Mimicry thought-based security exchange chip, implementation method and network exchange equipment

Abstract

The invention belongs to the technical field of network switching, and particularly relates to a mimicry thought-based security switching chip, an implementation method of the security switching chipand network switching equipment, and the method comprises the following steps: carrying out scheduling processing on message data of each port according to input scheduling; aiming at each piece of message data, extracting a message header and caching the message data; parsing through a heterogeneous parsing algorithm, and carrying out mimicry judgment on a parsing result; generating a message descriptor according to the judgment result, wherein the message descriptor at least comprises message feature information related to the message forwarding strategy behavior; searching for a mimicry table item verification-based table item cache to obtain forwarding strategy behavior data and updating a message descriptor; and extracting corresponding message data from the cached message data, and sending the extracted message data to a corresponding port in the form of a data packet. The security and reliability of the switch chip are enhanced by introducing such technologies as de-collaborative caching, mimic forwarding engines and mimic table item checking, and the method has important guiding significance for the development of the network switching technology.

Description

technical field [0001] The invention belongs to the technical field of network switching, and in particular relates to a security switching chip based on the idea of ​​mimicry, a realization method and network switching equipment. Background technique [0002] Today, with the rapid development of the Internet, network switching technology is an important hub of network communication, so the security and reliability of switching devices, especially switching chips, are extremely important. In the field of network switching, security incidents continue to emerge. In early 2018, Cisco disclosed that 318 switches had vulnerabilities and might have been infiltrated. The safety and reliability of switching equipment has become the top priority in the design of current network switching equipment. At the same time, with the increasing complexity of the network and the soaring data traffic, the design complexity of the switch chip is also increasing. Therefore, the design of the sw...

AI Technical Summary

Problems solved by technology

There is no targeted protection against potential security risks, unknown vulnerabilities, Trojan horses and backdoors that may exist in the hardware. Therefore, the traditional defense design has limited protection against unknown vulnerabilities, Trojan horses and backdoors that may exist in the switching chip.

The defense technology characteristics of the current switch chip, due to the increasingly complex switching system and the development of programmable forwarding technology, the forwarding engine system is becoming more and more complex, and the forwarding engine is very likely to have unknown loopholes or unreliable design ideas. How to realize potential loopholes in the forwarding engine It is particularly important to improve the reliability of the forwarding engine design; with the development of IC technology, after the configuration information is sent to the switch chip, it is very likely to be tampered with or damaged at the hardware level, thus changing the data flow. Therefore, how to Realizing the protection of important configuration information in the switching chip has become one of the important issues that need to be solved urgently; when designing a complex switching system, it has become a trend to use third-party general IP, especially the data cache module, which can reduce R&D However, how to avoid the coordinated software and hardware attacks triggered by the backdoor reserved by the third party IP is also a problem that needs to be paid attention to at present.

Images