Unlock instant, AI-driven research and patent intelligence for your innovation.

A kind of ipsec tunnel data transmission method and device

A data transmission method and IP data packet technology, which are applied in the IPSEC tunnel data transmission method and device, and in the field of data transmission, can solve the problems of IPSEC small data volume IP message processing efficiency is low, bus resources and CPU overhead are large, etc. Achieve the effect of improving splitting efficiency, good promotion value, and improving data transmission performance

Active Publication Date: 2016-12-28
中电科网络安全科技股份有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem to be solved by the present invention is: for the small amount of data IP message existing in the prior art occupies CPU interrupt and PCI bus resource too much, thereby causes very low processing efficiency to IPSEC small data amount IP message, and bus To solve the problem of excessive resource and CPU overhead, a method and device for IPSEC tunnel data transmission is provided. By merging the same type of IP packets through a coprocessor for compression processing, etc., they are encapsulated into an IPSEC tunnel mode data through the external network Network card transmission; by decompressing the fragmented IP message data through the coprocessor, splitting it into different original IP messages and sending them through the intranet network card, the data transmission performance of the IPSEC tunnel can be greatly improved , the throughput rate of IP packets with small data volumes such as 64 bytes even exceeds the efficiency of plaintext transmission, which has a good promotion value

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A kind of ipsec tunnel data transmission method and device
  • A kind of ipsec tunnel data transmission method and device
  • A kind of ipsec tunnel data transmission method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] Embodiment one: a kind of IPSEC tunnel data transmission method comprises the following steps:

[0055] Step 1: The receiving end of the network card receives the IP message sent by the intranet, and outputs the data after packaging, encrypting, and encapsulating through the network data sending device;

[0056] Step 2: The network data receiving device performs data decryption, decapsulation, and unpacking, and then outputs the data through the output port of the network card.

Embodiment 2

[0057] Embodiment two: on the basis of embodiment one, as image 3 As shown, the specific process that the network data sending device carries out data packaging, encryption, and encapsulation in the step 1 is:

[0058] Step 11: The receiving end of the network card receives the IP message sent by the intranet, the first data receiving module classifies and stores the IP message according to the security policy table, and at the same time, the accumulator or timer in the timer and accumulator module monitors the data length of the IP message , the first data receiving module establishes corresponding buffers for different security policies;

[0059] Step 12: When one of the accumulators overflows or the timer is cleared, the first data receiving module outputs all IP packets in the corresponding buffer to the data reassembly module and clears the corresponding buffer; otherwise, the first data receiving module continues to receive IP packets;

[0060] Step 13: When the data ...

Embodiment 3

[0061] Embodiment three: on the basis of embodiment one or two, the specific process of the first data receiving module in the step 11 according to the classification and storage of IP packets in the security policy is:

[0062] Step 111: the first data receiving module matches the security policy in the security policy table according to the source IP address, destination IP address, source port address, destination port range, and quintuple information of the transport layer protocol of the received IP message;

[0063] Step 112: If the five-tuple information of the IP message matches the same security policy in the security policy table, it is the same type of IP message, otherwise it is a different type of IP message, and then the same type of IP message is temporarily received in order Stored in the corresponding same buffer; at the same time, calculate the data length through the accumulator, compare the result of the accumulator with the threshold set by the data receivi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to data transmission in the communication field, in particular to an IPSEC tunnel data transmission method and device. The present invention provides an IPSEC tunnel data transmission method and device, and provides an IPSEC tunnel data transmission method and device, by merging the same type of IP messages through a coprocessor for compression processing, etc., and encapsulating them into an IPSEC tunnel mode data through an external Network card to send; by recombining the fragmented IP message data and decompressing it through the coprocessor, etc., splitting it into different original IP messages and sending them through the intranet network card, which can greatly improve the data transmission of the IPSEC tunnel performance. The invention performs data processing through a network card, a network data receiving device and a network data sending device. The invention is mainly applied to the field of IPSEC tunnel data transmission.

Description

technical field [0001] The invention relates to data transmission in the communication field, in particular to an IPSEC tunnel data transmission method and device. Background technique [0002] At present, the IPSEC protocol, as the main security means of the network layer, has been supported by most security gateway devices. The IPSEC protocol tunnel mode requires the gateway device at the sending end to go through security policy (SP) retrieval, encryption, authentication, and encapsulation for each IP message, and then send the new IP message through routing. The IP packet format of IPSEC is as follows: figure 1 shown. Security gateway devices that support IPSEC on the market usually adopt the architecture of a general industrial control platform combined with a hardware coprocessor. In this architecture, each time the network card receives an IP packet, it will trigger an interrupt and data transmission on the PCI bus, and when it is sent to the coprocessor, it will e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/46
Inventor 罗俊
Owner 中电科网络安全科技股份有限公司