reviewed by michela becchi
DESCRIPTION
Packet Classification Using Multidimensional Cutting Sumeet Singh (UCSD) Florin Baboescu (UCSD) George Varghese (UCSD) Jia Wang (AT&T Labs-Research). Discussion Leader Haoyu Song. Reviewed by Michela Becchi. Outline. Introduction Related works HiCuts HyperCuts Evaluation Conclusions. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/1.jpg)
Packet Classification Using Multidimensional Cutting
Sumeet Singh (UCSD)Florin Baboescu (UCSD)George Varghese (UCSD)
Jia Wang (AT&T Labs-Research)
Reviewed by
Michela BecchiDiscussion Leader
Haoyu Song
![Page 2: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/2.jpg)
Michela Becchi - 04/19/23
Outline
Introduction
Related works» HiCuts
HyperCuts
Evaluation
Conclusions
![Page 3: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/3.jpg)
Michela Becchi - 04/19/23
Packet Classification
Rule-based packets’ handling» Destination address» Source address» Protocol type» Destination and source port» TCP flags
Rules Destination Source Dest. Port Action
Rule1 * 128.13.34.42 25 Block
Rule2 128.12.120.1 * * Redirect
![Page 4: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/4.jpg)
Michela Becchi - 04/19/23
Applications
Security
QoS
Network address translation
Traffic shaping
Monitoring
…
![Page 5: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/5.jpg)
Michela Becchi - 04/19/23
Challenge
Classify packets at packets’ processing speed
Increasing link speed » 14% links between core routers OC-768 (40 Gbps)» 21% links between edge routers OC-192 (10 Gbps)
Memory-time tradeoff
![Page 6: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/6.jpg)
Michela Becchi - 04/19/23
Terminology
Classifier: N rules R1,R2,…,RN
Rule Rj: array of k values (fields, dimensions )
Rj[i]: value of the i-th header field of a packet» Exact match: source address equal to 128.252.169.1 » Prefix match: destination address matches 128.252.*» Range match: destination port in range 0 to 255
actionj: action associated to Rj
E.g. R=(128.252.*,*,TCP,23,*), action=block» Pkt1=(128.252.169.16,128.111.41.101,TCP,23,1025)» Pkt2=(128.252.169.16,128.111.41.101,TCP,79,1025)
![Page 7: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/7.jpg)
Michela Becchi - 04/19/23
Memory-time tradeoff Time-memory tradeoff:
» O((log N)^(k-1)) time and linear space» Log N time and O(N^k) space
SRAM vs. DRAM
Hardware solutions: Ternary CAMs
Algorithmic solutions:» Linear search» EGT-PC» HiCuts
Note: Update complexity not considered for core routers
![Page 8: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/8.jpg)
Michela Becchi - 04/19/23
TCAMs
Uses parallelism in hardware
Pros:» Low latency and high throughput» Simple on-chip management scheme
Cons:» Power scaling (parallel comparisons) » Density scaling (more board area)» Time scaling (highest match arbitration)» Rule Multiplication for ranges (prefix format)
=> Suitable for small classifiers
![Page 9: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/9.jpg)
Michela Becchi - 04/19/23
EGT-PC
Extended Grid-Of-Tries with Path Compression
Idea: Regardless of database size, any packet matches only a few rules. This is true even when the rules are projected to only source or destination fields
Extend efficient two-field classification algorithm with linear search
Worst case search time ~ HiCuts optmized for speed
Memory requirement ~ HiCuts optmized for space
![Page 10: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/10.jpg)
Michela Becchi - 04/19/23
HiCuts
Hierarchical Intelligent Cutting
Decision-tree based algorithm
Linear search on leaves
Storage ~ depth of tree
Local optimization decisions at each node to test next dimension to cut» Limit amount of linear search» Limit amount of storage increase
Range checks => cut=hyperplane
![Page 11: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/11.jpg)
Michela Becchi - 04/19/23
HiCuts: an example
Field2
Field4 Field3
R9
R10
R11
R8
R9
R10
R11
R7
R10
R11
R3
R7
R10
R11
R2
R7
R10
R11
R4
R7
R10
R11
R7
R10
R11R7
R11
R0
R5
R6
R10
R7
R10
R11
Field5R1
R7
R10
R11
R0
R5
R6
R7
R10
R11
R2
R3
R4
R7
R10
R11
R0
R1
R5
R6
R7
R10
R11
0..3 4..7 8..11
12..15
Bucket size = 4
(0010,1101,00,01,TCP)
12..15
0
![Page 12: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/12.jpg)
Michela Becchi - 04/19/23
From HiCuts to Hypercuts
Multiple cuts per node possible» Reduce depth of the tree (memory)» Through array indexing one memory access per node
Hypercube instead of hyperspace
![Page 13: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/13.jpg)
Michela Becchi - 04/19/23
Hypercube
* Slide taken from S. Singh’s presentation
![Page 14: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/14.jpg)
Michela Becchi - 04/19/23
Building Decision Tree (1)
Step1: Select dimensions to cut
Goal: Pick dimensions leading to the most uniform distribution of rules
Alternatives:» Largest number of unique elements» # unique elements > mean of unique elements» # unique elements / size of region
Idea: dimensions with highest entropia
![Page 15: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/15.jpg)
Michela Becchi - 04/19/23
Building Decision Tree (2)
Step2: Select number of cuts
Goal: Create search tree with minimal memory requirement
Alternative 1:» Minimum number of rules in each child node» Maximum number of children limited by space
factor * sqrt(# rules in current node)
Alternative 2 (Greedy approach):» Determine local optimum nc(i) for each dimension» Determine iteratively best combination
![Page 16: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/16.jpg)
Michela Becchi - 04/19/23
Refinements (1) Node Merging:
nodes with same rules
Rule Overlap: overlapping rules and different priorities
![Page 17: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/17.jpg)
Michela Becchi - 04/19/23
Refinements (2) Region Compaction:
shrink the region of a node depending on its rules
Pushing Common Rule Subset Upwards: » rules to non-leaf nodes.» Bitmap in header to
avoid extra memory accesses
![Page 18: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/18.jpg)
Michela Becchi - 04/19/23
Search Algorithm
* Slide taken from S.Singh’s presentation
![Page 19: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/19.jpg)
Michela Becchi - 04/19/23
Search Algorithm
* Slide taken from S.Singh’s presentation
![Page 20: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/20.jpg)
Michela Becchi - 04/19/23
Search Algorithm
* Slide taken from S.Singh’s presentation
![Page 21: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/21.jpg)
Michela Becchi - 04/19/23
Search Algorithm
* Slide taken from S.Singh’s presentation
![Page 22: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/22.jpg)
Michela Becchi - 04/19/23
Evaluation Memory: up to an order of magnitude less than
HiCuts optimized for memory and EGT-PC
Time: 3 to 10 times faster than HiCuts
On ERs: HyperCuts ~ HiCuts (only IP source and destination specified => 2 dimensions)
On FWs: wildcard-rules on IP addresses make HyperCuts ouperform HiCuts
Synthetic databases: memory requirement grows linearly with number of rules (except for FWs – wildcards)
![Page 23: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/23.jpg)
Michela Becchi - 04/19/23
Conclusions
Idea of cutting in more than one direction» Improvement in memory requirement» Still one access per node
Refinements to reduce memory wasting
Evaluation on industrial firewall databases and synthetic databases
Limited depth of the tree: possible hardware implementation using pipelining and on-chip SRAM
![Page 24: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/24.jpg)
Michela Becchi - 04/19/23
Questions?
![Page 25: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/25.jpg)
Michela Becchi - 04/19/23
Evaluation Data (1)
![Page 26: Reviewed by Michela Becchi](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812f04550346895d94a28d/html5/thumbnails/26.jpg)
Michela Becchi - 04/19/23
Evaluation Data (2)