A New TCAM Architecture for Managing ACL in Routers

IEICE Transactions on Communications (Impact Factor: 0.23). 11/2010; 93-B(11):3004-3012. DOI: 10.1587/transcom.E93.B.3004
Source: DBLP

ABSTRACT Ternary Content Addressable Memory (TCAM) is a special type of memory used in routers to achieve high speed packet forwarding and classification Packet forwarding is done by referring to the rules written in the routing table whereas packet classification is performed by referring to the rules in the Access Control List (ACL) TCAM uses more transistors than Random Access Memory (RAM) resulting in high power consumption and high production cost Therefore it is necessary to re duce the entries written in the TCAM to reduce the transistor count In this paper we propose a new TCAM architecture by using Range Matching Devices (RMD) integrated within the TCAM s control logic with an optimized prefix expansion algorithm The proposed method reduces the number of entries required to express ACL rules especially when specifying port ranges With less than 10 RMDs the total number of lines required to write port ranges in the TCAM can be reduced to approximately 50%

Download full-text


Available from: Shingo Ata, Sep 27, 2015
68 Reads
  • [Show abstract] [Hide abstract]
    ABSTRACT: The coexistence of range-based and prefix-based fields within the filtering policy is one of the most important causes that make the packet filtering problem difficult to solve and the proposed hybrid solutions hard to implement. In general, a packet filter must support rule sets involving any conditions and it must be able to scale the number of rules, the number of fields, and the field sizes that it supports in order to avoid being outdated by future Internet developments. Since the prefix-based solutions are the most efficient in practice, we try to efficiently incorporate ranges in such data structures using the new concept of signed prefixes that helps to guarantee homogeneity when matching on multiple packet header fields of distinct types. The proposed two-staged prefix-based model is able to achieve good performance in a practical environment and it scales well as the filtering list size increases and contains a large variety of range specifications. The proposed packet filtering model gives a worst case time complexity of O((log2(w))2)O((log2(w))2) and a worst case space complexity of O(Nwlog2(w))O(Nwlog2(w)) in the case of performing a binary search on each stage with N the size of the filtering table and w the size of packet header field to be inspected.
    Computer Networks 09/2012; 56(13):3055–3064. DOI:10.1016/j.comnet.2012.04.030 · 1.26 Impact Factor