1.. SPDX-License-Identifier: BSD-3-Clause 2 Copyright(c) 2017 Intel Corporation. 3 4.. _member_library: 5 6Membership Library 7================== 8 9Introduction 10------------ 11 12The DPDK Membership Library provides an API for DPDK applications to insert a 13new member, delete an existing member, or query the existence of a member in a 14given set, or a group of sets. For the case of a group of sets, the library 15will return not only whether the element has been inserted before in one of 16the sets but also which set it belongs to. The Membership Library is an 17extension and generalization of a traditional filter structure (for example 18Bloom Filter [Member-bloom]) that has multiple usages in a wide variety of 19workloads and applications. In general, the Membership Library is a data 20structure that provides a "set-summary" on whether a member belongs to a set, 21and as discussed in detail later, there are two advantages of using such a 22set-summary rather than operating on a "full-blown" complete list of elements: 23first, it has a much smaller storage requirement than storing the whole list of 24elements themselves, and secondly checking an element membership (or other 25operations) in this set-summary is much faster than checking it for the 26original full-blown complete list of elements. 27 28We use the term "Set-Summary" in this guide to refer to the space-efficient, 29probabilistic membership data structure that is provided by the library. A 30membership test for an element will return the set this element belongs to or 31that the element is "not-found" with very high probability of accuracy. Set-summary 32is a fundamental data aggregation component that can be used in many network 33(and other) applications. It is a crucial structure to address performance and 34scalability issues of diverse network applications including overlay networks, 35data-centric networks, flow table summaries, network statistics and 36traffic monitoring. A set-summary is useful for applications who need to 37include a list of elements while a complete list requires too much space 38and/or too much processing cost. In these situations, the set-summary works as 39a lossy hash-based representation of a set of members. It can dramatically 40reduce space requirement and significantly improve the performance of set 41membership queries at the cost of introducing a very small membership test error 42probability. 43 44.. _figure_membership1: 45.. figure:: img/member_i1.* 46 47 Example Usages of Membership Library 48 49There are various usages for a Membership Library in a very 50large set of applications and workloads. Interested readers can refer to 51[Member-survey] for a survey of possible networking usages. The above figure 52provide a small set of examples of using the Membership Library: 53 54* Sub-figure (a) 55 depicts a distributed web cache architecture where a collection of proxies 56 attempt to share their web caches (cached from a set of back-end web servers) to 57 provide faster responses to clients, and the proxies use the Membership 58 Library to share summaries of what web pages/objects they are caching. With the 59 Membership Library, a proxy receiving an http request will inquire the 60 set-summary to find its location and quickly determine whether to retrieve the 61 requested web page from a nearby proxy or from a back-end web server. 62 63* Sub-figure (b) depicts another example for using the Membership Library to 64 prevent routing loops which is typically done using slow TTL countdown and 65 dropping packets when TTL expires. As shown in Sub-figure (b), an embedded 66 set-summary in the packet header itself can be used to summarize the set of 67 nodes a packet has gone through, and each node upon receiving a packet can check 68 whether its id is a member of the set of visited nodes, and if it is, then a 69 routing loop is detected. 70 71* Sub-Figure (c) presents another usage of the Membership 72 Library to load-balance flows to worker threads with in-order guarantee where a 73 set-summary is used to query if a packet belongs to an existing flow or a new 74 flow. Packets belonging to a new flow are forwarded to the current least loaded 75 worker thread, while those belonging to an existing flow are forwarded to the 76 pre-assigned thread to guarantee in-order processing. 77 78* Sub-figure (d) highlights 79 yet another usage example in the database domain where a set-summary is used to 80 determine joins between sets instead of creating a join by comparing each 81 element of a set against the other elements in a different set, a join is done 82 on the summaries since they can efficiently encode members of a given set. 83 84Membership Library is a configurable library that is optimized to cover set 85membership functionality for both a single set and multi-set scenarios. Two set-summary 86schemes are presented including (a) vector of Bloom Filters and (b) Hash-Table based 87set-summary schemes with and without false negative probability. 88This guide first briefly describes these different types of set-summaries, usage examples for each, 89and then it highlights the Membership Library API. 90 91Vector of Bloom Filters 92----------------------- 93 94Bloom Filter (BF) [Member-bloom] is a well-known space-efficient 95probabilistic data structure that answers set membership queries (test whether 96an element is a member of a set) with some probability of false positives and 97zero false negatives; a query for an element returns either it is "possibly in 98a set" (with very high probability) or "definitely not in a set". 99 100The BF is a method for representing a set of ``n`` elements (for example flow keys 101in network applications domain) to support membership queries. The idea of BF is 102to allocate a bit-vector ``v`` with ``m`` bits, which are initially all set to 0. Then 103it chooses ``k`` independent hash functions ``h1``, ``h2``, ... ``hk`` with hash values range from 104``0`` to ``m-1`` to perform hashing calculations on each element to be inserted. Every time when an 105element ``X`` being inserted into the set, the bits at positions ``h1(X)``, ``h2(X)``, ... 106``hk(X)`` in ``v`` are set to 1 (any particular bit might be set to 1 multiple times 107for multiple different inserted elements). Given a query for any element ``Y``, the 108bits at positions ``h1(Y)``, ``h2(Y)``, ... ``hk(Y)`` are checked. If any of them is 0, 109then Y is definitely not in the set. Otherwise there is a high probability that 110Y is a member of the set with certain false positive probability. As shown in 111the next equation, the false positive probability can be made arbitrarily small 112by changing the number of hash functions (``k``) and the vector length (``m``). 113 114.. _figure_membership2: 115.. figure:: img/member_i2.* 116 117 Bloom Filter False Positive Probability 118 119Without BF, an accurate membership testing could involve a costly hash table 120lookup and full element comparison. The advantage of using a BF is to simplify 121the membership test into a series of hash calculations and memory accesses for a 122small bit-vector, which can be easily optimized. Hence the lookup throughput 123(set membership test) can be significantly faster than a normal hash table 124lookup with element comparison. 125 126.. _figure_membership3: 127.. figure:: img/member_i3.* 128 129 Detecting Routing Loops Using BF 130 131BF is used for applications that need only one set, and the 132membership of elements is checked against the BF. The example discussed 133in the above figure is one example of potential applications that uses only one 134set to capture the node IDs that have been visited so far by the packet. Each 135node will then check this embedded BF in the packet header for its own id, and 136if the BF indicates that the current node is definitely not in the set then a 137loop-free route is guaranteed. 138 139 140.. _figure_membership4: 141.. figure:: img/member_i4.* 142 143 Vector Bloom Filter (vBF) Overview 144 145To support membership test for both multiple sets and a single set, 146the library implements a Vector Bloom Filter (vBF) scheme. 147vBF basically composes multiple bloom filters into a vector of bloom filers. 148The membership test is conducted on all of the 149bloom filters concurrently to determine which set(s) it belongs to or none of 150them. The basic idea of vBF is shown in the above figure where an element is 151used to address multiple bloom filters concurrently and the bloom filter 152index(es) with a hit is returned. 153 154.. _figure_membership5: 155.. figure:: img/member_i5.* 156 157 vBF for Flow Scheduling to Worker Thread 158 159As previously mentioned, there are many usages of such structures. vBF is used 160for applications that need to check membership against multiple sets 161simultaneously. The example shown in the above figure uses a set to capture 162all flows being assigned for processing at a given worker thread. Upon receiving 163a packet the vBF is used to quickly figure out if this packet belongs to a new flow 164so as to be forwarded to the current least loaded worker thread, or otherwise it 165should be queued for an existing thread to guarantee in-order processing (i.e. 166the property of vBF to indicate right away that a given flow is a new one or 167not is critical to minimize response time latency). 168 169It should be noted that vBF can be implemented using a set of single bloom 170filters with sequential lookup of each BF. However, being able to concurrently 171search all set-summaries is a big throughput advantage. In the library, certain 172parallelism is realized by the implementation of checking all bloom filters 173together. 174 175 176Hash-Table based Set-Summaries 177------------------------------ 178 179Hash-table based set-summary (HTSS) is another scheme in the membership library. 180Cuckoo filter [Member-cfilter] is an example of HTSS. 181HTSS supports multi-set membership testing like 182vBF does. However, while vBF is better for a small number of targets, HTSS is more suitable 183and can easily outperform vBF when the number of sets is 184large, since HTSS uses a single hash table for membership testing while vBF 185requires testing a series of Bloom Filters each corresponding to one set. 186As a result, generally speaking vBF is more adequate for the case of a small limited number of sets 187while HTSS should be used with a larger number of sets. 188 189.. _figure_membership6: 190.. figure:: img/member_i6.* 191 192 Using HTSS for Attack Signature Matching 193 194As shown in the above figure, attack signature matching where each set 195represents a certain signature length (for correctness of this example, an 196attack signature should not be a subset of another one) in the payload is a good 197example for using HTSS with 0% false negative (i.e., when an element returns not 198found, it has a 100% certainty that it is not a member of any set). The packet 199inspection application benefits from knowing right away that the current payload 200does not match any attack signatures in the database to establish its 201legitimacy, otherwise a deep inspection of the packet is needed. 202 203HTSS employs a similar but simpler data structure to a traditional hash table, 204and the major difference is that HTSS stores only the signatures but not the 205full keys/elements which can significantly reduce the footprint of the table. 206Along with the signature, HTSS also stores a value to indicate the target set. 207When looking up an element, the element is hashed and the HTSS is addressed 208to retrieve the signature stored. If the signature matches then the value is 209retrieved corresponding to the index of the target set which the element belongs 210to. Because signatures can collide, HTSS can still has false positive 211probability. Furthermore, if elements are allowed to be 212overwritten or evicted when the hash table becomes full, it will also have a 213false negative probability. We discuss this case in the next section. 214 215Set-Summaries with False Negative Probability 216~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 217 218As previously mentioned, traditional set-summaries (e.g. Bloom Filters) do not 219have a false negative probability, i.e., it is 100% certain when an element 220returns "not to be present" for a given set. However, the Membership Library 221also supports a set-summary probabilistic data structure based on HTSS which 222allows for false negative probability. 223 224In HTSS, when the hash table becomes full, keys/elements will fail to be added 225into the table and the hash table has to be resized to accommodate for these new 226elements, which can be expensive. However, if we allow new elements to overwrite 227or evict existing elements (as a cache typically does), then the resulting 228set-summary will begin to have false negative probability. This is because the 229element that was evicted from the set-summary may still be present in the target 230set. For subsequent inquiries the set-summary will falsely report the element 231not being in the set, hence having a false negative probability. 232 233The major usage of HTSS with false negative is to use it as a cache for 234distributing elements to different target sets. By allowing HTSS to evict old 235elements, the set-summary can keep track of the most recent elements 236(i.e. active) as a cache typically does. Old inactive elements (infrequently 237used elements) will automatically and eventually get evicted from the 238set-summary. It is worth noting that the set-summary still has false positive 239probability, which means the application either can tolerate certain false positive 240or it has fall-back path when false positive happens. 241 242.. _figure_membership7: 243.. figure:: img/member_i7.* 244 245 Using HTSS with False Negatives for Wild Card Classification 246 247HTSS with false negative (i.e. a cache) also has its wide set of applications. 248For example wild card flow classification (e.g. ACL rules) highlighted in the 249above figure is an example of such application. In that case each target set 250represents a sub-table with rules defined by a certain flow mask. The flow masks 251are non-overlapping, and for flows matching more than one rule only the highest 252priority one is inserted in the corresponding sub-table (interested readers can 253refer to the Open vSwitch (OvS) design of Mega Flow Cache (MFC) [Member-OvS] 254for further details). Typically the rules will have a large number of distinct 255unique masks and hence, a large number of target sets each corresponding to one 256mask. Because the active set of flows varies widely based on the network 257traffic, HTSS with false negative will act as a cache for <flowid, target ACL 258sub-table> pair for the current active set of flows. When a miss occurs (as 259shown in red in the above figure) the sub-tables will be searched sequentially 260one by one for a possible match, and when found the flow key and target 261sub-table will be inserted into the set-summary (i.e. cache insertion) so 262subsequent packets from the same flow don’t incur the overhead of the 263sequential search of sub-tables. 264 265Library API Overview 266-------------------- 267 268The design goal of the Membership Library API is to be as generic as possible to 269support all the different types of set-summaries we discussed in previous 270sections and beyond. Fundamentally, the APIs need to include creation, 271insertion, deletion, and lookup. 272 273 274Set-summary Create 275~~~~~~~~~~~~~~~~~~ 276 277The ``rte_member_create()`` function is used to create a set-summary structure, the input parameter 278is a struct to pass in parameters that needed to initialize the set-summary, while the function returns the 279pointer to the created set-summary or ``NULL`` if the creation failed. 280 281The general input arguments used when creating the set-summary should include ``name`` 282which is the name of the created set-summary, *type* which is one of the types 283supported by the library (e.g. ``RTE_MEMBER_TYPE_HT`` for HTSS or ``RTE_MEMBER_TYPE_VBF`` for vBF), and ``key_len`` 284which is the length of the element/key. There are other parameters 285are only used for certain type of set-summary, or which have a slightly different meaning for different types of set-summary. 286For example, ``num_keys`` parameter means the maximum number of entries for Hash table based set-summary. 287However, for bloom filter, this value means the expected number of keys that could be 288inserted into the bloom filter(s). The value is used to calculate the size of each 289bloom filter. 290 291We also pass two seeds: ``prim_hash_seed`` and 292``sec_hash_seed`` for the primary and secondary hash functions to calculate two independent hash values. 293``socket_id`` parameter is the NUMA socket ID for the memory used to create the 294set-summary. For HTSS, another parameter ``is_cache`` is used to indicate 295if this set-summary is a cache (i.e. with false negative probability) or not. 296For vBF, extra parameters are needed. For example, ``num_set`` is the number of 297sets needed to initialize the vector bloom filters. This number is equal to the 298number of bloom filters will be created. 299``false_pos_rate`` is the false positive rate. num_keys and false_pos_rate will be used to determine 300the number of hash functions and the bloom filter size. 301 302 303Set-summary Element Insertion 304~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 305 306The ``rte_member_add()`` function is used to insert an element/key into a set-summary structure. If it fails an 307error is returned. For success the returned value is dependent on the 308set-summary mode to provide extra information for the users. For vBF 309mode, a return value of 0 means a successful insert. For HTSS mode without false negative, the insert 310could fail with ``-ENOSPC`` if the table is full. With false negative (i.e. cache mode), 311for insert that does not cause any eviction (i.e. no overwriting happens to an 312existing entry) the return value is 0. For insertion that causes eviction, the return 313value is 1 to indicate such situation, but it is not an error. 314 315The input arguments for the function should include the ``key`` which is a pointer to the element/key that needs to 316be added to the set-summary, and ``set_id`` which is the set id associated 317with the key that needs to be added. 318 319 320Set-summary Element Lookup 321~~~~~~~~~~~~~~~~~~~~~~~~~~ 322 323The ``rte_member_lookup()`` function looks up a single key/element in the set-summary structure. It 324returns as soon as the first match is found. The return value is 1 if a 325match is found and 0 otherwise. The arguments for the function include ``key`` which is a pointer to the 326element/key that needs to be looked up, and ``set_id`` which is used to return the 327first target set id where the key has matched, if any. 328 329The ``rte_member_lookup_bulk()`` function is used to look up a bulk of keys/elements in the 330set-summary structure for their first match. Each key lookup returns as soon as the first match is found. The 331return value is the number of keys that find a match. The arguments of the function include ``keys`` 332which is a pointer to a bulk of keys that are to be looked up, 333``num_keys`` is the number 334of keys that will be looked up, and ``set_ids`` are the return target set 335ids for the first match found for each of the input keys. ``set_ids`` is an array 336needs to be sized according to the ``num_keys``. If there is no match, the set id 337for that key will be set to RTE_MEMBER_NO_MATCH. 338 339The ``rte_member_lookup_multi()`` function looks up a single key/element in the 340set-summary structure for multiple matches. It 341returns ALL the matches (possibly more than one) found for this key when it 342is matched against all target sets (it is worth noting that for cache mode HTSS, 343the current implementation matches at most one target set). The return value is 344the number of matches 345that was found for this key (for cache mode HTSS the return value 346should be at most 1). The arguments for the function include ``key`` which is a pointer to the 347element/key that needs to be looked up, ``max_match_per_key`` which is to indicate the maximum number of matches 348the user expects to find for each key, and ``set_id`` which is used to return all 349target set ids where the key has matched, if any. The ``set_id`` array should be sized 350according to ``max_match_per_key``. For vBF, the maximum number of matches per key is equal 351to the number of sets. For HTSS, the maximum number of matches per key is equal to two time 352entry count per bucket. ``max_match_per_key`` should be equal or smaller than the maximum number of 353possible matches. 354 355The ``rte_membership_lookup_multi_bulk()`` function looks up a bulk of keys/elements in the 356set-summary structure for multiple matches, each key lookup returns ALL the matches (possibly more 357than one) found for this key when it is matched against all target sets (cache mode HTSS 358matches at most one target set). The 359return value is the number of keys that find one or more matches in the 360set-summary structure. The arguments of the 361function include ``keys`` which is 362a pointer to a bulk of keys that are to be looked up, ``num_keys`` is the number 363of keys that will be looked up, ``max_match_per_key`` is the possible 364maximum number of matches for each key, ``match_count`` which is the returned number 365of matches for each key, and ``set_ids`` are the returned target set 366ids for all matches found for each keys. ``set_ids`` is 2-D array 367containing a 1-D array for each key (the size of 1-D array per key should be set by the user according to ``max_match_per_key``). 368``max_match_per_key`` should be equal or smaller than the maximum number of 369possible matches, similar to ``rte_member_lookup_multi``. 370 371 372Set-summary Element Delete 373~~~~~~~~~~~~~~~~~~~~~~~~~~ 374 375The ``rte_membership_delete()`` function deletes an element/key from a set-summary structure, if it fails 376an error is returned. The input arguments should include ``key`` which is a pointer to the 377element/key that needs to be deleted from the set-summary, and ``set_id`` 378which is the set id associated with the key to delete. It is worth noting that current 379implementation of vBF does not support deletion [1]_. An error code ``-EINVAL`` will be returned. 380 381.. [1] Traditional bloom filter does not support proactive deletion. Supporting proactive deletion require additional implementation and performance overhead. 382 383References 384----------- 385 386[Member-bloom] B H Bloom, "Space/Time Trade-offs in Hash Coding with Allowable Errors," Communications of the ACM, 1970. 387 388[Member-survey] A Broder and M Mitzenmacher, "Network Applications of Bloom Filters: A Survey," in Internet Mathematics, 2005. 389 390[Member-cfilter] B Fan, D G Andersen and M Kaminsky, "Cuckoo Filter: Practically Better Than Bloom," in Conference on emerging Networking Experiments and Technologies, 2014. 391 392[Member-OvS] B Pfaff, "The Design and Implementation of Open vSwitch," in NSDI, 2015. 393