Building Balanced Search Tree based on Layered Decision Tree for - PDF document

Building Balanced Search Tree based on Layered Decision Tree for Packet Classification Yeim-Kuan Chang Chao-Yen Chien Department of Computer Science and Information Department of Computer Science and Information Engineering Engineering National Cheng Kung University National Cheng Kung University Tainan, 701, Taiwan Tainan, 701, Taiwan ykchang@mail.ncku.edu.tw p76994026@ mail.ncku.edu.tw Abstract — Packet classification is an important building block needed in the decision tree based schemes is used to store the of the Internet routers for many network applications, such as internal nodes, leaf nodes, and the rules in the buckets Quality of Service (QoS), security, monitoring, analysis, and associated with the nodes. And the lookup speed depends on network intrusion detection (NIDS). In this paper, we propose the height of decision tree. HyperCuts builds the decision a scheme called Layer based Search Tree (LST) to solve multi- tree by cutting multiple dimensions at a time to obtain field packet classification problem. LST improves the smaller tree height, but it suffers from large memory traditional decision tree based schemes (e.g. HyperCuts and overhead. In this paper, we propose a novel packet EffiCuts) by reconstructing the leaf nodes of the decision tree classification scheme called Layer based Search Tree (LST). as an approximately balanced search tree. Since all the address LST improves the existing decision tree based schemes by subspace covered by each node of LST is disjoint, the buckets having two phases, partition phase and classification phase. of the leaf and internal nodes in LST must not be empty. Thus, In the partition phase, rules are partitioned into several only the rules in one bucket can match the header values of the buckets which are corresponding to the leaf nodes of binary incoming packet. Searches on LST are completed immediately decision tree. In the classification phase, we consider the leaf after the packet matches a rule in some internal node. In nodes of decision tree as sorted elements to construct an addition, we design the hardware search engine with pipeline approximately balanced binary search tree. LST can use the and parallel architecture for the LST in Xilinx Virtex-5 FPGA binary decision tree which has the least number of rule environment. Because the memory usage of LST is very duplications without damaging the search speed because efficient, our search engine can support the ACL, FW, and IPC speed of LST depends on the number of leaf nodes rather tables of 50k rules. LST search engine with dual ported memory can sustain the throughput of over 120 Gbps for the than height of the decision tree. packets of minimum size (40 bytes). Due to the high-speed link rate of router such as OC-768 (40Gbps), software solution is hard to achieve this Keywords- packet classification; Pipelined Architecture; requirement. The 40Gbps means the router must processes FPGA; decision tree; 40 bytes packet every 8 ns. Thus, field-programmable gate array (FPGA) has become a good choice for real-time I. INTRODUCTION network processor. Although many existing FPGA-based The packet classification problem is to determine the approaches can over 40Gbps for their throughput, the desired action (e.g., deny or permit) that should be taken by hardware resource (block RAM) is still a bottleneck that the incoming packets according to the highest priority rule their approaches merely design for smaller or not complex selected among a set of predefined rules. Typically, the rules rule table (ACL). We can implement our proposed scheme, are identified by a 5-field packet header that includes the layer based search tree, into FPGA with larger tables because source and destination IP address, the source and destination our proposed scheme need less memory requirement. In this port, and the protocol number. Each rule is also associated thesis, we also design a FPGA engine that has low hardware with a priority value to distinguish the importance among cost and still keep pace with the high throughput. multiple matched rules. Packet classification is an enabling II. RELATED WORK function provided by routers for many network applications, such as Quality of Service (QoS), security, monitoring, We discussed the decision-tree-based approaches HiCuts analysis, and network intrusion detection (NIDS). In order to [9], HyperSplit [20], HyperCuts [23], and EffiCuts [27] keep pace with the increase of the link rates and the growing because they are related to our proposed scheme. In decision size of classifiers, how to search the larger classifiers tree based scheme, a pre-computed decision tree is built as efficiently is an important topic in recent years. follows: Suppose a node v in the decision tree contain a set There are numerous solutions for packet classification. of rules. All the rules in v are distributed into child nodes of v Among them, decision tree based algorithms, like HyperCuts and some rules may be duplicated in more than one node. [23] or HiCuts [9], are well-known approaches. The memory The rule distribution process is repeated at each child node