Design Of Ipsec Key Modules Of Forces Based VPN And Implementation On Network Processor

To overcome the disadvantages of closeness,monopolistic and poor flexibility of current network equipment,ForCES working group of Internet Engineering Task Force in routing area proposes architecture of router with the separation of Forwarding Element and Control Elemenc. With the development of Internet and the wide use of computer networks, information security is getting more and more important.Therefore,the openness and security of the next generation network has presently become the ForCES working group's important research direction.The primary research works of this paper are several key technologies in the implementation of VPN on ForCES architecture which based on network processor,such as:(1) Designing the overall VPN construction according to the ForCES architecture.(2) Modeling of VPN related LFBs according to ForCES FE model.(3) Assigning the resource of network processor efficiently according to the characteristic of it.(4) Researching on the configuration protocol of VPN which based on the ForCES architecture and so on. Based on the research of above key technologies,the main work of this paper is included as following aspects:·Proposed a ForCES-based VPN architecture based on network processor,causing the VPN to expand extremely flexibly.·Proposed the model of IPsec inbound and outbound processing LFB based on ForCES architecture.The third party of safety management software may carry on the development based on these LFBs while not to care about the detail of hardware realization.·Developed and implemented IPsec VPN related LFBs in the Intel IXA architecture,and verified the validity of LFB models proposed by this paper.·Designed and implemented of configuration protocol of IPsec SA between kernel space and user space of embeded linux system of NP,which is based on the Character Device Driver mechanism. The management of IPsec SA is of specification and expansion when the user space and kernel space followed this protocol.We have implemented a ForCES-based VPN prototype based on Intel NP platform.Several tests are done on the prototype.Test result shows that the function of the VPN is correct and highly efficient.The architecture proposed by this paper testifies the feasibility of ForCES specification and provides the important technical parameter for the ForCES application.