CN112565263A - Encryption and decryption method and device based on hard pipeline - Google Patents
Encryption and decryption method and device based on hard pipeline Download PDFInfo
- Publication number
- CN112565263A CN112565263A CN202011413198.8A CN202011413198A CN112565263A CN 112565263 A CN112565263 A CN 112565263A CN 202011413198 A CN202011413198 A CN 202011413198A CN 112565263 A CN112565263 A CN 112565263A
- Authority
- CN
- China
- Prior art keywords
- hard
- message
- encryption
- pipelines
- processing module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000010586 diagram Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 101001046686 Homo sapiens Integrin alpha-M Proteins 0.000 description 2
- 101000935040 Homo sapiens Integrin beta-2 Proteins 0.000 description 2
- 102100022338 Integrin alpha-M Human genes 0.000 description 2
- 101000962498 Macropis fulvipes Macropin Proteins 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 210000001503 joint Anatomy 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an encryption and decryption method and device based on a hard pipeline, the method comprises receiving messages, dividing the messages into hard pipelines with different priorities, sending the messages into the hard pipelines corresponding to a direction processing module, the incoming direction processing module processes the table look-up of the message and sends the message to the hard pipeline corresponding to the outgoing direction processing module through the queue scheduling module, the outgoing direction processing module sends the message needing encryption and decryption in the corresponding hard pipeline to the hard pipeline corresponding to the encryption and decryption module, the encryption and decryption module encrypts and decrypts the messages in different hard pipelines according to the priority and forwards the messages to the hard pipeline corresponding to the incoming direction processing module, the incoming direction processing module loops the encrypted and decrypted messages back to the hard pipelines corresponding to the outgoing direction processing module through the queue scheduling module, and the outgoing direction processing module forwards the messages in different hard pipelines. The invention can ensure that the high-priority flow is preferentially processed in the full assembly line and meets the requirement of determinacy and low time delay.
Description
Technical Field
The invention relates to the technical field of networks, in particular to an encryption and decryption method and device based on a hard pipeline.
Background
The access networks of the edge computing network and the base station have requirements on security encryption, the requirements on security encryption also have differentiation for different users, in the process of data security encryption, some high-priority traffic needs to be encrypted, some low-priority traffic also needs to be encrypted, and the high-priority traffic needs to have lower time delay than the low-priority traffic.
The encryption scheme adopted at present is a port-based MACsec encryption scheme, in the encryption scheme, a port is required to enable a MACsec encryption function, and an MAC chip is required to support the MACsec encryption function, and the scheme can only realize encryption and decryption capabilities, cannot ensure that high-priority traffic is subjected to priority processing in a full pipeline for encryption and decryption processing, and has the risk of resource preemption by low-priority traffic, thereby affecting the time delay and performance of high-priority traffic. Meanwhile, the scheme causes the encryption and decryption capabilities to be limited in the MAC layer, resources in the network switch chip are used in a mixed manner, especially, high-priority traffic and low-priority traffic share the resources in the encryption engine, so that the high-priority traffic cannot be guaranteed to be the most advanced traffic in the encryption processing, and the risk of the resources being preempted by part of the low-priority encryption traffic may exist.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides an encryption and decryption method and device based on a hard pipeline, which can ensure that a high-priority message is subjected to priority processing in a full pipeline and ensure that the high-priority message cannot be subjected to resource preemption by a low priority in decryption processing.
In order to achieve the purpose, the invention provides the following technical scheme: an encryption and decryption method based on a hard pipeline comprises
Receiving a message, identifying whether the message needs to be encrypted and decrypted according to information carried by the message, dividing the message into hard pipelines with different priorities, and further sending the message in different hard pipelines into corresponding hard pipelines in a direction processing module;
the incoming direction processing module carries out table look-up processing on the messages in different hard pipelines and carries out queue scheduling through the queue scheduling module, and the queue scheduling module sends the messages in different hard pipelines into corresponding hard pipelines in the outgoing direction processing module according to the priority and the serial number of the hard pipelines;
the outgoing direction processing module sends the messages needing encryption and decryption in the corresponding hard pipeline to the corresponding hard pipeline in the encryption and decryption module according to the serial number of the hard pipeline;
the encryption and decryption module carries out encryption and decryption processing on the messages in different hard pipelines according to the priority, and forwards the messages in different hard pipelines to the corresponding hard pipelines in the direction processing module according to the serial numbers of the hard pipelines;
the incoming direction processing module further schedules the encrypted and decrypted messages to corresponding hard pipelines in the outgoing direction processing module through the queue scheduling module, and the outgoing direction processing module forwards the messages in different hard pipelines.
Preferably, whether the message needs to be encrypted and decrypted is identified according to the IP address and/or the UDP port number of the message, and the message is divided into hard pipelines with different priorities according to the priority of the message.
Preferably, the queue scheduling module performs queue scheduling processing on the hard pipelines with different priorities by using an SP queue scheduling algorithm.
Preferably, the encryption and decryption module uses an SP queue scheduling algorithm to forward and encrypt and decrypt the packets in the hard pipelines with different priorities.
Preferably, the incoming direction processing module forwards the encrypted and decrypted message according to the IP information and the UDP information of the message.
The invention also discloses an encryption and decryption device based on the hard pipeline, which comprises
The message receiving module is used for receiving the message, identifying whether the message needs to be encrypted and decrypted according to the information carried by the message, dividing the message into hard pipelines with different priorities, and further sending the message in different hard pipelines into corresponding hard pipelines in the direction processing module;
the incoming direction processing module is used for performing table look-up forwarding processing on the messages in different hard pipelines;
the queue scheduling module is used for sending the messages in different hard pipelines in the incoming direction processing module into corresponding hard pipelines in the outgoing direction processing module according to the priority and the serial number of the hard pipelines;
the outgoing direction processing module is used for sending the messages needing encryption and decryption in the corresponding hard pipeline into the corresponding hard pipeline in the encryption and decryption module according to the serial number of the hard pipeline and forwarding the encrypted and decrypted messages;
and the encryption and decryption module is used for carrying out encryption and decryption processing on the messages in different hard pipelines according to the priority and forwarding the messages in different hard pipelines to the corresponding hard pipelines in the direction processing module according to the serial numbers of the hard pipelines.
Preferably, the message receiving module identifies whether the message needs to be encrypted and decrypted according to the IP address and/or UDP port number of the message, and divides the message into hard pipelines with different priorities according to the priority of the message.
Preferably, the queue scheduling module performs queue scheduling processing on the hard pipelines with different priorities by using an SP queue scheduling algorithm.
Preferably, the encryption and decryption module uses an SP queue scheduling algorithm to forward and encrypt and decrypt the packets in the hard pipelines with different priorities.
Preferably, the incoming direction processing module forwards the encrypted and decrypted message according to the IP information and the UDP information of the message.
The invention has the beneficial effects that:
according to the invention, the plurality of hard pipelines are arranged in the encryption and decryption module and are in butt joint with the hard pipelines in the incoming direction processing module and the outgoing direction processing module, so that on one hand, the low time delay of high-priority flow in the encryption and decryption module is ensured, on the other hand, the high-priority flow is ensured to be subjected to priority processing in a full assembly line, resources cannot be preempted by the low-priority flow, the deterministic low time delay requirement of edge computing safety is met, and a technical basis is laid for large-scale edge safety network deployment.
Drawings
FIG. 1 is a schematic flow chart of an encryption and decryption method of the present invention;
FIG. 2 is a schematic diagram of message encryption and decryption processing according to the present invention;
FIG. 3 is a schematic diagram of the encryption process for high priority packets according to the present invention
FIG. 4 is a schematic diagram of the encryption process for a low priority packet according to the present invention;
fig. 5 is a block diagram of the encryption and decryption apparatus according to the present invention.
Detailed Description
The technical solution of the embodiment of the present invention will be clearly and completely described below with reference to the accompanying drawings of the present invention.
According to the encryption and decryption method based on the hard pipeline, disclosed by the invention, the hard pipeline technology is adopted to carry out hard pipeline isolation on the high-priority flow and the low-priority flow, so that the high-priority flow is ensured to be subjected to priority processing in a full pipeline, resources cannot be occupied by the low-priority flow, and the requirement of certainty and low time delay of edge computing safety is met.
As shown in fig. 1, the encryption and decryption method based on hard pipe disclosed in the present invention includes the following steps:
s100, receiving the message, identifying whether the message needs to be encrypted and decrypted according to information carried by the message, dividing the message into hard pipelines with different priorities, and further sending the message in different hard pipelines into corresponding hard pipelines in the direction processing module;
specifically, the edge network switching device generally includes an ingress direction processing module for forwarding a packet, a queue scheduling module, an egress direction processing module, and an encryption/decryption module for encrypting/decrypting the packet. In order to ensure that the high-priority flow can be processed preferentially and cannot occupy resources by the low-priority flow, a plurality of hard pipelines with different priorities are arranged in the incoming direction processing module, the queue scheduling module, the outgoing direction processing module and the encryption and decryption module, and the hard pipelines are used for carrying out hard pipeline isolation processing on the flows with different priorities, so that the high-priority flow certainty low time delay is ensured.
After receiving the message, the edge network switching device may obtain some information carried by the message, such as an IP address, a UDP port number, a Priority (Priority), and the like, by analyzing the message. After the above information is obtained, whether the packet needs to be encrypted and decrypted can be identified according to the IP address, UDP port number, and the like carried by the packet, and the packet is divided into hard pipes with different priorities according to the priority of the packet, as shown in fig. 2, the network switching device adopts two hard pipes, one is a hard Pipe1 used by a high-priority packet, and the other is a hard Pipe0 used by a low-priority packet, where the hard Pipe1 is forwarded corresponding to a high-priority MAC, the hard Pipe0 is forwarded corresponding to a low-priority MAC, that is, the high-priority packet is forwarded to the hard Pipe1, and the low-priority packet is forwarded to the hard Pipe 0.
After the messages are divided into the hard pipelines with different priorities and the data caching and assembling of the received messages are completed, the messages in the corresponding hard pipelines are further sent into the corresponding hard pipelines in the direction processing module according to the serial numbers (Channel IDs) of the hard pipelines, for example, the messages divided into the high-priority messages in the hard pipeline Pipe1, the messages can be determined to be sent into the hard pipeline Pipe1 in the direction processing module according to the serial number 1 of the corresponding hard pipeline, and the messages are further sent into the hard pipeline Pipe1 in the direction processing module.
In this embodiment, no matter the message needs to be encrypted or decrypted or the common message, the serial number of the hard pipeline occupied by the message is sent to each module, so that each module can send the message to the corresponding hard pipeline according to the serial number of the hard pipeline.
S200, the incoming direction processing module performs table look-up processing on the messages in different hard pipelines, and performs queue scheduling through the queue scheduling module, and the queue scheduling module sends the messages in different hard pipelines into corresponding hard pipelines in the outgoing direction processing module according to the priority and the serial numbers of the hard pipelines.
Specifically, the incoming direction processing module searches and processes forwarding entries for messages in different hard pipelines, and may obtain an editing behavior and a forwarding behavior of the message, for example, search and process forwarding entries for messages in hard pipelines Pipe1 and Pipe0, respectively, and obtain an editing behavior and a forwarding behavior of the message.
After searching and processing the forwarding table entry, the scheduling module further performs packet in-queue and out-queue processing, the queue scheduling module sends the packets in different hard pipes into corresponding hard pipes in the out-direction processing module according to the priorities and the numbers of the hard pipes, that is, forwards the packets in the corresponding hard pipes to the corresponding hard pipes in the out-direction processing module according to the order from high priority to low priority, for example, for a hard Pipe1 used for high priority traffic and a hard Pipe0 used for low priority traffic, firstly forwards the packets in the hard Pipe1 to the hard Pipe1 of the out-direction processing module according to the numbers of the hard pipes, and finally forwards the packets in the hard Pipe0 to the hard Pipe0 of the out-direction processing module according to the numbers of the hard pipes.
In the queue scheduling module, different hard pipelines adopt independent scheduling mechanisms, so that the problem that the traditional Quality of Service (QoS) mechanism cannot realize deterministic low delay in marginal low delay Service can be solved. The invention adopts an independent scheduling mechanism, carries out message queue-in processing and queue-out processing according to the serial number and the Priority of the hard pipelines, adopts an SP (Strict Priority) scheduling algorithm among the hard pipelines with different priorities, ensures the prior forwarding of the messages in the hard pipelines with high Priority, and meets the low time delay requirement of the forwarding of the edge data.
S300, the outgoing direction processing module sends the messages needing encryption and decryption in the corresponding hard pipelines into the corresponding hard pipelines in the encryption and decryption module according to the serial numbers of the hard pipelines;
specifically, the outbound direction processing module may determine whether the message needs to be encrypted and decrypted according to the forwarding behavior, and edit the message according to the message editing behavior. And for the message needing to be encrypted and decrypted, forwarding the message to the corresponding hard pipeline in the encryption and decryption module according to the number of the hard pipeline where the message is located, and waiting for encryption and decryption processing. And for the message which does not need to be encrypted and decrypted, forwarding processing is carried out.
S400, the encryption and decryption module carries out encryption and decryption processing on the messages in different hard pipelines according to the priority, and forwards the messages in different hard pipelines to the corresponding hard pipelines in the direction processing module according to the serial numbers of the hard pipelines.
Specifically, as shown in fig. 3 and 4, the encryption/decryption module is provided with a plurality of hard pipes with different priorities, and the hard pipes are correspondingly connected to the hard pipes in the incoming direction processing module and the outgoing direction processing module, so as to ensure that the high-priority traffic and the low-priority traffic are isolated, ensure that the high-priority traffic is not preempted by the low-priority traffic, achieve that the high-priority traffic is subjected to priority processing in the whole pipeline, and meet the deterministic low-latency requirement of edge computation security.
Further, in the encryption and decryption module, the message with the relatively high Priority is assigned to the hard pipeline with the relatively high Priority for forwarding and encryption and decryption, the message with the relatively low Priority is assigned to the hard pipeline with the relatively low Priority for forwarding and encryption and decryption, that is, the message enters the corresponding hard pipeline for forwarding and encryption and decryption according to the Priority, and meanwhile, the hard pipelines with different priorities adopt an SP (Strict Priority) scheduling algorithm for queue scheduling, so that the message in the hard pipeline with high Priority can be preferentially processed.
In the encryption and decryption module, for the encrypted message, the message is sent to the corresponding hard pipeline in the incoming direction processing module according to the serial number of the hard pipeline where the message is located. Meanwhile, in consideration of the requirements of subsequent equipment for encryption identification and decryption, a specific UDP destination Port number (UDP Dest Port) needs to be reserved to identify the encrypted message. When decrypting, the message can be identified as an encrypted message according to a specific UDP destination port number, and decryption processing is required.
And for the decrypted message, sending the message into the corresponding hard pipeline in the direction processing module according to the serial number of the hard pipeline where the message is located.
And S500, the incoming direction processing module further loops the encrypted and decrypted messages back to the corresponding hard pipelines in the outgoing direction processing module through the queue scheduling module, and the outgoing direction processing module forwards the messages in different hard pipelines.
Specifically, after the encryption of the packet is completed in the encryption/decryption module, the encryption/decryption module further sends the packet into the hard pipe corresponding to the incoming direction processing module according to the number of the hard pipe in which the packet is located, the incoming direction processing module performs forwarding processing according to the outer IP and UDP, and sends the packet into the hard pipe corresponding to the outgoing direction processing module through the scheduling module, the outgoing direction processing module further completes packet editing processing according to the next hop transmission information, and then respectively forwards the packet according to the difference of the hard pipes, as shown in the figure, the encrypted packet with high priority is sent out from the MAC forwarding module 1(TX MAC-1), and the encrypted packet with low priority is sent out from the MAC forwarding module 0(TX MAC-0).
After the message is decrypted in the encryption and decryption module, the encryption and decryption module further sends the message into a corresponding hard pipeline in the incoming direction processing module according to the serial number of the hard pipeline where the message is located, the incoming direction processing module carries out forwarding processing according to outer layer IP and UDP and sends the message into the hard pipeline corresponding to the outgoing direction processing module through the scheduling module, the outgoing direction processing module further finishes message editing processing according to next hop transmission information and respectively forwards the message according to the difference of the hard pipelines, as shown in the figure, the encrypted message with high priority is sent out from the MAC forwarding module 1(TX MAC-1), and the encrypted message with low priority is sent out from the MAC forwarding module 0(TX MAC-0).
As shown in fig. 5, the present invention further discloses an encryption and decryption apparatus based on a hard pipeline, which includes a message receiving module, an entering direction processing module, a queue scheduling module, an exiting direction processing module, and an encryption and decryption module, wherein the message receiving module is configured to receive a message, identify whether the message needs to be encrypted and decrypted according to information carried by the message, and divide the message into hard pipelines with different priorities, so as to further send the messages in different hard pipelines into corresponding hard pipelines in the entering direction processing module; the incoming direction processing module is used for performing table look-up processing on messages in different hard pipelines; the outgoing direction processing module sends the message needing encryption and decryption in the corresponding hard pipeline to the corresponding hard pipeline in the encryption and decryption module according to the serial number of the hard pipeline and is also used for forwarding the encrypted and decrypted message; the encryption and decryption module carries out encryption and decryption processing on the messages in different hard pipelines according to the priority, and forwards the messages in different hard pipelines to the corresponding hard pipelines in the direction processing module according to the serial numbers of the hard pipelines.
Specifically, after receiving the message, the message receiving module may obtain some information carried by the message, such as an IP address, a UDP port number, a Priority (Priority), and the like, by analyzing the message. After the information is obtained, whether the message needs to be encrypted and decrypted can be identified according to the IP address, the UDP port number and the like carried by the message, the message is divided into hard pipelines with different priorities according to the priority of the message, and the message in the corresponding hard pipeline is sent into the corresponding hard pipeline in the direction processing module according to the number (Channel ID) of the hard pipeline.
The incoming direction processing module searches and processes forwarding table items aiming at the messages in different hard pipelines, and can obtain the editing behavior and the forwarding behavior of the messages. After searching and processing the forwarding table entry, the scheduling module further performs packet in-queue and out-queue processing, and the queue scheduling module sends the packets in different hard pipes to the corresponding hard pipes in the out-direction processing module according to the priorities and the numbers of the hard pipes, that is, forwards the packets in the corresponding hard pipes to the corresponding hard pipes in the out-direction processing module according to the sequence from high to low of the priorities. In the queue scheduling module, an SP (Strict Priority) scheduling algorithm is adopted among the hard pipelines with different priorities, so that the prior forwarding of the message in the hard pipeline with high Priority is ensured, and the low-delay requirement of the edge data forwarding is met.
The outgoing direction processing module can determine whether the message needs to be encrypted and decrypted according to the forwarding behavior, and edit the message according to the message editing behavior. And for the message needing to be encrypted and decrypted, forwarding the message to the corresponding hard pipeline in the encryption and decryption module according to the number of the hard pipeline where the message is located, and waiting for encryption and decryption processing. And for the message which does not need to be encrypted and decrypted, forwarding processing is carried out.
In the encryption and decryption module, a message with a relatively high Priority is assigned to a hard pipeline with a relatively high Priority for forwarding and encryption and decryption, a message with a relatively low Priority is assigned to a hard pipeline with a relatively low Priority for forwarding and encryption and decryption, that is, the message enters the corresponding hard pipeline for forwarding and encryption and decryption according to the Priority, and meanwhile, the hard pipelines with different priorities adopt an SP (Strict Priority) scheduling algorithm for queue scheduling, so that the message in the hard pipeline with high Priority can be finally ensured to be processed preferentially.
In the encryption and decryption module, for the encrypted message, the message is sent to the corresponding hard pipeline in the incoming direction processing module according to the serial number of the hard pipeline where the message is located. Meanwhile, in consideration of the requirements of subsequent equipment for encryption identification and decryption, a specific UDP destination Port number (UDP Dest Port) needs to be reserved to identify the encrypted message. When decrypting, the message can be identified as an encrypted message according to a specific UDP destination port number, and decryption processing is required. And for the decrypted message, sending the message into the corresponding hard pipeline in the direction processing module according to the serial number of the hard pipeline where the message is located.
After the message is encrypted and decrypted in the encryption and decryption module, the encryption and decryption module further sends the message into a corresponding hard pipeline in the incoming direction processing module according to the serial number of the hard pipeline where the message is located, the incoming direction processing module forwards the message according to the outer IP and the UDP and sends the message into the hard pipeline corresponding to the outgoing direction processing module through the scheduling module, and the outgoing direction processing module further finishes message editing according to next skip sending information
According to the invention, the plurality of hard pipelines are arranged in the encryption and decryption module and are in butt joint with the hard pipelines in the incoming direction processing module and the outgoing direction processing module, so that on one hand, the low time delay of high-priority flow in the encryption and decryption module is ensured, on the other hand, the high-priority flow is ensured to be subjected to priority processing in a full assembly line, resources cannot be preempted by the low-priority flow, the deterministic low time delay requirement of edge computing safety is met, and a technical basis is laid for large-scale edge safety network deployment.
Therefore, the scope of the present invention should not be limited to the disclosure of the embodiments, but includes various alternatives and modifications without departing from the scope of the present invention, which is defined by the claims of the present patent application.
Claims (10)
1. An encryption and decryption method based on a hard pipeline is characterized by comprising
Receiving a message, identifying whether the message needs to be encrypted and decrypted according to information carried by the message, dividing the message into hard pipelines with different priorities, and further sending the message in different hard pipelines into corresponding hard pipelines in a direction processing module;
the incoming direction processing module carries out table look-up processing on the messages in different hard pipelines and carries out queue scheduling through the queue scheduling module, and the queue scheduling module sends the messages in different hard pipelines into corresponding hard pipelines in the outgoing direction processing module according to the priority and the serial number of the hard pipelines;
the outgoing direction processing module sends the messages needing encryption and decryption in the corresponding hard pipeline to the corresponding hard pipeline in the encryption and decryption module according to the serial number of the hard pipeline;
the encryption and decryption module carries out encryption and decryption processing on the messages in different hard pipelines according to the priority, and forwards the messages in different hard pipelines to the corresponding hard pipelines in the direction processing module according to the serial numbers of the hard pipelines;
the incoming direction processing module further schedules the encrypted and decrypted messages to corresponding hard pipelines in the outgoing direction processing module through the queue scheduling module, and the outgoing direction processing module forwards the messages in different hard pipelines.
2. The method according to claim 1, wherein whether the encryption/decryption processing is required is identified according to the IP address and/or UDP port number of the packet, and the packet is divided into hard pipes with different priorities according to the priority of the packet.
3. The method of claim 1, wherein the queue scheduling module performs queue scheduling processing on hard pipes with different priorities by using an SP queue scheduling algorithm.
4. The method according to claim 1, wherein the encryption and decryption module performs forwarding and encryption and decryption processing on the packets in the hard pipelines with different priorities by using an SP queue scheduling algorithm.
5. The method according to claim 1, wherein the inbound direction processing module forwards the encrypted and decrypted packet according to IP information and UDP information of the packet.
6. An encryption and decryption device based on a hard pipeline is characterized by comprising
The message receiving module is used for receiving the message, identifying whether the message needs to be encrypted and decrypted according to the information carried by the message, dividing the message into hard pipelines with different priorities, and further sending the message in different hard pipelines into corresponding hard pipelines in the direction processing module;
the incoming direction processing module is used for performing table look-up forwarding processing on the messages in different hard pipelines;
the queue scheduling module is used for sending the messages in different hard pipelines in the incoming direction processing module into corresponding hard pipelines in the outgoing direction processing module according to the priority and the serial number of the hard pipelines;
the outgoing direction processing module is used for sending the messages needing encryption and decryption in the corresponding hard pipeline into the corresponding hard pipeline in the encryption and decryption module according to the serial number of the hard pipeline and forwarding the encrypted and decrypted messages;
and the encryption and decryption module is used for carrying out encryption and decryption processing on the messages in different hard pipelines according to the priority and forwarding the messages in different hard pipelines to the corresponding hard pipelines in the direction processing module according to the serial numbers of the hard pipelines.
7. The apparatus according to claim 6, wherein the message receiving module identifies whether the message needs to be encrypted or decrypted according to an IP address and/or a UDP port number of the message, and divides the message into hard pipes with different priorities according to the priority of the message.
8. The apparatus of claim 6, wherein the queue scheduling module performs queue scheduling processing on hard pipes with different priorities by using an SP queue scheduling algorithm.
9. The apparatus according to claim 6, wherein the encryption/decryption module performs forwarding and encryption/decryption processing on the packets in the hard pipelines with different priorities by using an SP queue scheduling algorithm.
10. The apparatus according to claim 6, wherein the inbound direction processing module forwards the encrypted and decrypted packet according to IP information and UDP information of the packet.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011413198.8A CN112565263A (en) | 2020-12-04 | 2020-12-04 | Encryption and decryption method and device based on hard pipeline |
| PCT/CN2021/135764 WO2022117108A1 (en) | 2020-12-04 | 2021-12-06 | Hard pipeline-based encryption and decryption method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011413198.8A CN112565263A (en) | 2020-12-04 | 2020-12-04 | Encryption and decryption method and device based on hard pipeline |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112565263A true CN112565263A (en) | 2021-03-26 |
Family
ID=75048953
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011413198.8A Pending CN112565263A (en) | 2020-12-04 | 2020-12-04 | Encryption and decryption method and device based on hard pipeline |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112565263A (en) |
| WO (1) | WO2022117108A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022117108A1 (en) * | 2020-12-04 | 2022-06-09 | 苏州盛科通信股份有限公司 | Hard pipeline-based encryption and decryption method and apparatus |
| CN116980361A (en) * | 2023-08-23 | 2023-10-31 | 昆高新芯微电子(江苏)有限公司 | Message transmission method, device and storage medium based on frame preemption mechanism |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116389035A (en) * | 2022-12-30 | 2023-07-04 | 苏州盛科通信股份有限公司 | A data message processing method, chip and forwarding device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106301765A (en) * | 2016-10-14 | 2017-01-04 | 盛科网络(苏州)有限公司 | Encryption and deciphering chip and realization thereof are encrypted and the method for encryption |
| CN106657121A (en) * | 2016-12-30 | 2017-05-10 | 盛科网络(苏州)有限公司 | Method for mirroring 802.1AE plaintext and ciphertext and exchange chip |
| CN108989178A (en) * | 2018-08-31 | 2018-12-11 | 中国南方电网有限责任公司 | A kind of system of electric power relay protection traffic packets carrying IP rigid tubing |
| CN110620732A (en) * | 2018-06-20 | 2019-12-27 | 深圳市中航比特通讯技术有限公司 | Priority forwarding equipment for high-priority multicast service based on P-OTN hard pipeline |
| CN110858822A (en) * | 2018-08-23 | 2020-03-03 | 北京华为数字技术有限公司 | Media access control security protocol message transmission method and related device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104038443A (en) * | 2014-06-16 | 2014-09-10 | 华为技术有限公司 | Method for establishing hard pipe as well as method and device for transmitting messages in network |
| CN112565263A (en) * | 2020-12-04 | 2021-03-26 | 盛科网络(苏州)有限公司 | Encryption and decryption method and device based on hard pipeline |
-
2020
- 2020-12-04 CN CN202011413198.8A patent/CN112565263A/en active Pending
-
2021
- 2021-12-06 WO PCT/CN2021/135764 patent/WO2022117108A1/en not_active Ceased
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106301765A (en) * | 2016-10-14 | 2017-01-04 | 盛科网络(苏州)有限公司 | Encryption and deciphering chip and realization thereof are encrypted and the method for encryption |
| CN106657121A (en) * | 2016-12-30 | 2017-05-10 | 盛科网络(苏州)有限公司 | Method for mirroring 802.1AE plaintext and ciphertext and exchange chip |
| CN110620732A (en) * | 2018-06-20 | 2019-12-27 | 深圳市中航比特通讯技术有限公司 | Priority forwarding equipment for high-priority multicast service based on P-OTN hard pipeline |
| CN110858822A (en) * | 2018-08-23 | 2020-03-03 | 北京华为数字技术有限公司 | Media access control security protocol message transmission method and related device |
| CN108989178A (en) * | 2018-08-31 | 2018-12-11 | 中国南方电网有限责任公司 | A kind of system of electric power relay protection traffic packets carrying IP rigid tubing |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022117108A1 (en) * | 2020-12-04 | 2022-06-09 | 苏州盛科通信股份有限公司 | Hard pipeline-based encryption and decryption method and apparatus |
| CN116980361A (en) * | 2023-08-23 | 2023-10-31 | 昆高新芯微电子(江苏)有限公司 | Message transmission method, device and storage medium based on frame preemption mechanism |
| CN116980361B (en) * | 2023-08-23 | 2024-10-29 | 昆高新芯微电子(江苏)有限公司 | Message transmission method, device and storage medium based on frame preemption mechanism |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022117108A1 (en) | 2022-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9065701B2 (en) | Enhanced serialization mechanism | |
| US8279864B2 (en) | Policy based quality of service and encryption over MPLS networks | |
| US8966257B2 (en) | Method and system for secret communication between nodes | |
| CN106301765B (en) | Encryption and decryption chip and method for realizing encryption and decryption | |
| CN112565263A (en) | Encryption and decryption method and device based on hard pipeline | |
| JP5785346B1 (en) | Switching facility and data processing method supporting link layer security transmission | |
| US9125089B2 (en) | Method and apparatus for packet aggregation in a network controller | |
| WO2019128753A1 (en) | Quantum key mobile service method with low delay | |
| US20190215188A1 (en) | Cipher Stream Based Secure Packet Communications with Key Stream Transmission over Diverse Paths | |
| CN110830393B (en) | Method and device for realizing MACsec in chip stacking mode | |
| US20200076773A1 (en) | Configurable service packet engine exploiting frames properties | |
| CN114244626A (en) | Message processing method and device based on MACSec network | |
| CN111294291A (en) | Protocol message processing method and device | |
| CN106790200B (en) | Chip co-processing method for DTLS encryption and decryption of CAPWAP control channel | |
| US8582468B2 (en) | System and method for providing packet proxy services across virtual private networks | |
| US11159495B2 (en) | Transfer device and communication network | |
| CN105337954A (en) | Method and device for encryption and decryption of IP message in satellite communication | |
| US20100266130A1 (en) | Method for distributing keys and apparatus for using the same | |
| CN114448816B (en) | An integrated IP networking method based on heterogeneous data links | |
| US20020116606A1 (en) | Encryption and decryption system for multiple node network | |
| EP1825644B1 (en) | Real-time packet processing system and method | |
| CN105075285B (en) | Method and Apparatus for Diversified Security Handling in Enhanced Local Area Networks | |
| US8332639B2 (en) | Data encryption over a plurality of MPLS networks | |
| CN108924121B (en) | Multi-channel communication method and system | |
| US20070198828A1 (en) | System and method for processing data and communicating encrypted data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 215101 unit 13 / 16, 4th floor, building B, No. 5, Xinghan street, Suzhou Industrial Park, Jiangsu Province Applicant after: Suzhou Shengke Communication Co.,Ltd. Address before: Unit 13 / 16, 4th floor, building B, No.5 Xinghan street, Suzhou Industrial Park, 215000 Jiangsu Province Applicant before: CENTEC NETWORKS (SUZHOU) Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210326 |
|
| WD01 | Invention patent application deemed withdrawn after publication |