| 一种基于硬件的大规模哈希流表设计与实现 |
| |
| 引用本文: | 王鑫,陈曙晖,苏金树.一种基于硬件的大规模哈希流表设计与实现[J].计算机工程与科学,2016,38(10):1955-1960. |
| |
| 作者姓名: | 王鑫 陈曙晖 苏金树 |
| |
| 作者单位: | ;1.国防科学技术大学计算机学院 |
| |
| 基金项目: | 国家自然科学基金(61379148) |
| |
| 摘 要: | 基于流的报文处理是防火墙、入侵检测等网络安全应用的重要组成功能,其中流表是流处理技术的关键数据结构,流表的规模及访问性能直接影响到流处理的能力和速度。着眼于高速网络下大规模流表的硬件实现,设计了一种基于硬件的千万级哈希流表查找架构,并在FPGA平台上进行了实现和测试。该方案在保证访存效率的同时很好地解决了冲突的难题,利用有限的存储资源,满足了高达4 900万项的流表查找需求,测试能够实现92Mdesc/s的表查找速度,支持约220Gbps高速以太网的处理能力。
|
| 关 键 词: | 网络安全 流处理 流表 Hash FPGA |
| 收稿时间: | 2015-06-30 |
| 修稿时间: | 2016-10-25 |
Design and implementation of a hardware
based large scale Hash flow table |
| |
| WANG Xin,CHEN Shu hui,SU Jin shu.Design and implementation of a hardware
based large scale Hash flow table[J].Computer Engineering & Science,2016,38(10):1955-1960. |
| |
| Authors: | WANG Xin CHEN Shu hui SU Jin shu |
| |
| Affiliation: | (College of Computer,National University of Defense Technology,Changsha 410073,China) |
| |
| Abstract: | Flow based packets processing is a main function of many network security applications like firewalls and NIDS. And flow tables are the key data structure for flow processing, so their scale and access performance directly affect the flow processing capability and speed. In this article, we focus on the hardware implementation of large scale flow tables in high speed networks. We present a hardware based hash flow table lookup scheme accommodating for ten millions of flows, which has been implemented and tested on an FPGA platform. The proposed scheme is good at avoiding hash collisions while maintaining memory access efficiency. It can support up to 49 million flows lookup operations with limited storage resources. In the prototyped test, a lookup speed of 92Mdesc/s is achieved, which sustains the Ethernet processing capability of approximately 220 Gbps. |
| |
| Keywords: | network security flow processing flow table Hash FPGA |
|
| 点击此处可从《计算机工程与科学》浏览原始摘要信息 |
|
点击此处可从《计算机工程与科学》下载全文 |
|
