高速网络流采集系统的设计与实现

doi:10.11772/j.issn.1001-9081.2014.11.3201

计算机应用 ›› 2014, Vol. 34 ›› Issue (11): 3201-3205.DOI: 10.11772/j.issn.1001-9081.2014.11.3201

高速网络流采集系统的设计与实现

姜腊林¹,杨嘉佳¹,姜磊²,唐球²

1. 长沙理工大学计算机与通信工程学院,长沙 410114
2. 中国科学院计算技术研究所,北京 100190;

收稿日期:2014-04-30 修回日期:2014-06-16 出版日期:2014-11-01 发布日期:2014-12-01
通讯作者: 杨嘉佳
作者简介:姜腊林(1964-),女,湖南岳阳人,副教授,主要研究方向:计算机网络;杨嘉佳(1988-),男,广西南宁人,硕士研究生,主要研究方向:信息安全、模式匹配;姜磊(1984-),男,山东烟台人,博士研究生,主要研究方向:网络安全、模式匹配;唐球(1985-),男,湖南怀化人,博士研究生,主要研究方向:信息安全、模式匹配。
基金资助:
国家863计划项目;中国科学院战略性先导科技专项基金资助项目

Design and implementation of high-speed network traffic capture system

JIANG Lalin¹,YANG Jiajia¹,JIANG Lei²,TANG Qiu²

1. College of Computer and Communication Engineering, Changsha University of Science and Technology, Changsha Hunan 410114, China;
2. Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China;

Received:2014-04-30 Revised:2014-06-16 Online:2014-11-01 Published:2014-12-01
Contact: YANG Jiajia

摘要/Abstract

摘要：

针对基于软件的网络流采集系统不能高效处理高速网络流量,以及为了提高采集效率需要同时对多种网络流进行采集的问题,提出一种基于软硬件结合的高速网络流采集框架,探讨在NetFPGA-10G平台实现高速网络流采集系统,称之为HSNTCS。该系统在硬件上通过精确串匹配引擎或正则表达式匹配引擎过滤、分类出所需的多种网络流后,将其传至内核驱动层对应的数据缓冲区,然后直接拷贝至用户空间并存储至对应的数据库。经实验测试,在精确串匹配情况下,用硬件方式实现的高速网络流采集系统的用户数据报协议(UDP)、传输控制协议(TCP)吞吐率都达到1.2Gb/s,约是用软件方式实现的3倍；在正则表达式匹配情况下,用硬件方式实现的高速网络流采集系统的UDP、TCP吞吐率都达到640Mb/s,约是用软件方式实现的3倍。结果表明,相对于软件实现方式,硬件实现具有更高的采集性能。

Abstract:

Since high-speed network traffic can not be effectively coped with the network traffic capture system implemented by software, and the multiple network flow need to be collected simultaneously to improve the capturing efficiency, an high-speed network flow capture framework in combination of hardware and software was presented, and the implementation of network traffic capture system based on NetFPGA-10G, called HSNTCS, was discussed. A variety of network flow in hardware was filtered and classified by the exact string matching engine and the regular expression matching engine of this system. After being transmitted to the corresponding data buffer at the driver layer, the network flow was directly copied to the corresponding database in user space. The experiments show that the throughput of UDP (User Datagram Protocol）and TCP (Transmission Control Protocol）in the high-speed network traffic capture system implemented by the hardware under the condition of exact string matching achieved 1.2Gb/s, which is about 3 times of that implemented by the software; and the throughput of UDP and TCP in the system implemented by the hardware under the condition of regular expression matching achieved 640Mb/s, which is about 3 times of that implemented by the software. The results demonstrate that the capture performance by the method of hardware is better than the method of software.

中图分类号:

TP303

姜腊林杨嘉佳姜磊唐球. 高速网络流采集系统的设计与实现[J]. 计算机应用, 2014, 34(11): 3201-3205.

JIANG Lalin YANG Jiajia JIANG Lei TANG Qiu. Design and implementation of high-speed network traffic capture system[J]. Journal of Computer Applications, 2014, 34(11): 3201-3205.

参考文献

[1]LIN Q, YANG B. Network traffic collector based on the NetFPGA [J]. Journal of Jinan University: Science and Technology, 2011,25(1):6-10.(林金,杨波.基于NetFPGA的网络流量采集器[J].济南大学学报:自然科学版,2011,25(1):6-10.)

[2]LYU X. Method and application of data mining [M]. Beijing: Press of Renmin University of China, 2009:11-45.(吕晓玲.数据挖掘方法与应用[M].北京:中国人民大学出版社,2009:11-45.)

[3]LIN D. Research and application of data mining technology used in the analysis of user behavior [D]. Beijing: Beijing University of Posts and Telecommunications, 2009.(李大伟.数据挖掘在用户行为分析中的研究与应用[D].北京:北京邮电大学,2009.)

[4]ZHAO X, LIU X, SHAO Z, et al. Design and implementation of TOE network interface card based on FPGA [J]. Computer Engineering, 2011,37(3):241-244.(赵喜全,刘兴奎,邵宗有,等.基于FPGA的TOE网卡设计与实现[J].计算机工程,2011,37(3):241-244.)

[5]ZHANG F, ZHAO G, SU J. The design of high-speed data acquisition system based on IP core [J]. Microcomputer Information, 2007,23(10):159-161.(张帆,赵光恒,苏建. 基于IP核的高速数据采集存储系统设计[J].微计算机信息,2007,23(10):159-161.)

[6]PAN Y. Design of a high-speed data acquisition card based on PCI express bus [D]. Taiyuan: North University of China, 2011.(潘玉霞. 基于PCI Express总线高速数据采集卡的设计[D].太原:中北大学,2011.)

[7]LI B. Network traffic classification [D]. Chengdu: University of Electronic Science and Technology of China, 2011.(李彬.基于NetFPGA的网络流量分类[D]. 成都:电子科技大学,2011.)

[8]DENG K. Implementation of regular expression compiler based on Verilog [J]. Computer Systems and Applications, 2012,21(4):54-57.(邓凯元.基于Verilog的正则表达式编译器的实现[J].计算机系统应用,2012,21(4):54-57.)

[9]BLOTT M, ELLITHORPE J, McKEOWN N, et al. FPGA research design platform fuels network advances [J]. XCell Journal, 2010,11(4):24-29.

[10]LIU X, CHEN S, LU Y, et al. Application of zero-copy technology to network analysis system [J]. Computer Systems and Applications, 2012,21(4):169-173.(刘小威,陈蜀宇,卢尧,等.零拷贝技术在网络分析工具中的应用[J].计算机系统应用,2012,21(4):169-173.)

[11]WANG Z, GU J. An improved automatic compression algorithm in the application of the deep packet inspection [J]. Information Network Security, 2010(10):76-78.(王志佳,顾健.一种改进的自动机压缩算法在深度包检测中的应用[J].信息网络安全,2010(10):76-78.)

[12]MESSMER P, BODENNER R. Accelerating scientific applications using FPGAs [J]. XCell Journal, 2006,10(1):33-57.

高速网络流采集系统的设计与实现

Design and implementation of high-speed network traffic capture system

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 9

编辑推荐

Metrics

[1]	蒋林, 施佳琪, 李远成. 可重构结构下合成视点失真变化算法并行设计与实现[J]. 计算机应用, 2021, 41(6): 1734-1740.
[2]	王永, 胥冬川, 农兰晶. 震后过渡阶段应急物流系统的定位运输路线安排问题研究[J]. 计算机应用, 2015, 35(1): 243-246.
[3]	姚信安胡世平宋飞. 高性能计算机总线变换器输出阻抗优化设计[J]. 计算机应用, 2012, 32(06): 1774-1777.
[4]	姚信安宋飞胡世平. 高性能计算机系统电源设计[J]. 计算机应用, 2012, 32(04): 1176-1179.
[5]	王科特王力生. 信号实时采集系统的最佳并行线程数的研究[J]. 计算机应用, 2011, 31(10): 2593-2596.
[6]	黄帅许雪梅徐蔚钦周文. 嵌入式3G无线视频监控系统硬件设计与信号完整性仿真[J]. 计算机应用, 2010, 30(9): 2535-2537.
[7]	满梦华原亮丁国良巨政权宋亮. 嵌入式高可靠性异构双机冗余系统的设计[J]. 计算机应用, 2009, 29(08): 2143-2145.
[8]	罗怡桂，栾静，顾君忠. 混合实时嵌入式系统软硬件协同综合算法及其组件设计[J]. 计算机应用, 2005, 25(06): 1432-1436.
[9]	屈娟李艳平伍习丽. 对两个基于智能卡的多服务器身份认证方案的密码学分析[J]. , 0, (): 0-0.