Title: 以IXP1200網路處理器製作網際網路封包加密
Implementation of Internet Packet Encryption with IX1200 Network Processor
Authors: 郭泰祥
Tai-Hsiang Kuo
Tsern-Huei Lee
Keywords: 網路處理器;封包分類;封包加密;封包身分認證;Network Processor;Packet Classification;Packet Encyption;Packet Authentication
Issue Date: 2000
Abstract: 隨著網際網路的興起,有越來越多的社會及商業活動都透過網際網路來進行,因此網際網路的安全性日益受到大家的重視。而在現今的網路中,有許多訊務都有安全性的需求,如電子商務和電子郵件等等,相信未來也會有更多的應用需要安全性的服務。因此,網路設備對封包做加解密與身分認證的處理能力將是影響網路安全環境能否成熟的關鍵。 而Intel所生產的網路處理器IXP1200,不僅具有可程式化的高彈性需求,以因應不同的網路應用,也具備了快速處處理封包的能力,所以相當適合用來處理網路上封包的收送與分類的動作。在本篇論文之中我們將利用IXP1200來實現IPSec的架構,並分別考慮二種不同的架構,以分析網路處理器在不同的使用情形下效能的差異。
With the growing use of the Internet, more and more social and business activities have progressed on the Internet. As a result, network security is becoming more and more important to the users. In the existing network, many types of application, such as e-mail, e-commerce and so on, request security service. Therefore, the capability of networking equipment on confidentiality and authentication will affect the maturity of the environment on performing network security. The IXP1200 network processor, which is produced by the Intel, is a fully programmable device that has been specifically designed to handle the high-speed data manipulation requirements of networking equipment. Therefore, it is suitable for receiving and transmitting network packets and performing classification. In this thesis, we utilize the IXP1200 network processor to implement IPSec architectures. We design two schemes to accomplish this mechanism and then analyze the differentiation of the performance of these two schemes.
Appears in Collections:Thesis