The development of network technologies, especially the generation of 10 Gigabit Ethernet poses increasingly higher requirements on Layer 4 through Layer 7 processing performance of network security devices. To this end, a high-performance and scalable flow processing system architecture was introduced, as shown in FIG. 1. However, how to ensure the security of the main CPU and thus ensure the security of the internal network is an urgent problem for the architecture.
The main CPU of an existing switch or router processes the packets received by an interface of the main board as follows: The interface directly sends a received packet to the main CPU of the local main board through the interface processing unit, and the main CPU sends out the packet through an interface of the main board.
The high-performance and scalable flow processing system architecture can also implement main CPU communication by using the above solutions provided by the existing switches or routers. This method features simple implementation and high processing performance in packet receiving and transmitting. However, when this method is applied to security products, especially to the high-end security products in the 10 Gigabit Ethernet networks, the main CPU may be attacked by heavy and high-speed traffic. Therefore, the existing technical solutions cannot ensure the security of the main CPU. A new packet receiving and transmitting solution is in demand for the high-performance and scalable flow processing system architecture.