SDN (self-defending network) firewall state detecting method and system based on OpenFlow protocol

An openflow protocol and state detection technology, applied in the Internet field, can solve the problems of not extracting the application layer protocol state information, and the centralized control of the controller is reflected.

Active Publication Date: 2014-10-15
WUHAN UNIV
View PDF4 Cites 52 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The firewall realizes the function of preventing active communication between the external network and the internal network through the cooperative work of two switches; however, this method does not reflect the centralized control of the controller, and does not ext

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SDN (self-defending network) firewall state detecting method and system based on OpenFlow protocol
  • SDN (self-defending network) firewall state detecting method and system based on OpenFlow protocol
  • SDN (self-defending network) firewall state detecting method and system based on OpenFlow protocol

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] In order to facilitate those of ordinary skill in the art to understand and implement the present invention, the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the implementation examples described here are only used to illustrate and explain the present invention, and are not intended to limit this invention.

[0045] The technical solution adopted by the method of the present invention is: a SDN firewall state detection method based on the OpenFlow protocol. Add a connection state table to the switch, and modify the format of the original OpenFlow flow table, add relevant state fields in it, modify the OpenFlow protocol at the same time, add a new message State_In, and keep the connection state table in the SDN controller and the OpenFlow switch consistent, so as to realize Deployment of the SDN firewall module.

[0046] please see figure 1 , the technical soluti...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an SDN firewall state detecting method and system based on the OpenFlow protocol. The method comprises adding a state table and a state transition table inside an OpenFlow switch to recording the state and the change information of data flows; meanwhile, also establishing and maintaining a state transition table in an SDN controller to achieve synchronization of data flow states of the controller and the switch. Besides, the invention also discloses modification of the format of an original OpenFlow table. The modification comprises adding associated state fields into the original OpenFlow table, modifying the OpenFlow protocol and adding new message State_in to facilitate treatment of previous state operation information of the controller and the switch and to maintain uniformity of the connecting state tables in the controller and the switch. The SDN firewall state detecting method and system based on the OpenFlow protocol can effectively achieve access control with finer granularity, and meanwhile, by means of cooperative operation of the OpenFlow switch and the SDN controller, can complete deployment of a state detecting firewall and provide safe and efficient services for an SDN network.

Description

[0001] technical field [0002] The invention belongs to the technical field of the Internet, and mainly aims at the problem that an SDN firewall cannot perform state detection caused by the statelessness of the existing OpenFlow protocol, and proposes a state detection method and system for an SDN firewall based on the OpenFlow protocol. [0003] Background technique [0004] Software Defined Network (SDN) is a new innovative network architecture. Its core technology, OpenFlow, realizes flexible control of network traffic by separating the control plane of network equipment from the data plane. The innovation provides a good platform. The control layer controls the flow table in the OpenFlow switch through the standard interface of the OpenFlow protocol, thereby realizing centralized control over the entire network. [0005] However, compared with traditional networks, SDN brings more convenience and control capabilities to network managers. As a brand-new network archite...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/06
Inventor 王鹃王江陈诗雅焦虹阳康强龙
Owner WUHAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap