SDN-based security service chain system and data packet matching and forwarding method

Abstract

The invention discloses a SDN-based security service chain system. The system comprises a control plane, flow classification nodes, service nodes and a service chain. The control plane mainly comprises core control components of the SDN service chain that are a SDN controller and an OpenFlow 1.3 switch. The SDN controller creates a service chain according to user requirements and deploys service logics of each service node on the service chain. The controller sends the characteristics of user messages that need to be processed in the service chain to the OpenFlow 1.3 switch. The OpenFlow 1.3 switch introduces data messages into the service chain according to the corresponding message characteristics. The invention also discloses a packet matching and forwarding method of the SDN-based security service chain system. The network service chain is constructed and deployed based on SDN technology, and the linkage between network visualization and service chain is realized through the feedback of information. Therefore, in the case of massive data and multi-service nodes, the method has high data forwarding efficiency and low processing time to improve network monitoring efficiency. Theinvention designs a SDN-based service chain architecture and provides a matching and forwarding process of the service chain data packets based on the architecture.

Description

Technical field [0001] The invention belongs to the field of network services, and mainly relates to an SDN-based security service chain system and a data packet matching forwarding method. Background technique [0002] The rapid development of diversified network services such as e-commerce, data centers, and social networks poses serious challenges to the traditional security service model. The performance is: 1) Coupling of security function implementation methods: existing security functions, such as firewalls, IDS, etc. Most of them are implemented based on hardware middle boxes, which have exclusive private functions in terms of functions, high construction costs, poor scalability, insufficient flexibility, and difficulty in unified management during use. 2) The staticity of the deployment location of security functions: Most of the existing security functions are statically deployed in key locations of the network, and the topology is heavily dependent. This rigid deployme...

AI Technical Summary

Problems solved by technology

[0008] The present invention solves the technical problems that in the deployment of traditional security services, the coupling between network devices is large, the topology dependence is serious, the security devices cannot be pooled, the scalability is poor, and the capabilities of security devices cannot be shared among multiple services. The technical solution is: an SDN-based secure service chain system, including a control plane, a flow classification node, a service node, and a service

Images