Packet Classification with Limited Memory Resources

Network security and monitoring devices use packet classification to match packet header fields in a set of rules. Many hardware architectures have been designed to accelerate packet classification and achieve wire-speed throughput for 100 Gbps networks. The architectures are designed for high throughput even for the shortest packets. However, FPGA SoC and Intel Xeon with FPGA have limited resources for multiple accelerators. Usually, it is necessary to balance between available resources and the level of acceleration. Therefore, we have designed new hardware architecture for packet classification, which can balance between the processing speed and hardware resources. To achieve 10 Gbps average throughput the architecture need only 20 BlockRAMs for 5500 rules. Moreover, the architecture can scale the processing speed to wire-speed throughput on 100 Gbps line at the cost of additional memory resources.

[1]  Jonathan S. Turner,et al.  ClassBench: A Packet Classification Benchmark , 2005, IEEE/ACM Transactions on Networking.

[2]  Rene De La Briandais File searching using variable length keys , 1959, IRE-AIEE-ACM Computer Conference.

[3]  Nick McKeown,et al.  Packet classification on multiple fields , 1999, SIGCOMM '99.

[4]  Haoyu Song,et al.  Fast packet classification using bloom filters , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[5]  George Varghese,et al.  Packet classification using multidimensional cutting , 2003, SIGCOMM '03.

[6]  Nick McKeown,et al.  Classifying Packets with Hierarchical Intelligent Cuttings , 2000, IEEE Micro.

[7]  T. V. Lakshman,et al.  High-speed policy-based packet forwarding using efficient multi-dimensional range matching , 1998, SIGCOMM '98.

[8]  Jonathan S. Turner,et al.  Scalable packet classification using distributed crossproducing of field labels , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[9]  Yan Luo,et al.  Acceleration of decision tree searching for IP traffic classification , 2008, ANCS '08.

[10]  Viktor K. Prasanna,et al.  Scalable Packet Classification on FPGA , 2012, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[11]  Zhen Liu,et al.  Low power architecture for high speed packet classification , 2008, ANCS '08.

[12]  Jan Korenek,et al.  Fast and scalable packet classification using perfect hash functions , 2009, FPGA '09.

[13]  Baohua Yang,et al.  Packet Classification Algorithms: From Theory to Practice , 2009, IEEE INFOCOM 2009.

[14]  Rasmus Pagh,et al.  Cuckoo Hashing , 2001, Encyclopedia of Algorithms.

[15]  Jan Korenek,et al.  Netbench: Framework for Evaluation of Packet Processing Algorithms , 2011, 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems.

[16]  George Varghese,et al.  Fast and scalable layer four switching , 1998, SIGCOMM '98.

[17]  Haoyu Song,et al.  Efficient packet classification for network intrusion detection using FPGA , 2005, FPGA '05.