计算机工程Issue(5):154-157,4.DOI:10.3969/j.issn.1000-3428.2014.05.032
基于SR-IOV的虚拟机防火墙设计与实现
Design and Implementation of Virtual Machine Firewall Based on SR-IOV
摘要
Abstract
Aiming at the problem of low performance caused by frequent switching between user mode and kernel mode, multiple copies of data between the virtual domains through virtual network data transmission, this paper proposes a high performance virtual machine firewall, and it adopts the network packet filtering and high performance of SR-IOV to make virtual domain directly interact with the real network card. Aiming at the problem of vulnerable attack for a lower privilege level virtual domain firewall, it takes higher privilege level of Xen to real-time monitor the virtual machine firewall module and protect it from illegally accessing. Experimental results show that the deployment of SR-IOV network card in the virtual machine firewall makes the network I/O performance increase by 1 time compared with the Xen network I/O assess mode. The deployment of the monitor module in Xen can successfully prevent the firewall from unauthorized access and malicious tampering, and ensure the safety of the firewall.关键词
虚拟化/Xen虚拟机管理器/SR-IOV规范/防火墙/高性能/监控Key words
virtualization/Xen Virtual Machine Manager(VMM)/SR-IOV specification/firewall/high-performance/monitoring分类
信息技术与安全科学引用本文复制引用
荀仲恺,黄皓,金胤丞..基于SR-IOV的虚拟机防火墙设计与实现[J].计算机工程,2014,(5):154-157,4.基金项目
国家“863”计划基金资助项目(2011AA01A202);江苏省“六大人才高峰”高层次人才基金资助项目(2011-DZXX-035);江苏省高校自然科学研究基金资助项目(12KJB520001)。 (2011AA01A202)
