行政院國家科學委員會補助專題研究計畫成果報告
※※※※※※※※※※※※※※※※※※※※※※※※※※
※ 高速簽章式封包分類之研究 ※
※ The Study of Fast Signature-based Packet Classification ※
※ ※
※※※※※※※※※※※※※※※※※※※※※※※※※※
計畫類別:■個別型計畫 □整合型計畫 計畫編號:NSC 90-2213-E011-076
執行期間: 90 年 8 月 1 日至 91 年 7 月 31 日 計畫主持人:陳郁堂
本成果報告包括以下應繳交之附件:
□赴國外出差或研習心得報告一份
□赴大陸地區出差或研習心得報告一份
□出席國際學術會議心得報告及發表之論文各一份
□國際合作研究計畫國外研究報告書一份
執行單位:台灣科技大學電子系
中 華 民 國 91 年 10 月 20 日
行政院國家科學委員會專題研究計畫成果報告
高速簽章式封包分類之研究
The Study of Fast Signature-based Packet Classification
計畫編號:NSC 90-2213-E011-076執行期限:90 年 8 月 1 日至 91 年 7 月 31 日 主持人:陳郁堂 台灣科技大學電子系
計畫參與人員:吳其政 李世豪 台灣科技大學電子系 廖泓益 胡家榮 台灣科技大學電子系
一、中文摘要
多 欄 型 封 包 分 類 器(multiple field packet classifier)成為新一代網路的重要元件。以 往研究顯示,多欄型封包分類法所需記憶 體數量龐大,與欄位資料乘積成正比,要 達到高速封包分類需求,是一個富挑戰性 問題。本計劃發展簽章式(signature-based) 封包分類法,將每條分類法則(rule) 經由 hash function 對 映 到 具 唯 一 性 的 簽 章 (signature),封包僅針對簽章進行搜尋,由 於簽章長度相較於多欄位資料短,除有效 加速封包分類,並可降低記憶體的需求。
關鍵詞:封包分類器 Abstract
In this project, we propose a novel signature-based scheme for multi-field packet classification. In short, signature-based lookup scheme encodes each rule using a hashing coding method such that one can use the unique bit string, which is called the rule signature, to find a rule that matches a packet. When a packet arrives, the multi-field information is first translated into a lookup signature, and then rule signatures are searched for matching. Only a small fraction of multi-field information is inspected for signature-based packet classification, resulting in considerable saving in lookup time. By running a simulation model that incorporates the publicly available packet traces, we show that the performance of the proposed schemes are superior to previous approaches.
Keywords: packet classification
二、緣由與目的
Packet classification on multiple fields is recognized a hard problem. Previous researches show that multi-field packet classification has poor worst-case performance, in either storage or time complexity. In this project, we have developed a novel Signature-based pakcet classifcation to attack this issue.
The rule of multi-field packet classification consists of arbitrary prefix or range specifications on the following fields: the source network address, the destination network address, the source port, the destination port, the protocol identifier, and possible other fields. When a packet arrives, the packet header is extracted and then compared to the rule’s corresponding fields.
If they match, this rule is considered as a candidate rule. Logically, the packet header is compared against every rule in this way.
Finally, the candidate rule with the highest priority matches, and the packet operates according to the action specified in this rule.
If none of the rule match the packet’s fields, the packet results in a miss.
To motivate our work, we first observe the classifiers in Table 1. In rule F2, prefix {140.0} in source network address is a unique bit string in the classifier. If the source address of a packet header matches the prefix {140.0}, the remaining fields of the packet can immediately compare with rule F2 without further inspection. If they match, then the packet is forwarding based on rule F2. Therefore, each rule can be encoded as a unique bit string, called the signature. For example, {140.0} is the signature of Rule F2, and {140.118, 112.110}
is the signature of Rule F6.
TABLE 1 Four-field Cassifiers.
Rule Source Address
Destination Address
Source Port
Destination Port F1 140.118.* 192.2 80 21 F2 140.0.* 140.112 80 * F3 140.110.* 112.110.* * 21-24 F4 140.118.* 192.2.* 21 80 F5 88.120.2.1 65.2.2.2 20-30 80 F6 140.118.* 112.110.* 21 21
三、 研究方法及成果
I.MAJOR DARA STRUCTURE CONSTRUCTION The major structure of the signature-based packet classification is two-level index tables.
Each entry in the index table contains an entry type (2 bit), a prefix length (5 bit, only exists in fast routing table lookup) and a ptr (16 bit).
There are four types of entries:
(1) Invalid Entry (00): The entry has no valid value.
(2) Leaf-Signature (01): The entry itself is a leaf node, and no entry in the next level index table is required to store the rule signature. Ptr pointers to a tag, which contains the remaining bit string of the rule except the signature.
(3) Intermediate Signature (10): The entry itself is a part of a signature and other entries in the next–level index table(s) are required to store the signature. Ptr contains the location of the next level
index table.
(4) Rule (11): The entry itself is a leaf node.
Traversal from level- index table to this entry, contain an entire rule, instead of a signature. Ptr indicates the class ID.
However, the bit length of a four-field rule could be as long as 96 bits, straightforward construction of two-level index tables can cause memory explosion.
Thus, we employ a priori knowledge of rule characteristics to minimize memory requirements. First, each rule is encoded as a shorter bit string with the bit selection scheme, Then, all encoded rules are compressed into two-level index tables, which is the major structure of the signature-based packet classification engine.
In summary, the design of the packet classification engine consists of two major steps: rule encoding and level compression.
(a) RULE ENCODING
The approach to generate the signature of a rule is an interesting issue. From performance concerns, the bit length of a signature should be as short as possible.
However, if the length of a signature is arbitrary, the mechanism for packet classification becomes more complicated.
Rule encoding substitutes each rule with a shorter bit string such that both the average look up time and storage requirements can be reduced. In comparison with other coding problem, the rule encoding scheme in packet classification should not increase the overhead in packet pre-processing. Hence, we employ the bit selection scheme in rule encoding.
Hence, the rule encoding problem can be described as follows. Given a set of rules, each rule consists of a set of bits and the value of bit could be {0, 1, *}. Rule encoding problem is to find a optimal bit sequence, such that the average code length can be minimized.
Apparently, the rule encoding problem is a combinational problem. A trie-based encoding scheme based on the normalized entropy is proposed to attack this issue. First, we construct a one-bit trie with bit section scheme. Then, the traversal of the one-bit trie from root node to a leaf node can obtain the new code for the corresponding rule.
In a one-bit trie with bit selection, particular bit position j, divides rules into two groups: the “0”-group containing all rules with “0” or “*” value in j-th bit, and the
“1”-group containing all rules with “1” or
“*” in j-th bit.
Figure 3. Bit Selection scheme Normalized Entropy function is considered as the score function in constructing one-bit trie with bit selection.
Normalized Entropy Function
j i i
j N
P )) log(1 P
∑( ×
= Score
Pi : the probability of element i.
Nj: the total number of rule with “0” and
“1” group in bit j.
The entropy approaches maximum, if the probability of each element is the same. On the contrary, the entropy approaches minimum, if the probability of any element equals to 1.
Since all nodes in the same level of the one-bit trie must select the same bit to facilitate level compression, which will be described in next section, the final score function in a specific level can be represented as
∑=
= n 1
i i j
j Score( ) Score
Finall
i)j (
Score : the score with bit j, in node i.
Consequently, the one-bit-trie with bit selection can be constructed as follows:
Step1: Create a root node with all rules.
Step2: Calculate the normalized entropy and the final score for each available bit.
Step3: Select a bit with maximum the final score and delete the new selected bit from the list of available bits.
Step4: Create two child nodes, separate all rules with “0” value in the selected bit in R-child node and all rules with
“1” value in the selected bit in L-child node, and expand rules with
“*” in the selected bit into two rules in L-child and R-child individually.
Step5. Repeat step2 to step4 until the rule number in each leaf node is less than the predefined bucket size or the list of the available bits is empty.
(b) LEVEL COMPRESSION
Level compression scheme transforms a one-bit trie with bit selection into a multi-bit trie. In brief, level compression flatters i complete levels of the binary trie into a single node with degree 2i. The replacement procedure is applied recursively on each sub-trie. Obviously, level compression provides a tradeoff between memory consumption and the lookup time. Without loss generality, a two-level multi-bit trie, called two-level index tables, is selected as the major structure of the classification engine.
In level compression, the major issue is to decide which level to compress as the first-level index table. A miscalculation of compression levels can cause unnecessary prefix expansion and increase storage requirements. Instead of using dynamic programming to minimize storage requirements, a simple heuristic is used to decide i upper-level of the one-bit trie to compress as the first –level index table.
Size Bucket ) i (
# rule node Leaf
Ave. ≤
i : level number
where bucket size is a predefined small integer.
For example, if bucket size is 8, and the average leaf node rule number in level 3 is less than 8. Then, we compress the level 0 to level 2 as the first-level index table.
Before level compression, all nodes in the same level must select the same bit. When the trie growth to i level, at most 2i leaf nodes exist in this level, the bit selected in this level may be not the best bit for all nodes.
Hence, we use the bucket size to limit the further growth of the one-bit trie
In summary, the basic structure of the packet classification engine, several clusters of the two-level index tables, can be constructed as follows:
Step1: Build a one-bit trie with bit selection scheme
Step2: Compress the upper levels of the one-bit trie into the first-level index table.(Section I- (a) )
Step3: Rebuild a new sub-trie with bit selection for each non-terminate entry in first-level index table. (Section I- (b))
Step4: Compress the sub-bit trie built in step3 into second-level index tables.
II. SEARCH
The signature-based packet classification works by carefully preprocessing the classifiers to build the two-level index tables.
Search is achieved by traversing the two-level index tables. A search begins at level-1 index table, and then descends down the index tables by inspecting index entry until it reaches a leaf entry. Once a leaf entry is found, the remaining packet fields are compared with the rule information stored in the corresponding tag. If there is a match, it yields the desired rule matching. In worst case, the lookup can be completed within two accesses to index tables and one comparison with a rule.
III PERFORMANCE EVALUATION To test the performance of the proposed packet classification, we built a simulator based on PALAC [2]. We assumes that 4 bytes of SRAM lookup cost 10ns. The major performance metrics in our experiments are the average lookup time, the experimental maximal lookup time and memory requirements. The structure of classifers can affect both memory requirements and lookup
times. However, there are no large-scale real classifiers available in public domain.
Therefore, two kinds of synthesized classifiers are considered in our experiment.
We use two approaches to create synthesized classifiers.
(1) Two-dimensional synthesized classifiers:
Each rule is generated by randomly picking a prefix from publicly available routing tables in Mae-West [3] as the source network address and the destination network address respectively.
Prefix lengths are uniformly distributed from 8 to 32.
(2) Four-dimensional classifiers: Each rule is generated by randomly picking a prefix from publicly available routing tables in Mae-West [3] as the source network address and the destination network address respectively. The source port and the destination port are randomly chosen from 0 to 65535.
The results of the two-dimensional classifiers are similar to those of four-dimensional classifiers. Since the space is limited, only the results of the four-dimensional classifiers are shown in this report.
A. Storage Requirement for Four-dimensional Rules
Figure 1. Storage Requirement for four-dimensional rules
Figure 1 compares the memory requirements between the proposed algorithm and Hi-Cut algorithm in four-field rules. The memory requirement of proposed algorithm under 20000 rules is 549.1 KB, which is only one quarter of Hi-Cut algorithm.
B. Comparison of Lookup Time for Four-dimensional Rules
Figure 2 compares the lookup time between the proposed algorithm and Hi-Cut algorithm in four-fields. Our approach has
twice faster than Hi-Cut algorithm in rules average lookup time. Simultaneously, the proposed algorithm can achieve the average case lookup time at 86 ns and the maximum lookup time at 125 ns in 20000 four-dimensional rules. This corresponds to at least 8 million lookups per second; enough to process the packet on a 2.56 Gb/s per line (assuming a minimum length of IP data gram of 40 bytes).
Figure 2. Comparison of lookup time for four-dimensional rules
IV CONCLUSION
In this project, we propose a novel signature-based packet classification algorithm. A priori knowledge of rules is employed to construct the two-level index tables, the major structure of the packet classification engine. First, each rule is encoded as a shorter bit string with one-bit trie with bits selection. Then, all encoded rules are compressed into two-level index tables. In the proposed architecture, packet classification can be completed with two-memory access in index table and one rule comparison under a small memory requirement.
Reference
[1] Yie-tarng Chen and Ya-shing Yang “A Novel Signature-based Packet classification” GLOBELCOM2001
[2] http://Klamath.Stanford.edu/tools/PALA C/SRC Merit Inc.,
[3] http://nic.merit.edu/ipma
0 500 1000 1500 2000 2500 3000
1000 2000 4000 8000 10000 15000 20000 No. of Rule
Storage ( KB )
the proposed algorithm Hi-Cut
0 100 200 300 400 500 600
1000 2000 4000 8000 10000 15000 20000 No. of Rule
Speed ( ns / packet )
the proposed algorithm Ave. Case the proposed algorithm Worst Case Hi-Cut Ave. Case
Hi-Cut Worst Case
