Designing a Hardware-Accelerated Firewall With Two 10 Gbps Ports

High-speed packet filtering should be one of the first steps in securing any modern computer network. However, solutions over 1 Gbps are practically impossible to implement in software, and must be implemented with the use of specialized hardware. This paper describes the design of a two-port firewall for 10 Gbps networks. The solution is based on hardware implementation of their classification algorithm. The firewall is designed to process data at full speed, without any packet loss. The target platform is the COMBOv2 card.