Parallel firewalls offer a scalable architecture for the next generation of high-speed networks. While these parallel
systems can be implemented using multiple firewalls, the latest generation of stream processors can provide similar
benefits with a significantly reduced latency due to locality.
This paper describes how the Cell Broadband Engine (CBE), a popular stream processor, can be used as a
high-speed packet filter. Results show the CBE can potentially process packets arriving at a rate of 1 Gbps with
a latency less than 82 μ-seconds. Performance depends on how well the packet filtering process is translated
to the unique stream processor architecture. For example the method used for transmitting data and control
messages among the pseudo-independent processor cores has a significant impact on performance. Experimental
results will also show the current limitations of a CBE operating system when used to process packets. Possible
solutions to these issues will be discussed.
Many applications require network performance bounds, or Quality
of Service (QoS), for their proper operation. This is achieved
through the appropriate allocation of network resources; however,
providing end-to-end QoS is becoming more complex, due to the
increasing heterogeneity of networks. For example, end-to-end QoS
can be provided through the concatenation of services across
multiple networks (domains), but each domain may employ different
network technologies as well as different QoS methodologies. As a
result, management strategies are needed to provide QoS across
multiple domains in a scalable and economically feasible manner.
This paper describes a microeconomic-based middleware architecture
that allows the specification and acquisition of QoS and resource
policies. The architecture consists of users, bandwidth brokers,
and network domains. Executing applications, users require network
QoS obtained via middleware from a bandwidth broker. Bandwidth
brokers then interact with one another to provide end-to-end QoS
connections across multiple domains. This is done in a BGP manner
which recursively provides end-to-end services in a scalable
fashion. Using this framework, this paper describes management
strategies to optimally provision and allocate end-to-end
connections. The methods maintain a low blocking probability, and
maximize utility and profit, which are increasingly important as
network connectivity evolves as an industry.