Adaptive tuning of operation parameters for automatically learned filter table

Automatically learned filter table is used in many network security mechanisms to validate packets. Building filter item for each IP address in access networks can prevent IP spoofing at fine granularity but may consume large amount of filter table which is limited due to the expensive storage which is usually TCAM for high speed access. It is an urgent problem to use filter table effectively and keep network available. We analyze the change of filter table size and find that setting proper lifetime for filter item can significantly improve the utilization of filter table and avoid denial of service. In this paper, we take SAVI (source address validation improvement) switch as an example, and propose a dynamic adjustment method. It has two phases. Firstly it calculates out an optimal lifetime value for each switch based on one week user online logs, and then adjusts it dynamically to capture the bursts of filter table size. We deploy our prototype in a real campus network which has about 1000 SAVI switches providing network accessing service for nearly 20000 users. Based on the analysis of one month user online logs, we verify that our algorithm can reduce 92% of the duplicate confirming processes and guarantee the availability of network.