CN106101070A - The inspection method of data integrity based on software defined network - Google Patents
The inspection method of data integrity based on software defined network Download PDFInfo
- Publication number
- CN106101070A CN106101070A CN201610369166.XA CN201610369166A CN106101070A CN 106101070 A CN106101070 A CN 106101070A CN 201610369166 A CN201610369166 A CN 201610369166A CN 106101070 A CN106101070 A CN 106101070A
- Authority
- CN
- China
- Prior art keywords
- data integrity
- stream table
- inspection
- switch
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
Abstract
The present invention proposes the inspection method of a kind of data integrity based on software defined network, including: the most preset one expands stream table, expands stream table and includes matching field, action field, and action field contains execution data integrity inspection;In a switch, according to expansion stream table, received message is carried out data integrity inspection;When data integrity inspection is obstructed out-of-date, then inspection result is fed back to controller by switch;And when data integrity inspection by time, then switchboard direct switches through and sends out a received message.Due to the fact that and the switch on forward-path can carry out data integrity inspection, rather than in client and service end, therefore, when there being data to be tampered on forward-path, switch can find and report to controller in time, and, data integrity checks, i.e. inserting verification head, coupling verification head, all reached by expansion stream table, efficiency is high.
Description
Technical field
The present invention relates to the communications field, particularly to data integrity based on software defined network inspection method, be
System and switch and controller.
Background technology
The schematic diagram that existing data integrity checks is depicted with reference to Fig. 6, Fig. 6.
As shown in Figure 6, existing data integrity inspection, is based on legacy network, it is common that at client and server
End runs related protocol, first verifies data in client and calculates, and inserts verification head, then at server end again
Secondary verifying data and calculate, i.e. checking verification head, if the verification head in matching message, then data integrity inspection is led to
Cross.Briefly, existing data integrity inspection, is to carry out at client and server.
But, existing data integrity inspection, if intermediate path occurs that data are tampered, such as at network node S1
Or data tampering occurs in S2, all can only just be found at server end, and also cannot learn it is which network node occurs
Data are tampered.
Software defined network (Software Defined Network, SDN), is a kind of fast-developing Novel net
Network framework, has the most disposed in wide area network (Wide Area Network, WAN) and backbone network and has applied.In SDN, control
Plane processed separates with datum plane, wherein, controls plane and is made up of the controller of logical centralization, and datum plane is handed over by multiple SDN
Change planes composition.Its core technology OpenFlow is by separating network equipment chain of command with data surface, it is achieved thereby that net
The flexible control of network flow, makes network become more intelligent as pipeline.
Therefore, how to solve existing data integrity inspection based on SDN, be that those skilled in the art are urgently to be resolved hurrily
One technical problem.
Summary of the invention
In view of above-mentioned, it is necessary to for how to solve, based on SDN, the problem proposition one that existing data integrity checks
Plant inspection method, system and switch and the controller of data integrity based on software defined network.
An aspect of of the present present invention proposes the inspection method of a kind of data integrity based on software defined network, including:
The most preset one expands stream table, and described expansion stream table includes matching field, action field, described action word
Duan Hanyou performs data integrity inspection;
In described switch, according to described expansion stream table, received message is carried out data integrity inspection;
When data integrity inspection is obstructed out-of-date, and inspection result is fed back to controller by the most described switch;And
When data integrity inspection by time, the most described switchboard direct switches through sends out a received message.
In one embodiment, described inspection method also includes:
Configuration data integrity inspection in the controller, and issue stream table to described switch to generate described expansion
Stream table.
In one embodiment, configuration data integrity inspection include: configuration data integrity audit function unlatching with
Close and configuration data integrity check table, described data integrity check table.
In one embodiment, carry out data integrity inspection according to described expansion stream table to include:
The message received is mated by described switch with the matching field in described expansion stream table;
When the message received mates unsuccessful with the matching field in described expansion stream table, the most described switch is by institute
The message received reports to described controller;
The message that described switch is reported by described controller processes, and issues the stream table institute to forward-path
There is switch, so that described expansion stream table to be updated;And
In described switch, when in the message received and described expansion stream table matching field the match is successful time, then enter
Row data integrity checking.
In one embodiment, described controller processes to described reported message of changing planes and issues stream table to turning
The all switches sent out on path include:
Matching field is gone out from the packet parsing reported;
Inquire about in described data integrity check table according to matching field;
When inquiring about the most then, then dynamically generate new data check entry and retrieve type with presetting, and update described data
Integrity checking table;And
Stream table is generated according to the data check entry that the data check entry inquired or dynamic generation are new, and to forwarding
All switches on path issue stream table.
In one embodiment, described action field includes inserting verification head, coupling verification head, and described verification head includes school
Test and with queue ID, wherein, in described switch, by the verification of the message received and with the verification in verification head and carrying out
Coupling, when not mating, then data integrity inspection is not passed through, and otherwise passes through.
In one embodiment, in described switch, when matching field in the message received with described expansion stream table
When the match is successful, then also included before carrying out data integrity inspection:
Judge whether the message received contains verification head;
When the message received does not contains verification head, then insert verification head;And
When in the message received containing verification head time, then calculate received message verification and and with verification head in
Verify and mate.
In one embodiment, inspection result is fed back to described by privately owned Experimenter message by described switch
Controller.
In one embodiment, obstructed out-of-date, that described switch will be received packet loss is checked when data integrity.
In one embodiment, described inspection method also includes: all described switch on forward-path will retrieval
Result feeds back to described controller.
Another aspect of the present invention proposes a kind of switch based on software defined network, including:
Preset module, expands stream table in order to preset one, and described expansion stream table includes matching field, action field, described dynamic
Execution data integrity inspection is contained as field;
First receiver module, in order to receive message;
First sending module,
Wherein, according to described expansion stream table, received message is carried out data integrity inspection;Work as data integrity
It is obstructed out-of-date to check, then by described first sending module, inspection result is fed back to controller;When data integrity inspection is led to
Out-of-date, then directly E-Packeted by described first sending module.
In one embodiment, carry out data integrity inspection according to described expansion stream table to include:
The message received is mated with the matching field in described expansion stream table;
When the message received mates unsuccessful with the matching field in described expansion stream table, then by described first
Send module that the message received is reported to described controller, and, described first receiver module receives described controller to described
The message that first sending module is reported process after the stream table issued, so that described expansion stream table is updated;With
And
When in the message received and described expansion stream table matching field the match is successful time, then carry out data integrity inspection
Look into.
In one embodiment, described action field includes inserting verification head, coupling verification head, and described verification head includes school
Test and with queue ID, wherein, in described switch, by the verification of the message received and with the verification in verification head and carrying out
Coupling, when not mating, then data integrity inspection is not passed through, and otherwise passes through.
In one embodiment, in described switch, when matching field in the message received with described expansion stream table
When the match is successful, then also included before carrying out data integrity inspection:
Judge whether the message received contains verification head;
When the message received does not contains verification head, then insert verification head;And
When in the message received containing verification head time, then calculate received message verification and and with verification head in
Verify and mate.
In one embodiment, by privately owned Experimenter message, inspection result is fed back to described controller.
In one embodiment, described switch also includes: retrieval is tied by all described switch on forward-path
Fruit feeds back to described controller.
Another aspect of the present invention proposes a kind of controller based on software defined network, including:
Configuration module, in order to configure data integrity inspection;
Stream table generation module, in order to generate stream table, expands stream table to provide to switch, and described expansion stream table includes coupling
Field, action field, described action field contains execution data integrity inspection;
The inspection result that second receiver module, the message reported in order to desampler and data integrity check;
Processing module, processes in order to the message being reported described switch, and makes described stream table generation module raw
Cheng Liubiao, to be updated the expansion stream table in described switch;And
Second sending module, in order to issue all friendships to forward-path of stream table that described stream table generation module generated
Change planes.
In one embodiment, described configuration module configuration data integrity checking includes: configuration data integrity inspection
The open and close of function and configuration data integrity check table.
In one embodiment, described processing module carries out process to described reported message of changing planes and includes:
Matching field is gone out from the packet parsing reported;
Inquire about in described data integrity check table according to matching field;
When inquiring about the most then, then dynamically generate new data check entry and retrieve type with presetting, and update described data
Integrity checking table.
In one embodiment, described stream table generation module according to the data check entry inquired or dynamically generates new
Data check entry generate stream table, so that the expansion stream table in described switch is updated.
Another aspect of the invention proposes the inspection system of a kind of data integrity based on software defined network, bag
Include:
Switch as described in above-mentioned any one;And
Controller as described in above-mentioned any one.
To sum up, the inspection method of a kind of based on software defined network data integrity proposed by the invention, system and
Switch and controller, owing to can carry out data integrity inspection rather than client in the switch on forward-path
End and service end, therefore, when there being data to be tampered on forward-path, switch can find in time and report to controller,
And do not wait until that service end is just found, and, data integrity inspection, i.e. insert verification head, coupling verification head, all pass through
Expanding what stream table was reached, efficiency is high.
Accompanying drawing explanation
Fig. 1 depicts the stream of the inspection method of the data integrity based on software defined network of an embodiment of the present invention
Journey schematic diagram;
Fig. 2 depicts an idiographic flow schematic diagram of step S120 in Fig. 1;
Fig. 3 depicts the structural representation of the switch based on software defined network of another embodiment of the present invention;
Fig. 4 depicts the structural representation of the controller based on software defined network of another embodiment of the invention;
Fig. 5 depicts the inspection system of the data integrity based on software defined network of a further embodiment of the present invention
Structural representation;And
Fig. 6 depicts the schematic diagram that existing data integrity checks.
Detailed description of the invention
In order to make relevant technical staff in the field be more fully understood that technical scheme, real below in conjunction with the present invention
Execute the accompanying drawing of mode, the technical scheme in embodiment of the present invention is clearly and completely described, it is clear that described reality
The mode of executing is only a part of embodiment of the present invention rather than whole embodiments.
The inspection of the data integrity based on software defined network of an embodiment of the present invention is depicted with reference to Fig. 1, Fig. 1
The flow chart of method.
Owing to, in present embodiment, based on software defined network (SDN), therefore, the switch in literary composition, referring to SDN
Switch, equally, controller, refer to SDN controller.
First, in step s 110, the most preset one expands stream table, expands stream table and includes matching field, action
Field, action field contains execution data integrity inspection.
Then, in the step s 120, in a switch, data integrity inspection is carried out according to the expansion stream table message to receiving
Look into.
Afterwards, in step s 130, when data integrity inspection is obstructed out-of-date, then inspection result is fed back to control by switch
Device processed.
Then, in step S140, when data integrity inspection by time, then switchboard direct switches through and sends out a received report
Literary composition.
In present embodiment, in the controller, data integrity inspection, configuration data integrity here can first be configured
Check, can be open and close and the configuration data integrity check table of configuration data integrity audit function, such as table one:
| Configuration item | Implication |
| Data integrity audit function based on SDN | Open or close data integrity audit function based on SDN |
| Data integrity check table | The feature of data, inspect-type need to be specified |
Table one
About data integrity check table, such as table two:
Table two
It should be noted that, the configuration item of table one and the data integrity check table of table two, just to signal, do not limit
In this, can add or change field as required.
After configuring, then, controller can generate corresponding stream table, and this stream table is issued to switch, thus
Form the expansion stream table in switch, this matching field expanded in stream table, purpose IP address, source IP address can be included, expand
Fill the action field in stream table, can include insert verification head, coupling verification head, wherein, verification head in containing verification and with team
Row ID.
An idiographic flow schematic diagram of step S120 in Fig. 1 is depicted with reference to Fig. 2, Fig. 2.
First, in step S121, in described switch, by the message received and the matching field expanded in stream table
Mate.Such as, by the purpose IP address in message, source IP address and the purpose IP address in stream table, source IP address phase
Join.
Then, in step S122, when the message received mates unsuccessful with the matching field expanded in stream table, then
The message received is reported to controller by switch.Such as, the purpose IP address of the message received, source IP address are expanding stream
Not finding in table, the most now, this message can be reported to controller by switch.
Afterwards, in step S123, the message that switch is reported by controller processes, and issues stream table to forwarding
All switches on path, to be updated expansion stream table.
In one embodiment, the message that switch is reported by controller processes, and can include the following:
First, go out matching field from the packet parsing reported, such as parse purpose IP address, source IP address.
Then, inquire about in data integrity check table according to matching field, such as, retrieve table in data integrity
Whether middle inquiry has corresponding purpose IP address, source IP address.
Afterwards, when inquiring about the most then, then dynamically generate new data check entry with presetting and retrieve type, and more new data
Integrity checking, i.e. add new data check entry in data integrity check table, and arrange and retrieve type accordingly,
Such as can set retrieval type as 1.
Then, according to the data check entry that the data check entry inquired or dynamic generation are new, generate corresponding
Stream table, all switches on forward-path issue stream table, such that it is able to the expansion stream table updated in switch.
As known from the above, after the controller process to message, then can produce new stream table, and be issued to exchange
In machine, such that it is able to the expansion stream table before in switch is updated.
It is preferred that in a switch, when the message received is with when expanding matching field in stream table the match is successful, the most also may be used
To judge whether containing verification head, such as step S124, verify head, verification can be included and (i.e. forward Priority Queues with queue ID
ID)。
Then, in step s 125, when not verifying, then by expanding the execution word inserting verification head in stream table
Section inserts verification head, and forwards message according to queue ID, and now, corresponding is access switch.
Then, in step S126, when having verification head, then by expanding the execution word of the coupling verification head in stream table
Section, carries out coupling verification head, specifically, calculate the verification of message received and, then with the verification in verification head and
Mating, thus reach and specifically carry out data integrity inspection, now corresponding is non-access switch, i.e. access switch
After forward-path on switch.
When the message received verification and with the verification in verification head and when not matching that, then it represents that data integrity is examined
Looking into and do not pass through, the data of i.e. corresponding forward node are imperfect, when the message received verification and with the verification in verification head and
When matching, then it represents that data integrity inspection is passed through, the data of i.e. corresponding forward node are complete.
It is explained below how inspection result is fed back to controller by switch.
In one embodiment, inspection result is fed back to control by switch by privately owned extension Experimenter message
Device.
Privately owned extension Expermenter message, such as table three:
Table three
Privately owned extension Experimenter value is 255, and Experimenter type value is 1, is shown to be from switch direction
To controller.Specifically, privately owned extension Experimenter message is then reported control by the SDN switch on forward-path
Device, purpose IP and source IP are used for matched data, and inbound port indicates data entry port, check that result is that 0 expression checks correct, inspection
The fruit that comes to an end is that 1 expression checks unsuccessfully.
It should be noted that, in present embodiment, when data integrity inspection is obstructed out-of-date, and switch not only can will check
Result feeds back to controller, it is also possible to directly abandoned by the message received, i.e. will check underproof packet loss
Fall.
It should be noted that, in present embodiment, when retrieval type being set to " 2 " in data integrity check table,
I.e. " carry out data integrity inspection, all switches on forward-path are required for checking that result reports controller ", now,
More than data integrity inspection is not passed through, and can check that result feed back to controller, though data integrity inspection by time, also
Inspection result can be fed back to controller.
In present embodiment, due to can the switch on forward-path be carried out data integrity inspection rather than
In client and service end, therefore, when there being data to be tampered on forward-path, switch can find and report to control in time
Device processed, and do not wait until that service end is just found, and, data integrity inspection, i.e. insert verification head, coupling verification head, all
Reaching by expanding stream table, efficiency is high.
The structure of the switch based on software defined network of another embodiment of the present invention is depicted with reference to Fig. 3, Fig. 3
Schematic diagram.
In present embodiment, by being then based on SDN, therefore, switch 300, refer to SDN switch, controller, refer to
SDN controller.
As it is shown on figure 3, switch 300 includes preset module the 310, first receiver module 320 and the first sending module 330.
Preset module 310, expands stream table in order to preset one, expands stream table and includes matching field, action field, action field
Containing performing data integrity inspection, matching field can include purpose IP address, source IP address, and action field can include inserting
Enter to verify head, coupling verification head, wherein, verification head in containing verification and with queue ID.
First receiver module 320, in order to receive message and to receive the stream table that controller (not illustrating) issues.
In present embodiment, according to expanding stream table, received message is carried out data integrity inspection;When data are complete
It is obstructed out-of-date that whole property checks, then by the first sending module 330, inspection result is fed back to controller;When data integrity inspection
By time, then the first receiver module 330 directly will E-Packet.
In present embodiment, in switch 300, according to expand stream table carry out data integrity inspection, can include as
Under:
First, the message received is mated, such as, by the purpose in message with the matching field expanded in stream table
IP address, source IP address match with the purpose IP address in stream table, source IP address.
Then, when the message received mates unsuccessful with the matching field expanded in stream table, then by the first transmission
The message received is reported to controller by module 330, and, the first receiver module 320 receives controller to the first sending module
330 messages reported process after the stream table issued, with to expand stream table be updated.
Afterwards, when the message received is with when expanding matching field in stream table the match is successful, then the message received is judged
In whether contain verification head.
Then, when the message received does not contains verification head, then insert verification head.
Then, when in the message received containing verification head, then coupling verification head, i.e. calculates the school of the message received
Test and and with verification head in verification and mate, to carry out data integrity inspection.
Afterwards, when the message received verification and with the verification in verification head and when not mating, then data integrity is examined
Look into and do not pass through, otherwise pass through.
Then, when data integrity inspection is not passed through, the first sending module 330 will by privately owned Experimenter message
Check that result feeds back to controller.
About privately owned increased enrollment Experimenter message, privately owned extension Experimenter value is 255, Experimenter
Type value is 1, is shown to be from switch direction to controller.Specifically, privately owned extension Experimenter message is then by turning
Sending out the SDN switch on path and report controller, purpose IP and source IP for matched data, inbound port indicates data upstream end
Mouthful, check that result is that 0 expression checks correct, check that result is that 1 expression checks unsuccessfully.
It should be noted that, in other embodiments, no matter data integrity inspection is by whether, the institute on forward-path
Have switch all retrieval result to be fed back to controller, be the most now not limited to data integrity check obstructed out-of-date, first
Module 130 is sent just inspection result to be fed back to controller.
The structure of the controller based on software defined network of another embodiment of the invention is depicted with reference to Fig. 4, Fig. 4
Schematic diagram.
In present embodiment, by being then based on SDN, therefore, controller 400, refer to SDN controller, switch, refer to
SDN switch.
As shown in Figure 4, controller 400 includes configuring module 410, stream table generation module the 420, second receiver module 430, place
Reason module 440, second sends mould 450.
Configuration module 410, in order to configure data integrity inspection, such as, can be configuration data integrity audit function
Open and close and configuration data integrity check table, be specifically referred to table one above, table two.
Stream table generation module 420, in order to generate stream table, expands stream table to provide to switch, expands stream table and include coupling
Field, action field, action field contains execution data integrity inspection.This matching field expanded in stream table, can include
Purpose IP address, source IP address, expand the action field in stream table, can include inserting verification head, mating verification head, wherein,
Verification head in containing verification and with queue ID.
The inspection result that second receiver module 430, the message reported in order to desampler and data integrity check;
Processing module 440, processes in order to the message being reported switch, and makes stream table generation module generate stream
Table, to be updated the expansion stream table in described switch.
In one embodiment, reported message of changing planes is processed by processing module 440, may include that
First, go out matching field from the packet parsing reported, such as parse purpose IP address, source IP address.
Then, inquire about in data integrity check table according to matching field, such as, retrieve table in data integrity
Whether middle inquiry has corresponding purpose IP address, source IP address.
Afterwards, when inquiring about the most then, then dynamically generate new data check entry with presetting and retrieve type, and more new data
Integrity checking table, i.e. add new data check entry in data integrity check table, and arrange and retrieve class accordingly
Type, such as can set retrieval type as 1.
Second sending module 450, in order to issue all to forward-path of stream table that stream table generation module 420 generated
Switch, such as, the second sending module 450 can issue stream table and form preset expansion stream table to switch, it addition, at place
After the message that switch is reported by reason module 440 processes, stream table generation module 420 is according to the data check inquired
Entry or the data check entry that dynamically generation is new generate stream table, and now, the second sending module 450 equally issues newly-generated
Stream table, so that the expansion stream table in switch is updated.
The data integrity based on software defined network of a further embodiment of the present invention is depicted with reference to Fig. 5, Fig. 5
The structural representation of inspection system.
As it is shown in figure 5, inspection system includes the switch 300 in Fig. 3 and controller 400, for switch 300, permissible
With reference to fig. 3 above and description thereof, equally, for controller 400, it is referred to fig. 4 above and description thereof, the most superfluous at this
State.
To sum up, the inspection method of a kind of based on software defined network data integrity proposed by the invention, system and
Switch and controller, owing to can carry out data integrity inspection rather than client in the switch on forward-path
End and service end, therefore, when there being data to be tampered on forward-path, switch can find in time and report to controller,
And do not wait until that service end is just found, and, data integrity inspection, i.e. insert verification head, coupling verification head, all pass through
Expanding what stream table was reached, efficiency is high.
Below only have expressed the some embodiments of the present invention, it describes more concrete and in detail, but can not therefore and
It is interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that, for the person of ordinary skill of the art, do not taking off
On the premise of present inventive concept, it is also possible to make some deformation and improvement, these broadly fall into protection scope of the present invention.Cause
This, the protection domain of patent of the present invention should be as the criterion with claims.
Claims (10)
1. the inspection method of a data integrity based on software defined network, it is characterised in that including:
The most preset one expands stream table, and described expansion stream table includes that matching field, action field, described action field contain
There is execution data integrity inspection;
In described switch, according to described expansion stream table, received message is carried out data integrity inspection;
When data integrity inspection is obstructed out-of-date, and inspection result is fed back to controller by the most described switch;And
When data integrity inspection by time, the most described switchboard direct switches through sends out a received message.
Inspection method the most according to claim 1, it is characterised in that also include:
Configuration data integrity inspection in the controller, and issue stream table to described switch to generate described expansion stream
Table.
Inspection method the most according to claim 2, it is characterised in that configuration data integrity inspection includes: configuration data
The open and close of integrity checking function and configuration data integrity check table, described data integrity check table.
Inspection method the most according to claim 3, it is characterised in that carry out data integrity inspection according to described expansion stream table
Look into and include:
In described switch, the message received is mated with the matching field in described expansion stream table;
When the message received mates unsuccessful with the matching field in described expansion stream table, the most described switch will be received
Message report to described controller;
The message that described switch is reported by described controller processes, and issues all friendships to forward-path of the stream table
Change planes, so that described expansion stream table is updated;And
In described switch, when in the message received and described expansion stream table matching field the match is successful time, then count
According to integrity checking.
Inspection method the most according to claim 4, it is characterised in that described controller is to described reported message of changing planes
Carry out processing and issue the stream table all switches to forward-path to include:
Matching field is gone out from the packet parsing reported;
Inquire about in described data integrity check table according to matching field;
When inquiring about the most then, then dynamically generate new data check entry and retrieve type with presetting, and it is complete to update described data
Property check table;And
Stream table is generated according to the data check entry that the data check entry inquired or dynamic generation are new, and to forward-path
On all switches issue stream table.
Inspection method the most according to claim 1, it is characterised in that described action field includes inserting verification head, coupling
Verification head, described verification head include verification and with queue ID, wherein, in described switch, the verification of message that will be received
And with verification head in verification and mate, when not mating, then data integrity inspection is not passed through, and otherwise passes through.
Inspection method the most according to claim 6, it is characterised in that in described switch, when the message received with
Described expand matching field in stream table and time the match is successful, then also included before carrying out data integrity inspection:
Judge whether the message received contains verification head;
When the message received does not contains verification head, then insert verification head;And
When in the message received containing verification head time, then calculate received message verification and and with verification head in verification
With mate.
Inspection method the most according to claim 1, it is characterised in that described switch is reported by privately owned Experimenter
Inspection result is fed back to described controller by literary composition.
Inspection method the most according to claim 1, it is characterised in that also include:
When data integrity checks obstructed out-of-date, that described switch will be received packet loss.
Inspection method the most according to claim 1, it is characterised in that also include:
Retrieval result is fed back to described controller by all described switch on forward-path.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610369166.XA CN106101070A (en) | 2016-05-30 | 2016-05-30 | The inspection method of data integrity based on software defined network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610369166.XA CN106101070A (en) | 2016-05-30 | 2016-05-30 | The inspection method of data integrity based on software defined network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106101070A true CN106101070A (en) | 2016-11-09 |
Family
ID=57230340
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610369166.XA Pending CN106101070A (en) | 2016-05-30 | 2016-05-30 | The inspection method of data integrity based on software defined network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106101070A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108306858A (en) * | 2017-12-26 | 2018-07-20 | 成都卫士通信息产业股份有限公司 | The anti-fake guard method of Ethernet data and system |
| CN112448921A (en) * | 2019-08-30 | 2021-03-05 | 华为技术有限公司 | Method and device for detecting rear door |
| CN112769800A (en) * | 2020-12-31 | 2021-05-07 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Switch integrity verification method and device and computer storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103095701A (en) * | 2013-01-11 | 2013-05-08 | 中兴通讯股份有限公司 | Open flow table security enhancement method and device |
| US20140189811A1 (en) * | 2012-12-29 | 2014-07-03 | Zane M. Taylor | Security enclave device to extend a virtual secure processing environment to a client device |
| CN105553851A (en) * | 2015-12-10 | 2016-05-04 | 中国电子科技集团公司第三十二研究所 | SDN-based network processor microcode and flow table implementation device and method |
-
2016
- 2016-05-30 CN CN201610369166.XA patent/CN106101070A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140189811A1 (en) * | 2012-12-29 | 2014-07-03 | Zane M. Taylor | Security enclave device to extend a virtual secure processing environment to a client device |
| CN103095701A (en) * | 2013-01-11 | 2013-05-08 | 中兴通讯股份有限公司 | Open flow table security enhancement method and device |
| CN105553851A (en) * | 2015-12-10 | 2016-05-04 | 中国电子科技集团公司第三十二研究所 | SDN-based network processor microcode and flow table implementation device and method |
Non-Patent Citations (1)
| Title |
|---|
| 徐耀峰: "基于SDN的安全云接入技术研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108306858A (en) * | 2017-12-26 | 2018-07-20 | 成都卫士通信息产业股份有限公司 | The anti-fake guard method of Ethernet data and system |
| CN112448921A (en) * | 2019-08-30 | 2021-03-05 | 华为技术有限公司 | Method and device for detecting rear door |
| CN112769800A (en) * | 2020-12-31 | 2021-05-07 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Switch integrity verification method and device and computer storage medium |
| CN112769800B (en) * | 2020-12-31 | 2022-10-04 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Switch integrity verification method and device and computer storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5593530B2 (en) | Method and apparatus for fault tolerant time-triggered real-time communication | |
| CN106101070A (en) | The inspection method of data integrity based on software defined network | |
| US20150003290A1 (en) | Control apparatus, communication system, communication method, and program | |
| EP2874354B1 (en) | A network element and a controller for managing the network element | |
| JP2009296493A (en) | Communication device having path protecting function and network system using the communication device | |
| CN108173691B (en) | Cross-device aggregation method and device | |
| WO2013123846A1 (en) | Distributed network control method and device | |
| CN103944828A (en) | Method and equipment for transmitting protocol messages | |
| CN106375223B (en) | A kind of data forwarding system and method based on SDN | |
| CN107124365B (en) | Routing strategy acquisition system based on machine learning | |
| US10171351B2 (en) | Method for updating flow table | |
| CN106100996A (en) | Switch based on software defined network, controller and the system of inspection | |
| CN105207950A (en) | Communication data protection method based on SDN technology | |
| CN105591754A (en) | Authentication header authentication method and authentication header authentication system based on SDN | |
| CN110855464A (en) | Network topology structure adjusting method and device | |
| CN106059964B (en) | Message forwarding method and device | |
| JP2008085557A (en) | Method for generating pattern frame, method for collating test pattern, method for testing jitter, communication device, and communication system | |
| US9743371B2 (en) | Control apparatus, communication system, synchronization method and program | |
| US10355953B2 (en) | Method for simulating propagation times in networks | |
| US20090083379A1 (en) | Enabling connections for use with a network | |
| CN105282036A (en) | Routing node and route exchange method and system | |
| EP3691211B1 (en) | Apparatus and method of crosschecking data copies using one or more voter elements | |
| CN106254243A (en) | A kind of message forwarding method and device | |
| JP2017038239A (en) | Device and method for flow inspection | |
| US7835354B2 (en) | Modeling broadcast, multicast, point to point, and handshake communications over the same channel in a spin model checker |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20161109 |
|
| WD01 | Invention patent application deemed withdrawn after publication |