Advertisement

Irregular Reconfigurable CAM Structures for Firewall Applications

  • T. K. Lee
  • S. Yusuf
  • W. Luk
  • M. Sloman
  • E. Lupu
  • N. Dulay
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2778)

Abstract

Hardware packet-filters for firewalls, based on content-addressable memory (CAM), allow packet matching processes to keep in pace with network throughputs. However, the size of an FPGA chip may limit the size of a firewall rule set that can be implemented in hardware. We develop two irregular CAM structures for packet-filtering that employ resource sharing methods, with various trade-offs between size and speed. Experiments show that the use of these two structures are capable of reduction, up to 90%, of hardware resources without losing performance.

Keywords

Resource Usage Hardware Resource Hardware Usage Head Unit Filter Rule 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Celoxica Limited. Handel-C v3.1 Language Reference Manual, http://www.celoxica.com/
  2. 2.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–39. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Ditmar, J., Torkelsson, K., Jantsch, A.: A Dynamically Reconfigurable FPGAbased Content Addressable Memory for Internet Protocol Characterization. In: Grünbacher, H., Hartenstein, R.W. (eds.) FPL 2000. LNCS, vol. 1896, p. 19. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    James-Roxby, P.B., Downs, D.J.: An Efficient Content-addressable Memory Implementation Using Dynamic Routing. In: Proc. IEEE Symp. on Field- Programmable Custom Computing Machines. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  5. 5.
    Lee, T.K., Yusuf, S., Luk, W., Sloman, M., Lupu, E., Dulay, N.: Compiling Policy Descriptions into Reconfigurable Firewall Processors. In: Proc. IEEE Symp. on Field-Programmable Custom Computing Machines. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  6. 6.
    McHenry, J.T., Dowd, P.W.: An FPGA-Based Coprocessor for ATM Firewalls. In: Proc. IEEE Symp. on Field-Programmable Custom Computing Machines. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar
  7. 7.
    Sinnappan, R., Hazelhurst, S.: A Reconfigurable Approach to Packet Filtering. In: Brebner, G., Woods, R. (eds.) FPL 2001. LNCS, vol. 2147, p. 638. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Xilinx Inc., Designing Flexible. Fast CAMs with Virtex Family FPGAs (1999), http://www.xilinx.com/

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • T. K. Lee
    • 1
  • S. Yusuf
    • 1
  • W. Luk
    • 1
  • M. Sloman
    • 1
  • E. Lupu
    • 1
  • N. Dulay
    • 1
  1. 1.Department of ComputingImperial CollegeLondonUK

Personalised recommendations