在現今網路設備的設計裡,IP卸載引擎是有必要使用在網路入侵偵測系統或者入侵防護系統。在電腦網路傳輸過程裡接收到的網路協定封包片段,網路協定封包重組單元可提供高速和高效能的網路協定封包重組。傳統上,從媒介存取控制層接收到的網路協定封包片段,由軟體重組成傳輸控制協定的封包。為了達到目前網路流量的需求,像是每秒數億個位元,網路協定封包硬體重組單元被用來取代傳統由軟體處理網路協定片段重組的任務。 本論文闡述一個可用硬體實作的網路協定重組單元設計。網路協定重組單元使用同步計時器為每一個片段群組做計時工作,同步計時器可解決記憶體資源的佔用問題。網路協定重組單元使用多表格的散列表,針對每一個正被重組成原始封包的片段,來記錄每一個接收到的片段的狀況資訊。它可解決表格搜尋的問題,而且在系統上達到了速度、記憶體大小和成本的平衡。我們將我們提出的以散列方式的網路協定封包重組單元實作在Xilinx ML507開發平台上,而且得到每秒3.2億個位元的資料處理效能。
In modern designs of network appliances, an IP offload engine is used essentially in a Network Intrusion Detection System (NIDS) or an Intrusion Prevention System (IPS). An IP packet reassembly module provides high-speed and efficient reassembly of IP fragments received at an intermediate station in a computer network. Traditionally, software reassembles the IP fragments received from the MAC layer to a TCP packet. In order to achieve multi-gigabit per second data rates, the IP packet reassembly hardware module is configured to replace the reassembly task of IP fragments. This thesis addresses the design of a hardware implementation of an IP reassembly module. The IP reassembly module utilizes a synchronous timer to do time work for each fragment group. The synchronous timer resolves the occupied issue in the memory resource. The IP reassembly module is equipped with a hash table having a plurality of entries for maintaining status information for each received fragment and for each original packet being reassembled from the fragments. The proposed hash table accelerates searching and achieves the balance between speed, memory size and cost in the system. We implemented the proposed hashing approach IP packet reassembly module in a Xilinx ML507 FPGA development platform and obtained an estimated throughput of 3.2 Gbps.