A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2009; you can also visit <a rel="external noopener" href="http://www.cs.wfu.edu/%7Efulp/Papers/icc06f.pdf">the original URL</a>. The file type is <code>application/pdf</code>.
A Function-Parallel Architecture for High-Speed Firewalls
<span title="">2006</span>
<i title="IEEE">
<a target="_blank" rel="noopener" href="https://fatcat.wiki/container/jtcdcetsmvdmjcshq24lhzakwu" style="color: black;">2006 IEEE International Conference on Communications</a>
</i>
Preserved Fulltext
Firewalls enforce a security policy by inspecting and filtering traffic arriving or departing from a secure network. This is typically done by comparing an arriving packet to a set of rules and performing the matching rule action, which is accept or deny. Unfortunately packet inspections can impose significant delays on traffic due to the complexity and size of policies. Therefore, improving firewall performance is important given the next generation of high-speed networks. This paper
<span class="external-identifiers">
<a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/icc.2006.255099">doi:10.1109/icc.2006.255099</a>
<a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/icc/FulpF06.html">dblp:conf/icc/FulpF06</a>
<a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/33hsyq5xzjdmfgb6y66w5cdwlm">fatcat:33hsyq5xzjdmfgb6y66w5cdwlm</a>
</span>
more »
... a new firewall architecture that can perform packet inspections under increasing traffic loads, higher traffic speeds, and strict QoS requirements. The architecture consists of multiple firewalls configured in parallel that collectively enforce a security policy. Each firewall implements part of the policy and arriving packets are processed by all the firewalls simultaneously. Since multiple firewalls are used to process every packet, the proposed function-parallel system has significantly lower delays (e.g. 74% lower for a four firewall system) and a higher throughput than other data-parallel (loadbalancing) firewalls. These findings will be demonstrated empirically. Furthermore unlike data-parallel systems, the functionparallel design allows the stateful inspection of packets, which is critical to prevent certain types of network attacks.
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20090610185602/http://www.cs.wfu.edu/%7Efulp/Papers/icc06f.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext">
<button class="ui simple right pointing dropdown compact black labeled icon button serp-button">
<i class="icon ia-icon"></i>
Web Archive
[PDF]
<div class="menu fulltext-thumbnail">
<img src="https://blobs.fatcat.wiki/thumbnail/pdf/a6/7b/a67b2e85edb3008fb890a26cae6414f9bfc78f1a.180px.jpg" alt="fulltext thumbnail" loading="lazy">
</div>
</button>
</a>
<a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/icc.2006.255099">
<button class="ui left aligned compact blue labeled icon button serp-button">
<i class="external alternate icon"></i>
ieee.com
</button>
</a>