安全高效的数据中心网络关键技术研究

发布时间：2018-04-01 00:33

  本文选题：云计算　切入点：网络虚拟化　出处：《国防科学技术大学》2014年硕士论文

【摘要】：作为未来计算的一个重要发展方向,云计算依赖于数据中心来为大型网络服务提供海量计算与数据存储的能力。数据中心利用先进的分布式计算技术,将成千上万的服务器互联到一起,作为一个整体对外提供强大的云服务。因此,数据中心网络在很大程度上决定了云服务的一系列技术指标,其中包括十分重要的两个维度:安全性和可交互性。针对这两方面性能,本文从资源分配和传输层协议等角度对数据中心网络进行优化。首先,针对数据中心网络中虚拟机的安全问题,我们从虚拟网络映射的角度给出了一个解决方案。通过在理论上分析数据中心内部虚拟机和虚拟网络所面临的安全威胁,我们将其安全需求归纳并形式化为虚拟网络映射问题的三个安全约束,并抽象定义得到面向安全的虚拟网络映射问题。针对该问题,我们提出了一个基于节点排序的启发式算法,并通过模拟实验验证了它的有效性和高性能。其次,在商用数据中心网络中,一些延迟敏感的数据流的传输时间极大地影响了云服务的响应速度和用户体验。为了尽可能地减少这些数据流的完成时间,学界已经提出了许多解决方案。其中,RepFlow的基本思想为利用常见数据中心网络的多路特性和路由协议ECMP的选路机制,将延迟敏感的数据流复制,经由不同路径发送,并在接收端选择传输较快的一个流,从而大大地降低因网络内部拥塞而造成高延迟的可能性。我们通过对数据流传输的排队模型进行建模,从理论上分析了RepFlow的有效性。之后,针对该模型的缺陷,我们给出了RepFlow的改进方案RepSYN,避免了可能出现性能下降的极端情况。最后,由于RepFlow和RepSYN机制不要求修改传输层协议,能够在应用层很容易地实现。我们选择在云服务编程中广泛采用的Apache Thrift和Node.js编程平台,使其成为能够被开发者直接使用的传输层API抽象。我们通过实验进一步测试了这两个机制的有效性,并根据实验结果总结了RepFlow和RepSYN机制选择性使用的条件。
[Abstract]:As an important direction of computing in the future, cloud computing relies on data centers to provide massive computing and data storage for large network services.The data center uses advanced distributed computing technology to connect thousands of servers together to provide powerful cloud services as a whole.Therefore, the data center network largely determines a series of technical indicators of cloud services, including two very important dimensions: security and interactivity.Aiming at these two aspects, this paper optimizes the data center network from the aspects of resource allocation and transport layer protocol.Firstly, we propose a solution to the security of virtual machines in data center network from the point of view of virtual network mapping.By theoretically analyzing the security threats faced by virtual machines and virtual networks in data centers, we generalize their security requirements and formalize them into three security constraints for virtual network mapping problems.The security oriented virtual network mapping problem is obtained by abstracting the definition.To solve this problem, we propose a heuristic algorithm based on node sorting, and verify its effectiveness and high performance by simulation experiments.Secondly, in commercial data center networks, the transmission time of some delay sensitive data streams greatly affects the response speed and user experience of cloud services.In order to minimize the completion time of these data streams, many solutions have been proposed.The basic idea of RepFlow is to make use of the multipath characteristics of the common data center network and routing protocol ECMP routing mechanism to copy the delayed sensitive data stream, send it through different paths, and select a faster stream at the receiving end.Therefore, the possibility of high delay caused by network congestion is greatly reduced.By modeling the queuing model of data stream transmission, we analyze the validity of RepFlow theoretically.Then, in view of the defects of the model, we present an improved scheme of RepFlow, RepSYN, to avoid the extreme situation of possible performance degradation.Finally, because the RepFlow and RepSYN mechanisms do not require modification of transport layer protocols, they can be easily implemented in the application layer.We choose Apache Thrift and Node.js programming platform, which are widely used in cloud service programming, and make them become transport layer API abstraction which can be used directly by developers.We further test the effectiveness of the two mechanisms through experiments and summarize the conditions for the selective use of the RepFlow and RepSYN mechanisms according to the experimental results.
【学位授予单位】：国防科学技术大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08
，

本文编号：1693199