CN105791288B - Crucial virtual link means of defence based on parallel duplex diameter - Google Patents
Crucial virtual link means of defence based on parallel duplex diameter Download PDFInfo
- Publication number
- CN105791288B CN105791288B CN201610116992.3A CN201610116992A CN105791288B CN 105791288 B CN105791288 B CN 105791288B CN 201610116992 A CN201610116992 A CN 201610116992A CN 105791288 B CN105791288 B CN 105791288B
- Authority
- CN
- China
- Prior art keywords
- virtual link
- data
- crucial
- virtual
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/24—Multipath
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a kind of crucial virtual link means of defence based on parallel duplex diameter, comprising: identification process requests to generate virtual topology according to virtual net, the crucial virtual link in identification and discovery virtual network topology;Crucial virtual link is mapped to the mulitpath of physical network by mapping process;Judging process determines final received data according to decision mechanism using more parts of data copies of mulitpath transmitted in parallel to destination node.Present invention introduces the decision-making technique that redundancy scheme and multimode are adjudicated, network service exception caused by single-pathway fails is avoided, the security performance of virtual network service is effectively increased, enhances network robustness.
Description
Technical field
The present invention relates to technical field of network security, in particular to a kind of crucial virtual link based on parallel duplex diameter is anti-
Maintaining method.
Background technique
It is that network virtualization supports diversified network architecture and agreement on same physical network facility and deposit, thus
Overcome " network gene is dull ", promotes network technology innovation, receive the extensive concern of academia and industrial circle.Network virtualization
Bottom physical network is mapped as multiple virtual nets in logic, different virtual nets is assisted using different routing policies and network
View.Single virtual network is a service section being formed by connecting according to tenant's demand by one group of dummy node and virtual link.
In recent years, with the maturation of network virtualization technology, the cloud data center network based on virtualization technology is with its scale warp
Great attention of the advantage for effect of helping by Party, government and army and enterprise.Data center is just becoming internet data and diversified service
Distribution centre.
However, people are also faced with huge security risk while enjoying network virtualization technology bring convenience.
Increase year by year for the attack of cloud platform, network key facility becomes attack primary goal in cloud platform.Network key chain
Louis brings great challenge by ddos attack, to virtual network safe and highly efficient operation.Once attacker's successful implementation is such
Attack, it will cause whole network running abnormal inefficient or even paralysis.Therefore, being badly in need of one kind can be true when by network attack
The virtual net mapping method of insurance system safety.
Summary of the invention
In view of the deficiencies of the prior art, the present invention provides a kind of crucial virtual link protection side based on parallel duplex diameter
Method solves its security threat faced for solving the attack in virtual network to critical link as network protection means.
According to design scheme provided by the present invention, a kind of crucial virtual link means of defence based on parallel duplex diameter,
It comprises the following steps:
Step 1, virtual link identification, request to generate virtual network topology according to virtual net, in virtual network topology
The flow demand of each virtual link is analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, key virtual link L mapping, are mapped to physical network for the crucial virtual link L identified in step 1
A plurality of nonintersecting paths on, the parallel flow for carrying crucial virtual link L;
Step 3, data decision send more parts of data copies to mesh using a plurality of nonintersecting paths of step 2 physical network
Node, caching process is carried out to data at destination node and according to consistency decision mechanism meets majority decision and chooses
The most data of consistent quantity receive data as final.
Above-mentioned, step 2 specifically includes the following steps:
Step 2.1, according to the demand of crucial virtual link L end node, virtual end node A, B are respectively mapped to physics section
Point A ', B ', A ', B ' are respectively source node, destination node;
Step 2.2, according to the bandwidth and delay requirement of crucial virtual link L, in the several ways diameter between A ', B '
Multiple nonintersecting paths are selected, crucial virtual link L flow is concurrently carried.
Above-mentioned, the step 3 specifically includes following content:
Step 3.1 receives data at source node A ', utilizes mulitpath transmitted in parallel data copy to destination node
B';
Step 3.2 carries out caching process to data at destination node B ';
Step 3.3 carries out comprehensive judgement using the more parts of data that destination node B ' buffer area stores, and is adjudicated according to consistency
Mechanism, if the consistent quantity of data is greater than the inconsistent quantity of data, adjudicating consistent data is the data being properly received, no
Then, 2 couples of key virtual link L of return step remap.
Beneficial effects of the present invention:
The present invention consistency mode decision scheme data cached by the redundancy properties and destination node of multipath, introduces redundancy
Mechanism and multimode judgement, the service of network caused by avoiding single-pathway from failing is abnormal, so that when network faces security threat, it can be more
Guarantee the network operation well, improve the robustness of network, effectively improves the security performance of virtual network service.
Detailed description of the invention:
Fig. 1 is flow diagram of the invention;
Fig. 2 is that virtual link of the invention identifies schematic diagram;
Fig. 3 is that crucial virtual link of the invention maps schematic diagram;
Fig. 4 is data decision flow diagram of the invention.
Specific embodiment:
The present invention is described in further detail with technical solution with reference to the accompanying drawing, and detailed by preferred embodiment
Describe bright embodiments of the present invention in detail, but embodiments of the present invention are not limited to this.
Embodiment one, shown in Figure 1, a kind of crucial virtual link means of defence based on parallel duplex diameter, comprising such as
Lower step:
Step 1, virtual link identification, request to generate virtual network topology according to virtual net, in virtual network topology
The flow demand of each virtual link is analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, key virtual link L mapping, are mapped to physical network for the crucial virtual link L identified in step 1
A plurality of nonintersecting paths on, the parallel flow for carrying crucial virtual link L;
Step 3, data decision send more parts of data copies to mesh using a plurality of nonintersecting paths of step 2 physical network
Node, caching process is carried out to data at destination node and according to consistency decision mechanism meets majority decision and chooses
The most data of consistent quantity receive data as final.
By the data cached consistency decision mechanism of the redundancy properties and destination node of multipath, single-pathway is avoided to lose
The service of network caused by imitating is abnormal, so that can more preferably guarantee the network operation when network faces security threat, improves the robust of network
Property, it is ensured that the security performance of virtual network service.
Embodiment two plants the crucial virtual link means of defence based on parallel duplex diameter referring to shown in Fig. 1 ~ 4, comprising such as
Lower step:
Step 1, virtual link identification, request to generate virtual network topology according to virtual net, in virtual network topology
The flow demand of each virtual link is analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, key virtual link L mapping, are mapped to physical network for the crucial virtual link L identified in step 1
A plurality of nonintersecting paths on, the parallel flow for carrying crucial virtual link L;
Specifically, according to the demand of crucial virtual link L end node, virtual end node A, B are respectively mapped to physics section
Point A ', B ', A ', B ' are respectively source node, destination node;According to the bandwidth and delay requirement of crucial virtual link L,
Multiple nonintersecting paths are selected in several ways diameter between A ', B ', as shown in figure 3, selection 3 nonintersecting paths p1, p2,
P3 concurrently carries crucial virtual link L flow;
Step 3, data decision send more parts of data copies to mesh using a plurality of nonintersecting paths of step 2 physical network
Node, caching process is carried out to data at destination node and according to consistency decision mechanism meets majority decision and chooses
The most data of consistent quantity receive data as final;
Specifically, data, and multiple copies of replicate data are received at source node A ', by selecting not in step 2
Intersecting paths transmitted in parallel data copy is to destination node B ';In view of data reach the time of destination node between different paths
Difference carries out caching process to data at destination node B ';It is carried out using more parts of data of destination node B ' buffer area storage
Comprehensive judgement adjudicates consistent number if the consistent quantity of data is greater than the inconsistent quantity of data according to consistency decision mechanism
According to being the data being properly received, otherwise, 2 couples of key virtual link L of return step remap.
By the data cached consistency mode decision scheme of the redundancy properties and destination node of multipath, introduce redundancy scheme and
Multimode judgement, the service of network caused by avoiding single-pathway from failing is abnormal, so that can more preferably guarantee when network faces security threat
The network operation improves the robustness of network, effectively improves the security performance of virtual network service, effectively ensures having for whole network
Effect running.
The invention is not limited to above-mentioned specific embodiment, those skilled in the art can also make a variety of variations accordingly,
But it is any all to cover within the scope of the claims with equivalent or similar variation of the invention.
Claims (3)
1. a kind of crucial virtual link means of defence based on parallel duplex diameter, it is characterised in that: comprise the following steps:
Step 1, virtual link identification, request to generate virtual network topology according to virtual net, to each in virtual network topology
The flow demand of virtual link is analyzed, and chooses the link of maximum flow as crucial virtual link L;
Step 2, key virtual link L mapping, are mapped to the more of physical network for the crucial virtual link L identified in step 1
On nonintersecting paths, the parallel flow for carrying crucial virtual link L;
Step 3, data decision send more parts of data copies to purpose section using a plurality of nonintersecting paths of step 2 physical network
Point carries out caching process to data at destination node, according to consistency decision mechanism, that is, meets majority decision and chooses consistent
The most data of quantity receive data as final.
2. the crucial virtual link means of defence according to claim 1 based on parallel duplex diameter, it is characterised in that: step
2 specifically include the following steps:
Step 2.1, according to the demand of crucial virtual link L end node, virtual end node A, B are respectively mapped to physical node
A ', B ', physical node A ', B ' are respectively source node, destination node;
Step 2.2, according to the bandwidth and delay requirement of crucial virtual link L, selected in the several ways diameter between A ', B '
Multiple nonintersecting paths concurrently carry crucial virtual link L flow.
3. the crucial virtual link means of defence according to claim 2 based on parallel duplex diameter, it is characterised in that: described
Step 3 specifically includes following content:
Step 3.1 receives data at source node A ', utilizes mulitpath transmitted in parallel data copy to destination node B ';
Step 3.2 carries out caching process to data at destination node B ';
Step 3.3 carries out comprehensive judgement using the more parts of data that destination node B ' buffer area stores, and adjudicates machine according to consistency
System, if the consistent quantity of data is greater than the inconsistent quantity of data, adjudicating consistent data is the data being properly received, no
Then, 2 couples of key virtual link L of return step remap.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610116992.3A CN105791288B (en) | 2016-03-02 | 2016-03-02 | Crucial virtual link means of defence based on parallel duplex diameter |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610116992.3A CN105791288B (en) | 2016-03-02 | 2016-03-02 | Crucial virtual link means of defence based on parallel duplex diameter |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105791288A CN105791288A (en) | 2016-07-20 |
CN105791288B true CN105791288B (en) | 2018-12-04 |
Family
ID=56387641
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610116992.3A Active CN105791288B (en) | 2016-03-02 | 2016-03-02 | Crucial virtual link means of defence based on parallel duplex diameter |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105791288B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10693732B2 (en) | 2016-08-03 | 2020-06-23 | Oracle International Corporation | Transforming data based on a virtual topology |
US10389628B2 (en) | 2016-09-02 | 2019-08-20 | Oracle International Corporation | Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network |
US10462013B2 (en) * | 2017-02-13 | 2019-10-29 | Oracle International Corporation | Implementing a single-addressable virtual topology element in a virtual topology |
CN109344007B (en) * | 2018-09-29 | 2022-04-12 | 安徽江淮汽车集团股份有限公司 | Double-clutch transmission NVM data verification method and module |
CN110611672B (en) * | 2019-09-17 | 2021-08-13 | 中国人民解放军战略支援部队信息工程大学 | Network space safety protection method, server equipment, node equipment and system |
CN113411296B (en) * | 2021-05-07 | 2022-08-26 | 上海纽盾科技股份有限公司 | Situation awareness virtual link defense method, device and system |
CN113556770A (en) * | 2021-07-27 | 2021-10-26 | 广东电网有限责任公司 | Data verification method, device, terminal and readable storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102868733A (en) * | 2012-08-29 | 2013-01-09 | 北京邮电大学 | Method for remapping virtual network resources |
CN103457752A (en) * | 2012-05-30 | 2013-12-18 | 中国科学院声学研究所 | Virtual network mapping method |
CN103812748A (en) * | 2014-01-20 | 2014-05-21 | 北京邮电大学 | Mapping method of survivable virtual network |
CN104917659A (en) * | 2015-06-02 | 2015-09-16 | 浙江大学 | Virtual network connection property-based virtual network mapping method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110044665A1 (en) * | 2008-06-30 | 2011-02-24 | Panasonic Corporation | Recording device, recording method, reproduction device, and reproduction method |
-
2016
- 2016-03-02 CN CN201610116992.3A patent/CN105791288B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103457752A (en) * | 2012-05-30 | 2013-12-18 | 中国科学院声学研究所 | Virtual network mapping method |
CN102868733A (en) * | 2012-08-29 | 2013-01-09 | 北京邮电大学 | Method for remapping virtual network resources |
CN103812748A (en) * | 2014-01-20 | 2014-05-21 | 北京邮电大学 | Mapping method of survivable virtual network |
CN104917659A (en) * | 2015-06-02 | 2015-09-16 | 浙江大学 | Virtual network connection property-based virtual network mapping method |
Non-Patent Citations (3)
Title |
---|
"survivable virtual network mapping using optimal backup topology in virtualized SDN";WANG Zhi ming et al.;《China Communications》;20140228;第26-37页 * |
"一种基于约束优化的虚拟网络映射方法";李小玲 等;《计算机研究与发展》;20120831;第1601-1610页 * |
"虚拟网络映射问题研究及其进展";李小玲 等;《软件学报》;20121130;第3009-3027页 * |
Also Published As
Publication number | Publication date |
---|---|
CN105791288A (en) | 2016-07-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105791288B (en) | Crucial virtual link means of defence based on parallel duplex diameter | |
CN101523372B (en) | Decentralised multi-user online environment | |
CN113326317B (en) | Block chain certification method and system based on isomorphic multi-chain architecture | |
CN107360156A (en) | P2P network method for cloud storage based on block chain under a kind of big data environment | |
CN103944722B (en) | Identification method for user trusted behaviors under internet environment | |
Aujla et al. | Adaptflow: Adaptive flow forwarding scheme for software-defined industrial networks | |
CN109508334B (en) | For the data compression method of block chain database, access method and system | |
CN107122221A (en) | Compiler for regular expression | |
CN106534164B (en) | Effective virtual identity depicting method based on cyberspace user identifier | |
CN109241087A (en) | A kind of data processing method and terminal of alliance's chain | |
EP3234855B1 (en) | Data security utilizing disassembled data structures | |
Li et al. | Blockchain-based security architecture for distributed cloud storage | |
CN109831487A (en) | Fragmented file verification method and terminal equipment | |
CN104683293A (en) | SYN attack defense method based on logic device | |
CN109194646A (en) | A kind of safety certification data access method based on block chain | |
CN109639758A (en) | The guard method of user behavior privacy and device in content center network | |
CN109257332A (en) | The creation method and device for the exit passageway that digital cash hardware wallet application updates | |
CN102420771A (en) | Method for increasing concurrent transmission control protocol (TCP) connection speed in high-speed network environment | |
CN114448601A (en) | Distributed federal learning security defense method based on end edge cloud architecture and application | |
CN104618304A (en) | Data processing method and data processing system | |
Abou El Houda et al. | A mec-based architecture to secure iot applications using federated deep learning | |
CN102316115A (en) | Security access control method oriented to transverse networking | |
Halgamuge et al. | Trust model to minimize the influence of malicious attacks in sharding based blockchain networks | |
CN109039959A (en) | A kind of the consistency judgment method and relevant apparatus of SDN network rule | |
CN104506552B (en) | A kind of information system security monitoring and access control method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |