Efficient packet classification on network processors

Always-on networking and a growing interest in multimediaand conversational-IP services offer an opportunity to network providers to participate in the service layer, if they increase functional intelligence in their networks. An important prerequisite to providing advanced services in IP access networks is the availability of a high-speed packet classification module in the network nodes, necessary for supporting any IP service imaginable. Often, access nodes are installed in remote offices, where they terminate a large number of subscriber lines. As such, technology adding processing power in this environment should be energy-efficient, whilst maintaining the flexibility to cope with changing service requirements. Network processor units (NPUs) are designed to overcome these operational restrictions, and in this context this paper investigates their suitability for wireline and robust packet classification in a firewalling application. State-of-the-art packet classification algorithms are examined, whereafter the performance and memory requirements are compared for a Binary Decision Diagram (BDD) and sequential search approach. Several space optimizations for implementing BDD classifiers on NPU hardware are discussed and it is shown that the optimized BDD classifier is able to operate at gigabit wirespeed, independent of the ruleset size, which is a major advantage over a sequential search classifier. Copyright q 2007 John Wiley & Sons, Ltd.

[1]  Pankaj Gupta,et al.  Packet Classification using Hierarchical Intelligent Cuttings , 1999 .

[2]  Theofanis Orphanoudakis,et al.  PR03: a hybrid NPU architecture , 2004, IEEE Micro.

[3]  Jun Li,et al.  HSM: a fast packet classification algorithm , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[4]  Eric Grosse,et al.  Network processors applied to IPv4/IPv6 transition , 2003 .

[5]  R. Neogi,et al.  Design and performance of a network-processor-based intelligent DSLAM , 2003 .

[6]  Bill Carlson Intel Internet Exchange Architecture and Applications: A Practical Guide to Intel's Network Processors , 2003 .

[7]  Douglas Comer,et al.  Network Systems Design Using Network Processors , 2003 .

[8]  Kenneth L. McMillan,et al.  Approximation and decomposition of binary decision diagrams , 1998, Proceedings 1998 Design and Automation Conference. 35th DAC. (Cat. No.98CH36175).

[9]  Chuang Lin,et al.  Optimization and benchmark of cryptographic algorithms on network processors , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[10]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[11]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[12]  George Varghese,et al.  Packet classification using multidimensional cutting , 2003, SIGCOMM '03.

[13]  David E. Taylor Survey and taxonomy of packet classification techniques , 2005, CSUR.

[14]  Laxmi N. Bhuyan,et al.  NePSim: a network processor simulator with a power evaluation framework , 2004, IEEE Micro.

[15]  Erik J. Johnson,et al.  IXP2400/2800 Programming: The Complete Microengine Coding Guide , 2003 .

[16]  F. De Turck,et al.  Deployment of service aware access networks through IPv6 , 2005, Proceedings of the 8th International Conference on Telecommunications, 2005. ConTEL 2005..

[17]  Scott Hazelhurst,et al.  Algorithms for improving the dependability of firewall and filter rule lists , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[18]  Jonathan S. Turner,et al.  ClassBench: A Packet Classification Benchmark , 2005, IEEE/ACM Transactions on Networking.

[19]  Ying-Dar Lin,et al.  DiffServ edge routers over network processors: implementation and evaluation , 2003 .

[20]  George Varghese,et al.  Scalable packet classification , 2001, SIGCOMM 2001.

[21]  Nick McKeown,et al.  Packet classification on multiple fields , 1999, SIGCOMM '99.