目录

文章目录

  • 目录
  • VPP/IPSec
  • Configuration
  • Use case 1
    • HTTP Server configuration
    • strongSwan initiator configuration
    • Setting up the VPP responder
    • Launch IKEv2 negotiation(协商)
    • Routing traffic through ipsec0 interface on the VPP responder
    • Verify connectivity and encryption
  • Use case 2
    • strongSwan responder
    • VPP initiator
  • Use case 3
    • VPP Responder(被动)
      • 接口配置
      • IKEv2 配置
    • VPP Initiator(主动)
      • 接口配置
      • IKEv2 配置
  • TS

VPP/IPSec

官方文档:https://wiki.fd.io/view/VPP/IPSec_and_IKEv2

Features 简述

  • Payload Types:Security Association (SA)
  • Encryption Algorithm:AES-CBC (128/192/256)
  • Integrity Algorithm:HMAC-SHA1-96
  • Pseudo-random Function:HMAC-SHA1
  • Diffie-Hellman Group:2048bit MODP
  • ID Types:IPv4 address
  • Authentication Method:Authentication Method
  • Traffic Selector Types:IPv4 address range
  • Security Protocol Identifiers:ESP

Configuration

  • Profile creation
# 创建一个 IKEV2 Profile
# ikev2 profile [add|del] <id>
ikev2 profile add profile1
  • Authentication
# 设置预共享密钥认证方式
# ikev2 profile set <id> auth [rsa-sig|shared-key-mic] [cert-file|string|hex] <data>
ikev2 profile set profile1 auth shared-key-mic string Vpp123
# or
ikev2 profile set profile1 auth shared-key-mic hex abcd1234
# or
ikev2 profile set profile1 auth rsa-sig cert-file /home/localadmin/certs/server-cert.pem
set ikev2 local key /home/localadmin/certs/client-key.pem
  • ID
# 设置 IPsec 标识。
# ikev2 profile set <id> id <local|remote> <type> <data>
ikev2 profile set profile1 id remote ip4-addr 192.168.123.20
# or
ikev2 profile set profile1 id local fqdn vpp.home
# or
ikev2 profile set profile1 id local key-id 0xabcd
# or
ikev2 profile set profile1 id local rfc822 vpp@vvp.home
  • Traffic Selector
# 设置 Local IP 地址和 Remote IP 地址
# ikev2 profile set <id> traffic-selector <local|remote> ip-range <start-addr> - <end-addr> port-range <start-port> - <end-port> protocol <protocol-number>
ikev2 profile set profile1 traffic-selector local ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
ikev2 profile set profile1 traffic-selector remote ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0

Use case 1

  • IKEv2 negotiation between a VPP responder and a strongSwan initiator, using Pre-Shared Key authentication method.
  • strongSwan client will reach the HTTP Server going through the VPP gateway securely.
  • The communication will be encrypted between strongSwan initiator and VPP responder.
             --------------                -------------                 -------------|            | 192.168.4.0/24 |           | 192.168.5.0/24  |           |192.168.3.1 X strongSwan X================X    VPP    X=================X    HTTP   || Initiator  |.1            .2| Responder |.2             .1|   Server  |--------------                -------------                 -------------

HTTP Server configuration

ip link set dev enp5s0f0 up
ip address add 192.168.5.1/24 dev enp5s0f0
ip route add 192.168.3.0/24 via 192.168.5.2

strongSwan initiator configuration

  • Global settings
ip link add name loop1 type dummy
ip link set dev loop1 up
ip address add 192.168.3.1/24 dev loop1ip link set dev enp5s0f0 up
ip address add 192.168.4.1/24 dev enp5s0f0ip route add 192.168.5.0/24 via 192.168.4.2
  • Setting up strongSwan
$ vi /etc/ipsec.confconfig setupstrictcrlpolicy=noconn %defaultike=aes256-sha1-modp2048!esp=aes192-sha1-esn!mobike=nokeyexchange=ikev2ikelifetime=24hlifetime=24hconn net-netright=192.168.4.2rightsubnet=192.168.5.0/24rightauth=pskrightid=@vpp.homeleft=192.168.4.1leftsubnet=192.168.3.0/24leftauth=pskleftid=@roadwarrior.vpn.example.comauto=start$ vi /etc/ipsec.secrets: PSK "Vpp123"

Setting up the VPP responder

set interface state TenGigabitEthernet4/0/0 up
set interface ip address TenGigabitEthernet4/0/0 192.168.4.2/24
set interface state TenGigabitEthernet5/0/0 up
set interface ip address TenGigabitEthernet5/0/0 192.168.5.2/24ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home
ikev2 profile set pr1 id remote fqdn roadwarrior.vpn.example.com
ikev2 profile set pr1 traffic-selector local ip-range 192.168.5.0 - 192.168.5.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.3.0 - 192.168.3.255 port-range 0 - 65535 protocol 0 vpp# show ikev2 profile
profile pr1auth-method shared-key-mic auth data Vpp123local id-type fqdn data vpp.homeremote id-type fqdn data roadwarrior.vpn.example.comlocal traffic-selector addr 192.168.5.0 - 192.168.5.255 port 0 - 65535 protocol 0remote traffic-selector addr 192.168.3.0 - 192.168.3.255 port 0 - 65535 protocol 0

Launch IKEv2 negotiation(协商)

vpp# ipsec restartvpp# show interface Name               Idx       State          Counter          Count
TenGigabitEthernet4/0/0           1         up       rx packets                     5rx bytes                    1426tx packets                     4tx bytes                     766drops                          2ip4                            3
TenGigabitEthernet5/0/0           5         up
ipsec0                            9        down
local0                            0        down      vpp# show ikev2 sa iip 192.168.4.1 ispi f40329997e6563dd rip 192.168.4.2 rspi 984e52c554274bc6encr:aes-cbc-256 prf:hmac-sha1 integ:sha1-96 dh-group:modp-2048 nonce i:255224a51f9466c127a38dbc8a02d26aef126b761cffd226ce50e913fc924401r:5b753c202b6e3ea60f0bfe10bf0bee86fb882c4fd686934de4e19053b9c17e57SK_d    bee5291d974f8119af474620f9ec70a51704a422SK_a  i:54cee37b588e7a91c3ddac4b28eae7cd02ca3592r:e236ab21a5403cbb381d0f33431600ad1fe1cc6eSK_e  i:dca8461456b9b02050d5fa5d73ec57d5159e6f3dade91aac57c2a4c2a6c95b48r:d477f31b2d7befc557b8b14aea7101aedd43eb90cc028ab540f03dce762fda42SK_p  i:1f169c5abc7fef5e863bbc8f9aa2d973548ead8fr:07fb9076ad5a47bd715677c60e1dadf7831c5af0identifier (i) fqdn roadwarrior.vpn.example.comidentifier (r) fqdn vpp.homechild sa 0:encr:aes-cbc-192 integ:sha1-96 esn:yes spi(i) c0b24047 spi(r) 63199535SK_e  i:7ee71f3b1168b19b656e39575e985466fa86a71f802d55e6r:2e43283551a2408a1b8ebf16769d748118e439f2591ab562SK_a  i:ab331c5718cc21811e8bd35313a17c6149d0a7f4r:6111429868ff314520d43c12523b23f06e6f9e7dtraffic selectors (i):0 type 7 protocol_id 0 addr 192.168.3.0 - 192.168.3.255 port 0 - 65535traffic selectors (r):0 type 7 protocol_id 0 addr 192.168.5.0 - 192.168.5.255 port 0 - 65535iip 192.168.4.1 ispi f40329997e6563dd rip 192.168.4.2 rspi 984e52c554274bc6

协商成功后会创建一个逻辑 Interface:ipsec0。

vpp# show ipsec
tunnel interfacesipsec0 seqseq 0 seq-hi 0 esn 1 anti-replay 1local-spi 3232907335 local-ip 192.168.4.2local-crypto aes-cbc-192 2e43283551a2408a1b8ebf16769d748118e439f2591ab562local-integrity sha1-96 6111429868ff314520d43c12523b23f06e6f9e7dlast-seq 0 last-seq-hi 0 esn 1 anti-replay 1 window 0000000000000000000000000000000000000000000000000000000000000000remote-spi 1662620981 remote-ip 192.168.4.1remote-crypto aes-cbc-192 7ee71f3b1168b19b656e39575e985466fa86a71f802d55e6remote-integrity sha1-96 ab331c5718cc21811e8bd35313a17c6149d0a7f4

Routing traffic through ipsec0 interface on the VPP responder

通过 ipsec0 这个逻辑 Interface 来路由需要进行 IPSec 加密的流量。

# 1. using a dummy IP address.
set interface state ipsec0 up
set interface ip address ipsec0 11.11.11.11/32# 2. add route.
ip route add 192.168.3.0/24 via 11.11.11.11 ipsec0# 3. binding logical and physical interfaces
ip route add 192.168.3.0/24 via ipsec0
set interface state ipsec0 up
set interface unnumbered ipsec0 use TenGigabitEthernet4/0/0

Verify connectivity and encryption

从 Client 访问 HTTP Server,并在 IPSec Endpoint 上进行 tcpdump 抓包。

wget --bind-address=192.168.3.1 192.168.5.1/index.html

Use case 2

  • VPP initiator
  • strongSwan responder

strongSwan responder

  • 配置
$ /etc/strongswan/ipsec.confconfig setupstrictcrlpolicy=no
conn %defaultmobike=nokeyexchange=ikev2ikelifetime=24hlifetime=24h
conn net-netleft=192.168.1.1leftsubnet=172.18.22.0/24leftauth=pskleftid=@sun.homeright=192.168.1.24rightsubnet=172.20.231.0/24rightauth=pskrightid=@moon.homeauto=add$ vi /etc/strongswan/ipsec.secrets: PSK "Vpp123"
  • 启动
$ systemctl restart strongswan$ strongswan status
Security Associations (0 up, 0 connecting):none

VPP initiator

  • 配置
set int state VirtualFunctionEthernet0/8/0 up
set int ip address VirtualFunctionEthernet0/8/0 192.168.1.24/24ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string upf123
ikev2 profile set pr1 id local fqdn moon.home
ikev2 profile set pr1 id remote fqdn sun.homeikev2 profile set pr1 traffic-selector local ip-range 172.20.231.0 - 172.20.231.254 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 172.18.22.0 - 172.18.22.254 port-range 0 - 65535 protocol 0ikev2 profile set pr1 responder VirtualFunctionEthernet0/8/0 192.168.1.1
ikev2 profile set pr1 ike-crypto-alg aes-cbc 128 ike-integ-alg sha1-96 ike-dh modp-2048
ikev2 profile set pr1 esp-crypto-alg aes-cbc 128 esp-integ-alg sha1-96 esp-dh modp-2048# sa-lifetime <seconds> <jitter> <handover> <max bytes>.
ikev2 profile set pr1 sa-lifetime 3600 10 5 0
  • 初始化 SA
$ show ikev2 profile$ ikev2 initiate sa-init pr1
  • 查看 VPP SA 状态
$ show ikev2 saiip 192.168.1.24 ispi 71bc27df5bb8f6e9 rip 192.168.1.1 rspi 2a61bce4398c804encr:aes-cbc-128 prf:hmac-sha2-256 integ:sha1-96 dh-group:modp-2048nonce i:a440a2cdcbfe83871b8f450caa27f53f6524ce501f34dac17bc7d6c86beb804fr:bfb27a66e624983caaabf32ba8863d2597ec5b7e6cb8e8ec3cb32101d72d209bSK_d    aca25855a1b95b833be862f831f2755f6d510d084cc9e920e376ff5eeabd0726SK_a  i:24b5a188c57c5e7eb5caddceeb678866d24afe27r:e6feca2ac5e629665eef41971f5aa6f0dbb52989SK_e  i:6b3ee75566695ae7fde1cbc985c02b56r:cab1913cb6c890a39e473abf2702a1e5SK_p  i:c4e14ff2884a1141f63c995c7ea0038a2657d99be1edb78b0ab6232df1e4d532r:587d9827951ff4e0c9ae694cd6bc10cc1d2e8a48720d56daf85ecea1c3fe8021identifier (i) fqdn moon.homeidentifier (r) fqdn sun.homechild sa 0:encr:aes-cbc-128 integ:sha1-96 esn:nospi(i) cee0127 spi(r) c59959c0SK_e  i:a79f06470868e9893a270719fe19362dr:429b0b22e060663afd1450207ee7efa7SK_a  i:f0980c73941f9e5e066bf8b5f127951b24296822r:10b8eeb52f1c8dc74666982c75ac0f5def558943traffic selectors (i):0 type 7 protocol_id 0 addr 172.20.231.0 - 172.20.231.254 port 0 - 65535traffic selectors (r):0 type 7 protocol_id 0 addr 172.18.22.0 - 172.18.22.254 port 0 - 65535iip 192.168.1.24 ispi 71bc27df5bb8f6e9 rip 192.168.1.1 rspi 2a61bce4398c804
  • 查看 strongswan SA 状态
$ strongswan status
Security Associations (1 up, 0 connecting):net-net[1]: ESTABLISHED 5 minutes ago, 192.168.1.1[sun.home]...192.168.1.24[moon.home]net-net{1}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: c59959c0_i 0cee0127_onet-net{1}:   172.18.22.0..172.18.22.254 === 172.20.231.0..172.20.231.254
  • 配置网络流量
set int state ipip0 up
set interface ip address ipip0 11.11.11.11/32
ip route add 172.18.22.0/24 via 11.11.11.11 ipip0
set int unnumbered ipip0 use VirtualFunctionEthernet0/8/0

Use case 3

示例;VPP1 主动发起 IKEv2 协商(VPP/IPSec 目前仅支持 IKEv2)并建立 IPSec 隧道,VPP2 被动和 VPP1 建立 IPSec 隧道。PC1 ping PC2,可以 ping 通,抓包可以看到报文进行封装发送。

VPP Responder(被动)

接口配置

set int state GigabitEthernet2/2/0 up
set int ip address GigabitEthernet2/2/0 11.0.0.1/24set int state GigabitEthernet2/3/0 up
set int ip address GigabitEthernet2/3/0 10.66.0.2/24

IKEv2 配置

ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp2.home
ikev2 profile set pr1 id remote fqdn vpp1.homeikev2 profile set pr1 traffic-selector local ip-range 11.0.0.0 - 11.0.0.254 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 10.0.0.0 - 10.0.0.254 port-range 0 - 65535 protocol 0# 查看 IKEv2 配置
show ikev2 profile# 查看 IKEv2 协商结果
show ikev2 sa# 启用 IPSec 接口
set int state ipsec0 up# 路由引到 IPSec 接口
ip route add 10.0.0.0/24 via ipsec0# IPSec 接口绑定物理接口
set int unnumbered ipsec0 use GigabitEthernet2/3/0

VPP Initiator(主动)

接口配置

set int state GigabitEthernet2/1/0 up
set int ip address GigabitEthernet2/1/0 10.66.0.1/24set int state GigabitEthernet2/4/0 up
set int ip address GigabitEthernet2/4/0 10.0.0.1/24

IKEv2 配置

ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp1.home
ikev2 profile set pr1 id remote fqdn vpp2.homeikev2 profile set pr1 traffic-selector local ip-range 10.0.0.0 - 10.0.0.254 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 11.0.0.0 - 11.0.0.254 port-range 0 - 65535 protocol 0# 设置 Remote responder IP 地址及协商对应的网络接口
# ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set pr1 responder GigabitEthernet2/1/0 10.66.0.2# 设置 IKE 秘钥套件和 ESP 秘钥套件,可以只在请求秘钥协商方添加秘钥套件。
# ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set pr1 ike-crypto-alg aes-cbc 128 ike-integ-alg sha1-96 ike-dh modp-1024
# ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set pr1 esp-crypto-alg aes-cbc 128 esp-integ-alg sha1-96 esp-dh modp-1024# 设备 IKE SA 的生命周期。
ikev2 profile set pr1 sa-lifetime 3600 10 5 0# 发起 IPSec 协商请求
# ikev2 initiate sa-init <profile id>
ikev2 initiate sa-init pr1# 查看 IKEv2 配置
show ikev2 profile# 查看 IKEv2 协商结果
show ikev2 sa# 启用 IPSec 接口
set int state ipsec0 up# 路由引到 IPSec 接口
ip route add 11.0.0.0/24 via ipsec0# IPSec 接口绑定物理接口
set int unnumbered ipsec0 use GigabitEthernet2/1/0

TS

SA 建立失败,因为新版本的 strongswan > 5.6.1 删除了一些弱类型的密码,所以当 VPP 再使用这些弱类型密码时候就会导致 SA 建立失败。可以通过查看 strongswan log 发现这一点:received proposals 与 configured proposals 没有交集。

Apr 20 21:30:47 11[CFG] <1> received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA2_256/MODP_2048
Apr 20 21:30:47 11[CFG] <1> configured proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/CHACHA20_POLY1305/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Apr 20 21:30:47 11[CFG] <1> selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA2_256/MODP_2048

FD.io/VPP — IPSec相关推荐

  1. FD.io/VPP — IPSec NAT-T

    目录 文章目录 目录 NAT-T NAT-T 目前 VPP 20.09 支持两种 IPSec NAT-T(udp-encap)设置方式: 支持静态配置方式(create ipsec tunnel)的 ...

  2. FD.io/VPP — Overview

    目录 文章目录 目录 FD.io VPP FD.io 官网:https://fd.io FD.io(Fast data – Input/Output)是 Linux 基金会下属的一个开源项目,成立于 ...

  3. FD.io VPP 20.09版本正式发布:往期VPP文章回顾+下载地址+相关链接

    目录 下载RPM/DEB包 往期文章回顾与推荐 FD.io是一些项目和库的集合,基于DPDK并逐渐演化,支持在通用硬件平台上部署灵活可变的业务.FD.io为软件定义基础设施的开发者提供了一个通用平台, ...

  4. 关于FD.io VPP的最新消息

    Table of Contents CuVPP:软件数据平面中基于过滤器的最长前缀匹配 快速数据项目的矢量包处理器(VPP)版本20.05 2020年打破神话的DPDK 在商品硬件上使用Calico ...

  5. FD.io VPP 20.05 官方文档 总目录:用户文档+开发文档+命令行

    https://docs.fd.io/vpp/20.05/index.html Vector Packet Processing FD.io VPP ▼Vector Packet Processing ...

  6. FD.io VPP 使用场景-用例

    目录 路由器/通用CPE等 宽带网络网关 云负载均衡器 入侵防御系统 部署模型 离散电器 虚拟网络功能 FD.io是一种联网技术,可用于构建网络功能星系.如今,一些主要的通信网络提供商和设备制造商正在 ...

  7. FD.io/VPP — 常用指令集合

    目录 文章目录 目录 前言 System Level Interface Add NIC into VPP as Interface Interface State Hardware Interfac ...

  8. FD.io VPP:探究分段场景下vlib_buf在收发包的处理(dpdk_plugin.so)、rte_mbuf与vlib_buf 关系

    Table of Contents rte_mbuf.vlib_buf 关系及内存分布 使用dpdk-收包接口函数 使用dpdk 发包接口函数 总结 参考阅读 在使用vpp老版本copy报文的时候,经 ...

  9. FD.io VPP:vlib buffer pool(vlib_buffer) 内存初始化

    Table of Contents vlib buffer创建过程 vlib_buffer相关内存初始化 1.函数一开始就查询numa的个数 2.遍历numa节点来初始化 3.查询系统大页大小. 4. ...

最新文章

  1. UA OPTI570 量子力学33 Time-dependent Perturbation基础
  2. [Part 3]API对接,这些坑你一定掉过!
  3. Little Sub and Enigma
  4. Java命令行界面(第21部分):航空公司2
  5. [react] React中你有使用过propType吗?它有什么作用?
  6. static在php中,php中static关键字在类中的使用
  7. 内核并发控制---互斥量(来自网易)
  8. 一次FastDFS并发问题的排查经历
  9. java实现zlib压缩解压缩:文件、byte[]字节数组,数据流
  10. 80年代的海外经典动画片引进25周年纪念【转】
  11. foxmail6.5+易邮邮件服务器搭建局域网邮件收发系统(完整版包含测试)
  12. opendrive简介
  13. java开发规范-控制语句
  14. outlook 2010 设置签名
  15. 华为鸿蒙 OS 2.0 系统流畅度实测:差距到底多大?
  16. 31岁才转行程序员,现在34了,我来说说我的经历和一些感受吧...
  17. DirectX(dll)修复软件推荐4.2增强版
  18. 黑莓管理器6.0_BlackBerry Java SDK 7.0 Beta发布
  19. 接口(基本接口和函数式接口)
  20. java企业车辆管理系统_基于jsp的企业车辆管理系统-JavaEE实现企业车辆管理系统 - java项目源码...

热门文章

  1. Xamarin XAML语言教程将XAML设计的UI显示到界面
  2. iOS10 UI设计基础教程
  3. python超级计算机_Python高性能计算库——Numba
  4. 量子计算机个人化时间,科学家发现量子算法可以停止时间
  5. 基于深度学习网络的运动想象BCI系统及其应用
  6. Nilearn教程系列(3)-ICA静息功能磁共振成像的分组分析:CanICA
  7. 为了杀蚊子,这位博士用树莓派DIY了一把激光枪,网友:伤到人怎么办?
  8. iPad Pro变生产力工具,你还缺这个轻量级浏览器端代码编辑器
  9. 七年终登Science封面:最强大脑皮层神经网络重建,揭示迄今哺乳动物最大神经线路图...
  10. 神经网络在Keras中不work!博士小哥证明何恺明的初始化方法堪比“CNN还魂丹”...