Research On DPDK Based VPN End-to-End Secure Transmission Technology

With the rapid development of network technology,the scale of the Internet is expanding,the overall number of users and the scale of network traffic are rapidly increasing,mobile remote access technology is widely used,and end-to-end security technology,as one of the most widely used and highest security performance technologies,has received widespread attention,especially when facing important information data networks without encrypted transmission,end-to-end security transmission transformation It is an important task to improve network security,but the traditional end-to-end security technology such as IPSec VPN faces the status quo of low data reception efficiency and mismatch between processing capacity and current high traffic data transmission.Therefore,for end-to-end security transmission in the face of high traffic data,it is of great significance and necessity to improve the processing efficiency of the system by how to quickly process packets and break the performance bottleneck faced in the traditional way.The main research of this paper is as follows:(1)propose a design scheme for high-speed secure data transmission in end-to-end mode,and after comparing the current mainstream VPN technologies,choose to use the most widely used and strongest security IPSec VPN to ensure the security of data transmission,DPDK technology can minimize system overhead and enhance system performance,combine DPDK and IPSec VPN technology to effectively improve system processing The combination of DPDK and IPSec VPN technology can effectively improve the system processing efficiency and break the performance bottleneck in the traditional IPSec VPN approach.This paper completes the design of a high-performance IPSec VPN system solution based on DPDK,which is divided into three modules: data reception,data forwarding and data processing.The data reception module is responsible for completing the capture of data packets.The data reception module uses DPDK technology to provide the basis for the system processing module with data messages using its high-speed I/O processing framework and high-efficiency data capture features.The data processing module implements the functions of data policy lookup and IPSec processing in the user state,and completes the encapsulation and encryption of data packets.The data forwarding module is responsible for forwarding the packets sent by the client and processed by the data processing module to the destination host.(2)Complete the implementation of the system designed in this paper,in which the data reception module includes the initialization of the underlying driver and the reception of packets based on the port queue.The data processing module gets the unique SA based on the triad information of the packet,obtains the encapsulation method(AH/ESP)and encryption policy of the packet,and completes the work of IPSec processing.The data forwarding module includes route forwarding and ARP functions,and the data forwarding module design is realized by adding static routing table and KNI module to complete route forwarding and ARP functions respectively.(3)An experimental scenario in end-to-end mode is built,and data reception,processing and forwarding are completed in end-to-end mode.The feasibility of the proposed design scheme is verified through the analysis of the experimental results.