Packet Classification

US 20150117461A1
Filed: 12/15/2014
Published: 04/30/2015
Est. Priority Date: 08/02/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

in a processor, building a decision tree structure including a plurality of nodes, each node representing a subset of a plurality of rules having at least one field; and

for at least one node of the decision tree, determining a number of cuts that may be made on each at least one field creating child nodes equal to the number of cuts and selecting a field on which to cut the at least one node based on a comparison of an average of a difference between an average number of rules per child node created and an actual number of rules per child node created per each at least one field.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A packet classification system, methods, and corresponding apparatus are provided for enabling packet classification. A processor of a security appliance coupled to a network uses a classifier table having a plurality of rules, the plurality of rules having at least one field, to build a decision tree structure including a plurality of nodes, the plurality of nodes including a subset of the plurality of rules. The methods may produce wider, shallower trees that result in shorter search times and reduced memory requirements for storing the trees.

Citations

21 Claims

1. A method comprising:
- in a processor, building a decision tree structure including a plurality of nodes, each node representing a subset of a plurality of rules having at least one field; and
  
  for at least one node of the decision tree, determining a number of cuts that may be made on each at least one field creating child nodes equal to the number of cuts and selecting a field on which to cut the at least one node based on a comparison of an average of a difference between an average number of rules per child node created and an actual number of rules per child node created per each at least one field.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the plurality of rules are stored in a classifier table.
  - 3. The method of claim 1 wherein determining the number of cuts is based on a maximum number of cuts for a given storage capacity.
  - 4. The method of claim 1 wherein selecting includes selecting the field on which to cut the at least one node into a number of child nodes based on the field being a field of the at least one field with the smallest average of the difference between an average number of rules per child node and an actual number of rules per child node.
  - 5. The method of claim 1 further comprising:
    - cutting the at least one node into a number of child nodes on the selected field; and
      
      storing the decision tree structure in a memory.
  - 6. The method of claim 5 wherein cutting includes cutting the at least one node in an event the at least one node has greater than a predetermined number of the subset of the plurality of rules.
  - 7. The method of claim 6 wherein the predetermined number is an adjustable number, and building includes controlling a depth of the decision tree structure by iteratively adjusting the predetermined number.
  - 8. The method of claim 7 wherein adjusting the predetermined number includes incrementing the predetermined number with increasing levels of the tree.
  - 9. The method of claim 5 wherein in an event cutting creates a plurality of child nodes and only one child node has a subset of the plurality of rules, storing at the at least one node an identifier of a field of the at least one field and a number of bits of the field of the at least one field to skip upon traversing the node to obtain a rule match.
  - 10. The method of claim 9 wherein the number of bits of the field of the at least one field to skip is the same number as a number of bits used to cut the at least one node.

11. An apparatus comprising:
- a memory;
  
  a processor coupled to the memory, the processor configured to build a decision tree structure including a plurality of nodes, each node representing a subset of a plurality of rules having at least one field; and
  
  the processor further configured to determine, for at least one node of the decision tree, a number of cuts that may be made on each at least one field creating child nodes equal to the number of cuts and to select a field on which to cut the at least one node based on a comparison of an average of a difference between an average number of rules per child node created and an actual number of rules per child node created per each at least one field.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The apparatus of claim 11 wherein the processor is further configured to determine the number of cuts based on a maximum number of cuts for a given storage capacity.
  - 13. The apparatus of claim 11 wherein the processor is further configured to select the field on which to cut the at least one node into a number of child nodes based on the field being a field of the at least one field with the smallest average of the difference between an average number of rules per child node and an actual number of rules per child node.
  - 14. The apparatus of claim 11 wherein the processor is further configured to cut the at least one node into a number of child nodes on the selected field and to store the decision tree structure in the memory.
  - 15. The apparatus of claim 14 wherein the processor is further configured to cut the at least one node in an event the at least one node has greater than a predetermined number of the subset of the plurality of rules.
  - 16. The apparatus of claim 15 wherein the predetermined number is an adjustable number, and wherein the processor is further configured to control a depth of the decision tree structure by iteratively adjusting the predetermined number.
  - 17. The apparatus of claim 16 wherein adjusting the predetermined number includes incrementing the predetermined number with increasing levels of the tree.
  - 18. The apparatus of claim 14 wherein in an event cutting creates a plurality of child nodes and only one child node has a subset of the plurality of rules, the processor is further configured to store at the at least one node an identifier of a field of the at least one field and a number of bits of the field of the at least one field to skip upon traversing the node to obtain a rule match and the number of bits of the field of the at least one field to skip is the same number as a number of bits used to cut the node.

19. A non-transitory computer-readable medium having encoded thereon a sequence of instructions which, when executed by a processor, causes the processor to:
- build a decision tree structure including a plurality of nodes, each node representing a subset of a plurality of rules having at least one field;
  
  determine, for at least one node of the decision tree, a number of cuts that may be made on each at least one field creating child nodes equal to the number of cuts;
  
  select a field on which to cut the at least one node based on a comparison of an average of a difference between an average number of rules per child node created and an actual number of rules per child node created per each at least one field;
  
  cut the at least one node into a number of child nodes on the selected at least field; and
  
  store the decision tree structure.

20. A method comprising:
- in a processor, building a decision tree structure including a plurality of nodes, each node representing a subset of a plurality of rules having at least one field; and
  
  for at least one node of the decision tree, determining a number of cuts that may be made on each at least one field creating child nodes equal to the number of cuts and selecting a field on which to cut the at least one node.

21. An apparatus comprising:
- a memory;
  
  a processor coupled to the memory, the processor configured to build a decision tree structure including a plurality of nodes, each node representing a subset of a plurality of rules having at least one field; and
  
  the processor further configured to determine, for at least one node of the decision tree, a number of cuts that may be made on each at least one field creating child nodes equal to the number of cuts and to select a field on which to cut the at least one node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marvell Asia Pte Limited (Marvell Technology Group Limited)
Original Assignee
Cavium, LLC (Marvell Technology Group Limited)
Inventors
Goyal, Rajan, Bullis, Kenneth A., Billa, Satyanarayana Lakshmipathi

Granted Patent

US 9,191,321 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/392
CPC Class Codes

G06F 11/203   using migration

G06F 12/00   Accessing, addressing or al...

G06F 12/0207   with multidimensional acces...

G06F 12/04   Addressing variable-length ...

G06F 12/06   Addressing a physical block...

G06F 12/0623   for memory modules

G06F 12/0802   Addressing of a memory leve...

G06F 12/0868   Data transfer between cache...

G06F 12/126   with special data handling,...

G06F 13/16   for access to memory bus G0...

G06F 13/1642   with request queuing

G06F 3/0629   Configuration or reconfigur...

G06F 3/0647   Migration mechanisms

G06F 9/46   Multiprogramming arrangements

G06F 9/5016   the resource being the memory

G06F 9/5027   the resource being a machin...

G06N 5/02   Knowledge representation; S...

G06N 5/027   Frames

G11C 7/1075   for multiport memories each...

H04L 43/18   Protocol analysers

H04L 45/742 : Route cache; Operation thereof

H04L 45/745 : Address table lookup; Addre...

H04L 45/7452 : Multiple parallel or consec...

H04L 47/2441 : relying on flow classificat...

H04L 47/39 : Credit based

H04L 63/0227 : Filtering policies mail mes...

H04L 63/0263 : Rule management

H04L 63/06 : for supporting key manageme...

H04L 63/10 : for controlling access to d...

H04L 67/10 : in which an application is ...

H04L 69/02 : Protocol performance

H04L 69/22 : Parsing or analysis of headers

Y02B 70/30 : Systems integrating technol...

Y02D 10/00 : Energy efficient computing,...

View All

Packet Classification

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Packet Classification

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links