The Research And Implementation Of Open VSwitch Supporting Stateful Firewall And Its Performance Optimization In VXLAN Network

In recent years, because of the rapid development of Internet technology, the traditional network architecture has been unable to meet the needs of human use. In this context, the proportion of Software Defined Network is growing in the network deployment of the moderm enterprise, because of its control separation, flexibility and other advantages. As the mainstream virtual switch in the SDN network, what Open vSwitch can provide in the network is particularly important.First, Open vSwitch does not support Stateful Firewall. However, the Stateful Firewall can play a greater role in the SDN network environment, whether in terms of security, or in terms of specific business needs. Therefore, it will be a big step forward if we can make Open vSwitch support Stateful Firewall. At the same time,as a virtual switch on the virtualization platform, its performance in the forwarding process is particularly important.Especially in the current cloud era of network structure, forwarding performance is even more important. But the original performance of OVS is not very satisfied with the users, so the performance of OVS optimization is significant.Combined with a company projects, the author has finished research and implement of the work of making Open vSwitch support Stateful Firewall and improving the forwarding performance of OVS in VXLAN network in this thesis. In other words, the author has perfected the function and improved packet forwarding performance of Open vSwitch.There are five chapters in this thesis. Chapter 1 is the introduction,the content of the subject of research background, research status and chapter arrangements, etc. Chapter 2 is the introduction and analysis of Open vSwitch related content, including netfilter, VXLAN and so on. Chapter 3 includes technical research on the netfilter framework for implementing Stateful firewall functionality. On this basis, the research and design of Open vSwitch docking state firewall are completed. At the same time in this chapter the author completes the research of message forwarding process in Open vSwitch, as well as GSO and GRO technology research. Then the research and design of message forwarding performance optimization are completed. Chapter 4 is based on Chapter 3, the author completes the implementation of Open vSwitch docking Stateful firewall and the realization of packet forwarding performance optimization. In Chapter 5, the author uses a company's network environment and network equipment to complete the test of Open vSwitch docking Stateful Firewall and the performance test of Open vSwitch in VXLAN network to show the comparison of performance before and after optimization, so as to confirm the outcomes of this thesis.