The Study Of Security Technology Of Access Network Based On SDN

In recent years, the communication network technology is developing rapidly. And a variety of businesses based on these technologies continue to emerge, so that people have a higher requirement for the network bandwidth and transmission rate. Access network whose transmission rate will restrict directly the one of the entire network is located in the boundary of a telecommunications network. So the development of access network is very important to fulfill people’s needs.Currently, the most popular access technologies include:xDSL based on traditional telephone lines, Cable modem based on cable television network, FTTx+LAN based on Ethernet technology, Passive Optical Network based on optical fiber technology, and broadband wireless access WLAN technology and so on. A variety of access methods offers people more choices to access to the network for study, job and entertainment. However, while people enjoy the great convenience brought by it, they are also suffering some new security challenges. The main security problems existing in the access network can be divided into the following categories:illegal user access issues; illegal and malicious packets transmission issues, and eavesdropping, masquerading, denial of service attacks, etc. people use some methods to solve these issues, such as authentication, data encryption, deployment of network security devices, and VPN. However, there are some problems including high cost and difficulty of network management and maintenance, network load imbalance in some solutions.To solve these problems above, the paper summarized firstly the traditional access network security solutions, and analyzed their networking, security technology used, and the application scenarios in detail and pointed out the solved problems and the open issues of each solution.Then, for these unresolved issues, we combined with the characteristics of SDN network architecture and related technologies, and proposed a new solution with existing security mechanisms from the perspective of secure networking, and described its design ideas, strategies for processing data streams in detail.Finally, for the enterprise network or the campus network scenarios, we instantiated new solutions, that is an SDN-based deployment of IPS. After describing its strategies and process for processing data streams, we used OpenFlow controllers, OpenFlow switches and Intrusion Prevention System to build a test-bed and verified the feasibility of this solution with it.