The Internet is becoming ubiquitous: everyone wants to join in. Statistics show that the number of computers on the internet is tripling approximately every two years. Traffic on the Internet is also increasing exponentially. Traffic increase can be traced not only to increased hosts, but also to new applications (e.g., the Web, video conferencing, remote imaging) which have higher bandwidth needs than traditional applications. One can only expect further increases in users, computers, and traffic. The possibility of a global Internet with multiple addresses per user (e.g., each user may have several appliances on the Internet) has necessitated a transition from the older Internet routing protocol (called IPv4, with small 32 bit addresses) to the proposed next generation protocol (called IPv6, with much larger 128 bit addresses).
The increasing traffic demand placed on the network forces two key factors to keep pace: first, the speed of communication links; and second, the rate at which routers (routers are boxes that route messages in the Internet, very much like automated Post Offices in the postal network) can forward messages. With the advent of fiber optic links, it is easily and economically possible to solve the first problem. For example, MCI is currently upgrading its Internet backbone links from 45 Mbits/s to 155 Mbits/s, and they plan to switch to 622 Mbits/s within a year. However, improving the speed of communication links is insufficient unless router forwarding speeds increase proportionately.
Today's fastest routers forward messages at a maximum rate of 100,000 to 500,000 messages a second. However, communication link speeds are already reaching speeds of 1 Gigabit/sec (1 Gigabit=1000 million bits per second). A router has to forward 5 million messages (of average size say 200 bits) per second to keep up with the speed of a Gigabit link. With the popularity of the Internet and the larger traffic volumes expected, router vendors wish to increase the forwarding performance of their routers.
The major problem that routers face in forwarding an Internet message is something known as address lookup. To understand this, we must first have an intuitive idea of what a router does. Consider a hypothetical fragment of the Internet linking users in Europe with users in the United States. Consider a source user (see label called Source in the left of FIG. 1) in Paris. If this user wishes to send say an email message to San Francisco, the user will send its message to a router R1 which is, say, in Paris. The Paris router may send this message on the communication link L4 to router R, say in London. The London Router R may then send the message on link L2 to router R3 in San Francisco; R3 then sends the message to the destination.
Notice how a message travels from source to destination alternating between communication links and routers. This is almost identical to the way a postal letter travels from post office to post office using some communication channel (e.g., an airplane). How does each post office decide where to forward the letter? Each post office does so, using the destination address that is placed on the envelope containing the letter. In the same way, routers must decide to forward a message based on a destination address that is placed in an easily accessible portion of the message called a header.
With this context, we can understand how a router forwards an incoming message. Consider the router R in FIG. 1. We show a schematic description of router R in FIG. 2. When a message arrives on say link L4, the message carries its destination address (San Francisco) in its message header. Router R is a special computer whose job is to forward all messages that are sent to it towards their final destinations. To do so, router R consults a Forwarding Table (sometimes also called a Forwarding Database). This is a table in the memory of R, which lists each possible destination and the corresponding output link. Note that the Forwarding Table contents are consistent with FIG. 1.
Thus when a message to San Francisco arrives on Link L4, router R looks up the destination address San Francisco in its forwarding table. Since the table says L2, the router then switches the entire message to the output link L2. It then proceeds to service the next arriving message. Notice that so far the word "lookup" is no different from looking up a word in a dictionary or a phone number in the phone book. We will show it is more difficult than dictionary or phone book lookup shortly.
Thus the two main functions of a router are to lookup destination addresses (address lookup) and then to send the packet to the right output link (message switching). To be more precise, there are some additional chores such as incrementing a visit count in a message; but these chores are fairly trivial compared to lookup and switching. Both must be done at very high speeds. Fortunately, the problem of message switching is very well understood in recent years because of advances in ATM Switching Technology. Economical gigabit message switching is quite feasible today because of the work of others. (Thus one can imagine a router as having an ATM core to switch packets.)
We have already seen that of the two main functions of a router, message switching is a solved problem and already available in many commercial products. Despite this, the problem of doing address lookups at Gigabit speeds remains. Current vendor speeds for lookups are quite slow. For example, existing products we know of use hardware assistance for lookups and can take up to 3 .mu.s for a single lookup in the worst case and 1 .mu.s on average. Our invention, on the other hand, gives ten times faster address lookup performance (lookups in around 0.1 .mu.s).
Before we describe how our invention works, it is important to understand why Internet address lookup is hard. It is hard for two reasons. First, Internet addresses are not specially created (like ATM addresses) to be easy to lookup. Second, the Internet deals with scaling issues by using address prefixes which requires a more complex lookup. We describe details below.
First, looking up Internet addresses is a lot harder than say looking up ATM addresses. ATM addresses (VCIs) are carefully chosen to be simple to lookup in switch tables. Unfortunately, ATM addresses must be set up for each conversation which adds delay; by contrast, Internet addresses (like postal addresses) are relatively fixed and there is no additional set up delay per conversation. Secondly, ATM addresses do not currently make much provision for hierarchical networks and so are perceived not to be scalable to truly global networks. IP, through the use of prefixes (see below), has provision for scaling. Thus for various reasons, the Internet and ATM seem to be each going their own way. In the future, they are likely to coexist with ATM backbones and ATM LANs in the Internet. So, with respect to ATM, i) IP address lookup is a lot harder and ii) the Internet is unlikely, if at all, to change completely to ATM.
The second thing to realize is that the Internet lookup problem is a lot harder than looking up a phone number in a phone book, or a word in a dictionary. In those problems, we can search quite fast by first sorting all the words or names. Once sorted, if we are looking for a word starting with Sea, we can simply to the pages of S entries and then look for words starting with Sea etc. Clearly, such lookup is a lot faster than looking up all entries in a dictionary. In fact, such lookup is called exact matching lookup; standard solutions based on hashing and binary search provide very fast times for exact matching.
The Internet lookup problem is more difficult than dictionary search because Internet routers store address prefixes in their forwarding tables to reduce the size of their tables. However, the use of such address prefixes makes the lookup problem one of the longest matching prefix instead of exact matching. The longest matching prefix problem is a lot harder than the exact matching problem. Before we explain why, let us digress briefly and explain why routers store prefixes in their tables.
Consider FIG. 3. The situation is similar to that in FIG. 1. However, we show the geographic significance of the address more clearly. Router R has link L1 to get to Boston as before, but Boston is also the "hub" for the whole of the U.S. Assume that we can get to any destination in the U.S. from a hub router in Boston. As before link L3 leads to California, from where a message can be sent directly to any location in California. Finally, as before, link L2 leads directly to San Francisco.
If we were to use the naive database in FIG. 2, we would have to list every destination in the U.S. (possibly thousands) in the database. For example, we might list Denver, Kans., and other cities as being reachable through Boston on link L1. This would lead to an enormously large table in router R, which would be difficult to store and maintain.
Instead, we prefer to store prefixes in the modified database of FIG. 1. Notice that we now store all the destinations such as Denver, Kans. by the single entry USA.* (anything in the USA). We store California as USA.CA.* (anything in California), and San Francisco as USA.CA.SF. Thus we have used only three entries to store the same amount of information. Of course, to make this work we have to modify the destination address in a message from say San Francisco (see FIG. 2) to say USA.CA.SF. But this is easily done.
The use of prefixes introduces a new dimension to the lookup problem: multiple prefixes may match a given address. If a packet matches multiple prefixes, it is intuitive that the packet should be forwarded corresponding to the most specific prefix or longest prefix match. Thus a packet addressed to USA.CA.SF matches the USA*., USA.CA.*, and the USA.CA.SF entries. Intuitively, it should be sent to L2 corresponding to the most specific match USA.CA.SF. This is because (see FIG. 3) we have a direct line to San Francisco and want to use it in the place of possibly longer routing through Boston. Similarly a packet addressed to USA.CA.LA matches the USA* and USA.CA* entries. Intuitively, it should be sent to L3 corresponding to the most specific match USA.CA.*.
In summary, routers obtain massive savings in table size by summarizing several address entries by using a single prefix entry. Unfortunately, this leads to possibly multiple prefixes matching a given address, with the result that routers must solve a harder problem called best matching prefix.
With this interlude behind us, we can define the Internet address lookup problem. First, Internet addresses are strings of bits, not words using English characters, as we used above for the sake of illustration. A bit is either a 0 or 1. A bit string is a sequence of bits like 0101. The length of a bit string is the number of bits it contains. Thus the length of bit string 0101 is 4. Internet addresses come in two flavors. The current Internet (sometimes called IPv4, for Internet Protocol, version 4) uses addresses that are bit strings of length 32. We often say that IPv4 uses 32 bit addresses. The Internet is expected to evolve to a next generation Internet (sometimes called IPv6, for Internet Protocol, version 6) which uses 128 bit addresses. As we will see, the longer length of IPv6 addresses will only compound the problems of routers.
Except for this minor difference (bit strings instead of character strings), the Internet lookup problem is exactly the best matching prefix problem described above. To make things more concrete, consider the forwarding table of Internet address prefixes shown in FIG. 6. Except for the fact that we use bit strings (and we have labeled the prefixes for convenience), the situation is identical to the table in FIG. 4.
Now suppose we have a 32 bit IPv4 destination address whose first 6 bits are 10101. Clearly its best matching prefix is Prefix P4 though it also matches Prefix P3 and P2. Thus any message to such a destination address should be sent to the output link corresponding to P4, which is L2. The naivest method to solve the best matching prefix problem is to scan the entire forwarding table looking for the best matching prefix of an address. This would be grossly inefficient for large tables. We now describe two standard prior art solutions that attempt to solve the IP matching prefix. The first solution is based on converting the best matching prefix problem into an exact match problem. The second solution is based on using a data structure called a trie. We will see that both solutions examine a destination address one bit at a time, and hence can take up to 32 steps for IPv4 (and 128 for IPv6). This can be too slow. Later, we will describe our invention for processing IP addresses in larger steps (which we call strides). From now, we will describe all schemes with respect to IPv4 (32 bit) addresses unless we specifically generalize to include IPv6.
In this standard solution from the prior art, we divide the forwarding table into several (at most 32) separate forwarding tables such that Table i contains all prefixes of length i. Thus, if we redraw the forwarding table of FIG. 5 using this idea, we get FIG. 6. Notice that prefix 1* is in the Length 1 table, Prefixes 10* and 01* are in the Length 2 table, and so on. We have simply separated prefixes into separate tables according to prefix length.
The idea now is to start trying to find the longest prefix possible starting with the longest length prefix table and work backwards until we find a prefix table that we get a match on. So consider an address A whose first 5 bits are 10100. Since our longest prefix length is 5, we first try for a 5 bit match. We take the first 5 bits of address A (i.e., 10100) and use any technique for exact matching to match these first 5 bits of address A against any prefix in the Length 5 database. A good technique to use for this is hashing. Since we fail to find a match, we move to the next length table (Length 3). This time we take the first 3 bits of address A (i.e., 101) and we search the Length 3 Table (see FIG. 6). This time we get a match and we see that the best matching prefix is 101* and the output link is L2.
This method can cost up to 32 exact matches (often done using hashing in software) for IPv4 and 128 exact matches for IPv6. (To see this consider an address that matches a 1 bit prefix, in a table that contains prefixes of all possible lengths). An example of a patent that does this is U.S. Pat. No. 549,517 by Mullan et al. This is often too time consuming in software. Another patent proposes doing all the exact matches in parallel using hardware. Each exact match is done using a Context Addressable Memory (CAM). Unfortunately, the hardware cost of this solution is also formidable as we have to use 32 CAMs for IPv4 (128 for v6); each CAM is expensive. Other methods have proposed pipelining the CAMs instead of doing the searches in parallel. However, this prior art solution has not been met with great commercial acceptance.
Another prior art solution is based on the use of tries. A trie is a data structure which allows us to search IP addresses a bit at a time, as in FIG. 6, but to do so incrementally. A trie is a tree of nodes, each note containing a table of pointers. The standard solutions for IPv4 (e.g., the solution used in the Berkeley UNIX software) uses binary tries, in which each trie node is a table consisting of two pointers.
An example will explain how tries work. Consider FIG. 7. The root node is shown on the top left. Each trie node is a table whose topmost entry can contain a prefix. Each table also can contain two pointers, each of which points to other trie nodes (FIG. 7) or to prefixes. This trie stores the same table as in FIG. 5. The root node (top left) has two pointers. The first pointer, corresponding to the value `0`, points to a subtrie that contains all prefixes that start with `0`. Since there is only one such prefix, i.e., P1, the `0` pointer points directly to P1. On the other hand, all five other prefixes begin with `1`. Thus the `1` pointer in the root node, points to a subtrie that contains the 5 prefixes.
Each subtrie is a smaller trie with a smaller number of prefixes. In addition to pointers, each node may also have a stored prefix P. Define the path of a trie node N to be the sequence of bits corresponding to the pointers used to reach N starting from the root. Thus in FIG. 7, the path of Node 1 is 1; the path of Node 2 is 10, and the path of Node 3 is 101. We store a prefix P inside node N if the path of node N is equal to prefix P, ignoring the * character. Thus in FIG. 76, we see that Node 1 stores P2=1*, Node 2 stores P3=10*, and Node 3 stores P4=101*.
Next, for each node N, the `0` pointer points to a subtrie of prefixes that begin with the Path of Node N followed by a `0`. The `1` pointer points to all prefixes that begin with the Path of Node N followed by a `1`. Thus, Node 1 has a `0` pointer that points to a subtrie that contains all prefixes that start with the Path to Node 1 (i.e., 1), in other words all prefixes that start with 10. Thus Node 1's 0 pointer points to a subtrie that contains P5 (100*), P3 (10*), P4 (101*), and P6 (10111*). Node 1's `1` pointer does not point anywhere because there is no prefix that starts with 11.
Similarly, Node 2's Path is 10. Thus Node 2 has P3 stored internally (P3=10*). Also, the `0` pointer of P3 points to all prefixes that begin with 100. Since the only such prefix is P5=100*, the `0` pointer of Node 2 points to P5. Similarly, the `1` pointer in Node 2 points to all prefixes that start with 101. Finally, Node 3's Path is 101. Thus P4=101* is stored at Node 3, and Node 3's 1 pointer points to all prefixes that start with 1011, of which the only such prefix is P6.
Now consider searching the trie table for the best matching prefix corresponding to an address A whose first 6 bits are 101011. We use the bits of an address, starting with the leftmost bit, to follow a path through the trie. We always begin at the root node. Since the first bit of A is 1, we follow the `1` pointer to Node 1. Since Node 1 contains a prefix, P1, we remember this as a possible matching prefix. Then, since the second bit of A is 0, we follow the `0` pointer to Node 2. Once again, since node 2 contains a prefix, P3, we remember this as the longest prefix we have seen so far on the path.
Next, since the third bit of A is 1, we follow the `1` pointer at Node 2 to Node 3. Once again, since Node 3 contains a prefix, P4, we remember P4 as the longest matching prefix seen so far. Finally, since the fourth bit of A is a `0`, we try to follow the `0` pointer at Node 3. At this point our trip through the trie stops because there is no `0` pointer at Node 3. When this happens we conclude that the best matching prefix for address A is P4. In actual practice, in every place a prefix is stored in FIG. 7, we would also store the corresponding output link as in FIG. 6 and FIG. 5. We have just omitted output links for the sake of simplicity.
Thus, to find a best match prefix in a trie, we use successive bits of the address to trade a path through the trie, starting from the root, until we fail to find a pointer or we end at a prefix. As we walk through the trie, we remember the last prefix we saw at a previous node, if any. When we fail to find a pointer, this is the best matching prefix.
As a second example of a search that ends with a prefix, consider searching for an address B whose first three bits are 100. We go from the root to Node 1 to Node 2 and then follow the `0` pointer to prefix P5 which is the best matching prefix.
The worst case time to walk through a trie path is the maximum number of nodes in a trie path. If we have the sequence of prefixes 1*, 11*, 111*,, 111*, etc. then we can easily have a trie path equal to the maximum address length (32 for IPv4, 128 for IPv6). Thus the time for trie search of an address can be as bad as following 32 (or 128 for V6) pointers. This is somewhat better than the 32 exact matches required in FIG. 6, but it is still slow for real routers. The problem is that the following of each pointer requires at least one READ of memory. The fastest reads to reasonably inexpensive memory take about 0.06 .mu.sec. Thus 32 READs take about 1.7 .mu.sec, which is the fastest that routers can do today.
A description of Tries can be found in the textbook called "Fundamental Algorithms, Sorting and Searching, by Donald Knuth, Addison Wesley, 1973". A description of a particular kind of trie (called a Patricia trie, and which is optimized to reduce storage) applied to Internet lookups can be found in Keith Sklower. A tree-based routing table for berkeley unix. Technical report, University of California, Berkeley and in W. Richard Stevens and Gary R. Wright. TCP/IP Illustrated, Volume 2 The Implementation. Addison-Wesley, 1995. H. Wilkinson, G. Varghese and N. Poole, Compressed Prefix Matching Database Searching, U.S. patent application Ser. No. 07/378,718, December 89. Issued in Australia as Patent 620994 describes another variant of tries that reduces storage using a technique called path compression. All the existing trie schemes assume that trie search must be performed 1 bit at a time if the prefixes can be of arbitrary length. This greatly slows down trie search as it requires W memory READS, where W is the size of a destination address.
Trie search that searches multiple bits at a time is described in Tong-Bi Pei and Charles Zukowski. Putting routing tables in silicon. IEEE Network Magazine, January 1992. However, this work only applies to exact matching and not to prefix matching. The work in U.S. Pat. No. 5,414,704 by Spinney applies only to exact matching and not to prefix matching. Radia Perlman. Interconnections, Bridges and Routers. Addison-Wesley, 1992 describes a method based on binary search. Unfortunately binary search takes time proportional to the logarithm of the number of entries. For a typical router database of 30,000 entries this takes 13 READs to memory which is too slow. The work in U.S. Pat. No. 5,261,090 applies to range checking which is a similar problem but also uses binary search.