Transcript Slide 1

Outline
• Introduction
• Related work on packet classification
• Grouper
• Performance
• Empirical Evaluation
• Conclusions
Introducing Grouper
• A packet classification algorithm
• Parameterized by the amount of memory available to it
• Trades classification speed for memory efficiency
• Obtains good performance under real-world memory
constraints
Quick (Over|Re)view of
Packet Classifiers
 Takes in a list of rules, each specifying a class of packets
matched by that rule
 The rules are usually arranged by priority
 Example policy here
 New slide: The classifier’s job is to input packets, and for
every input, output a corresponding class number
 Typically, by outputting class number n for packet p, the
classifier indicates that rule number n in its rule list was
matched
Related Work: range rule
patterns
• Existing software solutions (e.g., …) focus heavily on range and prefix
•
•
•
•
pattern rules
Range rule: dest_port = [1024 – 65535]
Prefix rule: 192.168.*
For many applications, these types of rules are not expressive
enough
e.g., match odd-numbered ports > 1023
• Requires X range/prefix rules
• Worst-case number of patterns required… 2^b-1
• New slide: Noncontiguous bitmasks have comparatively more
power.
• Bitmask rule: 1011***01**1
Related Work: relative
inefficiency of range patterns
 Remove: Prefix rules are a strict subset of bitmask rules
 Name1 et al. recently showed that every b-bit range rule
can be converted into b bitmask rules.
 An arbitrary b-bit bitmask rule may require O(2b) range
rules to express
 Noncontiguous bitmask rules are therefore more
efficiently expressible than range or prefix rules
Related Work:
noncontiguous-bitmask
rule pattterns
 Some existing software algorithms handle noncontiguous
bitmasks
 RFC handles them, but uses prohibitively large amounts
of memory for large rule sets (> 6000 rules)
 TCAMs (a hardware solution) are the de facto industry
standard and use bitmask rules, but they [take from
paper].
Related Work: regularexpression rule patterns
 Some software algorithms, such as ESAs XFAs and BDDs
can handle regular expression rules, which are more
expressive than bitmasks
 Unfortunately, all of these suffer from exponential
classification time in the worst case.
The Grouper Packetclassification Algorithm
• Grouper is a software algorithm that handles bitmask rules
• It works by partitioning the bits of a packet into approximately equal sized
•
•
•
•
•
•
•
groups
[pic1: use a medium-size bit grouping]
It uses the value of each of these groups to look up the set (expressed as a
bitmap) of classes that match that group of bits
[pic2]
Then it takes the intersection (bitwise-AND) of all matching sets of rules to
obtain the final matching class
[pic3]
The final result is an n-length bitmap representing the set of all classes the
input packet belongs to. We can either return the highest priority class that
matches, or all matching classes (Our implementation does the former).
[pic4]
Observation: dimension
independence
• Note that grouper is “blind” to packet fields/dimensions.
As far as Grouper is concerned, every packet is simply an
array of bits, groups do not necessarily correspond to
packet fields.
• Doesn’t suffer from problems of other classification
algorithms (e.g., geometric algorithms) whose
performance is exponential in number of dimensions
Observation: Efficiency
via Uniformity
 Grouper guarantees that all groups will be roughly equal
in size (either floor(b/t) bits or ceil(b/t) bits).
 This property minimizes overall memory use compared to
unevenly sized groups.
(Outline goes here)
Performance at the
Extremes of Group Sizes
 By controlling the size of the bit groupings, Grouper can trade
memory for classification speed
 [illustration: 2 pics, 1 big and 1 small group sizes]
 [maybe 2 more slides for what follows]
Larger groups mean larger lookup tables but less table lookups
and less intersections: this is one extreme of classification
algorithm, using a single lookup table—large memory
requirements but fast lookup time
 Small group sizes correspond to other extreme of classification
algorithm: linear search
in General (Running
Time)
• Grouper uses t lookup tables to classify b bits according
to n rules/classes
• [reshow pic of 3,3,2]
• Each lookup table maps either floor(b/t) or ceil(b/t) of the
b packet bits to an n-length bitmap representing the set
of all classes those bits could possibly match
• We say the b/t bits used to index a table are grouped
together
Grouper in Depth
• [these ideas go into what is now slide 13]
There is a special case when t = 1, since n intersections need to
occur, if we only care about the highest priority match, we can
simply store that class number at the corresponding row in the
table, instead of a bitmap.
• This only requires log(n) bits per row, rather than n bits
• Obviously this is impractical for all but the smallest values of b
Grouper in Depth
 [same]
On the other extreme, when t = b, it turns out that the
space required for b tables is equal to the space required
for b/2 tables.
 Because of this, the maximum number of groups is
ceiling(b/2)
Grouper’s Performance
in General (Memory
Usage)
 Grouper uses t tables, each with O(2(b/t)) entries
 Each entry is an n-length bitmap consuming O(n/w)
machines words (where w is the word size of the machine
in bits).
 Total memory is therefore O((2b/ttn)/w)
Grouper in Depth
 The exact memory usage of Grouper is given by:
 Talk about binary search for t value, given m