论文部分内容阅读
随着网络的宽带化,传统的防火墙已经无法适应这样的变化。对于防火墙来说,需要支持1G,甚或10G这样的链路。无论是基于包过滤的防火墙,还是基于应用网关的防火墙都必须满足这样的要求。文章利用作者研究的高性能包分类算法和基于粘结的技术可以极大地提高基于包过滤和应用网关防火墙的性能。在一个商业化的防火墙的环境下测试了采用新包分类算法和基于粘结技术的原型的性能。在目前的测试环境下,根据理论分析,可以达到1G的性能。
With the broadband network, the traditional firewall has been unable to adapt to such changes. For the firewall, you need to support 1G, or even 10G link. Neither the packet-based firewall nor the application gateway-based firewall must meet this requirement. The article exploits the high-performance packet classification algorithms and bonding-based techniques studied by the authors to greatly improve the performance of packet filtering and application gateway firewalls. The performance of prototypes using the new packet classification algorithm and bonding technology was tested in a commercial firewall environment. In the current test environment, according to theoretical analysis, 1G performance can be achieved.