共查询到19条相似文献,搜索用时 156 毫秒
1.
随着网络安全技术的发展,越来越多网络安全协议出现,因此需要网络转发设备对网络安全协议提供支持.可编程数据平面由于其协议的无关性,能够实现安全协议的快速部署.但当前可编程数据平面存在包头多次解析、独占数据平面和密码算法实现难的问题.针对上述问题,该文提出一种面向安全协议的虚拟化可编程数据平面(VCP4),其通过引入描述头降低包头解析次数,提高包头解析效率.使用控制流队列生成器和动态映射表实现可编程数据平面的虚拟化,实现多租户下数据平面的隔离,解决独占数据平面问题.在VCP4的语言编译器中添加密码算法原语,实现密码算法可重用.最后针对VCP4资源利用率,虚拟化性能和安全协议性能进行实验评估,结果显示在实现功能的基础上带来较小的性能损失,且能降低50%的代码量. 相似文献
2.
虚拟网络安全是云计算安全的重要组成。为了保障虚拟网络流量的可控性和安全性,文中提出了一种基于Ethsec加密压缩技术的安全虚拟网络解决方案。该方案设计了虚拟化安全层、虚拟化安全交换机、安全虚拟网络管理平台和安全虚拟网络密钥分发系统等组件,通过文中提出的Ethsec技术,采用国产商用密码算法SM2和SM4算法,对虚拟机的以太网MAC帧进行压缩和解密,实现虚拟化安全交换机对所有虚拟网络流量的监控和分析。 相似文献
3.
4.
5.
当前互联网技术发展迅速,新型网络协议的不断出现,要求网络转发设备能够及时提供对新协议的支持.目前,软件定义网络要兼顾可编程协议解析和数据转发性能仍然面临诸多困难.对此,本文提出了基于解析和执行联动结构的可编程数据平面(CLIPE),通过在硬件的解析器上部署用户可定义模块,可实时更新硬件中解析逻辑中的协议多叉树,从而实现协议解析的用户定制性;并且,通过解析器和动作执行器联动的创新结构,减少了整个处理架构的冗余性,从而减小动作执行时延,提高了硬件资源利用率,与现有方案相比,节约了11%的逻辑资源和24%的BRAM资源.最后,本文基于NetFPGA-10G板卡完成了本方案的原型机实现. 相似文献
6.
由于传统网络设备固化且依赖于物理基础设施,难以适应智能化网络的需求。为提高网络的智能化,开放网络的可编程能力,软件定义网络和可编程数据平面应运而生。文章介绍了软件定义网络、可编程数据平面,及其所对应的南向协议,包括OpenFlow协议及其所存在的问题,P4Runtime协议的优势。然后用Mininet软件搭建了网络仿真对P4Runtime的优势进行验证。仿真实验表明,在可编程数据平面协议无关的基础上,P4Runtime作为控制平面和数据平面之间的南向协议,提供了基于Python的交互式和脚本两种下流表方式,与SDN传统下流表方式相比具有更高的灵活性和扩展性,更易于管理人员对网络进行统一管理。为运营商、数据中心等应用场景提供了新的控制管理方案。 相似文献
7.
传统僵化单一的路由机制已经无法适应未来多样化的业务需求和各种新型网络体系结构的试验与部署。针对此问题,本文基于路由功能与业务需求自适配的思想提出了多态路由模型,并设计实现了多态路由原型系统。该系统通过虚拟化技术以及灵活可编程的数据平面结构,实现了同构和异构网络中多种路由协议的共存,完成了基于路由服务描述的路由协议个性化定制和数据平面的多表选择查询与转发处理。最后,基于NetFPGA-10G平台设计实现了多态路由原型系统。相较于现有路由试验系统,多态路由系统在实现路由协议定制化及异构网络共存的同时,更好地保证了业务的服务质量,具有更高的转发速率以及可扩展性。 相似文献
8.
9.
随着通信网络的快速发展,可以实现网元设备软硬件解耦的网络功能虚拟化技术应运而生。本文首先介绍了网络功能虚拟化的产生背景和体系结构,然后分析了网络功能虚拟化所带来的网络安全问题,最后针对网络安全问题给出了工作建议,为今后网络功能虚拟化的安全工作指出了研究方向。 相似文献
10.
11.
Aiming at the application of mimic arbitration,a programmable semantic parsing approach for mimic arbitration was proposed.Based on the idea of matching lookup table,this method could achieve custom protocol parsing through domain pointer configuration,and solve the problem of programmable protocol parsing for different protocols.By adopting pipeline control method,the congestion free in the procedure of protocol parsing was guaranteed and the performance of protocol parsing was improved.By introducing Hash operation,the complexity of semantic reordering design of sub-packages was simplified.The performance analysis results show that this approach has the characteristics of high flexibility protocol parsing,high processing capacity and low resource utilization. 相似文献
12.
随着网络功能的不断扩展,新型网络协议的不断涌现,这些协议中的数据包具有新的格式定义,需要网络设备能够支持相应的解析和查找。软件定义网络(Software Defined Networking, SDN)基于流表的转发设计使得网络的创新变得简单,但是仍然难以支持任意协议的可编程解析和处理。该文联合考虑数据包的解析和查找过程,提出一种支持协议弹性定制的数据包查找硬件结构,通过比特粒度的解析和基于元操作的查找过程,使得任意协议能够在硬件结构上得到处理;此外,该文针对所提硬件结构提出一种基于多叉树的映射算法,将用户定制协议映射到硬件处理流水线和查找表中。通过实际的FPGA部署验证了所提结构能够支持多种协议的灵活定制,在硬件中的处理速度可以达到390 Gbps,与已有方案相比,其硬件资源利用率有明显降低。该结构对未来的软件定义网络的数据平面设计有重要的意义。 相似文献
13.
Smyth N. McLoone M. McCanny J.V. 《IEEE transactions on circuits and systems. I, Regular papers》2006,53(7):1506-1520
A novel wireless local area network (WLAN) security processor is described in this paper. It is designed to offload security encapsulation processing from the host microprocessor in an IEEE 802.11i compliant medium access control layer to a programmable hardware accelerator. The unique design, which comprises dedicated cryptographic instructions and hardware coprocessors, is capable of performing wired equivalent privacy, temporal key integrity protocol, counter mode with cipher block chaining message authentication code protocol, and wireless robust authentication protocol. Existing solutions to wireless security have been implemented on hardware devices and target specific WLAN protocols whereas the programmable security processor proposed in this paper provides support for all WLAN protocols and thus, can offer backwards compatibility as well as future upgrade ability as standards evolve. It provides this additional functionality while still achieving equivalent throughput rates to existing architectures. 相似文献
14.
15.
16.
With the emergence of resource powerful sensor nodes, the concept of WSN virtualization is gaining increasing attention from the research community and the industry. One approach to achieve WSN virtualization is to exploit the capabilities of individual sensor nodes to execute tasks of multiple applications concurrently. In this paper, we consider the problem of task allocation in software-defined WSNs (SD-WSNs), which are distinguished by centralized control plane and programmable data plane. We extend our previous work on this topic, where we proposed the control algorithm which determines suitability of a sensor node for task allocation based on the active routing paths and residual energy in the network. Availability of such information can be easily justified in SD-WSNs. Through extensive simulations, the performance of this strategy has been evaluated and compared with two conventional task allocation approaches, which assume traditional minimum-hop routing. In addition, we analysed performance of more simple software defined networking-based approach, which performs resource allocation by considering only residual energy in the network. The obtained results demonstrate benefits of SD-WSN architecture when it comes to virtualization efficiency, and clarify improvements achieved by mutual correlation of routing and task allocation decisions. 相似文献
17.
基于两种P2P协议的数据自销毁技术 总被引:1,自引:0,他引:1
随着云计算等互联网应用的兴起,个人数据更多地存储于网络上,其数据安全面临着极大挑战,传统的数据加密方式有时候存在加密密钥不能及时销毁的问题,存在着安全隐患。针对当前个人网络数据安全问题,采用Chord和Kademlia两种P2P协议设计了个人应用数据的自销毁协议,利用P2P协议固有的扰动特性进行个人网络数据的自动销毁数据,使用OMNEST仿真软件进行了两种协议对数据自销毁的性能分析,其仿真结果表明使用Kademlia协议的数据自销毁性能更优。 相似文献
18.
Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography 总被引:1,自引:0,他引:1
Byzantine agreement requires a set of parties in a distributed system to
agree on a value even if some parties are maliciously misbehaving. A new
protocol for Byzantine agreement in a completely asynchronous network is
presented that makes use of new cryptographic protocols, specifically
protocols for threshold signatures and coin-tossing. These cryptographic
protocols have practical and provably secure implementations in the
random oracle model. In particular, a coin-tossing protocol based on
the Diffie-Hellman problem is presented and analyzed. The resulting asynchronous Byzantine agreement protocol is both practical
and theoretically optimal because it tolerates the maximum number of
corrupted parties, runs in constant expected rounds, has message and
communication complexity close to the optimum, and uses a trusted dealer
only once in a setup phase, after which it can process a virtually unlimited
number of transactions. The protocol is formulated as a transaction processing service in a
cryptographic security model, which differs from the standard
information-theoretic formalization and may be of independent interest. 相似文献
19.
Ralf Kundel Leonhard Nobach Jeremias Blendin Wilfried Maas Andreas Zimber Hans-Joerg Kolbe Georg Schyguda Vladimir Gurevich Rhaban Hark Boris Koldehofe Ralf Steinmetz 《International Journal of Network Management》2021,31(1):e2134
Telecommunication providers continuously evolve their network infrastructure by increasing performance, lowering time to market, providing new services, and reducing the cost of the infrastructure and its operation. Network function virtualization (NFV) on commodity hardware offers an attractive, low-cost platform to establish innovations much faster than with purpose-built hardware products. Unfortunately, implementing NFV on commodity processors does not match the performance requirements of the high-throughput data plane components in large carrier access networks. Therefore, programmable hardware architectures like field programmable gate arrays (FPGAs), network processors, and switch silicon supporting the flexibility of the P4 language offer a promising way to account for both performance requirements and the demand to quickly introduce innovations into networks. In this article, we propose a way to offer residential network access with programmable packet processing architectures. On the basis of the highly flexible P4 programming language, we present a design and open source implementation of a broadband network gateway (BNG) data plane that meets the challenging demands of BNGs in carrier-grade environments. In addition, we introduce a concept of hybrid openBNG design, realizing the required hierarchical quality of service (HQoS) functionality in a subsequent FPGA. The proposed evaluation results show the desired performance characteristics, and our proposed design together with upcoming P4 hardware can offer a giant leap towards highest performance NFV network access. 相似文献