Method for improving hardware acceleration performance of fire wall chip

A hardware acceleration and firewall technology, applied in the network field, can solve the problems of firewall performance degradation, hardware failure, paralysis, etc., and achieve the effects of improving efficiency, reducing the probability of conflict, and shortening the length.

Active Publication Date: 2008-10-29
BEIJING TOPSEC NETWORK SECURITY TECH
View PDF0 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this way, the firewall chip can directly forward very few data packets, which cannot achieve the purpose of hardware acceleration, and most of the data packets must be sent to the CPU for processing, causing the performance of the firewall to decline sharply or even paralyzed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for improving hardware acceleration performance of fire wall chip
  • Method for improving hardware acceleration performance of fire wall chip
  • Method for improving hardware acceleration performance of fire wall chip

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The method of the present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0026] Firstly, the present invention configures an external memory outside the firewall chip, separates an area for the connection index table and the connection table in the memory, and stores the base addresses of the connection index table and the connection table in the firewall chip and the CPU. A connection index table and a mirror image of the connection table are established in the CPU memory, and the mirror image is kept in sync with the connection index table and the connection table in the external memory of the firewall chip.

[0027] The structure of the connection index table entry and the connection table entry is as follows figure 1 shown. Wherein, each connection index entry stores the offset address of the head of the connection table entry chain. The address of the index entry corresponds to the result of the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for improving the acceleration performance of hardware of a firewall chip. The method of the invention is that: the exterior of the firewall chip is provided with an external memory, in which an area is respectively arranged for a connecting index table and a connecting table, and the base addresses of the connecting index table and the connecting table are stored into the firewall chip and a CPU. Mirror images of the connecting index table and the connecting table are established in a CPU memory. The mirror images and the connecting index table and the connecting table in the external memory of firewall chip are kept synchronizing. Then, the firewall chip and the CPU work collaboratively so as to realize the access and establishment of the connecting index table and the connecting table. The method of the invention thoroughly solves the problem that connecting list item of present speeding-up firewall of hardware is too small and concurrent connections are unable to meet requirement for the performance of the firewall. In addition, the enlarged connecting index table and the connecting table reduce the probability of conflict of HASH algorithm and enhance the efficiency of processing data packet of the firewall chip.

Description

technical field [0001] The invention belongs to the field of network technology, relates to network security and networking technology, in particular to a method for enabling a firewall chip to efficiently forward data packets and simultaneously improving the search hit rate of connection table items under the condition of large network traffic. Background technique [0002] With the continuous development of network technology, people have higher and higher requirements for network response speed, data packet throughput and network security, and a security firewall with small delay and large traffic is required. This requires a chip to achieve hardware acceleration and improve the performance of the firewall. At present, most data packets on the Ethernet network (Ethernet) are transmission control protocol packets (TCP packets) and user datagram protocol packets (UDP packets). These data packets are grouped according to connections, and the same group of TCP packets or UDP...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/56H04L9/00H04L29/02H04L12/24H04L12/743
Inventor 王万亭曾涛
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap