Abstract
As communication technology has advanced, network capacity has grown exponentially in recent years. The performance of network monitoring tools is becoming more important as they must process many more packets in a unit of time than they ever did before. A common core component of any network monitoring tool is a packet filter that processes every packet header and passes those packets according to filter rules, to user spaces for further processing. This study presents a packet filter architecture called Packet Filter Cache (PFC) to improve the performance of existing packet filters. The PFC architecture adds a filter rule cache in front of an existing packet filter. Rather than caching the instruction set as in warm caching, the filter rule cache stores the hash value of a filter rule as a hash table entry that can be found in a O(1) memory access. By exploiting the hash lookup speed, PFC can boost filtering performance using only a small cache size. Additionally, PFC also caches unmatched packet flows to achieve a high hit rate. PFC is only a cache mechanism and is added before a traditional packet filter, so it does not depend on the re-engineering of existing filter module. It can therefore be applied to most packet filters. Simulation reveals that PFC can improve the processing time by a factor of around four, at a cache hit rate of 70%.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
