A Scalable and Modular Architecture for High-Performance Packet Classification

Packet classification is widely used as a core function for various applications in network infrastructure. With increasing demands in throughput, performing wire-speed packet classification has become challenging. Also the performance of today's packet classification solutions depends on the characteristics of rulesets. In this work, we propose a novel modular Bit-Vector (BV) based architecture to perform high-speed packet classification on Field Programmable Gate Array (FPGA). We introduce an algorithm named StrideBV and modularize the BV architecture to achieve better scalability than traditional BV methods. Further, we incorporate range search in our architecture to eliminate ruleset expansion caused by range-to-prefix conversion. The post place-and-route results of our implementation on a state-of-the-art FPGA show that the proposed architecture is able to operate at 100+ Gbps for minimum size packets while supporting large rulesets up to 28 K rules using only the on-chip memory resources. Our solution is ruleset-feature independent , i.e. the above performance can be guaranteed for any ruleset regardless the composition of the ruleset.

[1]  Eric Torng,et al.  Hardware Based Packet Classification for High Speed Internet Routers , 2010 .

[2]  George Varghese,et al.  Tree bitmap: hardware/software IP lookups with incremental updates , 2004, CCRV.

[3]  IEEE Transactions on Parallel and Distributed Systems, Vol. 13 , 2002 .

[4]  Viktor K. Prasanna,et al.  StrideBV: Single chip 400G+ packet classification , 2012, 2012 IEEE 13th International Conference on High Performance Switching and Routing.

[5]  Nick McKeown,et al.  Classifying Packets with Hierarchical Intelligent Cuttings , 2000, IEEE Micro.

[6]  Jonathan S. Turner,et al.  Scalable packet classification using distributed crossproducing of field labels , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[7]  T. V. Lakshman,et al.  High-speed policy-based packet forwarding using efficient multi-dimensional range matching , 1998, SIGCOMM '98.

[8]  Kuruvilla Varghese,et al.  A Scalable High Throughput Firewall in FPGA , 2008, 2008 16th International Symposium on Field-Programmable Custom Computing Machines.

[9]  Viktor K. Prasanna,et al.  Field-split parallel architecture for high performance multi-match packet classification using FPGAs , 2009, SPAA '09.

[10]  Carlos A. Zerbini,et al.  Performance evaluation of packet classification on FPGA-based TCAM emulation architectures , 2012, 2012 IEEE Global Communications Conference (GLOBECOM).

[11]  Miad Faezipour,et al.  Wire-Speed TCAM-Based Architectures for Multimatch Packet Classification , 2009, IEEE Transactions on Computers.

[12]  Haoyu Song,et al.  Efficient packet classification for network intrusion detection using FPGA , 2005, FPGA '05.

[13]  Viktor K. Prasanna,et al.  A Comparison of Ruleset Feature Independent Packet Classification Engines on FPGA , 2013, 2013 IEEE International Symposium on Parallel & Distributed Processing, Workshops and Phd Forum.

[14]  David E. Taylor Survey and taxonomy of packet classification techniques , 2005, CSUR.