| With the increasing complexity of network architecture and the explosive growth of network services, network accounting and monitoring become research hotspots in network area. As a key network element to implement network management, gateway especially access gateway often supports network accounting and monitoring with built-in traffic collection and monitoring agent. The traditional methods used in gateway only provide traffic information based on RMON/SNMP which isn't detailed enough for accounting according to services. Moreover, they just support setting firewall or traffic control rules manually after remote login, which isn't convenient for controlling traffic centrally.With a full reference to the solution in academia and industry both at home and abroad,this thesis implements a traffic collection and monitoring agent in a security access gateway. What's more, the agent runs on the embedded Linux platform, and has good usability, nice stability, high performance and favorable expansibility. This thesis first analyzes the relative techniques which will be used in traffic collection, including packet capture techniques such as Datalink Access Socket, Libpcap and Netfilter Hook, and traffic collection and export standards such as RMON, NetFlow and sFlow. In addition, it introduces two methods of traffic monitoring: firewall and traffic control. Second, it gives out the system design according to the application environment, and resources of software and hardware. It focuses on the system architecture which uses multiple processes to enhance the reliability, the traffic collection module, and the traffic monitoring module which adopts transaction-safe mechanism based on state machine to increase the stability. In order to improve the performance, the traffic collection module uses Netfilter to capture packets in kernel, and enable kernel and user space to share memory with netlink to communicate with each other. Third, by introducing the important data structures, interface functions, and handle processes,this thesis pays attention to the implementation of the system. Finally, it thoroughly tests the system from aspects of function, performance, and stability, and at last comes to a result that the system has met the expected demand.The traffic collection and monitoring agent designed and implemented in this thesis not only provides detailed traffic information similar to NetFlow, but also supports retrieving network status, configuring firewall or traffic control rules, and upgrading software centrally. Meanwhile, the agent does well in function, performance, stability and expansibility in large scale practical use. |
PDF Full Text Request