csci5221: router design 1 router design overview of generic router architecture input-queued...

CSci5221: Router Design 1

Router Design• Overview of Generic Router Architecture

• Input-Queued Switches (Routers)• IP Address Look-up Algorithms• Packet Classification Algorithms

Readings: Do required readings (you can skip the math in Section V and Appendix in [Mc+99]);

Also do some of the optional readings if interested

Q: Any volunteers for scribes?

CSci5221: Router Design

Routers in a Network

. .

.

. .

.


Sample Routers and SwitchesCisco 12416 Router

up to 160 Gb/s throughput

up to 10 Gb/s ports

3Com 495024 port gigabit Ethernet switch

Juniper Networks T640 Router

up to 160 Gb/s throughputup to 10 Gb/s ports


High Capacity Router• Cisco CRS-1

– up to 46 Tb/s thruput

• two rack types• line card rack

– 640 Gb/s thruput– up to 16 line cards

• up to 40 Gb/s each

– up to 72 racks

• switch rack– central switch stage– up to 8 racks

• in-service scaling


Components of a Basic Router• Input/Output Interfaces (II,

OI)– convert between optical

signals and electronic signals– extract timing from received

signals– encode (decode) data for

transmission

• Input Port Processor (IPP)– synchronize signals– determine required OI or OIs

from routing table

• Output Port Processor (OPP)– queue outgoing cells

• shared bus interconnects IPPs and OPPs

CPIPP OPP

. .

.

II OI

. .

.

routingtable

outputqueue

Control Processor (CP)» configures routing tables » coordinates end-to-end channel setup

together with neighboring routers


Generic Router Architecture

LookupIP Address

UpdateHeader

Header Processing

AddressTable

AddressTable

LookupIP Address

UpdateHeader

Header Processing

AddressTable

AddressTable

LookupIP Address

UpdateHeader

Header Processing

AddressTable

AddressTable

QueuePacket

BufferMemory

BufferMemory

QueuePacket

BufferMemory

BufferMemory

QueuePacket

BufferMemory

BufferMemory

Data Hdr

Data Hdr

Data Hdr

1

2

N

1

2

N


Switch Fabric: Three Design Approaches


Switch Fabric: First Generation Routers

• Traditional computers with switching under direct control of the CPU

• Packet copied to the system’s memory• Speed limited by the memory bandwidth (two

bus crossings per packet)

InputPort

OutputPort

Memory

System Bus


Shared Memory (1st Generation)

RouteTableCPU Buffer

Memory

LineInterface

MAC

LineInterface

MAC

LineInterface

MAC

Typically < 0.5Gbps aggregate capacityLimited by rate of shared memory

Shared Backplane

Line Interface

CPU

Memory


Switch Fabric: Switching Via a Bus

• Packet from input port memory to output port memory via a shared bus

• Bus contention: switching speed limited by bus bandwidth

• 1 Gbps bus, Cisco 1900: sufficient speed for access and enterprise routers (not regional or backbone)


Shared Bus (2nd Generation)

RouteTableCPU

LineCard

BufferMemory

LineCard

MAC

BufferMemory

LineCard

MAC

BufferMemory

FwdingCache

FwdingCache

FwdingCache

MAC

BufferMemory

Typically < 5Gb/s aggregate capacity; Limited by shared bus


Switch Fabric: Interconnection Network

• Banyan networks, other interconnection nets initially created for multiprocessors

• Advanced design: fragmenting packet into fixed length cells to send through the fabric

• Cisco 12000: switches Gbps through the interconnection network


Point-to-Point Switch (3rd Generation)

LineCard

MAC

LocalBuffer

Memory

CPUCard

LineCard

MAC

LocalBuffer

Memory

Switched Backplane

Line Interface

CPUMemory Fwding

Table

RoutingTable

FwdingTable

Typically < 50Gbps aggregate capacity


Buffer Placement: Output Port Queuing

• Buffering when the aggregate arrival rate exceeds the output line speed

• Memory must operate at very high speed


Simple model of output queued switch

Link 1, ingress Link 1, egress




Link rate, R

R

R

R

Link rate, R

R

R

R


Characteristics of an output queued (OQ) switch

• arriving packets immediately written into output queue, without intermediate buffering

• flow of packets to one output does not affect flow to another output

• OQ switch is work conserving: output line always busy when there is a packet in switch for it

• OQ switch has highest throughput, lowest average delay


Switching Speed-up Needed

LookupIP Address

UpdateHeader

Header Processing

AddressTable

AddressTable

LookupIP Address

UpdateHeader

Header Processing

AddressTable

AddressTable

LookupIP Address

UpdateHeader

Header Processing

AddressTable

AddressTable

QueuePacket

BufferMemory

BufferMemory

QueuePacket

BufferMemory

BufferMemory

QueuePacket

BufferMemory

BufferMemory

Data Hdr

Data Hdr

Data Hdr

1

2

N

1

2

N

N times line rate

N times line rate


Buffer Placement: Input Port Queuing

• Fabric slower than input ports combined– So, queuing may occur at input queues

• Head-of-the-Line (HOL) blocking– Queued packet at the front of the queue prevents

others in queue from moving forward


Simple model of input queued switch

Link 1, ingressLink 1, egress




R

R

R

R

R

R

R

R

R1Link 1

Link 2

Link 3

Link 4


Head-of-line Blocking• Packet at the head of an input queue cannot

be transferred, thus blocking the following packets (or cells – packets of fixed size)

Cannot betransferred because output buffer full

Cannot be transferred because is blocked by red packet

Output 1

Output 2

Output 3

Input 1

Input 2

Input 3


Characteristics of an input queued (IQ) switch

• arriving packets written into input queue• only one packet can be sent to output link at a

time• head-of-line blocking• IQ switch cannot keep output links fully utilized


Buffer Placement: Design Trade-offs

• Output queues– Pro: work-conserving, so maximizes throughput– Con: memory must operate at speed N*R

• Input queues– Pro: memory can operate at speed R– Con: head-of-line blocking for access to output

• Work-conserving: output line is always busy when there is a packet in the switch for it

• Head-of-line blocking: head packet in a FIFO cannot be transmitted, forcing others to wait


What is capacity of IQ: Model[optional: Karol et al Globecom’86]

•Large input-queued switch with– single FIFO at each input– packet destinations i.i.d. (independently, identically distributed), uniform across outputs– HoL blocked packets not flushed

•throughput analysis– saturated switch (i.e., always arrival at each input queue)– ball/urns model: N balls, N urns– focus on first urn

– Xt - number of balls in urn at time t

– Dt- number balls removed from all ums at end of time t

– Dt is switch thruput


Model (cont’d)• At+1 - no. balls dropped into urn 1 at t+1

• Xt+1 = (Xt-1)+ + At+1

• where

• E(Dt) = ρN where ρ is output throughput

• for large N, binomial distribution can be approximated by Poisson distribution,

kDktt

tNNk

DkAP

/11/11

ek

kAPk

t !)(


Model (cont’d)

where EA = ρ, E(A2) = ρ + ρ2

therefore

EX = 1, therefore

and ρ =2-√2 58.6%

)1(2

)(2)( 22

EA

EAEAAEEX

)1(2

2 2

EX

)1(2

21

2


0% 20% 40% 60% 80% 100%Load

Delay

A Router with Input QueuesHead of Line Blocking

The best that any queueing system can

achieve.

2 2 58%


Solution to Avoid Head-of-line Blocking

• How to improve capacity without increasing switching fabric speed ?

• Maintain at each input N virtual queues, i.e., one per output – use non-FIFO scheduler, matching input/output

Output 1

Output 2

Output 3

Input 1

Input 2

Input 3


Virtual Output Queueing• assume fixed length

packets• each input manages

separate queue per output

• at each time, matching scheduler finds best possible packets from inputs to said to outputs

• maximum-weight matching

.

.

.

.

.

.

matchingscheduler

1 1

N N


Matching• Lij(t): no. of packets at input i for output j at t

input outputAn aside: stability (of a [queueing] system):•Assuming the arrival rate is (i.e., # of arrivals per unit of time) less or equal to the system capacity•The system is stable if and only if no queue grows infinitely (under any arrival patterns) as t

• bipartite graph (V1 x V2,E), E V1xV2

– V1,V2 inputs, outputs; (i,j) E iff Lij(t) > 0

• matching: subset of E such that no two edges are adjacent

• maximal matching: no more edges can be added


Matching problems• maximum size matching

– matching with largest number of edges– when traffic uniform, provides 100% utilization– network flow problem, O(N5/2)

• maximum weight matching– add weight wij to edge from i to j

• e.g., wij: # of packets from input i to output j in the queue

– matching with highest weight

– when wij = Lij(t) provides 100% utilization

– equivalent to a network flow problem, O(N3)– MWM algorithms involve backtracking:

i.e. edges laid down in one iteration may be removed later

algorithm not amenable to pipelining


Scheduling Algorithms19

34 21

18

7

1

Not stable

Stable Not stable

PracticalMaximal Matchings Max Wt Matching

19

18

Max Size Matching

19

1

7


Switch Algorithms

Stable, low backlogsNot stable

Better performance

Easier to implement

Maximal matching Max Wt Matching

19

18

Max Size Matching

19

1

7

Not stable


Better Matching Algorithms• Need simple algorithms that perform well

– efficient packet processing packets at line speeds– high throughput– low latencies/backlogs

• Randomized algorithms with linear complexity available– Tassiulas’ Randomized Algorithm– LAURA– SERENAUse both randomization, history, problem structure and arrival

informationFor more details, see optional reading [SGP02]: “Efficient

Randomized Algorithms for Input-Queued Switch Scheduling” by Shah, Giaccone and Prabhakar, IEEE Micro Vol 22, Issue 1, Jan 2002


Combined Input-Output Queued (CIOQ) Routers

• Both input and output interfaces store packets

• Advantages– Easy to built

• Utilization 1 can be achieved with limited input/output speedup (<= 2)

• Disadvantages– Harder to design algorithms

• Two congestion points• Need to design flow control

input interface output interface

Backplane

CRO


Output Queue Emulation using CIOQ (with Speed-up)

Stable Marriage Problem -- Gale Shapely Algorithm (GSA)• As long as there is a free man m

– m proposes to highest ranked women w in his list he hasn’t proposed yet

– If w is free, m an w are engaged– If w is engaged to m’ and w prefers m to m’, w

releases m’• Otherwise m remains free

• A stable matching exists for every set of preference lists

• Complexity: worst-case O(N2)


Stable Marriage Problem• Consider N women and N men

• Each woman/man ranks each man/woman in the order of their preferences

• Stable matching, a matching with no blocking pairs

• Blocking pair; let p(i) denote the pair of i– There are matched pairs (k, p(k)) and (j, p(j)) such that

k prefers p(j) to p(k), and p(j) prefers k to j


Example

• If men propose to women, the stable matching is– 1st round: (1,2), (2,1), (3,4), (4,1) -> w1 releases m2– 2nd round: (2,4) ->w4 releases m3;– 3rd round: (3,3); – final match: (1,2), (2,4), (3,3), (4,1)

• What is the stable matching if women propose to men?

1 2 4 3 1 2 1 4 3 23 4 3 2 14 1 2 4 3

men pref. list1 1 4 3 2 2 3 1 4 23 1 2 3 44 2 1 4 3

women pref. list


OQ Emulation with a Speedup of 2

• Each input and output maintains a preference list• Input preference list: list of cells at that input

ordered in the inverse order of their arrival• Output preference list: list of all input cells to be

forwarded to that output ordered by the times they would be served in an Output Queueing schedule

• Use GSA to match inputs to outputs– Outputs initiate the matching

• Can emulate all work-conserving schedulersFor more info, see the optional reading [C+99] “Matching Output

Queueing with a Combined Input Output Queued Switch.”


Line Cards

• Interfacing – Physical link– Switching fabric

• Packet handling– Packet forwarding (FIB)– Packet filtering (ACLs)– Buffer management– Link scheduling– Rate-limiting– Packet marking– Measurement

to/from link

to/from switch

FIB

Rec

eive

Transm

it


Line Card: Abstract view

LookupIP Address

UpdateHeader

Header ProcessingData Hdr Data Hdr

AddressTable

AddressTable

IP Address Next Hop

QueuePacket

BufferMemoryBuffer

Memory


Line Cards: Longest-Prefix Match Forwarding

• Forwarding Information Base in IP routers– Maps each IP prefix to next-hop link(s)

• Destination-based forwarding– Packet has a destination address– Router identifies longest-matching prefix– Pushing complexity into forwarding decisions

4.0.0.0/84.83.128.0/1712.0.0.0/812.34.158.0/24126.255.103.0/24

12.34.158.5destination

FIB

Serial0/0.1outgoing link


Line Cards: Packet Forwarding Evolution

• Software on the router CPU– Central processor makes forwarding decision– Not scalable to large aggregate throughput

• Route cache on the line card– Maintain a small FIB cache on each line card– Store (destination, output link) mappings– Cache misses handled by the router CPU

• Full FIB on each line card– Store the entire FIB on each line card– Apply dedicated hardware for longest-prefix match


Line Cards: Packet Filtering With Access Control Lists

• “Five tuple” for access control lists (ACLs)– Source and destination IP addresses– TCP/UDP source and destination ports– Protocol (e.g., UDP vs. TCP)

Should arriving packet be allowed

in? Departing packet let out?


ACL Examples

• Filter packets based on source address– Customer access link to the service provider– Source address should fall in customer prefix

• Filter packets based on port number– Block traffic for unwanted applications– Known security vulnerabilities, peer-to-peer, …

• Block pairs of hosts from communicating– Protect access to special servers– E.g., block the dorms from the grading server


Line Cards: Mapping Traffic to Classes

• Gold traffic– All traffic to/from President’s IP address– All traffic to/from the port number for DNS

• Silver traffic– All traffic to/from academic and administrative

buildings

• Bronze traffic– All traffic on the public wireless network

• Then, schedule resources accordingly– 50% for gold, 30% for silver, and 20% for bronze


Addressing and Look-up• Flat address

– Ethernet: 48 bit MAC address

– ATM: 28 bit VPI/VCI– DS-0: timeslot location

• Limited scalability• High speed lookup

• Hierarchical address– IP

<network>.<subnet>.<host>

– Telephone: country.area.home

• Scalable• Easy lookup if boundary is

fixed– telephony

• Difficult lookup if boundary is flexible– longest prefix match for IP


Lookups Must be Fast

12540Gb/s2003

31.2510Gb/s2001

7.812.5Gb/s1999

1.94622Mb/s1997

40Byte packets (Mpkt/s)

LineYear

1. lookup mechanism must be simple, easy to implement2. memory access time long-term bottleneck


Memory Technology (2003-04)

Technology Single chip density

$/chip ($/MByte)

Access speed

Watts/chip

Networking DRAM

64 MB $30-$50($0.50-$0.75)

40-80ns 0.5-2W

SRAM 4 MB $20-$30 ($5-$8)

4-8ns 1-3W

TCAM 1 MB $200-$250($200-$250)

4-8ns 15-30W

Note: price, speed, power manufacturer and market dependent

2012

~$0.005 per Mbyte

~$0.02 per Mbyte

~$0.2 per Mbit


Lookup Mechanism is Protocol Dependent

Protocol Mechanism Techniques

MPLS, ATM, Ethernet

Exact match search

–Direct lookup–Associative lookup–Hashing–Binary/Multi-way Search Trie/Tree

IPv4, IPv6 Longest-prefix match search

-Radix trie and variants-Compressed trie-Binary search on prefix intervals


Exact Matches in Ethernet Switches

• layer-2 addresses usually 48-bits long• address global, not just local to link• range/size of address not “negotiable” • 248 > 1012, therefore cannot hold all addresses in table

and use direct lookup


Exact Matches in Ethernet Switches (Associative Lookup)

• associative memory (aka Content Addressable Memory, CAM) compares all entries in parallel against incoming data

Network address Data

AssociativeMemory(“CAM”)

Addre

ss48bitsMatch

Location

Addre

ss“Normal”Memory

Data

Port


Exact Matches in Ethernet SwitchesHashing

• use pseudo-random hash function (relatively insensitive to actual function)• bucket linearly searched (or could be binary search, etc.)• unpredictable number of memory references

HashingFunction

Memory

Addre

ss

Data

NetworkAddress

48

16, say Pointer

Memory

Addre

ss

DataList/Bucket

List of network addresses in this bucket


Exact Matches Using HashingNumber of memory references

MN )/11(11

|(2

1

21

empty) not list list of length ExpectedER

:references memory of number Expected

Where:

ER = Expected number of memory references

M - Number of memory addresses in table

N - Number of linked lists-

M/N=


Exact Matches in Ethernet SwitchesPerfect Hashing

HashingFunction

Memory

Addre

ss

Data

NetworkAddress

48

16, say Port

There always exists perfect hash function

Goal: With perfect hash function, memory lookup always takes O(1) memory references

Problem: - finding perfect hash function very complex- updates?


Exact Matches in Ethernet Switches: Hashing

• advantages:– simple– expected lookup time is small

• disadvantages– inefficient use of memory– non-deterministic lookup time

=> attractive for software-based switches, but decreasing use in hardware platforms


IP Address Lookup• routing tables contain (prefix, next hop)

pairs• address in packet compared to stored

prefixes, starting at left• prefix that matches largest number of

address bits is desired match• packet forwarded to specified next hop

01* 5110* 31011* 50001* 0

10* 7

0001 0* 10011 00* 21011 001* 31011 010* 5

0101 1* 7

0100 1100* 41011 0011* 81001 1000*100101 1001* 9

0100 110* 6

prefixnexthop

routing table

address: 1011 0010 1000

Problem - large router may have100,000 prefixes in its list


Longest Prefix Match Harder than Exact Match

• destination address of arriving packet does not carry information to determine length of longest matching prefix

• need to search space of all prefix lengths; as well as space of prefixes of given length


LPM in IPv4: exact matchUse 32 exact match algorithms

Exact matchagainst prefixes

of length 1


of length 2


of length 32

Network Address PortPriorityEncodeand pick


• prefixes “spelled” out by following path from root

• to find best prefix, spell out address in tree

• last green node marks longest matching prefix

Lookup 10111

• adding prefix easy

Address Lookup Using Tries

P1 111* H1

P2 10* H2

P3 1010* H3

P4 10101 H4

P2

P3

P4

P1

A

B

C

G

D

F

H

E

1

0

0

1 1

1

1add P5=1110*

I

0

P5

next-hop-ptr (if prefix)

left-ptr right-ptr

Trie node


Binary Tries

• W-bit prefixes: O(W) lookup, O(NW) storage and O(W) update complexity

Advantages

SimplicityExtensible to wider fields

Disadvantages

Worst case lookup slowWastage of storage space in chains


Leaf Condensing in Binary Trie

A

B

C

G

D

E

1

0

0

1

1

left-ptr or next-hop

Trie node

right-ptr or next-hop

P2

P4P3

P1

P1 111* H1

P2 10* H2

P3 1010* H3

P4 10101 H4



Leaf-pushed Binary Trie

A

B

C

G

D

E

1

0

0

1

1

left-ptr or next-hop

Trie node

right-ptr or next-hop

P2

P4P3

P2

P1P1 111* H1

P2 10* H2

P3 1010* H3

P4 10101 H4


PATRICIA

P1 111* H1

P2 10* H2

P3 1010* H3

P4 10101 H4

Bitpos 12345

• PATRICIA (practical algorithm to retrieve coded information in alphanumeric)– Eliminate internal nodes with only

one descendant– Encode bit position for determining

(right) branching – A match must be performed at the

end– May need to backtrack

• Used in the Unix BSD implementationLookup 10101

Lookup 00101

Lookup 110101

Lookup 100101

Lookup 101101

Lookup 10111

left-ptr or next-hop ptr

right-ptr or next-hop ptr


bit-position(skip count)

2A

BC

10

P3 P4

P15P21


• W-bit prefixes: O(W) lookup, O(N) storage and O(W) update complexity

Advantages

decreased storage extensible to wider fields

Disadvantages

worst case lookup slowbacktracking makes implementation complex

PATRICIA

See the URL below for a simple and clear illustration of PATRICIA for dictionary indexing and search: http://www.csse.monash.edu.au/~lloyd/tildeAlgDS/Tree/PATRICIA/


Path-compressed Trie1, _, 2

A

B C10

10,P2,4

P4

P1

1

0

E

D1010,P3,5

bit-position

left-ptr right-ptr

variable-length bitstring

next-hop (if prefix present)

Path-compressed tree node structureLookup 10111

P1 111* H1

P2 10* H2

P3 1010* H3

P4 10101 H4


• W-bit prefixes: O(W) lookup, O(N) storage and O(W) update complexity

Advantages

decreased storage

Disadvantages

worst case lookup slow

Path-compressed Trie


Multi-bit Tries

Depth = WDegree = 2Stride = 1 bit

Binary trieW

Depth = W/kDegree = 2k

Stride = k bits

Multi-ary trie

W/k


Prefix Expansion with Multi-bit Tries

If stride = k bits, prefix lengths that are not a multiple of k need to be expanded

Prefix Expanded prefixes

0* 00*, 01*

11* 11*

E.g., k = 2:

Maximum number of expanded prefixes corresponding to one non-expanded prefix = 2k-

1


4-ary Trie (k=2)

P2

P3 P12

A

B

F11


ptr00 ptr01

A four-ary trie node

P11

10

P42

H11

P41

10

10

1110

D

C

E

G

ptr10 ptr11

Lookup 10111

P1 111* H1

P2 10* H2

P3 1010* H3

P4 10101 H4


Prefix Expansion Increases Storage Consumption

• replication of next-hop ptr• greater number of unused (null) pointers in a

node

Time ~ W/kStorage ~ NW/k * 2k-1


Generalization: Different Strides at Each Trie Level

• 16-8-8 split• 4-10-10-8 split• 24-8 split• 21-3-8 split


Choice of Strides: Controlled Prefix Expansion

Given forwarding table and desired number of memory accesses in worst case (i.e., maximum tree depth, D)

A dynamic programming algorithm to compute optimal sequence of strides that minimizes storage requirements: runs in O(W2D) time

Advantages

Optimal storage under these constraints

Disadvantages

Updates lead to sub-optimality anywayHardware implementation difficult


More Fast IP Address Lookup Algorithms

• Binary Search on Levels [Waldvogel et al, SIGCOMM 1997]– Represent look-up tree as array of hash tables– Notion of “marker” to guide binary search– Prefix expansion to reduce size of array (thus memory

accesses)

• Lulea’s Algorithm [Lulea et al SIGCOMM 1997]– Key goal: compactly represent routing table in small

memory (hopefully, within cache size), to minimize memory access

– Use a three-level data structure• Cut the look-up tree at level 16 and level 24

– Clever ways to design compact data structures to represent routing look-up info at each level

• Other methods …


Packet Classification•general router mechanism

– firewalls– network address translation– web server load balancing– special processing for selected flows

•common form of based on 5 IP header fields– source/dest. addr. – either/both specified by prefixes– protocol field - may be “wild-card”– source/dest. port #s (TCP/UDP) - may be port ranges

•no ideal design– exhaustive search - slow links, few filters– ternary content-addressable memory – exhaustive

search– efficient special cases - exact match, one or two address

prefixes


Packet Classification

Packet Classification: find action associated with highest priority rule matching incoming packet header

Field 1 Field 2 … Field k Action

Rule 1 5.3.40.0/21 2.13.8.11/32 … UDP A1

Rule 2 5.168.3.0/24 152.133.0.0/16

… TCP A2

… … … … … …

Rule N 5.168.0.0/16 152.0.0.0/8 … ANY AN

Example: packet (5.168.3.32, 152.133.171.71, …, TCP)

L3-DA L3-SA L4-PROT


Formal Problem Definition

Given classifier C with N rules, Rj, 1 j N, where Rj consists of three entities:

• a regular expression Rj[i], 1 i d, on each of the d header fields,

• a number, pri(Rj), indicating the priority of the rule in the classifier, and

• an action, referred to as action(Rj). For incoming packet P with header considered as d-tuple of points (P1, P2, …, Pd), the d-dimensional packet classification problem is to find rule Rm with highest priority among all rules Rj matching d-tuple; i.e., pri(Rm) > pri(Rj), j m, 1 j N, such that Pi matches Rj[i], 1 i d. Rule Rm is best matching rule for packet P.


Routing Lookup: Instance of 1D Classification

• one-dimension (destination address)• forwarding table classifier• routing table entry rule• outgoing interface action• prefix-length priority


Example 4D ClassifierRule L3-DA L3-SA L4-DP L3-PROT Action

R1 152.163.190.69/255.255.255.255

152.163.80.11/255.255.255.255

* * Deny

R2 152.168.3/255.255.255

152.163.200.157/255.255.255.255

eq www udp Deny

R3 152.168.3/255.255.255

152.163.200.157/255.255.255.255

range 20-21 udp Permit

R4 152.168.3/255.255.255

152.163.200.157/255.255.255.255

eq www tcp Deny

R5 * * * * Deny


Example Classification Results

Pkt Hdr

L3-DA L3-SA L4-DP L3-PROT Rule, Action

P1 152.163.190.69 152.163.80.11 www tcp R1, Deny

P2 152.168.3.21 152.163.200.157 www udp R2, Deny


Geometric Interpretation

R5 R4

R3

R1R2

R7

Dimension 1

Dim

ensi

on 2

R6

e.g. (128.16.46.23, *)

e.g. (144.24/24, 64/16)

P2 P1

Packet classification problem: Find the highest priority rectangle containing an incoming point


Linear Search

• keep rules in a linked list• O(N) storage, O(N) lookup time, O(1) update

complexity


Ternary Match Operation• Each TCAM entry stores a value, V, and mask, M• Hence, two bits (Vi and Mi) for each bit position i (i=1..W)• For an incoming packet header, H = {Hi}, the TCAM entry outputsa match if Hi matches Vi in each bit position for which Mi equals ‘1’.

Vi Mi Match in bit position i ?

X 0 Yes

0 1 iff (Hi==0)

1 1 iff (Hi==1)


Lookups/Classification with Ternary CAM

Memory array Priority

encoder

Action MemoryPacket

HeaderAction

TCAM RAM

01

2

3

M

0

1

0

0

1

1.23.11.3, tcp

1.23.x.x, x


Lookups/Classification with Ternary CAM

Memory array Priority

encoder

Action MemoryPacket

HeaderAction

TCAM RAM

01

2

3

M

0

1

0

0

1

1.23.11.3

1.23.x.x

P32

P31

P8

For LPM


Range-to-prefix Blowup

• prefixes easier to handle than ranges• can transform ranges to prefixes

Range-to-prefix blowup problem


Maximal Prefixes

0011, 01**, 10**

001*, 01**

01**, 10**

01**

0001, 001*, 01**, 10**, 110*, 1110

Range-to-prefix Blowup

Rule Range

R1 [3,11]

R2 [2,7]

R3 [4,11]

R4 [4,7]

R5 [1,14]

Maximum memory blowup = factor of (2W-2)d

Luckily, real-life does not see too many arbitrary ranges.


TCAMsAdvantages

extensible to multiple fieldsfast: 10-16 ns today (66-100 M searches per second) going to 250 Mspssimple to understand and use

Disadvantages

inflexible: range-to-prefix blowuphigh power, cost: low density, largest available in 2003-4 is ~2MB, i.e., 128K x 128 (can be cascaded)


Example Classifier

Rule Destination Address

Source Address

R1 0* 10*

R2 0* 01*

R3 0* 1*

R4 00* 1*

R5 00* 11*

R6 10* 1*

R7 * 00*


Hierarchical Tries

O(NW) memoryO(W2) lookup

Rule DA SA

R1 0* 10*

R2 0* 01*

R3 0* 1*

R4 00* 1*

R5 00* 11*

R6 10* 1*

R7 * 00*

Dimension SAR5 R2 R1

R3R6

R7

R4

Dimension DA

Search (000,010)


Set-pruning Tries

Rule DA SA

R1 0* 10*

R2 0* 01*

R3 0* 1*

R4 00* 1*

R5 00* 11*

R6 10* 1*

R7 * 00*

Dimension SA

O(N2) memoryO(2W) lookup

Dimension DA

R7 R2 R1 R5 R7 R2 R1

R3

R7

R6R4

Search (000,010)

R3

R3


Grid-of-Tries

O(NW) memoryO(2W) lookup

Rule DA SA

R1 0* 10*

R2 0* 01*

R3 0* 1*

R4 00* 1*

R5 00* 11*

R6 10* 1*

R7 * 00*

Dimension DA

Dimension SAR5 R2 R1

R3R6

R7

R4

Search (000,010)

switchpointers

R3

R3


Grid-of-Tries

Advantages

good solution for two dimensions

Disadvantages

difficult to carry updatenot easily extensible to more than two dimensions

20K 2D rules: 2MB, 9 memory accesses (with prefix-expansion)


Classification Algorithms: Speed vs. Storage Tradeoff

O(log N) time with O(Nd) storage, orO(logd-1N) time with O(N) storage

Lower bounds for Point Location in N regions with d dimensions from Computational Geometry

N = 100, d = 4, Nd = 100 MBytes and logd-1N = 350 memory accesses


Packet Classification Summary

• Algorithms discussed so far– good for two fields, doesn’t scale to more than two fields,

OR– good for very small classifiers (< 50 rules) only, OR– have non-deterministic classification time, etc.

• Heuristic-Based Algorithms– Recursive Flow Classification (RFC)

• Exploit structure of classifiers, recursively reduce rule space– Hierarchical Intelligent Cuttings (HiCuts)

• Use heuristics to reduce d-dim search space into sub-spaces– Tuple Space Search

• decompose query into a number of exact match queries• store rules into hash table


Example of Packet Flow in RFC


Geometric Interpretation

R5 R4

R3

R1R2

R7

Dimension 1

Dim

ensi

on 2

R6

e.g. (128.16.46.23, *)

e.g. (144.24/24, 64/16)

P2 P1

Packet classification problem: Find the highest priority rectangle containing an incoming point


RFC Example• Four fields six chunks

– Source and destination IP addresses two chuncks each– Protocol number one chunck– Destination port number one chunck


Lookup: What’s Used Out There?

• overwhelming majority of routers:– modifications of multi-bit tries (h/w optimized trie

algorithms)– DRAM (sometimes SRAM) based, large number of

routes (>0.25M)– parallelism required for speed/storage becomes an

issue

• others mostly TCAM based– for smaller number of routes (256K)– used more frequently in L2/L3 switches– power and cost main bottlenecks


Classification: What’s Used Out There?

• majority of hardware platforms: TCAMs– High performance, cost, power, deterministic worst-case

• some others: Modifications of RFC– Low speed, low cost DRAM-based, heuristic– Works well in software platforms

• some others: nothing/linear search/simulated-parallel-search etc.

csci5221: router design 1 router design overview of generic router architecture input-queued...

Documents

router designcsci5221

router designcomponents

router designrouters

design approachescsci5221

multiprocessorsadvanced

switch fabric

gbs throughputup

gbs eachup