摘要
针对目前网络设备中各种服务不统一的问题,基于可编程网络处理器的特点,提出了一种服务一体化的网络设备体系结构。把防火墙、VPN、负载均衡等设备对数据包的处理统一表示为一组规则与行为的集合,对数据包先统一分类,再做相应处理,从而把多种网络服务集成到一起;设计了基于Hash的分类规则表,实现了运行期更新规则表以及向数据平面载入执行代码,使功能可以动态扩展;设计了并行部署与处理网络服务的系统硬件体系结构,实现了基于IXP2400处理器的原型系统。实验证明,这种体系结构使各种服务可以方便地重组与扩展,避免了各种设备对包的重复分类,降低了网络时延,采用并行处理结构后,解决了因服务的增加而导致的性能下降的问题。
A novel network device architecture was proposed to eliminate the services' inconsistency and inefficiency while performing multiple service functions by individual network devices. The whole process of packet processing in networking devices such as firewalls, VPNs and load balance devices was formalized as a set of unified rules and actions. All the network service functions were divided into two phases ——classifying and processing, and a classifying rules set based on hash table was designed. The rules and action codes can be deployed and upgraded at nmning time. An architecture supporting parallel deployment and execution of network services was designed based on network processors and an IXP2400 processor prototype was developed. The experimental result showed that this architecture made the network service function reconfigurable and scalable, avoided the redundant classifying of multiple devices, and solved the performance decreasing caused by integrating diversiform services by importing the parallel processing.
出处
《高技术通讯》
CAS
CSCD
北大核心
2007年第4期337-341,共5页
Chinese High Technology Letters
基金
863计划(2006AA01A118),国家自然科学基金(60673180,90612004,90412011)和科技部国际科技合作计划(2006DFA11080)资助项目.
关键词
一体化网络服务
网络处理器
服务扩展
服务重组
integrated network service, network processor, service scalable, service reconfiguration
