CN104935604B - A kind of SDN firewall systems and method based on OpenFlow agreements - Google Patents

A kind of SDN firewall systems and method based on OpenFlow agreements Download PDF

Info

Publication number
CN104935604B
CN104935604B CN201510366221.5A CN201510366221A CN104935604B CN 104935604 B CN104935604 B CN 104935604B CN 201510366221 A CN201510366221 A CN 201510366221A CN 104935604 B CN104935604 B CN 104935604B
Authority
CN
China
Prior art keywords
rule
information
openflow
firewall
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510366221.5A
Other languages
Chinese (zh)
Other versions
CN104935604A (en
Inventor
孙洪波
王�华
朱洪波
卢捍华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201510366221.5A priority Critical patent/CN104935604B/en
Publication of CN104935604A publication Critical patent/CN104935604A/en
Application granted granted Critical
Publication of CN104935604B publication Critical patent/CN104935604B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of SDN firewall systems and method based on OpenFlow agreements, system includes:Data analysis module, firewall rule table module, OpenFlow controllers and OpenFlow interchangers;Data analysis module is used to analyze data information, and data can come from legacy network devices, can be from the statistical information of the log information and Openflow interchangers of service.Firewall rule table module is the Match Field and Degree for receiving to send from data analysis module, and updates attached state table according to Degree;The function of OpenFlow controllers is the Rule Information for receiving slave firewall rule list module and generating, and filling Match Field, Priority, Instructions, Timeouts field form complete flow table information, complete issuing for flow table;The function of OpenFlow interchangers is the flow table for receiving OpenFlow controllers and issuing, and OpenFlow interchangers need not safeguard specific information, need the statistical information of flow table being sent to OpenFlow controllers.

Description

A kind of SDN firewall systems and method based on OpenFlow agreements
Technical field
The present invention relates to a kind of SDN firewall systems and method based on OpenFlow agreements, belong to Internet technology neck Domain.
Background technology
SDN is (i.e.:Software defined network) it is a kind of new network of Emulex network innovation framework, it is the trend of future network development.SDN is strong The control plane and data plane for adjusting the network equipment are wanted to detach, and the function of control plane is pooled to a centralization control in network Device processed.SDN controllers are realized the calculating of collection, routing of network topology, the generation of flow table and are issued, the management and control of network Etc. functions, network layer device be merely responsible for flow forwarding and strategy execution.
Forwarding is detached with control brings control logic concentration, and SDN controllers possess global static topological, the whole network of network Dynamic forwarding table information, the resource utilization of whole network, malfunction etc. pass through concentration to also open network capabilities SDN controllers realize Internet resources unified management, integrate andVirtualizationAfterwards, the northbound interface of code requirement is upper layer Using on-demand Internet resources and service are provided, realizes that network capabilities opens, provide on demand.
Southbound interface agreements of the OpenFlow as the controller and SDN Switch for realizing SDN frameworks, defines a system Row specification, most important one are exactly the structure of flow entry, and flow entry can realize fine point to network packet Analysis and control.
The firewall functionality of traditional network is realized on network devices, but in SDN network environment, network layer is set Standby to have removed function possessed by legacy network devices, it is " mute, simple, minimum " data path to become, so in SDN Network environment in cannot use traditional method on-premise network fire wall, but network firewall in network environment as ensureing An important ring for network security, is essential.And the present invention can well solve problem above.
Invention content
Present invention aims under present SDN network environment for lacking network firewall, it is proposed that one kind is based on The SDN network firewall system of OpenFlow agreements, the system are not change bottom from SDN network environment architecture feature Network environment framework.
The technical scheme adopted by the invention to solve the technical problem is that:A kind of SDN fire prevention based on OpenFlow agreements Wall system, the SDA system data analysis module, firewall rule table module, OpenFlow controllers and OpenFlow interchangers.This The SDN fire walls of invention are integrated into data analysis module and firewall rule table module, are extracted by data analysis module Go out N tuple data information;The tuple information filling firewall rule table module obtained, and built in firewall rule table module Attached state table is found, firewall rule table module generates the flow table information suitable for OpenFlow interchangers;Its flow table information is logical It crosses customized northbound interface and is sent to OpenFlow controllers;OpenFlow controllers are believed flow table by packet-in message Breath is sent to OpenFlow interchangers, and the Flow Entry then provided by OpenFlow interchangers finely divide network packet Analysis and behaviour control realize firewall functionality.
The function of data analysis module is:For analyzing data information, data can come from legacy network devices, i.e.,:It hands over It changes planes, router, can come from the statistical information of OpenFlow controllers, can come from the log information of server network program Etc., data analysis module mainly show that suspicious network attacks information by analyzing these statistical data, extracts N tuples (i.e.: Dest_ip, dst_port, source_id, source_port, ip_proto_type etc.) information, Match Field are formed, Generate Degree (i.e. simultaneously:N tuple datas);Degree and Match Field are sent to firewall rule table module simultaneously.
The function of firewall rule table module is:Receive the Match Field that are sent from data analysis module with Degree, and attached state table is updated according to Degree;Match Field and attached state table generation Priority, Instructions and Timeouts fills firewall rule table.Firewall rule is issued to by last firewall rule table module In OpenFlow controllers.
The function of OpenFlow controllers is:The Rule Information that slave firewall rule list module generates is received, Match is filled Field, Priority, Instructions, Timeouts field form complete flow table information, complete issuing for flow table;Separately The outer statistical information for collecting each OpenFlow interchangers, statistical information are sent to data analysis module via data channel;Except this Except, the function that OpenFlow controllers are completed is no different with common Controller.
The function of OpenFlow interchangers is:The flow table that OpenFlow controllers issue is received, OpenFlow interchangers are not It needs to safeguard specific information, is also not required to will be apparent to oneself additional responsibility, i.e.,:All work still according to its script pattern; But it needs the statistical information of flow table being sent to OpenFlow controllers.
The present invention also provides a kind of working method of the SDN firewall systems based on OpenFlow agreements, this method packets It includes:Match Field and Degree are passed to firewall module by data analysis module, if Match Field are in rule- Exist in tables, then only according to the Action list items of the Action information updates rule of Degree, at this time according to Degree Count_num resetting or update state table in corresponding Timer values.If Match Field are not in rule-tables In, then rule-tables is filled according to the action of Match Field and Degree, while corresponding item is created in state table Purpose Timer.It checks all no longer valid Timer simultaneously and deletes the correspondence rule in rule-tables (i.e.:Timer Value also uses in final flow table, and then interchanger can equally delete the Flow entry of failure to Timer values, so maintaining The uniformity of state).After completing these work, the present invention can compress rule-tables (i.e.:IP address, protocol type all It will appear intersection, in order to reduce the flow table entry finally issued, the present invention can compress rule-tables, be associated with intersection Entry) form rule-chains (i.e.:Structure is identical as the list item of rule-tables).The present invention extracts rule- item by item List item information Match Field+Action in chains form Half-flow-entry with corresponding Timer values and are sent to OpenFlow controllers.
OpenFlow controllers of the present invention receive the Half-flow-entry passed over by firewall system, fill out It fills other information and forms complete Flow Entry:Match Field, Priority, Counters, Instructions, Timeouts, Cookie, wherein Match Field, Instructions, Timeouts come from Half-flow-entry; Flow Entry are sent to OpenFlow interchangers by southbound interface, and OpenFlow controllers pass through southbound interface in real time The statistical data for collecting OpenFlow interchangers, is sent to data analysis module.
The method of the present invention is applied to the network environment of pure SDN.
Advantageous effect:
1, the present invention is not required to do any change to bottom-layer network environment, need not be to OpneFlow agreements and network layer device It makes a change, meets the objective of SDN frameworks, reduce deployment difficulty.
2, the present invention can not only apply the network environment of pure SDN, and can also apply to traditional network and SDN network Hybird environment.
3, the present invention can be as simple fire wall, without now scheduling specific application environment.
4, the present invention does not do any other change for the network environment of entire bottom.
Description of the drawings
Fig. 1 is the configuration diagram of the present invention.
Fig. 2 is the data analysis module functional diagram of the present invention.
Fig. 3 is the functional diagram of the firewall system of the present invention.
Fig. 4 is the firewall system flow chart of work methods of the present invention.
Fig. 5 is the functional diagram of the OpenFlow controller modules of the present invention.
Specific implementation mode
The invention is described in further detail with reference to the accompanying drawings of the specification.
As shown in Figure 1, a kind of SDN firewall systems based on OpenFlow agreements, the SDN fire walls are integrated into data In analysis module and firewall rule table module, N tuple data information is extracted by data analysis module;The tuple letter obtained Breath filling firewall rule table module, and attached state table is established in firewall rule table module, firewall rule table mould Block generates the flow table information suitable for OpenFlow interchangers;Its flow table information is sent to by customized northbound interface OpenFlow controllers;Flow table information is sent to OpenFlow interchangers by OpenFlow controllers by packet-in message, so The Flow Entry that the present invention is provided by OpenFlow interchangers afterwards can be to network packet explication de texte and behaviour control On the basis of totally realize firewall functionality
The function of data analysis module is:For analyzing data information, data can come from legacy network devices, such as hand over It changes planes, router, can come from the statistical information of OpenFlow controllers, can come from the log information of server network program Etc., data analysis module mainly show that suspicious network attacks information by analyzing these statistical data, extracts N tuples (i.e.: Dest_ip, dst_port, source_id, source_port, ip_proto_type etc.) information, Match Field are formed, Generate 2 tuple datas of Degree (i.e. simultaneously:count_num,action);Here Match Field and Degree may be used To be obtained by analyzing data, Match Field reflect attack source, the count_num fields of Degree reflect attack strength, The action fields of Degree be then show to match Match Field data packet take behavior (Modify, Normal, Drop).Degree and Match Field are sent to firewall rule table module simultaneously.
Match Field:(dest_ip,dst_port,source_id,source_port,ip_proto_type)
Degree:(count_num, action)
The function of firewall rule table module is:Receive the Match Field that are sent from data analysis module with Degree, and according to the attached state table of the count_num fields of Degree update, (attached state table is a series of Timer values Set, each timer corresponds to a rule in rule-tables);Match Field and attached state table Timer values generate Priority, Instructions and Timeouts, and (these three fields are exactly OpenFlow definition in fact here Flow Entry three fields) filling firewall rule table.Last firewall rule table module issues firewall rule Into OpenFlow controllers.
The function of OpenFlow controllers is:The Rule Information that slave firewall rule list module generates is received, Match is filled Field, Priority, Instructions, Timeouts (are defined, the value of these fields is all from fire wall by OpenFlow In the Rule Information that rule list generates) field, complete flow table information is formed, issuing for flow table is completed;In addition it collects each The statistical information of OpenFlow interchangers, statistical information are sent to data analysis module via data channel;In addition to this, The function that OpenFlow controllers are completed is no different with common Controller.
The function of OpenFlow interchangers is:The flow table that OpenFlow controllers issue is received, OpenFlow interchangers are not It needs to safeguard specific information, is also not required to will be apparent to oneself additional responsibility, i.e.,:All work still according to its script pattern; But it needs the statistical information of flow table being sent to OpenFlow controllers.
As shown in Fig. 2, data analysis module is mainly used for collecting the statistical information of OpenFlow Swicth and server Log information can also be used to daily record and the statistical information of collect & route device interchanger in the case where mixing network environment.Data analysis Module carries out analyzing processing (i.e. to the information of collection:Using some signature analysis) extract attack initiator some number According to formation Match Field information:dest_ip,dst_port,source_id,source_port,ip_proto_type; Degree information:Count-num, action.Match Field are to obtain attack source information according to feature extraction, are mesh respectively IP address, destination port numbers, source IP address, source port number, protocol type;Degree is made of two tuples, wherein Count-num be according to certain computational methods obtain for reflect Match Field grade (i.e.:The bigger representative attack of value is more Frequently), and action then defines the behavior taken to the data packet of attack source (i.e.:Value is modify, normal, drop).
As shown in figure 3, firewall module is mainly made of attached state and rule list module, rule list receives every from number Match Field wholes field, the Action fields of Degree passed over according to analysis module fills the rule- of oneself Corresponding field Match Field, Instructions in tables.Attached state table is rule list mould every rule in the block It is to extract to calculate from the count_num fields of Degree, and be used for filling rule- to maintain a Timer, Timer values The Timeouts values of each entry in tables.If if attached state table Timer is overtime, corresponding rule will be from rule list It is deleted in rule-tables.Match Field and Degree are passed to firewall module by data analysis module.Match Field The count-num letters of the rule-tables of whole fields, the action fields of Degree filling firewall rule table, Degree Breath is used for updating the timer of state table in firewall module.
Firewall rule table Rule-tables (Match_Field_1, action_1;Match_Field_2,action_ 2;.........)
Firewall state table state-stables (Timer1;Timer2;.........)
As shown in figure 4, the working method of firewall system of the present invention includes:Data analysis module by Match Field and Degree is passed to firewall module, if Match Field exist in rule-tables, only according to Degree Action information updates rule Action list items, at this time according to the count_num of Degree reset or update state table In corresponding Timer values.If Match Field are not in rule-tables, according to Match Field and Degree Action fills rule-tables, while the Timer of respective entries is created in state table.It checks simultaneously all no longer valid Timer and delete the correspondence rule in rule-tables (i.e.:Timer values also use in final flow table, Timer values Then interchanger can equally delete the Flow entry of failure, so maintaining the uniformity of state).After completing these work, The present invention can compress rule-tables (i.e.:In IP address, protocol type intersection can all occur, finally be issued to reduce Flow table entry, the present invention can compress rule-tables, be associated with the entry of intersection) form rule-chains (i.e.:Structure with The list item of rule-tables is identical).The present invention extracts list item information and corresponding attached table in rule-chains item by item Timer values form Half-flow-entry and are sent to OpenFlow controllers.
As shown in figure 5, the OpenFlow controllers of the present invention receive the Half-flow- passed over by firewall system Entry fills other information and forms complete Flow Entry:Match Field, Priority, Counters, Instructions, Timeouts, Cookie.Wherein, Match Field, Instructions, Timeouts come from Half- flow-entry.Flow Entry will be sent to OpenFlow interchangers by southbound interface.And OpenFlow controller meetings The statistical data for collecting OpenFlow interchangers by southbound interface in real time, is sent to data analysis module.

Claims (7)

1. a kind of SDN firewall systems based on OpenFlow agreements, which is characterized in that the system comprises:Data analysis mould Block, firewall rule table module, OpenFlow controllers and OpenFlow interchangers;
The function of data analysis module is:For analyzing data information, data come from legacy network devices, can be from servicing Log information and Openflow interchangers statistical information;Data analysis module carries out signature analysis to the data of acquisition, carries It takes out critical data and generates Match Field and Degree, data analysis module is used to collect the statistics of OpenFlow Swicth The log information of information and server, the daily record and statistics that collect & route device interchanger is can be provided in the case where mixing network environment are believed Breath, data analysis module carry out analyzing processing to the information of collection, i.e.,:The number of the initiator of attack is extracted using signature analysis According to formation Match Field information:dest_ip,dst_port,source_id,source_port,ip_proto_type; Degree information:Count-num, action, Match Field are to obtain attack source information according to feature extraction, are mesh respectively IP address, destination port numbers, source IP address, source port number, protocol type;Degree is made of two tuples, wherein Count-num is the grade for reflecting Match Field, i.e.,:Bigger representatives of value is attacked more frequent, and action is then defined pair The behavior that the data packet of attack source is taken, i.e.,:Value is modify, normal, drop;
The function of firewall rule table module is:Receive the Match Field and Degree that are sent from data analysis module, And attached state table is updated according to Degree;Match Field and attached state table generate Priority, Instructions Firewall rule table is filled with Timeouts, firewall rule is issued to OpenFlow controls by last firewall rule table module In device;
The function of OpenFlow controllers is:The Rule Information that slave firewall rule list module generates is received, Match is filled Field, Priority, Instructions, Timeouts field form complete flow table information, complete issuing for flow table;Separately The outer statistical information for collecting each OpenFlow interchangers, statistical information are sent to data analysis module via data channel;Except this Except, the function that OpenFlow controllers are completed is no different with common Controller;
The function of OpenFlow interchangers is:The flow table that OpenFlow controllers issue is received, OpenFlow interchangers do not need It safeguards specific information, does not also need additional responsibility, i.e.,:All work still according to its script pattern;But it needs flow table Statistical information be sent to OpenFlow controllers;
Receive the Match Field and Degree that are sent from data analysis module, and according to the count_num of Degree Field updates attached state table, and attached state table is a series of set of Timer values, and each timer corresponds to rule- A rule in tables;The Timer values of Match Field and attached state table generate Priority, Instructions And Timeouts, these three fields are exactly the three fields filling fire wall for the Flow Entry that OpenFlow is defined in fact here Firewall rule is issued in OpenFlow controllers by rule list, last firewall rule table module.
2. a kind of SDN firewall systems based on OpenFlow agreements according to claim 1, which is characterized in that described The SDN fire walls of system are integrated into data analysis module and firewall rule table module, and N is extracted by data analysis module Tuple data information;The tuple information filling firewall rule table module obtained, and established in firewall rule table module Attached state table, firewall rule table module generate the flow table information suitable for OpenFlow interchangers;Its flow table information passes through Customized northbound interface is sent to OpenFlow controllers;OpenFlow controllers are by packet-in message by flow table information OpenFlow interchangers are sent to, the Flow Entry then provided by OpenFlow interchangers are to network packet explication de texte And behaviour control.
3. a kind of SDN firewall systems based on OpenFlow agreements according to claim 1, which is characterized in that described The data analysis module of system is used to collect the log information of the statistical information and server of OpenFlow Swicth, is mixing For the daily record of collect & route device interchanger and statistical information under network environment;Data analysis module divides the information of collection Analysis is handled, i.e.,:Some data of the initiator of attack are extracted using some signature analysis, form Match Field information: dest_ip,dst_port,source_id,source_port,ip_proto_type;Degree information:Count-num, Action, Match Field are to obtain attack source information according to feature extraction, be respectively purpose IP address, destination port numbers, Source IP address, source port number, protocol type;Degree is made of two tuples, and wherein count-num is according to certain computational methods Obtain the grade for reflecting Match Field, i.e.,:Value is bigger, and representative attack is more frequent, and action is then defined to attack source The behavior taken of data packet, i.e.,:Value is modify, normal, drop.
4. a kind of SDN firewall systems based on OpenFlow agreements according to claim 1, which is characterized in that described The firewall module of system is made of attached state and rule list module, and rule list receives every and transmitted from data analysis module The Match Field to come over fill the rule-tables of oneself;Attached state table is that rule list mould every rule in the block is maintained One timer, if timer is overtime, corresponding rule will be deleted from the rule-tables of rule list;Data analysis mould Match Field and Degree are passed to firewall module by block;The action filling fire wall rule of Match Field and Degree The count-num information of the then rule-tables of table, Degree are used for updating the timer of state table in firewall module;
The firewall rule table is Rule-tables, and structure is Match_Field_1, action_1;Match_ Field_2,action_2;.........;Firewall state table is state-stables, and structure is Timer1; Timer2;..........
5. a kind of working method of firewall module, which is characterized in that the method includes:Data analysis module is by Match Field and Degree is passed to firewall module, if Match Field exist in rule-tables, only according to The Action list items of the Action information updates rule of Degree reset or update according to the count_num of Degree at this time Corresponding Timer values in state table;If Match Field not in rule-tables, according to Match Field and The action of Degree fills rule-tables, while the Timer of respective entries is created in state table;It checks simultaneously all No longer valid Timer and the correspondence rule in rule-tables is deleted, i.e.,:Timer values are also used in final flow table In, then interchanger can equally delete the Flow entry of failure and completes this so maintaining the uniformity of state Timer values After a little work, rule-tables is compressed, forms rule-chains, i.e.,:Structure is identical as the list item of rule-tables;Item by item The list item information Match Field+Action extracted in rule-chains form Half-flow- with corresponding Timer values Entry is sent to OpenFlow controllers.
6. a kind of working method of firewall module according to claim 5, which is characterized in that the OpenFlow controls Device receives the Half-flow-entry passed over by firewall module, fills other information and forms complete Flow Entry:Match Field, Priority, Counters, Instructions, Timeouts, Cookie, wherein Match Field, Instructions, Timeouts come from Half-flow-entry;Flow Entry are sent to by southbound interface OpenFlow interchangers, and OpenFlow controllers collect the statistical number of OpenFlow interchangers by southbound interface in real time According to being sent to data analysis module.
7. a kind of working method of firewall module according to claim 5, which is characterized in that the method is applied to pure The network environment of SDN.
CN201510366221.5A 2015-06-29 2015-06-29 A kind of SDN firewall systems and method based on OpenFlow agreements Active CN104935604B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510366221.5A CN104935604B (en) 2015-06-29 2015-06-29 A kind of SDN firewall systems and method based on OpenFlow agreements

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510366221.5A CN104935604B (en) 2015-06-29 2015-06-29 A kind of SDN firewall systems and method based on OpenFlow agreements

Publications (2)

Publication Number Publication Date
CN104935604A CN104935604A (en) 2015-09-23
CN104935604B true CN104935604B (en) 2018-10-30

Family

ID=54122576

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510366221.5A Active CN104935604B (en) 2015-06-29 2015-06-29 A kind of SDN firewall systems and method based on OpenFlow agreements

Country Status (1)

Country Link
CN (1) CN104935604B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516006A (en) * 2015-11-25 2016-04-20 英业达科技有限公司 Flow entry aggregation method and correlated network system
CN105338003B (en) * 2015-12-09 2018-05-11 中国电子科技集团公司第二十八研究所 A kind of method of realizing fireproof wall applied to software defined network
CN105553863B (en) * 2015-12-14 2018-06-19 大连梯耐德网络技术有限公司 A kind of more logic variant route control systems and control method based on OpenFlow
CN105681305B (en) * 2016-01-15 2019-08-09 北京工业大学 A kind of SDN firewall system and implementation method
CN107809344B (en) * 2016-09-09 2021-01-22 中华电信股份有限公司 Real-time traffic collection and analysis system and method
CN106713307B (en) * 2016-12-20 2019-12-10 中国科学院信息工程研究所 method and system for detecting flow table consistency in SDN
CN106790219B (en) * 2017-01-10 2019-11-26 中国科学院信息工程研究所 A kind of access control method and system of SDN controller
CN110377661A (en) * 2019-06-27 2019-10-25 浪潮思科网络科技有限公司 A kind of method of OpenDaylight automatic synchronization Firewall device data
CN112351034B (en) * 2020-11-06 2023-07-25 科大讯飞股份有限公司 Firewall setting method, device, equipment and storage medium
CN112769829B (en) * 2021-01-11 2022-10-04 科大讯飞股份有限公司 Deployment method of cloud physical machine, related equipment and readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104104561A (en) * 2014-08-11 2014-10-15 武汉大学 SDN (self-defending network) firewall state detecting method and system based on OpenFlow protocol
CN104348819A (en) * 2013-08-07 2015-02-11 上海宽带技术及应用工程研究中心 Firewall system in software definition network and implementation method thereof
CN104426813A (en) * 2013-09-02 2015-03-18 中兴通讯股份有限公司 Method, device and controller for controlling flow table updating

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8964752B2 (en) * 2013-02-25 2015-02-24 Telefonaktiebolaget L M Ericsson (Publ) Method and system for flow table lookup parallelization in a software defined networking (SDN) system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104348819A (en) * 2013-08-07 2015-02-11 上海宽带技术及应用工程研究中心 Firewall system in software definition network and implementation method thereof
CN104426813A (en) * 2013-09-02 2015-03-18 中兴通讯股份有限公司 Method, device and controller for controlling flow table updating
CN104104561A (en) * 2014-08-11 2014-10-15 武汉大学 SDN (self-defending network) firewall state detecting method and system based on OpenFlow protocol

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种基于OpenFlow的SDN访问控制策略;王鹃等;《计算机学报》;20150430;第872-883页 *

Also Published As

Publication number Publication date
CN104935604A (en) 2015-09-23

Similar Documents

Publication Publication Date Title
CN104935604B (en) A kind of SDN firewall systems and method based on OpenFlow agreements
CN106301911B (en) The centralized simulation platform in kind of Information Network based on SDN half and its implementation
CN106130796B (en) SDN network topology traffic visualization monitoring method and control terminal
CN104954166B (en) A kind of hardware based network (WSN) emulation system and emulation mode
CN103825954B (en) A kind of OpenFlow control methods and corresponding plug-in unit, platform and network
CN104378264B (en) A kind of virtual machine process flux monitoring method based on sFlow
CN103684893B (en) A kind of network simulation analytical equipment and method
CN103347013A (en) OpenFlow network system and method for enhancing programmable capability
CN103795596A (en) Programmable control SDN measuring system and method
CN104253749A (en) Client distributed path computation method based on software defined network architecture
CN103763310A (en) Firewall service system and method based on virtual network
CN105760459B (en) A kind of distributed data processing system and method
CN107317758A (en) A kind of fine granularity SDN traffic monitoring frameworks of high reliability
CN104935570A (en) Network flow connection behavior characteristic analysis method based on network flow connection graph
CN103414612A (en) Communication network real-time simulation method based on OPNET
CN103856483A (en) Communication method for flight simulator
CN108337122B (en) Operation and maintenance management system based on distributed stream computing
CN102694732A (en) Method and system for constructing virtual network based on local virtualization
CN106302012A (en) A kind of PTN network simulation-optimization method and system
Monika et al. Performance analysis of software defined network using intent monitor and reroute method on ONOS controller
CN107733738A (en) A kind of computer network cloud management system
CN109936505A (en) Method and apparatus in data-centered software defined network
CN104734987A (en) System and method for managing flow in software defined network
CN104184642B (en) Multistage star type switched network structure and optimizing method
JP6524911B2 (en) Network controller, network control method and program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant