IPSecVPN (Internet Protocol Security Virtual Private Network) realizing system and method based on NetFPGA (Net Field Programmable Gate Array)

A security association and database technology, applied in the field of NetFPGA-based IPSec VPN implementation system, can solve the problems of low data packet forwarding efficiency and slow processing speed, and achieve the effect of improving IPSec processing speed and routing forwarding speed

Active Publication Date: 2011-05-18
北京地平线轨道技术有限公司
View PDF4 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] The purpose of the present invention is to, aim at the low efficiency of data packet forwarding caused by the IPSec VPN realized by the original mode or the "block in the cable" mode on the router, and the deficiencies that the processing speed is slow, a method based on NetFPGA (NetFPGA) is proposed. Field Programmable GateArray, network programmable gate array) IPSec VPN implementation system and method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IPSecVPN (Internet Protocol Security Virtual Private Network) realizing system and method based on NetFPGA (Net Field Programmable Gate Array)
  • IPSecVPN (Internet Protocol Security Virtual Private Network) realizing system and method based on NetFPGA (Net Field Programmable Gate Array)
  • IPSecVPN (Internet Protocol Security Virtual Private Network) realizing system and method based on NetFPGA (Net Field Programmable Gate Array)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] The present invention will be described in further detail below in conjunction with accompanying drawing and specific embodiment:

[0060] Such as figure 1 It is the topological diagram of the present invention deployed in the network, the embodiment is as in figure 1 In the topology shown, the NetFPGA-based IPSec VPN implementation plan is implemented. This implementation plan is to establish an efficient and high-speed IPSec-VPN tunnel between routers corresponding to the two communication subnets to protect the communication between the two communication subnets. Communication.

[0061] figure 2 It is a schematic diagram of the system architecture of the present invention, and in specific implementation, such as figure 2 The system architecture is used to realize the protection of IPSec VPN. The implementation of IPSec VPN on the router includes software deployment at the control plane and hardware module deployment at the forwarding plane based on NetFPGA. Th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates an IPSec VPN (Internet Protocol Security Virtual Private Network) realizing system and method based on a NetFPGA (Net Field Programmable Gate Array), wherein a control layer of a router is additively provided with an IKE (Internet Key Exchange) module, a security relation database mapping module and a security policy database, and a key management module is used for dynamically managing the key, the security relation and the security policy; and a forward layer is additionally provided with two independently designed IPSec input and output process modules in the originalNetFPGA standard router architecture by sufficiently utilizing the modularization reusable idea of a NetPGA development board. The scheme of the invention can realize the route forward function of the data flow in a hardware manner, and can also realize the great mass of calculation functions required by the IPSecVPN in a hardware manner, such as safe detaching/packing load and completeness authentication; in addition, the invention can effectively make a compromise on the data flow forward performance and the IPSec protocol processing performance.

Description

technical field [0001] The invention relates to a NetFPGA-based IPSec VPN realization system and method. Background technique [0002] The IPSec protocol is a set of open standard network security protocols formulated by the Internet Security Engineering Group IETF in 1998. It applies cryptographic technology to the network layer to provide data authentication, integrity, access control, and confidentiality at the sending and receiving ends. Serve. High-level application protocols can also use these security services directly or indirectly. Therefore, the IPSec protocol is often configured on routers, firewalls, hosts, and communication links to realize the secure tunnel function in the VPN network, thereby realizing the function of security protection. [0003] The IPSec protocol can be implemented and configured on the terminal host, the gateway / router, or both at the same time: the implementation of IPSec on the host is mainly used to ensure the communication security o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/56H04L12/46H04L29/06H04L45/74
Inventor 周华春洪毅清张宏科易李刘颖汤春玲任飞
Owner 北京地平线轨道技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap