《電子技術(shù)應(yīng)用》
您所在的位置:首頁 > 通信與網(wǎng)絡(luò) > 設(shè)計應(yīng)用 > 多通道10G網(wǎng)絡(luò)安全設(shè)備的設(shè)計與實現(xiàn)
多通道10G網(wǎng)絡(luò)安全設(shè)備的設(shè)計與實現(xiàn)
網(wǎng)絡(luò)安全與數(shù)據(jù)治理
王碩1,,胡現(xiàn)剛2,,楊歡1,,黃毅龍1,,姬勝凱1
1.中國電子信息產(chǎn)業(yè)集團(tuán)有限公司第六研究所,; 2.南部戰(zhàn)區(qū)海軍參謀部
摘要: 針對數(shù)據(jù)中心服務(wù)器間數(shù)據(jù)安全傳輸需求,,提出一種多通道10G網(wǎng)絡(luò)安全設(shè)備設(shè)計方案,。此方案以國產(chǎn)高性能FPGA和CPU為核心,,通過雙向認(rèn)證協(xié)商方式建立VPN通道,,基于IPSec VPN技術(shù)實現(xiàn)10路10G業(yè)務(wù)數(shù)據(jù)保護(hù)服務(wù),。搭建測試環(huán)境對樣機(jī)進(jìn)行測試驗證,測試結(jié)果表明,,1 400 B包長下,,每個通道可完成不小于9.4 Gb/s吞吐率的IPSec安全傳輸。
關(guān)鍵詞: 網(wǎng)絡(luò)安全 IPSec 10G
中圖分類號:TN918.4,;TP309文獻(xiàn)標(biāo)識碼:ADOI:10.19358/j.issn.2097-1788.2024.10.002
引用格式:王碩,,胡現(xiàn)剛,楊歡,,等.多通道10G網(wǎng)絡(luò)安全設(shè)備的設(shè)計與實現(xiàn)[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,,2024,43(10):7-13,,35.
Design and implementation of multi-channel 10G network security device
Wang Shuo1,,Hu Xian′gang2,Yang Huan1,,Huang Yilong1,,Ji Shengkai1
1.The 6th Research Institute of China Electronics Corporation;2.Naval Staff Department of the Southern Theater Command
Abstract: A design scheme of multi-channel 10G network security device is proposed to meet the demand for secure data transmission between severs in a data center.Using domestic high-performance FPGA and CPU,this solution establishes a VPN channel through bidirectional authentication and negotiation,and implements 10-channel 10G business data protection services based on IPSec VPN technology.A test environment was built to test and verify the prototype. The results show that under a packet length of 1 400 B, each channel can achieve IPSec transmission with a throughput rate of no less than 9.4 Gb/s.
Key words : network security;IPSec; multi-channel;10G

引言

針對數(shù)據(jù)中心服務(wù)器間數(shù)據(jù)安全傳輸?shù)男枨螅叫柩兄贫嗤ǖ?a class="innerlink" href="http://forexkbc.com/tags/10G" target="_blank">10G網(wǎng)絡(luò)安全設(shè)備,,通過IP加密技術(shù)構(gòu)建VPN來動態(tài)構(gòu)建和劃分安全域,,為服務(wù)器提供網(wǎng)絡(luò)層數(shù)據(jù)傳輸保護(hù)服務(wù)。

由于軟件方式實現(xiàn)的IPSec協(xié)議大大增加了網(wǎng)關(guān)的負(fù)載,,成為網(wǎng)絡(luò)的瓶頸[1],,本文提出了一種基于CPU+FPGA的架構(gòu)方案,采用2U機(jī)箱平臺加模塊結(jié)構(gòu),,模塊間松耦合,,模塊自身功能高度內(nèi)聚,降低開發(fā)調(diào)試復(fù)雜度,,同時提高設(shè)備可靠性,。


本文詳細(xì)內(nèi)容請下載:

http://forexkbc.com/resource/share/2000006190


作者信息:

王碩1,胡現(xiàn)剛2,,楊歡1,,黃毅龍1,姬勝凱1

(1.中國電子信息產(chǎn)業(yè)集團(tuán)有限公司第六研究所,,北京100083,;

2.南部戰(zhàn)區(qū)海軍參謀部,廣東湛江524000)


Magazine.Subscription.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),,未經(jīng)授權(quán)禁止轉(zhuǎn)載,。