| With the rapid popularization of Internet in the world, any data can be transmitted through IP. But IP protocol is transparent itself and out of any protection.Therefore, how to safeguards the security of IP transmission is a very big problem to resolve.The IPSec software subsystem explored in this thesis is an important part of ZXR10 software system. Complying with the IETF formulation network security agreement standard, it provides high quality security protect with alternately operation and the encryption on IPv4 and IPv6 on the network level.In the paper, Basing on the ZXR10 software system, we realized the Internet key exchange module, encryption and decryption module, IPSec transmit module, security association database and security policy database synchronization or management module. Thereof, the IKE module which conforms to the TCP/IP protocol in protocol task, accomplishes IPSec key exchange and maintenance. Other modules run in the various ZXR10 router items. As the base module which supports a correlation between IPSec encryption and decryption, the encryption and decryption module can provide public encryption and decryption for IKE module and IPSec operation module. The IPSec management module deals with encapsulation of TCP/IP data packet that satisfies IPSec policy. Security association database and Security policy database synchronization and management module mainly accomplish SAD/SPD maintenance.So far the IPSec subsystem researched by this thesis has been used in many patterns of ZTE router product, and its running instance is well. |
PDF Full Text Request