Title :
A Scalable Architecture for High Available Security Switches
Author :
Huang, Nen-Fu ; Chen, Chih-Hao ; Huang, Yang-Fang ; Feng, Yi-Hsuan ; Kao, Chia-Nan ; Hung, Hsien-Wei ; Shih, Ming-Chang
Author_Institution :
Department of Computer Science, National Tsing Hua University, Taiwan; Institute of Communication Engineering, National Tsing Hua University, Taiwan; Broadweb Corp., Hsin-Chu Science Park, Hsin-Chu, Taiwan. e-mail: nfhuang@cs.nthu.edu.tw, nfhuang@broadweb
Abstract :
This paper proposes a scalable and high available (HA) architecture for implementing cost effective security switches. In this architecture, each "security switch" consists of a traditional layer-2 switch and a "security switch engine (SSE)" which provides packet content inspection service. These two components are connected via a Gigabit Ethernet link. A mechanism is proposed to interconnect a group of "security switches" to provide the HA feature. A system of four security switches is implemented and the experimental results show that the HA function works successfully even only one SSE is active. The SSE is implemented with full intrusion prevention function on a standard high performance Industrial PC with the performance of 1.2Gbps for UDP packets and 400Mbps for TCP flows. Therefore the proposed security switch architecture can be realized in a very cost effective mechanism to provide Intranet protection.
Keywords :
Communication switching; Communication system security; Computer architecture; Costs; Ethernet networks; Inspection; Intrusion detection; National security; Packet switching; Switches; Defense-in-Depth; High Availability (HA); Intrusion Prevention; Security Switch;
Conference_Titel :
Communications, 2006. ICC '06. IEEE International Conference on
Conference_Location :
Istanbul
Print_ISBN :
1-4244-0355-3
Electronic_ISBN :
8164-9547
DOI :
10.1109/ICC.2006.255119
