Classifying packets in a single pass

NETWORK WORLD NEWSLETTER: NETWORKING TECHNOLOGY UPDATE
07/18/05

Dear networking.world@gmail.com,

In this issue:

* Classifying packets only once boosts CPU efficiency and
  minimizes latency
* Links related to Networking Technology Update
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Hewlett Packard
Special Report-Regulatory Compliance and the Role of Today's CIO

With a growing body of legislation dictating how enterprises may
create, use, share, and retain electronic records, CIOs must
develop data storage and management strategies that meet
regulatory compliance and support their organizations' overall
business goals. Fortunately, these objectives are not mutually
exclusive. Download this Special Report from Kahn Consulting,
click here
http://www.fattail.com/redir/redirect.asp?CID=108668
_______________________________________________________________
NETWORK MANAGEMENT GOES OPEN SOURCE

Despite vendors' best efforts, the perception of network and
systems management products is that many are high-priced,
require lengthy deployment cycles, entail multiple integration
efforts and necessitate time-consuming customization. Click here
to find out about a new breed of products that just might solve
the NSM woes:
http://www.fattail.com/redir/redirect.asp?CID=108413
_______________________________________________________________

Today's focus:

Classifying packets in a single pass

By Sudha Valluru

Packet classification and inspection - categorizing packets into
flows and checking headers to determine how to handle data
blocks - are essential for services processing. Traditional
routers classify packets by checking their headers against
access control lists (ACL ) to determine where the packets
should go next. But without ACL uniformity for different
services, one packet must be classified and inspected multiple
times.

Today, vendors are consolidating multiple services onto a single
device, yet these devices still classify packets one service at
a time. As a result, consolidated devices incur more processing
inefficiencies and overhead with every additional service.
Single-pass classification and inspection can overcome these
problems and increase CPU efficiency by classifying packets for
all services in a single pass.

At the heart of one-pass packet classification is a single,
flexible, extensible syntax that administrators can use to
define a common classification and specify policies for all
services, down to an application's payload level. This syntax
also can define complex classifications for QoS, anti-virus,
VoIP and other applications - something older syntaxes cannot
do.

For single-pass packet classification to work well, packets must
flow through a multi-function services gateway in a certain
order to ensure that all services are performed at the correct
points. In multiple-pass classification, services gateways send
a packet first to a router, where the first classification
occurs, but this exposes the router to denial-of-service attacks
or other security problems. Once the packet leaves the router
and goes to a firewall, it is classified again, and so on for
every service in the consolidated device.This uses up CPU
cycles, increases system latency and introduces more
possibilities for errors.

With single-pass packet classification, a packet enters a
firewall first, thus protecting all other services in a gateway.
In the firewall, the IPSec service decrypts and classifies the
packet - just once, using the common classification - and
attaches a tag that contains information about which services
need to process the packet. The packet then passes to a filter
in the services gateway that accepts or denies it based on
information in the tag.

For more on classifying packets, please see:
<http://www.networkworld.com/nltechupdate3315>
_______________________________________________________________
To contact:

Valluru is director of software engineering for NetDevices. He
can be reached at svalluru@netd.com
_______________________________________________________________
This newsletter is sponsored by Hewlett Packard
Special Report-Regulatory Compliance and the Role of Today's CIO

With a growing body of legislation dictating how enterprises may
create, use, share, and retain electronic records, CIOs must
develop data storage and management strategies that meet
regulatory compliance and support their organizations' overall
business goals. Fortunately, these objectives are not mutually
exclusive. Download this Special Report from Kahn Consulting,
click here
http://www.fattail.com/redir/redirect.asp?CID=108667
_______________________________________________________________
ARCHIVE LINKS

Technology Update archive:
http://www.networkworld.com/news/tech/index.html
_______________________________________________________________
FEATURED READER RESOURCE
THE ROI OF VOIP

When it comes to VoIP, most network managers are satisfied that
the technology works. But there are questions: What will the new
technology cost to roll out and support, and what benefits can
companies expect to reap? Check out NW's step-by-step guide on
how to determine the true cost and benefits of VoIP. Click here:
<http://www.networkworld.com/research/2005/071105-voip.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: networking.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005