StrideBV: Single chip 400G+ packet classification

Thilan Ganegedara, Viktor K. Prasanna
2012 2012 IEEE 13th International Conference on High Performance Switching and Routing  
Hardware firewalls act as the first line of defense in protecting networks against attacks. Packets are organized into flows based on a set of packet header fields and a predefined rule is applied on the packets in each flow to filter malicious network traffic. This is realized using packet classification, which is implemented in secure networking environments where mere best-effort delivery of packets is not adequate. Existing packet classification solutions are highly dependent on the
more » ... es (or features) of the ruleset. We present a bit vector based lookup scheme and a parallel hardware architecture that does not rely on ruleset features. A detailed performance analysis of the proposed scheme is given under different configurations. Post place-androute results of our parallel pipelined architecture on a state-ofthe-art Field Programmable Gate Array (FPGA) device shows that for real-life firewall rulesets, the proposed solution achieves 400G+ throughput. To the best of our knowledge, this is the first packet classification engine that achieves 400G+ rate on a single FPGA. Further, on the average we achieve 2.5× power efficiency compared with the state-of-the-art solutions. • The first 400G+ packet classification engine solution for real-life rulesets on a single chip • Performance independent of ruleset features • Detailed performance analysis wrt throughput, power and resource usage under various configurations • 2.5× average power efficiency compared with state-ofthe-art packet classification engines
doi:10.1109/hpsr.2012.6260820 dblp:conf/hpsr/GanegedaraP12 fatcat:2eietwdbtrh3zf2eqcc7s6vl3m