跳到主要內容

臺灣博碩士論文加值系統

(3.87.250.158) 您好!臺灣時間:2022/01/25 18:55
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:賴勇任
研究生(外文):Yung-Zen Lai
論文名稱:應用叢集式架構的高速網路IPsec閘道器
論文名稱(外文):Clustered Architecture for High-Speed IPsec Gateway
指導教授:謝續平謝續平引用關係
指導教授(外文):Shiuh-Pyng Shieh
學位類別:碩士
校院名稱:國立交通大學
系所名稱:資訊工程系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:中文
論文頁數:40
中文關鍵詞:叢集式技術安全閘道器
外文關鍵詞:IPsecclustering technologsecurity gateway
相關次數:
  • 被引用被引用:0
  • 點閱點閱:235
  • 評分評分:
  • 下載下載:39
  • 收藏至我的研究室書目清單書目收藏:0
由於希望在網際網路上能安全通訊的需求愈來愈多,在眾多提供子網路內所有機器都能安全通訊的方法之中,IPsec閘道器也逐漸地頗為大眾所使用。在此網路架構下,IPsec閘道器的處理速度將會是整體網路速度的關鍵所在。為了加快IPsec閘道器的效能及可靠性,叢集式設計的IPsec閘道器在近年被提出來。傳統的叢集式技術必須要有一台中央集權的分配器來處理所有進出的網路封包。當此分配器故障而無法提供服務時,將會造成整個閘道器都無法運作。同樣地,假若該分配器的運算能力不足以處理所有流經的封包時,該分配器反而成為此閘道器的瓶頸所在。在本篇論文裡,我們提出了另一種叢集式架構,隨著增加叢集內機器數量,它的效能也幾乎能呈線性成長。如同實驗數據所顯示的,我們所提出的架構不僅能解決叢集內各機器同步化的問題,也能有較佳的效能。

Due to the increasing demand of secure communications over the Internet, IPsec gateway becomes one of the popular methods to provide security services to all clients in a protected subnet. The processing speed of an IPsec gateway is critical to the overall network throughput. To accelerate processing speed and improve reliability, cluster technology was inherently applied to the design of a modern IPsec gateway. Traditional dispatcher/master-based cluster technique must have a centralized dispatcher to handle all incoming and outgoing messages. The failure of single point, that is the dispatcher, will cause the crash of the entire gateway. The dispatcher will also become the bottleneck if its computation power cannot handle all messages. With the proposed clustered architecture, the speed of IPsec gateway increases drastically and almost linearly. As the experiment results showed, the proposed clustered architecture provides better performance and can scale up easily.

Chapter 1. Introduction - 1 -
1.1. Background - 2 -
1.2. Contributions - 6 -
1.3. Synopsis - 6 -
Chapter 2. Related Work - 7 -
2.1. Microsoft Network Load Balancing (NLB) - 8 -
2.2. Nokia IP Clustering - 9 -
2.3. Dispatcher-Based IPsec Gateway by J.K. Ng - 10 -
2.4. Summary - 12 -
Chapter 3. Proposed Flat Clustered IPsec Gateway - 14 -
3.1. System Architecture - 15 -
3.2. Synchronization Between Cluster Nodes - 18 -
3.3. Overhead Estimate and Service Rate Prediction - 19 -
3.4. Modeling by Queuing theory - 20 -
Chapter 4. Dispatch Schemes - 22 -
4.1. Session-based versus Packet-based - 22 -
4.2. Round-Robin versus Shortest-Queue-First - 23 -
Chapter 5. Performance Measurement - 27 -
5.1. Fixed-Size Traffic - 27 -
5.2. Real Traffic - 31 -
5.3. Saturation Prediction - 33 -
Chapter 6. Conclusion - 34 -
Reference - 36 -

[1] S. Kent and R. Atkinson, “Security Architecture for the Internet Protocol,” RFC 2401, Nov. 1998.
[2] S. Kent and R. Atkinson, “IP Authentication Header,” RFC 2402, Nov. 1998.
[3] S. Kent and R. Atkinson, “IP Encapsulating Security Payload (ESP),” RFC 2406, Nov. 1998.
[4] Cisco Systems, Inc., “Cisco VPN 5000 Series Concentrators,” http://www.cisco.com/univercd/cc/td/doc/pcat/vp5000.htm
[5] NetScreen Technologies, Inc., “NetScreen-1000,” http://www.netscreen.com/products/systems.html#ns1000
[6] K. Hamzeh, G. Pall, W. Verthein, J. Taarud, W. Little, and G. Zorn, “Point-to-Point Tunneling Protocol (PPTP),” RFC 2637, July 1999.
[7] W. Townsley, A. Valencia, A. Rubens, G. Pall, G. Zorn, and B. Palter, ”Layer-Two Tunneling Protocol (L2TP),” RFC 2661, Aug. 1999.
[8] D. Harkins and D. Carrel, “The Internet Key Exchange (IKE),” RFC 2409, Nov. 1998
[9] Microsoft Corporation, “Network Load Balancing Technical Overview”, http://www.microsoft.com/windows2000/techinfo/howitworks/cluster/nlb.asp, Jan. 2000.
[10] Nokia Corporation, IP Clustering Technology white paper, http://www.nokia.com/vpn/pdf/ip_clustering.pdf, Feb. 2000.
[11] Joo-Kok Ng, “A Packet-based Load Balancing Approach for High-speed Clustered IPsec Gateway,” M.S. Thesis, NCTU, June 2001.
[12] Robert B. Cooper, Introduction to Queueing Theory, Macmillan, 1972.
[13] F. S. Hillier and G. J. Lieberman, Introduction to Operations Research, McGraw-Hill, 5th edition, 1990.
[14] H. A. Taha, Operations Research: An Introduction, Macmillan, 5th edition, 1992.
[15] W. L. Winston, Operations Research, Applications and Algorithms, Duxbury Press, 3rd edition, 1994.
[16] R. Pereira and R. Adams, “The ESP CBC-Mode Cipher Algorithms,” RFC 2451, Nov. 1998.
[17] Mitchell Loeb, Andrew Rindos, William Holland, and Steven Woolet, “Gigabit Ethernet PCI Adapter Performance," IEEE Network Magazine, vol. 15, No. 2, pp. 42-47, March/April 2001.
[18] Paul A. Farrell and Hong Ong, “Communication Performance over a Gigabit Ethernet Network,” Proceedings the IEEE 2000 International Performance, Computing, and Communications Conference, pp. 181-189, Feb. 2000.
[19] Aamir Shaikh and Kenneth J. Christensen, “Traffic Characteristics of Bulk Data Transfer using TCP/IP over Gigabit Ethernet,” Proceedings the IEEE 2001 International Performance, Computing, and Communications Conference, pp. 103-111, April 2001.
[20] John P. McGregor and Ruby B. Lee, “Performance Impact of Data Compression on Virtual Private Network Transactions,” Proceedings of the 25th IEEE Conference on Local Computer Networks, pp. 500-510, Nov. 2000.
[21] A. Shacham, R. Monsour, R. Pereira and M. Thomas, “IP Payload Compression Protocol (IPComp),” RFC 2393, Dec. 1998.
[22] L. Aversa and A. Bestavros, “Load Balancing a Cluster of Web Servers Using Distributed Packet Rewriting,” Proceedings the IEEE 2000 International Performance, Computing, and Communications Conference, pp. 24-29, Feb. 2000.
[23] Z. Cao, Z. Wang, E.Zegura, “Performance of Hashing-Based Schemes for Internet Load Balancing,” IEEE INFOCOM 2000, vol. 1, pp. 332-341, March 2000.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top