【作者】 蒋华；

【导师】 郑彦； 王汝传；

【作者基本信息】 南京邮电大学 ， 计算机软件与理论， 2012， 硕士

【摘要】 近年来,随着计算机网络技术的飞速发展,各种综合服务应用越来越广泛,导致带宽需求与日俱增,时常造成网络拥塞。各种分布式多媒体应用不但对网络有很高的带宽要求,而且要求信息传输具有低延迟和低抖动等。一些非关键应用业务,特别是随着eMule、BT、迅雷等各种P2P应用的流行,P2P网络流量已成为互联网的重要组成部分,消耗了大部分的网络带宽资源,严重影响了HTTP、E-mail等其他关键应用的服务质量。如何有效地控制网络流量已成为目前面临的一个重要难题。在带宽资源有限的情况下,若能采用流量控制技术将带宽资源进行有效分配和管理,确保使用者基本的带宽,抑制非关键业务的流量,能大大提升网络的服务质量。本文深入研究了Linux防火墙Netfilter的框架结构及其工作原理,分析了Netfilter防火墙中的链接跟踪技术及应用层识别分类器L7-filter,并且研究了Linux流量控制的相关技术,对流量控制常用的FIFO、TBF、SFQ、CBQ、HTB等排队规则进行了重点分析。本文基于Linux操作系统的Netfilter防火墙和连接跟踪机制,结合应用层协议识别工具L7-filter和流量控制器TC设计并实现了一个简单而高效的流量控制原型系统。该系统分为流量识别和流量控制两个功能模块,流量识别模块使用iptables和L7-filter识别数据包的协议,然后用iptables对识别出的不同用户组和协议的数据包打上标记进行分类,流量控制模块根据应用需求,对不同用户组和应用协议分配不同的最小保证带宽和最大可借用带宽以及借用优先级,抑制P2P等非关键业务流量,以保证SSH、Telnet、HTTP等关键业务的服务质量。实验证明此系统能有效地控制网络流量,极大地提高了网络的服务质量,而且设备成本低、容易架设,对中小型网络来说是一个很好的QoS解决方案。更多还原

【Abstract】 In recent years, with the rapid development of computer network technology, a variety of integrated services are used more and more widely, which lead the increasing demand of bandwith. A variety of distributed multimedia applications on the network not only has high bandwidth requirements, and requires information transmission with low latency and low jitter. Some non-critical business applications, especially with the eMule, BT, Thunder and other popular P2P applications, P2P traffic has taken great portions in the network traffic. It is a serious influence to the rest of network service that peer-to-peer flows occupy the network bandwidth seriously, therefore how to effectively identify and control network traffic has been a very important problem.The bandwidth management techniques can make effective management and allocation for the resources of bandwidth, and promote Quality of Service (QoS). Further more, it can control unusual traffic of bandwidth and allocate proper bandwidth.This thesis studies the Linux firewall and the Netfilter framework works, analysis of the link tracking technology and application layer identification classifier L7-filter in Netfilter firewall and the Linux traffic control technology, FIFO, TBF, SFQ, CBQ, HTB and other queuing rules were focused on analysis.A simple and efficient traffic control system was designed and realized based on Linux Netfilter firewall and connecting tracking strategy. It combined the L7-filter which identifies packets based on application layer data and TC which is a traffic control tool. The system can identify and classify packets based on application layer data and allocate limited network bandwidth properly to realize traffic control. The experiment result shows that the system can identify and control network traffic effectively. This design way can reduce the abnormal network traffic effectively and then guarantees each user’s basic bandwidth requirement. So the design model is efficient, low cost and easy to build on network which bandwidth needed to be allocated fairly.更多还原