1 / 23

ClassiPI A Classifier for next generation Content and Policy based Switches

ClassiPI A Classifier for next generation Content and Policy based Switches. SwitchOn Networks Inc. Sundar Iyer, Ajay Desai, Ajay Tambe, Ajit Shelat. Agenda. Classification Overview Content Co-processor requirements ClassiPI Architecture Conclusion. Packet Processing Model.

crescent
Download Presentation

ClassiPI A Classifier for next generation Content and Policy based Switches

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ClassiPIA Classifier for next generation Content and Policy based Switches SwitchOn Networks Inc. Sundar Iyer, Ajay Desai, Ajay Tambe, Ajit Shelat

  2. Agenda • Classification Overview • Content Co-processor requirements • ClassiPI Architecture • Conclusion

  3. Packet Processing Model • Packet Processing Model • Extract • Classify • Edit & Actions Classification Results Extracted Fields & Payload 3 1 Packet Classification Packet Edit & Actions Extraction 2 Classification Based Lookups External Memory

  4. Content Processing - Sequenced Lookups DIP MAC 5-tuple • Layer 2 – SMAC, VLAN Learning ¯ • Layer 2 – DMAC, VLAN Forwarding ¯ • Layer 4 – 5-tuple, ACL Filtering ¯ • Layer 3 – DIP Routing

  5. Source MAC address is authenticated Packet is being sent from marketing network VP Marketing is accessing an external web server Server: yahoo.com identified File Type: .mp3, access to audio file identified File Name: American_Pie.mp3 Content Processing – Packet Analysis Layer 7 L2 L3 L4 URL, Cookies, Content, Application, User-name, … It’s 7:00 PM. Allow the session? – Yes.

  6. OC48 Packet Processing Performance Content processing is the bottleneck!

  7. Content Co-processor - Motivation • Content Processing • Is a memory intensive operation • Involves extraction & classification • Requires sophisticated algorithms to perform • Layer 3 Lookups • Layer 4 ACLs • Layer 7 scanning • Layer 7 RegEx parsing • A Content Co-processor requires a new architecture

  8. Content Co-processor – System view • Content Co-processor should • Perform all Data plane classification operations • Allow implementation of classification sequences which reflect the packet processing flow on the Network processor • Interface gluelessly with Network Processors • Minimize Network processor bus bandwidth usage • Perform classification related operations such as statistics collection • Allow easy software integration

  9. ClassiPI - Block Diagram Results FIFO Results Results Rule Update Policy Rule Database Parallel Lookup Engine FieldExtractionEngine Intermediate Results Sync SRAM Cascade Interface other ClassiPIs Key Packet Data System Interface Control / Sequencer Cntrl Reg E-RAM Interface ERAM Access Sync SRAM User C-RAM Stats

  10. ClassiPI Architecture …1 • Look-up Operation Descriptor • Defines classification parameters • High level abstraction of a classification operation ….. Packet Data ….. Look-up Engine Operation Descriptor Result Gen Results • Field Extraction Spec • Look-up/Search Type Participating Policy RuleDatabase Policy Rule Database • Single Match or Multiple Match Generation

  11. ClassiPI Architecture …2 • Field Extraction Engine • Forms the Key using L3, L4, L4+ and User defined • Automatically generates sequence of keys • Variable length, wide keys support Multiple Field Extraction Packet Data Payload Header ….. ….. ….. ….. 5-tuple Any header fields Long String Keys Short String Keys

  12. Nano- Processor Nano- Processor Nano- Processor Nano- Processor Nano- processor Nano- processor ClassiPI Architecture …3 • Parallel Look-up Engine • Unique, flexible MISD architecture • Array of Nano-processors perform look-ups • Nano-processors have a powerful Policy Rule instruction set • Nano-processors operate on per field basis • Nano-processors and Policy Rule memory can be configured/partitioned to define an Operation Extracted Key Policy Rule Database Results Partition

  13. ClassiPI Architecture …4 • Per rule statistics collection – Byte count, Packet count, Timestamp • Per rule User defined table look-up One-to-One Correspondence return compare Rule Memory Statistics & Associated Data Data #n Rule Cell #n Data #n+1 Rule Cell #n+1 …... MATCH action Statistics counter Update …... …. …. Data #z Rule Cell #z Data #z+1 Rule Cell #z+1

  14. ClassiPI Architecture …5 • Conditional look-up sequencing • Fixed Look-up sequence • Look-up result based sequence • N-way branch capability QoS Ethernet MAC forwarding ACL Filtering IP Forwarding URL Parsing

  15. Packet Data Payload Header ….. ….. ….. ….. Combination Keys Single Keys Long String Keys Short String Keys Operators: Exact Match Bit Mask Ranges Operators: Exact Match Bit Mask Ranges Operators: Exact Match Bit Mask Ranges Operators: Exact Match Bit Mask Ranges Operators: Exact Match Bit Mask Ranges Operators: Exact Match Bit Mask Ranges ClassiPI Architecture …6 • Instruction Set • Relational/Arithmetic operations on a per field basis • EQ, GT, LT, Ranges, Masking, etc. • Logical operations between results • AND, OR, NOT

  16. ClassiPI Architecture …7 • Pattern/String Search • Up to 192 byte patterns • Case insensitive character/string matching • Simultaneous multi-pattern search • Reverse and forward search • RegEx subset search capability “GET” “http:” “HOST:” Host name “URI:” URL string “.jpeg” Look-up ‘host server 1’ ‘host server 2’ ‘host server 3’ : Look-up ‘directory 1’ ‘directory 2’ ‘directory 3’ : Search tokens .*[Hh][Oo][Ss][Tt][:] *ALSO* [Uu][Rr][Ii][:] Search [\.][jpeg] Search .*[Gg][Ee][Tt].*[Hh][Tt][Tt][Pp][:][\][\]

  17. ClassiPI Architecture …8 • Rule Complexity metric • Number of possible operations per rule • CAM rule complexity = 1 • TCAM rule complexity = 2 • ClassiPI rule complexity > 1024 • Additional features • Composite rules • Look-up sequencing

  18. ClassiPI - Overview • Specifications • 16K Policy rules per ClassiPI • Up to 128K Policy rules in a cascade • L2 through L7 Content processing • On-chip IPv4 header extraction • IPv6 ready • Selectable look-up Key • Up to 192 byte key • 6.4 Gbps SSRAM compatible system interface • Performance • OC-192 capable Look-up Engine • Designed to match Network Processor system interface requirements

  19. ClassiPI –Vital Statistics …1 • Lookup-Engine Performance • Aggregate memory bandwidth 7.25 Tbits/sec to 58 Tbits/sec • Processing power 256 GOPS to 2 TOPS

  20. ClassiPI –Vital Statistics …2 • 25M transistors • 2M bits RAM • 2M gates logic • 0.18 micron • 352 Pin BGA • 200 MHz internal clock • 100 MHz interface clock Die Layout

  21. ClassiPI - Power Consumption • Power reduction mechanisms • Custom low power embedded SRAM • Selectable clock frequency • Hierarchical bus design • Rule utilization based power management • Low standby power • Maximum 4.5 Watts (estimated)

  22. ClassiPI Architecture Scalability • OC-192 performance • with enhanced system interface • OC-768 performance • with silicon technology scaling • Flexible architecture • Cost, Performance and Power trade-offs

  23. Conclusion ClassiPI architecture provides • Functionality • Flexibility • Performance • Scalability essential for Content Processing

More Related