Longlong Zhu,Jiashuo Yu,Long Huang,Linying Zheng,Jinpfeng Pan,Zhengyan Zhou,Hanze Chen,Dong Zhang,Xiang Chen,Chunming Wu

DOI: https://doi.org/10.1109/icc45041.2023.10278977

2023-01-01

Abstract:Packet classification is a crucial component in computer networking. To achieve high throughput and low memory consumption, existing solutions apply different heuristics in each construction stage to build efficient decision trees. However, previous studies divide the tree construction process based on the scale of rule subsets which is indirect to the performance goal, leading to massive rule replication and high tree depth. In this paper, we propose MiCuts, a fine-grained framework for packet classification with both high speed and low memory footprint. Its key idea is directly utilizing rule replication and tree depth to divide the tree-building process into three stages, each with suitable optimization goals. First, it partitions rules and builds shallow semi-trees without rule replication via selecting effective bits. Second, it transforms the switching problem of heuristics into an ILP problem and aims to minimize memory consumption while ensuring high lookup speed. Third, it merges some nodes to eliminate memory explosion caused by splitting, where MiCuts combines splitting and linear search. Extensive experimental results on ClassBench show that MiCuts outperforms state-of-the-art approaches, improving lookup speed by 1.71× while reducing memory footprint by 74.4% on average.

Jiashuo Yu,Long Huang,Longlong Zhu,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/ISCC58397.2023.10218304

2023-01-01

Abstract:Packet classification is an essential part of computer networks. Existing algorithms propose a partition process to address the memory explosion problem of the decision tree algorithm caused by the huge number of rules with multiple fields. However, the search process requires traversing multiple trees generated by the partition, which reduces the search efficiency. The existing algorithms take simple approaches to optimize the search process, which is low efficiency or high hardware overhead. In this paper, we propose DTRadar, a framework for expediting the decision tree packet lookup process. Its key idea is building an abstract One-Big-Tree(OBT) for multiple decision trees by establishing the middle data structure. DTRadar considers each decision tree as a splittable tree and organizes these subtrees by intermediate data structures. Extensive experiments show that DTRadar benefits existing decision tree-based solutions in classification time by 61.60%, and the memory footprint only increased by 4.21% on average.

Longlong Zhu,Jiashuo Yu,Jiayi Cai,Jinfeng Pan,Zhigao Li,Zhengyan Zhou,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/iwqos54832.2022.9812915

2022-01-01

Abstract:To perform efficient packet classification, decision tree-based methods conduct decision trees via hand-tuned heuristics. Then the performance testing and optimization are executed to ensure an excellent searching speed and space overhead. Specifically, when the performance is below expectation, existing solutions attempt to optimize the algorithms, such as conducting more sophisticated heuristics. However, reconstruction or adjustment for algorithms produces an intolerable time overhead due to the long optimization period, caused by uncertain performance benefits and high pre-processing time. In this paper, we propose FROD, an efficient framework for optimizing the decision trees directly in packet classification. FROD raises a meticulous evaluation to accurately appraise decision trees constructed by different heuristics. It then seeks out the bottleneck components via a lightweight heuristic. After that, FROD searches the optimal division for inferior components considering structural constraints and characteristics of traffic distribution. Evaluation on ClassBench shows that FROD benefits existing decision tree-based solutions in classification time by 41% and memory footprint by 19% on average, and reduces classification time by up to 64%.

Fengjun Shang,Xuezeng Pan

2007-01-01

Journal of Computational Information Systems

Abstract:The process of categorizing packets into 'flows' in an Internet router is called packet classification. All packets belonging to the same flow obey a pre-defined rule and are processed in a similar manner by the router. In general, packet classification on multiple fields is a difficult problem. In this paper, an algorithm is proposed called Hash Packet Classification based on Non-collision Hash and XOR Hash (NHXH). The NHXH algorithm introduces XOR operation to obtain a hash key value. The computation of an NHXH algorithm key value consists of three steps. Firstly, the non-collision hash function is structured, which is constructed mainly based on destination/source port and protocol type field so that the hash function usually can avoid space explosion problem. Secondly, the source/destination IP pairs are concatenated and then dividing the packet header into 4 chunks, each of which has 16bits in size. Thirdly, each chunk is mapped into stochastic space and XOR operation on the random number mapped 4 chunks. Because the stochastic space follows even distribution after XORing operation so that its collision rate is limitary. Lastly, every rule index is found in order to ensure the validity so that the final rule index is acquired. The test results show that the classification rate of NHXH algorithm is up to 2 million packets per second and the maximum memory consumed is 8MB for 10000 rules.

Yang Xu,Zhaobo Liu,Zhuoyuan Zhang,H. Jonathan Chao

DOI: https://doi.org/10.1145/1882486.1882537

2009-01-01

Abstract:ABSTRACTThe emergence of new network applications like network intrusion detection system, packet-level accounting, and load-balancing requires packet classification to report all matched rules, instead of only the best matched rule. Although several schemes have been proposed recently to address the multi-match packet classification problem, most of them require either huge memory or expensive Ternary Content Addressable Memory (TCAM) to store the intermediate data structure, or suffer from steep performance degradation under certain types of classifiers. In this paper, we decompose the operation of multi-match packet classification from the complicated multi-dimensional search to several single-dimensional searches, and present an asynchronous pipeline architecture based on a signature tree structure to combine the intermediate results returned from single-dimensional searches. By spreading edges of the signature tree in multiple hash tables at different stages of the pipeline, the pipeline can achieve a high throughput via the inter-stage parallel access to hash tables. To exploit further intra-stage parallelism, two edge-grouping algorithms are designed to evenly divide the edges associated with each stage into multiple work-conserving hash tables with minimum overhead. Extensive simulation using realistic classifiers and traffic traces shows that the proposed pipeline architecture outperforms HyperCut and B2PC schemes in classification speed by at least one order of magnitude, while with a similar storage requirement. Particularly, with different types of classifiers of 4K rules, the proposed pipeline architecture is able to achieve a throughput between 19.5 Gbps and 91 Gbps.

Baohua Yang,Jeffrey Fong,Weirong Jiang,Yibo Xue,Jun Li

DOI: https://doi.org/10.1109/tc.2012.191

2014-01-01

Abstract:Multituple packet classification is one of the key technologies, and often the performance bottleneck in modern network devices. Devices such as firewalls demand fast packet classification on very complicated rule sets of large size, which is still challenging today. This paper proposes a practical packet classification algorithm named dynamic discrete bit selection ($(D^2BS)$), which achieves high classification speed while requiring low storage. $(D^2BS)$ employs dynamic heuristic schemes at bit level, to explore the inherent characteristics of the rule sets. $(D^2BS)$ has been implemented on various platforms including Intel-architecture, multicore network processor, and FPGA, and is compared with the state-of-the-art solutions. Experimental results on real-life rule sets show that the memory storage required by $(D^2BS)$ is at least one to two orders of magnitude lower than that of the existing work, while the speed is much higher. With 64-byte Ethernet packet and 10K size ACL rule set, $(D^2BS)$ achieves a throughput over 10 Gbps on Cavium OCTEON CN5860 multicore network processor and over 135 Gbps on Xilinx Virtex-5 FPGA, which outperforms the existing work under the same test environment. All results promise that $(D^2BS)$ is a highly practical solution to satisfy vigorous requirements.

Baohua Yang,Xiang Wang,Yibo Xue,Jun Li

DOI: https://doi.org/10.1109/ICPADS.2009.53

2009-01-01

Abstract:Packet classification is one of the most critical techniques in many network devices such as firewall, IDS and IPS, etc. In order to meet the performance requirement for high speed Internet (even higher than 10 Gbps), practical algorithms must keep better spatial and temporal performance. Moreover, as the size of rule set is increasing to tens of thousands, novel packet classification algorithms must have good scalability. In this paper, we propose a novel packet classification algorithm named DBS (discrete bit selection) which takes a bit level heuristic design to partition the rule set effectively. To the best of our knowledge, DBS is the first try to design a heuristic classification algorithm at bit-level. To evaluate the performance of our algorithm, DBS is deployed on a popular multi-core network processor platform, compared with two existing well-known algorithms. Experimental results show that DBS achieves 300% higher throughput than HiCuts and HSM, while the memory requirement is reduced to about 10% averagely. DBS works well especially with large rule set (10K), which trends a good scalability.

Jiaqi Gao,Xiaoguang Hu,Jun Li

2015-01-01

Abstract:Packet classification is one of the core techniques in network devices such as firewall, IDS and IPS. Tens of thousands of rules pose great pressure on classification algorithm in terms of memory requirements and throughput. In this paper, a new packet classification algorithm, named Fixed-Length Compression Bit Vector (FLCBV), is proposed based on the compression scheme FLC. Compared with traditional algorithms, FLC is more adaptive to network environment, especially in large scale ruleset and multi-field packet header. Experimental results demonstrate that FLCBV takes only 65% of memory compared with traditional compression algorithms without losing much throughput.

Yx Qi,B Xu,J Li

DOI: https://doi.org/10.1109/ICAS-ICNS.2005.74

2005-01-01

Abstract:Packet classification is crucial to implementation of several advanced services require the capability to distinguish traffic in flows, such as firewalls, intrusion detection systems, and many QoS implementations. Although hardware solutions, such as TCAMs, provide high search speed, they do not scale to large rulesets. Instead, some of the most promising algorithmic research embraces the practice of leveraging the data redundancy in real-life rulesets to improve high performance packet classification. In this paper, we provide a general framework for discerning relationships distinctions of the design-space of existing packet classification algorithms. Several best-known algorithms, such as RFC and HiCuts/HyperCuts, are carefully analyzed based on this framework, and an improved scheme for each algorithm is proposed. All algorithms studied in this paper, along with their variations, are objectively assessed using both real-life and synthetic rulesets. The source codes of these algorithms are made publicly available on web-site.

Duo Liu,Zheng Chen,Bei Hua,Nenghai Yu,Xinan Tang

DOI: https://doi.org/10.1145/1331331.1331340

2008-01-01

ACM Transactions on Embedded Computing Systems

Abstract:Packet classification is crucial for the Internet to provide more value-added services and guaranteed quality of service. Besides hardware-based solutions, many software-based classification algorithms have been proposed. However, classifying at 10 Gbps speed or higher is a challenging problem and it is still one of the performance bottlenecks in core routers. In general, classification algorithms face the same challenge of balancing between high classification speed and low memory requirements. This paper proposes a modified recursive flow classification (RFC) algorithm, Bitmap-RFC, which significantly reduces the memory requirements of RFC by applying a bitmap compression technique. To speed up classifying speed, we exploit the multithreaded architectural features in various algorithm development stages from algorithm design to algorithm implementation. As a result, Bitmap-RFC strikes a good balance between speed and space. It can significantly keep both high classification speed and reduce memory space consumption. This paper investigates the main NPU software design aspects that have dramatic performance impacts on any NPU-based implementations: memory space reduction, instruction selection, data allocation, task partitioning, and latency hiding. We experiment with an architecture-aware design principle to guarantee the high performance of the classification algorithm on an NPU implementation. The experimental results show that the Bitmap-RFC algorithm achieves 10 Gbps speed or higher and has a good scalability on Intel IXP2800 NPU.

Ruan Zhao,Li Xianfeng,Li Wenjun

DOI: https://doi.org/10.1109/tencon.2013.6718883

2013-01-01

Abstract:Network packet classification is a key functionality provided by modern routers enabling many new network applications such as quality of service, access control and differentiated services. Using ternary content addressable memories (TCAMs) to perform high-speed packet classification has become the de facto standard in industry. However, despite their high speed, one major drawback of TCAMs is their high power consumption. Although SmartPC, the state-of-the-art technique, was proposed to reduce power consumption by constructing a pre-classifier to activate TCAM blocks selectively, its bottom-up approach restricts its ability of grouping rules into disjoint TCAM blocks. In this paper, we propose a top-down approach for two-stage TCAM-based packet classification. The novelty of our work is the intelligent combination of software-based packet classification with TCAM-based techniques. We start by constructing a set of decision-trees for the packet classification rules, which enable the subsequent steps an excellent global view on the relationships among rules. The decision-trees are then mapped to TCAM blocks with flexible heuristics. Our top-down framework addresses the bottlenecks (the number of general rules, which have to be activated unconditionally every time) of SmartPC very effectively. Using ClassBench in our experimentations, we show that our technique is able to restrict the number of general rules to just 1% of the overall rule set. This leads to a dramatic power reduction of up to 98%, and 96% on average, which significantly outperforms SmartPC.

Rihua Wei,Yang Xu,H. Jonathan Chao

DOI: https://doi.org/10.1109/tnet.2015.2402093

2016-01-01

IEEE/ACM Transactions on Networking

Abstract:Packet classification is one of the major challenges today in designing high-speed routers and firewalls, as it involves sophisticated multi-dimensional searching. Ternary content addressable memory (TCAM) has been widely used to implement packet classification, thanks to its parallel search capability and constant processing speed. However, TCAMs have limitations of high cost and high power consumption, which ignite the desire to reduce TCAM usage. Recently, many works have been presented on this subject due to two opportunities. One is the well-known range expansion problem for packet classifiers to be stored in TCAM entries. The other is that there often exists redundancy among rules. In this paper, we propose a novel technique called Block Permutation (BP) to compress the packet classification rules stored in TCAMs. Unlike previous schemes that compress classifiers by converting the original classifiers to semantically equivalent classifiers, the BP technique innovatively finds semantically nonequivalent classifiers to achieve compression by performing block-based permutations on the rules represented in Boolean Space. We have developed an efficient heuristic approach to find permutations for compression and have designed its hardware implementation by using a field-programmable gate array (FPGA) to preprocess incoming packets. Our experiments with ClassBench classifiers and Internet Service Provider (ISP) real-life classifiers show that the proposed BP technique can significantly reduce 31.88% TCAM entries on average, in addition to the reduction contributed by other state-of-the-art schemes.

Chenglong Li,Tao Li,Junnan Li,Dagang Li,Hui Yang,Baosheng Wang

DOI: https://doi.org/10.3390/electronics8101159

IF: 2.9

2019-01-01

Electronics

Abstract:High-performance packet classification algorithms have been widely studied during the past decade. Bit-Vector-based algorithms proposed for FPGA can achieve very high throughput by decomposing rules delicately. However, the relatively large memory resources consumption severely hinders applications of the algorithms extensively. It is noteworthy that, in the Bit-Vector-based algorithms, stringent memory resources in FPGA are wasted to store relatively plenty of useless wildcards in the rules. We thus present a memory-optimized packet classification scheme named WeeBV to eliminate the memory occupied by the wildcards. WeeBV consists of a heterogeneous two-dimensional lookup pipeline and an optimized heuristic algorithm for searching all the wildcard positions that can be removed. It can achieve a significant reduction in memory resources without compromising the high throughput of the original Bit-Vector-based algorithms. We implement WeeBV and evaluate its performance by simulation and FPGA prototype. Experimental results show that our approach can save 37% and 41% memory consumption on average for synthetic 5-tuple rules and OpenFlow rules respectively.

Yang Xu,Zhaobo Liu,Zhuoyuan Zhang,H. Jonathan Chao

DOI: https://doi.org/10.1109/tnet.2013.2270441

2014-01-01

IEEE/ACM Transactions on Networking

Abstract:The emergence of new network applications, such as the network intrusion detection system and packet-level accounting, requires packet classification to report all matched rules instead of only the best matched rule. Although several schemes have been proposed recently to address the multimatch packet classification problem, most of them require either huge memory or expensive ternary content addressable memory (TCAM) to store the intermediate data structure, or they suffer from steep performance degradation under certain types of classifiers. In this paper, we decompose the operation of multimatch packet classification from the complicated multidimensional search to several single-dimensional searches, and present an asynchronous pipeline architecture based on a signature tree structure to combine the intermediate results returned from single-dimensional searches. By spreading edges of the signature tree across multiple hash tables at different stages, the pipeline can achieve a high throughput via the interstage parallel access to hash tables. To exploit further intrastage parallelism, two edge-grouping algorithms are designed to evenly divide the edges associated with each stage into multiple work-conserving hash tables. To avoid collisions involved in hash table lookup, a hybrid perfect hash table construction scheme is proposed. Extensive simulation using realistic classifiers and traffic traces shows that the proposed pipeline architecture outperforms HyperCuts and B2PC schemes in classification speed by at least one order of magnitude, while having a similar storage requirement. Particularly, with different types of classifiers of 4K rules, the proposed pipeline architecture is able to achieve a throughput between 26.8 and 93.1 Gb/s using perfect hash tables.

Xianfeng Li,Yuanxin Lin

DOI: https://doi.org/10.1109/glocom.2016.7842313

2016-01-01

Abstract:Packet classification is an indispensable yet challenging functionality of modern network devices. Despite more than fifteen years of research, algorithmic solutions still fall short of meeting the line-speed of high performance routers or switches. As a result, the industry is still relying on TCAM-based hardware solutions for parallel lookups. SAX-PAC, a recently proposed hybrid framework, uses a TCAM much smaller than pure TCAM-based technique to accommodate part of the classification rules, and handles the rest of rules with algorithmic lookups. However, the worst-case performance of SAX-PAC is O(log N), which scales with the size of the rule set, thus the line-speed requirement cannot be guaranteed. In this paper, we propose TaPaC, an algorithmic framework assisted by two very small TCAMs, which are used for handling two difficult problems observed by this work. Under this framework, we are able to bound the worst-case performance irrespective of the rule sets. In the meantime, TaPaC is also more memory efficient than existing techniques. Our experimental results show that using ClassBench, the TCAM requirement of TaPaC is two orders of magnitude less than a pure TCAM-based solution, and an order of magnitude less than what SAX-PAC needs. Furthermore, the decisiontrees generated all have short and bounded heights, leading to bounded worst-case performance. Compared to state-of-the-art algorithmic solutions, TaPaC achieves a memory reduction over 200% on average. In essence, TaPaC provides a new algorithmic packet classification technique with the performance comparable to a pure TCAM-based solution, but without the problems of TCAM-based solutions.

Chengjun Jia,Chenglong Li,Yifan Li,Xiaohe Hu,Jun Li

DOI: https://doi.org/10.1109/infocomwkshps54753.2022.9798326

2022-01-01

Abstract:Multi-field packet classification plays a critical role in a modern computer network. Many algorithms are designed, but the analysis of the rule sets is insufficient. In this paper, we analyze the rule sets from the aspect of rule overlapping with the tools from graph theory and network verification. The correctness of some designs is confirmed, such as the partition is necessary. We also propose a patch, PCG, based on our observation that most rules are at the top. PCG can apply to various algorithms to further improve the classification performance. We evaluate PCG on a state-of-art algorithm, CutSplit, and find that PCG introduces about 20% throughput improvement.

Yaxuan Qi,Lianghong Xu,Baohua Yang,Yibo Xue,Jun Li

DOI: https://doi.org/10.1109/infcom.2009.5061972

2009-01-01

Abstract:During the past decade, the packet classification problem has been widely studied to accelerate network applications such as access control, traffic engineering and intrusion detection. In our research, we found that-although a great number of packet classification algorithms have been proposed in recent years, unfortunately most of them stagnate in mathematical analysis or software simulation stages and few of them have been implemented in commercial products as a generic solution. To fill the gap between theory and practice, in this paper, we propose a novel packet classification algorithm named HyperSplit. Compared to the well-known HiCuts and HSM algorithms, HyperSplit achieves superior performance in terms of classification speed, memory usage and preprocessing time. The practicability of the proposed algorithm is manifested by two facts in our test: HyperSplit is the only algorithm that can successfully handle all the rule sets; HyperSplit is also the only algorithm that reaches more than 6Gbps throughput on the Octeon3860 multi-core platform when tested with 64-byte Ethernet packets against 10K ACL rules.

Jianyu Zhang,Tao Wei,Wei Zou

DOI: https://doi.org/10.1360/crad20060202

2006-01-01

Journal of Computer Research and Development

Abstract:An applicable and easy-to-implement packet classification algorithm CSAC (classification on self-adaptive cache) with high performance is presented. It caches the searching path of the packet set within a field subspace, reuses the searching result for the classification of the subsequent packets in the same field subspace, and reduces the cache hit-miss penalty. According to state changes of the cache by the fluctuation of network traffic, the algorithm introduces a self-adaptive cache scheme to guarantee effectively the cache hit ratio, which adjusts dynamically the granularity and structure of the cache, and locations of cache items in hash buckets. Furthermore, CSAC does not need the preprocessing phase required by most of heuristic algorithms, and it supports multi-field complex rules (such as layer 4-7 fields, logic match operation, etc.) and increment update of rule set. It is suitable for applications with various packet classification requirements, such as network edge security, traffic audit and load balancing, etc. Some firewall and IDS appliances using CSAC have favorable performance in actual network environment.

Yaxuan Qi,Jun Li

2006-01-01

Abstract:Multidimensional Packet Classification is one of the most critical functions for network security devices such as firewalls and intrusion detection systems. Due to the worst case bounds found in computational geometry, most of the existing algorithms for multidimensional packet classification trade memory usage for search speed in order to achieve better overall performance. Although some of these algorithms are proved to be efficient on small number of classification rules, they scale poorly in either search time or memory usage when the number of rules grows. In this paper, we propose an efficient hybrid algorithm named sBits, which combines the advantages of two best existing algorithms, RFC and HiCuts. Compared to RFC and HiCuts, sBits uses 10 to 400 times less memory storage and 30% to 50% less time in worst case search. sBits also reduces the heavy computational burden in pre-processing. Its full update time is 10 to 100 times less than RFC and HiCuts.

Wenjun Li,Xianfeng Li,Hui Li,Gaogang Xie

DOI: https://doi.org/10.1109/infocom.2018.8485947

2018-01-01

Abstract:Efficient algorithmic solutions for multi-field packet classification have been a challenging problem for many years. This problem is becoming even worse in the era of Software Defined Network (SDN), where flow tables with increasing complexities are playing a central role in the forwarding plane of SDN. In this paper, we first conduct an unprecedented in-depth reasoning on issues that led to the unsuccess of the major quests for scalable algorithmic solutions. With the insights obtained, we propose a practical framework called CutSplit, which can exploit the benefits of cutting and splitting techniques adaptively. By addressing the central problem caused by uncontrollable rule replications suffered by the major efforts, CutSplit not only pushes the performance of algorithmic packet classification more closely to hardware-based solutions, but also reduces the memory consumption to a practical level. Moreover, our work achieves low pre-processing time for rule updates, a problem that has long been ignored by previous decision-trees, but is becoming more relevant in the context of SDN due to frequent updates of rules. Experimental results show that using ClassBench, CutSplit achieves a memory reduction over 10 times, as well as 3x improvement on performance in terms of the number of memory access on average.