1 / 26

Worst-Case TCAM Rule Expansion

Worst-Case TCAM Rule Expansion. Ori Rottenstreich (Technion, Israel). Joint work with Isaac Keslassy (Technion, Israel). Packet Classification. Forwarding Engine. Packet Classification. Policy Database (classifier). Rule. Action. ----. ----. ----. ----. ----. ----. HEADER.

roth-vincent
Download Presentation

Worst-Case TCAM Rule Expansion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Worst-Case TCAM Rule Expansion Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)

  2. Packet Classification Forwarding Engine Packet Classification Policy Database (classifier) Rule Action ---- ---- ---- ---- ---- ---- HEADER Action Incoming Packet

  3. Power Consumption in a Router } Packet Classification Sources: R.S. Tucker, based on Cisco CRS-1, 2009; D. Hay

  4. Ternary Content-Addressable Memory (TCAM) deny 0 0 deny 1 1 2 2 accept 3 3 accept 4 4 deny 5 5 deny 6 6 deny 7 7 deny 8 8 accept 9 9 accept TCAM Array Each entry is a word in {0,1,}W 2 Encoder Match lines Packet Header (Search Key)

  5. Example 0 0 1 0 0 2 3 1 4 0 0 5 1 6 7 1 8 0 1 9 deny 00111011010100001001111 deny 1100000011100101000110 accept 100101000010001101001000 deny 3 001110 log 11100100100101010100 Encoder deny 11100100100101001 deny 001110 limit 10101010 deny 111111111111111111111111 accept  Match lines 0011101010101001110001110001110

  6. Range Rules Range rule = rule that contains range field Usually source-port or dest-port

  7. Range Rule Representation in TCAM Assume we want to represent a range in a single field of W bits Our objective: minimize the number of TCAM entries needed to encode the range More TCAM entries represent more power consumption Some ranges are easy to represent Example: W=3: [4, 7] = {100,101,110,111} = 1 But what about [1,6]?

  8. (Internal) Encoding of [1,6] • Range [1,6] in tree of all elements with W=3 bits: Known result: expansion in 2W-2 TCAM entries Here: 2W-2=4 TCAM entries 000 001 010 011 100 101 110 111

  9. Outline Introduction Worst-case range expansion New TCAM architectures

  10. External Encoding Idea to reduce number of TCAM entries: exploit TCAM entry order by encoding range complimentary as well Here: W=3 TCAM entries (instead of 4) 000 001 010 011 100 101 110 111

  11. New upper bounds on the worst-case rule expansion Theorem 1: Expansion of W-bit range in at most W TCAM entries Note: Winstead of 2W-2 Note: also in next talk Theorem 2: W TCAM entries is optimal among prefix codes (not shown in this paper) Theorem 3: Expansion of kW-bit ranges in k·WTCAM entries

  12. Union of k ranges in kW 000 001 010 011 100 101 110 111 R1=[1,5], R2=[7,7] R=R1UR2 can be encoded using k·W=2·3=6 TCAM entries Theorem 3: Expansion of kW-bit ranges in k·WTCAM entries Example:

  13. Multi-field Ranges Known result: range expansion in dW-bit fields in (2W-2)d TCAM entries Theorem 4: Expansion in O(d·W) TCAM entries (i.e. linear in d) without any additional logic

  14. Outline Introduction Worst-case range expansion New TCAM architectures

  15. New TCAM architectures • Using additional logic to reduce expansion • Example for W=4

  16. (a) Known Architecture: Internal – Product 5 1 3 6 • Expansion of 6·5 + 3·1 = 33

  17. (a) Internal - Product (0) (0) (0) (1) header 1000.0111 (0) (range 1) PE (0) (0) (0) (0) (0) • Worst-case expansion of k·(2W-2)^d

  18. (b) Combined - Product 5 4 1 3 6 3 • Expansion of 3·4 + 3·1 = 15

  19. (b) Combined - Product (0) (0) (1) header 1000.0111 (1) (0) (range 1) PE (0) (0) (0) (0) • Worst-case expansion of k·W^d

  20. (c) Combined – Sum 4 1 3 3 • Expansion of 3+4 + 3+1=11

  21. (c) Combined – Sum (1) (1) (1) header 1000.0111 (0) (range 1) PE (1) (0) • Worst-case expansion of k·d·W

  22. Architecture Summary known new

  23. Experimental Results On real-life rule set 120 separate rule files from various applications Firewalls, ACL-routers, Intrusion Prevention systems 215K rules 280 unique ranges Used as a common benchmark in literature

  24. Experimental Results 57% Better 39% Better

  25. Summary • Expansion of W-bit range in at most W TCAM entries (instead of 2W-2) • Optimal (among prefix codes) • Linear expansion for multi-field ranges • New TCAM architectures • Up to 39% less TCAM entries

  26. Thank You

More Related