Abstract
In this paper we present an extension to an existing hash based packet classification technique in order to improve its performance in a distributed network access control environment. We show that such architecture can be modified so that flow states can be kept in a distributed fashion thus reducing the space needed for packet filtering in each component of the architecture. We also show how such approach can, in some cases, improve the overall time complexity of packet filtering operations by reducing the number of packet classification operations.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Joshua D. Guttman. Filtering Postures: Local Enforcement for Global Policies. IEEE Symposium on Security and Privacy. Oakland. May 1997.
Yair Bartal, Alain Mayer, Kobbi Nissim, Avishai Wool. Firmato, A Novell Firewall Management Toolkit. IEEE Symposium on Security and Privacy. Oakland. May 1999.
Daniel Hartmeier. Design and Performance of the OpenBSD Stateful Packet Filter (pf). Usenix Annual Technical Conference. June 2002.
Andrei Broder, Michael Mitzenmacher, Using Multiple Hash Functions to Improve IP Lookups, In proceedings of IEEE Infocom 2001. Anchorage, Alaska, April 2001.
K. Nichols and al. Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers (RFC 2474). December 1998.
Yin Zhang and al. On the Characteristics and Origins of Internet Flow Rates. ACM SIGCOMM 2002. Pittsburgh, USA. August 2002.
Colleen Shannon and al.. Beyond Folklore: Observations on Fragmented Traffic”. IEEE/ACM Transactions on Networking. December 2002.
John Black et al. UMAC: Fast and Secure Message Authentication. Advances in Cryptology — CRYPTO ’99. Lecture Notes in Computer Science, vol. 1666, Springer-Verlag, 1999.
Sprint Labs. IP Monitoring Project. Available at http://ipmon.sprint.com/ipmon.php.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Paul, O. (2004). Improving Distributed Firewalls Performance through Vertical Load Balancing. In: Mitrou, N., Kontovasilis, K., Rouskas, G.N., Iliadis, I., Merakos, L. (eds) Networking 2004. NETWORKING 2004. Lecture Notes in Computer Science, vol 3042. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24693-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-24693-0_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21959-0
Online ISBN: 978-3-540-24693-0
eBook Packages: Springer Book Archive