Title :
Scalable packet classification
Author :
Baboescu, Florin ; Varghese, George
Author_Institution :
Dept. of Comput. Sci. & Eng., Univ. of California, La Jolla, CA, USA
Abstract :
Packet classification is important for applications such as firewalls, intrusion detection, and differentiated services. Existing algorithms for packet classification reported in the literature scale poorly in either time or space as filter databases grow in size. Hardware solutions such as TCAMs do not scale to large classifiers. However, even for large classifiers (say, 100 000 rules), any packet is likely to match a few (say, 10) rules. This paper seeks to exploit this observation to produce a scalable packet classification scheme called Aggregated Bit Vector (ABV). It takes the bit vector search algorithm (BV) described in Lakshman and Stidialis, 1998 (which takes linear time) and adds two new ideas, recursive aggregation of bit maps and filter rearrangement, to create ABV (which can take logarithmic time for many databases). We show that ABV outperforms BV by an order of magnitude using simulations on both industrial firewall databases and synthetically generated databases.
Keywords :
DiffServ networks; database management systems; security of data; telecommunication network routing; telecommunication security; aggregated bit vector; bit vector search algorithm; differentiated service; filter database; industrial firewall database; intrusion detection; recursive aggregation; scalable packet classification; synthetically generated database; Classification algorithms; Databases; Ethernet networks; Filters; Internet; Intrusion detection; Spine; Traffic control; Vectors; Wire;
Journal_Title :
Networking, IEEE/ACM Transactions on
DOI :
10.1109/TNET.2004.842232
