CN105791288A - Key virtual link protection method based on multiple parallel paths - Google Patents

Key virtual link protection method based on multiple parallel paths Download PDF

Info

Publication number
CN105791288A
CN105791288A CN201610116992.3A CN201610116992A CN105791288A CN 105791288 A CN105791288 A CN 105791288A CN 201610116992 A CN201610116992 A CN 201610116992A CN 105791288 A CN105791288 A CN 105791288A
Authority
CN
China
Prior art keywords
virtual link
data
crucial
virtual
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610116992.3A
Other languages
Chinese (zh)
Other versions
CN105791288B (en
Inventor
程国振
艾健健
陈鸿昶
陈福才
季新生
刘文彦
毛宇星
齐超
杨超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201610116992.3A priority Critical patent/CN105791288B/en
Publication of CN105791288A publication Critical patent/CN105791288A/en
Application granted granted Critical
Publication of CN105791288B publication Critical patent/CN105791288B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/24Multipath

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a key virtual link protection method based on multiple parallel paths. The method comprises an identification process of generating a virtual topology according to a virtual network request and identifying and discovering key virtual links in the virtual network topology; a mapping process of mapping the key virtual links to multiple paths of a physical network; and a judging process of sending multiple data copies to a destination node in parallel through multiple paths and determining finally received data according to a judging mechanism. According to the method, a redundant mechanism and a multi-mode judgment decision-making method are imported; network service abnormities resulting from single path invalidity are avoided; the security of the virtual network service is effectively improved; and the network robustness is improved.

Description

Crucial virtual link means of defence based on parallel duplex footpath
Technical field
The present invention relates to technical field of network security, particularly to a kind of crucial virtual link means of defence based on parallel duplex footpath.
Background technology
That network virtualization supports variation network architecture and agreement in the Same Physical network facilities and deposit, thus overcome " network gene is dull ", promote network technology innovation, receive the extensive concern of academia and industrial circle.Bottom physical network is mapped as multiple virtual net in logic by network virtualization, and different virtual nets uses different routing policies and procotol.Single virtual network is the service tangent plane being formed by connecting by one group of dummy node and virtual link according to tenant's demand.In recent years, along with the maturation of network virtualization technology, the cloud data center network based on Intel Virtualization Technology is subject to the great attention of Party, government and army and enterprise with the advantage of its effect of scale economy.Data center is just becoming the distribution centre of internet data and diversified service.
But, people enjoy that network virtualization technology brings simultaneously easily, be also faced with huge security risk.Attack for cloud platform increases year by year, and in cloud platform, network key facility becomes attack primary goal.Network key link is vulnerable to ddos attack, and virtual network safe and highly efficient operation is brought great challenge.Once this type of attack of assailant's successful implementation, it will cause that the abnormal poor efficiency of whole network running is even paralysed.Therefore, it is badly in need of a kind of virtual net mapping method being able to ensure that security of system when being subject to network attack.
Summary of the invention
For the deficiencies in the prior art, the present invention provides a kind of crucial virtual link means of defence based on parallel duplex footpath, as network protection means, for solving in virtual network the attack to critical link, solves its security threat faced.
According to design provided by the present invention, a kind of crucial virtual link means of defence based on parallel duplex footpath, comprise the steps of:
Step 1, virtual link identification, generate virtual network topology according to virtual net request, the traffic demand of each virtual link in virtual network topology be analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, crucial virtual link L map, and are mapped on a plurality of nonintersecting paths of physical network by the crucial virtual link L identified in step 1, the flow of the crucial virtual link L of parallel carrying;
Step 3, data decision, the a plurality of nonintersecting paths utilizing step 2 physical network sends many parts of data trnascriptions to destination node, at destination node place, data are carried out caching process, according to concordance decision mechanism, choose the maximum data of consistent quantity as finally receiving data.
Above-mentioned, step 2 specifically comprises the steps of:
Step 2.1, demand according to crucial virtual link L end node, be respectively mapped to physical node A ', B ', A by virtual terminal node A, B ', B ' namely respectively source node, destination node;
Step 2.2, according to the bandwidth of crucial virtual link L and delay requirement, the several ways footpath between A ', B ' selects multiple nonintersecting paths, concurrently the crucial virtual link L flow of carrying.
Above-mentioned, described step 3 specifically comprises following content:
Step 3.1, receive data at source node A ' place, utilize mulitpath transmitted in parallel data trnascription to destination node B ';
Step 3.2, at destination node B ' place, data are carried out caching process;
Step 3.3, utilize many numbers that destination node B ' buffer area stores according to comprehensively adjudicating, according to concordance decision mechanism, if the quantity that the quantity of data consistent is inconsistent more than data, adjudicate consistent data and be the data being properly received, otherwise, return step 2 crucial virtual link L is remapped.
Beneficial effects of the present invention:
The present invention passes through the redundancy properties of multipath and the concordance mode decision scheme that destination node is data cached, introduce redundancy scheme and multimode judgement, avoid the network service that single-pathway inefficacy causes abnormal, when making network faces security threat, can better ensure the network operation, improve the robustness of network, be effectively improved the security performance of virtual network service.
Accompanying drawing illustrates:
Fig. 1 is the schematic flow sheet of the present invention;
Fig. 2 is the virtual link identification schematic diagram of the present invention;
The crucial virtual link that Fig. 3 is the present invention maps schematic diagram;
Fig. 4 is the data decision schematic flow sheet of the present invention.
Detailed description of the invention:
Below in conjunction with accompanying drawing and technical scheme, the present invention is further detailed explanation, and describes embodiments of the present invention in detail by preferred embodiment, but embodiments of the present invention are not limited to this.
Embodiment one, shown in Figure 1, a kind of crucial virtual link means of defence based on parallel duplex footpath, comprise the steps of:
Step 1, virtual link identification, generate virtual network topology according to virtual net request, the traffic demand of each virtual link in virtual network topology be analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, crucial virtual link L map, and are mapped on a plurality of nonintersecting paths of physical network by the crucial virtual link L identified in step 1, the flow of the crucial virtual link L of parallel carrying;
Step 3, data decision, the a plurality of nonintersecting paths utilizing step 2 physical network sends many parts of data trnascriptions to destination node, at destination node place, data are carried out caching process, according to concordance decision mechanism, choose the maximum data of consistent quantity as finally receiving data.
By the concordance decision mechanism that the redundancy properties of multipath and destination node are data cached, avoid the network service that single-pathway inefficacy causes abnormal so that during network faces security threat, can better ensure the network operation, improve the robustness of network, it is ensured that the security performance of virtual network service.
Embodiment two, shown in Fig. 1 ~ 4, plants the crucial virtual link means of defence based on parallel duplex footpath, comprises the steps of:
Step 1, virtual link identification, generate virtual network topology according to virtual net request, the traffic demand of each virtual link in virtual network topology be analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, crucial virtual link L map, and are mapped on a plurality of nonintersecting paths of physical network by the crucial virtual link L identified in step 1, the flow of the crucial virtual link L of parallel carrying;
Specifically, the demand according to crucial virtual link L end node, virtual terminal node A, B are respectively mapped to physical node A ', B ', A ', B ' namely respectively source node, destination node;Bandwidth according to crucial virtual link L and delay requirement, select multiple nonintersecting paths in the several ways footpath between A ', B ', as it is shown on figure 3, select 3 nonintersecting paths p1, p2, p3, and the crucial virtual link L flow of carrying concurrently;
Step 3, data decision, the a plurality of nonintersecting paths utilizing step 2 physical network sends many parts of data trnascriptions to destination node, at destination node place, data are carried out caching process, according to concordance decision mechanism, choose the maximum data of consistent quantity as finally receiving data;
Specifically, receive data at source node A ' place, and replicate multiple copies of data, by the nonintersecting paths transmitted in parallel data trnascription that selects in step 2 to destination node B ';Consider that between different path, data arrive the time difference of destination node, carry out caching process at destination node B ' place to data;Utilize many numbers that destination node B ' buffer area stores according to comprehensively adjudicating, according to concordance decision mechanism, if the quantity that the quantity of data consistent is inconsistent more than data, adjudicate consistent data and be the data being properly received, otherwise, return step 2 crucial virtual link L is remapped.
By the concordance mode decision scheme that the redundancy properties of multipath and destination node are data cached, introduce redundancy scheme and multimode judgement, avoid the network service that single-pathway inefficacy causes abnormal, when making network faces security threat, can better ensure the network operation, improve the robustness of network, be effectively improved the security performance of virtual network service, effectively guarantee the effective operation of whole network.
The invention is not limited in above-mentioned detailed description of the invention, those skilled in the art also can make multiple change accordingly, but any change equivalent or similar with the present invention all should be contained within the scope of the claims.

Claims (3)

1. the crucial virtual link means of defence based on parallel duplex footpath, it is characterised in that: comprise the steps of:
Step 1, virtual link identification, generate virtual network topology according to virtual net request, the traffic demand of each virtual link in virtual network topology be analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, crucial virtual link L map, and are mapped on a plurality of nonintersecting paths of physical network by the crucial virtual link L identified in step 1, the flow of the crucial virtual link L of parallel carrying;
Step 3, data decision, the a plurality of nonintersecting paths utilizing step 2 physical network sends many parts of data trnascriptions to destination node, at destination node place, data are carried out caching process, according to concordance decision mechanism, choose the maximum data of consistent quantity as finally receiving data.
2. the crucial virtual link means of defence based on parallel duplex footpath according to claim 1, it is characterised in that: step 2 specifically comprises the steps of:
Step 2.1, demand according to crucial virtual link L end node, be respectively mapped to physical node A ', B ', physical node A ', B ' respectively source node, destination node by virtual terminal node A, B;
Step 2.2, according to the bandwidth of crucial virtual link L and delay requirement, the several ways footpath between A ', B ' selects multiple nonintersecting paths, concurrently the crucial virtual link L flow of carrying.
3. the crucial virtual link means of defence based on parallel duplex footpath according to claim 2, it is characterised in that: described step 3 specifically comprises following content:
Step 3.1, receive data at source node A ' place, utilize mulitpath transmitted in parallel data trnascription to destination node B ';
Step 3.2, at destination node B ' place, data are carried out caching process;
Step 3.3, utilize many numbers that destination node B ' buffer area stores according to comprehensively adjudicating, according to concordance decision mechanism, if the quantity that the quantity of data consistent is inconsistent more than data, adjudicate consistent data and be the data being properly received, otherwise, return step 2 crucial virtual link L is remapped.
CN201610116992.3A 2016-03-02 2016-03-02 Crucial virtual link means of defence based on parallel duplex diameter Active CN105791288B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610116992.3A CN105791288B (en) 2016-03-02 2016-03-02 Crucial virtual link means of defence based on parallel duplex diameter

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610116992.3A CN105791288B (en) 2016-03-02 2016-03-02 Crucial virtual link means of defence based on parallel duplex diameter

Publications (2)

Publication Number Publication Date
CN105791288A true CN105791288A (en) 2016-07-20
CN105791288B CN105791288B (en) 2018-12-04

Family

ID=56387641

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610116992.3A Active CN105791288B (en) 2016-03-02 2016-03-02 Crucial virtual link means of defence based on parallel duplex diameter

Country Status (1)

Country Link
CN (1) CN105791288B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109344007A (en) * 2018-09-29 2019-02-15 安徽江淮汽车集团股份有限公司 A kind of dual-clutch transmission NVM data method of calibration and module
CN110611672A (en) * 2019-09-17 2019-12-24 中国人民解放军战略支援部队信息工程大学 Network space safety protection method, server equipment, node equipment and system
US10862762B2 (en) * 2017-02-13 2020-12-08 Oracle International Corporation Implementing a single-addressable virtual topology element in a virtual topology
US11082300B2 (en) 2016-08-03 2021-08-03 Oracle International Corporation Transforming data based on a virtual topology
CN113411296A (en) * 2021-05-07 2021-09-17 上海纽盾科技股份有限公司 Situation awareness virtual link defense method, device and system
CN113556770A (en) * 2021-07-27 2021-10-26 广东电网有限责任公司 Data verification method, device, terminal and readable storage medium
US11240152B2 (en) 2016-09-02 2022-02-01 Oracle International Corporation Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110044665A1 (en) * 2008-06-30 2011-02-24 Panasonic Corporation Recording device, recording method, reproduction device, and reproduction method
CN102868733A (en) * 2012-08-29 2013-01-09 北京邮电大学 Method for remapping virtual network resources
CN103457752A (en) * 2012-05-30 2013-12-18 中国科学院声学研究所 Virtual network mapping method
CN103812748A (en) * 2014-01-20 2014-05-21 北京邮电大学 Mapping method of survivable virtual network
CN104917659A (en) * 2015-06-02 2015-09-16 浙江大学 Virtual network connection property-based virtual network mapping method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110044665A1 (en) * 2008-06-30 2011-02-24 Panasonic Corporation Recording device, recording method, reproduction device, and reproduction method
CN103457752A (en) * 2012-05-30 2013-12-18 中国科学院声学研究所 Virtual network mapping method
CN102868733A (en) * 2012-08-29 2013-01-09 北京邮电大学 Method for remapping virtual network resources
CN103812748A (en) * 2014-01-20 2014-05-21 北京邮电大学 Mapping method of survivable virtual network
CN104917659A (en) * 2015-06-02 2015-09-16 浙江大学 Virtual network connection property-based virtual network mapping method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
WANG ZHI MING ET AL.: ""survivable virtual network mapping using optimal backup topology in virtualized SDN"", 《CHINA COMMUNICATIONS》 *
李小玲 等: ""一种基于约束优化的虚拟网络映射方法"", 《计算机研究与发展》 *
李小玲 等: ""虚拟网络映射问题研究及其进展"", 《软件学报》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11082300B2 (en) 2016-08-03 2021-08-03 Oracle International Corporation Transforming data based on a virtual topology
US11240152B2 (en) 2016-09-02 2022-02-01 Oracle International Corporation Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network
US10862762B2 (en) * 2017-02-13 2020-12-08 Oracle International Corporation Implementing a single-addressable virtual topology element in a virtual topology
CN109344007A (en) * 2018-09-29 2019-02-15 安徽江淮汽车集团股份有限公司 A kind of dual-clutch transmission NVM data method of calibration and module
CN109344007B (en) * 2018-09-29 2022-04-12 安徽江淮汽车集团股份有限公司 Double-clutch transmission NVM data verification method and module
CN110611672A (en) * 2019-09-17 2019-12-24 中国人民解放军战略支援部队信息工程大学 Network space safety protection method, server equipment, node equipment and system
CN113411296A (en) * 2021-05-07 2021-09-17 上海纽盾科技股份有限公司 Situation awareness virtual link defense method, device and system
CN113556770A (en) * 2021-07-27 2021-10-26 广东电网有限责任公司 Data verification method, device, terminal and readable storage medium

Also Published As

Publication number Publication date
CN105791288B (en) 2018-12-04

Similar Documents

Publication Publication Date Title
CN105791288A (en) Key virtual link protection method based on multiple parallel paths
Yan et al. Effective software‐defined networking controller scheduling method to mitigate DDoS attacks
Aujla et al. Adaptflow: Adaptive flow forwarding scheme for software-defined industrial networks
CN104506511A (en) Moving target defense system and moving target defense method for SDN (self-defending network)
CN101523372A (en) Decentralised multi-user online environment
CN106789190A (en) A kind of power telecom network vulnerability assessment and routing optimization method
CN107122221A (en) Compiler for regular expression
CN102148832B (en) High-efficiency method for identifying border gateway routing protocol path
WO2020135190A1 (en) Secure route identification method and device
Moulahi et al. Privacy‐preserving federated learning cyber‐threat detection for intelligent transport systems with blockchain‐based security
CN105812372A (en) Single-packet tracing method based on label switching
CN103858381A (en) Distributed system and method for tracking and blocking malicious internet hosts
US20170180334A1 (en) Data security utilizing disassembled data structures
CN109359992A (en) A kind of novel block chain subregion sliced fashion and device
CN107124365A (en) A kind of acquisition system of the routing policy based on machine learning
Abou El Houda et al. A mec-based architecture to secure iot applications using federated deep learning
Yen et al. Security vulnerabilities and protection algorithms for backpressure-based traffic signal control at an isolated intersection
Vairagade et al. Enabling machine learning‐based side‐chaining for improving QoS in blockchain‐powered IoT networks
Wang et al. Deep learning for securing software-defined industrial internet of things: attacks and countermeasures
Li et al. The new threat to internet: DNP attack with the attacking flows strategizing technology
KR101275709B1 (en) Packet processing system for network based data loss prevention capable of distributed processing depending on application protocol and method thereof
CN105791300A (en) Single packet tracing method based on tracking trace importance evaluation
US20230188561A1 (en) Ai-supported network telemetry using data processing unit
CN103702321A (en) Route credibility evaluation model for wireless sensor network
Ai et al. Survey on the scheme evaluation, opportunities and challenges of software defined‐information centric network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant