An Efficient Conflict Detection Algorithm for Packet Filters

Chun-Liang LEE  Guan-Yu LIN  Yaw-Chung CHEN  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E95-D   No.2   pp.472-479
Publication Date: 2012/02/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E95.D.472
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Architectures, Protocols, and Applications for the Future Internet)
Category: 
Keyword: 
packet classification,  conflict detection,  tuple space search,  

Full Text: PDF(484.2KB)>>
Buy this Article




Summary: 
Packet classification is essential for supporting advanced network services such as firewalls, quality-of-service (QoS), virtual private networks (VPN), and policy-based routing. The rules that routers use to classify packets are called packet filters. If two or more filters overlap, a conflict occurs and leads to ambiguity in packet classification. This study proposes an algorithm that can efficiently detect and resolve filter conflicts using tuple based search. The time complexity of the proposed algorithm is O(nW +s), and the space complexity is O(nW), where n is the number of filters, W is the number of bits in a header field, and s is the number of conflicts. This study uses the synthetic filter databases generated by Class-Bench to evaluate the proposed algorithm. Simulation results show that the proposed algorithm can achieve better performance than existing conflict detection algorithms both in time and space, particularly for databases with large numbers of conflicts.