Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

SDN-based security service chain system and data packet matching and forwarding method

A technology of security service and service chain, which is applied in the field of SDN-based security service chain system and data packet matching and forwarding, can solve the problems of poor scalability, topology dependence, and large coupling of network equipment, achieve low processing time, and improve network monitoring Efficiency, the effect of high data forwarding efficiency

Pending Publication Date: 2019-03-19
TIANJIN CHENGJIAN UNIV +1
View PDF6 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The present invention solves the technical problems that in the deployment of traditional security services, the coupling between network devices is large, the topology dependence is serious, the security devices cannot be pooled, the scalability is poor, and the capabilities of security devices cannot be shared among multiple services. The technical solution is: an SDN-based secure service chain system, including a control plane, a flow classification node, a service node, and a service chain. The control plane mainly includes the core control components of the SDN service chain, the SDN controller and the OpenFlow1. The controller creates a service chain according to user requirements, and deploys the business logic of each service node on the service chain; the controller sends the characteristics of user packets that need to enter the service chain to the OpenFlow1.3 switch, and the OpenFlow1.3 switch The packet characteristics introduce data packets into the service chain

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SDN-based security service chain system and data packet matching and forwarding method
  • SDN-based security service chain system and data packet matching and forwarding method
  • SDN-based security service chain system and data packet matching and forwarding method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following will briefly introduce the drawings that need to be used in the description of the embodiments.

[0027] In a campus network, the allocation of business resources usually requires consideration of both application layer resources, including data center server memory, occupancy, virtual machine resources, etc.) and network layer resources (including underlying links, etc.). This architecture realizes the joint scheduling of application layer resources and network layer resources, realizes unified global optimization, and increases resource utilization and network reliability. Associate service nodes such as firewall, intrusion detection and load balancing into chains. According to the characteristics of each service, the dynamic optimization service of the data flow path is placed in the SDN controller to run, and malicious website detection, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a SDN-based security service chain system. The system comprises a control plane, flow classification nodes, service nodes and a service chain. The control plane mainly comprises core control components of the SDN service chain that are a SDN controller and an OpenFlow 1.3 switch. The SDN controller creates a service chain according to user requirements and deploys service logics of each service node on the service chain. The controller sends the characteristics of user messages that need to be processed in the service chain to the OpenFlow 1.3 switch. The OpenFlow 1.3 switch introduces data messages into the service chain according to the corresponding message characteristics. The invention also discloses a packet matching and forwarding method of the SDN-based security service chain system. The network service chain is constructed and deployed based on SDN technology, and the linkage between network visualization and service chain is realized through the feedback of information. Therefore, in the case of massive data and multi-service nodes, the method has high data forwarding efficiency and low processing time to improve network monitoring efficiency. Theinvention designs a SDN-based service chain architecture and provides a matching and forwarding process of the service chain data packets based on the architecture.

Description

Technical field [0001] The invention belongs to the field of network services, and mainly relates to an SDN-based security service chain system and a data packet matching forwarding method. Background technique [0002] The rapid development of diversified network services such as e-commerce, data centers, and social networks poses serious challenges to the traditional security service model. The performance is: 1) Coupling of security function implementation methods: existing security functions, such as firewalls, IDS, etc. Most of them are implemented based on hardware middle boxes, which have exclusive private functions in terms of functions, high construction costs, poor scalability, insufficient flexibility, and difficulty in unified management during use. 2) The staticity of the deployment location of security functions: Most of the existing security functions are statically deployed in key locations of the network, and the topology is heavily dependent. This rigid deployme...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/751H04L29/08H04L45/02
CPCH04L45/02H04L67/56
Inventor 李国燕王新强李凯心
Owner TIANJIN CHENGJIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com