A Parallel Packet Screen for High Speed Networks
Firewall Lab for High Speed Networks (DFN-FWL)
German Research Network
University of Hamburg
Fachbereich Informatik, FWL
Phone : +49-40-42883-2010
Fax : +49-40-42883-2241
This paper demonstrates why security issues related to the continually increasing bandwidth of High Speed Networks (HSN) cannot be addressed with conventional firewall mechanisms. A single packet screen running on a fast computer is not capable of filtering all packets traversing a Fast/Gigabit Ethernet. This problem can be addressed by using parallel processing methods to implement a fast, scalable packet screen for Ethernets. The paper shows how hardware may be utilized to distribute the network load among such parallel packet screens. Empirical results using `off-the-shelf' equipment indicate that this approach is usable.