摘要
在这篇论文中,我们介绍了一个基于FPGA的网络报文处理硬件平台并且分析了一种基于硬件的防火墙报文检测系统结构。目前的基于软件的防火墙计算量非常大并且不能够满足现代网络带宽的需要。而基于硬件的技术是加速网络处理的一个理想的办法。文章着重介绍了基于FPGA的IP报文过滤处理模块设计,它是基于硬件防火墙的核心处理部分。过滤处理采用关键字匹配策略的重要特征是利用CAM作为处理单元。CAM可以在超过2Gbps的速度下进行线速的入侵检测报文查找。
In this paper, we introduce a FPGA based development hardware platform for network packets processing and analysis an architecture for a hardware based Firewall.Current software-based Firewall are too compute intensive and can not meet the bandwidth requirements of a modem network. Thus, hardware techniques are desired to speed up network processing. This paper introduces a FPGA based IP packet filter that can serve as the core of a hardware based Firewall. Packet filter processor's key feature is a cellular processor architecture that allows content addressable memory (CAM) to process variable sized keys. These CAMs allow us to perform intrusion detection signature lookups at line speed at rates Well past 2 Gbps.
出处
《微计算机信息》
北大核心
2006年第01Z期166-168,共3页
Control & Automation
基金
总装武器装备基金项目
