Secure communication method for distributed multi-granularity controller of software defined network based on proxy

A software-defined network and secure communication technology, applied in the field of inter-domain communication security, can solve the problem that the security of the controller communication method has not received much attention, and achieve the effect of preventing denial of service supply and improving security

Active Publication Date: 2016-12-07
CHONGQING UNIV OF POSTS & TELECOMM
View PDF6 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the characteristics of SDN, inter-domain interconnection is basically realized through the east-west communication of controllers, but the communication method and security between controllers have not received much attention

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Secure communication method for distributed multi-granularity controller of software defined network based on proxy
  • Secure communication method for distributed multi-granularity controller of software defined network based on proxy
  • Secure communication method for distributed multi-granularity controller of software defined network based on proxy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

[0039] figure 1 It is a macro-flow chart of the scheme of the present invention, as shown in the figure, the distributed multi-granularity controller security communication method using the border switch as an inter-domain agent according to the present invention mainly includes the following four steps: Step 1: Design and build A distributed multi-granularity controller architecture composed of basic control blocks, multi-granularity security customization modules and an enhanced security controller enables each SDN autonomous domain to achieve the purpose of inter-domain communication; Step 2: In the architecture mode of Step 1 Design the message format in the secure communication method. The data transfer between all controllers adopts the dedicated Ethernet data packet type identifier 0xEFEF, the payload part retains the IP data packet ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a secure communication method for a distributed multi-granularity controller of a software defined network based on proxy, and belongs to the technical field of inter-domain secure communication of a multi-domain SDN. The method comprises the following steps: designing architecture of a distributed multi-granularity security controller, wherein the architecture comprises a message data packet format between controllers, establishing a communication tunnel via the connection between a controller domain and inter-domain proxies and the connection between the inter-domain proxies, and completing neighbor discovery between the controller, two-step identity authentication and encrypted transmission to achieve direct communication between multi-domain network controllers. In the communication method, the infrastructure is based on the security controller and the inter-domain proxies, a message of a control plane is released to a data plane by the inter-domain proxies for transmission, and thus the communication problem between independent control planes is solved; and meanwhile, the two-step authentication scheme of communication of the controller is given based on a challenge response mechanism and a DTLS protocol, service supply can be defended and refused, and the identity authentication is completed to improve the security.

Description

technical field [0001] The invention belongs to the technical field of inter-domain communication security of a multi-domain SDN network, and relates to an agent-based software-defined network distributed multi-granularity controller security communication method. Background technique [0002] In recent years, more and more researchers have begun to address the problems in the large-scale deployment of SDN, including the cooperation of multiple controllers in the control plane, the division of controller management areas, and load balancing. In the case of multiple SDN autonomous domains, the routing problem between autonomous domains is also of particular concern. [0003] In terms of the expansion of the intra-domain control plane, there are research results such as DIFANE, DevoFlow, HyperFlow, and Onix. Aiming at the performance bottleneck of the controller in real-time flow table processing, DIFANE uses active and passive simultaneous methods to add flow tables to the s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0428H04L63/08
Inventor 尚凤军王文凯付强
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap