Research Of Network Quality Of Service And Network Security Based On Network Processor

The development of Internet application increases the connection demand, Internet has become the main media of information propagation, and more and more focus has project on the quality of service, security and integrity of information transmission. As development of Internet, the network device in the next generation is high process and easy program. And it can provide much new network function in the same soft architecture. And now the network processor is come on. As network processor become core hardware in the next generation network device. The research in this paper is quality and security of network information transmission based-on network processor.The dissertation introduces the background and status of the development of network processor. The service model of network processor is analyzed. On the basis of network processor, we study two kinds of network model: core stateless network and virtual private network.The IXP1200 network processor is analyzed in this paper. The IXP1200 is a integration data processor. It provides high performance process and it can fit for all kind of network communication occasion. The application of IXP1200 network processor includes much service exchange computer, routers,service provider/integration platform of communication company and corporation edge; core system of much G bit router; Virtual Private Network, Firewall and Intrusion Detection Systems; VoIP gateway and web exchange device. The research of network processor in this paper is Virtual Private Network. Active compute element is adopted in this paper, and it can expand flexible new network service function.The dissertation analyzes the problem of network congestion avoidance. Core stateless network is a way to solve the problem for that it is easy to realize. Software architecture is brought forward that is based on IXP1200 network processor. It is extended new services in the architecture. And it cannot impact the originalarchitecture. The data that is transported or received is processed by the architecture.Based on Core Stateless Fair Queuing (CSFQ) algorithm, a core stateless fair queuing algorithm using rate-based buffer management (rr-CSFQ) was presented. According to the estimated packet arrival rate and the status of network congestion in router, the buffer is managed using rate-based Random Early Detection (RED). By adjusting the drop probability, the algorithm solves the problem of drop tail"caused by the poor delay character of CSFQ, and improves the fairness in bandwidth allocation between different data flows. Simulation proved that the algorithm can allocate the bandwidth between TCP flows and UDP flows in the condition of little buffer.IP security protocol is analyzed in the paper. IP security protocol is an opened standard frame that established by Internet Engineering Task Force. And transmission security is provided in the Internet. It is applied in IP layer, security protection and authentication is used for IP packets. The AH protocol provides authentication for IP packets, and ESP protocol provides authentication and privacy for IP packets. It can provide security service that includes access control, integrality, authentication, replay attack protection, privacy and privacy of finite communication.Management of Internet key is a necessary condition to communicate security. The paper introduces Internet key exchange protocol to provide key management. The paper analyses the resistant against denial-of-service. The improvements in IKE are suggested and improve the security and robust of IKE.At last, base on the above description, a whole framework is bring forward based on network processor, the process model on the data plane is described by peo-code. And microengines are effectively divide and collaborate, the aim is improved the performance of the system and expanded new network service function.