| With the rapid development of network technology, faster and faster speed of the transmission of the network is achieved, and more and more high performance of the key network device system is required by system. As a security platform of forwarding data, it’s easy for IPSec VPN to become the bottleneck of network system. The problem in traditional IPSec VPN systems is that, they have a poor performance module of encryption and decryption and do not use the advantage of system’s multi-core CPU.This thesis mainly studies the acceleration technology of IPSec VPN system. By analyzing the cryptographic module of IPSec VPN system and the parallel network protocol on multi-core processor, two acceleration technologies are proposed. One is the technology of asynchronous parallel encryption on the multi-card, and the other is the technology of parallel IPSec protocol on multi-core processor systems.According to the technology of asynchronous parallel encryption on the multi-card proposed above, this thesis implements a multi- card asynchronous parallel encryption model for IPSec VPN system. This model uses cryptographic card to replace the CPU for executing compute-intensive operations of encryption and decryption, and releases the CPU from the work of encryption and decryption, which improve the performance of IPSec VPN system’s encryption and decryption. Taking the advantage of work queue mechanism of the Linux OS, this thesis improves traditional IPSec VPN system’s synchronous encryption method and make the cryptographic card work in the asynchronous method. In the meanwhile, a minimum waiting time algorithm designed and implemented in this model to schedule the cryptographic task of the cryptographic card, makes the time of handling packets minimum. By improving the running method of IPSec VPN system’s cryptographic module, the technology of asynchronous parallel encryption on the multi-card, give the IPSec VPN system a higher performance.Based on the technology of parallel IPSec protocol on multi-core processor systems, this thesis designs and implements a model of IPSec protocol on multi-core processor. This model makes use of the mechanism of multi-queue network card, Processor affinity and soft interruption of Linux OS, and implements IPSec VPN system based on packet’s multi-core parallel processing. To solve the problem that Linux kernel alwaysallocates and releases a structure of sk_buffer for every packet, which gives the kernel’s memory managing modules a poor performance, algorithm of reusing packet queue is designed and implemented, a detail introduction of implementing this algorithm under the circumstance of multi-core processor is made.This thesis implements and tests the two accelerate technologies. The testing result proves that both of the accelerating technologies can improve the performance of IPSec VPN system. Finally, a deep analysis of these technologies is achieved. |
PDF Full Text Request