基于多核MIPS处理器的网络业务识别和内容检测技术研究与实现

发布时间：2018-04-16 03:34

本文选题：MIPS多核处理器 + 深度数据包检测　；参考：《北京邮电大学》2014年硕士论文

【摘要】：在当前高速发展的网络时代中,各类网络应用不断涌现,大量信息通过网络流通,这都为网络管理提出了更高的需求,其中,对于网络业务的识别和内容的检测是网络管理中最为重要的基础部分。同时,在高速、大流量、复杂的网络环境中,传统的网络流量管理方法或难以满足性能要求,或难以满足灵活性、可配置性的需求。本文为了处理以上问题,采用基于多核MIPS架构的网络处理器完成网络业务识别和内容检测工作。本文首先介绍对网络中承载业务进行识别以及对网络内容进行检测的基础——深度数据包检测技术,以及传统的网络数据包检测技术方案,并指出各类传统方案的不足之处,从而提出使用专用网络处理器来进行数据包的深度检测处理。本文对论文工作中使用的Octeon网络处理器进行了介绍,包括处理器架构、数据包处理流程、处理器硬件辅助单元、网络处理器程序开发框架等。在此基础上,本文分析总结了常见的几种网络应用业务的特征,并设计了网络处理器程序基本框架,包括运行流程,硬件单元使用规范等,之后,本文基于此设计并实现了运行于该处理器上的网络业务识别功能和内容检测功能。其中,对于业务识别功能本文提出一种加权计算以及基于流的识别方法,用于识别带有复杂特征的网络业务以及解决网络负载数据在传输层分块的问题。在内容检测功能中,本文提出了一种基于源应用的过滤和基于端到端监控的数据包检测监控策略,并给出详细的实现过程。最后,本文对运行有上述网络业务识别功能和内容检测功能的网络处理器进行了功能和性能测试,并将处理器接入实际网络,测试其运行状态。测试表明,网络处理器上的业务识别与内容检测功能运行良好,能够满足高速、大流量实际网络的功能、性能需求。
[Abstract]:In the current rapid development of the network era, all kinds of network applications continue to emerge, a large number of information flows through the network, which has put forward a higher demand for network management, among which,The identification and detection of network services is the most important part of network management.At the same time, in the high-speed, high-traffic, complex network environment, the traditional network traffic management methods are difficult to meet the performance requirements, or to meet the needs of flexibility and configurable.In order to deal with the above problems, the network processor based on multi-core MIPS architecture is used to complete network service identification and content detection.In this paper, we first introduce the basic-depth data packet detection technology, which is used to identify the carrier service in the network and detect the network content, as well as the traditional network packet detection technology, and point out the shortcomings of all kinds of traditional methods.Therefore, a special network processor is proposed to deal with the data packet depth detection.This paper introduces the Octeon network processor used in this paper, including processor architecture, packet processing flow, processor hardware auxiliary unit, network processor program development framework and so on.On this basis, this paper analyzes and summarizes the characteristics of several common network application services, and designs the basic framework of the network processor program, including the running process, hardware unit usage specification and so on.Based on this, this paper designs and implements the network service identification function and the content detection function running on the processor.In this paper, we propose a weighted computing and flow-based recognition method for the service identification function, which is used to identify the network services with complex characteristics and to solve the problem of network load data partitioning in the transport layer.In the content detection function, this paper proposes a packet detection and monitoring strategy based on source application filtering and end-to-end monitoring, and gives a detailed implementation process.Finally, this paper tests the function and performance of the network processor running the above network service identification function and content detection function, and connects the processor to the actual network to test its running state.The test results show that the function of service identification and content detection on the network processor runs well and can meet the functional and performance requirements of high speed and large traffic networks.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.07

【参考文献】