Lattice: A Scalable Layer-Agnostic Packet Classification Framework
Sameer Agarwal and Mosharaf Chowdhury and Dilip Joseph and Ion Stoica
EECS Department, University of California, Berkeley
Technical Report No. UCB/EECS-2011-96
August 24, 2011
http://www2.eecs.berkeley.edu/Pubs/TechRpts/2011/EECS-2011-96.pdf
Despite widespread application, packet classification is implemented and deployed in an ad-hoc manner at different layers of the protocol stack. Moreover, high speed packet classification, in presence of a large number of classification rules, is both resource and computation intensive. We propose a scalable layer-agnostic packet classification framework (Lattice) that generalizes classifier design and enables offloading part of computation and memory requirements to collaborators (e.g., end hosts). Lattice eliminates per-packet classification and per-flow states in classifiers to increase scalability and decreases vulnerability to state-based DoS attacks. Furthermore, Lattice is incentive compatible in that collaborators cannot get better service by lying, and it incentivizes deployment by giving preferential treatment to packets carrying Lattice-related information. Finally, Lattice-enabled classifiers remain semantically equivalent to their unmodified counterparts. To evaluate Lattice, we have built a prototype using the Click software router and implemented multiple Lattice-enabled classifiers. Lattice-enabled firewalls perform at least 2X faster than unmodified counterparts and scale well with the increasing number of classification rules.
BibTeX citation:
@techreport{Agarwal:EECS-2011-96,
Author= {Agarwal, Sameer and Chowdhury, Mosharaf and Joseph, Dilip and Stoica, Ion},
Title= {Lattice: A Scalable Layer-Agnostic Packet Classification Framework},
Year= {2011},
Month= {Aug},
Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2011/EECS-2011-96.html},
Number= {UCB/EECS-2011-96},
Abstract= {Despite widespread application, packet classification is implemented and deployed in an ad-hoc manner at different layers of the protocol stack. Moreover, high speed packet classification, in presence of a large number of classification rules, is both resource and computation intensive. We propose a scalable layer-agnostic packet classification framework (Lattice) that generalizes classifier design and enables offloading part of computation and memory requirements to collaborators (e.g., end hosts). Lattice eliminates per-packet classification and per-flow states in classifiers to increase scalability and decreases vulnerability to state-based DoS attacks. Furthermore, Lattice is incentive compatible in that collaborators cannot get better service by lying, and it incentivizes deployment by giving preferential treatment to packets carrying Lattice-related information. Finally, Lattice-enabled classifiers remain semantically equivalent to their unmodified counterparts. To evaluate Lattice, we have built a prototype using the Click software router and implemented multiple Lattice-enabled classifiers. Lattice-enabled firewalls perform at least 2X faster than unmodified counterparts and scale well with the increasing number of classification rules.},
}
EndNote citation:
%0 Report %A Agarwal, Sameer %A Chowdhury, Mosharaf %A Joseph, Dilip %A Stoica, Ion %T Lattice: A Scalable Layer-Agnostic Packet Classification Framework %I EECS Department, University of California, Berkeley %D 2011 %8 August 24 %@ UCB/EECS-2011-96 %U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2011/EECS-2011-96.html %F Agarwal:EECS-2011-96