The Small, the Fast, and the Lazy (SFL): A General Approach for Fast and Flexible Packet Classification

2016 IEEE 41st Conference on Local Computer Networks (LCN) Pub Date : 2016-11-01 DOI:10.1109/LCN.2016.125

Sven Hager, Samuel Brack, B. Scheuermann

{"title":"The Small, the Fast, and the Lazy (SFL): A General Approach for Fast and Flexible Packet Classification","authors":"Sven Hager, Samuel Brack, B. Scheuermann","doi":"10.1109/LCN.2016.125","DOIUrl":null,"url":null,"abstract":"Packet classification-the matching of packet headers against a predefined rule set-is a crucial functionality of firewalls, intrusion detection systems, and SDN switches. Most existing classification algorithms trade setup time for classification speed-that is, the packet classification is fast, but the transformation of rules set into the corresponding search data structure takes a considerable amount of time. This preprocessing time, however, poses a significant challenge for systems where rule sets can often change. Hence, these systems often use slow classification algorithms that support frequent rule set updates, which drastically limits their achievable throughput. In this work, we present a novel algorithmic technique which is able to \"upgrade\" an arbitrary existing classification algorithm to support fast updates, while still providing high lookup performance. Our evaluation demonstrates that our proposed technique exceeds the matching performance of existing dynamically updatable algorithms by an order of magnitude while providing the same level of update responsiveness.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"1 1","pages":"43-51"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LCN.2016.125","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Packet classification-the matching of packet headers against a predefined rule set-is a crucial functionality of firewalls, intrusion detection systems, and SDN switches. Most existing classification algorithms trade setup time for classification speed-that is, the packet classification is fast, but the transformation of rules set into the corresponding search data structure takes a considerable amount of time. This preprocessing time, however, poses a significant challenge for systems where rule sets can often change. Hence, these systems often use slow classification algorithms that support frequent rule set updates, which drastically limits their achievable throughput. In this work, we present a novel algorithmic technique which is able to "upgrade" an arbitrary existing classification algorithm to support fast updates, while still providing high lookup performance. Our evaluation demonstrates that our proposed technique exceeds the matching performance of existing dynamically updatable algorithms by an order of magnitude while providing the same level of update responsiveness.

查看原文本刊更多论文

小、快、懒(SFL):一种快速、灵活的分组分类方法

包分类——将包头与预定义的规则集进行匹配——是防火墙、入侵检测系统和SDN交换机的一项关键功能。大多数现有的分类算法以设置时间换取分类速度，即分组分类速度快，但将规则集转换为相应的搜索数据结构需要相当多的时间。然而，这种预处理时间对规则集经常变化的系统构成了重大挑战。因此，这些系统通常使用支持频繁规则集更新的缓慢分类算法，这极大地限制了它们可实现的吞吐量。在这项工作中，我们提出了一种新的算法技术，它能够“升级”任意现有的分类算法以支持快速更新，同时仍然提供高查找性能。我们的评估表明，我们提出的技术在提供相同级别的更新响应性的同时，将现有动态可更新算法的匹配性能提高了一个数量级。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE 41st Conference on Local Computer Networks (LCN)

自引率

0.00%

发文量