Security gateway traffic data collection and monitoring agent design and implementation
|School||Huazhong University of Science and Technology|
|Course||Communication and Information System|
|Keywords||Network accounting Network Monitoring Flow collection Traffic Monitoring NetFlow sFlow Netfilter|
With the increasing complexity of network architecture and the explosive growth of network traffic , network billing and network monitoring become a research hotspot. Gateway Access Gateway is especially important for network management enforcement points , usually built traffic collection and monitoring agent to support network billing and network monitoring . Traditional gateway traffic collection areas provide only based RMON / SNMP coarse-grained traffic statistics , not by business statistics, traffic controls only support remote login manually set firewall or traffic control rules , inconvenient centralized monitoring. This article references academe and industry solutions, based on embedded Linux platform access security gateway implements a strong usability , reliability , high performance, scalable flow collection and monitoring agents . This paper analyzes the traffic collection Socket used in link layer packet capture , Libpcap packet capture and packet capture , etc. Netfilter kernel packet capture technology, and RMON, NetFlow and sFlow technology such as traffic data collection and export advantages and disadvantages , and describes Iptables firewall and TC traffic control traffic monitoring tool. Then combine hardware and software resources and application scenarios explore the schematic design , highlighting the enhanced scalability and multi-process system architecture to improve performance using the Netfilter kernel packet capture and use of shared memory and Netlink achieve zero-copy volume collection module , to improve the reliability of using the state machine to achieve a secure transaction flow monitoring module . Then by introducing key data structures , interfaces, functions and processes , given the system 's implementation framework . Finally , the functionality, performance and stability of other aspects of the test, the test results show that the system meets the expected demand . This design implementation flow collection and monitoring agency, providing fine-grained class NetFlow traffic statistics to support business statistics , and to provide remote access to network status , configure firewalls or traffic control rules , upgrades, software and other functions to support centralized monitoring. Large-scale practical application shows that its functionality, performance, stability and scalability in outstanding performance .