Method for realizing network access control based on CPU + FPGA + search engine platform

Abstract

The invention relates to the field of communication security, and discloses a method for realizing network access control based on a CPU + FPGA + search engine platform, which comprises the followingsteps that: a CPU formulates an access control table according to a customizable protocol stack access control requirement, and then issues the access control table to a search engine through an FPGA;when the network equipment carries out high-speed data hard forwarding through the FPGA, the FPGA extracts data flow characteristics, carries out quick search through the search engine, and matches an access control action of the data flow; and the FPGA performs forwarding processing on the data according to the access control action of the data flow. According to the method, a high-speed networkfull-protocol stack access control requirement with a customizable protocol is used, and a CPU + FPGA + search engine platform is adopted to realize flexible and configurable high-speed network equipment full protocol stack access control of customizable protocols; the method solves the problem of difficulty in realizing high-speed network access control with a customizable protocol, and has a very high application value in a secret communication network scene with high reliability, high autonomy requirements and a customizable protocol.

Description

technical field [0001] The invention relates to the technical field of communication security, in particular to a method for realizing network access control based on a CPU+FPGA+search engine platform. Background technique [0002] Access control is a technology required by all network systems. It is a technology that restricts users' access to certain information items or the use of certain control functions according to the user's identity and a defined group to which they belong. Access control features include: [0003] 1) Prevent illegal users from entering protected network resources; [0004] 2) Allow legitimate users to access protected network resources; [0005] 3) Prevent legitimate users from unauthorized access to protected network resources. [0006] At present, the industry's technical solutions for IP network access control are very mature, but there are very few implementations of access control for high-speed networks where the network layer protocol is ...

AI Technical Summary

Problems solved by technology

[0010] Manufacturers in the industry generally use the switching chip + FPGA platform solution to realize the access control of high-speed network equipment with customizable protocols. Layer protocols are poorly customizable and only support a few public protocols, which cannot meet the access control requirements for the entire protocol stack of customizable protocols

In addition, some manufacturers in the industry use CPUs to implement access control for the entire protocol stack of customizable protocols, but this is only implemented on low-speed network devices, which cannot meet the requirements of high-speed forwarding

Images