Presentation is loading. Please wait.

Presentation is loading. Please wait.

IP Control Gateway (IPCG)

Published byMafalda Espírito Santo Modified over 5 years ago

Similar presentations

Presentation on theme: "IP Control Gateway (IPCG)"— Presentation transcript:

1 IP Control Gateway (IPCG)
Xiaojun Zhang Computer Center, Peking University Good afternoon, everybody. My name is Zhang Xiaojun, I am from Peking University. In next 20 minutes, I will introduce IP control gateway system briefly. This system is developed by the Computer Center of Peking University, it can control network packet forwarding according to end user’s requirement. 2019/4/8

2 Contents Background information Network access control
IPCG design & implementation IPCG & network accounting system Conclusion The presentation includes the following parts: 1st is about the background information of IP control gateway. 2nd describes the access control technology in network. 3rd involves system design and implementation. 4th presents an accounting system built upon IP control gateway. Conclusion is the last one. 2019/4/8

3 Background(1/2) Old network accounting system Based on HTTP proxy
Application dependence Poor performance About three years ago, our accounting system was based on HTTP proxy. But this system can not conform to the new network development. There are two reasons. Application dependent: The HTTP proxy server must know the application protocol, otherwise the application cannot be proxied. Poor performance: Almost all HTTP proxy server works in the user space of operating system, and cannot adapt to high network traffic. We need to improve the old accounting system. 2019/4/8

4 User-based Network Management
Background(2/2) User-based Network Management Administrator control As we all known, the network accounting system is one of the most important network management task. In network environment, the user uses application via network. In order to achieve the user-based network management, the administrator must find an efficient method to control network accessing. User Network Application 2019/4/8

5 Network access control(1/1)
Network Device-ACL limited, coarse granularity HTTP Proxy application dependent poor performance Firewall-ACL, Pattern, Rule… focus on network security General & open platform-(PC server + NIC) low cost Other specific technology R&D, high cost Let’s review the common network access control methods. The 1st is the Access Control List. This method is often used in network device, for instance, router or switch. But this method cannot achieve the fine-grind access control. The 2nd is the HTTP proxy. This method has been introduced above. The 3rd is the firewall technology. As same as the ACL, this method cannot achieve the fine-grind access control too, because the main objective of firewall is network security protection. The next method is based on PC server with network interface card. This method achieve network access control in software, and can be cheap. The last one is by virtual of specific technology, for example, ASIC or network processor, but it need more investment. 2019/4/8

6 IPCG design & implementation(1/4)
Objectives Application independent High speed bandwidth: 1 gigabit Access control granularity: individual IP User-based: triggered by user, customize on demand Controller IP range: B-class address block Flexibility: configuration, employment, etc. According to the above introduction as well as our actual network management, we define the following network management objective: Application independent: network access control can support all network application, not only the old application but also the new application. Network access control must support one gigabit network speed. Because this speed is very common. Find-grind access control: the object system can grant different access permission on individual IP. User-based: the end user can actively apply network access permission according to his actual requirement. The controlled IP address range is a B-class address block at least. The system configuration and employment can be very flexible for administration. 2019/4/8

7 IPCG design & implementation(2/4)
Functions Access control Access Permission Traffic statistics Collect traffic usage information (for accounting) Record IP packet content (for query) Through our careful performance comparison and analysis, we find the general and open method can meet our objectives. Therefore, we decide to adopt this method to achieve network access control, i.e. PC server with the network interface card. The final system structure is shown in left figure. IP control gateway is positioned between two network devices (for example: core switch and border router). Its main functions include access control and traffic statistics. The access control engine module control network packet forwarding according to the corresponding access permission. The tasks of lower two module are traffic usage information collection and IP packet content recording respectively. 2019/4/8

8 IPCG design & implementation(3/4)
System configuration CPU: Intel Xeon up 2.0GHz x 2 MEM: 1GB HD: >80GB Control NIC: Intel 1000M NICx2(internal, external) Management NIC OS: RedHat Linux 7.2 This page displays the typical IP control gateway system configuration. The network interface card is Intel’s one gigabit NIC. The operating system is Linux. 2019/4/8

9 IPCG design & implementation(4/4)
Traffic graph bit/s This is an actual traffic graph captured on May 26, 2004. In this graph, the maximum bidirectional throughput and packet forwarding rate are 1800Mbps and 400Kpps respectively. Through three year’s practice and trial, the performance of IP control gateway system is very satisfied. packet/s 2019/4/8

10 IPCG & network accounting system(1/1)
User Authentication HTTPS User management LDAP IPCG query service User logon/logoff Traffic This is our new network accounting system architecture. First, the end user input his username, password and network access request to authentication gateway. Once authentication is ok, the user’s access permission will be granted by the IP control gateway. Then the user can use the network as usual. The user’s traffic usage information can be import to the billing database from IP control gateway on schedule. In this accounting system, HTTPS and LDAP are used in user authentication and user management respectively. In additional, the user logon or logoff and traffic information can be retrieved from IP control gateway. 2019/4/8

11 Conclusion(1/2) Features user-based network access control
support up to 1 Gbps adopt general and open platform low cost, investment protection wide applicable Through the above introduction, we can summarize the following features of IP control gateway: 1 Network access control is the core function of IP control gateway. Every user can modify his network access permission according to his own demand at any time. 2 IP control gateway supports one gigabit network speed. 3 IP control gateway is implemented on the general and open platform, it is very convenient to upgrade and migrate. 4 The amount of IP control gateway cost is very low, thus investment can be protected at all. 5 As a standalone system, IP control gateway can be applied in accounting system and other application environment. 2019/4/8

12 Conclusion(2/2) Next plan network behavior analysis support IPv6
up to 10 Gbps IP control gateway can control packet forwarding according to the requirement of network management, and traffic data can match to its real user. These two functions are very useful to in-depth monitor and analyze network behavior. In the future, IP control gateway will be enhanced to support IPv6 protocol and 10 gigabit network speed. 2019/4/8

13 Thank you 2019/4/8 That is all of my speech.
Thank you for your listening, thank you very much. 2019/4/8

Download ppt "IP Control Gateway (IPCG)"

Similar presentations

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:

Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
1 MASTERING (VIRTUAL) NETWORKS A Case Study of Virtualizing Internet Lab Avin Chen Borokhovich Michael Goldfeld Arik.

1 MASTERING (VIRTUAL) NETWORKS A Case Study of Virtualizing Internet Lab Avin Chen Borokhovich Michael Goldfeld Arik.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009. We create innovative software solutions for SharePoint,

Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in We create innovative software solutions for SharePoint,
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as e-mail.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Chapter 9: Novell NetWare

Chapter 9: Novell NetWare
Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.

Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.

NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
Database Design and Management CPTG 424. 10/23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,

Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.
Operating System Principles And Multitasking www.eITnotes.com.

Operating System Principles And Multitasking
2.1 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 2: Examining.

2.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 2: Examining.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Similar presentations

Ads by Google