With Network Systems Design, Doug Comer has written the book I wish I had written. He gives a step-by-step account of how to build the bridges, switches, routers, firewalls, NAT-boxes, and proxies that serve as the building blocks of today's Internet, and he has done it with the clarity for which his books are famous. This book is required reading for anyone who wants to understand what goes on inside the plethora of magic boxes that make the Internet work.

     The first part of the book outlines the packet processing functionality common to all network systems. From packet classification to buffer management to queuing disciplines to scheduling algorithms, the book walks the reader through everything that happens to a packet from the moment it arrives on an incoming link until the moment it is transmitted on an outgoing link. A major strength of the book is that it describes the mechanisms and techniques in an application-neutral way, that is, independent of whether one is building a firewall, an intrusion detection system, or a router (or better yet, all three at the same time).

     The second and third parts of the book focus on an emerging hardware technology -- network processors -- that is being used to construct network systems. These devices are unique in two respects. First, they are designed to process packets (or more precisely, fixed-sized chunks of packets) in parallel, thereby allowing them to keep pace with ever-increasing link speeds. Second, they are software programmable, thereby allowing the system designer to customize their behavior for the task at hand; i.e., program them to be a bridge, a firewall, or a proxy. In fact, many of the network processors on the market today provide primitives that directly support the classification, buffering, queuing, and scheduling functions common to all network systems. The book surveys the capabilities of network processors from several vendors (e.g., Agere, IBM), but to make the discussion concrete, focuses on a specific chip -- Intel's IXP1200.

     The Internet is enormously large and complex, and it is understandable that we often focus on global functions such as routing, security, and congestion control. We must remember, however, that each of the global functions has a localized implementation -- the Internet is composed of thousands of individual systems that each operate independently. This book describes all aspects of the design and implementation of the individual systems -- it explains the general-purpose and special-purpose hardware, protocol software, and design tradeoffs.

Larry Peterson

January, 2003

If you have any questions or concerns about the site, please contact <>