作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2007, Vol. 33 ›› Issue (01): 104-105. doi: 10.3969/j.issn.1000-3428.2007.01.035

• 网络与通信 • 上一篇    下一篇

基于IXP2400开发NIDS负载均衡器的研究

陈 宇,薛 鹏,翟伟斌,刘宝旭,许榕生   

  1. (中国科学院高能物理研究所计算中心,北京 100049)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-01-05 发布日期:2007-01-05

Research of Developing NIDS Load Balancer via IXP2400

CHEN Yu, XUE Peng, ZHAI Weibin, LIU Baoxu, XU Rongsheng   

  1. (Computing Center, Institute of High Energy Physics, Chinese Academy of Sciences, Beijing 100049)
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-01-05 Published:2007-01-05

摘要: 分析了高速网络环境下基于分流机制实现的NIDS体系架构,探讨了其核心部件——NIDS负载均衡器的实现及关键算法,给出了其在网络处理器上的具体实现。实验表明,基于IXP 2400网络处理器实现的负载均衡器具有成本低、研发周期短、可扩展性好的特点,完全能满足NIDS分流架构的需求,基本解决了高速网络下网络入侵检测设备的性能问题。

关键词: 入侵检测, 高速网, 数据分流, 网络处理器

Abstract: This paper introduces the architecture of NIDS data distribution system. It focuses on how to develop its key component, effective load balancer and gives the implementation using network processor. It’s proved to be low-cost, short-term and scaleable to implement NIDS load balancer based on IXP2400 by experiment. It successfully finishes the task of data distribution, so that the detection performance of the system is improved.

Key words: Intrusion detection, High-speed networks, Data distribution, Network processor