一体化网络接入交换路由器分离映射的设计与实现
|
摘要
随着互联网技术的快速发展,身份与位置分离成为当前互联网领域研究的热点之一。身份与位置的分离为互联网中的路由扩展性、移动性、安全性等问题的解决提供了一个良好的基础。
本文的工作依托国家973项目“一体化可信网络与普适服务体系基础研究”。一体化网络是一种新的互联网体系架构,其核心思想是通过引入接入标识、交换路由标识以及接入标识与交换路由标识之间的分离映射机制,以便支持身份与位置分离。接入交换路由器是一体化网络中的关键设备,其设计和实现对一体化网络方案的研究和验证有着极其重要的意义。
本文主要研究一体化网络中接入标识与交换路由标识分离映射机制在接入交换路由器上的设计和实现。首先,本文简要介绍了目前具有代表意义的几种身份与位置分离的设计方案,并对包括一体化网络体系在内的各个方案的关键不同点进行了分析和比较,指出了其各自的优势和缺陷。其次,在对一体化网络体系进行深入分析的基础上,本文给出了一体化网络对于其关键网络设备——接入交换路由器协议栈的功能需求,并针对性地提出了模块化的接入标识与交换路由标识分离映射协议栈的设计方案,以及数据包的处理流程算法。第三,本文对给出的设计方案进行了编程实现。在此实现方案中,主要有以下特点:1)采用Linux开源内核协议栈,以动态加载的内核模块形式实现了接入标识与路由标识分离映射的功能;2)采用双关键字哈希链表的数据结构存储分离映射的标识映射数据,保证了数据包转发的处理速度;3)并且采用了请求等待队列缓存在解析标识映射期间的数据包,减少了数据包的丢失;4)协议栈使用Netlink套接口实现了外部交互接口,便于与其它服务进程的交互协同。
通过在实验平台上部署软件,实际测试了接入标识与路由标识分离映射协议栈的功能和性能。测试表明,该协议栈基本满足了一体化网络分离映射方案的各项功能需求,数据包的转发时延与普通Linux内核协议栈IP层数据包转发时延相当,达到了25微秒左右的数量级,并且在增加大量标识映射条目的情况下没有明显的时延增加。
本方案的成功实现为一体化网络的测试和分析提供了一个实验平台,为后续工作的进行奠定了良好基础。
With the explosive growth of Internet, the separation of identifier and locator becomes a hot research topic in recent years. There are many benefits of the separation of identifier and locator, such as the scalability of routing system, the mobility support, and the security.
The work in this paper relies on the project of Universal trustworthy Network and pervasive Services, which is in National Basic Research Program (973 Program). Universal Network is a new type of network architecture, which separates the identifiers and locators of the traditional IP address by introducing the Access Identifier (AID), Switch Route Identifier (SRID), and the separation-and-mapping of AID and SRID. The Access Switch Router is an important device in Universal Network, which helps the research and test on Universal Network.
This paper mainly addresses the problem that how to design and implement the separation-and-mapping of AID and SRID in the Access Switch Router of Universal Network. Firstly, we briefly introduce some typical solutions for the separation of identifier and locator, analyze their advantages and disadvantages, and make a brief comparison. Secondly, we introduce the architecture of Universal Network, analyze the function requirements on Access Switch Router's protocol stack, and propose the packet processing algorithm of separation-and-mapping of AID and SRID as well as the implementation of the protocol stack. Thirdly, we implement the separation-and-mapping of AID and SRID in Linux. The traits of the implementation are shown as follows: 1) it uses the Linux kernel protocol stack to implement the separation and mapping of AID and SRID, which can be dynamically installed in the form of kernel module; 2) it introduces a two-key hash table to store the mapping of AID and SRID, and to guarantee the speed of packet forwarding; 3) it introduces a pending queue to reduce the packet loss during the parsing of AID and SRID; 4) it adopts the Netlink socket to offer an interface to outer program, in which the protocol stack can be configured.
We test and analyze the program in our prototype. The experiment results show that the protocol stack meets the demand of the Universal Network, and the packet forwarding delay in our protocol stack is on the same level with it in Linux IP stack, which is about 25us. Furthermore, the packet forwarding delay increases slowly when the number of mapping of AID and SRID increases.
This work provides an experiment platform for testing and analyzing the separating and mapping of AID and SRID in Universal Network. And it builds a good foundation for the following researches in Universal Network.
本文的工作依托国家973项目“一体化可信网络与普适服务体系基础研究”。一体化网络是一种新的互联网体系架构,其核心思想是通过引入接入标识、交换路由标识以及接入标识与交换路由标识之间的分离映射机制,以便支持身份与位置分离。接入交换路由器是一体化网络中的关键设备,其设计和实现对一体化网络方案的研究和验证有着极其重要的意义。
本文主要研究一体化网络中接入标识与交换路由标识分离映射机制在接入交换路由器上的设计和实现。首先,本文简要介绍了目前具有代表意义的几种身份与位置分离的设计方案,并对包括一体化网络体系在内的各个方案的关键不同点进行了分析和比较,指出了其各自的优势和缺陷。其次,在对一体化网络体系进行深入分析的基础上,本文给出了一体化网络对于其关键网络设备——接入交换路由器协议栈的功能需求,并针对性地提出了模块化的接入标识与交换路由标识分离映射协议栈的设计方案,以及数据包的处理流程算法。第三,本文对给出的设计方案进行了编程实现。在此实现方案中,主要有以下特点:1)采用Linux开源内核协议栈,以动态加载的内核模块形式实现了接入标识与路由标识分离映射的功能;2)采用双关键字哈希链表的数据结构存储分离映射的标识映射数据,保证了数据包转发的处理速度;3)并且采用了请求等待队列缓存在解析标识映射期间的数据包,减少了数据包的丢失;4)协议栈使用Netlink套接口实现了外部交互接口,便于与其它服务进程的交互协同。
通过在实验平台上部署软件,实际测试了接入标识与路由标识分离映射协议栈的功能和性能。测试表明,该协议栈基本满足了一体化网络分离映射方案的各项功能需求,数据包的转发时延与普通Linux内核协议栈IP层数据包转发时延相当,达到了25微秒左右的数量级,并且在增加大量标识映射条目的情况下没有明显的时延增加。
本方案的成功实现为一体化网络的测试和分析提供了一个实验平台,为后续工作的进行奠定了良好基础。
With the explosive growth of Internet, the separation of identifier and locator becomes a hot research topic in recent years. There are many benefits of the separation of identifier and locator, such as the scalability of routing system, the mobility support, and the security.
The work in this paper relies on the project of Universal trustworthy Network and pervasive Services, which is in National Basic Research Program (973 Program). Universal Network is a new type of network architecture, which separates the identifiers and locators of the traditional IP address by introducing the Access Identifier (AID), Switch Route Identifier (SRID), and the separation-and-mapping of AID and SRID. The Access Switch Router is an important device in Universal Network, which helps the research and test on Universal Network.
This paper mainly addresses the problem that how to design and implement the separation-and-mapping of AID and SRID in the Access Switch Router of Universal Network. Firstly, we briefly introduce some typical solutions for the separation of identifier and locator, analyze their advantages and disadvantages, and make a brief comparison. Secondly, we introduce the architecture of Universal Network, analyze the function requirements on Access Switch Router's protocol stack, and propose the packet processing algorithm of separation-and-mapping of AID and SRID as well as the implementation of the protocol stack. Thirdly, we implement the separation-and-mapping of AID and SRID in Linux. The traits of the implementation are shown as follows: 1) it uses the Linux kernel protocol stack to implement the separation and mapping of AID and SRID, which can be dynamically installed in the form of kernel module; 2) it introduces a two-key hash table to store the mapping of AID and SRID, and to guarantee the speed of packet forwarding; 3) it introduces a pending queue to reduce the packet loss during the parsing of AID and SRID; 4) it adopts the Netlink socket to offer an interface to outer program, in which the protocol stack can be configured.
We test and analyze the program in our prototype. The experiment results show that the protocol stack meets the demand of the Universal Network, and the packet forwarding delay in our protocol stack is on the same level with it in Linux IP stack, which is about 25us. Furthermore, the packet forwarding delay increases slowly when the number of mapping of AID and SRID increases.
This work provides an experiment platform for testing and analyzing the separating and mapping of AID and SRID in Universal Network. And it builds a good foundation for the following researches in Universal Network.
引文
[1]E.C.Douglas著,林遥等译,用TCP/IP进行网际互联(第一卷),第四版,北京,电子工业出版社,2001.
[2]W.Richard Stevens著,范建华等译,TCP/IP详解,第一版,北京,机械工业出版社,1999.
[3]C.Perkins,IP Mobility Support for IPv4,RFC 3344,IETF,Aug.2002.
[4]D.B.Johnson,C.Perkins and J.Arkko,Mobility Support in IPv6,RFC 3775,IETF,Aug.2004.
[5]T.Ernst,Goals and Benefits of Multihoming,Internet draft,draft-ernst-generic-goals-andbenefits-02,IETF,Oct.2005.
[6]D.Meyer,Report from the IAB Workshop on Routing and Addressing,Internet draft,draft-iab-raws-report-02,IETF,Apr.2007.
[7]M.Handley,Why the Internet only just works,BT Technology Journal,Volume 24,Number3,Jul.2006.
[8]NewArch project:future-generation Intemet architecture[EB/OL],http://www.isi.edu/newarch.
[9]GENI:Global Environment for Network Innovations[EB/OL],http://www.geni.net.
[10]L Peterson(Ed).GENI Design Principles[EB/OL],http://www.geni.net/documents.php.
[11]FIND:Future Internet Network Design[EB/OL],http://find.isi.edu.
[12]赵慧玲,单秀云,新一代网络体系结构及相关问题的研究,电信科学,2003年19卷3期24-27页.
[13]赵慧玲,徐向辉,NGN的研究进展,电信科学,2004年第20卷1期30-35页.
[14]张宏科,苏伟,新网络体系基础研究——体化网络与普适服务,电子学报,2007年35卷4期593-598页.
[15]董平,秦雅娟,张宏科,支持普适服务的一体化网络研究,电子学报,2007年35卷4期599-606页.
[16]杨冬,周华春,张宏科,基于一体化网络的普适服务研究,电子学报,2007年35卷4期607-613页.
[17]R.Moskowitz,Host Identity Protocol(HIP)Architecture,RFC 4423,IETF,May.2006.
[18]D.Farinacci,V.Fuller and D.Oran,Locator/ID Separation Protocol(LISP),Internet draft,draft-farinacci-lisp-03,IETF,Aug.2007.
[19]祁玉生,邵世祥,现代移动通信系统,第一版,北京,人民邮电出版社,1999.
[20]M Ishiyama,M Kunishi,F Teraoka,An Analysis of Mobility Handling in LIN6,International Symposium on Wireless Personal Multimedia Communication,Aug.2001.
[21]D.Farinacci,Locator/ID Separation Protocol(LISP),Internet draft,draft-farinacci-lisp-06,IETF,Feb.2008.
[22]G Huston,Architectural Commentary on Site Multi-homing using a Level 3 Shim,Internet draft,draft-ietf-shim6-arch-00,IETF,Jul.2005.
[23]C.Vogt,Six/One:A Solution for Routing and Addressing in IPv6,Internet draft, draft-vogt-rrg-six-one-01,IETF,Nov.2007
[24]K.Imai,M.Yabusaki,and T.Ihara,IP2 Architecture towards Mobile Net and Internet Convergence,WTC2003,Sept.2002.
[25]M.O'Dell,GSE-An Alternate Addressing Architecture for IPv6,Inernet draft,draft-ietf-ipngwg-gseaddr-00,IETF,Feb,1997.
[26]R.Whittle,Ivip Mapping Database Fast Push,Internet draft,draft-whittle-ivip-db-fast-push-00,IETF,Feb.2008.
[27]B.Zhang,D.Massey,D.Pei,L.Wang,L.Zhang,R.Oliveira,and V.Kambhampati,A Secure and Scalable Internet Routing Architecture(SIRA),Technical Report TR06-01,University of Arizona,Apr.2006.
[28]L.Robert著,陈莉君等译,Linux内核设计与实现,第二版,北京,机械工业出版社,2006.
[29]J.Salim,Linux Netlink as an IP Services Protocol,RFC 3549,IETF,Jul.2003
[30]H.C.Thomas,E.Charles,Introduction to Algorithms,Second Edition,Cambridge,Massachusetts London,England,The MIT Press,2001
[2]W.Richard Stevens著,范建华等译,TCP/IP详解,第一版,北京,机械工业出版社,1999.
[3]C.Perkins,IP Mobility Support for IPv4,RFC 3344,IETF,Aug.2002.
[4]D.B.Johnson,C.Perkins and J.Arkko,Mobility Support in IPv6,RFC 3775,IETF,Aug.2004.
[5]T.Ernst,Goals and Benefits of Multihoming,Internet draft,draft-ernst-generic-goals-andbenefits-02,IETF,Oct.2005.
[6]D.Meyer,Report from the IAB Workshop on Routing and Addressing,Internet draft,draft-iab-raws-report-02,IETF,Apr.2007.
[7]M.Handley,Why the Internet only just works,BT Technology Journal,Volume 24,Number3,Jul.2006.
[8]NewArch project:future-generation Intemet architecture[EB/OL],http://www.isi.edu/newarch.
[9]GENI:Global Environment for Network Innovations[EB/OL],http://www.geni.net.
[10]L Peterson(Ed).GENI Design Principles[EB/OL],http://www.geni.net/documents.php.
[11]FIND:Future Internet Network Design[EB/OL],http://find.isi.edu.
[12]赵慧玲,单秀云,新一代网络体系结构及相关问题的研究,电信科学,2003年19卷3期24-27页.
[13]赵慧玲,徐向辉,NGN的研究进展,电信科学,2004年第20卷1期30-35页.
[14]张宏科,苏伟,新网络体系基础研究——体化网络与普适服务,电子学报,2007年35卷4期593-598页.
[15]董平,秦雅娟,张宏科,支持普适服务的一体化网络研究,电子学报,2007年35卷4期599-606页.
[16]杨冬,周华春,张宏科,基于一体化网络的普适服务研究,电子学报,2007年35卷4期607-613页.
[17]R.Moskowitz,Host Identity Protocol(HIP)Architecture,RFC 4423,IETF,May.2006.
[18]D.Farinacci,V.Fuller and D.Oran,Locator/ID Separation Protocol(LISP),Internet draft,draft-farinacci-lisp-03,IETF,Aug.2007.
[19]祁玉生,邵世祥,现代移动通信系统,第一版,北京,人民邮电出版社,1999.
[20]M Ishiyama,M Kunishi,F Teraoka,An Analysis of Mobility Handling in LIN6,International Symposium on Wireless Personal Multimedia Communication,Aug.2001.
[21]D.Farinacci,Locator/ID Separation Protocol(LISP),Internet draft,draft-farinacci-lisp-06,IETF,Feb.2008.
[22]G Huston,Architectural Commentary on Site Multi-homing using a Level 3 Shim,Internet draft,draft-ietf-shim6-arch-00,IETF,Jul.2005.
[23]C.Vogt,Six/One:A Solution for Routing and Addressing in IPv6,Internet draft, draft-vogt-rrg-six-one-01,IETF,Nov.2007
[24]K.Imai,M.Yabusaki,and T.Ihara,IP2 Architecture towards Mobile Net and Internet Convergence,WTC2003,Sept.2002.
[25]M.O'Dell,GSE-An Alternate Addressing Architecture for IPv6,Inernet draft,draft-ietf-ipngwg-gseaddr-00,IETF,Feb,1997.
[26]R.Whittle,Ivip Mapping Database Fast Push,Internet draft,draft-whittle-ivip-db-fast-push-00,IETF,Feb.2008.
[27]B.Zhang,D.Massey,D.Pei,L.Wang,L.Zhang,R.Oliveira,and V.Kambhampati,A Secure and Scalable Internet Routing Architecture(SIRA),Technical Report TR06-01,University of Arizona,Apr.2006.
[28]L.Robert著,陈莉君等译,Linux内核设计与实现,第二版,北京,机械工业出版社,2006.
[29]J.Salim,Linux Netlink as an IP Services Protocol,RFC 3549,IETF,Jul.2003
[30]H.C.Thomas,E.Charles,Introduction to Algorithms,Second Edition,Cambridge,Massachusetts London,England,The MIT Press,2001