Title :
Building Optimized Packet Filters with COFFi
Author :
Hager, Sven ; Winkler, Frank ; Scheuermann, Björn ; Reinhardt, Klaus
Author_Institution :
Comput. Eng. Group, Humboldt Univ. of Berlin, Berlin, Germany
Abstract :
Many companies and institutions employ packet filter firewalls in order to effectively regulate network traffic. Unfortunately, the constant growth of network bandwidth makes the task of matching packet headers against potentially large rulesets more difficult, and prohibits the sole use of entirely software-based firewalls which cannot cope with such huge amounts of traffic. Instead, high-speed firewalls are often implemented in ASICs which offer a high degree of parallelism, many opportunities for operation pipelining, and low-latency access to network data. However, due to their static nature, ASICs must provide generic filtering circuitry that is hardly able to take full advantage of firewall ruleset properties, thus leading to a waste of hardware resources.
Keywords :
IP networks; application specific integrated circuits; firewalls; pipeline processing; telecommunication traffic; ASIC; COFFi; firewall ruleset properties; generic filtering circuitry; hardware resources; high-speed firewalls; low-latency access; network bandwidth; network data; network traffic; operation pipelining; optimized packet filters; packet filter firewalls; packet headers; software-based firewalls; Buildings; Clocks; Computers; Field programmable gate arrays; Hardware; Pipeline processing; Pipelines; Circuit Generation; FPGA; Firewall;
Conference_Titel :
Field-Programmable Custom Computing Machines (FCCM), 2014 IEEE 22nd Annual International Symposium on
Conference_Location :
Boston, MA
Print_ISBN :
978-1-4799-5110-9
DOI :
10.1109/FCCM.2014.38
