Options
Design and Implementation of a Hardware Accelerated IP Layer Packet Reassembly Module
Date Issued
2009
Date
2009
Author(s)
Cheng, Ming-Li
Abstract
In modern designs of network appliances, an IP offload engine is used essentially in a Network Intrusion Detection System (NIDS) or an Intrusion Prevention System (IPS). An IP packet reassembly module provides high-speed and efficient reassembly of IP fragments received at an intermediate station in a computer network. Traditionally, software reassembles the IP fragments received from the MAC layer to a TCP packet. In order to achieve multi-gigabit per second data rates, the IP packet reassembly hardware module is configured to replace the reassembly task of IP fragments. This thesis addresses the design of a hardware implementation of an IP reassembly module. The IP reassembly module utilizes a synchronous timer to do time work for each fragment group. The synchronous timer resolves the occupied issue in the memory resource. The IP reassembly module is equipped with a hash table having a plurality of entries for maintaining status information for each received fragment and for each original packet being reassembled from the fragments. The proposed hash table accelerates searching and achieves the balance between speed, memory size and cost in the system. We implemented the proposed hashing approach IP packet reassembly module in a Xilinx ML507 FPGA development platform and obtained an estimated throughput of 3.2 Gbps.
Subjects
NIDS
IPS
IP packet reassembly
hash
fragment
hardware
timer
Type
thesis
File(s)
No Thumbnail Available
Name
ntu-98-J96921003-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):290291cbfeb09109224df3fe0fd24c80