Design And Implementation Of High Speed Firewall Based On DPDK

With the popularity of optical fiber broadband and the construction and development of 5G mobile networks,traditional firewalls have encountered performance bottlenecks in high-throughput network environments.This article mainly studies the performance improvement of general-purpose processor firewall based on x86 architecture,the limitation of hardware performance,the hardware interruption generated each time data is processed,the Cache Miss generated by the context,the switching copy between the kernel mode and the user mode,the system call used to send and receive packets,the global lock competition,and the lengthy data processing process have all produced consumption,It is difficult to meet the Internet's high data rate and low latency requirements.To solve the problems raised above,this paper studies the characteristics of the Data Plane Development Kit(DPDK)and uses Hugepage technology to reduce TLB Miss problems;Using UIO(Userspace I/O)technology and PMD(Poll Mode Driver)technology to replace kernel drive,effectively reduce the delay caused by system calls and interrupts;Using thread binding technology to solve the problem of performance loss caused by core thread switching;Finally,using the zero-copy technology to reduce context switching and effectively improves the system packet capture efficiency.In order to improve the overall efficiency of the firewall system,this paper analyzes the functional modules of the firewall.Combine with DPDK key technologies and requirements,design and implement the following key function modules: Fast packet forwarding function based on connection management module;The ARP function module based on the improved read-write lock and the route forwarding function module based on the longest prefix matching algorithm(LPM)are used to effectively improve the packet forwarding efficiency;Through the NAT function module based on symmetric RSS to achieve parallel NAT,speed up the processing efficiency of data packets.Finally complete the overall implementation and complete testing of high-performance firewall,Compared with the traditional firewall based on the interruption method,it proves that the performance of the firewall system has been greatly improved.