Design Of Dynamic Packet Filtering Firewall System Based On FPGA

As the twenty-first century, the Internet enters into millions of families, and it is closely related to people's lives. The network security issues more and more attention has been paid. When an unprotected computer is connected to the Internet, it will face a huge risk. The technology of firewall has undergone development for many years and it has formed a variety of types of firewalls including:network-level firewall, application level gateway firewall, circuit-level gateway firewall, detection of rules firewall. But the technology of packet filtering greatly affects the performance of the firewall. And the technology of Field Programmable Gate Array (FPGA) is used to realize the circuit of packet filtering. This way can avoid the influence of the operating system security vulnerabilities. So the dynamic packet filtering technology based on FPGA has high research value.The technology is called System On Programmable Chip (SOPC) based on FPGA to realize packet filtering firewall. It is using no internal microprocessor interlocked pipeline stages (MIPS) for firewall hardware module based on Wishbone bus attached to Wishbone bus cross matrix on the Internet. On the Wishbone bus cross interconnection matrix also has attached Synchronous Dynamic Random Access Memory (SDRAM) controller, Universal Asynchronous Receiver/Transmitter (UART) module, General Purpose Input Output (GPIO) module, Flash controller, Ethernet controller. The client on computer sends Internet Protocol Version 6 (IPv6) network packets to the system. The firewall system starts to analyze the IPv6 data packet and to resolve firewall packet filtering operation, then result is printed out through the serial port debugging assistant. In verification, it is using SignalTap ? Logic Analyzer to crawl a corresponding signal to complete functional verification. And the network traffic analysis tool is called to monitor the real-time packets on network. The packet is printed out by the serial contrasts the sending IPv6 packets to verify dynamic packet filter firewall system. The innovations in this paper has:(1) It is using MIPS processors to dynamically update filtering rules; (2) It is using Content Addressable Memory (CAM) to realize quickly find matching IPv6 packets and it can significantly increase the rate of packet filtering; (3) It is supporting to filter a range of IPv6 address and to realize a rough match and exact match modes of IP address. The project can significantly improve the speed of data processing in the firewall system.The technology of dynamic packet filtering firewall based on FPGA can not only fast and accurately filter IPv6 packets, but also can achieve to filter the packet of a certain range of IP addresses. In the actual testing process, the system clock frequency can be up to 150MHz, the network throughput of the firewall filtering module can reach 16.8kbps.And the technology can also be applied to other areas that need to quickly and accurately locate data fields. So the technology has broad application prospects.