A Highly Integrated QoSed Security Gateway: Fast Packet Classification and Accurate TCP Rate Shaping

• Main Authors: Huan-Yun Wei, 魏煥雲
• Other Authors: Ying-Dar Lin
• Format: Others
• Language: zh-TW
• Published: 2003
• Online Access: http://ndltd.ncl.edu.tw/handle/55604386350448195484

博士 === 國立交通大學 === 資訊科學系 === 92 === While the connectivity issues are being resolved for LAN, WAN, and the last mile, the Internet is moving into the next era in security and QoS networking. Without changing the Internet backbone infrastructure, the security and QoS mechanisms can be embedded into a gateway, i.e. edge router. This thesis focuses on (1) discovering the problems by evaluating real security or QoS systems; (2) transparently solving the problems without introducing any new protocols or changing any Internet infrastructure, and on (3) integrating the solutions into a real gateway. As the name suggests, the "highly integrated QoSed security gateway" solves the integration problems among the Firewall, NAT, VPN, Content Filter, IDS, Routing, and Bandwidth Management. The thesis begins with an extensive performance/functional comparison among seven popular open-source and commercial security gateways. Then the powerful One-Time Classifier (OTC) is proposed to provide an integrated and high-speed classification engine. The next focus lies in another extensive evaluation of the eight chosen popular open-source and commercial bandwidth management devices. After that, the innovative PostACK approach is proposed to compete with the patented TCR approach that is employed in five tested products. Finally, based on the discovery of our evaluations on Wireless LAN (WLAN) access points, an integrated uplink/downlink WLAN bandwidth manager is designed to fully control the bandwidth of the wireless link. This thesis presents the testing, design, implementation, evaluation, and analysis of the highly-integrated QoSed security gateway.