多通道10G網(wǎng)絡(luò)安全設(shè)備的設(shè)計(jì)與實(shí)現(xiàn)
網(wǎng)絡(luò)安全與數(shù)據(jù)治理
王碩1,胡現(xiàn)剛2,楊歡1,黃毅龍1,姬勝凱1
1.中國電子信息產(chǎn)業(yè)集團(tuán)有限公司第六研究所; 2.南部戰(zhàn)區(qū)海軍參謀部
摘要: 針對(duì)數(shù)據(jù)中心服務(wù)器間數(shù)據(jù)安全傳輸需求,提出一種多通道10G網(wǎng)絡(luò)安全設(shè)備設(shè)計(jì)方案。此方案以國產(chǎn)高性能FPGA和CPU為核心,通過雙向認(rèn)證協(xié)商方式建立VPN通道,基于IPSec VPN技術(shù)實(shí)現(xiàn)10路10G業(yè)務(wù)數(shù)據(jù)保護(hù)服務(wù)。搭建測(cè)試環(huán)境對(duì)樣機(jī)進(jìn)行測(cè)試驗(yàn)證,測(cè)試結(jié)果表明,1 400 B包長(zhǎng)下,每個(gè)通道可完成不小于9.4 Gb/s吞吐率的IPSec安全傳輸。
中圖分類號(hào):TN918.4;TP309文獻(xiàn)標(biāo)識(shí)碼:ADOI:10.19358/j.issn.2097-1788.2024.10.002
引用格式:王碩,胡現(xiàn)剛,楊歡,等.多通道10G網(wǎng)絡(luò)安全設(shè)備的設(shè)計(jì)與實(shí)現(xiàn)[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2024,43(10):7-13,35.
引用格式:王碩,胡現(xiàn)剛,楊歡,等.多通道10G網(wǎng)絡(luò)安全設(shè)備的設(shè)計(jì)與實(shí)現(xiàn)[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2024,43(10):7-13,35.
Design and implementation of multi-channel 10G network security device
Wang Shuo1,Hu Xian′gang2,Yang Huan1,Huang Yilong1,Ji Shengkai1
1.The 6th Research Institute of China Electronics Corporation;2.Naval Staff Department of the Southern Theater Command
Abstract: A design scheme of multi-channel 10G network security device is proposed to meet the demand for secure data transmission between severs in a data center.Using domestic high-performance FPGA and CPU,this solution establishes a VPN channel through bidirectional authentication and negotiation,and implements 10-channel 10G business data protection services based on IPSec VPN technology.A test environment was built to test and verify the prototype. The results show that under a packet length of 1 400 B, each channel can achieve IPSec transmission with a throughput rate of no less than 9.4 Gb/s.
Key words : network security;IPSec; multi-channel;10G
引言
針對(duì)數(shù)據(jù)中心服務(wù)器間數(shù)據(jù)安全傳輸?shù)男枨螅叫柩兄贫嗤ǖ?a class="innerlink" href="http://www.j7575.cn/tags/10G" target="_blank">10G網(wǎng)絡(luò)安全設(shè)備,通過IP加密技術(shù)構(gòu)建VPN來動(dòng)態(tài)構(gòu)建和劃分安全域,為服務(wù)器提供網(wǎng)絡(luò)層數(shù)據(jù)傳輸保護(hù)服務(wù)。
由于軟件方式實(shí)現(xiàn)的IPSec協(xié)議大大增加了網(wǎng)關(guān)的負(fù)載,成為網(wǎng)絡(luò)的瓶頸[1],本文提出了一種基于CPU+FPGA的架構(gòu)方案,采用2U機(jī)箱平臺(tái)加模塊結(jié)構(gòu),模塊間松耦合,模塊自身功能高度內(nèi)聚,降低開發(fā)調(diào)試復(fù)雜度,同時(shí)提高設(shè)備可靠性。
本文詳細(xì)內(nèi)容請(qǐng)下載:
http://www.j7575.cn/resource/share/2000006190
作者信息:
王碩1,胡現(xiàn)剛2,楊歡1,黃毅龍1,姬勝凱1
(1.中國電子信息產(chǎn)業(yè)集團(tuán)有限公司第六研究所,北京100083;
2.南部戰(zhàn)區(qū)海軍參謀部,廣東湛江524000)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。