CN106162639A - SDN wireless network management platform based on Floodlight and authentication method - Google Patents
SDN wireless network management platform based on Floodlight and authentication method Download PDFInfo
- Publication number
- CN106162639A CN106162639A CN201610457253.0A CN201610457253A CN106162639A CN 106162639 A CN106162639 A CN 106162639A CN 201610457253 A CN201610457253 A CN 201610457253A CN 106162639 A CN106162639 A CN 106162639A
- Authority
- CN
- China
- Prior art keywords
- user
- network
- management
- data
- controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/02—Arrangements for optimising operational condition
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention is a kind of SDN wireless network management platform based on Floodlight and authentication method, belongs to wireless network management field.The wireless network management platform of the present invention, realizes on Apache Server, including system management module, Topology Management module, Configuration Manager, user management module, AP management module and data statistics module.Increase the thread for periodically monitoring user profile change in the controller.AP management module realizes OpenFlow switch function as wireless aps simultaneously.Data statistics module periodically obtains network data, predicts network state according to Data Analysis Model.By the user profile of distributed data base interpolation/amendment synchronized with each other, keep the user of whole network consistent.The present invention can process user's change frequently in real time, adapts to the regulatory requirement of wireless network, adds the storage of SDN controller data and feedback capability, it is achieved that the unification of network user authentication.
Description
Technical field
The invention belongs to wireless network management field, relate to the network management of SDN, be specifically related to a kind of based on SDN control
The network management of the integral WLAN system of device and user authentication mode.
Background technology
Wireless local area network technology is increasingly widely used due to the characteristic of its Cheap highly effective, is currently based on 802.11
The WAP (Access Point, AP) of agreement has become as the important composition that present stage cordless communication network is indispensable
Part.The swift and violent lifting increased with user's request of wireless network traffic makes a large amount of enterprise and place start to arrange the nothing of oneself
Line LAN, and the cloth net mode of a radio access node can not meet the needs of medium-and-large-sized scene already, based on 802.11
The WLAN networking mode of protocol suite is disposed owing to it is convenient, high performance-price ratio, is the preferred option of each client now.Mesh
The WLAN framework that front great majority use is based on distributed autonomous management framework, the most fat AP framework.AP directly controls WLAN and uses
The access at family and verification process, can complete the functions such as ciphering user data, user authentication, QOS.Owing to each AP is one
Individually node, independent of configuration, its channel and power, installs the easiest.But, compete machine owing to frequency range is limited with MAC
The restriction of system, and the quick growth of WAP;Serious interference between distributed WAP, it is difficult to management.Cause
These many enterprise-level wlan systems introduce thin AP architecture based on Access Control (Access Control, AC), all wireless
The senior nets such as access function is completed jointly by AP and AC, and AC realizes the QoS of network, mobile management, and resource is distributed, load balancing
Network function;Focus is then placed on radio function by AP.Then assisted by CAPWAP and LWAPP of international standard between AC and AP
View communication.The thin AP structure of this centralized management can provide unified certification and security set, efficient network management and
The switching of district's intra domain user and roaming service, it is adaptable to the application of relatively large scene.But, the solution of these thin AP is usual
It is to close source, proprietary, costliness, and relies primarily on hard-wired, thus limit motility and the extension of whole network
Type.
Wherein enterprise-level SDN-WLAN system based on Floodlight controller becomes a kind of efficient solution changed the status quo
Certainly scheme.Software defined network (Software Defined Network, SDN), is a kind of new network innovation framework, is net
The virtualized a kind of implementation of network, its core technology OpenFlow is by separating network equipment chain of command with data surface
Come, it is achieved thereby that the flexible control of network traffics, make network become more intelligent as pipeline.Generally speaking, SDN is divided
Become three layers, i.e. data Layer, key-course and application layer.The network equipment of data Layer is only responsible for simple data and is forwarded, and can use
General hardware, is absorbed in lifting data forwarding capability;And the operating system being originally responsible for controlling will be refined as independent network
Operating system, is divided into key-course, is responsible for carrying out different business characteristic adaptation, and network operating system and traffic performance with
And the communication between hardware device can pass through programming realization.Floodlight is namely based on the modularity of JAVA exploitation
OpenFlow controller, can select the module that Floodlight is loaded when starting, it is also possible to add yourself's definition
The module of function.And uppermost application layer, the underlying resource that can obtain with Collection utilization key-course and information, make the overall situation
Change, high-level control management and the network optimization, it is achieved the network application taken as the leading factor with demand.This based on common hardware and can
The networking mode of programming software has more preferable expansion by network, and cost is cheaper, upgrades convenient, manages cleverer
Live.
In WLAN based on software defined network, AP is intended only as realizing wireless receiving and the unit of data forwarding, no
Possessing network intelligence, the function on upper strata needs controller to realize, and accesses including user, safety certification, forward-path, mobility
Management, power control etc..And controller is only to provide and is similar to the Resource Abstract flow process that operating system is the same, the highest
The software program code that the wireless network management of level is write by application layer realizes.The present invention will based on Floodlight controller,
The certification of the management and user that realize network accesses.In list of references [1] [2] [3], it has been proposed that WLAN based on SDN
Concrete networking plan.Whole wlan network all in the unified management of controller among, network manager can according to self
Demand dynamically changes Managed Solution, to adapt to the change of network state.Owing to extensive wlan system has for access-in management
More strict requirements, the network platform under unified management can provide more diversified network management services with many easily
The rights management of level.Therefore the loss that network is brought by configuration error and faulty operation it is substantially reduced.The weight of these schemes
Point is to realize the realization in wireless system of SDN, to reach the centralization of control, accesses the simplification of side, not
The actual system realizing management wireless network platform.Meanwhile, while simplifying access side, have ignored many AP itself can use
Management function, significantly waste the intrinsic operating capability of AP.The less wired network of the change being traditional of SDN thought reply
Network, and entering and leaving of user is all random and frequently in the wireless network.Although SDN can use load all
Weighing, traffic management technology well tackles the fluctuation of flow in network, but for the change of the network user itself, its management
It is close to unsuccessfully.In list of references [1] [2], controller even needs to restart, and reads the change of user list, every time
Restarting of controller will spend the several seconds, the either QoS of wireless network, or Consumer's Experience, is all unacceptable.
Additionally, current SDN controller is all that often the request of data message all can bring and be increased dramatically to obtain data in real time
Controller expense, now the performance of network can significantly decrease, and is embodied in the increase of network response time, and transmission is trembled
Move the aspects such as aggravation, server CPU and memory usage fluctuation.Therefore the network stabilization sex chromosome mosaicism caused is the most urgently to be resolved hurrily.
List of references is as follows:
[1]Vestin J,Dely P,Kassler A,et al.CloudMAC:towards software defined
WLANs[J].Acm Sigmobile Mobile Computing&Communications Review,2013,16(4):42-
45.
[2]Suresh L,Schulz-Zander J,Merz R,et al.Towards programmable
enterprise WLANS with Odin[C]//Proceedings of the first workshop on Hot
topics in software defined networks.ACM,2012:115-120.
[3]Lei T,Lu Z,Wen X,et al.SWAN:An SDN based campus WLAN framework
[C]//Wireless Communications,Vehicular Technology,Information Theory and
Aerospace&Electronic Systems(VITAE),2014 4th International Conference
on.IEEE,2014:1-5.
Summary of the invention
Lack the present situation of effective control measures for wireless network based on SDN, the present invention propose a kind of based on
The SDN wireless network management platform of Floodlight and authentication method, have changed the SDN controller management framework in wireless side,
Use REST api interface, the control function of floodlight is improved, REST API is expanded to AP end;Pass through data
The data of storehouse technology storage statistics controller, reduce the load of controller and data are made analyses and prediction;Add use simultaneously
The thread of family management so that user's management and the certification implemented can be carried out.
The invention provides a kind of SDN wireless network management platform based on Floodlight, on Apache Server
Realizing, the SDN controller in institute's application network is Floodlight.The DLL of SDN controller include JAVA interface and
REST api interface.Described management platform includes system management module, Topology Management module, Configuration Manager, Yong Huguan
Reason module, AP management module and data statistics module.
Described system management module obtains Apache Server and the information of Floodlight controller itself.
Described Topology Management module utilizes the annexation of switch and the attachment relationship of user, draws cellular logic and opens up
Flutter figure, according to the AP position arranged, draw the physical topology figure of network.
Described Configuration Manager includes the configuration management of two aspects, and one is the configuration management of SDN, including REST
The configuration of API operation controller and the application configuration of JAVA interface;Two is the configuration management of AP, utilizes the URI that OpenWRT provides
(Uniform Resource Identifier) simulation REST flow process, manages AP in a uniform manner.
Described user management module increases in the controller for periodically monitoring the thread that user profile changes.With
Family information is configured by the WEB UI (user interface) of management platform, and user profile change is realized by the trigger of data base.
User profile is stored in distributed data base, when the data base of SDN controller a certain in network changes, triggers network
The simultaneously operating of the data base of middle SDN controller, keeps the consistent of user profile in whole network.
Described AP management module is used for managing wireless exchange board data, it is achieved two aspect functions, and one is as wireless aps,
The operational order of all AP is stored on management platform, the management platform radio management by unified long-range operation calls AP
Function.Two is as the data surface switch in network, utilizes the Switch control ability of floodlight, it is achieved stream table configuration
Arrange with fire wall, it is achieved general OpenFlow switch function.
Described data statistics module periodically obtains number of users, switch load and user's service condition data,
And store respectively, updating statistical data, the data of storage can be placed on each controller, it is also possible to concentrates and is placed on number
In according at heart.Data statistics module is by the Data Analysis Model set up, according to the state of the data prediction network obtained, feedback
Network parameter in subsequent period is to Configuration Manager.
The invention allows for a kind of user authen method based on described management platform.The method includes:
Step 1, manager is by adding/amendment user profile, WEB on WEB UI some SDN controller in a network
UI is connected to data base by PHP interface;
Step 2, the reasonability of the user profile that data base inspection management person adds/revises, reject illegal modifications, update and close
The amendment request of reason;
Step 3, between distributed data base, the user profile of interpolation/amendment synchronized with each other, keeps the user of whole network
Information consistent, when synchronizing to be not fully complete, this user authentication request of arrival processes as authentification failure;
Step 4, AP receives user authentication request, is uploaded to Floodlight controller, and controller is by the certification of user
Packet changes into authentication event, activates user and manages thread;
Step 5, controller, according to the MAC Address of certification user or other unified identifier, inquires about user in data base
Whether information exists, for not having the user of user profile to refuse access network;There is user profile, but user property or
User right is abnormal, then will continue connection operation, and give access rights controlled, and point out abnormal information after access;There is user
Information, and user property is all normal with user right, continues connection and authentication operation, completes the access of MAC layer, and under AP
Send out corresponding stream table;
Step 6, after User Status changes, by the user profile in controller amendment correspondence database, simultaneously
User management module obtains this user profile;
Step 7, user profile synchronized with each other between distributed data base, the user profile keeping whole network is consistent, with
Make user will not repeat certification and disconnect during switching between different AP/ controllers, complete user authentication flow process.
Relative to prior art, advantages of the present invention and having the active effect that
(1) radio management function in SDN is increased.The Core Feature of SDN is routing forwarding and flow control, for nothing
The management function of line side is close to not to be had.Therefore the present invention is integrated with radio management function command intrinsic for AP in controlling platform,
The management of AP is divided into SDN switch management and wireless aps manages, pipe in the way of OF config agreement and out-of-band signalling respectively
Reason AP;Have modified the structure of SDN controller simultaneously, add thread and the database manipulation thread processing wireless user, will use
User data is changed into data base administration from file management, processes user's change frequently in real time, more adapts to the pipe of wireless network
Reason demand, such as seamless switching.
(2) storage of SDN controller data and feedback capability are added.In order to avoid the fluctuation of network performance, fairly large
Network data operation can carry out when offered load is lighter, manager can first ask nearest historical data, Yi Mian
Under heavy duty, continue to increase controller burden.Generally, SDN controller is the pipe realizing network according to current network state
Reason, in this management platform, network-management application will be fed back to by binding analysis historical data and current network conditions
Configuration Manager, makes more reasonably network application parameter prediction.
(3) unification of network user authentication is realized.The Floodlight that the present invention uses coordinates distributed data base system
Pattern, compensate for current most of SDN controllers and lacks the deficiency of East and West direction interface.The expansion of controller is always SDN net
The weakness of network, owing to using user data in user authentication, can be come by data syn-chronization between the most multiple controllers
Realize unified user authentication;This change is not required to make controller change, user's state under a certain controller
Change is transparent for other controllers, and user is in moving process, and user authentication operation need not re-start.
Accompanying drawing explanation
Fig. 1 is WLAN based on the Floodlight management Organization Chart with authentication platform of the present invention;
Fig. 2 is the cooperation of management platform each module and the feedback relationship figure of the present invention;
Fig. 3 is the flow chart that the user of the present invention is uniformly accessed into certification.
Detailed description of the invention
Below in conjunction with drawings and Examples, the present invention is described in further detail.
The present invention proposes a kind of SDN wireless network management platform based on Floodlight and authentication method, and it realizes
Based on the modularity OpenFlow controller Floodlight improved, distributed data base system, tension management application and base
Visible user interface in WEB.Wherein, with improve Floodlight controller as core, connect downwards physical network, complete
Become wlan system based on SDN to build, SDN controller realizes various management application.Management platform realizes taking at Apache
On business device, by controller and programming abstract network parameter, AP parameter, customer parameter, management parameters, it is provided that to manager with side
Operating capability the most efficiently;And realize wireless user's certification and rights management by distributed data base system, compensate for general
SDN controller lack WLAN operating capability shortcoming, improve overall performance and the controllability of network.
Fig. 1 is WLAN based on the Floodlight management Organization Chart with authentication platform of the present invention.Carry according to the present invention
The management gone out and authentication architecture, its ultimate principle is to realize the collection of the network information and joining of network parameter by data-interface
Put, it is provided that for the operating capability of wireless SDN.The specific embodiment that the present invention provides is as follows.
The running environment of network management platform is ThinkServer RD640S2620v2 4/300A2HROD;
Major parameter has:
CPU model: Xeon E5-2620v2;Standard configuration CPU quantity: 1;
Type of memory: DDR3;Memory size: 4GB;
Hard-disk interface type: SAS;Standard configuration hard-disk capacity: 300GB;
Run operating system: Ubuntu 14.04 operating system;
SDN controller is Floodlight V1.0 (radio function is rear interpolation);
WEB environment: Apache 2.0+PHP 5.5+MySQL 5.5.44
AP environment: OpenWRT 12.09+OVS 2.3
The mode of network design refers to document [2] [3], the here main framework introducing management platform and flow process.
Floodlight controller is the control centre of whole OpenFlow network architecture, has whole OpenFlow network entirely
The visual field of office.Controller is responsible for data stream and formulates logic rule, and realizes data stream by the way of issuing stream table in appointment
Transmission on path.Management platform is mutual mainly by declarative state passing interface with wlan network controller
(Representational State Transfer Application Programming Interface, REST API)
Realizing, REST utilizes simple HTTP, URI standard and XML language to build the Web service of lightweight, under the framework of REST, and control
The all information that can provide of preparative layer is all abstracted into the resource of REST, and each resource is allocated a unique unified money
Source identifier (Uniform Resource Identifier, URI).Floodlight provides REST SERVER module, will
REST api interface is exposed to user by the module being available for operation, and developer is by operation based on URI, it is achieved with network
Interoperability, its mode of operation is referred to document [4]: Lu Zhaoming, Wang Luhan, Wen Xiangming, the Radio Access Network of software definition
Framework and key technology, publishing house of Beijing University of Post & Telecommunication, 2015:170-174.
System management module in management platform, Topology Management module, Configuration Manager, AP management module, data system
Most of information of meter module are all to be obtained by the DLL of SDN controller.The DLL of SDN controller includes
JAVA interface and REST api interface.REST API passes through registration service in the server, obtains the network letter of SDN controller
Breath.Management platform needs the data providing Floodlight controller to screen, and rejects the unserviceable network information, discriminates
Do not go out management personnel can the network information, and with format pattern output, form user-friendly WEB UI.JAVA interface
Then directly it is associated with application layer/key-course, obtains network data.
What system management module obtained is server and the information of Floodlight controller itself, including current server
CPU, internal memory, IO behaviour in service, the overall status of controller, mode of operation, open duration, the module information of controller, net
Network parts are summarized, and connect switch general introduction, stream statistics general introduction firewall configuration.Server info is instructed by the shell of Linux and obtains
Taking, controller information is then obtained by REST API.
Topology Management module collects annexation and the attachment relationship of user of OpenFlow switch by REST API,
Drawing Network traffic model figure, topological data is obtained by data statistics or real-time query.Topology Management module also root
According to the AP positional information arranged, draw the physical topology figure of network, can as user location referring generally to.
Configuration Manager is divided into the configuration management of two aspects, and one is the configuration management of SDN, operates including REST API
The configuration of controller and the application configuration of JAVA interface.Developer's document according to Floodlight, this invention takes part
The REST API relevant to wlan network configures interface, such as equipment control, and exchanger information obtains, stream table configuration etc., JAVA
The application layer management application that interface is mainly write to manager provides code parameter input.Two is the configuration management of AP, the present invention
From controller end, REST API is expanded to AP end, and the URI utilizing OpenWRT to provide simulates REST flow process, in a uniform manner
Management AP.From the point of view of upper-layer user, being not required to distinguish REST API is from Floodlight, or AP.
The collecting function of the data statistics module on the right side of Fig. 1 is independently of Floodlight controller, based on Linux
Crontab order realize, crond be under Linux for periodically carry out certain task or etc. some event pending one
Individual finger daemon, the meeting per minute of crond process periodically checks whether task to be performed, if having task to be performed, then
Automatically this task is performed.Meanwhile, management platform decides whether really to perform data acquisition according to network load condition.At WLAN net
When network is larger, there may be ten several even tens AP nodes under a controller, acquisition the whole network information can become and disappear
Consume the operation of a large amount of cpu resource and memory source, such as, obtain topology information, the whole network exchanger information etc..When controller loads
Time the biggest, representative value: cpu busy percentage is more than 70%, memory usage is more than 65%, the now collection of data statistics module
Function will be suppressed, if the fairly large data of administrator request also can preferentially use the data both deposited, because once servicing
Device resource uses too high, and some wlan network burst operation cause network performance to decline rapidly, and response time is long.Therefore data
Statistics, as low priority thread, can be postponed operation.Data will be stored in data warehouse, the most permissible
Set up Data Analysis Model, such as Situation Awareness model, data mining model, it was predicted that the state of network, and by decision algorithm,
Control Configuration Manager and determine the parameter of next section of period network.
The shortcoming lacking management user for Floodlight, the framework of Floodlight is improved, carries by the present invention
Supply user management module, with the addition of the thread monitoring customer data base in real time in the controller, for periodically monitoring use
The change of user data.Management personnel can revise user profile by the WEB UI of management platform, and user profile changes by number
Realize according to the trigger in storehouse.Trigger is a kind of special storing process.General storing process is straight by storing process name
Connecing and call, and trigger is mainly carried out triggering by event (increase, delete, change) and is performed, its data in table become
During change, automatic forced performs.Therefore, as having variation when user message table in Fig. 1, trigger can be in customer data base newly-built one
User changes the new table USER_CHANGE of item, the user of Floodlight manage thread once find USER_CHANGE this
Table has new data will update the user profile in controller;After user thread has inquired about USER_CHANGE table every time, all can
Emptied, represented that updating operation is complete.
Meanwhile, the change of the data base of a certain SDN controller will trigger the synchronization of all associated database in network
Operation, the customer data base between needing controller does simultaneously operating.MySQL database is supported between two data bases at present
Master slave relation each other.Commonly referred to as the data base of variation is MDL (Master), takes the data base synchronized for from data
Storehouse (Slave).IO thread above Slave can connect Master, and asks after the appointment position specifying journal file
Log content;Then Master receives after the request of the IO thread of Slave, by the IO thread of responsible duplication according to
Solicited message reads the log information specifying daily record to specify after position.Afterwards, after the IO thread of Slave receives information, will
The log content received is written to the least significant end of the relaying daily record Relay Log file of Slave end, the SQL line of Slave successively
Journey detects after having newly increased content in Relay Log, will make the operation consistent with Master and realize the synchronization of data base.
This ensures that there the concordance of user profile in whole wlan network.
With reference to Fig. 1, management platform the most directly manages Floodlight controller, the most directly with AP phase
Even.This is primarily to improve the radio management function of management platform, and the core of SDN is to simplify routing forwarding network,
It is substantially routing management and flow management, thus the wireless side management of Floodlight is close to and does not has.But, based on SDN
AP used by wlan system is normally based on OpenWRT, OpenWRT and has certain radio management function to support at fat AP
MODE of operation.Therefore the invention provides AP and manage module, the existing AP function of Appropriate application is to increase the pipe of WALN network
Reason ability.AP management module, as wireless aps, lays particular emphasis on the management function that wireless aps is intrinsic, is stored by the operational order of all AP
On management platform, management platform is by unified long-range operation, and this operation, outside SDN system, belongs to the outer letter of band
Order, calls AP distinctive management function.AP management module, also as the data surface switch in SDN, has laid particular emphasis on line side
Routing forwarding management and flow management, it utilizes the Switch control ability of floodlight, it is achieved stream table configuration and fire wall
Arrange, as general OpenFlow switch function.The two function of AP management module is logically two lines road.?
In WLAN, the IP address of AP typically will not change, and therefore the management platform employing IP of the present invention is as the identifier of AP, integrated
The LUCI module user interface that OpenWRT provides, unification carries out AP management.Owing to each AP is required for independent login, and
And log in each time and all can produce new session, the most whole network when configuration, the administrator password of each AP in network
Need to be known by described management platform;The session information to logging in is needed to intercept and capture after the login, same in operation
During AP, corresponding session id is used to communicate.Similar with REST API, the control command of AP is packaged into URI+ ginseng
The form of number, AP management module uses GET mode, obtains the data of AP, the configuration parameter of change AP.These are ordered by management platform
Order is integrated in module, coordinates the session id of IP address and intercepting, is spliced into complete request URI and realizes different AP's
Unified management.The routing forwarding of AP is then to be responsible for by the forwarding module of Floodlight controller, forwarding module according to
OpenFlow agreement issues stream table automatically, it is achieved the OpenFLow switch function of AP, and the exchanger layer facial canal reason of AP is passed through
The stream table that Floodlight controller provides pushes interface and realizes.
Fig. 2 be the administrative authentication platform that proposes of the present invention operationally, the cooperation relation schematic diagram between each module, management
The cooperation relation of each module of platform is broadly divided into three parts: data acquisition, analysis decision and feedback perform.Layer with reference to Fig. 2
Aggregated(particle) structure, nethermost is data collection layer, and the function of this layer is collection network data, analyzes source for providing last time.Its
Mainly including that module has system management module, Topology Management module, AP management module and user management module, correspondence is collected respectively
Floodlight controller and server, network structure description, wireless exchange board data, four aspects of wireless user's information.Number
Having two kinds according to the mode gathered, one is user's Real time request, and two is that the crontab command cycle using linux kernel obtains;
The data gathered can according to time, user, take three dimensions of resource and divide.After request of data, data can be stored
In the data warehouse of statistical module.
Analysis decision layer shown in Fig. 2 is made up of data statistics module, and it is connected to data collection layer and feedback performs
Layer, plays the effect formed a connecting link, and data acquisition module utilizes the data come out to carry out mathematical modeling analysis, finally by
Decision algorithm determines how following wlan network adjusts parameter.It is pointed out that the analysis result of statistics utilizes
Fusion chart instrument is depicted as chart, is available for management personnel's direct reading.
The top layer of Fig. 2 is mainly Configuration Manager, also includes that AP management module and user management module, WLAN answer
With.Wherein AP management module and user management module had both belonged to data collection layer, belonged to again feedback execution level, because the two mould
Block not only has the ability obtaining information from network bottom layer, additionally it is possible to change these information.Configuration Manager is by analyzing certainly
The network parameter that plan layer is formulated, configuration WLAN application, it is thus achieved that preferably network performance.Such as, bigger when the load of some AP
Time, analysis decision layer will adjust the parameter of load balancing application, make the AP of heavier loads carry out scope contraction, the AP model of periphery
Enclose amplification, certain customers are diverted on other AP, thus reach the effect of feedback.The most such as, when the use in whole network
When family is the most rare, analysis decision layer will enable energy-saving application, and in inquiry data base, the adhesion condition of each user, makes not
There is the AP node dormancy that user adheres to, to reduce the overall power of network.Additionally, Configuration Manager can also configure system administration
Module and data statistics module, decide whether when server resource utilization rate difference to perform data acquisition operations.Feedback performs
Space to network management between layer or manager, the functional module of this layer needs to provide friendly operation circle to manager
Face, and can recognize that risky operation, manager is sounded a warning.
The modular management platform that the present invention proposes enhances motility and the extensibility of management, and each module respectively takes charge of it
Duty cooperates, and makes network have intelligence, improves manageability and the stability of network.The introducing of analysis decision layer, solves
The complexity of artificial cognition network condition of having determined, reduces the negative effect that mistake in judgment brings.
Fig. 3 is the WLAN user identifying procedure based on Floodlight that the present invention proposes, and each step is described below.
Step 301, manager is by adding/amendment user profile on WEB UI a certain controller in a network.Should
Step is the initialization step that user adds wlan network, needs manager to operate, and general user does not have this step
Authority.The data structure of WLAN user includes user label, user property and user right.(hypertext is pre-by PHP for WEB UI
Processor) interface is connected to data base.
Step 302, the user profile that data base inspection management person adds/revises is the most legal, rejects illegal modifications, updates
Reasonably revise request.The step for be the authority needing manager to operate.
Step 303, between distributed data base, the user profile of interpolation/amendment synchronized with each other, keeps the use of whole network
Family information is consistent.When synchronizing to be not fully complete, this user authentication request of arrival processes as authentification failure;The user not being modified
Do not affected by synchronizing process.Refusal does not synchronizes the access of user and allows for the inconsistent meeting of user profile and cause controller to occur
Abnormal, if not synchronizing user to have accessed network, user have changed again the attribute of self simultaneously, then again accessing other control
During the AP of device subordinate, the user profile that the past preserves can all be lost, such as charge information or charging information etc..
Step 304, AP receives user authentication request, is uploaded to Floodlight controller, controller recognizing user
Card packet changes into authentication event, activates user and manages thread.This function passes through FloodlightProvider core mould
Block completes, and it is responsible for being converted to the OF Packet (OpenFlow packet) received event one by one, and the forwarding of controller
Module, link study module, device management module, statistical module are registered to FloodlightProvider, become after registration
It is a service, the most just can process corresponding event.
Step 305, controller, according to the MAC Address of certification user or other unified identifier, calls customer data base
Middle searching user's information and user right, make different counte-rplan according to the different attribute of user from authority.For not having
The user of user profile refuses access network, and for there being user profile, but continuation is joined by the user of user's access authority exception
Knot (association) operation, gives access rights controlled, and points out abnormal information after access.
Step 305 farther includes three sub-steps:
Step 305-1, when user accesses wlan network for the first time, in OpenFlow switch, this user is not corresponding
Stream list item, this packet is uploaded to Floodlight controller as packet-in message by OpenFLow exchange opportunity.
Floodlight controller resolves the content of Packet-in packet, extracts user label, then triggers user and manages thread and arrive
Customer data base is inquired about the user data that user identifier is corresponding, contrast user property and user right.
Step 305-2, if user does not exists, is directly terminating certification;If user exist, but user property or
User right occurs abnormal, and a whole set of identifying procedure still may proceed to, and AP allows also to the ensuing connection operation of user.Completely connecing
After entering, controller according to user right, can limit the access profile of user;Or user property occurs abnormal, controller will
Error message is pushed in the way of WEB page.
Step 305-3, if user property and authority are all normal, controller can inform that AP has continued connection operation, complete
Become the access of MAC layer, and issue required stream table to AP.If now AP is directly coupled on convergence switch, ensuing data
Bag all need not Packet-in flow process, is directly forwarded by OpenFlow switch;If AP is the most to also having between convergence router
Bar, can trigger packet-in flow process equally, but Floodlight controller can find this user label for access state,
Without certification again.
Step 306, after User Status changes, is revised corresponding in the data base of this controller by controller
User profile, this user profile is obtained by the user management module simultaneously managing platform.
Step 307, user profile synchronized with each other between the distributed data base that each controller is corresponding, keep whole network
User is consistent, to ensure that user will not repeat certification and disconnect during switching between different AP/ controllers, completes user authentication
Flow process.
The user authentication mode that the present invention proposes is the mode that SDN certification accesses mobile subscriber, it is to avoid traditional SDN controls
Device reads the operation of user profile so that user's management is more flexible, improves Consumer's Experience simultaneously.Data syn-chronization
Drawing is the user profile unification of whole network, compensate for current most of SDN controllers and lacks the shortcoming of East and West direction interface, anti-
Only cause data collision because of user mobility, provide feasible for SDN-WLAN network actual management based on Floodlight
Solution.
Particular embodiments described above, has been carried out the purpose of the present invention, technical scheme and beneficial effect the most in detail
Describe in detail bright it should be understood that the foregoing is only the specific embodiment of the present invention, be not limited to the present invention, all
Within the spirit and principles in the present invention, any modification, equivalent substitution and improvement etc. done, should be included in the protection of the present invention
Within the scope of.
Claims (4)
1. a SDN wireless network management platform based on Floodlight, realizes, institute's application network on Apache Server
In SDN controller be Floodlight;The DLL of SDN controller includes JAVA interface and REST api interface;It is special
Levy and be, described management platform include system management module, Topology Management module, Configuration Manager, user management module,
AP management module and data statistics module;AP is WAP;
Described system management module obtains Apache Server and the information of Floodlight controller itself;
Described Topology Management module utilizes the annexation of switch and the attachment relationship of user, draws Network traffic model
Figure, according to the AP position arranged, draws the physical topology figure of network;
Described Configuration Manager includes the configuration management of two aspects, and one is the configuration management of SDN, grasps including REST API
Make the configuration of controller and the application configuration of JAVA interface;Two is the configuration management of AP, utilizes the URI simulation that OpenWRT provides
REST flow process, manages AP in a uniform manner;URI is Uniform Resource Identifier;
Described user management module increases in the controller for periodically monitoring the thread that user profile changes;User believes
Ceasing and configured by the WEB UI of management platform, user profile change is realized by the trigger of data base;User profile is stored in
In distributed data base, when the data base of SDN controller a certain in network changes, trigger SDN controller in network
The simultaneously operating of data base, keeps the consistent of user profile in whole network;UI is user interface;
Described AP management module is used for managing wireless exchange board data, it is achieved two aspect functions, one is as wireless aps, by institute
The operational order having AP stores on management platform, the management platform management function by unified long-range operation calls AP;Two
It it is to realize the configuration of stream table to arrange with fire wall, it is achieved OpenFlow switch function;
Described data statistics module periodically obtains number of users, switch load and user's service condition data, goes forward side by side
Row stores respectively, stores on each SDN controller in a network or is centrally stored in data center;Data statistics module is led to
Crossing the Data Analysis Model set up, according to the state of the data prediction network obtained, the network parameter in feedback subsequent period is given
Configuration Manager.
A kind of SDN wireless network management platform based on Floodlight the most according to claim 1, it is characterised in that
Described data statistics module, utilizes the crontab order of Linux to realize data acquisition, and management platform is according to offered load feelings
Condition decides whether to perform data acquisition, and data statistics is as low priority thread.
A kind of SDN wireless network management platform based on Floodlight the most according to claim 1, it is characterised in that
Described AP manages module, uses IP as the identifier of AP, the LUCI module user interface that integrated OpenWRT provides, unification
Carry out AP management;Network, when configuration, is known the administrator password of each AP in network, after login, AP is logged in generation
Session information is intercepted and captured, and when operating same AP, uses corresponding session id to communicate with this AP;The control of AP
Order is packaged into the form of URI+ parameter, and AP management module uses GET mode, obtains the data of AP, the configuration ginseng of change AP
Number;The routing forwarding of AP is responsible for by the forwarding module of Floodlight controller, and forwarding module is automatic according to OpenFlow agreement
Issue stream table, it is achieved the OpenFLow switch function of AP.
4. user authen method based on the management platform described in claim 1, it is characterised in that realize step as follows:
Step 1, manager is by editing/add user profile on the most a certain controller of WEB UI, WEB UI passes through PHP
Interface is connected to data base;
Step 2, data base inspection management person revises/adds the reasonability of information, rejects illegal modifications, and updating reasonably amendment please
Ask;
Step 3, the user profile of interpolation/amendment synchronized with each other between distributed data base, keep the user of whole network consistent,
When synchronizing to be not fully complete, this user authentication request of arrival processes as authentification failure;
Step 4, AP receives user authentication request, is uploaded to Floodlight controller, and controller is by the authentication data of user
Bag changes into authentication event, activates user and manages thread;
Step 5, controller is according to the MAC Address of certification user or unified identifier, and in data base, whether searching user's information
Exist, for not having the user of user profile to refuse access network;There is user profile, but user property or user right
Abnormal, then will continue connection operation, and give access rights after access controlled, and point out abnormal information;There is user profile, user
Attribute and user right are all normal, continue connection operation, complete the access of MAC layer, and issue the stream table of correspondence to AP;
Step 6, after User Status changes, the user profile in controller amendment correspondence database, user's pipe simultaneously
Reason module obtains this user profile;
Step 7, user profile synchronized with each other between distributed data base, the user profile keeping whole network is consistent, completes to use
Family identifying procedure.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510828065X | 2015-11-25 | ||
| CN201510828065 | 2015-11-25 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106162639A true CN106162639A (en) | 2016-11-23 |
| CN106162639B CN106162639B (en) | 2019-04-12 |
Family
ID=57352987
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610457253.0A Active CN106162639B (en) | 2015-11-25 | 2016-06-22 | SDN wireless network management platform and authentication method based on Floodlight |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106162639B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241422A (en) * | 2017-06-23 | 2017-10-10 | 郑州云海信息技术有限公司 | It is a kind of in real time by the method for external user and subscriber group information with stepping Apache Ranger |
| CN107368363A (en) * | 2017-07-20 | 2017-11-21 | 郑州云海信息技术有限公司 | A kind of cycle management method and device |
| CN107919982A (en) * | 2017-10-31 | 2018-04-17 | 江苏省未来网络创新研究院 | A kind of DCI management platforms and its management method |
| CN108541019A (en) * | 2018-03-26 | 2018-09-14 | 杨鲲 | A kind of the upstream bandwidth control method and system of software definition wireless network |
| CN109327506A (en) * | 2018-09-06 | 2019-02-12 | 网宿科技股份有限公司 | A kind of resource allocation methods, device and readable storage medium storing program for executing |
| CN110138622A (en) * | 2019-06-04 | 2019-08-16 | 江苏创通电子股份有限公司 | Wireless local area network management system based on cloud |
| CN110169019A (en) * | 2017-01-17 | 2019-08-23 | 华为技术有限公司 | The network switch and Database Systems that database function defines |
| CN111918340A (en) * | 2020-07-08 | 2020-11-10 | 河北百亚信息科技有限公司 | WiFi wireless network bandwidth allocation method |
| CN112367389A (en) * | 2020-10-30 | 2021-02-12 | 杭州安恒信息技术股份有限公司 | Agent-based software defined network method and device |
| US11080274B2 (en) | 2017-01-17 | 2021-08-03 | Futurewei Technologies, Inc. | Best-efforts database functions |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023335A (en) * | 2014-05-28 | 2014-09-03 | 北京邮电大学 | SDN (Software Defined Network)-based heterogeneous network convergence framework |
| CN104540144A (en) * | 2014-12-24 | 2015-04-22 | 西安交通大学 | User-centered network architecture based on software definition |
| CN105025487A (en) * | 2015-07-28 | 2015-11-04 | 北京邮电大学 | SDN-based carrier grade WLAN system and unified authentication method |
-
2016
- 2016-06-22 CN CN201610457253.0A patent/CN106162639B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023335A (en) * | 2014-05-28 | 2014-09-03 | 北京邮电大学 | SDN (Software Defined Network)-based heterogeneous network convergence framework |
| CN104540144A (en) * | 2014-12-24 | 2015-04-22 | 西安交通大学 | User-centered network architecture based on software definition |
| CN105025487A (en) * | 2015-07-28 | 2015-11-04 | 北京邮电大学 | SDN-based carrier grade WLAN system and unified authentication method |
Non-Patent Citations (3)
| Title |
|---|
| TAO LEI ET AL.: "SWAN: An SDN Based Campus WLAN Framework", 《2014 4TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, VEHICULAR TECHNOLOGY, INFORMATION THEORY AND AEROSPACE & ELECTRONIC SYSTEMS (VITAE)》 * |
| ZUHRAN KHAN KHATTAK ET AL.: "Performance evaluation of OpenDaylight SDN controller", 《2014 20TH IEEE INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED SYSTEMS (ICPADS)》 * |
| 张朝昆等: "软件定义网络(SDN)研究进展", 《软件学报》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10805241B2 (en) | 2017-01-17 | 2020-10-13 | Futurewei Technologies, Inc. | Database functions-defined network switch and database system |
| US11080274B2 (en) | 2017-01-17 | 2021-08-03 | Futurewei Technologies, Inc. | Best-efforts database functions |
| CN110169019B (en) * | 2017-01-17 | 2021-01-12 | 华为技术有限公司 | Network switch and database system with database function definition |
| CN110169019A (en) * | 2017-01-17 | 2019-08-23 | 华为技术有限公司 | The network switch and Database Systems that database function defines |
| CN107241422A (en) * | 2017-06-23 | 2017-10-10 | 郑州云海信息技术有限公司 | It is a kind of in real time by the method for external user and subscriber group information with stepping Apache Ranger |
| CN107241422B (en) * | 2017-06-23 | 2020-08-11 | 浪潮云信息技术股份公司 | Method for synchronizing external user and user group information into Apache Range in real time |
| CN107368363A (en) * | 2017-07-20 | 2017-11-21 | 郑州云海信息技术有限公司 | A kind of cycle management method and device |
| CN107919982A (en) * | 2017-10-31 | 2018-04-17 | 江苏省未来网络创新研究院 | A kind of DCI management platforms and its management method |
| CN108541019A (en) * | 2018-03-26 | 2018-09-14 | 杨鲲 | A kind of the upstream bandwidth control method and system of software definition wireless network |
| CN109327506A (en) * | 2018-09-06 | 2019-02-12 | 网宿科技股份有限公司 | A kind of resource allocation methods, device and readable storage medium storing program for executing |
| CN110138622A (en) * | 2019-06-04 | 2019-08-16 | 江苏创通电子股份有限公司 | Wireless local area network management system based on cloud |
| CN110138622B (en) * | 2019-06-04 | 2022-05-27 | 江苏创通电子股份有限公司 | Wireless local area network management system based on cloud technology |
| CN111918340A (en) * | 2020-07-08 | 2020-11-10 | 河北百亚信息科技有限公司 | WiFi wireless network bandwidth allocation method |
| CN112367389A (en) * | 2020-10-30 | 2021-02-12 | 杭州安恒信息技术股份有限公司 | Agent-based software defined network method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106162639B (en) | 2019-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106162639A (en) | SDN wireless network management platform based on Floodlight and authentication method | |
| US9806983B2 (en) | System and method for control flow management in software defined networks | |
| EP2989750B1 (en) | Network configuration auto-deployment | |
| CN109743893A (en) | Method and apparatus for network slice | |
| CN102770852B (en) | Information communications processing system, method and network node | |
| CN103841056B (en) | A kind of open storage management and dispatching method based on software defined network and system | |
| CN105553849B (en) | A kind of traditional IP and SPTN network intercommunication method and system | |
| CN103997414B (en) | Generate method and the network control unit of configuration information | |
| CN103607432B (en) | A kind of method and system of network creation and the network control center | |
| CN109906637A (en) | Network slice management system and method in chain of command | |
| CN103297256B (en) | The management method of a kind of thing network sensing layer node and system | |
| CN109379217B (en) | A kind of different producer's arranging service device of Metropolitan Area Network (MAN) | |
| CN110855509B (en) | Novel configuration method for SPTN (packet transport network) network architecture of cloud software definition | |
| CN106412880B (en) | A kind of wireless mesh safety classification transmission method based on SDN | |
| CN104811393B (en) | Multicast message duplication method, device and open flow controller | |
| CN109698757A (en) | Switch master/slave device, the method for restoring user data, server and the network equipment | |
| CN107919982A (en) | A kind of DCI management platforms and its management method | |
| CN109639484B (en) | Industrial fusion network management method based on software definition and network manager thereof | |
| CN103731307A (en) | Method for standardized data surface dynamic reconstruction for multiple services | |
| CN101998456A (en) | Self-organization network parameter configuration control method and parameter modification control system | |
| CN104065514A (en) | Home network management method based on network configuration protocol (NETCONF) relay | |
| CN107979498A (en) | A kind of mesh network clusters and the big document transmission method based on the cluster | |
| Wang et al. | Software defined autonomic QoS model for future Internet | |
| CN109194914A (en) | A kind for the treatment of method and apparatus of facility information | |
| CN108650116A (en) | A kind of group technology being used under the IP interconnections of DMR intermediate stations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |