Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International

Packet Classification using Rule Caching

Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras

Publisher: IISA, 2013 Fourth International Conference

Presenter: Chih-Hsun Wang

Date: 2014/12/10

Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Introduction

Different packet classification schemes have been developed but they require a number of memory accesses as classification is complex and memory is slow.

We propose a scheme based on memory cache to support packet classification.

We present various packet classification caching schemes for performing classification and provide the cache hit ratio results for various traffic models generated with Class bench.

National Cheng Kung University CSIE Computer & Internet Architecture Lab

2

Method (1/9)

Use the concept of caching of rules using the least-recently used (LRU) policy to replace information in the cache.

Create two tries, one for the source IP and the other one for the destination IP

Priority Bit• (1) there does not exist any rule which could be matched if r is

matched. • (2) there exists no rule of higher precedence which could be matched

if rule r is matched.


3

Method (2/9)


4

Method (3/9)


5

R1,R2,R3,R4,R5,R6

R1,R2,R6

R4,R6

R5,R6

R3,R5,R6

R5,R6

R5,R6

R6

R6

R6

R6R6

Method (4/9)


6

R1,R2,R3,R4,R5,R6

R1,R2,R6

R4,R6

R4,R6

R5,R6

R5,R6

R5,R6

R3,R5,R6

Method (5/9)

We can decrease the number of steps in trie traversing by directly checking the rules that could be matched and those that have a priority higher than the rules in the cache.

To achieve this, we need to store two address pointers, the source IP trie address pointer and the destination IP trie address pointer.


7

Method (6/9)

Data Structure• Source IP, Destination IP• Source port range, Destination port range• Protocol• Flags• Priority bit• Source IP trie address, Destination IP trie address


8

Method (7/9)


9

Incoming Packet

Source IP Destination IP Source Port

Des. Port

1100* 111* 6 17

Cache

R1

R2

Search

R2 will match in cache but it’s priority bit is 0

Rule # SIP DIP SP DP PB AP

R1 1100* 111* 0:5 16:20 1 S11,D6

R2 1100* 111* 0:65535 16:20 0 S11,D6

Method (8/9)


10

Search


R1 1100* 111* 0:5 16:20 1 S11,D6

R2 1100* 111* 0:65535 16:20 0 S11,D6

Method (9/9)


11

Search


R1 1100* 111* 0:5 16:20 1 S11,D6

R2 1100* 111* 0:65535 16:20 0 S11,D6

Incoming Packet

Source IP Destination IP Source Port

Des. Port

1100* 111* 6 17

match R2

Problem (1/3)


12

Problem (2/3)


13

Incoming Packet

Source IP Destination IP Source Port Des. Port

69.63.137.234 81.170.248.180 750 113

Best matchR11

Problem (3/3)


14

Incoming Packet

Source IP Destination IP Source Port Des. Port

69.63.137.234 Not 81.170.248.180 750 113

Best matchR16

Solution (1/3)

Create additional 256-bit vector and information about the dependent rules.

Change the position of the bit pointed to by the value in the byte to 1.

Keep the bit vector that contains the smallest number of 1’s along with the marker signifying the byte number of the bit vector


15

Solution (2/3)


16

R16 for example

Dependent rules:R11, R12, R13

Solution (3/3)


17

R16 for example

Pick

Implemented Method(1/17)

Method I• Use a simple LRU scheme.• Use a priority bit without the 256-bit vector.

Method II• Use a simple LRU scheme.• Use a priority bit and the 256-bit vector.


18


Method III• Use the frequency-based replacement method.• Cache is divided into three sections: NEW, MID

and OLD sections.• Every rule in the cache has a reference count

associated with it.


19



20

NEW

R1,1

MID OLD

R1 match



21

NEW

R2,1

R1,1

MID OLD

R2 match



22

NEW

R3,1

R2,1

R1,1

MID OLD

R3 match



23

NEW

R4,1

R3,1

R2,1

MID

R1,1

OLD

R4 match



24

NEW

R1,2

R4,1

R3,1

MID

R2,1

OLD

R1 match

If the rule hit is in the MID section, then its count is incremented and the rule is moved to the head of the NEW section.



25

NEW

R4,1

R1,2

R3,1

MID

R2,1

OLD

R4 match

The reference count of the rule is not incremented in the NEW and OLD sections.



26

NEW

R4,1

R1,2

R3,1

MID

R2,1

R5,1

R6,1

OLD

R7,1

R8,2

R9,1

R10 match

If the cache is full, then we remove from the OLD section the rule that has the least count.


Method IV• Separate count for the rule in the main memory

and cache.• Do not cache the rule until the count for the rule

crosses a threshold.• Maintain a sampling window of T time slots (i.e.,

incoming packet counts). At every t=n*T, for n=1, 2, 3, …, we transfer into the cache the rules that have counts bigger than the chosen threshold.


27



28

Main Memory

R1,3

R2,0

R3,0

R4,0

R5,0

R6,0Incoming Packet match R1, R1, R1

Cache

Threshold = 2, t = n*T, n = 1



29

At every t=n*T, for n= 1, 2, 3, …, we transfer into the cache the rules that have counts bigger than the chosen threshold. F

Main Memory

R1,1

R2,0

R3,0

R4,0

R5,0

R6,0

Cache

R1,1




30

Main Memory

R1,1

R2,1

R3,1

R4,1

R5,1

R6,1

Cache

R1,1

R3,1

R4,2


Incoming Packet match R5, R6, R5



31

Main Memory

R1,1

R2,1

R3,1

R4,1

R5,3

R6,2

Cache

R1,1

R3,1

R4,2

Incoming Packet match R5, R6, R5




32

Main Memory

R1,1

R2,1

R3,1

R4,1

R5,1

R6,2

Cache

R5,1

R1,1

R4,1


R3 has be replaced

Method V• This method is very similar to the method III.• Remove the MID section in the cache.• Increment counts in the OLD section.• The OLD section is very wide containing 768

locations.


33



34

Experimental Results (1/4)


35



36



37


Documents

Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International