Application layer proxies already play an important role in today's
networks, serving as firewalls and HTTP caches --- and their role is
being expanded to include encryption, compression, and mobility
support services. Current application layer proxies suffer major
performance penalties as they spend most of their time moving data
back and forth between connections; context switching and crossing
protection boundaries for each chunk of data they handle. We present
a technique called TCP Splice that provides kernel support for data
relaying operations which runs at near router speeds. In our lab
testing, we find SOCKS firewalls using TCP Splice can sustain a data
throughput twice that of normal firewalls, with an average packet
forwarding latency 30 times less.
By: David A. Maltz, Pravin Bhagwat
Published in: RC21139 in 1998
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .