SDN控制器架构研究与功能开发

发布时间：2018-03-30 19:15

本文选题：接入控制　切入点：软件定义网络　出处：《电子科技大学》2014年硕士论文

【摘要】：过去的园区网络只需要提供基本的网络连接。今天,移动互联网的不断发展,网络应用的日益丰富、网络规模的不断扩大,给园区网络带来了前所未有的机遇和挑战,包括如何进行接入控制,如何简化网络管理、提高可扩展性。移动办公的趋势日益明显,导致网络边界的模糊化;应用的丰富,除了带来了服务质量方面的难题,也让对不同应用的访问控制变得复杂。这些都是接入控制面临新挑战。网络规模的不断扩大,网络设备的繁杂,新的应用的不断涌现,要求网络简化管理、提高可扩展性。通过软件定义网络的部署,本论文回答了如何简化网络管理、提高可扩展性。通过基于流的网络接入控制方法的实施,本论文回答了如何进行接入控制。软件定义网络技术把网络自下而上划分为基础设施层、控制层和应用层,使用统一接口实现集中式管理,简化了网络管理。此外,软件定义网络还实现了数据平面和控制平面分离,让网络具有了可编程性[25],这赋予了网络良好的可扩展性来适应不断变化的需求。基于流的网络接入控制方法根据用户身份、应用类型和权限等级进行网络接入控制。该接入控制方法的实施,分了控制器架构研究、系统部署和应用开发三步。在控制器架构研究中,对NOX的事件驱动机制和支撑该机制的NOX组件进行了分析。系统部署分了OpenFlow交换机部署,系统架构描述与部署两部分。在OpenFlow交换机部署中,对无线路由器硬件结构、OpenWrt的系统特性作了充分了解之后,于OpenWrt系统添加OpenVSwitch软件包,并为提供了无线接入点功能的hostapd添加了对OpenVSwitch的支持。在应用开发中,涉及了数据库、portal服务器和NOX。通过数据库表的设计实现了从OpenFlow流表到用户身份、应用类型、权限等级的抽象,全局访问控制策略的制定。通过portal服务器,实现了用户登录状态的管理。通过NOX的功能开发,实现了整个接入控制系统的控制逻辑及网络访问控制等模块。最后,经过系统测试,本系统能够在多用户、多应用、多权限环境下,根据由管理员配置的全局访问控制策略,实施相应的访问控制。
[Abstract]:In the past, the campus network only needed to provide the basic network connection.Today, with the continuous development of mobile Internet, the increasingly rich network applications and the continuous expansion of network scale, the campus network has brought unprecedented opportunities and challenges, including how to access control, how to simplify network management.Improve scalability.The trend of mobile office is becoming more and more obvious, which leads to the blurring of network boundaries. The rich applications not only bring problems in quality of service, but also complicate access control to different applications.These are new challenges to access control.With the expansion of network scale, the complexity of network equipment and the continuous emergence of new applications, the network management should be simplified and the expansibility should be improved.Through software definition of network deployment, this paper answers how to simplify network management and improve scalability.Through the implementation of flow-based network access control method, this paper answers how to carry out access control.The software defines the network technology divides the network from the bottom up into the infrastructure layer the control layer and the application layer uses the unified interface to realize the centralized management simplifies the network management.In addition, the software defines the network to realize the separation of the data plane and the control plane, which makes the network programmable, which endows the network with good scalability to meet the changing needs.The network access control method based on flow is based on user identity, application type and privilege level.The implementation of the access control method is divided into three steps: controller architecture research, system deployment and application development.In the research of controller architecture, the event-driven mechanism of NOX and the NOX components supporting it are analyzed.System deployment consists of OpenFlow switch deployment, system architecture description and deployment.In the deployment of OpenFlow switch, after fully understanding the hardware structure of wireless router, we add the OpenVSwitch software package to the OpenWrt system, and add the support to OpenVSwitch for hostapd, which provides the function of wireless access point.In the application development, the database server and NOX.Through the design of database table, the abstraction from OpenFlow stream table to user identity, application type, privilege level and global access control strategy is realized.Through the portal server, the user login status management is realized.Through the function development of NOX, the control logic and network access control module of the whole access control system are realized.Finally, through the system test, the system can implement the corresponding access control in multi-user, multi-application and multi-privilege environment according to the global access control policy configured by the administrator.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.18;TP273

【参考文献】