基于仿真理论及虚拟化技术的虚拟覆盖网络模型研究
|
摘要
现有Internet网络功能强大,服务类型多样,但是随着网络规模指数型的增大,以及应用需求的多样化,我们也逐渐开始意识到Internet正逐渐步入僵化。本文正是在这样的背景下提出了一个基于仿真理论及虚拟化技术的虚拟覆盖网络模型。该网络模型能够为用户建立起一个具有更高独立性、安全性、灵活性并具有物理位置与用户身份分离特性的网络,这使得用户能够在自己的私有网络中提供或享用更多种多样的个人网络服务,这些服务不但包括应用层各项服务,还包含了应用层以下的各种服务。
该模型的核心主要是基于虚拟化技术建立起来的,其中用到的虚拟化技术包括虚拟路由器技术、虚拟网卡技术、虚拟拓扑技术等等。本文还在现有主流仿真技术研究的基础上,用ns2仿真软件对该网络模型进行了仿真,得出了对该网络性能参数的评估。同时还结合利用了Planetlab测试床,对该网络模型的系统参数也给出了评估。
此外,本文讨论了该网络模型的实际应用。它的应用范围十分广泛,既可以用于个人用途,也可以用于组织机构建设网络的情况,还可以用于给网络研究人员对前沿的网络技术进行方便而灵活的实验和仿真。特别地,本文在对现有信息安全公共服务平台体系结构进行研究的基础上,给出了该网络模型在该平台中的应用,提出了新一代信息安全公共服务平台体系框架,为进一步发挥信息安全公共服务平台的优越性奠定了基础。
Today’s Internet is robust, and can provide various services. But with the exponential development of the network scale, and the increasing variety of application needs, we begin realizing the fact that Internet is becoming ossified. It is under this circumstance that this paper proposes a new simulation and virtualization based virtual overlay network model. This network model can set up an overlay network model of great independence, security, flexibility and location-identity split. This enables users to provide or enjoy various personal services, both on and under the application layer, in their own private network.
The key technology within the virtual overlay network model is virtualization, which includes the virtual router, virtual network adapter, and virtual topology, etc. Based on research of the mainstream simulation technologies, this network model is simulated using ns2, and related network performance parameters are evaluated. Also, to test its system performance, the Planetlab testbed is further used along with ns2.
Moreover, this paper discusses the practical use of the network model. Its application is so wide that it covers the individual use, the organizational use, and the research use. The research use enables the researchers to experiment and simulate the most advanced network technologies more easily and flexibly. In particular, on the basis of the research on the architecture of the existing Information Security Public Service Platform, this paper discusses the application of this network model in it, and presents the framework of a generation of Information Security Public Service Platform. This enables the platform to fully exert its superiority.
该模型的核心主要是基于虚拟化技术建立起来的,其中用到的虚拟化技术包括虚拟路由器技术、虚拟网卡技术、虚拟拓扑技术等等。本文还在现有主流仿真技术研究的基础上,用ns2仿真软件对该网络模型进行了仿真,得出了对该网络性能参数的评估。同时还结合利用了Planetlab测试床,对该网络模型的系统参数也给出了评估。
此外,本文讨论了该网络模型的实际应用。它的应用范围十分广泛,既可以用于个人用途,也可以用于组织机构建设网络的情况,还可以用于给网络研究人员对前沿的网络技术进行方便而灵活的实验和仿真。特别地,本文在对现有信息安全公共服务平台体系结构进行研究的基础上,给出了该网络模型在该平台中的应用,提出了新一代信息安全公共服务平台体系框架,为进一步发挥信息安全公共服务平台的优越性奠定了基础。
Today’s Internet is robust, and can provide various services. But with the exponential development of the network scale, and the increasing variety of application needs, we begin realizing the fact that Internet is becoming ossified. It is under this circumstance that this paper proposes a new simulation and virtualization based virtual overlay network model. This network model can set up an overlay network model of great independence, security, flexibility and location-identity split. This enables users to provide or enjoy various personal services, both on and under the application layer, in their own private network.
The key technology within the virtual overlay network model is virtualization, which includes the virtual router, virtual network adapter, and virtual topology, etc. Based on research of the mainstream simulation technologies, this network model is simulated using ns2, and related network performance parameters are evaluated. Also, to test its system performance, the Planetlab testbed is further used along with ns2.
Moreover, this paper discusses the practical use of the network model. Its application is so wide that it covers the individual use, the organizational use, and the research use. The research use enables the researchers to experiment and simulate the most advanced network technologies more easily and flexibly. In particular, on the basis of the research on the architecture of the existing Information Security Public Service Platform, this paper discusses the application of this network model in it, and presents the framework of a generation of Information Security Public Service Platform. This enables the platform to fully exert its superiority.
引文
[1] 喻健坤,杨树堂,陆松年,李铎峰,支持多用户并发访问控制的虚拟网络模型研究,信息技术,2007 年第 8 期,1~2 页
[2] IEEE Std 802.1Q-1998, Draft Standard for Virtual Bridge Local Area Networks, May 16, 1997
[3] IEEE Std 802.1Q?, 2003 Edition IEEE Standards for Local and metropolitan area networks Virtual Bridged Local Area Networks, May 7, 2003
[4] Dr. V. Rajaravivarma, North Carolina A&T State University, Virtual Local Area Network Technology and Applications, System Theory, 1997., Proceedings of the Twenty-Ninth Southeastern Symposium on 9-11 March 1997 Page(s):49 – 52
[5] P. Ferguson, G. Huston, What is a VPN?, Technical Report, Cisco Systems, March 1998
[6] Stanford High-Performance Networking Group, Stanford Virtual Network System(VNS), http://yuba.stanford.edu/vns/
[7] Martin Casado, Nick McKeown. The Virtual Network System, ACM SIGCSE Bulletin, 2005, Volume 37, Pages 76 – 80
[8] 王涛,用 NetSim 组建虚拟网络实验室,长沙通信职业技术学院学报,2005年 4 卷 3 期,46-48 页
[9] Galan F., Fernandez D., Ruiz J., Walid O., Use of virtualization tools in computer network laboratories, Information Technology Based Higher Education and Training, 2004. ITHET 2004. Proceedings of the FIfth International Conference on 31 May-2 June 2004, Page(s):209 – 214
[10] L. Peterson, T. Roscoe, The design principles of Planetlab, ACM Operating Systems Review, 40(1), Jan. 2006
[11] Joseph D. Touch, Yu-Shun Wang, Lars Eggert, Gregory G. Finn. A Virtual Internet Architecture. USC/Information Sciences Institute March 24, 2003
[12] Louati, W., Zeghlache, D. Network-Based virtual personal overlay networks using programmable virtual routers. Communications Magazine, IEEE, volume43, issue 8, Aug. 2005 page(s):86 - 94
[13] H. Balakrishnan, K. Lakshminarayanan, S. Ratnasamy, S. Shenker, I. Stoica, and M. Walfish. A Layered Naming Architecture for the Internet. In Proc. of ACM SIGCOMM ’04, pages 343–352, Portland, OR, USA, Aug. 2004.
[14] M. Caesar, T. Condie, J. Kannan, K. Lakshminarayanan, S. Shenker, and I. Stoica. Routing on Flat Labels. In Proc. of ACM SIGCOMM ’06, pages 363–374, Pisa, Italy, Sept.2006.
[15] M. Chawla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, A. Vasu, S. Shenker and I. Stoica. A Data-Oriented (and Beyond) Network Architecture, http://cs.shenker.net/files/dona-submit.pdf
[16] M. Caesar, M. Castro, E. Nightingale, G. O’Shea, A. Rowstron, Virtual ring routing: network routing inspired by DHTs, ACM SIGCOMM, September 2006.
[17] E. Kohler, The Click Modular Router, ACM Trans. Comp. Sys., vol. 18, no. 3, Aug. 2000, pp. 263–97.
[18] M. Handley, Designing Extensible IP Router Software, Proc. 2nd USENIX Symp. Net. Sys. Design and Implementation, Boston, MA, May 2005.
[19] D. Cheriton, M. Gritter, TRIAD: a scalable deployable NAT-based Internet architecture, Technical report, January 2000.
[20] L. Peterson, A. Bavier, Marc E. Fiuczynski, and S. Muir. Experiences Building PlanetLab. Proceedings of the 7th USENIX Symposium on Operating System Design and Implementation (OSDI '06) Seattle, WA, November 2006
[21] T. Anderson, T. Roscoe. Learning from PlanetLab, Proceedings of the 3rd Workshop on Real, Large Distributed Systems (WORLDS), November 2006.
[22] H. Balakrishnan, M. F. Kaashoek, D. Karger, R. Morris, I. Stoica, Looking Up Data in P2P Systems', Communications of the ACM, Vol. 46, No. 2, February 2003, pp. 43-48.
[23] J. Turner. Virtualizing the Net - a strategy for enabling network innovation. High Performance Interconnects, 2004. Proceedings. 12th Annual IEEE Symposium on, 25-27 Aug. 2004
[24] P. Ruth, X. Jiang, D. Xu, S. Goasguen, Virtual distributed environments in ashared infrastructure. Computer, May 2005
[25] Krap C. Arjen, Setting up a virtual network Laboratory with User-Mode Linux, Technical report, Masters programme on System and Network Administration, University of Amsterdam, 27th February 2004 URL: http://www.os3.nl/?arjen/snb/asp/asp-report.pdf
[26] K. Luruo and S. Khanvilkar, Virtual Network Configuration Tools for User-Mode Linux, Linux forYou – Pro, May 2005.
[27] 姚晓宇,赵晨,Linux 内核防火墙 Netfilter 实现与应用研究,计算机工程,2003 年 5 月,第 29 卷第 8 期,112-113 页
[28] P. M. Chen, B. D. Noble, When virtual is better than real, In (HOTOS-VIII), Schloss Elmau, Germany, May 2001
[29] Rosenblum M., Garfinkel T., Virtual machine monitors: current technology and future trends, Computer, Volume 38, Issue 5, May 2005 Page(s):39 – 47
[30] El-Darieby M., Rolia J., Petriu D.C., Performance modeling for virtual network based service provisioning, Integrated Network Management Proceedings, 2001 IEEE/IFIP International Symposium on14-18 May 2001 Page(s):139 - 152
[31] Fellows L.T.C.S., Virtual network simulator: changing the simulated computer network operations landscape for joint training and exercises, Military Communications Conference, 2004. MILCOM 2004. IEEE, Volume 2, 31 Oct.-3 Nov. 2004 Page(s):1080 - 1085
[32] Cane J., Leitner L., A virtual network laboratory for instruction and research, SoutheastCon, 2005. Proceedings. IEEE, 8-10 April 2005 Page(s):651 – 655
[33] Alan M. Mainwaring, David E. Culler, Design challenges of virtual networks: Fast, general-purpose communication, In Proceedings of the ACM SIGPLAN '99 Symposium on Principles and Practice of Parallel Programming, May 1999, Page(s) 119-130
[34] Gubin, A., Yurcik W., Brumbaugh L., PingTV: a case study in visual network monitoring, Visualization, 2001. VIS '01. Proceedings 21-26 Oct. 2001 Page(s):421 - 580
[35] H?xer H.-J., Buchacker K., Sieh V., Implementing a User-Mode Linux withMinimal Changes from Original Kernel, In Linux-Kongress 2002, K?ln, Germany, September 4-6, 2002, Page(s):72-82
[36] Balachander R., Venkataram P., User-mode Linux based MPLS emulator, TENCON 2004. 2004 IEEE Region 10 Conference, Volume B, 21-24 Nov. 2004, Page(s):601 - 604 Vol. 2
[37] Lok Kwong Yan, Virtual honeynets revisited Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005. Proceedings from the Sixth Annual IEEE, 15-17 June 2005, Page(s):232 – 239
[38] Thurm B., Hennig M., Service-oriented MPLS network management in a virtual networking environment, Computer Communications and Networks, 2003. ICCCN 2003. Proceedings. The 12th International Conference on 20-22 Oct. 2003, Page(s):456 – 461
[39] Nakazawa J., Okoshi T., Mochizuki M., VNA: an object model for virtual network appliances, Consumer Electronics, 2000. ICCE. 2000 Digest of Technical Papers. International Conference on 13-15, June 2000, Page(s):364 – 365
[40] 李萌,杨卫华,张林,在蓝牙无线网络中虚拟网卡的实现,计算机工程,2003年 12 月,第 21 期,125~127 页
[41] 李建华,杨树堂,李铎锋等,远程大规模多用户并发控制防火墙系统的实现方法,中国,发明专利, CN200510030970.7
[42] 陈盈盈,杨树堂,陆松年,《虚拟路由器及其在 BGP/MPLS VPN 中的应用研究》,《计算机工程》,2007 年 01 期
[43] 王俊,杨树堂,陆松年,《基于高层虚拟交换的 BGP/MPLS VPN 系统研究》,《计算机应用研究》,2007 年 01 期
[2] IEEE Std 802.1Q-1998, Draft Standard for Virtual Bridge Local Area Networks, May 16, 1997
[3] IEEE Std 802.1Q?, 2003 Edition IEEE Standards for Local and metropolitan area networks Virtual Bridged Local Area Networks, May 7, 2003
[4] Dr. V. Rajaravivarma, North Carolina A&T State University, Virtual Local Area Network Technology and Applications, System Theory, 1997., Proceedings of the Twenty-Ninth Southeastern Symposium on 9-11 March 1997 Page(s):49 – 52
[5] P. Ferguson, G. Huston, What is a VPN?, Technical Report, Cisco Systems, March 1998
[6] Stanford High-Performance Networking Group, Stanford Virtual Network System(VNS), http://yuba.stanford.edu/vns/
[7] Martin Casado, Nick McKeown. The Virtual Network System, ACM SIGCSE Bulletin, 2005, Volume 37, Pages 76 – 80
[8] 王涛,用 NetSim 组建虚拟网络实验室,长沙通信职业技术学院学报,2005年 4 卷 3 期,46-48 页
[9] Galan F., Fernandez D., Ruiz J., Walid O., Use of virtualization tools in computer network laboratories, Information Technology Based Higher Education and Training, 2004. ITHET 2004. Proceedings of the FIfth International Conference on 31 May-2 June 2004, Page(s):209 – 214
[10] L. Peterson, T. Roscoe, The design principles of Planetlab, ACM Operating Systems Review, 40(1), Jan. 2006
[11] Joseph D. Touch, Yu-Shun Wang, Lars Eggert, Gregory G. Finn. A Virtual Internet Architecture. USC/Information Sciences Institute March 24, 2003
[12] Louati, W., Zeghlache, D. Network-Based virtual personal overlay networks using programmable virtual routers. Communications Magazine, IEEE, volume43, issue 8, Aug. 2005 page(s):86 - 94
[13] H. Balakrishnan, K. Lakshminarayanan, S. Ratnasamy, S. Shenker, I. Stoica, and M. Walfish. A Layered Naming Architecture for the Internet. In Proc. of ACM SIGCOMM ’04, pages 343–352, Portland, OR, USA, Aug. 2004.
[14] M. Caesar, T. Condie, J. Kannan, K. Lakshminarayanan, S. Shenker, and I. Stoica. Routing on Flat Labels. In Proc. of ACM SIGCOMM ’06, pages 363–374, Pisa, Italy, Sept.2006.
[15] M. Chawla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, A. Vasu, S. Shenker and I. Stoica. A Data-Oriented (and Beyond) Network Architecture, http://cs.shenker.net/files/dona-submit.pdf
[16] M. Caesar, M. Castro, E. Nightingale, G. O’Shea, A. Rowstron, Virtual ring routing: network routing inspired by DHTs, ACM SIGCOMM, September 2006.
[17] E. Kohler, The Click Modular Router, ACM Trans. Comp. Sys., vol. 18, no. 3, Aug. 2000, pp. 263–97.
[18] M. Handley, Designing Extensible IP Router Software, Proc. 2nd USENIX Symp. Net. Sys. Design and Implementation, Boston, MA, May 2005.
[19] D. Cheriton, M. Gritter, TRIAD: a scalable deployable NAT-based Internet architecture, Technical report, January 2000.
[20] L. Peterson, A. Bavier, Marc E. Fiuczynski, and S. Muir. Experiences Building PlanetLab. Proceedings of the 7th USENIX Symposium on Operating System Design and Implementation (OSDI '06) Seattle, WA, November 2006
[21] T. Anderson, T. Roscoe. Learning from PlanetLab, Proceedings of the 3rd Workshop on Real, Large Distributed Systems (WORLDS), November 2006.
[22] H. Balakrishnan, M. F. Kaashoek, D. Karger, R. Morris, I. Stoica, Looking Up Data in P2P Systems', Communications of the ACM, Vol. 46, No. 2, February 2003, pp. 43-48.
[23] J. Turner. Virtualizing the Net - a strategy for enabling network innovation. High Performance Interconnects, 2004. Proceedings. 12th Annual IEEE Symposium on, 25-27 Aug. 2004
[24] P. Ruth, X. Jiang, D. Xu, S. Goasguen, Virtual distributed environments in ashared infrastructure. Computer, May 2005
[25] Krap C. Arjen, Setting up a virtual network Laboratory with User-Mode Linux, Technical report, Masters programme on System and Network Administration, University of Amsterdam, 27th February 2004 URL: http://www.os3.nl/?arjen/snb/asp/asp-report.pdf
[26] K. Luruo and S. Khanvilkar, Virtual Network Configuration Tools for User-Mode Linux, Linux forYou – Pro, May 2005.
[27] 姚晓宇,赵晨,Linux 内核防火墙 Netfilter 实现与应用研究,计算机工程,2003 年 5 月,第 29 卷第 8 期,112-113 页
[28] P. M. Chen, B. D. Noble, When virtual is better than real, In (HOTOS-VIII), Schloss Elmau, Germany, May 2001
[29] Rosenblum M., Garfinkel T., Virtual machine monitors: current technology and future trends, Computer, Volume 38, Issue 5, May 2005 Page(s):39 – 47
[30] El-Darieby M., Rolia J., Petriu D.C., Performance modeling for virtual network based service provisioning, Integrated Network Management Proceedings, 2001 IEEE/IFIP International Symposium on14-18 May 2001 Page(s):139 - 152
[31] Fellows L.T.C.S., Virtual network simulator: changing the simulated computer network operations landscape for joint training and exercises, Military Communications Conference, 2004. MILCOM 2004. IEEE, Volume 2, 31 Oct.-3 Nov. 2004 Page(s):1080 - 1085
[32] Cane J., Leitner L., A virtual network laboratory for instruction and research, SoutheastCon, 2005. Proceedings. IEEE, 8-10 April 2005 Page(s):651 – 655
[33] Alan M. Mainwaring, David E. Culler, Design challenges of virtual networks: Fast, general-purpose communication, In Proceedings of the ACM SIGPLAN '99 Symposium on Principles and Practice of Parallel Programming, May 1999, Page(s) 119-130
[34] Gubin, A., Yurcik W., Brumbaugh L., PingTV: a case study in visual network monitoring, Visualization, 2001. VIS '01. Proceedings 21-26 Oct. 2001 Page(s):421 - 580
[35] H?xer H.-J., Buchacker K., Sieh V., Implementing a User-Mode Linux withMinimal Changes from Original Kernel, In Linux-Kongress 2002, K?ln, Germany, September 4-6, 2002, Page(s):72-82
[36] Balachander R., Venkataram P., User-mode Linux based MPLS emulator, TENCON 2004. 2004 IEEE Region 10 Conference, Volume B, 21-24 Nov. 2004, Page(s):601 - 604 Vol. 2
[37] Lok Kwong Yan, Virtual honeynets revisited Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005. Proceedings from the Sixth Annual IEEE, 15-17 June 2005, Page(s):232 – 239
[38] Thurm B., Hennig M., Service-oriented MPLS network management in a virtual networking environment, Computer Communications and Networks, 2003. ICCCN 2003. Proceedings. The 12th International Conference on 20-22 Oct. 2003, Page(s):456 – 461
[39] Nakazawa J., Okoshi T., Mochizuki M., VNA: an object model for virtual network appliances, Consumer Electronics, 2000. ICCE. 2000 Digest of Technical Papers. International Conference on 13-15, June 2000, Page(s):364 – 365
[40] 李萌,杨卫华,张林,在蓝牙无线网络中虚拟网卡的实现,计算机工程,2003年 12 月,第 21 期,125~127 页
[41] 李建华,杨树堂,李铎锋等,远程大规模多用户并发控制防火墙系统的实现方法,中国,发明专利, CN200510030970.7
[42] 陈盈盈,杨树堂,陆松年,《虚拟路由器及其在 BGP/MPLS VPN 中的应用研究》,《计算机工程》,2007 年 01 期
[43] 王俊,杨树堂,陆松年,《基于高层虚拟交换的 BGP/MPLS VPN 系统研究》,《计算机应用研究》,2007 年 01 期