標題: 吳裕國
作者: 吳裕國
謝續平
資訊科學與工程研究所
關鍵字: IP security;IPSec;cluster;load balancing;gateway;anti replay window;vpn
公開日期: 2000
摘要: 在高速網路裡, IPSec閘道的處理速度是整體速度的關鍵所在. 為了加速IPSec閘道的效能與可靠度, 新型的叢集式IPSec閘道被提出來. 然而, 叢集式的設計卻會因IPSec協定裡的防封包重送機制而引發出IPSec封包次序混亂的問題. 在本篇論文裡, 我們提出一種可以降低IPSec封包次序混亂問題的負載平衡方式. 此外, 我們也提出一種可以降低以封包式為基礎之分散負載方法所導致的TCP封包混亂問題. 我們所提出的方法,可以改善以那些以封包作分散負載基礎之負載平衡機制所導致的IPSec封包次序混亂問題. 而這種以封包作為分散負載基礎之機制比一般使用之以連線為分散負載基礎之機制更加能發揮系統的效能.
In high-speed networks, the processing speed of an IPSec gateway is critical to the overall throughput. To accelerate the processing speed and improves the reliability, clustering technology was inherently applied to the design of a modern IPSec gateway. However, due to the anti-replay window mechanism in IPSec protocol, IPSec packet out-of-order issue becomes more obvious with the introduction of the clustered architecture. In this paper, we present a load-balancing scheme over clustered IPSec gateway that alleviates IPSec packet out-of-order issue resulting from the IPSec anti-replay window. We also present a companion algorithm to further reduce TCP segment out-of-order issue caused by packet-based traffic dispatching. The proposed scheme alleviates IPSec packet out-of-order issue by using packet-based traffic dispatching algorithm, which results in a better throughput than session-based algorithms commonly seen in the current designs.
URI: http://140.113.39.130/cdrfb3/record/nctu/#NT890392062
http://hdl.handle.net/11536/66852
顯示於類別:畢業論文