Manoj Singh Gaur
Mark Zwolinski
ABSTRACT
Packet filtering is core functionality in many academic and corporate network systems. Firewalls use a rule database to decide which packets will be allowed from one network onto another thereby implementing a security policy. With the introduction of new types of services and applications there is a growing demand for larger bandwidth and also for improved security. Both demands are in conflict since providing security partly relies on screening packet traffic, which implies a considerable overhead. In such a scenario as LAN and WAN speeds are becoming comparable, a single firewall can become a bottleneck and reduces the overall throughput of the network. A firewall with heavy load and limited processing power, which is supposed to be a first line of defence against attacks, becomes susceptible to Denial of Service (DoS) attacks. Many research groups have proposed different methods to improve efficiency and throughput to optimize firewalls. This paper presents and analyse various parallel implementations of packet filtering running on cost effective GPGPU. We describe an approach to efficiently exploit the massively parallel capabilities of the GPGPU.
- K.Salah et al. Resilency of open-source firewalls against remote discovery of last-matching rules, Proceedings of Security of Information and Networks 2009. Google Scholar
Digital Library
- E.W.Fulpl. Parallel firewall designs for high-speed networks, In Proceedings of 25th IEEE International Conference on Computer Communications, pp1--4. INFOCOMM 2006.Google Scholar
- K.Salah, K.Sattar et al. A probing technique for discovering last-matching rules of a network firewall, In Proceedings of 5th International Conference on Innovations in Information Technology, pp578--582. IIT 2008.Google Scholar
- D.Newman, Benchmarking terminology for firewall performance, RFC 2647, August 1999. Google ScholarDigital Library
- R.Russell and H.Welte. Linux Packet Filtering Howto.Google Scholar
- R.Russell and H.Welte. Linux Netfilter Hacking Howto.Google Scholar
- NVIDIA CUDA. www.nvidia.com/object/cuda_new_home.html.Google Scholar
- S.Suri and G.Varghese. Packet filtering in high speed networks, In Proceedings of 10th annual ACM-SIAM Symposium on Discrete Alorithmss, pp.969--970. 1999. Google ScholarDigital Library
- Lee T.K, Yusuf S. et al., "Development framework for firewall processors," Field-Programmable Technology, 2002. (FPT). Proceedings. 2002 IEEE International Conference on, vol., no., pp. 352- 355, 16--18 Dec. 2002Google Scholar
- G.S.Jedhe, A.Ramamoorthy, and K.Varghese. A scalable high throughput firewall in FPGA, In Proceedings of 16th International Symposium on Field-Programmable Custom Computing Machines, 2008. Google ScholarDigital Library
- R.Hickman, D.Newman and T.Martin. Benchmarking methodology for firewall performance, RFC 3511, April 2003. Google ScholarDigital Library
- Ixia. www.ixiacom.com.Google Scholar
- Tilak Raj and P.Subhramanyan. A Report on Studying Memory System Performance of a Multithreaded GPU.Google Scholar
Index Terms
- Acceleration of packet filtering using gpgpu
Recommendations
From GPGPU to Many-Core: Nvidia Fermi and Intel Many Integrated Core Architecture
Comparing the architectures and performance levels of an Nvidia Fermi accelerator with an Intel MIC Architecture coprocessor demonstrates the benefit of the coprocessor for bringing highly parallel applications into, or even beyond, GPGPU performance ...
Performance analysis of accelerated image registration using GPGPU
GPGPU-2: Proceedings of 2nd Workshop on General Purpose Processing on Graphics Processing UnitsThis paper presents a performance analysis of an accelerated 2-D rigid image registration implementation that employs the Compute Unified Device Architecture (CUDA) programming environment to take advantage of the parallel processing capabilities of ...
Packet coalescing exploiting data redundancy in GPGPU architectures
ICS '17: Proceedings of the International Conference on SupercomputingGeneral Purpose Graphics Processing Units (GPGPUs) are becoming a cost-effective hardware approach for parallel computing. Many executions on the GPGPUs place heavy stress on the memory system, creating network bottlenecks near memory controllers. We ...
Comments