摘要
SDH专线是一种目前广泛应用的企业专线,对于重要企业和部门,其安全性至关重要。文中首先简单介绍了SDH及SDH专线的概念,分析了SDH专线的特点和应用方式,然后通过讨论SDH专线的协议分层结构,比较了在不同层次上加密的优缺点,重点是对网络层和物理层加密的比较。接着详细论述了虚容器加密的原理和加密点,给出了点对点和点对多点两种应用方式下的加密方案,论述了虚容器加密在实际应用中的两种实现方式。最后,结合测试结果和理论分析得出结论,相对于IPSec网络层加密,基于虚容器的物理层加密具有线速处理、低时延、低丢包率的特点,是解决SDH专线信息安全的较好方案,尤其适合对服务质量要求较高的实时业务应用。
Nowadays,SDH leased line is a widely-used enterprise leased lines.For some important enterprises or departments,the security of SDH leased line is essential.The features and application modes of SDH leased line are analyzed.The hierarchical structure of SDH leased line is discussed,the encryption schemes of different levels are compared for their advantages and disadvantages.Then the principles of encryption and encryption points based on virtual container are described in detail.And the encryption scheme and the system blocks of SDH encryptor are given,involving both point-to-point mode and point-to-multi-points mode.The theoretical analysis and experiment results indicate that the encryption based on virtual container could provide higher throughput,lower latency,and less frame loss than IPSec in network layer,and is particularly suitable for real-time business applications that require a higher quality of service.
出处
《通信技术》
2010年第5期89-91,共3页
Communications Technology
