FPGA based high-speed network strategy matching method

A matching method and high-speed network technology, applied in the field of network matching, can solve the problems of large hardware space occupation, complex logic operation, low efficiency, etc., and achieve the effect of low storage space occupation, simple and efficient logic processing, and improved matching efficiency.

Active Publication Date: 2014-05-21
北京赛博兴安科技有限公司
View PDF0 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Existing hardware method: The existing product strategy is matched with pure hardware implementation. Either the strategy function implemented by it is extremely simple and cannot support complex configuration conditions of multiple groups, or the hardware space is occupied for the pursuit of speed, and the cost is greatly increased. Moreover, in addition to addressing operations in the hardware, there are a large number of logical operations that cause too much complexity, and the efficiency is lower than that of the present invention

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • FPGA based high-speed network strategy matching method
  • FPGA based high-speed network strategy matching method
  • FPGA based high-speed network strategy matching method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] like image 3 , 4 As shown, an FPGA-based high-speed network strategy matching method of the present invention includes a strategy tree generation method and a strategy tree matching method;

[0035] The strategy tree generation method includes the following steps:

[0036] Step 1: Set a number of network policy matching conditions that need to be configured on the network policy related interface: quintuple and policy result (such as: clear communication, secret communication, discard, padding, etc.);

[0037] Step 2: After the interface configuration is completed, a custom binary mode policy data file is generated in the system background;

[0038] Step 3: read the policy data file into memory;

[0039] Step 4: read a policy record from the policy data file;

[0040] Step 5: According to the key information in the described policy record, insert the FPGA policy tree according to the protocol number, source IP, destination IP, source port, destination port and poli...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an FPGA (Field Programmable Gate Array) based high-speed network strategy matching method. The method realizes utilization of relatively small storage space, and simultaneously is suitable for fast strategy matching processing in hardware, and further enables the performance of strategy matching processing to be irrelevant with the data volume of strategies. The FPGA based high-speed network strategy matching method employs a quintuple, supports accurate matching of the quintuple and IP-port range matching , and is stronger in functions and more diversified in matching conditions and matching modes than the traditional pure hardware manner; the strategy tree of the FPGA based high-speed network strategy matching method is a specific tree structure with a node length fixed at 512 bytes and the height of the tree layer fixed at 13, and aims at FPGA strategy matching; the logic processing of direct address positioning is simple and efficient, so that consumption of lots of time on the logical operation is avoided and the matching efficiency is greatly improved.

Description

technical field [0001] The invention relates to a network matching method, in particular to a high-speed network strategy matching method based on FPGA. Background technique [0002] With the continuous development of the network, the expansion is getting wider and wider, and the speed is getting faster and faster. . The original firewall or encryption machine is under increasing pressure to deal with more and more IP network data packets, and the requirements for the processing efficiency of the firewall or encryption machine are getting higher and higher. Most of the current firewalls or encryption machines employ policies that match several ways, and data processing at the gigabit level is more or less deficient in performance or functionality. [0003] Software method: The business IP data is intercepted by the software side through the network card driver, and then policy matching and subsequent work are performed in the software, so that the processing function may m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 卓才华孟庆文
Owner 北京赛博兴安科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap