Packet classification using binary Content Addressable Memory

Packet classification is the core mechanism that enables many networking devices. Although using Ternary Content Addressable Memories (TCAMs) to perform high speed packet classification has become the widely adopted solution, TCAMs are very expensive, have limited capacity, consume large amounts of power, and generate tremendous amounts of heat because of their extremely dense and parallel circuitry. In this paper, we propose the first packet classification scheme that uses Binary Content Addressable Memories (BCAMs). BCAMs are similar to TCAMs except that in BCAMs, every bit has only two possible states: 0 or 1; in contrast, in TCAMs, every bit has three possible states: 0, 1, or * (don't care). Because of the high complexity in implementing the extra “don't care” state, TCAMs have much higher circuit density than BCAMs. As the power consumption, heat generation, and price grow non-linearly with circuit density, BCAMs consume much less power, generate much less heat, and cost much less money than TCAMs. Our BCAM based packet classification scheme is built on two key ideas. First, we break a multi-dimensional lookup into a series of one-dimensional lookups. Second, for each one-dimensional lookup, we convert the ternary matching problem into a binary string exact matching problem. To speed up the lookup process, we propose a number of optimization techniques including skip lists, free expansion, minimizing maximum lookup time, minimizing average lookup time, and lookup short circuiting. We evaluated our BCAM scheme on 17 real-life packet classifiers. On these classifiers, our BCAM scheme requires roughly 5 times fewer CAM bits than the traditional TCAM based scheme. The penalty is a throughput that is roughly 4 times less.

[1]  K. Pagiamtzis,et al.  Content-addressable memory (CAM) circuits and architectures: a tutorial and survey , 2006, IEEE Journal of Solid-State Circuits.

[2]  Huan Liu,et al.  Efficient mapping of range classifier into ternary-CAM , 2002, Proceedings 10th Symposium on High Performance Interconnects.

[3]  E TaylorDavid Survey and taxonomy of packet classification techniques , 2005 .

[4]  Yipeng Zhou,et al.  A Unifying Model and Analysis of P2P VoD Replication and Scheduling , 2012, IEEE/ACM Transactions on Networking.

[5]  Eric Torng,et al.  TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs , 2007, 2007 IEEE International Conference on Network Protocols.

[6]  XiongNaixue,et al.  Steganalysis of LSB matching using differences between nonadjacent pixels , 2016 .

[7]  Jiannong Cao,et al.  A Distributed TCAM Coprocessor Architecture for Integrated Longest Prefix Matching, Policy Filtering, and Content Filtering , 2013, IEEE Transactions on Computers.

[8]  Mohamed G. Gouda,et al.  Complete Redundancy Detection in Firewalls , 2005, DBSec.

[9]  Bin Liu,et al.  DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors , 2008, IEEE Transactions on Computers.

[10]  Mohamed G. Gouda,et al.  Complete Redundancy Removal for Packet Classifiers in TCAMs , 2010, IEEE Trans. Parallel Distributed Syst..

[11]  Rami Cohen,et al.  Exact Worst Case TCAM Rule Expansion , 2013, IEEE Transactions on Computers.

[12]  Zhen Ji,et al.  Optimization between security and delay of quality-of-service , 2011, J. Netw. Comput. Appl..

[13]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[14]  Jin Wang,et al.  Mutual Verifiable Provable Data Auditing in Public Cloud Storage , 2015 .

[15]  McKeownNick,et al.  Packet classification on multiple fields , 1999 .

[16]  Eric Torng,et al.  Firewall Compressor: An Algorithm for Minimizing Firewall Policies , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[17]  F. Richard Yu,et al.  Distributed denial of service attacks in software-defined networking with cloud computing , 2015, IEEE Communications Magazine.

[18]  Jian Shen,et al.  A Novel Routing Protocol Providing Good Transmission Reliability in Underwater Sensor Networks , 2015 .

[19]  Gang Chen,et al.  Color Image Analysis by Quaternion-Type Moments , 2014, Journal of Mathematical Imaging and Vision.

[20]  Eric Torng,et al.  Topological Transformation Approaches to TCAM-Based Packet Classification , 2011, IEEE/ACM Transactions on Networking.

[21]  Xingming Sun,et al.  Segmentation-Based Image Copy-Move Forgery Detection Scheme , 2015, IEEE Transactions on Information Forensics and Security.

[22]  Sam Kwong,et al.  Efficient Motion and Disparity Estimation Optimization for Low Complexity Multiview Video Coding , 2015, IEEE Transactions on Broadcasting.

[23]  Chad R. Meiners,et al.  All-Match Based Complete Redundancy Removal for Packet Classifiers in TCAMs , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[24]  Laizhong Cui,et al.  When big data meets software-defined networking: SDN for big data and big data for SDN , 2016, IEEE Network.

[25]  Eric Torng,et al.  A difference resolution approach to compressing Access Control Lists , 2013, 2013 Proceedings IEEE INFOCOM.

[26]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[27]  David S. Johnson,et al.  Compressing rectilinear pictures and minimizing access control lists , 2007, SODA '07.

[28]  Jia Wang,et al.  Packet classifiers in ternary CAMs can be smaller , 2006, SIGMETRICS '06/Performance '06.

[29]  Antonius P. J. Engbersen,et al.  Fast and scalable packet classification , 2003, IEEE J. Sel. Areas Commun..

[30]  Brian Zill,et al.  Constructing optimal IP routing tables , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[31]  Nick McKeown,et al.  Algorithms for packet classification , 2001, IEEE Netw..

[32]  Ling Shao,et al.  A rapid learning algorithm for vehicle classification , 2015, Inf. Sci..

[33]  Tuomas Sandholm,et al.  Compressing Two-Dimensional Routing Tables , 2003, Algorithmica.

[34]  Eric Torng,et al.  A Ternary Unification Framework for optimizing TCAM-based packet classification systems , 2013, Architectures for Networking and Communications Systems.

[35]  Danny Hendler,et al.  Space-Efficient TCAM-Based Classification Using Gray Coding , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[36]  Jin Wang,et al.  A Variable Threshold-Value Authentication Architecture for Wireless Mesh Networks , 2014 .

[37]  Yang Wang,et al.  On-Demand Security Architecture for Cloud Computing , 2012, Computer.

[38]  Xiaonan Guo,et al.  MODLoc: Localizing Multiple Objects in Dynamic Indoor Environment , 2014, IEEE Transactions on Parallel and Distributed Systems.

[39]  Mohamed G. Gouda,et al.  Diverse Firewall Design , 2004, IEEE Transactions on Parallel and Distributed Systems.

[40]  Alex X. Liu,et al.  Collaborative enforcement of firewall policies in virtual private networks , 2008, PODC '08.

[41]  Nick McKeown,et al.  Packet classification on multiple fields , 1999, SIGCOMM '99.

[42]  Bin Liu,et al.  DPPC-RE: TCAM-based distributed parallel packet classification with range encoding , 2006, IEEE Transactions on Computers.

[43]  Sarang Dharmapurikar,et al.  Longest prefix matching using bloom filters , 2006, IEEE/ACM Transactions on Networking.

[44]  Yejun He,et al.  An ALOHA-based improved anti-collision algorithm for RFID systems , 2013, IEEE Wireless Communications.

[45]  Eric Torng,et al.  Split: Optimizing Space, Power, and Throughput for TCAM-Based Classification , 2011, 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems.

[46]  DharmapurikarSarang,et al.  Longest prefix matching using bloom filters , 2006 .

[47]  Eric Torng,et al.  TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs , 2007, 2007 IEEE International Conference on Network Protocols.

[48]  Coniferous softwood GENERAL TERMS , 2003 .

[49]  Zhihua Xia,et al.  Steganalysis of least significant bit matching using multi-order differences , 2014, Secur. Commun. Networks.

[50]  Eric Torng,et al.  Bit weaving: A non-prefix approach to compressing packet classifiers in TCAMs , 2009, 2009 17th IEEE International Conference on Network Protocols.

[51]  George Varghese,et al.  Scalable packet classification , 2001, SIGCOMM '01.

[52]  F. Richard Yu,et al.  Software-Defined Device-to-Device (D2D) Communications in Virtual Wireless Networks With Imperfect Network State Information (NSI) , 2016, IEEE Transactions on Vehicular Technology.

[53]  David E. Taylor Survey and taxonomy of packet classification techniques , 2005, CSUR.

[54]  Mohamed G. Gouda,et al.  Structured firewall design , 2007, Comput. Networks.

[55]  Haim Kaplan,et al.  On finding an optimal TCAM encoding scheme for packet classification , 2013, 2013 Proceedings IEEE INFOCOM.

[56]  Eric Torng,et al.  Topological transformation approaches to optimizing TCAM-based packet classification systems , 2009, SIGMETRICS '09.

[57]  Naixue Xiong,et al.  Steganalysis of LSB matching using differences between nonadjacent pixels , 2016, Multimedia Tools and Applications.

[58]  Tiejun Lv,et al.  Zero-Forcing Based MIMO Two-Way Relay with Relay Antenna Selection: Transmission Scheme and Diversity Analysis , 2012, IEEE Transactions on Wireless Communications.

[59]  Bin Gu,et al.  Incremental Support Vector Learning for Ordinal Regression , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[60]  Jonathan S. Turner,et al.  Packet classification using extended TCAMs , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[61]  Anand Rangarajan,et al.  Algorithms for advanced packet classification with ternary CAMs , 2005, SIGCOMM '05.

[62]  Bin Gu,et al.  Incremental learning for ν-Support Vector Regression , 2015, Neural Networks.

[63]  Thomas Y. C. Woo A modular approach to packet classification: algorithms and results , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[64]  Yuxiang Wang,et al.  Construction of Tree Network with Limited Delivery Latency in Homogeneous Wireless Sensor Networks , 2014, Wirel. Pers. Commun..

[65]  Mohamed G. Gouda,et al.  Firewall design: consistency, completeness, and compactness , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[66]  Zhen Ji,et al.  Secure interoperation of identity managements among different circles of trust , 2011, Comput. Stand. Interfaces.

[67]  Yuhui Zheng,et al.  Image segmentation by generalized hierarchical fuzzy C-means algorithm , 2015, J. Intell. Fuzzy Syst..

[68]  Eric Torng,et al.  Bit Weaving: A Non-Prefix Approach to Compressing Packet Classifiers in TCAMs , 2012, IEEE/ACM Transactions on Networking.

[69]  Hongbo Zhu,et al.  Network convergence: theory, architectures, and applications , 2014, IEEE Wireless Communications.