SSLVPN implementation method based on DPDK and VPP

An implementation method and the same technology, applied in the direction of data exchange through path configuration, digital transmission system, electrical components, etc., can solve the problems of large delay, high packet loss rate, inability to meet real-time connection processing, etc., and achieve parallel processing. Effect

Pending Publication Date: 2022-02-25
NANJING NARI GROUP CORP +1
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the Linux kernel protocol stack, this time-consuming even accounts for half of the entire processing flow of the data packet.
[0006] It can be seen that the traditional SSLVPN implementation method faces problems suc

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SSLVPN implementation method based on DPDK and VPP

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0035] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, and are not used to limit the protection scope of the present invention.

[0036] The application principle of the present invention will be described in detail below with reference to the accompanying drawings.

[0037] DPDK (Data Plane Development Kit) is a software development kit for high-speed network data packets proposed by Intel Corporation. In the early stage, it mainly supported systems using Intel CPUs and network cards. Now it supports other CPUs such as IBM Power and ARM, as well as some non-Intel network cards. By bypassing the Linux system network protocol stack, DPDK directly reads and writes the network card. Combined with the binding of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an SSLVPN implementation method based on a DPDK and a VPP. The method comprises the steps that a DPDK zero-copy operation environment is constructed; the memory is pre-allocated, a memory block required when the system reaches the maximum concurrency is obtained, and a network data packet is stored in the memory block; a scheduling strategy between the CPU core and the multi-queue network card is set, the scheduling strategy is distributed according to streams, session data streams are identified according to feature information of a network data packet, and it is ensured that the same session data stream is distributed to a receiving queue, the CPU core and a working thread of the same queue network card; the independent working threads are used for processing data receiving, processing and forwarding in the independent queue network card, the independent working threads are created based on the VPP, and processing of network data packets by all the working threads is completed in a VPP user mode protocol stack. According to the invention, the performance advantages of the multi-core processor are fully exerted, and the real-time processing of the SSL connection in the high-speed network environment is satisfied by utilizing the parallel processing technology based on the DPDK zero copy technology and the VPP user mode protocol stack.

Description

technical field [0001] The present invention specifically relates to a method for realizing SSLVPN based on DPDK and VPP. Background technique [0002] With the development of network communication technology, the promotion and construction of 5G and ubiquitous Internet of Things, and the exponential growth of business usage, it is possible to meet the needs of hundreds of thousands to millions of ubiquitous Internet of Things sensing layer terminals with safe, reliable and real-time access. Access to the power information network poses new challenges to the performance of SSLVPN gateway network security products. The traditional SSLVPN implementation method has the following defects: [0003] Local failure. The processing of an SSL packet may span multiple CPU cores, cache invalidation, and NUMA unfriendly. An SSL packet may be interrupted on CPU0, the kernel mode is processed on CPU1, and the user mode is processed on CPU2. This spans multiple cores, resulting in locali...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/40H04L12/46
CPCH04L63/168H04L63/0428H04L12/4641H04L63/0869H04L63/083
Inventor 纪元郑卫波汪洋王正琦黄益彬邓进杨维永朱世顺殷鑫鹏金建龙王梓谢华菁魏兴慎郭子昕张跃王凯迪
Owner NANJING NARI GROUP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap