Skip to Main Content
Packet classification is a fundamental task for network devices such as edge routers, firewalls, and intrusion detection systems. Currently, most vendors use Ternary Content Addressable Memories (TCAMs) to achieve high-performance packet classification. TCAMs use parallel hardware to check all rules simultaneously. Despite their high speed, TCAMs have a fundamental in dealing with ranges efficiently. Many packet classification rules contain range specifications, each of which needs to be translated into multiple prefixes to store in TCAMs. Such translation may result in an explosive increase in the number of required TCAM entries. In this paper, we propose a redundancy removal algorithm using a tree representation of rules. The proposed algorithm removes redundant rules and combines overlaying rules to build an equivalent, smaller rule set for a given packet classifier. This equivalent transformation can significantly reduce the number of required TCAM entries. Our experiments show a reduction of 70.9% in the number of TCAM entries. Besides, our algorithm eliminates requirement of priority encoder circuits. It can also be used as a preprocessor, in tandem with other methods, to achieve further performance improvement.