A secure communication mechanism based on path identification encryption is proposed in CoLoR architecture to en-hance the network security.A CoLoR border router is designed and developed to verify the feasibility and correctness of the CoL-oR architecture.The border realized the processing and forwarding of request packets,data packets and control packets.A proto-type system is built to test various performances of this mechanism on border routers,including handling capacity,flooding at-tacks defense.The result shows that the secure communication mechanism can effectively prevent DDOS flooding attacks with few impact on the performance of the border routers.%为提高网络安全性,CoLoR架构提出了一种基于路径标识加密的安全通信机制.为验证CoLoR架构的可行性和正确性,设计并开发了CoLoR架构中的边界路由器,实现了对请求包、数据包和控制包的处理和转发.搭建原型系统,测试了路径标识加密机制对边界路由器吞吐量的影响和对DA T A包泛洪攻击的防范效果.结果表明,该机制可以有效防御DDOS数据包泛洪攻击,并且对边界路由器性能的影响非常小.
展开▼