Applied Research Laboratory Edward W. Spitznagel 24 October 20151 Packet Classification using Extended TCAMs Edward W. Spitznagel, Jonathan S. Turner,

Applied Research LaboratoryApplied Research LaboratoryEdward W. SpitznagelEdward W. Spitznagel

April 20, 2023 1

Packet Classification usingExtended TCAMs

Edward W. Spitznagel, Jonathan S. Turner, David E. Taylor

Supported by NSF ANI-9813723, DARPA N660001-01-1-8930


April 20, 2023 2

Packet Classification Problem• Suppose you are a firewall, or QoS router, or network monitor ...

• You are given a list of rules (filters) to determine how to process incoming packets, based on the packet header fields– Some fields in the rules are specified with bit masks; others with ranges

• Goal: when a packet arrives, find the first rule that matches the packet’s header fields

SourceAddress

DestinationAddress

FilterSource

PortDestination

PortProtocol

11xx 01xxa 2-4 0-15 TCP

01xx 0010b 3-15 3-15 UDP

0101 xxxxc 3 * *

1101 101xd - - ICMP

Action

fwd 7

fwd 2

deny

fwd 5


April 20, 2023 3

Packet Classification Problem

• Example: packet arrives with header (0101, 0010, 3, 5, UDP)– classification result: filter b is matched

– filter c also matches, but, b occurs before c in the list

• Easy to do when we have only a few rules; very difficult when we have 100,000 rules and packets arrive at 40 Gb/s

SourceAddress

DestinationAddress

FilterSource

PortDestination

PortProtocol

11xx 01xxa 2-4 0-15 TCP

01xx 0010b 3-15 3-15 UDP

0101 xxxxc 3 * *

1101 101xd - - ICMP

Action

fwd 7

fwd 2

deny

fwd 5


April 20, 2023 4

Geometric Representation• Filters with K fields can

be represented geometrically in K dimensions

• Example:

2 640

2

6

4

0

Source Address

Sou

rce

Por

t

Source Address Source PortFilter

xxx 2-3a

010 0-7b

xx1 7c

a

b

c c c c


April 20, 2023 5

Related Work

• TCAM-based parallel classification– CoolCAMs (Narlikar, Basu, Zane) for IP lookup

• SRAM-based sequential classification– Recursive Flow Classification (Gupta, McKeown)

– HiCuts (Gupta, McKeown)

– Extended Grid of Tries (Baboescu, Singh, Varghese)

– HyperCuts (Singh, Baboescu, Varghese, Wang)

• SRAM: 6 transistors per bit (vs. 16 for TCAM), but the SRAM approaches use more bits per filter


April 20, 2023 6

• Most popular practical approach to high-performance packet classification

• Hardware compares query word (packet header) to all stored words (filters) in parallel– each bit of a stored word can be 0, 1, or X (don’t care)

• Very fast, but not without drawbacks:– High power consumption limits scalability

– inefficient representation of ranges

Ternary CAMs


April 20, 2023 7

SourceAddress

DestinationAddress

Filter

11xx xxxxa

0xxx 01xxb

xxxx 0110c

11100110

11100110

11100110

11100110Query:

Match!

Doesn’t Match

Match!

Entry 0 (filter a) is thefirst matching filter

1110 0110Packet:Src. Addr. Dest. Addr.

ContentsAddress

11xxxxxx0

0xxx01xx1

xxxx01102

TCAM

Ternary CAM - Example


April 20, 2023 8

Range Matching in TCAMs

• Convert ranges intosets of prefixes– 1-4 becomes 001, 01*, and 100

– 3-5 becomes 011 and 10*

2 640

2

6

4

0

Source Port

Des

tina

tion

Por

t

F

Source Port Destination PortFilter

1-4 3-5F


April 20, 2023 9

Range Matching in TCAMs

• With two 16-bit range fields,a single rule could require upto 900 TCAM entries!

• Typical case: entire filter setexpands by a factor of 2 to 6

2 640

2

6

4

0

Source Port

Des

tina

tion

Por

t

b c

e f

a

d

Source Port Destination PortFilter

001 10*a

01* 10*b

100 10*c

001 011d

01* 011e

100 011f


April 20, 2023 10

Extended TCAMs

• Extend standard TCAM architecture to enable classification with larger rulesets

• Partitioned TCAM, for reduced power– inspired by CoolCAMs– differences in indexing, search and partitioning

algorithms

• Support range matching directly in hardware


April 20, 2023 11

Use of Partitioned TCAM

• Main component of power use in TCAM search is proportional to number of entries searched

• Partitioning the TCAM:– divide TCAM into blocks of entries– each block is enabled for search via an associated

index filter


April 20, 2023 12

Use of Partitioned TCAM• Example: suppose we are given

the following filters:

0-15, 0xxx0-6, 1xxx

7-15, 1xxx0-15, xxxx

1-13, 001x2-3, 00xx

11-14, 011x12-12, 01xx

0-5, 11101-2, 11xx

7-7, 110x13-14, 11xx11-15, 111x

9-10, xxxx0-14, 1010

index filters:

filter blocks:

a. 1-13, 001xb. 2-3, 00xxc. 9-10, xxx1d. 11-14, 011xe. 12-13, 0xxxf. 0-14, 1010g. 7-7, 110xh. 0-5, 1110i. 1-2, 1x1xj. 13-14, 11xxk. 11-15, 111x

A real Extended TCAM would have more blocks, and more filters per block.


April 20, 2023 13


• Example: classify packet with header values (2, 1010)– index block: second and

fourth filters match

– search second and fourthfilter blocks

– find matching filters(1-2, 1x1x) and (0-14, 1010)

0-15, 0xxx0-6, 1xxx

7-15, 1xxx0-15, xxxx

1-13, 001x2-3, 00xx

11-14, 011x12-12, 01xx

0-5, 11101-2, 11xx

7-7, 110x13-14, 11xx11-15, 111x

9-10, xxxx0-14, 1010

index filters:

filter blocks:


April 20, 2023 14


• The key to minimizing power consumption:

Organize filters so that only a few TCAM blocks must be searched to find the filters matching a packet.

– Use a filter grouping algorithm

0-15, 0xxx0-6, 1xxx

7-15, 1xxx0-15, xxxx

1-13, 001x2-3, 00xx

11-14, 011x12-12, 01xx

0-5, 11101-2, 11xx

7-7, 110x13-14, 11xx11-15, 111x

9-10, xxxx0-14, 1010

index filters:

filter blocks:


April 20, 2023 15122 14108640

12

2

14

10

8

6

4

0

f

c

a. 1-13, 001xb. 2-3, 00xxc. 9-10, xxxxd. 11-14, 011xe. 12-13, 0xxxf. 0-14, 1010g. 7-7, 110xh. 0-5, 1110i. 1-2, 11xxj. 13-14, 11xxk. 11-15, 111x

a

b

d

e

h

i g

k

j

0-15, 0xxxIndex entry filters a, b, d, e

April 20, 2023 15


April 20, 2023 16122 14108640

12

2

14

10

8

6

4

0

f

c


g

k

j


0-6, 1xxx h, i

h

i

April 20, 2023 16


April 20, 2023 17122 14108640

12

2

14

10

8

6

4

0

f

c


g

k

j


0-6, 1xxx h, i

7-15, 1xxx g, j, k

April 20, 2023 17


April 20, 2023 18122 14108640

12

2

14

10

8

6

4

0


0-6, 1xxx

7-15, 1xxx


h, i

g, j, k

0-15, xxxx c, f

Next phase:

f

c

April 20, 2023 18


April 20, 2023 19122 14108640

12

2

14

10

8

6

4

0


0-6, 1xxx

7-15, 1xxx


h, i

g, j, k

0-15, xxxx c, f

Next phase:

April 20, 2023 19


April 20, 2023 20

Creating a set of partitions

• At most k filters per region (k = block size)• Regions within the same partition do not overlap• Total number of regions equals the index size


April 20, 2023 21

Range Matching

• Store a pair of values (lo , hi ) for each range match field

• Range check circuitry compares query values against lo and hi to determine if query is in range– Transistors per bit of range field is twice that of ordinary TCAM

– But, for typical IPv4 applications, this results in just a 22% increase in overall transistor count


April 20, 2023 22

Performance Metrics

• Power Fraction =

– a measure of power usage, relative to a standard TCAM

– smaller is better

• Storage Efficiency =

– higher is better; 1 is optimal

index size + (# of partitions)(block size)

number of filters

number of filters

index size + (# of blocks)(block size)


April 20, 2023 23

0

0.05

0.1

0.15

0.2

0.25

0.3

1000 10000 100000

Number of Filters

Po

wer

Fra

ctio

n

Different Block Sizes

Block size=256

Block size=64

Block size =32

Block size=16

Block size=128


April 20, 2023 24

0

0.05

0.1

0.15

0.2

2000 4000 8000 16000 32000 64000 128000

# Filters

Po

wer

Fra

ctio

nResults: Power Fraction

Block size = 32 Block size = 64 Block size = 128Block

size = 256

Basic Algorithm

Refined


April 20, 2023 25

Results: Storage Efficiency

0

0.2

0.4

0.6

0.8

1

1.2

2000 4000 8000 16000 32000 64000 128000

# Filters

Sto

rag

e E

ffic

ien

cy

Block size = 32 Block size = 64 Block size = 128Block

size = 256

Basic Algorithm Refined


April 20, 2023 26

Current/Future Work

• Computational complexity of filter grouping problem

• Filter updates (add/delete operations)

• Multi-level indices

• Different partitioning algorithms

• Application to SRAM/DRAM-based classification techniques


April 20, 2023 27

Summary

• Packet Classification is important for many advanced network services

• TCAMs scale poorly due to power consumption and inefficient range match representations

• Extended TCAMs: solve these issues by using partitioned TCAM and hardware support for range matching– power consumption greatly reduced (typically to 5% or less of power used

by a standard TCAM)

– range match hardware: avoid inefficiency in representing ranges


April 20, 2023 28

Questions?

?

Applied Research Laboratory Edward W. Spitznagel 24 October 20151 Packet Classification using Extended TCAMs Edward W. Spitznagel, Jonathan S. Turner,

Documents