Longlong Zhu,Jiashuo Yu,Long Huang,Linying Zheng,Jinpfeng Pan,Zhengyan Zhou,Hanze Chen,Dong Zhang,Xiang Chen,Chunming Wu

DOI: https://doi.org/10.1109/icc45041.2023.10278977

2023-01-01

Abstract:Packet classification is a crucial component in computer networking. To achieve high throughput and low memory consumption, existing solutions apply different heuristics in each construction stage to build efficient decision trees. However, previous studies divide the tree construction process based on the scale of rule subsets which is indirect to the performance goal, leading to massive rule replication and high tree depth. In this paper, we propose MiCuts, a fine-grained framework for packet classification with both high speed and low memory footprint. Its key idea is directly utilizing rule replication and tree depth to divide the tree-building process into three stages, each with suitable optimization goals. First, it partitions rules and builds shallow semi-trees without rule replication via selecting effective bits. Second, it transforms the switching problem of heuristics into an ILP problem and aims to minimize memory consumption while ensuring high lookup speed. Third, it merges some nodes to eliminate memory explosion caused by splitting, where MiCuts combines splitting and linear search. Extensive experimental results on ClassBench show that MiCuts outperforms state-of-the-art approaches, improving lookup speed by 1.71× while reducing memory footprint by 74.4% on average.

Yaxuan Qi,Lianghong Xu,Baohua Yang,Yibo Xue,Jun Li

DOI: https://doi.org/10.1109/infcom.2009.5061972

2009-01-01

Abstract:During the past decade, the packet classification problem has been widely studied to accelerate network applications such as access control, traffic engineering and intrusion detection. In our research, we found that-although a great number of packet classification algorithms have been proposed in recent years, unfortunately most of them stagnate in mathematical analysis or software simulation stages and few of them have been implemented in commercial products as a generic solution. To fill the gap between theory and practice, in this paper, we propose a novel packet classification algorithm named HyperSplit. Compared to the well-known HiCuts and HSM algorithms, HyperSplit achieves superior performance in terms of classification speed, memory usage and preprocessing time. The practicability of the proposed algorithm is manifested by two facts in our test: HyperSplit is the only algorithm that can successfully handle all the rule sets; HyperSplit is also the only algorithm that reaches more than 6Gbps throughput on the Octeon3860 multi-core platform when tested with 64-byte Ethernet packets against 10K ACL rules.

Longlong Zhu,Jiashuo Yu,Jiayi Cai,Jinfeng Pan,Zhigao Li,Zhengyan Zhou,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/iwqos54832.2022.9812915

2022-01-01

Abstract:To perform efficient packet classification, decision tree-based methods conduct decision trees via hand-tuned heuristics. Then the performance testing and optimization are executed to ensure an excellent searching speed and space overhead. Specifically, when the performance is below expectation, existing solutions attempt to optimize the algorithms, such as conducting more sophisticated heuristics. However, reconstruction or adjustment for algorithms produces an intolerable time overhead due to the long optimization period, caused by uncertain performance benefits and high pre-processing time. In this paper, we propose FROD, an efficient framework for optimizing the decision trees directly in packet classification. FROD raises a meticulous evaluation to accurately appraise decision trees constructed by different heuristics. It then seeks out the bottleneck components via a lightweight heuristic. After that, FROD searches the optimal division for inferior components considering structural constraints and characteristics of traffic distribution. Evaluation on ClassBench shows that FROD benefits existing decision tree-based solutions in classification time by 41% and memory footprint by 19% on average, and reduces classification time by up to 64%.

Yaxuan Qi,Jun Li

2006-01-01

Abstract:Multidimensional Packet Classification is one of the most critical functions for network security devices such as firewalls and intrusion detection systems. Due to the worst case bounds found in computational geometry, most of the existing algorithms for multidimensional packet classification trade memory usage for search speed in order to achieve better overall performance. Although some of these algorithms are proved to be efficient on small number of classification rules, they scale poorly in either search time or memory usage when the number of rules grows. In this paper, we propose an efficient hybrid algorithm named sBits, which combines the advantages of two best existing algorithms, RFC and HiCuts. Compared to RFC and HiCuts, sBits uses 10 to 400 times less memory storage and 30% to 50% less time in worst case search. sBits also reduces the heavy computational burden in pre-processing. Its full update time is 10 to 100 times less than RFC and HiCuts.

Jiashuo Yu,Long Huang,Longlong Zhu,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/ISCC58397.2023.10218304

2023-01-01

Abstract:Packet classification is an essential part of computer networks. Existing algorithms propose a partition process to address the memory explosion problem of the decision tree algorithm caused by the huge number of rules with multiple fields. However, the search process requires traversing multiple trees generated by the partition, which reduces the search efficiency. The existing algorithms take simple approaches to optimize the search process, which is low efficiency or high hardware overhead. In this paper, we propose DTRadar, a framework for expediting the decision tree packet lookup process. Its key idea is building an abstract One-Big-Tree(OBT) for multiple decision trees by establishing the middle data structure. DTRadar considers each decision tree as a splittable tree and organizes these subtrees by intermediate data structures. Extensive experiments show that DTRadar benefits existing decision tree-based solutions in classification time by 61.60%, and the memory footprint only increased by 4.21% on average.

Yaxuan Qi,Jun Li

2006-01-01

Abstract:A variety of network security services, such as access control in firewalls and protocol analysis in intrusion detection systems, require the discrimination of packets based on the multiple fields of packet header, which is called Multidimensional Packet Classification. In this paper, we propose a very effective packet classification algorithm called Extended Multidimensional Cuttings, ExCuts in short. As an extension of HyperCuts, which is the best-known existing decision tree algorithm, ExCuts refines the node merging mechanism using a two-step discontiguous space aggregation scheme, which minimizes the number of child nodes. To further reduce the memory usage of the decision tree structure, ExCuts adopts a bit string mapping scheme to compress the large pointer arrays in internal nodes. Due to the significant memory reduction, ExCuts is able to pick a fixed number of cuttings and thus provides explicit worst-case search time. Experimental results show that ExCuts outperforms the best result of existing algorithms on both real-life rulesets and synthetic classifiers.

Chengjun Jia,Chenglong Li,Yifan Li,Xiaohe Hu,Jun Li

DOI: https://doi.org/10.1109/infocomwkshps54753.2022.9798326

2022-01-01

Abstract:Multi-field packet classification plays a critical role in a modern computer network. Many algorithms are designed, but the analysis of the rule sets is insufficient. In this paper, we analyze the rule sets from the aspect of rule overlapping with the tools from graph theory and network verification. The correctness of some designs is confirmed, such as the partition is necessary. We also propose a patch, PCG, based on our observation that most rules are at the top. PCG can apply to various algorithms to further improve the classification performance. We evaluate PCG on a state-of-art algorithm, CutSplit, and find that PCG introduces about 20% throughput improvement.

Fengjun Shang,Xuezeng Pan

2007-01-01

Journal of Computational Information Systems

Abstract:The process of categorizing packets into 'flows' in an Internet router is called packet classification. All packets belonging to the same flow obey a pre-defined rule and are processed in a similar manner by the router. In general, packet classification on multiple fields is a difficult problem. In this paper, an algorithm is proposed called Hash Packet Classification based on Non-collision Hash and XOR Hash (NHXH). The NHXH algorithm introduces XOR operation to obtain a hash key value. The computation of an NHXH algorithm key value consists of three steps. Firstly, the non-collision hash function is structured, which is constructed mainly based on destination/source port and protocol type field so that the hash function usually can avoid space explosion problem. Secondly, the source/destination IP pairs are concatenated and then dividing the packet header into 4 chunks, each of which has 16bits in size. Thirdly, each chunk is mapped into stochastic space and XOR operation on the random number mapped 4 chunks. Because the stochastic space follows even distribution after XORing operation so that its collision rate is limitary. Lastly, every rule index is found in order to ensure the validity so that the final rule index is acquired. The test results show that the classification rate of NHXH algorithm is up to 2 million packets per second and the maximum memory consumed is 8MB for 10000 rules.

Wenjun Li,Xianfeng Li

DOI: https://doi.org/10.1109/tencon.2013.6718858

2013-01-01

Abstract:Network packet classification is an important functionality provided by modern Internet routers for enabling many network applications such as quality of service, security and differentiated services. Decision-tree based schemes are the most well-known algorithmic solutions for packet classification. But most of them, such as HiCuts and HyperCuts, suffer from memory explosion problem due to uncontrolled rule replications. EffiCuts, a state-of-the-art decision-tree technique, was proposed to reduce memory consumption at the cost of excessive memory accesses. Therefore, these decision-tree based approaches are either memory or performance inefficient, falling short of the needs of high-speed networks. In this paper, we propose HD-Cuts, a scalable decision-tree based packet classification using hybrid and dynamic cuttings to improve storage and performance simultaneously. Using ClassBench, we show that HD-Cuts achieves similarly excellent memory reduction as EffiCuts, but the performance of HD-Cuts is significantly better than EffiCuts in terms of memory accesses. In addition, HD-Cuts is more practical for implementation than EffiCuts.

Yaxuan Qi,Yibo Xue,Jun Li

DOI: https://doi.org/10.1016/s1007-0214(11)70062-1

2011-01-01

Tsinghua Science & Technology

Abstract:Packet classification is crucial to the implementation of advanced network services that require the capability to distinguish traffic in different flows, such as access control in firewalls and protocol analysis in intrusion detection systems. This paper proposes a novel packet classification algorithm optimized for multi-core network processors. The proposed algorithm, AggreCuts, has an explicit worst-case search time with modest memory usage. The data structure of AggreCuts is flexible and well-adapted to different types of multi-core platforms. The algorithm on both Intel IXP2850 32-bit and Cavium OCTEON3860 64-bit multi-core platforms was implemented to evaluate the performance of AggreCuts. The experimental results show that AggreCuts outperforms the best-known existing algorithm in terms of memory usage and classification speed.

Baohua Yang,Xiang Wang,Yibo Xue,Jun Li

DOI: https://doi.org/10.1109/ICPADS.2009.53

2009-01-01

Abstract:Packet classification is one of the most critical techniques in many network devices such as firewall, IDS and IPS, etc. In order to meet the performance requirement for high speed Internet (even higher than 10 Gbps), practical algorithms must keep better spatial and temporal performance. Moreover, as the size of rule set is increasing to tens of thousands, novel packet classification algorithms must have good scalability. In this paper, we propose a novel packet classification algorithm named DBS (discrete bit selection) which takes a bit level heuristic design to partition the rule set effectively. To the best of our knowledge, DBS is the first try to design a heuristic classification algorithm at bit-level. To evaluate the performance of our algorithm, DBS is deployed on a popular multi-core network processor platform, compared with two existing well-known algorithms. Experimental results show that DBS achieves 300% higher throughput than HiCuts and HSM, while the memory requirement is reduced to about 10% averagely. DBS works well especially with large rule set (10K), which trends a good scalability.

Long Huang,Longlong Zhu,Jiashuo Yu,Xinyang Chen,Linying Zheng,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/lcn60385.2024.10639711

2024-01-01

Abstract:Packet classification is a crucial component of modern networks. Existing decision tree-based algorithms alleviate the rule replication problem caused by overlapping rules in the ruleset via rule partitioning. They partition the ruleset into multiple subsets based on rule characteristics to reduce rule overlaps. However, existing algorithms fail to address the overlap between rules in the same set, seriously decreasing speed and memory performance. In this paper, we propose DOT, a framework for optimizing rule partitions before constructing decision trees. Its key idea is to migrate rules in subsets based on rule overlaps and the features of heuristics used to construct trees, as well as reorganize rules aided by tuples. DOT finds out the migrated rule candidates using rule dependency graphs and heuristic features, then transforms the rule migration problem into an integer linear programming problem and solves for the optimal migration strategy. Further, we employ a tuple-assisted approach to accelerate rule matching. Experiments show that DOT enhances existing decision tree-based algorithms, improving lookup speed by 1.69 ×, reducing average 24.85% memory consumption and 31.03% decision tree depth.

Y Jiang,C Lin,JP Wu

DOI: https://doi.org/10.1109/icatm.2001.932081

2001-01-01

Abstract:Performance evaluation is one of the most important issues for packet scheduling algorithms. The algorithms will be varied with the performance criteria. Because the packet scheduling algorithm has multiple performance objectives, how to reach multiple objectives simultaneously is a difficult problem. This paper provides a set of integrated performance evaluation criteria from the network traffic control model, and the criteria integrate several objects, such as the network performance, user's QoS requirement and system fairness. Then it is discussed and analyzed in detail. Moreover, the integrated performance evaluating criteria can be applied to performance evaluation and improvement in network traffic control strategy and algorithms

Wenjun Li,Xianfeng Li

DOI: https://doi.org/10.1109/mines.2013.70

2013-01-01

Abstract:Packet classification is an important building block of modern Internet routers for enabling many network applications. Decision-tree is one of the most well-known algorithmic approaches for packet classification. Classic decision-tree based algorithms, such as HiCuts and Hyper Cuts, suffer from memory explosion problem due to uncontrolled rule replications. EffiCuts, a state-of-the-art decision-tree technique, was proposed to reduce memory consumption at the cost of excessive memory accesses and difficulty of practical implementation. Therefore, these decision-tree algorithmic approaches are either memory or performance inefficient. In this paper, we propose a scheme called Dynamic and Hierarchical Intelligent Cuttings (D-HiCuts) to solve multi-field packet classification problem. Using Class Bench, we show that D-HiCuts achieves similarly excellent memory reduction as EffiCuts, but it outperforms EffiCuts significantly in terms of memory accesses for packet classification.

Zhi Liu,Shijie Sun,Hang Zhu,Jiaqi Gao,Jun Li

DOI: https://doi.org/10.1016/j.comcom.2017.05.001

IF: 5.047

2017-01-01

Computer Communications

Abstract:Packet classification is one of the fundamental techniques required by various network management functionalities. As the state-of-the-art of software packet classification, decision-tree algorithms employ various geometrical cutting schemes to build optimized decision trees. However, existing cutting schemes cannot meet the desired performance on large rulesets because they sacrifice either classification speed or memory size by design. In this paper, we reveal the inefficiencies of current cutting schemes equi-sized cutting and equi-dense cutting and propose a new cutting scheme and its corresponding decision-tree algorithm, named "BitCuts". BitCuts achieves only 42%-59% the memory accesses of Hyper Split, HyperCuts and EffiCuts, the typical decision-tree algorithms. In addition, BitCuts accelerates child node indexing with bit-manipulation instructions, enabling fast tree traversal. A DPDK-based evaluation on the ACL10K ruleset shows that BitCuts achieves 2.0x - 2.2x the throughput of HyperSplit, HyperCuts and EffiCuts. Furthermore, BitCuts is the only algorithm that achieves 10 Gbps throughput with 3 cores. The memory consumption of BitCuts is only 12% of HyperCuts, 19% of EffiCuts, and is comparable to that of HyperSplit, which proves that BitCuts outperforms existing algorithms in achieving a good trade-off between speed and space. (C) 2017 Elsevier B.V. All rights reserved.

Yang Xu,Zhaobo Liu,Zhuoyuan Zhang,H. Jonathan Chao

DOI: https://doi.org/10.1145/1882486.1882537

2009-01-01

Abstract:ABSTRACTThe emergence of new network applications like network intrusion detection system, packet-level accounting, and load-balancing requires packet classification to report all matched rules, instead of only the best matched rule. Although several schemes have been proposed recently to address the multi-match packet classification problem, most of them require either huge memory or expensive Ternary Content Addressable Memory (TCAM) to store the intermediate data structure, or suffer from steep performance degradation under certain types of classifiers. In this paper, we decompose the operation of multi-match packet classification from the complicated multi-dimensional search to several single-dimensional searches, and present an asynchronous pipeline architecture based on a signature tree structure to combine the intermediate results returned from single-dimensional searches. By spreading edges of the signature tree in multiple hash tables at different stages of the pipeline, the pipeline can achieve a high throughput via the inter-stage parallel access to hash tables. To exploit further intra-stage parallelism, two edge-grouping algorithms are designed to evenly divide the edges associated with each stage into multiple work-conserving hash tables with minimum overhead. Extensive simulation using realistic classifiers and traffic traces shows that the proposed pipeline architecture outperforms HyperCut and B2PC schemes in classification speed by at least one order of magnitude, while with a similar storage requirement. Particularly, with different types of classifiers of 4K rules, the proposed pipeline architecture is able to achieve a throughput between 19.5 Gbps and 91 Gbps.

Yang Xu,Zhaobo Liu,Zhuoyuan Zhang,H. Jonathan Chao

DOI: https://doi.org/10.1109/tnet.2013.2270441

2014-01-01

IEEE/ACM Transactions on Networking

Abstract:The emergence of new network applications, such as the network intrusion detection system and packet-level accounting, requires packet classification to report all matched rules instead of only the best matched rule. Although several schemes have been proposed recently to address the multimatch packet classification problem, most of them require either huge memory or expensive ternary content addressable memory (TCAM) to store the intermediate data structure, or they suffer from steep performance degradation under certain types of classifiers. In this paper, we decompose the operation of multimatch packet classification from the complicated multidimensional search to several single-dimensional searches, and present an asynchronous pipeline architecture based on a signature tree structure to combine the intermediate results returned from single-dimensional searches. By spreading edges of the signature tree across multiple hash tables at different stages, the pipeline can achieve a high throughput via the interstage parallel access to hash tables. To exploit further intrastage parallelism, two edge-grouping algorithms are designed to evenly divide the edges associated with each stage into multiple work-conserving hash tables. To avoid collisions involved in hash table lookup, a hybrid perfect hash table construction scheme is proposed. Extensive simulation using realistic classifiers and traffic traces shows that the proposed pipeline architecture outperforms HyperCuts and B2PC schemes in classification speed by at least one order of magnitude, while having a similar storage requirement. Particularly, with different types of classifiers of 4K rules, the proposed pipeline architecture is able to achieve a throughput between 26.8 and 93.1 Gb/s using perfect hash tables.

Wenjun Li,Xianfeng Li

DOI: https://doi.org/10.1109/hoti.2013.12

2013-01-01

Abstract:Packet classification is an enabling function for a variety of Internet applications such as access control, quality of service and differentiated services. Decision-tree and decomposition are the most well-known algorithmic approaches. Compared to architectural solutions, both approaches are memory and performance inefficient, falling short of the needs of high-speed networks. EffiCuts, the state-of-the-art decision-tree technique, significantly reduces memory overhead of classic cutting algorithms with separated trees and equidense cuts. However, it suffers from too many memory accesses and a large number of separated trees. Besides, EffiCuts needs comparator circuitry to support equidense cuts, which makes it less practical. Decomposition based schemes, such as BV, can leverage the parallelism offered by modern hardware for memory accesses, but they have poor storage scalability. In this paper, we propose Hybrid Cuts, a combination of decomposition and decision-tree techniques that improves storage and performance simultaneously. The decomposition part of Hybrid Cuts has the benefits of traditional decomposition-based techniques without the trouble of aggregating results from a large number of bit vectors or a set of big lookup tables. Meanwhile, thanks to the clever partitioning of the rule set, an efficient cutting algorithm following the decomposition can build short decision trees with significant reduction on rule replications. Using Class Bench, we show that Hybrid Cuts achieves similar memory reduction compared to EffiCuts, but it outperforms EffiCuts significantly in terms of memory accesses for packet classification. In addition, Hybrid Cuts is more practical for implementation than EffiCuts, which maintains complicated data structures and requires special hardware support for efficient cuts.

Wei Li,Weibin Zheng,Juanjuan Lin,Xiaohong Guan,Ling Li,Sohail S. Chaudhry,Pan Wang,Yanping Liu

DOI: https://doi.org/10.1111/j.1468-0394.2010.00563.x

IF: 3.3

2010-01-01

Expert Systems

Abstract:Modern Internet routers have to handle a large number of packet classification rules, which requires classification schemes to be scalable both in time and space. In this paper, we present a scalable packet classification algorithm that is developed by combining two new concepts to the well-known bit vector (BV) scheme. We propose a range search method based on a cache-aware tree (CATree) which makes full use of processor's cache line to reduce the number of dynamic random access memory (DRAM) accesses. Theoretically, the number of DRAM accesses of CATree is about log(m + 1) times lower than that of the widely used binary search algorithm, where m is the number of keys in a single cache line. Based on our computational results on a set of 1024 keys, the CATree algorithm is 36% faster than binary search algorithm and the performance is better when applied to a larger set of keys. In addition, we develop a rule re-arrangement algorithm to reduce the bitmap space of BV. With this rearrangement, the rules for the same action may be assigned an identical priority. This reduces the number of priorities as well as the memory space of the bitmap. Furthermore, this also reduces the number of memory accesses and hence, increases the CPU cache utilization. With CATree and rule re-arrangement, the cache-aware bit vector with rule re-arrangement algorithm achieves better performance in comparison with the regular BV scheme, both in space and time. In our experiments, the proposed algorithm reduces the bitmap memory space of a practical set of firewall rules by two orders of magnitude and is 91% faster than the regular BV.

Baohua Yang,Yaxuan Qi,Fei He,Yibo Xue,Jun Li

DOI: https://doi.org/10.1109/infcomw.2009.5072130

2009-01-01

Abstract:Packet classification is still a challenging problem in practice under large number of classification rules and constant growth of performance requirement. Most of the existing algorithms try to solve the problem heuristically by leveraging on the inherent field-level characteristics of the rules. This paper proposes a bit-level heuristic framework: Discrete Bit Selection (DBS) for multi-dimensional packet classification. Preliminary experimental results show that DBS-based algorithm gains much better performance both in search time and memory requirement than the well-known field-level algorithms with various real-life rule sets.