244 research outputs found
MLET: A Power Efficient Approach for TCAM Based, IP Lookup Engines in Internet Routers
Routers are one of the important entities in computer networks specially the
Internet. Forwarding IP packets is a valuable and vital function in Internet
routers. Routers extract destination IP address from packets and lookup those
addresses in their own routing table. This task is called IP lookup. Internet
address lookup is a challenging problem due to the increasing routing table
sizes. Ternary Content-Addressable Memories (TCAMs) are becoming very popular
for designing high-throughput address lookup-engines on routers: they are fast,
cost-effective and simple to manage. Despite the TCAMs speed, their high power
consumption is their major drawback. In this paper, Multilevel Enabling
Technique (MLET), a power efficient TCAM based hardware architecture has been
proposed. This scheme is employed after an Espresso-II minimization algorithm
to achieve lower power consumption. The performance evaluation of the proposed
approach shows that it can save considerable amount of routing table's power
consumption.Comment: 14 Pages, IJCNC 201
ADVANCED HASHING SCHEMES FOR PACKETFORWARDING USING SET ASSOCIATIVEMEMORY ARCHITECTURES
Building a high performance IP packet forwarding (PF) engine remains a challenge due to increasingly stringent throughput requirements and the growing sizes of IP forwarding tables.The router has to match the incoming packet's IP address against the forwarding table.The matching process has to be done in wire speed which is why scalability and low power consumption are features that PF engines must maintain.It is common for PF engines to use hash tables; however, the classic hashing downsides have to be dealt with (e.g., collisions, worst case memory access time, ... etc.).While open addressing hash tables, in general, provide good average case search performance, their memory utilization and worst case performance can degrade quickly due to collisions that leads to bucket overflows.Set associative memory can be used for hardware implementations of hash tables with the property that each bucket of a hash table can be searched in one memory cycle.Hence, PF engine architectures based on associative memory will outperform those based on the conventional Ternary Content Addressable Memory (TCAM) in terms of power and scalability.The two standard solutions to the overflow problem are either to use some sort of predefined probing (e.g., linear or quadratic) or to use multiple hash functions.This work presents two new hash schemes that extend both aforementioned solutions to tackle the overflow problem efficiently.The first scheme is a hash probing scheme that is called Content-based HAsh Probing, or CHAP.CHAP is a probing scheme that is based on the content of the hash table to avoid the classical side effects of predefined hash probing methods (i.e., primary and secondary clustering phenomena) and at the same time reduces the overflow.The second scheme, called Progressive Hashing, or PH, is a general multiple hash scheme that reduces the overflow as well.PH splits the prefixes into groups where each group is assigned one hash function, then reuse some hash functions in a progressive fashion to reduce the overflow.We show by experimenting with real IP lookup tables that both schemes outperform other hashing schemes
High-Performance Packet Processing Engines Using Set-Associative Memory Architectures
The emergence of new optical transmission technologies has led to ultra-high Giga bits per second (Gbps) link speeds.
In addition, the switch from 32-bit long IPv4 addresses to the 128-bit long IPv6 addresses is currently progressing.
Both factors make it hard for new Internet routers and firewalls to keep up with wire-speed packet-processing.
By packet-processing we mean three applications: packet forwarding, packet classification and deep packet inspection.
In packet forwarding (PF), the router has to match the incoming packet's IP address against the forwarding table.
It then directs each packet to its next hop toward its final destination.
A packet classification (PC) engine examines a packet header by matching it against a database of rules, or filters, to obtain the best matching rule.
Rules are associated with either an ``action'' (e.g., firewall) or a ``flow ID'' (e.g., quality of service or QoS).
The last application is deep packet inspection (DPI) where the firewall has to inspect the actual packet payload for malware or network attacks.
In this case, the payload is scanned against a database of rules, where each rule is either a plain text string or a regular expression.
In this thesis, we introduce a family of hardware solutions that combine the above requirements.
These solutions rely on a set-associative memory architecture that is called CA-RAM (Content Addressable-Random Access Memory).
CA-RAM is a hardware implementation of hash tables with the property that each bucket of a hash table can be searched in one memory cycle.
However, the classic hashing downsides have to be dealt with, such as collisions that lead to overflow and worst-case memory access time.
The two standard solutions to the overflow problem are either to use some predefined probing (e.g., linear or quadratic) or to use multiple hash functions.
We present new hash schemes that extend both aforementioned solutions to tackle the overflow problem efficiently.
We show by experimenting with real IP lookup tables, synthetic packet classification rule sets and real DPI databases that our schemes outperform other previously proposed schemes
Recommended from our members
Blueswitch: Enabling provably consistent configuration of network switches
Previous research on consistent updates for distributed network
configurations has focused on solutions for centralized networkconfiguration
controllers. However, such work does not address
the complexity of modern switch datapaths. Modern commodity
switches expose opaque configuration mechanisms, with minimal
guarantees for datapath consistency and with unclear configuration
semantics. Furthermore, would-be solutions for distributed consistent
updates must take into account the configuration guarantees
provided by each individual switch – plus the compositional problems
of distributed control and multi-switch configurations that
considerably transcend the single-switch problems. In this paper,
we focus on the behavior of individual switches, and demonstrate
that even simple rule updates result in inconsistent packet switching
in multi-table datapaths. We demonstrate that consistent configuration
updates require guarantees of strong switch-level atomicity
from both hardware and software layers of switches – even in a
single switch. In short, the multiple-switch problems cannot be
reasonably approached until single-switch consistency can be resolved.
We present a hardware design that supports a transactional configuration
mechanism, and provides packet-consistent configuration:
all packets traversing the datapath will encounter either the
old configuration or the new one, and never an inconsistent mix of
the two. Unlike previous work, our design does not require modifications
to network packets. We precisely specify the hardwaresoftware
protocol for switch configuration; this enables us to prove
the correctness of the design, and to provide well-specified invariants
that the software driver must maintain for correctness. We
implement our prototype switch design using the NetFPGA-10G
hardware platform, and evaluate our prototype against commercial
off-the-shelf switches.This work was jointly supported by the Defense Advanced Research
Projects Agency (DARPA) and the Air Force Research Laboratory
(AFRL), under contract FA8750-11-C-0249. The views,
opinions, and/or findings contained in this article/presentation are
those of the author/ presenter and should not be interpreted as representing
the official views or policies, either expressed or implied,
of the Department of Defense or the U.S. Government. We also acknowledge
the support of the UK EPSRC for contributing to parts
of our work, through grant EP/H040536/1. Additional data related
to this publication is available at the http://www.cl.cam.ac.
uk/research/srg/netfpga/blueswitch/ data repository.This is the author accepted manuscript. The final version is available from IEEE via http://dx.doi.org/10.1109/ANCS.2015.711011
CHAP : Enabling efficient hardware-based multiple hash schemes for IP lookup
Building a high performance IP lookup engine remains a challenge due to increasingly stringent throughput requirements and the growing size of IP tables. An emerging approach for IP lookup is the use of set associative memory architecture, which is basically a hardware implementation of an open addressing hash table with the property that each row of the hash table can be searched in one memory cycle. While open addressing hash tables, in general, provide good average-case search performance, their memory utilization and worst-case performance can degrade quickly due to bucket overflows. This paper presents a new simple hash probing scheme called CHAP (Content-based HAsh Probing) that tackles the hash overflow problem. In CHAP, the probing is based on the content of the hash table, thus avoiding the classical side effects of probing. We show through experimenting with real IP tables how CHAP can effectively deal with the overflow. © IFIP International Federation for Information Processing 2009
- …