1 / 32

CSIT 560 Project Presentation

CSIT 560 Project Presentation. Packet Classifiers. Group 7 Members: Tommy Chen Anthony Cheung Libo Liu. Hong Kong University of Science and Technology MSc (IT) 2008 Fall Semester - Track 1o. Agenda. Introduction What are Packet Classification?

makoto
Download Presentation

CSIT 560 Project Presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSIT 560 Project Presentation Packet Classifiers Group 7 Members: Tommy Chen Anthony Cheung Libo Liu Hong Kong University of Science and TechnologyMSc(IT) 2008Fall Semester - Track 1o

  2. Agenda • Introduction • What are Packet Classification? • What are issues with Packet Classifiers? • Packet Classifiers in the Research Space • Packet Classifiers in the Commercial Space • Conclusion

  3. Introduction: Packet Classifier & The Internet • QoS is important as there are more and more different services on the internet • Because they all share the same infrastructure • To achieve QoS, Packet Classifier is an important component • because it help group/classify packets into flow, thus allowing action after classification

  4. Introduction: Application of Packet Classifier

  5. What is Packet Classification • Classify packets into flows according to a set of pre-determined rules and apply one or more actions • Inspect a packet • Perform a match on “Rule” table • Perform action on packet

  6. Inspect a packet • Look at one or more field in a packet header • header field commonly used: • Address (source and destination) • Protocol (TCP, UDP, etc..) • Port (used by source and destination) • Type-of-service (TOS) • Across multiple level • Denote dimension “d” as # of fields to be inspected • Denote width “W” as the total # of bits of d fields • i.e. W = length of field 1 + … + length of field d

  7. Perform match on a rule Rules with 5-dimension • A rule consist of one or more fields to be match and an appropriate action • A packet can have multiple match -> multiple action • Wild cards (*) and ranges for port are used • size of table (denote as “N”) vary from containing thousand rules (firewalls) to ten thousand (in core routers) • By convention, highest priority  lowest priority (rule ordering is significant, R1 > R2 > R5 > R6)

  8. Action on a packet • One or more actions for a particular rule. E.g.: • Schedule a packet to an output queue • Routing decisions • Record the traffic (for Billing purposes)

  9. What are issues with existing Packet Classifier • Speed (performance of matching packet to rules) • Update (performance of update on the "rules" tables) • Power & Cost (with respect to operating cost) • Space(storage requirement for rules) • Rule (expressiveness of rules- prefix, range/operators: ><=, wildcards)

  10. Packet classifiers in the Research Space

  11. Algorithms • The packet classification algorithms can be categorized into the four classes

  12. Basic data structures • Set-Pruning Tries

  13. Basic data structures • Set-Pruning Tries • Search time complexity is O(dW) • Improves the query time at the cost of increased storage complexity, storage is O(Nddw) • Update complexity is O(Nd) • This data structure works only for relatively static classifiers

  14. Geometric algorithms • Fat Inverted Segment Tree (FIS-tree)

  15. Geometric algorithms • Fat Inverted Segment Tree (FIS-tree)

  16. Geometric algorithms • Fat Inverted Segment Tree (FIS-tree) • Search time complexityon an l-level FIS-tree is O((l+1)tRL), wheretRL is the time for a 1-D range lookup • Storage complexityisO(ln 1+1/l) • The static FIS-tree can be extended to multiple dimensions by building hierarchical FIStrees

  17. Heuristics • Recursive Flow Classification (RFC)

  18. Heuristics • Recursive Flow Classification (RFC)

  19. Heuristics • Ternary CAMS (TCAMS) • CAM is a storage array with the capability to search the array contents to find the location of a particular stored value • TCAMS store ternary data ("0", "1" or "don't care") • Storage complexity affected by the need to support rules with ranges

  20. Heuristics • Ternary CAMS (TCAMS)

  21. Summary of schemes [Gupta00] N=# of rules, W=Width of dimensions, d=# of dimensions, l=levels of tree, M=# of Tuples

  22. Packet classifiers in the Commercial Space

  23. Companies currently Offering DPI technologies

  24. Deep Packet Inspection • Visibility and Control • Identifies individual streams of traffic on a per-application and per-user basis • Examines headers, data protocol structures, and actual payload of messages as it passes inspection points • Marks / tags, redirects, blocks, limits rates, and reports classified packets

  25. how is Deep packet Inspection used • Mobile operators • Provide a personalized service offerings • Eliminate bandwidth bottlenecks • Internet Service Providers • Aid in the enforcement of certain global policies • Customized subscriber experience through content-filtering and additional security services • Video admission control Source: Cisco

  26. Why Deep Packet Inspection? • Better Service • Improved access control • Acceptable-usage monitoring • Quality of Service • Security • Cuts in Operating Cost and Capital Expenditures • New Service Opportunities • Additional tiers of services such as application-based, specific content-charging, and premium service support

  27. Why Not Deep Packet Inspection? • Privacy Issues • Termination of pirated content

  28. ternary content addressable memory (TCAM) • Three TCAM Products (1-, 9-, and 18-Mbit) • Low-end to high-end equipment, which allows the user to select a product optimal for the equipment's application and structure • High-speed and low-power search performance • 1-Mbit - maximum clock frequency of 100 MHz, and achieves a maximum of 100 Msps • 9- Mbit and 18-Mbit - maximum clock frequency of 266 MHz, and achieve a maximum of 266 Msps • Flexible search conditions • Support lookup sizes of 72, 144, 288, and 576 bits • Provides up to 16 independent global mask registers for each search

  29. Pro and Con of DeployingTCAM Equipment • Traditionally faster then software-like searching methods used with a RAM chip • Low Power Consumption • The additional circuitry need for TCAM chipset makes it a lot more expensive

  30. Conclusions • Necessary for keeping network operation and information exchange efficient and secure • Different algorithms / technologies have their own limitations • Use of particular algorithms / technology to classify packets depend on the need of the client

  31. Thank You !

  32. Questions ?

More Related