In the field of Internet, the packet classification technology is a critical technology for many applications, such as Access Control List (ACL), Firewall, QoS (Quality of Service) control.
Packet classification can be regarded as a kind of special lookup/search problem. Packet classification needs to perform a search in a predefined rule set based on the information of an IP packet, so as to find the best matching rule and perform discarding, passing or other operation for the IP packet based on the action associated with the rule. In particular, a rule set is composed of multiple rules; generally, a rule comprises the following information: (source network address, destination network address, source port, destination port, protocol) and (priority, action). When classifying a packet, first the information (source address, destination address, source port, destination port, protocol) is extracted from an IP packet, and then a lookup is done in the rule set based on the extracted information to find a rule that matches the extracted information. Since there may be multiple matching rules, the rule with the highest priority will be selected as the best matching rule based on the priority information of the rule. Finally, corresponding operation is performed for the IP packet based on the action associated with the best rule.
In recent years, researchers have proposed a lot of algorithms and solutions to address the packet classification problem. These solutions can be divided into two categories: software based solutions and hardware based solutions. Software based solutions include the following algorithms: Modular, HiCut, HyperCut, EGT-PC, etc. Hardware based solutions mainly include the TCAM (Ternary Content Addressable Memory) based technology. Compared with the software solutions, the cost of the hardware solutions is expensive, flexibility in realization is poor, but lookup speed is very fast.
In [1] J. van Lunteren and T. Engbersen, “Fast and Scalable Packet Classification”, IEEE Journal on Selected Areas in Communications, Vol. 21, No. 4, May 2003, there is proposed a TCAM-based fast packet classification solution in which respective fields of the rule are encoded. Wherein, the encoding technology uses the Horizontal Cut (H-Cut) method that is similar to the Range Interval Cut.
In [2] K. Zheng, C. C. Hu, H. B. Lu, and B. Liu, “An Ultra High Throughput and Power Efficient TCAM-Based IP Lookup Engine”, Proc. IEEE INFOCOM '04, March 2004, there is proposed a fast route lookup solution. This solution is based on the TCAM technology, wherein, an ID Bit cut technology is applied to perform grouping for a route lookup rule base.
In [3] Z. Liang, K. Xu, J. Wu, “A Scalable Parallel Lookup Framework Avoiding Longest Prefix”, Lectuer Notes in Computer Science, vol. 3090,2004, pp. 616-625, there is provided a route lookup framework avoiding longest prefix match In the framework, a Prefix Level cut technology is applied to perform grouping for a route lookup rule set to eliminate the overlap between rules.
In [4] F. Baboescu, S. Singh, G. Varghese, “Packet Classification for Core Routers: Is there an alternative to CAMs?”, Proc. of IEEE INFOCOM, San Francisco USA, 2003, there is provided a EGT-PC packet classification algorithm. The algorithm is based on a tree lookup structure and can realize the lookup performance that is comparable to the TCAM.
The lookup speed and memory requirement are two important performance parameters to evaluate a packet classification solution. The various software solutions mentioned in the above have drawbacks in these two aspects, either the lookup speed is not fast enough, or the memory requirement is very large.
Presently, the rule set partitioning methods can be divided into two kinds of methods.
Horizontal Cut (H-Cut)
The H-Cut is shown in FIG. 1. In FIG. 1, Key represents a point, which is the relevant heading information of an IP packet. Rule refers to the rule in a rule set. Rule Layer is a set of rules, in which there is no overlap between the inner-Layer rules, but there may be overlap between the inter-Layer rules. Note that the overlap here refers to overlap on one field, such as the source address.
In FIG. 1, H-Cut divides a rule set into two smaller rule sets. Within the two smaller rule sets, the overlap between the rules are reduced, thereby the memory requirement is reduced. But for searching a key, all the smaller rule sets still need to be traversed, which affects the lookup speed in some extent negatively.
H-Cut can reduce the memory requirement, but will affect the lookup speed negatively.
In particular, H-Cut can have the following operation methods.
a) Range Interval Based Partitioning [1]
What is shown in FIG. 1 belongs to this kind of partitioning method. This method is applicable to each field (source network address, destination network address, source port, destination port, protocol field) of the rule. The value range of the field of a rule is represented by a range interval. Then the range interval corresponding to the rule is traversed, and simple increment method (initially, a subset is set as null, and in turn, range interval is added incrementally. If there is overlap between a range interval that will be added and the subset, a new subset is established and this range interval will be added into this new subset) is used to obtain several non-overlapped rule sets (the range intervals corresponding to the rules in the set do not overlap).
b) Prefix Level Based Partitioning [3]
This partitioning method is applicable to the source network address field and destination network address field of the rule. The partitioning method constructs a prefix tree based on the source or destination network address. In a prefix tree, the network address corresponds to different prefix levels, and the network address of different prefix levels do not overlap. Based on the prefix level corresponding to the network address, a rule set is divided into several non-overlapped rule subsets (the rule subsets do not overlap at selected network address field).
Vertical Cut (V-Cut)
In FIG. 2, V-Cut also divides a rule set into two smaller rule sets. For searching a key, it only needs to be done in one smaller rule set, which improves the search performance. But the rule cut by the V-Cut needs to be copied into the two smaller rule sets respectively, which affects the memory requirement negatively.
V-Cut can improve the search performance, but will affect the memory requirement negatively.
In particular, V-Cut can have the following operation methods.
a) Range Interval Based Partitioning
What is shown in FIG. 2 belongs to this partitioning method. This method is applicable to each field of the rule. The value range of the field of a rule is represented by a range interval. A series of thresholds are selected. There is one threshold in FIG. 2 (which will be taken as an example in the following). The threshold and the range interval are compared, and a rule set is divided into two rule subsets. If all the values in the range interval of the rule are greater than the threshold, then this rule will be divided into a “greater than threshold” subset; if all the values in the range interval of the rule are smaller than the threshold, then this rule will be divided into a “smaller than threshold” subset; if the threshold is within the range interval of the rule, this rule needs to be replicated into two copies, one for the “greater than threshold” subset and one for the “smaller than threshold” subset.
b) ID BIT Based Partitioning [2]
This method is also applicable to each field of the rule. The value of the field of a rule is represented by a bit string. The bits in a series of bit strings are selected (Here, take one bit as an example). The value of the field of the rule at this bit is checked to see if it is 1, 0 or wildcard. If the value of the bit is 1, this rule will be divided into the “bit 1” subset; if the value of the bit is 0, this rule will be divided into the “bit 0” subset; and if the value of the bit is wildcard, this rule needs to be replicated into two copies, one for the “bit 0” subset and one for the “bit 1” subset.