一个裸PC NAT盒

2012 International Conference on Communications and Information Technology (ICCIT) Pub Date : 2012-06-26 DOI:10.1109/ICCITECHNOL.2012.6285809

Anthony K. Tsetse, A. Wijesinha, R. Karne, Alae Loukili

{"title":"一个裸PC NAT盒","authors":"Anthony K. Tsetse, A. Wijesinha, R. Karne, Alae Loukili","doi":"10.1109/ICCITECHNOL.2012.6285809","DOIUrl":null,"url":null,"abstract":"Bare PC systems are of interest to builders of minimalist platforms in the next-generation Internet. The bare platform enables software to run directly on ordinary PC hardware without using any operating system or kernel. Bare PC systems perform better than conventional systems and are immune to attacks that target the underlying operating system. We have designed and implemented a bare PC system to perform the essential function of NAT (Network Address Translation) that occurs at the boundary of all private and public networks including ISP boundaries in homes and businesses. We compared the performance of the bare PC NAT and that of a Linux-based NAT running on the same hardware in a test LAN environment. The results show that the bare PC NAT has significantly better performance than the Linux NAT with respect to inbound and outbound packet processing time, and throughput, regardless of packet size and payload application type. Moreover, there is a 34% improvement in the maximum number of packets per second (pps) over Linux under heavy traffic. Internal timings on the bare PC NAT box indicate that there is plenty of capacity left for implementing supplementary functions such as packet filtering, deep packet inspection, and routing if needed.","PeriodicalId":435718,"journal":{"name":"2012 International Conference on Communications and Information Technology (ICCIT)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"A bare PC NAT box\",\"authors\":\"Anthony K. Tsetse, A. Wijesinha, R. Karne, Alae Loukili\",\"doi\":\"10.1109/ICCITECHNOL.2012.6285809\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Bare PC systems are of interest to builders of minimalist platforms in the next-generation Internet. The bare platform enables software to run directly on ordinary PC hardware without using any operating system or kernel. Bare PC systems perform better than conventional systems and are immune to attacks that target the underlying operating system. We have designed and implemented a bare PC system to perform the essential function of NAT (Network Address Translation) that occurs at the boundary of all private and public networks including ISP boundaries in homes and businesses. We compared the performance of the bare PC NAT and that of a Linux-based NAT running on the same hardware in a test LAN environment. The results show that the bare PC NAT has significantly better performance than the Linux NAT with respect to inbound and outbound packet processing time, and throughput, regardless of packet size and payload application type. Moreover, there is a 34% improvement in the maximum number of packets per second (pps) over Linux under heavy traffic. Internal timings on the bare PC NAT box indicate that there is plenty of capacity left for implementing supplementary functions such as packet filtering, deep packet inspection, and routing if needed.\",\"PeriodicalId\":435718,\"journal\":{\"name\":\"2012 International Conference on Communications and Information Technology (ICCIT)\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 International Conference on Communications and Information Technology (ICCIT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCITECHNOL.2012.6285809\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 International Conference on Communications and Information Technology (ICCIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCITECHNOL.2012.6285809","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

裸机系统是下一代互联网中极简平台的建设者感兴趣的。裸机平台使软件可以直接在普通PC硬件上运行，而无需使用任何操作系统或内核。裸机PC系统比传统系统性能更好，并且不受针对底层操作系统的攻击。我们设计并实现了一个裸PC系统来执行NAT(网络地址转换)的基本功能，该功能发生在所有私有和公共网络的边界，包括家庭和企业的ISP边界。我们在测试LAN环境中比较了在相同硬件上运行的裸PC NAT和基于linux的NAT的性能。结果表明，无论数据包大小和有效负载应用程序类型如何，在入站和出站数据包处理时间和吞吐量方面，裸PC NAT的性能明显优于Linux NAT。此外，在流量大的情况下，每秒最大数据包数(pps)比Linux提高了34%。裸PC NAT盒的内部计时表明，如果需要，还有足够的容量用于实现包过滤、深度包检测和路由等补充功能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A bare PC NAT box

Bare PC systems are of interest to builders of minimalist platforms in the next-generation Internet. The bare platform enables software to run directly on ordinary PC hardware without using any operating system or kernel. Bare PC systems perform better than conventional systems and are immune to attacks that target the underlying operating system. We have designed and implemented a bare PC system to perform the essential function of NAT (Network Address Translation) that occurs at the boundary of all private and public networks including ISP boundaries in homes and businesses. We compared the performance of the bare PC NAT and that of a Linux-based NAT running on the same hardware in a test LAN environment. The results show that the bare PC NAT has significantly better performance than the Linux NAT with respect to inbound and outbound packet processing time, and throughput, regardless of packet size and payload application type. Moreover, there is a 34% improvement in the maximum number of packets per second (pps) over Linux under heavy traffic. Internal timings on the bare PC NAT box indicate that there is plenty of capacity left for implementing supplementary functions such as packet filtering, deep packet inspection, and routing if needed.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 International Conference on Communications and Information Technology (ICCIT)

自引率

0.00%

发文量