CN105791279B - A kind of mimicry SDN controller construction method - Google Patents

A kind of mimicry SDN controller construction method Download PDF

Info

Publication number
CN105791279B
CN105791279B CN201610111148.1A CN201610111148A CN105791279B CN 105791279 B CN105791279 B CN 105791279B CN 201610111148 A CN201610111148 A CN 201610111148A CN 105791279 B CN105791279 B CN 105791279B
Authority
CN
China
Prior art keywords
controller
network
mimicry
data
decision
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610111148.1A
Other languages
Chinese (zh)
Other versions
CN105791279A (en
Inventor
扈红超
齐超
邬江兴
季新生
程国振
刘文彦
毛宇星
艾健健
杨超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201610111148.1A priority Critical patent/CN105791279B/en
Publication of CN105791279A publication Critical patent/CN105791279A/en
Application granted granted Critical
Publication of CN105791279B publication Critical patent/CN105791279B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0852Delays
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • H04L43/0888Throughput

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of mimicry SDN controller construction method, including control plane, scheduling level and data level, control plane realizes that the controller for providing network-based control and management role multiple isomery redundancies executes body;Data plane completes the hardware facilities such as forwarding capability, including interchanger, router of data in network;Control plane is communicated by scheduling level with data plane, and dispatch layer face includes transponder, perceptron, decision-making device and scheduler;Mimicry SDN controller construction method, the specific steps are that: step 1: collection network status information is forwarded to controller and executes body;Step 2: perception detection is carried out to network operation state in real time;Step 3: being dynamically scheduled the controller of control layer, and is put to the vote output using majority decision mechanism to lower photos and sending messages.The device has the administrative mechanism of perception Dynamic Scheduling Controller, and then it is abnormal to avoid the network operation caused by single controller fails, and external attack is made to be difficult to capture the execution unit of responsible network management, while the decision-making mechanism of majority decision also further improves the security performance of SDN.

Description

A kind of mimicry SDN controller construction method
Technical field
The invention belongs to technical field of network security, it is specifically related to a kind of mimicry SDN controller construction method and dress It sets.
Background technique
In recent years, SDN was rapidly growing, and obtained the extensive concern of academia and industry, and was applied successfully to business Network field.And controller has played key effect in SDN deployment operation as the core component of control plane.Therefore needle Attack to controller, such as ddos attack distort the similar attack form of flow table with what is initiated based on loophole and back door, to bottom Network security efficient operation brings great challenge.Once the such attack of attacker's successful implementation, it will whole network is caused to be transported Make abnormal, inefficient even to paralyse.
And there is also very very much not when coping with above-mentioned security threat for existing SDN operating mechanism or controller secure mechanism Foot, thus be badly in need of it is a kind of can when facing controller failure case still effective guarantee SDN operation device.
Summary of the invention
The present invention for the prior art there are SDN when facing controller failure case can not effective guarantee SDN operation Problem proposes a kind of mimicry SDN controller construction method.
The technical scheme is that a kind of mimicry SDN controller construction method, including control plane, scheduling level And data plane, control plane realize that the controller for providing network-based control and management role multiple isomery redundancies executes body; Data plane completes the hardware facilities such as forwarding capability, including interchanger, router of data in network;Control plane passes through tune Degree level is communicated with data plane, and dispatch layer face includes transponder, perceptron, decision-making device and scheduler;Mimicry SDN control Device construction method processed, the specific steps are that:
Step 1: collection network status information is forwarded to controller and executes body;
Step 2: perception detection being carried out to network operation state in real time;
Step 3: dynamically the controller of control layer is scheduled,
Step 4: being put to the vote output using majority decision mechanism to lower photos and sending messages.
The mimicry SDN controller construction method, network state information specifically includes that controller is managed in step 1 Manage the status informations such as topology information and the interchanger of subnet.
The mimicry SDN controller construction method, the detection in the step 2 includes link congestion situation, network The network performance parameters such as time delay and handling capacity.
The mimicry SDN controller construction method, the step 3 are dispatched in 4 and judgement method particularly includes:
Step 301: execute according to selection mechanism and sensing results from T normal isomery controllers selected in bodies M into Row majority decision, specifically, M before previous moment may be selected1A controller participates in stream rule and generates, M after current time may be selected2 It is a, then subsequent time can select M at random3It is a, i.e., it is responsible for the number of management network-based control device every time and object is not stopping to become Change;
Step 302: the generation data for the M controller selected enter decision device;
Step 303: decision device selects the controller data finally issued according to the mechanism of majority decision, specifically, judgement The consistent quantity of data whether be more than input half, be such as more than otherwise the most consistent data distributings of selection notify scheduler Scheduling scheme is regenerated, controller corresponding to inconsistent data, which is considered as, to be abnormal;
Step 304: if there is exception according to judgement and sensing results discovery controller, being controlled next time from rejecting abnormalities M controller progress majority decision is dispatched in set after device, and after taking Restoration Mechanism to exception control device, rejoining can The controller set being scheduled for.
The transponder: the mimicry SDN controller construction method is responsible for collecting subnet topology and switch status Etc. information, and forward information to all controllers, then controller selects storage more new information or generation according to self-role Stream rule.
The mimicry SDN controller construction method, the perceptron: real-time monitoring sensing network state simultaneously carries out different Often detection judges network operation situation by the relevant status data of analysis subnet, such as notes abnormalities, in the form of alert message Sensing results are informed into scheduler.
The decision-making device: the mimicry SDN controller construction method is generated for receiving from control layer controller Information, and complete to be issued to the information decision of subnet using majority decision method, when decision is completed, as a result with notification message Mode informs scheduler.
The scheduler: the mimicry SDN controller construction method is responsible for scheduling controller and carries out pipe to subnet Reason, possesses timing and information triggers two kinds of operating mechanisms, and foundation perceives dynamic scheduling mode, and then does to the role of controller Specific aim adjusts out.
The beneficial effects of the present invention are: the invention discloses a kind of mimicry SDN controller construction method, by utilizing control The isomery redundancy properties of device processed, comprehensive respective security advantages, and combine the decision-making party of perception dynamic scheduling and majority decision Method when so that facing security threat, can more preferably guarantee the robustness, elasticity and survival ability of the network operation, to improve SDN Security performance.
Detailed description of the invention
Fig. 1 is mimicry SDN controller construction method flow diagram;
Fig. 2 is the SDN attachment structure schematic diagram of mimicry controller.
Specific embodiment
Embodiment 1: in conjunction with Fig. 1-Fig. 2, a kind of mimicry SDN controller construction method, including control plane, scheduling level And data plane, control plane realize that the controller for providing network-based control and management role multiple isomery redundancies executes body; Data plane completes the hardware facilities such as forwarding capability, including interchanger, router of data in network;Control plane passes through tune Degree level is communicated with data plane, and dispatch layer face includes transponder, perceptron, decision-making device and scheduler;Mimicry SDN control Device construction method processed, the specific steps are that:
Step 1: collection network status information is forwarded to controller and executes body;Network state information specifically includes that controller The status informations such as the topology information of institute's management subnet and interchanger.
Step 2: perception detection being carried out to network operation state in real time;Detection includes link congestion situation, network delay And the network performance parameters such as handling capacity.
Step 3,4: being dynamically scheduled the controller of control layer, and using majority decision mechanism to lower photos and sending messages into Row voting output.
Scheduling and judgement method particularly includes: step 301: according to selection mechanism and sensing results from T normal isomeries Controller executes in body and selects M progress majority decision, specifically, M before previous moment may be selected1A controller participates in stream rule It generates, M after current time may be selected2It is a, then subsequent time can select M at random3It is a, i.e., it is responsible for management network-based control device every time Number and object do not stopping to change.
Step 302: the generation data for the M controller selected enter decision device;
Step 303: decision device selects the controller data finally issued according to the mechanism of majority decision, specifically, judgement The consistent quantity of data whether be more than input half, be such as more than otherwise the most consistent data distributings of selection notify scheduler Scheduling scheme is regenerated, controller corresponding to inconsistent data, which is considered as, to be abnormal;
Step 304: if there is exception according to judgement and sensing results discovery controller, being controlled next time from rejecting abnormalities M controller progress majority decision is dispatched in set after device, and after taking Restoration Mechanism to exception control device, rejoining can The controller set being scheduled for.
Transponder: it is responsible for collecting the information such as subnet topology and switch status, and forwards information to all controllers, so Controller selects storage more new information according to self-role or generates stream rule afterwards.
Perceptron: real-time monitoring sensing network state simultaneously carries out abnormality detection, and passes through the relevant status data of analysis subnet Judge network operation situation, such as notes abnormalities, sensing results are informed into scheduler in the form of alert message.Decision-making device: it is used for The information generated from control layer controller is received, and is issued to the information decision of subnet using the completion of majority decision method, when When decision is completed, scheduler is as a result informed in a manner of notification message.
Scheduler: being responsible for scheduling controller and be managed to subnet, possesses timing and information triggers two kinds of operating mechanisms, according to Specific aim adjustment is made according to the dynamic scheduling mode of perception, and then to the role of controller.

Claims (7)

1. a kind of mimicry SDN controller construction method, including control plane, scheduling level and data level, control plane are real Now to network-based control and management role, the controller for providing multiple isomery redundancies executes body;Data plane completes number in network According to forwarding capability, including interchanger, router hardware facility;Control plane is led to by scheduling level with data plane News, dispatch layer face includes transponder, perceptron, decision-making device and scheduler;It is characterized by: mimicry SDN controller building side Method, the specific steps are that:
Step 1: collection network status information is forwarded to controller and executes body;
Step 2: perception detection being carried out to network operation state in real time;
Step 3: dynamically the controller of control layer is scheduled,
Step 4: being put to the vote output using majority decision mechanism to lower photos and sending messages;
The step 3 is dispatched in 4 and judgement method particularly includes:
Step 301: selecting M from T normal isomery controllers execution bodies according to selection mechanism and sensing results and selected More judgements, specifically, M before previous moment may be selected1A controller participates in stream rule and generates, M after current time may be selected2It is a, then Subsequent time can select M at random3It is a, i.e., it is responsible for the number of management network-based control device every time and object is not stopping to change;
Step 302: the generation data for the M controller selected enter decision device;
Step 303: decision device selects the controller data finally issued specifically to judge data according to the mechanism of majority decision Consistent quantity whether be more than input half, be such as more than otherwise the most consistent data distributings of selection notify scheduler again Scheduling scheme is generated, controller corresponding to inconsistent data, which is considered as, to be abnormal;
Step 304: if there is exception according to judgement and sensing results discovery controller, next time after rejecting abnormalities controller Set in M controller of scheduling carry out majority decision, and after taking Restoration Mechanism to exception control device, rejoin for tune The controller set of degree.
2. mimicry SDN controller construction method according to claim 1, it is characterised in that: network state in step 1 Information specifically includes that the topology information and switch status information of controller institute management subnet.
3. mimicry SDN controller construction method according to claim 1, it is characterised in that: the detection in the step 2 Including link congestion situation, network delay and throughput network performance parameter.
4. mimicry SDN controller construction method according to claim 1, it is characterised in that: the transponder: being responsible for receipts Collect subnet topology and switch status information, and forward information to all controllers, then controller is selected according to self-role It selects storage more new information or generates stream rule.
5. mimicry SDN controller construction method according to claim 1, it is characterised in that: the perceptron: prison in real time It surveys sensing network state and carries out abnormality detection, network operation situation is judged by the relevant status data of analysis subnet, such as It notes abnormalities, sensing results is informed into scheduler in the form of alert message.
6. mimicry SDN controller construction method according to claim 1, it is characterised in that: the decision-making device: for connecing The information generated from control layer controller is received, and is issued to the information decision of subnet using the completion of majority decision method, when certainly When plan is completed, scheduler is as a result informed in a manner of notification message.
7. mimicry SDN controller construction method according to claim 1, it is characterised in that: the scheduler: being responsible for tune Degree controller is managed subnet, possesses timing and information triggers two kinds of operating mechanisms, and foundation perceives dynamic scheduling mode, And then specific aim adjustment is made to the role of controller.
CN201610111148.1A 2016-02-29 2016-02-29 A kind of mimicry SDN controller construction method Active CN105791279B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610111148.1A CN105791279B (en) 2016-02-29 2016-02-29 A kind of mimicry SDN controller construction method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610111148.1A CN105791279B (en) 2016-02-29 2016-02-29 A kind of mimicry SDN controller construction method

Publications (2)

Publication Number Publication Date
CN105791279A CN105791279A (en) 2016-07-20
CN105791279B true CN105791279B (en) 2018-12-18

Family

ID=56403117

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610111148.1A Active CN105791279B (en) 2016-02-29 2016-02-29 A kind of mimicry SDN controller construction method

Country Status (1)

Country Link
CN (1) CN105791279B (en)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106713232A (en) * 2015-11-13 2017-05-24 北京奇虎科技有限公司 Device and method of authenticating eID on mobile terminal
CN106357470B (en) * 2016-11-15 2019-09-10 中国电子科技集团公司第四十一研究所 One kind threatening method for quickly sensing based on SDN controller network
CN106487598B (en) * 2016-11-15 2018-06-29 国家数字交换***工程技术研究中心 The more examples of isomery redundancy Snmp agreements realize system and its implementation
CN106656834B (en) * 2016-11-16 2019-07-23 上海红阵信息科技有限公司 The parallel normalized device and method of Intermediate System-Intermediate System isomery function equivalence body
CN106713262B (en) * 2016-11-17 2020-05-15 上海红阵信息科技有限公司 Credibility-based heterogeneous executive dynamic scheduling device and scheduling method thereof
CN106961422B (en) * 2017-02-24 2020-06-05 中国人民解放军信息工程大学 Mimicry security method and device of DNS recursive server
CN106982207B (en) * 2017-03-13 2019-06-28 中国人民解放军信息工程大学 A kind of method and system of dynamic dispatching network operating system
CN106992982B (en) * 2017-03-31 2020-06-26 中国人民解放军信息工程大学 SDN-based dynamic routing protocol executor implementation device and method
CN107360135B (en) * 2017-06-09 2020-07-24 中国人民解放军信息工程大学 Mimicry network operating system, construction device and method
CN107294991B (en) * 2017-07-04 2020-03-31 中国人民解放军信息工程大学 Network function defense system based on output judgment and safety protection method
CN107659666A (en) * 2017-11-03 2018-02-02 山东师范大学 Real-time video dissemination system and method based on mobile subscriber
CN108322431B (en) * 2017-12-14 2021-01-19 杭州电子科技大学 Dynamic multi-mode heterogeneous redundancy industrial control safety net relationship and intrusion sensing method
CN109218440B (en) * 2018-10-12 2020-12-15 上海拟态数据技术有限公司 Dynamic scheduling method for heterogeneous executive bodies of scene simulation web server
CN109450900B (en) * 2018-11-09 2020-12-01 天津市滨海新区信息技术创新中心 Mimicry judgment method, device and system
CN110290100B (en) * 2019-03-06 2021-11-09 广东电网有限责任公司信息中心 Simulation Web server based on SDN and user request processing method
CN110149309A (en) * 2019-04-04 2019-08-20 中国人民解放军战略支援部队信息工程大学 A kind of router threatens cognitive method and system
CN111970223B (en) * 2019-05-20 2022-06-21 南京红阵网络安全技术研究院有限公司 Endogenous safe single WLAN control system and method
CN110247928B (en) * 2019-06-29 2020-09-15 河南信大网御科技有限公司 Simulation switch safety flow control device and method
CN110401601B (en) * 2019-08-20 2021-09-03 之江实验室 Mimicry routing protocol system and method
CN110995651B (en) * 2019-10-31 2021-10-15 浙江工商大学 Method for judging reliability of heterogeneous executive pool
CN111049677B (en) * 2019-11-27 2021-11-23 网络通信与安全紫金山实验室 Cleaning and recovering method and device for mimic switch heterogeneous execution body
CN113285871B (en) * 2020-02-19 2022-08-12 中国电信股份有限公司 Link protection method, SDN controller and communication network system
CN112532635B (en) * 2020-12-01 2023-04-18 郑州昂视信息科技有限公司 Security verification method and device of mimicry defense equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104955069A (en) * 2015-07-28 2015-09-30 北京邮电大学 SDN-based different channel deployment WLAN system and seamless switching method thereof
CN104993941A (en) * 2015-05-14 2015-10-21 西安电子科技大学 Openflow-based network highly-fault-tolerant virtual network mapping algorithm

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201329469A (en) * 2012-01-06 2013-07-16 Novatek Microelectronics Corp Interface circuit for testing

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104993941A (en) * 2015-05-14 2015-10-21 西安电子科技大学 Openflow-based network highly-fault-tolerant virtual network mapping algorithm
CN104955069A (en) * 2015-07-28 2015-09-30 北京邮电大学 SDN-based different channel deployment WLAN system and seamless switching method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于SDN技术的异构网络切换技术的研究";邱晓娜;《中国优秀硕士学位论文全文数据库信息科技辑》;20150831;第2.3.1、4.2、5.1节 *

Also Published As

Publication number Publication date
CN105791279A (en) 2016-07-20

Similar Documents

Publication Publication Date Title
CN105791279B (en) A kind of mimicry SDN controller construction method
KR101700141B1 (en) Method and apparatus for maintaining port state tables in a forwarding plane of a network element
US10637886B2 (en) Software defined network capable of detecting DDoS attacks and switch included in the same
CN106100999A (en) Image network flow control protocol in a kind of virtualized network environment
CN104639374B (en) A kind of application deployment management system
US20130010610A1 (en) Network routing adaptation based on failure prediction
CN102801738B (en) Distributed DoS (Denial of Service) detection method and system on basis of summary matrices
CN105847083A (en) Business centralized monitoring method and system
US20110270957A1 (en) Method and system for logging trace events of a network device
CN104243337A (en) Method and device for cross-cluster load balancing
WO2020211561A1 (en) Data processing method and device, storage medium and electronic device
CN102882701B (en) A kind of electrical network core business data intelligent monitoring warning system and method
CN108092847B (en) A kind of electric power LTE wireless terminal remote on-line monitoring method
KR101107739B1 (en) Detection system for abnormal traffic in voip network and method for detecting the same
CN103810076B (en) The monitoring method and device of data duplication
CN107612754A (en) Two-way conversion link fault detection method, device and apparatus for network node
US20180269963A1 (en) Method and apparatus for hot standby of controllers in distributed protection
CN106254338B (en) Message detecting method and device
CN109040198B (en) Information generating and transmitting system and method
WO2018112869A1 (en) Alarm synchronization method and system
CN112929200B (en) SDN multi-controller oriented anomaly detection method
CN103747026A (en) Alarm method and alarm device of openflow flow table
CN105072101A (en) SDN controller end system based on intrusion tolerance and safety communication method
US9866456B2 (en) System and method for network health and management
CN112291266A (en) Data processing method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant