Abstract: Rethinking the requirements of next generation trustworthy network, this paper uses the idea of separate policy management from data processing for reference, and puts forward a design of security mechanism based on specific chips with distributed implementation and centralized management for high-performance core router. System test proves the correctness and feasibility of this design. It provides security protection with high performance on the foundation of high reliability, and meets the basic requirements of real-time encryption/decryption in next generation backbone.

Key words: core router, security mechanism, IPSec, cipher chip

摘要： 分析下一代可信网络的需求，讨论现有的几种设计方案，借鉴策略管理和数据处理相分离的思想，提出一种集中式管理的基于专用加密芯片的高性能核心路由器中安全机制的设计方案。系统测试结果表明，该方案在保障高效转发性能的基础上能够提供高性能的安全防护，基本满足下一代骨干网中的实时加解密需要。

关键词: 核心路由器, 安全机制, IPSec协议, 加密芯片

CLC Number: 

• TP309