English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 42118891      線上人數 : 1204
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/72156


    題名: Handover:A Mechanism to Improve the Availability of Network Services after Live Migration under Private Networks
    作者: 鍾致曜;Zhong,Zhi-Yao
    貢獻者: 資訊工程學系
    關鍵詞: 即時移轉;Netfilter佇列;網路位址轉換路由器;三向交握;Live migration;NFQUEUE;NAT router;Three-way handshake
    日期: 2016-08-01
    上傳時間: 2016-10-13 14:29:06 (UTC+8)
    出版者: 國立中央大學
    摘要: 隨著基礎設施即服務(Infrastructure as a Service, IaaS)市場的快速成長,如何讓IaaS服務提供一個具有高度可靠性及可用性的作業環境變得更加重要。因此,在經過虛擬機器的即時移轉後,要如何保持網路服務的連線將會是一個重要的議題。在本研究中,我們提出了一個在廣域網路中進行即時移轉後,仍然能夠維持用戶的TCP連線狀態的機制,稱作Handover。當虛擬機器的IP位址因為即時移轉的緣故而有變動的時候,Handover會透過在iptables的nat table裡插入一條OUTPUT規則,使用戶對外送出的封包被重新導向到虛擬機器的新IP位址。此外為了避免轉向後的連線被NAT路由器所阻擋,我們還加入了一個偽造的三方交握步驟。從實驗結果可以看到Handover的確能夠在不同的網路環境中發揮作用,並且這個連線切換的過程只需要額外消耗大約0.165秒的時間。Handover可以被應用在絕大多數以Unix為基礎的作業系統裡。不只如此,它或許還會被整合進一個分散式阻斷服務攻擊(Distributed Denial of Service, DDoS)的防禦系統之中。隨著Handover與DDoS防禦系統剩餘部件的搭配部署,我們相信這將會成為一個抵禦DDoS攻擊的有效手段。;With a rapid growth of the Infrastructure as a Service (IaaS) market, it becomes more important for IaaS services to provide the work environment with high reliability and availability. Therefore, how to maintain the network connections after live Virtual Machine (VM) migration is going to be a big issue. In this research, we propose a new mechanism to keep clients’ TCP sessions across live migration over Wide Area Networks (WANs), called Handover. After the VM’s IP address changed after live migration, Handover inserts an OUTPUT rule in the nat table of iptables to redirect the client’s outgoing packets to the new IP address of the VM. In addition, we apply a fake three-way handshake mechanism to prevent the redirected traffic from being blocked by the NAT router. The experimental results demonstrate that Handover is effective in varied network environments, and the overhead of this changeover process is about only 0.165 seconds. Handover can be utilized in most of Unix-based systems. Furthermore, it may be integrated into a Distributed Denial of Service (DDoS) Defense System. By deploying the remaining parts of the DDoS defense system with Handover, we believe it could serve as a useful method to guard against DDoS attacks.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML191檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明