US20020089937A1 - Packet matching method and system - Google Patents

Packet matching method and system Download PDF

Info

Publication number
US20020089937A1
US20020089937A1 US09/992,677 US99267701A US2002089937A1 US 20020089937 A1 US20020089937 A1 US 20020089937A1 US 99267701 A US99267701 A US 99267701A US 2002089937 A1 US2002089937 A1 US 2002089937A1
Authority
US
United States
Prior art keywords
sub
rules
database
databases
rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US09/992,677
Inventor
Srinivasan Venkatachary
Pankaj Gupta
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Avago Technologies International Sales Pte Ltd
Original Assignee
Sahasra Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sahasra Networks Inc filed Critical Sahasra Networks Inc
Priority to US09/992,677 priority Critical patent/US20020089937A1/en
Assigned to SAHASRA NETWORKS, INC. reassignment SAHASRA NETWORKS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GUPTA, PANKAJ, VENKATACHARY, SRINIVASAN
Publication of US20020089937A1 publication Critical patent/US20020089937A1/en
Assigned to CYPRESS SEMICONDUCTOR CORP. reassignment CYPRESS SEMICONDUCTOR CORP. MERGER (SEE DOCUMENT FOR DETAILS). Assignors: SAHASRA NETWORKS, INC.
Assigned to NETLOGIC MICROSYSTEMS, INC. reassignment NETLOGIC MICROSYSTEMS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CYPRESS SEMICONDUCTOR CORPORATION
Priority to US12/165,541 priority patent/US7978709B1/en
Assigned to BROADCOM CORPORATION reassignment BROADCOM CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NETLOGIC I LLC
Assigned to NETLOGIC I LLC reassignment NETLOGIC I LLC CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: NETLOGIC MICROSYSTEMS, INC.
Assigned to BANK OF AMERICA, N.A., AS COLLATERAL AGENT reassignment BANK OF AMERICA, N.A., AS COLLATERAL AGENT PATENT SECURITY AGREEMENT Assignors: BROADCOM CORPORATION
Assigned to AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. reassignment AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BROADCOM CORPORATION
Assigned to BROADCOM CORPORATION reassignment BROADCOM CORPORATION TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS Assignors: BANK OF AMERICA, N.A., AS COLLATERAL AGENT
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • H04L45/7453Address table lookup; Address filtering using hashing

Definitions

  • Packet matching which includes classification and forwarding, is a crucial function performed by Internet routers.
  • packet matching is concerned with the task of taking incoming packets to a router and determining how best to classify and how best to forward the packet based on the packet's header. Matching is generally accomplished the same way, namely the packet header is compared with a database, and the best match between the packet header and the entries of the database is found.
  • the entries of the database may be classification rules, or they may be forwarding addresses, but the general procedure is the same.
  • the goals of classification and forwarding are the same, that is finding the best match between the packet header and the database entries as quickly as possible.
  • the databases such as rule databases
  • CAM Content Addressable Memory
  • Next generation routers will maintain rule databases containing 32,000 or more rules.
  • the increased speed of these new routers will require packet matching speeds of 100 million or more packets per second. Power dissipation becomes a major problem at these speeds.
  • a parallel search of the databases requires that every bit of the memories upon which the databases reside be simultaneously accessed. This places excessive demands on the router's power distribution system, greatly complicating the layout and routing of the memory chips and printed circuit boards comprising the router, and significantly taxing the cooling systems employed by the router. Any conventional solutions to these problems adversely impact the cost of the router. While a more linear search can be performed on the databases, any reduction in parallelism adversely impacts the router's speed, which is limited by the packet matching speed.
  • the Packet Matching System comprises an All Matching Rules Engine, a plurality of Best Matching Rules Sub-Engines, and a Collate Engine.
  • the All Matching Rules Engine receives a packet header and searches for at least one match for the packet header from among a set of Necessary Path Condition Rules.
  • the Necessary Path Condition Rules correspond to sub-databases comprising subsets of classification rules or forwarding entries.
  • the Best Matching Rules sub-Engines comprise searchable memory such as Content Addressable Memory. The searchable memory stores the sub-databases.
  • the Best Matching Rules sub-Engines search only those sub-databases corresponding to Necessary Path Condition Rules that match the packet header. Because the sub-databases are much smaller than the aggregation of all of the classification rules or forwarding entries, searching the memory of the sub-engines requires much less power than performing a search on all of the classification rules. At the same time the speed advantages of parallel searching is preserved.
  • the Collate Engine selects the single highest priority rule from the best matching rules indicated by the Best Matching Rules sub-Engines. If there is no best matching rule for the packet header the Collate Engine outputs a default value.
  • the Necessary Path Condition Rules and sub-databases are extracted from a Hierarchical Subdivision Tree.
  • the tree is constructed from the rule database through a recursive method that subdivides the entries of the database according to the bit values of each bit in each entry of the database.
  • the subdivision results in a tree comprising a root, a plurality of nodes, and a plurality of leaves, wherein the root, the nodes, and the leaves are interconnected by a plurality of branches.
  • Each branch corresponds to a value of the bits of each of the entries of the rule database.
  • Each leaf comprises a sub-database.
  • Each Necessary Path Condition Rule corresponds to at least one sub-database.
  • Each Necessary Path Condition Rule is comprised of the bit values associated with each traversed branch of the hierarchical subdivision tree while traversing the hierarchical subdivision tree from the root to the corresponding sub-database. Rules may be inserted or deleted into the Hierarchical Subdivision Tree and the minimum and maximum number of rules per sub-database may be defined.
  • the Hierarchical Subdivision Tree may be constructed for other types of databases such as Forwarding Address Databases.
  • FIG. 1 is a block diagram of a the Packet Matching System of the present invention.
  • FIGS. 2 a - d illustrates a method of a preferred embodiment for organizing a rule database through the construction of a hierarchical subdivision tree.
  • FIGS. 3 a - b illustrates a method of a preferred embodiment for reducing a plurality of sub-databases in a hierarchical subdivision tree.
  • FIG. 1 illustrates a preferred embodiment of the Packet Matching System 10 of the present invention.
  • the Packet Matching System accepts as input a packet header and produces as an output a best matching rule. If there is no best matching rule for a packet header, the Packet Matching System 10 outputs a default value.
  • matching rule is intended broadly to encompass matching classification rules as well as matching forwarding entries.
  • classification rules “forwarding entries”, and “matching rules” are herein referred to interchangeably.
  • rules when referring to classification rules, it is also understood that a reference is being made to forwarding entries.
  • rules is intended broadly to encompass classification rules as well as forwarding entries.
  • the Packet Matching System 10 comprises an All Matching Rules Engine (AMRE) 100 , a plurality of Best Matching Rules sub-Engines (BMRSE) 102 , and a Collate Engine 104 .
  • the AMRE 100 takes as input a packet header and compares the packet header to a set of Necessary Path Condition Rules (NPCR). Necessary Path Condition Rules will be discussed in detail below. The result of the comparison defines a subset of classification rules to be searched in order to find a best matching rule. Subsets of matching rules are grouped together as sub-databases. Sub-databases will be discussed in detail below.
  • Each of the BMRSE 102 comprise at least one sub-database.
  • Each of the sub-databases comprising the BMRSE 102 corresponds to a Necessary Path Condition Rule of the AMRE 100 .
  • a Necessary Path Condition Rule of the AMRE 100 For example, only sub-databases corresponding to Necessary Path Condition Rules that match with the incoming packet header are searched for a best matching rule.
  • each sub-database contains only a fractional subset of the entire database.
  • the Collate Engine 104 selects a single best matching rule from the outputs of the Best Matching Rules sub-Engines 102 . Generally, if more than one BMRSE produces a best matching rule, the Collate Engine 104 simply chooses the best matching rule with the highest priority. All classification rules have a priority associated with them. Otherwise, if only one BMRSE produces a best matching rule, that rule alone is indicated by the Collate Engine 104 as the best matching rule. Selecting a rule based on it's priority is analogous to finding the highest priority element in a set.
  • One preferred method implemented by the present invention to prioritize the classification rules is to organize the entries in the sub-databases in the Best Matching Rules sub-Engines 102 according to their cost.
  • the Collate Engine 204 selects the highest priority rule of the set of all best matching rules. The practice and implementation of such searches are well understood by those skilled in the art. Assigning priorities is a common task performed by system administrators. For prefix matching, longer matching prefixes have a higher priority than shorter matching prefixes.
  • the physical implementation of the AMRE 100 and the BMRE 102 requires the ability to store and quickly search the Necessary Path Condition Rules of the AMRE 100 and the sub-databases of the BMRE 102 .
  • Any storage medium capable of storing data structures for rule matching and efficiently searching rules may be used for storage and searching of the Necessary Path Condition Rules and sub-databases.
  • the AMRE 100 and each Best Matching Rules sub-Engine 102 comprise a Content Addressable Memory (CAM). CAMs allow the quick storage and parallel search and retrieval of their memory contents and are well understood by those skilled in the art.
  • the AMRE 100 and Best Matching Rules sub-Engines 102 may comprise various memory technologies such as DRAM and SRAM. Additionally, these and other storage and search technologies may be used alone or in combination. It is advantageous to reduce the number of memories, or memory elements, searched per incoming packet. The greater the size of the search the greater the power requirements of this, or any, classification system.
  • the Necessary Path Condition Rules comprising the memory contents of the AMRE memory are searched against the packet header to determine which sub-databases to search.
  • the present invention typically performs a hierarchical search on only a very small fraction of the plurality of classification rules thereby significantly reducing the power requirements of the entire search. Additionally, all searching is done in parallel thereby retaining the same speed advantages of the searching methods of the prior art. Occasionally, there might be some packets for which all of the BMRSE must participate in the search, however this is statistically quite rare and even with these full searches large power savings are realized on average. As a result the present invention yields a power savings of at least around 90% on average over the prior art.
  • the Collate Engine 104 is used to select the best matching rule as described above.
  • each BMRSE comprises a searchable memory such as a CAM and each CAM comprises at least one sub-database. Due to the granularity of the CAM, more than one sub-database typically resides on each BMRSE CAM.
  • the memory technologies discussed above may be physically separate memories residing on separate chips, they may be separate chips integrated within a single package, they may be separate memories residing on the same semiconductor chip, or they may manifest themselves as logically separate memories while residing physically on the same memory.
  • Many other memory implementations and architectures may be used and such memories and architectures are well understood by those skilled in the art. The key requirement among all of these implementations however is that a subset of all of the memory contents may be searched while not searching the remaining contents.
  • the method involves the creation of a Hierarchical Subdivision Tree (HST).
  • HST Hierarchical Subdivision Tree
  • the HST is created via a recursive algorithm that works on the bits of the classification rules and stops when either all of the bits have been examined or the rules have been divided into sufficiently small sub-rule sets, or sub-databases.
  • the HST comprises a single root marking the start of the tree, a plurality of nodes, and a plurality of leaves.
  • the root, nodes and leaves are interconnected by a plurality of branches. As will be shown, each branch corresponds to a bit value of the bits comprising the plurality of classification rules.
  • the leaves correspond to endpoints of the HST, and as will be shown, the contents of the leaves comprise the sub-databases.
  • the nodes provide intersection points for the branches.
  • the bits corresponding to each branch traversed comprises the bits in each Necessary Path Condition Rule of the plurality of Necessary Path Condition Rules that comprise the AMRE 100 .
  • FIG. 2 b three nodes 202 , 204 , 206 connected by three branches labeled ‘0’, ‘1’, and ‘X’ are created.
  • Rules where bit 0 equals zero, that is F(CurrentBit) ‘0’, comprise the node connected via the branch ‘0’.
  • node 202 is connected to it's parent 200 , also the root, via a ‘0’ branch
  • node 204 is connected to it's parent 200 via a ‘1’ branch
  • node 206 is connected to it's parent 200 via an ‘X’ branch.
  • nodes 212 and 214 are created from their parent node 204 .
  • FIG. 2 d illustrates yet another recursive pass in the formation of the HST.
  • node 208 is operated upon to create nodes 222 , 224 and 226 connected to their parent node 208 via branches ‘0’, ‘1’, and ‘X’ respectively.
  • the recursive algorithm used to create the HST comprises the following steps:
  • the Necessary Path Condition Rules are extracted from the HST by traversing a path from the root of the HST to each leaf of the HST and noting the value of each branch traversed.
  • the Necessary Path Condition Rules comprise all of the values of the each traversed branch plus don't care bits, ‘X’, in order to ensure that the number of bits of the Necessary Path Condition Rules equal the number of bits of the rules.
  • FIG. 2 d there are eight leafs, representing eight sub-databases, and thus there are eight Necessary Path Condition Rules.
  • the NPCR for the database of leaf 224 is “001XX” since branch ‘0’ between root 200 and node 202 is traversed, branch ‘0’ between nodes 202 and 208 is traversed, and branch ‘1’ between node 208 and leaf 224 is traversed.
  • the Necessary Path Condition Rules for the exemplary database of FIG. 2 a are thus shown in Table 1 below. TABLE 1 Corresponding Sub-Database Rules in sub- NPCR (See annotations on FIG.
  • each sub-database comprises a set of up to T classification rules, and each classification rule is a member of exactly one sub-database.
  • Rule Subset Hoisting The number of NPCR entries in the All Matching Rules Engine can be reduced, along with the number of sub-rule databases, via a rule merging technique called Rule Subset Hoisting.
  • Rule Subset Hoisting Through Rule Subset Hoisting, subsets of rules comprising a sub-database having less than a number T min of rules are merged to create a new sub-database having greater than T min rules but less than T rules.
  • FIGS. 3 a - b illustrates the Rule Subset Hoisting method.
  • the exact number of rules, their bit lengths, the number of nodes, leaves, branches and the like, along with the number of iterations of the recursive HST algorithm required to complete the HST of FIG. 3 a is unimportant to this example.
  • FIG. 3 a shows a section of an HST with sixteen leaves shown.
  • the leaves contain a number indicating the number of rules per leaf, or sub-database.
  • the root and the nodes contain no number.
  • leaves 300 , 302 , 304 , 306 , 308 , and 310 comprise 2, 5, 3, 3, 2, and 5 rules per sub-database, respectively.
  • T min 6 so these rules are all below the minimum number defined for this HST.
  • sub-rule set 300 is hoisted to it's parent 316 .
  • sub-rule set 316 comprises two rules.
  • sub-rule set 316 is hoisted to it's parent node 318 which comprises 5 rules from the hoisting of node 310 . Therefore, node 318 comprises 7 rules as shown in FIG. 3 b from the merging of sub-rule sets 300 , and 310 . Since 7 is greater than T min and less than or equal to T, no more hoisting is required. Similarly, the 6 rules of node 312 are greater that T min and no more hoisting is required.
  • Rule Subset Hoisting can be described via the following steps:
  • the All Matching Rules Engine and Best Matching Rules Sub-Engines comprise memories such as CAMs.
  • the CAM holds a set of Necessary Path Condition Rules.
  • the CAMs hold sub-databases, wherein the sub-databases comprise sets of rules. Because the CAMs, or any other suitable memory devices, are actual physical device, memory complexity must be considered.
  • the AMRE holds the Necessary Path Condition Rules and as such must be large enough to hold all of the NPCR.
  • each BMRSE it is advantageous for the each BMRSE to hold only a single database in a single CAM. This, once again, is because the smaller number of bits searched per packet classification, the lower the average power requirements per classification.
  • sub-databases comprising only a fraction of the total number of classification rules can quickly be identified for searching via the AMRE.
  • each BMRSE typically holds more than one sub-database. It is therefore advantageous to group the sub-databases residing in the BMRSE such that concurrent activation of more than one BMRSE is minimized.
  • a presently preferred method of determining the placement of sub-databases within the BMRSE involves a heuristic search combined with a probabilistic search. It should be noted however that while it is advantageous to use these two search methods in combination, either of these methods can be used alone with satisfactory results. Both methods first require the creation of the sub-databases and NPCR.
  • the heuristic search comprises finding and grouping together all NPCR that could simultaneously match for a given packet header. For example, given a first exemplary NPCR 0X110X1 and 0111XX1 there are two packet headers that match both first NPCR, namely 0111010 and 0111001. Given a second exemplary NPCR 0XX1011 and 0XX1XX1 there are much more than two packet headers that match the second exemplary NPCR.
  • the heuristic search involves basic logic operations, the details of which are well understood by those skilled in the art.
  • the heuristic search groups NPCR that may all match for a particular packet header.
  • the probability of a match varies for the NPCR.
  • the probability of a simultaneous match for the second exemplary NPCR above is higher than that for the first exemplary NPCR due to the fact that there are many more packet headers that can match the second NPCR than the first.
  • the probabilistic method is utilized to fine tune how the NPCR, and thus the sub-databases, should be grouped.
  • the probabilistic method comprises randomly generating valid packet headers, presenting a multiplicity of these packet headers to the AMRE, all along keeping statistics of how often and which sub-rule databases associated with the NPCR are concurrently searched for each packet header. After numerous packets, the statistics reveal that some sub-databases are more likely to need to be concurrently searched than others. The placement of the sub-databases is then done such that those sub-databases more likely to be concurrently searched are stored within the same memory comprising a BMRSE. Additionally, before storing of the sub-databases within the BMRSE the sub-database entries are sorted according to their priority.
  • Packet header generation devices and associated equipment and methods to monitor said packets including statistical techniques to analyze the results of classifying said packets, are widely used and well understood by those skilled in the art.
  • Hierarchical Intelligent Cuttings may be applied to the HST structure and sub-databases to further decrease the storage requirements of the system. Via Hierarchical Intelligent Cuttings the storage requirements of each sub-database can be reduced to a number S, wherein S is measured in units of bytes per rule, or equivalent. Furthermore, S may be different for each sub-database.
  • Cross Producting or Recursive Flow Classification may also be used either alone or in combination with each other or Hierarchical Intelligent Cuttings.
  • Hierarchical Intelligent Cuttings, Cross Producting, and Recursive Flow Classifications are discussed in the following papers which are hereby incorporated by reference: “Packet Classification on Multiple Fields,” Pankaj Gupta and Nick McKeown, Proc. Sigcomm, Computer Communication Review, vol. 29, no. 4, pp. 147-60, September 1999, Harvard University; “Packet Classification using Hierarchical Intelligent Cuttings,” Pankaj Gupta and Nick McKeown, Proc. Hot Interconnects VII, August 99, Stanford University; “Fast and Scalable Layer 4 Switching,” V. Srinivasan, G. Varghese, S. Suri and M. Waldvogel, Presented at ACM Sigcomm98.
  • HST was subdivided according to bits ‘ 0 ’, ‘ 1 ’, and ‘X’
  • other subdivision criteria may be incorporated with those discussed.
  • selected nodes may be subdivided according to examining groups of bits rather than single bits.
  • a forwarding prefix database comprising a plurality of next hop addresses given a packet header
  • a forwarding prefix database can easily be organized via an HST, the equivalent of Necessary Path Condition Rules extracted from the HST, and the forwarding prefix database subdivided into a plurality of forwarding prefix sub-databases.
  • the HST is generated exactly as described above.
  • the equivalent of NPCR and the sub-databases are stored in the AMRE and the BMRSE exactly as described above. Packet headers are input into the and a search for a best match among the database entries is performed exactly as described above.

Abstract

The preferred embodiments described herein provide a Packet Matching System and Method. A Matching Rules Database is quickly searched for a Best Matching Rule for a packet header. Power is conserved in the system by searching only a small subset of rules of the rules database. An All Matching Rules Engine comprising a plurality of Necessary Path Condition Rules is searched to determine which subset of matching rules, or sub-databases, to search for a best matching rule. The sub-databases are then searched by Best Matching Rules sub-Engines and a best matching rule is selected from the results of the sub-database searches by a Collate Engine. The Rules Database is organized according to a Hierarchical Subdivision Tree. Necessary Path Condition Rules and sub-databases are extracted from the Hierarchical Subdivision Tree.

Description

  • This application claims the benefit of U.S. Provisional Application No. 60/249701, filed Nov. 16, 2000, which is hereby incorporated by reference.[0001]
  • BACKGROUND
  • Packet matching, which includes classification and forwarding, is a crucial function performed by Internet routers. Briefly, packet matching is concerned with the task of taking incoming packets to a router and determining how best to classify and how best to forward the packet based on the packet's header. Matching is generally accomplished the same way, namely the packet header is compared with a database, and the best match between the packet header and the entries of the database is found. The entries of the database may be classification rules, or they may be forwarding addresses, but the general procedure is the same. Furthermore, the goals of classification and forwarding are the same, that is finding the best match between the packet header and the database entries as quickly as possible. [0002]
  • In current routers, the databases, such as rule databases, contain anywhere from tens to around one thousand rules. These rules generally reside in high speed, solid state memory such as Content Addressable Memory (CAM) that allows quick, parallel, comparisons between an incoming packet and the contents of the memory. Today's most advanced routers can match up to around 10 million packets per second. While current solutions works well for rule databases of up to around one thousand rules, the current solutions do not scale up adequately for the requirements of next generation routers. [0003]
  • Next generation routers will maintain rule databases containing 32,000 or more rules. The increased speed of these new routers will require packet matching speeds of 100 million or more packets per second. Power dissipation becomes a major problem at these speeds. A parallel search of the databases requires that every bit of the memories upon which the databases reside be simultaneously accessed. This places excessive demands on the router's power distribution system, greatly complicating the layout and routing of the memory chips and printed circuit boards comprising the router, and significantly taxing the cooling systems employed by the router. Any conventional solutions to these problems adversely impact the cost of the router. While a more linear search can be performed on the databases, any reduction in parallelism adversely impacts the router's speed, which is limited by the packet matching speed. [0004]
  • Thus a need presently exists for a Packet Matching System and Method that can satisfy the packet matching needs of future routers while avoiding the limitations of present matching schemes. [0005]
  • SUMMARY
  • By way of introduction, the preferred embodiments described below provide a Packet Matching Method and System. The Packet Matching System comprises an All Matching Rules Engine, a plurality of Best Matching Rules Sub-Engines, and a Collate Engine. The All Matching Rules Engine receives a packet header and searches for at least one match for the packet header from among a set of Necessary Path Condition Rules. The Necessary Path Condition Rules correspond to sub-databases comprising subsets of classification rules or forwarding entries. The Best Matching Rules sub-Engines comprise searchable memory such as Content Addressable Memory. The searchable memory stores the sub-databases. The Best Matching Rules sub-Engines search only those sub-databases corresponding to Necessary Path Condition Rules that match the packet header. Because the sub-databases are much smaller than the aggregation of all of the classification rules or forwarding entries, searching the memory of the sub-engines requires much less power than performing a search on all of the classification rules. At the same time the speed advantages of parallel searching is preserved. The Collate Engine selects the single highest priority rule from the best matching rules indicated by the Best Matching Rules sub-Engines. If there is no best matching rule for the packet header the Collate Engine outputs a default value. [0006]
  • The Necessary Path Condition Rules and sub-databases are extracted from a Hierarchical Subdivision Tree. The tree is constructed from the rule database through a recursive method that subdivides the entries of the database according to the bit values of each bit in each entry of the database. The subdivision results in a tree comprising a root, a plurality of nodes, and a plurality of leaves, wherein the root, the nodes, and the leaves are interconnected by a plurality of branches. Each branch corresponds to a value of the bits of each of the entries of the rule database. Each leaf comprises a sub-database. Each Necessary Path Condition Rule corresponds to at least one sub-database. Each Necessary Path Condition Rule is comprised of the bit values associated with each traversed branch of the hierarchical subdivision tree while traversing the hierarchical subdivision tree from the root to the corresponding sub-database. Rules may be inserted or deleted into the Hierarchical Subdivision Tree and the minimum and maximum number of rules per sub-database may be defined. The Hierarchical Subdivision Tree may be constructed for other types of databases such as Forwarding Address Databases. [0007]
  • The foregoing paragraphs have been provided by way of general introduction, and they should not be used to narrow the scope of the following claims. The preferred embodiments will now be described with reference to the attached drawings.[0008]
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram of a the Packet Matching System of the present invention. [0009]
  • FIGS. 2[0010] a-d illustrates a method of a preferred embodiment for organizing a rule database through the construction of a hierarchical subdivision tree.
  • FIGS. 3[0011] a-b illustrates a method of a preferred embodiment for reducing a plurality of sub-databases in a hierarchical subdivision tree.
  • DETAILED DESCRIPTION OF THE PRESENTLY PREFERRED EMBODIMENTS
  • Turning now to the drawings, FIG. 1 illustrates a preferred embodiment of the [0012] Packet Matching System 10 of the present invention. The Packet Matching System accepts as input a packet header and produces as an output a best matching rule. If there is no best matching rule for a packet header, the Packet Matching System 10 outputs a default value.
  • As used herein, the term “matching rule” is intended broadly to encompass matching classification rules as well as matching forwarding entries. Furthermore the terms “classification rules”, “forwarding entries”, and “matching rules” are herein referred to interchangeably. For example, when referring to classification rules, it is also understood that a reference is being made to forwarding entries. Additionally the term “rules” is intended broadly to encompass classification rules as well as forwarding entries. [0013]
  • The [0014] Packet Matching System 10 comprises an All Matching Rules Engine (AMRE) 100, a plurality of Best Matching Rules sub-Engines (BMRSE) 102, and a Collate Engine 104. The AMRE 100 takes as input a packet header and compares the packet header to a set of Necessary Path Condition Rules (NPCR). Necessary Path Condition Rules will be discussed in detail below. The result of the comparison defines a subset of classification rules to be searched in order to find a best matching rule. Subsets of matching rules are grouped together as sub-databases. Sub-databases will be discussed in detail below.
  • Each of the BMRSE [0015] 102 comprise at least one sub-database. Each of the sub-databases comprising the BMRSE 102 corresponds to a Necessary Path Condition Rule of the AMRE 100. Thus, only sub-databases corresponding to Necessary Path Condition Rules that match with the incoming packet header are searched for a best matching rule. Furthermore each sub-database contains only a fractional subset of the entire database.
  • The [0016] Collate Engine 104 selects a single best matching rule from the outputs of the Best Matching Rules sub-Engines 102. Generally, if more than one BMRSE produces a best matching rule, the Collate Engine 104 simply chooses the best matching rule with the highest priority. All classification rules have a priority associated with them. Otherwise, if only one BMRSE produces a best matching rule, that rule alone is indicated by the Collate Engine 104 as the best matching rule. Selecting a rule based on it's priority is analogous to finding the highest priority element in a set. One preferred method implemented by the present invention to prioritize the classification rules is to organize the entries in the sub-databases in the Best Matching Rules sub-Engines 102 according to their cost. Those rules with the lowest cost will be considered to have a higher priority than those with a higher cost. The Collate Engine 204 then selects the highest priority rule of the set of all best matching rules. The practice and implementation of such searches are well understood by those skilled in the art. Assigning priorities is a common task performed by system administrators. For prefix matching, longer matching prefixes have a higher priority than shorter matching prefixes.
  • The physical implementation of the [0017] AMRE 100 and the BMRE 102 requires the ability to store and quickly search the Necessary Path Condition Rules of the AMRE 100 and the sub-databases of the BMRE 102. Any storage medium capable of storing data structures for rule matching and efficiently searching rules may be used for storage and searching of the Necessary Path Condition Rules and sub-databases. Preferably, the AMRE 100 and each Best Matching Rules sub-Engine 102 comprise a Content Addressable Memory (CAM). CAMs allow the quick storage and parallel search and retrieval of their memory contents and are well understood by those skilled in the art. Alternatively the AMRE 100 and Best Matching Rules sub-Engines 102 may comprise various memory technologies such as DRAM and SRAM. Additionally, these and other storage and search technologies may be used alone or in combination. It is advantageous to reduce the number of memories, or memory elements, searched per incoming packet. The greater the size of the search the greater the power requirements of this, or any, classification system.
  • During a best matching rule search for a packet header the entire contents of the AMRE CAM is searched. This occurs for each and every incoming packet. The CAM however need only be able to store a small fraction of bits in comparison to the total number of bits comprising all of the classification rules. This is because, as will detailed below, the number of Necessary Path Condition Rules is a fraction of the number of classification rules. [0018]
  • Thus, providing a database of classification rules and the method described below to create a plurality of sub-databases of classification rules, the Necessary Path Condition Rules comprising the memory contents of the AMRE memory are searched against the packet header to determine which sub-databases to search. [0019]
  • Once it is determined which databases to search, only the Best Matching Rules sub-Engines comprising the databases determined to be searched participate in searching for the best matching rule. Thus, whereby in the prior art, at best, reduces the number of rules that must be searched on average for each and every packet classification to around 50% of the total number of rules, the present invention typically performs a hierarchical search on only a very small fraction of the plurality of classification rules thereby significantly reducing the power requirements of the entire search. Additionally, all searching is done in parallel thereby retaining the same speed advantages of the searching methods of the prior art. Occasionally, there might be some packets for which all of the BMRSE must participate in the search, however this is statistically quite rare and even with these full searches large power savings are realized on average. As a result the present invention yields a power savings of at least around 90% on average over the prior art. [0020]
  • Finally, once the best matching rules are found, the [0021] Collate Engine 104 is used to select the best matching rule as described above.
  • As previously mentioned, each BMRSE comprises a searchable memory such as a CAM and each CAM comprises at least one sub-database. Due to the granularity of the CAM, more than one sub-database typically resides on each BMRSE CAM. [0022]
  • Also, as is well understood by those skilled in the art, the memory technologies discussed above may be physically separate memories residing on separate chips, they may be separate chips integrated within a single package, they may be separate memories residing on the same semiconductor chip, or they may manifest themselves as logically separate memories while residing physically on the same memory. Many other memory implementations and architectures may be used and such memories and architectures are well understood by those skilled in the art. The key requirement among all of these implementations however is that a subset of all of the memory contents may be searched while not searching the remaining contents. [0023]
  • ORGANIZING THE RULE DATABASE
  • A method to organize the plurality of classification rules comprising the rule database will now be discussed. The method involves the creation of a Hierarchical Subdivision Tree (HST). The HST is created via a recursive algorithm that works on the bits of the classification rules and stops when either all of the bits have been examined or the rules have been divided into sufficiently small sub-rule sets, or sub-databases. The HST comprises a single root marking the start of the tree, a plurality of nodes, and a plurality of leaves. The root, nodes and leaves are interconnected by a plurality of branches. As will be shown, each branch corresponds to a bit value of the bits comprising the plurality of classification rules. The leaves correspond to endpoints of the HST, and as will be shown, the contents of the leaves comprise the sub-databases. The nodes provide intersection points for the branches. [0024]
  • In the presently preferred embodiment, there is one unique path from the root of the HST, through the nodes, via the branches, to each leaf. While traversing each path, the bits corresponding to each branch traversed comprises the bits in each Necessary Path Condition Rule of the plurality of Necessary Path Condition Rules that comprise the [0025] AMRE 100.
  • Turning now to FIGS. 2[0026] a-d the construction of an exemplary hierarchical subdivision tree is described. FIG. 2a shows a rule database 200 comprising N=16 rules, each rule comprising W=5 bits, wherein each bit has a value of “0”, “1” or “X”. In practice there may be tens of thousand of rules in the rule database, and each rule may have hundreds of bits. A larger sub-database will result in a larger HST with more nodes, branches, and leaves, but the steps to create the HST are identical. Prior to building the HST a threshold is set. In this example the threshold is T=3. The threshold defines the maximum number of rules per sub-database.
  • In FIG. 2[0027] b three nodes 202, 204, 206 connected by three branches labeled ‘0’, ‘1’, and ‘X’ are created. This level is the CurrentBit=0 level meaning that any nodes created are the result of examining the first bit (bit 0) of every rule F in the rule database 200. Rules where bit 0 equals zero, that is F(CurrentBit)=‘0’, comprise the node connected via the branch ‘0’. Rules where bit 0 equals ‘1’, that is F(CurrentBit)=‘1’, comprise the node connected via the branch ‘1’. And rules where bit 0 equals ‘X’, that is R(CurrentBit)=‘X’ comprise the node connected via the branch ‘X’.
  • Thus, FIG. 2[0028] b shows three nodes: node 202 comprising six rules, all of which F(CurrentBit=0) equals ‘0’, node 204 comprising four rules, all of which F(CurrentBit=0) equals ‘1’, and node 206 comprising six rules, all of which F(CurrentBit=0) equal ‘X.’ Accordingly, node 202 is connected to it's parent 200, also the root, via a ‘0’ branch, node 204 is connected to it's parent 200 via a ‘1’ branch, and node 206 is connected to it's parent 200 via an ‘X’ branch.
  • It is noted from FIG. 2[0029] b that each ending node 202, 204 and 206 has more than T=3 rules. Since T=3 represents the maximum number of rules per sub-database, and as it stands in FIG. 2b, each ending node has more than three rules, the HST must be further divided into additional nodes to reduce the number of rules per ending node.
  • FIG. 2[0030] c shows the evolution of the HST for the second bit of the classification rules, F(CurrentBit=1). Each of the nodes 202, 204 and 206 can spawn up to three additional nodes connected by branches denoted ‘0’, ‘1’, or ‘X’. Examining node 202 of FIG. 2b it is noted that the second bit of each rule is either a ‘0’ or a ‘1’. Accordingly, nodes 208 and 210 are created. Node 208, connected by a ‘0’ branch comprises four rules, each of which has F(CurrentBit=1)=‘0’. Node 210 comprises two rules connected by branch ‘1’, each rule obeying F(CurrentBit=1)=‘1’. Similarly, nodes 212 and 214 are created from their parent node 204. And nodes 216, 218 and 220 are created from their parent node 206. Note that node 206 spawns three children connected by branches ‘0’, ‘1’, and ‘X’ since F(CurrentBit=1) have all three values.
  • Next, upon examining nodes [0031] 208-220 of FIG. 2c it is noted that node 208 comprises four rules. Since T=3, and 4>3, node 208 must be subdivided once again. Nodes 210-220 all have less than or equal to three rules. Therefore no more subdivision is necessary and nodes 210-220 can be considered leaves, and their contents sub-databases.
  • FIG. 2[0032] d illustrates yet another recursive pass in the formation of the HST. Here only node 208 is operated upon to create nodes 222, 224 and 226 connected to their parent node 208 via branches ‘0’, ‘1’, and ‘X’ respectively. As can be seen, the comparison of F(CurrentBit=2) for the rules in node 208 yields rule subsets comprising less than or equal to T=3 rules. Thus, all of the rules of the original rule database 200 have been sub-divided into sub-databases, the contents of which are found in leaves 222-226, 212-220, of less than or equal to T=3 rules and a complete HST has been created via the recursive algorithm.
  • In summary, the recursive algorithm used to create the HST comprises the following steps: [0033]
  • 1) Providing a rule database comprising a plurality of rules F each of length W bits, let T=maximum number of rules per sub-database; [0034]
  • 2) CurrentBit=[0035] 0;
  • 3) Subdivide the rule database into sub-rule sets according to F(CurrentBit) [0036]
  • 4) For each sub-rule set: [0037]
  • a) if the number of rules F in each sub-rule set≦T, then the sub-rule set is a sub-database and no more operations should be performed on the sub-rule set, else [0038]
  • b) CurrentBit=CurrentBit+[0039] 1, subdivide each sub-rule set comprising a number of rules F>T into additional sub-rule sets according to F(CurrentBit), and repeat step 4 until step 4a is satisfied for all sub-rule sets, or all bits F(CurrentBit=W) have been examined.
  • The Necessary Path Condition Rules are extracted from the HST by traversing a path from the root of the HST to each leaf of the HST and noting the value of each branch traversed. The Necessary Path Condition Rules comprise all of the values of the each traversed branch plus don't care bits, ‘X’, in order to ensure that the number of bits of the Necessary Path Condition Rules equal the number of bits of the rules. [0040]
  • Turning to FIG. 2[0041] d, there are eight leafs, representing eight sub-databases, and thus there are eight Necessary Path Condition Rules. Thus, the NPCR for the database of leaf 224 is “001XX” since branch ‘0’ between root 200 and node 202 is traversed, branch ‘0’ between nodes 202 and 208 is traversed, and branch ‘1’ between node 208 and leaf 224 is traversed. The Necessary Path Condition Rules for the exemplary database of FIG. 2a are thus shown in Table 1 below.
    TABLE 1
    Corresponding Sub-Database Rules in sub-
    NPCR (See annotations on FIG. 2d) database
    000XX
    222 00011
    001XX 224 00111
    00XXX 226 00XX0
    00X1X
    10XXX
    212 10101
    11XXX 214 110X0
    11011
    11100
    X0XXX 216 X0X11
    X1XXX
    218 X10X1
    X1XX1
    XX1X1
    XXXXX
    220 XX010
    XXXX1
  • It is noted then that in constructing the HST, each sub-database comprises a set of up to T classification rules, and each classification rule is a member of exactly one sub-database. [0042]
  • REDUCING THE NUMBER OF SUB-DATABASES AND NPCR
  • The number of NPCR entries in the All Matching Rules Engine can be reduced, along with the number of sub-rule databases, via a rule merging technique called Rule Subset Hoisting. Through Rule Subset Hoisting, subsets of rules comprising a sub-database having less than a number T[0043] min of rules are merged to create a new sub-database having greater than Tmin rules but less than T rules.
  • FIGS. 3[0044] a-b illustrates the Rule Subset Hoisting method. The exact number of rules, their bit lengths, the number of nodes, leaves, branches and the like, along with the number of iterations of the recursive HST algorithm required to complete the HST of FIG. 3a is unimportant to this example.
  • FIG. 3[0045] a shows a section of an HST with sixteen leaves shown. The leaves contain a number indicating the number of rules per leaf, or sub-database. The root and the nodes contain no number. In this example, T=20 and Tmin=T/3=6. As such, all leaves contain less than or equal to T=20 rules.
  • Looking closely at FIG. 3[0046] a it is seen that leaves 300, 302, 304, 306, 308, and 310 comprise 2, 5, 3, 3, 2, and 5 rules per sub-database, respectively. As was already noted, Tmin=6 so these rules are all below the minimum number defined for this HST.
  • These rules are “hoisted” up to their parents. For example, sub-rule set [0047] 300 is hoisted to it's parent 316. Sub-rule sets 304 and 306 are hoisted up to their parent 312, producing a new sub-rule set of 3+3=6 rules in node 312. Sub-rule sets 302 and 308 are hoisted up to parent 314 to form a subset of 5+2=7 rules, and sub-rule set 310 is hoisted up to node 318.
  • The merging continues recursively until all sub-databases have hoisted up as far in the tree as possible. For example, after the first hoisting, sub-rule set [0048] 316 comprises two rules. Thus sub-rule set 316 is hoisted to it's parent node 318 which comprises 5 rules from the hoisting of node 310. Therefore, node 318 comprises 7 rules as shown in FIG. 3b from the merging of sub-rule sets 300, and 310. Since 7 is greater than Tmin and less than or equal to T, no more hoisting is required. Similarly, the 6 rules of node 312 are greater that Tmin and no more hoisting is required.
  • Thus, through the foregoing description of Rule Subset Hoisting, the sixteen sub-databases of FIG. 3[0049] a have been reduced to thirteen sub-databases. In sum, Rule Subset Hoisting can be described via the following steps:
  • 1) Define T min <T/3.
  • 2) For all leaves (nodes) with NumberOfRules<Tmin hoist rules up to their respective parent node.
  • 3) If the parent nodes still do not have Tmin rules, repeat step 2.
  • INSERTING AND DELETING RULES
  • With a complete understanding of how to create an HST, and how to merge sub-databases within an HST, inserting and deleting rules can easily be understood. When a rule F is added to the plurality of rules of the rule database, a path in the HST is followed, via the appropriate branches given each F(CurrentBit), to the corresponding sub-rule set, and F is added to that sub-rule set. If the addition to the sub-rule set causes the number of rules to exceed T, the sub-rule set is further subdivided as described above until the sub-rule sets have less than or equal to T rules. Merging as described above may then be performed on the sub-rule sets. [0050]
  • When deleting a rule, some sub-rule sets may fall below T[0051] min and the merging operation of Rule Subset Hoisting as described above may be performed to increase the minimum number of rules resident in each sub-database.
  • Thus, algorithms to organize a rule database have been disclosed and illustrated in detail. While specific examples have been given, those skilled in the art will recognize that many variations and adaptation of the current algorithms may be made while still remaining within the scope of the present invention. [0052]
  • MEMORY COMPLEXITY
  • As already discussed, the All Matching Rules Engine and Best Matching Rules Sub-Engines comprise memories such as CAMs. In the case of the AMRE, the CAM holds a set of Necessary Path Condition Rules. In the case of the BMRSE the CAMs hold sub-databases, wherein the sub-databases comprise sets of rules. Because the CAMs, or any other suitable memory devices, are actual physical device, memory complexity must be considered. [0053]
  • The AMRE holds the Necessary Path Condition Rules and as such must be large enough to hold all of the NPCR. The number of NPCR equals N/T[0054] min. So for Tmin=T/3, the number of NPCR equals 3N/T. Thus for N=64K, W=256, T=48, the number of NPCR is 4K and the CAM holding the NPCR must have a capacity of 4K*256 bits, or 1Mbit (128 kilobytes).
  • It is advantageous for the each BMRSE to hold only a single database in a single CAM. This, once again, is because the smaller number of bits searched per packet classification, the lower the average power requirements per classification. Via the hierarchical classification search detailed above, sub-databases comprising only a fraction of the total number of classification rules can quickly be identified for searching via the AMRE. However, due to physical limitations when designing and constructing memories suitable for use in the BMRSE, it more than likely that the such memories will be larger than what is required to hold T number of rules per sub-database. As a consequence, each BMRSE typically holds more than one sub-database. It is therefore advantageous to group the sub-databases residing in the BMRSE such that concurrent activation of more than one BMRSE is minimized. [0055]
  • A presently preferred method of determining the placement of sub-databases within the BMRSE involves a heuristic search combined with a probabilistic search. It should be noted however that while it is advantageous to use these two search methods in combination, either of these methods can be used alone with satisfactory results. Both methods first require the creation of the sub-databases and NPCR. [0056]
  • The heuristic search comprises finding and grouping together all NPCR that could simultaneously match for a given packet header. For example, given a first exemplary NPCR 0X110X1 and 0111XX1 there are two packet headers that match both first NPCR, namely 0111010 and 0111001. Given a second exemplary NPCR 0XX1011 and 0XX1XX1 there are much more than two packet headers that match the second exemplary NPCR. The heuristic search involves basic logic operations, the details of which are well understood by those skilled in the art. [0057]
  • So, the heuristic search groups NPCR that may all match for a particular packet header. However, the probability of a match varies for the NPCR. For example, the probability of a simultaneous match for the second exemplary NPCR above is higher than that for the first exemplary NPCR due to the fact that there are many more packet headers that can match the second NPCR than the first. Thus the probabilistic method is utilized to fine tune how the NPCR, and thus the sub-databases, should be grouped. [0058]
  • The probabilistic method comprises randomly generating valid packet headers, presenting a multiplicity of these packet headers to the AMRE, all along keeping statistics of how often and which sub-rule databases associated with the NPCR are concurrently searched for each packet header. After numerous packets, the statistics reveal that some sub-databases are more likely to need to be concurrently searched than others. The placement of the sub-databases is then done such that those sub-databases more likely to be concurrently searched are stored within the same memory comprising a BMRSE. Additionally, before storing of the sub-databases within the BMRSE the sub-database entries are sorted according to their priority. [0059]
  • Packet header generation devices and associated equipment and methods to monitor said packets, including statistical techniques to analyze the results of classifying said packets, are widely used and well understood by those skilled in the art. [0060]
  • While the disclosed methods still may yield memory placement of sub-databases that cause all BMRSE to be searched for an occasional packet header, this condition is statistically very unlikely. As such, statistically, only a single, or only a very small number of BMRSE need to be searched for an incoming packet and thus, statistically the average power requirements to classify a packet is kept extremely low. [0061]
  • ADDITIONAL OPTIMIZATIONS, ADVANTAGES AND MODIFICATIONS
  • Throughout the above discussions, the methods discussed herein were directed to organizing rule databases and the like into data structures optimized for T number of rules per sub-database. In addition to the foregoing methods, additional optimization methods will be discussed below, and these optimization may be applied alone or in conjunction with any of the other methods discussed herein. [0062]
  • Other algorithms may be used in conjunction with those discussed to better optimize the storage consumed by the data structures. For example, Hierarchical Intelligent Cuttings may be applied to the HST structure and sub-databases to further decrease the storage requirements of the system. Via Hierarchical Intelligent Cuttings the storage requirements of each sub-database can be reduced to a number S, wherein S is measured in units of bytes per rule, or equivalent. Furthermore, S may be different for each sub-database. Cross Producting or Recursive Flow Classification may also be used either alone or in combination with each other or Hierarchical Intelligent Cuttings. These and other algorithms suitable for decreasing storage requirements are well understood by those skilled in the art. Hierarchical Intelligent Cuttings, Cross Producting, and Recursive Flow Classifications are discussed in the following papers which are hereby incorporated by reference: “Packet Classification on Multiple Fields,” Pankaj Gupta and Nick McKeown, Proc. Sigcomm, Computer Communication Review, vol. 29, no. 4, pp. 147-60, September 1999, Harvard University; “Packet Classification using Hierarchical Intelligent Cuttings,” Pankaj Gupta and Nick McKeown, Proc. Hot Interconnects VII, August 99, Stanford University; “Fast and Scalable Layer 4 Switching,” V. Srinivasan, G. Varghese, S. Suri and M. Waldvogel, Presented at ACM Sigcomm98. [0063]
  • Yet another optimization that can be implemented in addition to those described is directed to average power dissipation. This method creates an HST structure and sub-database placement such that average power dissipation for the Packet Matching System is kept below a number P, whereby P is measured in units of power such as Watts. For this optimization an HST as described above is created, the sub-databases are placed via the methods above, and the Packet Matching System is tested either by actual use in a network or via the above described packet generation equipment. During testing, average power dissipation, P[0064] ave, is monitored. If Pave>P, the HST is further subdivided or merged to create a new HST, the sub-databases placed, and the matching system tested once again for Pave. This process is repeated until Pave<P.
  • Finally, it should be noted that while the HST was subdivided according to bits ‘[0065] 0’, ‘1’, and ‘X’, other subdivision criteria may be incorporated with those discussed. For example, selected nodes may be subdivided according to examining groups of bits rather than single bits.
  • PREFIX MATCHING
  • The systems and methods described above are easily adapted to work on databases containing entries other than classification rules. For example, a forwarding prefix database, comprising a plurality of next hop addresses given a packet header, can easily be organized via an HST, the equivalent of Necessary Path Condition Rules extracted from the HST, and the forwarding prefix database subdivided into a plurality of forwarding prefix sub-databases. The HST is generated exactly as described above. The equivalent of NPCR and the sub-databases are stored in the AMRE and the BMRSE exactly as described above. Packet headers are input into the and a search for a best match among the database entries is performed exactly as described above. [0066]
  • CONCLUSION
  • The foregoing detailed description has discussed only a few of the many forms that this invention can take. For this reason, the detailed description is intended by way of illustration and not limitation. It is only the following claims, including all equivalents, that are intended to define the scope of this invention. [0067]

Claims (23)

What is claimed is:
1. A Packet Matching method, the method comprising:
(a) providing a Rule Database comprising a plurality of classification rules, and providing a packet comprising a packet header to be classified;
(b) creating a plurality of sub-databases from the plurality of classification rules in the Rule Database;
(c) creating a plurality of Necessary Path Condition Rules wherein each Necessary Path Condition Rule corresponds to a sub-database;
(d) determining which sub-databases to search, said determining further comprising comparing at least some of the packet header to the plurality of Necessary Path Condition Rules;
(e) searching the sub-databases determined in step (d) for best matching classification rules; and
(f) selecting the best matching classification rule.
2. The invention of claim 1 wherein the searching in (e) comprises searching in parallel.
3. The invention of claim 1 further comprising:
(g) providing an additional packet to be classified; and
(h) matching the additional packet according to steps (d), (e), and (f).
4. The invention of claim 1 wherein the sub-databases comprise at least T/3 classification rules, and wherein the sub-databases further comprise up to T classification rules.
5. A method for organizing a Rule Database, the method comprising:
(a) providing a Rule Database comprising a plurality of N classification rules, each classification rule comprising W bits, wherein each bit of the W bits has a value selected from the group consisting of 0, 1, and X;
(b) constructing a hierarchical subdivision tree, comprising a single root, a plurality of nodes, and a plurality of leaves, wherein the root, the nodes, and the leaves are interconnected by a plurality of branches, wherein each branch corresponds to a value of a bit of the W bits of at least some of the plurality of the N classification rules; and
(c) creating a plurality of sub-databases such that traversing, via at least some of the branches, any path from the root of the hierarchical subdivision tree through at least some of the interconnected nodes to a leaf of the plurality of leaves will lead to a sub-database, wherein each sub-database comprises a subset of up to T classification rules of the plurality of N classification rules, and wherein each of the plurality of the N classification rules is a member of exactly one sub-database.
6. The invention of claim 5 wherein each sub-database further comprises a subset of at least Tmin classification rules of the plurality of N classification rules.
7. The invention of claim 6 wherein Tmin is less than or equal to T/3.
8. The invention of claims 5, 6, or 7 further comprising creating a plurality of Necessary Path Condition Rules wherein each of the Necessary Path Condition Rules corresponds to a sub-database, and wherein each of the Necessary Path Condition Rules of the plurality of the Necessary Path Condition Rules is comprised of the bit values associated with each traversed branch of the hierarchical subdivision tree while traversing the hierarchical subdivision tree from the root to the corresponding exactly one sub-database.
9. The invention of claim 5 wherein N is at least around 10,000.
10. The invention of claim 5 wherein W is at least around 32.
11. The invention of claim 5 further comprising inserting an additional rule to a sub-database.
12. The invention of claim 5 further comprising deleting an existing rule from a sub-database.
13. A Packet Matching system, the system comprising:
an All Matching Rules Engine capable of receiving a packet header;
a plurality of Best Matching Rules Sub-Engines coupled to said All Matching Rules Engine; and
a Collate Engine coupled to said Best Matching Rules sub-Engines.
14. The invention of claim 13 wherein said All Matching Rules Engine further comprises a memory comprising a set of Necessary Path Condition Rules.
15. The invention of claim 14 wherein said memory comprises at least one of the following memories: CAM, DRAM, SRAM.
16. The invention of claim 14 wherein each of the plurality of said Best Matching Rules sub-Engines further comprises a memory, said memory comprising at least one sub-database, each said at least one sub-database corresponding to said Necessary Path Condition Rules.
17. The invention of claim 16 wherein said memory comprises at least one of the following memories: CAM, DRAM, SRAM.
18. The invention of claim 16 wherein said at least one sub-database comprises a plurality of rules.
19. The invention of claim 16 wherein said at least one sub-database comprises a plurality of forwarding entries.
20. The invention of claim 14 wherein said plurality of Best Matching Rules sub-Engines further comprises a plurality of sub-databases, wherein each sub-database of said plurality of sub-databases corresponds to one of said Necessary Path Condition Rules, wherein said plurality of sub-databases are distributed among said plurality of Best Matching Rules sub-Engines such that concurrent activation of more than one Best Matching Rules sub-Engine of said plurality of sub-Engines is minimized.
21. A Packet Matching system comprising:
means for creating a plurality of sub-databases from a plurality of rules;
means for determining which sub-databases to search given a packet;
means for finding best rule matches among the determined sub-databases for the packet; and
means for selecting the highest priority best matching rule from among the found best rule matches.
22. The invention of claim 21 wherein said means for creating further comprises an optimizing means for creating the plurality of sub-databases such that power dissipation is less than P.
23. The invention of claim 21 wherein said means for creating further comprises an optimizing means for creating the plurality of sub-databases such that storage requirements of each sub-database of the plurality of sub-databases is less than S.
US09/992,677 2000-11-16 2001-11-14 Packet matching method and system Abandoned US20020089937A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US09/992,677 US20020089937A1 (en) 2000-11-16 2001-11-14 Packet matching method and system
US12/165,541 US7978709B1 (en) 2000-11-16 2008-06-30 Packet matching method and system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US24970100P 2000-11-16 2000-11-16
US09/992,677 US20020089937A1 (en) 2000-11-16 2001-11-14 Packet matching method and system

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US12/165,541 Division US7978709B1 (en) 2000-11-16 2008-06-30 Packet matching method and system

Publications (1)

Publication Number Publication Date
US20020089937A1 true US20020089937A1 (en) 2002-07-11

Family

ID=26940280

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/992,677 Abandoned US20020089937A1 (en) 2000-11-16 2001-11-14 Packet matching method and system
US12/165,541 Expired - Fee Related US7978709B1 (en) 2000-11-16 2008-06-30 Packet matching method and system

Family Applications After (1)

Application Number Title Priority Date Filing Date
US12/165,541 Expired - Fee Related US7978709B1 (en) 2000-11-16 2008-06-30 Packet matching method and system

Country Status (1)

Country Link
US (2) US20020089937A1 (en)

Cited By (73)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020152209A1 (en) * 2001-01-26 2002-10-17 Broadcom Corporation Method, system and computer program product for classifying packet flows with a bit mask
US20020152352A1 (en) * 2001-04-13 2002-10-17 Nec Corporation High-speed information retrieval system
US20030135641A1 (en) * 2001-12-07 2003-07-17 Cheriton David R. Multi-feature classification memory structure for associative matching
US20030198189A1 (en) * 2002-04-19 2003-10-23 Dave Roberts Network system having an instructional sequence for performing packet processing and optimizing the packet processing
US20040098511A1 (en) * 2002-11-16 2004-05-20 Lin David H. Packet routing method and system that routes packets to one of at least two processes based on at least one routing rule
US20040193619A1 (en) * 2003-03-28 2004-09-30 Srinivasan Venkatachary System and method for efficiently searching a forwarding database that is split into a bounded number of sub-databases having a bounded size
WO2004114611A2 (en) * 2003-06-05 2004-12-29 Cypress Semiconductor Corp. Architecture for network search engines with fixed latency, high capacity, and high throughput
GB2418800A (en) * 2003-04-02 2006-04-05 Cisco Tech Ind Path optimisation in commuications and data networks
US20060221967A1 (en) * 2005-03-31 2006-10-05 Narayan Harsha L Methods for performing packet classification
US20060221956A1 (en) * 2005-03-31 2006-10-05 Narayan Harsha L Methods for performing packet classification via prefix pair bit vectors
US20060221954A1 (en) * 2005-03-31 2006-10-05 Narayan Harsha L Methods for performing packet classification
US20070188402A1 (en) * 2006-02-15 2007-08-16 Oticon A/S Loop antenna for in the ear audio device
US20080162567A1 (en) * 2006-12-27 2008-07-03 Fuji Xerox Co., Ltd. Image log management apparatus, recording medium, and method for managing an image log
US7571156B1 (en) 2003-03-28 2009-08-04 Netlogic Microsystems, Inc. Network device, storage medium and methods for incrementally updating a forwarding database
US20090219829A1 (en) * 2004-12-23 2009-09-03 Solera Networks, Inc. Method and apparatus for network packet capture distributed storage system
US7603346B1 (en) 2004-07-23 2009-10-13 Netlogic Microsystems, Inc. Integrated search engine devices having pipelined search and b-tree maintenance sub-engines therein
US7653619B1 (en) 2004-07-23 2010-01-26 Netlogic Microsystems, Inc. Integrated search engine devices having pipelined search and tree maintenance sub-engines therein that support variable tree height
US7694068B1 (en) 2005-12-08 2010-04-06 Netlogic Microsystems, Inc. Re-entrant processing in a content addressable memory
US7697518B1 (en) 2006-09-15 2010-04-13 Netlogic Microsystems, Inc. Integrated search engine devices and methods of updating same using node splitting and merging operations
US7716204B1 (en) 2007-12-21 2010-05-11 Netlogic Microsystems, Inc. Handle allocation managers and methods for integated circuit search engine devices
US7725450B1 (en) 2004-07-23 2010-05-25 Netlogic Microsystems, Inc. Integrated search engine devices having pipelined search and tree maintenance sub-engines therein that maintain search coherence during multi-cycle update operations
US7738450B1 (en) 2002-05-06 2010-06-15 Foundry Networks, Inc. System architecture for very fast ethernet blade
US7747599B1 (en) 2004-07-23 2010-06-29 Netlogic Microsystems, Inc. Integrated search engine devices that utilize hierarchical memories containing b-trees and span prefix masks to support longest prefix match search operations
US7801877B1 (en) 2008-04-14 2010-09-21 Netlogic Microsystems, Inc. Handle memory access managers and methods for integrated circuit search engine devices
US7805427B1 (en) 2006-11-27 2010-09-28 Netlogic Microsystems, Inc. Integrated search engine devices that support multi-way search trees having multi-column nodes
US7813367B2 (en) * 2002-05-06 2010-10-12 Foundry Networks, Inc. Pipeline method and system for switching packets
US7817659B2 (en) 2004-03-26 2010-10-19 Foundry Networks, Llc Method and apparatus for aggregating input data streams
US7830884B2 (en) 2002-05-06 2010-11-09 Foundry Networks, Llc Flexible method for processing data packets in a network routing system for enhanced efficiency and monitoring capability
US7886176B1 (en) 2007-09-24 2011-02-08 Integrated Device Technology, Inc. DDR memory system for measuring a clock signal by identifying a delay value corresponding to a changed logic state during clock signal transitions
US7903654B2 (en) 2006-08-22 2011-03-08 Foundry Networks, Llc System and method for ECMP load sharing
US7904642B1 (en) 2007-02-08 2011-03-08 Netlogic Microsystems, Inc. Method for combining and storing access control lists
US7948872B2 (en) 2000-11-17 2011-05-24 Foundry Networks, Llc Backplane interface adapter with error control and redundant fabric
US7953922B2 (en) 2004-10-29 2011-05-31 Foundry Networks, Llc Double density content addressable memory (CAM) lookup scheme
US7953721B1 (en) 2006-11-27 2011-05-31 Netlogic Microsystems, Inc. Integrated search engine devices that support database key dumping and methods of operating same
US20110154132A1 (en) * 2009-12-23 2011-06-23 Gunes Aybay Methods and apparatus for tracking data flow based on flow state values
US7978709B1 (en) 2000-11-16 2011-07-12 Netlogic Microsystems, Inc. Packet matching method and system
US7978614B2 (en) 2007-01-11 2011-07-12 Foundry Network, LLC Techniques for detecting non-receipt of fault detection protocol packets
US7978702B2 (en) 2000-11-17 2011-07-12 Foundry Networks, Llc Backplane interface adapter
US7987205B1 (en) 2006-11-27 2011-07-26 Netlogic Microsystems, Inc. Integrated search engine devices having pipelined node maintenance sub-engines therein that support database flush operations
US8037399B2 (en) 2007-07-18 2011-10-11 Foundry Networks, Llc Techniques for segmented CRC design in high speed networks
US8086641B1 (en) 2006-11-27 2011-12-27 Netlogic Microsystems, Inc. Integrated search engine devices that utilize SPM-linked bit maps to reduce handle memory duplication and methods of operating same
US8090901B2 (en) 2009-05-14 2012-01-03 Brocade Communications Systems, Inc. TCAM management approach that minimize movements
US8149839B1 (en) 2007-09-26 2012-04-03 Foundry Networks, Llc Selection of trunk ports and paths using rotation
US8238255B2 (en) 2006-11-22 2012-08-07 Foundry Networks, Llc Recovering from failures without impact on data traffic in a shared bus architecture
US8271859B2 (en) 2007-07-18 2012-09-18 Foundry Networks Llc Segmented CRC design in high speed networks
US8448162B2 (en) 2005-12-28 2013-05-21 Foundry Networks, Llc Hitless software upgrades
US8521732B2 (en) 2008-05-23 2013-08-27 Solera Networks, Inc. Presentation of an extracted artifact based on an indexing technique
US8599850B2 (en) 2009-09-21 2013-12-03 Brocade Communications Systems, Inc. Provisioning single or multistage networks using ethernet service instances (ESIs)
US8625642B2 (en) 2008-05-23 2014-01-07 Solera Networks, Inc. Method and apparatus of network artifact indentification and extraction
US8666985B2 (en) 2011-03-16 2014-03-04 Solera Networks, Inc. Hardware accelerated application-based pattern matching for real time classification and recording of network traffic
US8671219B2 (en) 2002-05-06 2014-03-11 Foundry Networks, Llc Method and apparatus for efficiently processing data packets in a computer network
US8718051B2 (en) 2003-05-15 2014-05-06 Foundry Networks, Llc System and method for high speed packet transmission
US8730961B1 (en) 2004-04-26 2014-05-20 Foundry Networks, Llc System and method for optimizing router lookup
US8849991B2 (en) 2010-12-15 2014-09-30 Blue Coat Systems, Inc. System and method for hypertext transfer protocol layered reconstruction
US8886677B1 (en) 2004-07-23 2014-11-11 Netlogic Microsystems, Inc. Integrated search engine devices that support LPM search operations using span prefix masks that encode key prefix length
US20150358433A1 (en) * 2014-06-04 2015-12-10 Nicira Inc Efficient packet classification for dynamic containers
US20160072696A1 (en) * 2014-09-05 2016-03-10 Telefonaktiebolaget L M Ericsson (Publ) Forwarding table precedence in sdn
WO2017014757A1 (en) * 2015-07-21 2017-01-26 Hewlett Packard Enterprise Development Lp Using a single cache table
US20170052731A1 (en) * 2015-08-17 2017-02-23 Mellanox Technologies Tlv Ltd. Efficient lookup of tcam-like rules in ram
US9892057B2 (en) 2016-03-31 2018-02-13 Mellanox Technologies Tlv Ltd. Single double cuckoo hash
US10049126B2 (en) 2015-09-06 2018-08-14 Mellanox Technologies Tlv Ltd. Cuckoo hashing with selectable hash
US10068034B2 (en) 2016-09-07 2018-09-04 Mellanox Technologies Tlv Ltd. Efficient matching of TCAM rules using hash tables in RAM
US10110712B2 (en) 2014-06-04 2018-10-23 Nicira, Inc. Efficient packet classification for dynamic containers
US10476794B2 (en) 2017-07-30 2019-11-12 Mellanox Technologies Tlv Ltd. Efficient caching of TCAM rules in RAM
US10491521B2 (en) 2017-03-26 2019-11-26 Mellanox Technologies Tlv Ltd. Field checking based caching of ACL lookups to ease ACL lookup search
US10496680B2 (en) 2015-08-17 2019-12-03 Mellanox Technologies Tlv Ltd. High-performance bloom filter array
US10944675B1 (en) 2019-09-04 2021-03-09 Mellanox Technologies Tlv Ltd. TCAM with multi region lookups and a single logical lookup
US11003715B2 (en) 2018-09-17 2021-05-11 Mellanox Technologies, Ltd. Equipment and method for hash table resizing
US11327974B2 (en) 2018-08-02 2022-05-10 Mellanox Technologies, Ltd. Field variability based TCAM splitting
US11539622B2 (en) 2020-05-04 2022-12-27 Mellanox Technologies, Ltd. Dynamically-optimized hash-based packet classifier
US11782895B2 (en) 2020-09-07 2023-10-10 Mellanox Technologies, Ltd. Cuckoo hashing including accessing hash tables using affinity table
US11917042B2 (en) 2021-08-15 2024-02-27 Mellanox Technologies, Ltd. Optimizing header-based action selection
US11929837B2 (en) 2022-02-23 2024-03-12 Mellanox Technologies, Ltd. Rule compilation schemes for fast packet classification

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9305115B1 (en) 2010-10-04 2016-04-05 Broadcom Corporation Method and apparatus for reducing power consumption during rule searches in a content search system
US8861241B1 (en) 2011-09-01 2014-10-14 Netlogic Microsystems, Inc. Content search system having embedded power control units
US8639875B1 (en) 2011-09-06 2014-01-28 Netlogic Microsystems, Inc. Content search system having multiple pipelines
KR101331018B1 (en) * 2011-10-11 2014-01-15 주식회사 시큐아이 Method for classifying packet and apparatus thereof
US9501591B2 (en) * 2013-12-09 2016-11-22 International Business Machines Corporation Dynamically modifiable component model
US11418632B2 (en) * 2015-12-15 2022-08-16 Intel Corporation High speed flexible packet classification using network processors
US20220222369A1 (en) * 2019-05-21 2022-07-14 Nippon Telegraph And Telephone Corporation Information processing apparatus, information processing method and program

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6018524A (en) * 1997-09-09 2000-01-25 Washington University Scalable high speed IP routing lookups
US6154384A (en) * 1999-11-12 2000-11-28 Netlogic Microsystems, Inc. Ternary content addressable memory cell
US6192051B1 (en) * 1999-02-26 2001-02-20 Redstone Communications, Inc. Network router search engine using compressed tree forwarding table
US6215816B1 (en) * 1997-03-04 2001-04-10 Texas Instruments Incorporated Physical layer interface device
US6223172B1 (en) * 1997-10-31 2001-04-24 Nortel Networks Limited Address routing using address-sensitive mask decimation scheme
US6307855B1 (en) * 1997-07-09 2001-10-23 Yoichi Hariguchi Network routing table using content addressable memory
US6374326B1 (en) * 1999-10-25 2002-04-16 Cisco Technology, Inc. Multiple bank CAM architecture and method for performing concurrent lookup operations
US6385649B1 (en) * 1998-11-06 2002-05-07 Microsoft Corporation Routers and methods for optimal routing table compression
US6546391B1 (en) * 1998-12-25 2003-04-08 Fujitsu Limited High-speed lookup method and high-speed lookup apparatus

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU4661793A (en) * 1992-07-02 1994-01-31 Wellfleet Communications Data packet processing method and apparatus
US5991758A (en) * 1997-06-06 1999-11-23 Madison Information Technologies, Inc. System and method for indexing information about entities from different information sources
US6212184B1 (en) * 1998-07-15 2001-04-03 Washington University Fast scaleable methods and devices for layer four switching
IT1305140B1 (en) 1998-10-27 2001-04-10 Cselt Centro Studi Lab Telecom MEMORY FOR SEARCHING FOR INFORMATION THROUGH ANALYSIS OF INPARTICULAR PREFIXES FOR THE CREATION OF ROAD TABLES IN KNOTS
US6963924B1 (en) 1999-02-01 2005-11-08 Nen-Fu Huang IP routing lookup scheme and system for multi-gigabit switching routers
US6298340B1 (en) * 1999-05-14 2001-10-02 International Business Machines Corporation System and method and computer program for filtering using tree structure
US6662184B1 (en) * 1999-09-23 2003-12-09 International Business Machines Corporation Lock-free wild card search data structure and method
US6615210B1 (en) * 2000-02-04 2003-09-02 Broad Web Corporation Bit stream ternary match scheme
TW498650B (en) * 2000-03-22 2002-08-11 Ind Tech Res Inst Flexible and highly efficient packet classification method
US20020089937A1 (en) 2000-11-16 2002-07-11 Srinivasan Venkatachary Packet matching method and system
WO2002078229A1 (en) 2001-03-21 2002-10-03 Stine John A An access and routing protocol for ad hoc networks using synchronous collision resolution and node state dissemination
US6735600B1 (en) 2001-03-30 2004-05-11 Lsi Logic Corporation Editing protocol for flexible search engines
US7441074B1 (en) 2002-08-10 2008-10-21 Cisco Technology, Inc. Methods and apparatus for distributing entries among lookup units and selectively enabling less than all of the lookup units when performing a lookup operation
US7162481B2 (en) 2002-12-06 2007-01-09 Stmicroelectronics, Inc. Method for increasing storage capacity in a multi-bit trie-based hardware storage engine by compressing the representation of single-length prefixes
US7571156B1 (en) 2003-03-28 2009-08-04 Netlogic Microsystems, Inc. Network device, storage medium and methods for incrementally updating a forwarding database
US7426518B2 (en) * 2003-03-28 2008-09-16 Netlogic Microsystems, Inc. System and method for efficiently searching a forwarding database that is split into a bounded number of sub-databases having a bounded size
TWI227395B (en) 2003-06-02 2005-02-01 Genesys Logic Inc Method for parallel processing of memory data and error correction code and related device thereof
US7249228B1 (en) 2004-03-01 2007-07-24 Cisco Technology, Inc. Reducing the number of block masks required for programming multiple access control list in an associative memory
US7461200B1 (en) 2004-09-23 2008-12-02 Netlogic Microsystems, Inc. Method and apparatus for overlaying flat and tree based data sets onto content addressable memory (CAM) device
US7694068B1 (en) 2005-12-08 2010-04-06 Netlogic Microsystems, Inc. Re-entrant processing in a content addressable memory

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6215816B1 (en) * 1997-03-04 2001-04-10 Texas Instruments Incorporated Physical layer interface device
US6307855B1 (en) * 1997-07-09 2001-10-23 Yoichi Hariguchi Network routing table using content addressable memory
US6018524A (en) * 1997-09-09 2000-01-25 Washington University Scalable high speed IP routing lookups
US6223172B1 (en) * 1997-10-31 2001-04-24 Nortel Networks Limited Address routing using address-sensitive mask decimation scheme
US6385649B1 (en) * 1998-11-06 2002-05-07 Microsoft Corporation Routers and methods for optimal routing table compression
US6546391B1 (en) * 1998-12-25 2003-04-08 Fujitsu Limited High-speed lookup method and high-speed lookup apparatus
US6192051B1 (en) * 1999-02-26 2001-02-20 Redstone Communications, Inc. Network router search engine using compressed tree forwarding table
US6374326B1 (en) * 1999-10-25 2002-04-16 Cisco Technology, Inc. Multiple bank CAM architecture and method for performing concurrent lookup operations
US6154384A (en) * 1999-11-12 2000-11-28 Netlogic Microsystems, Inc. Ternary content addressable memory cell

Cited By (124)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7978709B1 (en) 2000-11-16 2011-07-12 Netlogic Microsystems, Inc. Packet matching method and system
US9030937B2 (en) 2000-11-17 2015-05-12 Foundry Networks, Llc Backplane interface adapter with error control and redundant fabric
US7948872B2 (en) 2000-11-17 2011-05-24 Foundry Networks, Llc Backplane interface adapter with error control and redundant fabric
US7978702B2 (en) 2000-11-17 2011-07-12 Foundry Networks, Llc Backplane interface adapter
US7995580B2 (en) 2000-11-17 2011-08-09 Foundry Networks, Inc. Backplane interface adapter with error control and redundant fabric
US8514716B2 (en) 2000-11-17 2013-08-20 Foundry Networks, Llc Backplane interface adapter with error control and redundant fabric
US8964754B2 (en) 2000-11-17 2015-02-24 Foundry Networks, Llc Backplane interface adapter with error control and redundant fabric
US8619781B2 (en) 2000-11-17 2013-12-31 Foundry Networks, Llc Backplane interface adapter with error control and redundant fabric
US7061874B2 (en) * 2001-01-26 2006-06-13 Broadcom Corporation Method, system and computer program product for classifying packet flows with a bit mask
US20020152209A1 (en) * 2001-01-26 2002-10-17 Broadcom Corporation Method, system and computer program product for classifying packet flows with a bit mask
US20020152352A1 (en) * 2001-04-13 2002-10-17 Nec Corporation High-speed information retrieval system
US7734811B2 (en) * 2001-12-07 2010-06-08 Cisco Technology, Inc. Multi-feature classification memory structure for associative matching
US20030135641A1 (en) * 2001-12-07 2003-07-17 Cheriton David R. Multi-feature classification memory structure for associative matching
US20030198189A1 (en) * 2002-04-19 2003-10-23 Dave Roberts Network system having an instructional sequence for performing packet processing and optimizing the packet processing
US7804785B2 (en) * 2002-04-19 2010-09-28 Avaya Inc. Network system having an instructional sequence for performing packet processing and optimizing the packet processing
US8194666B2 (en) 2002-05-06 2012-06-05 Foundry Networks, Llc Flexible method for processing data packets in a network routing system for enhanced efficiency and monitoring capability
US8170044B2 (en) 2002-05-06 2012-05-01 Foundry Networks, Llc Pipeline method and system for switching packets
US8989202B2 (en) 2002-05-06 2015-03-24 Foundry Networks, Llc Pipeline method and system for switching packets
US7830884B2 (en) 2002-05-06 2010-11-09 Foundry Networks, Llc Flexible method for processing data packets in a network routing system for enhanced efficiency and monitoring capability
US7813367B2 (en) * 2002-05-06 2010-10-12 Foundry Networks, Inc. Pipeline method and system for switching packets
US8671219B2 (en) 2002-05-06 2014-03-11 Foundry Networks, Llc Method and apparatus for efficiently processing data packets in a computer network
US7738450B1 (en) 2002-05-06 2010-06-15 Foundry Networks, Inc. System architecture for very fast ethernet blade
US20040098511A1 (en) * 2002-11-16 2004-05-20 Lin David H. Packet routing method and system that routes packets to one of at least two processes based on at least one routing rule
US20080275872A1 (en) * 2003-03-28 2008-11-06 Srinivasan Venkatachary System and method for efficiently searching a forwarding database that is split into a bounded number of sub-databases having a bounded size
US7571156B1 (en) 2003-03-28 2009-08-04 Netlogic Microsystems, Inc. Network device, storage medium and methods for incrementally updating a forwarding database
US8073856B2 (en) 2003-03-28 2011-12-06 Netlogic Microsystems, Inc. System and method for efficiently searching a forwarding database that is split into a bounded number of sub-databases having a bounded size
JP2006527526A (en) * 2003-03-28 2006-11-30 サイプレス・セミコンダクタ・コーポレーション System and method for efficiently searching a forwarding database divided into a limited number of sub-databases having a limited size
WO2004088548A1 (en) 2003-03-28 2004-10-14 Cypress Semiconductor System and method for efficiently searching a forwarding database that is split into a bounded number of sub-databases having a bounded size
US20040193619A1 (en) * 2003-03-28 2004-09-30 Srinivasan Venkatachary System and method for efficiently searching a forwarding database that is split into a bounded number of sub-databases having a bounded size
US7426518B2 (en) 2003-03-28 2008-09-16 Netlogic Microsystems, Inc. System and method for efficiently searching a forwarding database that is split into a bounded number of sub-databases having a bounded size
GB2418800B (en) * 2003-04-02 2006-06-21 Cisco Tech Inc Path optimization in communications and data networks
US7693061B2 (en) 2003-04-02 2010-04-06 Cisco Technology, Inc. Data networking
US20060171316A1 (en) * 2003-04-02 2006-08-03 Cisco Technolgy, Inc. Data networking
GB2418800A (en) * 2003-04-02 2006-04-05 Cisco Tech Ind Path optimisation in commuications and data networks
US9461940B2 (en) 2003-05-15 2016-10-04 Foundry Networks, Llc System and method for high speed packet transmission
US8811390B2 (en) 2003-05-15 2014-08-19 Foundry Networks, Llc System and method for high speed packet transmission
US8718051B2 (en) 2003-05-15 2014-05-06 Foundry Networks, Llc System and method for high speed packet transmission
WO2004114611A3 (en) * 2003-06-05 2005-05-12 Cypress Semiconductor Corp Architecture for network search engines with fixed latency, high capacity, and high throughput
WO2004114611A2 (en) * 2003-06-05 2004-12-29 Cypress Semiconductor Corp. Architecture for network search engines with fixed latency, high capacity, and high throughput
US7437354B2 (en) 2003-06-05 2008-10-14 Netlogic Microsystems, Inc. Architecture for network search engines with fixed latency, high capacity, and high throughput
US9338100B2 (en) 2004-03-26 2016-05-10 Foundry Networks, Llc Method and apparatus for aggregating input data streams
US7817659B2 (en) 2004-03-26 2010-10-19 Foundry Networks, Llc Method and apparatus for aggregating input data streams
US8493988B2 (en) 2004-03-26 2013-07-23 Foundry Networks, Llc Method and apparatus for aggregating input data streams
US8730961B1 (en) 2004-04-26 2014-05-20 Foundry Networks, Llc System and method for optimizing router lookup
US7653619B1 (en) 2004-07-23 2010-01-26 Netlogic Microsystems, Inc. Integrated search engine devices having pipelined search and tree maintenance sub-engines therein that support variable tree height
US7725450B1 (en) 2004-07-23 2010-05-25 Netlogic Microsystems, Inc. Integrated search engine devices having pipelined search and tree maintenance sub-engines therein that maintain search coherence during multi-cycle update operations
US8886677B1 (en) 2004-07-23 2014-11-11 Netlogic Microsystems, Inc. Integrated search engine devices that support LPM search operations using span prefix masks that encode key prefix length
US7603346B1 (en) 2004-07-23 2009-10-13 Netlogic Microsystems, Inc. Integrated search engine devices having pipelined search and b-tree maintenance sub-engines therein
US7747599B1 (en) 2004-07-23 2010-06-29 Netlogic Microsystems, Inc. Integrated search engine devices that utilize hierarchical memories containing b-trees and span prefix masks to support longest prefix match search operations
US7953922B2 (en) 2004-10-29 2011-05-31 Foundry Networks, Llc Double density content addressable memory (CAM) lookup scheme
US7953923B2 (en) 2004-10-29 2011-05-31 Foundry Networks, Llc Double density content addressable memory (CAM) lookup scheme
US20090219829A1 (en) * 2004-12-23 2009-09-03 Solera Networks, Inc. Method and apparatus for network packet capture distributed storage system
US7684347B2 (en) 2004-12-23 2010-03-23 Solera Networks Method and apparatus for network packet capture distributed storage system
US7855974B2 (en) 2004-12-23 2010-12-21 Solera Networks, Inc. Method and apparatus for network packet capture distributed storage system
US20060221956A1 (en) * 2005-03-31 2006-10-05 Narayan Harsha L Methods for performing packet classification via prefix pair bit vectors
US7668160B2 (en) * 2005-03-31 2010-02-23 Intel Corporation Methods for performing packet classification
US20060221967A1 (en) * 2005-03-31 2006-10-05 Narayan Harsha L Methods for performing packet classification
US20060221954A1 (en) * 2005-03-31 2006-10-05 Narayan Harsha L Methods for performing packet classification
US7694068B1 (en) 2005-12-08 2010-04-06 Netlogic Microsystems, Inc. Re-entrant processing in a content addressable memory
US9378005B2 (en) 2005-12-28 2016-06-28 Foundry Networks, Llc Hitless software upgrades
US8448162B2 (en) 2005-12-28 2013-05-21 Foundry Networks, Llc Hitless software upgrades
US20070188402A1 (en) * 2006-02-15 2007-08-16 Oticon A/S Loop antenna for in the ear audio device
US7903654B2 (en) 2006-08-22 2011-03-08 Foundry Networks, Llc System and method for ECMP load sharing
US7697518B1 (en) 2006-09-15 2010-04-13 Netlogic Microsystems, Inc. Integrated search engine devices and methods of updating same using node splitting and merging operations
US9030943B2 (en) 2006-11-22 2015-05-12 Foundry Networks, Llc Recovering from failures without impact on data traffic in a shared bus architecture
US8238255B2 (en) 2006-11-22 2012-08-07 Foundry Networks, Llc Recovering from failures without impact on data traffic in a shared bus architecture
US8086641B1 (en) 2006-11-27 2011-12-27 Netlogic Microsystems, Inc. Integrated search engine devices that utilize SPM-linked bit maps to reduce handle memory duplication and methods of operating same
US7953721B1 (en) 2006-11-27 2011-05-31 Netlogic Microsystems, Inc. Integrated search engine devices that support database key dumping and methods of operating same
US7805427B1 (en) 2006-11-27 2010-09-28 Netlogic Microsystems, Inc. Integrated search engine devices that support multi-way search trees having multi-column nodes
US7831626B1 (en) 2006-11-27 2010-11-09 Netlogic Microsystems, Inc. Integrated search engine devices having a plurality of multi-way trees of search keys therein that share a common root node
US7987205B1 (en) 2006-11-27 2011-07-26 Netlogic Microsystems, Inc. Integrated search engine devices having pipelined node maintenance sub-engines therein that support database flush operations
US20080162567A1 (en) * 2006-12-27 2008-07-03 Fuji Xerox Co., Ltd. Image log management apparatus, recording medium, and method for managing an image log
US8248648B2 (en) * 2006-12-27 2012-08-21 Fuji Xerox Co., Ltd. Logging history of image data dependent on image processing function and priority
US9112780B2 (en) 2007-01-11 2015-08-18 Foundry Networks, Llc Techniques for processing incoming failure detection protocol packets
US7978614B2 (en) 2007-01-11 2011-07-12 Foundry Network, LLC Techniques for detecting non-receipt of fault detection protocol packets
US8395996B2 (en) 2007-01-11 2013-03-12 Foundry Networks, Llc Techniques for processing incoming failure detection protocol packets
US8155011B2 (en) 2007-01-11 2012-04-10 Foundry Networks, Llc Techniques for using dual memory structures for processing failure detection protocol packets
US7933282B1 (en) 2007-02-08 2011-04-26 Netlogic Microsystems, Inc. Packet classification device for storing groups of rules
US7904642B1 (en) 2007-02-08 2011-03-08 Netlogic Microsystems, Inc. Method for combining and storing access control lists
US8037399B2 (en) 2007-07-18 2011-10-11 Foundry Networks, Llc Techniques for segmented CRC design in high speed networks
US8271859B2 (en) 2007-07-18 2012-09-18 Foundry Networks Llc Segmented CRC design in high speed networks
US7886176B1 (en) 2007-09-24 2011-02-08 Integrated Device Technology, Inc. DDR memory system for measuring a clock signal by identifying a delay value corresponding to a changed logic state during clock signal transitions
US8149839B1 (en) 2007-09-26 2012-04-03 Foundry Networks, Llc Selection of trunk ports and paths using rotation
US8509236B2 (en) 2007-09-26 2013-08-13 Foundry Networks, Llc Techniques for selecting paths and/or trunk ports for forwarding traffic flows
US7716204B1 (en) 2007-12-21 2010-05-11 Netlogic Microsystems, Inc. Handle allocation managers and methods for integated circuit search engine devices
US7801877B1 (en) 2008-04-14 2010-09-21 Netlogic Microsystems, Inc. Handle memory access managers and methods for integrated circuit search engine devices
US8625642B2 (en) 2008-05-23 2014-01-07 Solera Networks, Inc. Method and apparatus of network artifact indentification and extraction
US8521732B2 (en) 2008-05-23 2013-08-27 Solera Networks, Inc. Presentation of an extracted artifact based on an indexing technique
US8090901B2 (en) 2009-05-14 2012-01-03 Brocade Communications Systems, Inc. TCAM management approach that minimize movements
US8599850B2 (en) 2009-09-21 2013-12-03 Brocade Communications Systems, Inc. Provisioning single or multistage networks using ethernet service instances (ESIs)
US9166818B2 (en) 2009-09-21 2015-10-20 Brocade Communications Systems, Inc. Provisioning single or multistage networks using ethernet service instances (ESIs)
US9967167B2 (en) 2009-12-23 2018-05-08 Juniper Networks, Inc. Methods and apparatus for tracking data flow based on flow state values
US9264321B2 (en) * 2009-12-23 2016-02-16 Juniper Networks, Inc. Methods and apparatus for tracking data flow based on flow state values
US11323350B2 (en) 2009-12-23 2022-05-03 Juniper Networks, Inc. Methods and apparatus for tracking data flow based on flow state values
US20110154132A1 (en) * 2009-12-23 2011-06-23 Gunes Aybay Methods and apparatus for tracking data flow based on flow state values
US10554528B2 (en) 2009-12-23 2020-02-04 Juniper Networks, Inc. Methods and apparatus for tracking data flow based on flow state values
US8849991B2 (en) 2010-12-15 2014-09-30 Blue Coat Systems, Inc. System and method for hypertext transfer protocol layered reconstruction
US8666985B2 (en) 2011-03-16 2014-03-04 Solera Networks, Inc. Hardware accelerated application-based pattern matching for real time classification and recording of network traffic
US11805191B2 (en) 2014-06-04 2023-10-31 Nicira, Inc. Efficient packet classification for dynamic containers
US11595503B2 (en) 2014-06-04 2023-02-28 Nicira, Inc. Efficient packet classification for dynamic containers
US10110712B2 (en) 2014-06-04 2018-10-23 Nicira, Inc. Efficient packet classification for dynamic containers
US9774707B2 (en) * 2014-06-04 2017-09-26 Nicira, Inc. Efficient packet classification for dynamic containers
US10938966B2 (en) 2014-06-04 2021-03-02 Nicira, Inc. Efficient packet classification for dynamic containers
US20150358433A1 (en) * 2014-06-04 2015-12-10 Nicira Inc Efficient packet classification for dynamic containers
US10686916B2 (en) 2014-06-04 2020-06-16 Nicira, Inc. Efficient packet classification for dynamic containers
US20160072696A1 (en) * 2014-09-05 2016-03-10 Telefonaktiebolaget L M Ericsson (Publ) Forwarding table precedence in sdn
US9692684B2 (en) * 2014-09-05 2017-06-27 Telefonaktiebolaget L M Ericsson (Publ) Forwarding table precedence in SDN
US10924403B2 (en) 2015-07-21 2021-02-16 Hewlett Packard Enterprise Development Lp Using a single cache table
WO2017014757A1 (en) * 2015-07-21 2017-01-26 Hewlett Packard Enterprise Development Lp Using a single cache table
US10496680B2 (en) 2015-08-17 2019-12-03 Mellanox Technologies Tlv Ltd. High-performance bloom filter array
US9984144B2 (en) * 2015-08-17 2018-05-29 Mellanox Technologies Tlv Ltd. Efficient lookup of TCAM-like rules in RAM
US20170052731A1 (en) * 2015-08-17 2017-02-23 Mellanox Technologies Tlv Ltd. Efficient lookup of tcam-like rules in ram
US10049126B2 (en) 2015-09-06 2018-08-14 Mellanox Technologies Tlv Ltd. Cuckoo hashing with selectable hash
US9892057B2 (en) 2016-03-31 2018-02-13 Mellanox Technologies Tlv Ltd. Single double cuckoo hash
US10068034B2 (en) 2016-09-07 2018-09-04 Mellanox Technologies Tlv Ltd. Efficient matching of TCAM rules using hash tables in RAM
US10491521B2 (en) 2017-03-26 2019-11-26 Mellanox Technologies Tlv Ltd. Field checking based caching of ACL lookups to ease ACL lookup search
US10476794B2 (en) 2017-07-30 2019-11-12 Mellanox Technologies Tlv Ltd. Efficient caching of TCAM rules in RAM
US11327974B2 (en) 2018-08-02 2022-05-10 Mellanox Technologies, Ltd. Field variability based TCAM splitting
US11003715B2 (en) 2018-09-17 2021-05-11 Mellanox Technologies, Ltd. Equipment and method for hash table resizing
US10944675B1 (en) 2019-09-04 2021-03-09 Mellanox Technologies Tlv Ltd. TCAM with multi region lookups and a single logical lookup
US11539622B2 (en) 2020-05-04 2022-12-27 Mellanox Technologies, Ltd. Dynamically-optimized hash-based packet classifier
US11782895B2 (en) 2020-09-07 2023-10-10 Mellanox Technologies, Ltd. Cuckoo hashing including accessing hash tables using affinity table
US11917042B2 (en) 2021-08-15 2024-02-27 Mellanox Technologies, Ltd. Optimizing header-based action selection
US11929837B2 (en) 2022-02-23 2024-03-12 Mellanox Technologies, Ltd. Rule compilation schemes for fast packet classification

Also Published As

Publication number Publication date
US7978709B1 (en) 2011-07-12

Similar Documents

Publication Publication Date Title
US7978709B1 (en) Packet matching method and system
EP1808987B1 (en) Longest prefix matching using tree bitmap data structures
US8780926B2 (en) Updating prefix-compressed tries for IP route lookup
US6775737B1 (en) Method and apparatus for allocating and using range identifiers as input values to content-addressable memories
US6341130B1 (en) Packet classification method and apparatus employing two fields
US7415472B2 (en) Comparison tree data structures of particular use in performing lookup operations
Zane et al. CoolCAMs: Power-efficient TCAMs for forwarding engines
US7356033B2 (en) Method and apparatus for performing network routing with use of power efficient TCAM-based forwarding engine architectures
US7467151B2 (en) Method and data structure for a low memory overhead database
US7418505B2 (en) IP address lookup using either a hashing table or multiple hash functions
Vamanan et al. EffiCuts: Optimizing packet classification for memory and throughput
US7415463B2 (en) Programming tree data structures and handling collisions while performing lookup operations
US7536476B1 (en) Method for performing tree based ACL lookups
JP3485262B2 (en) Method and means for classifying data packets
Panigrahy et al. Reducing TCAM power consumption and increasing throughput
US7526603B1 (en) High-speed low-power CAM-based search engine
US20050141519A1 (en) Apparatus and method using hashing for efficiently implementing an IP lookup solution in hardware
US7706375B2 (en) System and method of fast adaptive TCAM sorting for IP longest prefix matching
CN100385880C (en) Packet classification apparatus and method using field level tries
US20040044868A1 (en) Method and apparatus for high-speed longest prefix match of keys in a memory
US6970971B1 (en) Method and apparatus for mapping prefixes and values of a hierarchical space to other representations
US7558775B1 (en) Methods and apparatus for maintaining sets of ranges typically using an associative memory and for using these ranges to identify a matching range based on a query point or query range and to maintain sorted elements for use such as in providing priority queue operations
US7299317B1 (en) Assigning prefixes to associative memory classes based on a value of a last bit of each prefix and their use including but not limited to locating a prefix and for maintaining a Patricia tree data structure
US20060198379A1 (en) Prefix optimizations for a network search engine
US7546281B2 (en) Reduction of ternary rules with common priority and actions

Legal Events

Date Code Title Description
AS Assignment

Owner name: SAHASRA NETWORKS, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:VENKATACHARY, SRINIVASAN;GUPTA, PANKAJ;REEL/FRAME:012325/0457

Effective date: 20011113

AS Assignment

Owner name: CYPRESS SEMICONDUCTOR CORP., CALIFORNIA

Free format text: MERGER;ASSIGNOR:SAHASRA NETWORKS, INC.;REEL/FRAME:016309/0386

Effective date: 20030904

AS Assignment

Owner name: NETLOGIC MICROSYSTEMS, INC.,CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CYPRESS SEMICONDUCTOR CORPORATION;REEL/FRAME:017379/0729

Effective date: 20060215

Owner name: NETLOGIC MICROSYSTEMS, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CYPRESS SEMICONDUCTOR CORPORATION;REEL/FRAME:017379/0729

Effective date: 20060215

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: NETLOGIC I LLC, DELAWARE

Free format text: CHANGE OF NAME;ASSIGNOR:NETLOGIC MICROSYSTEMS, INC.;REEL/FRAME:035443/0824

Effective date: 20130123

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NETLOGIC I LLC;REEL/FRAME:035443/0763

Effective date: 20150327

AS Assignment

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH CAROLINA

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

AS Assignment

Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD., SINGAPORE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001

Effective date: 20170120

Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001

Effective date: 20170120

AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:041712/0001

Effective date: 20170119