| With the construction of100Gbps backbone network and the popularization of thesingle channel10Gbps communication interfaces, the safe and controllable highperformance network security equipment with independent innovation is the foundationof network information security in the age of big data. Now, the performance of thenetwork security equipment is far behand the network equipment. Research and developthe single channel10Gbps network security processor which is the core chip in the highspeed network security equipments is extremely urgent.A single channel10Gbps in-line network security processor(NSP) architecture isproposed, which integrates the single channel10Gbps Ethernet data transfer, the IPSecnetwork security protocol processing and the crypto operation. A series of keytechnologies in the data transfer and protocol processing are resolved by using the novelarchitecture.A crossbar two-bus data transfer topology based on pipeline is proposed, whichsignificantly reduces data congestion in shared bus, and the data transfer rate reaches16Gbps. By modifying the iSLIP scheduling algorithm in the crossbar, the high efficientscheduling for the changeable length packets realized and the data transmissionefficiency is86.6%. A shared and distributed two-stage buffering mechanism isproposed, and the packet loss rate in the single channel10Gbps data receiving andtransferring drops greatly by optimizing the number of the distributed FIFO buffers. Ahigh-speed data query method is proposed and implemented. It reduced the steps oflook-up and omitted the usage of TCAM, the look-up speed reached up to11.9Gbps,also the area and power dissipation reduced effectively. Moreover, an off-chip scalablestrategy for crypto algorithms is proposed, and the custom-specific crypto algorithmsoff-chip can replace the common ones on the chip.Based on the above ideas, the whole architecture of the single channel10Gbpsinline NSP is hardware designed and simulated. The core-part of the design whichintegrates the single channel10Gbps serial port,16AH cores,16HMAC-SHA-1coresand the controller is implemented based on the SMIC65nm CMOS technology. Thechip area is2.4x3.1mm2with3.7million gates. The chip is tested based on a self-designed single channel10Gbps high speed test platform. The test resultsdemonstrate that the error count of the single channel10Gbps SerDes under10Gbpsdata rate and PRBS27-1is10-13and the data throughput in the IPSec AH transport modesatisfied the10Gbps in-line NSP requirement under the clock rate of200MHz. Inaddition, all the key modules in the design are FPGA implemented and verified.Combining the test and verified results, the single channel10Gbps in-line NSP structureis correct and feasible, and satisfies the10Gbps Ethernet security application. |
PDF Full Text Request