Dissertation
Dissertation > Industrial Technology > Radio electronics, telecommunications technology > Communicate > Communication network > General issues > Network Security

Security gateway traffic data collection and monitoring agent design and implementation

Author PengLingPeng
Tutor DuXu
School Huazhong University of Science and Technology
Course Communication and Information System
Keywords Network accounting Network Monitoring Flow collection Traffic Monitoring NetFlow sFlow Netfilter
CLC TN915.08
Type Master's thesis
Year 2011
Downloads 18
Quotes 1
Download Dissertation

With the increasing complexity of network architecture and the explosive growth of network traffic , network billing and network monitoring become a research hotspot. Gateway Access Gateway is especially important for network management enforcement points , usually built traffic collection and monitoring agent to support network billing and network monitoring . Traditional gateway traffic collection areas provide only based RMON / SNMP coarse-grained traffic statistics , not by business statistics, traffic controls only support remote login manually set firewall or traffic control rules , inconvenient centralized monitoring. This article references academe and industry solutions, based on embedded Linux platform access security gateway implements a strong usability , reliability , high performance, scalable flow collection and monitoring agents . This paper analyzes the traffic collection Socket used in link layer packet capture , Libpcap packet capture and packet capture , etc. Netfilter kernel packet capture technology, and RMON, NetFlow and sFlow technology such as traffic data collection and export advantages and disadvantages , and describes Iptables firewall and TC traffic control traffic monitoring tool. Then combine hardware and software resources and application scenarios explore the schematic design , highlighting the enhanced scalability and multi-process system architecture to improve performance using the Netfilter kernel packet capture and use of shared memory and Netlink achieve zero-copy volume collection module , to improve the reliability of using the state machine to achieve a secure transaction flow monitoring module . Then by introducing key data structures , interfaces, functions and processes , given the system 's implementation framework . Finally , the functionality, performance and stability of other aspects of the test, the test results show that the system meets the expected demand . This design implementation flow collection and monitoring agency, providing fine-grained class NetFlow traffic statistics to support business statistics , and to provide remote access to network status , configure firewalls or traffic control rules , upgrades, software and other functions to support centralized monitoring. Large-scale practical application shows that its functionality, performance, stability and scalability in outstanding performance .

Related Dissertations
More Dissertations