Packet Classification using Hierarchical Intelligent Cuttings Pankaj Gupta and Nick McKeown Stanford University {pankaj, nickm}@stanford.edu Hot Interconnects VII August 18, 1999
Packet Classificationusing
Hierarchical Intelligent Cuttings
Pankaj Gupta and Nick McKeown
Stanford University{pankaj, nickm}@stanford.edu
Hot Interconnects VII August 18, 1999
Outline
Introduction and Motivation Overview of the proposed algorithm Details of the algorithm Implementation Results Conclusions
Packet Classification using Hierarchical Intelligent Cuttings
Packet Classification
Action
--------
---- ----
--------
Predicate ActionClassifier (Policy Database)
Packet Classification
Forwarding Engine
Incoming Packet
HEADER
Multi-field Packet Classification
Given a classifier with N rules, find the action associated with the highest priority rule matching an incoming packet.
Field 1 Field 2 … Field k Action
Rule 1 152.163.190.69/ 21 152.163.80.11/ 32 … UDP A1
Rule 2 152.168.3.0/ 24 152.163.0.0/ 16 … TCP A2
… … … … … …
Rule N 152.168.0.0/ 16 152.0.0.0/ 8 … ANY An
Example: A packet (152.168.3.32, 152.163.171.71, …, TCP) would have action A2 applied to it.
Performance Metrics of a Classification Algorithm
Data structure storage requirements Packet classification time Preprocessing time Incremental Update time
Previous WorkScheme Pros ConsLinear Search Good storage and
update timecharacteristics
Excessive classificationtime
Grid of Tries (V.Srinivasan et al[Sigcomm 98])
Good storagerequirements andclassification timefor two dimensions
Cannot be easily extendedto higher dimensions
Crossproducting(V. Srinivasan etal [Sigcomm 98])
Fast classificationfor multipledimensions
Large memoryrequirements. Suitable forsmall classifiers
Bit-levelParallelism (D.Stiliadis et al[Sigcomm 98])
Suitable formultiple dimensions
Large memory amount andbandwidth requirements.Hardware-optimized
Bounds from Computational Geometry
Point Location among N non-overlapping regions in k dimensions takes
either
O(log N) time with O(Nk) space,
or
O(logk-1N) time with O(N) space
Observations
No single good solution for all cases. –But real classifiers have structure.
Perhaps an algorithm can exploit this structure. –A heuristic hybrid scheme ….
Proposed Algorithm: Basic Idea
{R1, R2, R3, …, Rn}
Decision Tree
{R1, R3,R4} {R1, R2,R5} {R8, Rn}
Binth: BinThreshold = Maximum Subset Size = 3
Example 2-D Classifier
Rule Xrange Yrange
R1 0-31 0-255
R2 0-255 128-131
R3 64-71 128-255
R4 67-67 0-127
R5 64-71 0-15
R6 128-191 4-131
R7 192-192 0-255
Geometric View
0 255128
128
0
255
R4
R5
R3
R2
R6
R7
R1
(0-31,0-255)
P
Decision Tree using Hierarchical Intelligent Cuttings (HiCuts)
With each internal node v, associate: A rectangle, or a box B(v) A set of rules, CollidingRuleSet, R(v) A HiCut C(v) = (dimension d, #partitions
of B(v) across d)
HiCuts
0 255128
128
0
255
R4
R5
R3
R2
R6
R7
R1
Y
X
HiCuts
64 128
128
0
255
R4
R5
R3
R2
Y
X
HiCut Decision Tree for binth = 2
(256 * 256, X, 4)
(64*256, Y, 2)
R2R5R4
R2R1
R7R2
R6
R2R6
Packet P(65, 130)
Heuristics to exploit classifier structure
Picking a suitable dimension to hicut across.
Minimize the maximum number of rules into any one partition, OR
Maximize the entropy of the distribution of rules across the partition, OR
Maximise the different number of specifications in one dimension
Picking the suitable number of partitions (HiCuts) to be made.
Affects the space consumed and the classification time. Tuned by a parameter, spfac.
Tunable Parameters
Binth, the maximum size of the set of rules at each leaf
Spfac, a parameter which guides the partitioning process to choose the number of partitions
Implementation Results: Four dimensional real-life classifiers
40 access-lists taken from real ISP and enterprise networks
Four dimensions: (Src IP, Dst IP, L4 protocol, L4 destination port)
100-1733 rules
Number of Memory Accesses
Binth = 8, spfac = 4
Number of Rules (log scale)
Crossproducting
Size of the data structure
Binth = 8 ; spfac = 4
Spa
ce in
Kilo
Byt
es (l
og
scal
e)
Number of Rules (log scale)
Comparison with Crossproducting
Binth = 8 ; spfac = 4
Spa
ce in
Meg
aByt
es (l
og
scal
e)
Number of Rules (log scale)
Preprocessing Time
Binth = 8, spfac = 4, 333MHz P-II running Linux
Tim
e in
sec
onds
(log
sca
le)
Number of Rules (log scale)
Incremental Update Time
Binth = 8, spfac = 4 , 333MHz P-II running Linux
Tim
e in
sec
onds
(log
sca
le)
Number of Rules (log scale)
Conclusions
Exploiting the structure of classifiers is important for a good solution.
The proposed HiCut packet classification scheme seems to be of practical use.
In the paper...
Explanation of the heuristics used in building the HiCut decision tree.
Detailed implementation results. Effect of the parameters binth and spfac
on the depth and space characteristics. Available at:
http://www-cs-students.stanford.edu/~pankaj/research.html
Email: [email protected]