East-west traffic safety protection method and system based on SDN

A security protection and traffic technology, applied in the field of computer networks, can solve the problems of flow security isolation protection, the inability to protect the east-west traffic of the OpenStack cloud data center, etc., and achieve the effect of solving the isolation protection problem.

Pending Publication Date: 2020-11-17
SHENZHEN POWER SUPPLY BUREAU
View PDF8 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention proposes an SDN-based east-west flow security protection method and its system to solve the blind spots th

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • East-west traffic safety protection method and system based on SDN
  • East-west traffic safety protection method and system based on SDN
  • East-west traffic safety protection method and system based on SDN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The following descriptions of various embodiments refer to the accompanying drawings to illustrate specific embodiments in which the present invention can be implemented.

[0032] Embodiment 1 of the present invention provides an SDN-based east-west traffic security protection system, including:

[0033] SND controllers, virtual switches and security devices in the cloud are arranged from top to bottom;

[0034] The SDN controller connects to the upper-layer application through the restful interface in the north direction, and connects to the underlying virtual device in the south direction;

[0035] There are several virtual hosts attached to the virtual switch;

[0036] The security device in the cloud includes a firewall virtual network element, which is placed inside each cloud host in the form of a virtual machine, or bridges the cloud hosts through a virtual switch.

[0037] Specifically, in this embodiment, the SDN controller adopts an open source OpenDaylight ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an east-west traffic safety protection method and system based on an SDN, and the system comprises an SND controller, a virtual switch, and an in-cloud safety device, which are arranged from the top to the bottom. The SDN controller is in north-to-north butt joint with an upper-layer application through a resful interface and in south-to-south butt joint with a bottom-layer virtual device; a plurality of virtual hosts are hung under the virtual switch; the in-cloud security device comprises a firewall virtual network element which is arranged in each cloud host in theposture of a virtual machine or is in bridge connection with the cloud host through a virtual switch. The method is suitable for an OpenStack + OpenDaylight combined cloud data center scheme, flow traction protection is carried out through the virtual switch under the control of the SDN controller, and the blind point that east and west flow of an OpenStack cloud data center cannot be protected issolved; and fine control of flow is realized based on an openflow protocol through an SDN controller, so that the isolation protection problem based on flow security is solved.

Description

technical field [0001] The invention relates to the technical field of computer networks, in particular to an SDN-based east-west flow security protection method and system thereof. Background technique [0002] In the early data center, 80% of the traffic was north-south traffic, but now it has changed to 80% east-west traffic. Data center network traffic has changed from "north-south" to "east-west", mainly because with the advent of cloud computing, more and more services have had a huge impact on the traffic model of the data center, such as search, parallel computing And other businesses require a large number of servers to form a cluster system to complete the work together, which causes the traffic between servers to become very large. [0003] In this regard, traditional security solutions are usually based on security protection of fixed physical boundaries, so corresponding to the cloud computing data center, that is, only the security protection problem of north-...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/931H04L12/813G06F9/455H04L47/20
CPCH04L63/0209H04L63/101H04L47/20H04L63/145G06F9/45558H04L49/70G06F2009/45595
Inventor 车向北欧阳宇宏王冬
Owner SHENZHEN POWER SUPPLY BUREAU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap