230 likes | 345 Views
Two stage packet classification using most specific filter matching and transport level sharing. Authors: M.E. Kounavis *,A. Kumar,R. Yavatkar,H. Vin Presenter: Yi-Sheng, Lin ( 林意勝 ) Date: Publisher/Conf. : Computer Networks 51 (2007).
E N D
Two stage packet classification using most specific filter matching and transport level sharing Authors: M.E. Kounavis *,A. Kumar,R. Yavatkar,H. Vin Presenter: Yi-Sheng, Lin (林意勝) Date: Publisher/Conf. : Computer Networks 51 (2007) Dept. of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
Outline • Introduction • Related Work • Most Specific Filter Matching • Transport Level Sharing • Hardware Acceleration of TLS • Evaluation
Introduction • We split the classification process into two stages. • First, we perform classification on source–destination IP prefix pairs using the most specific filter matching (MSFM) algorithm. • The basic idea behind MSFM is that significant amount of cross products which are stored as part of a classifier’s database can be removed from the database
Introduction • Second, we perform classification on transport level fields exploiting transport level sharing. • We observe that in real world databases many different sets of source–destination IP prefix pairs are associated with identical sets of transport level fields. • In this document we present a solution to the single match classification problem.
Related Work (cross producting) [3] V. Srinivasan, S. Suri, G. Varghese, M. Waldvogel, Fast and scalable layer four switching, in: Proceedings of ACM SIGCOMM, 1998.
Most Specific Filter Matching (MSMF) • Improving Cross Producting The Cross Producting technique can be significantly reduced by observing that from among the many cross products only a few really need to be placed in the lookup table.
Most Specific Filter Matching (MSMF) • A first group of cross products which can be removed from the lookup table are those for which there is no filter in the database apart from (*,*) that contains them.
Most Specific Filter Matching (MSMF) • The cross products which are only covered by partially-specified filters or filter intersections can be removed from the lookup table.
Most Specific Filter Matching (MSMF) • The MSFM algorithm builds two trie data structures for the source and destination IP prefixes. Each prefix is marked as associated with a partially- or fully-specified filter or both.
Transport Level Sharing (TLS) • There is sharing characterizing the sets of the rules specifying the same source–destination IP prefix pair at adjacent priority levels.
Transport Level Sharing (TLS) • We move each new rule ‘up’ or ‘down’ the priority list as long the rules below or above specify a different IP prefix pair and do not overlap.
Src. IP Dest. IP Src. Dest. Action Priority address address port port 128.59.* 132.12.* * www Permit n 128.59.* 132.12.* * ftp Permit n + 1 128.59.* 132.12.* * telnet Permit n + 2 147.102.* 12.45.* * www Permit n + 3 147.102.* 12.45.* * ftp Permit n + 4 147.102.* 12.45.* * telnet Permit n + 5 134.22.* 221.34.* * www Permit n + 6 134.22.* 221.34.* * ftp Permit n + 7 134.22.* 221.34.* * telnet Permit n + 8 Transport Level Sharing (TLS)
Conclusion • In this paper we described a hybrid scheme, where a parallel LPM lookup algorithm implemented in software determines the most specific filter for a packet and a specialized hardware unit determines if the packet matches any of the transport level fields of a database. • The most significant contribution of our work is that our scheme can classify packets in a small and predictable number of steps which is independent of the number of rules in a database, while keeping its memory requirement at reasonable level.