Abstract: This paper proposes the design scheme of state packet inspection firewall based on network processor, and describes the optimized design of key technologies for IXP2400’s hardware structure, including the storage structure and item searching of the access control list and the status session table. The proposed approach will enhance the performance of firewall observably.

Key words: Network processor, Firewall, Access control list(ACL), Status session table(SST)

摘要：

提出了基于网络处理器的状态检测型防火墙设计方案，并针对IXP2400的硬件结构，对访问控制列表和状态会话表的存储结构及表项查找等关键技术进行了优化，发挥了IXP2400内部各硬件单元的优点，系统达到线速处理的能力，使其性能得到了较大的提交。

关键词: 网络处理器, 防火墙, 访问控制列表, 状态会话表

CLC Number: 

• TP393