naf conversion: an efficient solution for the range matching problem in packet filters
DESCRIPTION
NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters. Author: Nizar Ben Neji , Adel Bouhoula Publisher : IEEE International Conference ,2011 Presenter : Kai-Yang Liu Date:2011/08/31. Introduction. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/1.jpg)
AUTHOR:NIZAR BEN NEJI, ADEL BOUHOULAPUBLISHER:IEEE INTERNATIONAL CONFERENCE ,2011PRESENTER:KAI-YANG LIUDATE:2011/08/31
1
NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters
![Page 2: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/2.jpg)
Introduction2
The cause of the coexistence of range based and prefix based fields within the filtering rules.In this paper, we deal with prefix-based solutions.The available solutions usually require that the filtering rules must be written only in prefix format.Arbitrary ranges need to be usually converted into standard prefixes when dealing with prefix based solutions.
![Page 3: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/3.jpg)
Direct Range to Prefix Conversion
3
![Page 4: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/4.jpg)
Exmaple4
![Page 5: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/5.jpg)
Direct Range to Prefix Conversion
In the worst case, the w-bit range [1, 2w−2] is split into 2w−2 prefixes.
For example, the 4-bit worst case range [1,14] requires 6 prefixes as follows:
5
![Page 6: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/6.jpg)
Non-Adjacent Form6
Every integer n has a unique non-adjacent form (NAF). NAF is a signed binary representation
(SBR) of length k and of the form n = where the digits are in {−1, 0, 1} satisfying the property that ai×ai+1 = 0
Example: 47 is 101111 = 32+8+4+2+1 and the NAF form
is
![Page 7: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/7.jpg)
Proposed Technique7
Notations and Terminology:1. w is the size of the packet header
field to be inspected.2. A w-bit range R = [l , u]satisfies 0 ≤ l
≤ 2w−1 (lower bound) and 0 ≤u ≤ 2w −1 (upper bound) where l ≤ u.
![Page 8: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/8.jpg)
Proposed Technique8
3. Adjacent ranges: Two w-bit ranges [l1 , u1] and [l2 , u2] are adjacent if l2 = u1+1.
4. Consecutive elementary ranges: Two elementary ranges[l1 , u1] and [l2 , u2] are consecutive if they are adjacent and they have same widths or consecutive power of 2 widths.
=> |width1−width2| = min(width1 , width2)
![Page 9: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/9.jpg)
Conversion Algorithm of a Single Range
9
Lower{ } is a list of Integers and it stores lower bounds of ranges,
Upper{ } is a list of Integers and it stores upper bounds of ranges,
Sign{ } is a binary list and it stores signs as 0s and 1s,the zero value means “ +” and one means “ -” .
![Page 10: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/10.jpg)
Example10
![Page 11: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/11.jpg)
Example
Case 1: difference equals to zero Ex: [4,7] ,[8,11]
[4,7] = 01** U1+1=L2 , L2=(1000)2
[8,11] = 10** max(width1,width2)=4
=> L2 mod (2.max(midth1,width2))=0 ∴ can’t be converted
11
![Page 12: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/12.jpg)
Example
Case 2: difference equals to width1 Ex: [6,7] ,[8,11]
[6,7] = 011* U1+1=L2 , L2=(1000)2
[8,11] = 10** max(width1,width2)=4
=> L2 mod (2.max(midth1,width2))=0 ∴ can’t be converted
12
![Page 13: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/13.jpg)
Matching Algorithm13
Two main phases:searching for the longest matching prefix and
then searching for the shortest prefix that doesn’t match.
Ex: A. 2 =
(0010)2 B. 4 =
(0100)2.
![Page 14: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/14.jpg)
Performance Analysis14
Worst Expansion Case The worst expansion case for DRPC
algorithm gives for the w-bit range of the form [1, 2w−2] 2w-2 prefixes.
The proposed algorithm: → Only 3 prefixes
![Page 15: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/15.jpg)
The Worst Case for the NAF Conversion
15
The worst case expansion is only w prefixesExample:
![Page 16: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/16.jpg)
General Case of the Worst Result16
![Page 17: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/17.jpg)
Average Expansion Case17
![Page 18: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/18.jpg)
Special Cases18
Converting multiple ranges:1. Two intersecting ranges [a , b] and [c , d]
and c≤b2.Two disjoint ranges such that b+1<cLeft and right extremal ranges: Left: [0, a ] with 0≤a≤2W-1 ; Worst:[0, 2W-2] Right: [b, 2W-1 ] with 0≤b≤2W-1 ; Worst:[1,
2W-1]
![Page 19: NAF Conversion: An Efficient Solution for the Range Matching Problem in Packet Filters](https://reader035.vdocuments.mx/reader035/viewer/2022062409/568148ea550346895db605a8/html5/thumbnails/19.jpg)
Special Cases19
Negation of an arbitrary range: The negation of the w-bit range [a, b] gives
two extremal w-bit ranges [0, a−1] and [b+1,
2w−1]. Worst case of DRPC : 2w-2 prefixes given by
the range of the formWorst case of NAF conversion : w prefixes
given by the negation of the range of the form: