Internet protocol security (IPSEC) tunnel data transmission method and device thereof

A data transmission method and IP data packet technology, applied in the field of data transmission, IPSEC tunnel data transmission method and device, can solve the problems of high overhead of bus resources and central processing unit, low processing efficiency of IPSEC small data volume IP message, etc. Achieve the effect of improving splitting efficiency, good promotion value, and improving processing efficiency

Active Publication Date: 2013-06-05
中电科网络安全科技股份有限公司
View PDF6 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem to be solved by the present invention is: for the small amount of data IP message existing in the prior art occupies CPU interrupt and PCI bus resource too much, thereby causes very low processing efficiency to IPSEC small data amount IP message, and bus To solve the problem of excessive resource and CPU overhead, a method and device for IPSEC tunnel data transmission is provided. By merging the same type of IP packets through a coprocessor for compression processing, etc., they are encapsulated into an IPSEC tunnel mode data through the external network Network card transmission; by decompressing the fragmented IP message data through the coprocessor, splitting it into different original IP messages and sending them through the intranet network card, the data transmission performance of the IPSEC tunnel can be greatly improved , the throughput rate of IP packets with small data volumes such as 64 bytes even exceeds the efficiency of plaintext transmission, which has a good promotion value

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Internet protocol security (IPSEC) tunnel data transmission method and device thereof
  • Internet protocol security (IPSEC) tunnel data transmission method and device thereof
  • Internet protocol security (IPSEC) tunnel data transmission method and device thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] Embodiment one: a kind of IPSEC tunnel data transmission method comprises the following steps:

[0055] Step 1: The receiving end of the network card receives the IP message sent by the intranet, and outputs the data after packaging, encrypting, and encapsulating through the network data sending device;

[0056] Step 2: The network data receiving device performs data decryption, decapsulation, and unpacking, and then outputs the data through the output port of the network card.

Embodiment 2

[0057] Embodiment two: on the basis of embodiment one, as image 3 As shown, the specific process that the network data sending device carries out data packaging, encryption, and encapsulation in the step 1 is:

[0058] Step 11: The receiving end of the network card receives the IP message sent by the intranet, the first data receiving module classifies and stores the IP message according to the security policy table, and at the same time, the accumulator or timer in the timer and accumulator module monitors the data length of the IP message , the first data receiving module establishes corresponding buffers for different security policies;

[0059] Step 12: When one of the accumulators overflows or the timer is cleared, the first data receiving module outputs all IP packets in the corresponding buffer to the data reassembly module and clears the corresponding buffer; otherwise, the first data receiving module continues to receive IP packets;

[0060] Step 13: When the data ...

Embodiment 3

[0061] Embodiment three: on the basis of embodiment one or two, the specific process of the first data receiving module in the step 11 according to the classification and storage of IP packets in the security policy is:

[0062] Step 111: the first data receiving module matches the security policy in the security policy table according to the source IP address, destination IP address, source port address, destination port range, and quintuple information of the transport layer protocol of the received IP message;

[0063] Step 112: If the five-tuple information of the IP message matches the same security policy in the security policy table, it is the same type of IP message, otherwise it is a different type of IP message, and then the same type of IP message is temporarily received in order Stored in the corresponding same buffer; at the same time, calculate the data length through the accumulator, compare the result of the accumulator with the threshold set by the data receivi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the communication field data transmission, in particular to an Internet protocol security (IPSEC) tunnel data transmission method and an IPSEC tunnel data transmission device. The invention provides the IPSEC tunnel data transmission method and the IPSEC tunnel data transmission device. Due to the fact that IP messages of the same kind are combined and compressed through a coprocessor and the like, an IPSEC tunnel model data are packaged to send by an outer network card. Due to the fact that after fragmentation IP message data are rebuilt, the coprocessor is uncompressed and the like, the rebuilt IP message data are divided into each different original IP message and sent through an inner network card, and a data transmission performance of an IPSEC tunnel can be largely improved. Data processing is carried out through the networks, a network data receiver and a network data sending device. The IPSEC tunnel data transmission method and the IPSEC tunnel data transmission device are mainly used in the field of the IPSEC tunnel data transmission.

Description

technical field [0001] The invention relates to data transmission in the communication field, in particular to an IPSEC tunnel data transmission method and device. Background technique [0002] At present, the IPSEC protocol, as the main security means of the network layer, has been supported by most security gateway devices. The IPSEC protocol tunnel mode requires the gateway device at the sending end to go through security policy (SP) retrieval, encryption, authentication, and encapsulation for each IP message, and then send the new IP message through routing. The IP packet format of IPSEC is as follows: figure 1 shown. Security gateway devices that support IPSEC on the market usually adopt the architecture of a general industrial control platform combined with a hardware coprocessor. In this architecture, each time the network card receives an IP packet, it will trigger an interrupt and data transmission on the PCI bus, and when it is sent to the coprocessor, it will e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/46
Inventor 罗俊
Owner 中电科网络安全科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap