DocumentCode
271047
Title
Building Optimized Packet Filters with COFFi
Author
Hager, Sven ; Winkler, Frank ; Scheuermann, Björn ; Reinhardt, Klaus
Author_Institution
Comput. Eng. Group, Humboldt Univ. of Berlin, Berlin, Germany
fYear
2014
fDate
11-13 May 2014
Firstpage
105
Lastpage
105
Abstract
Many companies and institutions employ packet filter firewalls in order to effectively regulate network traffic. Unfortunately, the constant growth of network bandwidth makes the task of matching packet headers against potentially large rulesets more difficult, and prohibits the sole use of entirely software-based firewalls which cannot cope with such huge amounts of traffic. Instead, high-speed firewalls are often implemented in ASICs which offer a high degree of parallelism, many opportunities for operation pipelining, and low-latency access to network data. However, due to their static nature, ASICs must provide generic filtering circuitry that is hardly able to take full advantage of firewall ruleset properties, thus leading to a waste of hardware resources.
Keywords
IP networks; application specific integrated circuits; firewalls; pipeline processing; telecommunication traffic; ASIC; COFFi; firewall ruleset properties; generic filtering circuitry; hardware resources; high-speed firewalls; low-latency access; network bandwidth; network data; network traffic; operation pipelining; optimized packet filters; packet filter firewalls; packet headers; software-based firewalls; Buildings; Clocks; Computers; Field programmable gate arrays; Hardware; Pipeline processing; Pipelines; Circuit Generation; FPGA; Firewall;
fLanguage
English
Publisher
ieee
Conference_Titel
Field-Programmable Custom Computing Machines (FCCM), 2014 IEEE 22nd Annual International Symposium on
Conference_Location
Boston, MA
Print_ISBN
978-1-4799-5110-9
Type
conf
DOI
10.1109/FCCM.2014.38
Filename
6861600
Link To Document