| 一种新型的复合式NAT防护系统的实现机制 |
| |
| 引用本文: | 司靓,李昀晖,郜帅.一种新型的复合式NAT防护系统的实现机制[J].计算机工程,2008,34(17):123-126. |
| |
| 作者姓名: | 司靓 李昀晖 郜帅 |
| |
| 作者单位: | 1. 北京交通大学电子信息工程学院,北京,100044;中国人民解放军北京军区,北京,100041
2. 北京交通大学电子信息工程学院,北京,100044 |
| |
| 基金项目: | 国家自然科学基金,IntelIXA大学合作计划基金 |
| |
| 摘 要: | 提出一种基于可编程网络处理器IXP2400和GP-CPU的NAT/NAPT的实现方案,设计与实现了基于两片IXP2400和GP-CPU组成的具有安全防火墙功能的NAT防护系统。针对该NAT防护系统进行了性能分析,能够支持六十多万并发TCP/UDP的连接容量与全线速为2 Gb/s以太网连接速率,实现了网络地址复用,提高了NAT/NAPT的操作速度,克服了传统NAT实现方案中的性能瓶颈。
|
| 关 键 词: | 网络处理器 网络地址转换技术 网络地址与端口转换 防火墙 功能模块 |
| 修稿时间: | |
Implementation Mechanism of Novel Compound NAT Firewall System |
| |
| SI Liang,LI Yun-hui,GAO Shuai.Implementation Mechanism of Novel Compound NAT Firewall System[J].Computer Engineering,2008,34(17):123-126. |
| |
| Authors: | SI Liang LI Yun-hui GAO Shuai |
| |
| Affiliation: | (1. School of Electronics and Information Engineering, Beijing Jiaotong University, Beijing 100044; 2. Beijing Military District of PLA, Beijing 100041) |
| |
| Abstract: | This paper puts forward an implementation scheme, which is called Network Address Translation(NAT)/Network Address Port Translation(NAPT) based on programmable Network Processor(NP) IXP2400 and GP-CPU. Meanwhile, the NAT firewall system with firewall function, containing a pair of Intel IXP2400 and GP-CPU, is designed and implemented. And the performance analysis of the NAT Firewall system is made, which can support more than six hundred thousand of concurrent TCP/UDP sessions and sustain the full line rate on two Gigabit Ethernet links. In addition, the NAT Firewall system can successfully achieve the multiplexing of network address, effectively improve the performance of NAT/NAPT processing and overcome the bottleneck of performance in traditional implementation of NAT. |
| |
| Keywords: | Network Processor(NP) Network Address Translation(NAT) technology Network Address Port Translation(NAPT) firewall microblock |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
