Worst-Case TCAM Rule Expansion

123 Views

Download Presentation
## Worst-Case TCAM Rule Expansion

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Worst-Case TCAM Rule Expansion**Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel)**Packet Classification**Forwarding Engine Packet Classification Policy Database (classifier) Rule Action ---- ---- ---- ---- ---- ---- HEADER Action Incoming Packet**Power Consumption in a Router**} Packet Classification Sources: R.S. Tucker, based on Cisco CRS-1, 2009; D. Hay**Ternary Content-Addressable Memory (TCAM)**deny 0 0 deny 1 1 2 2 accept 3 3 accept 4 4 deny 5 5 deny 6 6 deny 7 7 deny 8 8 accept 9 9 accept TCAM Array Each entry is a word in {0,1,}W 2 Encoder Match lines Packet Header (Search Key)**Example**0 0 1 0 0 2 3 1 4 0 0 5 1 6 7 1 8 0 1 9 deny 00111011010100001001111 deny 1100000011100101000110 accept 100101000010001101001000 deny 3 001110 log 11100100100101010100 Encoder deny 11100100100101001 deny 001110 limit 10101010 deny 111111111111111111111111 accept Match lines 0011101010101001110001110001110**Range Rules**Range rule = rule that contains range field Usually source-port or dest-port**Range Rule Representation in TCAM**Assume we want to represent a range in a single field of W bits Our objective: minimize the number of TCAM entries needed to encode the range More TCAM entries represent more power consumption Some ranges are easy to represent Example: W=3: [4, 7] = {100,101,110,111} = 1 But what about [1,6]?**(Internal) Encoding of [1,6]**• Range [1,6] in tree of all elements with W=3 bits: Known result: expansion in 2W-2 TCAM entries Here: 2W-2=4 TCAM entries 000 001 010 011 100 101 110 111**Outline**Introduction Worst-case range expansion New TCAM architectures**External Encoding**Idea to reduce number of TCAM entries: exploit TCAM entry order by encoding range complimentary as well Here: W=3 TCAM entries (instead of 4) 000 001 010 011 100 101 110 111**New upper bounds on the worst-case rule expansion**Theorem 1: Expansion of W-bit range in at most W TCAM entries Note: Winstead of 2W-2 Note: also in next talk Theorem 2: W TCAM entries is optimal among prefix codes (not shown in this paper) Theorem 3: Expansion of kW-bit ranges in k·WTCAM entries**Union of k ranges in kW**000 001 010 011 100 101 110 111 R1=[1,5], R2=[7,7] R=R1UR2 can be encoded using k·W=2·3=6 TCAM entries Theorem 3: Expansion of kW-bit ranges in k·WTCAM entries Example:**Multi-field Ranges**Known result: range expansion in dW-bit fields in (2W-2)d TCAM entries Theorem 4: Expansion in O(d·W) TCAM entries (i.e. linear in d) without any additional logic**Outline**Introduction Worst-case range expansion New TCAM architectures**New TCAM architectures**• Using additional logic to reduce expansion • Example for W=4**(a) Known Architecture: Internal – Product**5 1 3 6 • Expansion of 6·5 + 3·1 = 33**(a) Internal - Product**(0) (0) (0) (1) header 1000.0111 (0) (range 1) PE (0) (0) (0) (0) (0) • Worst-case expansion of k·(2W-2)^d**(b) Combined - Product**5 4 1 3 6 3 • Expansion of 3·4 + 3·1 = 15**(b) Combined - Product**(0) (0) (1) header 1000.0111 (1) (0) (range 1) PE (0) (0) (0) (0) • Worst-case expansion of k·W^d**(c) Combined – Sum**4 1 3 3 • Expansion of 3+4 + 3+1=11**(c) Combined – Sum**(1) (1) (1) header 1000.0111 (0) (range 1) PE (1) (0) • Worst-case expansion of k·d·W**Architecture Summary**known new**Experimental Results**On real-life rule set 120 separate rule files from various applications Firewalls, ACL-routers, Intrusion Prevention systems 215K rules 280 unique ranges Used as a common benchmark in literature**Experimental Results**57% Better 39% Better**Summary**• Expansion of W-bit range in at most W TCAM entries (instead of 2W-2) • Optimal (among prefix codes) • Linear expansion for multi-field ranges • New TCAM architectures • Up to 39% less TCAM entries