Fast Path Session Creation on Network Processors

The security gateways today are required not only to block unauthorized accesses by authenticating packet headers, but also by inspecting connection states to defend against malicious intrusions. Hence session creation rate plays a key role in determining the overall performance of stateful intrusion prevention systems. In this paper, the authors propose a high-speed session creation scheme optimized for network processors. Main contribution includes: a high-performance flow classification algorithm on network processors; an efficient TCP three-way handshake scheme designed for fast-path processing using a two-stage intelligent hashing.