An Efficient Conflict Detection Algorithm for Packet Filters

Packet classification is essential for supporting advanced network services such as firewalls, quality-of-service (QoS), virtual private networks (VPN), and policy-based routing. The rules that routers use to classify packets are called packet filters. If two or more filters overlap, a conflict occurs and leads to ambiguity in packet classification. This study proposes an algorithm that can efficiently detect and resolve filter conflicts using tuple based search. The time complexity of the proposed algorithm is O(nW+s), and the space complexity is O(nW), where n is the number of filters, W is the number of bits in a header field, and s is the number of conflicts. This study uses the synthetic filter databases generated by ClassBench to evaluate the proposed algorithm. Simulation results show that the proposed algorithm can achieve better performance than existing conflict detection algorithms both in time and space, particularly for databases with large numbers of conflicts.

[1]  Chia-Tai Chan,et al.  Performance Improvement of Two-Dimensional Packet Classification by Filter Rephrasing , 2007, IEEE/ACM Transactions on Networking.

[2]  George Varghese,et al.  Fast and scalable layer four switching , 1998, SIGCOMM '98.

[3]  T. V. Lakshman,et al.  High-speed policy-based packet forwarding using efficient multi-dimensional range matching , 1998, SIGCOMM '98.

[4]  Jonathan S. Turner,et al.  ClassBench: A Packet Classification Benchmark , 2005, IEEE/ACM Transactions on Networking.

[5]  Chia-Tai Chan,et al.  High-speed packet classification for differentiated services in next-generation networks , 2004, IEEE Transactions on Multimedia.

[6]  Bernhard Plattner,et al.  Scalable high speed IP routing lookups , 1997, SIGCOMM '97.

[7]  Sartaj Sahni,et al.  Conflict detection and resolution in two-dimensional prefix router tables , 2005, IEEE/ACM Transactions on Networking.

[8]  Guru M. Parulkar,et al.  Detecting and resolving packet filter conflicts , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[9]  Venkatachary Srinivasan,et al.  Packet classification using tuple space search , 1999, SIGCOMM '99.

[10]  George Varghese,et al.  Fast and scalable conflict detection for packet classifiers , 2003, Comput. Networks.

[11]  George Varghese,et al.  Fast packet classification for two-dimensional conflict-free filters , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[12]  George Varghese,et al.  Scalable packet classification , 2001, SIGCOMM 2001.