Research On Network Reachability Query Engine Based On Firewall Decision Diagram Algorithm

In order to enable users to access network resources easily, the network shouldensure s mooth communication between nodes, in other words that sho uld havereachability. As the network grows increasingly large, firewa lls and routers, asnetwork equip ment necessary, use extens ive ly; especia lly the firewa ll has becomeone of the most widely used Internet secur ity equip ment at present, d irectly affect thenetwork reachability. Therefore, by studying the firewa ll to explore the networkreachability will be able to objectively reflected network reachability.It is ma inly due to its ACLs routers and other equip ment that can have an impacton the network reachability by controlling packet flow through the ACL, thusaffecting the network reachability. With the increasing number and species of thenetwork secur ity equip ment deployed, more and more non ACL forms o f securitypolic y is deployed in the network, although the for ms of those security polic ies andthe ACL are not the sa me, thus a lso has the packet filter functio n, with whic h theimpact is increasingly evident. Research on network reachability existing ma inly ACLresearch, based on the object, in view o f the network reachability mode ling ACLexists in s ingle for m, it is difficult to fully reflect the defect of network reachabil ity;At present most are us ing the Ping to query the network accessibility, and these querymode are trans ient, not comprehens ive,online and other shortcomings, at the sametime, it is difficult to describe user query requests unified,and lack the effic ie nt querymethods.Based on preliminary research results, this project comb ined with the non ACLfor m security strategies in the IDS and IPS syste ms,proposed the ACL and non ACLsecur ity polic y as the research object,and based on the firewa ll decis ion diagr a malgor ithm to model the network reachability, to describe the network reachabilitymore comprehens ive and accurate ly; b y researching str uctured reachability querylanguage, proposed effic ie nt query processing algor ithms, designed effic ie nt andpractica l reachability query mecha nis m. The experime nta l results show that, on theone hand, the network reachability query engine not only be able to query theinstanta neous network reachability, but a lso can query the upper and lower limits ofthe network reachability, while the comparing exper imenta l results show that thenetwork reachability query engine cons iderates ACL and ACL co mprehens ive, the query results are more accurate; On the other hand, the networkreachability queryengine uses mathematica l modeling, query based on the model, do not need to sendpackets to the network, reduc ing the occupation of network resources and the impactof real-time network environment, achieving network reachability offline inquiries.