An Integrated Session Table for Security and QoS

Packet classification is the process of matching multiple packet header fields against a possibly large set of filters to find a matching rule. Packet classification was implemented in several application areas such as service differentiation, firewalls, QoS and secure routing. In this paper, we extend the firewall session table to speed up QoS marking process, and thus, to save QoS Classification time. Our proposed algorithm and system have been implemented in the kernel of NetBSD. Experimental tests show that the new implementation can save about 10 isec per packet if a QoS classification of 10000 filters is used. Moreover, the new implementation needs just less than 0.5 isec to mark packet regardless of the size of the filtering rules. To evaluate the performance of our new implementation with respect to the QoS characteristics, we measured four important QoS metrics (throughput, packet loss rate, delay and jitter) and compared them with the classical implementation. We finally demonstrate that a significant enhancement is remarked using our new algorithm.