CN105791279B - A kind of mimicry SDN controller construction method - Google Patents
A kind of mimicry SDN controller construction method Download PDFInfo
- Publication number
- CN105791279B CN105791279B CN201610111148.1A CN201610111148A CN105791279B CN 105791279 B CN105791279 B CN 105791279B CN 201610111148 A CN201610111148 A CN 201610111148A CN 105791279 B CN105791279 B CN 105791279B
- Authority
- CN
- China
- Prior art keywords
- controller
- network
- mimicry
- data
- decision
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0852—Delays
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
- H04L43/0888—Throughput
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of mimicry SDN controller construction method, including control plane, scheduling level and data level, control plane realizes that the controller for providing network-based control and management role multiple isomery redundancies executes body;Data plane completes the hardware facilities such as forwarding capability, including interchanger, router of data in network;Control plane is communicated by scheduling level with data plane, and dispatch layer face includes transponder, perceptron, decision-making device and scheduler;Mimicry SDN controller construction method, the specific steps are that: step 1: collection network status information is forwarded to controller and executes body;Step 2: perception detection is carried out to network operation state in real time;Step 3: being dynamically scheduled the controller of control layer, and is put to the vote output using majority decision mechanism to lower photos and sending messages.The device has the administrative mechanism of perception Dynamic Scheduling Controller, and then it is abnormal to avoid the network operation caused by single controller fails, and external attack is made to be difficult to capture the execution unit of responsible network management, while the decision-making mechanism of majority decision also further improves the security performance of SDN.
Description
Technical field
The invention belongs to technical field of network security, it is specifically related to a kind of mimicry SDN controller construction method and dress
It sets.
Background technique
In recent years, SDN was rapidly growing, and obtained the extensive concern of academia and industry, and was applied successfully to business
Network field.And controller has played key effect in SDN deployment operation as the core component of control plane.Therefore needle
Attack to controller, such as ddos attack distort the similar attack form of flow table with what is initiated based on loophole and back door, to bottom
Network security efficient operation brings great challenge.Once the such attack of attacker's successful implementation, it will whole network is caused to be transported
Make abnormal, inefficient even to paralyse.
And there is also very very much not when coping with above-mentioned security threat for existing SDN operating mechanism or controller secure mechanism
Foot, thus be badly in need of it is a kind of can when facing controller failure case still effective guarantee SDN operation device.
Summary of the invention
The present invention for the prior art there are SDN when facing controller failure case can not effective guarantee SDN operation
Problem proposes a kind of mimicry SDN controller construction method.
The technical scheme is that a kind of mimicry SDN controller construction method, including control plane, scheduling level
And data plane, control plane realize that the controller for providing network-based control and management role multiple isomery redundancies executes body;
Data plane completes the hardware facilities such as forwarding capability, including interchanger, router of data in network;Control plane passes through tune
Degree level is communicated with data plane, and dispatch layer face includes transponder, perceptron, decision-making device and scheduler;Mimicry SDN control
Device construction method processed, the specific steps are that:
Step 1: collection network status information is forwarded to controller and executes body;
Step 2: perception detection being carried out to network operation state in real time;
Step 3: dynamically the controller of control layer is scheduled,
Step 4: being put to the vote output using majority decision mechanism to lower photos and sending messages.
The mimicry SDN controller construction method, network state information specifically includes that controller is managed in step 1
Manage the status informations such as topology information and the interchanger of subnet.
The mimicry SDN controller construction method, the detection in the step 2 includes link congestion situation, network
The network performance parameters such as time delay and handling capacity.
The mimicry SDN controller construction method, the step 3 are dispatched in 4 and judgement method particularly includes:
Step 301: execute according to selection mechanism and sensing results from T normal isomery controllers selected in bodies M into
Row majority decision, specifically, M before previous moment may be selected1A controller participates in stream rule and generates, M after current time may be selected2
It is a, then subsequent time can select M at random3It is a, i.e., it is responsible for the number of management network-based control device every time and object is not stopping to become
Change;
Step 302: the generation data for the M controller selected enter decision device;
Step 303: decision device selects the controller data finally issued according to the mechanism of majority decision, specifically, judgement
The consistent quantity of data whether be more than input half, be such as more than otherwise the most consistent data distributings of selection notify scheduler
Scheduling scheme is regenerated, controller corresponding to inconsistent data, which is considered as, to be abnormal;
Step 304: if there is exception according to judgement and sensing results discovery controller, being controlled next time from rejecting abnormalities
M controller progress majority decision is dispatched in set after device, and after taking Restoration Mechanism to exception control device, rejoining can
The controller set being scheduled for.
The transponder: the mimicry SDN controller construction method is responsible for collecting subnet topology and switch status
Etc. information, and forward information to all controllers, then controller selects storage more new information or generation according to self-role
Stream rule.
The mimicry SDN controller construction method, the perceptron: real-time monitoring sensing network state simultaneously carries out different
Often detection judges network operation situation by the relevant status data of analysis subnet, such as notes abnormalities, in the form of alert message
Sensing results are informed into scheduler.
The decision-making device: the mimicry SDN controller construction method is generated for receiving from control layer controller
Information, and complete to be issued to the information decision of subnet using majority decision method, when decision is completed, as a result with notification message
Mode informs scheduler.
The scheduler: the mimicry SDN controller construction method is responsible for scheduling controller and carries out pipe to subnet
Reason, possesses timing and information triggers two kinds of operating mechanisms, and foundation perceives dynamic scheduling mode, and then does to the role of controller
Specific aim adjusts out.
The beneficial effects of the present invention are: the invention discloses a kind of mimicry SDN controller construction method, by utilizing control
The isomery redundancy properties of device processed, comprehensive respective security advantages, and combine the decision-making party of perception dynamic scheduling and majority decision
Method when so that facing security threat, can more preferably guarantee the robustness, elasticity and survival ability of the network operation, to improve SDN
Security performance.
Detailed description of the invention
Fig. 1 is mimicry SDN controller construction method flow diagram;
Fig. 2 is the SDN attachment structure schematic diagram of mimicry controller.
Specific embodiment
Embodiment 1: in conjunction with Fig. 1-Fig. 2, a kind of mimicry SDN controller construction method, including control plane, scheduling level
And data plane, control plane realize that the controller for providing network-based control and management role multiple isomery redundancies executes body;
Data plane completes the hardware facilities such as forwarding capability, including interchanger, router of data in network;Control plane passes through tune
Degree level is communicated with data plane, and dispatch layer face includes transponder, perceptron, decision-making device and scheduler;Mimicry SDN control
Device construction method processed, the specific steps are that:
Step 1: collection network status information is forwarded to controller and executes body;Network state information specifically includes that controller
The status informations such as the topology information of institute's management subnet and interchanger.
Step 2: perception detection being carried out to network operation state in real time;Detection includes link congestion situation, network delay
And the network performance parameters such as handling capacity.
Step 3,4: being dynamically scheduled the controller of control layer, and using majority decision mechanism to lower photos and sending messages into
Row voting output.
Scheduling and judgement method particularly includes: step 301: according to selection mechanism and sensing results from T normal isomeries
Controller executes in body and selects M progress majority decision, specifically, M before previous moment may be selected1A controller participates in stream rule
It generates, M after current time may be selected2It is a, then subsequent time can select M at random3It is a, i.e., it is responsible for management network-based control device every time
Number and object do not stopping to change.
Step 302: the generation data for the M controller selected enter decision device;
Step 303: decision device selects the controller data finally issued according to the mechanism of majority decision, specifically, judgement
The consistent quantity of data whether be more than input half, be such as more than otherwise the most consistent data distributings of selection notify scheduler
Scheduling scheme is regenerated, controller corresponding to inconsistent data, which is considered as, to be abnormal;
Step 304: if there is exception according to judgement and sensing results discovery controller, being controlled next time from rejecting abnormalities
M controller progress majority decision is dispatched in set after device, and after taking Restoration Mechanism to exception control device, rejoining can
The controller set being scheduled for.
Transponder: it is responsible for collecting the information such as subnet topology and switch status, and forwards information to all controllers, so
Controller selects storage more new information according to self-role or generates stream rule afterwards.
Perceptron: real-time monitoring sensing network state simultaneously carries out abnormality detection, and passes through the relevant status data of analysis subnet
Judge network operation situation, such as notes abnormalities, sensing results are informed into scheduler in the form of alert message.Decision-making device: it is used for
The information generated from control layer controller is received, and is issued to the information decision of subnet using the completion of majority decision method, when
When decision is completed, scheduler is as a result informed in a manner of notification message.
Scheduler: being responsible for scheduling controller and be managed to subnet, possesses timing and information triggers two kinds of operating mechanisms, according to
Specific aim adjustment is made according to the dynamic scheduling mode of perception, and then to the role of controller.
Claims (7)
1. a kind of mimicry SDN controller construction method, including control plane, scheduling level and data level, control plane are real
Now to network-based control and management role, the controller for providing multiple isomery redundancies executes body;Data plane completes number in network
According to forwarding capability, including interchanger, router hardware facility;Control plane is led to by scheduling level with data plane
News, dispatch layer face includes transponder, perceptron, decision-making device and scheduler;It is characterized by: mimicry SDN controller building side
Method, the specific steps are that:
Step 1: collection network status information is forwarded to controller and executes body;
Step 2: perception detection being carried out to network operation state in real time;
Step 3: dynamically the controller of control layer is scheduled,
Step 4: being put to the vote output using majority decision mechanism to lower photos and sending messages;
The step 3 is dispatched in 4 and judgement method particularly includes:
Step 301: selecting M from T normal isomery controllers execution bodies according to selection mechanism and sensing results and selected
More judgements, specifically, M before previous moment may be selected1A controller participates in stream rule and generates, M after current time may be selected2It is a, then
Subsequent time can select M at random3It is a, i.e., it is responsible for the number of management network-based control device every time and object is not stopping to change;
Step 302: the generation data for the M controller selected enter decision device;
Step 303: decision device selects the controller data finally issued specifically to judge data according to the mechanism of majority decision
Consistent quantity whether be more than input half, be such as more than otherwise the most consistent data distributings of selection notify scheduler again
Scheduling scheme is generated, controller corresponding to inconsistent data, which is considered as, to be abnormal;
Step 304: if there is exception according to judgement and sensing results discovery controller, next time after rejecting abnormalities controller
Set in M controller of scheduling carry out majority decision, and after taking Restoration Mechanism to exception control device, rejoin for tune
The controller set of degree.
2. mimicry SDN controller construction method according to claim 1, it is characterised in that: network state in step 1
Information specifically includes that the topology information and switch status information of controller institute management subnet.
3. mimicry SDN controller construction method according to claim 1, it is characterised in that: the detection in the step 2
Including link congestion situation, network delay and throughput network performance parameter.
4. mimicry SDN controller construction method according to claim 1, it is characterised in that: the transponder: being responsible for receipts
Collect subnet topology and switch status information, and forward information to all controllers, then controller is selected according to self-role
It selects storage more new information or generates stream rule.
5. mimicry SDN controller construction method according to claim 1, it is characterised in that: the perceptron: prison in real time
It surveys sensing network state and carries out abnormality detection, network operation situation is judged by the relevant status data of analysis subnet, such as
It notes abnormalities, sensing results is informed into scheduler in the form of alert message.
6. mimicry SDN controller construction method according to claim 1, it is characterised in that: the decision-making device: for connecing
The information generated from control layer controller is received, and is issued to the information decision of subnet using the completion of majority decision method, when certainly
When plan is completed, scheduler is as a result informed in a manner of notification message.
7. mimicry SDN controller construction method according to claim 1, it is characterised in that: the scheduler: being responsible for tune
Degree controller is managed subnet, possesses timing and information triggers two kinds of operating mechanisms, and foundation perceives dynamic scheduling mode,
And then specific aim adjustment is made to the role of controller.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610111148.1A CN105791279B (en) | 2016-02-29 | 2016-02-29 | A kind of mimicry SDN controller construction method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610111148.1A CN105791279B (en) | 2016-02-29 | 2016-02-29 | A kind of mimicry SDN controller construction method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105791279A CN105791279A (en) | 2016-07-20 |
CN105791279B true CN105791279B (en) | 2018-12-18 |
Family
ID=56403117
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610111148.1A Active CN105791279B (en) | 2016-02-29 | 2016-02-29 | A kind of mimicry SDN controller construction method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105791279B (en) |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106713232A (en) * | 2015-11-13 | 2017-05-24 | 北京奇虎科技有限公司 | Device and method of authenticating eID on mobile terminal |
CN106357470B (en) * | 2016-11-15 | 2019-09-10 | 中国电子科技集团公司第四十一研究所 | One kind threatening method for quickly sensing based on SDN controller network |
CN106487598B (en) * | 2016-11-15 | 2018-06-29 | 国家数字交换***工程技术研究中心 | The more examples of isomery redundancy Snmp agreements realize system and its implementation |
CN106656834B (en) * | 2016-11-16 | 2019-07-23 | 上海红阵信息科技有限公司 | The parallel normalized device and method of Intermediate System-Intermediate System isomery function equivalence body |
CN106713262B (en) * | 2016-11-17 | 2020-05-15 | 上海红阵信息科技有限公司 | Credibility-based heterogeneous executive dynamic scheduling device and scheduling method thereof |
CN106961422B (en) * | 2017-02-24 | 2020-06-05 | 中国人民解放军信息工程大学 | Mimicry security method and device of DNS recursive server |
CN106982207B (en) * | 2017-03-13 | 2019-06-28 | 中国人民解放军信息工程大学 | A kind of method and system of dynamic dispatching network operating system |
CN106992982B (en) * | 2017-03-31 | 2020-06-26 | 中国人民解放军信息工程大学 | SDN-based dynamic routing protocol executor implementation device and method |
CN107360135B (en) * | 2017-06-09 | 2020-07-24 | 中国人民解放军信息工程大学 | Mimicry network operating system, construction device and method |
CN107294991B (en) * | 2017-07-04 | 2020-03-31 | 中国人民解放军信息工程大学 | Network function defense system based on output judgment and safety protection method |
CN107659666A (en) * | 2017-11-03 | 2018-02-02 | 山东师范大学 | Real-time video dissemination system and method based on mobile subscriber |
CN108322431B (en) * | 2017-12-14 | 2021-01-19 | 杭州电子科技大学 | Dynamic multi-mode heterogeneous redundancy industrial control safety net relationship and intrusion sensing method |
CN109218440B (en) * | 2018-10-12 | 2020-12-15 | 上海拟态数据技术有限公司 | Dynamic scheduling method for heterogeneous executive bodies of scene simulation web server |
CN109450900B (en) * | 2018-11-09 | 2020-12-01 | 天津市滨海新区信息技术创新中心 | Mimicry judgment method, device and system |
CN110290100B (en) * | 2019-03-06 | 2021-11-09 | 广东电网有限责任公司信息中心 | Simulation Web server based on SDN and user request processing method |
CN110149309A (en) * | 2019-04-04 | 2019-08-20 | 中国人民解放军战略支援部队信息工程大学 | A kind of router threatens cognitive method and system |
CN111970223B (en) * | 2019-05-20 | 2022-06-21 | 南京红阵网络安全技术研究院有限公司 | Endogenous safe single WLAN control system and method |
CN110247928B (en) * | 2019-06-29 | 2020-09-15 | 河南信大网御科技有限公司 | Simulation switch safety flow control device and method |
CN110401601B (en) * | 2019-08-20 | 2021-09-03 | 之江实验室 | Mimicry routing protocol system and method |
CN110995651B (en) * | 2019-10-31 | 2021-10-15 | 浙江工商大学 | Method for judging reliability of heterogeneous executive pool |
CN111049677B (en) * | 2019-11-27 | 2021-11-23 | 网络通信与安全紫金山实验室 | Cleaning and recovering method and device for mimic switch heterogeneous execution body |
CN113285871B (en) * | 2020-02-19 | 2022-08-12 | 中国电信股份有限公司 | Link protection method, SDN controller and communication network system |
CN112532635B (en) * | 2020-12-01 | 2023-04-18 | 郑州昂视信息科技有限公司 | Security verification method and device of mimicry defense equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104955069A (en) * | 2015-07-28 | 2015-09-30 | 北京邮电大学 | SDN-based different channel deployment WLAN system and seamless switching method thereof |
CN104993941A (en) * | 2015-05-14 | 2015-10-21 | 西安电子科技大学 | Openflow-based network highly-fault-tolerant virtual network mapping algorithm |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW201329469A (en) * | 2012-01-06 | 2013-07-16 | Novatek Microelectronics Corp | Interface circuit for testing |
-
2016
- 2016-02-29 CN CN201610111148.1A patent/CN105791279B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104993941A (en) * | 2015-05-14 | 2015-10-21 | 西安电子科技大学 | Openflow-based network highly-fault-tolerant virtual network mapping algorithm |
CN104955069A (en) * | 2015-07-28 | 2015-09-30 | 北京邮电大学 | SDN-based different channel deployment WLAN system and seamless switching method thereof |
Non-Patent Citations (1)
Title |
---|
"基于SDN技术的异构网络切换技术的研究";邱晓娜;《中国优秀硕士学位论文全文数据库信息科技辑》;20150831;第2.3.1、4.2、5.1节 * |
Also Published As
Publication number | Publication date |
---|---|
CN105791279A (en) | 2016-07-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105791279B (en) | A kind of mimicry SDN controller construction method | |
KR101700141B1 (en) | Method and apparatus for maintaining port state tables in a forwarding plane of a network element | |
US10637886B2 (en) | Software defined network capable of detecting DDoS attacks and switch included in the same | |
CN106100999A (en) | Image network flow control protocol in a kind of virtualized network environment | |
CN104639374B (en) | A kind of application deployment management system | |
US20130010610A1 (en) | Network routing adaptation based on failure prediction | |
CN102801738B (en) | Distributed DoS (Denial of Service) detection method and system on basis of summary matrices | |
CN105847083A (en) | Business centralized monitoring method and system | |
US20110270957A1 (en) | Method and system for logging trace events of a network device | |
CN104243337A (en) | Method and device for cross-cluster load balancing | |
WO2020211561A1 (en) | Data processing method and device, storage medium and electronic device | |
CN102882701B (en) | A kind of electrical network core business data intelligent monitoring warning system and method | |
CN108092847B (en) | A kind of electric power LTE wireless terminal remote on-line monitoring method | |
KR101107739B1 (en) | Detection system for abnormal traffic in voip network and method for detecting the same | |
CN103810076B (en) | The monitoring method and device of data duplication | |
CN107612754A (en) | Two-way conversion link fault detection method, device and apparatus for network node | |
US20180269963A1 (en) | Method and apparatus for hot standby of controllers in distributed protection | |
CN106254338B (en) | Message detecting method and device | |
CN109040198B (en) | Information generating and transmitting system and method | |
WO2018112869A1 (en) | Alarm synchronization method and system | |
CN112929200B (en) | SDN multi-controller oriented anomaly detection method | |
CN103747026A (en) | Alarm method and alarm device of openflow flow table | |
CN105072101A (en) | SDN controller end system based on intrusion tolerance and safety communication method | |
US9866456B2 (en) | System and method for network health and management | |
CN112291266A (en) | Data processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |