| In February2011,ICANN/IANA announced that all IPv4addresses run out.IPv6era has officially arrived. IPv6protocol uses128-bit address, itfundamentally solves the problem of IP resources insufficient. At the same time,the mobility and security of IPv6protocol has been greatly improved comparewith the traditional IPv4protocol. As the existing IPv4protocol has been widelyused, IPv6is impossible to replace IPv4in a short period. It will appearcoexistence of IPv4and IPv6for a long time in the future.As the IPv6protocol is not compatible with the IPv4protocol, how toachieve interoperability between IPv4network and IPv6network become one ofthe most important issues that should be resolved in transition period. Amongnumerous transition technology, tunnel technology has been recognized by mostpeople with its transparent, cheap and flexible. The widespread application ofthe tunnel has been seriously restricted by the complexity of tunnelconfiguration, so IPv6Tunnel Broker has been proposed to automatic configuretunnel.IPv6Tunnel Broker makes the issue of network security become morecomplex. Existing safety monitoring system does not filter the flow on thetunnel, illegal users can exploit the flaw to attack Tunnel Broker system andother network nodes. Therefore, how to detect attacks and protect IPv6TunnelBroker System has become a hot issue need to be solved. This paper propose acomprehensive security policy. According to the characteristics of tunnelflow,the policy resist the attacks of illegal users by filtering illegal data, and theeffectiveness of the policy has been proved by experiments.IETF proposed a basic framework of Tunnel Broker System in RFC3053,butthere is no specific Implementation on load balance of Tunnel Broker. Thestatic load balance algorithm which is used in the existing IPv6Tunnel Brokerdoes not take into account the actual tunnel server load, so it can not achieve thedesired result. With the increase of tunnel users, load balance will become the key factor that restrict the development of IPv6Tunnel Broker System. Afterthorough studying on Tunnel Broker theory and dynamic load balance algorithm,this paper presents a load balance algorithm based on feedback and mediation.The algorithm adjust task allocation based on the flow of tunnel servers,effectively reduces the load diffenence between servers. According to the resultof experiments, the algorithm can be more reasonable to balance the loadbetween the tunnel servers.Finally, this paper designs and achieves a security and effective IPv6tunnelbroker system based on load balance algorithm and security policy presented inthe paper. |
PDF Full Text Request