【作者】 金筱燕；

【导师】 石金华； 郭放；

【作者基本信息】 东华大学 ， 通信与信息系统， 2007， 硕士

【摘要】 随着校园网络应用的日益复杂及网络规模的不断扩大，对网络的管理提出了更高的要求。一方面，校园网用户对网络性能要求不断增加；另一方面，校园网中的安全威胁(如DDoS、蠕虫、恶意代码等)也越来越多。校园网管理人员需要全面地了解一个网络的情况，从而合理分配带宽资源，让关键业务得以正常运行；同时及时定位引起网络异常情况的事件源，有效地控制异常流量的蔓延。现有的网络管理软件都是针对一般的网络来设计的，虽然可以满足一些有限的要求，然而却缺乏更进一步的网络管理支持。流量监测是网络管理的基础。国际标准化组织所规定的网络管理五大功能模块的实现都或多或少的依赖于网络流量监测。因此，有必要在现有的校园网络管理基础上实现对全网的流量监测和控制，从而更好地管理及优化网络。本文根据我校校园网的管理需求，在研究当前相关理论及技术的基础上，提出了一个分布式流量监测系统的详细设计，并实现了一个流量监测Web管理系统。具体工作如下：使用交换机(或路由器)上配置NetFlow的方式，设计了多层次、多采集点的分布式流量采集架构：将各个站点的功能封装为Web服务来实现站点间的交互；针对异常流量的控制，设计了一个基于策略的异常流量联动控制框架；以及以VS．Net为平台、SQL Server数据库为核心实现了流量监测管理系统，用于流量采集、分析、告警显示等功能。首先，为了全面、高效地采集到所需的流量信息，本文设计了一个基于NetFlow的分布式流量采集架构的设计方案。采用分布式采集架构将全网流量的采集任务分布至校园网的各个区域，采集点被设计在核心层和汇聚层，分别用来监测出口流量和网内各区域的流量。通过这种方式，能获得校园网出口以及网内各区域的全面流量信息。第二，将系统的整体架构设计为二级监控的模式，分为监控中心及子站点，并采用Web服务实现各个站点间的交互。子站点的流量信息查询及监控中心的注册等功能被封装为Web服务在网上发布。增加了系统的灵活性和可扩展性。在数据库的设计中，流量信息的存储设置在各个子站点，减轻了监控中心的存储负担。第三，针对异常流量的控制，设计了一个基于策略的异常流量联动控制框架。包括策略的描述、存储、转化、下发等子模块。该框架的特点是集中式管理、分布式执行。在每个采集点，设置异常流量监测引擎，当有异常情况发生，通知中心策略服务器，由其进行策略的判决及下发。文中以系统的异常流量监测模块与防火墙的联动为例，对整个策略联动控制流程进行了说明。第四，文章介绍了在VS．Net平台下系统主要模块的实现过程。系统在校园网的主干网络交换机上进行了安装和测试，实现效果良好。本论文开发完成了以我校校园网为背景的流量监测管理系统。在系统设计中，将流量监测与基于策略的联动结合起来，具有一定的创新性。同时，该系统有效地解决了对校园网全网流量的监测问题，能在采集分析流量的基础上，将网络流量以图表等方式表现出来，同时在异常流量发生的时候能够给予及时的告警和基于策略的控制，减轻了管理员的工作负担，具有一定的实用价值。更多还原

【Abstract】 With the increasing complexity of the network application and the expansion of network size of campus network, the network management is becoming more and more difficult. On one hand, the requirement of network performance of the campus users is increasing. On the other hand, the security threat (e.g. DDoS, worm, malicious codes, etc.) is emerging from time to time. The network administrators should get a global view of the network to allocate the bandwidth properly and to locate the source of the network traffic anomaly in time to prevent the spreading of the anomaly traffic effectively. The current network management software is aimed at the usual network, meeting with the limited requirements without the further support of the management. Traffic monitoring is the basis of the network management. The International Standard Organization (ISO) specifies five basic functions of the network management, the implementation of them are mostly based on the traffic monitoring. Therefore, it’s necessary to develop a traffic monitoring system to achieve the global control of the current campus network management to fulfill the better management and optimization of the network.In this paper, according to the management requirements of our campus network, after studying on the current related techniques, a detailed design of a distributed traffic monitoring system is proposed, and a Web based traffic monitoring system is implemented at last. The work of this paper in detail is as following, based on the NetFlow collecting technique of the switch (or router), we propose a distributed traffic collecting infrastructure of multi-tier and multiple collecting points; Encapsulating the site functions as Web Service to implement the interaction of the sites; Aimed at the controlling of the anomaly traffic, we design a anomaly traffic corporation control structure based on the policy structure; Implement a Web-based Traffic Monitoring Management System, which is developed at the VS.Net platform and SQL Server database.Firstly, to collect the traffic information comprehensively and effectively, we design a distributed traffic-collecting infrastructure based on NetFlow. We distribute our collecting tasks to every area of our campus network. And the collecting points are designed to locate in the core and pool layer to achieve the in/out and inner traffic of the network. Through this method, we can get the entire traffic information of the network.Secondly, the system is designed as two-level monitoring pattern, i.e. monitoring center and sub sites, and using Web Service to implement the interaction between these sites. The functions of the system, such as the query of the sub site and the registration of the monitoring center, are encapsulated as Web Services, and are published in the Web, which enlarge the flexibility and scalability of the system. In the design of the database, the traffic information is dispersed in each sub site, which alleviates the storage burden of the system.Thirdly, aimed at the control of the anomaly, we design a corporation control structure based on policy, which includes description, storage, exchange and delivering of policies. The feature of the structure is central management and distributed execution. In each collecting point, an anomaly traffic detection engine is set up. Once an anomaly occurs, the engine will inform the central policy server to determine and deliver the policy. In this paper, we use an example of the corporation between traffic monitoring system and firewall to illustrate the controlling procedure.Fourthly, we describe the implementation procedure of the system in the VS.Net platform. The system is installed and tested in the backbone switch of our campus network. The results show the feasibility and good effect of our system.In brief, this paper has developed a traffic monitoring management system based on our campus network. In the design of the system, we combine traffic monitoring with the policy-based corporation, which is a new idea in this field. And the implemented system effectively solves the. monitoring problem in the entire scope of our campus network. It can illustrate the traffic information in the kind of graphs and tables based on the collected information. And once the anomaly traffic occurs, it can show the alert on web page and control it based on predefined policies. In all, it can alleviate the burden of the network administrator and has the practial values.更多还原