| With the rapid development of economy and Internet technology,the internal networks of various social institutions,such as corporate enterprises,universities and government,have become increasingly large.The increasingly abundant resources of internal networks and the demand of diversified office scenarios have led to the demand for communication between private networks in different regions.There is an increasing demand for the public Internet to access private networks.Under such circumstances,how to make employees in different regions safely,efficiently and conveniently access the office network within an enterprise becomes an important issue;as an important solution to the problem,SSL VPN technology is gradually developed and popularized.In this paper,the SSL VPN gateway link management technology is studied from two aspects: the concurrent connection management capability of the SSL VPN gateway server and the key negotiation performance over the SSL VPN link.In this thesis,SSL VPN link management,server concurrent connection management technology.By analyzing the commonly used thread pool-based concurrent connection management model,it points out that there are some problems in the use of thread pool.When the number of worker threads in a thread pool is too small,the system resources can not be fully utilized and the switching between threads is frequent,affecting the system operation efficiency,resulting in the user's request can not be timely response;when the number of worker threads in the thread pool is too large,Will result in system waste of resources.In extreme cases,system resources(stack space,limited resources such as file descriptors)will be exhausted,affecting the stability of the system.Based on the average of the adaptive algorithm is a commonly used dynamically changing the size of the thread pool algorithm can weaken the above problems to some extent,but based on the average adaptive algorithm to the response time lag,the number of threads in the thread pool Predictors are single and unstable,resulting in low utilization of resources and insufficient concurrency in thread pools.Therefore,this paper proposes a segment-based adaptive algorithm to dynamically change the size of the thread pool.Therefore,this paper proposes a change thread pool dynamic adaptive algorithm based on segmentation to the size of the concurrent use of two algorithms for connection management model experiment results show that in dealing with the same number of concurrent requests,using the adaptive algorithm based on segmented connection management model unit time processing request number,system throughput high concurrent performance.In this thesis,SSL VPN link management,SSL link on the key technologies related to research.Through the research and analysis of Diffie-Hellman algorithm,which is commonly used in SSL link key agreement,the proportion of time consumed by Diffie-Hellman algorithm to generate key pair is larger in the process of SSL key agreement,while the core of key pair generation is Generation of large primes.The Diffie-Hellman algorithm exists in the process of generating large prime numbers.When the Miller-Rabin test is used,the number of composite numbers is too large,that is,there is a problem that the range of prime detection is too wide.This paper presents a method of large primes preprocessing to accelerate large prime numbers generate.At the same time,with the idea of parallel processing in the SSL hardware acceleration solution,a key negotiation optimization model based on parallel processing is proposed.The key agreement process is optimized based on the Diffie-Hellman algorithm.The comparison experiment shows that the key agreement process using the optimization model can effectively reduce the time consumed by the SSL handshake and optimize the key negotiation performance of the SSL link. |
PDF Full Text Request