Distributed IPSec load sharing device and method

A load sharing and distributed technology, applied in the field of communication, can solve the problems of hardware performance limitations, equipment cannot be upgraded synchronously, and poor scalability. It achieves simple load sharing algorithm, efficient line card forwarding performance, and less communication between boards. Effect

Inactive Publication Date: 2009-12-30
ZTE CORP
View PDF0 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1. The IPSec router based on CPU software forwarding occupies CPU resources, resulting in low operating efficiency, poor processing ability, and normal IP forwarding of images;
[0007] 2. Although the processing capability of routers based on hardware acceleration or network processors to implement IPSec forwarding has been improved to a certain extent, it is limited by hardware performance, has complicated implementation, poor scalability, and the device cannot be upgraded synchronously with the growth of IPSec user traffic;
[0008] 3. Based on distributed processing, usually the online card processes ordinary IP forwarding, and the co-processing card performs IPSec processing. After complex analysis of data packets and IPSec SPDB (Security Policy Database) and SADB (Security Association Database) , resulting in a load sharing algorithm. Because the algorithm is too complex, it consumes a lot of resources for the line card with the basic forwarding function, which affects the common IP forwarding performance of the line card.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Distributed IPSec load sharing device and method
  • Distributed IPSec load sharing device and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The following is a preferred embodiment in conjunction with the accompanying drawings, and the present invention will be further described in detail.

[0031] like figure 1 As shown, it is a functional block diagram of the device of the present invention. In this embodiment, it is assumed that the device includes N line cards and M co-processing cards;

[0032] The line card is used to establish and maintain the corresponding relationship table map table between the peer IP address of the IPSec tunnel and the corresponding co-processing card number; it is used to search and process the IPSec message from the map table when receiving the IPSec message co-processing card number, and forward the message to the co-processing card corresponding to the found card number; for matching the IPSec tunnel configuration for the message when the received IPSec message is a message to be encrypted; When the received IPSec message is a message to be encrypted and the co-processing ca...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a distributed IPSec load sharing device and a method. The device comprises a cable card and a coprocessing card; the method comprises the following step of: establishing a corresponding relation table of IP addresses of an opposite end of an IPSec tunnel and corresponding coprocessing card numbers on the cable card; when the cable card receives IPSec messages, finding corresponding coprocessing card numbers for processing the messages by inquiring the corresponding relation table, and forwarding the messages to the coprocessing card corresponding to the card number so as to carry out IPSec processing. The invention can quickly position the coprocessing card, and has simple load sharing algorithm, little interaction of communication between panels and high forwarding performance of cable card.

Description

technical field [0001] The present invention relates to the communication field, in particular to a distributed IPSec (Internet Protocol Security, Internet Protocol Security) load sharing device and method. Background technique [0002] At present, the Internet has become the information infrastructure of the whole society, and most enterprise applications are based on IP (Internet Protocol, Internet Protocol). It has become an inevitable trend to build application systems on the Internet. At present, VPN (Virtual Private Network, Virtual Private Network) technology based on IP layer VPN protocol IPSec has become the best solution for WAN construction because of its application independence. It will not only greatly save the construction and operation and maintenance costs of WAN, but also enhance network reliability and security. [0003] IPSec protocols include: IKE (Internet Key Exchange Protocol), AH (Authentication Header), ESP (Encapsulating Security Payload), etc., w...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/56H04L29/06H04L12/46
Inventor 杜勇于洪涛林晨
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap