期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于IP流本地性的状态检测性能优化方法 被引量:5

Performance Optimization of State Inspection Based on IP Traffic Locality
下载PDF
导出
摘要 提出了一种哈希表优化算法(MTH)以提高状态检测的速度.该算法根据IP流本地性,即最近访问过的会话节点很有可能被再次访问的特点,将刚访问的节点放置在Bucket链表头部,以减少哈希表的整体内存访问次数,提高会话表的速度.历史流量驱动的性能仿真实验表明,MTH算法的性能明显优于原哈希表算法,能够满足高速状态检测防火墙的速度要求. An optimized hash table algorithm - move-to-head (MTH) is introduced to improve the state inspection speed. Due to the IP traffic locality, the recently accessed session nodes have higher probability to be accessed once again. In MTH, they are moved to the head of the bucket chain to reduce the number of the entire memory accesses in the hash table and improve the session table speed. The trace-driven simulations demonstrate that MTH has a better performance than the original hash table algorithm, which suits the high-speed state inspection firewall well.
作者 郑卫斌 段中兴 高磊 张德运
机构地区 西安交通大学电子与信息工程学院
出处 《西安交通大学学报》 EI CAS CSCD 北大核心 2004年第4期413-416,共4页 Journal of Xi'an Jiaotong University
基金 国家"八六三"网络安全管理与测评技术资助项目 (863 - 3 0 1 - 0 5- 0 3 )
关键词 防火墙 状态检测 哈希表算法 本地性 Condition monitoring Network protocols Optimization Table lookup Telecommunication traffic
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献6

  • 1[1]Decasper D, Dittia Z, Parulkar G, et al. Router plugins: a software architecture for next-generation routers [J]. IEEE/ACM Transactions on Networking, 2000, 8(1): 2~15.
  • 2[2]Rusty R, Harald W. Linux Netfilter Hacking HOWTO[EB/OL]. http://www.netfilter.org,2003-03-09.
  • 3[3]Gill S. Maximizing firewall availability : techniques on improving resilience to session table DoS sttacks[EB/OL]. http://www.gorbit.net/,2003-02-23.
  • 4[4]Jain R, Routhier S A. Packet trains: measurements and a new model for computer network traffic [J]. IEEE Journal on Selected Areas in Communications, 1986,4(6): 986~995.
  • 5[5]Feldmeier D C. Improving gateway performance with a routing-table cache [A]. Proceedings of IEEE INFOCOM [C]. New York: IEEE, 1988. 298~307.
  • 6[6]Xu J, Singhal M, Degroat J. Novel cache architecture to support layer-four packet classification at memory access speeds [A]. Proceedings INFOCOM 2000 [C]. Piscataway, USA: IEEE , 2000. 1 445~1 454.

同被引文献37

  • 1卢明华,韩毅刚.计费网关中基于有向图的IP地址组织[J].计算机工程,2004,30(13):82-83. 被引量:1
  • 2林绍太,张会汀,郑力明.IP分片重组算法(RFC815)的实现及其改进[J].计算机工程与设计,2005,26(4):911-913. 被引量:8
  • 3邹学强,冯登国.基于Agent的分布式防火墙系统的设计与实现[J].计算机工程,2005,31(13):129-131. 被引量:5
  • 4Decasper D, Dittia Z, Parulkar G, et al. Router plugins : asoftware architecture for next generation routers [J]. IEEE/ACM Transactions on Networking , 2000,8 (1):2~ 15
  • 5Rusty R , Harald W. Linux Netfilter Hacking HOWTO[ EB/OL ]. http://www.netfilter.org, 2003-03-09
  • 6Stoica I, Morris R, Karger D, Kaashoek M F, Balakrishnan H.Chord, A Scalable Peer-to-Peer Lookup Service for Internet Applications. Annual Conference of the Special Interest Group on Data Communication (SIGCOMM 2001), Aug. 2001
  • 7Gill S. Maximizing firewall availability : techniques on improving resilience to session table DoS sttaeks[EB/OL], http://www.gorbit.net/, 2003-02-23
  • 8Jain R , Routhier S A. Packet trains : measurements and a new model for computer network traffic [J]. IEEE Journal on Selected Areas in Communications, 1986,4 (6):986 ~995
  • 9Feldmeier D C. Improving gateway performance with a routing table cache [A]. In:Proc. of IEEE INFOCOM [C]. New York:IEEE ,1988. 298~307
  • 10Xu J,Singhal M, Degroat J. Novel cache architecture to support layer four packet classification at memory access speeds [A]. In:Proc. INFOCDM 2000 [C]. Piscataway, USA; IEEE, 2000. 1445-454

引证文献5

二级引证文献6

西安交通大学学报
2004年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部