SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification
-
Upload
thomas-rodriguez -
Category
Documents
-
view
23 -
download
1
description
Transcript of SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification
SSA: A Power and Memory Efficient Scheme to Multi-Match
Packet Classification
Fang Yu1 T. V. Lakshman2 Martin Austin Motoyama1 Randy H. Katz1
1EECS Department, UC Berkeley , 2Bell Laboratories, Lucent Technologies
Single-Match Classification Assumption: all the filters are associated with priorities Only the highest priority match matters E.g., longest prefix match
Multi-Match Classification Report all matching results No priority among filters Applications:
Intrusion Detection Systems: identify all the related rules Accounting Applications: update multiple counters given one
packet
Multi-Match Packet Classification
Ternary-CAM (TCAM)
Fully associative memory compare input string with all the entries in parallel If multiple matches, report the index
of the first match Each cell takes one of three logic
states : ‘0’, ‘1’, and ‘?’(don’t care)
Current TCAM technology Fast match time: e.g., 4 ns Size: 9Mbits – 18Mbits priced at
$200-$300 Power consumption is high
Grow linearly to the number of entries searched in parallel
Scales with the frequency of TCAM accesses.
192.128.101.100
168.100.???.???
192.128.???.???
Match192.128.101.???
Input
TCAM
0
2
4
6
8
10
12
0 20,000 40,000 60,000Number of Entries Searched in Parallel
Po
we
r (i
n w
att
s)
250 Million Lookups Per Second207 Million Lookups Per Second165 Million Lookups Per Second125 Million Lookups Per Second
Previous Solutions: Geometric Intersection-based Solution [Hot Interconnects 04]
Add additional intersection filters Return the all the matching
results within one cycle
May require high storage and is not energy efficient
Create ~10N intersection filters for the Snort rule set
May create O(NF) intersection filters in the worst case
Not easily updatable
tcp $SQL_SERVER 1433$EXTERNAL_NET 139
tcp any any any 139
Match
tcp $SQL_SERVER 1433$EXTERNAL_NET any
Input
TCAMStores Rules
Filter 1
Filter 2
SRAM
Stores Match list(Index of rule)
tcp $SQL_SERVER 1433$EXTERNAL_NET 139
Filter 1&2
Previous Solution: MUD [ Sigcomm 05]
Encode the index of the entry and include the encoded value in each TCAM entry
Search the TCAM with initial MUD as all don’t cares After finding a matching result at index j, search again
discriminator field value ‘greater than j’
Require 1+d+(k-2)*(d-1) TCAM lookups to get k matching results
d is the logarithm of the number of entries in TCAM (d=log2N)
decreased to 1+d*(k-1)/r with DIRPE, where r (smaller than d)
All the entries in TCAMs are accessed each time high power consumption.
Filter 3Filter 2
Filter 1
Packet InfoInput
TCAM
00110010
0001
Discrim-inators
Our Goal: Find a memory and power efficient solution
Observation
Split filters to two sets to reduce intersection Perform separate TCAM accesses into different sets Report the union of results from all sets
N filters +O(N2) intersection1 TCAM lookup
N filters + 1 intersection2 TCAM lookups
Original Two sets
F1
FN
Matching F1 and FN
Matching F1
Matching FN
Analysis: Split Filters into K Sets
No need to include the intersections of the filters from different sets low memory requirement
Perform one TCAM lookups into each set Each filter is accessed only once Low power consumption Total number of lookups (K) is independent to the multi-
matching degree of the packet Deterministic lookup rate These lookups are can parallelized Update is local to one of the set
Split filters into Multiple Sets
Splitting filters into multiple sets is an NP hard problem
Splitting filters into two sets is still an NP hard problem (known as maximum set splitting or maximum hypergraph cut ) Best known approximation algorithms
Yield a performance ratio of 0.72 to the optimum solution Require quadratic programming slow when the number of filters
is large
We propose a set splitting algorithm (SSA) based on Johnson’s algorithm
Guarantee to remove at least 50% of the intersections O(NM) complexity, where N is the total number of filters, and M is
the total number of intersections
Simulation Results on Snort Rule Sets
0
1000
2000
3000
4000
5000
6000
7000
8000
2.0.0 2.0.1 2.1.0 2.1.1Snort version
Nu
mb
er
of
TC
AM
en
trie
s
ac
ce
ss
ed
pe
r p
ac
ke
t
MUD (HTTP Packets)MUD (Napster Packets)MUD (worst case)Geometric Intersection-based SSA-2SSA-4
Total number of extra intersections filters in TCAMs.
Version
GeometricIntersection-
based
SSA-2 SSA-4
ExtraIntersections
SavingExtra
IntersectionsSaving
2.0.0 3453 46 98.67% 1 99.97%
2.0.1 3754 47 98.75% 1 99.97%
2.1.0 3758 47 98.75% 0 100%
2.1.1 4067 55 98.65% 0 100%
Memory Consumption: Total number of TCAM entries
Version MUDGeometric
Intersection-basedSSA-2 SSA-
4
2.0.0 240 3693 286 241
2.0.1 255 4009 302 256
2.1.0 257 4015 304 257
2.1.1 263 4330 318 263
Version MUD
GeometricIntersection-
based
SSA-2 SSA-4
Avg Max Avg Max Avg Max
2.0.0 1 31.73 157 1.33 17 1.002 2
2.0.1 1 35.24 135 1.34 19 1 1
2.1.0 1 34.71 135 1.36 20 1.002 2
2.1.1 1 36.00 172 1.41 26 1.006 2
Update cost in terms of newly inserted filters. Power Consumption: TCAM entries accessed per packet.
Conclusion
SSA can solve multi-match classifying problem efficiently O(NM) complexity Guarantee to remove 50% of the intersections each
time the filter set splits Comparing to MUD
Use a similar amount of TCAM memory Yield a 75% to 95% reduction in power consumption
Comparing to the Geometric Intersection-based Solution Use 90% less TCAM memory and power Require one additional TCAM lookup per packet.