Research On Security Gateway Optimization Basedon Multi-Core Processors

As a kind of “filter” in maintaining network information security,security gateway plays an important role in the management of online behavior and the security of intranet.In recent years,with the widespread application of mutual networks in people's lives and the explosive growth of network traffic,due to the constraints of the hardware level of development,the security gateway based on the X86 architecture platform has been unable to meet the increasing network performance requirements.The security gateway based on multi-core development has been applied to people's life more and more widely.However,in the process of network information security audit,the network information content needs to be monitored and the performance of the matching algorithm becomes a key factor that affects the processing performance of the entire multi-core processor.To further enhance the performance of multi-core processors,it must have a more efficient matching algorithms or optimization of existing matching algorithms.On the other hand,packet allocation strategies affect the processing performance of multi-core processor.This paper mainly studies two aspects of the matching algorithm optimization and load balancing algorithm research to improve the performance of multil-core processors.On the one hand,the paper analyzes the existing pattern matching algorithms.The AC_BM algorithm and the AC_SUNDAY algorithm combine the advantages of the AC algorithm and the corresponding single-mode matching algorithm.When the mismatch occurs,the matching tree moves more.Based on this idea,this paper proposes an improved variable step jump algorithm AC_ID,which determines the distance that the matching tree moves forward according to the first four characters of the current matching window when mismatch or the end of a scan,so that the maximum moving distance is the shortest mode String lenght + 4,and two felds(pattern string length,initial position)are needed to each node to process the mode string with anchoring.Finally,the experimental results show that the improved AC_ID algorithm improves the number of matching trees and matching time than AC_BM algorithm and AC_SUNDAY algorithm,and improves the overall processing capability of the system.On the other hand,this paper analyzes the existing load balancing algorithms.In view of the fact that the local hot spots appearing in the network traffic may cause "starvation" or overloading of processors,this paper proposes a multi-state load balancing algorithm SDLBA.The algorithm uses static load balancing algorithm for non-TCP packets and dynamic load balancing algorithm for TCP packets.The static load balancing algorithm uses the traditional hash algorithm to load.The dynamic load balancing algorithm uses the combination of a light load table and a heavy load,adopts the new connection re-mapping strategy when the light load threshold is satisfied,and meets the heavy load threshold Processor connection migration strategy,regular updates of individual processor loads and mild,heavy load tables and other datasheet information.As a result,each processor tries to balance the load as far as possible with the integrity of the session.