High-speed Packet Classification Co-processor And Network Platforms

The backbone of the Internet is comprised of a mesh of routers (switches) interconnected by high-speed physical links. The Internet connects millions of local networks with different sizes to each others. Each local network accesses the Internet through firewalls or routers located at the edge of the Internet. Therefore, the performance of routers and firewalls determines the capacity and flexibility of the Internet, and also becomes the bottleneck of the Internet.The Internet is a packet-switching network, in which packets (units of information carriage) are routed between various nodes (middle-nodes and end-hosts). Communication among nodes on the Internet takes place using the Internet Protocol, commonly known as IP. IP packets travel over links from one middle-node to the next on their way towards their final destination. Routers and firewalls are both the middle-nodes for forwarding and/or processing packets. The packets flow into them from some interfaces and are processed there, then they'll determine to forward or deny those packets. Therefore, the processing speed and flexibility are the most important points to design routers and firewalls.Packet classification is one technique for processing packets in routers and firewalls. With the explosive growth of the Internet, the traffic over the Internet increases very rapid. It has been difficult for the packet processing capacity of routers to keep up with the increased traffic rates, which has caused increasing congestion and packet loss in intermediate nodes. Traditionally, the routers provide "fair and best-effort" services, treat all packets identically and serve them in a first-come-first-served manner, which will not satisfy the users any longer. As a result, some users are willing to pay more money in return for better service from the network. To maximize their revenue, the ISPs (Internet Service Provider) also wish to provide different levels of service at different prices to users with different requirements and perform traffic accounting & billing. These backgrounds drive the developments and applications of packet classification technique directly. However, with the popularity of multimedia and P2P applications and the overrun of malicious attacks/scanning and virus/worms over the Internet, firewalls are demanded to process and trace many connections per second with very high speed. All these backgrounds and applications require the routers and firewalls to classify the packets flowed into them. According to the source address, destination address, source port, destination port and so on, packets are matched with the pre-defined rule set and classified. After packet classification, routers and firewalls perform special processing over them.The implementations of packet classification in routers and firewalls can be classified into several types: the algorithm implementations for packet classification on general processors, the pure hardware implementation with CAM (Content Addressable Memory, a memory chip with special structure), the ASIC packet classification engine, the Network Processor packet classification engine, and the FPGA packet classification engine. These above implementations differ mainly in development difficulties, costs, packet classification performance, and expansibility. The detailed analysis and compare will be introduced in Chapter 1 and Chapter 2 in the thesis.The thesis presents and overviews the development status and application foreground of packet classification, compares previous works on packet classification, which is the first part of the thesis. Based on our practical situation (cost, power and performance of packet classification), a high-speed packet classification co-processor based on FPGA is designed and implemented in the second part of the thesis. The FPGA co-processor integrates a packet classification engine and management/scheduling interface implemented in hardware logic, provides very-well packet classification performance and flexibility at the same time. The third part of the thesis designs and implements an embedded network processing platform, based on the above packet classification FPGA co-processor. First, the platform works as a research platform for packet classification technique, can be used to debug and test the co-processor. Second, the platform has been established as an integrated packet-processing system itself, can be used to develop practical network applications. The fourth part of the thesis provides the test and conclusion of the packet classification FPGA co-processor and network processing platform.The following outlines the contents of each chapter in the thesis.Chapter 1 is the preface, introduces the backgrounds, usage and goals of packet classification, describes the research contents, methods and benefits in the thesis.Chapter 2 is the packet classification techniques, proposes the challenges that the packet classification faces, overviews the previous works on packet classification and compare them.Chapter 3 is packet classification co-processor based on FPGA, describes the architecture of the presented packet classification FPGA co-processor in details. The co-processor is comprised of packet classification engine and control logic. The hardware design of the co-processor and its control and management are discussed there.Chapter 4 is the embedded packet classification platform, introduces the structure, hardware and software design of the platform. The packet classification platform is mainly comprised of an embedded processor and packet classification FPGA co-processor. The embedded processor runs GNU/Linux operating system, manages and schedules the entire platform, provides a friendly user interface. This design benefits: (1) the platform can be used to debug and test the co-processor, (2) the platform can be regarded as an integrated packet-processing system itself to develop practical network applications.Chapter 5 is the test and measurement of the packet classification co-processor and network processing platform, tests the performance of FPGA co-processor and platform respectively. By the test results, their features, usage conditions and improvements are proposed.Chapter 6 is the conclusion, summarizes the works and innovation presented in the thesis. The improvements and future directions for packet classification FPGA co-processor and network processing platform are discussed there.