Session management architecture for implementing an FPGA-based stateful intrusion detection system
ACS'08 Proceedings of the 8th conference on Applied computer scince
A fast and scalable conflict detection algorithm for packet classifiers
ISPA'05 Proceedings of the Third international conference on Parallel and Distributed Processing and Applications
High performance session state management scheme for stateful packet inspection
APNOMS'07 Proceedings of the 10th Asia-Pacific conference on Network Operations and Management Symposium: managing next generation networks and services
Hi-index | 0.00 |
Stateful Inspection is a key technology to network devices such as routers and firewalls. Existed session table architectures of Stateful Inspection devices store all session information in a single entry, which causes high time cost of session table timeout processing. In this paper we present a new architecture which divides a session entry into two parts, and designs different data structures for each other. The new architecture can improve the performance of session table greatly. A new PATRICIA algorithm is proposed to organize session table, which is proved to be an optimal 2-ary trie for fixed-length match. An ASIC is implemented for the architecture and corresponding algorithms. Both theoretical and experimental results show that the new architecture has better performance than existed architectures, and can work well in Gigabit Ethernet network.