An ipsec VPN single tunnel software encryption and decryption performance extension method

An extension method, encryption and decryption technology, which is applied in the field of IPsec VPN single tunnel software encryption and decryption performance expansion, can solve the problems of resource waste, resource occupation, non-availability, etc., reduce intrusive modification, have little impact on system stability and performance, and improve tunnel performance effect
CN111669374BActive Publication Date: 2022-05-27CHENGDU DBAPP SECURITY
9 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Patents(China)
Current Assignee / Owner
CHENGDU DBAPP SECURITY
Publication Date
2022-05-27

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses an IPsec VPN single tunnel software encryption and decryption performance extension method. The message forwarding engine supports multi-CPU parallel processing of message forwarding services. If the current CPU utilization rate exceeds 90%, and the existing utilization rate is lower than 50% CPU, obtain the first CPU that does not exceed 50%, and send the message to the shared queue of the destination CPU as the destination CPU, and encrypt the plaintext message; if the hash of the plaintext does not belong to the message of the CPU , the encrypted packet is sent to the shared queue of the original CPU, and the encrypted packet is obtained from the shared queue of the CPU. The present invention realizes pure software, and when one of the CPUs has too high an IPsec VPN message encryption and decryption load, the encryption and decryption message pointer is transferred to other idle CPUs for encryption and decryption processing, thereby achieving the purpose of improving the performance of a single IPsec VPN tunnel.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention belongs to the field of data communication, and in particular relates to a software encryption and decryption performance extension method for an IPsec VPN single tunnel. Background technique

[0002] Traditional data forwarding equipment, such as gateway equipment such as routers and firewalls, is mainly in the form of software and hardware. The software and hardware are bound together, so the performance is fixed. Customers need to purchase products according to their own performance parameters during the purchase process. model. As the core function of the gateway device, the performance of IPsec VPN is also an important consideration for customers to choose this product. IPSec VPN refers to a VPN technology that uses the IPSec protocol to realize remote access. IPSec is called Internet Protocol Security. It is a security standard framework defined by the Internet Engineering Task Force (IETF). End-to-end encryption and authenticatio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More