摘要
为了解决交换机中数据风暴、DoS(Denial of Service)攻击等网络安全问题,本文提出了一种基于数据帧差异化控制的访问控制模块,该模块以接收端口数据帧为基本粒度进行解析,生成与接口数据帧一一对应的解析关键字,然后通过解析关键字的匹配分析对数据帧进行差异化管理,同时通过令牌桶和计数器进行数据帧流量控制,从而实现了对以太网各种数据帧的过滤、TOS/DSCP修改以及转发向量更新等.仿真结果表明,该模块实现了预期功能,满足项目应用需求.
In order to address the network security issues such as data storms and DoS etc, a frame-differentiation control based access control module is presented in this paper. Firstly, data frames from the receiving port are analyzed as the basic granularity. And then analytical keywords are generated corresponding to those data frames. Finally, the differentiated management is implemented based on the analysis for analytical keywords of data frames. Simultaneously, frame filtering, TOS/DSCP modification and forwarding vector updates are also implemented by traffic controls of data frame which base on the token bucket and counter. The function of access control module has been verified and analysis, which shows that the expected function are achieved and project applicaton requirements are satisfied.
作者
位荣友
吴龙胜
陈庆宇
赵文琦
WEI Rong-you;WU Long-sheng;CHEN Qing-yu;Zhao Wen-qi(Xiran Microeleetronics Technology Institute,Xitan 710065,China)
出处
《微电子学与计算机》
CSCD
北大核心
2018年第10期136-140,共5页
Microelectronics & Computer
