中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/72156
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 78852/78852 (100%)
造访人次 : 38000721      在线人数 : 827
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/72156


    题名: Handover:A Mechanism to Improve the Availability of Network Services after Live Migration under Private Networks
    作者: 鍾致曜;Zhong,Zhi-Yao
    贡献者: 資訊工程學系
    关键词: 即時移轉;Netfilter佇列;網路位址轉換路由器;三向交握;Live migration;NFQUEUE;NAT router;Three-way handshake
    日期: 2016-08-01
    上传时间: 2016-10-13 14:29:06 (UTC+8)
    出版者: 國立中央大學
    摘要: 隨著基礎設施即服務(Infrastructure as a Service, IaaS)市場的快速成長,如何讓IaaS服務提供一個具有高度可靠性及可用性的作業環境變得更加重要。因此,在經過虛擬機器的即時移轉後,要如何保持網路服務的連線將會是一個重要的議題。在本研究中,我們提出了一個在廣域網路中進行即時移轉後,仍然能夠維持用戶的TCP連線狀態的機制,稱作Handover。當虛擬機器的IP位址因為即時移轉的緣故而有變動的時候,Handover會透過在iptables的nat table裡插入一條OUTPUT規則,使用戶對外送出的封包被重新導向到虛擬機器的新IP位址。此外為了避免轉向後的連線被NAT路由器所阻擋,我們還加入了一個偽造的三方交握步驟。從實驗結果可以看到Handover的確能夠在不同的網路環境中發揮作用,並且這個連線切換的過程只需要額外消耗大約0.165秒的時間。Handover可以被應用在絕大多數以Unix為基礎的作業系統裡。不只如此,它或許還會被整合進一個分散式阻斷服務攻擊(Distributed Denial of Service, DDoS)的防禦系統之中。隨著Handover與DDoS防禦系統剩餘部件的搭配部署,我們相信這將會成為一個抵禦DDoS攻擊的有效手段。;With a rapid growth of the Infrastructure as a Service (IaaS) market, it becomes more important for IaaS services to provide the work environment with high reliability and availability. Therefore, how to maintain the network connections after live Virtual Machine (VM) migration is going to be a big issue. In this research, we propose a new mechanism to keep clients’ TCP sessions across live migration over Wide Area Networks (WANs), called Handover. After the VM’s IP address changed after live migration, Handover inserts an OUTPUT rule in the nat table of iptables to redirect the client’s outgoing packets to the new IP address of the VM. In addition, we apply a fake three-way handshake mechanism to prevent the redirected traffic from being blocked by the NAT router. The experimental results demonstrate that Handover is effective in varied network environments, and the overhead of this changeover process is about only 0.165 seconds. Handover can be utilized in most of Unix-based systems. Furthermore, it may be integrated into a Distributed Denial of Service (DDoS) Defense System. By deploying the remaining parts of the DDoS defense system with Handover, we believe it could serve as a useful method to guard against DDoS attacks.
    显示于类别:[資訊工程研究所] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML218检视/开启


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明