CN105791288A - Key virtual link protection method based on multiple parallel paths - Google Patents
Key virtual link protection method based on multiple parallel paths Download PDFInfo
- Publication number
- CN105791288A CN105791288A CN201610116992.3A CN201610116992A CN105791288A CN 105791288 A CN105791288 A CN 105791288A CN 201610116992 A CN201610116992 A CN 201610116992A CN 105791288 A CN105791288 A CN 105791288A
- Authority
- CN
- China
- Prior art keywords
- virtual link
- data
- crucial
- virtual
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/24—Multipath
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a key virtual link protection method based on multiple parallel paths. The method comprises an identification process of generating a virtual topology according to a virtual network request and identifying and discovering key virtual links in the virtual network topology; a mapping process of mapping the key virtual links to multiple paths of a physical network; and a judging process of sending multiple data copies to a destination node in parallel through multiple paths and determining finally received data according to a judging mechanism. According to the method, a redundant mechanism and a multi-mode judgment decision-making method are imported; network service abnormities resulting from single path invalidity are avoided; the security of the virtual network service is effectively improved; and the network robustness is improved.
Description
Technical field
The present invention relates to technical field of network security, particularly to a kind of crucial virtual link means of defence based on parallel duplex footpath.
Background technology
That network virtualization supports variation network architecture and agreement in the Same Physical network facilities and deposit, thus overcome " network gene is dull ", promote network technology innovation, receive the extensive concern of academia and industrial circle.Bottom physical network is mapped as multiple virtual net in logic by network virtualization, and different virtual nets uses different routing policies and procotol.Single virtual network is the service tangent plane being formed by connecting by one group of dummy node and virtual link according to tenant's demand.In recent years, along with the maturation of network virtualization technology, the cloud data center network based on Intel Virtualization Technology is subject to the great attention of Party, government and army and enterprise with the advantage of its effect of scale economy.Data center is just becoming the distribution centre of internet data and diversified service.
But, people enjoy that network virtualization technology brings simultaneously easily, be also faced with huge security risk.Attack for cloud platform increases year by year, and in cloud platform, network key facility becomes attack primary goal.Network key link is vulnerable to ddos attack, and virtual network safe and highly efficient operation is brought great challenge.Once this type of attack of assailant's successful implementation, it will cause that the abnormal poor efficiency of whole network running is even paralysed.Therefore, it is badly in need of a kind of virtual net mapping method being able to ensure that security of system when being subject to network attack.
Summary of the invention
For the deficiencies in the prior art, the present invention provides a kind of crucial virtual link means of defence based on parallel duplex footpath, as network protection means, for solving in virtual network the attack to critical link, solves its security threat faced.
According to design provided by the present invention, a kind of crucial virtual link means of defence based on parallel duplex footpath, comprise the steps of:
Step 1, virtual link identification, generate virtual network topology according to virtual net request, the traffic demand of each virtual link in virtual network topology be analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, crucial virtual link L map, and are mapped on a plurality of nonintersecting paths of physical network by the crucial virtual link L identified in step 1, the flow of the crucial virtual link L of parallel carrying;
Step 3, data decision, the a plurality of nonintersecting paths utilizing step 2 physical network sends many parts of data trnascriptions to destination node, at destination node place, data are carried out caching process, according to concordance decision mechanism, choose the maximum data of consistent quantity as finally receiving data.
Above-mentioned, step 2 specifically comprises the steps of:
Step 2.1, demand according to crucial virtual link L end node, be respectively mapped to physical node A ', B ', A by virtual terminal node A, B ', B ' namely respectively source node, destination node;
Step 2.2, according to the bandwidth of crucial virtual link L and delay requirement, the several ways footpath between A ', B ' selects multiple nonintersecting paths, concurrently the crucial virtual link L flow of carrying.
Above-mentioned, described step 3 specifically comprises following content:
Step 3.1, receive data at source node A ' place, utilize mulitpath transmitted in parallel data trnascription to destination node B ';
Step 3.2, at destination node B ' place, data are carried out caching process;
Step 3.3, utilize many numbers that destination node B ' buffer area stores according to comprehensively adjudicating, according to concordance decision mechanism, if the quantity that the quantity of data consistent is inconsistent more than data, adjudicate consistent data and be the data being properly received, otherwise, return step 2 crucial virtual link L is remapped.
Beneficial effects of the present invention:
The present invention passes through the redundancy properties of multipath and the concordance mode decision scheme that destination node is data cached, introduce redundancy scheme and multimode judgement, avoid the network service that single-pathway inefficacy causes abnormal, when making network faces security threat, can better ensure the network operation, improve the robustness of network, be effectively improved the security performance of virtual network service.
Accompanying drawing illustrates:
Fig. 1 is the schematic flow sheet of the present invention;
Fig. 2 is the virtual link identification schematic diagram of the present invention;
The crucial virtual link that Fig. 3 is the present invention maps schematic diagram;
Fig. 4 is the data decision schematic flow sheet of the present invention.
Detailed description of the invention:
Below in conjunction with accompanying drawing and technical scheme, the present invention is further detailed explanation, and describes embodiments of the present invention in detail by preferred embodiment, but embodiments of the present invention are not limited to this.
Embodiment one, shown in Figure 1, a kind of crucial virtual link means of defence based on parallel duplex footpath, comprise the steps of:
Step 1, virtual link identification, generate virtual network topology according to virtual net request, the traffic demand of each virtual link in virtual network topology be analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, crucial virtual link L map, and are mapped on a plurality of nonintersecting paths of physical network by the crucial virtual link L identified in step 1, the flow of the crucial virtual link L of parallel carrying;
Step 3, data decision, the a plurality of nonintersecting paths utilizing step 2 physical network sends many parts of data trnascriptions to destination node, at destination node place, data are carried out caching process, according to concordance decision mechanism, choose the maximum data of consistent quantity as finally receiving data.
By the concordance decision mechanism that the redundancy properties of multipath and destination node are data cached, avoid the network service that single-pathway inefficacy causes abnormal so that during network faces security threat, can better ensure the network operation, improve the robustness of network, it is ensured that the security performance of virtual network service.
Embodiment two, shown in Fig. 1 ~ 4, plants the crucial virtual link means of defence based on parallel duplex footpath, comprises the steps of:
Step 1, virtual link identification, generate virtual network topology according to virtual net request, the traffic demand of each virtual link in virtual network topology be analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, crucial virtual link L map, and are mapped on a plurality of nonintersecting paths of physical network by the crucial virtual link L identified in step 1, the flow of the crucial virtual link L of parallel carrying;
Specifically, the demand according to crucial virtual link L end node, virtual terminal node A, B are respectively mapped to physical node A ', B ', A ', B ' namely respectively source node, destination node;Bandwidth according to crucial virtual link L and delay requirement, select multiple nonintersecting paths in the several ways footpath between A ', B ', as it is shown on figure 3, select 3 nonintersecting paths p1, p2, p3, and the crucial virtual link L flow of carrying concurrently;
Step 3, data decision, the a plurality of nonintersecting paths utilizing step 2 physical network sends many parts of data trnascriptions to destination node, at destination node place, data are carried out caching process, according to concordance decision mechanism, choose the maximum data of consistent quantity as finally receiving data;
Specifically, receive data at source node A ' place, and replicate multiple copies of data, by the nonintersecting paths transmitted in parallel data trnascription that selects in step 2 to destination node B ';Consider that between different path, data arrive the time difference of destination node, carry out caching process at destination node B ' place to data;Utilize many numbers that destination node B ' buffer area stores according to comprehensively adjudicating, according to concordance decision mechanism, if the quantity that the quantity of data consistent is inconsistent more than data, adjudicate consistent data and be the data being properly received, otherwise, return step 2 crucial virtual link L is remapped.
By the concordance mode decision scheme that the redundancy properties of multipath and destination node are data cached, introduce redundancy scheme and multimode judgement, avoid the network service that single-pathway inefficacy causes abnormal, when making network faces security threat, can better ensure the network operation, improve the robustness of network, be effectively improved the security performance of virtual network service, effectively guarantee the effective operation of whole network.
The invention is not limited in above-mentioned detailed description of the invention, those skilled in the art also can make multiple change accordingly, but any change equivalent or similar with the present invention all should be contained within the scope of the claims.
Claims (3)
1. the crucial virtual link means of defence based on parallel duplex footpath, it is characterised in that: comprise the steps of:
Step 1, virtual link identification, generate virtual network topology according to virtual net request, the traffic demand of each virtual link in virtual network topology be analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, crucial virtual link L map, and are mapped on a plurality of nonintersecting paths of physical network by the crucial virtual link L identified in step 1, the flow of the crucial virtual link L of parallel carrying;
Step 3, data decision, the a plurality of nonintersecting paths utilizing step 2 physical network sends many parts of data trnascriptions to destination node, at destination node place, data are carried out caching process, according to concordance decision mechanism, choose the maximum data of consistent quantity as finally receiving data.
2. the crucial virtual link means of defence based on parallel duplex footpath according to claim 1, it is characterised in that: step 2 specifically comprises the steps of:
Step 2.1, demand according to crucial virtual link L end node, be respectively mapped to physical node A ', B ', physical node A ', B ' respectively source node, destination node by virtual terminal node A, B;
Step 2.2, according to the bandwidth of crucial virtual link L and delay requirement, the several ways footpath between A ', B ' selects multiple nonintersecting paths, concurrently the crucial virtual link L flow of carrying.
3. the crucial virtual link means of defence based on parallel duplex footpath according to claim 2, it is characterised in that: described step 3 specifically comprises following content:
Step 3.1, receive data at source node A ' place, utilize mulitpath transmitted in parallel data trnascription to destination node B ';
Step 3.2, at destination node B ' place, data are carried out caching process;
Step 3.3, utilize many numbers that destination node B ' buffer area stores according to comprehensively adjudicating, according to concordance decision mechanism, if the quantity that the quantity of data consistent is inconsistent more than data, adjudicate consistent data and be the data being properly received, otherwise, return step 2 crucial virtual link L is remapped.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610116992.3A CN105791288B (en) | 2016-03-02 | 2016-03-02 | Crucial virtual link means of defence based on parallel duplex diameter |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610116992.3A CN105791288B (en) | 2016-03-02 | 2016-03-02 | Crucial virtual link means of defence based on parallel duplex diameter |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105791288A true CN105791288A (en) | 2016-07-20 |
CN105791288B CN105791288B (en) | 2018-12-04 |
Family
ID=56387641
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610116992.3A Active CN105791288B (en) | 2016-03-02 | 2016-03-02 | Crucial virtual link means of defence based on parallel duplex diameter |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105791288B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109344007A (en) * | 2018-09-29 | 2019-02-15 | 安徽江淮汽车集团股份有限公司 | A kind of dual-clutch transmission NVM data method of calibration and module |
CN110611672A (en) * | 2019-09-17 | 2019-12-24 | 中国人民解放军战略支援部队信息工程大学 | Network space safety protection method, server equipment, node equipment and system |
US10862762B2 (en) * | 2017-02-13 | 2020-12-08 | Oracle International Corporation | Implementing a single-addressable virtual topology element in a virtual topology |
US11082300B2 (en) | 2016-08-03 | 2021-08-03 | Oracle International Corporation | Transforming data based on a virtual topology |
CN113411296A (en) * | 2021-05-07 | 2021-09-17 | 上海纽盾科技股份有限公司 | Situation awareness virtual link defense method, device and system |
CN113556770A (en) * | 2021-07-27 | 2021-10-26 | 广东电网有限责任公司 | Data verification method, device, terminal and readable storage medium |
US11240152B2 (en) | 2016-09-02 | 2022-02-01 | Oracle International Corporation | Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110044665A1 (en) * | 2008-06-30 | 2011-02-24 | Panasonic Corporation | Recording device, recording method, reproduction device, and reproduction method |
CN102868733A (en) * | 2012-08-29 | 2013-01-09 | 北京邮电大学 | Method for remapping virtual network resources |
CN103457752A (en) * | 2012-05-30 | 2013-12-18 | 中国科学院声学研究所 | Virtual network mapping method |
CN103812748A (en) * | 2014-01-20 | 2014-05-21 | 北京邮电大学 | Mapping method of survivable virtual network |
CN104917659A (en) * | 2015-06-02 | 2015-09-16 | 浙江大学 | Virtual network connection property-based virtual network mapping method |
-
2016
- 2016-03-02 CN CN201610116992.3A patent/CN105791288B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110044665A1 (en) * | 2008-06-30 | 2011-02-24 | Panasonic Corporation | Recording device, recording method, reproduction device, and reproduction method |
CN103457752A (en) * | 2012-05-30 | 2013-12-18 | 中国科学院声学研究所 | Virtual network mapping method |
CN102868733A (en) * | 2012-08-29 | 2013-01-09 | 北京邮电大学 | Method for remapping virtual network resources |
CN103812748A (en) * | 2014-01-20 | 2014-05-21 | 北京邮电大学 | Mapping method of survivable virtual network |
CN104917659A (en) * | 2015-06-02 | 2015-09-16 | 浙江大学 | Virtual network connection property-based virtual network mapping method |
Non-Patent Citations (3)
Title |
---|
WANG ZHI MING ET AL.: ""survivable virtual network mapping using optimal backup topology in virtualized SDN"", 《CHINA COMMUNICATIONS》 * |
李小玲 等: ""一种基于约束优化的虚拟网络映射方法"", 《计算机研究与发展》 * |
李小玲 等: ""虚拟网络映射问题研究及其进展"", 《软件学报》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11082300B2 (en) | 2016-08-03 | 2021-08-03 | Oracle International Corporation | Transforming data based on a virtual topology |
US11240152B2 (en) | 2016-09-02 | 2022-02-01 | Oracle International Corporation | Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network |
US10862762B2 (en) * | 2017-02-13 | 2020-12-08 | Oracle International Corporation | Implementing a single-addressable virtual topology element in a virtual topology |
CN109344007A (en) * | 2018-09-29 | 2019-02-15 | 安徽江淮汽车集团股份有限公司 | A kind of dual-clutch transmission NVM data method of calibration and module |
CN109344007B (en) * | 2018-09-29 | 2022-04-12 | 安徽江淮汽车集团股份有限公司 | Double-clutch transmission NVM data verification method and module |
CN110611672A (en) * | 2019-09-17 | 2019-12-24 | 中国人民解放军战略支援部队信息工程大学 | Network space safety protection method, server equipment, node equipment and system |
CN113411296A (en) * | 2021-05-07 | 2021-09-17 | 上海纽盾科技股份有限公司 | Situation awareness virtual link defense method, device and system |
CN113556770A (en) * | 2021-07-27 | 2021-10-26 | 广东电网有限责任公司 | Data verification method, device, terminal and readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN105791288B (en) | 2018-12-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105791288A (en) | Key virtual link protection method based on multiple parallel paths | |
Yan et al. | Effective software‐defined networking controller scheduling method to mitigate DDoS attacks | |
Aujla et al. | Adaptflow: Adaptive flow forwarding scheme for software-defined industrial networks | |
CN104506511A (en) | Moving target defense system and moving target defense method for SDN (self-defending network) | |
CN101523372A (en) | Decentralised multi-user online environment | |
CN106789190A (en) | A kind of power telecom network vulnerability assessment and routing optimization method | |
CN107122221A (en) | Compiler for regular expression | |
CN102148832B (en) | High-efficiency method for identifying border gateway routing protocol path | |
WO2020135190A1 (en) | Secure route identification method and device | |
Moulahi et al. | Privacy‐preserving federated learning cyber‐threat detection for intelligent transport systems with blockchain‐based security | |
CN105812372A (en) | Single-packet tracing method based on label switching | |
CN103858381A (en) | Distributed system and method for tracking and blocking malicious internet hosts | |
US20170180334A1 (en) | Data security utilizing disassembled data structures | |
CN109359992A (en) | A kind of novel block chain subregion sliced fashion and device | |
CN107124365A (en) | A kind of acquisition system of the routing policy based on machine learning | |
Abou El Houda et al. | A mec-based architecture to secure iot applications using federated deep learning | |
Yen et al. | Security vulnerabilities and protection algorithms for backpressure-based traffic signal control at an isolated intersection | |
Vairagade et al. | Enabling machine learning‐based side‐chaining for improving QoS in blockchain‐powered IoT networks | |
Wang et al. | Deep learning for securing software-defined industrial internet of things: attacks and countermeasures | |
Li et al. | The new threat to internet: DNP attack with the attacking flows strategizing technology | |
KR101275709B1 (en) | Packet processing system for network based data loss prevention capable of distributed processing depending on application protocol and method thereof | |
CN105791300A (en) | Single packet tracing method based on tracking trace importance evaluation | |
US20230188561A1 (en) | Ai-supported network telemetry using data processing unit | |
CN103702321A (en) | Route credibility evaluation model for wireless sensor network | |
Ai et al. | Survey on the scheme evaluation, opportunities and challenges of software defined‐information centric network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |