SDN中基于划分技术的路由选择策略研究

发布时间：2018-02-16 14:01

本文关键词： 软件定义网络攻击检测安全等级划分网络感知业务划分　出处：《郑州大学》2017年硕士论文　论文类型：学位论文

【摘要】：软件定义网络(Software Defined Network,SDN)是一种新型的网络架构,它的核心思想是将控制平面与数据转发平面相分离,将交换机变成了简单的转发设备,控制器具有了全局性的控制能力,从而实现了网络的集中式控制和可编程性。目前,控制平面与转发平面之间主流的协议是Openflow,它的修订与发布由开放式网络基金会(Open Network Foundation,ONF)主导。软件定义网络引入了数据平面与控制平面的分离,同时也带来了与传统网络不同的攻击方式。针对软件定义网络中新流路径安装的安全性进行了研究,为交换机引入安全等级划分机制,根据交换机所处的状态,将交换机划分成三个安全等级,并将攻击检测与路由选择相结合。该机制首先通过K最短路径计算出前K条路径,然后把路径中交换机安全等级的最低值作为该路径的安全等级值,最后挑选出安全等级值最高的路径作为最终路径,当安全等级值最高的路径存在多条时,将会选择可用带宽最大的一条作为最终路径。该机制使软件定义网络面对攻击表现出动态可伸缩的能力,进而减小攻击对网络所造成的危害。当前软件定义网络中依然存在着负载不均衡和不能满足网络流量QoS要求的问题,结合SDN控制器掌握全局网络视图的优点、网络感知功能和网络流量的业务划分,提出一种基于业务划分的路由选择机制。该机制首先计算出前K条最短路径,然后根据流量的业务属性,对K条路径进行权值计算,权值最大的路径将作为最佳路径。该机制能够为不同业务类型的数据流选择一条最能满足其QoS要求的路径,并使整个网络达到负载均衡,进而提高底层网络资源的利用率。
[Abstract]:Software defined Network Defined Network (SDN) is a new network architecture. Its core idea is to separate the control plane from the data forwarding plane, to turn the switch into a simple forwarding device, and the controller has the overall control ability. Thus realizing the centralized control and programmability of the network. The main protocol between the control plane and the forwarding plane is Openflow, whose revision and release is dominated by the Open Network Foundation of ONF.Software defines the network by introducing the separation of the data plane and the control plane. At the same time, it also brings different attacks from the traditional network. The security of the new stream path installation in the software defined network is studied, and the security hierarchy mechanism is introduced for the switch, according to the state of the switch, The switch is divided into three security levels, and the attack detection is combined with routing selection. Then the lowest value of the switch security level in the path is taken as the security level value of the path. Finally, the path with the highest security level is selected as the final path. When there are multiple paths with the highest security level, The maximum available bandwidth will be chosen as the final path. This mechanism enables the software to define the network to show dynamic scalability in the face of attacks. In order to reduce the harm caused by the attack to the network, there are still some problems in the current software definition network, such as the imbalance of the load and the failure to meet the QoS requirements of network traffic. Combined with the advantages of the SDN controller to master the global network view, In this paper, a route selection mechanism based on traffic partition is proposed, which firstly calculates the first K shortest path, and then calculates the weight of K path according to the traffic attribute. The path with the largest weight value will be the best path. This mechanism can select one path that can best meet the QoS requirements for different traffic types of data flow, and make the whole network achieve load balance, and then improve the utilization of the underlying network resources.
【学位授予单位】：郑州大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.02

【相似文献】