Open vSwitch violation port operation automatic discovery and traceability system in the OpenStack platform

Abstract

The invention belongs to the network technical field, in particular to an Open vSwitch violation port operation automatic discovery and traceability system in an OpenStack platform. The system of theinvention is composed of an Open vSwitch information collecting device, an OpenStack information collecting device, a violation detecting device and a violation tracing device. The Open vSwitch information collecting device periodically starts to collect the port information of the Open vSwitch on the physical server. The OpenStack information collecting device collects the information of virtualnetwork and virtual machine in the Neutron database of OpenStack at regular intervals. According to the obtained information, the violation detection device finds the violation operation through the comparison analysis. The violation traceability device collects and searches the associated log information according to the generated alarm information, and provides an alarm traceability report related to the violation for an administrator. The invention can timely find the violation behavior of bypassing the Neutron direct violation operation Open vSwitch virtual port and provide retrospective information for the investigation of violations.

Description

technical field [0001] The invention belongs to the field of network technology, and in particular relates to a security operation and maintenance system of a cloud platform, in particular to a system for automatically discovering and tracing the behavior of bypassing Neutron's illegal operation of an Open vSwitch virtual network port on an OpenStack platform. Background technique [0002] In recent years, with the rapid development of cloud computing technology, virtual network technology has also been greatly developed. The virtual network has the characteristics of high elasticity, high scalability, easy management, and openness. It can divide a physical network into multiple complete and isolated logical networks for different tenants, so that the network overhead is greatly reduced, and the network O&M and management are greatly simplified, and the reliability of network services is improved, meeting the requirements of new data centers. Currently, mainstream open sour...

AI Technical Summary

Problems solved by technology

[0006] (2) Illegal deletion of ports

The illegally deleted port and the virtual machine connected to the port are still under the control and management of OpenStack, but the remote connection and communication cannot be performed due to network interruption, so the OpenStack administrator cannot find the abnormality of the virtual machine from the virtual machine list and network topology ;

[0007] (3) Illegally changing the port configuration

[0008] Since only operations that pass through the business scheduling layer will be written into the OpenStack log, if an attacker bypasses the upper two layers and operates the Open vSwitch virtual switch directly from the resource layer, not only the cloud network administrator will not be able to perceive the network status immediately Afterwards, it is impossible to find out who attacked the network when and in what way from the OpenStack log, which poses a major challenge to cloud network administrators and security administrators

In addition, when the operation and maintenance operations are not standardized, the administrator may bypass the Neutron service and directly control the virtual server on a certain server due to temporary debugging or other reasons. This is a normal network operation and maintenance operation, but it also makes Violations originating from other users are more difficult to detect and trace

Images