Title :
QoS-aware firewall session table
Author :
Mostafa, Mahmoud ; El Kalam, Anas Abou ; Minuta, Dragos ; Fraboul, Christian
Author_Institution :
INPT-ENSEEIHT, Univ. de Toulouse, Toulouse, France
Abstract :
Packet classification is the process of matching multiple packet header fields against a possibly large set of filters to find a matching rule. Packet classification was implemented in several application areas such as service differentiation, firewalls, QoS and secure routing. In this paper, we extend the firewall session table to speed up QoS marking process, and thus, to save QoS Classification time. Our proposed algorithm and system have been implemented in the kernel of NetBSD. Experimental tests show that the new implementation can save about 10 μsec per packet if a QoS classification of 10000 filters is used. Moreover, the new implementation needs just less than 0.5 μsec to mark packet regardless of the size of the filtering rules. To evaluate the performance of our new implementation with respect to the QoS characteristics, we measured four important QoS metrics (throughput, packet loss rate, delay and jitter) and compared them with the classical implementation. We finally demonstrate that a significant enhancement is remarked using our new algorithm.
Keywords :
authorisation; computer network security; quality of service; NetBSD; QoS marking process; QoS metrics; QoS-aware firewall session table; Qos classification time; delay metrics; jitter; multiple packet header field; packet classification; packet loss rate; secure routing; service differentiation; throughput metrics; Classification algorithms; Delay; Filtering; Fires; Quality of service; Routing; Security; QoS; classification; firewall; marking; session/state table; stateful packet filtering;
Conference_Titel :
Risk and Security of Internet and Systems (CRiSIS), 2011 6th International Conference on
Conference_Location :
Timisoara
Print_ISBN :
978-1-4577-1890-8
Electronic_ISBN :
978-1-4577-1889-2
DOI :
10.1109/CRiSIS.2011.6061834
