本文選題：負載影響因子　切入點：阻滯增長　出處：《電子科技大學》2014年碩士論文　論文類型：學位論文

【摘要】：隨著網(wǎng)絡應用的飛速發(fā)展,用戶對信息安全、網(wǎng)絡服務質(zhì)量等都提出了越來越高的要求。對強安全、高數(shù)據(jù)吞吐率、高可靠性的防火墻技術(shù)的研究要求也越來越迫切。集群防火墻由于具有技術(shù)成熟、實現(xiàn)簡單以及硬件投資少等特性,已廣泛應用于中小企業(yè)安全領域,集群防火墻的負載均衡技術(shù)與過濾規(guī)則性能的優(yōu)劣直接影響了集群防火墻系統(tǒng)的最終性能。本論文正是針對上述問題,以高可靠性的集群技術(shù)及其在防火墻的應用為主要的研究對象,在深入分析目前集群理論和技術(shù)原理的基礎上,對集群負載均衡技術(shù)和負載均衡算法進行了詳盡的討論和研究。主要內(nèi)容有:1.通過研究分析影響服務節(jié)點性能內(nèi)外因素,引入負載影響因子概念。不同的負載因其特性不同,對服務節(jié)點的計算能力、存儲能力及輸入輸出能力要求不同。通過對網(wǎng)絡負載特征信息的提取,計算該負載對服務節(jié)點的影響因子。2.分析Logistic模型的阻滯增長特性,實現(xiàn)服務節(jié)點有限資源與無限增長服務申請的平衡。服務節(jié)點在輕負載率時,節(jié)點性能不會隨著負載的增長而下降,當負載量超過Logistic模型增長拐點時,增長的負載會使節(jié)點性能呈指數(shù)下降。為負載均衡策略提供參考依據(jù)。3.分析集群負載均衡調(diào)度算法,在常用的加權(quán)輪詢調(diào)度算法的基礎上,基于負載影響因子和阻滯增長特性,提出一種改進的加權(quán)輪詢調(diào)度算法。該算法在分配網(wǎng)絡負載時不僅只考慮服務節(jié)點性能,還將負載進行多系數(shù)綜合,標識負載影響服務節(jié)點的預期,為提升負載均衡性能提供實現(xiàn)依據(jù)。4.分析包過濾規(guī)則,利用樹型層次規(guī)則表替代原來的線性鏈表,優(yōu)化規(guī)則在表中的順序,減少規(guī)則匹配次數(shù),從而提升過濾性能。通過正則映射模型,減少規(guī)則之間的沖突,提高系統(tǒng)安全。5.研究LVS集群框架,設計校園網(wǎng)集群防火墻結(jié)構(gòu),利用Netfilter/IPTables的HOOK,掛接改進加權(quán)輪詢調(diào)度算法,通過多次回歸測試,調(diào)整負載影響因子的計算,實現(xiàn)校園網(wǎng)的小投資、高安全、高性能的集群防火墻。
[Abstract]:With the rapid development of network applications, users have put forward higher and higher requirements for information security, network quality of service, etc. The research requirements of high reliability firewall technology are more and more urgent. Due to the characteristics of mature technology, simple implementation and less hardware investment, cluster firewall has been widely used in the security field of small and medium-sized enterprises. The performance of load balancing technology and filtering rules of cluster firewall has a direct impact on the final performance of cluster firewall system. Taking the high reliability cluster technology and its application in firewall as the main research object, based on the in-depth analysis of the current cluster theory and technology principle, The load balancing technology and load balancing algorithm of cluster are discussed and studied in detail. The main contents are: 1.The concept of load influence factor is introduced by analyzing the internal and external factors affecting the performance of service nodes. The computing power, storage capacity and input / output capability of service node are different. By extracting the characteristic information of network load, the influence factor of network load on service node is calculated. 2. The growth retardation characteristic of Logistic model is analyzed. The performance of service node does not decrease with the increase of load, when the load exceeds the inflection point of Logistic model, the performance of service node does not decrease with the increase of load when the service node has limited resources and infinite growth service request. The increasing load will cause the node performance to decline exponentially. 3. Analyze the load balancing scheduling algorithm of cluster, based on the commonly used weighted polling scheduling algorithm, based on the load impact factor and the characteristics of blocking growth. An improved weighted polling scheduling algorithm is proposed, which not only considers the performance of service nodes, but also synthesizes the load to identify the expectation that load affects service nodes. In order to improve the performance of load balancing. 4. Analyze the packet filtering rules, replace the original linear linked list with the tree hierarchy rule table, optimize the order of the rules in the table, and reduce the number of rules matching. In order to improve filtering performance. Through regular mapping model to reduce the conflict between rules, improve system security. 5. Research LVS cluster framework, design campus network cluster firewall structure, use Netfilter/IPTables hookk, link to improve weighted polling scheduling algorithm, Through multiple regression tests, the calculation of load influence factors is adjusted to realize the small investment, high security and high performance cluster firewall of campus network.
【學位授予單位】：電子科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前1條

1 陳興蜀,沈昌祥;虛擬應用網(wǎng)絡的安全技術(shù)研究[J];計算機集成制造系統(tǒng);2004年11期

相關(guān)博士學位論文 前1條

1 雷杰;網(wǎng)絡安全威脅與態(tài)勢評估方法研究[D];華中科技大學;2008年

，

本文編號：1646525