A network gateway handles all network traffic that comes in and goes out of a network it protects. As the attacks get more sophisticated, there are more and more security and network services running on the network gateway to support the additional security functions. However, these additional services consume memory and central processing unit (CPU) resources of the gateway and limit the network throughput that the network gateway can support. Besides, if a network service must run on a particular operating system, e.g. Microsoft Server 2008, but the underlying operating system of the network gateway is different, then the gateway cannot support this network service. This limitation hinders what services the network gateway can support.
FIG. 1 is a block diagram illustrating a conventional network processing scheme in a gateway device. Referring to FIG. 1, packets go through several network service processing stages in the network gateway, before being forwarded to next hop hosts. Typically, the packets get a sanity check (e.g., checksum, data corruption, etc.) at block 101 and then at block 102, they are processed by a packet classifier to identify the associated connection. The packets then go through multiple network services 103-105 of the identified connection, before they are forwarded out of the network gateway at block 106.
Some of the network services may need to parse the packet payload or search for patterns through the entire payload. These processes take time and memory to operate and consume valuable CPU resources otherwise could be used to process other packets. When there is a large amount of traffic and the packets go through computation-intensive services, the network gateway may slow down and cannot keep up with the traffic.