Title :
A practical approach for building a parallel firewall for ten gigabit Ethernet backbone
Author :
Koht-arsa, Kasom ; Sanguanpong, Surasak
Author_Institution :
Kasetsart Univ. Bangkok, Bangkok
Abstract :
In a very high-speed network environment such as gigabit Ethernet network, firewalls that have to inspect and filter all flowing packets are reaching their limits. A firewall running on a single machine is potential bottleneck and cannot scale over certain thresholds, even if it has particular hardware built-in. Hence, parallel system appears as an alternative approach under this circumstance. This paper describes a design and implementation of parallel firewall architecture that is able to handle packets for high-speed network. The implementation utilizes arrays of Linux-based firewall under data parallel scheme running incorporate with specific ASIC switch. The load balancing mechanism, using hashing of disjoint subset, distributes the traffic among a configurable number of parallel machines, providing high performance with reliability, flexibility, and scalability. Implementation and measurements in a real network show that the proposed system is scalable to handle a data rate of 10 gigabit per second.
Keywords :
Linux; authorisation; local area networks; parallel architectures; parallel machines; ASIC switch; Linux-based firewall; data parallel scheme; parallel firewall architecture; parallel machines; parallel system; ten gigabit Ethernet backbone; Application specific integrated circuits; Ethernet networks; Filters; Hardware; High-speed networks; Load management; Parallel machines; Spine; Switches; Telecommunication traffic; 10 Gbps; Firewalls; Gigabit Ethernet; Load Distributor; Parallel; Security;
Conference_Titel :
Security Technology, 2008. ICCST 2008. 42nd Annual IEEE International Carnahan Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4244-1816-9
Electronic_ISBN :
978-1-4244-1817-6
DOI :
10.1109/CCST.2008.4751324
