Removing Redundancy from Packet Classifiers

Packet classification is the core mechanism that enables many networking services such as firewall access control and traffic accounting. Reducing memory space for packet classification algorithms is of paramount importance because a packet classifier must use very limited on-chip cache to store complex data structures. This paper proposes the first ever scheme that can significantly reduce memory space for all packet classification algorithms. The scheme is to remove all redundant rules in a packet classifier before a classification algorithm starts building data structures. By removing redundant rules, we can save more than 73% of memory for a packet classifier that examines eight packet fields. In this paper, we categorize redundant rules into upward redundant rules and downward redundant rules. We give a necessary and sufficient condition for identifying each type of redundant rule. We present two efficient algorithms for detecting and removing the two types of redundant rules respectively. The two algorithms make use of a graph model of packet classifiers, called packet decision diagrams. The experimental results shows that our algorithms are very efficient.

[1]  Mark H. Overmars,et al.  Range Searching and Point Location among Fat Objects , 1996, J. Algorithms.

[2]  Ellen W. Zegura,et al.  Bowman: a node OS for active networks , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[3]  George Varghese,et al.  Packet classification using multidimensional cutting , 2003, SIGCOMM '03.

[4]  Thomas Y. C. Woo A modular approach to packet classification: algorithms and results , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[5]  Michael E. Kounavis,et al.  Directions in Packet Classification for Network Processors , 2004 .

[6]  Mohamed G. Gouda,et al.  Firewall design: consistency, completeness, and compactness , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[7]  Jonathan S. Turner,et al.  Packet classification using extended TCAMs , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[8]  Parameswaran Ramanathan,et al.  Proportional differentiated services: delay differentiation and packet scheduling , 1999, SIGCOMM '99.

[9]  Nick McKeown,et al.  Packet classification on multiple fields , 1999, SIGCOMM '99.

[10]  Pankaj Gupta,et al.  Algorithms for routing lookups and packet classification , 2000 .

[11]  Eddie Kohler,et al.  The Click modular router , 1999, SOSP.

[12]  Sara Oueslati,et al.  Quality of service and flow level admission control in the Internet , 2002, Comput. Networks.