IPv6网络数据流并行分析负载均衡技术研究

发布时间：2018-05-06 20:47

本文选题：IPv6网络数据流 + 负载均衡　；参考：《哈尔滨工程大学》2014年硕士论文

【摘要】：随着互联网应用技术的不断进步,以及规模的不断扩大,如何保障网络信息的安全性已成为新一代互联网急需解决的重要问题。基于并行分析的防火墙、入侵防护系统和流量检测系统等网络安全系统已成为解决网络安全问题的有效手段。在这些安全系统中如何保证网络数据流的负载均衡是这些系统中最先要解决的问题,而这就需要对系统接收到达的数据包报文进行快速、实时的流分类。目前,针对IPv4网络数据流国内外已经提出较完善的解决方案,针对新一代IPv6网络数据流的负载均衡并没有决定性的解决方案。本文在研究已有相关技术的基础上从以下几个方面解决IPv6网络数据流并行分析负载均衡问题:首先,考虑到数据流的静态负载均衡,本文提出了一种面向IPv6数据流并行分析的哈希算法。该算法在分析以往传统哈希算法的前提下主要捕捉在真实的IPv6地址中每一个比特位的变化频率,并根据该特征提出基于位熵的哈希算法。通过在不同的哈希空间下对该算法进行客观评价,以及与若干传统哈希算法的对比实验证明该算法的优越性与合理性。其次,考虑到数据流的动态负载均衡,本文提出了并行分析中负载均衡的评价标准,以及一种面向数据流的自适应动态负载均衡模型。这里讨论的负载均衡应用对象为由多核处理器搭建的网络数据流检测系统。在系统中可以把每个处理器看做网络数据流检测引擎,且每组检测引擎的责任完全相同。在充分考虑到已有的动态负载均衡模型的前提下,本文提出的模型首先对数据包调用静态哈希算法,从而避免同一个数据流被分到不同的检测引擎;然后维护若干状态表,保证模型对系统内各个节点的负载信息进行实时地监控。利用本文提出的自适应动态负载均衡模型可以及时将数据流分配到负载较轻的检测引擎中,从而达到网络数据流负载均衡的目的。为了验证本实验所采用的自适应负载均衡模型的优越性,在系统加载自适应负载均衡模块之前和之后分别统计每个检测引擎的负载因子随时间变化的趋势,并通过并行分析中负载均衡的评价标准,证明模型的优越性与合理性。
[Abstract]:With the continuous progress of Internet application technology and the continuous expansion of the scale, how to ensure the security of network information has become an important problem urgently needed to be solved by the new generation of Internet. Network security systems, such as firewall, intrusion protection system and traffic detection system based on parallel analysis, have become an effective means to solve network security problems. In these security systems, how to ensure the load balance of network data flow is the first problem to be solved in these systems, and it is necessary to classify the incoming packets quickly and in real time. At present, more perfect solutions have been put forward for the IPv4 network data flow at home and abroad, but there is no decisive solution for the new generation of IPv6 network data flow load balancing. Based on the research of existing technologies, this paper solves the load balancing problem of IPv6 network data stream in the following aspects: firstly, considering the static load balancing of data flow, This paper presents a hash algorithm for parallel analysis of IPv6 data streams. On the premise of analyzing the traditional hash algorithms, the algorithm mainly captures the change frequency of each bit in the real IPv6 address, and proposes a hash algorithm based on potential entropy according to this feature. The advantages and reasonableness of the algorithm are proved by the objective evaluation in different hash spaces and the comparison with some traditional hash algorithms. Secondly, considering the dynamic load balancing of data flow, this paper proposes an evaluation standard for load balancing in parallel analysis and an adaptive dynamic load balancing model for data flow. The load balancing application object discussed here is a network data flow detection system based on multi-core processor. In the system, each processor can be regarded as a network data flow detection engine, and each set of detection engines have the same responsibility. Taking fully into account the existing dynamic load balancing model, the model proposed in this paper first calls static hash algorithm to the data packet, so as to avoid the same data stream being divided into different detection engines, and then maintains a number of state tables. Ensure that the model can monitor the load information of each node in the system in real time. By using the adaptive dynamic load balancing model proposed in this paper, the data flow can be allocated to the lighter load detection engine in time, thus achieving the purpose of load balancing of network data flow. In order to verify the superiority of the adaptive load balancing model used in this experiment, before and after the system loading the adaptive load balancing module, the trends of the load factors of each detection engine with time were counted respectively. The superiority and rationality of the model are proved by the evaluation standard of load balance in parallel analysis.
【学位授予单位】：哈尔滨工程大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】