Abstract
The packet classification is a core function of firewall, which is widely used in various applications of network infrastructure for security purpose. Nowadays, speed of data transfer is in Gbps. So, processing the packet at the same speed is very challenging task to achieve high throughput. In this paper, a field-programmable gate array (FPGA)-based reconfigurable firewall, namely DRGO firewall, is proposed that accepts only unique rule and processes packet in parallel. DRGO firewall resolves rule ambiguity in the rule set to perform deterministic action for an incoming packet and minimizes cardinality of ruleset to achieve better space efficiency and higher throughput. Such type of firewall is applicable in any network to classify unknown incoming packets. The storage cost per rule of DRGO firewall is 14 bytes. The proposed approach is implemented on Virtex-6 FPGA, and it achieves throughput of 142 Gbps at the clock rate of 442.6 MHz for minimum packet size of 40 bytes.
This is a preview of subscription content, log in via an institution to check access.
References
Prajapati GS, Khare N (2012) A framework of an internet firewall for IPv6 using FPGA. Int J Comput Appl 50(21):22–24
Wicaksana A, Sasongko A (2011) Fast and reconfigurable packet classification engine in FPGA-based firewall. In: IEEE international conference on electrical engineering and informatics
Jedhe G, Ramamoorthy A, Varghese K (2008) A scalable high throughput firewall in FPGA. In: IEEE international symposium on field-programmable custom computing machines
Jiang W, Prasanna VK (2009) A FPGA-based parallel architecture for scalable high-speed packet classification. In: IEEE international conference on application-specific systems, architectures and processors
Song H, Lockwood JW (2005) Efficient packet classification for network intrusion detection using FPGA. In: Proceedings of ACM/SINDA 13th international symposium on FPGA, pp 238–245
Taylor DE, Turner JS (2005) Scalable packet classification using distributed cross producting of field labels. In: Proceedings of 24th annual joint IEEE INFOCOM, Vol. 1, pp 269–280
Ganegedara T, Jiang W, Prasanna VK (2014) A sacalable and modular architecture for high- performance packet classification. IEEE Trans Parallel Distrib Syst 25(5):1135–1144
Pao D, Lu Z (2014) A multi-pipeline architecture for high-speed packet classification. Comput Commun 54:84–96
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Prajapati, G.S., Khare, N. A Novel Parallel Approach for Disjoint Rule Generation and Optimization (DRGO) in Reconfigurable Firewall Using FPGA. Natl. Acad. Sci. Lett. 43, 321–325 (2020). https://doi.org/10.1007/s40009-019-00862-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s40009-019-00862-6