1 fast packet classification for two-dimensional conflict-free filters department of computer...
TRANSCRIPT
1
Fast packet classification for two-dimensional conflict-free
filters
Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
Authors: Florin Baboescu , Priyank Warkhede , Subhash Suri, George Varghese
Publisher: Computer Networks 50 (2006) 1831–1842
Present: Chi-Lu Yang ( 楊淇祿 )
Date: October, 18, 2007
2
Outline
1. Introduction 2. Problem statement 3. Tuple space approach and search
• Pre-computation and markers in tuple space
• Lower bound and impossibility of binary search 4. Binary search scheme 5. Algorithm and improvements 6. Experimental results 7. Conclusions 8. Appendix
3
Introduction
The destination-based forwarding can be thought of as one-dimensional packet classification.
Two-dimensional filters can be said as a combination of header fields. Such as IP source and destination pairs.
we say that two filters conflict if they both match a packet header, but neither filter is contained in the other.
Packet classification involves:• 1.Selecting header fields from packets and storing them; such as:
• source and destination addresses, source and destination port numbers, protocol or even parts of URL;
• 2.Finding out the best packet classification rule (also called filtering rule or filter) to determine action to be taken on the packet.
4
Introduction (cont.)
In this paper:
• 1.We consider fast lookup schemes for two-dimensional conflict-free filters.
• 2.We examine this lower bound more closely, and discover that the lower bound depends crucially on conflicts in the filter database.
• 3.Main contribution is to show that binary search can be used for packet classification in 2D filters if the filters are conflict-free.
Packet classification applications include:
• Packet filtering in firewalls,
• Flow aggregation for MPLS (Multi-Potocol Label Switching) tunneling,
• QoS routing,
• Flow-preserving load balanced switching, and
• Bandwidth guarantees for VPNs.
5
Problem statement
The 2-field conflict-free packet classification problem can be defined as follows. • Given a conflict-free filter set F of 2-field filters, and a packet with
header fields P[i], to determine the best matching filter F, where:• P[i] denote the ith field from packet P.
• A filter set F is a set of k-field filters. F = {F1, F2,. . . ,Fn}
• Let F denote a filter, and let F[i], 1 <= i <= k, be the ith prefix is a selected field from packet header
• A filter rule is said to be a matching filter for packet P if it matches all fields of the packet header.
• F1 and F2 are
Conflict filters:
6
Tuple Space Approach
Rule
(filter)F[1] F[2] Tuple
F1 00* 00* (2,2)
F2 0* 01* (1,2)
F3 0* 0* (1,1)
F4 10* 10* (2,2)
F5 11* 10* (2,2)
F6 11* 11* (2,2)
F7 0* 10* (1,2)
F8 * 11* (0,2)
Tuple: H(T)
(F[1], F[2])Hash Table
Entries
(0,2) F8
(1,1) F3
(1,2) F2, F7
(2,2) F1, F4, F5, F6
#F[1] = 3 , {0, 1, 2} #F[2] = 2 , {1, 2} Totally, 3*2 = 6 tuples <= 8 Search:
• 1. design H(T)
• 2. find a best matching entries in H(T) To be parallelly implemented
One kind of solutions for Packet classification on multiple fields.
7
Tuple Space Search Rectangle Search:
• always finds the best matching filters in a w * w tuple space.
• uses at most 2w-1 hashes in the worst case.
• builds on two keys ideas: Pre-computation and Markers. Pre-computation
• Consider a tuple (i, j), where 0 <= i, j <= w.• A filter F in this tuple has i bits of source prefix and j bits of destinati
on prefix.
• All filters mapped in the top-left quadrant of (i, j) are less specific.• we can pre-compute and store with F the best matching filter from al
l the tuples in the top-left quadrant of (i, j).
• Advantage : we need not search the top-left quadrant of (i, j)
• An Example : F = (101*, 0110*) ==> tuple T (i, j) = T(3,4)• See Fig. 2 (top-left quadrant)
8
Tuple Space Search (cont.) Markers
• Markers deals with the case when there is no match on a hash probe.
• Each filter in a tuple (i, j) leaves a marker in all the tuples in the top-left quadrant of (i, j).
• The marker of a filter F is obtained by taking prefixes of its two fields.
• An Example : the T(2, 1) marker of the filter F=(11001*, 0011*) is (11*, 0*).
• Tuple T2 can leave markers. See Fig. 2 (bottom -right quadrant)
9
Tuple Space Search (cont.)
Fig. 3 Time of Rectangle Search algorithm is
O(2w-1) in tuple space.
Fig. 2 Markers and pre-computation.
10
Tuple Space Search (cont.) Rectangle Search algorithm : (See Fig.3)
• Given a packet header P, we start by probing the tuple at the bottom-left of the tuple space.
• If we get a match, we move one column to the right; by pre-computation, • any filter from a tuple above the current tuple has been stored with the marker
or filter found by the match.
• If there is no match, we move one row up; by the marker rule,
• there cannot be any filter matching to the right of the current tuple -• Otherwise, that filters marker in the current tuple will also have matched.
Thus, each hash probe either eliminates a row or a column. After at most 2w-1 hashes steps (worst case), we find the best matching filter.
Next, we examine this lower bound more closely, and observe that if the two-dimensional filters are conflict-free, then indeed binary search performance is possible.
11
Binary search scheme
It’s an algorithm and Scheme for 2D conflict-free filters
• The time of worst case in per lookup is O(log2w). Assume that there are n two-dimensional conflict-free filters in a w
* w tuple space W.
• In IPv4, source and destination fields are 32 bits, w=32 Assume that these n filters have been mapped into W tuple space
uniquely in constant time.
• Markers of filters are generated.
• All filter and markers mapped to a tuple are organized into a hash table.
Our search algorithm essentially performs a binary search over the columns of the tuple space,
• A column i in the tuple space is set of all tuples with exactly i bit source prefixes. Column i is the set of tuples (i, j), j <= w.
• Markers (See Fig. 4(a))
12
Binary search scheme (cont.)
Each filter can create markers in the same row into tuples from columns to its left.• Example (Fig. 4(a)): A Filter F in T(4,3) create markers in sha
ded tuples. For performing binary search on columns,
• one half of tuple space has to be eliminated per time. For every hash probe into a tuple, the tuple space can
be divided into three regions. (in Fig. 4(b))• (1) If a matching filter or marker is found by the hash probe.
( Lemma 1) (PS. top-left and bottom-left quadrants can be eliminated)
• (2) If no matching filter or marker is found in the tuple, then there cannot be any matching filters in right half of the row. (Lemma 2). (PS. right half of the row can be eliminated)
13
Binary search scheme (cont.)
14
Binary search scheme (cont.)
Lemma 1. If there exists a filter or marker M matching packet P in tuple (i, j), all columns k < I (columns in the left half) can be eliminated from search space using pre-computation.
Lemma 2. If there does not exist any marker (or filter) matching packet P in column i of tuple space, all columns k >= i (columns in the right half) can be eliminated from search space.
15
Binary search scheme(cont.) An Example:
• Filters F1 = (1011*, 001*) and F2 = (0110*, 11001*).
• F1 maps to tuple (4, 3) and F2 maps to tuple (4, 5).
• For finding any matching filter from column 4, we can take the 4 bits from field 1 and concatenate the prefix for field 2 from filters F1 and F2.
In order to determine whether or not there exists a matching marker in column i, a best matching prefix lookup can be performed: Binary search algorithm
Lemma 3. The Binary Search on Columns algorithm finds the best matching filter in O(log2w) hash probes.
16
Binary search scheme(cont.) For reducing memory requirement, a balance
d binary search tree can be created on columns.• height of the balanced binary tree is O(logw),
• number of markers is bounded by O(nlogw),
• total memory requirement by O(nlog2w).
Rectangle Search algorithm : (See Fig.3)• Given a packet header P, we start by probing the tuple at th
e bottom-left of the tuple space.
17
Binary search Algorithm construction of
markers for binary search on columns
18
Binary search Algorithm (cont.)
construction of secondary-markers
19
Binary search Algorithm (cont.)
complete Binary Search on Columns algorithm for filter lookup
20
Binary search Algorithm (cont.)
complete Binary Search on Columns algorithm for filter lookup
21
Experimental results
22
Experimental results (cont.)
23
Experimental results (cont.)
24
Conclusions
have presented an algorithm that performs lookups in O(log2w) time on 2-field conflict-free filters.• This is the fastest 2D filter lookup algorithm with small
memory costs known to the authors.
• The average case performance of this algorithm significantly better than other algorithms in literature for two-dimensional conflict-free filter.
The proposed algorithm also has very good space complexity of O(nlog2w).• The proposed algorithm is scalable to large filter sets and
can be implemented very easily in software.