Large-scale wire-speed packet classification on FPGAs

Multi-field packet classification is a key enabling function of a variety of network applications, such as firewall processing, Quality of Service differentiation, traffic billing, and other value added services. Although a plethora of research has been done in this area, wire-speed packet classification while supporting large rule sets remains difficult. This paper exploits the features provided by current FPGAs and proposes a decision-tree-based, two-dimensional dual-pipeline architecture for multi-field packet classification. To fit the current largest rule set in the on-chip memory of the FPGA device, we propose several optimization techniques for the state-of-the-art decision-tree-based algorithm, so that the memory requirement is almost linear with the number of rules. Specialized logic is developed to support varying number of branches at each decision tree node. A tree-to-pipeline mapping scheme is carefully designed to maximize the memory utilization. Since our architecture is linear and memory-based, on-the-fly update without disturbing the ongoing operations is feasible. The implementation results show that our architecture can store 10K real-life rules in on-chip memory of a single Xilinx Virtex-5 FPGA, and sustain 80 Gbps (i.e. 2x OC-768 rate) throughput for minimum size (40 bytes) packets. To the best of our knowledge, this work is the first FPGA-based packet classification engine that achieves wire-speed throughput while supporting 10K unique rules.

[1]  Haoyu Song,et al.  Fast packet classification using bloom filters , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[2]  Girija J. Narlikar,et al.  Fast incremental updates for pipelined forwarding engines , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[3]  Nick McKeown,et al.  Classifying Packets with Hierarchical Intelligent Cuttings , 2000, IEEE Micro.

[4]  Viktor K. Prasanna,et al.  Parallel IP lookup using multiple SRAM-based pipelines , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing.

[5]  Jonathan S. Turner,et al.  Scalable packet classification using distributed crossproducing of field labels , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[6]  Yan Luo,et al.  Acceleration of decision tree searching for IP traffic classification , 2008, ANCS '08.

[7]  George Varghese,et al.  Packet classification using multidimensional cutting , 2003, SIGCOMM '03.

[8]  Ioannis Papaefstathiou,et al.  Memory-Efficient 5D Packet Classification At 40 Gbps , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[9]  David E. Taylor Survey and taxonomy of packet classification techniques , 2005, CSUR.

[10]  George Varghese,et al.  Tree bitmap: hardware/software IP lookups with incremental updates , 2004, CCRV.

[11]  T. V. Lakshman,et al.  Efficient multimatch packet classification and lookup with TCAM , 2005, IEEE Micro.

[12]  T. V. Lakshman,et al.  High-speed policy-based packet forwarding using efficient multi-dimensional range matching , 1998, SIGCOMM '98.

[13]  Kuruvilla Varghese,et al.  A Scalable High Throughput Firewall in FPGA , 2008, 2008 16th International Symposium on Field-Programmable Custom Computing Machines.

[14]  Ioannis Sourdis Designs and algorithms for packet and content inspection , 2007 .

[15]  Jonathan S. Turner,et al.  ClassBench: A Packet Classification Benchmark , 2005, IEEE/ACM Transactions on Networking.

[16]  Ioannis Papaefstathiou,et al.  A Memory-Efficient FPGA-based Classification Engine , 2008, 2008 16th International Symposium on Field-Programmable Custom Computing Machines.

[17]  Grigore Rosu,et al.  A tree based router search engine architecture with single port memories , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[18]  Haoyu Song,et al.  Efficient packet classification for network intrusion detection using FPGA , 2005, FPGA '05.

[19]  Harrick M. Vin,et al.  Two stage packet classification using most specific filter matching and transport level sharing , 2007, Comput. Networks.

[20]  Anand Rangarajan,et al.  Algorithms for advanced packet classification with ternary CAMs , 2005, SIGCOMM '05.

[21]  Nick McKeown,et al.  Algorithms for packet classification , 2001, IEEE Netw..

[22]  Zhen Liu,et al.  Low power architecture for high speed packet classification , 2008, ANCS '08.