Title :
LASF: A Flow Scheduling Policy in Stateful Packet Inspection Systems
Author :
Zhang, Zhibin ; Zhang, Yanjun ; Guo, Li ; Fang, Binxing
Author_Institution :
Chinese Acad. of Sci., Beijing
Abstract :
Current increase in network bandwidth raised an aggressive challenge in network security, and stateful packet inspection based security systems is playing a more and more important role. Recent advances in scheduling theory show that it is possible to reduce the expected mean response time of a queuing system, simply by changing the order in which we schedule the requests according to the job size, which is so called size-based scheduling policy. In this paper, we start by an analysis of connection sojourn time distribution of network traffic. Based on this analysis, first we design a two level session table in order to avoid session table explosion. Then we propose a connection scheduling policy in stateful packet inspection systems called LASF (least attained sojourn first). We show that our policy can improve mean response time and flow throughput especially when system is overloaded. Finally we assess the costs of LASF in terms of unfairness.
Keywords :
queueing theory; scheduling; telecommunication security; telecommunication traffic; connection scheduling policy; flow scheduling policy; least attained sojourn first; mean response time; network bandwidth; network traffic; queuing system; size-based scheduling policy; stateful packet inspection system; Bandwidth; Costs; Delay; Inspection; Intrusion detection; Memory management; Open systems; Payloads; Protocols; Telecommunication traffic;
Conference_Titel :
Computers and Communications, 2007. ISCC 2007. 12th IEEE Symposium on
Conference_Location :
Aveiro
Print_ISBN :
978-1-4244-1520-5
Electronic_ISBN :
1530-1346
DOI :
10.1109/ISCC.2007.4381491
