Packet Classification Algorithms

This paper deals with packet classification in computer networks. Classification is the key task in many networking devices, most notably packet filters – firewalls. This paper therefore concerns the area of computer security. The paper is focused on high-speed networks with the bandwidth of 100Gb/s and beyond. General-purpose processors cannot be used in such cases, because their performance is not sufficient. Therefore, specialized hardware is used, mainly ASICs and FPGAs. Many packet classification algorithms designed for hardware implementation were presented, yet these approaches are not ready for very high-speed networks. This paper addresses the design of new high-speed packet classification algorithms, targeted for the implementation in dedicated hardware. The algorithm that decomposes the problem into several easier sub-problems is proposed. The first subproblem is the longest prefix match (LPM) operation, which is used also in IP packet routing. As the LPM algorithms with sufficient speed have already been published, they can be used in out context. The following subproblem is mapping the prefixes to the rule numbers. This is where the paper brings innovation by using a specifically constructed hash function. This hash function allows the mapping to be done in constant time and requires only one memory with narrow data bus. The algorithm throughput can be determined analytically and is independent on the number of rules or the network traffic characteristics. With the use of available parts the throughput of 266 million packets per second can be achieved. Additional three algorithms (PFCA, PCCA, MSPCCA) that follow in this paper are designed to lower the memory requirements of the first one without compromising the speed. The second algorithm lowers the memory size by 11% to 96%, depending on the rule set. The disadvantage of low stability is removed by the third algorithm, which reduces ∗Recommended by thesis supervisor: Prof. Václav Dvořák. Defended at Faculty of Information Technology, Brno University of Technology on September 17, 2012. c ⃝ Copyright 2012. All rights reserved. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies show this notice on the first page or initial screen of a display along with the full citation. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works requires prior specific permission and/or a fee. Permissions may be requested from STU Press, Vazovova 5, 811 07 Bratislava, Slovakia. Puš, V. Packet Classification Algorithms. Information Sciences and Technologies Bulletin of the ACM Slovakia, Vol. 4, No. 4 (2012) 31-41 the memory requirements by 31% to 84%, compared to the first one. The fourth algorithm combines the third one with the older approach and thanks to the use of several techniques lowers the memory requirements by 73% to 99%.