Software defined network cross-domain security agent method and software defined network cross-domain security agent system

Abstract

The invention provides a software defined network cross-domain security agent method and a software defined network cross-domain security agent system. Unified access control and management are performed on cross-domain shared resources, security policy conflict is eliminated, and strategy synthetic efficiency is improved. The software defined network cross-domain security agent system comprises at least two integrated controllers, at least one multi-domain processing module and at least two inter-domain agent modules, wherein the inter-domain agent modules transmit cross-domain business requests to the multi-domain processing modules after performing semantic translation; each multi-domain processing module comprises a resource database and a strategy synthesis unit; and after the strategy synthesis units receive the cross-domain business requests, the resource databases are queried, the strategy synthesis is carried out, and cross-domain strategy configuration commands are transmitted to the inter-domain agent modules. The software defined network cross-domain security agent method comprises the following steps of transferred meaning requesting, authentication requesting, strategy analysis and synthesis, strategy distribution, strategy authentication, strategy execution and the like. By the software defined network cross-domain security agent method and the software defined network cross-domain security agent system, information exchange of a heterogeneous network is simplified, information integration and synchronization difficulty of the heterogeneous network are reduced, resource scheduling safety is guaranteed, multi-domain resource sharing is realized, and business load of the centralized controllers in various domains can be adjusted.

Description

technical field [0001] The invention relates to the field of communication computers, in particular to a method for protecting cross-domain services and resources in a multi-domain software-defined network architecture. Background technique [0002] After the software-defined network (SDN) control architecture is introduced in a single domain, network operators can make full use of the characteristics of software definition, formulate corresponding business policies through the upper interface of the SDN control layer device, and at the same time, use related policies to control the resources of each domain. Logical abstraction of information for unified and flexible management. Under this architecture, the domain can customize resource management requirements according to the rules, and while meeting business requirements, it can ensure that the resource scheduling of multiple domains meets certain security requirements. [0003] In the currently implemented multi-domain S...

AI Technical Summary

Problems solved by technology

The existing policy synthesis scheme adopts a backtracking scheme, that is, the domain where the source node is located sends a synthesis request to the domain where the sink node is located, and policy collection is performed o...

Images