Research And Implementation Of High Performance Secure Access Gateway For Cloud Services

In the secure access of cloud computing,virtual private networks(VPNs)are used to provide secure communication of data between cloud service nodes in different regions.The performance of traditional VPNs as an access gateway operating in the cloud needs to be solved.In order to improve the performance of the security access gateway,this paper studies the VPN forwarding and parallelization technologies to better apply to the secure access gateway in cloud services.First,in order to solve the problem that the traditional VPN can not make full use of the general multi-core server,this paper studies the packet forwarding technology and parallel computing technology of the Data Plane Development Kit(DPDK)applied to the software VPN gateway.The multi-queue feature of the network card combines packet sending and receiving models and thread binding,and utilizes multi-core resources to implement user-interface parallel packet transmission and reception.In order to improve the message forwarding capability,this paper studies the VPN routing algorithm and user address network address translation(NAT),optimizes the DIR-24-8-VPN routing algorithm based on DIR-24-8-BASIC,and improves the secondary routing table.The management method reduces the memory usage and improves the search speed,and combines the characteristics of VPN routes to obtain a DIR-24-8-VPN VPN routing algorithm.The performance test results show that it is superior to traditional Patricia-based routing algorithms in certain scenarios.In addition,the user-state NAT mapping scheme and its deletion strategy are given,and a NAT port reuse algorithm is proposed to increase the maximum number of proxy requests supported by the gateway.In order to make full use of multi-core computing resources to further improve message forwarding capabilities,this paper studies the related technologies for data sharing and traffic distribution between threads when the VPN gateway is parallelizing.A multi-threaded parallel session information management algorithm is proposed,and then a parallel routing algorithm is proposed on the basis of this,to implement efficient route forwarding between two interconnected clients,and then to avoid inter-thread NAT rules and other information Based on the multi-queue technology and flow classification technology of the network card,two kinds of traffic distribution technologies are designed.The test results show that the VPN gateway implemented based on parallelization technology can effectively avoid the exchange of data between cores and increase the number of threads.In theory,the throughput of the VPN gateway can be linearly improved.Finally,this paper designs and implements a message-level parallel multithreaded VPN gateway based on DPDK,and compares it with the existing software VPN gateway.The test results show that the performance of the VPN gateway is better than that of the existing gateway.Meet the needs of secure access gateways in cloud services.