On the self-similar nature of Ethernet traffic (extended version)
IEEE/ACM Transactions on Networking (TON)
Packet filtering in high speed networks
Proceedings of the tenth annual ACM-SIAM symposium on Discrete algorithms
Building Internet firewalls (2nd ed.)
Building Internet firewalls (2nd ed.)
Internet packet filter management and rectangle geometry
SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
Fast firewall implementations for software-based and hardware-based routers
Proceedings of the 2001 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Linux firewalls
Parallel Computer Architecture: A Hardware/Software Approach
Parallel Computer Architecture: A Hardware/Software Approach
LSMAC vs. LSNAT: Scalable cluster-based Web servers
Cluster Computing
An Unavailability Analysis of Firewall Sandwich Configurations
HASE '01 The 6th IEEE International Symposium on High-Assurance Systems Engineering: Special Topic: Impact of Networking
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
A Parallel Packet Screen for High Speed Networks
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Trie-Based Policy Representations for Network Firewalls
ISCC '05 Proceedings of the 10th IEEE Symposium on Computers and Communications
Modeling and Management of Firewall Policies
IEEE Transactions on Network and Service Management
Design and evaluation of a high-performance ATM firewall switch and its applications
IEEE Journal on Selected Areas in Communications
A taxonomy of parallel techniques for intrusion detection
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
| Hi-index | 0.00 |
Comprehensive security policies are an integral part of creating a secure network and commonly firewalls are used to accomplish this. Firewalls inspect and filter traffic arriving or departing a network by comparing packets to a set of rules and performing the matching rule action, which is accept or deny. Unfortunately, traffic inspection of this type can impose significant delays on traffic due to the complexity and size of policies. Therefore, improving firewall performance is important, given the next generation of high-speed networks.This paper investigates the performance of a function parallel firewall architecture that distributes the original policy across an array of firewalls. A packet is processed by all the firewalls simultaneously and a gate then makes a final decision (accept or deny) based on the results of the individual firewalls. Since the individual firewalls have fewer rules to process (only a portion of the original policy), the function parallel system has lower delays (e.g. 74% lower for a four firewall array) and a higher throughput than other data parallel (load-balancing) firewalls. However, the performance increase is dependent on the speed of the gate. The potential speed increase and the impact of the gate will be demonstrated empirically.