document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-04 22:00:34 +08:00
Code Issues Packages Projects Releases Wiki Activity
ca1a52a2f1
TranslateProject/sources/news/20220601 Google Makes Data Centre Scale Encryption Open Source.md

3.0 KiB
Raw Blame History

Google Makes Data Centre Scale Encryption Open Source

google-ranking-factors

Google has made open source an encryption scheme it developed to protect traffic between its data centres. PSP, which stands for PSP Security Protocol, was created to relieve Googles processors of the growing burden of software-based encryption, according to the company. PSP has been hailed as a success in the companys own environment, and the company has stated that it is “making PSP open source to encourage broader adoption by the community and hardware implementation by additional NIC [network interface card] vendors.”  PSP offloads encryption to NICs, which was previously possible with existing encryption schemes, but not at the scale or with the traffic coverage required by Google.

“At Googles scale,” the company wrote when announcing its decision, “the cryptographic offload must support millions of live transmission control protocol (TCP) connections and sustain 100,000 new connections per second at peak.”

Existing security protocols, according to Google Clouds Amin Vahdat and Soheil Hassas Yeganeh, had flaws. “While TLS meets our security requirements, it is not an offload-friendly solution because of the tight coupling between the connection state in the kernel and the offload state in hardware. TLS also does not support non-TCP transport protocols, such as UDP”, they stated.

However, the IPSec protocol cannot be offloaded to hardware at the required scale. “IPSec … cannot economically support our scale partly because they store the full encryption state in an associative hardware table with modest update rates,” the post explains.

Google added a custom header and trailer to standard User Datagram Protocol (UDP) encapsulation to create PSP. PSP is currently implemented in three ways: one for Googles Andromeda Linux virtualisation kernel, one for its Snap networking system, and an application-layer version, SoftPSP, created so Google Cloud customers could use PSP on computers with traditional NICs.

via: https://www.opensourceforu.com/2022/06/google-makes-data-centre-scale-encryption-open-source/

作者:Laveesh Kocher 选题:lkxed 译者:译者ID 校对:校对者ID

本文由 LCTT 原创编译,Linux中国 荣誉推出