CN109495391A - A kind of security service catenary system and data packet matched retransmission method based on SDN - Google Patents
A kind of security service catenary system and data packet matched retransmission method based on SDN Download PDFInfo
- Publication number
- CN109495391A CN109495391A CN201811554480.0A CN201811554480A CN109495391A CN 109495391 A CN109495391 A CN 109495391A CN 201811554480 A CN201811554480 A CN 201811554480A CN 109495391 A CN109495391 A CN 109495391A
- Authority
- CN
- China
- Prior art keywords
- service
- sdn
- controller
- service chaining
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
Abstract
The present invention discloses the security service catenary system based on SDN, including control plane, stream class node, service node and service chaining, the control plane mainly includes the core control part SDN controller and OpenFlow1.3 interchanger of SDN service chaining, SDN controller is according to user demand, create service chaining, and the service logic of each service node on deployment services chain;The user's message feature for needing to enter service chaining processing is issued to OpenFlow1.3 interchanger by controller, and data message is introduced service chaining according to corresponding message characteristic by OpenFlow1.3 interchanger.Also disclose the data packet matched retransmission method of the security service catenary system based on SDN.Based on SDN technology, building, on-premise network service chaining, and the feedback for passing through information, realize network visualization and service chain gearing, to make it under the premise of mass data and more service nodes, data forwarding efficiency with higher and lower processing time, to promote network monitoring efficiency.The present invention devises the service chaining framework based on SDN, and proposes the data packet matched forwarding process of service chaining under the framework.
Description
Technical field
The invention belongs to network service fields, relate generally to a kind of security service catenary system and data packet based on SDN
With retransmission method.
Background technique
The fast development of the diversification network service such as e-commerce, data center, social networks, services mould to conventional security
Formula proposes severe challenge, shows themselves in that the coupling of 1) security function implementation: existing security function, such as firewall, IDS
Box among hardware is all based on Deng greatly to realize, functionally there is exclusive private ownership, higher cost, scalability needed for building
Difference, flexibility is insufficient, is difficult to be managed collectively in.2) nature static of security function deployed position: existing security function is mostly
It is deployed in the key position of network in a static manner, topology relies on seriously, and this rigid deployment way is difficult to it according to industry
The service composition of business request carries out reuse or dynamic restructuring.Meanwhile " network security method " regulation network operator should
Formulate network safety event emergency preplan, the safety such as timely processing system loophole, computer virus, network attack, network intrusion
Risk.Under the new network architecture, how safety service to be preferably integrated into using new technology come, thus provide it is convenient,
The network architecture of safety, is the problem that each side faces.
Currently, software defined network (Software DefinedNetworking, SDN) rises to seek new network peace
Full service mode provides support.The control that control function is moved to concentration by SDN from traditional distributed network equipment is put down
Platform, and then realize by the software pattern of open programmable the automatic control of network.It, can be with by the control of SDN controller
Guidance converting flow passes through service node automatically, realizes that topology is unrelated, flexible, convenient, efficiently and safely deploys converting flow
The processing of safety service is carried out on to service node.
Currently, having there is some scholars to propose the deployment scheme of some dynamic service chains.2014, Blendi was proposed
A kind of new Upper Concept and framework, using SDN by the service assembly in network into service chaining, but this article is not concerned with network
Personalized customization demand of the administrator to service.It 2013, makes widely known and proposes STEERING, this is the frame of a dynamic scalable
Frame manages the flow in network by multiple ancillary equipments.Using the method for routing based on strategy, at the top of SDN,
STEERING can support the extension for effectively forwarding and applying on a large scale.Utilize software defined network (software
Defined networking, SDN) advantage of centralization control realizes the deployment and management of middleware, it uses
OpenFlow1.1 multilevel flow table encodes metadata in flow table (metadata) domain, sets the service type kimonos of needs
Pragmatic example, so that flow is routed to corresponding middleware.This method, which is considered, services road by changing middleware disposition optimization
Diameter, but this method is not made to consider to the data packet header act of revision that middleware is likely to result in.2015, Martini was proposed
One service-oriented SDN controller allows to provide the programmability of data transfer path and be established in virtual by dynamic
Between part function sequence, thus complete in NGSON adapt to network service chaining deployment.2013, Qazi was utilized
Some matching domains (VLAN, IP ToS etc.) in OpenFlow1.0 flow table are that service chaining data grouping increases label mark in interchanger
Know, to guarantee that service chaining strategy correctly executes, and analyzes the similitude of data grouping front and back disengaging middleware to solve middleware
Caused by data packet header act of revision, but this method need controller collect data grouping carry out similarity system design, have
Higher complexity and the higher matching precision of needs.
The prior art mainly utilizes OpenFlow interchanger flow table characteristic, builds server architecture, deployment services linkwork
System.
Some researchs, which are compared, stresses single computer technology application, lacks the support cooperation of practical control technology, occupies
Excessive Service Source, causes system service potential that cannot sufficiently excavate, it is difficult to realize network visualization and service chaining control
System linkage, so that the security service ability of system is difficult to effectively improve.
Summary of the invention
The purpose of the present invention is in order to overcome the deficiencies of the prior art, provide a kind of security service catenary system based on SDN and
Data packet matched retransmission method.
The present invention is that the coupling in the deployment for solve conventional security business, between the network equipment is big, topology dependence is serious,
Safety equipment can not pond, scalability be poor and the ability of safety equipment can not be shared between multi-service technical problem, use
Technical solution be: the security service catenary system based on SDN, including control plane, stream class node, service node and service
Chain, the control plane mainly include the core control part SDN controller and OpenFlow1.3 interchanger of SDN service chaining,
SDN controller creates service chaining, and the service logic of each service node on deployment services chain according to user demand;Control
The user's message feature for needing to enter service chaining processing is issued to OpenFlow1.3 interchanger, OpenFlow1.3 interchanger by device
Data message is introduced into service chaining according to corresponding message characteristic.
The controller architecture of the control plane deployment cross-layer: first layer is by " MS master-slave " top controller and load balancing
Module composition;The second layer is bottom controller cluster system;Third layer is data-sharing systems;
Load balancing module by the load condition of each bottom controller of timed collection between interchanger controller
Transition process carries out layout, and controller executes the management of interchanger according to agreement in OpenFlow1.3.
The SDN controller is OpenDayLight controller.
The stream class node is the access node of initial data message, right according to flow classification rule matched data message
Message does service chaining encapsulation, and transfers it to service chaining and handled.
The service node is assigned as resource and uses, and physical location can be arbitrary, disperse, and passes through SDN pairs
The definition and drainage series connection of service chaining, complete predefined work;Service node mainly includes firewall, load balancing, invasion
Resource/resource pool of detection etc..
Second technical solution of the invention is the data packet matched retransmission method of the security service catenary system based on SDN,
The following steps are included:
1) when sending controller to handle in data packet, Packet-In message is parsed on the controller, according to message destination address
Determination is the East and West direction flow in virtual network or the north-south flow towards traditional network;
2) gateway is then forwarded the packet to if it is north-south flow, the subsequent processing of message is born by gateway
Duty;If it is East and West direction flow, source port is extracted from the Packet-In message received, and source is determined according to source port
Subnet, network, router information;Destination port, and root are obtained according to the purpose IP address of Packet-In message simultaneously
Purpose subnet, network, router information is determined according to destination port;
3) for East and West direction flow, service chaining matching is carried out according to message characteristic:
(1) it is matched first using the attribute of source port and destination port with service chaining configuration, if found matched
Service chaining then issues water conservancy diversion table;If there is matched service chaining, then controller can determine whether interchanger label where service chaining,
And flow entry is issued to interchanger and subsequent processing node;When being matched to a plurality of service chaining, according to most accurate matched principle
Determine the service chaining configuration of actual use;
(2) if not finding matched service chaining, issue the flow entry of East and West direction unloading (i.e. non-serving chain forwards).
The utility model has the advantages that
Based on SDN technology, building, on-premise network service chaining, and pass through the feedback of information, realization network visualization and service
Chain gearing, to make it under the premise of mass data and more service nodes, data forwarding efficiency with higher and lower
The time is handled, to promote network monitoring efficiency.
The present invention devises the service chaining framework based on SDN, and proposes the data packet matched forwarding flow of service chaining under the framework
Journey.
Detailed description of the invention
Fig. 1 is service chaining architecture diagram.
Fig. 2 is data packet matched forwarding process figure.
Fig. 3 is SDN cross-layer control architecture diagram.
Specific embodiment
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, embodiment will be described below
Needed in attached drawing be briefly described.
In Campus Network, the distribution of service resources is usually required to consider that application layer resource mainly includes data simultaneously
The memory of central server, occupancy, resources of virtual machine etc.) and network layer resource (including bottom link etc.), it needs to realize at this time
A kind of framework realizes application layer resource and the scheduling of network layer resource joint, realizes global unified optimization, increase resource utilization and
Network reliability.Firewall, intrusion detection are associated with chaining with service nodes such as load balancing.The characteristics of according to each service,
The path dynamic optimization service of data flow is placed in SDN controller and is run, malicious websites detection, ddos attack, the anti-seal character of DNS
Change, DNS name resolution and load balancing are individually placed on different service points.Service chaining framework is as shown in Figure 1.
1) plane is controlled, wherein mainly including the core control part SDN controller and OpenFlow1.3 of SDN service chaining
Interchanger.SDN controller in the present invention is OpenDayLight controller.As unique control point in Internet resources pond, lead to
It crosses and abstract layout is carried out to virtualization network, controller is according to user demand, security service chain generation strategy according to the present invention
Create service chaining, and the service logic of each node on deployment services chain.The user's message of service chaining processing will be needed to enter
Feature is issued to interchanger, and data message is introduced service chaining according to corresponding message characteristic by interchanger.
In Campus Network, the distribution of service resources is usually required to consider that application layer resource mainly includes data simultaneously
The memory of central server, occupancy, resources of virtual machine etc.) and network layer resource (including bottom link etc.), it needs to realize at this time
A kind of framework realizes application layer resource and the scheduling of network layer resource joint, realizes global unified optimization, increase resource utilization and
Network reliability.Firewall, intrusion detection are associated with chaining with service nodes such as load balancing.The characteristics of according to each service,
The path dynamic optimization service of data flow is placed in SDN controller and is run, malicious websites detection, ddos attack, the anti-seal character of DNS
Change, DNS name resolution and load balancing are individually placed on different service points.Think of based on topology aggregation and load balancing
Think, uses for reference the advantage of centralized and distributed control plane, the collaborative control Flat Architecture of three layers of design.It is specific to control plane
Framework as shown in Figure 3.
First layer is made of " MS master-slave " top controller and load balancing module.Both " MS master-slave " controllers are in logic
The controller of concentration is responsible for maintenance whole network state, provides global view for application, and carry out to different local controllers
Coordinate.The setting of master-slave controller be in order to when meeting that wherein controller breaks down, SDN network may be implemented network without
Seam docking, without making network pause and transition in rhythm or melody sense occur.Load balancing module passes through the load shape of each bottom controller of timed collection
State carries out layout to transition process of the interchanger controller.The second layer is bottom controller group system.Bottom controller
Layer is closer to data plane, for handle event that is more frequent but not needing global network view, for example checks some exchange
Machine traffic conditions etc..Controller executes the management of interchanger according to agreement in OpenFlow1.3.This mode being capable of effective mistake
Filter is sent to the message of top controller, and then reduces the load of upper layer global controller, improves controller efficiency, while being also
Local event provides faster request response.Third layer is data-sharing systems.
2) class node: the access node of initial data message is flowed.According to the flow classification rule matched data message of design,
Service chaining encapsulation is done to message, and transfers it to service chaining and is handled.
3) service node: service node is assigned as resource and uses, its physical location can be arbitrary, disperse
, it is connected by SDN to the definition of service chaining and drainage, completes predefined work.Service node can be firewall
(FireWalls), load balancing (LoadBalance), intrusion detection (Intrusion Prevention System) etc. provide
Source/resource pool.
4) service chaining: 4 in Fig. 1 indicate service chaining execution route, and by taking dashed lines labeled service chaining as an example, firewall is service
Chain first node (the first service node that message is handled in service chaining.After first node carries out service processing to data message,
Data message is continued to do next service node that service chaining encapsulates and is transmitted to service chaining), it monitors as service chaining end-node
(the last one service node that message is handled in service chaining.After tail node carries out service processing to data message, release
Its service chaining encapsulation).
Specific matching forwarding process is described as follows, as shown in Figure 2:
(1) when sending controller to handle in data packet, Packet-In message is parsed on the controller, according to message destination
Location determination is the East and West direction flow in virtual network or the north-south flow towards traditional network.
(2) gateway is then forwarded the packet to if it is north-south flow, the subsequent processing of message is born by gateway
Duty.
(3) if it is East and West direction flow, source port is extracted from the Packet-In message received, and true according to source port
Determine source subnet, network, router information;Destination port is obtained according to the purpose IP address of Packet-In message simultaneously,
And purpose subnet, network, router information is determined according to destination port.For East and West direction flow, according to message characteristic into
The matching of row service chaining is matched first using the attribute of source port and destination port with service chaining configuration, if finding matching
Service chaining, then issue water conservancy diversion table;If not finding matched service chaining, flow entry (the i.e. non-clothes of East and West direction unloading are issued
Business chain forwarding).If there is matched service chaining, then controller can determine whether interchanger label where service chaining, and to interchanger
Flow entry is issued with subsequent processing node;When being matched to a plurality of service chaining, actually make according to most accurate matched principle determination
Service chaining configuration.
Claims (6)
1. a kind of security service catenary system based on SDN, which is characterized in that including control plane, stream class node, service node
And service chaining, the control plane mainly include that the core control part SDN controller of SDN service chaining and OpenFlow1.3 are handed over
It changes planes, SDN controller creates service chaining, and the service logic of each service node on deployment services chain according to user demand;
The user's message feature for needing to enter service chaining processing is issued to OpenFlow1.3 interchanger by controller, and OpenFlow1.3 is handed over
It changes planes and data message is introduced by service chaining according to corresponding message characteristic.
2. the security service catenary system according to claim 1 based on SDN, which is characterized in that the control plane deployment
The controller architecture of cross-layer: first layer is made of " MS master-slave " top controller and load balancing module;The second layer is bottom control
Device cluster system;Third layer is data-sharing systems;
Migration of the load balancing module by the load condition of each bottom controller of timed collection between interchanger controller
Process carries out layout, and controller executes the management of interchanger according to agreement in OpenFlow1.3.
3. the security service catenary system according to claim 1 based on SDN, which is characterized in that the SDN controller is
OpenDayLight controller.
4. the security service catenary system according to claim 1 based on SDN, which is characterized in that the stream class node is
The access node of initial data message does service chaining encapsulation to message according to flow classification rule matched data message, and by its turn
Service chaining is dealt into be handled.
5. the security service catenary system according to claim 1 based on SDN, which is characterized in that the service node conduct
Resource, which is assigned, to be used, and is connected by SDN to the definition of service chaining and drainage, is completed predefined work;Service node is main
Including firewall, anti-virus, video optimized and monitoring.
6. the data packet matched retransmission method of the security service catenary system according to claim 1 based on SDN, feature exist
In, comprising the following steps:
1) when sending controller to handle in data packet, Packet-In message is parsed on the controller, is determined according to message destination address
It is the East and West direction flow in virtual network or the north-south flow towards traditional network;
2) gateway is then forwarded the packet to if it is north-south flow, the subsequent processing of message is responsible for by gateway;Such as
Fruit is East and West direction flow, extracts source port from the Packet-In message received, and according to source port determine source subnet,
Network, router information;Destination port is obtained according to the purpose IP address of Packet-In message simultaneously, and according to destination
Mouth determines purpose subnet, network, router information;
3) for East and West direction flow, service chaining matching is carried out according to message characteristic:
(1) it is matched first using the attribute of source port and destination port with service chaining configuration, if finding matched service
Chain then issues water conservancy diversion table;If there is matched service chaining, then controller can determine whether interchanger label where service chaining, and to
Interchanger and subsequent processing node issue flow entry;When being matched to a plurality of service chaining, determined according to most accurate matched principle
The service chaining of actual use configures;
(2) non-serving chain forwards: if not finding matched service chaining, issuing the flow entry of East and West direction unloading.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811554480.0A CN109495391A (en) | 2018-12-18 | 2018-12-18 | A kind of security service catenary system and data packet matched retransmission method based on SDN |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811554480.0A CN109495391A (en) | 2018-12-18 | 2018-12-18 | A kind of security service catenary system and data packet matched retransmission method based on SDN |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109495391A true CN109495391A (en) | 2019-03-19 |
Family
ID=65710774
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811554480.0A Pending CN109495391A (en) | 2018-12-18 | 2018-12-18 | A kind of security service catenary system and data packet matched retransmission method based on SDN |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109495391A (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111181856A (en) * | 2019-12-31 | 2020-05-19 | 江苏省未来网络创新研究院 | System and method for realizing virtual router service chain based on segment routing |
CN111224934A (en) * | 2019-10-31 | 2020-06-02 | 浙江工商大学 | Service path verification method for mimicry configuration in mimicry defense |
CN111756632A (en) * | 2020-06-22 | 2020-10-09 | 中国电子科技集团公司第五十四研究所 | Security service chain dynamic arranging method based on MPLS encapsulation |
CN111800291A (en) * | 2020-05-27 | 2020-10-20 | 北京邮电大学 | Service function chain deployment method and device |
CN112187608A (en) * | 2020-06-16 | 2021-01-05 | 浪潮云信息技术股份公司 | OpenStack-based transparent mode service chain implementation method and system |
CN114024746A (en) * | 2021-11-04 | 2022-02-08 | 北京天融信网络安全技术有限公司 | Network message processing method, virtual switch and processing system |
CN114039764A (en) * | 2021-11-04 | 2022-02-11 | 全球能源互联网研究院有限公司 | Safety service function chain design method and system based on software definition safety |
CN114257473A (en) * | 2021-12-10 | 2022-03-29 | 北京天融信网络安全技术有限公司 | Method, device, equipment and medium for realizing multiple transparent bridges in resource pool |
CN114257513A (en) * | 2021-12-21 | 2022-03-29 | 中国电信集团***集成有限责任公司 | Multi-data strategy improvement method and device |
CN114338193A (en) * | 2021-12-31 | 2022-04-12 | 北京天融信网络安全技术有限公司 | Flow arrangement method and device and ovn flow arrangement system |
CN115842734A (en) * | 2023-01-30 | 2023-03-24 | 阿里巴巴(中国)有限公司 | Network management method, controller and SDN (software defined network) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105450552A (en) * | 2014-07-02 | 2016-03-30 | 阿尔卡特朗讯 | Application service chain policy and charging control method and equipment based on SDN |
CN106533806A (en) * | 2016-12-26 | 2017-03-22 | 上海交通大学 | Method for providing cross-layer quality of service (QoS) based on application awareness in multi-tenant software defined network (SDN) |
CN106878202A (en) * | 2016-12-09 | 2017-06-20 | 新华三技术有限公司 | A kind of message processing method and device |
CN107896195A (en) * | 2017-11-16 | 2018-04-10 | 锐捷网络股份有限公司 | Service chaining method of combination, device and service chaining topological structure |
CN108173694A (en) * | 2017-12-29 | 2018-06-15 | 深信服科技股份有限公司 | The secure resources pond cut-in method and system of a kind of data center |
CN108199958A (en) * | 2017-12-29 | 2018-06-22 | 深信服科技股份有限公司 | A kind of general secure resources pond service chaining realization method and system |
-
2018
- 2018-12-18 CN CN201811554480.0A patent/CN109495391A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105450552A (en) * | 2014-07-02 | 2016-03-30 | 阿尔卡特朗讯 | Application service chain policy and charging control method and equipment based on SDN |
CN106878202A (en) * | 2016-12-09 | 2017-06-20 | 新华三技术有限公司 | A kind of message processing method and device |
CN106533806A (en) * | 2016-12-26 | 2017-03-22 | 上海交通大学 | Method for providing cross-layer quality of service (QoS) based on application awareness in multi-tenant software defined network (SDN) |
CN107896195A (en) * | 2017-11-16 | 2018-04-10 | 锐捷网络股份有限公司 | Service chaining method of combination, device and service chaining topological structure |
CN108173694A (en) * | 2017-12-29 | 2018-06-15 | 深信服科技股份有限公司 | The secure resources pond cut-in method and system of a kind of data center |
CN108199958A (en) * | 2017-12-29 | 2018-06-22 | 深信服科技股份有限公司 | A kind of general secure resources pond service chaining realization method and system |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111224934A (en) * | 2019-10-31 | 2020-06-02 | 浙江工商大学 | Service path verification method for mimicry configuration in mimicry defense |
CN111224934B (en) * | 2019-10-31 | 2022-04-15 | 浙江工商大学 | Service path verification method for mimicry configuration in mimicry defense |
CN111181856A (en) * | 2019-12-31 | 2020-05-19 | 江苏省未来网络创新研究院 | System and method for realizing virtual router service chain based on segment routing |
CN111181856B (en) * | 2019-12-31 | 2022-07-19 | 江苏省未来网络创新研究院 | System and method for realizing virtual router service chain based on segment routing |
CN111800291A (en) * | 2020-05-27 | 2020-10-20 | 北京邮电大学 | Service function chain deployment method and device |
CN111800291B (en) * | 2020-05-27 | 2021-07-20 | 北京邮电大学 | Service function chain deployment method and device |
CN112187608A (en) * | 2020-06-16 | 2021-01-05 | 浪潮云信息技术股份公司 | OpenStack-based transparent mode service chain implementation method and system |
CN112187608B (en) * | 2020-06-16 | 2022-04-08 | 浪潮云信息技术股份公司 | OpenStack-based transparent mode service chain implementation method and system |
CN111756632B (en) * | 2020-06-22 | 2021-10-22 | 中国电子科技集团公司第五十四研究所 | Security service chain dynamic arranging method based on MPLS encapsulation |
CN111756632A (en) * | 2020-06-22 | 2020-10-09 | 中国电子科技集团公司第五十四研究所 | Security service chain dynamic arranging method based on MPLS encapsulation |
CN114039764A (en) * | 2021-11-04 | 2022-02-11 | 全球能源互联网研究院有限公司 | Safety service function chain design method and system based on software definition safety |
CN114024746A (en) * | 2021-11-04 | 2022-02-08 | 北京天融信网络安全技术有限公司 | Network message processing method, virtual switch and processing system |
CN114024746B (en) * | 2021-11-04 | 2023-11-28 | 北京天融信网络安全技术有限公司 | Processing method, virtual switch and processing system of network message |
CN114257473A (en) * | 2021-12-10 | 2022-03-29 | 北京天融信网络安全技术有限公司 | Method, device, equipment and medium for realizing multiple transparent bridges in resource pool |
CN114257513A (en) * | 2021-12-21 | 2022-03-29 | 中国电信集团***集成有限责任公司 | Multi-data strategy improvement method and device |
CN114257513B (en) * | 2021-12-21 | 2024-02-09 | ***数智科技有限公司 | Method and device for perfecting multielement data strategy |
CN114338193A (en) * | 2021-12-31 | 2022-04-12 | 北京天融信网络安全技术有限公司 | Flow arrangement method and device and ovn flow arrangement system |
CN114338193B (en) * | 2021-12-31 | 2024-01-23 | 北京天融信网络安全技术有限公司 | Traffic arrangement method and device and ovn traffic arrangement system |
CN115842734A (en) * | 2023-01-30 | 2023-03-24 | 阿里巴巴(中国)有限公司 | Network management method, controller and SDN (software defined network) |
CN115842734B (en) * | 2023-01-30 | 2024-03-29 | 阿里巴巴(中国)有限公司 | Network management method, controller and SDN network |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109495391A (en) | A kind of security service catenary system and data packet matched retransmission method based on SDN | |
CN105553849B (en) | A kind of traditional IP and SPTN network intercommunication method and system | |
CN107819742B (en) | System architecture and method for dynamically deploying network security service | |
CN105515978B (en) | Realize the method and device of distributed routing, physical host access | |
CN106100999B (en) | Image network flow control methods in a kind of virtualized network environment | |
CN104158753B (en) | Dynamic stream scheduling method and system based on software defined network | |
CN112187517B (en) | Configuration method, platform and controller for SDN virtual routing of data center | |
CN103179046B (en) | Based on data center's flow control methods and the system of openflow | |
CN103986663B (en) | Data center and its method and network controller for realizing data processing | |
CN103560923B (en) | The network failure method for rapidly positioning of Packet Transport Network | |
CN104243270B (en) | A kind of method and apparatus for establishing tunnel | |
CN105871718B (en) | A kind of SDN inter-domain routing implementation method | |
CN106850387A (en) | A kind of system and method for the virtual network networking for realizing multiple data centers | |
CN105052113B (en) | Method, equipment and the medium of common agency frame for the network equipment are provided | |
CN105681191A (en) | SDN (Software Defined Network) platform based on router virtualization and implementation method | |
CN101827009A (en) | Routing frames in a trill network using service vlan identifiers | |
CN103067245A (en) | Flow table spatial isolation device and method for network virtualization | |
CN105429870A (en) | VXLAN security gateway device and application method thereof in SDN | |
CN106685903A (en) | Data transmission method based on SDN, SDN controller and SDN system | |
CN106656905A (en) | Firewall cluster realization method and apparatus | |
CN108289061B (en) | Service chain topology system based on SDN | |
CN107332683A (en) | A kind of link switch-over method and system | |
CN106899478B (en) | Method for realizing resource elastic expansion of power test service through cloud platform | |
CN108737169A (en) | A kind of isomery industrial network central fusion management method based on SDN | |
CN104468408A (en) | Method for adjusting dynamically service bandwidth and control center server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190319 |