Deployment optimization method of software-defined firewall based on openstack cloud platform

Abstract

The invention discloses a deployment optimization method of a software-defined firewall based on the openstack cloud platform. The firewall is used as a specific implementation module of the FWAAS standard interface; the business security domain is divided by the tenant business; and the security resource pool management is realized in the independent business security domain; The security resources in the security resource pool adopt a pre-allocation mechanism; the optimization scheduling module can dynamically select nodes in the security business domain when creating a firewall according to the tenant's demand for traffic, and deploy the firewall instance in the security node that meets the tenant's needs . The method of the present invention can quickly respond to the needs of tenants for security services; through the optimized scheduling module, the FWAAS of Openstack provides the ability to quickly deploy security services; through the service security domain module, the security requirements corresponding to different services are separated, and tenants can quickly obtain firewalls Instances, so as to quickly configure security policies, and avoid problems such as slow firewall instance deployment and untimely response in the original Openstack solution.

Description

technical field [0001] The invention belongs to the field of network security protection, and in particular relates to a deployment optimization method of a software-defined firewall based on an openstack cloud platform. Background technique [0002] With the popularization of cloud computing, the IT transformation brought about by the software-defined data center is unstoppable. The improvement of IT efficiency and the saving of IT cost have benefited major enterprises, institutions and operators, but at the same time, it has also made traditional data The network security architecture of the center is no longer applicable to the data center after cloudification. The concept of software defined security (Software Defined Security, SDS) is based on the principle of combining physical or virtual network security devices with their access modes, deployment methods, and functional implementations. For decoupling, the bottom layer is abstracted as resources in the security resou...

AI Technical Summary

Problems solved by technology

[0005] As a cloud computing framework, OpenStack has the capability of software-defined firewall (FWaaS), but as a security resource, the firewall simply instantiates the firewall without optimizing the deployment and scheduling of the firewall instance. Deployment is slow, deployment distribution is unreasonable, and cannot satisfy tenants' rapid response to security services

[0006] From the perspective of OpenStack firewall deployment, all virtual routers of tenants are deployed on network nodes in OpenStack, and firewall instances are actually virtual routers. Network nodes not only provide virtual routing services, but also provide dhcp and metadata services at the same time; a large number of centralized Deploying firewall instances on network nodes will cause deployment bottlenecks. From the tenant's business perspective, there will also be traffic bottlenecks.

Images