Based On Open Flow Virtual Network Security Applications

In the future, network virtualization has very important significance, in the face of the popularity of big data technology nowadays, the exponential growth of network scale and the network flow, based on the core of the traditional routing exchange network architecture under increasing pressure, and subsequently exposed all sorts of problems, such as flexibility, scalability, volatility, security and so on. OpenFlow from birth, he was at Stanford university put forward a kind of highly open network, and soon received widespread attention, and gave high evaluation of the value of the academic and business. But current OpenFlow technology and security is not perfect, the current DDoS attack and attack methods can not effectively to attack the source host for effective positioning, this article to this kind of circumstance, to OpenFlow technology improvement, make its have certain DDoS prevention mechanism.In this paper,network topology for horizontal slice segmentation method of isolation, visib le through a one-way double logical channel to ensure the isolation in different virtual network and weak correlation, this scheme is based on the latest technology on the basis of the implementation of the openflow, in different network fragmentation added a one-way migration channel, implemented a host based on trusted time and related information channel scheduling algorithm, not only can realize through the channels of bandwidth between the two virtual network control, ensure the independence of the differences between the virtual network can guarantee the weak communication between different virtual network layer, by Sender module to collect the host information, send to the distal FLow Visor Collector host information receiver, distal joint Linu x service DDoS state feedback BIP module to the DDoS network to joint judgment. At the end of the article, in view of the framework, after the change in the virtual environment of Mininet simulation experiment was performed, each of the proposed method is validated through network fragmentation isolation and cushioning performance of DDoS attacks, network fragmentation between host is scheduling mechanism of flow table, and also analyzes the DDoS attacks in the entire network convergence rate of the whole network returns to normal, after the judgment indexes such as update rate.