Quality of Service Guarantee Technology
On Control Plane
Ying-Dar Lin
Ministry of Education and National Science Council
security gateway, bandwidth
management, router, VPN, firewall, speedup
In the recent years, the evolution of enterprise edge routers has two
trends: broadband access and more intelligence. Broadband access implies the
speed of processing packets needs to be accelerated. It can be accomplished
by software acceleration, i.e. algorithm improvement, or hardware
acceleration, i.e. adds-on independent hardware equipment such as
accelerator adapter, ASIC or network processor. On the other hand, the
intelligence is mainly categorized into security and quality of service
(QoS). The function of security includes firewall, virtual private network
(VPN), intrusion detection system (IDS), etc. Regarding QoS, the management
of bandwidth allocation is the most essential function.
We have built two integrated systems on the platform of Linux/Open Source
with the Pentium CPU. They are security gateway, which includes VPN,
firewall, IDS, routing, etc., and bandwidth manager (TCP masq). The target
of this project is to further integrate these two systems to be an embedded
system by the techniques of embedding, packaging, downsizing and costdown.
After that, some black-box and white-box benchmarking will be done to
compare the integration with the existing commercial products and identify
the bottlenecks of the integration. The next two stages are software
acceleration by algorithm improvement and hardware acceleration by adds-on
hardware modules, respectively. The major modules to accelerate include (1)
the matching process of the intrusion type in IDS, (2) packet filter, (3)
content filter, (4) per-flow processing in bandwidth manager, and (5)
encryption/decryption of IP-Sec. (1)~(4) can be accelerated by software and
(5) and parts of (1)~(4) can be accelerated by hardware. All of the
researched methods will be implemented in the real system, along with
analysis and benchmarking.
In summary, integration and embedding will be finished in the 1st year;
software acceleration will be finished in the 2nd year; and hardware
acceleration and the SOC (system-on-chip) solution will be finished in the
3rd year. The research achievements of this project will include papers
(estimated 2 papers per year, one on algorithmic research and the other on
system implementation and evaluation), patents (estimated one patent per
year), and software package (one package which will be enhanced every year).
Among them, the software package will be announced as an open source package
through Internet. Besides, the total solution with commercial benefits,
including embedding, packaging, downsizing and the Web-based management
interface, will be technically transferred to equipment providers.