Multimedia Systems

, Volume 11, Issue 1, pp 19–33 | Cite as

Multimedia and firewalls: a performance perspective

  • Utz Roedig
  • Jens Schmitt
Regular Paper


Firewalls are a well-established security mechanism to restrict the traffic exchanged between networks to a certain subset of users and applications. In order to cope with new application types like multimedia, new firewall architectures are necessary. The performance of these new architectures is a critical factor because Quality of Service (QoS) demands of multimedia applications have to be taken into account.

We show how the performance of firewall architectures for multimedia applications can be determined. We present a model to describe the performance of multimedia firewall architectures. This model can be used to dimension firewalls for usage with multimedia applications. In addition, we present the results of a lab experiment, used to evaluate the performance of a distributed firewall architecture and to validate the model.


Firewalls Performance Multimedia QoS Network Security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Roedig, U.: Firewall architectures for multimedia applications. PhD Thesis, Darmstadt University of Technology (2002)Google Scholar
  2. 2.
    Steinmetz, R., Nahrstedt, K.: Multimedia: Computing, Communication and Applications. Prentice-Hall, Inc., New Jersey (1995)Google Scholar
  3. 3.
    Cheswick, W., Bellovin, S.: Firewalls and Internet Security. Addison Wesley, Reading, MA (1994)Google Scholar
  4. 4.
    Knobbe, R., Purtell, A., Schwab, S.: Advanced security proxies: an architecture and implementation for high performance network firewalls. In: Proceedings of DARPA Information Survivability Conference and Exposition 2000, pp. 140–148 (2000)Google Scholar
  5. 5.
    Roedig, U., Ackermann, R., Rensing, C., Steinmetz, R.: A distributed firewall for multimedia applications. In: Proceedings of the Workshop Sicherheit in Netzen und Medienströmen, pp. 3–16. Berlin (2000)Google Scholar
  6. 6.
    Srisuresh, P., Kuthan, J., Rosenberg, J., Molitor, A., Rayhan, A.: Middlebox Communication Architecture and Framework. Internet Engineering Task Force, RFC 3303 (2002)Google Scholar
  7. 7.
    Stiemerling, M., Quittek, J.: Simple Middlebox Configuration (SIMCO) Protocol Version 2.0. Internet Engineering Task Force, Internet Draft, Work in progress (2003)Google Scholar
  8. 8.
    Roedig, U., Görtz, M., Karsten, M., Steinmetz, R.: RSVP as firewall signalling protocol. In: Proceedings of the 6th IEEE Symposium on Computers and Communications, 5762 pp. Hammamet, Tunisia, IEEE (2001)Google Scholar
  9. 9.
    Cisco Systems: Cisco PIX.
  10. 10.
    CheckPoint: CheckPoint Firewall-1.
  11. 11.
    NetScreen: NetScreen-500 System Product Description. Part Number: 2002., 2002Google Scholar
  12. 12.
    International Telecommunication Union: Network Grade of Service Parameters and Target Values for Circuit-Switched Services in the Evolving ISDN. Recommendation E.721, Series E: Overall Network Operation, Telephone Service, Service Operation and Human factors. Telecommunication Standardization Sector of ITU, Geneva, Switzerland (1999)Google Scholar
  13. 13.
    European Telecommunications Standards Institute: End-to-End Quality of Service in TIPHON Systems; Part 2: Definition of Speech Quality of Service (QoS) Classes. Draft, Telecommunications and Internet Protocol Harmonization over Networks, ETSI (2000)Google Scholar
  14. 14.
    Kleinrock, L., Gail, R.: Queueing Systems: Problems and Solutions. Wiley, New York (1996)Google Scholar
  15. 15.
    Roedig, U.: KOMtraffgen Software. (2002)
  16. 16.
    Roedig, U.: KOMproxyd Software. (2001)
  17. 17.
    Hickman, B., Newman, D., Tadjudin, S., Martin, T.P.: Benchmarking Methodology for Firewall Performance. Internet Engineering Task Force, RFC 3511 (2003)Google Scholar
  18. 18.
    The Tolly Group: Test Summary NetScreen-5200 versus Nokia IP740 and Cisco Systems Inc. PIX 535. Document No. 202121 (2002)Google Scholar
  19. 19.
    The Tolly Group: Test Summary Ingate Firewall 1400. Document No. 203118 (2003)Google Scholar
  20. 20.
    Xu, J., Singhal, M.: Design and evaluation of a high-performance ATM firewall switch and its applications. IEEE J. Selected Areas Commun. 17(6), 1190–1200 (1999)Google Scholar
  21. 21.
    Benecke, C.: A parallel packet screen for high speed networks. In: Proceedings of the 15th Annual Computer Security Applications Conference (1999)Google Scholar
  22. 22.
    Paul, O.: Improving distributed firewalls performance through vertical load balancing. In: Proceedings of the 3rd International IFIP-TC6 Networking Conference, pp. 25–37. Athens, Greece, (2004)Google Scholar
  23. 23.
    Eyers, T., Schulzrinne, H.: Predicting Internet Telephony Call Setup Delay. In: Proceedings of the 1st IP-Telephony Workshop (IPtel 2000). Berlin, Germany (2000)Google Scholar
  24. 24.
    Gupta, P., McKeown, N.: Algorithms for packet classification. IEEE Netw. (2001)Google Scholar
  25. 25.
    Keslassy, I., Chuang, S., McKeown, N.: A load-balanced switch with an arbitrary number of linecards. In: Proceedings of the IEEE Infocom 2004. Hong Kong (2004)Google Scholar
  26. 26.
    Qiu, L., Varghese, G., Suri, S.: Fast firewall implementations for software-based and hardware-based routers. In: Proceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. Cambridge, United States (2001)Google Scholar
  27. 27.
    Choi, B., Moon, S., Zhang, Z., Papagiannaki, K., Diot, C.: Analysis of point-to-point packet delay in an operational network. In: Proceedings of IEEE INFOCOM. Hong Kong (2004)Google Scholar

Copyright information

© Springer-Verlag 2005

Authors and Affiliations

  1. 1.Mobile & Internet Systems Laboratory (MISL)University College CorkIreland
  2. 2.Distributed Computer Systems Lab (DISCO)University of KaiserslauternGermany

Personalised recommendations