| Software defined network(SDN)reconstructs the existing network.The features of centralized control,decoupling of control,data plane and programmability will have a far-reaching impact on the future development of network technology.From the point of the network security,SDN not only brings the innovation of the network architecture,but also brings the new security threats and challenges.In the SDN,although the flow can be dispatched and controlled globally by the network controller,the current security equipment doesn't have the global view of all the flow in the network and cannot obtain the direction,path,source or destination,traffic accounting of the flow because of the limiting of its deployment and framework.As a result,it also does not have the ability of the centralized management and control.So it's necessary to create the global flow table that can provide the details of the whole network topology and the passing path,traffic accounting and so on of per flow conveniently for the security equipment.Thus it can have the global view and the capacity of the centralized management.To solve the problem this paper mainly proposes the global flow table algorithm separately based on all the nodes of the network and the weak vertexes cover.The flow table data of all the nodes is used as the data source of the global flow table algorithm based on all the nodes of the network.The algorithm is divided to two parts:flow classification and path sorting.The flow classification is aimed to separate all the flows through the matching entry and find the switch set that the flow goes through.The switches set for each flow obtained by flow classification methods are not arranged in the sequence of the flow passing and cannot reflect the path information for each flow.Path sorting is to sort the switch set in the order of each flow passing with the network topology and each flow's forwarding information in the switch.The collection of a large amount of traffic may bring the high cost and reduce the performance of the network.So the global flow table algorithm based on the weak vertexes cover uses the Weak Vertex Cover problem to find the best and smallest set of measured switch nodes to reduce the cost of gathering the statistics.Then based on the collected flow tables,flow classification is aimed to separate all the flows by the matching entry and find the measured switch nodes that the flow goes through.Flow path recover can recovering and computing the path of every flow.The experiment result shows the algorithm is feasible and has a good performance.Finally,based on the SDN security controller,the application of the global flow table is developed,which provides the functions of topology,traffic flow retrieval,path visualization and so on.At the same time,the interface to achieve cloud computing and SDN network data conversion is designed,thus establishing a global flow table in cloud computing network. |
PDF Full Text Request