July 12, 2006 to July 15, 2006
Fong Pong , Broadcom Corp.
We present a new design for fast and robust TCP session lookup. The design uses a "set-associative" hash table, where each hash bucket keeps multiple "compressed and canonical" tags. The canonical tags encode both the flow identifiers and the addresses of the TCP contexts by a forward signature function F(Tag(flow identifier), address) during installation. On session lookup, an inverse function F-1(Tag(flow identifier), tag) matches sessions and recovers the address of the TCP context. We show that the method is effective and storage-efficient. It is also resistant to Denial-of-Service attack that is fabricated by forcing excessive hash collisions.
Fong Pong, "Fast and Robust TCP Session Lookup by Digest Hash", ICPADS, 2006, 12th International Conference on Parallel and Distributed Systems, 12th International Conference on Parallel and Distributed Systems 2006, pp. 507-514, doi:10.1109/ICPADS.2006.46