Virtualization of Secure Access Device Based on Container

Abstract

Abstract: Facing the access requirements of massive power Internet of Things terminals at the information network and Internet boundary in power system, aiming at the problems of uneven resource allocation, poor compatibility, poor scalability and performance bottleneck of various devices at the traditional secure access boundary, a secure access virtualization model based on container is proposed, which adopts DPDK high-performance packet processing framework, mature container cluster management framework, service computing node arrangement and other key technologies completely separate the data plane from the control plane, build an independent data virtualization forwarding plane, and use SR-IOV technology to realize the virtualization of hardware resources and unified scheduling management, and service the security access capability. The security access device cluster based on this model has high performance, high availability, flexible arrangement and strong scalability. The experimental results show that the model can make efficient and rational use of hardware resources and greatly improve the efficiency of power system boundary security access.

Key words: virtualization, container, compute node, forwarding plane, secure access

JI Yuan, ZHENG Wei-bo, WANG Zi, . Virtualization of Secure Access Device Based on Container[J]. Computer and Modernization, 2022, 0(09): 106-110.

References ［25］

［1］	林春. 基于KVM设备虚拟化技术的研究［D］.西安：西安电子科技大学, 2014.
［2］	车翔. QEMU-KVM设备虚拟化研究与改进［D］. 成都：成都理工大学, 2012.
［3］	ANDERSON C. Docker［J］. IEEE Software, 2015,32（3）:102-103.
［4］	LI Z, KIHL M, LU Q H, et al. Performance overhead comparison between hypervisor and container based virtualization［C］// 2017 IEEE 31st International Conference on Advanced Information Networking and Applications （AINA）. 2017:955-962.
［5］	宋卫平,沈磊,佘文魁. 基于DPDK的虚拟化系统高性能网络模块的研究与实现［J］. 科技创新导报, 2020（20）:125-133.
［6］	SEZER S, SCOTT-HAYWARD S, CHOUHAN P, et al. Are we ready for SDN? Implementation challenges for software-defined networks［J］. IEEE Communications Magazine, 2013,51（7）:36-43.
［7］	KUMAR R, TRIVEDI M C. Networking analysis and performance comparison of kubernetes CNI plugins［M］// Advances in Computer, Communication and Computational Sciences. 2019:99-109.
［8］	HAO Z, WANG B S, DENG W P, et al. Measurement and evaluation for docker container networking［C］// 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery （CyberC）. 2017:105.
［9］	BARACH D, LINGUAGLOSSA L, MARION D, et al. High-speed software data plane via vectorized packet processing［J］. IEEE Communications Magazine, 2018,56（12）:97-103.
［10］	王煜炜,刘敏,马诚,等. 面向网络功能虚拟化的高性能负载均衡机制［J］. 计算机研究与发展, 2018,55（4）:689-703.
［11］	黄云霞,董哲一,孟凡欣. 物联网发展中的安全风险及对策研究［J］. 信息安全与通信保密, 2020（5）:78-84.
［12］	KAPOCIUS N. Performance studies of kubernetes networksolutions［C］// 2020 IEEE Open Conference of Electrical, Electronic and Information Sciences （eStream）. 2020:1-6.
［13］	张朝昆,崔勇,唐翯翯,等. 软件定义网络（SDN）研究进展［J］. 软件学报, 2015,26（1）:62-81.
［14］	高先明,张晓哲,卢泽新,等. 面向虚拟路由器转发平面的改进机制［C］// 第32届中国控制会议. 2013.
［15］	NIKOLOUDAKIS Y, MARKAKIS E, MASTORAKIS G, et al. ［IEEE 2017 IEEE conference on network function virtualization and software defined networks （NFV-SDN） - Berlin, Germany（2017.11.6-2017.11.8）］［C］// 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks （NFV-SDN） - An NFV-Powered. 2017:258-263.
［16］	QI S, KULKARNI S G, RAMAKRISHNAN K K. Understanding container network interface plugins: Design considerations and performance［C］// 2020 IEEE International Symposium on Local and Metropolitan Area Networks （LANMAN）. 2020. DOI:10.1109/LANMAN49260.2020.9153266.
［17］	SUO K, YONG Z, WEI C, et al. An analysis and empirical study of container networks［C］// IEEE INFOCOM 2018-IEEE Conference on Computer Communications. 2018:189-197.
［18］	DAVID B. Containers and cloud: From LXC to Docker to Kubernetes［J］. IEEE Cloud Computing, 2014,1（3）.81-84.
［19］	EDDINE K D, ABDELMADJID B, HICHAM L. Internet of things security: A top-down survey［J］. Computer Networks, 2018,141:199-221.
［20］	VICTOR M, RAFAEL T C, JOSE A B, et al. Characterising resource management performance in kubernetes［J］. Computers and Electrical Engineering, 2018,68:286-297.
［21］	GUAN H B, DONG Y Z, MA R H, et al. Performance enhancement for network I/O virtualization with efficient interrupt coalescing and virtual receive side scaling［J］. IEEE Transactions on Parallel and Distributed Systems, 2013,24（6）:1118-1128.
［22］	〖JP+1〗HWANG J, RAMAKRISHNAN K, WOOD T. NetVM:High performance and flexible networking using virtualization on commodity platforms［J］. IEEE Transactions on Network and Service Management, 2015,12（1）:34-47.
［23］	赵宁,谢淑翠. 基于DPDK的高效数据包捕获技术分析与应用［J］. 计算机工程与科学, 2016,38（11）:2209-2215.
［24］	YOUNGKI P, HYUNSIK Y, YOUNGHAN K. Performance analysis of CNI（container networking interface） based container network［C］// 2018 International Conference on Information and Communication Technology Convergence （ICTC）. 2018:248-250.
［25］	LI Z, KIHL M, LU Q H, et al. Performance overhead comparison between hypervisor and container based virtualization［C］// 2017 IEEE 31st International Conference on Advanced Information Networking and Applications （AINA）. 2017:955-962.

[1]	ZHOU Yong-fu, XU Sheng-chao. Dynamic Allocation Algorithm of Container Cloud Resources Based on Bi-level Programming [J]. Computer and Modernization, 2022, 0(12): 1-5.
[2]	XU Sheng-chao, YE Li-hong. Container Cloud Queue Online Task Dynamic Allocation Based on Long Short-term Memory Neural Network [J]. Computer and Modernization, 2022, 0(07): 79-84.
[3]	YOU Qiang-zhi, HU Huai-xiang, CHEN Xiang-yu. Fast Memory Synchronization Technology for Container Thermal Migration [J]. Computer and Modernization, 2022, 0(01): 17-22.
[4]	XU Sheng-chao, XIONG Mao-hua. Optimization of Container Cloud Resource Allocation Based on Genetic Algorithm [J]. Computer and Modernization, 2022, 0(01): 108-112.
[5]	WU Jin-yu1, ZHANG Li-juan2, SUN Hong-di2, LAI Yu-yang2. Trusted Secure Access Scheme of Ubiquitous Power IoT [J]. Computer and Modernization, 2020, 0(04): 52-.
[6]	TANG Zi-zhuo1， WU Ke-he1， LI Wei1， ZHANG Xian-kang2， CUI A-jun2. Research and Implementation of Security Access System for #br# Video Terminal Based on Business Secret Algorithm [J]. Computer and Modernization, 2020, 0(02): 46-.
[7]	ZHANG Zi-ye1, LIU Yu-long1, HU Bei2 . Multi-source Data Integration Method Based on Data Virtualization Technology [J]. Computer and Modernization, 2019, 0(11): 18-.
[8]	TU Xue-zhen1, YANG Hai-chao2. A Horizontal Elastic Expansion and Contraction System Based on Kubernetes [J]. Computer and Modernization, 2019, 0(07): 25-.
[9]	ZHANG Chao, LI Xiao-ping. Application of Gray-level Hybrid Method in Recognition of Container Number [J]. Computer and Modernization, 2019, 0(05): 41-.
[10]	CAO Yu, YANG Jun. A Deep Learning Based Elastic Retractable Algorithm for Cloud Platform [J]. Computer and Modernization, 2019, 0(04): 17-.
[11]	WU Xin-quan, YANG Jun. Big Data Log Collection System Based on Self-controlled Container Platform [J]. Computer and Modernization, 2019, 0(02): 102-.
[12]	WANG Yi-chao1, WANG Yu-mei2. Intelligent Equipment Maintenance and Management Platform#br# Based on Microservice Architecture [J]. Computer and Modernization, 2018, 0(10): 79-.
[13]	MA Yu-peng1,2, JIANG Tong-hai2. Vehicle Gas Cylinder Supervision System Based on IOT [J]. Computer and Modernization, 2015, 0(3): 96-100.
[14]	CAI Dong-jiao. Application of Virtualization Technology in Experiment Teaching [J]. Computer and Modernization, 2015, 0(11): 109-112.
[15]	SHEN Qingguo， HUANG Liaoruo， LUO Jian. Analyses of Softwaredefined Network and Its Application [J]. Computer and Modernization, 2014, 0(4): 133-137.