Date Added: Oct 2012
Legal filtering is common practice in many countries to avoid access to websites with criminal or violent content. This kind of filtering is typically implemented at the edge routers of ISP's core networks, so it is mandatory to support very high bit rates. This paper proposes a hardware-software solution based on FPGAs, which scales up to 100 Gbps Ethernet. A FPGA-based PCIe board equipped with two network interfaces is used to intercept ISP traffic. The FPGA performs an initial filtering of the packets whose destination is potentially forbidden, based on a hash of the destination IP address. Filtered packets are sent to the software application, which inspects them and decides if the URL is actually forbidden or not.