Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and system for implementing software-defined boundaries based on SDN

A technology of software definition and implementation method, applied in the direction of transmission system, electrical components, etc.

Active Publication Date: 2021-01-29
GUANGZHOU BINGO SOFTWARE
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] In order to overcome the above-mentioned technical defects, the present invention provides an SDN-based software-defined boundary implementation method and system, wherein the method does not need to add additional SDP gateway equipment when deploying a software-defined boundary system, solves the problem of single-point processing performance, and can be used for Security protection between internal networks to prevent illegal access or attacks between internal networks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for implementing software-defined boundaries based on SDN
  • A method and system for implementing software-defined boundaries based on SDN
  • A method and system for implementing software-defined boundaries based on SDN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] Such as figure 2 with Figure 4 As shown, this embodiment discloses a method for implementing an SDN-based software-defined boundary, the steps of which include:

[0038] S1. Register the network information of the protected service to the SDN controller to generate registration information and an encryption certificate.

[0039] Specifically, the registration information includes credentials for decrypting the encryption certificate. Therefore, the SDN controller can subsequently verify the legitimacy of the received encryption certificate according to the credentials in the registration information.

[0040] S2. The SDN controller sends a default intercept flow table to the SDN switch according to the network information of the protected service.

[0041]Specifically, the default interception flow table is set to discard the access packets whose destination address is the protected service. In this embodiment, the purpose of this setting is that when the protecte...

Embodiment 2

[0054] Such as image 3 with Figure 4 As shown, this embodiment corresponds to the method for realizing the SDN-based software-defined boundary disclosed in Embodiment 1, and discloses a specific application solution of the method.

[0055] Specifically, this application scheme includes the following steps:

[0056] ①The administrator registers the user to the SDN controller and generates a certificate.

[0057] ②The client obtains the user certificate offline to ensure that the SDN controller does not need to expose the external network and prevent the SDN controller from being attacked by hackers.

[0058] ③The client generates a SPA single-package authorization message based on the certificate, and sends it to the protected service. The SPA message is a UDP protocol message, and the target IP of the message is the IP address of the protected service. The data content of the message includes: user name, time stamp, encryption type, encryption mode, signature data, encryp...

Embodiment 3

[0066] This embodiment discloses a software-defined boundary implementation system based on SDN, its structure can refer to image 3 , the system includes an SDN controller and an SDN switch, wherein the SDN controller controls multiple virtual machines in the service group through the SDN switch. Specifically, the SDN controller and the SDN switch in this embodiment are used to execute such as implementing The SDN-based software-defined boundary implementation method described in Example 1 is used to realize the software-defined boundary. Specifically, the technical effect of the technical solution in this embodiment is similar to that in Embodiment 1, and will not be repeated here.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an SDN-based software-defined boundary implementation method and system, wherein the method uses an SDN controller to replace an SDP controller, and an SDN switch replaces an SDP gateway to implement an SPA single-packet authorization service through a flow table method of an SDN network. Logic, on the one hand, SDN switches belong to basic network facilities, and there is no need to add additional SDP gateway devices when deploying software-defined boundary systems. At the same time, SDN switches have strong forwarding performance and can be deployed in a Tor distributed manner to solve single-point processing performance problems. On the other hand, SDN switches are often used as Tor switches in the internal network, so this method can be used for security protection between internal networks to prevent illegal access or attacks between internal networks.

Description

technical field [0001] The invention belongs to the technical field of software-defined boundaries, and in particular relates to an SDN-based software-defined boundary realization method and system. Background technique [0002] The software-defined perimeter (SDP) is a security framework developed by the Cloud Security Alliance (CSA) that controls access to resources based on identity. Each terminal must perform unicast authorization (SPA) verification before connecting to the server to ensure that each device is allowed to access. Its core idea is to hide core network assets and facilities through the SDP architecture, so that they are not directly exposed to the Internet, so that network assets and facilities are protected from external security threats. Due to the large scope of protected services, the traditional SDP architecture generally adopts the gateway mode, such as figure 1 Shown: The access rules established by the SDP controller are only open to authorized us...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0823H04L63/0876H04L63/10H04L63/12
Inventor 刘忻林冬艺袁龙浩
Owner GUANGZHOU BINGO SOFTWARE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com