Scalable Remote Firewalls
by Michael Paddon, Philip Hawkes, Greg Rose
ABSTRACT
There is a need for scalable firewalls, that may be dynamically configured by the network nodes that they service. While modern stateful filtering techniques are good at dealing with established traffic flows, the scalable classification of other packets is a less researched problem. A novel method for scalable packet classification on arbitrary criteria is proposed that addresses this requirement. The classifier supports dynamically updatable policies comprised of sequence insensitive rules. Experimental data is presented that demonstrates efficient and scalable performance with large policies. The classifier is therefore suitable for use in scalable remote firewalls.
Michael Paddon, Philip Hawkes, Greg Rose
Qualcomm
Download the paper: Scalable Remote Firewalls (211K PDF)