Minimizing Rulesets for TCAM Implementation

Packet classification is a function increasingly used in a number of networking appliances and applications. Typically, this consists of a set of abstract classifications, and a set of rules which sort packets into the various classifications. For packet classification at line speeds, Ternary Content-Addressable Memories (TCAMs) have become a norm in most networking hardware. However, TCAMs are expensive and power-hungry. Hence, a packet classification ruleset need to be minimized before populating the TCAM. In this paper, we formulate the Ruleset Minimization Problem for TCAM as an abstract optimization problem based on two-level logic minimization, and propose an exact solution and a number of heuristics. We present experimental results with two different datasets-artificial filter sets generated using ClassBench tool suite and a real firewall Access Control List (ACL) from a large enterprise. We observe an average reduction of 41% in artificial filter sets and 72.5% reduction in the firewall ACL using the proposed heuristics.

[1]  Nick McKeown,et al.  Packet classification on multiple fields , 1999, SIGCOMM '99.

[2]  Eric Torng,et al.  TCAM Razor: a systematic approach towards minimizing packet classifiers in TCAMs , 2010, TNET.

[3]  Danny Hendler,et al.  Space-Efficient TCAM-Based Classification Using Gray Coding , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[4]  Robert K. Brayton,et al.  ESPRESSO-SIGNATURE: A New Exact Minimizer for Logic Functions , 1993, 30th ACM/IEEE Design Automation Conference.

[5]  Jonathan S. Turner,et al.  ClassBench: A Packet Classification Benchmark , 2005, IEEE/ACM Transactions on Networking.

[6]  Chad R. Meiners,et al.  All-Match Based Complete Redundancy Removal for Packet Classifiers in TCAMs , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[7]  Richard M. Karp,et al.  Reducibility Among Combinatorial Problems , 1972, 50 Years of Integer Programming.

[8]  Huan Liu,et al.  Efficient mapping of range classifier into ternary-CAM , 2002, Proceedings 10th Symposium on High Performance Interconnects.

[9]  Anand Rangarajan,et al.  Algorithms for advanced packet classification with ternary CAMs , 2005, SIGCOMM '05.

[10]  Eric Torng,et al.  Firewall Compressor: An Algorithm for Minimizing Firewall Policies , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[11]  Raymond E. Miller,et al.  Complexity of Computer Computations , 1972 .

[12]  Antonius P. J. Engbersen,et al.  Fast and scalable packet classification , 2003, IEEE J. Sel. Areas Commun..

[13]  Jia Wang,et al.  Packet classifiers in ternary CAMs can be smaller , 2006, SIGMETRICS '06/Performance '06.

[14]  Bin Liu,et al.  DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors , 2008, IEEE Transactions on Computers.

[15]  Jia Wang,et al.  Wire speed packet classification without tcams: a few more registers (and a bit of logic) are enough , 2007, SIGMETRICS '07.