基于HCR路由器的IPSec系统设计与实现

计算机与现代化 ›› 2009, Vol. 1 ›› Issue (11): 50-52.doi:

基于HCR路由器的IPSec系统设计与实现

张治元1，孔庆月2

1.长沙通信职业技术学院计算机信息工程系，湖南长沙　410015;2.河北化工医药职业技术学院计算机信息工程系，河北石家庄 050026

收稿日期:2008-11-13 修回日期:1900-01-01 出版日期:2009-11-30 发布日期:2009-11-30

Design and Implementation of IPSec System Based on HCR

ZHANG Zhi-yuan1,KONG Qing-yue2

1.Department of Computer and Information Engineering, Changsha Telecommunications and Technology Vocational College, Changsha 410015, China;2.Department of Computer and Information Engineering, Hebei Chemical and Pharmaceutical Vocational College, Shijiazhuang 050026, China

Received:2008-11-13 Revised:1900-01-01 Online:2009-11-30 Published:2009-11-30

摘要/Abstract

摘要： IPSec VPN和分布式路由器技术为网络的安全做出了重大贡献。在路由器上实现IPSec VPN功能模块有着更为重要的意义，这不仅可以保护重要的网络路由数据包及各种网络业务数据包，还可以和其它的VPN技术融合来共同构筑整个IP传输网的安全。本文提出一种基于HCR路由器技术的IPSec VPN系统方案，给出IPSec VPN系统在网络处理器(NPC)上的处理流程以及SPDB/SADB模块和加密/解密模块的设计方案。

关键词: IPSec, 异构型集群路由器, 安全关联, 因特网密钥交换协议

Abstract: IPSec VPN and distributional router technology make great contributions to the safety of network. The IPSec function modules can be implemented on routers. By doing this, we can protect not only the router packets, but also the network service packets. Additionally, the IPSec also can be combined with other VPN techniques to provide security for the IP transport network. So it is of more important significance. This paper puts forward a kind of IPSec System scheme based on HCR, and provides the IPSec process flow on Network Processor(NPC). The design scheme of SADB/SPDB and encryption/decryption modules is also provided.

Key words: IPSec, HCR, SA, IKE

张治元;孔庆月. 基于HCR路由器的IPSec系统设计与实现[J]. 计算机与现代化, 2009, 1(11): 50-52.

ZHANG Zhi-yuan;KONG Qing-yue. Design and Implementation of IPSec System Based on HCR[J]. Computer and Modernization, 2009, 1(11): 50-52.

[1]	武涛，智洋，白丽珍. GDOI多源多播的研究[J]. 计算机与现代化, 2016, 0(5): 51-54.
[2]	黄益彬;吕洋;杨维永. 智能终端网络安全防护设计[J]. 计算机与现代化, 2012, 208(12): 106-109.
[3]	梁军;聂瑞华. 基于IPSec的VPN技术的研究[J]. 计算机与现代化, 2009, 1(11): 57-59.