高性能和安全是计算机网络研究的两个主要问题。路由器在保证转发性能的前提下提供网络安全保护已经成为当前的研究热点。文章介绍了在完成国家"八六三"计划重大课题"高性能安全路由器"的过程中解决的若干关键技术问题。高性能安全路由器BW7000基于自主设计的高性能路由器操作系统HEROS。为保证高性能的路由转发，设计实现了基于RAM的高性能路由查找算法；为支持服务质量控制和安全管理，设计实现了基于无冲突Hash-Trie树的分组分类算法和基于反馈的分布式分组调度算法；为保证网络安全，提出了基于分布式密钥管理的路由器安全体系结构。

High performance and security are hot areas of the research of Internet. How to provide security protection but not decrease the forwarding performance is a hot research topic currently. This paper is based on the research of the high performance security router, a key project of national high technology research and development plan. Operating system (HEROS) of the high performance router BW7000 was developed independently. In order to provide high performance IP packets forwarding, a high performance routing lookup algorithm based on RAM was developed. A novel classification algorithm based on non-collision Hash-Trie-tree and an algorithm based on distributed packet fair queuing with feedback mechanism weve designed and impemented to support QoS control and security management. In order to secure the network, a router security architecture based on distributed key management was proposed.