Document Type

Technical Report

Publication Date

2004-07-06

Filename

wucse-2004-39.pdf

DOI:

10.7936/K7XP7380

Technical Report Number

WUCSE-2004-39

Abstract

TCAMs are the most popular practical approach to high performance packet classifica-tion, but they suffer from inefficient handling of range matches; the standard approach of rule replication can result in a 2-6x increase in TCAM words needed, for typical firewall databases. We describe three CMOS implementations of a range check circuit to address this problem; the most efficient of these designs allows classification on the standard IPv4 5-tuple with only a 46% increase in transistor count, rather than relying on rule replication. By avoiding replication, the overall transistor count required is only 24% to 78% of the stan-dard TCAM design, for real filter databases used in this study; power dissipation is reduced similarly. Also, range check support greatly simplifies creation and maintenance of the TCAM contents, since there is now a one-to-one correspondence between filters and TCAM entries. Additionally, we show how to construct a more versatile device using range-check sub-fields that can be chained together as needed.

Comments

Permanent URL: http://dx.doi.org/10.7936/K7XP7380

Download

Share

COinS