检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:王嘉楠 吴军平[2] WANG Jianan;WU Junping(School of Fiberhome,Wuhan Institute of Posts and Telecommunications,Wuhan 430074,China;Fiberhome Communication Technology Co.,Ltd.,Wuhan 430073,China)
机构地区:[1]武汉邮电科学研究院烽火学院,湖北武汉430074 [2]烽火通信科技股份有限公司,湖北武汉430073
出 处:《电子设计工程》2021年第20期152-155,160,共5页Electronic Design Engineering
摘 要:为了实现转发过程中包过滤的功能,在三层交换机的接口上绑定一张访问控制列表(Access Control Lists,ACL),根据特定匹配规则执行通过或丢弃等预先设定的操作。基于硬件拦截恶意报文的目的,采用了基于NP芯片的ACL包过滤方案,从操作平台数据平面对象(FOS Data Plane Object,FDPO)中获取数据,映射在驱动数据平面对象(Device Data Plane Object,DDPO)并下发到接口,通过在接口处制定相应的流策略模板对流量快速响应,使用流分类的方法控制流量,实现拦截96%以上攻击报文的功能,有效缓解CPU处理压力。In order to realize the function of packet filtering in the forwarding process,an Access Control List(ACL)is bound to the interface of the layer 3 switch,and predetermined actions such as passing or discarding are executed according to specific matching rules.For the purpose of intercepting malicious messages based on hardware,the ACL packet filtering scheme based on NP chip is adopted.By obtaining data from the FOS Data Plane Object(FDPO)in the operating platform,it is mapped to the Driver Data Plane Object(DDPO)is then issued to the interface,and the corresponding flow policy template is formulated at the interface to quickly respond to the flow,and the flow classification method is used to control the flow,achieving the function of intercepting more than 96%of attack packets and effectively alleviating the CPU deal with stress.
分 类 号:TN919.3[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.216.69.239