• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.661-664
• /
• 2003

Trade-off of sorority and speed always exists in the latest network environment. Recently, developed security processors is improved very performance, and sorority connection algorithms of a lot of part were embodied by hardware. This high speed security processor is essential ingredient in string network security solution equipment development that require very big band width. In this paper, we wish to describe about design and implementation of 10 Giga VPN equipments. In this system, embodied 10 Giga to use Cavium company's Nitrox-II processor, and supports two SP14-2 interface and PCI interface. All of the password algorithm that password algorithm that support is used in common use VPN equipment for compatibility with common use VPN equipment are supported and support SEED algorithm developed in domestic. Designed to support IPsec and SSL protocol, and supports all of In-Line structure that is profitable in high speed transaction and the Look-Aside structure that is profitable in practical use degree of NPU(Network Processor Unit).

• Journal of information and communication convergence engineering
• /
• v.1 no.1
• /
• pp.48-52
• /
• 2003

A cost efficient IPSec Accelerator board utilizing a crypto chip and an entry-level Linux PC for the high performance VPN is presented in this paper. The IPIP (IP-over-IP tunneling) processing, encryption & decryption processing, HASH processing, and the integrity test functions of IPSec are processed in the IPSec Accelerator board. The proposed IPSec Accelerator has demonstrated successful execution of the required functions of the IPSec packet processing and verified its performance by processing the IPSec packets at the rate of over 1 Gbps.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.26 no.11C
• /
• pp.102-112
• /
• 2001

This paper analyzes Security Performance and Processing Performance to measure performance between nodes by using AH and ESP protocol. IPsec VPN provides application with security service implemented in IP Layer while traffic cost and packet processing time it increased by encryption, decryption and authentication in AH and ESP. We measured overall packet processing time and IPsec module processing time. The result of the efficiency test showed that the factors of influencing electrical transmission efficiency were the size of electrical transmission packets, codes used for tunnelling, authentication functions, CPU velocity of host7, and the embodiment of IPsec; for a high capacity traffic, IPsec transmission was not appropriate, because transmission velocity was delayed by more than ten times in comparison with Non-IPsec.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.4B
• /
• pp.298-305
• /
• 2003

In this paper, we proposed a high performance lookup controller for IP packet forwarding engine of ATM based label edge routers. The lookup controller is designed to provide services such as MPLS, VPN, ELL, and RT services as well as the best effort. For high speed searching for IP addresses, we employed a TCAM based hardware search device not using traditional algorithmic approaches. We also implement lookup control functions into FPGA for fast processing of packet header and lookup control. The proposed lookup controller is designed to support differenciated services for users and to process in pipelined mechanism for performance improvement. A two-step search scheme is also applied to perform lookup for the key combined with multi-field of packet header. We found that the proposed lookup controller provides the performance of about 16M packets per second through simulations.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.3
• /
• pp.754-762
• /
• 2021

Seamless wireless communication network access technology enables users to guarantee service continuity. Hence, it is necessary for disaster situations in which network service may be interrupted. The Multi-path router is a technology to improve network stability and strengthen field operability, particularly in a disaster environment where network failure can occur by providing high-performance data transmission using multi-communication networks and network security by VPN-based wireless IP. In this paper, a prototype system for an MPR-based wireless communication network was proposed to improve the operation performance for disaster field investigation applications. A comparative experiment was performed on various data transmission performances with the existing single wireless communication network. In addition, another experiment was conducted by measuring the data packet transmission and receiving performance in the existing/new wireless communication system first and then assessing the UDP transmission performance in a single router environment to understand the transmission capability of the new MPR. The experimental results showed that the sending and receiving performance was improved by approximately double that of the existing single wireless communication system. The proposed prototype system is expected to allow users to share and disseminate collected on-site data more quickly and efficiently during a disaster site investigation.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.767-772
• /
• 2005

The Internet is a packet switched network which offers best-effort service, but current IP network provide enhanced services such Quality of Services, Virtual Private Network (VPN) services, Distribute Firewall and IP Security Gateways. All such services need packet classification for determining the flow. The problem is performing scalable packet classification at wire speeds even as rule databases increase in size. Therefore, this research offer packet classification algorithm that increase classifier performance when working with enlarge rules database by rearrange rule structure into Bitmap Intersection Lookup (BIL) tables. It will use packet's header field for looking up BIL tables and take the result with intersection operation by logical AND. This approach will use simple algorithm and rule structure, it make classifier have high search speed and fast updates.

• 제어로봇시스템학회:학술대회논문집
• /
• 2004.08a
• /
• pp.772-776
• /
• 2004

This paper proposes an interference avoidance approach for Constraint-Based Routing (CBR) algorithm in the Multi-Protocol Label Switching (MPLS) network. The MPLS network itself has a capability of integrating among any layer-3 protocols and any layer-2 protocols of the OSI model. It is based on the label switching technology, which is fast and flexible switching technique using pre-defined Label Switching Paths (LSPs). The MPLS network is a solution for the Traffic Engineering(TE), Quality of Service (QoS), Virtual Private Network (VPN), and Constraint-Based Routing (CBR) issues. According to the MPLS CBR, routing performance requirements are capability for on-line routing, high network throughput, high network utilization, high network scalability, fast rerouting performance, low percentage of call-setup request blocking, and low calculation complexity. There are many previously proposed algorithms such as minimum hop (MH) algorithm, widest shortest path (WSP) algorithm, and minimum interference routing algorithm (MIRA). The MIRA algorithm is currently seemed to be the best solution for the MPLS routing problem in case of selecting a path with minimum interference level. It achieves lower call-setup request blocking, lower interference level, higher network utilization and higher network throughput. However, it suffers from routing calculation complexity which makes it difficult to real task implementation. In this paper, there are three objectives for routing algorithm design, which are minimizing interference levels with other source-destination node pairs, minimizing resource usage by selecting a minimum hop path first, and reducing calculation complexity. The proposed CBR algorithm is based on power factor calculation of total amount of possible path per link and the residual bandwidth in the network. A path with high power factor should be considered as minimum interference path and should be selected for path setup. With the proposed algorithm, all of the three objectives are attained and the approach of selection of a high power factor path could minimize interference level among all source-destination node pairs. The approach of selection of a shortest path from many equal power factor paths approach could minimize the usage of network resource. Then the network has higher resource reservation for future call-setup request. Moreover, the calculation of possible path per link (or interference level indicator) is run only whenever the network topology has been changed. Hence, this approach could reduce routing calculation complexity. The simulation results show that the proposed algorithm has good performance over high network utilization, low call-setup blocking percentage and low routing computation complexity.

• The KIPS Transactions:PartC
• /
• v.9C no.1
• /
• pp.123-134
• /
• 2002

The requirement for QoS (Quality of Service) has become an important Issue as real-time or high bandwidth services are increasing, such as Internet Telephony, Internet broadcasting, and multimedia service etc. In order to guarantee the QoS of Internet application services, several approaches are being sought including IntServ (Integrated Service) DiffServ(Differentiated Srvices), and MPLS(Multi-Protocol Label Switching). In this paper, we describe the performance analysis of QoS guarantee mechanism using the DiffServ. To analyze how the DiffServ performance was affected by diverse input traffic models and the weight value in WFQ(Weighted Fair Queueing), we simulated and performed performance evaluation under a random, bursty, and self-similar input traffic models and for diverse input parameters. leased on the results of performance analysis, it was confirmed that significant difference exist in packet delay and loss depending on the input traffic models used. However, it was revealed that QoS guarantee is possible to the EF (expedited Forwarding) class and the service separation between RF and BE (Best Effort) classes may also be achieved. Next, we discussed the performance synthesis problem. (i. e. derived the conservation laws for a DiffServ networks, and analysed the performance variation and dynamic behavior based on the resource allocation (i.e., weight value) in WFQ.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.40 no.4
• /
• pp.10-21
• /
• 2003

Recently, the optical subscriber interface module uses the high performance network processor to quickly develop new application services such as MPLS, VPN, RPR and EPON with a short time-to-market. Although a number of vendors are developing the network processor at 2.5Gbps, only the IBM NP4GS3 can provide packet processing with wire-speed at 2.5Gbps. IBM NP4GS3, however, uses its unique speed DASL interface instead of CSIX-Ll interface, which has standardized by M: Forum currently Therefore, we implement an interconnection mechanism to use the switch fabric with CSIX-Ll interface. In this paper, we suggest the architecture and a packet control mechanism supporting interconnection between IBM NP4GS3 DASL and CSIX-Ll switch interface using the common IBM UDASL ASIC and XILINX FPGA.