SSL VPN Performance Improvement Research Based On Hardware-accelerated Devices

SSL VPN use authentication, data encryption, virtual tunnel, access control, portforwarding technology, the same time in the service and client support. SSL VPN marketis booming, the State Encryption Administration to regulate the manufacturers SSL VPN,which use different cryptographic algorithms SSL protocol specification and unity canfollow unified SSL VPN technical specifications in2008. For encryption standardalgorithm many manufacturers quickly introduce the corresponding hardware accelerationdevice, to improve the performance of the Data Encryption.First summarizes key technology research scholars on SSL VPN performance boost.Test analysis was based on a mature domestic market using hardware accelerated SSLVPN devices based on its data throughput. The tests show that the tunneling performanceand data encryption performance can not meet the1000Mbps market demand. In-depthanalysis of key technologies and working mechanism and application requirements of SSLVPN, proposing two alternatives: One is parallel tunnel complex. Single tunnel mode cannot effectively take advantage of multi-core CPU parallel processing performance. Run inparallel through the tunnel on a different CPU core, can greatly improve the utilization ofmulti-core CPU and data transfer bandwidth SSL VPN. Anather is data packets combining.Hardware acceleration device used to share the load of the CPU data encryption, makinglarge blocks of data encryption Gigabit throughput. Leading to network protocol,encrypted data block is too small, multiple small blocks of data reorganized into a singlelarge data block through data packets combining can take full advantage of the hardwareacceleration hardware performanced and SSL VPN encryption data throughput.Finally have achieved improvement of SSL VPN acceleration system and detailed teston the Linux platform. The experimental data show that parallel tunnel reusing cansignificantly improve multicore CPU utilization and data transmission bandwidth, upgradeto2to5times. Using data packets combining based on parallel tunnel reuse cansignificantly enhance SSL VPN data encryption throughput, upgrade to2to4times.