CN103825828A - Trusted controllable multicast controller based on Open Flow - Google Patents
Trusted controllable multicast controller based on Open Flow Download PDFInfo
- Publication number
- CN103825828A CN103825828A CN201310718446.3A CN201310718446A CN103825828A CN 103825828 A CN103825828 A CN 103825828A CN 201310718446 A CN201310718446 A CN 201310718446A CN 103825828 A CN103825828 A CN 103825828A
- Authority
- CN
- China
- Prior art keywords
- multicast
- main frame
- authentication
- uid
- mga
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a trusted controllable multicast controller based on an Open Flow. The multicast controller is connected with a host for identity authentication through an Open Flow switch, and the multicast controller makes and issues a flow table to the Open Flow switch so that multicast data can be transmitted to a host whose identify authentication succeeds. Based on the identity authentication of a multicast receiver, the reliability of the multicast receiver is realized; a multicast, when multicast group members are managed, uses a trusted controllable multicast controller for concentration management, a conventional IGMP is not used, the periodical query of the IGMP is avoided, and the time delay of a host response is reduced; and on the basis of an Open Flow technology, when the multicast group members are changed, a multicast distribution tree can dynamically selects and adjusts the forwarding path of the multicast data according to the bandwidth and rate restrictions and the like of a corresponding port on the Open Flow switch, such that the switching response time of the multicast distribution tree is optimized, therefore, the trusted controllable multicast controller based on the Open Flow has good application prospects in the field of trusted controllable high-definition multicast.
Description
Technical field
The present invention relates to computer network communication technology field, be specifically related to a kind of credible controlled bcmcs controller based on OpenFlow.
Background technology
Along with the development of cloud computing and internet, applications, future network Streaming Media proportion is increasing, the various broad band value-added services such as Streaming Media, video conference and IPTV based on broadband network, and video monitoring private network system etc. all will be used IP multicasting technology.But, because Traditional IP multicast is innately unreliable, and be all generally typical user's datagram protocol (UDP), multicast datagram may be lost, and postpones the phenomenons such as repetition and out of order arrival.Therefore, more and more stronger to the demand of credible controlled high definition multicast, the problem such as operation and service management of multicast is needed solution badly.
Due to the imperfection of multicast management protocol (IGMP) self; in multicast protocol, do not provide user to authenticate support; user can arbitrarily add any one multicast group; and can leave arbitrarily; multicast source cannot know when user adds and when exit, and cannot count in certain time on network total how many users at receiving group flow; In multicast serial protocols, lack effective control to multicast source, equally also cannot control effectively etc. and to be difficult to realize the credible controlled of multicast user.
Meanwhile, emerging open OpenFlow network and traditional IP form sharp contrast, and OpenFlow network communication architectures has central controlled feature, has increased flexibility and the extensibility of network management.Its core concept is that two major functions of the control plane of network and data retransmission are separated, respectively by the transmission node in network, i.e. and OpenFlow switch, and control node in network, core controller is realized.About the research of OpenFlow network progressively launches, relate to some key technologies in conventional internet, such as IP route, quality of service guarantee (QOS) and multicast management etc. at present.Therefore how by OpenFlow network communication architectures with add the multicast management protocol of authentication organically to combine, to realize the application in credible controllable multicast, be current problem in the urgent need to address.
summary of the invention
The object of the invention is to propose a kind of credible controlled bcmcs controller based on OpenFlow, utilize new credible controllable multicast controller, realization provides the multicast group member management of authentication, safeguard and generate multicast distribution tree by multicast management module controls, issue concrete forwarding flow table to OpenFlow switch.
The design frame chart of credible controllable multicast controller as shown in Figure 1.Credible controlled bcmcs controller is to realize on the basis of Floodlight controller of increasing income, and mainly comprises network topology and link information computing module, multicast management module, authentication management module.
Based on a credible controllable multicast controller of OpenFlow, comprise network topology and link information computing module, multicast management module and authentication management module; Bcmcs controller is connected to the main frame of authentication by OpenFlow switch, bcmcs controller is formulated and issued stream and shows the switch to OpenFlow, realizes muticast data transmission is arrived by the main frame of authentication.
Network topology and link information computing module are responsible for constructing complete network topology, by operation Topology Discovery Protocol, collect node and the link information of all OpenFlow switches that are connected with current controller, generating network adjacency list;
Authentication management module is responsible for application to add the main frame of multicast group to carry out authentication, can add multicast group by the main frame of authentication, otherwise, abandon the request data package that adds multicast group, disregard;
Multicast management module is by communicating by letter with network topology and link information computing module, obtain and generate up-to-date multicast member list in the time having main frame application add or exit multicast group, multicast management module is responsible for safeguarding and is upgraded multicast member information etc., recalculate and upgrade multicast spanning tree, issue concrete forwarding flow table to OpenFlow switch.
Add the main frame of multicast group to carry out the concrete steps of authentication to application:
(1) main frame sends challenge request message to directly connected OpenFlow switch, wherein Host represents main frame, OFS represents OpenFlow switch, UID unique identification host information, MGA represents some multicast group address: Host->OFS:UID, MGA, Request.
(2) OpenFlow switch receives challenge request message, directly be transmitted to bcmcs controller, the multicast management module of bcmcs controller is retrieved main frame UID in group membership's relation list, if retrieve and had UID main frame in MGA multicast group, illustrate that this main frame is by authentication, abandon request message, disregard.Otherwise the Host List being added by multicast group management module records maintenance application, certificate manager generation shared key key also asks response message by OpenFlow switch to main frame transmission challenge.
(3) main frame uses shared key key to encrypt UID and MGA in HMAC-SHA1 mode, and sends authentication request packet to directly connected OpenFlow switch.
(4) OpenFlow switch receives this authentication request packet, directly be transmitted to bcmcs controller, authentication management module is communicated by letter with multicast group administration module, in the application entrant table of safeguarding at multicast group administration module, retrieve main frame UID' and MGA', then use key to encrypt UID' and MGA' in HMAC-SHA1 mode, and check ciphertext HMAC-SHA1{UID', and MGA'} key and the ciphertext HMAC-SHA1{UID receiving, whether MGA} key mates:
1), if the match is successful, bcmcs controller sends the successful response message of authentication by OpenFlow switch to main frame: UID, MGA, SUCCESS.Multicast group administration module adds host information in multicast member list, and upgrades applicant's list information.
2) if retrieved unsuccessfully or it fails to match, bcmcs controller sends the response message of authentication failure to main frame by OpenFlow switch: UID, MGA, FAILURE.
The concrete steps of multicast group are exited in main frame application:
(1), in the time that main frame no longer needs receiving group stream packets, send and exit request message: Host->OFS:UID, MGA to direct-connected OpenFlow switch
(2) OpenFlow switch receives this and exits request message, directly be transmitted to bcmcs controller, multicast group administration module is inquired about according to main frame UID and MGA and is upgraded current multicast member list, then according to this multicast group, new member's list is recalculated multicast and is produced tree, the forwarding rule of final updating multicast group data bag, upgrades the OpenFlow switch respective streams list item direct-connected with exiting main frame.
The present invention compared with prior art, its remarkable advantage: the present invention is based on the authentication of multicast receivers main frame, to realize the credible of multicast receivers; The present invention, in the time carrying out multicast group member management, uses credible controlled bcmcs controller to manage concentratedly, does not use traditional IGMP agreement, has avoided the periodic queries of IGMP, will have good application prospect in credible controlled high definition multicast field.
Accompanying drawing explanation
Fig. 1 is the system block diagram of the credible controllable multicast controller based on OpenFlow of the present invention.
Fig. 2 is the particular flow sheet that main frame application of the present invention adds multicast group and verification process.
Fig. 3 is the schematic diagram of the main frame of the credible controllable multicast controller based on OpenFlow of the present invention authentication process when adding and exiting multicast group.
Embodiment
Below in conjunction with Figure of description, further describe the present invention.
As shown in Figure 1, it is made up of some OpenFlow switches of a bcmcs controller and communication with it the system block diagram of credible controllable multicast controller.Credible controlled bcmcs controller, on the basis of Floodlight controller of increasing income, mainly comprises network topology and link information computing module, multicast management module, authentication management module.
Described in it, network topology and link information computing module obtain the topology information of whole network by link discovery, the especially port message of OpenFlow switch, and in the time that main frame application adds or exits multicast group, upgrade and obtain new network topology structure;
Multicast member list is responsible for generating and is safeguarded to multicast management module, then, by the forwarding of control message monitoring group broadcasting packet, according to current network loading condition, dynamically adjusts the forward-path of multicast data flow, controls multicast distribution tree and carry out multicast packet forwarding;
Authentication management module is responsible for creating and safeguarding approval-key information, preserves and issue multicast group security strategy; Check the ID authentication request that application adds the direct connected edge OpenFlow switch of main frame of multicast group to send to bcmcs controller.
Accompanying drawing 2 has shown the overview flow chart that adds certain particular multicast group when main frame application, and it has described total flow chart of the method for the credible controllable multicast controller based on OpenFlow, comprises the following steps:
1) build network topology by network topology and link information computing module
By network topology and link information computing module control OpenFlow switch operation Topology Discovery Protocol, collect current all-network node and link information, generate neighbor information table, and construct complete network topology, the sequence number that described network topology comprises respective switch, switch ID, port id, the connectivity port state information of the connection status of switch and switch, the information such as the available bandwidth of the port obtaining according to ACL;
2) add the main frame of multicast group to carry out authentication to application
For convenience of description, in the authentication management module of bcmcs controller, introduce following symbol: certificate manager AM; The multicast authentication code AU that certificate manager is provided; Certificate manager is for generating the key GK of multicast authentication code; The direct-connected OpenFlow switch OFS of main frame;
Application adds the main frame of multicast group to register to certificate manager AM by the OpenFlow switch OFS direct-connected with it.If be registered as legitimate receiver, in certificate manager AM, retain the unique log-on message <GroupID of the overall situation, Mac, Port> mapping.
Certificate manager AM is responsible for creating and safeguarding authenticate key GK, preserves and issue multicast group security strategy to the direct-connected OpenFlow switch of legitimate receiver;
Legal multicast receivers can obtain multicast authentication code AU from AM, have AU and just can obtain multicast packet by the recipient of authentication, wherein multicast authentication code AU is by multicast group address MGA, authenticate key GK and the unique log-on message <GroupID of the multicast receivers overall situation, Mac, Port> obtains by Hash;
The process and the specific algorithm that add the main frame of multicast group to carry out authentication to application are described.
(1) main frame sends challenge request message to directly connected OpenFlow switch, wherein Host represents main frame, OFS represents OpenFlow switch, UID unique identification host information, MGA represents some multicast group address: Host->OFS:UID, MGA, Request.
(2) OpenFlow switch receives challenge request message, directly be transmitted to bcmcs controller, the multicast management module of bcmcs controller is retrieved main frame UID in group membership's relation list, if retrieve and had UID main frame in MGA multicast group, illustrate that this main frame is by authentication, abandon request message, disregard.Otherwise the Host List being added by multicast group management module records maintenance application, certificate manager generation multicast authentication code AU also asks response message by OpenFlow switch to main frame transmission challenge.
(3) main frame uses shared key key to encrypt UID and MGA in HMAC-SHA1 mode, and sends authentication request packet to directly connected OpenFlow switch.
(4) OpenFlow switch receives this authentication request packet, directly be transmitted to bcmcs controller, authentication management module is communicated by letter with multicast group administration module, in the application entrant table of safeguarding at multicast group administration module, retrieve main frame UID' and MGA', then use key to encrypt UID' and MGA' in HMAC-SHA1 mode, and check ciphertext HMAC-SHA1{UID', and MGA'} key and the ciphertext HMAC-SHA1{UID receiving, whether MGA} key mates:
1), if the match is successful, bcmcs controller sends the successful response message of authentication by OpenFlow switch to main frame: UID, MGA, SUCCESS.Multicast group administration module adds host information in multicast member list, and upgrades applicant's list information.
2) if retrieved unsuccessfully or it fails to match, bcmcs controller sends the response message of authentication failure to main frame by OpenFlow switch: UID, MGA, FAILURE.
In the time that main frame no longer needs receiving group stream packets, send and exit request message: Host->OFS:UID, MGA to direct-connected OpenFlow switch
OpenFlow switch receives this and exits request message, directly be transmitted to bcmcs controller, multicast group administration module is inquired about according to main frame UID and MGA and is upgraded current multicast member list, then according to the new member's list of this multicast group and according to the information of global switch multicast group, the forward-path of computation host and multicast source, issue forwarding flow table, the multicast switch in respective paths is flowed to increase or the deletion of list item.
Claims (3)
1. the credible controllable multicast controller based on OpenFlow, is characterized in that: comprise network topology and link information computing module, multicast management module and authentication management module; Bcmcs controller is connected to the main frame of authentication by OpenFlow switch, bcmcs controller is formulated and issued stream and shows the switch to OpenFlow, realizes muticast data transmission is arrived by the main frame of authentication;
Network topology and link information computing module are responsible for constructing complete network topology, by operation Topology Discovery Protocol, collect node and the link information of all OpenFlow switches that are connected with current controller, generating network adjacency list;
Authentication management module is responsible for application to add the main frame of multicast group to carry out authentication, can add multicast group by the main frame of authentication, otherwise, abandon the request data package that adds multicast group, disregard;
Multicast management module is by communicating by letter with network topology and link information computing module, obtain and generate up-to-date multicast member list, in the time having main frame application add or exit multicast group, multicast management module is responsible for safeguarding and is upgraded multicast member information, recalculate and upgrade multicast spanning tree, issue concrete forwarding flow table to OpenFlow switch.
2. the credible controllable multicast controller based on OpenFlow according to claim 1, is characterized in that: described to add the main frame of multicast group to carry out the concrete steps of authentication to application as follows:
(1) main frame sends challenge request message to directly connected OpenFlow switch, wherein Host represents main frame, OFS represents OpenFlow switch, UID unique identification host information, MGA represents some multicast group address: Host->OFS:UID, MGA, Request;
(2) OpenFlow switch receives challenge request message, directly be transmitted to bcmcs controller, the multicast management module of bcmcs controller is retrieved main frame UID in group membership's relation list, if retrieve and had UID main frame in MGA multicast group, illustrate that this main frame is by authentication, abandon request message, disregard; Otherwise the Host List being added by multicast group management module records maintenance application, certificate manager generation shared key key also asks response message by OpenFlow switch to main frame transmission challenge;
(3) main frame uses shared key key to encrypt UID and MGA in HMAC-SHA1 mode, and sends authentication request packet to directly connected OpenFlow switch;
(4) OpenFlow switch receives this authentication request packet, directly be transmitted to bcmcs controller, authentication management module is communicated by letter with multicast group administration module, in the application entrant table of safeguarding at multicast group administration module, retrieve main frame UID' and MGA', then use key to encrypt UID' and MGA' in HMAC-SHA1 mode, and check ciphertext HMAC-SHA1{UID', and MGA'} key and the ciphertext HMAC-SHA1{UID receiving, whether MGA} key mates:
1) if the match is successful, bcmcs controller sends the successful response message of authentication by OpenFlow switch to main frame: UID, MGA, SUCCESS, multicast group administration module adds host information in multicast member list, and upgrades applicant's list information;
2) if retrieved unsuccessfully or it fails to match, bcmcs controller sends the response message of authentication failure to main frame by OpenFlow switch: UID, MGA, FAILURE.
3. the credible controllable multicast controller based on OpenFlow according to claim 1, is characterized in that: the concrete steps that multicast group is exited in described main frame application are as follows:
(1), in the time that main frame no longer needs receiving group stream packets, send and exit request message: Host->OFS:UID, MGA to direct-connected OpenFlow switch;
(2) OpenFlow switch receives this and exits request message, directly be transmitted to bcmcs controller, multicast group administration module is inquired about according to main frame UID and MGA and is upgraded current multicast member list, then according to this multicast group, new member's list is recalculated multicast and is produced tree, the forwarding rule of final updating multicast group data bag, upgrades the OpenFlow switch respective streams list item direct-connected with exiting main frame.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310718446.3A CN103825828A (en) | 2013-12-23 | 2013-12-23 | Trusted controllable multicast controller based on Open Flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310718446.3A CN103825828A (en) | 2013-12-23 | 2013-12-23 | Trusted controllable multicast controller based on Open Flow |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103825828A true CN103825828A (en) | 2014-05-28 |
Family
ID=50760667
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310718446.3A Pending CN103825828A (en) | 2013-12-23 | 2013-12-23 | Trusted controllable multicast controller based on Open Flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103825828A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104301813A (en) * | 2014-11-18 | 2015-01-21 | 上海斐讯数据通信技术有限公司 | Ethernet passive optical network system and configuration method |
| CN104579894A (en) * | 2013-10-28 | 2015-04-29 | 杭州华三通信技术有限公司 | IGMP Snooping realizing method and device of distributed virtual switch system |
| CN104717144A (en) * | 2015-03-23 | 2015-06-17 | 中国科学技术大学 | Reliable multicast method based on within-network caching and hop-by-hop confirmation |
| CN104980355A (en) * | 2015-05-14 | 2015-10-14 | 华中科技大学 | Source controllable multicast data transmission method and system thereof under SDN Environment |
| CN106209622A (en) * | 2016-06-23 | 2016-12-07 | 广州海格通信集团股份有限公司 | A kind of method of multicasting based on SDN |
| CN106817348A (en) * | 2015-11-30 | 2017-06-09 | 北京华为数字技术有限公司 | A kind of safety certifying method and relevant device based on SDN |
| CN110050448A (en) * | 2016-08-03 | 2019-07-23 | 比格斯维琪网络公司 | The system and method for managing multicast service |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103346969A (en) * | 2013-07-05 | 2013-10-09 | 中国科学院计算机网络信息中心 | Method for achieving dynamic multicast spanning tree path adjustment based on OpenFlow |
-
2013
- 2013-12-23 CN CN201310718446.3A patent/CN103825828A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103346969A (en) * | 2013-07-05 | 2013-10-09 | 中国科学院计算机网络信息中心 | Method for achieving dynamic multicast spanning tree path adjustment based on OpenFlow |
Non-Patent Citations (2)
| Title |
|---|
| JIANFENG ZOU等: "DESIGN AND IMPLEMENTATION OF SECURE MULTICAST BASED ON SDN", 《BROADBAND NETWORK & MULTIMEDIA TECHNOLOGY(IC-BNMT), 2013 5TH IEEE INTERNATIONAL CONFERENCE ON》 * |
| 蒲俊峰: "基于安全组播的认证服务的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104579894A (en) * | 2013-10-28 | 2015-04-29 | 杭州华三通信技术有限公司 | IGMP Snooping realizing method and device of distributed virtual switch system |
| CN104579894B (en) * | 2013-10-28 | 2018-05-11 | 新华三技术有限公司 | The IGMP Snooping implementation methods and device of the distributed virtual switch system |
| CN104301813A (en) * | 2014-11-18 | 2015-01-21 | 上海斐讯数据通信技术有限公司 | Ethernet passive optical network system and configuration method |
| CN104717144A (en) * | 2015-03-23 | 2015-06-17 | 中国科学技术大学 | Reliable multicast method based on within-network caching and hop-by-hop confirmation |
| CN104717144B (en) * | 2015-03-23 | 2018-04-10 | 中国科学技术大学 | A kind of reliable multicast method confirmed based on caching in net and hop-by-hop |
| CN104980355A (en) * | 2015-05-14 | 2015-10-14 | 华中科技大学 | Source controllable multicast data transmission method and system thereof under SDN Environment |
| CN104980355B (en) * | 2015-05-14 | 2018-04-24 | 华中科技大学 | A kind of source controllable multicast data transmission system under SDN environment |
| CN106817348A (en) * | 2015-11-30 | 2017-06-09 | 北京华为数字技术有限公司 | A kind of safety certifying method and relevant device based on SDN |
| CN106817348B (en) * | 2015-11-30 | 2020-06-26 | 北京华为数字技术有限公司 | SDN-based security authentication method and related equipment |
| CN106209622A (en) * | 2016-06-23 | 2016-12-07 | 广州海格通信集团股份有限公司 | A kind of method of multicasting based on SDN |
| CN110050448A (en) * | 2016-08-03 | 2019-07-23 | 比格斯维琪网络公司 | The system and method for managing multicast service |
| CN110050448B (en) * | 2016-08-03 | 2021-10-15 | 比格斯维琪网络公司 | System and method for managing multicast services |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103825828A (en) | Trusted controllable multicast controller based on Open Flow | |
| US20180102965A1 (en) | Unicast branching based multicast | |
| EP2378720B1 (en) | Extranet networking method, system and device for multicast virtual private network | |
| US9379970B2 (en) | Selective content routing and storage protocol for information-centric network | |
| US9692650B2 (en) | Control apparatus, communication system, communication method, and program | |
| CN110430043B (en) | Authentication method, system and device and storage medium | |
| US8213347B2 (en) | Scalable IP-services enabled multicast forwarding with efficient resource utilization | |
| Rahman et al. | Group communication for coap | |
| US20140226531A1 (en) | Multicast support for EVPN-SPBM based on the mLDP signaling protocol | |
| US8325733B2 (en) | Method and system for layer 2 manipulator and forwarder | |
| US8730979B2 (en) | Method and system for increasing forwarding efficiency of virtual private LAN service network | |
| US20210243172A1 (en) | Methods to strengthen cyber-security and privacy in a deterministic internet of things | |
| WO2012109837A1 (en) | Unicast data frame transmission method and apparatus | |
| CN102891800A (en) | Scalable forwarding table with overflow address learning | |
| US20150215203A1 (en) | Control apparatus, communication system, communication method, and program | |
| US8559353B2 (en) | Multicast quality of service module and method | |
| WO2008098506A1 (en) | Multicast method, multicast system and multicast device | |
| US20050129236A1 (en) | Apparatus and method for data source authentication for multicast security | |
| CN102045250B (en) | Forwarding method for multicast message in VPLS, and service provider edge equipment | |
| CN111669270A (en) | Quantum encryption transmission method and device based on label switching | |
| CN103916253A (en) | Information transmission method and system on basis of information center network | |
| US20180262355A1 (en) | Method for multicast packet transmission in software defined networks | |
| EP2739076A1 (en) | Method, system and device for implementing multicast in shared network | |
| Vasudevan et al. | Study of secure network coding enabled mobile small cells | |
| Yu et al. | Software defined quantum key distribution network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140528 |
|
| WD01 | Invention patent application deemed withdrawn after publication |