| ECTI Transactions on Computer and Information Technology | |
| High-speed Firewall Rule Verification Technique Improves Throughput Performance for IP Version 6 | |
| article | |
| Suchart Khummanee1 Umaporn Saisangchan1 Kritsanapong Somsuk2 Sarutte Atsawaraungsuk2 | |
| [1] Mahasarakham University;Udon Thani Rajabhat University | |
| 关键词: Firewall; Firewall rule verification; Throughput performance; IP version 6 (IPv6); Optimality analysis; | |
| DOI : 10.37936/ecti-cit.2022163.248690 | |
| 学科分类:医学(综合) | |
| 来源: Electrical Engineering/Electronics, Computer, Communications and Information Technology Association | |
 PDF
|
|
【 摘 要 】
Throughput performance of firewalls depend on the execution speed to verify rules. Internet Protocol Version 6 (IPv6) and IPv4 ruleset memory requirements differ and affect rule access and execution time in a wide range of common firewalls. This paper contributes a high-speed firewall to execute rules for IPv6 with constant O(1) access time, and consumes optimal O(nbit) memory for 64-bit architectures, named FW6 firewall. Results are based on actual performance evaluations in conjunction with other high-speed firewalls (IPSets, IPack, and F3), such as processing time, memory consumption and throughput. Throughput measurements in IPv6 TCP/UDP packet trials (across ruleset and window sizes) show FW6 significantly outperforms IPSets. The trials have shown that FW6 improves throughput performance over IPSets by 0.24% (mean) and 0.21% (median) across all test variables. Nevertheless, the results suggest similarity and a minor performance increase by FW6 over IPSets. In addition, FW6 and IPSets throughputs are similar to IPack and F3 in IPv4 ruleset execution comparisons. As a result, FW6 can be used to replace previous high-speed firewalls.
【 授权许可】
CC BY-NC-ND
【 预 览 】
| Files | Size | Format | View |
|---|---|---|---|
| RO202307090004810ZK.pdf | 2396KB |  download |
878987797
028-85220240
