(MAPLD Conference)
D2: Patrick W. Dowd, John T. McHenry, Todd M. Carrozzi,
William B. Cocks, Frank A. Pellegrino
U.S. Department of Defense, University of Maryland
"Low-Cost Line Speed IP Packet Filtering in ATM Networks"
This presentation describes an IP-firewall capable of scaling to high data rates that enables a high degree of traffic selectability at a low cost. This firewall avoids the usual performance penalties associated with software implementations, and this approach is applicable to high-speed broadband networks. Its application to Asynchronous Transfer Mode (ATM) networks and IP over ATM networks is discussed in particular. The keys to this approach lie in an FPGA-based inline processor that is used in a hierarchical processing structure to enforce the security policy, and in its ability to register both approved and disapproved flows. The approach described in this paper allows approved connections to proceed at line speed with no performance degradation.
Home
Last Revised: July 03, 2002
Digital Engineering Institute
Web Grunt: Richard Katz
