Security switching chip, implementation method and network switching equipment based on mimicry idea

Abstract

The invention belongs to the technical field of network switching, and in particular relates to a security switching chip, an implementation method and a network switching device based on a mimetic idea. Packet headers and cache packet data; parse through heterogeneous parsing algorithms, and make mimic judgments on the parsing results; generate packet descriptors based on the judgment results, which contain at least packets related to packet forwarding policy behaviors Feature information; look up the entry cache based on mimetic entry verification to obtain forwarding policy behavior data and update the packet descriptor; extract the corresponding packet data from the cached packet data, and send the extracted packet data in the form of data packets to the corresponding port. The present invention enhances the security and reliability of the switching chip by introducing technologies such as de-cooperative cache, mimic forwarding engine, and mimic table entry verification, and has important guiding significance for the development of network switching technology.

Description

technical field [0001] The invention belongs to the technical field of network switching, and in particular relates to a security switching chip based on the idea of ​​mimicry, a realization method and network switching equipment. Background technique [0002] Today, with the rapid development of the Internet, network switching technology is an important hub of network communication, so the security and reliability of switching devices, especially switching chips, are extremely important. In the field of network switching, security incidents continue to emerge. In early 2018, Cisco disclosed that 318 switches had vulnerabilities and might have been infiltrated. The safety and reliability of switching equipment has become the top priority in the design of current network switching equipment. At the same time, with the increasing complexity of the network and the soaring data traffic, the design complexity of the switch chip is also increasing. Therefore, the design of the sw...

AI Technical Summary

Problems solved by technology

There is no targeted protection against potential security risks, unknown vulnerabilities, Trojan horses and backdoors that may exist in the hardware. Therefore, the traditional defense design has limited protection against unknown vulnerabilities, Trojan horses and backdoors that may exist in the switching chip.

The defense technology characteristics of the current switch chip, due to the increasingly complex switching system and the development of programmable forwarding technology, the forwarding engine system is becoming more and more complex, and the forwarding engine is very likely to have unknown loopholes or unreliable design ideas. How to realize potential loopholes in the forwarding engine It is particularly important to improve the reliability of the forwarding engine design; with the development of IC technology, after the configuration information is sent to the switch chip, it is very likely to be tampered with or damaged at the hardware level, thus changing the data flow. Therefore, how to Realizing the protection of important configuration information in the switching chip has become one of the important issues that need to be solved urgently; when designing a complex switching system, it has become a trend to use third-party general IP, especially the data cache module, which can reduce R&D However, how to avoid the coordinated software and hardware attacks triggered by the backdoor reserved by the third party IP is also a problem that needs to be paid attention to at present.

Images