Skip to main content
Article thumbnail
Location of Repository

A FPGA-based scalable architecture for URL legal filtering in 100GbE networks

By Jaime J. Garnica, Sergio Lopez-buedo, Victor Lopez, Javier Aracil, Jose Maria and Gomez Hidalgo


Abstract—Legal filtering is common practice in many countries to avoid access to websites with criminal or violent content. This kind of filtering is typically implemented at the edge routers of ISP’s core networks, so it is mandatory to support very high bit rates. This paper proposes a hardware-software solution based on FPGAs, which scales up to 100 Gbps Ethernet. A FPGAbased PCIe board equipped with two network interfaces is used to intercept ISP traffic. The FPGA performs an initial filtering of the packets whose destination is potentially forbidden, based on a hash of the destination IP address. Filtered packets are sent to the software application, which inspects them and decides if the URL is actually forbidden or not. This two-level filtering allows for the scalability of the proposed solution to very high bit rates, not only because it simplifies FPGA design, but also because it significantly reduces software load, since potentially forbidden destinations are few. Additionally, this solution adds a minimal latency to most of the packets, and also allows for updating filtering rules without interrupting ISP traffic. The paper presents a proof-of-concept 10GbE implementation of the proposed architecture, as well as an analysis of its scalability up to 100GbE. I

Year: 2013
OAI identifier: oai:CiteSeerX.psu:
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • (external link)
  • (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.