Small forwarding tables for fast routing lookups
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Faster IP lookups using controlled prefix expansion
SIGMETRICS '98/PERFORMANCE '98 Proceedings of the 1998 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
Fast and scalable layer four switching
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
High-speed policy-based packet forwarding using efficient multi-dimensional range matching
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Packet classification using tuple space search
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Packet classification on multiple fields
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Deriving traffic demands for operational IP networks: methodology and experience
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Scalable packet classification
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
SODA '03 Proceedings of the fourteenth annual ACM-SIAM symposium on Discrete algorithms
Approximating Min-sum Set Cover
APPROX '02 Proceedings of the 5th International Workshop on Approximation Algorithms for Combinatorial Optimization
Packet classification using multidimensional cutting
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Fast Firewall Implementations for Software and Hardware-Based Routers
ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
Adaptive ordering of pipelined stream filters
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Learn more, sample less: control of volume and variance in network measurement
IEEE Transactions on Information Theory
Algorithms for packet classification
IEEE Network: The Magazine of Global Internetworking
Dynamic rule-ordering optimization for high-speed firewall filtering
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Traffic-Adaptive Packet Filtering of Denial of Service Attacks
WOWMOM '06 Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks
Protecting TCP services from denial of service attacks
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Packet classification using coarse-grained tuple spaces
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Wire speed packet classification without tcams: a few more registers (and a bit of logic) are enough
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Compressing rectilinear pictures and minimizing access control lists
SODA '07 Proceedings of the eighteenth annual ACM-SIAM symposium on Discrete algorithms
A processing path dispatcher in network processor MPSoCs
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Analysis of firewall policy rules using traffic mining techniques
International Journal of Internet Protocol Technology
Leveraging parallelism for multi-dimensional packetclassification on software routers
Proceedings of the ACM SIGMETRICS international conference on Measurement and modeling of computer systems
EffiCuts: optimizing packet classification for memory and throughput
Proceedings of the ACM SIGCOMM 2010 conference
Synthetic security policy generation via network traffic clustering
Proceedings of the 3rd ACM workshop on Artificial intelligence and security
Two-level cache architecture to reduce memory accesses for IP lookups
Proceedings of the 23rd International Teletraffic Congress
SyFi: a systematic approach for estimating stateful firewall performance
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
Firewall packet filtering optimization using statistical traffic awareness test
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
| Hi-index | 0.00 |
Packet classification, although extensively studied, is an evolving problem. Growing and changing needs necessitate the use of larger filters with more complex rules. The increased complexity and size pose implementation challenges on current hardware solutions and drive the development of software classifiers, in particular, decision-tree based classifiers. Important performance measures for these classifiers are time and memory due to required high throughput and use of limited fast memory.We analyze Tier 1 ISP data that includes filters and corresponding traffic from over a hundred edge routers and thousands of interfaces. We provide a comprehensive view on packet classification in an operational network and glean insights that help us design more effective classification algorithms.We propose and evaluate decision tree classifiers with common branches. These classifiers have linear worst-case memory bounds and require much less memory than standard decision tree classifiers, but nonetheless, we show that on our data have similar average and worst-case time performance. We argue that common-branches exploit structure that is present in real-life data sets.We observe a strong Zipf-like pattern in the usage of rules in a classifier, where a very small number of rules resolves the bulk of traffic and most rules are essentially never used. Inspired by this observation, we propose traffic-aware classifiers that obtain superior average-case and bounded worst-case performance. Good average-case can boost performance of software classifiers that can be used in small to medium sized routers and are also important for traffic analysis and traffic engineering.