The Study On The Key Techniques For Network Service In SDN-based Cloud Environment

Infrastructure as a Service is an important part of cloud computing. Although network resources are the basis of computing and storage resources, cloud center mainly depends on the inherent network technology to manage network, which results in the network vulnerable to tenants’selfishness tenants. The network will congest and related quality of service of computing and storage will be hurt. What’s more, malicious tenant will use the network vulnerabilities to launch network attacks, which seriously affects other tenants’security. Software-defined network (SDN) technology provides a more agile management of network resources for cloud centers. The network control and forwarding are separated in SDN-based network, making cloud centers can flexibly manage network resources and achieve customized network control functions, such as global network view, custom data forwarding and critical network communication detection. Therefore, the use of SDN technology for cloud centers to manage network bandwidth resources, network devices and network communication is very practical.In this dissertation, in order to improve the utilization of network resources and network communications security, we focus on network bandwidth management, network device management and network traffic management to study how to use SDN technology in cloud centers.The main contributions of this dissertation are as follows.1) The absence of effective network bandwidth management strategy makes cloud centers easily being affected by tenants’selfishness, which will lead to link congestion, unfair bandwidth allocation and quality of service hurting. In order to fairly allocate network bandwidth as tenants’demands and provide bandwidth guarantees for tenants, we propose a network resource pre-allocation model which could be introduced to SDN-based cloud center. Based on the global network view and bandwidth demands, the network resource pre-allocation model could generate a variety of feasible strategies. In order to obtain the optimal resource pre-allocation strategy, we propose a network resource pre-allocation method (RPGA) based on genetic algorithm. Finally, the simulation evalation results show that RPGA can effectively reduce the unmeeted bandwidth demands, as well as provide more bandwidth guarantees for tenants. In addition, the experiment evaluation based on Openflow shows that RPGA can effectively improves network quality of service.2) Openflow is one of the representative SDN technologies and it is the main choice of cloud centers to deploy SDN currently. When cloud centers deploy the strategy of network resource allocation, many flow entries will be achieved. Openflow specification requires flowtable stored in ternary content addressable memory (TCAM) and cloud computing environments have urgent needs for large-capacity TCAM. Therefore, considering the issues of network device cost and network function availability, we propose a distributed storage architecture of flowtable (DSFoF) which solved the issues of flow entry deployment, storage load balance and network packets routing. Finally, the experiment results show that DSFoF achieves the design goals and has high performance.3) The operation of cloud center network needs effective network resource management and reliable communication security. Traditional network management cannot avoid that malicious tenants use network protocol vulnerabilities to launch attacks in the internal cloud network which seriously affects other tenants’security. Address resolution protocol (ARP) is one kind of network protocols vulnerable to attack. In order to guarantee ARP network communication security, we use the centralized SDN controller to manage all ARP packets existing in network and establish a global ARP cache. Based on the ARP attacker detection model proposed, when one host sends ARP packets, SDN controller can iteratively calculate the probability that this host is an attacker by Bayes’ theorem. With the suspicious probability touches the threshold, SDN controller can detect the ARP attacker and limit its communication. Experiments show that our ARP attacker detection model has low misjudgement and omission probabilities. In addition, the dynamic threshold method reduces the misjudgement and omission probabilities of pur model further. By this way, our model can provide network communication security for tenants in cloud centers.