CN105791288B - Crucial virtual link means of defence based on parallel duplex diameter - Google Patents

Crucial virtual link means of defence based on parallel duplex diameter Download PDF

Info

Publication number
CN105791288B
CN105791288B CN201610116992.3A CN201610116992A CN105791288B CN 105791288 B CN105791288 B CN 105791288B CN 201610116992 A CN201610116992 A CN 201610116992A CN 105791288 B CN105791288 B CN 105791288B
Authority
CN
China
Prior art keywords
virtual link
data
crucial
virtual
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610116992.3A
Other languages
Chinese (zh)
Other versions
CN105791288A (en
Inventor
程国振
艾健健
陈鸿昶
陈福才
季新生
刘文彦
毛宇星
齐超
杨超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201610116992.3A priority Critical patent/CN105791288B/en
Publication of CN105791288A publication Critical patent/CN105791288A/en
Application granted granted Critical
Publication of CN105791288B publication Critical patent/CN105791288B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/24Multipath

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a kind of crucial virtual link means of defence based on parallel duplex diameter, comprising: identification process requests to generate virtual topology according to virtual net, the crucial virtual link in identification and discovery virtual network topology;Crucial virtual link is mapped to the mulitpath of physical network by mapping process;Judging process determines final received data according to decision mechanism using more parts of data copies of mulitpath transmitted in parallel to destination node.Present invention introduces the decision-making technique that redundancy scheme and multimode are adjudicated, network service exception caused by single-pathway fails is avoided, the security performance of virtual network service is effectively increased, enhances network robustness.

Description

Crucial virtual link means of defence based on parallel duplex diameter
Technical field
The present invention relates to technical field of network security, in particular to a kind of crucial virtual link based on parallel duplex diameter is anti- Maintaining method.
Background technique
It is that network virtualization supports diversified network architecture and agreement on same physical network facility and deposit, thus Overcome " network gene is dull ", promotes network technology innovation, receive the extensive concern of academia and industrial circle.Network virtualization Bottom physical network is mapped as multiple virtual nets in logic, different virtual nets is assisted using different routing policies and network View.Single virtual network is a service section being formed by connecting according to tenant's demand by one group of dummy node and virtual link. In recent years, with the maturation of network virtualization technology, the cloud data center network based on virtualization technology is with its scale warp Great attention of the advantage for effect of helping by Party, government and army and enterprise.Data center is just becoming internet data and diversified service Distribution centre.
However, people are also faced with huge security risk while enjoying network virtualization technology bring convenience. Increase year by year for the attack of cloud platform, network key facility becomes attack primary goal in cloud platform.Network key chain Louis brings great challenge by ddos attack, to virtual network safe and highly efficient operation.Once attacker's successful implementation is such Attack, it will cause whole network running abnormal inefficient or even paralysis.Therefore, being badly in need of one kind can be true when by network attack The virtual net mapping method of insurance system safety.
Summary of the invention
In view of the deficiencies of the prior art, the present invention provides a kind of crucial virtual link protection side based on parallel duplex diameter Method solves its security threat faced for solving the attack in virtual network to critical link as network protection means.
According to design scheme provided by the present invention, a kind of crucial virtual link means of defence based on parallel duplex diameter, It comprises the following steps:
Step 1, virtual link identification, request to generate virtual network topology according to virtual net, in virtual network topology The flow demand of each virtual link is analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, key virtual link L mapping, are mapped to physical network for the crucial virtual link L identified in step 1 A plurality of nonintersecting paths on, the parallel flow for carrying crucial virtual link L;
Step 3, data decision send more parts of data copies to mesh using a plurality of nonintersecting paths of step 2 physical network Node, caching process is carried out to data at destination node and according to consistency decision mechanism meets majority decision and chooses The most data of consistent quantity receive data as final.
Above-mentioned, step 2 specifically includes the following steps:
Step 2.1, according to the demand of crucial virtual link L end node, virtual end node A, B are respectively mapped to physics section Point A ', B ', A ', B ' are respectively source node, destination node;
Step 2.2, according to the bandwidth and delay requirement of crucial virtual link L, in the several ways diameter between A ', B ' Multiple nonintersecting paths are selected, crucial virtual link L flow is concurrently carried.
Above-mentioned, the step 3 specifically includes following content:
Step 3.1 receives data at source node A ', utilizes mulitpath transmitted in parallel data copy to destination node B';
Step 3.2 carries out caching process to data at destination node B ';
Step 3.3 carries out comprehensive judgement using the more parts of data that destination node B ' buffer area stores, and is adjudicated according to consistency Mechanism, if the consistent quantity of data is greater than the inconsistent quantity of data, adjudicating consistent data is the data being properly received, no Then, 2 couples of key virtual link L of return step remap.
Beneficial effects of the present invention:
The present invention consistency mode decision scheme data cached by the redundancy properties and destination node of multipath, introduces redundancy Mechanism and multimode judgement, the service of network caused by avoiding single-pathway from failing is abnormal, so that when network faces security threat, it can be more Guarantee the network operation well, improve the robustness of network, effectively improves the security performance of virtual network service.
Detailed description of the invention:
Fig. 1 is flow diagram of the invention;
Fig. 2 is that virtual link of the invention identifies schematic diagram;
Fig. 3 is that crucial virtual link of the invention maps schematic diagram;
Fig. 4 is data decision flow diagram of the invention.
Specific embodiment:
The present invention is described in further detail with technical solution with reference to the accompanying drawing, and detailed by preferred embodiment Describe bright embodiments of the present invention in detail, but embodiments of the present invention are not limited to this.
Embodiment one, shown in Figure 1, a kind of crucial virtual link means of defence based on parallel duplex diameter, comprising such as Lower step:
Step 1, virtual link identification, request to generate virtual network topology according to virtual net, in virtual network topology The flow demand of each virtual link is analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, key virtual link L mapping, are mapped to physical network for the crucial virtual link L identified in step 1 A plurality of nonintersecting paths on, the parallel flow for carrying crucial virtual link L;
Step 3, data decision send more parts of data copies to mesh using a plurality of nonintersecting paths of step 2 physical network Node, caching process is carried out to data at destination node and according to consistency decision mechanism meets majority decision and chooses The most data of consistent quantity receive data as final.
By the data cached consistency decision mechanism of the redundancy properties and destination node of multipath, single-pathway is avoided to lose The service of network caused by imitating is abnormal, so that can more preferably guarantee the network operation when network faces security threat, improves the robust of network Property, it is ensured that the security performance of virtual network service.
Embodiment two plants the crucial virtual link means of defence based on parallel duplex diameter referring to shown in Fig. 1 ~ 4, comprising such as Lower step:
Step 1, virtual link identification, request to generate virtual network topology according to virtual net, in virtual network topology The flow demand of each virtual link is analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, key virtual link L mapping, are mapped to physical network for the crucial virtual link L identified in step 1 A plurality of nonintersecting paths on, the parallel flow for carrying crucial virtual link L;
Specifically, according to the demand of crucial virtual link L end node, virtual end node A, B are respectively mapped to physics section Point A ', B ', A ', B ' are respectively source node, destination node;According to the bandwidth and delay requirement of crucial virtual link L, Multiple nonintersecting paths are selected in several ways diameter between A ', B ', as shown in figure 3, selection 3 nonintersecting paths p1, p2, P3 concurrently carries crucial virtual link L flow;
Step 3, data decision send more parts of data copies to mesh using a plurality of nonintersecting paths of step 2 physical network Node, caching process is carried out to data at destination node and according to consistency decision mechanism meets majority decision and chooses The most data of consistent quantity receive data as final;
Specifically, data, and multiple copies of replicate data are received at source node A ', by selecting not in step 2 Intersecting paths transmitted in parallel data copy is to destination node B ';In view of data reach the time of destination node between different paths Difference carries out caching process to data at destination node B ';It is carried out using more parts of data of destination node B ' buffer area storage Comprehensive judgement adjudicates consistent number if the consistent quantity of data is greater than the inconsistent quantity of data according to consistency decision mechanism According to being the data being properly received, otherwise, 2 couples of key virtual link L of return step remap.
By the data cached consistency mode decision scheme of the redundancy properties and destination node of multipath, introduce redundancy scheme and Multimode judgement, the service of network caused by avoiding single-pathway from failing is abnormal, so that can more preferably guarantee when network faces security threat The network operation improves the robustness of network, effectively improves the security performance of virtual network service, effectively ensures having for whole network Effect running.
The invention is not limited to above-mentioned specific embodiment, those skilled in the art can also make a variety of variations accordingly, But it is any all to cover within the scope of the claims with equivalent or similar variation of the invention.

Claims (3)

1. a kind of crucial virtual link means of defence based on parallel duplex diameter, it is characterised in that: comprise the following steps:
Step 1, virtual link identification, request to generate virtual network topology according to virtual net, to each in virtual network topology The flow demand of virtual link is analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, key virtual link L mapping, are mapped to the more of physical network for the crucial virtual link L identified in step 1 On nonintersecting paths, the parallel flow for carrying crucial virtual link L;
Step 3, data decision send more parts of data copies to purpose section using a plurality of nonintersecting paths of step 2 physical network Point carries out caching process to data at destination node, according to consistency decision mechanism, that is, meets majority decision and chooses consistent The most data of quantity receive data as final.
2. the crucial virtual link means of defence according to claim 1 based on parallel duplex diameter, it is characterised in that: step 2 specifically include the following steps:
Step 2.1, according to the demand of crucial virtual link L end node, virtual end node A, B are respectively mapped to physical node A ', B ', physical node A ', B ' are respectively source node, destination node;
Step 2.2, according to the bandwidth and delay requirement of crucial virtual link L, selected in the several ways diameter between A ', B ' Multiple nonintersecting paths concurrently carry crucial virtual link L flow.
3. the crucial virtual link means of defence according to claim 2 based on parallel duplex diameter, it is characterised in that: described Step 3 specifically includes following content:
Step 3.1 receives data at source node A ', utilizes mulitpath transmitted in parallel data copy to destination node B ';
Step 3.2 carries out caching process to data at destination node B ';
Step 3.3 carries out comprehensive judgement using the more parts of data that destination node B ' buffer area stores, and adjudicates machine according to consistency System, if the consistent quantity of data is greater than the inconsistent quantity of data, adjudicating consistent data is the data being properly received, no Then, 2 couples of key virtual link L of return step remap.
CN201610116992.3A 2016-03-02 2016-03-02 Crucial virtual link means of defence based on parallel duplex diameter Active CN105791288B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610116992.3A CN105791288B (en) 2016-03-02 2016-03-02 Crucial virtual link means of defence based on parallel duplex diameter

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610116992.3A CN105791288B (en) 2016-03-02 2016-03-02 Crucial virtual link means of defence based on parallel duplex diameter

Publications (2)

Publication Number Publication Date
CN105791288A CN105791288A (en) 2016-07-20
CN105791288B true CN105791288B (en) 2018-12-04

Family

ID=56387641

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610116992.3A Active CN105791288B (en) 2016-03-02 2016-03-02 Crucial virtual link means of defence based on parallel duplex diameter

Country Status (1)

Country Link
CN (1) CN105791288B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10693732B2 (en) 2016-08-03 2020-06-23 Oracle International Corporation Transforming data based on a virtual topology
US10389628B2 (en) 2016-09-02 2019-08-20 Oracle International Corporation Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network
US10462013B2 (en) * 2017-02-13 2019-10-29 Oracle International Corporation Implementing a single-addressable virtual topology element in a virtual topology
CN109344007B (en) * 2018-09-29 2022-04-12 安徽江淮汽车集团股份有限公司 Double-clutch transmission NVM data verification method and module
CN110611672B (en) * 2019-09-17 2021-08-13 中国人民解放军战略支援部队信息工程大学 Network space safety protection method, server equipment, node equipment and system
CN113411296B (en) * 2021-05-07 2022-08-26 上海纽盾科技股份有限公司 Situation awareness virtual link defense method, device and system
CN113556770A (en) * 2021-07-27 2021-10-26 广东电网有限责任公司 Data verification method, device, terminal and readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102868733A (en) * 2012-08-29 2013-01-09 北京邮电大学 Method for remapping virtual network resources
CN103457752A (en) * 2012-05-30 2013-12-18 中国科学院声学研究所 Virtual network mapping method
CN103812748A (en) * 2014-01-20 2014-05-21 北京邮电大学 Mapping method of survivable virtual network
CN104917659A (en) * 2015-06-02 2015-09-16 浙江大学 Virtual network connection property-based virtual network mapping method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110044665A1 (en) * 2008-06-30 2011-02-24 Panasonic Corporation Recording device, recording method, reproduction device, and reproduction method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103457752A (en) * 2012-05-30 2013-12-18 中国科学院声学研究所 Virtual network mapping method
CN102868733A (en) * 2012-08-29 2013-01-09 北京邮电大学 Method for remapping virtual network resources
CN103812748A (en) * 2014-01-20 2014-05-21 北京邮电大学 Mapping method of survivable virtual network
CN104917659A (en) * 2015-06-02 2015-09-16 浙江大学 Virtual network connection property-based virtual network mapping method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"survivable virtual network mapping using optimal backup topology in virtualized SDN";WANG Zhi ming et al.;《China Communications》;20140228;第26-37页 *
"一种基于约束优化的虚拟网络映射方法";李小玲 等;《计算机研究与发展》;20120831;第1601-1610页 *
"虚拟网络映射问题研究及其进展";李小玲 等;《软件学报》;20121130;第3009-3027页 *

Also Published As

Publication number Publication date
CN105791288A (en) 2016-07-20

Similar Documents

Publication Publication Date Title
CN105791288B (en) Crucial virtual link means of defence based on parallel duplex diameter
CN101523372B (en) Decentralised multi-user online environment
CN113326317B (en) Block chain certification method and system based on isomorphic multi-chain architecture
CN107360156A (en) P2P network method for cloud storage based on block chain under a kind of big data environment
CN103944722B (en) Identification method for user trusted behaviors under internet environment
Aujla et al. Adaptflow: Adaptive flow forwarding scheme for software-defined industrial networks
CN109508334B (en) For the data compression method of block chain database, access method and system
CN107122221A (en) Compiler for regular expression
CN106534164B (en) Effective virtual identity depicting method based on cyberspace user identifier
CN109241087A (en) A kind of data processing method and terminal of alliance's chain
EP3234855B1 (en) Data security utilizing disassembled data structures
Li et al. Blockchain-based security architecture for distributed cloud storage
CN109831487A (en) Fragmented file verification method and terminal equipment
CN104683293A (en) SYN attack defense method based on logic device
CN109194646A (en) A kind of safety certification data access method based on block chain
CN109639758A (en) The guard method of user behavior privacy and device in content center network
CN109257332A (en) The creation method and device for the exit passageway that digital cash hardware wallet application updates
CN102420771A (en) Method for increasing concurrent transmission control protocol (TCP) connection speed in high-speed network environment
CN114448601A (en) Distributed federal learning security defense method based on end edge cloud architecture and application
CN104618304A (en) Data processing method and data processing system
Abou El Houda et al. A mec-based architecture to secure iot applications using federated deep learning
CN102316115A (en) Security access control method oriented to transverse networking
Halgamuge et al. Trust model to minimize the influence of malicious attacks in sharding based blockchain networks
CN109039959A (en) A kind of the consistency judgment method and relevant apparatus of SDN network rule
CN104506552B (en) A kind of information system security monitoring and access control method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant