NAT Technology and Its Application Based on Netfilter

【中文文摘】NAT技术是为了解决IPv4网络地址空间的不够而提出的一种过渡技术，并由于其简单、高效的特性而得到了广泛的应用。该文介绍了NAT技术及在Linux 2.4内核中基于Netfilter框架的NAT实现原理，并结合实验室的网络建设，给出其在实验室网络建设中应用实例。 【英文文摘】NAT is one of the most important technologies to resolve the lack of IPv4 addresses, and has been widely applied in the extension of LAN for Internet. This paper details on the NAT technology and its implementation principle based on Netfilter in Linux 2.4 kernel. With the Netfilter technology, it builds up a LAN in the laboratory accessed to Internet, and the outline of the LAN is also presented.国家自然科学基金项目（60076015）;; 福建省自然科学基金项目（ A0010019）;; 福建省高新技术项

Internetworking: an analysis and proposal

As the number of computer networks has grown, so has the desire for users on these networks to communicate with each other, thus the need for internetworking. Unfortunately, many of these networks were not designed with internetworking capabilities in mind. The internetworking facilities offered by a typical network range from non-existent to state of the art. Two major efforts towards internetworking are the DARPA Internet protocols and the OSI Internetworking protocols. The goals of this thesis are to acquaint the reader with the qualities which are desired in an internetworking scheme, to describe how internetworking is accomplished currently, and how these protocols might be modified to better suit the needs of the internetwork user. To this end, this thesis will develop the functional requirements for an ideal internetwork, describe two current methods for internetworking, and analyze these methods against the ideal internetwork. The advantages and disadvantages of each internetworking method will be discussed. After this analysis, suggestions will be made as to how these internetworking schemes could more closely resemble the ideal internetwork

Ethernet Networks for Real-Time Use in the ATLAS Experiment

Ethernet became today's de-facto standard technology for local area networks. Defined by the IEEE 802.3 and 802.1 working groups, the Ethernet standards cover technologies deployed at the first two layers of the OSI protocol stack. The architecture of modern Ethernet networks is based on switches. The switches are devices usually built using a store-and-forward concept. At the highest level, they can be seen as a collection of queues and mathematically modelled by means of queuing theory. However, the traffic profiles on modern Ethernet networks are rather different from those assumed in classical queuing theory. The standard recommendations for evaluating the performance of network devices define the values that should be measured but do not specify a way of reconciling these values with the internal architecture of the switches. The introduction of the 10 Gigabit Ethernet standard provided a direct gateway from the LAN to the WAN by the means of the WAN PHY. Certain aspects related to the actual use of WAN PHY technology were vaguely defined by the standard. The ATLAS experiment at CERN is scheduled to start operation at CERN in 2007. The communication infrastructure of the Trigger and Data Acquisition System will be built using Ethernet networks. The real-time operational needs impose a requirement for predictable performance on the network part. In view of the diversity of the architectures of Ethernet devices, testing and modelling is required in order to make sure the full system will operate predictably. This thesis focuses on the testing part of the problem and addresses issues in determining the performance for both LAN and WAN connections. The problem of reconciling results from measurements to architectural details of the switches will also be tackled. We developed a scalable traffic generator system based on commercial-off-the-shelf Gigabit Ethernet network interface cards. The generator was able to transmit traffic at the nominal Gigabit Ethernet line rate for all frame sizes specified in the Ethernet standard. The calculation of latency was performed with accuracy in the range of +/- 200 ns. We indicate how certain features of switch architectures may be identified through accurate throughput and latency values measured for specific traffic distributions. At this stage, we present a detailed analysis of Ethernet broadcast support in modern switches. We use a similar hands-on approach to address the problem of extending Ethernet networks over long distances. Based on the 1 Gbit/s traffic generator used in the LAN, we develop a methodology to characterise point-to-point connections over long distance networks. At higher speeds, a combination of commercial traffic generators and high-end servers is employed to determine the performance of the connection. We demonstrate that the new 10 Gigabit Ethernet technology can interoperate with the installed base of SONET/SDH equipment through a series of experiments on point-to-point circuits deployed over long-distance network infrastructure in a multi-operator domain. In this process, we provide a holistic view of the end-to-end performance of 10 Gigabit Ethernet WAN PHY connections through a sequence of measurements starting at the physical transmission layer and continuing up to the transport layer of the OSI protocol stack

Per-hop Internet Measurement Protocols

Accurately measuring per-hop packet dynamics on an Internet path is difficult. Currently available techniques have many well-known limitations that can make it difficult to accurately measure per-hop packet dynamics. Much of the difficulty of per-hop measurement is due to the lack of protocol support available to measure an Internet path on a per-hop basis. This thesis classifies common weaknesses and describes a protocol for per-hop measurement of Internet packet dynamics, known as the IP Measurement Protocol, or IPMP. With IPMP, a specially formed probe packet collects information from intermediate routers on the packet's dynamics as the packet is forwarded. This information includes an IP address from the interface that received the packet, a timestamp that records when the packet was received, and a counter that records the arrival order of echo packets belonging to the same flow. Probing a path with IPMP allows the topology of the path to be directly determined, and for direct measurement of per-hop behaviours such as queueing delay, jitter, reordering, and loss. This is useful in many operational situations, as well as for researchers in characterising Internet behaviour. IPMP's design goals of being tightly constrained and easy to implement are tested by building implementations in hardware and software. Implementations of IPMP presented in this thesis show that an IPMP measurement probe can be processed in hardware without delaying the packet, and processed in software with little overhead. This thesis presents IPMP-based measurement techniques for measuring per-hop packet delay, jitter, loss, reordering, and capacity that are more robust, require less probes to be sent, and are potentially more accurate and convenient than corresponding measurement techniques that do not use IPMP

Interfaz M??vil en Software DSpace Configuraci??n e Implementaci??n para RPsico: Repositorio en Psicolog??a de la Facultad de Psicolog??a ??? Universidad Nacional de Mar del Plata.

Fil: Alvarez, Juan Pablo. Universidad Nacional de Mar del Plata. Facultad de Humanidades. Departamento de Ciencia de la Informaci??n; Argentina.Esta investigaci??n tiene por objetivo principal describir los pasos a concretar para la instalaci??n, configuraci??n y puesta a punto del tema provisto por el software DSpace para acceso a Repositorios desde Terminales M??viles, Tablets y dispositivos celulares. Este trabajo analizar??, a partir de una metodolog??a dise??ada para tal fin, interfaces m??viles en la web y aplicar?? parte del tutorial que incluye la aplicaci??n a fin de hacer posible su implementaci??n

Esquemas de segurança para sistemas de informação baseados em intranets

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação.Este trabalho foi desenvolvido visando um estudo das tecnologias de Internet e Intranet enfocando a vulnerabilidade de segurança existente. Após os estudos desenvolvidos, partiu-se para a definição dos perfis de intranet e os serviços a serem disponibilizados. Com o levantamento destes serviços verificou-se quais são suas vulnerabilidades e maneira de protegê-los. Após estes estudos elaborou-se o esquema de segurança para os diferentes perfis de Intranet