Yi-fan HE,Guo-yin XU,Hai-bin SHEN

DOI: https://doi.org/10.3969/j.issn.1005-9490.2007.01.042

2007-01-01

Abstract:In order to improve the performance of pattern-matching module in NIDS, an efficient engine for multi-gigabit rate, line-speed pattern-matching is proposed after analyzing a large amount of related work. By grouping and evenly storing patterns into CAM or TCAM according to their lengths and amount, as well as using payload-switching technique, this engine not only reaches multi-gigabit rate performance, but also has high storage efficiency. System performance can be improved further by using multiple process modules in parallel. In a 200 MHz Clock implementation, system throughput can reach more than 6 Gbit/s.

Ransheng Shen,Xianfeng Li,Hui Li

DOI: https://doi.org/10.1007/s11227-014-1109-x

2014-01-01

Abstract:Packet classification is implemented in modern network routers for providing differentiated services based on packet header information. Traditional packet classification only reports a single matched rule with the highest priority for an incoming packet and takes an action accordingly. With the emergence of new Internet applications such as network intrusion detection system, all matched rules need to be reported. This multi-match problem is more challenging and is attracting attentions in recent years. Because of the stringent time budget on classification, architectural solutions using ternary content addressable memory (TCAM) are the preferred choice for backbone network routers. However, despite its advantage on search speed, TCAM is much more expensive than SRAM, and is notorious for its extraordinarily high power consumption. These problems limit the application and scalability of TCAM-based solutions. This paper presents a tree-based multi-match packet classification technique combining the benefits of both TCAMs and SRAMs. The experiments show that the proposed solution achieves significantly more savings on both memory space and power consumption on packet matching compared to existing solutions.

Shen Ransheng,Li Xianfeng,Li Hui

DOI: https://doi.org/10.1109/PDCAT.2012.19

2012-01-01

Abstract:Modern network routers provide differentiated services for incoming network packets based on classification, where the packet header is compared against a rule set for matching. Traditional packet classification only reports a single matched rule with the highest priority in case of multiple matched ones. With the emergence of new applications such as network intrusion detection system (NDIS), all matched rules need to be reported. This multi-match problem is more challenging and is getting higher attention in recent years. Because of the stringent time budget on classification, architectural solutions using Ternary Content Addressable Memory (TCAM) attract more attention than software solutions for backbone network routers. However, despite its advantage on search speed, TCAM is much more expensive than SRAM, and is notorious for its extraordinarily high power consumption. These problems limit the application and scalability of TCAM solutions. This paper presents a novel tree-based hybrid TCAM+SRAM solution for the purposes of both TCAM space reduction and power saving. The experiments show that the proposed solution achieves significantly more savings on both memory space and power consumption on packet matching than existing solutions. © 2012 IEEE.

Ruan Zhao,Li Xianfeng,Li Wenjun

DOI: https://doi.org/10.1109/tencon.2013.6718883

2013-01-01

Abstract:Network packet classification is a key functionality provided by modern routers enabling many new network applications such as quality of service, access control and differentiated services. Using ternary content addressable memories (TCAMs) to perform high-speed packet classification has become the de facto standard in industry. However, despite their high speed, one major drawback of TCAMs is their high power consumption. Although SmartPC, the state-of-the-art technique, was proposed to reduce power consumption by constructing a pre-classifier to activate TCAM blocks selectively, its bottom-up approach restricts its ability of grouping rules into disjoint TCAM blocks. In this paper, we propose a top-down approach for two-stage TCAM-based packet classification. The novelty of our work is the intelligent combination of software-based packet classification with TCAM-based techniques. We start by constructing a set of decision-trees for the packet classification rules, which enable the subsequent steps an excellent global view on the relationships among rules. The decision-trees are then mapped to TCAM blocks with flexible heuristics. Our top-down framework addresses the bottlenecks (the number of general rules, which have to be activated unconditionally every time) of SmartPC very effectively. Using ClassBench in our experimentations, we show that our technique is able to restrict the number of general rules to just 1% of the overall rule set. This leads to a dramatic power reduction of up to 98%, and 96% on average, which significantly outperforms SmartPC.

Yang Xu,Zhaobo Liu,Zhuoyuan Zhang,H. Jonathan Chao

DOI: https://doi.org/10.1145/1882486.1882537

2009-01-01

Abstract:ABSTRACTThe emergence of new network applications like network intrusion detection system, packet-level accounting, and load-balancing requires packet classification to report all matched rules, instead of only the best matched rule. Although several schemes have been proposed recently to address the multi-match packet classification problem, most of them require either huge memory or expensive Ternary Content Addressable Memory (TCAM) to store the intermediate data structure, or suffer from steep performance degradation under certain types of classifiers. In this paper, we decompose the operation of multi-match packet classification from the complicated multi-dimensional search to several single-dimensional searches, and present an asynchronous pipeline architecture based on a signature tree structure to combine the intermediate results returned from single-dimensional searches. By spreading edges of the signature tree in multiple hash tables at different stages of the pipeline, the pipeline can achieve a high throughput via the inter-stage parallel access to hash tables. To exploit further intra-stage parallelism, two edge-grouping algorithms are designed to evenly divide the edges associated with each stage into multiple work-conserving hash tables with minimum overhead. Extensive simulation using realistic classifiers and traffic traces shows that the proposed pipeline architecture outperforms HyperCut and B2PC schemes in classification speed by at least one order of magnitude, while with a similar storage requirement. Particularly, with different types of classifiers of 4K rules, the proposed pipeline architecture is able to achieve a throughput between 19.5 Gbps and 91 Gbps.

Zhen Xu,Jun Zhang,Liyang Rui,Jun Sun

DOI: https://doi.org/10.1007/s11767-006-0165-7

2008-01-01

Journal of Electronics (China)

Abstract:The feature of Ternary Content Addressable Memories (TCAMs) makes them particularly attractive for IP address lookup and packet classification applications in a router system. However, the limitations of TCAMs impede their utilization. In this paper, the solutions for decreasing the power consumption and avoiding entry expansion in range matching are addressed. Experimental results demonstrate that the proposed techniques can make some big improvements on the performance of TCAMs in IP address lookup and packet classification.

Kai Zheng,Hao Che,Wang, Z.,Bin Liu

DOI: https://doi.org/10.1109/INFCOM.2005.1497900

2005-01-01

Abstract:Packet classification (PC) has been a critical data path function for many emerging networking applications. An interesting approach is the use of TCAM to achieve deterministic, high speed PC However, apart from high cost and power consumption, due to slow growing clock rate for memory technology in general, PC based on the traditional single TCAM solution has difficulty to keep up with fast growing line rates. Moreover, the TCAM storage efficiency is largely affected by the need to support rules with ranges, or range matching. In this paper, a distributed TCAM scheme that exploits chip-level-parallelism is proposed to greatly improve the PC throughput. This scheme seamlessly integrates with a range encoding scheme, which not only solves the range matching problem but also ensures a balanced high throughput performance. Using commercially available TCAM chips, the proposed scheme achieves PC performance of more than 100 million packets per second (Mpps), matching OC768 (40 Gbps) line rate.

Kai Zheng,Hao Che,Zhijun Wang,Bin Liu,Xin Zhang

DOI: https://doi.org/10.1109/TC.2006.123

IF: 3.183

2006-01-01

IEEE Transactions on Computers

Abstract:Packet classification has been a critical data path function for many emerging networking applications. An interesting approach is the use of ternary content addressable memory (TCAM) to achieve deterministic, high-speed packet classification performance. However, apart from high cost and power consumption, due to slow growing clock rate for memory technology, in general, the traditional single TCAM-based solution has difficulty to keep up with fast growing line rates. Moreover, the TCAM storage efficiency is largely affected by the need to support rules with ranges or range matching. In this paper, a distributed TCAM scheme that exploits chip-level-parallelism is proposed to greatly improve the throughput performance. This scheme seamlessly integrates with a range encoding scheme which not only solves the range matching problem, but also ensures a balanced high throughput performance. A thorough theoretical worst-case analysis of throughput, processing delay, and power consumption, as well as the experimental results show that the proposed solution can achieve scalable throughput performance matching up to OC768 line rate or higher. The added TCAM storage overhead is found to be reasonably small for the five real-world classifiers studied

Yang Xu,Zhaobo Liu,Zhuoyuan Zhang,H. Jonathan Chao

DOI: https://doi.org/10.1109/tnet.2013.2270441

2014-01-01

IEEE/ACM Transactions on Networking

Abstract:The emergence of new network applications, such as the network intrusion detection system and packet-level accounting, requires packet classification to report all matched rules instead of only the best matched rule. Although several schemes have been proposed recently to address the multimatch packet classification problem, most of them require either huge memory or expensive ternary content addressable memory (TCAM) to store the intermediate data structure, or they suffer from steep performance degradation under certain types of classifiers. In this paper, we decompose the operation of multimatch packet classification from the complicated multidimensional search to several single-dimensional searches, and present an asynchronous pipeline architecture based on a signature tree structure to combine the intermediate results returned from single-dimensional searches. By spreading edges of the signature tree across multiple hash tables at different stages, the pipeline can achieve a high throughput via the interstage parallel access to hash tables. To exploit further intrastage parallelism, two edge-grouping algorithms are designed to evenly divide the edges associated with each stage into multiple work-conserving hash tables. To avoid collisions involved in hash table lookup, a hybrid perfect hash table construction scheme is proposed. Extensive simulation using realistic classifiers and traffic traces shows that the proposed pipeline architecture outperforms HyperCuts and B2PC schemes in classification speed by at least one order of magnitude, while having a similar storage requirement. Particularly, with different types of classifiers of 4K rules, the proposed pipeline architecture is able to achieve a throughput between 26.8 and 93.1 Gb/s using perfect hash tables.

Longlong Zhu,Jiashuo Yu,Long Huang,Linying Zheng,Jinpfeng Pan,Zhengyan Zhou,Hanze Chen,Dong Zhang,Xiang Chen,Chunming Wu

DOI: https://doi.org/10.1109/icc45041.2023.10278977

2023-01-01

Abstract:Packet classification is a crucial component in computer networking. To achieve high throughput and low memory consumption, existing solutions apply different heuristics in each construction stage to build efficient decision trees. However, previous studies divide the tree construction process based on the scale of rule subsets which is indirect to the performance goal, leading to massive rule replication and high tree depth. In this paper, we propose MiCuts, a fine-grained framework for packet classification with both high speed and low memory footprint. Its key idea is directly utilizing rule replication and tree depth to divide the tree-building process into three stages, each with suitable optimization goals. First, it partitions rules and builds shallow semi-trees without rule replication via selecting effective bits. Second, it transforms the switching problem of heuristics into an ILP problem and aims to minimize memory consumption while ensuring high lookup speed. Third, it merges some nodes to eliminate memory explosion caused by splitting, where MiCuts combines splitting and linear search. Extensive experimental results on ClassBench show that MiCuts outperforms state-of-the-art approaches, improving lookup speed by 1.71× while reducing memory footprint by 74.4% on average.

Xianfeng Li,Yuanxin Lin,Wenjun Li

DOI: https://doi.org/10.1109/iccnc.2016.7440722

2016-01-01

Abstract:Ternary Content Addressable Memory (TCAM) is the de-facto standard device used for high-speed packet classification. Despite its capability for line-speed queries, it is very power hungry and area inefficient The latest TCAM devices by leading vendors come with an power saving mechanism where a subset of its TCAM blocks can be selectively activated. Recent research efforts exploit this feature to reduce power consumption with pre-classification steps. However, the state-of-the-art technique achieves power savings at the expense of poor utilization of TCAM capacity, and the potential of power reduction is not fully exploited in many cases. In this paper, we propose GreenTCAM, an optimized two-stage design for TCAM-based packet classification. Based on common characteristics of rule sets, our design is able to group rules more compactly into TCAM blocks, and activates a minimum subset of these blocks for each incoming packet. Experimental results show that our design achieves a 93.6% power reduction with a TCAM storage overhead of only 5.6% on average.

Qiuping Dai,Hui Li

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2018.00052

2018-01-01

Abstract:Packet classification (PC) plays an important role in many networking services on the Internet including security, quality of service provisioning, virtual private networking, monitoring and multimedia communications. It is often a performance bottleneck for routers for they need to classify every packet. To meet the demand for high-speed packet classification, Ternary Content Addressable Memories (TCAMs) could be a good solution. However, storing ranges in TCAMs suffers from the well-known range-to-prefix blowout problem. In this paper, we first introduce an advanced TCAM-SRAM architecture to reduce the number of prefixes needed to represent all ranges. And then we provide new upper bounds on TCAM worst-case rule expansion. With the suggested scheme, a W-bit range can be encoded in 2[w_b+1]/2 TCAM entries. Lastly, we do some simulations based on random and real-world rule sets to show that the proposed solution performs better than the existing algorithms in terms of the number of TCAM entries.

Qunfeng Dong,Suman Banerjee,Jia Wang,Dheeraj Agrawal,Ashutosh Shukla

DOI: https://doi.org/10.1145/1140103.1140313

2006-01-01

ACM SIGMETRICS Performance Evaluation Review

Abstract:Serving as the core component in many packet forwarding, differentiating and filtering schemes, packet classification continues to grow its importance in today's IP networks. Currently, most vendors use Ternary CAMs (TCAMs) for packet classification. TCAMs usually use brute-force parallel hardware to simultaneously check for all rules. One of the fundamental problems of TCAMs is that TCAMs suffer from range specifications because rules with range specifications need to be translated into multiple TCAM entries. Hence, the cost of packet classification will increase substantially as the number of TCAM entries grows. As a result, network operators hesitate to configure packet classifiers using range specifications. In this paper, we optimize packet classifier configurations by identifying semantically equivalent rule sets that lead to reduced number of TCAM entries when represented in hardware. In particular, we develop a number of effective techniques, which include: trimming rules, expanding rules, merging rules, and adding rules. Compared with previously proposed techniques which typically require modifications to the packet processor hardware, our scheme does not require any hardware modification, which is highly preferred by ISPs. Moreover, our scheme is complementary to previous techniques in that those techniques can be applied on the rule sets optimized by our scheme. We evaluate the effectiveness and potential of the proposed techniques using extensive experiments based on both real packet classifiers managed by a large tier-1 ISP and synthetic data generated randomly. We observe significant reduction on the number of TCAM entries that are needed to represent the optimized packet classifier configurations.

Dibei Chen,Zhaoshi Li,Tianzhu Xiong,Zhiwei Liu,Jun Yang,Shouyi Yin,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.1109/MICRO50266.2020.00038

2020-01-01

Abstract:TCAM (Ternary Content-Addressable Memory) is the essential component for high-speed packet classification in modern hardware switches. However, due to its relatively slow update process, recent advances in Software-Defined Network (SDN) regard them as the bottleneck to the agile deployment of network services. Rule installation in commodity switches suffers from non-deterministic delays, ranging from a few milliseconds to nearly half a second. The crux of the problem is that TCAM prioritizes rules based on physical addresses. Corresponding entries have to be reallocated according to the priority of an incoming rule, such that the insertion delay grows linearly with the number of existing rules in a TCAM. In this paper, we present Constant-time Alteration Ternary CAM (CATCAM) that can accomplish both lookup queries and update requests for packet classification in a few nanoseconds. The key to fast update is to decouple rule priorities from physical addresses. We propose a matrix-based priority encoding scheme that records the priority relation between rules and can be implemented in 8T SRAM arrays with the emerging Processing In-Memory (PIM) technique. CATCAM also comes with a hierarchical architecture to scale out, its interval-based scheduling scheme guarantees deterministic update performance in all scenarios. CATCAM is developed under full-custom design in the 28 nm process. Evaluation across benchmark workloads shows that CATCAM provides at least three orders of magnitude speedup over state-of-the-art TCAM update algorithms and offers equivalent search capability to conventional TCAM while incurring 0.3% power and 20% area overhead.

Rihua Wei,Yang Xu,H. Jonathan Chao

DOI: https://doi.org/10.1109/tnet.2015.2402093

2016-01-01

IEEE/ACM Transactions on Networking

Abstract:Packet classification is one of the major challenges today in designing high-speed routers and firewalls, as it involves sophisticated multi-dimensional searching. Ternary content addressable memory (TCAM) has been widely used to implement packet classification, thanks to its parallel search capability and constant processing speed. However, TCAMs have limitations of high cost and high power consumption, which ignite the desire to reduce TCAM usage. Recently, many works have been presented on this subject due to two opportunities. One is the well-known range expansion problem for packet classifiers to be stored in TCAM entries. The other is that there often exists redundancy among rules. In this paper, we propose a novel technique called Block Permutation (BP) to compress the packet classification rules stored in TCAMs. Unlike previous schemes that compress classifiers by converting the original classifiers to semantically equivalent classifiers, the BP technique innovatively finds semantically nonequivalent classifiers to achieve compression by performing block-based permutations on the rules represented in Boolean Space. We have developed an efficient heuristic approach to find permutations for compression and have designed its hardware implementation by using a field-programmable gate array (FPGA) to preprocess incoming packets. Our experiments with ClassBench classifiers and Internet Service Provider (ISP) real-life classifiers show that the proposed BP technique can significantly reduce 31.88% TCAM entries on average, in addition to the reduction contributed by other state-of-the-art schemes.

Xianfeng Li,Yuanxin Lin

DOI: https://doi.org/10.1109/glocom.2016.7842313

2016-01-01

Abstract:Packet classification is an indispensable yet challenging functionality of modern network devices. Despite more than fifteen years of research, algorithmic solutions still fall short of meeting the line-speed of high performance routers or switches. As a result, the industry is still relying on TCAM-based hardware solutions for parallel lookups. SAX-PAC, a recently proposed hybrid framework, uses a TCAM much smaller than pure TCAM-based technique to accommodate part of the classification rules, and handles the rest of rules with algorithmic lookups. However, the worst-case performance of SAX-PAC is O(log N), which scales with the size of the rule set, thus the line-speed requirement cannot be guaranteed. In this paper, we propose TaPaC, an algorithmic framework assisted by two very small TCAMs, which are used for handling two difficult problems observed by this work. Under this framework, we are able to bound the worst-case performance irrespective of the rule sets. In the meantime, TaPaC is also more memory efficient than existing techniques. Our experimental results show that using ClassBench, the TCAM requirement of TaPaC is two orders of magnitude less than a pure TCAM-based solution, and an order of magnitude less than what SAX-PAC needs. Furthermore, the decisiontrees generated all have short and bounded heights, leading to bounded worst-case performance. Compared to state-of-the-art algorithmic solutions, TaPaC achieves a memory reduction over 200% on average. In essence, TaPaC provides a new algorithmic packet classification technique with the performance comparable to a pure TCAM-based solution, but without the problems of TCAM-based solutions.

Longlong Zhu,Jiashuo Yu,Long Huang,Hang Lin,Kaiwei Huang,Zhengyan Zhou,Dong Zhang,Xiang Chen,Chunming Wu

DOI: https://doi.org/10.1109/iwqos61813.2024.10682869

2024-01-01

Abstract:Tuple space search(TSS)-based packet classification is the keystone of network system. Previous studies accelerate TSS by partitioning tuples, combining trees and tuples, and merging tuples. However, they do not scale with the number of rules, resulting in a high memory footprint or update time. In this paper, we propose TupleRadar, a framework for accelerating TSS while ensuring low memory footprint and fast rule updates. Our key idea is to construct learned indexes for tuples, which inherently improve the lookup speed but ensure the advantages of TSS. Specifically, TupleRadar builds orderly hash table-based tuples and then constructs the updatable learned index. It provides a bounded memory footprint of the index structure as well. We have evaluated TupleRadar on multiple scales rule-sets. Experimental results show that TupleRadar outperforms previous solutions, reducing 46.66% lookup time and 61.53% memory footprint on average, by up to 86.70% and 88.95%. It also performs a competitive rule update speed.

D Pao,YK Li,P Zhou

DOI: https://doi.org/10.1109/icact.2006.206010

2006-01-01

Abstract:Multi-field packet classification is necessary to support advanced Internet functions, such as network security, quality of service provisioning, traffic policing, virtual private networking, etc. Ternary content addressable memory (TCAM) is currently the dominant solution method used by the industry because of its speed and the simplicity of filter table management. High cost and high power consumption are the two major drawbacks of TCAM-based lookup engines. Adoption of IPv6 with increased address length will further exacerbate the challenges. In this paper, we present a filter encoding method, called prefix inclusion coding (PIC) to improve the efficiency of TCAM-based lookup engines. Filters are stored in an encoded format to reduce storage requirement. Codeword assignment in PIC preserves the inclusion relationship among prefixes/ranges. By doing so, a prefix will be represented by a single codeword, and unnecessary filter replication can be avoided. Codeword lookup is equivalent to finding the longest matching prefix in the codeword table. Hence, a pure-TCAM lookup engine can be built without the needs of other semi-custom ASICs in the system. Our method can reduce the TCAM storage requirement by 70% to over 90%. The reduction in TCAM storage requirement also helps to alleviate the high power dissipation problem. The proposed method can be applied to both IPv4 and IPv6

DONG XIAOMING,LIN CHUANG,CHEN ZHEN

DOI: https://doi.org/10.3969/j.issn.1008-0570.2007.21.001

2007-01-01

Abstract:TCAM based hardware implementation method is the cornerstone in high speed packet classification.But the memory in TCAM is very expensive and this method has a prerequisite that range match must be resolute into prefix rule match.Always such conversion will result in the rule space exploding.This paper presents a new method to reduce the rule space by inserting specific new rules.such method conflicts free with the direct change,so they can be applied together.Using this way to process the rule set,The results present that the space is effectively reduced.

Xianzhong Ding,Zhiyong Zhang,Zhiping Jia,Lei Ju,Mengying Zhao,Huawei Huang

DOI: https://doi.org/10.1145/3140582.3081034

2017-01-01

Abstract:Software-Defined Networking (SDN) allows controlling applications to install fine-grained forwarding policies in the underlying switches. Ternary Content Addressable Memory (TCAM) enables fast lookups in hardware switches with flexible wildcard rule patterns. However, the performance of packet processing is severely constrained by the capacity of TCAM, which aggravates the processing burden and latency issues. In this paper, we propose a hybrid TCAM architecture which consists of NVM-based TCAM (nvTCAM) and SRAM-based TCAM (sTCAM), utilizing nvTCAM to cache the most popular rules to improve cache-hit-ratio while relying on a very small-size sTCAM to handle cache-miss traffic to effectively decrease update latency. Considering the special rule dependency, we present an efficient Rule Migration Replacement (RMR) policy to make full utilization of both nvTCAM and sTCAM to obtain better performance. Experimental results show that the proposed architecture outperforms current TCAM architectures.