TupleMerge: Building Online Packet Classifiers by Omitting Bits

Packet classification is an important part of many networking devices, such as routers and firewalls. Software-defined networks require online packet classification where classifiers receive a mixed stream of packets to classify and rules to update and both operations must be completed as efficiently as possible without knowledge of future operations. This rules out many classifiers, such as HyperCuts, HyperSplit, and their derivatives, which do not support fast updates. We build upon Tuple Space Search, the packet classifier used by Open vSwitch, to create TupleMerge. TupleMerge improves upon Tuple Space Search by combining hash tables which contain rules with similar characteristics. This greatly reduces classification time by producing fewer tables. We compared TupleMerge to PartitionSort, the current state-of-the-art online packet classifier, on rulelists generated by ClassBench. TupleMerge outperforms PartitionSort at both classifying packets and rule update. Specifically, on average, it is 34.2% faster at classifying packets and 30% faster at updating rules than PS.

[1]  Sarang Dharmapurikar,et al.  Longest prefix matching using bloom filters , 2003, IEEE/ACM Transactions on Networking.

[2]  Eric Torng,et al.  A sorted partitioning approach to high-speed and fast-update OpenFlow classification , 2016, 2016 IEEE 24th International Conference on Network Protocols (ICNP).

[3]  Pankaj Gupta,et al.  Packet Classification using Hierarchical Intelligent Cuttings , 1999 .

[4]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[5]  Venkatachary Srinivasan,et al.  Packet classification using tuple space search , 1999, SIGCOMM '99.

[6]  Jonathan S. Turner,et al.  ClassBench: A Packet Classification Benchmark , 2005, IEEE/ACM Transactions on Networking.

[7]  Srihari Cadambi,et al.  Chisel: A Storage-efficient, Collision-free Hash-based Network Processing Architecture , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[8]  T. V. Lakshman,et al.  High-speed policy-based packet forwarding using efficient multi-dimensional range matching , 1998, SIGCOMM '98.

[9]  Kirill Kogan,et al.  SAX-PAC (Scalable And eXpressive PAcket Classification) , 2015, SIGCOMM 2015.

[10]  Maciej Kuźniar,et al.  What You Need to Know About SDN Flow Tables , 2015, PAM.

[11]  Baohua Yang,et al.  Packet Classification Algorithms: From Theory to Practice , 2009, IEEE INFOCOM 2009.

[12]  T. N. Vijaykumar,et al.  EffiCuts: optimizing packet classification for memory and throughput , 2010, SIGCOMM '10.

[13]  George Varghese,et al.  Faster IP lookups using controlled prefix expansion , 1998, SIGMETRICS '98/PERFORMANCE '98.

[14]  Martín Casado,et al.  Extending Networking into the Virtualization Layer , 2009, HotNets.

[15]  Haoyu Song,et al.  Fast hash table lookup using extended bloom filter: an aid to network processing , 2005, SIGCOMM '05.

[16]  George Varghese,et al.  Packet classification using multidimensional cutting , 2003, SIGCOMM '03.

[17]  Gaogang Xie,et al.  Meta-algorithms for Software-Based Packet Classification , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[18]  Martín Casado,et al.  The Design and Implementation of Open vSwitch , 2015, NSDI.