FCoE初始化协议探测系统的设计与实现
发布时间:2018-09-19 08:19
【摘要】:以太网光纤通道(FCoE)技术可以实现数据中心前端网络和后端网络架构的融合,降低数据中心的采购和扩容成本。虽然FCoE技术在以太网上承载光纤通道协议带来了很大的灵活性,但当以太网中存在网桥设备时则会造成光纤通道网络原有控制机制失效,导致异常报文不可控,进而威胁整个网络的安全。目前,国内尚缺乏这方面的学术研究,T11组织制定的FC-BB-5标准中对FCoE网桥特性建议的安全规则存在冗余,市场上的类似产品也存在部署形式不够灵活、网络震荡时性能下降比较严重等问题。 针对上述问题,本文设计并实现了FCoE交换机的FCoE初始化协议探测(FIPSnooping)系统。本文设计了FCoE交换机的Transit模式,实现了该模式下专用的FIP Snooping系统;设计了不同接口模式下的FIP Snooping会话机制,实现了对多种部署形式的支持,解决了非点到点连接的访问控制失效问题;设计了改进的FIP Snooping规则,实现了将规则下发至驱动程序的规则下刷功能,解决了报文的过滤问题并确保报文转发的高效性;设计了分布式Transit交换机的数据同步机制,实现了主控板与其它板卡之间的协同控制和数据同步功能,提供了对Transit模式下分布式设备的板插拔和主备倒换等操作的支持,确保了分布式设备的高可靠性。 测试结果表明,该系统能够过滤异常报文、部署形式更为灵活,减小了网络震荡对性能的不良影响,解决了存在FCoE网桥设备时的访问控制失效问题,确保了光纤通道网络的高安全性和高健壮性,对集中式和分布式FCoE交换机支持良好。 由于网络中异常报文的类型不可预测,加上偶然因素对网络带来的影响,,系统无法保证过滤所有异常报文。进一步提高异常报文的识别率和支持设备的堆叠形态将是接下来的研究方向。
[Abstract]:Ethernet fiber channel (FCoE) technology can realize the integration of data center front-end network and back-end network architecture, and reduce the cost of purchasing and expanding data center. Although the FCoE technology brings great flexibility to the optical fiber channel protocol on Ethernet, when there is bridge equipment in Ethernet, the original control mechanism of fiber channel network will fail, and the abnormal message will not be controllable. And then threaten the security of the whole network. At present, there is still a lack of academic research on this aspect in our country. In the FC-BB-5 standard developed by T11 organization, there is redundancy in the safety rules recommended by the FCoE bridge characteristics, and the similar products in the market are not flexible enough in deployment form. Network oscillation performance degradation more serious problems. Aiming at the above problems, this paper designs and implements the FCoE initialization protocol detection (FIPSnooping) system of FCoE switch. In this paper, the Transit mode of FCoE switch is designed, the special FIP Snooping system is implemented in this mode, the FIP Snooping session mechanism in different interface mode is designed, and the support for many kinds of deployment forms is realized. The problem of access control failure of non-point-to-point connection is solved, the improved FIP Snooping rule is designed, and the rule brushing function of sending the rule to driver is realized, which solves the problem of message filtering and ensures the high efficiency of message forwarding. This paper designs the data synchronization mechanism of distributed Transit switch, realizes the cooperative control and data synchronization function between the main control board and other boards, and provides the support to the board plug and switch operation of the distributed equipment in the Transit mode. The high reliability of distributed equipment is ensured. The test results show that the system can filter abnormal messages, deploy more flexibly, reduce the adverse effect of network oscillation on performance, and solve the problem of access control failure in the presence of FCoE bridge equipment. It ensures the high security and robustness of the fiber channel network and supports the centralized and distributed FCoE switches well. Because the types of abnormal packets in the network are unpredictable, and the influence of accidental factors on the network, the system can not guarantee the filtering of all abnormal packets. Further improving the recognition rate of abnormal packets and stacking configuration of supporting devices will be the next research direction.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.11;TP393.08
本文编号:2249566
[Abstract]:Ethernet fiber channel (FCoE) technology can realize the integration of data center front-end network and back-end network architecture, and reduce the cost of purchasing and expanding data center. Although the FCoE technology brings great flexibility to the optical fiber channel protocol on Ethernet, when there is bridge equipment in Ethernet, the original control mechanism of fiber channel network will fail, and the abnormal message will not be controllable. And then threaten the security of the whole network. At present, there is still a lack of academic research on this aspect in our country. In the FC-BB-5 standard developed by T11 organization, there is redundancy in the safety rules recommended by the FCoE bridge characteristics, and the similar products in the market are not flexible enough in deployment form. Network oscillation performance degradation more serious problems. Aiming at the above problems, this paper designs and implements the FCoE initialization protocol detection (FIPSnooping) system of FCoE switch. In this paper, the Transit mode of FCoE switch is designed, the special FIP Snooping system is implemented in this mode, the FIP Snooping session mechanism in different interface mode is designed, and the support for many kinds of deployment forms is realized. The problem of access control failure of non-point-to-point connection is solved, the improved FIP Snooping rule is designed, and the rule brushing function of sending the rule to driver is realized, which solves the problem of message filtering and ensures the high efficiency of message forwarding. This paper designs the data synchronization mechanism of distributed Transit switch, realizes the cooperative control and data synchronization function between the main control board and other boards, and provides the support to the board plug and switch operation of the distributed equipment in the Transit mode. The high reliability of distributed equipment is ensured. The test results show that the system can filter abnormal messages, deploy more flexibly, reduce the adverse effect of network oscillation on performance, and solve the problem of access control failure in the presence of FCoE bridge equipment. It ensures the high security and robustness of the fiber channel network and supports the centralized and distributed FCoE switches well. Because the types of abnormal packets in the network are unpredictable, and the influence of accidental factors on the network, the system can not guarantee the filtering of all abnormal packets. Further improving the recognition rate of abnormal packets and stacking configuration of supporting devices will be the next research direction.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.11;TP393.08
【参考文献】
相关期刊论文 前7条
1 ;FCoE Application on Network Service of Geographic Information[J];Semiconductor Photonics and Technology;2008年01期
2 臧景峰,王凌云,杨波;基于光纤通道的SAN网络技术研究[J];长春理工大学学报;2004年04期
3 朱洪斌;程杰;;数据中心存储网络架构研究[J];电力信息化;2010年12期
4 何锋;王婧;;光纤通道网络与存储技术[J];广西通信技术;2009年03期
5 程逸云;;部署FCoE实现数据中心网络融合[J];信息通信;2012年01期
6 郭英鹏;翟丽娜;;数据中心网络发展简析[J];邮电设计技术;2011年08期
7 袁绍龙;;FCoE离主流有多远[J];中国计算机用户;2009年13期
相关博士学位论文 前1条
1 童薇;高效光纤存储通道技术研究[D];华中科技大学;2011年
本文编号:2249566
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2249566.html
