Unlock instant, AI-driven research and patent intelligence for your innovation.

An encryption engine-based ipsec processing method and device

A technology of encryption processing and processing method, which is applied in the field of IPSec (IPSecurity), and can solve problems such as poor IPSec processing performance

Active Publication Date: 2017-09-01
NEW H3C TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, with the rapid improvement of FPGA processing capabilities, the encryption engine gradually lags behind and becomes the bottleneck of the overall processing performance of IPSec, making the overall processing performance of IPSec poor.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An encryption engine-based ipsec processing method and device
  • An encryption engine-based ipsec processing method and device
  • An encryption engine-based ipsec processing method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The embodiment of the present invention provides an encryption engine-based IPSec processing method, which is applied to network devices (such as routers, firewalls, etc.) including logical line cards and auxiliary line cards, and is used to encrypt or decrypt IPSec messages deal with. Encryption processing includes but not limited to AH (Authentication Header) encapsulation and ESP (Encapsulating Security Payload) encapsulation, etc. Decryption processing includes but not limited to AH decapsulation and ESP decapsulation, etc.

[0048] Such as figure 1As shown in the figure, in addition to logical line cards (line cards using FPGA as the forwarding core), network devices also have other service line cards. The CPUs of these service line cards also have built-in encryption engines. When the service line cards are not configured with IPSec During business operation, the encryption engines in the CPU are not working. In this case, in the embodiment of the present inventi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an encryption engine-based IPSec processing method and device. The method includes: after receiving the IPSec message, the FPGA of the logic line card uses the forwarding information of the IPSec message to query the flow table; if there is an IPSec message in the flow table For the forwarding information of the message, the FPGA of the logical line card determines the line card used to process the IPSec message; if the line card used to process the IPSec message is an auxiliary line card, the FPGA of the logical line card sends the IPSec message to The CPU of the auxiliary line card encrypts or decrypts the IPSec message by the encryption engine in the CPU of the auxiliary line card, and the encrypted or decrypted IPSec message is processed by the CPU of the auxiliary line card The text is sent to the FPGA of the logical line card. In the embodiment of the present invention, the use efficiency of the encryption engine can be improved, and the overall processing performance of IPSec can be improved.

Description

technical field [0001] The present invention relates to the field of communication technology, in particular to an encryption engine-based IPSec (IPSec, IP security) processing method and equipment. Background technique [0002] In network devices (such as routers and firewalls) that use FPGA (Field Programmable Gate Array) as the core to complete packet forwarding, it is necessary to forward packets, Business processing is moved to the FPGA to achieve high-speed forwarding. Among them, FPGA can quickly process packets, but it is difficult for FPGA to support complex services. If the IPSec algorithm is implemented on FPGA, the complexity is extremely high and a large amount of FPGA resources will be occupied. Therefore, IPSec processing in FPGA is currently not supported. Based on this, in order to improve the overall competitiveness, many mainstream embedded CPUs have integrated encryption engines (encryption and decryption processing through dedicated hardware) inside, so...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/741H04L45/74
Inventor 孟丹孔鹏亮
Owner NEW H3C TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com