WO2020022374A1 - Dispositif de recherche de paquets, procédé de recherche de paquets et programme de recherche de paquets - Google Patents

Dispositif de recherche de paquets, procédé de recherche de paquets et programme de recherche de paquets Download PDF

Info

Publication number
WO2020022374A1
WO2020022374A1 PCT/JP2019/028986 JP2019028986W WO2020022374A1 WO 2020022374 A1 WO2020022374 A1 WO 2020022374A1 JP 2019028986 W JP2019028986 W JP 2019028986W WO 2020022374 A1 WO2020022374 A1 WO 2020022374A1
Authority
WO
WIPO (PCT)
Prior art keywords
bit position
binary tree
hash table
packet search
hash
Prior art date
Application number
PCT/JP2019/028986
Other languages
English (en)
Japanese (ja)
Inventor
斉 金子
雅幸 西木
内田 博志
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Publication of WO2020022374A1 publication Critical patent/WO2020022374A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • H04L45/7453Address table lookup; Address filtering using hashing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • H04L45/74591Address table lookup; Address filtering using content-addressable memories [CAM]

Definitions

  • the present invention relates to a packet search device, a packet search method, and a packet search program.
  • TCAM Transactional Content Addressable Memory
  • Hash hash
  • the hash method has the same operation as the normal variable value acquisition processing and does not perform the comparison processing. Therefore, the hash method is generally faster than the binary tree method.
  • the match field Match @ Field
  • the binary tree method is used. Often used.
  • Non-Patent Document 1 For example, on page 31 of Non-Patent Document 1, the advantages and disadvantages of the hash method and the binary tree method are compared. It is described. That is, the hash method imposes strict application conditions such that the field to be searched must be the same among all rules.
  • the above-described conventional technology has the following problems.
  • the search target field must be the same among all rules. Therefore, if ANY or the like is allowed in any of a plurality of fields, the hash method is used in the packet search. There was a problem that it could not be applied. In other words, when the search target field is not fixed (for example, when ANY is allowed in the rule), it is difficult to utilize the high speed of the hash method.
  • FIG. 8 is a diagram for explaining a problem of the related art.
  • a typical example of the application of the hash method is a case where a search target field is fixed in advance, such as 5 tuple, and a variable such as ANY is not allowed as a value.
  • the hash method cannot be applied in principle unless the search target field of each rule completely matches, such as a perfect rectangular shape.
  • the hash method is a method in which a target field of an input packet and a match field of a rule are hashed and compared, so that ANY, prefix, and suffix are added to the match field. Is allowed, and if the search target fields of the rule are mixed, the target area to be hashed by the packet is not fixed, and it becomes difficult to apply the hash method. This is because, in order to establish a hash, the target field on the input packet side and the target field on the rule side need to match, but since the fields in the rule include ANY, prefix, and suffix, the rule This is because if the target field on the side is not determined, the above matching becomes difficult.
  • the disclosed technology has been made in view of the above, and a packet search device, a packet search method, and a packet search method that can speed up packet search even when a search target field is not fixed.
  • the purpose is to provide the program.
  • a packet search device disclosed in the present application includes a binary tree creating unit that creates a binary tree having a predetermined branching, and the created binary tree A determination unit that determines a start bit position and an end bit position of hash table conversion for a part of the binary table, and performs a hash table of a part of the binary tree from the determined start bit position to the end bit position. And a table creation unit for creating.
  • a packet search device creates a binary tree having a predetermined branch, and creates a hash table for a part of the created binary tree.
  • the packet search program disclosed by the present application includes a binary tree creating step of creating a binary tree having a predetermined branch, and a start bit position of hash table conversion for a part of the created binary tree.
  • a computer is caused to execute a determination step of determining an end bit position and a table creation step of creating a hash table of a part of the binary tree from the determined start bit position to the end bit position.
  • the packet search device, the packet search method, and the packet search program disclosed in the present application have an effect that the speed of the packet search can be increased even when the search target field is not fixed.
  • FIG. 1 is a diagram illustrating a configuration of a packet search device.
  • FIG. 2 is a diagram for explaining the packet search process according to the embodiment.
  • FIG. 3 is a diagram illustrating fields to which the hash method according to the related art and the present embodiment is applied.
  • FIG. 4 is a diagram illustrating an outline of the hash table conversion algorithm according to the present embodiment.
  • FIG. 5 is a diagram illustrating a specific example of the hash table conversion algorithm according to the present embodiment.
  • FIG. 6 is a diagram for explaining the binary tree hash table conversion algorithm according to the present embodiment.
  • FIG. 7 is a diagram illustrating that information processing by the packet search program according to the present embodiment is specifically realized using a computer.
  • FIG. 8 is a diagram for explaining a problem of the related art.
  • FIG. 1 is a diagram illustrating a configuration of the packet search device 10.
  • the packet search device 10 has a binary tree creating unit 11, a bit position determining unit 12, and a hash table creating unit 13. These components are connected so that signals and data can be input and output in one or two directions.
  • the binary tree creating unit 11 creates a binary tree having a predetermined branch.
  • the bit position determining unit 12 determines a start bit position and an end bit position of hash table conversion for a part of the created binary tree.
  • the hash table creation unit 13 creates a part of the binary tree hash table from the determined start bit position to the end bit position.
  • FIG. 2 is a diagram for explaining the packet search process according to the embodiment.
  • the packet search device 10 converts the part of the binary tree (the part indicated by the broken line frame A1) into a hash table, and performs a hash method for the comparison search processing of the corresponding part. Apply.
  • a hash table is created using an array variable, and a search value (hash value) is used as an index of the array variable.
  • the search by the hash method is performed by designating the index value.
  • this operation is a memory address designation process at a machine language level, and thus becomes an operation similar to a normal variable value acquisition process. That is, in the hash method, the packet search device 10 can execute the search without performing the comparison process by changing the comparison search process to the memory address designation process. Therefore, high-speed processing is realized.
  • the search for three pieces of information (011, 101, 111) in the broken line frame A1 is speeded up by hash table conversion.
  • the comparison search process is not executed even by the original binary tree method, so that the effect of the hash table conversion is obtained. I can't. Therefore, in such a case, it is not always necessary to perform hash table conversion.
  • the greater the number of branches of the portion to be hash-tabled the higher the speed-up effect obtained by hash-table conversion.
  • FIG. 3 is a diagram showing fields to which the hash method according to the related art and the present embodiment is applied.
  • bits are defined in the horizontal axis direction
  • rules are defined in the vertical axis direction.
  • the field to which the hash method is applied in the related art is a perfect rectangular type, and therefore, the target field matches among all rules.
  • the fields to which the hash method is applied have an ANY value (including a prefix and a suffix). Therefore, the target fields of the respective rules do not always match. For this reason, it is difficult to increase the speed by applying the hash method in the conventional method. Therefore, the packet search device 10 according to the present embodiment presumes a binary tree table with ANY, and dynamically performs partial hash table conversion in accordance with a rule situation (for example, a tree situation).
  • FIG. 4 is a diagram illustrating an outline of the hash table conversion algorithm according to the present embodiment.
  • FIG. 4 corresponds to FIG. 3 described above, in which bits are defined in the horizontal axis direction and rules are defined in the vertical axis direction.
  • FIG. 5 is a diagram illustrating a specific example of the hash table conversion algorithm according to the present embodiment.
  • the order of rules is such that when a binary tree with ANY is created, if each node is 0, 1, A (ANY) from the top and a binary tree is created, the rules are ordered from the top down. Are arranged (S0).
  • the packet search device 10 matches the hash table T1 corresponding to the broken line frame A2 with the rule (shortest rule) R1 having the shortest end bit position among the rules having the same start bit position. create.
  • the start bit position includes not only the literal start position (for example, (1) in FIG. 4), but also the bit position immediately after the ANY value (for example, (2) in FIG. 4).
  • the end bit position includes not only the literal end position (for example, (3) in FIG. 4), but also the bit position immediately before the ANY value (for example, (4) in FIG. 4).
  • the packet search device 10 creates a hash table from the position to the next shortest rule.
  • the hash table corresponding to the broken line frame A3 is continuously created (S2). Thereafter, similar processing is repeatedly executed.
  • the hash table corresponding to the dashed-line frame A4 is not created because the number of branches of the original binary tree of the portion to be converted into the hash table is 2, which is 2 or less. Therefore, the binary tree method is adopted as it is (S3).
  • the number of branches is 2 or less.
  • the present invention is not limited to this, and may be a predetermined value N (for example, 3) or less.
  • N for example, 3
  • hash table conversion is executed unless the predetermined value N is 11 or more.
  • hash table conversion may be performed.
  • a normal search rule involves an ANY value, a prefix, and a suffix. Even in such a case, the efficiency of packet search can be realized by forming a hash table according to the following procedure.
  • FIG. 6 is a diagram for explaining a binary tree hash table conversion algorithm according to this embodiment. As shown in FIG. 6, in (1), a binary tree configuration is created from the start @ node as a starting point such that the branches are in the order of 0, 1, and A (any @ node) from the top.
  • bit position B1 is the start bit position of the hash table corresponding to the broken line frame A5.
  • bit position B2 is four bits after bit position B1, and bit position B3 before that becomes the end bit position of the hash table corresponding to broken line frame A5.
  • the hash table is not formed. This suppresses the application of an unnecessary hash method to a portion that does not contribute to speeding up, and enables more efficient packet search.
  • the number of searches by the binary tree method is log 2 (N) (N is the number of rules)
  • the number of rules is 19 in the example shown in FIG.
  • the number of times is log 2 (19) ⁇ 4.2.
  • the portions indicated by the dashed frames A5 to A9 in FIG. 6 are converted into a hash table
  • a maximum of three searches can be performed when the rule hit of 101101AA1 is hit. . Therefore, efficiency of packet search is realized.
  • the packet search device 10 includes the binary tree creating unit 11, the bit position determining unit 12, and the hash table creating unit 13.
  • the binary tree creating unit 11 creates a binary tree having a predetermined branch.
  • the bit position determination unit 12 determines a start bit position and an end bit position of hash table conversion for a part of the created binary tree.
  • the hash table creation unit 13 creates a hash table of a part of the binary tree from the determined start bit position to the end bit position and applies a hash method to the part. Since the hash method is generally faster than the binary tree method, the packet search device 10 can speed up the packet search within a range where the hash method can be applied.
  • the binary tree may include at least one of an ANY value, a prefix, and a suffix.
  • the binary tree creating unit 11 creates the binary tree so that the predetermined branching is in the order of 0, 1, and ANY value from the top, and the bit position determining unit 12 If a node of 0 or 1 or both 0 and 1 follows the starting point of the tree or the ANY value, the bit position is determined to be the starting bit position, and then another ANY value is set. Alternatively, when an end point appears, a bit position before the ANY value or the bit position of the end point may be determined as the end bit position.
  • the bit position determination unit 12 dynamically adjusts the hash table according to the configuration of the binary tree so as to avoid the ANY value in the binary tree and maximize the range of partial hash table conversion.
  • the start bit position and the end bit position of the conversion are determined. Accordingly, even when the search target field is not fixed (for example, when ANY is allowed in the rule), the high speed of the hash method can be utilized as much as possible.
  • the bit position determination unit 12 May be excluded from the target of the hash table conversion and the binary tree method may be applied as it is.
  • the bit position determination unit 12 also changes the target field on the rule side for obtaining a hash value from a packet so as to synchronize with the portion where hash table conversion is applied to the binary tree. This makes it possible to accurately and continuously target a portion of the binary tree for which high-speed processing is to be performed on the hash table.
  • the match field of the rule is not fixed by partially applying the hash method to the binary tree method (for example, ANY is added to the match field). , Prefix, suffix, etc.), it is possible to speed up the packet search.
  • the packet search technique according to the present embodiment presupposes a binary tree table with ANY, prefix, and suffix, and dynamically performs partial hash table conversion according to the rule situation.
  • the specification of the search rule is a flexible specification including an ANY value, a prefix, and a suffix in the match field, it is possible to partially apply the hash table and achieve high speed.
  • the packet search technique according to the present embodiment partially converts the binary tree into a hash table, it is possible to cope with not only the ANY value but also the case where a prefix or a suffix is allowed in the match field.
  • FIG. 7 is a diagram illustrating that information processing by the packet search program according to the present embodiment is specifically realized using the computer 100.
  • the computer 100 includes, for example, a memory 101, a CPU (Central Processing Unit) 102, a hard disk drive interface 103, a disk drive interface 104, a serial port interface 105, a video adapter 106, a network An interface 107 is provided, and these units are connected by a bus C.
  • a bus C for example, a bus C.
  • the memory 101 includes a ROM (Read Only Memory) 101a and a RAM (Random Access Memory) 101b.
  • the ROM 101a stores, for example, a boot program such as a BIOS (Basic Input Output System).
  • BIOS Basic Input Output System
  • the hard disk drive interface 103 is connected to the hard disk drive 108 as shown in FIG.
  • the disk drive interface 104 is connected to the disk drive 109 as shown in FIG.
  • a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 109.
  • the serial port interface 105 is connected to, for example, a mouse 110 and a keyboard 111 as shown in FIG.
  • the video adapter 106 is connected to, for example, a display 112 as shown in FIG.
  • the hard disk drive 108 stores, for example, an operating system (OS) 108a, an application program 108b, a program module 108c, program data 108d, binary tree data, and a hash table. That is, the packet search program according to the disclosed technology is stored in, for example, the hard disk drive 108 as a program module 108c in which an instruction to be executed by the computer 100 is described. Specifically, the program module 108c in which various procedures for executing the same information processing as each of the binary tree creating unit 11, the bit position determining unit 12, and the hash table creating unit 13 described in the above embodiment are described. Stored in the drive 108.
  • OS operating system
  • the program module 108c in which various procedures for executing the same information processing as each of the binary tree creating unit 11, the bit position determining unit 12, and the hash table creating unit 13 described in the above embodiment are described.
  • data used for information processing by the packet search program is stored in the hard disk drive 108 as program data 108d, for example. Then, the CPU 102 reads out the program module 108c and the program data 108d stored in the hard disk drive 108 to the RAM 101b as necessary, and executes the above various procedures.
  • the program module 108c and the program data 108d related to the packet search program are not limited to being stored in the hard disk drive 108, but are stored in, for example, a removable storage medium and read out by the CPU 102 via the disk drive 109 and the like. You may.
  • the program module 108c and the program data 108d related to the packet search program are stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.), and the network interface 107 And may be read by the CPU 102 via the
  • the components of the above-described packet search device 10 do not necessarily need to be physically configured as illustrated. That is, the specific mode of distribution / integration of each device is not limited to the illustrated one, and all or a part thereof may be functionally or physically distributed in arbitrary units according to various loads and usage conditions. ⁇ It can be integrated.
  • the bit position determining unit 12 and the hash table creating unit 13 may be integrated as one component.
  • the bit position determination unit 12 may be divided into a part that determines the start bit position and the end bit position of the hash table, and a part that changes the target field on the rule side.
  • the hard disk drive 108 storing the binary tree data and the hash table may be connected as an external device of the packet search device 10 via a network or a cable.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un dispositif de recherche de paquet (10) comprenant une unité de création d'arbre binaire (11), une unité de détermination de position de bit (12), et une unité de création de table de hachage (13). L'unité de création d'arbre binaire (11) crée un arbre binaire ayant une branche prédéterminée. L'unité de détermination de position de bit (12) détermine une position de bit de départ et une position de bit de fin pour la formation d'une table de hachage pour une partie de l'arbre binaire créé. L'unité de création de table de hachage (13) crée une table de hachage d'une partie de l'arbre binaire, pour une plage allant de la position de bit de départ déterminée à la position de bit de fin.
PCT/JP2019/028986 2018-07-26 2019-07-24 Dispositif de recherche de paquets, procédé de recherche de paquets et programme de recherche de paquets WO2020022374A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2018-140701 2018-07-26
JP2018140701A JP2020017147A (ja) 2018-07-26 2018-07-26 パケット検索装置、パケット検索方法、及びパケット検索プログラム

Publications (1)

Publication Number Publication Date
WO2020022374A1 true WO2020022374A1 (fr) 2020-01-30

Family

ID=69180791

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/028986 WO2020022374A1 (fr) 2018-07-26 2019-07-24 Dispositif de recherche de paquets, procédé de recherche de paquets et programme de recherche de paquets

Country Status (2)

Country Link
JP (1) JP2020017147A (fr)
WO (1) WO2020022374A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021166087A1 (fr) * 2020-02-18 2021-08-26 日本電信電話株式会社 Dispositif de recherche de paquets, procédé de recherche de paquets et programme de recherche de paquets

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6018524A (en) * 1997-09-09 2000-01-25 Washington University Scalable high speed IP routing lookups
US6212184B1 (en) * 1998-07-15 2001-04-03 Washington University Fast scaleable methods and devices for layer four switching

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6018524A (en) * 1997-09-09 2000-01-25 Washington University Scalable high speed IP routing lookups
US6212184B1 (en) * 1998-07-15 2001-04-03 Washington University Fast scaleable methods and devices for layer four switching

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WALDVOGELT, M. ET AL.: "Scalable high speed IP routing lookups, Proceedings of the ACM SIGCOMM", 97 CONFERENCE ON APPLICATIONS, TECHNOLOGIES, ARCHITECTURES, AND PROTOCOLS FOR COMPUTER COMMUNICATION, 14 September 1997 (1997-09-14), pages 25 - 36, XP058336841 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021166087A1 (fr) * 2020-02-18 2021-08-26 日本電信電話株式会社 Dispositif de recherche de paquets, procédé de recherche de paquets et programme de recherche de paquets

Also Published As

Publication number Publication date
JP2020017147A (ja) 2020-01-30

Similar Documents

Publication Publication Date Title
Zhou et al. High-performance packet classification on GPU
Wang et al. Namefilter: Achieving fast name lookup with low memory cost via applying two-stage bloom filters
US8478707B1 (en) System and method for reducing flow rules in forwarding tables
US20060221954A1 (en) Methods for performing packet classification
EP3276501B1 (fr) Procédé et dispositif de classification de trafic, et support de stockage
US10164884B2 (en) Search apparatus, search configuration method, and search method
Cho et al. Fast reconfiguring deep packet filter for 1+ gigabit network
WO2016184029A1 (fr) Procédés et appareils de stockage et de recherche prenant en charge une recherche de hachage et une recherche de routage, et support d'informations
JP5960863B1 (ja) 検索装置、検索方法、プログラム、及び記録媒体
WO2015127721A1 (fr) Procédé et appareil de mise en correspondance de de données et support de stockage informatique
JP6557334B2 (ja) アクセス分類装置、アクセス分類方法、及びアクセス分類プログラム
WO2020022374A1 (fr) Dispositif de recherche de paquets, procédé de recherche de paquets et programme de recherche de paquets
CN110505322A (zh) 一种ip地址段查找方法及装置
CN104679854B (zh) 路由表存储与查找方法
US20220109626A1 (en) Forwarding Rules Among Lookup Tables in a Multi-Stage Packet Processor
Kekely et al. Packet classification with limited memory resources
CN113726660B (zh) 一种基于完美哈希算法的路由查找器和方法
WO2021166087A1 (fr) Dispositif de recherche de paquets, procédé de recherche de paquets et programme de recherche de paquets
Vespa et al. Swm: Simplified wu-manber for gpu-based deep packet inspection
Alimohammadi et al. Clustering-based many-field packet classification in software-defined networking
WO2021024392A1 (fr) Dispositif de recherche de paquets, procédé de recherche de paquets et programme de recherche de paquets
JP6888234B2 (ja) 検索装置、検索プログラム、及び検索方法
JP2005242672A (ja) パターンマッチング装置および方法ならびにプログラム
WO2019160164A1 (fr) Dispositif, procédé et programme de recherche
JP4726310B2 (ja) 情報検索装置、情報検索用マルチプロセッサおよびルータ

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19841086

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19841086

Country of ref document: EP

Kind code of ref document: A1