LVS集群技术在防火墙系统中的研究与应用

发布时间：2018-03-22 01:41

本文选题：负载影响因子　切入点：阻滞增长　出处：《电子科技大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着网络应用的飞速发展,用户对信息安全、网络服务质量等都提出了越来越高的要求。对强安全、高数据吞吐率、高可靠性的防火墙技术的研究要求也越来越迫切。集群防火墙由于具有技术成熟、实现简单以及硬件投资少等特性,已广泛应用于中小企业安全领域,集群防火墙的负载均衡技术与过滤规则性能的优劣直接影响了集群防火墙系统的最终性能。本论文正是针对上述问题,以高可靠性的集群技术及其在防火墙的应用为主要的研究对象,在深入分析目前集群理论和技术原理的基础上,对集群负载均衡技术和负载均衡算法进行了详尽的讨论和研究。主要内容有:1.通过研究分析影响服务节点性能内外因素,引入负载影响因子概念。不同的负载因其特性不同,对服务节点的计算能力、存储能力及输入输出能力要求不同。通过对网络负载特征信息的提取,计算该负载对服务节点的影响因子。2.分析Logistic模型的阻滞增长特性,实现服务节点有限资源与无限增长服务申请的平衡。服务节点在轻负载率时,节点性能不会随着负载的增长而下降,当负载量超过Logistic模型增长拐点时,增长的负载会使节点性能呈指数下降。为负载均衡策略提供参考依据。3.分析集群负载均衡调度算法,在常用的加权轮询调度算法的基础上,基于负载影响因子和阻滞增长特性,提出一种改进的加权轮询调度算法。该算法在分配网络负载时不仅只考虑服务节点性能,还将负载进行多系数综合,标识负载影响服务节点的预期,为提升负载均衡性能提供实现依据。4.分析包过滤规则,利用树型层次规则表替代原来的线性链表,优化规则在表中的顺序,减少规则匹配次数,从而提升过滤性能。通过正则映射模型,减少规则之间的冲突,提高系统安全。5.研究LVS集群框架,设计校园网集群防火墙结构,利用Netfilter/IPTables的HOOK,挂接改进加权轮询调度算法,通过多次回归测试,调整负载影响因子的计算,实现校园网的小投资、高安全、高性能的集群防火墙。
[Abstract]:With the rapid development of network applications, users have put forward higher and higher requirements for information security, network quality of service, etc. The research requirements of high reliability firewall technology are more and more urgent. Due to the characteristics of mature technology, simple implementation and less hardware investment, cluster firewall has been widely used in the security field of small and medium-sized enterprises. The performance of load balancing technology and filtering rules of cluster firewall has a direct impact on the final performance of cluster firewall system. Taking the high reliability cluster technology and its application in firewall as the main research object, based on the in-depth analysis of the current cluster theory and technology principle, The load balancing technology and load balancing algorithm of cluster are discussed and studied in detail. The main contents are: 1.The concept of load influence factor is introduced by analyzing the internal and external factors affecting the performance of service nodes. The computing power, storage capacity and input / output capability of service node are different. By extracting the characteristic information of network load, the influence factor of network load on service node is calculated. 2. The growth retardation characteristic of Logistic model is analyzed. The performance of service node does not decrease with the increase of load, when the load exceeds the inflection point of Logistic model, the performance of service node does not decrease with the increase of load when the service node has limited resources and infinite growth service request. The increasing load will cause the node performance to decline exponentially. 3. Analyze the load balancing scheduling algorithm of cluster, based on the commonly used weighted polling scheduling algorithm, based on the load impact factor and the characteristics of blocking growth. An improved weighted polling scheduling algorithm is proposed, which not only considers the performance of service nodes, but also synthesizes the load to identify the expectation that load affects service nodes. In order to improve the performance of load balancing. 4. Analyze the packet filtering rules, replace the original linear linked list with the tree hierarchy rule table, optimize the order of the rules in the table, and reduce the number of rules matching. In order to improve filtering performance. Through regular mapping model to reduce the conflict between rules, improve system security. 5. Research LVS cluster framework, design campus network cluster firewall structure, use Netfilter/IPTables hookk, link to improve weighted polling scheduling algorithm, Through multiple regression tests, the calculation of load influence factors is adjusted to realize the small investment, high security and high performance cluster firewall of campus network.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】