Run-Based Trie Involving the Structure of Arbitrary Bitmask Rules


IEICE TRANSACTIONS on Information and Systems   Vol.E98-D   No.6   pp.1206-1212
Publication Date: 2015/06/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2013EDP7087
Type of Manuscript: PAPER
Category: Information Network
packet classification,  hierarchical trie,  decision tree,  arbitrary bitmask,  theoretical analysis,  

Full Text: PDF(701.5KB)>>
Buy this Article

Packet classification is a fundamental task in the control of network traffic, protection from cyber threats. Most layer 3 and higher network devices have a packet classification capability that determines whether to permit or discard incoming packets by comparing their headers with a set of rules. Although linear search is an intuitive implementation of packet classification, it is very inefficient. Srinivasan et al. proposed a novel lookup scheme using a hierarchical trie instead of linear search, which realizes faster packet classification with time complexity proportional to rule length rather than the number of rules. However, the hierarchical trie and its various improved algorithms allow only single prefix rules to be processed. Since it is necessary for layer 4 and higher packet classifications to deal with arbitrary bitmask rules in the hierarchical trie, we propose a run-based trie based on the hierarchical trie, but extended to deal with arbitrary bitmask rules. Our proposed algorithm achieves O((dW)2) query time and O(NdW) space complexity with N rules of length dW. The query time of our novel alrorithm doesn't depend on the number of rules. It solves the latency problem caused by increase of the rules in firewalls.