Download - University of South Florida
![Page 1: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/1.jpg)
1University of South Florida
![Page 2: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/2.jpg)
Outline
• Introduction• Related work on packet classification• Grouper• Performance Analysis• Empirical Evaluation• Conclusions
2/42
![Page 3: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/3.jpg)
Introducing Grouper
• A packet classification algorithm• Parameterized by the amount of
memory available to it• Trades classification speed for memory
efficiency• Obtains good performance under real-
world memory constraints
3/42
![Page 4: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/4.jpg)
Quick (Over|Re)view of Packet Classifiers
Takes in a list of rules, each specifying a class of packets matched by that rule
The rules are usually arranged by priorityClass Source IP Source Port
0 192.168.*.1 45671 4.4.4.[4-8] [80 - 81]2 * >=10243 * *
4/42
![Page 5: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/5.jpg)
Packet Classifier’s JobThe classifier’s job is to input
packets, and for every input, output the corresponding class number
Packet
Class 1
Class 2
Class N
…
RULES
Packet Classifier
5/42
![Page 6: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/6.jpg)
Outline
• Introduction• Related work on packet classification• Grouper• Performance Analysis• Empirical Evaluation• Conclusions & Future Work
6/42
![Page 7: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/7.jpg)
Related Work: Range Rule Patterns
• Existing software solutions (e.g., GEM) focus heavily on range and prefix pattern rules
• Range rule: dest_port = [1024 – 65535]• Prefix rule: src_ip = 192.168.*• For many applications, these types of
rules are not efficiently expressive• E.g., matching all odd-numbered 16-bit
ports requires 65,535 range/prefix rules
2 [1024¡ 65535]
7/42
![Page 8: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/8.jpg)
Bitmask Patterns: More Efficiently Expressive than Range Patterns
• Bitmask pattern to match all odd 16-bit ports:– Ternary mask, consisting of 0,1,or ? (don’t care)– ???????????????1
• A b-bit bitmask rule may require 2b-1 range rules to express
• On the other hand, Rottenstreich et al. recently showed that every b-bit range rule can be converted into b bitmask rules
8/42
![Page 9: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/9.jpg)
Who Uses Bitmasks?• Some existing packet-classification
solutions handle bitmask patterns• RFC (a software solution) handles them,
but uses prohibitively large amounts of memory for large rule sets (> 6000 rules)
• TCAMs (a hardware solution) are the de facto industry standard and use bitmask rules, but are expensive, special-purpose hardware with limited capacity for rules
9/42
![Page 10: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/10.jpg)
Related Work: Regular Expression Patterns
• Some software algorithms, such as ESAs XFAs and BDDs, can handle regular expression rules, which are even more efficiently expressive than bitmasks
• Unfortunately, all of these algorithms suffer from worst-case exponential memory requirements and/or classification times
10/42
![Page 11: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/11.jpg)
Outline
• Introduction• Related work on packet classification• Grouper• Performance Analysis• Empirical Evaluation• Conclusions & Future Work
11/42
![Page 12: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/12.jpg)
How Grouper Works: Grouping
• Grouper is a software algorithm that handles bitmask rules
• It works by partitioning the b packet bits our classifier cares about into approximately equal sized groups
b = 12
Group 0 Group 1 Group 2 Group 3
111 11 100 0 0 0 0
12/42
![Page 13: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/13.jpg)
How Grouper Works: Lookup• Grouper uses the value of each of these groups
to look up the set (expressed as a bitmap) of classes that match that group of bits
b = 12
Group 0 Group 1 Group 2 Group 3
111 11 100 0 0 0 0
13/42
![Page 14: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/14.jpg)
How Grouper Works: Lookup• Grouper uses the value of each of these groups
to look up the set (expressed as a bitmap) of classes that match that group of bits
10 0 = 21 1
1
11
1 1
1
1
1
1
11
11
1 1
1
1
0
00
00
0
0
0 0
0 0 0
0
1 10 0
Table for Group 0
14/42
![Page 15: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/15.jpg)
How Grouper Works: Lookup• Grouper uses the value of each of these groups
to look up the set (expressed as a bitmap) of classes that match that group of bits
1 1
1
11
0 1
1
1
1
1
01
11
1 1
1
1
0
00
10
0
0
0 1
1 0 0
0
1 10 0
11 0 110 10 010 0
Group 0 Group 1 Group 2 Group 3
1 10 1
Table for Group 1
15/42
![Page 16: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/16.jpg)
1 1
0
01
1 1
1
1
1
1
00
11
1 0
1
0
0
00
10
1
0
0 1
0 1 0
0
Table for Group 2
How Grouper Works: Lookup• Grouper uses the value of each of these groups
to look up the set (expressed as a bitmap) of classes that match that group of bits
1 10 011 0 110 10 010 0
Group 0 Group 1 Group 2 Group 3
1 10 1
1 11 1
16/42
![Page 17: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/17.jpg)
1 1
1
00
1 1
1
0
1
1
11
11
1 1
1
0
0
01
10
0
1
1 0
0 1 0
0
Table for Group 3
How Grouper Works: Lookup• Grouper uses the value of each of these groups
to look up the set (expressed as a bitmap) of classes that match that group of bits
1 10 011 0 110 10 010 0
Group 0 Group 1 Group 2 Group 3
1 10 1
1 11 1
1 11 0
17/42
![Page 18: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/18.jpg)
How Grouper Works: Intersection
• Then it takes the intersection (bitwise-AND) of all matching sets of rules to obtain the final matching class
&
&
&1 10 1
1 11 1
1 11 0
1 10 0
18/42
![Page 19: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/19.jpg)
How Grouper Works: Results
• The final result is an n-length bitmap representing the set of all classes the input packet belongs to. We can either return the highest priority class that matches, or all matching classes. (Our implementation does the former).
1 10 0 Class 1 matchesClass # 0 1 2 3
19/42
![Page 20: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/20.jpg)
Observation 1: Dimension Independence
• Note that Grouper is “blind” to packet fields/dimensions • As far as Grouper is concerned, every packet
is simply an array of bits• Groups do not necessarily correspond to
packet fields. Grouper doesn’t suffer from problems of
other classification algorithms (e.g., geometric algorithms) whose performance is exponential in number of dimensions
20/42
![Page 21: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/21.jpg)
Observation 2: Efficiency via Uniformity
• Grouper guarantees that all groups will be roughly equal in size.
• This uniformity prevents memory inefficiency from disproportionately large tables or time inefficiency from small tables.Space Inefficient Time Inefficient Best Balance
21/42
![Page 22: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/22.jpg)
Outline
• Introduction• Related work on packet classification• Grouper• Performance Analysis• Empirical Evaluation• Conclusions & Future Work
22/42
![Page 23: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/23.jpg)
Performance at the Extremes of Group Sizes
• By controlling the size of the bit groupings, Grouper can trade memory for classification speed0 1 0 1 0 0 1 1
Tables = 3Mem = 40 bits
23/42
![Page 24: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/24.jpg)
Performance at the Extremes of Group Sizes
• By controlling the size of the bit groupings, Grouper can trade memory for classification speed0 1 0 1 0 0 1 1
Tables = 4Mem = 32 bits
24/42
![Page 25: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/25.jpg)
Performance With All Bits in a Single Group
• Having more bits per group implies larger lookup tables but less table lookups and less intersections: this is one extreme of the classification algorithm, using a single lookup table—large memory requirements but fast lookup time0 1 0 1 0 0 1 1
256 entries
25/42
![Page 26: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/26.jpg)
Performance with Each Bit in its Own Group
• A single bit per group corresponds to the other extreme of the classification algorithm: linear search (analogous to walking through every combination of packet bits and rule/class numbers)
0 1 0 1 0 0 1 10 1 0 1 0 0 1 1
26/42
![Page 27: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/27.jpg)
Grouper’s Performance in General (Running Time)
• Grouper uses t lookup tables to classify b bits according to n rules/classes
• Each lookup table maps either or of the b packet bits to an n-length bitmap representing the set of all classes those bits could possibly match
• Classification time is [1 < t ≤ b]
¥bt¦
27/42
![Page 28: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/28.jpg)
Grouper’s Performance in General (Memory Usage)
• Grouper uses t tables, each with entries
• Each entry is an n-length bitmap consuming O(n/W) machines words – (W is the word size in bits)
• Total memory is therefore
[1 < t ≤ b]
28/42
![Page 29: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/29.jpg)
Outline
• Introduction• Related work on packet classification• Grouper• Performance Analysis• Empirical Evaluation• Conclusions & Future Work
29/42
![Page 30: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/30.jpg)
Implementation & Setup
• Prototype in about 1,000 lines of C• Implemented for x86_64 processor• Experiments run on commodity Dell
laptop, 2GHz Core 2 Duo, 4GB Ram• Tested on minimal install of Arch
Linux
30/42
![Page 31: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/31.jpg)
Values Tested• Tested relevant bit values (b) :
– 32, 104, 320 and 12,000• Tested number of rules (n):
– 100, 1K, 10K, 100K, 1 million• Didn’t test combination of b=12K
and n=1M because it would require too much memory (minimum of 3GB and quickly increasing from there)
31/42
![Page 32: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/32.jpg)
Max and Min Classifier Throughputs
32/42
![Page 33: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/33.jpg)
Max and Min Pre-Processing Time
33/42
![Page 34: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/34.jpg)
Throughputs for 1K Rules
34/42
![Page 35: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/35.jpg)
Throughputs for 10K Rules
35/42
![Page 36: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/36.jpg)
Throughputs for 100K Rules
36/42
![Page 37: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/37.jpg)
Throughputs for 320 bits Classified, 100K Rules
37/42
![Page 38: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/38.jpg)
Throughputs for 12K Bits Classified,10K Rules
38/42
![Page 39: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/39.jpg)
Outline
• Introduction• Related work on packet classification• Grouper• Performance Analysis• Empirical Evaluation• Conclusions & Future Work
39/42
![Page 40: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/40.jpg)
Summary• Grouper classifies packets according to
arbitrary bitmask rules• Grouper can trade time for space
efficiency as needed– Classification time: O(t ∙ n/W)– Memory use: O(2b/t ∙ t ∙ n)
• Grouper gets good performance even on commodity hardware and large rule sets
[1 < t ≤ b]
40/42
![Page 41: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/41.jpg)
Future Work• We are extending Grouper to handle range
patterns directly• This can be done both through expansion of
range patterns to bitmask patterns, or through grouping all bits of the range into the same table
• We are also extending Grouper to handle rule-set updates while it is running
• This is an interesting challenge for an algorithm that relies heavily on precomputation
41/42
![Page 42: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/42.jpg)
Thanks/Questions?
42/42
![Page 43: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/43.jpg)
Extra Slides
43/42
![Page 44: University of South Florida](https://reader033.vdocument.in/reader033/viewer/2022051402/568165ef550346895dd913f8/html5/thumbnails/44.jpg)
Exact Memory Usage• Grouper’s exact memory usage is
given by
44/42