Project name, main content of the project and current progress
FPGA-based firewall system design. Based on the FPGA platform, design a system with firewall function, which has the functions of parsing and filtering incoming and outgoing network packets. It is currently in the overall design and demonstration stage.
a discussion of the key technologies and innovations of the project;
Key technologies include parallel computing, state detection, CAM, rule matching, and PowerPC embedded systems. The innovation of this project is to transplant the traditional software firewall system to the hardware platform, make full use of the advantages of FPGA, and combine hardware and software to improve processing speed and performance.
Technical maturity and reliability discussion:
There are three main types of hardware firewall development models in China. One is through a network processor (network chip), one is through a dedicated FPGA programming, and the third is a dedicated ASIC chip. FPGA is one of the most important steps in designing an ASIC chip compared to various network processors. The advantages of an on-chip firewall system based on FPGA chips. The frame structure is flexible and efficient. For the requirements of firewall products, developers define data channels, cache units, processing units, memory buses, bus arbitration units and their coupling architectures to achieve optimal performance. Data line speed processing. The well-designed frame structure makes the natural parallel processing advantages of FPGA chips to the extreme. The data is always in a flowing state in the chip, and multiple processing units perform data analysis, processing, and replacement operations in parallel at different nodes, and the data line speed processing is guaranteed in principle. The hardware can be upgraded. The final product retains the FPGA chip upgrade interface. As the network application environment and user needs change, after updating the chip design, the user is provided with hardware upgrade service to maximize the protection of user investment. Development advantages. All functions are integrated on-chip, and the rich features of FPGA I/O resources make the system hardware layout extremely simple. The network card chip, memory chip and clock can be directly connected to the FPGA chip, eliminating the complicated controller and bus of the traditional motherboard. The structure is such that the system cost is greatly reduced. In addition, embedding the PowerPC hard core in the FPGA further improves the performance of the system on chip.
Project implementation plan1. Basic functional block diagram and description of the program
Briefly describe the technical solutions for implementing this project by means of a block diagram and a brief description.
Figure 1 Scheme basic function flow diagram
Figure 2 system structure block diagram
The solution uses a two-layer hierarchical structure of FPGA hardware logic and embedded systems, as shown in Figure 1.
The main functions implemented by the FPGA hardware logic and peripheral hardware are: data packet transmission and reception, data classification of quintuple (protocol type, source/destination IP address, source/destination port number), and fixed field pattern matching and forwarding data encapsulation.
The main functions of the embedded system are: detection of viruses and malicious attacks, processing of viruses and malicious attacks, management of filtering rules, and forwarding of data.
The core part of the solution consists of three modules that implement intrusion detection. Use hardware matching and data load matching to identify viruses and malicious attacks to provide security for the network.
2. The required development platform
The basic functions, functions, interfaces required to implement this solution, FPGA, PowerPC, dual network ports (one uses the network port on the development board, and another network expansion board), SRAM,
The required target FPGA development platform, a brief description of why this platform is needed
Advanced board - Virtex-2 Pro
Do you need other supporting development tools?
Supporting download, debugging tools
2. Modules to be developed during the implementation of the programThe main modules of the functions that need to be developed and developed in this solution, and the way of development
See Figure 1 and Figure 2
3. The final performance indicators of the systemDiscuss the objectives envisaged when the project is finalized.
Implement a system with firewall capabilities.
Other resources needed
1. Design input and output function daughter board
Daughter board function description, interface description, time, mode
Network expansion board, RJ45, October 2007
2. Test equipment
List the test equipment required during the implementation of the program
Multimeter, oscilloscope, spectrum analyzer, logic analyzer, etc.
3. Policy, development tools
List the simulations, development tools, etc. that are needed during the implementation of the solution.
ModelSim, Xilinx ISE, Sinffer
Suizhou simi intelligent technology development co., LTD , https://www.msmvape.com