Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Irregular Reconfigurable CAM Structures for Firewall Applications

  • Conference paper
  • First Online:
Field Programmable Logic and Application (FPL 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2778))

Included in the following conference series:

Abstract

Hardware packet-filters for firewalls, based on content-addressable memory (CAM), allow packet matching processes to keep in pace with network throughputs. However, the size of an FPGA chip may limit the size of a firewall rule set that can be implemented in hardware. We develop two irregular CAM structures for packet-filtering that employ resource sharing methods, with various trade-offs between size and speed. Experiments show that the use of these two structures are capable of reduction, up to 90%, of hardware resources without losing performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Celoxica Limited. Handel-C v3.1 Language Reference Manual, http://www.celoxica.com/

  2. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–39. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Ditmar, J., Torkelsson, K., Jantsch, A.: A Dynamically Reconfigurable FPGAbased Content Addressable Memory for Internet Protocol Characterization. In: Grünbacher, H., Hartenstein, R.W. (eds.) FPL 2000. LNCS, vol. 1896, p. 19. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. James-Roxby, P.B., Downs, D.J.: An Efficient Content-addressable Memory Implementation Using Dynamic Routing. In: Proc. IEEE Symp. on Field- Programmable Custom Computing Machines. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  5. Lee, T.K., Yusuf, S., Luk, W., Sloman, M., Lupu, E., Dulay, N.: Compiling Policy Descriptions into Reconfigurable Firewall Processors. In: Proc. IEEE Symp. on Field-Programmable Custom Computing Machines. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  6. McHenry, J.T., Dowd, P.W.: An FPGA-Based Coprocessor for ATM Firewalls. In: Proc. IEEE Symp. on Field-Programmable Custom Computing Machines. IEEE Computer Society Press, Los Alamitos (1997)

    Google Scholar 

  7. Sinnappan, R., Hazelhurst, S.: A Reconfigurable Approach to Packet Filtering. In: Brebner, G., Woods, R. (eds.) FPL 2001. LNCS, vol. 2147, p. 638. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  8. Xilinx Inc., Designing Flexible. Fast CAMs with Virtex Family FPGAs (1999), http://www.xilinx.com/

Download references

Author information

Authors and Affiliations

  1. Department of Computing, Imperial College, 180 Queen’s Gate, SW7 2BZ, London, UK

    T. K. Lee, S. Yusuf, W. Luk, M. Sloman, E. Lupu & N. Dulay

Authors
  1. T. K. Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Yusuf
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. W. Luk
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. M. Sloman
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. E. Lupu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. N. Dulay
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electrical and Electronic Engineering, Imperial College London, Exhibition Road, SW7 2BT, London, UK

    Peter Y. K. Cheung

  2. Department of Electrical & Electronic Engineering, Imperial College London, Exhibition Road, SW7 2BT, London, UK

    George A. Constantinides

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lee, T.K., Yusuf, S., Luk, W., Sloman, M., Lupu, E., Dulay, N. (2003). Irregular Reconfigurable CAM Structures for Firewall Applications. In: Y. K. Cheung, P., Constantinides, G.A. (eds) Field Programmable Logic and Application. FPL 2003. Lecture Notes in Computer Science, vol 2778. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45234-8_86

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-45234-8_86

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40822-2

  • Online ISBN: 978-3-540-45234-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation