《電子技術(shù)應(yīng)用》
您所在的位置:首頁(yè) > 通信與網(wǎng)絡(luò) > 設(shè)計(jì)應(yīng)用 > 多通道10G網(wǎng)絡(luò)安全設(shè)備的設(shè)計(jì)與實(shí)現(xiàn)
多通道10G網(wǎng)絡(luò)安全設(shè)備的設(shè)計(jì)與實(shí)現(xiàn)
網(wǎng)絡(luò)安全與數(shù)據(jù)治理
王碩1,胡現(xiàn)剛2,楊歡1,黃毅龍1,姬勝凱1
1.中國(guó)電子信息產(chǎn)業(yè)集團(tuán)有限公司第六研究所; 2.南部戰(zhàn)區(qū)海軍參謀部
摘要: 針對(duì)數(shù)據(jù)中心服務(wù)器間數(shù)據(jù)安全傳輸需求,提出一種多通道10G網(wǎng)絡(luò)安全設(shè)備設(shè)計(jì)方案。此方案以國(guó)產(chǎn)高性能FPGA和CPU為核心,通過(guò)雙向認(rèn)證協(xié)商方式建立VPN通道,基于IPSec VPN技術(shù)實(shí)現(xiàn)10路10G業(yè)務(wù)數(shù)據(jù)保護(hù)服務(wù)。搭建測(cè)試環(huán)境對(duì)樣機(jī)進(jìn)行測(cè)試驗(yàn)證,測(cè)試結(jié)果表明,1 400 B包長(zhǎng)下,每個(gè)通道可完成不小于9.4 Gb/s吞吐率的IPSec安全傳輸。
關(guān)鍵詞: 網(wǎng)絡(luò)安全 IPSec 10G
中圖分類(lèi)號(hào):TN918.4;TP309文獻(xiàn)標(biāo)識(shí)碼:ADOI:10.19358/j.issn.2097-1788.2024.10.002
引用格式:王碩,胡現(xiàn)剛,楊歡,等.多通道10G網(wǎng)絡(luò)安全設(shè)備的設(shè)計(jì)與實(shí)現(xiàn)[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2024,43(10):7-13,35.
Design and implementation of multi-channel 10G network security device
Wang Shuo1,Hu Xian′gang2,Yang Huan1,Huang Yilong1,Ji Shengkai1
1.The 6th Research Institute of China Electronics Corporation;2.Naval Staff Department of the Southern Theater Command
Abstract: A design scheme of multi-channel 10G network security device is proposed to meet the demand for secure data transmission between severs in a data center.Using domestic high-performance FPGA and CPU,this solution establishes a VPN channel through bidirectional authentication and negotiation,and implements 10-channel 10G business data protection services based on IPSec VPN technology.A test environment was built to test and verify the prototype. The results show that under a packet length of 1 400 B, each channel can achieve IPSec transmission with a throughput rate of no less than 9.4 Gb/s.
Key words : network security;IPSec; multi-channel;10G

引言

針對(duì)數(shù)據(jù)中心服務(wù)器間數(shù)據(jù)安全傳輸?shù)男枨?,亟需研制多通?a class="innerlink" href="http://theprogrammingfactory.com/tags/10G" target="_blank">10G網(wǎng)絡(luò)安全設(shè)備,通過(guò)IP加密技術(shù)構(gòu)建VPN來(lái)動(dòng)態(tài)構(gòu)建和劃分安全域,為服務(wù)器提供網(wǎng)絡(luò)層數(shù)據(jù)傳輸保護(hù)服務(wù)。

由于軟件方式實(shí)現(xiàn)的IPSec協(xié)議大大增加了網(wǎng)關(guān)的負(fù)載,成為網(wǎng)絡(luò)的瓶頸[1],本文提出了一種基于CPU+FPGA的架構(gòu)方案,采用2U機(jī)箱平臺(tái)加模塊結(jié)構(gòu),模塊間松耦合,模塊自身功能高度內(nèi)聚,降低開(kāi)發(fā)調(diào)試復(fù)雜度,同時(shí)提高設(shè)備可靠性。


本文詳細(xì)內(nèi)容請(qǐng)下載:

http://theprogrammingfactory.com/resource/share/2000006190


作者信息:

王碩1,胡現(xiàn)剛2,楊歡1,黃毅龍1,姬勝凱1

(1.中國(guó)電子信息產(chǎn)業(yè)集團(tuán)有限公司第六研究所,北京100083;

2.南部戰(zhàn)區(qū)海軍參謀部,廣東湛江524000)


Magazine.Subscription.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。