1

Space-Efficient TCAM-based Classification Using Gray Coding

Anat Bremler – Barr

Interdisciplianry Center

Danny Hendler

Ben-Gurion University

Infocom paper presentation

2

Talk outline

Definitions Problem definition, prior art The Short Range Gray Encoding Algorithm Experimental results Future work

3

Packet Classification

4

Packet Classification

ACL IDACL ID Sourceaddr

Sourceaddr

Sourceport

Sourceport

Destaddr

Destaddr

Destport

Destport ProtocolProtocol ActionAction

ACL11ACL11 128.32.0.0128.32.0.0 8080 32.*.*.*32.*.*.* 8080 TCPTCP AllowAllow

ACL11ACL11 127.*.*.*127.*.*.* 34-3634-36 32.12.1.132.12.1.1 8080 UPDUPD AllowAllow

ACL11ACL11 128.32.0.0128.32.0.0 ≤ 1024≤ 1024 95.12.3.395.12.3.3 ≤ 1024≤ 1024 TCPTCP DenyDeny

ACL11ACL11 117.57.3.2117.57.3.2 5555 46.2.67.1146.2.67.11 1515 UDPUDP LogLog

ACL11ACL11 117.57.3.2117.57.3.2 136136 32.*.*.*32.*.*.* 2525 TCPTCP DenyDeny

ACL11ACL11 95.14.5.195.14.5.1 >1024>1024 32.12.1.132.12.1.1 15-1815-18 TCPTCP AllowAllow

ACL11ACL11 128.32.0.0128.32.0.0 >1024>1024 32.12.1.132.12.1.1 8080 TCPTCP LogLog

ACL database

f

header

payload

searchkey

5

Ternary content-addressable memory

0011101101010XX00X01001111XXXX

11X00X00001110X0X101000110XXXX10XX010100X0XX0100011010X01000

001110XXXXXXXXXXXXXXXXXXXXXXX

.

.

.

1110XX010X01X0010101010X0XXXXX

TCAM

• Associative memory: parallel comparisons against all entries

• Fixed-width entries

• Ternary digits: 0 / 1 / X (don’t care)

• Only first match is returned

Width of W digits

0011101101010000010100111110110

Search key

1

2

3

4

1

6

TCAM: pros, cons, usage

Pros

• High throughput

• Deterministic throughput

Cons

• Higher cost (~X30 than SRAM)

• Higher power consumption0011101101010XX00X01001111XXXX

11X00X00001110X0X101000110XXXX10XX010100X0XX0100011010X01000

001110XXXXXXXXXXXXXXXXXXXXXXX

.

.

.

1110XX010X01X0010101010X0XXXXX

1

2

3

4

TCAM

Usage

• Over 6M deployed devices (2004)

• Used in multi-gigabit systems with >10K rules

• May support 128K entries of 144- bit, 133M searches/second.

7

The problem: TCAM range representation

001110110110110000000

Match-type rule field value matching key-fieldexact

prefix

range

00111011011011000000001110110110110000000001*****************

>1024 2012

How can we efficiently represent range rules by TCAM entries?

8

Basic approach: prefix expansion

Representing [1,6]

TCAM entries:

001 ,01 ,*10 ,*110

Prefix expansion is inefficient • A range over W-bits may expand to 2W-2 entries

• For 2 range-fields, may expand to (2W-2)2

• Expansion factor of up to 6 on real-world databases !!!

010

0 1

000 001 011 100 101 110 111

[1,6]

9

Prior art: use of extra bits

0011101101010XX00X01001111XXXX

11X00X00001110X0X101000110XXXX10XX010100X0XX0100011010X01000

001110XXXXXXXXXXXXXXXXXXXXXXX

.

.

.

1110XX010X01X0010101010X0XXXXX

1

2

3

4

TCAM

XXXXX

XXXXXXXXXX

XXXXX

.

.

.

XXXXX

Extra bits(typically 36)

• Hierarchical database dependent encoding [Liu2002], [Lunteren and Engbersen2003]

• Database-Independent Range Pre-Encoding [Venkatachary,Lakshminarayanan, Rangarajan2005]

10

Prior art: database-dependent encoding

Key idea: allocate an extra bit to commonly occurring ranges.

Example

Source-port ≥ 1024

0011101101010XX00X01001111XXXX

11X00X00001110X0X101000110XXXX10XX010100X0XX0100011010X01000

001110XXXXXXXXXXXXXXXXXXXXXXX

.

.

.

1110XX010X01X0010101010X0XXXXX

1

2

3

4

TCAM

XXXXX

XXXXXXXXXX

XXXXX

.

.

.

XXXXX

Representing a rule

Set the assigned extra bit to 1

Set all other extra bits to X

11010010101XXXXXXXXXXXXXXXXXX 1

Generating the search key

If source-port within range set extra bit to 1

Otherwise set extra bit to 0

11

Prior art: database-independent range –pre-encoding (DIRPE)

Key idea: Use extra bits for independent encoding, use general ternary values rather than prefixes.

Fence encoding (w-bit words)

Range Encoding =i 02w-i-11i

≥i x2w-i-11i

<i 02w-ixi-1

[i,j] 02w-1-jXj-i1i

Fence encoding

•Expansion 1

•Requires 2w-1 bits

What if we have a smaller number of bits?

Number i is encoded by: 02w-1-i1i

12

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

W+36 bits

Key idea: Divide all (regular plus extra) bits to chunks, encode each by fence encoding

Prior art: database-independent range –pre-encoding (cont’d)

What if a smaller number of bits is available?

Chunk1 (k1 bits)

Chunk2 (k2 bits)

Chunk3 (k3 bits)

Chunk4 (k4 bits)

Range expansion increases with the number of chunks

13

An Observation: The problem is equivalent to the DNF expression minimization problem

R=[10,11]

b1b0 + b1b’0 ≈ b1

The general problem is NP-complete.

“Computing the minimum DNF representation of boolean functions defined by interval”

[Schieber, Geist, Zacks, 2005]

• A linear-time algorithm for finding minimum-size DNF expression for any range of binary-coded numbers• Worst-case expansion for binary-encoded numbers is 2W-4

Thanks to Ronny Roth for the observation and the reference to the paper

14

Talk outline

Definitions Problem definition, prior art The Short Range Gray Encoding Algorithm Experimental results Open questions

15

Our solution: Short-Range Gray Encoding (SRGE)

Hybrid-SRGE yields range-expansion of only 1.02 on real databases

Gain without pain: Range expansion reduction can be obtained without the use of extra bits by changing the encoding scheme (SRGE)

SRGE can be combined with database-dependent scheme: the Hybrid-SRGE scheme

16

Our solution: observations

1. Ranges tend to be small: typically correspond to similar-functionality ports: 161-162: snmp, snmptrap 67-68: bootps server, bootps client 2300-2400: Microsoft DirectX

2. Binary coding not optimal for small ranges

1000 01 11

Binary encoding

An example: covering [1,2]

Cover set: {01, 10}

1100 01 10

Gray encoding

Cover set: {*1}

17

000 001 011 010 110 111 101 1003-bit BRGC: 000 001 011 010 110 111 101 100

Binary Reflected Gray Code

Obviously, not `our’ Frank

Gray

Gray code: codewords for consecutive integers differ by single bit

4-bit BRGC: 0 0 0 0 0 0 0 0

100 101 111 110 010 011 001 0001 1 1 1 1 1 1 1

Transforming binary BRGC is quick

18

Binary Reflected Gray Code (cont’d)

01

01 1 0 1 1 00 1

0 10

000 001 011 010 110 111 101 100

It is exactly this reflection property that helps decrease expansion

19

The SRGE algorithm

Need to find minimum cover of ]s,e[ using gray coding.

s e

p

Find the least common ancestor p of point s and e

20

Let pl be the rightmost leaf in p’s left sub-tree

Let pr be the leftmost leaf in p’s right sub-tree

s epl pr

p

The SRGE algorithm

21

First, we handle the smaller of: ]s,pl[, ]e,pr[

s epl pr

p

The SRGE algorithm

22

prpl

Cover by prefixes the smaller range and its mirror relative to p

We still need to cover the leftover range ]s’,e[, if it is non-empty

The SRGE algorithm

s e

p

s’

23

s' e pl’ pr’

Repeat the previous procedure for the leftover: [s',e]• find their least common ancestor p’• let pl' be the rightmost leaf in the left sub-tree of p'• let pr' be the leftmost leaf in the right sub-tree of p'

p’

p

pr s

The SRGE algorithm

24

Two cases to consider: 1) |[pr', e]| > |[s', pl']|:

Cover [pr', e] by prefixes The mirror of [pr', e] (relative to p') covers [s', pl']

pr s’ pl’ pr’ e

p’

p

s

The SRGE algorithm

25pr s’ pl’ pr’ e

2) |[s', pl']|>|[pr', e']|:

Cover [pr', e] by prefixes. Cover [s', pl'] by one a single prefix, corresponding to p' left

sub-tree

p’

p

s

ql

q

The SRGE algorithm

26

Hybrid-SRGE

• For each unique range, compute total number of redundant entries under SRGE

• Deal with the most expensive ranges by using standard database-dependent encoding

27

Talk outline

Definitions Problem definition, prior art The Short Range Gray Encoding Algorithm Experimental results Future work

28

SRGE range-expansion reduction

Random ranges

29

Results on a real-life database 223K rules with 300 unique ranges Combined from collection of 126 separate databases

(firewall, acl-routers, intrusion prevention systems)

Hybrid SRGE

Acknowledgment: Cisco, David Taylor (WHSTL)

Algorithm

Expansion

1.03 1.2

Redundancy

Hybrid DIRPE 1.12 NA

Prefix expansion 2.6 NA

30

Range-length distribution

Almost 60% of the unique rangeshave length less then 20

Approx. 40% of the total number of ranges have length less then 20

31

A small number of ranges cause most expansion

32

Range expansion bounds

The worst-case expansion ratio of SRGE on w-bit words is 2w-4

The worst-case expansion ratio of any range-covering scheme on w-bit words is at least w, regardless of the encoding scheme

33

Expansion as function of bits number

2w-2

2^w-1w1

Number of bits used

Nu

mb

er o

f T

CA

M e

ntr

ies

At least W entries required – regardless of the encoding technique

SRGE worst-case expansion is 2W-4 entries

Unknown