Title :
Design and evaluation of a high-performance ATM firewall switch and its applications
Author :
Xu, Jun ; Singhal, Mukesh
Author_Institution :
Dept. of Comput. & Inf. Sci., Ohio State Univ., Columbus, OH, USA
fDate :
6/1/1999 12:00:00 AM
Abstract :
We present the design of a value-added ATM switch that is capable of performing packet-level (IP) filtering at the maximum throughput of 2.88 Gbit/s per port. This firewall switch nicely integrates the IP level security mechanisms into the hardware components of an ATM switch so that most of the filtering operations are performed in parallel with the normal cell processing, and most of its cost is absorbed into the base cost of the switch. The firewall switch employs the concept of “last cell hostage” (LCH) to avoid or reduce the latency caused by filtering. We analyze in detail the performance of the firewall switch in terms of the throughput and the latency and address related design issues. Applications of our firewall switch as Internet and intranet security solutions are also discussed
Keywords :
Internet; asynchronous transfer mode; intranets; telecommunication security; 2.88 Gbit/s; IP level security mechanisms; Internet; cost; design; evaluation; high-performance ATM firewall switch; intranet security; last cell hostage; latency; normal cell processing; packet-level filtering; throughput; value-added ATM switch; Asynchronous transfer mode; Costs; Delay; Hardware; Information filtering; Information filters; Packet switching; Security; Switches; Throughput;
Journal_Title :
Selected Areas in Communications, IEEE Journal on
