• A modular system for FPGA-base...

Result: A modular system for FPGA-based TCP flow processing in high-speed networks

Title:
A modular system for FPGA-based TCP flow processing in high-speed networks
Authors:
SCHUEHLER, David V, LOCKWOOD, John W
Source:
FPL 2004 : field-programmable logic and applications (Antwerp, 30 August - 1 September 2004)Lecture notes in computer science. :301-310
Publisher Information:
Berlin: Springer, 2004.
Publication Year:
2004
Physical Description:
print, 15 ref
Original Material:
INIST-CNRS
Subject Terms:
Computer science, Informatique, Mathematics, Mathématiques, Sciences exactes et technologie, Exact sciences and technology, Sciences appliquees, Applied sciences, Informatique; automatique theorique; systemes, Computer science; control theory; systems, Logiciel, Software, Traitement des langages et microprogrammation, Language processing and microprogramming, Electronique, Electronics, Electronique des semiconducteurs. Microélectronique. Optoélectronique. Dispositifs à l'état solide, Semiconductor electronics. Microelectronics. Optoelectronics. Solid state devices, Circuits intégrés, Integrated circuits, Circuits intégrés par fonction (dont mémoires et processeurs), Integrated circuits by function (including memories and processors), Architecture reconfigurable, Reconfigurable architectures, Circuit décodeur, Decoding circuit, Circuito desciframiento, Conception circuit, Circuit design, Diseño circuito, Déni service, Denial of service, Denegación de servicio, Evaluation performance, Performance evaluation, Evaluación prestación, Flot donnée, Data flow, Flujo datos, Flot réseau, Network flow, Flujo red, Grande vitesse, High speed, Gran velocidad, Haute performance, High performance, Alto rendimiento, Internet, Pistage, Tracking, Rastreo, Processus service, Service process, Proceso servicio, Protocole TCP, Transmission control protocol, Protocolo TCP, Protocole transmission, Transmission protocol, Protocolo transmisión, Retard, Delay, Retraso, Réseau fédérateur, Backbone, Eje troncal, Réseau porte programmable, Field programmable gate array, Red puerta programable, Système modulaire, Modular system, Sistema modular, Sécurité, Safety, Seguridad, Traitement donnée, Data processing, Tratamiento datos, Traitement flux donnée, Data flow processing, Attaque, Attacking, Ataque, Transmission en continu, Streaming, Transmisión continua
Document Type:
Conference Conference Paper
File Description:
text
Language:
English
Author Affiliations:
Applied Research Laboratory, Washington University, One Brookings Drive, Campus Box 1045, St. Louis, MO 63130-4899, United States
ISSN:
0302-9743
Access URL:
http://pascal-francis.inist.fr/vibad/index.php?action=search&terms=16107521
Rights:
Copyright 2004 INIST-CNRS
CC BY 4.0
Sauf mention contraire ci-dessus, le contenu de cette notice bibliographique peut être utilisé dans le cadre d’une licence CC BY 4.0 Inist-CNRS / Unless otherwise stated above, the content of this bibliographic record may be used under a CC BY 4.0 licence by Inist-CNRS / A menos que se haya señalado antes, el contenido de este registro bibliográfico puede ser utilizado al amparo de una licencia CC BY 4.0 Inist-CNRS
Notes:
Computer science; theoretical automation; systems

Electronics
Accession Number:
edscal.16107521
Database:
PASCAL Archive

Further Information

Field Programmable Gate Arrays (FPGAs) can be used in Intrusion Prevention Systems (IPS) to inspect application data contained within network flows. An IPS operating on high-speed network traffic can be used to stop the propagation of Internet worms and to protect networks from Denial of Services (DoS) attacks. When used in the backbone of a core network, the device will be exposed to millions of active flows simultaneously. In order to protect the data in each connection, network devices will need to track the state of every flow. This must be done at multi-gigabit line rates without introducing significant delays. This paper describes a high performance TCP processing system called TCP-Processor which supports flow processing in high-speed networks utilizing multiple devices. This circuit provides stateful flow tracking, TCP stream reassembly, context storage, and flow manipulation services for applications which process TCP data streams. A simple client interface eases the complexities associated with processing TCP data streams. In addition, a set of encoding and decoding circuits has been developed which efficiently transports this interface between multiple FPGA devices. The circuit has been implemented in FPGA hardware and tested using live Internet traffic.