2011 IEEE 12th International Conference on High Performance Switching and Routing
NAF Conversion: An Efficient Solution for the
Range Matching Problem in Packet Filters
Nizar Ben Neji, Adel Bouhoula
Higher School of Communications of Tunis (SupCom),
University of Carthage,
City of Communications Technologies, 2083, Ariana, Tunisia
E-mail: {nizar.benneji, adel.bouhoula}@supcom.rnu.tn
In this paper, we propose a novel technique of conversion
based on the NAF concept which allows us to convert an
arbitrary range into an optimal set of signed prefixes. The
trivial technique of the range to prefix conversion expands
a given interval into a set of consecutive elementary ranges
(standard prefixes) as follows:
Abstract—The coexistence of range based and prefix based
fields within the filtering rules is one of the most important
cause that makes the packet classification problem difficult to
resolve and the proposed hybrid solutions hard to implement.
How to effectively support such complex filtering rules is really
a challenge. Most of the cases range-based fields need to be
converted into a set of standard prefixes. Actually, there is a
manifested need to have new expressive conversion techniques
to process efficiently multiple type of conditions. In this context,
the problem of limited scalability is encountered and must be
resolved to avoid the range to prefix blowout. In this paper,
we propose the NAF conversion technique (Non-adjacent form)
which is able to expand an arbitrary range or multiple ranges
into an optimal set of signed prefixes. The proposed technique
is flexible enough and let us the possibility to reach a better
compression ratio than the previous proposed solutions.
[1, 15] = [1, 1] + [2, 3] + [4, 7] + [8, 15]
| {z }
|{z} |{z} |{z} | {z }
15
2
4
8
Using the NAF format, the length 15 of the
range [1, 15]
can be expressed as follows (15)10 = 10001 NAF = 16 − 1,
where 1 stands for −1. Hence, an optimized representation of
the range [1, 15] can be viewed as follows:
Keywords—range matching; non-adjacent form; packet filter;
security policy.
[1, 15] = −[0, 0] + [0, 15]
|{z} | {z }
1
I. I NTRODUCTION
Due to ever increasing of the links speed and due to the
complexity of the security needs, the packet classification
problem becomes more and more difficult to be resolved
in an efficient time and with a low memory cost. Packet
classification is the process of determining the corresponding
class of an incoming packet. Classes are assigned by the rules
composed of several packet header fields of distinct types.
Therefore, we perform the same action for all packets that
belong to the same class. Hence, the packet classification
problem can be essentially divided into three main elementary
problems: the exact matching problem, the prefix matching
problem and the range matching problem. In this paper, we
deal with prefix-based solutions and for this reason some
transformations are necessary to guarantee the homogeneity
when matching on multiple fields. The available solutions
usually require that the filtering rules must be written only
in prefix format and they are not well-suited for representing
rules that contain interval fields, such as source and destination
ports, source and destination IP addresses, packet length and
other range-based packet header fields. In fact, the traditional
technique to solve the range representation is the direct range
to prefix expansion in which a range is converted into a set
of standard prefixes. By the way, a single rule may require
multiple memory entries and in this context we should mention
that memory accesses are expensive and they are the dominant
factor in determining the worst case execution time.
978-1-4244-8456-0/11/$26.00 ©2011 IEEE
1
= 0001 + 001 ? +01 ? ? + 1 ? ??
16
= −0000 + ? ? ??
The proposed solution improves considerably the performance of the packet classifiers since it can slow down the
growth of the classifiers tables due to the presence of range
based fields. To the best of our knowledge, no other work in
the literature treat the mapping between the two problems: the
non-adjacent form of numbers and the non-adjacent conversion
of ranges into an optimal set of signed prefixes.
The rest of this paper is organized as follows. The preliminaries and related works are discussed in Section II. Section
III then introduces the NAF conversion technique and the
resolving process. Section IV gives an evaluation performance
of the proposed work, and, finally, Section V closes the paper.
II. S TATE OF A RT
A. Range Matching Problem
In packet classification, the storage inefficiency and the filtering complexity occurs, in almost cases, due to the presence
of ranges in some rule fields (e.g., source and destination port
numbers). These arbitrary ranges need to be usually converted
into standard prefixes especially when dealing with prefix
based solutions. The traditional solution for storing ranges
is based on the use of the direct range-to-prefix conversion
(DRPC) which individually converts each range into multiple
prefixes.
24
In [1] and [2], the authors give efficient direct range-toprefix conversion algorithms. In the worst case, the w-bit range
[1 , 2w − 2] is split into 2w − 2 prefixes as mentioned in [3].
As a result, this conversion leads to replace each single rule
with several memory entries, each covering a portion of the
desired range. For example, the 4-bit worst case range [1, 14]
requires 6 prefixes as follows:
0001 [1 , 1]
001? [2 , 3]
01 ? ? [4 , 7]
[1, 14] =
10 ? ? [8 , 11]
110? [12 , 13]
1110 [14 , 14]
Figure 1.
If a rule contains two w-bit range fields with range specifications, it would require as many as 4 (w − 1)2 prefixes. As
observed by [3], 900 memory entries are needed in the worst
case for a single rule including two 16-bit range fields. In this
context, we should mention that the worst case conversion
of a set of m w-bit ranges is O (mw) [2]. The naive way
to solve the range matching problem can lead to significant
expansion in the space required to represent a filter that may
contain a large variety of range specifications, an overview of
the most used filtering fields and common range conditions are
given in [4]. Indeed, as mentioned by [5], today’s classification
databases contain around 300 unique ranges and this number
is anticipated to continue to grow in the future.
An other well known technique for resolving the range
matching problem specially in TCAM solutions is the range
to ternary strings conversion. A ternary strings t is of the
form b1 b2 · · · bw with b j ∈ {0, 1, ?}. Converting an arbitrary
range into a minimum number of ternary strings is the
Boolean expression minimization problem as shown in [6].
This technique gives 2w − 4 overlapping ternary strings. For
better illustration of the conversion problem, we can use
Karnaugh map technique (K-map) as a visual diagram to show
all possibilities as shown in Figure 1. The K-map rule is to
minimize the number of grouping and to maximize their sizes.
Hence, the range [1 , 14] can be expressed using only 4 ternary
strings in 4 manners as follows:
?10?
0 ? ?1
[1, 14] =
10 ? ?
? ? 10
?1 ? 0
10 ? ?
=
? ? 01
0 ? 1?
01 ? ?
1 ? 0?
=
?0 ? 1
? ? 10
All possible K-map illustrations of the 4-bit range [1, 14]
usually belong to the same protocol such as the File Transfer
Protocol (FTP) which use port 21 as command port and port
20 (not always) as data port, the Simple Network Management
Protocol (SNMP) which use port numbers 161 and 162 and
[6000-6063] for the X Window System and many other
reserved ports. The second category includes larger ranges
than the first one and these ranges are usually related to some
specific applications of messaging, conferencing, audio, video
and games, see Table II. The third category includes wide
ranges such as [0,1023], [1024,49151] and [49152,65535] that
represent respectively well-known ports, registered ports and
dynamic (or private) ports. In addition, we could also say that
the range [1024,65535] belongs to this category since it’s the
most used one.
Similarly, IP source and destination addresses can be specified
by the system administrators as arbitrary ranges because most
of the times we want to express blocks of addresses that do not
fall precisely on CIDR boundaries of the form A.B.C.D/n [10].
In addition, we can say that due the complexity of the security
needs not only port source, port destination, IP source and
IP destination addresses are concerned by the range matching
problem. In many packet classifiers such as Intrusion Detection
Systems (IDS), we use new range fields such as the 16-bit
packet-length field which defines the length of the packet in
octets. This field can be used to filter the incoming packets
according to their sizes for example we can make restriction
for packets that have a size in [1-254]. In addition to that, the
time based filtering available in some packet filtering solutions
is also considered as range based filtering: under schedules,
we specify the From and To time in 24 hour format and then
we specify the From and To days of the week over which the
rule should be enforced.
01 ? ?
1 ? ?0
=
? ? 01
?01?
It can be noted that the Boolean expression minimization
is an NP-complete problem which an efficient exact algorithm
is difficult to find. As shown in [7] and [8], Espresso-II is a
fast and efficient heuristic algorithm used in practice. In [6],
the authors give an efficient linear time solution to find the
minimum Boolean expression for a range.
Port numbers are defined by the Internet Assigned Numbers
Authority (IANA) [9], according to their allocation; we can
divide port numbers into three categories of port ranges:
The first category include small ranges for port numbers that
B. Non-Adjacent Form
Every integer n has a unique non-adjacent form (NAF).
NAF is a signed binary representation (SBR) of length k and
k−1
of the form n = ∑ ai 2i where the digits are in {−1, 0, 1}
i=0
satisfying the property that ai × ai+1 = 0, it means that at least
50% are zero bits. The more interesting properties of NAF
representation is that it is unique and with minimal non zero
bits [21]. The main goal is to optimize the hamming weight
25
Table I
E QUIVALENT P REFIX N OTATIONS
k−1
of an integer hammingWeight(n) = ∑ |ai |. For example the
i=0
binary representation of 47 is 101111 = 32 + 8 + 4 + 1 and the
NAF form is 1010001 = 64 − 16 − 1 where 1 denotes −1.
Initially, the NAF technique has been widely used to improve the arithmetic operations. Booth introduced in [11] a
new optimized technique for multiplying integers based on
this representation but the given form in his work is not
necessary one with the minimum non-zero bits: to speed up
the multiplication, one of the operands is replaced with a
{−1, 0, 1}radix 2 representation.
The signed binary representations were first investigated
in the context of digital hardware by Reitwiesner [12] and
Avizienis [13]. Reitwiesner gave an algorithm for identifying
the canonical signed-binary representation in which no two
adjacent digits are non-zero. Over the years, many algorithms
were introduced by several authors [14], [15], [16] and the
technique for identifying all minimal signed-binary representations, not just the canonical, was discovered by Ganesan
and Manku [17]. In [18], the author generate the list of all
minimal signed binary representations in a constant amortized
time. This strategy has been exploited in [19], and has several
applications in elliptic cryptosystems [20]. In [21] Morain and
Olivos show that the additive abelian group formed from the
points on an elliptic curve over a finite field is another example
where signed-digit representations are very useful.
In our work, we prove that the NAF technique is again
very usefull in the context of packet filtering. The benefits of
adopting the NAF representation to resolve the range matching
problem in packet classification are detailed in this work.
No prior work to our contribution do the mapping between
an optimal conversion of an arbitrary range into prefixes
and the minimum hamming weight obtained by the NAF
representation of an integer.
•
•
•
•
Ternary format:
b1 · · · bk ∗1 · · · ∗w−k
Short format:
(b1 · · · bk 01 · · · 0w−k /k)CIDR
Mask format:
b1 · · · bk 01 · · · 0w−k /11 · · · 1k 01 · · · 0w−k
A w-bit prefix is special case of the ternary string
t = b1 b2 · · · bw with b j ∈ {0, 1, ?} since it consists of a
combination of 0s and 1s followed by a set of arbitrary
bits {0, 1}k {?}w−k . It represents a power of 2 range
having 2w−k as a width as shown in Table I.
An elementary w-bit range can be written using a single
w-bit prefix. For example the block of 256 addresses starting from 192.168.100.0 to 192.168.100.255 is an elementary range because it can be written using 192.168.100.∗
or 192.168.100.0/24. All other possibilities of blocks
are considered as arbitrary ranges since they do not fall
precisely on CIDR boundaries.
The possible widths of
elementary ranges are in 2i 0≤i≤w .
Adjacent ranges: Two w-bit ranges [l1 , u1 ] and [l2 , u2 ]are
adjacent if l2 = u1 + 1.
Consecutive elementary ranges: Two elementary ranges
[l1 , u1 ] and [l2 , u2 ] are consecutive if they are adjacent
and they have same widths or consecutive power of 2
widths. Suppose that width1 = u1 − l1 and width2 = u2 −
l2 , if width1 is of the form 2i then width2 is consecutive
if it is of the form 2i−1 or 2i+1 . In an other way, we can
say that two consecutive ranges satisfies the following
condition:
|width1 − width2 | = min (width1 , width2 )
III. P ROPOSED T ECHNIQUE
The problem of prefix based solutions in packet classification is the range to prefix conversion. The difficulty lies in
the fact that multiple memory entries have to be allocated to
represent a rule with ranges. For example the specification of
the form ‘gt 1023’ occurs in about 9% of the rules and it
requires six separate prefixes (1024-2047, 2048-4095, 40968191, 8192-16383, 16384-32767, 32768-65535) resulting in a
large increase in the size of the classifier table.
B. Conversion Algorithm of a Single Range
The algorithm of the direct range-to-prefix conversion
(DRPC) introduced in [2] gives a sequence of consecutive
elementary ranges covering the entire arbitrary range to be
transformed. Algorithm 1 takes as entry the output of DRPC
(list of elementary ranges ordered from lower values to higher
ones) and makes an optimal conjunction using signs. For this
purpose, we need 3 lists:
•
A. Notations and Terminology
To efficiently introduce the proposed technique, we propose
some specific notations and definitions.
• w is the size of the packet header field to be inspected,
when dealing with IP addresses, w = 32 for IPv4 and
w = 128 for IPv6. A w-bit address a must satisfy the
condition 0 ≤ a ≤ 2w − 1.
• A w-bit range Rw = [l , u] satisfies 0 ≤ l ≤ 2w − 1 (lower
bound) and 0 ≤ u ≤ 2w − 1 (upper bound) where l ≤ u.
For example, port number ranges are considered as 16-bit
ranges, IPv4 blocks of addresses are considered as 32-bit
ranges and IPv6 blocks of addresses are considered as
128-bit ranges.
•
•
Lower{} is a list of Integers and it stores lower bounds
of ranges,
Upper{} is a list of Integers and it stores upper bounds
of ranges,
Sign{} is a binary list and it stores signs as 0s and 1s,
the zero value means 0 +0 and one means 0 −0 .
Initially, Lower{} and Upper{} are given by the DRPC algorithm and Sign{} is filled with 0 values because the DRPC
algorithm gives only a conjunction of consecutive ranges.
Our technique of conversion (Algorithm 1) starts form left to
right (lower to higher values) and try to transform consecutive
elementary ranges to the NAF representation. In an other way,
we try to consider ranges two by two and then we try express
each pair as an exclusion of a power of two range from a
26
0100 and −011? is the shortest prefix that doesn’t match
0100. The proposed matching scheme has two main phases:
searching for the longest matching prefix and then searching
larger power of two range as follows:
[1, 15] = [1, 1] + [2, 3] + [4, 7] + [8, 15]
| {z }
|{z} |{z} |{z} | {z }
1
15
2
4
8
= −[0, 0] + [0, 3] + [4, 7] + [8, 15]
|{z} |{z} |{z} | {z }
1
4
4
Algorithm 1 NAF conversion of an arbitrary range.
function NAF_conversion(Lower{}, U pper{}, Sign{})
i ← 0;
while (i < (Lower.length − 1)) do
L1 ← Lower.element (i) ;
U1 ← U pper.element (i) ;
S1 ← Sign.element (i) ;
L2 ← Lower.element (i + 1) ;
U2 ← U pper.element (i + 1) ;
S2 ← Sign.element (i + 1) ;
width1 ← U1 − L1 + 1;
width2 ← U2 − L2 + 1;
di f f erence ← abs (width1 − width2 ) ;
if (L2 mod (2.max (width1 , width2 )) 6= 0) then
if (di f f erence == 0) then
Sign.set(i, 0) ; // 0 +0
Upper.set(i, U2 ) ;
Sign.remove(i + 1) ;
Lower.remove(i + 1) ;
Upper.remove(i + 1);
else
if (di f f erence == width1 ) then
Sign.set (i, 1) ; // 0 −0
Lower.set (i, L1 − di f f erence) ;
Upper.set (i, U1 − di f f erence) ;
Sign.set (i + 1, 0) ; // 0 +0
Lower.set (i + 1, L1 − di f f erence) ;
Upper.set (i + 1, U2 ) ;
i ← i + 1;
else
if (di f f erence == width2 ) then
if (S1 == S2 ) then
Sign.set (i, 0) ; // 0 +0
Upper.set (i, U2 + di f f erence) ;
Sign.set (i + 1, 1) ; // 0 −0
Lower.set (i + 1, L2 + di f f erence) ;
Upper.set (i + 1, U2 + di f f erence) ;
if (i 6= 0) then i ← i − 1; end if
else
Sign.set (i, 1) ;
Lower.set (i, L1 + di f f erence) ;
Sign.remove (i + 1) ;
Lower.remove (i + 1) ;
Upper.remove (i + 1)
end if
else
i ← i + 1;
end if
end if
end if
else
i ← i + 1;
end if
end while
end function
8
= −[0, 0] + [0, 7] + [8, 15]
|{z} |{z} | {z }
1
8
8
= −[0, 0] + [0, 15]
|{z} | {z }
1
16
The proposed algorithm processes the ranges two by two
and because of not all consecutive elementary ranges can be
converted, we test if two consecutive ranges [l1 , u1 ] and [l2 , u2 ]
can be converted as follows:
l2 mod (2 . max(width1 , width2 )) 6= 0
On one hand, if conversion is possible and the given ranges
have same widths the resulting range is the union. On the other
hand, we must check signs and the difference between widths
to express two consecutive ranges as an exclusion of a power
of two range from a larger power of two range.
C. Matching Algorithm
In this part, we consider only the case of the one dimensional (1D) matching. Having a set of ranges, a 1D packet filter
have to look for the smallest range that contains the incoming
value. If we classify only on IP destination addresses, the
resulting algorithm is the algorithm used by routers in Internet
Protocol (IP) networking to search for the best route from
the routing table. One destination address may match multiple
routing table entries. The most specific table entry is the one
with the highest subnet mask which is called the longest
prefix match (LPM). In our case, a packet filter have a set
of positive and negative prefixes. So, we have to search for
the longest matching prefix within the positive entries then we
search for the shortest prefix that doesn’t match the incoming
value within the negative entries: to assure that we have as
a result the smallest range containing the incoming value. In
case of more than one entry satisfy these conditions we have
to consider the priorities (order of the entries in the filtering
table). We consider the following simple example of three
arbitrary 4-bit ranges:
(
+ 0 ? ??
R1 = [0 , 5] =
− 011?
(
+ 0 ? ??
R2 = [1 , 7] =
− 0000
R3 = [0 , 3] =
+ 00 ? ?
Suppose that we have an incoming value (2)10 = (0010)2 . It
matches R1 , R2 and R3 but the range [0 , 3] is the smallest range
containing 2 since +00 ? ? is the longest matching prefix for
0010. Now, we consider the incoming value (4)10 = (0100)2 .
In this case R1 is the smallest range containing this value
within the list since +0 ? ?? is the longest prefix that matches
27
general case of the worst result is given by the following w-bit
range as follows:
"
#
w
w
for the shortest prefix that doesn’t match. First, we have to
classify positive prefixes by lengths into hash tables. As shown
in [22], we can apply in this case a linear search between the
prefix lengths from lower to higher values or a binary search
between lengths by adding markers. The same approach can
be applied for the negative prefixes. In this context, we should
mention that the search process must be done from higher
to lower lengths to determine the shortest prefix that doesn’t
match the requested value. If we apply the linear search
for
both steps, the complexity of matching will be O w2 with
w denotes the size of the packet header field to be inspected.
Now, if the binary search on prefix lengths is performed for
both cases,the complexity
of the search will be better and
equal to O log2 (w)2 .
2
2
2w−1 − ∑ 2w−2k , 2w−1 − 1 + ∑ 2w−2k =
k=1
("
k=1
!
i
w−1
2
w−2k
− ∑2
,
2
−1− ∑2
k=1
"
2
+ ∑2
w−2k
w−2k
,
k=1
!
i−1
w−1
!#
i−1
w−1
!#)
i
,
w−1
2
k=1
w−2k
−1+ ∑2
k=1
1≤i≤ w2
Table II and Table III show some real world examples of
port ranges and compare the number of prefixes given by the
standard case (DRPC) with the number of prefixes given by
the proposed NAF technique.
IV. P ERFORMANCE A NALYSIS
B. Average Expansion Case
In this section, the problematic cases are discussed in details
since the performance of the expansion process has direct
effects on the performance of the packet classifier. So, the
number of resulting prefixes should be as small as possible for
cost reasons. A classifier must support rule sets involving any
type of conditions and it must be able to scale the number of
rules, the number of fields, and the field sizes that it supports in
order to avoid being outdated by future Internet developments.
The open problem discussed in [23] is now resolved efficiently using the NAF technique. Now, we must take into
account the average expansion because it gives a clear idea
about the efficiency of the new conversion technique. Figure
2 compares the full expansion technique (DRPC) and the
proposed NAF expansion in term of average number of
elementary prefixes needed to encode an arbitrary w-bit range.
In average, the number of needed prefixes is two times less
than the standard case.
A. Worst Expansion Case
C. Special Cases
The worst expansion case for the trivial DRPC algorithm
gives for the w-bit range of the form [1 , 2w − 2] 2w − 2
prefixes. The proposed algorithm gives for this case only 3
prefixes as follows:
− [0 , 0]
w
[1 , 2 − 2]
−→
+ [0 , 2w − 1]
NAF Conversion
− [2w − 1 , 2w − 1]
1) Converting multiple ranges: In case of combination
of two or more arbitrary ranges, we have two alternatives:
overlapping and disjoint ranges. If we have two intersecting
ranges [a , b] and [c , d] such that c ≤ b, we consider the
extended range [a , d] that covers both intervals then we use
the NAF conversion to obtain the optimal set of prefixes. If we
have disjoint ranges such that b + 1 < c, we must first convert
each range separately using the NAF technique and then we
try to merge adjacent elementary ranges that have same or
consecutive lengths. Consequently, the NAF conversion of m
distinct ranges gives at most mw signed prefixes.
The worst case for the NAF conversion is different from the
case of DRPC conversion. For this reason, we have considered
all possible w-bit arbitrary ranges and after doing the NAF
conversion for each range, we observe that the worst case
expansion is only w prefixes. The NAF conversion result
coincide exactly and responds to the open problem discussed
in [23]. In [23], the authors show that the optimal case of
expansion is w and the resolving algorithm is still be an open
problem. The worst result is given by the set of adjacent ranges
that can not be expressed as an exclusion of a power of two
block from a larger power of block. For example, the 4-bit
range [3 , 12] is converted using the DRPC technique to the 4
elementary ranges as follows:
35
AVERAGE NUMBER OF PREFIXES
0011
01 ? ?
[3 , 12] =
10 ? ?
1100
DRPC Technique
NAF Technique
40
[3 , 3]
[4 , 7]
[8 , 11]
[12 , 12]
30
25
20
15
10
5
0
0
The resulting set of ranges can not be reduced using the
NAF conversion since we haven’t consecutive lengths. So, the
5
10
15
20
SIZE OF THE PACKET HEADER FIELD (w)
25
30
Figure 2. The NAF expansion technique vs the standard direct range-to-prefix
conversion technique (DRPC): conversion of arbitrary w-bit ranges.
28
2) Left and right extremal ranges: The left extremal wbit range is of the form [0 , a] with 0 ≤ a ≤ 2w − 1 and the
right extremal w-bit range is of the form [b , 2w − 1]. Using
the DRPC algorithm, the worst expansion case is w prefixes
and it is given by the ranges [0 , 2w − 2] and [1 , 2w − 1].
For example, the expansion of the wide used right extremal
range [1024 , 65535] gives only two entries + [0 , 65535] and
− [0 , 1023] in stead of six entries using the DRPC as shown
before.
The NAF conversion gives a worst case expansion of w2 for
the case of extremal ranges and the worst result is given by
the left and the right extremal ranges Lext and Rext of the form:
#
"
w
V. C ONCLUSION
The process of packet filtering becomes time consuming
as filtering policies become larger and more complex. Packet
filtering, using multiple packet header fields and allowing
range matches, has been considered a difficult operation to
implement at high speeds and with a large number of filter
rules. The naive way to solve the range matching problem
can lead to significant expansion in the space required to
represent a filtering rule with range based conditions. The
use of the NAF technique is aimed to achieve the task of
supporting efficiently arbitrary ranges. The NAF conversion
assures an optimal expansion ratio and allows to achieve
higher performance for both software and hardware classifiers.
2
Lext = 0 ,
∑ 2w−2k−1
R EFERENCES
k=0
[1]
w
2
"
#
Rext = 2w − ∑ 2w−2k−1 , 2w − 1
[2]
k=0
[3]
3) Negation of an arbitrary range: The negation of a
range in a packet filter rule represents the set of values that
doesn’t match the negated interval. The negation of the wbit range [a , b] gives two extremal w-bit ranges [0 , a − 1]
and [b + 1 , 2w − 1]. The direct range-to-prefix conversion algorithm applied to this case shows that the worst case is 2w−2
entries and it is given by the
negation of the w-bit range of
the form ¬ 2w−1 − 1 , 2w−1 . In case of NAF conversion, the
worst case is only w prefixes and this result is given by the
negation of the range of the form:
"
#
w
w
w−1
¬ 2
2
w−2k
− ∑2
w−1
,2
2
[4]
[5]
[6]
[7]
[8]
[9]
[10]
w−2k
−1+ ∑2
k=1
[11]
k=1
[12]
[13]
Table II
N UMBER OF P REFIXES N EEDED FOR IN/OUT P ORT N UMBER R ANGES OF
SOME U SED A PPLICATIONS
Applications
Active Worlds
NetMeeting
Audiogalaxy Satellite
mIRC
Citrix
QuickTime
Games
Used ranges
[7000,7100]
[1024,1502]
[1732,65534]
[1117,5190]
[41000,50000]
[1024,5000]
[6660,6669]
[1023,5000]
[6970,32000]
[20000-21000]
[28000-28030]
[40000-43000]
[50000-65535]
DRPC
7
8
24
12
14
7
3
8
12
7
5
13
7
[14]
NAF
5
3
6
10
8
6
3
7
10
5
2
5
5
[15]
[16]
[17]
[18]
[19]
[20]
Table III
N UMBER OF P REFIXES N EEDED FOR W ELL K NOWN , R EGISTERED AND
DYNAMIC P ORT N UMBER R ANGES .
Type
Well Known Ports
Registered Ports
Dynamic Ports
Registered and Dynamic Ports
Range
[0,1023]
[1024,49151]
[49152,65535]
[1024,65535]
DRPC
1
6
1
6
[21]
NAF
1
3
1
2
[22]
[23]
29
M.D. Berg, M.V. Kreveld, M. Overmars and O. Schwarzkopf, ”Computational geometry: algorithms and applications,” Springer Verlag, 1997.
Y.K. Chang, ”A 2-level TCAM architecture for ranges,” In IEEE
Transaction on Computers, vol. 55, no. 12, pp. 1614-1629, 2006.
D. E. Taylor, ”Survey and taxonomy of packet classification techniques,”
ACM Computing Surveys, vol. 37, no. 3, pp. 238–275, 2005.
P. Gupta and N. Mckeown, “Algorithms for packet classification,” IEEE
Network, vol. 15, no. 2, pp. 24–32, 2001.
P. Gupta and N. McKeown, “Packet classification on multiple fields,”
ACM SIGCOMM Computer Communication Review, vol. 29, pp.
147–160, Oct. 1999.
B. Schieber, D. Geist and A. Zaks, ”Computing the minimum DNF
representation of Boolean functions defined by intervals,” In Discrete
Applied Mathematics, vol. 149, no. 1-3, pp. 154-173, 2005.
R. Brayton, G. Hachtel, C. McMullen and A. Sangiovanni-Vincentelli,
”Logic minimization algorithms for VLSI synthesis,” In Kluwer Academic Publishers, 1984.
H. Liu, ”Routing table compaction in ternary CAM,” In IEEE Micro,
vol. 22, issue. 1, pp. 58-64, 2002.
”Ports numbers,” http://www.iana.org/assignments/port-numbers, 2006.
V. Fuller and T. Li, ”Classless Inter-domain Routing (CIDR): The
Internet Address Assignment and Aggregation Plan,” RFC 4632, 2006.
A.D. Booth, ”A signed binary multiplication technique,” Quarterly
Journal of Mechanics and Applied Mathematics 4, pp. 236–240, 1951.
G. W. Reitwiesner, ”Binary arithmetic,” Advances in Computers, vo. 1,
pp. 231-308, 1960.
A. Avizienis, ”Signed-digit number representations for fast parallel
arithmetic,” IRE Transactions on Electronic Computers, vo. 10, pp.
389–400, 1961.
S. H. Chang and N. Tsao-Wu, ”Distance and structure of cyclic
arithmetic codes,” In Proceedings Hawaii International Conference on
System Sciences, vo. 1, pp. 463–466, 1968.
J. Jedwab and C. J. Mitchell ”Minimum weight modified signed-digit
representations and fast exponentiation,” Electronic Letters, vo. 25, issue.
17, pp. 1171–1172, 1989.
H. Prodinger, ”On binary representations of integers with digits −1,0,1,”
The Electronic Journal of Combinatorial Number Theory, 2000.
P. Ganesan and G. S. Manku, ”Optimal routing in Chord,” In Proceedings of the 15th Annual ACM-SIAM Symposium on Discrete Algorithms
(SODA 2004), pp. 169–178, 2004.
J. Sawada, ”A Gray code for binary subtraction,” In 2nd Brazilian
Symposium on Graphs, Algorithms and Combinatorics, 2005.
J. Jedwab and C. Mitchell, ”Minimum weight modified-digit representations and fast exponentiation,” Electronics Letters 25, pp. 1171–1172,
1989.
K. Koyama and Y. Tsuruoka, ”Speeding up elliptic cryptosystems by
using a signed binary window method,” Advances in cryptology, pp.
345–357, 1993.
F. Morain and J. Olivos, ”Speeding up the computations on an elliptic
curve using addition-subtraction chains,” Theoretical Informatics and
Applications, vo. 24, pp. 531–543, 1990.
M. Waldvogel, G. Varghese, J. Turner, B. Plattner, “Scalable high speed
IP routing lookups”. In Proc. of the ACM SIGCOMM, pp. 25-36, 1997.
A. Bremler-Barr and D. Hendler, ”Space-efficient TCAM-based classification using Gray coding,” In Proceedings of IEEE INFOCOM,
pp.1388–1396, 2007.
© Copyright 2026 Paperzz