Transcript ppt
Infocom paper presentation
Space-Efficient TCAM-based
Classification Using Gray Coding
Anat Bremler – Barr
Danny Hendler
Interdisciplianry Center
Ben-Gurion University
1
Talk outline
Definitions
Problem definition, prior art
The Short Range Gray Encoding Algorithm
Experimental results
Future work
2
Packet Classification
3
Packet Classification
ACL ID
header payload
f
search
key
Source Source
addr
port
Dest
addr
Dest
port
Protocol Action
ACL11
128.32.0.0
80
32.*.*.*
80
TCP
Allow
ACL11
127.*.*.*
34-36
32.12.1.1
80
UPD
Allow
≤ 1024
TCP
Deny
ACL11
128.32.0.0 ≤ 1024 95.12.3.3
ACL11
117.57.3.2
55
46.2.67.11
15
UDP
Log
ACL11
117.57.3.2
136
32.*.*.*
25
TCP
Deny
ACL11
95.14.5.1
>1024
32.12.1.1
15-18
TCP
Allow
ACL11
128.32.0.0 >1024
32.12.1.1
80
TCP
Log
ACL database
4
Ternary content-addressable memory
• Associative memory: parallel comparisons against all entries
• Fixed-width entries
• Ternary digits: 0 / 1 / X (don’t care)
• Only first match is returned
TCAM
0011101101010XX00X01001111XXXX 1
11X00X00001110X0X101000110XXXX 2
10XX010100X0XX0100011010X01000 3
Search key
0011101101010000010100111110110
001110XXXXXXXXXXXXXXXXXXXXXXX 4
1
.
.
.
1110XX010X01X0010101010X0XXXXX
Width of W digits
5
TCAM: pros, cons, usage
Pros
• High throughput
• Deterministic throughput
Cons
• Higher cost (~X30 than SRAM)
TCAM
• Higher power consumption
0011101101010XX00X01001111XXXX 1
Usage
11X00X00001110X0X101000110XXXX 2
10XX010100X0XX0100011010X01000 3
• Over 6M deployed devices
(2004)
• Used in multi-gigabit systems
with >10K rules
• May support 128K entries of 144bit, 133M searches/second.
001110XXXXXXXXXXXXXXXXXXXXXXX 4
.
.
.
1110XX010X01X0010101010X0XXXXX6
The problem: TCAM range representation
Match-type
exact
prefix
range
rule field value
matching key-field
00111011011011000000 001110110110110000000
001***************** 001110110110110000000
>1024
2012
How can we efficiently represent range
rules by TCAM entries?
7
Basic approach: prefix expansion
Representing [1,6]
0
1
TCAM entries:
001, 01*, 10*, 110
000
001 010
011
100
101 110
111
[1,6]
Prefix expansion is inefficient
• A range over W-bits may expand to 2W-2 entries
• For 2 range-fields, may expand to (2W-2)2
• Expansion factor of up to 6 on real-world databases !!!
8
Prior art: use of extra bits
TCAM
1 0011101101010XX00X01001111XXXX XXXXX
2 11X00X00001110X0X101000110XXXX XXXXX
3 10XX010100X0XX0100011010X01000 XXXXX
4 001110XXXXXXXXXXXXXXXXXXXXXXX XXXXX
.
.
.
.
.
.
1110XX010X01X0010101010X0XXXXX XXXXX
Extra bits
(typically 36)
• Hierarchical database dependent encoding [Liu2002], [Lunteren and
Engbersen2003]
• Database-Independent Range Pre-Encoding
[Venkatachary,Lakshminarayanan, Rangarajan2005]
9
Prior art: database-dependent encoding
Key idea: allocate an extra bit to commonly occurring ranges.
TCAM
Example
1 0011101101010XX00X01001111XXXX XXXXX
Source-port ≥ 1024
2 11X00X00001110X0X101000110XXXX XXXXX
3 10XX010100X0XX0100011010X01000 XXXXX
Representing a rule
4 001110XXXXXXXXXXXXXXXXXXXXXXX
11010010101XXXXXXXXXXXXXXXXXX XXXXX1
.
.
.
Set the assigned extra bit to 1
Set all other extra bits to X
Generating the search key
.
.
.
1110XX010X01X0010101010X0XXXXX XXXXX
If source-port within range set extra bit to 1
Otherwise set extra bit to 0
10
Prior art: database-independent range –
pre-encoding (DIRPE)
Key idea: Use extra bits for independent encoding, use general
ternary values rather than prefixes.
Number i is encoded by: 02w-1-i1i
Fence encoding
(w-bit words)
Range
=i
≥ i
< i
[i,j]
Encoding
02w-i-11i
x2w-i-11i
02w-ixi-1
02w-1-jXj-i1i
Fence encoding
•Expansion 1
•Requires 2w-1 bits
What if we have a smaller number of bits?
11
Prior art: database-independent range –
pre-encoding (cont’d)
What if a smaller number of bits is available?
Key idea: Divide all (regular plus extra) bits to chunks, encode each
by fence encoding
W+36 bits
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Chunk1
(k1 bits)
Chunk2
(k2 bits)
Chunk3
(k3 bits)
Chunk4
(k4 bits)
Range expansion increases
with the number of chunks
12
An Observation: The problem is equivalent to
the DNF expression minimization problem
R=[10,11]
b1b0 + b1b’0 ≈ b1
The general problem is NP-complete.
“Computing the minimum DNF representation of boolean functions defined by interval”
[Schieber, Geist, Zacks, 2005]
• A linear-time algorithm for finding minimum-size DNF expression for any range of
binary-coded numbers
• Worst-case expansion for binary-encoded numbers is 2W-4
Thanks to Ronny Roth for the observation and the reference to the paper
13
Talk outline
Definitions
Problem definition, prior art
The Short Range Gray Encoding Algorithm
Experimental results
Open questions
14
Our solution: Short-Range Gray Encoding (SRGE)
Gain without pain: Range expansion reduction can be
obtained without the use of extra bits by changing the
encoding scheme (SRGE)
SRGE can be combined with database-dependent scheme:
the Hybrid-SRGE scheme
Hybrid-SRGE yields range-expansion of
only 1.02 on real databases
15
Our solution: observations
1. Ranges tend to be small: typically correspond to similarfunctionality ports:
161-162: snmp, snmptrap
67-68: bootps server, bootps client
2300-2400: Microsoft DirectX
2. Binary coding not optimal for small ranges
An example: covering [1,2]
Binary encoding
00
01 10
Cover set: {01, 10}
Gray encoding
11
00
01 11
Cover set: {*1}
10
16
Binary Reflected Gray Code
Gray code: codewords for consecutive integers
differ by single bit
3-bit BRGC:
4-bit BRGC:
000
001
011
010
110
111
101
100
0
0
1100
1101 1111 1110 1010 1 011 1 001 1000
0
0
0
0
0
Obviously, not
`our’ Frank Gray
0
Transforming binary BRGC is quick
17
Binary Reflected Gray Code (cont’d)
0
0
000
1
0
1
0
1
1 1
0
0
1 1
0
001 011 010 110 111 101 100
It is exactly this reflection property that helps
decrease expansion
18
The SRGE algorithm
Need to find minimum cover of [s,e] using gray coding.
Find the least common ancestor p of point s and e
p
s
e
19
The SRGE algorithm
Let pl be the rightmost leaf in p’s left sub-tree
Let pr be the leftmost leaf in p’s right sub-tree
p
s pl pr
e
20
The SRGE algorithm
First, we handle the smaller of: [s,pl], [e,pr]
p
s pl pr
e
21
The SRGE algorithm
Cover by prefixes the smaller range and its mirror relative to p
p
s pl pr s’
e
We still need to cover the leftover range [s’,e], if it is non-empty22
The SRGE algorithm
Repeat the previous procedure for the leftover: [s',e]
• find their least common ancestor p’
• let pl' be the rightmost leaf in the left sub-tree of p'
• let pr' be the leftmost leaf in the right sub-tree of p'
p
p’
s pr s' pl’ pr’
e
23
The SRGE algorithm
Two cases to consider:
1) |[pr', e]| > |[s', pl']|:
Cover [pr', e] by prefixes
The mirror of [pr', e] (relative to p') covers [s', pl']
p
p’
s
pr
s’ pl’ pr’
e
24
The SRGE algorithm
2) |[s', pl']|>|[pr', e']|:
Cover [pr', e] by prefixes.
Cover [s', pl'] by one a single prefix, corresponding to p' left sub-tree
p
p’
q
ql
s
pr
s’ pl’ pr’ e
25
Hybrid-SRGE
• For each unique range, compute total number of
redundant entries under SRGE
• Deal with the most expensive ranges by using standard
database-dependent encoding
26
Talk outline
Definitions
Problem definition, prior art
The Short Range Gray Encoding Algorithm
Experimental results
Future work
27
SRGE range-expansion reduction
Random ranges
28
Results on a real-life database
223K rules with 300 unique ranges
Combined from collection of 126 separate databases
(firewall, acl-routers, intrusion prevention systems)
Algorithm
Expansion
Redundancy
Hybrid SRGE
1.03
1.2
Hybrid DIRPE
1.12
NA
Prefix expansion
2.6
NA
Acknowledgment: Cisco, David Taylor (WHSTL)
29
Range-length distribution
Almost 60% of the unique ranges
have length less then 20
Approx. 40% of the total number of
ranges have length less then 20
30
A small number of ranges cause most expansion
31
Range expansion bounds
The worst-case expansion ratio of SRGE on w-bit words is
2w-4
The worst-case expansion ratio of any range-covering
scheme on w-bit words is at least w, regardless of the
encoding scheme
32
Expansion as function of bits number
2w-2
SRGE worst-case expansion is 2W-4 entries
At least W entries required – regardless of
the encoding technique
Unknown
1
w
Number of bits used
2^w-1
33