CN104935604B - A kind of SDN firewall systems and method based on OpenFlow agreements - Google Patents
A kind of SDN firewall systems and method based on OpenFlow agreements Download PDFInfo
- Publication number
- CN104935604B CN104935604B CN201510366221.5A CN201510366221A CN104935604B CN 104935604 B CN104935604 B CN 104935604B CN 201510366221 A CN201510366221 A CN 201510366221A CN 104935604 B CN104935604 B CN 104935604B
- Authority
- CN
- China
- Prior art keywords
- rule
- information
- openflow
- firewall
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of SDN firewall systems and method based on OpenFlow agreements, system includes:Data analysis module, firewall rule table module, OpenFlow controllers and OpenFlow interchangers;Data analysis module is used to analyze data information, and data can come from legacy network devices, can be from the statistical information of the log information and Openflow interchangers of service.Firewall rule table module is the Match Field and Degree for receiving to send from data analysis module, and updates attached state table according to Degree;The function of OpenFlow controllers is the Rule Information for receiving slave firewall rule list module and generating, and filling Match Field, Priority, Instructions, Timeouts field form complete flow table information, complete issuing for flow table;The function of OpenFlow interchangers is the flow table for receiving OpenFlow controllers and issuing, and OpenFlow interchangers need not safeguard specific information, need the statistical information of flow table being sent to OpenFlow controllers.
Description
Technical field
The present invention relates to a kind of SDN firewall systems and method based on OpenFlow agreements, belong to Internet technology neck
Domain.
Background technology
SDN is (i.e.:Software defined network) it is a kind of new network of Emulex network innovation framework, it is the trend of future network development.SDN is strong
The control plane and data plane for adjusting the network equipment are wanted to detach, and the function of control plane is pooled to a centralization control in network
Device processed.SDN controllers are realized the calculating of collection, routing of network topology, the generation of flow table and are issued, the management and control of network
Etc. functions, network layer device be merely responsible for flow forwarding and strategy execution.
Forwarding is detached with control brings control logic concentration, and SDN controllers possess global static topological, the whole network of network
Dynamic forwarding table information, the resource utilization of whole network, malfunction etc. pass through concentration to also open network capabilities
SDN controllers realize Internet resources unified management, integrate andVirtualizationAfterwards, the northbound interface of code requirement is upper layer
Using on-demand Internet resources and service are provided, realizes that network capabilities opens, provide on demand.
Southbound interface agreements of the OpenFlow as the controller and SDN Switch for realizing SDN frameworks, defines a system
Row specification, most important one are exactly the structure of flow entry, and flow entry can realize fine point to network packet
Analysis and control.
The firewall functionality of traditional network is realized on network devices, but in SDN network environment, network layer is set
Standby to have removed function possessed by legacy network devices, it is " mute, simple, minimum " data path to become, so in SDN
Network environment in cannot use traditional method on-premise network fire wall, but network firewall in network environment as ensureing
An important ring for network security, is essential.And the present invention can well solve problem above.
Invention content
Present invention aims under present SDN network environment for lacking network firewall, it is proposed that one kind is based on
The SDN network firewall system of OpenFlow agreements, the system are not change bottom from SDN network environment architecture feature
Network environment framework.
The technical scheme adopted by the invention to solve the technical problem is that:A kind of SDN fire prevention based on OpenFlow agreements
Wall system, the SDA system data analysis module, firewall rule table module, OpenFlow controllers and OpenFlow interchangers.This
The SDN fire walls of invention are integrated into data analysis module and firewall rule table module, are extracted by data analysis module
Go out N tuple data information;The tuple information filling firewall rule table module obtained, and built in firewall rule table module
Attached state table is found, firewall rule table module generates the flow table information suitable for OpenFlow interchangers;Its flow table information is logical
It crosses customized northbound interface and is sent to OpenFlow controllers;OpenFlow controllers are believed flow table by packet-in message
Breath is sent to OpenFlow interchangers, and the Flow Entry then provided by OpenFlow interchangers finely divide network packet
Analysis and behaviour control realize firewall functionality.
The function of data analysis module is:For analyzing data information, data can come from legacy network devices, i.e.,:It hands over
It changes planes, router, can come from the statistical information of OpenFlow controllers, can come from the log information of server network program
Etc., data analysis module mainly show that suspicious network attacks information by analyzing these statistical data, extracts N tuples (i.e.:
Dest_ip, dst_port, source_id, source_port, ip_proto_type etc.) information, Match Field are formed,
Generate Degree (i.e. simultaneously:N tuple datas);Degree and Match Field are sent to firewall rule table module simultaneously.
The function of firewall rule table module is:Receive the Match Field that are sent from data analysis module with
Degree, and attached state table is updated according to Degree;Match Field and attached state table generation Priority,
Instructions and Timeouts fills firewall rule table.Firewall rule is issued to by last firewall rule table module
In OpenFlow controllers.
The function of OpenFlow controllers is:The Rule Information that slave firewall rule list module generates is received, Match is filled
Field, Priority, Instructions, Timeouts field form complete flow table information, complete issuing for flow table;Separately
The outer statistical information for collecting each OpenFlow interchangers, statistical information are sent to data analysis module via data channel;Except this
Except, the function that OpenFlow controllers are completed is no different with common Controller.
The function of OpenFlow interchangers is:The flow table that OpenFlow controllers issue is received, OpenFlow interchangers are not
It needs to safeguard specific information, is also not required to will be apparent to oneself additional responsibility, i.e.,:All work still according to its script pattern;
But it needs the statistical information of flow table being sent to OpenFlow controllers.
The present invention also provides a kind of working method of the SDN firewall systems based on OpenFlow agreements, this method packets
It includes:Match Field and Degree are passed to firewall module by data analysis module, if Match Field are in rule-
Exist in tables, then only according to the Action list items of the Action information updates rule of Degree, at this time according to Degree
Count_num resetting or update state table in corresponding Timer values.If Match Field are not in rule-tables
In, then rule-tables is filled according to the action of Match Field and Degree, while corresponding item is created in state table
Purpose Timer.It checks all no longer valid Timer simultaneously and deletes the correspondence rule in rule-tables (i.e.:Timer
Value also uses in final flow table, and then interchanger can equally delete the Flow entry of failure to Timer values, so maintaining
The uniformity of state).After completing these work, the present invention can compress rule-tables (i.e.:IP address, protocol type all
It will appear intersection, in order to reduce the flow table entry finally issued, the present invention can compress rule-tables, be associated with intersection
Entry) form rule-chains (i.e.:Structure is identical as the list item of rule-tables).The present invention extracts rule- item by item
List item information Match Field+Action in chains form Half-flow-entry with corresponding Timer values and are sent to
OpenFlow controllers.
OpenFlow controllers of the present invention receive the Half-flow-entry passed over by firewall system, fill out
It fills other information and forms complete Flow Entry:Match Field, Priority, Counters, Instructions,
Timeouts, Cookie, wherein Match Field, Instructions, Timeouts come from Half-flow-entry;
Flow Entry are sent to OpenFlow interchangers by southbound interface, and OpenFlow controllers pass through southbound interface in real time
The statistical data for collecting OpenFlow interchangers, is sent to data analysis module.
The method of the present invention is applied to the network environment of pure SDN.
Advantageous effect:
1, the present invention is not required to do any change to bottom-layer network environment, need not be to OpneFlow agreements and network layer device
It makes a change, meets the objective of SDN frameworks, reduce deployment difficulty.
2, the present invention can not only apply the network environment of pure SDN, and can also apply to traditional network and SDN network
Hybird environment.
3, the present invention can be as simple fire wall, without now scheduling specific application environment.
4, the present invention does not do any other change for the network environment of entire bottom.
Description of the drawings
Fig. 1 is the configuration diagram of the present invention.
Fig. 2 is the data analysis module functional diagram of the present invention.
Fig. 3 is the functional diagram of the firewall system of the present invention.
Fig. 4 is the firewall system flow chart of work methods of the present invention.
Fig. 5 is the functional diagram of the OpenFlow controller modules of the present invention.
Specific implementation mode
The invention is described in further detail with reference to the accompanying drawings of the specification.
As shown in Figure 1, a kind of SDN firewall systems based on OpenFlow agreements, the SDN fire walls are integrated into data
In analysis module and firewall rule table module, N tuple data information is extracted by data analysis module;The tuple letter obtained
Breath filling firewall rule table module, and attached state table is established in firewall rule table module, firewall rule table mould
Block generates the flow table information suitable for OpenFlow interchangers;Its flow table information is sent to by customized northbound interface
OpenFlow controllers;Flow table information is sent to OpenFlow interchangers by OpenFlow controllers by packet-in message, so
The Flow Entry that the present invention is provided by OpenFlow interchangers afterwards can be to network packet explication de texte and behaviour control
On the basis of totally realize firewall functionality
The function of data analysis module is:For analyzing data information, data can come from legacy network devices, such as hand over
It changes planes, router, can come from the statistical information of OpenFlow controllers, can come from the log information of server network program
Etc., data analysis module mainly show that suspicious network attacks information by analyzing these statistical data, extracts N tuples (i.e.:
Dest_ip, dst_port, source_id, source_port, ip_proto_type etc.) information, Match Field are formed,
Generate 2 tuple datas of Degree (i.e. simultaneously:count_num,action);Here Match Field and Degree may be used
To be obtained by analyzing data, Match Field reflect attack source, the count_num fields of Degree reflect attack strength,
The action fields of Degree be then show to match Match Field data packet take behavior (Modify, Normal,
Drop).Degree and Match Field are sent to firewall rule table module simultaneously.
Match Field:(dest_ip,dst_port,source_id,source_port,ip_proto_type)
Degree:(count_num, action)
The function of firewall rule table module is:Receive the Match Field that are sent from data analysis module with
Degree, and according to the attached state table of the count_num fields of Degree update, (attached state table is a series of Timer values
Set, each timer corresponds to a rule in rule-tables);Match Field and attached state table
Timer values generate Priority, Instructions and Timeouts, and (these three fields are exactly OpenFlow definition in fact here
Flow Entry three fields) filling firewall rule table.Last firewall rule table module issues firewall rule
Into OpenFlow controllers.
The function of OpenFlow controllers is:The Rule Information that slave firewall rule list module generates is received, Match is filled
Field, Priority, Instructions, Timeouts (are defined, the value of these fields is all from fire wall by OpenFlow
In the Rule Information that rule list generates) field, complete flow table information is formed, issuing for flow table is completed;In addition it collects each
The statistical information of OpenFlow interchangers, statistical information are sent to data analysis module via data channel;In addition to this,
The function that OpenFlow controllers are completed is no different with common Controller.
The function of OpenFlow interchangers is:The flow table that OpenFlow controllers issue is received, OpenFlow interchangers are not
It needs to safeguard specific information, is also not required to will be apparent to oneself additional responsibility, i.e.,:All work still according to its script pattern;
But it needs the statistical information of flow table being sent to OpenFlow controllers.
As shown in Fig. 2, data analysis module is mainly used for collecting the statistical information of OpenFlow Swicth and server
Log information can also be used to daily record and the statistical information of collect & route device interchanger in the case where mixing network environment.Data analysis
Module carries out analyzing processing (i.e. to the information of collection:Using some signature analysis) extract attack initiator some number
According to formation Match Field information:dest_ip,dst_port,source_id,source_port,ip_proto_type;
Degree information:Count-num, action.Match Field are to obtain attack source information according to feature extraction, are mesh respectively
IP address, destination port numbers, source IP address, source port number, protocol type;Degree is made of two tuples, wherein
Count-num be according to certain computational methods obtain for reflect Match Field grade (i.e.:The bigger representative attack of value is more
Frequently), and action then defines the behavior taken to the data packet of attack source (i.e.:Value is modify, normal, drop).
As shown in figure 3, firewall module is mainly made of attached state and rule list module, rule list receives every from number
Match Field wholes field, the Action fields of Degree passed over according to analysis module fills the rule- of oneself
Corresponding field Match Field, Instructions in tables.Attached state table is rule list mould every rule in the block
It is to extract to calculate from the count_num fields of Degree, and be used for filling rule- to maintain a Timer, Timer values
The Timeouts values of each entry in tables.If if attached state table Timer is overtime, corresponding rule will be from rule list
It is deleted in rule-tables.Match Field and Degree are passed to firewall module by data analysis module.Match Field
The count-num letters of the rule-tables of whole fields, the action fields of Degree filling firewall rule table, Degree
Breath is used for updating the timer of state table in firewall module.
Firewall rule table Rule-tables (Match_Field_1, action_1;Match_Field_2,action_
2;.........)
Firewall state table state-stables (Timer1;Timer2;.........)
As shown in figure 4, the working method of firewall system of the present invention includes:Data analysis module by Match Field and
Degree is passed to firewall module, if Match Field exist in rule-tables, only according to Degree
Action information updates rule Action list items, at this time according to the count_num of Degree reset or update state table
In corresponding Timer values.If Match Field are not in rule-tables, according to Match Field and Degree
Action fills rule-tables, while the Timer of respective entries is created in state table.It checks simultaneously all no longer valid
Timer and delete the correspondence rule in rule-tables (i.e.:Timer values also use in final flow table, Timer values
Then interchanger can equally delete the Flow entry of failure, so maintaining the uniformity of state).After completing these work,
The present invention can compress rule-tables (i.e.:In IP address, protocol type intersection can all occur, finally be issued to reduce
Flow table entry, the present invention can compress rule-tables, be associated with the entry of intersection) form rule-chains (i.e.:Structure with
The list item of rule-tables is identical).The present invention extracts list item information and corresponding attached table in rule-chains item by item
Timer values form Half-flow-entry and are sent to OpenFlow controllers.
As shown in figure 5, the OpenFlow controllers of the present invention receive the Half-flow- passed over by firewall system
Entry fills other information and forms complete Flow Entry:Match Field, Priority, Counters,
Instructions, Timeouts, Cookie.Wherein, Match Field, Instructions, Timeouts come from Half-
flow-entry.Flow Entry will be sent to OpenFlow interchangers by southbound interface.And OpenFlow controller meetings
The statistical data for collecting OpenFlow interchangers by southbound interface in real time, is sent to data analysis module.
Claims (7)
1. a kind of SDN firewall systems based on OpenFlow agreements, which is characterized in that the system comprises:Data analysis mould
Block, firewall rule table module, OpenFlow controllers and OpenFlow interchangers;
The function of data analysis module is:For analyzing data information, data come from legacy network devices, can be from servicing
Log information and Openflow interchangers statistical information;Data analysis module carries out signature analysis to the data of acquisition, carries
It takes out critical data and generates Match Field and Degree, data analysis module is used to collect the statistics of OpenFlow Swicth
The log information of information and server, the daily record and statistics that collect & route device interchanger is can be provided in the case where mixing network environment are believed
Breath, data analysis module carry out analyzing processing to the information of collection, i.e.,:The number of the initiator of attack is extracted using signature analysis
According to formation Match Field information:dest_ip,dst_port,source_id,source_port,ip_proto_type;
Degree information:Count-num, action, Match Field are to obtain attack source information according to feature extraction, are mesh respectively
IP address, destination port numbers, source IP address, source port number, protocol type;Degree is made of two tuples, wherein
Count-num is the grade for reflecting Match Field, i.e.,:Bigger representatives of value is attacked more frequent, and action is then defined pair
The behavior that the data packet of attack source is taken, i.e.,:Value is modify, normal, drop;
The function of firewall rule table module is:Receive the Match Field and Degree that are sent from data analysis module,
And attached state table is updated according to Degree;Match Field and attached state table generate Priority, Instructions
Firewall rule table is filled with Timeouts, firewall rule is issued to OpenFlow controls by last firewall rule table module
In device;
The function of OpenFlow controllers is:The Rule Information that slave firewall rule list module generates is received, Match is filled
Field, Priority, Instructions, Timeouts field form complete flow table information, complete issuing for flow table;Separately
The outer statistical information for collecting each OpenFlow interchangers, statistical information are sent to data analysis module via data channel;Except this
Except, the function that OpenFlow controllers are completed is no different with common Controller;
The function of OpenFlow interchangers is:The flow table that OpenFlow controllers issue is received, OpenFlow interchangers do not need
It safeguards specific information, does not also need additional responsibility, i.e.,:All work still according to its script pattern;But it needs flow table
Statistical information be sent to OpenFlow controllers;
Receive the Match Field and Degree that are sent from data analysis module, and according to the count_num of Degree
Field updates attached state table, and attached state table is a series of set of Timer values, and each timer corresponds to rule-
A rule in tables;The Timer values of Match Field and attached state table generate Priority, Instructions
And Timeouts, these three fields are exactly the three fields filling fire wall for the Flow Entry that OpenFlow is defined in fact here
Firewall rule is issued in OpenFlow controllers by rule list, last firewall rule table module.
2. a kind of SDN firewall systems based on OpenFlow agreements according to claim 1, which is characterized in that described
The SDN fire walls of system are integrated into data analysis module and firewall rule table module, and N is extracted by data analysis module
Tuple data information;The tuple information filling firewall rule table module obtained, and established in firewall rule table module
Attached state table, firewall rule table module generate the flow table information suitable for OpenFlow interchangers;Its flow table information passes through
Customized northbound interface is sent to OpenFlow controllers;OpenFlow controllers are by packet-in message by flow table information
OpenFlow interchangers are sent to, the Flow Entry then provided by OpenFlow interchangers are to network packet explication de texte
And behaviour control.
3. a kind of SDN firewall systems based on OpenFlow agreements according to claim 1, which is characterized in that described
The data analysis module of system is used to collect the log information of the statistical information and server of OpenFlow Swicth, is mixing
For the daily record of collect & route device interchanger and statistical information under network environment;Data analysis module divides the information of collection
Analysis is handled, i.e.,:Some data of the initiator of attack are extracted using some signature analysis, form Match Field information:
dest_ip,dst_port,source_id,source_port,ip_proto_type;Degree information:Count-num,
Action, Match Field are to obtain attack source information according to feature extraction, be respectively purpose IP address, destination port numbers,
Source IP address, source port number, protocol type;Degree is made of two tuples, and wherein count-num is according to certain computational methods
Obtain the grade for reflecting Match Field, i.e.,:Value is bigger, and representative attack is more frequent, and action is then defined to attack source
The behavior taken of data packet, i.e.,:Value is modify, normal, drop.
4. a kind of SDN firewall systems based on OpenFlow agreements according to claim 1, which is characterized in that described
The firewall module of system is made of attached state and rule list module, and rule list receives every and transmitted from data analysis module
The Match Field to come over fill the rule-tables of oneself;Attached state table is that rule list mould every rule in the block is maintained
One timer, if timer is overtime, corresponding rule will be deleted from the rule-tables of rule list;Data analysis mould
Match Field and Degree are passed to firewall module by block;The action filling fire wall rule of Match Field and Degree
The count-num information of the then rule-tables of table, Degree are used for updating the timer of state table in firewall module;
The firewall rule table is Rule-tables, and structure is Match_Field_1, action_1;Match_
Field_2,action_2;.........;Firewall state table is state-stables, and structure is Timer1;
Timer2;..........
5. a kind of working method of firewall module, which is characterized in that the method includes:Data analysis module is by Match
Field and Degree is passed to firewall module, if Match Field exist in rule-tables, only according to
The Action list items of the Action information updates rule of Degree reset or update according to the count_num of Degree at this time
Corresponding Timer values in state table;If Match Field not in rule-tables, according to Match Field and
The action of Degree fills rule-tables, while the Timer of respective entries is created in state table;It checks simultaneously all
No longer valid Timer and the correspondence rule in rule-tables is deleted, i.e.,:Timer values are also used in final flow table
In, then interchanger can equally delete the Flow entry of failure and completes this so maintaining the uniformity of state Timer values
After a little work, rule-tables is compressed, forms rule-chains, i.e.,:Structure is identical as the list item of rule-tables;Item by item
The list item information Match Field+Action extracted in rule-chains form Half-flow- with corresponding Timer values
Entry is sent to OpenFlow controllers.
6. a kind of working method of firewall module according to claim 5, which is characterized in that the OpenFlow controls
Device receives the Half-flow-entry passed over by firewall module, fills other information and forms complete Flow
Entry:Match Field, Priority, Counters, Instructions, Timeouts, Cookie, wherein Match
Field, Instructions, Timeouts come from Half-flow-entry;Flow Entry are sent to by southbound interface
OpenFlow interchangers, and OpenFlow controllers collect the statistical number of OpenFlow interchangers by southbound interface in real time
According to being sent to data analysis module.
7. a kind of working method of firewall module according to claim 5, which is characterized in that the method is applied to pure
The network environment of SDN.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510366221.5A CN104935604B (en) | 2015-06-29 | 2015-06-29 | A kind of SDN firewall systems and method based on OpenFlow agreements |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510366221.5A CN104935604B (en) | 2015-06-29 | 2015-06-29 | A kind of SDN firewall systems and method based on OpenFlow agreements |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104935604A CN104935604A (en) | 2015-09-23 |
CN104935604B true CN104935604B (en) | 2018-10-30 |
Family
ID=54122576
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510366221.5A Active CN104935604B (en) | 2015-06-29 | 2015-06-29 | A kind of SDN firewall systems and method based on OpenFlow agreements |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104935604B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105516006A (en) * | 2015-11-25 | 2016-04-20 | 英业达科技有限公司 | Flow entry aggregation method and correlated network system |
CN105338003B (en) * | 2015-12-09 | 2018-05-11 | 中国电子科技集团公司第二十八研究所 | A kind of method of realizing fireproof wall applied to software defined network |
CN105553863B (en) * | 2015-12-14 | 2018-06-19 | 大连梯耐德网络技术有限公司 | A kind of more logic variant route control systems and control method based on OpenFlow |
CN105681305B (en) * | 2016-01-15 | 2019-08-09 | 北京工业大学 | A kind of SDN firewall system and implementation method |
CN107809344B (en) * | 2016-09-09 | 2021-01-22 | 中华电信股份有限公司 | Real-time traffic collection and analysis system and method |
CN106713307B (en) * | 2016-12-20 | 2019-12-10 | 中国科学院信息工程研究所 | method and system for detecting flow table consistency in SDN |
CN106790219B (en) * | 2017-01-10 | 2019-11-26 | 中国科学院信息工程研究所 | A kind of access control method and system of SDN controller |
CN110377661A (en) * | 2019-06-27 | 2019-10-25 | 浪潮思科网络科技有限公司 | A kind of method of OpenDaylight automatic synchronization Firewall device data |
CN112351034B (en) * | 2020-11-06 | 2023-07-25 | 科大讯飞股份有限公司 | Firewall setting method, device, equipment and storage medium |
CN112769829B (en) * | 2021-01-11 | 2022-10-04 | 科大讯飞股份有限公司 | Deployment method of cloud physical machine, related equipment and readable storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104104561A (en) * | 2014-08-11 | 2014-10-15 | 武汉大学 | SDN (self-defending network) firewall state detecting method and system based on OpenFlow protocol |
CN104348819A (en) * | 2013-08-07 | 2015-02-11 | 上海宽带技术及应用工程研究中心 | Firewall system in software definition network and implementation method thereof |
CN104426813A (en) * | 2013-09-02 | 2015-03-18 | 中兴通讯股份有限公司 | Method, device and controller for controlling flow table updating |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8964752B2 (en) * | 2013-02-25 | 2015-02-24 | Telefonaktiebolaget L M Ericsson (Publ) | Method and system for flow table lookup parallelization in a software defined networking (SDN) system |
-
2015
- 2015-06-29 CN CN201510366221.5A patent/CN104935604B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104348819A (en) * | 2013-08-07 | 2015-02-11 | 上海宽带技术及应用工程研究中心 | Firewall system in software definition network and implementation method thereof |
CN104426813A (en) * | 2013-09-02 | 2015-03-18 | 中兴通讯股份有限公司 | Method, device and controller for controlling flow table updating |
CN104104561A (en) * | 2014-08-11 | 2014-10-15 | 武汉大学 | SDN (self-defending network) firewall state detecting method and system based on OpenFlow protocol |
Non-Patent Citations (1)
Title |
---|
一种基于OpenFlow的SDN访问控制策略;王鹃等;《计算机学报》;20150430;第872-883页 * |
Also Published As
Publication number | Publication date |
---|---|
CN104935604A (en) | 2015-09-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104935604B (en) | A kind of SDN firewall systems and method based on OpenFlow agreements | |
CN106301911B (en) | The centralized simulation platform in kind of Information Network based on SDN half and its implementation | |
CN106130796B (en) | SDN network topology traffic visualization monitoring method and control terminal | |
CN104954166B (en) | A kind of hardware based network (WSN) emulation system and emulation mode | |
CN103825954B (en) | A kind of OpenFlow control methods and corresponding plug-in unit, platform and network | |
CN104378264B (en) | A kind of virtual machine process flux monitoring method based on sFlow | |
CN103684893B (en) | A kind of network simulation analytical equipment and method | |
CN103347013A (en) | OpenFlow network system and method for enhancing programmable capability | |
CN103795596A (en) | Programmable control SDN measuring system and method | |
CN104253749A (en) | Client distributed path computation method based on software defined network architecture | |
CN103763310A (en) | Firewall service system and method based on virtual network | |
CN105760459B (en) | A kind of distributed data processing system and method | |
CN107317758A (en) | A kind of fine granularity SDN traffic monitoring frameworks of high reliability | |
CN104935570A (en) | Network flow connection behavior characteristic analysis method based on network flow connection graph | |
CN103414612A (en) | Communication network real-time simulation method based on OPNET | |
CN103856483A (en) | Communication method for flight simulator | |
CN108337122B (en) | Operation and maintenance management system based on distributed stream computing | |
CN102694732A (en) | Method and system for constructing virtual network based on local virtualization | |
CN106302012A (en) | A kind of PTN network simulation-optimization method and system | |
Monika et al. | Performance analysis of software defined network using intent monitor and reroute method on ONOS controller | |
CN107733738A (en) | A kind of computer network cloud management system | |
CN109936505A (en) | Method and apparatus in data-centered software defined network | |
CN104734987A (en) | System and method for managing flow in software defined network | |
CN104184642B (en) | Multistage star type switched network structure and optimizing method | |
JP6524911B2 (en) | Network controller, network control method and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |