View
219
Download
6
Category
Preview:
Citation preview
1
Space-Efficient TCAM-based Classification Using Gray Coding
Anat Bremler – Barr
Interdisciplianry Center
Danny Hendler
Ben-Gurion University
Infocom paper presentation
2
Talk outline
Definitions Problem definition, prior art The Short Range Gray Encoding Algorithm Experimental results Future work
3
Packet Classification
4
Packet Classification
ACL IDACL ID Sourceaddr
Sourceaddr
Sourceport
Sourceport
Destaddr
Destaddr
Destport
Destport ProtocolProtocol ActionAction
ACL11ACL11 128.32.0.0128.32.0.0 8080 32.*.*.*32.*.*.* 8080 TCPTCP AllowAllow
ACL11ACL11 127.*.*.*127.*.*.* 34-3634-36 32.12.1.132.12.1.1 8080 UPDUPD AllowAllow
ACL11ACL11 128.32.0.0128.32.0.0 ≤ 1024≤ 1024 95.12.3.395.12.3.3 ≤ 1024≤ 1024 TCPTCP DenyDeny
ACL11ACL11 117.57.3.2117.57.3.2 5555 46.2.67.1146.2.67.11 1515 UDPUDP LogLog
ACL11ACL11 117.57.3.2117.57.3.2 136136 32.*.*.*32.*.*.* 2525 TCPTCP DenyDeny
ACL11ACL11 95.14.5.195.14.5.1 >1024>1024 32.12.1.132.12.1.1 15-1815-18 TCPTCP AllowAllow
ACL11ACL11 128.32.0.0128.32.0.0 >1024>1024 32.12.1.132.12.1.1 8080 TCPTCP LogLog
ACL database
f
header
payload
searchkey
5
Ternary content-addressable memory
0011101101010XX00X01001111XXXX
11X00X00001110X0X101000110XXXX10XX010100X0XX0100011010X01000
001110XXXXXXXXXXXXXXXXXXXXXXX
.
.
.
1110XX010X01X0010101010X0XXXXX
TCAM
• Associative memory: parallel comparisons against all entries
• Fixed-width entries
• Ternary digits: 0 / 1 / X (don’t care)
• Only first match is returned
Width of W digits
0011101101010000010100111110110
Search key
1
2
3
4
1
6
TCAM: pros, cons, usage
Pros
• High throughput
• Deterministic throughput
Cons
• Higher cost (~X30 than SRAM)
• Higher power consumption0011101101010XX00X01001111XXXX
11X00X00001110X0X101000110XXXX10XX010100X0XX0100011010X01000
001110XXXXXXXXXXXXXXXXXXXXXXX
.
.
.
1110XX010X01X0010101010X0XXXXX
1
2
3
4
TCAM
Usage
• Over 6M deployed devices (2004)
• Used in multi-gigabit systems with >10K rules
• May support 128K entries of 144- bit, 133M searches/second.
7
The problem: TCAM range representation
001110110110110000000
Match-type rule field value matching key-fieldexact
prefix
range
00111011011011000000001110110110110000000001*****************
>1024 2012
How can we efficiently represent range rules by TCAM entries?
8
Basic approach: prefix expansion
Representing [1,6]
TCAM entries:
001 ,01 ,*10 ,*110
Prefix expansion is inefficient • A range over W-bits may expand to 2W-2 entries
• For 2 range-fields, may expand to (2W-2)2
• Expansion factor of up to 6 on real-world databases !!!
010
0 1
000 001 011 100 101 110 111
[1,6]
9
Prior art: use of extra bits
0011101101010XX00X01001111XXXX
11X00X00001110X0X101000110XXXX10XX010100X0XX0100011010X01000
001110XXXXXXXXXXXXXXXXXXXXXXX
.
.
.
1110XX010X01X0010101010X0XXXXX
1
2
3
4
TCAM
XXXXX
XXXXXXXXXX
XXXXX
.
.
.
XXXXX
Extra bits(typically 36)
• Hierarchical database dependent encoding [Liu2002], [Lunteren and Engbersen2003]
• Database-Independent Range Pre-Encoding [Venkatachary,Lakshminarayanan, Rangarajan2005]
10
Prior art: database-dependent encoding
Key idea: allocate an extra bit to commonly occurring ranges.
Example
Source-port ≥ 1024
0011101101010XX00X01001111XXXX
11X00X00001110X0X101000110XXXX10XX010100X0XX0100011010X01000
001110XXXXXXXXXXXXXXXXXXXXXXX
.
.
.
1110XX010X01X0010101010X0XXXXX
1
2
3
4
TCAM
XXXXX
XXXXXXXXXX
XXXXX
.
.
.
XXXXX
Representing a rule
Set the assigned extra bit to 1
Set all other extra bits to X
11010010101XXXXXXXXXXXXXXXXXX 1
Generating the search key
If source-port within range set extra bit to 1
Otherwise set extra bit to 0
11
Prior art: database-independent range –pre-encoding (DIRPE)
Key idea: Use extra bits for independent encoding, use general ternary values rather than prefixes.
Fence encoding (w-bit words)
Range Encoding =i 02w-i-11i
≥i x2w-i-11i
<i 02w-ixi-1
[i,j] 02w-1-jXj-i1i
Fence encoding
•Expansion 1
•Requires 2w-1 bits
What if we have a smaller number of bits?
Number i is encoded by: 02w-1-i1i
12
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
W+36 bits
Key idea: Divide all (regular plus extra) bits to chunks, encode each by fence encoding
Prior art: database-independent range –pre-encoding (cont’d)
What if a smaller number of bits is available?
Chunk1 (k1 bits)
Chunk2 (k2 bits)
Chunk3 (k3 bits)
Chunk4 (k4 bits)
Range expansion increases with the number of chunks
13
An Observation: The problem is equivalent to the DNF expression minimization problem
R=[10,11]
b1b0 + b1b’0 ≈ b1
The general problem is NP-complete.
“Computing the minimum DNF representation of boolean functions defined by interval”
[Schieber, Geist, Zacks, 2005]
• A linear-time algorithm for finding minimum-size DNF expression for any range of binary-coded numbers• Worst-case expansion for binary-encoded numbers is 2W-4
Thanks to Ronny Roth for the observation and the reference to the paper
14
Talk outline
Definitions Problem definition, prior art The Short Range Gray Encoding Algorithm Experimental results Open questions
15
Our solution: Short-Range Gray Encoding (SRGE)
Hybrid-SRGE yields range-expansion of only 1.02 on real databases
Gain without pain: Range expansion reduction can be obtained without the use of extra bits by changing the encoding scheme (SRGE)
SRGE can be combined with database-dependent scheme: the Hybrid-SRGE scheme
16
Our solution: observations
1. Ranges tend to be small: typically correspond to similar-functionality ports: 161-162: snmp, snmptrap 67-68: bootps server, bootps client 2300-2400: Microsoft DirectX
2. Binary coding not optimal for small ranges
1000 01 11
Binary encoding
An example: covering [1,2]
Cover set: {01, 10}
1100 01 10
Gray encoding
Cover set: {*1}
17
000 001 011 010 110 111 101 1003-bit BRGC: 000 001 011 010 110 111 101 100
Binary Reflected Gray Code
Obviously, not `our’ Frank
Gray
Gray code: codewords for consecutive integers differ by single bit
4-bit BRGC: 0 0 0 0 0 0 0 0
100 101 111 110 010 011 001 0001 1 1 1 1 1 1 1
Transforming binary BRGC is quick
18
Binary Reflected Gray Code (cont’d)
01
01 1 0 1 1 00 1
0 10
000 001 011 010 110 111 101 100
It is exactly this reflection property that helps decrease expansion
19
The SRGE algorithm
Need to find minimum cover of ]s,e[ using gray coding.
s e
p
Find the least common ancestor p of point s and e
20
Let pl be the rightmost leaf in p’s left sub-tree
Let pr be the leftmost leaf in p’s right sub-tree
s epl pr
p
The SRGE algorithm
21
First, we handle the smaller of: ]s,pl[, ]e,pr[
s epl pr
p
The SRGE algorithm
22
prpl
Cover by prefixes the smaller range and its mirror relative to p
We still need to cover the leftover range ]s’,e[, if it is non-empty
The SRGE algorithm
s e
p
s’
23
s' e pl’ pr’
Repeat the previous procedure for the leftover: [s',e]• find their least common ancestor p’• let pl' be the rightmost leaf in the left sub-tree of p'• let pr' be the leftmost leaf in the right sub-tree of p'
p’
p
pr s
The SRGE algorithm
24
Two cases to consider: 1) |[pr', e]| > |[s', pl']|:
Cover [pr', e] by prefixes The mirror of [pr', e] (relative to p') covers [s', pl']
pr s’ pl’ pr’ e
p’
p
s
The SRGE algorithm
25pr s’ pl’ pr’ e
2) |[s', pl']|>|[pr', e']|:
Cover [pr', e] by prefixes. Cover [s', pl'] by one a single prefix, corresponding to p' left
sub-tree
p’
p
s
ql
q
The SRGE algorithm
26
Hybrid-SRGE
• For each unique range, compute total number of redundant entries under SRGE
• Deal with the most expensive ranges by using standard database-dependent encoding
27
Talk outline
Definitions Problem definition, prior art The Short Range Gray Encoding Algorithm Experimental results Future work
28
SRGE range-expansion reduction
Random ranges
29
Results on a real-life database 223K rules with 300 unique ranges Combined from collection of 126 separate databases
(firewall, acl-routers, intrusion prevention systems)
Hybrid SRGE
Acknowledgment: Cisco, David Taylor (WHSTL)
Algorithm
Expansion
1.03 1.2
Redundancy
Hybrid DIRPE 1.12 NA
Prefix expansion 2.6 NA
30
Range-length distribution
Almost 60% of the unique rangeshave length less then 20
Approx. 40% of the total number of ranges have length less then 20
31
A small number of ranges cause most expansion
32
Range expansion bounds
The worst-case expansion ratio of SRGE on w-bit words is 2w-4
The worst-case expansion ratio of any range-covering scheme on w-bit words is at least w, regardless of the encoding scheme
33
Expansion as function of bits number
2w-2
2^w-1w1
Number of bits used
Nu
mb
er o
f T
CA
M e
ntr
ies
At least W entries required – regardless of the encoding technique
SRGE worst-case expansion is 2W-4 entries
Unknown
Recommended