Design and Implementation of Supporting IPv6 Protocol Firewall Based on S3C2440 Processor
Among many network security facilities, firewalls are effective network security devices that filter and shield network traffic to prevent unauthorized access to and from the computer network. A firewall is a security barrier between a trusted network and an untrusted network. Its core task is to manage and control traffic to and from the network. It can intercept and process packets transmitted midway, and then define them in advance. The security policy rules are compared and eventually decided to forward or drop the packet. A traditional firewall is usually located at the edge of a network. It can filter external users' access to the internal network, but it can't do anything against the internal network. In response to this problem, there have been many researches on new types of firewalls in recent years, such as distributed firewall systems and embedded firewall systems. The purpose of these systems is to extend the boundaries of the firewall so that it can be deployed across every terminal device in the network to create a comprehensive security network.
Most existing firewall systems are developed for IPv4. Due to insufficient IPv4 address space and poor security, upgrading existing networks to IPv6 is an irresistible trend. As the basis of the next generation network, IPv6 is widely recognized for its massive address space and strong security features. Therefore, it is necessary to study the firewall supporting IPv6 protocol.
The embedded IPv6 firewall designed with Intel Xscale IXP425 as the core processor better implements dynamic filtering of data packets in the network. However, its cost is high, and the strong network processing performance of the IXP425 cannot be fully utilized in the application of the network terminal.
The embedded disk based on U disk is easy to use and novel in design, but it needs to be attached to the x86 computer hardware platform, and the reliability of the U disk is poor, which is not suitable for long-term use.
The general-purpose ARM processor has high cost performance and more software support, and has been widely used in various fields of production and life. Based on the analysis and research of IPv6 protocol, IPv6 security mechanism and firewall technology, combined with the characteristics of existing firewalls, this paper designs and implements an embedded IPv6 firewall system based on S3C2440. The S3C2440-based embedded IPv6 firewall is introduced from the aspects of hardware design, software design and core module design.
2 Hardware design of embedded IPv6 firewallThe hardware design of the embedded IPv6 firewall is shown in Figure 1. The main control chip adopts Samsung's 32-bit embedded processor S3C2440. The processor is based on ARM920T RISC, and the standard operating frequency is 400MHz (the highest operating frequency: 533MHZ). With a computing power of 450 MIPS, it has strong processing power.
Figure 1 Embedded IPv6 firewall hardware block diagram
The internal structure of the S3C2440 processor is complex and powerful, and many hardware resources are integrated on the chip. Such as: external memory controller, USB interface, UART interface, internal timer, 130 general-purpose I / O interface, 24 channel external interrupt source. Such a rich interface resource can easily realize the expansion of hardware circuits. In addition, S3C2440 supports ARM920T powerful instruction set system, with independent memory management unit (MMU), supports NAND Flash boot boot, and can easily realize the transplantation of bootloader and embedded operating system.
The storage unit of the system mainly includes SDRAM memory and Flash memory. SDRAM provides memory space for the operation of the system program. The system uses two HY57V561620FTP-H (32M) parallel, the capacity can reach 64MB. Flash is used to store programs, and Flash is divided into NOR type and NAND type. The NOR-type Flash process is complex and costly. Its advantage is that it can execute applications on-chip, and is often used as a bootloader bootloader for storage systems. NAND-type Flash has a very high storage density and fast write and erase speeds and is low cost, suitable for storing large amounts of data and files. Considering that S3C2440 supports NAND Flash boot boot, this system uses K9F1208U0M-YCB0 (64MB) NAND flash as the system's Flash memory.
The system's Ethernet interface unit uses two 10M/100M adaptive Ethernet controllers. The DM9000A.DM9000A chip is a low-power, highly integrated, low-cost single-chip Fast Ethernet chip developed by DEVICOM. It is widely used in the field. It integrates a physical layer interface (PHY), an Ethernet media media access controller (MAC), and an external processor bus interface. The 3.3V operating voltage reduces the power consumption of the system. The high integration of the DM9000A simplifies the hardware design of the system's Ethernet circuitry and is ideally suited as a network interface for embedded IPv6 firewalls.
G1000 Oil Mud Pump,G500 Oil Mud Pump,G800 Oil Mud Pump,Oil Mud Pump For Oil Field
Jinan Guohua Green Power Equipment Co.,Ltd. , https://www.guohuagenerator.com