Abstract
Network packet classification is an important function for firewalls and filters. Packet classification based on transport-layer headers is widely used, and is specified by providing the filter with a list of rules. The cost of lookup may become a bottleneck in network performance. We present a novel technique for packet classification using FPGAs that exploits the reprogrammable nature of FPGAs. The rules are converted into a boolean expression which is directly implemented as a circuit on an FPGA. This approach is cheaper and simpler than previous hardware implementations, and we have had good experimental results.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
S. Ballew. Managing IP Networks with Cisco routers. O’Reilly, 1997.
R.E. Bryant. Symbolic Boolean Manipulation with Ordered Binary-Decision Diagrams. A CM Computing Surveys, 24(3):293–318, September 1992.
P. Gupta and N. McKeown. Packet classification on multiple fields. In Computer Communication Review. ACM SIGCOMM, October 1999.
T. Harbaum, D. Meier, M. Zitterbart, and D. Brökelmann. Flexible hardware support for gigabit routing. In Proc. Kommunikation in Verteilten Systemen (KiVS’99), Darmstadt, Germany, March 1999.
S. Hazelhurst, A. Attar, and R. Sinnappan. Algorithms for improving the dependability of firewall and filter rule lists. In Workshop on the Dependability of IP Applications Platforms and Networks, pages 576–585, New York, June 2000. In Proc. IEEE Int. Conf. Dependable Systems and Networks.
T. Lakshman and D. Stiliadis. High speed policy-based packet forwarding using efficient multi-dimensional range matching. In ACM SIGCOMM’ 98, pages 203–214, Vancouver, August 1998. ACM.
J. McHenry, P. Dowd, T. Carrozzi, F. Pellegrino, and W. Cocks. An FPGA-based coprocessor for ATM firewalls. In Proceedings of the IEEE Symposium on FPGAs for Custom Computing Machines, pages 30–39, April 1997.
David Newman. Firewall on a chip: Fore’s FSA boosts throughput to multigigabit rates. Data Communications, 28(1):44–45, January 1999.
R. Sinnappan. A Reconfigurable Approach to TCP/IP Packet Filtering. MSc Research Report, School of Computer Science, University of the Witwatersrand, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sinnappan, R., Hazelhurst, S. (2001). A Reconfigurable Approach to Packet Filtering. In: Brebner, G., Woods, R. (eds) Field-Programmable Logic and Applications. FPL 2001. Lecture Notes in Computer Science, vol 2147. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44687-7_70
Download citation
DOI: https://doi.org/10.1007/3-540-44687-7_70
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42499-4
Online ISBN: 978-3-540-44687-3
eBook Packages: Springer Book Archive