Rui Li,Bohan Zhao,Ruixin Chen,Jin Zhao

DOI: https://doi.org/10.1109/iwqos49365.2020.9212969

2020-01-01

Abstract:Wildcard rules are implemented in various important networking scenarios, including QoS, firewall, access control, and network traffic monitoring and analysis. However, there are cross-rule dependencies between wildcard rules, which both increase significant overhead and affect the semantic correctness of packet classification when caching rules. Considerable efforts have been made to mitigate the impacts of the dependency issue in rule caching, but it is still a bottleneck for cache systems. In this paper, we show how to give applications the flexibility of completely dependency-free wildcard rule caching by decoupling the cached rules and their dependent rules. Our FreeCache scheme has wide applicability to packet classification devices with wildcard rule caching. We validate the effectiveness of FreeCache through two respects: (1) Implementing various cache algorithms (e.g., LSTM) and cache replacement algorithms (e.g., ARC, LIRS) that are difficult to use in dependency-bound situations in the cache system with FreeCache. (2) Developing a prototype in a Software-Defined Network (SDN), where hybrid OpenFlow switches use TCAM as cache and RAM as auxiliary memory. Our experimental results reveal that FreeCache improves the cache performance by up to 60.88% in the offline scenario. FreeCache also offers the promise of applying any existing caching algorithms to wildcard rule caching while guaranteeing the properties of semantic correctness and equivalence.

Ji Zhang,Xijun Li,Xiyao Zhou,Mingxuan Yuan,Zhuo Cheng,Keji Huang,Yifan Li

DOI: https://doi.org/10.1145/3489517.3530466

2022-01-01

Abstract: Cache plays an important role to maintain high and stable performance (i.e. high throughput, low tail latency and throughput jitter) in storage systems. Existing rule-based cache management methods, coupled with engineers' manual configurations, cannot meet ever-growing requirements of both time-varying workloads and complex storage systems, leading to frequent cache overloading. In this paper, we for the first time propose a light-weight learning-based cache bandwidth control technique, called \LQoCo which can adaptively control the cache bandwidth so as to effectively prevent cache overloading in storage systems. Extensive experiments with various workloads on real systems show that LQoCo, with its strong adaptability and fast learning ability, can adapt to various workloads to effectively control cache bandwidth, thereby significantly improving the storage performance (e.g. increasing the throughput by 10\%-20\% and reducing the throughput jitter and tail latency by 2X-6X and 1.5X-4X, respectively, compared with two representative rule-based methods).

Zeyu Luan,Qing Li,Zutao Zhang,Yong Jiang,Meng Chen,Yu Wang,Kejun Li

DOI: https://doi.org/10.1109/icnp59255.2023.10355586

2023-01-01

Abstract:Ternary Content Addressable Memory (TCAM) is a specialized high-speed memory that enables fast parallel lookups for both exact-match rules and wildcard-match rules. TCAM has become a standard hardware component in Software-Defined Networking (SDN) switches to implement flow tables for packet classification. However, limited TCAM storage capacity poses a significant scalability challenge for SDN to enforce fine-grained policy-based forwarding. To this end, TCAM-based rule-caching systems are proposed by combining TCAM with Random Access Memory (RAM). Specifically, TCAM caches heavy-hitting rules to capture packets from hot flows, while RAM accommodates the complete ruleset for other cache-miss packets. However, previous rule-caching systems either failed to eliminate cross-rule dependencies or restricted their applications to prefix rules only. In this work, we propose AWEsome-Cache, a unifying framework to fundamentally eliminate cross-rule dependencies for wildcard rules with arbitrary matching patterns. The rationale behind AWEsome-Cache is to concretize a minimum number of wildcard bits in the best-match rule, thereby pruning its overlapping match fields with all direct dependent rules. AWEsome-Cache also develops replacement algorithms during TCAM updates to adapt to dynamic traffic locality. Experiments with prefix and non-prefix rules show that AWEsome-Cache outperforms baselines in achieving a comparable cache-hit rate but requiring 75.9% less TCAM occupancy.

Bo Yan,Yang Xu,H. Jonathan Chao

DOI: https://doi.org/10.1109/tnet.2018.2815983

2018-01-01

IEEE/ACM Transactions on Networking

Abstract:Software-Defined Networking enables flexible flow control by caching rules at OpenFlow switches. Wildcard rule caching enables management of traffic aggregates, reduces flow setup queries, and simplifies policy management. However, to guarantee correct packet matching, some rules that depend on the requested rule need to be cached as well, which leads to unnecessary flow table bloat and potential overflow. We have proposed a scheme called CAching rules in Buckets (CAB) to mitigate the dependency issue by partitioning the field space into buckets and caching rules associated with the requested buckets. In this paper, we propose the Adaptive Cache ManagEment (ACME) for CAB, which dynamically adjusts the sizes and shapes of buckets according to incoming traffic to achieve more efficient flow table utilization. The improvement also includes preloading rules that span a wide field space to reduce bandwidth usage in the control channel. We formalize the caching policies for CAB-ACME to guarantee the semantic correctness of packet classification. We evaluate the performance of CAB-ACME through software-based simulations and a prototype built with the OpenDaylight controller and hardware switches from multiple vendors. The results show that, compared with other rule caching schemes, CAB-ACME reduces the cache miss rate by one order of magnitude and the control channel bandwidth usage by a half. ACME also helps maintain a steadier performance under dynamic traffic changes compared with the baseline CAB design.

Zeyu Luan,Qing Li,Yi Wang,Yong Jiang

DOI: https://doi.org/10.1109/ipdps54959.2023.00017

2023-01-01

Abstract:Ternary Content Addressable Memory (TCAM) is an essential hardware component in SDN-enabled switches, which supports fast lookup speed and flexible matching patterns. However, TCAM's limited storage capacity has long been a scalability challenge to enforce fine-grained forwarding policies in SDN. Based on the observation of traffic locality, the rule-caching mechanism employs a combination of TCAM and Random Access Memory (RAM) to maintain the forwarding rules of large and small flows, respectively. However, previous works cannot identify large flows timely and accurately, and suffer from high computational complexity when addressing rule dependencies in TCAM. Worse still, TCAM only caches the forwarding rules of large flows but ignores the latency requirements of small flows. Small flows encounter cache-miss in TCAM and then will be diverted to RAM, where they have to experience slow lookup processes. To jointly optimize the performance of both high-throughput large flows and latency-sensitive small flows, we propose a hybrid rule-caching framework, H-Cache, to scale traffic-aware forwarding policies in SDN. H-Cache identifies large flows through a collaboration of learning-based and threshold-based methods to achieve early detection and high accuracy, and proposes a time-efficient greedy heuristic to address rule dependencies. For small flows, H-Cache establishes default paths in TCAM to speed up their lookup processes, and also reduces their TCAM occupancy through label switching and region partitioning. Experiments with both real-world and synthetic datasets demonstrate that H-Cache increases TCAM utilization by an average of 11% and reduces the average completion time of small flows by almost 70%.

Jialun Yang,Tao Li,Jinli Yan,Junnan Li,Chenglong Li,Baosheng Wang

DOI: https://doi.org/10.3390/electronics9060999

IF: 2.9

2020-01-01

Electronics

Abstract:OpenFlow switches hardware cannot store all the OpenFlow rules due to a limited resource. The rule-caching scheme is one of the best solutions to solve the hardware size limitation. In OpenFlow switches, Multiple Flow Tables (MFTs) provide more flexible flow control than a single table. Exact match and wildcard match are two typical matching methods. The exact match applies to a single flow table and multiple flow tables, but the performance is low under frequently changing traffic. Many commodity switches use Ternary Content Addressable Memory (TCAM) to support fast wildcard lookups. Earlier works on wildcard-match rule-caching focus on the dependency problem caused by the overlaps of match fields. Their designs cannot handle the rule-caching problem of MFTs because they are based on a single flow table, instead of the widely used MFTs structure. So, we propose a new design named PipeCache that solves the problem of MFTs rule-caching scheme based on wildcard-match. In our design, we logically split the TCAM resources, and assign them to each flow table according to the size of each flow table. Each flow table will cache the selected rules into their assigned TCAM resources and be updated in time by our algorithms to make the most use of the limited TCAM resources. We compare our structure with the exact-match scheme and the wildcard-match scheme based on a single flow table under different cache sizes and traffic localities. Experiment results show that our design PipeCache improves cache hit rate by up to 18.2% compared to the exact-match scheme and by up to 21.2% compared to the wildcard-match scheme based on a single flow table.

Tinghuai Ma,Yu Hao,Wenhai Shen,Yuan Tian,Mznah Al-Rodhaan

DOI: https://doi.org/10.1109/access.2018.2829142

IF: 3.9

2018-01-01

IEEE Access

Abstract:Cache memory plays an important role in improving the performance of web servers, especially for big data transmission, which response time is constrained. It is necessary to use an effective method, such as web cache. Because an outstanding cache replacement algorithm can not only reduce the users access time but also improve the performance of the system. The traditional used weighting replacement policy does not consider the size parameter, hence, it may perform poorly while the datasets are larger. In this paper, we propose a novel, high-performance cache replacement algorithm for the web cache, named weighting size and cost replacement policy (WSCRP) bases on the weighting replacement policy. The algorithm recalculates the objects weight with adding the cost attribute in the cache, then orders the weight. Additionally the influence of various factors on the Web object as frequency, time, and cost value are considered. When the cache space cannot satisfy the new request object, the replacement policy WSCRP replaces the largest weighting and cost object. The experiments show that proposed algorithm has higher hit rate and byte rate for different datasets, and can effectively improve the performance of web cache.

Bo Yan,Yang Xu,Hongya Xing,Kang Xi,H. Jonathan Chao

DOI: https://doi.org/10.1145/2620728.2620732

2014-01-01

Abstract:ABSTRACTSoftware-Defined Networking (SDN) enables flexible flow control by caching policy rules at OpenFlow switches. Compared with exact-match rule caching, wildcard rule caching can better preserve the flow table space at switches. However, one of the challenges for wildcard rule caching is the dependency between rules, which is generated by caching wildcard rules overlapped in field space with different priorities. Failure to handle the rule dependency may lead to wrong matching decisions for newly arrived flows, or may introduce high storage overhead in flow table memory. In this paper, we propose a wildcard rule caching system for SDN named CAching in Buckets (CAB). The main idea of CAB is to partition the field space into logical structures called buckets, and cache buckets along with all the associated rules. Through CAB, we resolve the rule dependency problem with small storage overhead. Compared to previous schemes, CAB reduces the flow setup requests by an order of magnitude, saves control bandwidth by a half, and significantly reduce average flow setup time.

Huawei Huang,Song Guo,Peng Li,Weifa Liang,Albert Y. Zomaya

DOI: https://doi.org/10.1109/tpds.2015.2431684

IF: 5.3

2016-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Software-defined networking (SDN) is an emerging network paradigm that simplifies network management by decoupling the control plane and data plane, such that switches become simple data forwarding devices and network management is controlled by logically centralized servers. In SDN-enabled networks, network flow is managed by a set of associated rules that are maintained by switches in their local Ternary Content Addressable Memories (TCAMs) which support high-speed parallel lookup on wildcard patterns. Since TCAM is an expensive hardware and extremely power-hungry, each switch has only limited TCAM space and it is inefficient and even infeasible to maintain all rules at local switches. On the other hand, if we eliminate TCAM occupation by forwarding all packets to the centralized controller for processing, it results in a long delay and heavy processing burden on the controller. In this paper, we strive for the fine balance between rule caching and remote packet processing by formulating a minimum weighted flow provisioning ( MWFP) problem with an objective of minimizing the total cost of TCAM occupation and remote packet processing. We propose an efficient offline algorithm if the network traffic is given, otherwise, we propose two online algorithms with guaranteed competitive ratios. Finally, we conduct extensive experiments by simulations using real network traffic traces. The simulation results demonstrate that our proposed algorithms can significantly reduce the total cost of remote controller processing and TCAM occupation, and the solutions obtained are nearly optimal.

bo wang,y w wu,wei min zheng

DOI: https://doi.org/10.4028/www.scientific.net/AMM.52-54.25

2011-01-01

Abstract:Web server aims to service clients sensitively and clients wish to explore web sites at fast bandwidth. Nevertheless, sometimes users can only get the web content at a slow response due to the slow communication. Using data buffering technique, web cache provides clients an alternative way to acquire the web content from web server at low cost and high bandwidth. Using web cache technique, users can get fast response at low communication cost. When quantities of data are buffered to the cache server, cache policy becomes an important factor which can clearly affect the performance efficiency. Our contribution is that we take full account of the user's visiting action and redesign the cache policy. Based on this, we compare our policy (UVA) with existing method (LFU) through series of experiments. The results show that our method can efficiently improve cache hit rate.

Xinhao Deng,Mingwei Xu,Qi Li,Weijie Wu,Yuan Yang,Menghao Zhang,Yu Zhou,Jianping Wu

DOI: https://doi.org/10.1109/tnsm.2024.3422092

2024-08-25

IEEE Transactions on Network and Service Management

Abstract:Ternary Content Addressable Memory (TCAM) enables fast lookup and is widely used by routers and switches to support policy-based forwarding. Due to high cost and small capacity, only a small subset of important rules can be cached in TCAM, so determining it is critical to increasing the hit ratio. This is more challenging than traditional caching problems because of complicated rule dependency relationships. Existing works are based on heuristics and they don't work well under all practical scenarios. Worse still, the lack of fundamental understanding of the design space, complexity, and optimality makes all explorations in mystery. In this paper, we use a modeling-based method to formulate the problem, prove its complexity, and propose DROPS, a dynamic rule caching framework with a much higher hit ratio. In particular, we deduce the rule selection problem into a multi-dimensional rule space transformation problem. Thus, we are no longer limited by using the intrinsic rules; rather, we can transform original rules into "new rules" equivalently without rule dependency. We design non-trivial rule placement and update algorithms and implement them in programmable switches. In the experimental evaluation, we show that our method outperforms all existing methods.

computer science, information systems

Ying Wan,Haoyu Song,Yang Xu,Yilun Wang,Tian Pan,Chuwen Zhang,Yi Wang,Bin Liu

DOI: https://doi.org/10.1109/tnet.2021.3098320

2021-01-01

IEEE/ACM Transactions on Networking

Abstract:Ternary Content Addressable Memory (TCAM) is widely used by modern routers and switches to support policy-based forwarding due to its incomparable lookup speed and flexible matching patterns. However, the limited TCAM capacity does not scale with the ever-increasing rule table size due to the high hardware cost and high power consumption. At present, using TCAM just as a rule cache is an appealing solution, but one must resolve several tricky issues including the rule dependency and the associated TCAM updates. In this paper, we propose a new approach which can generate dependency-free rules to cache. By removing the rule dependency, the complex TCAM update problem also disappears. We provide the complete T-cache system design including slow path processing and cache replacement, and implement a T-cache prototype on Barefoot Tofino switches. We conduct comprehensive software simulations and hardware experiments based on real-world and synthesized rule tables and packet traces to show that T-cache is efficient and robust for network traffic in various scenarios.

W. Li,W. B. Zheng,X. H. Guan

DOI: https://doi.org/10.1080/17517570701243273

2007-01-01

Enterprise Information Systems

Abstract:Today's web servers must have the ability to deal with large data sets, and their performance mainly depends on the control mechanism of the disc cache. Though the cache replacement algorithms in operating systems generally perform well, application-specific policies can often perform much better. In this paper, we present the application-controlled caching in user space (ACCUS) mechanism for web server disc caching. With this mechanism, an application can schedule the service requests based on the cache status of the requested files to improve its performance so that the system can gain a high parallelism of CPU processing, networking I/O and disc I/O. An application can service the cached files with a higher priority to the ones not cached, which helps reduce the latency caused by disc I/O blocking. Meanwhile, the application can enforce a policy for domain-specific cache management to obtain a higher cache hit ratio. ACCUS is implemented in two web servers of different models, Flash and userver. Despite the great differences in architectures, the empirical results show that both servers can achieve high throughput under heavy workloads with ACCUS enabled. Performance analysis for two other typical web servers, Apache™ and Zeus Web Server are also conducted and the results indicate that ACCUS can achieve significant improvement in performance.

Xianfeng Li,Haoran Sun,Yan Huang

DOI: https://doi.org/10.1007/s10922-024-09824-w

2024-06-19

Journal of Network and Systems Management

Abstract:Software-defined networks (SDN) rely on flow tables to forward packets from different flows with different policies. To speed up packet forwarding, the rules in the flow table should reside in the forwarding plane as much as possible to reduce the chances of consulting the SDN controller, which is a slow process. The rules are usually cached in the forwarding plane with a Ternary Content Addressable Memory (TCAM) device. However, a TCAM has limited capacity, because it is expensive and power-hungry. As a result, wise caching of a subset of flow rules in TCAM is needed. In this paper, we address two related issues that affect caching efficiency: rules to be cached and rules to be replaced . For the first issue, caching an active rule hit by a flow may need to cache inactive rules due to rule dependency. We propose a two-stage caching architecture called CRAFT, which reduces inactive rules in cache by cutting down long dependent chains and by partitioning rules with massive dependent rules into non-overlapping sub-rules. For the second issue, unawareness of the flow traffic characteristics may evict heavy hitters instead of mice flows. We propose RRTC to address this issue, which is a rule replacement policy taking the real-time network traffic characteristics into consideration. By recognizing the heavy hitters and protecting their matching rules in TCAM, RRTC performs better than least recently used(LRU) policy in terms of cache hit ratio. Simulation results show that our combined rule caching and replacement framework outperforms previous work considerably.

computer science, information systems,telecommunications

Qunfeng Dong,Suman Banerjee,Jia Wang,Dheeraj Agrawal

DOI: https://doi.org/10.1145/1269899.1254914

2007-01-01

ACM SIGMETRICS Performance Evaluation Review

Abstract:Packet classification is the foundation of many Internet functions such as QoS and security. A long thread of research has proposed efficient software-based solutions to this problem. Such software solutions are attractive because they require cheap memory systems for implementation, thus bringing down the overall cost of the system. In contrast, hardware-based solutions use more expensive memory systems, e.g., TCAMs, but are often preferred by router vendors for their faster classification speeds. The goal of this paper is to find a 'best-of-both-worlds' solution - a solution that incurs the cost of a software-based system and has the speed of a hardware-based one. Our proposed solution, called,smart rule cache achieves this goal by using minimal hardware - a few additional registers - to cache evolving rules which preserve classification semantics, and additional logic to match incoming packets to these rules. Using real traffic traces and real rule sets from a tier-1 ISP, we show such a setup is sufficient to achieve very high hit ratios for fast classification in hardware. Cache miss ratios are 2 similar to 4 orders of magnitude lower than flow cache schemes. Given its low cost and good performance, we believe our solution may create significant impact on current industry practice.

Jianyu Zhang,Tao Wei,Wei Zou

DOI: https://doi.org/10.1360/crad20060202

2006-01-01

Journal of Computer Research and Development

Abstract:An applicable and easy-to-implement packet classification algorithm CSAC (classification on self-adaptive cache) with high performance is presented. It caches the searching path of the packet set within a field subspace, reuses the searching result for the classification of the subsequent packets in the same field subspace, and reduces the cache hit-miss penalty. According to state changes of the cache by the fluctuation of network traffic, the algorithm introduces a self-adaptive cache scheme to guarantee effectively the cache hit ratio, which adjusts dynamically the granularity and structure of the cache, and locations of cache items in hash buckets. Furthermore, CSAC does not need the preprocessing phase required by most of heuristic algorithms, and it supports multi-field complex rules (such as layer 4-7 fields, logic match operation, etc.) and increment update of rule set. It is suitable for applications with various packet classification requirements, such as network edge security, traffic audit and load balancing, etc. Some firewall and IDS appliances using CSAC have favorable performance in actual network environment.

Anthony Y. Fu,Xiao Wu,Haohuan Fu

2005-01-01

Abstract:Web cache has played a significant role in improving performance of web-based system that it can help pre-fetch expected files in advance. In this paper, we propose a novel web caching prediction model, which is based on the statistical information of the sequences of files been accessed, and we call it Statistics-based Web Cache Prediction (SWCP) model. We discuss SWCP model in detail in this paper, and explore the reason why this model improve the response time of the web server. In the experiment sections, we demonstrate using SWCP model can achieve both better hit rate and byte hit rate than former web caching algorithms.

Zhenfang Wang,ZhiHui Lu,Jie Wu,Kang Fan

DOI: https://doi.org/10.1007/978-3-319-26979-5_9

2015-01-01

Abstract:In cloud, resources are virtualized and the software delivery way is becoming something like a \"service\" to provide end user and operator benefits including on-demand self-service, resource pooling, rapid elasticity and service metering capability. As a part of network function virtualization, firewall virtualization can greatly increase the firewall configuration flexibility for the cloud environment. In this paper, we focus on FWaaS Firewall as a Service and we design a parallel firewall system called CPFirewall Cloud Parallel Firewall System. In CPFirewall, the firewall resources are virtualized and multiple tenants can build up their own parallel firewall by renting virtual firewalls. This needs solve some challenges. We adopt a rule-splitting algorithm to build a rule anomaly set We call it Wrapset. for detecting rule anomaly. We design the rule-allocation algorithm to achieve the cloud-native features, including load balance and dynamic scale. And we also improve the system performance using Exponential Smoothing ES forecasting method. Experiment results have verified that CPFirewall has a higher efficiency than other firewall schemes and is much more suitable for the Cloud network environment.

Zhigang Liao,Zengzhi Li,Tao Zhan,Yan Chen

DOI: https://doi.org/10.1007/11495772_41

2005-01-01

Abstract:Web caching is an effective way to save network bandwidth and promote network performance. In traditional network, strong consistency and collaboration mechanism establishment are two major problems. AWC (Active Networking Caching) is a distributed service based on active network. Each cache traces of server and makes a virtual link between cache and server. Different servers can share their branch nodes, so AWC will cause fewer burdens than conventional solution. AWC provides a lightweight way to coordinate distributed caches. Cache nodes needn’t communicate with other caches to share storage for the sibling cache nodes share their storage. It can reduce the cost of collaboration establishing. The simulation results shows AWC cost less network bandwidth for state tracking between server and caches.

Ren Anxi,Yang Shoubao,Li Hongwei

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.04.050

2006-01-01

Abstract:In order to decrease the rule-matching time and enhance the performance of firewall,this paper presents a statistic-analysis method,which adjust the order of firewall rules dynamically according to the analytic results obtained through analyzing the network flow.The simulation proves that it can improve the performance of firewall in some extent.