Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

SDN network state consistency verification method in cloud environment

A technology of network status and verification method, applied in the field of virtual network security in cloud environment, can solve the problems of complex forwarding layer attack defense, large computing and communication overhead, inconsistent single-layer network status, etc.

Active Publication Date: 2019-09-10
SICHUAN UNIV
View PDF12 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the correct strategy of the control layer cannot guarantee the correct forwarding status of the forwarding layer, so it is necessary to monitor the forwarding layer to ensure the normal data forwarding
The second category is to detect abnormal behaviors at the forwarding layer. The flexible mechanism of SDN makes the defense against attacks at the forwarding layer very complicated. At present, the research on the network status of the forwarding layer mainly focuses on the detection and verification of abnormal forwarding behaviors.
[0005] The defects of the existing research methods mainly include: 1) Focus on solving the inconsistency of the single-layer network state in SDN, or the inconsistency of the network state caused by a certain type of attack. Since there are many kinds of attacks in the network, one attack cannot guarantee the network state. Consistency; 2) Since the network state in the cloud environment is flexible and changeable, the inconsistency of the network state can be located by obtaining the network state for global comparison, which cannot ensure that the obtained network state is the latest, and the global comparison will bring huge 3) In the cloud environment, the network configuration is dispersed in multiple virtual network terminals, relying on the terminal host to implement network functions on the data plane, so the implementation mechanism of SDN in the cloud environment is different from that in the pure SDN environment , the core-based SDN development technology cannot be directly used on the cloud platform

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SDN network state consistency verification method in cloud environment
  • SDN network state consistency verification method in cloud environment
  • SDN network state consistency verification method in cloud environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] The realization principle of the present invention is: in the network update request stage, obtain the IP-MAC binding information, network topology status, switch link connection and port information, etc. of the virtual machine in the current network through the global network view of the controller, and analyze these information form a restricted space.

[0022] Call the API interface to obtain the security policy in the network, analyze and form a security space. In the cloud platform, security policies are organized in the form of chains, each chain defines a series of rules, and each rule defines a set of matching data packets and related actions of ACCEPT, DROP and calling other chains. The security chain analysis algorithm proposed by the present invention is as follows. The security chain analysis algorithm sequentially analyzes all the rules contained in a chain, and obtains the ACCEPT / DROP(S A / S D )space. Packet source information P that is matched by rul...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an SDN (Software Defined Network) network state consistency verification method in a cloud environment, which carries out verification from two aspects of network update request and response, including request verification, security rule verification and forwarding layer path verification. In a network update request phase, a constraint space is formed by analyzing networkstate metadata. A security policy is analyzed to form a security space. The network updating request is analyzed. Rapid verification is performed with the constraint space and the security space in sequence. A malicious request is detected in real time to ensure that a controller maintains a correct global network view, and meanwhile ensuring that a flow rule issued to a forwarding layer by the controller is consistent with the security policy. The SDN controller actively sends the detection data packet verification flow forwarding path, and a label is added to the head of the detection data packet in an OpenFlow group table mode to mark the actual forwarding path of the data packet on a forwarding layer, so that lightweight data packet forwarding path verification and abnormal path positioning are realized.

Description

technical field [0001] The invention relates to the technical field of virtual network security in a cloud environment, in particular to a method for verifying the consistency of an SDN network state in a cloud environment. Background technique [0002] Software Defined Networking (SDN) is a new type of network architecture that decouples the data plane from the control plane and logically realizes centralized control and management. The emergence of SDN provides an effective solution for managing large-scale virtual networks in cloud environments. An important challenge in SDN is to ensure the consistency between the network functions defined by the high layer and the configuration of the underlying forwarding devices, that is, to ensure that the network functions and policies configured at the control layer are implemented in the forwarding layer. SDN is a typical flow rule-driven network. The legality and consistency of flow rules are the basis for ensuring the normal an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24H04L12/721H04L12/723H04L29/08H04L45/50
CPCH04L63/20H04L63/12H04L41/14H04L45/50H04L45/70H04L69/06H04L67/10
Inventor 陈兴蜀王小艳朱毅王毅桐滑强蔡顺婉
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com