Topological ordering based iterative TCAM rule compression using bi-partite graphs

Abstract

For fast packet classification, the de-facto industry standard is to use Ternary Content Addressable Memory (TCAM) chips where each chip stores one classifier rule and a given packet is checked against all such rules in parallel. In spite of the TCAM advantages, for a large number of rules, the TCAM deployment becomes expensive and the power consumption increases significantly. Therefore, it is desirable to reduce the number of TCAM rules while retaining the original classification semantics. In this work, we present efficient graph-based algorithms and data structures that allow us to capture the rule ordering relationships and iteratively compress the TCAM rules. Through extensive experiments, we show that our algorithm achieves 75% reduction of firewall rule sets on an average and even achieves an additional 24% compression on the output rule set of the state-of-the-art solutions.