Transcript Packet Classification using Hierarchical Intelligent Cuttings

Packet Classification
using
Hierarchical Intelligent
Cuttings
Pankaj Gupta and Nick McKeown
Stanford University
{pankaj, nickm}@stanford.edu
Hot Interconnects VII
August 18, 1999
Outline
Introduction and Motivation
 Overview of the proposed algorithm
 Details of the algorithm
 Implementation Results
 Conclusions

Packet Classification using Hierarchical Intelligent Cuttings
Packet Classification
H
E
A
D
E
R
Incoming
Packet
Forwarding Engine
Packet Classification
Classifier (Policy Database)
Predicate
Action
----------------
----
Action
Multi-field Packet Classification
Field 1
Field 2
…
Field k Action
Rule 1
152.163.190.69/21 152.163.80.11/32
…
UDP
A1
Rule 2
152.168.3.0/24
152.163.0.0/16
…
TCP
A2
…
…
…
…
…
…
Rule N
152.168.0.0/16
152.0.0.0/8
…
ANY
An
Given a classifier with N rules, find the action associated
with the highest priority rule matching an incoming
packet.
Example: A packet (152.168.3.32, 152.163.171.71, …, TCP) would
have action A2 applied to it.
Performance Metrics of a
Classification Algorithm
Data structure storage requirements
 Packet classification time
 Preprocessing time
 Incremental Update time

Previous Work
Scheme
Pros
Cons
Linear Search
Good storage and
update time
characteristics
Excessive classification
time
Good storage
requirements and
classification time
for two dimensions
Crossproducting Fast classification
(V. Srinivasan et for multiple
al [Sigcomm 98]) dimensions
Grid of Tries (V.
Srinivasan et al
[Sigcomm 98])
Bit-level
Parallelism (D.
Stiliadis et al
[Sigcomm 98])
Cannot be easily extended
to higher dimensions
Large memory
requirements. Suitable for
small classifiers
Suitable for
Large memory amount and
multiple dimensions bandwidth requirements.
Hardware-optimized
Bounds from Computational
Geometry
Point Location among N non-overlapping
regions in k dimensions takes
either
O(log N) time with O(Nk) space,
or
O(logk-1N) time with O(N) space
Observations

No single good solution for all cases.
–But real classifiers have structure.

Perhaps an algorithm can exploit this
structure.
–A heuristic hybrid scheme ….
Proposed Algorithm: Basic Idea
{R1, R2, R3, …, Rn}
Decision Tree
{R1, R3,R4}
{R1, R2,R5}
{R8, Rn}
Binth: BinThreshold = Maximum Subset Size = 3
Example 2-D Classifier
Rule Xrange
0-31
R1
0-255
R2
64-71
R3
67-67
R4
64-71
R5
128-191
R6
192-192
R7
Yrange
0-255
128-131
128-255
0-127
0-15
4-131
0-255
Geometric View
255
R7
R3
(0-31,0-255)
128
R1
P
R2
R4
R6
R5
0
0
128
255
Decision Tree using Hierarchical
Intelligent Cuttings (HiCuts)
With each internal node v, associate:
 A rectangle, or a box B(v)
 A set of rules, CollidingRuleSet, R(v)
 A HiCut C(v) = (dimension d, #partitions
of B(v) across d)
HiCuts
255
R7
R3
Y
128
R1
R2
R4
R6
R5
0
0
128
X
255
HiCuts
255
R3
Y
128
R2
R4
R5
0
64
X
128
HiCut Decision Tree for binth = 2
(256 * 256, X, 4)
R1
R2
R2
R6
(64*256, Y, 2)
R4
R5
R2
R7
R2
R6
Packet P(65, 130)
Heuristics to exploit classifier
structure

Picking a suitable dimension to hicut
across.
Minimize the maximum number of rules into any one
partition, OR
 Maximize the entropy of the distribution of rules across
the partition, OR
 Maximise the different number of specifications in one
dimension


Picking the suitable number of partitions
(HiCuts) to be made.

Affects the space consumed and the classification time.
Tuned by a parameter, spfac.
Tunable Parameters
Binth, the maximum size of the set of
rules at each leaf
 Spfac, a parameter which guides the
partitioning process to choose the
number of partitions

Implementation Results: Four
dimensional real-life classifiers
40 access-lists taken from real ISP and
enterprise networks
 Four dimensions: (Src IP, Dst IP, L4
protocol, L4 destination port)
 100-1733 rules

Number of Memory Accesses
Crossproducting
Number of Rules
(log scale)
Binth = 8, spfac = 4
Space in KiloBytes (log scale)
Size of the data structure
Number of Rules
(log scale)
Binth = 8 ; spfac = 4
Space in MegaBytes (log scale)
Comparison with Crossproducting
Number of Rules
(log scale)
Binth = 8 ; spfac = 4
Time in seconds (log scale)
Preprocessing Time
Number of Rules
(log scale)
Binth = 8, spfac = 4, 333MHz P-II running Linux
Time in seconds (log scale)
Incremental Update Time
Number of Rules
(log scale)
Binth = 8, spfac = 4 , 333MHz P-II running Linux
Conclusions
Exploiting the structure of classifiers is
important for a good solution.
 The proposed HiCut packet classification
scheme seems to be of practical use.

In the paper...
Explanation of the heuristics used in
building the HiCut decision tree.
 Detailed implementation results.
 Effect of the parameters binth and spfac
on the depth and space characteristics.
 Available at:

http://www-cs-students.stanford.edu/~pankaj/research.html

Email: [email protected]