| As globality and informationization rapidly developed, the increasement of network bandwidth and network security issue emerging in endlessly put forward new requirements for the performance of network data packet processing.In recent years, VPN products and services had rapid market growth, it used a virtual channel comparing with a pratical dedicated line when in the long-distance data transmission networks. It reduced the expenses required for the rental of dedicated line and improved efficiency. At present, VPN was implemented in several ways and worked at different layer, such as PPTP, L2TP, IPsec, MPLS, SSL and so on. IPSec is a VPN based on IP layer protocol specification and provided a strong interoperability, quality and cryptography-based security mechanisms for IPv4, IPv6, and currently is a primary VPN implementation.The firewall provides an enforced access control mechanism between network and systems that is an important means of ensuring network security. Firewall, the most basic and core technology is a packet filtering technology, which by controlling access to network data traffic control network security.With the increasing number of Internet users, and the constant introduction of new services, network bandwidth, network capacity growth put forward a new request. As a new generation of support for VPN firewall products, the ability to forward must be improved for the performance requirements up to an unprecedented height.In order to more quickly handle a large number of network traffic as well as to complete the complex network processing tasks and improve performance of network processing, network processor (NP) became a new solution. Because of the use of optimized network processor architecture, a dedicated instruction set and hardware units, compared with pure software solutions it had markedly improved the processing speed; and software programmable, scalable, with a high degree of flexibility, able to quickly achieve the new standards, services, applications, network services to meet the complex diversity of requirements And comparing with ASIC solutions, it had shorter development cycles, faster return on investment. Therefore, the use of NP framework for dealing with network traffic became a reasonable, high-performance solution. At present, NP primarily adopted the architecture of ARM & coprocessor.In order to better meet these requirements, this paper presented a new design. The design adopted Intel EP80579 integrated processor which is comprised of x86 & coprocessor and its peripheral modules as the hardware platform. It also used Linux as the operating system, ported the open-source applications to the platform, by adding device driver of co-processors and peripherals as well as kernel module of packet processing, the application found a path to access the hardware platform. By co-processor programming, it completed packet processing functions to achieve high-performance VPN firewall. The design took full advantage of the hardware co-processor for packet processing, released the pressure of CPU. And software modification and product upgrade performed easily. So it had great flexibility to meet the complex changing demands of the network environment. The paper demonstrated that collabration of RISC x86 and RISC coprocessor for network security can work asa highly effective new treatment solution. |
PDF Full Text Request