LASF: A flow scheduling policy in stateful packet inspection systems

Zhang Zhibin; Zhang Yanjun; Guo Li; Fang Binxing

doi:10.1109/ISCC.2007.4381491

LASF: A flow scheduling policy in stateful packet inspection systems

Zhang Zhibin^*, Zhang Yanjun, Guo Li, Fang Binxing

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Citations (Scopus)

Abstract

Current increase in network bandwidth raised an aggressive challenge in network security, and stateful packet inspection based security systems is playing a more and more important role. Recent advances in scheduling theory show that it is possible to reduce the expected mean response time of a queuing system, simply by changing the order in which we schedule the requests according to the job size, which is so called size-based scheduling policy. In this paper, we start by an analysis of connection sojourn time distribution of network traffic. Based on this analysis, first we design a two level session table in order to avoid session table explosion. Then we propose a connection scheduling policy in stateful packet inspection systems called LASF (Least Attained Sojourn First). We show that our policy can improve mean response time and flow throughput especially when system is overloaded. Finally we assess the costs of LASF in terms of unfairness.

Original language	English
Title of host publication	12th IEEE International Symposium on Computers and Communications, ISCC '07
Pages	87-93
Number of pages	7
DOIs	https://doi.org/10.1109/ISCC.2007.4381491
Publication status	Published - 2007
Externally published	Yes
Event	12th IEEE International Symposium on Computers and Communications, ISCC '07 - Aveiro, Portugal Duration: 1 Jul 2007 → 4 Jul 2007

Publication series

Name	Proceedings - IEEE Symposium on Computers and Communications
ISSN (Print)	1530-1346

Conference

Conference	12th IEEE International Symposium on Computers and Communications, ISCC '07
Country/Territory	Portugal
City	Aveiro
Period	1/07/07 → 4/07/07

Access to Document

10.1109/ISCC.2007.4381491

Cite this

@inproceedings{fe534476e11d4b4dbb3ecee701e25c1c,

title = "LASF: A flow scheduling policy in stateful packet inspection systems",

abstract = "Current increase in network bandwidth raised an aggressive challenge in network security, and stateful packet inspection based security systems is playing a more and more important role. Recent advances in scheduling theory show that it is possible to reduce the expected mean response time of a queuing system, simply by changing the order in which we schedule the requests according to the job size, which is so called size-based scheduling policy. In this paper, we start by an analysis of connection sojourn time distribution of network traffic. Based on this analysis, first we design a two level session table in order to avoid session table explosion. Then we propose a connection scheduling policy in stateful packet inspection systems called LASF (Least Attained Sojourn First). We show that our policy can improve mean response time and flow throughput especially when system is overloaded. Finally we assess the costs of LASF in terms of unfairness.",

author = "Zhang Zhibin and Zhang Yanjun and Guo Li and Fang Binxing",

year = "2007",

doi = "10.1109/ISCC.2007.4381491",

language = "English",

isbn = "1424415217",

series = "Proceedings - IEEE Symposium on Computers and Communications",

pages = "87--93",

booktitle = "12th IEEE International Symposium on Computers and Communications, ISCC '07",

note = "12th IEEE International Symposium on Computers and Communications, ISCC '07 ; Conference date: 01-07-2007 Through 04-07-2007",

}

Zhibin, Z, Yanjun, Z, Li, G & Binxing, F 2007, LASF: A flow scheduling policy in stateful packet inspection systems. in 12th IEEE International Symposium on Computers and Communications, ISCC '07., 4381491, Proceedings - IEEE Symposium on Computers and Communications, pp. 87-93, 12th IEEE International Symposium on Computers and Communications, ISCC '07, Aveiro, Portugal, 1/07/07. https://doi.org/10.1109/ISCC.2007.4381491

LASF: A flow scheduling policy in stateful packet inspection systems. / Zhibin, Zhang; Yanjun, Zhang; Li, Guo et al.
12th IEEE International Symposium on Computers and Communications, ISCC '07. 2007. p. 87-93 4381491 (Proceedings - IEEE Symposium on Computers and Communications).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - LASF

T2 - 12th IEEE International Symposium on Computers and Communications, ISCC '07

AU - Zhibin, Zhang

AU - Yanjun, Zhang

AU - Li, Guo

AU - Binxing, Fang

PY - 2007

Y1 - 2007

N2 - Current increase in network bandwidth raised an aggressive challenge in network security, and stateful packet inspection based security systems is playing a more and more important role. Recent advances in scheduling theory show that it is possible to reduce the expected mean response time of a queuing system, simply by changing the order in which we schedule the requests according to the job size, which is so called size-based scheduling policy. In this paper, we start by an analysis of connection sojourn time distribution of network traffic. Based on this analysis, first we design a two level session table in order to avoid session table explosion. Then we propose a connection scheduling policy in stateful packet inspection systems called LASF (Least Attained Sojourn First). We show that our policy can improve mean response time and flow throughput especially when system is overloaded. Finally we assess the costs of LASF in terms of unfairness.

AB - Current increase in network bandwidth raised an aggressive challenge in network security, and stateful packet inspection based security systems is playing a more and more important role. Recent advances in scheduling theory show that it is possible to reduce the expected mean response time of a queuing system, simply by changing the order in which we schedule the requests according to the job size, which is so called size-based scheduling policy. In this paper, we start by an analysis of connection sojourn time distribution of network traffic. Based on this analysis, first we design a two level session table in order to avoid session table explosion. Then we propose a connection scheduling policy in stateful packet inspection systems called LASF (Least Attained Sojourn First). We show that our policy can improve mean response time and flow throughput especially when system is overloaded. Finally we assess the costs of LASF in terms of unfairness.

UR - http://www.scopus.com/inward/record.url?scp=48049099618&partnerID=8YFLogxK

U2 - 10.1109/ISCC.2007.4381491

DO - 10.1109/ISCC.2007.4381491

M3 - Conference contribution

AN - SCOPUS:48049099618

SN - 1424415217

SN - 9781424415212

T3 - Proceedings - IEEE Symposium on Computers and Communications

SP - 87

EP - 93

BT - 12th IEEE International Symposium on Computers and Communications, ISCC '07

Y2 - 1 July 2007 through 4 July 2007

ER -

LASF: A flow scheduling policy in stateful packet inspection systems

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this