On Thu, 2 Oct 1997, Sick Puppy wrote:
> Not too long ago I had a lot of free time to think about things and I
> became somewhat familiar with the Galaxy Pipeline Computer (rough
> translation) developed at Tokyo University. For about $20,000 they built
Could you spare some of that free time? :)
> It seems to me that firewalls are not incredibly complex machines
> and it should be possible to break the instructions into sets and hard
> code them on hundreds of processors. Such a machine should be able to
> keep up with a T3 line quite easily.
>
Actually, this might well be economically feasible now and not have
the problems that a hardware solution would have had a few years ago.
Large fpga's are approaching 100K gates or more. (To put this in
perspective, early computers were built from a few thousand gates) That
alone would not make it practical, but many of the newer ones are
programmed not by device programmers but by the contents of static ram
bits spread around the chip. The users of these chips are increasingly
doing the design in vhdl which is just another programming language.
Wouldn't be a hoot if someone built a C -> vhdl translator and then put
the firewall code directly in these chips? Also because the programming
is set in the static ram, fixes could be incorporated by just rebooting
after reloading the program. This is a simplistic view, of course, but
there is a possibility of approaching it this way. I could see as a
first step the placement of the entire tcp/ip stack into this hardware.
Golly, this could lead to Really intelligent NIC's.
Richard
References:
|
|
