Design Of ACL System Based On IPv6and Optimization Of Its Packet Matching Algorithm

With the rapid development of Internet, IPv4protocol can not meet users’ demands and catch up with the development trend of internet. IPv6protocol is put forward in this context and increasingly attached importance by people. The related research about security problem of IPv6Internet has been a research hotspot in present network field. ACL technology is widely used in current network security, but there is no router ACL system that can be completely used to IPv6network. Under this situation, how to implement IPv6ACL system and how to enhance the functionality of IPv6ACL system after achieving the system has become essential issues which these network equipment vendors need to solve with. Therefore, the research of router ACL system based on IPv6protocol has important practical and theoretical meaning.The article discusses the design of router ACL system based on IPv6protocol. The achievement of design depends on deeply researching and summarizing the characteristics of IPv6network and ACL system. The article also proposes an improved algorithm of ACL message-match based on hash structure to make up for the defects causing by the inefficient message-match algorithm, thereby improves message processing property. The major study contents in this article as follows:(1) The paper details IPv6protocol and ACL technology, so as to assist the subsequent system design implement. Meanwhile, under researching the existing IPv4ACL system, the article comes up with the feasibility and necessity of the design of ACL system based on IPv6.(2) This article depicts the design of IPv6-based ACL system from three aspects. Firstly, it introduces the overall frame and the overall process of ACL system which represents the system’s overall design. Secondly, the paper illustrates the relationship and mutual effects between other modules on routers and IPv6-based ACL system to assist the design of exchange scheme of IPv6-based ACL system. Then, under the overall frame of IPv6-based ACL system, the paper performs designs for internal processing of IPv6-based ACL system. Finally, the article emphasizes on the designs of both rule base and message processing module.(3) Upon completion of the design of the Pv6ACL system, the paper deeply studies its traditional message-match algorithm, and analyzes its message-match efficiency through establishing its mathematical model and summarizes its mathematical features, then, it comes up with an improved algorithm of ACL match based on hash structure to cover its defects.(4) This paper designs network experimental environment to test the IPv6ACL system. The experimental result shows that this system can effectively control IPv6network data flow and can classify data flow. Besides, the article uses Smartbits6000C equipment of Spirent Company to verify optimization scheme of message matching algorithm. The experimental result proves that optimizing scheme can effectively improve message processing efficiency of IPv6ACL the system.