| As the demand of the multi-media businesses increase, such as sound and video, network has gotten greatly development. School, enterprise, bank and government organization have own LAN. These LANs are connected through Internet, and transmit commercial informations and other important datas through it. Therefore, the security of the LAN is very important. The most effective method to protect network is to install firewall at network entrance.However, be different to router and switcher, firewall should carry out complex handling for the packets that pass it in order to protect internal network effectively, for example, stateful inspection needs to analyse the transmission layer of the packet. So the performance of the firewall is requested to be excellent. Especially in gigabit network, we desire the firewall to be fast enough to forward packets at wire-speed. This is a great challenge to firewall.To meet gigabit network's security requirement, people give several solutions, including implement based on general CPU, implement based on ASIC and implement based on network processor. These solutions have own advantages and disadvantages each. Firewall based on general CPU can be implemented very easily, but speed is a great bottleneck. And that based on ASIC can reach a high speed, but with poor flexibility and development cycle. Firewall based on network processor is a tradeoff of the other two ways.This article introduces what the author have done about implementing firewall based on network processor during graduate student period.It can be divided into two parts. The first part is the theoretics about network pcocessor and firewall, and the second part details the work I did, which focuses on the design and implement in... |
PDF Full Text Request