Software definition network safety enforcement method, system and controller thereof

A software-defined network and network security technology, applied in the field of systems and controllers, and software-defined network security implementation methods, to achieve the effect of solving security problems

Inactive Publication Date: 2014-02-26
ZTE CORP
View PDF6 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The technical problem to be solved by the present invention is to provide a software-defined network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software definition network safety enforcement method, system and controller thereof
  • Software definition network safety enforcement method, system and controller thereof
  • Software definition network safety enforcement method, system and controller thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0066] The inventor of the present application proposes that, according to the characteristics of software-defined networks, a security core module can be deployed in the control layer NOS, network security can be regarded as an independent aspect, and security interfaces can be abstracted and provided to upper-layer security applications, and security applications can analyze network security status and formulate security policies.

[0067] Based on the above idea, this embodiment provides a software-defined network security implementation method, such as figure 1 shown, including the following operations:

[0068] Step 100, deploying a security core module in the controller NOS, taking network security as an independent aspect, abstracting a security interface and providing it to an upper-layer security application, and the security core module detecting network state information;

[0069] Optionally, general application access authentication and authorization services can a...

Embodiment 2

[0082] This embodiment provides a software-defined network security implementation system. By deploying a security core module in the control layer NOS, the software-defined network security aspect is independently presented, and a security interface is provided for the application layer security application program.

[0083] like figure 2 As shown, the software-defined network security implementation system includes a security core module deployed in the controller NOS. The security core module shields the data layer switch operation and the specific implementation of the control layer, and detects network status information (including network resources and equipment operating conditions) in real time. Provide exclusive security interfaces for security applications, convert security policies generated by security application sets into flow table entry rules, and install or update them on data layer switches.

[0084] And the security application set, according to the network...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a software definition network safety enforcement method, a system and a controller thereof and belongs to the network technology safety field. The software definition network safety enforcement method disclosed in the invention comprises the following steps that a safety core module deployed in a controller network operating system (NOS) detects network state information in real time; according to the network state information, a safety application analyzes a network safety state and generates a corresponding safety strategy when a network safety threat is detected,; the safety core module converts a safety strategy generated by the safety application into a flow table item rule which is installed or updated to a data layer switch. The invention also discloses another two software definition network safety enforcement methods, one software definition network safety enforcement system and the controller. By using the technical scheme in the invention, a safety problem of the software definition network is effectively solved.

Description

technical field [0001] The invention relates to the field of network technology security, in particular to a software self-defined network security implementation method, system and controller. Background technique [0002] With the rise of cloud computing and mobile Internet technologies driving the rapid development and transformation of data centers, traditional IP-based networks have complex organizational structures, difficult management and maintenance, and high operating costs, making it difficult to respond to new demands for flexibility, expansion sex and safety requirements. In order to solve the new requirements that traditional networks cannot meet, software-defined networks emerge as the times require. [0003] The software-defined network redefines the network architecture and divides the network into the application layer, the control layer and the data forwarding layer, realizing network programmability. The differences between Openflow-based software-defin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 张玉军
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap