摘要
分析过量规则对网络访问控制设备性能的影响,讨论针对这一问题的解决方法。基于优化规则、多设备分担负载的思想,提出IP编组与访问控制分离、管理与优化分离的串接-两分离访问控制法,设计了相应的双防火墙串接设备部署方案和超越应用的规则编组优化方案。物理仿真实验验证了串接-两分离访问控制法的可行性与优越性。
After analyzing the excessive filtering rules, a solution to increase the performance of network access control equipment is proposed. Based on ideas of optimizing rules and load balance of multi-equipment, the approach of Serial Double-separation Access Control(SDAC) method is put forward. In this method, organizing source IP into groups (control of source address) is separated from opening access port (control of service), and the managementof firewall is separated from the optimization of access control. Double firewall serial setting scheme for the first separation and optimizing rules scheme for the second separation are designed. Feasibility and superiority of SDAC are proved by physical simulation experiments.
出处
《计算机工程》
CAS
CSCD
北大核心
2008年第2期124-126,共3页
Computer Engineering
关键词
网络访问控制
过量规则
串接-两分离访问控制法
规则编组优化
network access control
excessive filtering rules
Serial Double-separation Access Control(SDAC) method
optimizing rules
