https://scholars.lib.ntu.edu.tw/handle/123456789/105193
Title: | 在Linux作業系統上研究與實作以政策為基礎的網路資源與安全管理(I) | Other Titles: | Design and Implementation of the Policy-based Network Resource and Traffic Manager | Authors: | 孫雅麗 | Keywords: | Linux;服務品質保證;網路流量管理;封包 分類;封包排程;佇列管理;網路資源管理;網路安 全;IPv6;Mobile IP;無線區域網路;嵌入式系統 | Issue Date: | 2003 | Publisher: | 臺北市:國立臺灣大學資訊管理學系暨研究所 | Abstract: | 在Internet 風行的今日,上網已經變成日常生活 中不可或缺的活動。然而,網路資源與流量並沒有妥 善管理,許多重要的Traffic 被一些不重要的Traffic 搶走頻寬,往往造成較重要之應用程式的服務品質低 落;另一方面,也由於Internet 的廣泛連結,使得一些有心人士可以利用這便利的網路來從事非法的勾當,散佈病毒,癱瘓伺服器,使得網路使用者承受極 大的損失。因此,如何妥善的管理網路資源的運作以 提高服務品質(QoS ),與防範網路攻擊是目前網路研究的重要課題。在這個計劃中,我們提出一套在Linux 上的架構 (architecture),能很快檢驗每一個流經之資料封包(data packet),依照已定之政策(policy )做出適切的動作。用,例如防火牆(firewall ), 網路安全閘道(network security gateway), QoS router, VPN 閘道,網路流量監 視器等,甚至同時提供一個以上之應用。如加上適當 的硬體,就可以成為一個獨立的機器。這個架構裡面 含有policy-based 封包分類器(packet classifier),佇列管理(queue management)與流量管理(Traffic Policing ,例如RED),以及封包排程器(Packet scheduler),包括我們最近所提出可以提供最大流速控 制的WF2Q-M 。另外我們將研發一套網路監視系統來 紀錄所有流過之封包,並提供給以上之應用機器做即 時反應,並向網路管理者發出警告。最後我們也將探 討把整個系統移植到嵌入式系統上的問題,以適應更多的應用環境,以及降低整體系統的成本。 Current Internet does not provide any kind of QoS guarantee for the network applications. Therefore, the network resources could be wasted by some unimportant applications. On the other hand, the extensive connectivity of the Internet also provides the malicious crackers the great environment to distribute the computer viruses and overload the servers by DDoS attack. In consequence, how to appropriately manage the network resources to enhance the QoS and to prevent network attack are the top issues of network researches. In this project, we propose a novel QoS router architecture based on Linux. In this router, packets are classified and treated according to the user-defined policies. This architecture comprises many components: policy-based packet classifier, queue manager such as RED, traffic policer, and the Weighted Fair Queue packet scheduler with maximum rate control (W2FQ-M). Under such architecture, many applications could be implemented, such as: firewall, network security gateway, QoS router, VPN gateway and network monitor. With appropriate hardware support, all functions could be implemented in the same machine. Besides, we will also develop a network monitoring system to watch all the packets passing the networks and provide information to the QoS router to act promptly to some unusual network conditions. Finally, we will discuss some issues about porting the system to embedded devices to lower the cost of total system. |
URI: | http://ntur.lib.ntu.edu.tw//handle/246246/18837 | Other Identifiers: | 912213E002103 | Rights: | 國立臺灣大學資訊管理學系暨研究所 |
Appears in Collections: | 資訊管理學系 |
File | Description | Size | Format | |
---|---|---|---|---|
912213E002103.pdf | 110.52 kB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.