由於近幾年來節點(Node)、連結(Link)和內容(Content)三方面的快速成長，網際網路快速發展。然而隨著網際網路上的流量愈來愈大，自然不能放任其無限制的自由發展。網路的不當應用會造成網路效能低落以及頻寬利用效率不彰，就其原因可大致上歸類有：一、惡意流量橫行，二、流量過剩的點對點封包；另外，由於網路的設計是為了要達到一般化，因此在許多方面都有所不足，很多時候都需要一些額外的功能例如：一、欲保證某些應用的服務品質(Quality of Service, QoS)；二、為了達到某些網路節點如交換器、路由器的負載平衡；三、為了要能夠在廣域網路中提供機密性達到類似區域網路的效果。因此各式各樣技術應運而生，而其中一種正是網路虛擬化技術。
美國史丹佛大學研究團隊提出了OpenFlow，OpenFlow是一種網路虛擬化技術，但有一些不盡完美之處，本篇論文改良了OpenFlow所提出來的解決方案，搭配NetFPGA硬體平台以實作一可虛擬化的高速網路交換器。
本論文所設計之系統於NV Switch中加入轉送表，使一般封包不需要經由Controller決定路徑或學習，而可以直接由NV Switch的NetFPGA硬體處理，加快封包傳送以及縮短封包來回時間。本系統使原本無支援伸展樹協定的硬體架構轉變成可以支援伸展樹協定以避免網路中迴圈的產生。另外在負載平衡方面，可以善加利用空閒的路徑，例如由伸展樹協定所決定打斷的線路。在封包重新導向方面，亦可以特定封包走指定的虛擬網路，例如把某已知殭屍網路流量導向HoneyPot。最後也可以新增條目來阻擋流量，例如已知某IP擁有者不斷發送惡意封包，即可將之阻擋，達到部分防火牆之功能。

Due to node, link, and content made great progress in the past few years, Internet is flourishing. However, the traffic becomes heavier to some extent so we cannot leave it without any restraint. Abuse in Internet, such as malicious flow and increasing P2P traffic, results in bad performance and low utilization of the bandwidth. Furthermore, internet was originally designed to meet some general needs, and this caused that some additional functionalities are not supported or not fully supported. For example, QoS, load balance, security, or experimental research. Accordingly, many solutions come with the tide, and one of them is virtualization.
A reasearch team in Standford University issues OpenFlow, which is a technology of virtualization. However, the solution has some defects in some aspects. This paper revised the solution and implements a “Network Virtualizable Switch,” a high throughput virtualizable switch with NetFPGA.
This paper adds a forwarding module in NV Switch. As a consequence, all normal packets can be directly processed and forwarded by NV Switch, rather than being processed by controller. NV Switch enable NetFPGA to support Spanning Tree Protocol to prevent looping. Besides, in load balance aspect, NV Switch can utilize the spare link, such as those link blocked by spanning tree protocol. NV Switch can block or redirect the malicious flows to honeypot or honeynet via assigned virtual network.

[1]“A Blueprint for Introducing Disruptive Technology into the Internet,” Larry Peterson, Tom Anderson, David Culler, and Timothy Roscoe, Proceedings of the First ACM Workshop on Hot Topics in Networking (HotNets), October 2002.
[2]“A Packet Generator on the NetFPGA Platform,” G. Adam Covington, Glen Gibb, John W. Lockwood, Nick McKeown, The 17th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM), Napa, CA; April 5-7, 2009.
[3]“A Survey of Network Virtualization,” N.M. Mosharaf Kabir Chowdhury, and Raouf Boutaba, Technical Report, CS-2008-25, October 2008.
[4]“A Survey of Programmable Networks,” Andrew T. Campbell, Herman G. De Meer, Michael E. Kounavis, Kazuho Miki, John B. Vicente, and Daniel Villela, SIGCOMM Computer Communication Review, vol. 29, no. 2, pages 7-23, 1999.
[5]“A Virtual Internet Architecture,” Joseph D. Touch, Yu-Shun Wang, Lars Eggert, and Gregory G. Finn, ISI Technical Report ISI-TS-2003-570, March 2003.
[6]“Building the Carrier-Class IP Next-Generation Network,” Cisco White Paper, http://www.cisco.com/en/US/prod/collateral/routers/ps5763/prod_white_paper0900aecd802e2a52_ns573_Networking_Solutions_White_Paper.html
[7]“Can the Production Network Be the Testbed?” Rob Sherwood, Glen Gibb, Kok-Kiong Yap, Guido Appenzeller, Martin Casado, Nick Mckeown, and Guru Parulkar, Proceedings of OSDI, October2010.
[8]“Carving Research Slices Out of Your Production Network with OpenFlow,” Rob Sherwood, Michael Chan, Glen Gibb, Nikil Handigol, Te-Yuan Huang, Peyman Kazemian, Masayoshi Kobayashi, David Underhill, Kok-Kiong Yap, Guido Appenzeller, and Nick McKeown, Sigcomm 2009 Demo Session, ACM Sigcomm, August 2009.
[9]“Flowvisor: A Network Virtualization Layer,” Rob Sherwood, Glen Gibb, Kok-Kiong Yap, Guido Appenzeller, Martin Casado, Nick McKeown, and Guru Parulkar, 2009.
[10]“Implementing an OpenFlow Switch on the NetFPGA Platform,” Jad Naous, David Erickson, G. Adam Covington, Guido Appenzeller, Nick McKeown, ACM/IEEE Symposium on Architectures for Networking and Communications Systems; San Jose, CA; November 6-7, 2008.
[11]“NetFPGA: Reusable Router Architecture for Experimental Research,” Jad Naous, Glen Gibb, Sara Bolouki, and Nick McKeown, SIGCOMM PRESTO Workshop, Seattle, WA, August 2008.
[12]“Netfpga–An Open Platform for Gigabit-rate Network Switching and Routing,” John W. Lockwood, Nick McKeown, Greg Watson, Glen Gibb, Paul Hartke, Jad Naous, Ramanan Raghuraman, and Jianying Luo, MSE ’07: Proceedings of the 2007 IEEE International Conference on Microelectronic Systems Education, pages 160–161, 2007.
[13]“Network Virtualization – a View from the Bottom,” Jorge Carapinha, and Javier Jiménez, Applications, Technologies, Architectures, and Protocols for Computer Communication, Proceedings of the 1st ACM workshop on Virtualized infrastructure systems and architectures, 2009.
[14]“Network Virtualization Architecture: Proposal and Initial Prototype,” Gregor Schaffrath, Christoph Werle, Panagiotis Papadimitriou, Anja Feldmann, Roland Bless, Adam Greenhalgh, Andreas Wundsam, Mario Kind, Olaf Maennel, and Laurent Mathy, Applications, Technologies, Architectures, and Protocols for Computer Communication, Proceedings of the 1st ACM workshop on Virtualized infrastructure systems and architectures, 2009.
[15]“Network Virtualization: A Viable Path Towards the Future Internet,” Norbert Niebert, Ibtissam El Khayat, Stephan Baucke, Ralf Keller, René Rembarz, and Joachim Sachs, Springer Wireless Personal Communications, Volume 45, pages 511-520, March 2008.
[16]“Network Virtualization: State of the Art and Research Challenges,” N.M. Mosharaf Kabir Chowdhury, and Raouf Boutaba, IEEE Communications Magazine, Volume 47, no. 7, pages 20-26, 2009.
[17]“OpenFlow: enabling innovation in campus networks,” Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, and Jonathan Turner, ACM SIGCOMM Computer Communication Review, Volume 38 Issue 2, Pages 69-74, April 2008.
[18]“Overcoming the Internet Impasse through Virtualization,” Tom Anderson, Larry Peterson, Scott Shenker, and Jonathan Turner, IEEE Computer Volume 38 Issue 4, Pages 34-41, April 2005
[19]“PlanetLab: An Overlay Testbed for Broad-Coverage Services,” Brent Chun, David Culler, Timothy Roscoe, Andy Bavier, Larry Peterson, Mike Wawrzoniak, Mic Bowman, SIGCOMM Computer Communication Review, 2003.
[20]“Rethinking the Design of the Internet: The End-to-End Arguments vs. the Brave New World,” Marjory S. Blumenthal, and David D. Clark, ACM Transactions on Internet Technology, Volume 1 Issue 1, Pages 70-109, August 2001.
[21]“Router Virtualization in Service Providers,” Cisco White Paper, http://www.cisco.com/en/US/solutions/collateral/ns341/ns524/ns562/ns573/white_paper_c11-512753_ns573_Networking_Solutions_White_Paper.html
[22]“THE X-BONE,” Joe Touch, and Steve Hotz, Third Global Internet Mini-Conference at Globecom, pages 59-68, 1998.
[23]“Using PlanetLab for Network Research: Myths, Realities, and Best Practices,” Neil Spring, Larry Peterson, Andy Bavier, and Vivek Pai, SIGOPS Operating Systems Review, vol. 40, no. 1, pages 17-24, 2006.
[24]“Virtualization in the Core of the Network,” Juniper White Paper, http://www.juniper.net/us/en/local/pdf/whitepapers/2000299-en.pdf
[25]“What is a VPN?” Paul Ferguson, and Geoff Huston, Cisco Systems, Technical Report, April 1998.
[26]“Why the Internet only just works,” M. Handley, BT Technology Journal, Volume 24 Number 3, Pages 119-129, 2006.
[27]Application Layer Packet Classifier for Linux, http://l7-filter.sourceforge.net/
[28]Cisco, http://www.cisco.com/
[29]GENI: Global Environment for Network Innovations, http://www.geni.net/
[30]Google, http://www.google.com.tw/
[31]IEEE 802.1D, http://standards.ieee.org/getieee802/download/802.1D-2004.pdf
[32]IEEE 802.1Q, Virtual Bridged Local Area Networks, http://standards.ieee.org/getieee802/download/802.1Q-2005.pdf
[33]IETF RFC 2003, IP Encapsulation within IP, http://www.ietf.org/rfc/rfc2003.txt
[34]IETF RFC 2341, IP Based Virtual Private Network, http:// www.ietf.org/rfc/rfc2341.txt
[35]IETF RFC 4026, Provider Provisioned Virtual Private Network (VPN) Terminology, http://www.ietf.org/rfc/rfc4026.txt
[36]Juniper, http://juniper.net
[37]Microsoft® How far will you take virtual, http://www.microsoft.com/virtualization/en/us/default.aspx
[38]National LambdaRail, http://www.nlr.net/
[39]NetFPGA IPv4 Reference Router, http://netfpga.org/foswiki/bin/view/NetFPGA/OneGig/ReferenceRouterSummary
[40]NetFPGA Packet Generator, http://netfpga.org/foswiki/bin/view/NetFPGA/OneGig/PacketGenerator
[41]NetFPGA: Programmable Networking Hardware, http://netfpga.org/
[42]Official IPP2P homepage, http://www.ipp2p.org/
[43]Oracle® Enterprise Manager Extends Management to Oracle VM Server Virtualization, http://www.oracle.com/us/corporate/press/017955_EN
[44]PlanetLab: An open platform for developing, deploying, and accessing planetary-scale services, http://www.planet-lab.org/
[45]Princeton University, http://www.princeton.edu/main/
[46]Red Hat® Enterprise Virtualization 2.2, http://www.redhat.com/virtualization/rhev/
[47]Stanford University Class CS344: Building an Internet Router, http://yuba.stanford.edu/cs344/
[48]Stanford University, http://www.stanford.edu/
[49]The netfilter.org "iptables" project, http://www.netfilter.org/projects/iptables/
[50]The netfilter.org project, http://www.netfilter.org/
[51]The OpenFlow Switch Consortium, http://www.openflowswitch.org/
[52]Xilinx, http://www.xilinx.com/