Optimizing TCP forwarder performance

Oliver Spatscheck; Jørgen S. Hansen; John H. Hartman; Larry L. Peterson

doi:10.1109/90.842138

Optimizing TCP forwarder performance

Oliver Spatscheck, Jørgen S. Hansen, John H. Hartman, Larry L. Peterson

Computer Science

Research output: Contribution to journal › Article › peer-review

59 Scopus citations

Abstract

A TCP forwarder is a network node that establishes and forwards data between a pair of TCP connections. An example of a TCP forwarder is a firewall that places a proxy between a TCP connection to an external host and a TCP connection to an internal host, controlling access to a resource on the internal host. Once the proxy approves the access, it simply forwards data from one connection to the other. We use the term TCP forwarding to describe indirect TCP communication via a proxy in general. This paper briefly characterizes the behavior of TCP forwarding, and illustrates the role TCP forwarding plays in common network services like firewalls and HTTP proxies. We then introduce an optimization technique, called connection splicing, that can be applied to a TCP forwarder, and report the results of a performance study designed to evaluate its impact. Connection splicing improves TCP forwarding performance by a factor of two to four, making it competitive with IP router performance on the same hardware.

Original language	English (US)
Pages (from-to)	146-157
Number of pages	12
Journal	IEEE/ACM Transactions on Networking
Volume	8
Issue number	2
DOIs	https://doi.org/10.1109/90.842138
State	Published - 2000

Keywords

Firewall
Proxy
Router
TCP

ASJC Scopus subject areas

Software
Computer Science Applications
Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.1109/90.842138

Cite this

@article{b520d67a9201405aabfb50f23cd2dc78,

title = "Optimizing TCP forwarder performance",

abstract = "A TCP forwarder is a network node that establishes and forwards data between a pair of TCP connections. An example of a TCP forwarder is a firewall that places a proxy between a TCP connection to an external host and a TCP connection to an internal host, controlling access to a resource on the internal host. Once the proxy approves the access, it simply forwards data from one connection to the other. We use the term TCP forwarding to describe indirect TCP communication via a proxy in general. This paper briefly characterizes the behavior of TCP forwarding, and illustrates the role TCP forwarding plays in common network services like firewalls and HTTP proxies. We then introduce an optimization technique, called connection splicing, that can be applied to a TCP forwarder, and report the results of a performance study designed to evaluate its impact. Connection splicing improves TCP forwarding performance by a factor of two to four, making it competitive with IP router performance on the same hardware.",

keywords = "Firewall, Proxy, Router, TCP",

author = "Oliver Spatscheck and Hansen, {J{\o}rgen S.} and Hartman, {John H.} and Peterson, {Larry L.}",

note = "Funding Information: Manuscript received May 15, 1998; approved by IEEE/ACM TRANSACTIONS ON NETWORKING Editor S. Pink. This work was supported in part by Defense Advanced Research Projects Agency Contract DABT63-95-C-0075 and Contract N66001-96-8518, and by National Science Foundation under Grant CCR-9415932. O. Spatscheck is with AT&T Labs–Research, Florham Park, NJ 07932-0971 USA (e-mail: spatsch@research.att.com). J. S. Hansen is with the Department of Computer Science, University of Copenhagen, Copenhagen, Denmark (e-mail: cyller@diku.dk). J. H. Hartman is with the Department of Computer Science, University of Arizona, Tucson, AZ 85721 USA (e-mail: jhh@cs.arizona.edu). L. L. Peterson is with the Department of Computer Science, Princeton University, Princeton, NJ 08544 USA (e-mail: llp@cs.princeton.edu). Publisher Item Identifier S 1063-6692(00)03322-7.",

year = "2000",

doi = "10.1109/90.842138",

language = "English (US)",

volume = "8",

pages = "146--157",

journal = "IEEE/ACM Transactions on Networking",

issn = "1063-6692",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "2",

}

TY - JOUR

T1 - Optimizing TCP forwarder performance

AU - Spatscheck, Oliver

AU - Hansen, Jørgen S.

AU - Hartman, John H.

AU - Peterson, Larry L.

N1 - Funding Information: Manuscript received May 15, 1998; approved by IEEE/ACM TRANSACTIONS ON NETWORKING Editor S. Pink. This work was supported in part by Defense Advanced Research Projects Agency Contract DABT63-95-C-0075 and Contract N66001-96-8518, and by National Science Foundation under Grant CCR-9415932. O. Spatscheck is with AT&T Labs–Research, Florham Park, NJ 07932-0971 USA (e-mail: spatsch@research.att.com). J. S. Hansen is with the Department of Computer Science, University of Copenhagen, Copenhagen, Denmark (e-mail: cyller@diku.dk). J. H. Hartman is with the Department of Computer Science, University of Arizona, Tucson, AZ 85721 USA (e-mail: jhh@cs.arizona.edu). L. L. Peterson is with the Department of Computer Science, Princeton University, Princeton, NJ 08544 USA (e-mail: llp@cs.princeton.edu). Publisher Item Identifier S 1063-6692(00)03322-7.

PY - 2000

Y1 - 2000

N2 - A TCP forwarder is a network node that establishes and forwards data between a pair of TCP connections. An example of a TCP forwarder is a firewall that places a proxy between a TCP connection to an external host and a TCP connection to an internal host, controlling access to a resource on the internal host. Once the proxy approves the access, it simply forwards data from one connection to the other. We use the term TCP forwarding to describe indirect TCP communication via a proxy in general. This paper briefly characterizes the behavior of TCP forwarding, and illustrates the role TCP forwarding plays in common network services like firewalls and HTTP proxies. We then introduce an optimization technique, called connection splicing, that can be applied to a TCP forwarder, and report the results of a performance study designed to evaluate its impact. Connection splicing improves TCP forwarding performance by a factor of two to four, making it competitive with IP router performance on the same hardware.

AB - A TCP forwarder is a network node that establishes and forwards data between a pair of TCP connections. An example of a TCP forwarder is a firewall that places a proxy between a TCP connection to an external host and a TCP connection to an internal host, controlling access to a resource on the internal host. Once the proxy approves the access, it simply forwards data from one connection to the other. We use the term TCP forwarding to describe indirect TCP communication via a proxy in general. This paper briefly characterizes the behavior of TCP forwarding, and illustrates the role TCP forwarding plays in common network services like firewalls and HTTP proxies. We then introduce an optimization technique, called connection splicing, that can be applied to a TCP forwarder, and report the results of a performance study designed to evaluate its impact. Connection splicing improves TCP forwarding performance by a factor of two to four, making it competitive with IP router performance on the same hardware.

KW - Firewall

KW - Proxy

KW - Router

KW - TCP

UR - http://www.scopus.com/inward/record.url?scp=0000221481&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0000221481&partnerID=8YFLogxK

U2 - 10.1109/90.842138

DO - 10.1109/90.842138

M3 - Article

AN - SCOPUS:0000221481

VL - 8

SP - 146

EP - 157

JO - IEEE/ACM Transactions on Networking

JF - IEEE/ACM Transactions on Networking

SN - 1063-6692

IS - 2

ER -

Optimizing TCP forwarder performance

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this