Construction Of A VPN Security Gateway Over IXP425 Network Processor

Networks, along with the explosive growth of the Internet, develope quickly and make our lives more convenient and efficient. However, at the same time, people may face much more network security problems. We should pay more attention to security problem. As an efficient, robust and flexible platform, NP-based embedded system has been widely used in the area of network device development, such as construction of security gateway.Nowadays, VPN based on IPSec protocol has been a widely used technology in network security area. The main work of this paper could therefore be summarized as follows:An integrated platform over IXP425 network processor for multifunctional embedded network applications with our own IP (Intellectual Property) is designed. The author reserves the most important modules on a compact high-density six-layer core board, including processor, memories, controllers and extended interfaces. Based on this core board, a lot of embedded applications can be realized, such as network devices. In order to fulfill all the requirements of a network device, an extended board is customized according to specific functions. Both of them as an efficient integrated hardware platform can construct a security gateway.A novel type of universal software architecture named Fastpath which is purposely designed and optimized for Network Element (NE) in the Next Generation Networks (NGN), under Linux, is proposed. Furthermore, this paper implemented static routing software based on Fastpath. Fastpath is one of the best choices when using software method to design network device function. It can reduce CPU utilities and latency, realizethe division of data plane and control plane, and provide a basic frame which has flexibility and scalability, for network device operation system.Illustrate the experience in developing IPSec-based VPN security gateway, and offloading IPSec processing to NPEs and coprocessors by using components in IXP425 software AccessLibrary. By making use of hardware acceleration, offloading scheme improves the performance of the system dramatically.Investigate the performance issues both internally and externally. Through the benchmarks, the author analyzes the performance of the system and identifies that XScale is the bottleneck of the system. Furthermore, the author proposes the scheme offloading more processing to NPEs and coprocessors to further improve the performance.