CN211378050U - PCIE prevents hot wall - Google Patents
PCIE prevents hot wall Download PDFInfo
- Publication number
- CN211378050U CN211378050U CN202020545671.7U CN202020545671U CN211378050U CN 211378050 U CN211378050 U CN 211378050U CN 202020545671 U CN202020545671 U CN 202020545671U CN 211378050 U CN211378050 U CN 211378050U
- Authority
- CN
- China
- Prior art keywords
- pcie
- firewall
- interface
- chip
- core
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The utility model provides a PCIE prevents hot wall, include: a PCIE interface: the data interaction between the PCIE firewall and the physical server is realized through being plugged in the physical server, and the PCIE firewall is deployed on at least one physical server; multi-core NP processor: the PCIE interface is electrically connected with the PCIE interface and is used for running an operating system; an FPGA chip: the PCIE interface is electrically connected with the PCIE interface; an ASIC chip: the PCIE interface is electrically connected with the PCIE interface; a network interface unit: and realizing data interaction between the PCIE firewall and an external network. The PCIE firewall is constructed on a multi-core concurrent and high-speed hardware platform, and a parallel operating system is adopted, so that the safety processing performance of a network data packet is greatly improved, and the speed and the efficiency of data processing are improved.
Description
Technical Field
The utility model relates to a computer technology field, concretely relates to PCIE prevents hot wall.
Background
The cloud computing data center is mainly deployed by adopting a virtualization technology, and comprises a computing virtualization technology, a network virtualization technology and a storage virtualization technology. The cloud computing data center is mainly built based on technologies such as a KVM (keyboard, video and mouse), a container (Docker) technology and a cloud management platform. The safety protection of the traditional cloud computing data center is mainly realized by deploying physical firewall or VFW firewall products, and the safety protection means has a good safety protection effect on the flow in the north and south directions. However, for the security protection of the east-west traffic (i.e. the network data traffic between the virtual machines), the physical firewall needs to use a "drainage" mode, and the VFW firewall has many problems such as occupying the CPU, bus and network resources of the physical host, insufficient performance, low efficiency, and unsatisfactory security control and protection effect. In addition, the traditional firewall products focus on safety control and protection functions, the network data flow encryption and decryption mainly adopt international open source algorithms (such as AES, RSA, Hash and the like), the data encryption and decryption performance is insufficient, and the safety is worried.
Therefore, the applicant provides a software architecture of a PCIE firewall, and the control plane, the forwarding plane, and the security plane are set in the operating system, so as to implement functions such as system scheduling, system internal communication management, and security management, control, and protection.
SUMMERY OF THE UTILITY MODEL
Therefore, the utility model aims at providing a PCIE prevents hot wall, improves data processing's speed and efficiency.
A PCIE firewall, comprising:
a PCIE interface: the data interaction between the PCIE firewall and the physical server is realized through being plugged in the physical server, and the PCIE firewall is deployed on at least one physical server;
multi-core NP processor: the PCIE interface is electrically connected with the PCIE interface and is used for running an operating system;
an FPGA chip: the PCIE interface is electrically connected with the PCIE interface;
an ASIC chip: the PCIE interface is electrically connected with the PCIE interface;
a network interface unit: and realizing data interaction between the PCIE firewall and an external network.
Preferably, the PCIE interface includes PCIE3.0, PCIE4.0, or PCIE 5.0.
Preferably, the operating system comprises a Linux-like operating system.
Preferably, the network interface unit includes a 10GE ethernet interface, a 10GE SFP interface, or a 40GE QSFP interface.
Preferably, the multi-core NP processor comprises a 64-bit multi-core NP processor.
Preferably, the PCIE firewall further includes:
memory: the multi-core NP processor is electrically connected with the ASIC chip and the PCIE interface respectively;
a memory chip: and the multi-core NP processor is electrically connected with the ASIC chip and the multi-core NP processor respectively.
Preferably, the memory and storage chips are both cache chips.
Preferably, the PCIE firewall further includes:
the cipher operation main control unit: for data interaction with the multi-core NP processor;
a cryptographic operation chip; the password operation main control unit is electrically connected with the FPGA interface unit;
an FPGA interface unit: and the FPGA chip and the ASIC chip are used for data interaction.
Preferably, the PCIE firewall further includes:
the password operation chip is an SSX30-D chip or an SSX1510 chip.
Preferably, the PCIE firewall further includes:
the heat dissipation device comprises: the PCIE firewall is arranged in the PCIE firewall and used for dissipating heat of the PCIE firewall.
The utility model provides a PCIE prevents that hot wall constructs on multinuclear concurrency, high-speed hardware platform, adopts parallel operating system, very big promotion network data package's safety handling performance, improves data processing's speed and efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the technical solutions in the prior art will be briefly described below. In the drawings, elements or portions are not necessarily drawn to scale.
Fig. 1 is the utility model provides a hardware architecture diagram of firewall is prevented to PCIE.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and therefore are only examples, and the protection scope of the present invention is not limited thereby.
Example (b):
a PCIE firewall, see fig. 1, comprising:
PCIE interface 2: the data interaction and the safety protection between the PCIE firewall and the physical server are realized by being plugged in the physical server, and the PCIE firewall is deployed on at least one physical server;
specifically, fig. 1 shows a PCIE firewall fixed card slot for being plugged in a physical server. The PCIE interface comprises PCIE3.0/PCIE4.0/PCIE5.0, the rate supports 16GT/s, the PCIE firewall adopts a PCIE bus transmission mode, the PCIE bus is directly communicated with each processor, the method has the characteristics of high throughput and low delay, high-speed data processing is realized, and the application requirement of high-performance safety protection can be supported.
Multi-core NP processor 3: the PCIE interface is electrically connected with the PCIE interface and is used for running an operating system;
in particular, the multi-core NP processor may employ a Botong-specific multi-core (e.g., 64-core) NP processor or other special multi-core network processor. The operating system can adopt a Linux-like special operating system which is independently researched and developed.
And (5) an FPGA chip: the PCIE interface is electrically connected with the PCIE interface;
ASIC chip 6: the PCIE interface is electrically connected with the PCIE interface;
the network interface unit 8: and realizing data interaction between the PCIE firewall and an external network.
Specifically, the network interface unit supports communication protocols such as 10GE ethernet/10 GE SFP/40GE QSFP, and an intel network chip may be used, for example.
The PCIE firewall is constructed on a 64-bit multi-core concurrent and high-speed hardware platform, adopts a parallel operating system, performs multi-plane concurrent processing and is in close cooperation, and the safety processing performance of network data packets is greatly improved.
The PCIE firewall is deployed in a physical server, and the PCIE firewall is deployed by inserting a PCIE interface into a PCIE slot of the physical server.
Preferably, the PCIE firewall further includes:
and a memory 4: the multi-core NP processor is electrically connected with the ASIC chip and the PCIE interface respectively;
specifically, the memory may be implemented as a cache chip.
The memory chip 7: and the multi-core NP processor is electrically connected with the ASIC chip and the multi-core NP processor respectively.
In particular, the memory chip may employ a cache chip to implement the cache.
Preferably, the PCIE firewall further includes:
the cryptographic operation main control unit 9: for data interaction with the multi-core NP processor;
a cryptographic operation chip 10; the password operation main control unit is electrically connected with the FPGA interface unit;
FPGA interface unit 11: and the FPGA chip and the ASIC chip are used for data interaction.
In particular, the cryptographic operation master control unit may use a huaxin cryptographic operation master control unit. The cryptographic operation chip can use an SSX30-D chip and an SSX1510 chip to realize the SM1 algorithm and the SM2 algorithm. And the FPGA interface unit is used for system internal communication.
The hardware modules in the PCIE firewall also support flexible modular combination. For example, when the encryption function is not needed, the password operation main control unit, the password operation chip and the FPGA interface unit can be cut; when the cache is needed, a cache chip can be added; when more functions are required, a chip with higher integration can be provided. The PCIE firewall can also be added with radiating fins, radiating fans and the like to meet the radiating requirement under the condition of high-performance operation of the system.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the scope of the embodiments of the present invention, and are intended to be covered by the claims and the specification.
Claims (10)
1. A PCIE firewall, comprising:
a PCIE interface: the data interaction between the PCIE firewall and the physical server is realized through being plugged in the physical server, and the PCIE firewall is deployed on at least one physical server;
multi-core NP processor: the PCIE interface is electrically connected with the PCIE interface and is used for running an operating system;
an FPGA chip: the PCIE interface is electrically connected with the PCIE interface;
an ASIC chip: the PCIE interface is electrically connected with the PCIE interface;
a network interface unit: and realizing data interaction between the PCIE firewall and an external network.
2. The PCIE firewall of claim 1, wherein,
the PCIE interface comprises PCIE3.0, PCIE4.0 or PCIE 5.0.
3. The PCIE firewall of claim 1, wherein,
the operating system comprises a Linux-like operating system.
4. The PCIE firewall of claim 1, wherein,
the network interface unit comprises a 10GE Ethernet interface, a 10GE SFP interface or a 40GE QSFP interface.
5. The PCIE firewall of claim 1, wherein,
the multi-core NP processor includes a 64-bit multi-core NP processor.
6. The PCIE firewall of any one of claims 1-5, wherein the PCIE firewall further comprises:
memory: the multi-core NP processor is electrically connected with the ASIC chip and the PCIE interface respectively;
a memory chip: and the multi-core NP processor is electrically connected with the ASIC chip and the multi-core NP processor respectively.
7. The PCIE firewall of claim 6, wherein,
the memory and the storage chip are both cache chips.
8. The PCIE firewall of any one of claims 1-5, wherein the PCIE firewall further comprises:
the cipher operation main control unit: for data interaction with the multi-core NP processor;
a cryptographic operation chip; the password operation main control unit is electrically connected with the FPGA interface unit;
an FPGA interface unit: and the FPGA chip and the ASIC chip are used for data interaction.
9. The PCIE firewall of claim 8, wherein the PCIE firewall further comprises:
the password operation chip is an SSX30-D chip or an SSX1510 chip.
10. The PCIE firewall of any one of claims 1-5, wherein the PCIE firewall further comprises:
the heat dissipation device comprises: the PCIE firewall is arranged in the PCIE firewall and used for dissipating heat of the PCIE firewall.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202020545671.7U CN211378050U (en) | 2020-04-14 | 2020-04-14 | PCIE prevents hot wall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202020545671.7U CN211378050U (en) | 2020-04-14 | 2020-04-14 | PCIE prevents hot wall |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN211378050U true CN211378050U (en) | 2020-08-28 |
Family
ID=72157680
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202020545671.7U Active CN211378050U (en) | 2020-04-14 | 2020-04-14 | PCIE prevents hot wall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN211378050U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111541658A (en) * | 2020-04-14 | 2020-08-14 | 许艺明 | PCIE prevents hot wall |
| CN111541658B (en) * | 2020-04-14 | 2024-05-31 | 许艺明 | PCIE firewall |
-
2020
- 2020-04-14 CN CN202020545671.7U patent/CN211378050U/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111541658A (en) * | 2020-04-14 | 2020-08-14 | 许艺明 | PCIE prevents hot wall |
| CN111541658B (en) * | 2020-04-14 | 2024-05-31 | 许艺明 | PCIE firewall |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11080209B2 (en) | Server systems and methods for decrypting data packets with computation modules insertable into servers that operate independent of server processors | |
| US11467885B2 (en) | Technologies for managing a latency-efficient pipeline through a network interface controller | |
| CN110915173B (en) | Data processing unit for computing nodes and storage nodes | |
| US7634650B1 (en) | Virtualized shared security engine and creation of a protected zone | |
| US9678912B2 (en) | Pass-through converged network adaptor (CNA) using existing ethernet switching device | |
| US20220244999A1 (en) | Technologies for hybrid field-programmable gate array application-specific integrated circuit code acceleration | |
| US11909642B2 (en) | Offload of acknowledgements to a network device | |
| WO2019129167A1 (en) | Method for processing data packet and network card | |
| CN113614722A (en) | Process-to-process secure data movement in a network function virtualization infrastructure | |
| WO2015058699A1 (en) | Data forwarding | |
| WO2011009406A1 (en) | System and method for data processing | |
| EP3563534B1 (en) | Transferring packets between virtual machines via a direct memory access device | |
| Wu et al. | A transport-friendly NIC for multicore/multiprocessor systems | |
| CN116917853A (en) | network interface device | |
| WO2020000401A1 (en) | Transparent Encryption | |
| US20230071723A1 (en) | Technologies for establishing secure channel between i/o subsystem and trusted application for secure i/o data transfer | |
| Eran et al. | Flexdriver: A network driver for your accelerator | |
| CN116965004A (en) | Network interface device | |
| Dastidar et al. | Amd 400g adaptive smartnic soc–technology preview | |
| CN211378050U (en) | PCIE prevents hot wall | |
| Zang et al. | PROP: Using PCIe-based RDMA to accelerate rack-scale communications in data centers | |
| CN111541658B (en) | PCIE firewall | |
| US20230224261A1 (en) | Network interface device | |
| CN116917866A (en) | network interface device | |
| Song et al. | Research on High Performance IPSec VPN Technology Based on National Cryptographic Algorithms |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |