploiting transport level sharing. • We observe that in real world databases many different sets of source–destination IP prefix pairs are associated with identical sets of transport level fields. • In this document we present a solution to the single match classification problem.

5. Related Work (cross producting) [3] V. Srinivasan, S. Suri, G. Varghese, M. Waldvogel, Fast and scalable layer four switching, in: Proceedings of ACM SIGCOMM, 1998.

6. Related Work

7. Most Specific Filter Matching (MSMF)

8. Most Specific Filter Matching (MSMF) • Improving Cross Producting The Cross Producting technique can be significantly reduced by observing that from among the many cross products only a few really need to be placed in the lookup table.

9. Most Specific Filter Matching (MSMF) • A first group of cross products which can be removed from the lookup table are those for which there is no filter in the database apart from (*,*) that contains them.

10. Most Specific Filter Matching (MSMF) • The cross products which are only covered by partially-specified filters or filter intersections can be removed from the lookup table.

11. Most Specific Filter Matching (MSMF) • The MSFM algorithm builds two trie data structures for the source and destination IP prefixes. Each prefix is marked as associated with a partially- or fully-specified filter or both.

12. Most Specific Filter Matching (MSMF)

13. Most Specific Filter Matching (MSMF)

14. Transport Level Sharing (TLS) • There is sharing characterizing the sets of the rules specifying the same source–destination IP prefix pair at adjacent priority levels.

15. Transport Level Sharing (TLS) • We move each new rule ‘up’ or ‘down’ the priority list as long the rules below or above specify a different IP prefix pair and do not overlap.

16. Src. IP Dest. IP Src. Dest. Action Priority address address port port 128.59.* 132.12.* * www Permit n 128.59.* 132.12.* * ftp Permit n + 1 128.59.* 132.12.* * telnet Permit n + 2 147.102.* 12.45.* * www Permit n + 3 147.102.* 12.45.* * ftp Permit n + 4 147.102.* 12.45.* * telnet Permit n + 5 134.22.* 221.34.* * www Permit n + 6 134.22.* 221.34.* * ftp Permit n + 7 134.22.* 221.34.* * telnet Permit n + 8 Transport Level Sharing (TLS)

17. Hardware Acceleration of TLS

18. Hardware Acceleration of TLS

19. Hardware Acceleration of TLS

20. Creating An Index for TCAM Entries

21. Evaluation

22. Evaluation

23. Conclusion • In this paper we described a hybrid scheme, where a parallel LPM lookup algorithm implemented in software determines the most specific filter for a packet and a specialized hardware unit determines if the packet matches any of the transport level fields of a database. • The most significant contribution of our work is that our scheme can classify packets in a small and predictable number of steps which is independent of the number of rules in a database, while keeping its memory requirement at reasonable level.