Despite widespread application, packet classification is implemented and deployed in an ad-hoc manner at different layers of the protocol stack. Moreover, high speed packet classification, in presence of a large number of classification rules, is both resource and computation intensive. We propose a scalable layer-agnostic packet classification framework (Lattice) that generalizes classifier design and enables offloading part of computation and memory requirements to collaborators (e.g., end hosts). Lattice eliminates per-packet classification and per-flow states in classifiers to increase scalability and decreases vulnerability to state-based DoS attacks. Furthermore, Lattice is incentive compatible in that collaborators cannot get better service by lying, and it incentivizes deployment by giving preferential treatment to packets carrying Lattice-related information. Finally, Lattice-enabled classifiers remain semantically equivalent to their unmodified counterparts. To evaluate Lattice, we have built a prototype using the Click software router and implemented multiple Lattice-enabled classifiers. Lattice-enabled firewalls perform at least 2X faster than unmodified counterparts and scale well with the increasing number of classification rules.




Download Full History