Title: 以IXP1200網路處理器製作網際網路封包認證
Implementation of Internet Packet Authentication with IXP1200 Network Processor
Authors: 蔣佳紋
Chia-Wen Chiang
Tsern-Huei Lee
Keywords: 網路處理器;認證;Network Processor;Authentication
Issue Date: 2000
Abstract: 隨著網際網路的快速發展,原本在網路上使用的應用程式,現在都會加上安全性的機制,但目前所使用的安全機制都是以較上層的應用程式為考量,若是想要在兩個使用者之間建立一個絕對安全的通道,則必須使用一種屬於網路層的新安全機制—IP Security Protocol (IPSec),它可以將兩個使用者間所傳送的所有封包做加密,並同時做到使用者間的身份確認。因此若是在每個分公司的出口閘道器加上IPSec的機制,就可讓分散於各地的公司能達到VPN的效用。 這篇論文主要是利用IXP1200網路處理器實現封包認證的動作,我們選擇在網路處理器上實現的原因是它較有彈性,它可針對新發展的應用程式隨時做不同的調整,並可以做到以全速的速度傳送封包。IXP1200網路處理器內包含一個一般用途的 StrongARM 處理器,和六個特殊用途的微控制單元,利用StrongARM和六個微控制單元,可讓封包認證時,達到快速且有彈性的結果。
With the rapid growth of Internet, many applications used in the network will have security concerns. But at present, the security mechanisms are based on different upper layer applications. If we want to setup an entire secure tunnel between two users, a new security mechanism belonging to Network layer– IP Security (IPSec) is required. IPSec will encrypt and authenticate any packet transmitted between two users. The VPN service is enabled if IPSec is implemented on the access gateway of each branch office of a company around the world. In this thesis, we implement Internet packet authentication with Intel IXP1200 Network Processor. The reason we choose the network processor as our workbench is that it is more flexible. It can support the flexible development of new applications and can forward IP packets at line speed. The IXP1200 Network Processor combines the general-purpose processor - StrongARM with six special-purpose Microengines. By programming the StrongARM processor core and six Microengines, a fast and flexible Internet packet authentication is achieved.
Appears in Collections:Thesis