閱讀全文 | |
篇名 |
IP Packing Technique for High-speed Firewall Rule Verification
|
---|---|
並列篇名 | IP Packing Technique for High-speed Firewall Rule Verification |
作者 | Suchart Khummanee |
英文摘要 | A network bottleneck is often caused by firewalls installed between network gateways. As a result, the overall performance of networks is significantly dropped. The following solution to resolve such the problem can be achieved by increasing the speed of firewall rule verification. Nowadays, there is an open-source matching framework which is the fastest of rule verification, namely IPSets. It can verify a number of firewall rules against huge packets with O(1) worst case access time. However, IPSets still displays several drawbacks of usability such as rule management, subnet IP address, rule conflicts, and memory usage. This paper proposes a novel firewall structure that can resolve all drawbacks of IPSets, and obtains the optimal speed of firewall rule verification at O(1) of access time, called IPack. According to IPack implementation, the paper applies the sparse matrix to be data structures to maintain firewall rules, the Path Selection Diagram (PSD) to eliminate rule conflicts and IP packing technique to reduce the size of memory space. The experimental results show that IPSets drawbacks can be solved by IPack. Especially, the size of memory space is reduced from O(2n) to be O(n) with the same optimal access time and the speed of IPack is still equal to IPSets. |
起訖頁 | 1737-1751 |
關鍵詞 | Firewall、High-speed firewall、Firewall rule matching、IP packing、Path selection diagram |
刊名 | 網際網路技術學刊 |
期數 | 201911 (20:6期) |
出版單位 | 台灣學術網路管理委員會 |
DOI |
|
QR Code | |
該期刊 上一篇
| Polynomial-Time Algorithms for Path Movement Problems on Trees and Unicyclic Graphs |
該期刊 下一篇
| LCRec: Learning Content Recommendation (Wiki-based Skill Book) |