Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for realizing virtual firewall in software defined network

A software-defined network and virtual firewall technology, applied in the field of network communication, can solve the problems of increasing deployment workload, physical firewall cost, occupying physical server egress bandwidth, etc., to achieve the effect of reducing costs

Active Publication Date: 2016-06-08
NEW H3C TECH CO LTD
View PDF4 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] First, physical firewalls cause cost issues
Moreover, the traffic inside the virtual machine and the traffic between virtual machines are introduced to the physical firewall for security inspection, and the traffic is sent back to the virtual machine after the physical firewall checks, which also occupies the egress bandwidth of the physical server
[0007] In addition, the deployment location of the physical firewall is usually fixed, and the physical firewall has to be re-deployed after the virtual machine is migrated, which also increases the deployment workload

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for realizing virtual firewall in software defined network
  • Method and device for realizing virtual firewall in software defined network
  • Method and device for realizing virtual firewall in software defined network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0035] In the embodiment of the present invention, a virtual firewall (Virtual FireWall, VFW) is connected to a virtual switch in the form of a virtual machine (Virtual Machine, VM), and the traffic between virtual switches and virtual machines in the virtual switch can pass through the virtual firewall There is no need to deploy a physical firewall to reach the destination.

[0036] In addition, in the embodiment of the present invention, the virtual firewall is associated with the SDN controller to give full play to the global management function of the SDN controller. When the virtual machine is migrated, the SDN controller re-issues the flow table, thereby flexibly controlling the migration Post-virtual machine security policy check.

[0037] figure 1 It is ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments of the invention provide a method and a device for realizing a virtual firewall in an SDN (Software Defined Network). The method is suitable for a first virtual switch, and a first virtual firewall is suspended under the first virtual switch. The method comprises the following steps of sending a port of the first virtual firewall to an SDN controller; and receiving a first flow table sent by the SDN controller, wherein the first flow table is used for indicating to send data to the port of the first virtual firewall to execute security auditing through the first virtual firewall, and the traffic is not received by the port of the first virtual firewall, and the target address or the source address of the data is an appointed virtual machine.

Description

technical field [0001] The embodiments of the present invention belong to the technical field of network communication, in particular, a method and device for realizing a virtual firewall in a software defined network (Software Defined Network, SDN). Background technique [0002] SDN technology realizes flexible control of network traffic by separating the control plane and data plane of network equipment. Correspondingly, the SDN architecture includes an SDN controller and an SDN switch, wherein: the SDN controller and the SDN switch communicate through an SDN management channel that is preferably an open flow (OpenFlow protocol), and the SDN controller operates according to user configuration or dynamically The flow table generated by the protocol is delivered to the SDN switch, and the SDN switch processes the message according to the flow table delivered by the SDN controller. [0003] SDN technology has many applications in cloud computing and network security. Cloud ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 张寅飞温涛林涛任维春
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com