Two stage packet classification using most

specific filter matching and transport level sharing Authors: M.E. Kounavis *,A. Kumar,R. Yavatkar,H. Vin

Presenter: Yi-Sheng, Lin (林意勝 ) Date: Publisher/Conf. : Computer Networks 51 (2007)

Dept. of Computer Science and Information Engineering National Cheng Kung University,

Taiwan R.O.C.

Outline

1. Introduction

2. Related Work

3. Most Specific Filter Matching

4. Transport Level Sharing

5. Hardware Acceleration of TLS

6. Evaluation

Introduction

We split the classification process into two stages.

First, we perform classification on source–destination IP prefix pairs using the most specific filter matching (MSFM) algorithm.

The basic idea behind MSFM is that significant amount of cross products which are stored as part of a classifier’s database can be removed from the database

Introduction

Second, we perform classification on transport level fields exploiting transport level sharing.

We observe that in real world databases many different sets of source–destination IP prefix pairs are associated with identical sets of transport level fields.

In this document we present a solution to the single match classification problem.

Related Work (cross producting)

[3] V. Srinivasan, S. Suri, G. Varghese, M. Waldvogel, Fast and scalable layer four switching, in: Proceedings of ACM SIGCOMM, 1998.

Related Work

Most Specific Filter Matching (MSMF)

Most Specific Filter Matching (MSMF)

Improving Cross Producting

The Cross Producting technique can be significantly reduced by observing that from among the many cross products only a few really need to be placed in the lookup table.

Most Specific Filter Matching (MSMF)

A first group of cross products which can be removed from the lookup table are those for which there is no filter in the database apart from (*,*) that contains them.

Most Specific Filter Matching (MSMF)

The cross products which are only covered by partially-specified filters or filter intersections can be removed from the lookup table.

Most Specific Filter Matching (MSMF)

The MSFM algorithm builds two trie data structures for the source and destination IP prefixes. Each prefix is marked as associated with a partially- or fully-specified filter or both.

Most Specific Filter Matching (MSMF)

Most Specific Filter Matching (MSMF)

Transport Level Sharing (TLS)

There is sharing characterizing the sets of the rules specifying the same source–destination IP prefix pair at adjacent priority levels.

Transport Level Sharing (TLS)

We move each new rule ‘up’ or ‘down’ the priority list as long the rules below or above specify a different IP prefix pair and do not overlap.

Transport Level Sharing (TLS)

Src. IP Dest. IP Src. Dest. Action Priority

address address port port

128.59.* 132.12.* * www Permit n

128.59.* 132.12.* * ftp Permit n + 1

128.59.* 132.12.* * telnet Permit n + 2

147.102.* 12.45.* * www Permit n + 3

147.102.* 12.45.* * ftp Permit n + 4

147.102.* 12.45.* * telnet Permit n + 5

134.22.* 221.34.* * www Permit n + 6

134.22.* 221.34.* * ftp Permit n + 7

134.22.* 221.34.* * telnet Permit n + 8

Hardware Acceleration of TLS

Hardware Acceleration of TLS

Hardware Acceleration of TLS

Creating An Index for TCAM Entries

Evaluation

Evaluation

Conclusion

In this paper we described a hybrid scheme, where a parallel LPM lookup algorithm implemented in software determines the most specific filter for a packet and a specialized hardware unit determines if the packet matches any of the transport level fields of a database.

The most significant contribution of our work is that our scheme can classify packets in a small and predictable number of steps which is independent of the number of rules in a database, while keeping its memory requirement at reasonable level.