本文選題：MIPS多核處理器 + 深度數(shù)據(jù)包檢測�。� 參考：《北京郵電大學(xué)》2014年碩士論文

【摘要】：在當(dāng)前高速發(fā)展的網(wǎng)絡(luò)時代中,各類網(wǎng)絡(luò)應(yīng)用不斷涌現(xiàn),大量信息通過網(wǎng)絡(luò)流通,這都為網(wǎng)絡(luò)管理提出了更高的需求,其中,對于網(wǎng)絡(luò)業(yè)務(wù)的識別和內(nèi)容的檢測是網(wǎng)絡(luò)管理中最為重要的基礎(chǔ)部分。同時,在高速、大流量、復(fù)雜的網(wǎng)絡(luò)環(huán)境中,傳統(tǒng)的網(wǎng)絡(luò)流量管理方法或難以滿足性能要求,或難以滿足靈活性、可配置性的需求。本文為了處理以上問題,采用基于多核MIPS架構(gòu)的網(wǎng)絡(luò)處理器完成網(wǎng)絡(luò)業(yè)務(wù)識別和內(nèi)容檢測工作。 本文首先介紹對網(wǎng)絡(luò)中承載業(yè)務(wù)進(jìn)行識別以及對網(wǎng)絡(luò)內(nèi)容進(jìn)行檢測的基礎(chǔ)——深度數(shù)據(jù)包檢測技術(shù),以及傳統(tǒng)的網(wǎng)絡(luò)數(shù)據(jù)包檢測技術(shù)方案,并指出各類傳統(tǒng)方案的不足之處,從而提出使用專用網(wǎng)絡(luò)處理器來進(jìn)行數(shù)據(jù)包的深度檢測處理。本文對論文工作中使用的Octeon網(wǎng)絡(luò)處理器進(jìn)行了介紹,包括處理器架構(gòu)、數(shù)據(jù)包處理流程、處理器硬件輔助單元、網(wǎng)絡(luò)處理器程序開發(fā)框架等。 在此基礎(chǔ)上,本文分析總結(jié)了常見的幾種網(wǎng)絡(luò)應(yīng)用業(yè)務(wù)的特征,并設(shè)計了網(wǎng)絡(luò)處理器程序基本框架,包括運(yùn)行流程,硬件單元使用規(guī)范等,之后,本文基于此設(shè)計并實(shí)現(xiàn)了運(yùn)行于該處理器上的網(wǎng)絡(luò)業(yè)務(wù)識別功能和內(nèi)容檢測功能。其中,對于業(yè)務(wù)識別功能本文提出一種加權(quán)計算以及基于流的識別方法,用于識別帶有復(fù)雜特征的網(wǎng)絡(luò)業(yè)務(wù)以及解決網(wǎng)絡(luò)負(fù)載數(shù)據(jù)在傳輸層分塊的問題。在內(nèi)容檢測功能中,本文提出了一種基于源應(yīng)用的過濾和基于端到端監(jiān)控的數(shù)據(jù)包檢測監(jiān)控策略,并給出詳細(xì)的實(shí)現(xiàn)過程。 最后,本文對運(yùn)行有上述網(wǎng)絡(luò)業(yè)務(wù)識別功能和內(nèi)容檢測功能的網(wǎng)絡(luò)處理器進(jìn)行了功能和性能測試,并將處理器接入實(shí)際網(wǎng)絡(luò),測試其運(yùn)行狀態(tài)。測試表明,網(wǎng)絡(luò)處理器上的業(yè)務(wù)識別與內(nèi)容檢測功能運(yùn)行良好,能夠滿足高速、大流量實(shí)際網(wǎng)絡(luò)的功能、性能需求。
[Abstract]:In the current rapid development of the network era, all kinds of network applications continue to emerge, a large number of information flows through the network, which has put forward a higher demand for network management, among which,The identification and detection of network services is the most important part of network management.At the same time, in the high-speed, high-traffic, complex network environment, the traditional network traffic management methods are difficult to meet the performance requirements, or to meet the needs of flexibility and configurable.In order to deal with the above problems, the network processor based on multi-core MIPS architecture is used to complete network service identification and content detection.In this paper, we first introduce the basic-depth data packet detection technology, which is used to identify the carrier service in the network and detect the network content, as well as the traditional network packet detection technology, and point out the shortcomings of all kinds of traditional methods.Therefore, a special network processor is proposed to deal with the data packet depth detection.This paper introduces the Octeon network processor used in this paper, including processor architecture, packet processing flow, processor hardware auxiliary unit, network processor program development framework and so on.On this basis, this paper analyzes and summarizes the characteristics of several common network application services, and designs the basic framework of the network processor program, including the running process, hardware unit usage specification and so on.Based on this, this paper designs and implements the network service identification function and the content detection function running on the processor.In this paper, we propose a weighted computing and flow-based recognition method for the service identification function, which is used to identify the network services with complex characteristics and to solve the problem of network load data partitioning in the transport layer.In the content detection function, this paper proposes a packet detection and monitoring strategy based on source application filtering and end-to-end monitoring, and gives a detailed implementation process.Finally, this paper tests the function and performance of the network processor running the above network service identification function and content detection function, and connects the processor to the actual network to test its running state.The test results show that the function of service identification and content detection on the network processor runs well and can meet the functional and performance requirements of high speed and large traffic networks.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.07

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 劉洋;李毅超;;深度內(nèi)容檢測防火墻系統(tǒng)設(shè)計[J];中國測試技術(shù);2007年03期

2 鐘婷;劉勇;李志軍;秦志光;;基于網(wǎng)絡(luò)處理器的IPv4/IPv6綜合防火墻體系結(jié)構(gòu)研究[J];通信學(xué)報;2006年02期

3 黃力;NP多線程防火墻的設(shè)計與實(shí)現(xiàn)[J];微計算機(jī)信息;2005年11期

，

本文編號：1757144