Information Technology
Improved Method and Apparatus for Wire-Speed Packet Classification on IP Networks
WARF: P09053US
Inventors: Suman Banerjee, Jia Wang, Qunfeng Dong
The Wisconsin Alumni Research Foundation (WARF) is seeking commercial partners interested in developing an improved method and apparatus for classifying packets at wire-speed using both hardware- and software-based packet classification methods.
Overview
Packet classification is a critical factor affecting the quality of service and security on Internet protocol and other packet-based networks. Packet classification involves matching incoming information packets against a set of rules to determine specific actions, as in a firewall blocking network access to an unwanted packet. Packet classification can be performed by either software- or hardware-based classification; however, both of these methods have limitations.
Software-based approaches use high speed network processors with static random access memory (SRAM) or dynamic random access memory (DRAM). Yet, SRAM and DRAM technology cannot handle increasing transmission rate, or wire-speed, due to limitations of memory access speeds. An alternative is a hardware-based approach called ternary content addressable memory (TCAM). However, TCAM becomes increasingly expensive as transmission rates increase and classification rule sets become more complex.
Software-based approaches use high speed network processors with static random access memory (SRAM) or dynamic random access memory (DRAM). Yet, SRAM and DRAM technology cannot handle increasing transmission rate, or wire-speed, due to limitations of memory access speeds. An alternative is a hardware-based approach called ternary content addressable memory (TCAM). However, TCAM becomes increasingly expensive as transmission rates increase and classification rule sets become more complex.
The Invention
UW-Madison researchers have developed a method and apparatus for packet classification at wire-speed using both hardware- and software-based classifiers. In the new method, incoming packets are first processed through a hardware-based classifier that utilizes a set of evolving rules continuously modified by information from packet flow characteristics. If the hardware-based classifier cannot classify the packet, it is then processed by a more sophisticated software-based classifier. The combination of both hardware- and software-based classification allows optimal operation of the packet classifying apparatus.
The improved apparatus consists of a hardware-based packet classifier and a processor that executes the software-based packet classifier. The hardware-based classifier is able to store, update and create new evolving rules with the assistance of cache manager software. Updating the rules to promote maximum efficiency may involve ensuring rules are in accordance with sample packets, minimizing a cache miss ratio, reorganizing the structure of rules or hot-swapping rules. The software-based classifier also has a full set of rules to classify any packets that the hardware-based classifier could not classify. Taking advantage of hardware- and software-based classifiers, the new method and apparatus for packet classification maximizes the efficiency and speed of packet classification, in turn optimizing packet-based network quality of service and security.
The improved apparatus consists of a hardware-based packet classifier and a processor that executes the software-based packet classifier. The hardware-based classifier is able to store, update and create new evolving rules with the assistance of cache manager software. Updating the rules to promote maximum efficiency may involve ensuring rules are in accordance with sample packets, minimizing a cache miss ratio, reorganizing the structure of rules or hot-swapping rules. The software-based classifier also has a full set of rules to classify any packets that the hardware-based classifier could not classify. Taking advantage of hardware- and software-based classifiers, the new method and apparatus for packet classification maximizes the efficiency and speed of packet classification, in turn optimizing packet-based network quality of service and security.
Applications
- Maximize stateless firewall operation
- Protect any packet-based network, for example Internet protocol (IP), Ethernet, cellular or asynchronous transfer mode (ATM)
Key Benefits
- Improves efficiency of packet classification
- Applies to any packet-based network
- Can be implemented using software, hardware or a combination of both
Additional Information
For More Information About the Inventors
Related Technologies
Publications
For current licensing status, please contact Emily Bauer at [javascript protected email address] or 608-960-9842
- Dong Q., Banerjee S., Wang J., Agrawal D. and Shukla A. 2006. Packet Classifiers in Ternary CAMs can be Smaller. SIGMETRICS Perform. Eval. Rev. 34, 311-322.
- Dong Q., Banerjee S., Wang J. and Agrawal D. 2007. Wire-speed Packet Classification Without TCAMs: A Few More Registers (and a Bit of Logic) are Enough. In Proc. of the 2007 ACM SIGMETRICS Inter. Conf. on Meas. and Mod. of Comp. Sys. 253-264.