DocumentCode
459465
Title
A Scalable Architecture for High Available Security Switches
Author
Huang, Nen-Fu ; Chen, Chih-Hao ; Huang, Yang-Fang ; Feng, Yi-Hsuan ; Kao, Chia-Nan ; Hung, Hsien-Wei ; Shih, Ming-Chang
Author_Institution
Department of Computer Science, National Tsing Hua University, Taiwan; Institute of Communication Engineering, National Tsing Hua University, Taiwan; Broadweb Corp., Hsin-Chu Science Park, Hsin-Chu, Taiwan. e-mail: nfhuang@cs.nthu.edu.tw, nfhuang@broadweb
Volume
5
fYear
2006
fDate
38869
Firstpage
2340
Lastpage
2344
Abstract
This paper proposes a scalable and high available (HA) architecture for implementing cost effective security switches. In this architecture, each "security switch" consists of a traditional layer-2 switch and a "security switch engine (SSE)" which provides packet content inspection service. These two components are connected via a Gigabit Ethernet link. A mechanism is proposed to interconnect a group of "security switches" to provide the HA feature. A system of four security switches is implemented and the experimental results show that the HA function works successfully even only one SSE is active. The SSE is implemented with full intrusion prevention function on a standard high performance Industrial PC with the performance of 1.2Gbps for UDP packets and 400Mbps for TCP flows. Therefore the proposed security switch architecture can be realized in a very cost effective mechanism to provide Intranet protection.
Keywords
Communication switching; Communication system security; Computer architecture; Costs; Ethernet networks; Inspection; Intrusion detection; National security; Packet switching; Switches; Defense-in-Depth; High Availability (HA); Intrusion Prevention; Security Switch;
fLanguage
English
Publisher
ieee
Conference_Titel
Communications, 2006. ICC '06. IEEE International Conference on
Conference_Location
Istanbul
ISSN
8164-9547
Print_ISBN
1-4244-0355-3
Electronic_ISBN
8164-9547
Type
conf
DOI
10.1109/ICC.2006.255119
Filename
4024514
Link To Document