Implementation of the Hardware Packet Classification System

Sułkowski, G.; Twardy, M.; Wiatr, K.

Artykuł - szczegóły

Tytuł artykułu

Implementation of the Hardware Packet Classification System

Autorzy

Sułkowski G. , Twardy M. , Wiatr K.

Wybrane pełne teksty z tego czasopisma

https://eczasopisma.p.lodz.pl/JACS/issue/archive

Identyfikatory

Warianty tytułu

Języki publikacji

Abstrakty

This article presents the results of research related to the construction of a complete packet classifier, constituting the main element of a hardware-based firewall security system. The developed solution is based on two filter blocks operating in parallel: address filters and network ports filters. The proposed method of filtering network addresses using dedicated TCAM memory is characterized by fast operational speeds and a much more effective usage of FPGA chip resources as compared to commercial versions offered by Xilinx. Similarly, in order to verify network ports, especially taking into account rules that define port ranges, the authors proposes a novel concept based on cascades of elementary RAM16X1D memory available in Xilinx’s Virtex FPGA family circuits. The resulting data processing speed in excess of 160 million of packets per second, coupled with positive results of preliminary tests, make it possible to use the classification system in modern wide bandwidth telecommunications networks.

Słowa kluczowe

IT Security Systems programmable logic hardware description language Ethernet firewall

firewall Ethernet systemy bezpieczeństwa informatycznego układy programowalne

Wydawca

Wydawnictwo Politechniki Łódzkiej

Czasopismo

Journal of Applied Computer Science

Rocznik

2009

Tom

Vol. 17, nr 2

Strony

97--111

Opis fizyczny

Bibliogr. 4 poz.

Twórcy

autor

Sułkowski G.

autor

Twardy M.

autor

Wiatr K.

Academic Computer Centre CYFRONET AGH Nawojki 11, 30-950 Kraków, Poland, g.sulkowski@cyfronet.pl

Bibliografia

[1] Gupta, P., and McKeown, N., Algorithms for packet classification, IEEE Network, Vol. 15, No. 2, Mar./Apr. 2001, pp. 24-32.
[2] Sułkowski, G., Twardy, M., and Wiatr, K., Wielościeżkowe równoległe przetwarzanie danych w sprzętowym systemie bezpieczeństwa klasy Firewall, Proceedings of KNWS '08 published in quarterly Pomiary, Automatyka i Kontrola No. 6, Warsaw, 2007, pp. 726-728.
[3] Spitznagel, E., Taylor, D., and Turner, J., Packet Classification Using Extended TCAM, Proceedings of the 11th IEEE International Conference on Network Protocols, November 04-07, 2003, p. 120.
[4] Qin, H., Sasao, T., and Butler, J., Implementation of LPM Address Generators on FPGAs, Architectures and Applications, Second International Workshop, ARC 2006.

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-article-LOD9-0010-0020