Chip implementation method of multiple security policy groups
A technology for implementing methods and security policies, applied to electrical components, transmission systems, etc., can solve problems such as single concepts, and achieve the effect of flexible security policy deployment
Active Publication Date: 2018-09-11
SUZHOU CENTEC COMM CO LTD
View PDF5 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
For the above-mentioned communication requirements between the web server and the storage server, if the security policy group is adopted, only 2n+2 entries are needed in the end, which greatly reduces the use of table entries. However, the concept of the existing security policy is too single. For specific traffic, there can only be one SRC_SG and DST_SG. For example, in the above scenario, based on the attribute of server type, add the attribute of server attribution, or add more regions, countries, user authority levels, and other user-defined attributes. defined attributes, the existing security policy group technology is not enough to meet the increasingly complex network requirements
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0026] The technical solutions of the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings of the present invention.
[0027] combine figure 2 and image 3 As shown, a chip implementation method of a multiple security policy group disclosed in the embodiment of the present invention includes:
[0028] In the packet inbound direction processing of the chip:
[0029] 1. Configure 8 levels of SRC_SG values and SRC_SG priorities on the ingress port of the chip, the ingress VLAN, and the ingress Layer 3 interface.
[0030] 2. In the incoming direction of the message, according to the SRC_SG value as the characteristic value, perform 8 parallel first searches (search A1), and obtain the respective SRC_SG values of the 8 levels and the priority of SRC_SG at the same time.
[0031] 3. In the inbound direction of the message, 8 levels of DST_SG values and the priority of DST_SG can be configured in t...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a chip realization method of multilevel safety strategy group. The method comprises that N levels of source SG values and corresponding priorities are searched for the first time; N levels of target SG values and corresponding priorities are searched for the second time; the value of the highest priority of the source or target SG values in the same level but at different places is taken; characteristic values which are obtained by adding the source SG values to the target SG values are searched for the third time, safety strategy results of the N levels and the priority of each level are obtained; and the safety strategy results of the same priority are merged according to the strategy, and the merging result of the highest priority serves as a final safety strategy result. Thus, the safety strategies can be configured more flexibly, and a user can manage and control the service flow in multiple levels.
Description
technical field [0001] The invention relates to a multiple security policy group technology, in particular to a chip implementation method for multiple security policy groups. Background technique [0002] The most common security policy function on switching and routing devices is the access control list (ACL), that is, the behavior of data flow is controlled by configuring security access entries. For switching and routing devices that use chip forwarding, the ACL function needs the support of the forwarding chip. The simplest ACL function is performed as a search in the chip. This search uses some characteristic fields, such as IP quintuple, and the search result includes the processing action for the packet, usually pass or discard. [0003] However, for specific application scenarios, such as the scenario where the web server communicates with the storage server, such as figure 1 As shown, if there are the following requirements: 1. The web server and the storage serv...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/101H04L63/20
Inventor 龚海东
Owner SUZHOU CENTEC COMM CO LTD