| IPSec (IP Security) is a series of protocols that IETF IPSec task group constituted to protect IP communication. It consists of security protocols and the Internet key negotiation. Security protocols define the security mechanism to protect communication. Internet key negotiation defines how to negotiate the parameters for security protocols and how to authenticate peers.IPSec can be implemented on various devices, for example, integrated with computer OS or mobile terminals. However, the IPSec function modules can be implemented on routers. By doing this, we can protect not only the router packets, but also the network service packets. Additionally, the IPSec also can be combined with other VPN techniques to provide security for the IP transport network. So it is of more important significance.In the research area, the contributions of the paper are listed as follows:1. Presents an implementation scheme of IPSec subsystem on distributed router. The scheme is designed according to the international standards strictly. It provides the IPSec process flow on Router Processor Unit (RPU), Network Processor (NPC) and Security Process Card. the design scheme of SADB/SPDB and encryption/decryption modules is also provided.2. Presents a design scheme of IKE subsystem. The scheme pays more attention to the key negotiation function of IKE. Therefore, the implementation of IKE using this scheme can negotiate security parameters not only for IPSec, but also for other security protocols. |
PDF Full Text Request