本文選題：MIPS多核處理器 + 深度數(shù)據(jù)包檢測(cè)��； 參考：《北京郵電大學(xué)》2014年碩士論文

【摘要】：在當(dāng)前高速發(fā)展的網(wǎng)絡(luò)時(shí)代中,各類(lèi)網(wǎng)絡(luò)應(yīng)用不斷涌現(xiàn),大量信息通過(guò)網(wǎng)絡(luò)流通,這都為網(wǎng)絡(luò)管理提出了更高的需求,其中,對(duì)于網(wǎng)絡(luò)業(yè)務(wù)的識(shí)別和內(nèi)容的檢測(cè)是網(wǎng)絡(luò)管理中最為重要的基礎(chǔ)部分。同時(shí),在高速、大流量、復(fù)雜的網(wǎng)絡(luò)環(huán)境中,傳統(tǒng)的網(wǎng)絡(luò)流量管理方法或難以滿(mǎn)足性能要求,或難以滿(mǎn)足靈活性、可配置性的需求。本文為了處理以上問(wèn)題,采用基于多核MIPS架構(gòu)的網(wǎng)絡(luò)處理器完成網(wǎng)絡(luò)業(yè)務(wù)識(shí)別和內(nèi)容檢測(cè)工作。 本文首先介紹對(duì)網(wǎng)絡(luò)中承載業(yè)務(wù)進(jìn)行識(shí)別以及對(duì)網(wǎng)絡(luò)內(nèi)容進(jìn)行檢測(cè)的基礎(chǔ)——深度數(shù)據(jù)包檢測(cè)技術(shù),以及傳統(tǒng)的網(wǎng)絡(luò)數(shù)據(jù)包檢測(cè)技術(shù)方案,并指出各類(lèi)傳統(tǒng)方案的不足之處,從而提出使用專(zhuān)用網(wǎng)絡(luò)處理器來(lái)進(jìn)行數(shù)據(jù)包的深度檢測(cè)處理。本文對(duì)論文工作中使用的Octeon網(wǎng)絡(luò)處理器進(jìn)行了介紹,包括處理器架構(gòu)、數(shù)據(jù)包處理流程、處理器硬件輔助單元、網(wǎng)絡(luò)處理器程序開(kāi)發(fā)框架等。 在此基礎(chǔ)上,本文分析總結(jié)了常見(jiàn)的幾種網(wǎng)絡(luò)應(yīng)用業(yè)務(wù)的特征,并設(shè)計(jì)了網(wǎng)絡(luò)處理器程序基本框架,包括運(yùn)行流程,硬件單元使用規(guī)范等,之后,本文基于此設(shè)計(jì)并實(shí)現(xiàn)了運(yùn)行于該處理器上的網(wǎng)絡(luò)業(yè)務(wù)識(shí)別功能和內(nèi)容檢測(cè)功能。其中,對(duì)于業(yè)務(wù)識(shí)別功能本文提出一種加權(quán)計(jì)算以及基于流的識(shí)別方法,用于識(shí)別帶有復(fù)雜特征的網(wǎng)絡(luò)業(yè)務(wù)以及解決網(wǎng)絡(luò)負(fù)載數(shù)據(jù)在傳輸層分塊的問(wèn)題。在內(nèi)容檢測(cè)功能中,本文提出了一種基于源應(yīng)用的過(guò)濾和基于端到端監(jiān)控的數(shù)據(jù)包檢測(cè)監(jiān)控策略,并給出詳細(xì)的實(shí)現(xiàn)過(guò)程。 最后,本文對(duì)運(yùn)行有上述網(wǎng)絡(luò)業(yè)務(wù)識(shí)別功能和內(nèi)容檢測(cè)功能的網(wǎng)絡(luò)處理器進(jìn)行了功能和性能測(cè)試,并將處理器接入實(shí)際網(wǎng)絡(luò),測(cè)試其運(yùn)行狀態(tài)。測(cè)試表明,網(wǎng)絡(luò)處理器上的業(yè)務(wù)識(shí)別與內(nèi)容檢測(cè)功能運(yùn)行良好,能夠滿(mǎn)足高速、大流量實(shí)際網(wǎng)絡(luò)的功能、性能需求。
[Abstract]:In the current rapid development of the network era, all kinds of network applications continue to emerge, a large number of information flows through the network, which has put forward a higher demand for network management, among which,The identification and detection of network services is the most important part of network management.At the same time, in the high-speed, high-traffic, complex network environment, the traditional network traffic management methods are difficult to meet the performance requirements, or to meet the needs of flexibility and configurable.In order to deal with the above problems, the network processor based on multi-core MIPS architecture is used to complete network service identification and content detection.In this paper, we first introduce the basic-depth data packet detection technology, which is used to identify the carrier service in the network and detect the network content, as well as the traditional network packet detection technology, and point out the shortcomings of all kinds of traditional methods.Therefore, a special network processor is proposed to deal with the data packet depth detection.This paper introduces the Octeon network processor used in this paper, including processor architecture, packet processing flow, processor hardware auxiliary unit, network processor program development framework and so on.On this basis, this paper analyzes and summarizes the characteristics of several common network application services, and designs the basic framework of the network processor program, including the running process, hardware unit usage specification and so on.Based on this, this paper designs and implements the network service identification function and the content detection function running on the processor.In this paper, we propose a weighted computing and flow-based recognition method for the service identification function, which is used to identify the network services with complex characteristics and to solve the problem of network load data partitioning in the transport layer.In the content detection function, this paper proposes a packet detection and monitoring strategy based on source application filtering and end-to-end monitoring, and gives a detailed implementation process.Finally, this paper tests the function and performance of the network processor running the above network service identification function and content detection function, and connects the processor to the actual network to test its running state.The test results show that the function of service identification and content detection on the network processor runs well and can meet the functional and performance requirements of high speed and large traffic networks.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.07

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 劉洋;李毅超;;深度內(nèi)容檢測(cè)防火墻系統(tǒng)設(shè)計(jì)[J];中國(guó)測(cè)試技術(shù);2007年03期

2 鐘婷;劉勇;李志軍;秦志光;;基于網(wǎng)絡(luò)處理器的IPv4/IPv6綜合防火墻體系結(jié)構(gòu)研究[J];通信學(xué)報(bào);2006年02期

3 黃力;NP多線(xiàn)程防火墻的設(shè)計(jì)與實(shí)現(xiàn)[J];微計(jì)算機(jī)信息;2005年11期

，

本文編號(hào)：1757144