Research Of Performance SSL VPN System Based On DPDK

With the development of network technology,the network bandwidth has also developed to the level of 1G and 10 G,but the performance of the server to process network packets is getting lower and lower.In order to cope with the current situation that the packet capture mechanism in the SSL VPN system cannot match the existing bandwidth,this paper proposes an SSL VPN design scheme based on the DPDK(Data Plane Development Kit),which aims to break through the performance bottleneck of the traditional server and improve the data processing capabilities of the SSL VPN gateway.This paper designs a high-performance SSL VPN system scheme based on DPDK technology and user-mode network protocol stack and implements its prototype.The system is divided into three modules: data packet receiving,VPN function and data packet forwarding.The data packet receiving module is responsible for receiving and parsing data packets related to the client.The underlying data packet capture is based on the DPDK highspeed I/O processing framework,and the ported user mode protocol stack F-stack is used to analyze the data packets.The high-performance data packet communication between the server and the client provides a data basis for the VPN function module.The VPN function module(the packet processing module)completes functions such as tunnel negotiation,client management,SSL communication within the VPN.The SSL communication protocol based on F-Stack is designed to realize the connection with the F-Stack framework.The data packet forwarding module is responsible for interacting with the intranet host using the characteristics of DPDK to communicate directly with the network card to abandon the traditional VPN virtual device interface,and designing the protocol by formulating policy routing and message reconstruction,implements data communication with the intranet service server.Using the above core technology,the integrated system will be used to build SSL VPN servers to achieve a high performance SSL VPN system.The experimental results show that under the high-speed traffic environment,the SSL VPN system based on the DPDK highperformance data processing framework has higher throughput than the SSL VPN system of the traditional Linux kernel protocol stack,and fully exerts the transmission efficiency of network security equipment.