By Topic

A connection management protocol for stateful inspection firewalls in multi-homed networks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Jin-Ho Kim ; Samsung Electron., South Korea ; Saewoong Bahk ; Heejo Lee

To provide network services consistently under various network failures, enterprise networks increasingly utilize path diversity through multi-homing. As a result, multi-homed non-transit autonomous systems (ASes) has surpassed the single-homed networks in number. In this paper, we address an inevitable problem that occurs when networks with multiple entry points deploy stateful inspection firewalls in their borders. In this paper, we formulate this phenomenon into a state-sharing problem among multiple firewalls under the asymmetric routing condition. To solve this problem, we propose a stateful inspection protocol that requires a very low processing and messaging overhead. Our protocol consists of the following two phases: 1) generation of a TCP SYN cookie marked with the firewall identification number upon a SYN packet arrival, and 2) state sharing triggered by a SYN/ACK packet arrival in the absence of the trail of its initial SYN packet. We demonstrate that our protocol is scalable, robust, and simple enough to be deployed for high speed networks. It also transparently works under any client-server configurations. Last but not the least, we present the experimental results through a prototype implementation.

Published in:

Communications, 2004 IEEE International Conference on  (Volume:4 )

Date of Conference:

20-24 June 2004