基于FPGA的万兆流量并行实时处理系统研究  被引量：7

作　　者：王建东[1,2] 祝超[1,2] 谢应科[1] 韩承德[1] 赵自力[1,2] 

机构地区：[1]中国科学院计算技术研究所空间信息处理技术实验室,北京100190 [2]中国科学院研究生院,北京100049

出　　处：《计算机研究与发展》2009年第2期177-185,共9页Journal of Computer Research and Development

基　　金：国家“九七三”重点基础研究发展计划基金项目(2007CB310702,2004CB318202);国家“八六三”高技术研究发展计划基金项目(2007AA01Z467);国家自然科学基金项目(60303017)~~

摘　　要：针对万兆网络环境下入侵检测、流量审计等应用系统处理能力瓶颈,提出一个并行实时处理体系结构,并基于FPGA实现了原型系统,该系统对OC192(10Gbps)流量进行分类、过滤及统计,然后将流量分发到多个后台并行处理.系统中设计了通用包分类结构RSTCAM(range-supported split TCAM),该结构资源占用量少,可降低系统功耗,且易于实现范围查找,对基于TCAM包分类系统具有普遍意义.系统中还提出了一种负载均衡算法FDLB(feedback-based dynamic load balancing),FDLB改进了基于表的Hash方法,在保证会话完整性的前提下将流量优先分发给当前负载最小的后端处理.测试表明,原型系统完全胜任万兆流量的线速处理,平均处理延迟为4.2μs.As network link speeds increase, traditional application systems such as intrusion detection and traffic audit are unable to process high bandwidth traffic. Proposed in this paper is a novel parallel architecture for processing 10 Gbps traffic in real-time. OC192 traffic is first classified and then filtered in this architecture. Filtered traffic is load-balanced to backend processors for detail processing. All kinds of statistics are collected during these procedures. A universal range-supported split TCAM structure （RSTCAM） is designed in the classification unit of this architecture. In RSTCAM each classification rule is split into 5 separate sub-rules according to its fields. These subrules are stored in 5 TCAMs separately. With RSTCAM, the following benefits can be obtained. resource and lower power consumption. imply range matching. A implemented in this arc novel feedba cture. FDLB It is demonstrated that it is very convenient for RSTCAM to ck based dynamic load balancing algorithm （FDLB） is also dispatches traffic to backend processors based on their loads. As many applications require session integra Traffics are dispatched to specific processor lity, FDLB guarantees this through table based hashing. by hashing their source and destination ip addresses. The prototype of the architecture is implemented in a FPGA. Experiment results show that the whole system can sustain OC192 traffic throughput with a processing delay of 4.2 microseconds.

关 键 词：FPGA 并行结构 包分类 负载均衡 10Gbps 

分 类 号：TP393[自动化与计算机技术—计算机应用技术] TP302[自动化与计算机技术—计算机科学与技术]