Design and implementation of access control list parallel lookup based on FPGA
In a network environment with high security requirements,many types of network devices need to deploy rule-based access control functions.By matching five-tuple with rules,the access control lists realize the screening,filtering,processing and control of network messages.How to utilize limited resources to achieve higher lookup performance and more number of rules for access control lists is one of the key technologies for related devices.By analyzing the general workflow of access control lists in network communication devices,an improved design method for parallel lookup of access control lists based on FPGA implementation is proposed,and the implementation scheme of specific modules is elaborated.The implementation results show that the scheme can make full use of the storage and logic resources of FPGA,realize a larger scale of the number of range matching rule table entries,and support the table lookup demand of 10 Gbps rate class network communication.
access control listFPGAparallel lookupfive-tuplerange match
NETL
NSTL
万方数据
