Strategic Study of CAE >> 2002, Volume 4, Issue 3
Design and Implementation of High Performance Security Router BW7000
Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China
Next Previous
Abstract
High performance and security are hot areas of the research of Internet. How to provide security protection but not decrease the forwarding performance is a hot research topic currently. This paper is based on the research of the high performance security router, a key project of national high technology research and development plan. Operating system (HEROS) of the high performance router BW7000 was developed independently. In order to provide high performance IP packets forwarding, a high performance routing lookup algorithm based on RAM was developed. A novel classification algorithm based on non-collision Hash-Trie-tree and an algorithm based on distributed packet fair queuing with feedback mechanism weve designed and impemented to support QoS control and security management. In order to secure the network, a router security architecture based on distributed key management was proposed.
Keywords
router ; Security ; router operating system ; route lookup ; packet classification ; packet scheduling
References
[ 1 ] 范晓勃, 林 闯, 吴建平, 等.分布式路由器的性能模型与分析[J].计算机学报, 1999, (11) :1223~1227 link1
[ 2 ] GuptaP , LinS , MckeownN .Routinglookupsinhard wareatmemoryaccessspeeds[A ].ProceedingsofIEEEINFOCOM 98[C], SanFrancisco, 1998
[ 3 ] HuangNenfu, ZhaoShiming, PanJenyi, etal.AfastIproutinglookupschemeforgigabitswitchingrouters[A].ProceedingsofIEEEINFOCOM 99[C], SanFrancisco, 1999
[ 4 ] 吴 剑.高性能路由器路由管理及RIP协议的研究与实现[D].北京:清华大学, 2001
[ 5 ] SrinivasnV , VargheseG , SuriS , etal.Fastscalablelevelfourswitching[J].ACMComputerCommunica tionReview, 1998, 28 (4) :191~205
[ 6 ] BennettJCR , ZhangHui.WF2Q :Worst casefairweightedfairqueuing[A].ProceedingsofACM SIG COMM 96[C], PaloAlto:CA , 1996.143~156
[ 7 ] KentS , AtkinsonR .SecurityarchitecturefortheIn ternetprotocol[M].RFC2401, 1998
[ 8 ] MotorolaInc.MCP750Seriessingleboardcomputerprogrammer’sreferenceguide[M ].ComputerGroup, 1999
[ 9 ] 吴建平, 陈修环, 郝瑞斌, 等.基于形式化技术的协议集成测试系统———PITS [J].清华大学学报, 1998, 38 (S1) :26~29 link1