Unformatted text preview:

CS 636 InternetworkingCS 636 InternetworkingRamana KompellaROUTER ALGORITHMICSLecture 19: Packet classification12Why Flow-aware Router? Routers require additional mechanisms: admission control, resource reservation, per-flow queueing, fair scheduling etc.ISPs want to provide differentiated services capability to distinguish and isolate traffic belonging to different flows based on negotiated service agreementsclassificationRules or policiesCS 636 Internetworking3Need for Differentiated ServicesISP1NAPE1E2ISP2ISP3ZXYService ExampleTraffic ShapingEnsure that ISP3 does not inject more than 50Mbps of total traffic on interface X, of which no more than 10Mbps is email trafficPacket FilteringDeny all traffic from ISP2 (on interface X) destined to E2Policy RoutingSend all voice-over-IP traffic arriving from E1 (on interface Y) and destined to E2 via a separate ATM networkCS 636 Internetworking4More Value-added Services Differentiated services ◦ Regard traffic from Autonomous System #33 as `platinumgrade’ Accounting and Billing◦ Treat all video traffic as highest priority and perform accounting for this type of traffic Committed Access Rate (rate limiting)◦ Rate limit WWW traffic from sub-interface#739 to 10MbpsCS 636 Internetworking5Multi-field Packet ClassificationGiven a classifier with N rules, find the action associated with the highest priority rule matching an incoming packet.Example: packet (5.168.3.32, 152.133.171.71, …, TCP)Field 1 Field 2 … Field k ActionRule 1 5.3.90/21 2.13.8.11/32 … UDP A1Rule 2 5.168.3/24 152.133/16 … TCP A2… … … … … …Rule N 5.168/16 152/8 … ANY AN6Packet Header Fields for ClassificationL3-SA L2-DAL2-SAL3-DA L3-PROTL4-PROTL4-DPL4-SPPAYLOADTransport layer header Network layer header MAC headerDirection of transmission of packetDA = Destination AddressSA = Source AddressPROT = ProtocolSP = Source portDP = Destination portL2 = layer 2 (e.g., Ethernet)L3 = layer 3 (e.g., IP)L4 = layer 4 (e.g., TCP)CS 636 Internetworking7Packet ClassificationAction------------ ------------Predicate ActionClassifier (policy database)Packet ClassificationForwarding EngineIncoming PacketHEADERCS 636 Internetworking8Packet Classification: Problem DefinitionGiven a classifier C with N rules, Rj, 1  j  N, where Rj consists of three entities: 1) A regular expression Rj[i], 1  i  d, on each of the d header fields, 2) A number, pri(Rj), indicating the priority of the rule in the classifier, and3) An action, referred to as action(Rj).For an incoming packet P with the header considered as a d-tuple of points (P1, P2, …, Pd), the d-dimensional packet classification problem is to find the rule Rm with the highest priority among all the rules Rj matching the d-tuple; i.e., pri(Rm) > pri(Rj),  j  m, 1 j  N, such that Pi matches Rj[i], 1  i  d. We call rule Rm the best matching rule for packet P.CS 636 Internetworking9Example 4D classifierRule L3-DA L3-SA L4-DP L4-PROTActionR1152.163.190.69/255.255.255.255152.163.80.11/255.255.255.255* * DenyR2152.168.3/255.255.255152.163.200.157/255.255.255.255eq www udp DenyR3152.168.3/255.255.255152.163.200.157/255.255.255.255range 20-21udp PermitR4152.168.3/255.255.255152.163.200.157/255.255.255.255eq www tcp DenyR5* * * * Deny10Example Classification ResultsPkt HdrL3-DA L3-SA L4-DP L4-PROTRule, ActionP1152.163.190.69 152.163.80.11 www tcp R1, DenyP2152.168.3.21 152.163.200.157 www udp R2, Deny11Classification is a Generalization of Lookup Classifier = routing table One-dimension (destination address) Rule = routing table entry Regular expression = prefix Action = (next-hop-address, port) Priority = prefix-lengthCS 636 Internetworking12Metrics for Classification Algorithms Speed Storage requirements Low update time Ability to handle large classifiers Flexibility in implementation Low preprocessing time Scalability in the number of header fields Flexibility in rule specificationCS 636 Internetworking13Size of Classifier? Microflow recognition: 128K-1M flows in a metro/edge router Firewall applications, 8-16K Wildcarded filters, 16-128K  Depends heavily on where your box will be deployedCS 636 Internetworking14Example ClassifierRule Destination AddressSource AddressR1 0* 10*R2 0* 01*R3 0* 1*R4 00* 1*R5 00* 11*R6 10* 1*R7 * 00*15Set-pruning Tries [Tsuchiya, Sri98]Dimension DA0001Rule DA SAR1 0* 10*R2 0* 01*R3 0* 1*R4 00* 1*R5 00* 11*R6 10* 1*R7 * 00*R7Dimension SAR2 R1 R5 R7 R2 R1R3R7R6R7R4O(N2) memoryCS 636 Internetworking16Reducing memory by backtrackingDimension DA0001Dimension SAR5 R2 R1R3R6R7R4O(NW) memoryO(W2) lookupRule DA SAR1 0* 10*R2 0* 01*R3 0* 1*R4 00* 1*R5 00* 11*R6 10* 1*R7 * 00*CS 636 Internetworking17Grid-of-Tries [Sri98]Dimension DA001Dimension SAR5 R2 R1R3R6R7R4O(NW) memoryO(2W) lookup0000Rule DA SAR1 0* 10*R2 0* 01*R3 0* 1*R4 00* 1*R5 00* 11*R6 10* 1*R7 * 00*CS 636 Internetworking18Grid-of-TriesAdvantagesGood solution for two dimensionsDisadvantagesStatic solutionNot easily extensible to more than two dimensions20K entries: 2MB, 9 memory accesses (with expansion)CS 636 Internetworking19R5Geometric Interpretation in 2DR4R3R2R1R7P2Dimension #1Dimension #2R6P1e.g. (128.16.46.23, *)e.g. (144.24/16, 64/24)CS 636 InternetworkingExtending beyond 2DCS 636 Internetworking 20 In theory number of regions defined can be much larger than number of rules Any algorithm that guarantees O(n) space for all rule sets of size n needs O(log(n)k-1) time for classification – fundamental result in computational geometry Just says– algorithmic approaches either require large amount of time or large amount of space but not bothGood news: real-life much simpler Prefix containment is rare – max 7 Few distinct port ranges Number of disjoint classification regions small (linear in N) For any given pair of source and destination IP addresses, few rules match it (<5 based on survey of real ISP rules) CS 636 Internetworking 21Next class: Extending beyond 2 dimensions..CS 636 Internetworking


View Full Document

Purdue CS 63600 - Lecture 19

Download Lecture 19
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture 19 and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 19 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?