Network traffic isolation system based on DPDK
A technology for isolating system and network traffic, applied in transmission systems, electrical components, etc., can solve problems such as inability to meet normal business needs, inability to adjust immediately, and traffic isolation rate decline, achieve rapid isolation policy configuration, and increase the function of traffic detection Effect
Inactive Publication Date: 2021-07-09
成都中恒星电科技有限公司
View PDF12 Cites 5 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
GAP in the prior art is a technology that uses dedicated hardware to enable two or more networks to realize secure data transmission and resource sharing when they are not connected. Disconnecting the link layer and blocking TCP / IP protocol and other network protocols can significantly improve the security strength of the internal user network. However, although GAP technology isolates traffic from the source, its traffic isolation rate for large traffic It will inevitably cause a sharp drop and cannot meet its normal business needs. At the same time, the GAP technology cannot flexibly configure the isolation strategy. When the isolation strategy needs to be adjusted, it cannot be adjusted immediately, and the flexibility is not enough.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0018] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in combination with specific embodiments and with reference to the accompanying drawings. It should be understood that these descriptions are exemplary only, and are not intended to limit the scope of the present invention. Also, in the following description, descriptions of well-known structures and techniques are omitted to avoid unnecessarily obscuring the concept of the present invention.
[0019] Such as Figure 1-2 As shown, a kind of network traffic isolation system based on DPDK proposed by the present invention includes a network under test, a twin network, a gateway, a DPDK module, a detection filter module, a filter rule submission module and a filter rule distribution module;
[0020] The filtering rule submitting module communicates with the filtering rule distributing module, and the filtering rul...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
A network flow isolation system based on DPDK comprises a detected network, a twin network, a gateway, a DPDK module, a detection filtering module, a filtering rule submission module and a filtering rule distribution module; wherein the DPDK module is used for querying and modifying messages received and sent by the network card at the gateway according to a filtering rule, and the DPDK module is arranged on the gateway; the detection module is used for analyzing, detecting and filtering the flow packet, and the detection module is arranged in a detected network; the filtering rule submitting module is used for receiving the filtering rule sent by the filtering distribution module and sending the filtering rule to the driving module; and the filtering rule distribution module is used for distributing filtering rules imported from other places and sending the filtering rules to the driving module. According to the invention, flexible and rapid isolation strategy configuration can be effectively carried out on the traffic, and malicious traffic can be detected in real time, so that the isolation strategy can be dynamically modified, the traffic at the gateway can be rapidly shunted, and the malicious traffic can also be rapidly isolated.
Description
technical field [0001] The invention relates to the technical field of traffic isolation, in particular to a DPDK-based network traffic isolation system. Background technique [0002] With the continuous development of Internet technology, the traffic scale of data center network and national backbone network is also increasing, and the traditional network traffic isolation method can no longer adapt to the current high-speed network environment. Although the performance of hardware is constantly improving in terms of traffic isolation, large-scale traffic and useless malicious traffic have a great impact on the traffic isolation of multi-core processors, and in the Linux system, the large-scale data packet Processing also has a lot of overhead problems, including data copying from the application layer to the system layer, system interrupt processing, context switching, and so on. So for multi-core processors, traffic isolation is an urgent problem to be solved. GAP in th...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/0263H04L63/1466
Inventor 王洁
Owner 成都中恒星电科技有限公司