Design And Implementation Of Network Traffic Identification And Control

With the access of network technology into work and life, the network has become an important mark of modern information society. Various network applications have been made with people’s growing demand. The Internet brings convenience from browsing web pages to online TV watching and video conferences. And at the same time, bandwidth on demand is increasing sharply. The rapid growth of multimedia business has occupied a large percent of network bandwidth, and affects the smooth process of other network business. In order to ensure satisfaction of customer’s experience, the ISPs invest abundant of money to expand and manage network bandwidth. However, the multimedia business, such as P2P, can occupy bandwidth easily to cause network congestion again. Therefore, the fundamental method to solve this problem is to identify traffic flows and provide control strategy for ISP to manage the network. Besides, a lot of losses which are caused by the danger of network security occur in recent years. It has become more important to guarantee network security. At the same time, network security products become popular in the market, such as IDS, fire wall and mail inspecting system. All of these kinds of software need to identify and control the traffic flows.In order to analyze the usage of bandwidth to prevent unlimited occupation of bandwidth and control the network efficiently, this paper designs and implements a network traffic identification and control system which targets on local networks. The primary work of this paper includes:1、The paper researched and analyzed a variety of modern network traffic identification technologies, including port inspecting, DPI inspecting and DFI inspecting. By comparing and combining the advantages and disadvantages of these technologies, this paper targeted the aim to identify efficiently.2、The system used signature identification technology which was based on DPI as the core technology. And in this process, it needed to choose a suitable matching algorithm. The paper analyzed and summarized modern different matching algorithms. By comparing matching efficiency, the AC matching algorithm was selected as a base to realize the system.3、The paper analyzed and researched many traffic flow control technologies which is used under different network deployment patterns. By describing and comparing these technologies in detail, a new scheme, which was called joint deployment, has been selected.4、The paper proposed a new network traffic identification and control system’s framework and network deployment. The system can identify traffic data which goes through the equipment precisely, and can control the flows by executing control strategies. Besides, the system provides functions such as query in real time, history query and log query.5、The paper designed and implemented the core modules of the system, including data identification module, data control module and the system management module which is used to connect different modules in system.6、The paper tested and analyzed the system in performances and functions, and the design has fully achieved in demand. The system can identify well, and has low percent of wrong results. With good stability and scalability, the system can be used in large network environments by making a little modification.