Research And Implementation Of IPSec System Based On Distributed Router

Posted on:2016-11-30

Degree:Master

Type:Thesis

Country:China

Candidate:L Yu

Full Text:PDF

GTID:2298330467971531

Subject:Communication and Information System

Abstract/Summary:

PDF Full Text Request

The rapid development of Internet makes the network environment become morecomplex, so it should be pay more attention to the security of the network.How to preventall kinds of attacks and strengthen the anti-attack capability, which is critical for thesecurity and privacy of the entire network.Router as the key equipment of the Internet, especially the high performance routerwhich adopts the distributed structure should provide the security protectionfor the entirenetwork. IPSec(IP Security)is a series of protocols that IETF task group constituted toprovide security services in the network layer. IPSec protocol suite can realize the mostdemand of network security, provide securityguarantees for transmiting sensitiveinformation in the unprotected Internet. Therefore, the implementation of IPSec systembased on distributed router, which is of great significance to the communication andsecurity of the entire network.In this thesis,the development of IPSec system is based on the distributed router, thissystem is strictly according to the network security protocol standards developed by theIETF.This thesis mainly completed the design and implementation of IPSec system in thedistributed router system. Through the analysis of the key technologies of IPSec,combining the characteristis of distributed router, this thesis puts forward the IPSecencryption/decryption scheme based on the hardware encryption card on the router. Theconcrete scheme about the implementation of IPSec on the distributed router isgiven,including the IPSec system framework design,IPSec function module division, theoverall process flow of IPSec packet processing, etc.At the same time, this thesis studiesthe extended functionality of IPSec, IPSec peers detection mechanism, in combination withthe practical situation of the project, puts forward to use BFD instead of DPD, andanalyzes its feasibility and superiority.Finally we set up the test environment, the basicfunction of the IPSec system was verified through the comprehensive functional testing,performance testing. And the IPSec encryption card uses multi-core processors, which improves the processing performance of encryption/decryption.

Keywords/Search Tags:

IPSec(IP Security Architecture for the Internet), IKE(Internet Key Exchange), Distributed Router, DPD(Dead Peer Detection)

PDF Full Text Request

Related items

1	Research And Realization Of Internet Key Exchange Protocol On IPSec
2	Study Of IPSec Technique And Its Implementation On The Router
3	Implementation Of VPN System In Linux Based On IPSec
4	Research On The Security Application Of The Software Defined Network Slice Based On IKE And IPSec
5	The Router's Internet Key Exchange Based On Digital Certificate
6	Security Alliance’s Design And Application Based On IPSec Protocol
7	The Research On The Architecture And Key Technologies Of High Speed Boundary IPSec Router
8	The Study And Implementation Of The Key Management Of Security Protocol For Advanced Router
9	Research On The Key Technique Of Distributed Internet Telephony Systems Based On Peer-To-Peer Network
10	Analytical Improvement And Implementation For Internet Key Exchange Protocol