标题: 吴裕国
作者: 吴裕国
谢续平
资讯科学与工程研究所
关键字: IP security;IPSec;cluster;load balancing;gateway;anti replay window;vpn
公开日期: 2000
摘要: 在高速网路里, IPSec闸道的处理速度是整体速度的关键所在. 为了加速IPSec闸道的效能与可靠度, 新型的丛集式IPSec闸道被提出来. 然而, 丛集式的设计却会因IPSec协定里的防封包重送机制而引发出IPSec封包次序混乱的问题. 在本篇论文里, 我们提出一种可以降低IPSec封包次序混乱问题的负载平衡方式. 此外, 我们也提出一种可以降低以封包式为基础之分散负载方法所导致的TCP封包混乱问题. 我们所提出的方法,可以改善以那些以封包作分散负载基础之负载平衡机制所导致的IPSec封包次序混乱问题. 而这种以封包作为分散负载基础之机制比一般使用之以连线为分散负载基础之机制更加能发挥系统的效能.
In high-speed networks, the processing speed of an IPSec gateway is critical to the overall throughput. To accelerate the processing speed and improves the reliability, clustering technology was inherently applied to the design of a modern IPSec gateway. However, due to the anti-replay window mechanism in IPSec protocol, IPSec packet out-of-order issue becomes more obvious with the introduction of the clustered architecture. In this paper, we present a load-balancing scheme over clustered IPSec gateway that alleviates IPSec packet out-of-order issue resulting from the IPSec anti-replay window. We also present a companion algorithm to further reduce TCP segment out-of-order issue caused by packet-based traffic dispatching. The proposed scheme alleviates IPSec packet out-of-order issue by using packet-based traffic dispatching algorithm, which results in a better throughput than session-based algorithms commonly seen in the current designs.
URI: http://140.113.39.130/cdrfb3/record/nctu/#NT890392062
http://hdl.handle.net/11536/66852
显示于类别:Thesis