Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

An ipsec VPN single tunnel software encryption and decryption performance extension method

An extension method, encryption and decryption technology, which is applied in the field of IPsec VPN single tunnel software encryption and decryption performance expansion, can solve the problems of resource waste, resource occupation, non-availability, etc., reduce intrusive modification, have little impact on system stability and performance, and improve tunnel performance effect

Active Publication Date: 2022-05-27
CHENGDU DBAPP SECURITY
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] However, the first method implements hardware encryption and decryption through hardware. The advantage of this solution is that it can make full use of the high efficiency of hardware to achieve high encryption and decryption performance, but its cost is high, and the hardware has certain customization, so not a universal solution
The second is to use encryption and decryption as an independent processing unit on the software, and start multiple corresponding software processing units to achieve performance expansion of encryption and decryption. However, as a processing unit of the packet forwarding engine, it needs to be deployed during the deployment process. Occupies CPU resources alone. If there is no ipsec VPN-related business, the processing unit occupies resources but does not do any processing, which is a serious waste of resources.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An ipsec VPN single tunnel software encryption and decryption performance extension method
  • An ipsec VPN single tunnel software encryption and decryption performance extension method
  • An ipsec VPN single tunnel software encryption and decryption performance extension method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] A method for extending the software encryption and decryption performance of a single IPsec VPN tunnel. In a parallelized data packet forwarding engine, the processing flow of a single IPsec VPN tunnel packet is increased by adding parallelized CPU load monitoring and packet transfer to the CPU for encryption and decryption, so as to achieve expansion. The encryption and decryption performance of a single tunnel, and the performance of a single tunnel can be linearly scaled with the increase of parallelized CPUs.

[0034] 1. Data packet forwarding engine: This component is the core component of packet forwarding, such as image 3 As shown, the data packet forwarding engine is mainly used to realize the processing requirements of the device or software for data packet forwarding. The entire message forwarding engine supports multi-CPU parallel processing of message forwarding services, which is one of the prerequisites of the present invention.

[0035] 2. Subcontractin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an IPsec VPN single tunnel software encryption and decryption performance extension method. The message forwarding engine supports multi-CPU parallel processing of message forwarding services. If the current CPU utilization rate exceeds 90%, and the existing utilization rate is lower than 50% CPU, obtain the first CPU that does not exceed 50%, and send the message to the shared queue of the destination CPU as the destination CPU, and encrypt the plaintext message; if the hash of the plaintext does not belong to the message of the CPU , the encrypted packet is sent to the shared queue of the original CPU, and the encrypted packet is obtained from the shared queue of the CPU. The present invention realizes pure software, and when one of the CPUs has too high an IPsec VPN message encryption and decryption load, the encryption and decryption message pointer is transferred to other idle CPUs for encryption and decryption processing, thereby achieving the purpose of improving the performance of a single IPsec VPN tunnel.

Description

technical field [0001] The invention belongs to the field of data communication, and in particular relates to a software encryption and decryption performance extension method for an IPsec VPN single tunnel. Background technique [0002] Traditional data forwarding equipment, such as gateway equipment such as routers and firewalls, is mainly in the form of software and hardware. The software and hardware are bound together, so the performance is fixed. Customers need to purchase products according to their own performance parameters during the purchase process. model. As the core function of the gateway device, the performance of IPsec VPN is also an important consideration for customers to choose this product. IPSec VPN refers to a VPN technology that uses the IPSec protocol to realize remote access. IPSec is called Internet Protocol Security. It is a security standard framework defined by the Internet Engineering Task Force (IETF). End-to-end encryption and authenticatio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L12/46
CPCH04L63/0485H04L63/0428H04L12/4641H04L12/4633
Inventor 兰星范渊吴永越郑学新刘韬
Owner CHENGDU DBAPP SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com