Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Multimedia and firewalls: a performance perspective

  • Regular Paper
  • Published:
Multimedia Systems Aims and scope Submit manuscript

Abstract

Firewalls are a well-established security mechanism to restrict the traffic exchanged between networks to a certain subset of users and applications. In order to cope with new application types like multimedia, new firewall architectures are necessary. The performance of these new architectures is a critical factor because Quality of Service (QoS) demands of multimedia applications have to be taken into account.

We show how the performance of firewall architectures for multimedia applications can be determined. We present a model to describe the performance of multimedia firewall architectures. This model can be used to dimension firewalls for usage with multimedia applications. In addition, we present the results of a lab experiment, used to evaluate the performance of a distributed firewall architecture and to validate the model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Roedig, U.: Firewall architectures for multimedia applications. PhD Thesis, Darmstadt University of Technology (2002)

  2. Steinmetz, R., Nahrstedt, K.: Multimedia: Computing, Communication and Applications. Prentice-Hall, Inc., New Jersey (1995)

    Google Scholar 

  3. Cheswick, W., Bellovin, S.: Firewalls and Internet Security. Addison Wesley, Reading, MA (1994)

    Google Scholar 

  4. Knobbe, R., Purtell, A., Schwab, S.: Advanced security proxies: an architecture and implementation for high performance network firewalls. In: Proceedings of DARPA Information Survivability Conference and Exposition 2000, pp. 140–148 (2000)

  5. Roedig, U., Ackermann, R., Rensing, C., Steinmetz, R.: A distributed firewall for multimedia applications. In: Proceedings of the Workshop Sicherheit in Netzen und Medienströmen, pp. 3–16. Berlin (2000)

  6. Srisuresh, P., Kuthan, J., Rosenberg, J., Molitor, A., Rayhan, A.: Middlebox Communication Architecture and Framework. Internet Engineering Task Force, RFC 3303 (2002)

  7. Stiemerling, M., Quittek, J.: Simple Middlebox Configuration (SIMCO) Protocol Version 2.0. Internet Engineering Task Force, Internet Draft, Work in progress (2003)

  8. Roedig, U., Görtz, M., Karsten, M., Steinmetz, R.: RSVP as firewall signalling protocol. In: Proceedings of the 6th IEEE Symposium on Computers and Communications, 5762 pp. Hammamet, Tunisia, IEEE (2001)

  9. Cisco Systems: Cisco PIX. http://www.cisco.com

  10. CheckPoint: CheckPoint Firewall-1. http://www.checkpoint.com

  11. NetScreen: NetScreen-500 System Product Description. Part Number: 2002.6.50.1.500, 2002

  12. International Telecommunication Union: Network Grade of Service Parameters and Target Values for Circuit-Switched Services in the Evolving ISDN. Recommendation E.721, Series E: Overall Network Operation, Telephone Service, Service Operation and Human factors. Telecommunication Standardization Sector of ITU, Geneva, Switzerland (1999)

  13. European Telecommunications Standards Institute: End-to-End Quality of Service in TIPHON Systems; Part 2: Definition of Speech Quality of Service (QoS) Classes. Draft, Telecommunications and Internet Protocol Harmonization over Networks, ETSI (2000)

  14. Kleinrock, L., Gail, R.: Queueing Systems: Problems and Solutions. Wiley, New York (1996)

    Google Scholar 

  15. Roedig, U.: KOMtraffgen Software. http://www.kom.tu-darmstadt.de/KOMtraffgen (2002)

  16. Roedig, U.: KOMproxyd Software. http://www.kom.tu-darmstadt.de/KOMproxyd (2001)

  17. Hickman, B., Newman, D., Tadjudin, S., Martin, T.P.: Benchmarking Methodology for Firewall Performance. Internet Engineering Task Force, RFC 3511 (2003)

  18. The Tolly Group: Test Summary NetScreen-5200 versus Nokia IP740 and Cisco Systems Inc. PIX 535. Document No. 202121 (2002)

  19. The Tolly Group: Test Summary Ingate Firewall 1400. Document No. 203118 (2003)

  20. Xu, J., Singhal, M.: Design and evaluation of a high-performance ATM firewall switch and its applications. IEEE J. Selected Areas Commun. 17(6), 1190–1200 (1999)

    Google Scholar 

  21. Benecke, C.: A parallel packet screen for high speed networks. In: Proceedings of the 15th Annual Computer Security Applications Conference (1999)

  22. Paul, O.: Improving distributed firewalls performance through vertical load balancing. In: Proceedings of the 3rd International IFIP-TC6 Networking Conference, pp. 25–37. Athens, Greece, (2004)

  23. Eyers, T., Schulzrinne, H.: Predicting Internet Telephony Call Setup Delay. In: Proceedings of the 1st IP-Telephony Workshop (IPtel 2000). Berlin, Germany (2000)

  24. Gupta, P., McKeown, N.: Algorithms for packet classification. IEEE Netw. (2001)

  25. Keslassy, I., Chuang, S., McKeown, N.: A load-balanced switch with an arbitrary number of linecards. In: Proceedings of the IEEE Infocom 2004. Hong Kong (2004)

  26. Qiu, L., Varghese, G., Suri, S.: Fast firewall implementations for software-based and hardware-based routers. In: Proceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. Cambridge, United States (2001)

  27. Choi, B., Moon, S., Zhang, Z., Papagiannaki, K., Diot, C.: Analysis of point-to-point packet delay in an operational network. In: Proceedings of IEEE INFOCOM. Hong Kong (2004)

Download references

Author information

Authors and Affiliations

  1. Mobile & Internet Systems Laboratory (MISL), University College Cork, Ireland

    Utz Roedig

  2. Distributed Computer Systems Lab (DISCO), University of Kaiserslautern, Germany

    Jens Schmitt

Authors
  1. Utz Roedig
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jens Schmitt
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Utz Roedig.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Roedig, U., Schmitt, J. Multimedia and firewalls: a performance perspective. Multimedia Systems 11, 19–33 (2005). https://doi.org/10.1007/s00530-005-0187-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00530-005-0187-2

Keyword

Search

Navigation