Based On Ipv6 Firewall Flow Filtration Technology

With the rapid development and wide application of Intemet in the world,IPv4 has been facing the problems such as address exhaustion.The IPv6 agreement which is developed by IETF not only has solved the old edition problem but also brought out some new characteristics. With the application of the IPv6 in the next generation network,the network information security is still serious,which will certainly become one of the key aspects to influence further development of the network.As the important method to solve the network security problems, the firewall has already become the most popular way.However,there are some shortcomings such as application layer protection and the content monitoring in the core technologies of traditional firewalls.As a brand-new firewall architecture,Flow filtering has overcome many flaws in the core technologies of traditional firewalls and integrated some advantadges. Therefore,it is necessary to study the firewall which is based on flow filtering technology and supports the IPv6 agreement.First,the thesis introduces the research background and the significance of the IPv6 firewall system based on flow filtering technology,and elaborates the present status.Then the thesis gives intensive researches on the functions,classifications,architectures and other major performance index of the firewalls.This thesis mainly studies the notion of the "flow",the definition and basic principle of flow filtering technology,the strategy and mechnism of message processing;compares with other firewall technologies in the security,implementation principle, the working efficiency,and the controlling ability;concludes that as a new firewall structure,the filtering technology has excellent performance.The last section represents the implementation procedure of flow filtering technology.The innovationes of the thesis are as follows:1.Based on the research on the flow filtering,this paper proposes the message classifiction according to the IPv6 flow mark.Methods are provided to the problem caused by the excessive data or data groups during the message restructure.2.The thesis gives a comprehensive explanation on the problems to be settled in designing firewall based on IPv6.Based on the firewall system structure of shielding subnetwork it proposes a strategy of solving the compatibility of the IPSec and firewall by using the IPv6 expanding message header.This paper also gives a detailed design on the IPv6 firewall system based on flow filtering technology and states on realization process of each function model in firewall.3.The thesis builds the system testing environment and tests the filtering function of IPv6 packages.The results of the experiment prove that the system confirms to the firewall standard and realizes the expected goals.