Sciweavers

FPL
2003
Springer

An Extensible, System-On-Programmable-Chip, Content-Aware Internet Firewall

14 years 5 months ago
An Extensible, System-On-Programmable-Chip, Content-Aware Internet Firewall
An extensible firewall has been implemented that performs packet filtering, content scanning, and per-flow queuing of Internet packets at Gigabit/second rates. The firewall uses layered protocol wrappers to parse the content of Internet data. Packet payloads are scanned for keywords using parallel regular expression matching circuits. Packet headers are compared to rules specified in Ternary Content Addressable Memories (TCAMs). Per-flow queuing is performed to mitigate the effect of Denial of Service attacks. All packet processing operations were implemented with reconfigurable hardware and fit within a single Xilinx Virtex XCV2000E Field Programmable Gate Array (FPGA). The singlechip firewall has been used to filter Internet SPAM and to guard against several types of network intrusion. Additional features were implemented in extensible hardware modules deployed using run-time reconfiguration.
John W. Lockwood, Christopher E. Neely, Christophe
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Where FPL
Authors John W. Lockwood, Christopher E. Neely, Christopher K. Zuver, James Moscola, Sarang Dharmapurikar, David Lim
Comments (0)