利用NetFilter框架实现IPv6流量控制
|
摘要
由于lPv4的局限性及IPv6呈现的巨大优势,1Pv6已被认为是下一代互联网络协议核心标准之一,各主要国家都在积极推进下一代互联网建设。我国于2008年8月,正式启动了CNGI二期的工程,重点解决推动下一代互联网商用化时遇到的一些“产业性”问题,计划在2010年底发展至少50万的试商用用户。此外,国务院在2009年2月还在“振兴计划”中特别强调关于下一代互联网应用的部分。根据规划,我国将发展100个大型门户网站和政府网站,100所高校支持IPv6。所以,IPv6流量将会不断增长,并在将来一段时间内与IPv4长期共存。
鉴于目前流控产品主要针对IPv4,缺乏对使用过渡技术的IPv6流量有效控制的现状,分析了Linux下Nerfileter框架的基本原理,结合IPv6协议的实现及Linux下HTB队列实现机制,讨论了在Linux环境下基于NetFilter框架和HTB队列,实现的IPv6的流量控制模块。在实验环境下测试该模块,当仅区分控制Teredo、6to4、ISAPTP及纯IPv6流量时,有理想的控制效果,并为进一步实现控制各种IPv4到IPv6的过渡协议下更为细致的流量控制打下了基础。
As designed to meet the requirements for quantity and quality of future network infrastructure。IPv6 protocol solves the problems faced by current IPv4 protocol,has been considered the key of Next Generation Network。Every major countries are actively promoting the next generation Internet development。China in August 2008,officially launched the second phase of the project CNGI,focusing on solving the next generation of Internet business encountered of the "industry" problem,the development plan by the end of 2010 at least 500,000 commercial trial users。In addition,the State Council in February 2009 was still "Revitalization Program" with particular emphasis on the part of the next generation of Internet applications。According to the plan,China will develop 100 major portals and government websites,100 colleges and universities to support IPv6。Therefore,IPv6 traffic will continue to grow,and some time in the future long-term coexistence with IPv4。
In view of traffic control products are mainly for IPv4 protocol,IPv6 traffic which using IPv4/IPv6 transition mechanisms is on the lack of effective control。analyzing the mechanism and the expansion of Linux NetFilter framwork,combined with Linux IPv6 protocol implementation and the realization of HTB queue,based on Linux NetFilter Framework and HTB queue discussed to achieve the IPv6 flow control module。In the experimental environment to test the module,when the only distinction between network flow of Teredo,6to4,ISAPTP and IPv6 traffic,there is an ideal control effect,and further to achieve control of a variety of IPv4 to IPv6 transition agreement to lay a more detailed flow control the foundation。
鉴于目前流控产品主要针对IPv4,缺乏对使用过渡技术的IPv6流量有效控制的现状,分析了Linux下Nerfileter框架的基本原理,结合IPv6协议的实现及Linux下HTB队列实现机制,讨论了在Linux环境下基于NetFilter框架和HTB队列,实现的IPv6的流量控制模块。在实验环境下测试该模块,当仅区分控制Teredo、6to4、ISAPTP及纯IPv6流量时,有理想的控制效果,并为进一步实现控制各种IPv4到IPv6的过渡协议下更为细致的流量控制打下了基础。
As designed to meet the requirements for quantity and quality of future network infrastructure。IPv6 protocol solves the problems faced by current IPv4 protocol,has been considered the key of Next Generation Network。Every major countries are actively promoting the next generation Internet development。China in August 2008,officially launched the second phase of the project CNGI,focusing on solving the next generation of Internet business encountered of the "industry" problem,the development plan by the end of 2010 at least 500,000 commercial trial users。In addition,the State Council in February 2009 was still "Revitalization Program" with particular emphasis on the part of the next generation of Internet applications。According to the plan,China will develop 100 major portals and government websites,100 colleges and universities to support IPv6。Therefore,IPv6 traffic will continue to grow,and some time in the future long-term coexistence with IPv4。
In view of traffic control products are mainly for IPv4 protocol,IPv6 traffic which using IPv4/IPv6 transition mechanisms is on the lack of effective control。analyzing the mechanism and the expansion of Linux NetFilter framwork,combined with Linux IPv6 protocol implementation and the realization of HTB queue,based on Linux NetFilter Framework and HTB queue discussed to achieve the IPv6 flow control module。In the experimental environment to test the module,when the only distinction between network flow of Teredo,6to4,ISAPTP and IPv6 traffic,there is an ideal control effect,and further to achieve control of a variety of IPv4 to IPv6 transition agreement to lay a more detailed flow control the foundation。
引文
[1] Dimitrios Stiliadis,Anujan Varma。Latency-Rate Servers:A General Model for Analysis of TrafficS cheduling Algorithms。IEEE/ACM TRANSACTIONS ON NETWORKING,VOL。6,NO。5,OC TOBER 1998
[2] Toward a systemic understanding of the Internet organism:a framework for the creation of a NetWork Analysis 1nfiastruCture,http://moat。nlanr。net/NAI/,1998。
[3] Shrikrishna Karandikar,S hivkumar kalyanaraman,Prasad Bagal,Bob Packer。TCP Rate Control。ACM 1999
[4] JiLi,Haiyang Liu,Karen Sollins。Scalable Packet Classificaiton Using Bit Vector Aggregating and Folding。IEEE/ACM TRANSACTIONS ON NETWORKING,2000
[5] Andrew Adams,Jamshid Mahdavi,Matthew Mathis,Vern Paxson。Creating a Scalable Architecture for lnternet Measurement。http://www。psc。edu/ networking/paper/nimi。html,2001。
[6] SEMERIAC。Supporting Diferenitated Service Classes:Queue Scheduing Disciplines [EB/OL]。http://wwwjuniper。ne/tsolutionslliterature/ white_papers/ 200020。pdf,2001
[7] Rusty Russell。Linux 2。4 packet filtering HOWTO[EB/OL]。http://www。NetFilter。org/ documention/HOWTO/en/packet-filtering-HOWTO。html,2002。
[8] Rusty Russell。Linux 2。4 packet filtering HOWTO[EB/OL]。http://www。NetFilter。org/ documention/HOWTO/en/packet-filtering-HOWTO。html,2002。
[9] Huan-YunWei,Ying-DarLin,A Surveyand Measurement-Based Comparison of Bandwidth management Techniques。IEEE Communications Surveys& Tutorials,Fourth Quarter 2003
[10] IPv6 on Linux。A Tutorial Approach。Linux User&Developer。2003
[11] Devera M.Hierarchical Token Bucket Theory[EB/OL].http://luxik cdi cz/~devik/qos/htb,2003
[12] Huan-YunWei,Shih-ChiangTsao,Yng-DarLin。Assessing and Improving TCP Rate Shaping over Edge Gateways。IEEET RANSACTIONSON COMPUTERS,VOL。53,NO。3,MARCH2004
[13] Tatipamula M,Grossete P,Esaki H。IPv6 Integration and coexistence strategies for next-generation networks[J]。IEEE Communications Magazine,2004,(1):86-96
[14] FlorinB aboescua ndG eorge Varghese。Sc alableP acket Classificaiton。IE EE/ACM TRAN SACTIONS ON NETWORKING。VOL。3,NO。1,FEBRUARY 2005
[15] Ivancic D,Hadjina N,Baseh n Analysis of precision of the HTB packet scheduler[C]//Electrornagnetics and Communications,2005.ICECom 2005.18th International Conference 2005:l-4
[16] IP Performance Metrics Working Group(IPPM),http://www。ietf。org/btml。charters/iPPm-charter。html,2006。
[17] Peter Bieringer Linux IPv6 HOWTO http://mirrors。bieringer。de/Linux+IPv6-HOWTO。2006
[18] Bull J。Linux Advanced Routing & Traffic Control。http://lartc。org。2005-08-21
[19] CAIDA Measerement and Analysis Tools,http://www。caida。org/tools/ measurement/,2006。
[20] The PingER Project,http://www-iepm。slac。stanford。edu/pinger/,2006。
[21] Wand Network Research Group,http://wand。cs。waikato。ac。nz/,2007。
[22] RRDtool,htttp://oss。oetiker。ch/rrdtool/doc/rrdtool。en。html,2007。
[23] GD Library,httP://www。libgd。org,2007。
[24] NAT Linux Implementation,http://www。IPv6。or。kr/english/download。htm
[25] Richard Stevens,Unix网络编程第1卷(第2版),清华大学出版社,2001。
[26]崔滔,陈自力,命令行接口管理系统的研究与实现,计算机应用,2002。
[27] [美]Peter Ldshin,IPv6详解,北京:机械工业出版社,2003
[28] [美]Joseph Davies,理解IPv6 Understanding IPv6,北京:清华大学出版社,2004
[29] [瑞士]Silvis Hagcn,IPv6精髓,北京:清华大学出版社,2004
[30]喻中超,徐格,昊建平,一种适用于多维的快速IP分类算法,软件学报,2005,Vo l12 1801 -1809
[31]沈鑫刻,等,多媒体传输网络与VOID系统设计,人民邮电出版社,2005年
[32] Joseph Davies著,张晓彤,等译,理解IPV6,清华大学出版社,2006。1
[33]王一平,韦卫。网络安全框架NetFilter在Linux中的实现[J]。计算机工程与设计,2006。2,27(3): 439-468。
[34]王帅,刘雷,柴乔林。应用NetFilter框架基于NAT-PT的IPv4/IPv6转换网关的实现[J]。计算机工程与设计,2006,3213): 147-149。
[35] Robert Love。Linux内核设计与实现[M].北京:机械工业出版社,2006
[36] Stevens W R,Rago S A UNIX环境高级编程[M].北京:人民邮电出版社,2006
[37]徐昌彪,鲜永菊,计算机网络中的拥塞控至于流量控制,人们邮电出版社,2007。10
[38]谢进忠,谢进益编,Linux Kernel Module及TCP/IP程序设计,人民邮电出版社,2007
[39]倪继利,Linux安全体系分析与编程,电子工业出版社,2007,
[40] [美]Peter Ldshin,IPv6详解,北京:机械工业出版社,2003
[41] Rusty Russell and Harald Welte,Linux NetFilter Hacking HOWTO http://NetFilter。org /documentation/HOWTO/NetFilter-hacking-HOWTO。html。2002
[42]王一平,韦卫。网络安全框架NetFilter在Linux中的实现[J]。计算机工程与设计,2006。2,27(3): 439-468。
[43]王帅,刘雷,柴乔林。应用NetFilter框架基于NAT-PT的IPv4/IPv6转换网关的实现[J]。计算机工程与设计,2006,3213): 147-149。
[44] Peter Bieringer Linux IPv6 HOWTO http://mirrors。bieringer。de/Linux+IPv6-HOWTO。2006
[45] Bull J。Linux Advanced Routing & Traffic Control。http://lartc。org。2005-08-21
[46] Robert Love。Linux内核设计与实现[M].北京:机械工业出版社,2006
[47] Stevens W R,Rago S A UNIX环境高级编程[M].北京:人民邮电出版社,2006
[2] Toward a systemic understanding of the Internet organism:a framework for the creation of a NetWork Analysis 1nfiastruCture,http://moat。nlanr。net/NAI/,1998。
[3] Shrikrishna Karandikar,S hivkumar kalyanaraman,Prasad Bagal,Bob Packer。TCP Rate Control。ACM 1999
[4] JiLi,Haiyang Liu,Karen Sollins。Scalable Packet Classificaiton Using Bit Vector Aggregating and Folding。IEEE/ACM TRANSACTIONS ON NETWORKING,2000
[5] Andrew Adams,Jamshid Mahdavi,Matthew Mathis,Vern Paxson。Creating a Scalable Architecture for lnternet Measurement。http://www。psc。edu/ networking/paper/nimi。html,2001。
[6] SEMERIAC。Supporting Diferenitated Service Classes:Queue Scheduing Disciplines [EB/OL]。http://wwwjuniper。ne/tsolutionslliterature/ white_papers/ 200020。pdf,2001
[7] Rusty Russell。Linux 2。4 packet filtering HOWTO[EB/OL]。http://www。NetFilter。org/ documention/HOWTO/en/packet-filtering-HOWTO。html,2002。
[8] Rusty Russell。Linux 2。4 packet filtering HOWTO[EB/OL]。http://www。NetFilter。org/ documention/HOWTO/en/packet-filtering-HOWTO。html,2002。
[9] Huan-YunWei,Ying-DarLin,A Surveyand Measurement-Based Comparison of Bandwidth management Techniques。IEEE Communications Surveys& Tutorials,Fourth Quarter 2003
[10] IPv6 on Linux。A Tutorial Approach。Linux User&Developer。2003
[11] Devera M.Hierarchical Token Bucket Theory[EB/OL].http://luxik cdi cz/~devik/qos/htb,2003
[12] Huan-YunWei,Shih-ChiangTsao,Yng-DarLin。Assessing and Improving TCP Rate Shaping over Edge Gateways。IEEET RANSACTIONSON COMPUTERS,VOL。53,NO。3,MARCH2004
[13] Tatipamula M,Grossete P,Esaki H。IPv6 Integration and coexistence strategies for next-generation networks[J]。IEEE Communications Magazine,2004,(1):86-96
[14] FlorinB aboescua ndG eorge Varghese。Sc alableP acket Classificaiton。IE EE/ACM TRAN SACTIONS ON NETWORKING。VOL。3,NO。1,FEBRUARY 2005
[15] Ivancic D,Hadjina N,Baseh n Analysis of precision of the HTB packet scheduler[C]//Electrornagnetics and Communications,2005.ICECom 2005.18th International Conference 2005:l-4
[16] IP Performance Metrics Working Group(IPPM),http://www。ietf。org/btml。charters/iPPm-charter。html,2006。
[17] Peter Bieringer Linux IPv6 HOWTO http://mirrors。bieringer。de/Linux+IPv6-HOWTO。2006
[18] Bull J。Linux Advanced Routing & Traffic Control。http://lartc。org。2005-08-21
[19] CAIDA Measerement and Analysis Tools,http://www。caida。org/tools/ measurement/,2006。
[20] The PingER Project,http://www-iepm。slac。stanford。edu/pinger/,2006。
[21] Wand Network Research Group,http://wand。cs。waikato。ac。nz/,2007。
[22] RRDtool,htttp://oss。oetiker。ch/rrdtool/doc/rrdtool。en。html,2007。
[23] GD Library,httP://www。libgd。org,2007。
[24] NAT Linux Implementation,http://www。IPv6。or。kr/english/download。htm
[25] Richard Stevens,Unix网络编程第1卷(第2版),清华大学出版社,2001。
[26]崔滔,陈自力,命令行接口管理系统的研究与实现,计算机应用,2002。
[27] [美]Peter Ldshin,IPv6详解,北京:机械工业出版社,2003
[28] [美]Joseph Davies,理解IPv6 Understanding IPv6,北京:清华大学出版社,2004
[29] [瑞士]Silvis Hagcn,IPv6精髓,北京:清华大学出版社,2004
[30]喻中超,徐格,昊建平,一种适用于多维的快速IP分类算法,软件学报,2005,Vo l12 1801 -1809
[31]沈鑫刻,等,多媒体传输网络与VOID系统设计,人民邮电出版社,2005年
[32] Joseph Davies著,张晓彤,等译,理解IPV6,清华大学出版社,2006。1
[33]王一平,韦卫。网络安全框架NetFilter在Linux中的实现[J]。计算机工程与设计,2006。2,27(3): 439-468。
[34]王帅,刘雷,柴乔林。应用NetFilter框架基于NAT-PT的IPv4/IPv6转换网关的实现[J]。计算机工程与设计,2006,3213): 147-149。
[35] Robert Love。Linux内核设计与实现[M].北京:机械工业出版社,2006
[36] Stevens W R,Rago S A UNIX环境高级编程[M].北京:人民邮电出版社,2006
[37]徐昌彪,鲜永菊,计算机网络中的拥塞控至于流量控制,人们邮电出版社,2007。10
[38]谢进忠,谢进益编,Linux Kernel Module及TCP/IP程序设计,人民邮电出版社,2007
[39]倪继利,Linux安全体系分析与编程,电子工业出版社,2007,
[40] [美]Peter Ldshin,IPv6详解,北京:机械工业出版社,2003
[41] Rusty Russell and Harald Welte,Linux NetFilter Hacking HOWTO http://NetFilter。org /documentation/HOWTO/NetFilter-hacking-HOWTO。html。2002
[42]王一平,韦卫。网络安全框架NetFilter在Linux中的实现[J]。计算机工程与设计,2006。2,27(3): 439-468。
[43]王帅,刘雷,柴乔林。应用NetFilter框架基于NAT-PT的IPv4/IPv6转换网关的实现[J]。计算机工程与设计,2006,3213): 147-149。
[44] Peter Bieringer Linux IPv6 HOWTO http://mirrors。bieringer。de/Linux+IPv6-HOWTO。2006
[45] Bull J。Linux Advanced Routing & Traffic Control。http://lartc。org。2005-08-21
[46] Robert Love。Linux内核设计与实现[M].北京:机械工业出版社,2006
[47] Stevens W R,Rago S A UNIX环境高级编程[M].北京:人民邮电出版社,2006