| With the continuous development of the Internet, the network protocol can just ensure communication smoothly. But for the system security and confidentiality of information, which are not considered perfectly. They're easy to inflow by the malicious code and leak caused by sensitive information. The core of network security isolation is the isolation between trusted network and not trusted network in a logical or physical, and make data exchange security between external network and internal network.SDN, Software Defined Network, is proposed in the academia with the rising along with the mobile Internet, e-commerce, big data and other service industry. It is a new type of network architecture, the separation between control platform and data platform, to achieve flexible control network. SDN network architecture, subject to widespread concern in the academia, and also has a lot of technical researches.Comparing with the traditional network architecture, SDN can manage the network flexibly, execute unified strategy and has higher reliability and security. The traditional network security technologies, such as firewall, IDS and IPS technology can also use the API of SDN controller, to achieve network isolation.This topic, firstly, explore the SDN technology and its research status; secondly, analyze the present situation of network security; thirdly, expound the existing problems of network security technology, and sum up the benefits of the integration between SDN and network security. Based on those researchers, we present a system framework which is network security isolation system based on SDN.The experimental environment of topic is mainly based on the new SDN network architecture, the controller uses open source controller Ryu, switch uses Open vSwitch, and the communication between controller and switches is following OpenFlow v1.3. The platform achieves internal communication of whole SDN network architecture.This topic is based on the SDN environment platform, designs and implements network security isolation system. The whole system is divided into the detection module, the control module and the defense module. Each module contains its own function modules. Through the configuration of snort module and OVS defense module, this topic designs and develops the snort output plug-in, Ryu receiver module, Ryu sender module and control application module. Through the centralized control of SDN network architecture, system achieves SDN which can be integrated with the network security technology finally, and detects attacks effectively, automatic responses and other functions. |
PDF Full Text Request