计算机工程 ›› 2008, Vol. 34 ›› Issue (7): 173-175.doi: 10.3969/j.issn.1000-3428.2008.07.061

• 安全技术 • 上一篇    下一篇

核心路由器中安全机制的分布式设计与实现

胡宇翔,兰巨龙,程东年,王浩学   

  1. (国家数字交换系统工程技术研究中心,郑州 450002)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-04-05 发布日期:2008-04-05

Distributed Design and Realization of Security Mechanism in Core Router

HU Yu-xiang, LAN Ju-long, CHENG Dong-nian, WANG Hao-xue   

  1. (National Digital Switching System Engineering & Technological R&D Center, Zhengzhou 450002)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-04-05 Published:2008-04-05

摘要: 分析下一代可信网络的需求,讨论现有的几种设计方案,借鉴策略管理和数据处理相分离的思想,提出一种集中式管理的基于专用加密芯片的高性能核心路由器中安全机制的设计方案。系统测试结果表明,该方案在保障高效转发性能的基础上能够提供高性能的安全防护,基本满足下一代骨干网中的实时加解密需要。

关键词: 核心路由器, 安全机制, IPSec协议, 加密芯片

Abstract: Rethinking the requirements of next generation trustworthy network, this paper uses the idea of separate policy management from data processing for reference, and puts forward a design of security mechanism based on specific chips with distributed implementation and centralized management for high-performance core router. System test proves the correctness and feasibility of this design. It provides security protection with high performance on the foundation of high reliability, and meets the basic requirements of real-time encryption/decryption in next generation backbone.

Key words: core router, security mechanism, IPSec, cipher chip

中图分类号: