Title :
Stateful Inspection firewall session table processing
Author :
Li, Xin ; Ji, Zheng-Zhou ; Hu, Ming-Zeng
Author_Institution :
Sch. of Comput. Sci. & Technol., Harbin Inst. of Technol., China
Abstract :
Stateful Inspection is a key technology to network devices such as routers and firewalls. Existed session table architectures of Stateful Inspection devices store all session information in a single entry, which causes high time cost of session table timeout processing. In this paper we present a new architecture which divides a session entry into two parts, and designs different data structures for each other. The new architecture can improve the performance of session table greatly. A new PATRICIA algorithm is proposed to organize session table, which is proved to be an optimal 2-ary trie for fixed-length match. An ASIC is implemented for the architecture and corresponding algorithms. Both theoretical and experimental results show that the new architecture has better performance than existed architectures, and can work well in Gigabit Ethernet network.
Keywords :
application specific integrated circuits; authorisation; local area networks; table lookup; telecommunication network routing; ASIC; Gigabit Ethernet network; PATRICIA algorithm; data structures; firewall session table processing; network devices; routers; Application specific integrated circuits; Computer architecture; Computer science; Costs; Data structures; Ethernet networks; Filtering; Inspection; Security; Space technology;
Conference_Titel :
Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on
Print_ISBN :
0-7695-2315-3
DOI :
10.1109/ITCC.2005.261
