数据中心下软件定义网络的部署及应用

发布时间：2018-03-05 23:20

本文选题：云数据中心　切入点：分布式　出处：《大连海事大学》2016年博士论文　论文类型：学位论文

【摘要】：自软件定义网络(Software Defined Networking)技术出现以来,经过学术界和产业界的不断推动,软件定义网络的应用不断发展和深入,数据中心的软件定义网络化也正在从理论走向实践。本文旨在数据中心环境下研究软件定义网络部署及应用的相关关健问题。随着云数据中心的不断发展,尤其是分布式云数据中心的出现,今天的数据中心已经演变成涉及十万甚至百万规模的服务器,跨越广域网地理位置分散的,集大数据运算和存储为一体的高性能计算场所。分布式云数据中心的发展带来了一系列新的问题：首先,对大规模且分布式的网络需要集中统一管理,以提高数据中心的维护效率和可用性。其次,以承载云计算业务为主要目的的云数据中心,其流量工程也面临严峻的考验。对于云计算,数据备份等大流量应用的分类,直接影响了数据中心对外提供服务的质量。再次,跨越互联网分布式的特点以及虚拟化等技术的发展,使得云数据中心网络安全面临新形势的挑战。本文深入分析和总结了分布式云数据中心的新特征,从分布式云数据中心网络中的软件定义网络部署问题、大小流分类问题,以及DDoS检测问题出发,紧紧围绕上述三个问题展开研究。本文的主要研究工作如下：首先,针对分布式云数据中心拓扑结构复杂、SDN域划分和控制器部署等问题,本文提出了基于谱的软件定义网络部署算法,即利用谱聚类思想对拓扑结构进行分析,并利用矩阵扰动和本征间隙理论对拓扑进行挖掘以找出其内在特征实现SDN域的自动划分,最后得出其控制器部署位置。为了验证我们所提出的算法,我们还设计了一个基于Cbench的测试框架。实验表明基于谱的软件定义网络部署算法具有一定的优势,其部署为后续的SDN应用研究奠定了基础。其次,针对分布式数据中心下大小流的特点和流量工程流量分类的需求,本文提出了一个基于软件定义网络的大小流分类算法。为了提高算法的实时性,本文采用两层分类策略来进行快速分类。即先基于首包检测快速排除大量的小流,减少了后续计算,再对可能的大流基于流特征进行C4.5决策树分类,以提高算法的精确度。为了进一步提高算法的分类精确度,本文除了对训练集合进行相容性分析之外,还基于数据中心自身流量特点和大流分类更重要的特点,在算法中引入了Cost-Sensitive思想,有效提高了算法的分类精确度和弥补了现有算法的不足。最后基于SDN技术进行实验,验证了算法的有效性。最后,针对分布式云数据中心下新型的DDoS攻击链路洪泛攻击检测存在的问题,本文提出了一种基于软件定义网络的DDoS检测算法。其核心思想是从提高实时性和数据存储效率出发,将SDN流表技术应用到链路洪泛攻击检测当中,节约了流统计的时间并提高了实时性；将Bloom Filter应用于软件定义网络的DDoS检测中,解决了链路洪泛攻击存储空间和时间效率要求高等问题。与传统的检测算法相比,该算法不但克服了传统算法收集信息实时性差问题,而且解决了海量数据存储效率问题。最后利用SDN技术实现了该算法,实验结果表明该算法具有一定的优势。
[Abstract]:Since the software defined network (Software Defined Networking) technology emerged, after constantly promote academia and industry, the application of software defined network development and deepening, software defined network data center is from theory to practice. This paper aims to Guan Jian data center environment of software defined network deployment and application with the continuous development of the cloud data center, especially the emergence of distributed cloud data center, the data center has evolved into today's scale involving one hundred thousand or even millions of servers across wide area network geographically dispersed, high performance computing places large data storage and computing technology. The development of distributed cloud data center brings a series of new problems: first, the large-scale and distributed network requires a centralized and unified management, to improve data center efficiency and maintenance Availability. Secondly, cloud data center as the main purpose to support cloud computing business, the traffic engineering is also facing serious challenges. For cloud computing, classification of data backup and other large flow applications, directly affects the quality of the data center to provide services. Thirdly, development across the Internet and distributed features of virtualization the cloud data center technology, network security is facing new challenges. This paper analyses and summarizes the new features of distributed cloud data center, from the software defined network deployment of distributed cloud data center network, classification of the size of the stream, starting and DDoS detection problems, focusing on these three issues. The research work of this paper is as follows: firstly, according to the distributed cloud data center complex topology, SDN domain and controller deployment problem is proposed in this paper based on spectrum Software defined network deployment algorithm, namely the use of spectral clustering for topology analysis, and using the matrix perturbation and automatic classification eigengap theory of topological mining in order to find the inherent characteristics of SDN domain, and finally got the controller located. To verify our proposed algorithm, we also design a based on Cbench test framework. The experimental results show that the spectrum of software defined network deployment algorithm has certain advantages based on the deployment of laid the foundation for the research on the application of SDN in the future. Secondly, according to the characteristics of distributed data center under the size of the stream and traffic engineering classification requirements, this paper proposes a classification algorithm software defined network size based on. In order to improve the real-time performance, this paper adopts two layer classification strategy for rapid classification. Firstly, based on the first packet fast detection to exclude small flow a lot, To reduce the subsequent calculation, and then on the flow characteristics of the flow may be C4.5 based on decision tree classification, in order to improve the algorithm accuracy. In order to further improve the classification accuracy of the algorithm in this paper, in addition to the training set for compatibility analysis, has its own data center flow characteristics and flow characteristics of the more important classification based on Cost-Sensitive introduced in the algorithm, effectively improve the classification accuracy of the algorithm and make up for the shortcomings of existing algorithms. Finally, based on the SDN technology experiment, verify the effectiveness of the algorithm. Finally, according to the distributed cloud data center DDoS attack link flooding attack detection model of the existing problems, this paper presents a DDoS detection algorithm based on software defined networking. Its core idea is from the perspective of improving the real-time and efficiency of data storage, SDN flow table technology to link flooding attack detection, To save time and improve the flow statistics in real-time; DDoS detection of Bloom Filter is applied to the software defined network, solve the link flooding attack storage space and time efficiency requirements higher. Compared with the traditional detection algorithm, this algorithm not only overcomes the traditional algorithm of collecting information in real-time, but also solves the problem the massive data storage efficiency. Finally, the algorithm is realized by using SDN technology, the experimental results show that this algorithm has certain advantages.

【学位授予单位】：大连海事大学
【学位级别】：博士
【学位授予年份】：2016
【分类号】：TP393.0;TP308

【参考文献】