Policy conflict detection and resolution based on graphic representation in SDN environment

A graphic representation and conflict detection technology, applied in the field of network security, can solve problems such as the complexity of SDN applications, achieve the effect of avoiding endpoint policy conflicts and reducing the number of rules

Active Publication Date: 2022-06-21
ANHUI UNIVERSITY
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

To make matters worse, SDN applications programmed in high-level languages ​​such as Java or Python can be very complex

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Policy conflict detection and resolution based on graphic representation in SDN environment
  • Policy conflict detection and resolution based on graphic representation in SDN environment
  • Policy conflict detection and resolution based on graphic representation in SDN environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0107] Experimental environment: The SDN controller adopts Floodlight1.2, the network topology simulates Mininet2.2, and the policies in the network are generated in two small experiments with different methods. The first is generated by script files, and the second is simulated by the tool ClassBench to generate specific network endpoint policy.

[0108] Network topology: such as Figure 10 As shown, Fattree topology, 10 switches, 2 servers, 6 clients, a total of 8 hosts.

[0109] Experimental parameters: The experimental initial setting information of the optimal strategy layout module is shown in the following table.

[0110]

[0111] Implementation process:

[0112] 1. First create a Fattree topology using mininet, then create a set of flow rules by writing a script file. Use scapy to generate packets. In the network model of this embodiment, the feasibility of policy conflict detection and resolution is respectively tested. First, one or two flow rules of topology ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a policy conflict detection and resolution method based on graphic representation in an SDN environment, which uses an extended multi-bit prefix tree to store flow rules, generates corresponding equivalence class ECs and configuration diagrams, and presents network policies in the form of policy diagrams , apply the policy changes generated by each network update to the network model first, and calculate the affected ECs from the network model; check whether each affected EC in the network model has a policy violation through the violation detection module; if it occurs For any violation, the configuration graph and physical topology graph are compressed and passed to the violation resolution module; the optimizer returns a set of edges of the EC configuration graph to be added or deleted, and applies it to the network model to convert it into a specific OpenFlow Rules; use heuristic algorithms to implement optimal deployment of rules on forwarding devices. The invention rejects illegal flow rules with less overhead, solves all policy violation problems, and avoids rule conflicts of a large number of endpoint policies.

Description

technical field [0001] The invention relates to network security technology, in particular to a method for detecting and resolving policy conflict based on graphic representation in an SDN environment. Background technique [0002] Software-Defined Networking (SDN) is a new type of network architecture that facilitates better network management and simplifies the deployment of new network functions by separating the control module from the forwarding device. The network control logic consists of bloated routing protocols running on physical devices and works in conjunction with the network topology information and device configuration information in the traditional network, while the network control logic is implemented by the SDN controller, and the logic is centrally controlled in the SDN. OpenFlow is one of the most well-known southbound interface protocols, which empowers controllers to rely on the forwarding paths of packets in switches. The availability, security, and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L41/14H04L41/22H04L41/12
CPCH04L63/20H04L63/205H04L41/145H04L41/22H04L41/12
Inventor 房忠万仲红杨明崔杰许艳田苗苗孙秀文
Owner ANHUI UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products