|
1. |
LASF: A Flow Scheduling Policy in Stateful Packet Inspection Systems
Zhibin Zhang; Yanjun Zhang; Li Guo; Binxing Fang;
Computers and Communications, 2007. ISCC 2007. 12th IEEE Symposium on
1-4 July 2007
Page(s):87
-
93
Abstract:
Current increase in network bandwidth raised an aggressive challenge in network security, and stateful packet inspection based security systems is playing a more and more important role. Recent advances in scheduling theory show that it is possible to reduce the expected mean response time of a queuing system, simply by changing the order in which we schedule the requests according to the job size, which is so called size-based scheduling policy. In this paper, we start by an analysis of connection sojourn time distribution of network traffic. Based on this analysis, first we design a two level session table in order to avoid session table explosion. Then we propose a connection scheduling policy in stateful packet inspection systems called LASF (least attained sojourn first). We show that our policy can improve mean response time and flow throughput especially when system is overloaded. Finally we assess the costs of LASF in terms of unfairness.
|
Cart
