Skip to Main Content
A multi-service Internet requires routers to recognise and prioritise IP flows carrying interactive or multimedia traffic. It is increasingly problematic for legal or administrative reasons to recognise such flows using unique port numbers or deep packet inspection. New work in recent years shows that Machine Learning (ML) techniques can use externally observable statistical characteristics to usefully differentiate such IP traffic. However, most previous work has not addressed the practicality of ML-based traffic classification in terms of CPU and memory usage. Here we describe our design, implementation and performance evaluation of a distributed, ML-based traffic classification and control system for FreeBSD's IP Firewall (IPFW). On an Intel Core i7 2.8 GHz PC our system can classify up to 400 000 packets per second using only one core and our system scales well to up to 100 000 simultaneous flows. Also our implementation allows one classifier PC to control subsequent traffic shaping or blocking at multiple (potentially lower performance) routers or gateways distributed around the network.