摘要
在信息安全领域快速发展的形势下,SSL VPN(secure socket layer virtual private network)作为主流安全访问及控制系统得到了广泛应用。随着千兆、万兆网络的发展,用户对于网络访问的速度要求更高,传统的软件实现SSL VPN已经无法满足网络高速发展的需求。在对SSL协议深入研究的基础上,提出基于SSL专用处理器和TCP硬核的SSL协议芯片设计模型,该设计采用TCAM(ternary content access memory)+SRAM的策略查找映射方式,有效降低系统开销,提升SSL的处理速度。针对VPN通信流的特点,将访问控制与VPN隧道、转发机制紧耦合,从而增强网络安全性。基于此模型设计的高速SSL协议芯片,可通过简单改变系统配置参数应对不同的网络环境,使其既可以工作在虚拟网络模式下,又可以工作在代理模式下,满足了多样化、快速化网络部署需求。
In the context of rapid development in the field of information security,SSL VPN is widely used as the mainstream security and control system.With the development of 1000Mbps and 10Gbps network,users have higher requirements on the speed of network access,and the traditional software implementation of SSL VPN has been unable to meet the needs of high-speed network development.Based on the deep research of SSL protocol,a SSL protocol chip design model is presented based on SSL ASIP and TCP hard core.The policy search mapping method of TCAM+SRAM is adopted to effectively reduce system overhead and improve the SSL processing speed.According to the characteristics of VPN communication stream,the access control is tightly coupled with VPN tunnel and transmission mechanism to enhance network security.The design of high speed SSL chip can response to different network environments by simply changing the configuration parameters of system,so it can work at virtual mode and agency mode which satisfy the need of diversity and rapid network deployment.
作者
桂祚勤
孟涛
崔广财
林存花
陈浩涓
GUI Zuo-qin;MENG Tao;CUI Guang-cai;LIN Cun-hua;CHEN Hao-juan(Jiangnan Institute of Computing Technology,Wuxi 214000,China)
出处
《计算机技术与发展》
2020年第6期94-98,共5页
Computer Technology and Development
基金
国家自然科学基金(6732018)。
