TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs

Packet classification is the core mechanism that enables many networking services on the Internet such as firewall packet filtering and traffic accounting. Using ternary content addressable memories (TCAMs) to perform high-speed packet classification has become the de facto standard in industry. TCAMs classify packets in constant time by comparing a packet with all classification rules of ternary encoding in parallel. Despite their high speed, TCAMs suffer from the well-known range expansion problem. As packet classification rules usually have fields specified as ranges, converting such rules to TCAM-compatible rules may result in an explosive increase in the number of rules. This is not a problem if TCAMs have large capacities. Unfortunately, TCAMs have very limited capacity, and more rules means more power consumption and more heat generation for TCAMs. Even worse, the number of rules in packet classifiers have been increasing rapidly with the growing number of services deployed on the internet. To address the range expansion problem of TCAMs, we consider the following problem: given a packet classifier, how can we generate another semantically equivalent packet classifier that requires the least number of TCAM entries? In this paper, we propose a systematic approach, the TCAM Razor, that is effective, efficient, and practical. In terms of effectiveness, our TCAM Razor prototype achieves a total compression ratio of 3.9%, which is significantly better than the previously published best result of 54%. In terms of efficiency, our TCAM Razor prototype runs in seconds, even for large packet classifiers. Finally, in terms of practicality, our TCAM Razor approach can be easily deployed as it does not require any modification to existing packet classification systems, unlike many previous range expansion solutions.

[1]  Eric Torng,et al.  Topological transformation approaches to optimizing TCAM-based packet classification systems , 2009, SIGMETRICS '09.

[2]  Bin Liu,et al.  DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors , 2008, IEEE Transactions on Computers.

[3]  Eric Torng,et al.  Firewall Compressor: An Algorithm for Minimizing Firewall Policies , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[4]  Chad R. Meiners,et al.  All-Match Based Complete Redundancy Removal for Packet Classifiers in TCAMs , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[5]  Mohamed G. Gouda,et al.  Diverse Firewall Design , 2004, IEEE Transactions on Parallel and Distributed Systems.

[6]  Bin Liu,et al.  Enhanced prefix inclusion coding filter-encoding algorithm for packet classification with ternary content addressable memory , 2007, IET Comput. Digit. Tech..

[7]  Mohamed G. Gouda,et al.  Structured firewall design , 2007, Comput. Networks.

[8]  David S. Johnson,et al.  Compressing rectilinear pictures and minimizing access control lists , 2007, SODA '07.

[9]  Danny Hendler,et al.  Space-Efficient TCAM-Based Classification Using Gray Coding , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[10]  Peng Zhou,et al.  Efficient packet classification using TCAMs , 2006, Comput. Networks.

[11]  Bin Liu,et al.  DPPC-RE: TCAM-based distributed parallel packet classification with range encoding , 2006, IEEE Transactions on Computers.

[12]  Jia Wang,et al.  Packet classifiers in ternary CAMs can be smaller , 2006, SIGMETRICS '06/Performance '06.

[13]  Timothy Sherwood,et al.  Modeling TCAM power for next generation network devices , 2006, 2006 IEEE International Symposium on Performance Analysis of Systems and Software.

[14]  T. V. Lakshman,et al.  SSA: a power and memory efficient scheme to multi-match packet classification , 2005, ANCS '05.

[15]  David E. Taylor Survey and taxonomy of packet classification techniques , 2005, CSUR.

[16]  Anand Rangarajan,et al.  Algorithms for advanced packet classification with ternary CAMs , 2005, SIGCOMM '05.

[17]  Mohamed G. Gouda,et al.  Complete Redundancy Detection in Firewalls , 2005, DBSec.

[18]  George Varghese,et al.  Scalable packet classification , 2001, SIGCOMM '01.

[19]  Jonathan S. Turner,et al.  Packet classification using extended TCAMs , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[20]  George Varghese,et al.  Packet classification using multidimensional cutting , 2003, SIGCOMM '03.

[21]  George Varghese,et al.  Packet classification for core routers: is there an alternative to CAMs? , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[22]  Antonius P. J. Engbersen,et al.  Fast and scalable packet classification , 2003, IEEE J. Sel. Areas Commun..

[23]  Tuomas Sandholm,et al.  Compressing Two-Dimensional Routing Tables , 2003, Algorithmica.

[24]  Huan Liu,et al.  Efficient mapping of range classifier into ternary-CAM , 2002, Proceedings 10th Symposium on High Performance Interconnects.

[25]  George Varghese,et al.  Fast firewall implementations for software and hardware-based routers , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[26]  Paul E. Jones,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[27]  George Varghese,et al.  Fast firewall implementations for software-based and hardware-based routers , 2001, SIGMETRICS '01.

[28]  Nick McKeown,et al.  Algorithms for packet classification , 2001, IEEE Netw..

[29]  Anja Feldmann,et al.  Tradeoffs for packet classification , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[30]  Thomas Y. C. Woo A modular approach to packet classification: algorithms and results , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[31]  McKeownNick,et al.  Packet classification on multiple fields , 1999 .

[32]  Nick McKeown,et al.  Packet classification on multiple fields , 1999, SIGCOMM '99.

[33]  Brian Zill,et al.  Constructing optimal IP routing tables , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[34]  Pankaj Gupta,et al.  Packet Classification using Hierarchical Intelligent Cuttings , 1999 .

[35]  T. V. Lakshman,et al.  High-speed policy-based packet forwarding using efficient multi-dimensional range matching , 1998, SIGCOMM '98.

[36]  George Varghese,et al.  Fast and scalable layer four switching , 1998, SIGCOMM '98.

[37]  VargheseGeorge,et al.  Scalable high speed IP routing lookups , 1997 .

[38]  Bernhard Plattner,et al.  Scalable high speed IP routing lookups , 1997, SIGCOMM '97.

[39]  Mark H. Overmars,et al.  Range Searching and Point Location among Fat Objects , 1996, J. Algorithms.