Unlock instant, AI-driven research and patent intelligence for your innovation.

An SDN-based intermediate device path authentication method

A technology of intermediate equipment and authentication methods, applied in transmission systems, electrical components, etc., can solve problems such as real-time performance of packet-level detection granularity

Active Publication Date: 2020-05-12
ZHEJIANG UNIV
View PDF8 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In addition, this type of method cannot achieve packet-level detection granularity and high real-time performance.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An SDN-based intermediate device path authentication method
  • An SDN-based intermediate device path authentication method
  • An SDN-based intermediate device path authentication method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0076] The present invention operates in the SDN environment. To build the SDN environment, the present invention adopts Open vSwitch as a switch, OpenDaylight as a controller, and performs simulation operation in Mininet. The intermediate device adopts the most widely used open source IPS / IDS—Snort, and its open source feature facilitates module addition. Before implementing this method, the flowtags application should be installed in the SDN. It should be noted that the mathematical symbols in the following text have been agreed in the "Content of the Invention" section and will not be described here.

[0077] Such as figure 1 As shown, an SDN-based intermediate device path authentication method specifically includes the following steps:

[0078] The S01 controller formulates the path according to user rules, and the adjacent intermediate device M on each path i , M i+1 (1≤ii,i+1 . the last intermediate device M on each path n On, distribute the key key n,e .

[007...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an SDN-based middlebox path authentication method, which can verify and force data packets to pass through various middleboxes in an SDN network according to a predetermined order and rule of a user. According to the method, a tag is written on each packet to represent the network path status of the packet, and a tag generation and tag detection module is added to each middlebox; the correctness of the tags is detected in a distribution mode on each middlebox to ensure the actual path legitimacy of the data packets. Considering that the egress switch needs the actual path of the final authenticated data packet, the method in the present invention combines the technology of a mapping table and a multi-stage flow table, so that the egress switch can simulate the encryption operation to implement path authentication with less memory. The method has the advantages of fine grit, real-time performance, hardware compatibility and the like, which the existing method does not have, and is helpful in popularization in practice.

Description

technical field [0001] The invention relates to the field of network path management and control, in particular to an SDN-based intermediate device path authentication method. Background technique [0002] Compared with ordinary routing and forwarding devices, Middlebox is a special network device that can provide advanced functions such as traffic engineering (Traffic Engineering) and packet inspection (Packet Inspection). Because it can provide many targeted functions and make up for the shortcomings in the traditional network, the intermediate device has been widely used at present. However, in traditional networks, configuring forwarding rules between intermediate devices is a complicated and cumbersome process, because users need to manually configure forwarding rules on different intermediate devices and switches one by one, which directly leads to the following difficulties: the rules of intermediate devices Management is time-consuming and labor-intensive. On averag...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1441H04L63/20
Inventor 卜凯杨昱天郭梓轩
Owner ZHEJIANG UNIV