Wire Speed Packet Wire Speed Packet Classification Without TCAMsClassification Without TCAMs

ACM SIGMETRICS 2007ACM SIGMETRICS 2007

Qunfeng Dong (University of Wisconsin-Madison)Qunfeng Dong (University of Wisconsin-Madison)

Suman Banerjee (University of Wisconsin-Madison)Suman Banerjee (University of Wisconsin-Madison)

Jia Wang (AT&T Laboratories – Research)Jia Wang (AT&T Laboratories – Research)

Dheeraj Agrawal (University of Wisconsin-Madison)Dheeraj Agrawal (University of Wisconsin-Madison)

IntroductionIntroduction Previous work and our objectivePrevious work and our objective MotivationMotivation DesignDesign EvaluationEvaluation SummarySummary

OutlineOutline

Packet classification [SVSW98,LS98]Packet classification [SVSW98,LS98] Make a Make a decisiondecision on each incoming packet based on the value of some on each incoming packet based on the value of some

packet header field(s), according to a given packet header field(s), according to a given rule setrule set.. Example Example —— IP forwarding based on destination IP address IP forwarding based on destination IP address Is tIs the foundation of many Internet functions (e.g. security, QoS, etc).he foundation of many Internet functions (e.g. security, QoS, etc).

Each rule specifies a Each rule specifies a range literalrange literal on each relevant field on each relevant field For example, the source port must be in the range [1024, 65535]For example, the source port must be in the range [1024, 65535] Prefix, single value, and wildcard are all special ranges.Prefix, single value, and wildcard are all special ranges.

A rule and a packet A rule and a packet matchmatch, if the packet satisfies all range literals., if the packet satisfies all range literals. ObjectiveObjective

For each incoming packet, find the first highest priority rule that matches the packet.For each incoming packet, find the first highest priority rule that matches the packet.

IntroductionIntroduction

IntroductionIntroduction Hardware solutionHardware solution

Ternary Content Addressable Memory (TCAM)Ternary Content Addressable Memory (TCAM) is the favoured solution is the favoured solution for wire speed packet classification in high speed routers.for wire speed packet classification in high speed routers.

Fast Fast — search— search all stored rules in parallel and return the first matching rule. all stored rules in parallel and return the first matching rule. Expensive Expensive — accounts for a significant portion of router line card cost— accounts for a significant portion of router line card cost Power consuming Power consuming — one TCAM chip consumes — one TCAM chip consumes 12W-15W12W-15W

Heat dissipation is a major challenge in designing high performance architecturesHeat dissipation is a major challenge in designing high performance architectures Cooling cost is a considerable portion of ISPs’ operational costCooling cost is a considerable portion of ISPs’ operational cost

Board area efficiency is lowBoard area efficiency is low Not convenient to perform complex operationsNot convenient to perform complex operations

Software solutionSoftware solution Compared with TCAMCompared with TCAM

Better for performing complex classification tasksBetter for performing complex classification tasks Cheap Cheap — no additional hardware needed— no additional hardware needed Low power consumption — DRAM/SRAM-based implementationLow power consumption — DRAM/SRAM-based implementation SlowSlow

Packet Classification @ Wire SpeedsPacket Classification @ Wire Speeds With 40-byte packet size, With 40-byte packet size, OC-768OC-768 allows allows 8 nano-seconds per packet8 nano-seconds per packet..

Researchers have been working on the design of routers with Researchers have been working on the design of routers with 44××OC-768OC-768

Software solutionsSoftware solutions O(O(loglogn)n) memory accesses per packet, using memory accesses per packet, using O(n^d)O(n^d) memory space, or memory space, or O((O((loglogn)^(d-1))n)^(d-1)) memory accesses per packet, using memory accesses per packet, using O(n)O(n) memory space memory space nn is the number of rules is the number of rules dd is the number of packet header fields is the number of packet header fields

As wire speeds accelerate much faster than memory access speeds, As wire speeds accelerate much faster than memory access speeds, software solution will become increasingly difficult.software solution will become increasingly difficult.

TCAM is the TCAM is the de factode facto solution for wire speed packet classification, and solution for wire speed packet classification, and even IP lookup as well.even IP lookup as well.

IntroductionIntroduction

Using a small and fast cache is anatural and appealing choice.

Flow Cache [Xu et al. 2000, Chang et al. 2004]Flow Cache [Xu et al. 2000, Chang et al. 2004] Xu, Singhal, and Degroat 2000Xu, Singhal, and Degroat 2000

Number of concurrent flows: 14,000Number of concurrent flows: 14,000 Cache size: 16K entriesCache size: 16K entries Cache miss ratio: 8%Cache miss ratio: 8%

Chang, Feng, and Li 2004Chang, Feng, and Li 2004 Number of concurrent flows: 567Number of concurrent flows: 567 Cache size: 4KBCache size: 4KB Cache miss ratio: 4.85%Cache miss ratio: 4.85%

Prior artsPrior arts

Number of concurrent flowsNumber of concurrent flows 100,000+100,000+ To be realistic in today’s InternetTo be realistic in today’s Internet

Cache sizeCache size A small number of entriesA small number of entries To be cost efficientTo be cost efficient

Cache miss ratioCache miss ratio 0.1% or lower0.1% or lower To classify missed packets using a low cost packet classifierTo classify missed packets using a low cost packet classifier

Our objectivesOur objectives

Caching rules is more efficient than caching packetsCaching rules is more efficient than caching packets One rule can match many different flowsOne rule can match many different flows A small number of rules match most trafficA small number of rules match most traffic

Cached rules need not be existing rules in the rule setCached rules need not be existing rules in the rule set A new rule may cover more flows than any existing ruleA new rule may cover more flows than any existing rule

Cached rules should evolve in response to traffic dynamicsCached rules should evolve in response to traffic dynamics Evolving rules may cover more flows than any existing ruleEvolving rules may cover more flows than any existing rule

ObservationsObservations

ExampleExample

FrameworkFramework

What (not which!) rules should we cache?What (not which!) rules should we cache? To cover incoming flows using as few rules as possibleTo cover incoming flows using as few rules as possible

How should cached rules evolve?How should cached rules evolve? In response to changes in traffic patternIn response to changes in traffic pattern

Semantic integrity of the rule cache?Semantic integrity of the rule cache? If hit, the cache should always output the right decisionIf hit, the cache should always output the right decision

Effect of cache management delay on cache hit ratio?Effect of cache management delay on cache hit ratio? Prefer low cost and hence relatively slow cache managerPrefer low cost and hence relatively slow cache manager Updated rules are not available until after cache managementUpdated rules are not available until after cache management Can possibly miss some packets because of the delayCan possibly miss some packets because of the delay

ChallengesChallenges

FrameworkFramework

RHL & Sliding WindowRHL & Sliding Window

Each element in Regular Hypercube List (RHL) is a ruleEach element in Regular Hypercube List (RHL) is a rule Namely, a Namely, a dd-dimensional hyper-cube in the definition space-dimensional hyper-cube in the definition space

An RHL element has a single decisionAn RHL element has a single decision Thus can be represented as a single ruleThus can be represented as a single rule

Every sample is linked to some RHL element covering itEvery sample is linked to some RHL element covering it To fully utilize sampled packets in the sliding windowTo fully utilize sampled packets in the sliding window The weight of an RHL is its number of associated samplesThe weight of an RHL is its number of associated samples

Overlapping RHL elements must have the same decisionOverlapping RHL elements must have the same decision Greatly simplifies cache management and cache design!Greatly simplifies cache management and cache design! We can simply put the top RHL elements into rule cache.We can simply put the top RHL elements into rule cache.

Regular Hypercube List (RHL)Regular Hypercube List (RHL)

SPDDSPDD

FrameworkFramework

Rule Cache DesignRule Cache Design

Rule Cache DesignRule Cache Design

Rule Cache DesignRule Cache Design

If attacking traffic accounts for a percentage of If attacking traffic accounts for a percentage of xx in in aggregate traffic, cache miss ratio caused by an aggregate traffic, cache miss ratio caused by an adversary is bounded by adversary is bounded by x/1-xx/1-x.. Even if the adversary is perfectly informedEven if the adversary is perfectly informed Even if the adversary can arbitrarily control the content of Even if the adversary can arbitrarily control the content of

attacking packets, when sampled by the cache managerattacking packets, when sampled by the cache manager For example, if For example, if x = 10%x = 10%, cache miss ratio caused by the , cache miss ratio caused by the

adversary is at most adversary is at most 11.1%11.1%.. Detailed proof can be found in the paper.Detailed proof can be found in the paper.

Security of Rule CacheSecurity of Rule Cache

EvaluationEvaluation

EvaluationEvaluation

EvaluationEvaluation

EvaluationEvaluation

EvaluationEvaluation

TCAM as the de facto solution has some disadvantagesTCAM as the de facto solution has some disadvantages Accounts for a significant portion of router line card costAccounts for a significant portion of router line card cost Quite power consumingQuite power consuming

We propose smart rule cache architecture to replace TCAMWe propose smart rule cache architecture to replace TCAM A small on-chip rule cache matches more than A small on-chip rule cache matches more than 99.9%99.9% incoming traffic incoming traffic Missed packets can be easily classified using a low cost classifierMissed packets can be easily classified using a low cost classifier The small cache can be implemented at negligible costThe small cache can be implemented at negligible cost

SummarySummary

ACM SIGMETRICS 2007ACM SIGMETRICS 2007

Qunfeng DongQunfeng Dong

University of Wisconsin - MadisonUniversity of Wisconsin - Madison

Email: qunfeng@cs.wisc.eduEmail: qunfeng@cs.wisc.edu

Thank you!Thank you!