摘要
网络会话管理是网络流量监控、状态防火墙、入侵防御、网络地址转换、负载分流等网络在线业务的关键共性技术,对于准确、快速、灵活地跟踪、分析和处置网络流量中的协议交互过程、端对端行为和通信内容起着基础性支撑作用.近年来,随着P2P(Peer-to-Peer)、VoIP(Voiceover IP)、网络流媒体等新兴应用的快速发展,网络流量和会话呈现爆炸式增长,如何实现高效的会话管理成为人们面临的一项挑战.文中提出了一种适用于并行执行环境的网络会话管理方案PaSeM(Parallel Session Management),采用基于散列表的无锁会话表设计和多种并行策略,讨论并解决了在高速网络环境下面临的各种并行冲突问题,给出了会话表查询和动态管理的高效并行算法,实现了对报文和会话的并行无冲突的高效处理.基于G/G2/n1排队模型和空竭服务多重休假M/G+D/1排队模型对PaSeM的性能进行了理论分析,对于稳态下并行处理单元(PE)数量、任务队列长度、存储开销与报文到达速率、会话到达速率之间的关系以及其它关键参数应满足的条件给出了定量计算方法.最后,采用基于IXP2400网络处理器的硬件平台进行了原型开发和实验.实验结果表明,PaSeM对于会话管理和报文处理具有较好的并行加速效果,理论计算值与实验值能较好地吻合,报文处理的并行效率均值接近1,当会话管理单元个数为4时,会话处理并行效率为65.4%(亦即加速比为2.62),当会话管理单元个数为8时,会话处理并行效率仍然达到了48.3%(加速比为3.86),能够满足当前高速网络环境流量处理的性能要求;在最大吞吐量负载下队列长度及其变化幅度都处于合理范围,会话表垃圾比率维持在较低的水平上(实验结果为小于9%),与已有的工作相比为优.
As a mutual and essential technique in many online network operations, such as traffic monitoring, stateful firewall, intrusion prevention, network address translation (NAT), load balancing, etc. , network traffic session management serves as a basic functionality to track, analyze and process protocol interactions, endpoint behaviors and communication content. In recent years,, with the P2P (Peer-to-Peer), VolP (Voice over IP), streaming media and other new applications having been springing up everywhere, network traffic and sessions have led to an explosive growth, so how to achieve efficient session management become a challenge. In this paper, an approach of parallel network session management, PaSeM (Parallel Session Management), is proposed, which introduces a lock-free session hash table structure, several parallel processing schemes, and cost-effective parallel lookup and management algorithms to achieve high speed and conflict-free processing of large numbers of packets and sessions. Based on the queuing model of G/G2/n1 and M/G+D/1 with exhaustive service and multiple vacations, the performance is analyzed and evaluated, and the quantitative method for the relationship between packet and session arrival rate and parallel processing unit (PE) number, the task queue length, storage overhead, condition values of other key parameters in the steady sate. Experiments show that PaSeM has high parallel efficiency, and the theoretical and experimental values agree well. The performance requirement of high-speed network can be met. the average parallel packet processing efficiency is close to 1; when the number of session management unit is 4, the parallel efficiency of session processing is 65.4% (that is, speedup 2.62) ; when the number of session management unit become 8, the parallel efficiency of session processing is 48.3% (that is, speedup 3.86). The queue length and its skewness are in reasonable during peak throughput. Garbage ratio of the session table is in a relatively low level (experimental result is less than 90%).
出处
《计算机学报》
EI
CSCD
北大核心
2010年第7期1195-1212,共18页
Chinese Journal of Computers
基金
国家"八六三"高技术研究发展计划项目基金(2006AA01Z410)
国家自然科学基金(60873217
60973159)
国家发改委信息安全专项([2009]1717)
下一代互联网业务试商用及设备产业化专项(CNGI-09-01-12)
电子信息产业发展基金([2007]329)资助
关键词
网络流量
会话管理
会话表
并行处理
并行冲突
conflict network traffic
session management
session table
parallel processing
parallel
