摘要
网络应用的发展造成接入网流量复杂多样,对接入网数据流量的精细化管控成为业务运营方和管理者的紧迫需求,网络流量的识别与监控对保障网络安全具有越来越重要的作用。在对以太网无源光网络流量识别系统需求分析的基础上,给出一种基于现场可编程门阵列(FPGA)的流量识别系统串接前端的硬件架构,并详细介绍了其中关键匹配引擎模块的设计方案。经过测试,原型系统能够在不引入较大时延的情况下,对10Gbit/s EPON线路数据帧前64字节固定字段进行线速流量识别,完成对以太网数据的匹配与串接管控操作,为后端分析系统进一步解析数据流量提供有效的支撑。
The development of network applications makes the access network traffic complex and diverse.Fine control of access network data traffic has become an urgent need for service operators and managers.Based on the requirement analysis in Ethernet Passive Optical Network(EPON)traffic identification system,a hardware architecture based on Field Programmable Gate Array(FPGA)is presented.The key design scheme of matching engine module is introduced in detail.The test results show that the prototype system can identify the first 64 bytes fixed fields of 10 Gbit/s EPON line data frame in line speed without introducing significant latency.It also completes the matching of Ethernet network data and control,and provides effective support for the back-end analysis system for further data parsing.
作者
张传浩
陈立强
ZHANG Chuan-hao;CHEN Li-qiang(Image and Network Investigation Department,Railway Police College,Zhengzhou 450053,China;Guangxin Technology Co.,Ltd.,Hangzhou 310000,China)
出处
《光通信研究》
北大核心
2019年第1期27-32,共6页
Study on Optical Communications
基金
公安部技术研究计划资助项目(2017JSYJC08
2016JSYJB38)
河南省科技厅基金资助项目(172102210441
182102210490)
