A Lock-Controlled Session Table Partitioning Scheme with Dynamic Resource Balancing for Multi-Core Architecture

Connection tracking by manipulating session tables is essential for stateful inspection capable applications such as stateful firewalls, network-based intrusion prevention systems (NIPS), traffic accounting and monitoring to process packets according to session state information. With the prevalence of multi-core computing, it is crucial to optimize the existing connection tracking structures and algorithms to fully utilize the underlying parallelism. In this paper, we propose a lock-controlled session table partitioning scheme accompanied with a dynamic resource balancing algorithm for session-aware multi-core networking systems. Experimental results show that the proposed scheme reduces the number of lock contentions to a maximum of 100 times less and, in turn, boosts the performance to 3.5 Gbps higher than the baseline. 100% resource utilization is also achieved by overcoming the constraint of fixed-sized partitioning.