基于HCR路由器的IPSec系统设计与实现

Design and Implementation of IPSec System Based on HCR

IPSec VPN和分布式路由器技术为网络的安全做出了重大贡献。在路由器上实现IPSec VPN功能模块有着更为重要的意义,这不仅可以保护重要的网络路由数据包及各种网络业务数据包,还可以和其它的VPN技术融合来共同构筑整个IP传输网的安全。本文提出一种基于HCR路由器技术的IPSec VPN系统方案,给出IPSec VPN系统在网络处理器(NPC)上的处理流程以及SPDB/SADB模块和加密/解密模块的设计方案。

IPSec VPN and distributional router technology make great contributions to the safety of network. The lPSec function modules can be implemented on routers. By doing this, we can protect not only the router packets, but also the network service packets. Additionally, the IPSec also can be combined with other VPN techniques to provide security for the IP transport net- work. So it is of more important signifieanee. This paper puts forward a kind of IPSee System scheme based on HCR, and provides the IPSec process flow on Network Processor（NPC）. The design scheme of SADB/SPDB and encryption/decry, ption modules is also provided.