《電子技術(shù)應(yīng)用》
您所在的位置:首頁 > 可編程邏輯 > 設(shè)計(jì)應(yīng)用 > 基于高性能FPGA的超高速IPSec安全設(shè)備設(shè)計(jì)與實(shí)現(xiàn)
基于高性能FPGA的超高速IPSec安全設(shè)備設(shè)計(jì)與實(shí)現(xiàn)
網(wǎng)絡(luò)安全與數(shù)據(jù)治理
姬勝凱,王碩,黃毅龍,楊志明,馬賦寧,徐程
中國電子信息產(chǎn)業(yè)集團(tuán)有限公司第六研究所
摘要: 基于高性能FPGA提出了一種超高速IPSec安全設(shè)備的設(shè)計(jì)方案;此方案在以CPU作為控制中樞的基礎(chǔ)上,利用高性能FPGA配合高速接口實(shí)現(xiàn)100G的IPSec安全傳輸,同時(shí)利用高性能FPGA和噪聲源芯片實(shí)現(xiàn)國密算法對高速數(shù)據(jù)進(jìn)行加解密。搭建測試環(huán)境對樣機(jī)進(jìn)行測試,測試結(jié)果表明,超高速IPSec安全設(shè)備可完成高達(dá)82 Gb/s吞吐率的IPSec安全傳輸,整個(gè)系統(tǒng)延時(shí)達(dá)90 μs級。
關(guān)鍵詞: 超高速 IPSec FPGA
中圖分類號:TN918.4文獻(xiàn)標(biāo)識碼:ADOI:10.19358/j.issn.2097-1788.2024.11.003引用格式:姬勝凱,王碩,黃毅龍,等.基于高性能FPGA的超高速IPSec安全設(shè)備設(shè)計(jì)與實(shí)現(xiàn)[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2024,43(11):13-18.
Design and implementation of ultra high-speed IPSec security device based on high performance FPGA
Ji Shengkai,Wang Shuo,Huang Yilong,Yang Zhiming,Ma Funing,Xu Cheng
The 6th Research Institute of China Electronics Corporation
Abstract: A design scheme for an ultra high speed IPSec security device based on high-performance FPGA has been proposed. On the basis of using CPU as the control center, this scheme utilizes high-performance FPGA combined with high-speed interface to achieve 100G IPSec secure transmission, while utilizing high-performance FPGA and noise source chip to implement national security algorithm for encryption and decryption of high-speed data. Building a testing environment to test the prototype,the test results indicate that,the ultra high speed IPSec security device can achieve IPSec secure transmission with a throughput of up to 82 Gb/s, and the entire system latency can reach 90 μs level.
Key words : ultra High-speed; IPSec; FPGA

引言

近幾年來,隨著數(shù)據(jù)中心的建設(shè),用于數(shù)據(jù)中心間通信的100G以太網(wǎng)建設(shè)迅速,隨之而來的各類網(wǎng)絡(luò)攻擊行為給網(wǎng)絡(luò)建設(shè)帶來了挑戰(zhàn),亟需部署網(wǎng)絡(luò)安全設(shè)備進(jìn)行網(wǎng)絡(luò)安全防護(hù),目前主要部署網(wǎng)絡(luò)密碼機(jī)進(jìn)行數(shù)據(jù)安全防護(hù),對傳輸數(shù)據(jù)提供機(jī)密性、完整性和不可否認(rèn)性保護(hù)。目前超高速IPSec密碼機(jī)協(xié)議棧多基于大型CPU使用DPDK技術(shù)實(shí)現(xiàn),軟件方式實(shí)現(xiàn)的IPSec協(xié)議大大增加網(wǎng)關(guān)的負(fù)載,成為網(wǎng)絡(luò)的瓶頸[1],而FPGA具有高速并行的特點(diǎn),可實(shí)現(xiàn)超高速的IPSec處理?;诟咝阅蹻PGA的IPSec安全設(shè)備的實(shí)現(xiàn),可以滿足100G-IPSec協(xié)議棧超高速、超高吞吐量、極低時(shí)延和較多隧道數(shù)的特性。


本文詳細(xì)內(nèi)容請下載:

http://theprogrammingfactory.com/resource/share/2000006223


作者信息:

姬勝凱,王碩,黃毅龍,楊志明,馬賦寧,徐程

(中國電子信息產(chǎn)業(yè)集團(tuán)有限公司第六研究所,北京 100083)


Magazine.Subscription.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。