research-article

Packet classification using binary content addressable memory

Authors:

Chad R. Meiners,

Eric TorngAuthors Info & Claims

IEEE/ACM Transactions on Networking (TON), Volume 24, Issue 3

Pages 1295 - 1307

https://doi.org/10.1109/TNET.2016.2533613

Published: 01 June 2016 Publication History

Abstract

Packet classification is the core mechanism that enables many networking devices. Although using ternary content addressable memory (TCAM) to perform high-speed packet classification has become the widely adopted solution, TCAM is very expensive, has limited capacity, consumes large amounts of power, and generates tremendous amounts of heat because of their extremely dense and parallel circuitry. In this paper, we propose the first packet classification scheme that uses binary CAM (BCAM). BCAM is similar to TCAM except that in BCAM, every bit has only two possible states: 0 or 1; in contrast, in TCAM, every bit has three possible states: 0, 1, or * (don't care). Because of the high complexity in implementing the extra "don't care" state, TCAM has much higher circuit density than BCAM. As the power consumption, heat generation, and price grow non-linearly with circuit density, BCAM consumes much less power, generates much less heat, and costs much less money than TCAM. Our BCAM-based packet classification scheme is built on two key ideas. First, we break a multi-dimensional lookup into a series of 1-D lookups. Second, for each 1-D lookup, we convert the ternary matching problem into a binary string exact matching problem. To speed up the lookup process, we propose a number of optimization techniques, including skip lists, free expansion, minimizing maximum lookup time, minimizing average lookup time, and lookup short circuiting. We evaluated our BCAM scheme on 17 real-life packet classifiers. On these classifiers, our BCAM scheme requires roughly five times fewer CAM bits than the traditional TCAM-based scheme. The penalty is a throughput that is roughly four times less.

References

[1]

K. Lakshminarayanan, A. Rangarajan, and S. Venkatachary, "Algorithms for advanced packet classification with ternary CAMs," in Proc. ACM SIGCOMM, Aug. 2005, pp. 193--204.

Digital Library

[2]

Cypress Semiconductor Corp. Content Addressable Memory, accessed on Apr. 4, 2016. {Online}. Available: http://www.cypress.com/

[3]

K. Pagiamtzis and A. Sheikholeslami, "Content-addressable memory (CAM) circuits and architectures: A tutorial and survey," IEEE J. Solid-State Circuits, vol. 41, no. 3, pp. 712--727, Mar. 2006.

[4]

A. X. Liu, C. R. Meiners, and E. Torng, "TCAM Razor: A systematic approach towards minimizing packet classifiers in TCAMs," IEEE/ACM Trans. Netw., vol. 18, no. 2, pp. 490--500, Apr. 2010.

Digital Library

[5]

J. Daly, A. X. Liu, and E. Torng, "A difference resolution approach to compressing access control lists," in Proc. 32nd Annu. IEEE Conf. Comput. Commun. (INFOCOM), Turin, Italy, Apr. 2013, pp. 2040--2048.

[6]

E. Norige, A. X. Liu, and E. Torng, "A ternary unification framework for optimizing TCAM-based packet classification systems," in Proc. 9th ACM/IEEE Symp. Archit. Netw. Commun. Syst. (ANCS), San Jose, CA, USA, Oct. 2013, pp. 95--104.

Digital Library

[7]

C. R. Meiners, A. X. Liu, and E. Torng, "Bit weaving: A non-prefix approach to compressing packet classifiers in TCAMs," IEEE/ACM Trans. Netw., vol. 20, no. 2, pp. 488--500, Apr. 2012.

Digital Library

[8]

C. R. Meiners, A. X. Liu, and E. Torng, "Bit weaving: A non-prefix approach to compressing packet classifiers in TCAMs," in Proc. 17th IEEE Conf. Netw. Protocols (ICNP), Oct. 2009, pp. 93--102.

Digital Library

[9]

A. X. Liu, C. R. Meiners, and Y. Zhou, "All-match based complete redundancy removal for packet classifiers in TCAMs," in Proc. 27th Annu. IEEE Conf. Comput. Commun. (INFOCOM), Apr. 2008, pp. 574--582.

[10]

A. X. Liu and M. G. Gouda, "Complete redundancy removal for packet classifiers in TCAMs," IEEE Trans. Parallel Distrib. Syst., vol. 21, no. 4, pp. 424--137, Apr. 2010.

Digital Library

[11]

A. X. Liu and M. G. Gouda, "Complete redundancy detection in firewalls," in Proc. 19th Annu. IFIP Conf. Data Appl. Secur, Lecture Notes Comput. Sci. (LNCS), vol. 3654. Aug. 2005, pp. 196--209.

Digital Library

[12]

C. R. Meiners, A. X. Liu, and E. Torng, "TCAM Razor: A systematic approach towards minimizing packet classifiers in TCAMs," in Proc. 15th IEEE Conf. Netw. Protocols (ICNP), Oct. 2007, pp. 266--275.

[13]

C. R. Meiners, A. X. Liu, E. Torng, and J. Patel, "SPliT: Optimizing space, power, and throughput for TCAM-based classification," in Proc. ACM/IEEE Symp. Archit. Netw. Commun. Syst. (ANCS), Oct. 2011, pp. 200--210.

Digital Library

[14]

A. X. Liu, E. Torng, and C. R. Meiners, "Firewall compressor: An algorithm for minimizing firewall policies," in Proc. 27th Annu. IEEE Conf. Comput. Commun. (INFOCOM), Apr. 2008, pp. 691--699.

[15]

R. P. Draves, C. King, S. Venkatachary, and B. D. Zill, "Constructing optimal IP routing tables," in Proc. IEEE INFOCOM, Mar. 1999, pp. 88--97.

[16]

S. Suri, T. Sandholm, and P. Warkhede, "Compressing two-dimensional routing tables," Algorithmica, vol. 35, no. 4, pp. 287--300, Apr. 2003.

[17]

Q. Dong, S. Banerjee, J. Wang, D. Agrawal, and A. Shukla, "Packet classifiers in ternary CAMs can be smaller," in Proc. ACM SIGMETRICS, 2006, pp. 311--322.

Digital Library

[18]

D. A. Applegate et al., "Compressing rectilinear pictures and minimizing access control lists," in Proc. ACM-SIAM Symp. Discrete Algorithms (SODA), Jan. 2007, pp. 1066--1075.

Digital Library

[19]

O. Rottenstreich, R. Cohen, D. Raz, and I. Keslassy, "Exact worst case TCAM rule expansion," IEEE Trans. Comput., vol. 62, no. 6, pp. 1127--1140, Jun. 2013.

Digital Library

[20]

O. Rottenstreich, I. Keslassy, A. Hassidim, H. Kaplan, and E. Porat, "On finding an optimal TCAM encoding scheme for packet classification," in Proc. IEEE INFOCOM, Turin, Italy, Apr. 2013, pp. 2049--2057.

[21]

C. R. Meiners, A. X. Liu, and E. Torng, "Topological transformation approaches to TCAM-based packet classification," IEEE/ACM Trans. Netw., vol. 19, no. 1, pp. 237--250, Feb. 2010.

Digital Library

[22]

C. R. Meiners, A. X. Liu, and E. Torng, "Topological transformation approaches to optimizing TCAM-based packet classification systems," in Proc. ACM Int. Conf. Meas. Modeling Comput. Syst. (SIGMETRICS), Jun. 2009, pp. 73--84.

Digital Library

[23]

H. Liu, "Efficient mapping of range classifier into ternary-CAM," in Proc. 10th Symp. High Perform. Interconnects, 2002, pp. 95--100.

Digital Library

[24]

J. van Lunteren and T. Engbersen, "Fast and scalable packet classification," IEEE J. Sel. Areas Commun., vol. 21, no. 4, pp. 560--571, May 2003.

Digital Library

[25]

A. Bremler-Barr and D. Hendler, "Space-efficient TCAM-based classification using gray coding," in Proc. 26th Annu. IEEE Conf. Comput. Commun. (INFOCOM), May 2007, pp. 1388--1396.

Digital Library

[26]

D. Pao, Y. K. Li, and P. Zhou, "An encoding scheme for TCAM-based packet classification," in Proc. 8th IEEE Int. Conf. Adv. Commun. Technol. (ICACT), Feb. 2006, pp. 469--175.

[27]

K. Zheng, H. Che, Z. Wang, B. Liu, and X. Zhang, "DPPC-RE: TCAM-based distributed parallel packet classification with range encoding," IEEE Trans. Comput, vol. 55, no. 8, pp. 947--961, Aug. 2006.

Digital Library

[28]

H. Che, Z. Wang, K. Zheng, and B. Liu, "DRES: Dynamic range encoding scheme for TCAM coprocessors," IEEE Trans. Comput., vol. 57, no. 7, pp. 902--915, Jul. 2008.

Digital Library

[29]

Z. Cai, Z. Wang, K. Zheng, and J. Cao, "A distributed TCAM coprocessor architecture for integrated longest prefix matching, policy filtering, and content filtering," IEEE Trans. Comput., vol. 62, no. 3, pp. 417--427, Mar. 2013.

Digital Library

[30]

E. Spitznagel, D. Taylor, and J. Turner, "Packet classification using extended TCAMs," in Proc. 11th IEEE Int. Conf. Netw. Protocols (ICNP), Nov. 2003, pp. 120--131.

Digital Library

[31]

Z. Xia, X. Wang, X. Sun, and Q. Wang, "A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data," IEEE Trans. Parallel Distrib. Syst., vol. 27, no. 2, pp. 340--352, Feb. 2015.

Digital Library

[32]

Z. Pan, Y. Zhang, and S. Kwong, "Efficient motion and disparity estimation optimization for low complexity multiview video coding," IEEE Trans. Broadcast, vol. 61, no. 2, pp. 166--176, Jun. 2015.

[33]

S. Xie and Y. Wang, "Construction of tree network with limited delivery latency in homogeneous wireless sensor networks," Wireless Pers. Commun., vol. 78, no. 1, pp. 231--246, 2014.

Digital Library

[34]

J. Shen, H. Tan, J. Wang, J. Wang, and S. Lee, "A novel routing protocol providing good transmission reliability in underwater sensor networks," J. Internet Technol, vol. 16, no. 1, pp. 171--178, 2015.

[35]

B. Chen et al., "Color image analysis by quaternion-type moments," J. Math. Imag. Vis., vol. 51, no. 1, pp. 124--144, 2015.

Digital Library

[36]

Z. Fu, X. Sun, Q. Liu, L. Zhou, and J. Shu, "Achieving efficient cloud search services: Multi-keyword ranked search over encrypted cloud data supporting parallel computing," IEICE Trans. Commun., vol. E98-B, no. 1, pp. 190--200, 2015.

[37]

B. Gu, V. S. Sheng, K. Y Tay, W Romano, and S. Li, "Incremental support vector learning for ordinal regression," IEEE Trans. Neural Netw. Learn. Syst., vol. 26, no. 7, pp. 1403--1416, Jul. 2015.

[38]

J. Li, X. Li, B. Yang, and X. Sun, "Segmentation-based image copy-move forgery detection scheme," IEEE Trans. Inf. Forensics Security, vol. 10, no. 3, pp. 507--518, Mar. 2015.

Digital Library

[39]

B. Gu et al., "Incremental learning for v-support vector regression," Neural Netw., vol. 67, pp. 140--150, Jul. 2015.

Digital Library

[40]

Y. Ren, J. Shen, J. Wang, J. Han, and S. Lee, "Mutual verifiable provable data auditing in public cloud storage," J. Internet Technol., vol. 16, no. 2, pp. 317--323, 2015.

[41]

Y. Zheng, B. Jeon, D. Xu, Q. M. J. Wu, and H. Zhang, "Image segmentation by generalized hierarchical fuzzy C-means algorithm," J. Intell. Fuzzy Syst., vol. 28, no. 2, pp. 961--973, 2015.

Digital Library

[42]

Z. Xia, X. Wang, X. Sun, and B. Wang, "Steganalysis of least significant bit matching using multi-order differences," Secur. Commun. Netw., vol. 7, no. 8, pp. 1283--1291, Aug. 2014.

Digital Library

[43]

Z. Xia, X. Wang, X. Sun, Q. Liu, and N. Xiong, "Steganalysis of LSB matching using differences between nonadjacent pixels," Multimedia Tools Appl, vol. 75, no. 4, pp. 1947--1962, Feb. 2016.

Digital Library

[44]

X. Wen, L. Shao, Y. Xue, and W. Fang, "A rapid learning algorithm for vehicle classification," Inf. Sci., vol. 295, no. 1, pp. 395--406, Feb. 2015.

Digital Library

[45]

P. Guo, J. Wang, X. H. Geng, C. S. Kim, and J.-U. Kim, "A variable threshold-value authentication architecture for wireless mesh networks," J. Internet Technol, vol. 15, no. 6, pp. 929--936, 2014.

[46]

Y Cai, F Yu, C. Liang, B. Sun, and Q. Yan, "Software defined device-to-device (D2D) communications in virtual wireless networks with imperfect network state information (NSI)," IEEE Trans. Veh. Technol., in press.

[47]

Y Zhou, T. Z. J. Fu, and D. M. Chiu, "A unifying model and analysis of P2P VoD replication and scheduling," IEEE/ACM Trans. Netw., vol. 23, no. 4, pp. 1163--1175, Aug. 2015.

Digital Library

[48]

Q. T. Zhang, J. Chen, and H. Zhu, "Network convergence: Theory, architectures, and applications," IEEE Wireless Commun., vol. 21, no. 6, pp. 48--53, Dec. 2014.

[49]

Q. Yan and F Yu, "Distributed denial of service attacks in software-defined networking with cloud computing," IEEE Commun. Mag., vol. 53, no. 4, pp. 52--59, Apr. 2015.

Digital Library

[50]

Q. Yan, F R. Yu, Q. Gong, and J. Li, "Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges," IEEE Commun. Surveys Tuts., vol. 18, no. 1, pp. 602--622, 1st Quarter, 2015.

[51]

L. Cui, F R. Yu, and Q. Yan, "When big data meets software-defined networking (SDN): SDN for big data and big data for SDN," IEEE Netw. Mag., vol. 30, no. 1, pp. 58--65, Jan. 2016.

[52]

J. Chen, H. Zeng, C. Hu, and Z. Ji, "Optimization between security and delay of quality-of-service," J. Netw. Comput. Appl, vol. 34, no. 2, pp. 603--608, Mar. 2011.

Digital Library

[53]

J. Chen, Y Wang, and X. Wang, "On-demand security architecture for cloud computing," Computer, vol. 45, no. 7, pp. 73--78, Jul. 2012.

Digital Library

[54]

J. Chen, G Wu, and Z. Ji, "Secure interoperation of identity managements among different circles of trust," Comput. Standards Interfaces, vol. 33, no. 6, pp. 533--540, Nov. 2011.

Digital Library

[55]

H. Gao, T. Lv, S. Zhang, C. Yuen, and S. Yang, "Zero-forcing based MIMO two-way relay with relay antenna selection: Transmission scheme and diversity analysis," IEEE Trans. Wireless Commun., vol. 11, no. 12, pp. 4426--4437, Dec. 2012.

[56]

X. Guo, D. Zhang, K. Wu, and L. M. Ni, "MODLoc: Localizing multiple objects in dynamic indoor environment," IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 11, pp. 2969--2980, Nov. 2014.

[57]

Y He and X. Wang, "An ALOHA-based improved anti-collision algorithm for RFID systems," IEEE Wireless Commun., vol. 20, no. 5, pp. 152--158, Oct. 2013.

[58]

P. Gupta and N. McKeown, "Algorithms for packet classification," IEEE Netw., vol. 15, no. 2, pp. 24--32, Mar./Apr. 2001.

Digital Library

[59]

A. X. Liu and F. Chen, "Collaborative enforcement of firewall policies in virtual private networks," in Proc. 27th ACM Symp. Principles Distrib. Comput. (PODC), Toronto, ON, Canada, Aug. 2008, pp. 95--104.

Digital Library

[60]

D. E. Taylor, "Survey and taxonomy of packet classification techniques," ACM Comput. Surv, vol. 37, no. 3, pp. 238--275, Sep. 2005.

Digital Library

[61]

P. Gupta and N. McKeown, "Packet classification on multiple fields," in Proc. ACM SIGCOMM, 1999, pp. 147--160.

Digital Library

[62]

F. Baboescu and G. Varghese, "Scalable packet classification," in Proc. ACM SIGCOMM, 2001, pp. 199--210.

Digital Library

[63]

T. Y. C. Woo, "A modular approach to packet classification: Algorithms and results," in Proc. IEEE INFOCOM, Mar. 2000, pp. 1213--1222.

[64]

M. G. Gouda and A. X. Liu, "Firewall design: Consistency, completeness, and compactness," in Proc. 24th IEEE Int. Conf. Distrib. Comput. Syst. (ICDCS), Mar. 2004, pp. 320--327. {Online}. Available: http://www.cs.utexas.edu/users/alex/publications/fdd.pdf.

Digital Library

[65]

M. G. Gouda and A. X. Liu, "Structured firewall design," Comput. Netw., vol. 51, no. 4, pp. 1106--1120, Mar. 2007.

Digital Library

[66]

A. X. Liu and M. G Gouda, "Diverse firewall design," in Proc. Int. Conf. Dependable Syst. Netw. (DSN), Jun. 2004, pp. 595--604.

Digital Library

[67]

S. Dharmapurikar, P. Krishnamurthy, and D. E. Taylor, "Longest prefix matching using bloom filters," in Proc. ACM SIGCOMM, 2003, pp. 201--212.

Digital Library

Cited By

Rashelbach Ade Paula ISilberstein M(2023)NeuroLPM - Scaling Longest Prefix Match Hardware with Neural NetworksProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3623769(886-899)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3623769
Öztekin HLazzem APehlivan İ(2023)Using FPGA-based content-addressable memory for mnemonics instruction searching in assembler designThe Journal of Supercomputing10.1007/s11227-023-05357-279:15(17386-17418)Online publication date: 7-May-2023
https://dl.acm.org/doi/10.1007/s11227-023-05357-2
Srinivasavarma VPydi SMahammad S(2022)Hardware-based multi-match packet classification in NIDS: an overview and novel extensions for improving the energy efficiency of TCAM-based classifiersThe Journal of Supercomputing10.1007/s11227-022-04377-878:11(13086-13121)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1007/s11227-022-04377-8
Show More Cited By

Recommendations

Efficient Multimatch Packet Classification for Network Security Applications

New network applications like intrusion detection systems and packet-level accounting require multimatch packet classification, where all matching filters need to be reported. Ternary content addressable memories (TCAMs) have been adopted to solve the ...
Reconfigurable content-addressable memory (CAM) on FPGAs: A tutorial and survey
Abstract
Content-addressable memory (CAM) is a massively parallel searching device that returns the address of a given search input in one clock cycle. Field-programmable gate array (FPGA)-based CAMs are becoming popular due to their ...
Highlights
- It describes all the works proposed in the past 10-15 years on FPGA-based CAM/TCAM.
Low-power content addressable memory (CAM) array for mobile devices

Large-capacity content-addressable memory (CAM) is beneficial in a variety of applications that require high-speed lookup table. It is used extensively in low power CPU design, network routers, and cache controllers. Content addressable memory system ...

Comments

Information & Contributors

Information

Published In

cover image IEEE/ACM Transactions on Networking

IEEE/ACM Transactions on Networking Volume 24, Issue 3

June 2016

638 pages

ISSN:1063-6692

Editor:
R. Srikant
Univ. Illinois at Urbana-Champaign, Urbana, IL

Issue’s Table of Contents

Publisher

IEEE Press

Publication History

Published: 01 June 2016

Published in TON Volume 24, Issue 3

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
127
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)1

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Rashelbach Ade Paula ISilberstein M(2023)NeuroLPM - Scaling Longest Prefix Match Hardware with Neural NetworksProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3623769(886-899)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3623769
Öztekin HLazzem APehlivan İ(2023)Using FPGA-based content-addressable memory for mnemonics instruction searching in assembler designThe Journal of Supercomputing10.1007/s11227-023-05357-279:15(17386-17418)Online publication date: 7-May-2023
https://dl.acm.org/doi/10.1007/s11227-023-05357-2
Srinivasavarma VPydi SMahammad S(2022)Hardware-based multi-match packet classification in NIDS: an overview and novel extensions for improving the energy efficiency of TCAM-based classifiersThe Journal of Supercomputing10.1007/s11227-022-04377-878:11(13086-13121)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1007/s11227-022-04377-8
Grigoryan GLiu YKwon MParashar MVlassov VIrwin DMohror K(2020)Boosting FIB Caching Performance with AggregationProceedings of the 29th International Symposium on High-Performance Parallel and Distributed Computing10.1145/3369583.3392682(221-232)Online publication date: 23-Jun-2020
https://dl.acm.org/doi/10.1145/3369583.3392682
Li RPang YZhao JWang X(2019)A Tale of Two (Flow) TablesProceedings of the 48th International Conference on Parallel Processing10.1145/3337821.3337896(1-10)Online publication date: 5-Aug-2019
https://dl.acm.org/doi/10.1145/3337821.3337896
Vegesna SNara ASk N(2019)A Novel Rule Mapping on TCAM for Power Efficient Packet ClassificationACM Transactions on Design Automation of Electronic Systems10.1145/332810324:5(1-23)Online publication date: 7-Jun-2019
https://dl.acm.org/doi/10.1145/3328103
Abdulhassan AAhmadi M(2019)Cuckoo filter-based many-field packet classification using X-treeThe Journal of Supercomputing10.1007/s11227-019-02818-575:9(5667-5687)Online publication date: 1-Sep-2019
https://dl.acm.org/doi/10.1007/s11227-019-02818-5
Grigoryan GLiu YBenson TZilberman N(2018)PFCAProceedings of the 2018 Symposium on Architectures for Networking and Communications Systems10.1145/3230718.3230721(97-103)Online publication date: 23-Jul-2018
https://dl.acm.org/doi/10.1145/3230718.3230721

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents