### Qunfeng Dong (University of Wisconsin

```SIGMETRICS 2006
Packet Classifiers In
Ternary CAMs Can Be Smaller
Jia Wang ( AT&T Labora t ories – Rese arch)
Outline
 Introduction
 TCAM is the favoured solution for wire speed packet classification
in backbone routers.
 TCAM suffers size explosion on range specifications.
 Previous techniques require modification to packet processors.
 Motivation
 Trimming rules
 Expanding rules
 Merging rules
 Design
 Evaluation
 Summary
 Future work
Introduction
 Packet classification [SVSW98,LS98]
 Use a set of rules for finer differentiation of packets based on
 Is the foundation of many Internet functions (e.g. security, QoS, VPN,
etc).
 Each rule specifies a range clause on each relevant field
 e.g. the source port must be in the range [5000, 65535]
 Prefix, single value and wildcard are all special ranges.
 A rule matches a packet iff every range clause is satisfied.
 Objective:
 For each incoming packet, find the first (i.e., highest priority) rule that
matches the packet.
Introduction
 TCAM is the favoured solution for packet classification.
 Pure software solutions are becoming increasingly difficult as the
gap between wire speeds and memory speeds keeps widening.
 Unfortunately, TCAM suffers size explosion on range
clauses and accounts for a significant portion of the cost
of a router line card.
 Each range clause can take many TCAM entries.
 The total amount of TCAM entries needed is the product of the
number of TCAM entries needed to represent individual range
clauses.
Rule:
TCAM:
Field A
[64, 127]
Decision
Deny
Field A
Decision
0
01×××
×××
Rule:
TCAM:
Field A
[80, 127]
Decision
Deny
Field A
Decision
0
0101××
××
011×××
××
0
Fact:
A range clause defined on a k-bit
field may take 2k-2 TCAM entries
to represent.
Rule:
TCAM:
Field A
[80, 127]
Decision
Deny
Field A
Decision
0
0101××
××
011×××
××
0
Rule:
TCAM:
Field A
[80, 127]
Field B
[80, 127]
Decision
Deny
Field A
Field B
Decision
0
0101×× 0101××
××
××
0101×× 011×××
××
××
011××× 0101××
××
××
0
0
Fact:
The total number of TCAM entries
needed to represent a rule is the product
of the number of TCAM entries needed
to represent its range clauses!
Fact:
A rule that specifies range clauses on
the 16-bit source port and destination
port can take (2×16-2) × (2×16-2) =
900 TCAM entries to represent!
Our Objective & Approach
 Our objective
 To be cost efficient, we want to reduce the amount of TCAM entries
needed to implement a given rule set.
 Without modifying its semantics!
 Our approach is to transform the given rule set into a
semantically equivalent rule set that requires less TCAM
entries to represent.
 Previously proposed techniques:
 Represent rules in a new format (e.g., [SIGCOMM’05])
 Need to modify packet processor hardware to interpret the new format.
 Our techniques do not change the format of rule sets and hence do
not require any hardware modification
 Trimming rules
 Expanding rules
 Merging rules
Trimming Rules
Rule:
Rule:
Field A
Decision
[96, 127]
Deny
[100, 255]
Permit
Field A
Decision
[96, 127]
Deny
[128, 255]
Permit
TCAM:
TCAM:
Field A
Decision
011×××
××
0
011001××
1
01101××
×
1
0111×××
×
1
1×××××
××
1
Field A
Decision
011×××
××
0
1×××××
××
1
Expanding Rules
Rule:
Rule:
Field A
Decision
[32, 79]
Deny
[72, 255]
Permit
Field A
Decision
[32, 79]
Deny
[64, 255]
Permit
TCAM:
TCAM:
Field A
Decision
001×××
××
0
0100×××
×
0
01001××
×
1
0101×××
×
1
011×××
××
Field A
1×××××
1
××
001×××
××
Decision
1
0
0100×××
×
0
01××××
××
1
Rule:
Rule:
Field A
Decision
[64, 119]
Deny
[0, 255]
Permit
Field A
Decision
[120, 127]
Permit
[64, 127]
Deny
[0, 255]
Permit
TCAM:
TCAM:
Field A
Decision
010×××
××
0
0110×××
×
0
01110××
×
0
×××××
×××
1
Field A
Decision
01111××
×
1
01××××
××
0
1×××××
××
1
Merging Rules
Rule:
Rule:
Field A
Decision
[96, 111]
Permit
[64, 95]
Deny
[100, 127]
Deny
[0, 255]
Permit
Field A
Decision
[96, 111]
Permit
[64, 127]
Deny
[0, 255]
Permit
TCAM:
TCAM:
Field A
Decision
0110×××
×
1
010×××
××
0
011001××
0
01101××
×
0
0111×××
×
0
×××××
Field
A
×××
0110×××
×
1
Decision
01××××
××
0
1×××××
××
1
1
Question:
How to define a systematic solution?
Trim Rule Set
Framework
Get Next Rule
Expanding
will help?
YES
Expand Rule
NO
will help?
YES
NO
Merge with other
rules will help?
YES
NO
NO
Last Rule?
YES
Remove Redundancy
Merge Rules
Trim Rule
Get Next Rule
Compute the core
region of each rule
Trim the rule to be the
minimum hypercube that
encloses its core region
If a range clause originally
specifies a prefix, expand it
to be the minimum prefix
NO
Last Rule?
YES
Core region is the part of a rule’s definition
region that is not covered by higher rules or
lower rules of the same color
To preserve the semantics of the rule set
To avoid unnecessary increase in the number
of TCAM entries needed
Expand Rule
A minimum expansion of the chosen clause
should lead to the largest decrease in the
number of TCAM entries needed
Pick a range clause
to expand
Expansion
allowed?
YES
Perform a minimum
expansion of the chosen
range clause
YES
Any range clause
can be expand?
NO
NO
A minimum expansion of the chosen clause
should lead to the largest decrease in the
number of TCAM entries needed
Pick a range clause
to expand
Expansion
allowed?
NO
expand the current rule
YES
Perform a minimum
expansion of the chosen
range clause
Semantics of the
rule set preserved?
NO
YES
YES
Any range clause
can be expand?
NO
YES
Number of TCAM entries
of the rule reduced?
NO
Roll back
A minimum expansion of the chosen clause
should lead to the largest decrease in the
number of TCAM entries needed
Pick a range clause
to expand
Expansion
allowed?
NO
expand the current rule
YES
Perform a minimum
expansion of the chosen
range clause
Semantics of the
rule set preserved?
NO
YES
YES
Any range clause
can be expand?
YES
Number of TCAM entries
of the rule reduced?
NO
NO
Remove redundancy
YES
Number of TCAM entries
of the rule set reduced?
NO
Roll back
Evaluation
 Real rule sets
 1000+ real rule sets from the network of a tier-1 ISP
 Each rule specifies clauses on source IP, destination IP, source port,
destination port and protocol type.
 Action doesn’t matter here.
Evaluation: real rule sets
Evaluation: real rule sets
Evaluation
 Ramdom rule sets
 100 randomly generated rule sets
 a random prefix
 Protocol type
 a random number
 Port range
 a random sub-range of [0, 65535]
 Action
 randomly selected from actions in real rule sets
Evaluation: random rule sets
Evaluation: random rule sets
Summary
 Packet classification is the foundation of many Internet
functions.
 TCAM is the favoured solution for packet classification.
 Pure software solutions are becoming increasingly difficult as the
gap between wire speeds and memory speeds keeps widening.
 TCAM suffers size explosion on range clauses.
 TCAM accounts for a significant portion of the cost of router line
cards.
 We propose (a set of techniques) to define smaller but
semantically equivalent rule sets.
 Do not require any hardware modification.
 Become even more effective with more range clauses!
Future Work
We have tried to compress TCAM.
Question:
Can we totally eliminate TCAM?
Future Work
Work in progress:
Wire Speed Packet Classification Without TCAM:
One More Register (And A Bit of Logic) Is Enough
Poster @ ACM SIGCOMM 2006
Pisa, Italy
9.11 ~ 9.15
Future Work
More coming…
Besides packet classification based on
the standard 5-tuple, deep packet
classification based on payload is another
important topic of interest.
SIGMETRICS 2006
Thank you!
Qunfeng Dong
Email: [email protected]
```