Method for processing distributed IPSec

A distributed and co-processing technology, applied in the field of Internet security, can solve the problems of poor scalability, complex implementation, and low processing capacity, and achieve the effect of simple physical logic, smooth capacity upgrade, and good scalability

Inactive Publication Date: 2007-06-20
BEIJING SAMSUNG TELECOM R&D CENT +1
View PDF0 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] 1. IPSec Router based on CPU software forwarding has low operating efficiency and low processing capacity
[0012] 2. The processing capability of IPSec Router based on hardware ASIC acceleration or network processor to achieve IPSec

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for processing distributed IPSec
  • Method for processing distributed IPSec
  • Method for processing distributed IPSec

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention transplants the IPSec protocol to an M×N distributed computing structure composed of M mother cards and N co-processing sub-cards. The main card and co-processing sub-cards jointly complete IPSec forwarding through distributed computing. The design method is as follows :

[0025] 1. The main card and the co-processing daughter card jointly complete the IPSec forwarding task.

[0026] 2. The IPSec message processing process in the master card is: receive the message flow of the IPSec protocol stack inbound and outbound directions; analyze the message header, search the SPD policy database, classify the message for the flow, and assign a unique flow label; According to the flow label, the load sharing calculation is performed, and the message flow is shared to the respective co-processing sub-cards; after the co-processing sub-cards process the messages, they will be summarized by the main card and output.

[0027] 3. The co-processing sub-card IPSe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A distributed IPSec processing method includes the following steps: several mother cards generate Flow ID according to IP Packet, then it will have the load sharing operations according to Flow ID and transmit IPSec to many subcards; after subcard receives the transmitted original encrypted IP packet and IPSec packet, it will have an IPSec handling and transmit to mother cards; the mother cards and subcards have an interactive information through the board. This invention transplants IPSec protocol to M * N Distributed Computing Architecture which is composed with M mother cards and N subcards. Through mother cards and subcards' distributed computing, it achieves the high performance of IPSec transmitting. It realizes high performance of IPSec transmitting, high redundancy, high reliability. It supports system capacity smooth upgrading, it has good expansibility, simple physical logic, and it is easy to realize.

Description

technical field [0001] The invention relates to the field of Internet security, in particular to a method for distributed IPSec processing. Background technique [0002] IPSec (Internet Protocol Security) is a set of protocols defined by IETF (Internet Engineering Task Force) that provides IP (Internet Protocol) security at the network layer, and consists of a series of RFC documents. Among them, RFC2401 defines the basic structure of IPSec; RFC2402 defines AH (authentication header) of IPSec; RFC2406 defines ESP (Encapsulation Security Payload) of IPSec; RFC2409 defines IKE (Internet Key Exchange) of IPSec. [0003] Figure 1 describes the basic structure of the IPSec protocol. [0004] IPSec protocols include: AH, ESP, IKE, etc. [0005] The ESP (101) encapsulates the security payload to provide data encryption and verification functions for the IP payload. The AH (102) authentication header provides data integrity and verification functions for the IP header. Data encr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/56H04L12/801
Inventor 贾红升谭敏强张育斌
Owner BEIJING SAMSUNG TELECOM R&D CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap