Professional Documents
Culture Documents
PROJECT OVERVIEW
Our Firewall design consists of a dual core dual threaded RISC processor
with Lookup and Reroute hardware accelerators. The Firewall scans(DPI) the packets
at line rate,looking for a malicious signature . When a packet with a malicious signature
arrives at the Firewall it is forwarded to the controller. The controller then can make a
decision to allow or deny any more packets packets with similar pattern from the same
source. The controller then updates the hardware Access Control List (IP) in the Firewall
using a special packet known as "instruction packet". When the hardware Firewall
receives this Instruction Packet it updates its Access Control List. Our design can
support 10 million updates per second from a remote controller which is 163.93 times
2) Packet classifier- This module is embedded within the pattern matcher and can
classify normal data packets from instruction packets from the controller
3) Access control list- We have have an IP access control list where each IP can be in
an Allow list or a Deny List. The IP in in the control list can be configured and
dynamically updated by a remote controller using an instruction packet.
Specification of Reroute Hardware accelerator
1) IP checksum updater- This calculates the new IP checksum and can be activated
activated only when it is required to reroute a packet to the controller