CutSplit: A Decision-Tree Combining Cutting and Splitting for Scalable Packet Classification Wenjun Li † , Xianfeng Li † , Hui Li †* and Gaogang Xie § † School of Electronic and Computer Engineering, Peking University, China, § ICT, CAS, China wenjunli@pku.edu.cn, lixianfeng@pkusz.edu.cn, lih64@pku.edu.cn, xie@ict.ac.cn Abstract—Efficient algorithmic solutions for multi-field packet classification have been a challenging problem for many years. This problem is becoming even worse in the era of Software Defined Network (SDN), where flow tables with increasing complexities are playing a central role in the forwarding plane of SDN. In this paper, we first conduct an unprecedented in-depth reasoning on issues that led to the unsuccess of the major quests for scalable algorithmic solutions. With the insights obtained, we propose a practical framework called CutSplit, which can exploit the benefits of cutting and splitting techniques adaptively. By addressing the central problem caused by uncontrollable rule replications suffered by the major efforts, CutSplit not only pushes the performance of algorithmic packet classification more closely to hardware-based solutions, but also reduces the memory consumption to a practical level. Moreover, our work achieves low pre-processing time for rule updates, a problem that has long been ignored by previous decision-trees, but is becoming more relevant in the context of SDN due to frequent updates of rules. Experimental results show that using ClassBench, CutSplit achieves a memory reduction over 10 times, as well as 3x improvement on performance in terms of the number of memory access on average. Keywords—Packet Classification; OpenFlow; Decision Tree; Algorithm; Firewall I. INTRODUCTION Modern network devices provide services beyond basic packet forwarding, such as security, policy routing and Quality of Service (QoS). Packet classification is the core functionality for supporting these services. The purpose of packet classification is to find a matching rule from a packet classifier for each incoming packet, and apply a corresponding action to the packet. A packet classifier is a set of rules, with each rule consisting of a tuple of field values (exact value, prefix or range) and an action to be taken in case of a matching. An example 12-tuple OpenFlow [1] classifier is shown in Table I. As the bottleneck of advanced forwarding, packet classification has attracted research attentions for almost two decades. Current packet classifications can be categorized broadly into two major approaches: architectural and algorithmic [2][3][4]. Architectural approaches based on Ternary Content Addressable Memory (TCAM) have been the dominated implementation of packet classification in industry. Although TCAM enables parallel lookups on rules for line-speed classification, it is expensive, area-inefficient and power- hungry, which seriously limit its scalability. During the past decade, a lot methods and algorithms had been proposed to alleviate these problems, such as classifier minimization [5][6][7][8], range encoding [9][10][11][12][13], circuit modification [13][14] and pre-classifier [15][16]. However, due to inherent limitations of TCAM, the TCAM capacity is not expected to increase significantly in the near future [4]. Worse still, with the deployment of SDN/NFV based applications, the number of rule fields and size of classifiers are increasing dramatically, outpacing the TCAM capacity evolution. For example, current OpenFlow Switch examines more than 15 fields to categorize packets into different flows, and this number is expected to grow in the future [17]. Thus, multi-field packet classification has become even more prominent and challenging than ever. Recently, researchers have been actively investigating less expensive, more energy-efficient and more scalable algorithmic alternatives to TCAM-based hardware solutions, such as hash- based algorithms [17][36][39], hardware-assisted schemes [19][20][21][37] and decision-tree techniques [18][22][24][25]. Among them, decision-tree has been recognized as one of the most promising approaches, since they can be well applied to rules with more fields and pipelined for high classification throughput [26]. In general, there have been two major threads of research building decision-trees: equal-sized cutting and equal-dense splitting. Cutting based schemes, such as HiCuts [27] and HyperCuts [28], separate the searching space into many equal-sized sub-spaces using local optimizations. But both schemes have the same rule replication problems, especially for large rule sets. EffiCuts [22], a well-known cutting scheme, significantly reduces memory overhead of previous cutting algorithms by separating rules into at most 2 F subsets for F-tuple classifiers. As an improvement, HybridCuts [24] achieves a significant reduction on the number of subsets, which in turn reduces the overall memory accesses. In contrast, HyperSplit [29], a well-known splitting scheme, splits the searching space into two unequal-sized sub-spaces that contain nearly equal number of rules. To achieve better scalability for different rule sets, SmartSplit [25] separates rules into a few subsets to build balanced trees dynamically. However, as far as we know, seldom of these state-of-the-art approaches can make an excellent trade-off among storage, performance and updating, which seriously limit their scalability. In this paper, we first seek to understand the reasons behind the difficulty in designing scalable decision-trees for multi- ———————————————— Hui Li is also with the Shenzhen Key Lab of Information Theory & Future Network Architecture, Future Network PKU Lab of National Major Research Infrastructure, Shenzhen Engineering Lab of Converged Networking Technology, Huawei & PKU Jointly Engineering Lab of Future Network Based on SDN and the PKU Institute of Big Data Technology, Shenzhen Graduate School, Peking University, China.