虛擬機防火墻系統(tǒng)的設(shè)計與實現(xiàn)
發(fā)布時間:2018-09-05 10:14
【摘要】:虛擬化技術(shù)是云計算的關(guān)鍵技術(shù)。虛擬化技術(shù)支持多個虛擬的計算機系統(tǒng)運行在同一臺物理主機之上,各個虛擬系統(tǒng)之間互不干擾,實現(xiàn)了對CPU、內(nèi)存、I/O設(shè)備等物理資源的共享。Xen是一款主流的虛擬機管理器。Xen作為位于操作系統(tǒng)和計算機硬件之間的軟件層,通過軟件方式實現(xiàn)對整個物理平臺的虛擬化。Xen為虛擬機提供虛擬硬件資源,使得在Xen之上運行的操作系統(tǒng)擁有一個獨立的執(zhí)行環(huán)境,實現(xiàn)虛擬機之間的隔離。隨著云計算在科學和工業(yè)領(lǐng)域的發(fā)展,Xen虛擬化技術(shù)在網(wǎng)絡(luò)I/O性能和網(wǎng)絡(luò)安全方面的問題變得越來越突出,具有高性能網(wǎng)絡(luò)I/O的虛擬機防火墻需求越來越明顯。為虛擬機提供合理高效的防火墻,提高虛擬域的網(wǎng)絡(luò)I/O性能具有重要意義。本文分析了影響Xen虛擬化技術(shù)網(wǎng)絡(luò)I/O性能的原因,利用SR-IOV規(guī)范下網(wǎng)卡的高性能,提出了一種具有網(wǎng)絡(luò)I/O高性能的、受保護的虛擬機防火墻方案。本文的主要貢獻和創(chuàng)新如下:(1)分析了虛擬機防火墻系統(tǒng)的相關(guān)工作,總結(jié)了目前存在的解決方案的優(yōu)缺點。虛擬機網(wǎng)絡(luò)I/O性能方面,分析了Xen網(wǎng)絡(luò)I/O模式,總結(jié)了影響網(wǎng)絡(luò)I/O性能的主要原因。虛擬機防火墻方面,歸納了已有的解決方案。提出了虛擬機防火墻系統(tǒng)的意義和目標。(2)提出了一種高性能虛擬機防火墻方案。針對接收數(shù)據(jù)包,應(yīng)用SR-IOV網(wǎng)卡中的PF對虛擬機的接收數(shù)據(jù)包進行基于五元組的過濾。同時,虛擬機具有數(shù)據(jù)傳輸時的高性能特征。針對發(fā)送數(shù)據(jù)包,在DomainU中部署防火墻,發(fā)送數(shù)據(jù)包經(jīng)過SR-IOV網(wǎng)卡發(fā)出,具有較高的數(shù)據(jù)傳輸性能。(3)提出了一種增強虛擬機防火墻保護性的方案。由于防火墻部署在運行于非Root模式的DomainU操作系統(tǒng)中,容易受到內(nèi)核層惡意軟件的攻擊。通過在運行于Root模式的Xen中部署監(jiān)控模塊,實時監(jiān)控DomainU中的防火墻模塊,增強了虛擬機防火墻的保護性。
[Abstract]:Virtualization is the key technology of cloud computing. Virtualization technology supports multiple virtual computer systems running on the same physical host, and each virtual system does not interfere with each other. The sharing of physical resources such as CPU, memory / I / O devices. Xen is a mainstream virtual machine manager. Xen acts as the software layer between operating system and computer hardware. The virtualization of the whole physical platform. Xen provides virtual hardware resources for the virtual machine through software, which makes the operating system running on the Xen have an independent execution environment, and realizes the isolation between the virtual machines. With the development of cloud computing in the field of science and industry, the problems of network I / O performance and network security become more and more prominent, and the demand of virtual machine firewall with high performance network I / O becomes more and more obvious. It is of great significance to provide a reasonable and efficient firewall for virtual machine and to improve the performance of virtual domain's I / O network. This paper analyzes the reasons that affect the performance of network I / O in Xen virtualization technology. Using the high performance of network card under SR-IOV specification, a protected virtual machine firewall with high performance of network I / O is proposed. The main contributions and innovations of this paper are as follows: (1) the related work of virtual machine firewall system is analyzed, and the advantages and disadvantages of the existing solutions are summarized. In terms of the performance of virtual machine network I / O, I / O mode of Xen network is analyzed, and the main reasons that affect the performance of network I / O are summarized. Virtual machine firewall, summarized the existing solutions. The significance and goal of virtual machine firewall system are presented. (2) A high performance virtual machine firewall scheme is proposed. For receiving data packet, PF in SR-IOV network card is used to filter the received packet of virtual machine based on quaternion. At the same time, the virtual machine has the characteristics of high performance in data transmission. A firewall is deployed in DomainU for sending data packets, which is sent out by SR-IOV network card. (3) A scheme to enhance the protection of virtual machine firewall is proposed. Since firewall is deployed in DomainU operating system running in non-Root mode, it is vulnerable to attack by kernel malicious software. The protection of virtual machine firewall is enhanced by deploying monitoring module in Xen running in Root mode and monitoring firewall module in DomainU in real time.
【學位授予單位】:南京大學
【學位級別】:碩士
【學位授予年份】:2013
【分類號】:TP393.08;TP302
本文編號:2223970
[Abstract]:Virtualization is the key technology of cloud computing. Virtualization technology supports multiple virtual computer systems running on the same physical host, and each virtual system does not interfere with each other. The sharing of physical resources such as CPU, memory / I / O devices. Xen is a mainstream virtual machine manager. Xen acts as the software layer between operating system and computer hardware. The virtualization of the whole physical platform. Xen provides virtual hardware resources for the virtual machine through software, which makes the operating system running on the Xen have an independent execution environment, and realizes the isolation between the virtual machines. With the development of cloud computing in the field of science and industry, the problems of network I / O performance and network security become more and more prominent, and the demand of virtual machine firewall with high performance network I / O becomes more and more obvious. It is of great significance to provide a reasonable and efficient firewall for virtual machine and to improve the performance of virtual domain's I / O network. This paper analyzes the reasons that affect the performance of network I / O in Xen virtualization technology. Using the high performance of network card under SR-IOV specification, a protected virtual machine firewall with high performance of network I / O is proposed. The main contributions and innovations of this paper are as follows: (1) the related work of virtual machine firewall system is analyzed, and the advantages and disadvantages of the existing solutions are summarized. In terms of the performance of virtual machine network I / O, I / O mode of Xen network is analyzed, and the main reasons that affect the performance of network I / O are summarized. Virtual machine firewall, summarized the existing solutions. The significance and goal of virtual machine firewall system are presented. (2) A high performance virtual machine firewall scheme is proposed. For receiving data packet, PF in SR-IOV network card is used to filter the received packet of virtual machine based on quaternion. At the same time, the virtual machine has the characteristics of high performance in data transmission. A firewall is deployed in DomainU for sending data packets, which is sent out by SR-IOV network card. (3) A scheme to enhance the protection of virtual machine firewall is proposed. Since firewall is deployed in DomainU operating system running in non-Root mode, it is vulnerable to attack by kernel malicious software. The protection of virtual machine firewall is enhanced by deploying monitoring module in Xen running in Root mode and monitoring firewall module in DomainU in real time.
【學位授予單位】:南京大學
【學位級別】:碩士
【學位授予年份】:2013
【分類號】:TP393.08;TP302
【參考文獻】
相關(guān)碩士學位論文 前2條
1 張揚;XEN下基于Intel VT-d技術(shù)的I/O虛擬化的實現(xiàn)[D];電子科技大學;2010年
2 張鑫;基于Intel VT-d在安騰平臺的高效虛擬IO模型的實現(xiàn)與研究[D];電子科技大學;2008年
,本文編號:2223970
本文鏈接:http://sikaile.net/kejilunwen/jisuanjikexuelunwen/2223970.html
最近更新
教材專著
