IPv6 firewall design system to build a comprehensive security protection network

1 Introduction

Among many network security facilities, firewalls are effective and important network security devices. They screen and shield network communications to prevent unauthorized access to and from computer networks. The firewall is a security barrier between the trusted network and the untrusted network. Its core task is to manage and control the traffic entering and leaving the network. It can intercept and process the data packets transmitted midway, and then communicate with the previously defined Compare the security policy rules, and finally decide to forward or drop the packet. The traditional firewall is usually located at the boundary of a section of the network. It can well filter the access of external users to the internal network, but it is powerless to attack the internal network. In response to this problem, there have been many researches on new firewalls in recent years, such as distributed firewall systems and embedded firewall systems. The purpose of these systems is to extend the boundaries of the firewall so that it can spread across every terminal device on the network and build a comprehensive security protection network.

Most existing firewall systems are developed for IPv4. Due to insufficient IPv4 address space and poor security, it is a general trend to upgrade existing networks to IPv6. As the foundation of the next generation network, IPv6 is widely recognized for its massive address space and strong security features, so it is necessary to study firewalls that support IPv6 protocol.

The embedded IPv6 firewall designed with Intel Xscale IXP425 as the core processor achieves dynamic filtering of data packets in the network. However, its cost is relatively high, and the strong network processing performance of IXP425 cannot be fully exerted in the application of network terminals.

The embedded firewall based on U disk is easy to use and novel in design, but it needs to be attached to the x86 computer hardware platform, and the reliability of the U disk is poor, so it is not suitable for long-term use.

The general-purpose ARM processor has higher cost performance and more software support, and has been widely used in various fields of production and life. This paper designs and implements an embedded IPv6 firewall system based on S3C2440 by analyzing and researching the IPv6 protocol, IPv6 security mechanism and firewall technology, and combining the characteristics of existing firewalls. The embedded IPv6 firewall based on S3C2440 is introduced from the aspects of hardware design, software design and core module design.

2 Hardware design of embedded IPv6 firewall

The hardware design of the embedded IPv6 firewall is shown in Figure 1. The main control chip uses Samsung's 32-bit embedded processor S3C2440. The processor uses ARM920T RISC as the core and the standard operating frequency is 400MHZ (maximum operating frequency: 533MHZ) , Computing power is 450MIPS, with strong processing power.

Figure 1 Embedded IPv6 firewall hardware block diagram

Figure 1 Embedded IPv6 firewall hardware block diagram

The S3C2440 processor has a complex internal structure and powerful functions, and many hardware resources are integrated on-chip. Such as: external storage controller, USB interface, UART interface, internal timer, 130 general-purpose I / O interfaces, 24-channel external interrupt source, etc. Such rich interface resources can easily realize the expansion of hardware circuits. In addition, S3C2440 supports ARM920T's powerful instruction set system, with an independent memory management unit (MMU), supports NAND Flash boot guidance, and can easily implement the transplantation of Bootloader and embedded operating system.

The storage unit of the system mainly includes SDRAM memory and Flash memory. SDRAM provides memory space for the operation of system programs. This system uses two HY57V561620FTP-H (32M) in parallel with a capacity of up to 64MB. Flash is used to store programs. Flash is divided into NOR type and NAND type. The NOR Flash process is complex and costly. Its advantage is that it can execute application programs on-chip, and it is mostly used for the bootloader of the storage system. NAND Flash has extremely high storage density and fast write and erase speeds and low cost, and is suitable for storing large-capacity data and files. Considering that S3C2440 supports NAND Flash booting, this system uses K9F1208U0M-YCB0 (64MB) NAND Flash as the system's Flash memory.

The system's Ethernet interface unit uses two 10M / 100M adaptive Ethernet controllers DM9000A. The DM9000A chip is a low-power, highly integrated, low-cost single-chip fast Ethernet chip developed by DEVICOM. It is widely used in the field. It integrates the physical layer interface (PHY), Ethernet media media access controller (MAC) and external processor bus interface. The working voltage of 3.3V reduces the power consumption of the system. The high integration of DM9000A simplifies the hardware design of the system's Ethernet circuit, and is particularly suitable as a network interface for embedded IPv6 firewall.

Various products of Mini Usb Flash Drive/Micro USB Flash Drive/Small Usb Flash Drive, including Mini USB Flash Drives bulk cheap, Mini USB Flash Drive Pen Drive, Mini USB Flash Drives 2.0, Mini USB Flash Drive Metal, Mini USB Flash Drive 16gb, Super Mini USB Flash Drive and so on. Some Mini USB Flash Drives with keychain, keyring, ballring. We also providing product images and basic parameters with each Mini USB Flash Drives Manufacturer and Mini USB Flash Drives;


Mini USB Flash Drive

Mini USB Flash Drive is An ideal way to store all your pictures, documents, music and videos. Mini USB Flash Drive Can act as a wonderful gift for your friends and families and A great way to distinguish your masses of USB flash drives from each other as our cute USB come in a variety of variations for every day use. 

Mini USB Flash Drive

  • Compatibility: Desktop, Laptop, Macintosh, Tablet, Speakers all with USB1.0 and 2.0.
  • Operating System : Windows7/Vista/XP/2000/ME/NT/98,Linux (Sometimes incompatible with Mac OS 9.X/Linux2.4)
  • Fine choice for advertisement allow to print LOGOs and advertisement.
  • Very Low Power Consumption, durable solid-state storage.
  • Small and exquisite design brings much convenience.
We are a professional Chinese manufacturer of Mini USB Flash Drives, and look forward to your cooperation!

Mini USB Flash Drive

Mini Usb Flash Drive

Mini Usb Flash Drive,Oem Mini Usb Flash Drive,Plastic Mini Usb Flash Drive,Colorful Mini Usb Flash Drive

Reteck Storage Device Co., Ltd. , https://www.reteck.com