The packet classification is a core function of firewall, which is widely used in various applications of network infrastructure for security purpose. Nowadays, speed of data transfer is in Gbps. So, processing the packet at the same speed is very challenging task to achieve high throughput. In this paper, a field-programmable gate array (FPGA)-based reconfigurable firewall, namely DRGO firewall, is proposed that accepts only unique rule and processes packet in parallel. DRGO firewall resolves rule ambiguity in the rule set to perform deterministic action for an incoming packet and minimizes cardinality of ruleset to achieve better space efficiency and higher throughput. Such type of firewall is applicable in any network to classify unknown incoming packets. The storage cost per rule of DRGO firewall is 14 bytes. The proposed approach is implemented on Virtex-6 FPGA, and it achieves throughput of 142 Gbps at the clock rate of 442.6 MHz for minimum packet size of 40 bytes.

中文翻译：

---

使用FPGA的可重配置防火墙中的不相交规则生成和优化（DRGO）的新型并行方法

数据包分类是防火墙的核心功能，出于安全目的，它广泛用于网络基础结构的各种应用程序中。如今，数据传输速度以Gbps为单位。因此，以相同的速度处理数据包对于实现高吞吐量而言是非常具有挑战性的任务。本文提出了一种基于现场可编程门阵列（FPGA）的可重配置防火墙，即DRGO防火墙，该防火墙仅接受唯一的规则并并行处理数据包。DRGO防火墙解决了规则集中的规则歧义问题，从而对传入的数据包执行确定性操作，并最小化规则集的基数，以实现更好的空间效率和更高的吞吐量。这种类型的防火墙适用于任何网络，以对未知的传入数据包进行分类。DRGO防火墙的每个规则的存储成本为14字节。