| SDN technology revolutionizes the existing network architecture which helps to reduce the complexity of the network, cloud computing and big data. Researchers often concern about the SDN network, but the evolution of the network and the reality that traditional network equipment and SDN equipment will coexist for a long time are ignored. Common, simple and efficient features of the SDN data palne, as well as the separation of control plane and data plane, give us new ideas about network routing security. At the same time, with the complexity of the network function, the network is controlled by multiple users and multiple applications. The current open source controller has many defects in supporting multi-user and multi application. For this reason, this thesis makes some research on SDN hybrid network routing security and SDN network operating system.This thesis first studies the routing problem between SDN network and traditional IP network, designs and implements OpenFlow routing controller which realizes the interaction between SDN network and traditional IP network and the correct forwarding of data packets, promotes the deployment of SDN technology in actual network. On this basis, this thesis introduces the routing decision layer between multiple OpenFlow routing controllers and OpenFlow switches to form a mmicry routing system. The system will mimic the routing entity, which increases the difficulty of the network attacker to explore the loopholes in the routing entity, and isolates the routing entities which are controllered by the network attacker to make the network route stable and correct.However, with the development of SDN network, the function of network is more and more complex, existing open source controllers appear to be inadequate in the simplicity of the north interface, and the ability of data persistence and so on. Especially the openness of SDN controller north interface, network resources are virtualized,multiple users share network resources, and the network is controlled by multiple upper network applications. Multi-user and multi-application may lead to network rules conflict, resulting in network management confusion, security rules bypassed, service interruption and so on; even some applications or users may have malicious behavior,deliberately mess with the network. Mimicry routing system can only achieve a single routing node protection. Therefore, this thesis then studies the implementation of network operating system. Aiming at the problem of network rule conflict detection, a rule conflict detection algorithm based on state decomposition is proposed and implemented in the network operating system.It is proved that the mimicry routing system in this thesis can realize the routing interaction between SDN and traditional IP network, and make the routing entity mimicize which increases the security of network routing. The network operating system can simplify the north interface to facilitate the development and deployment of the upper application, rules conflict detection module can accurately and efficiently detect the situation of network rules conflict. |
PDF Full Text Request