| In recent years, the network equipment failure caused by frequent natural disasters poses a big challenge to the stability and security of network. Different from the traditional network, the "controller forwarding separation" and "concentrate control"design idea in software defined optical network (SDON) make control capability concentrated in the control plane, the impact of network device failure on SDON security is more serious than traditional network. The problem of controller failure,control channel interruption will breach the normal data forwarding, or even lost, the control plane and the control channel safety is the premise and guarantee the stability of SDON, that is, the core of network security.In order to reducing the damage probability of SDON control plane and control channel and improving the performance of control plane. We study security issues related to the SDON control plane, and raise methods aim at enhance the network security sorting by the network running time, including before network starts, when the master controller fails and switch remapping three special periods. The detailed methods are the controllers' deployment strategy that improves the overall security performance of the network, master controller election mechanism that guarantees network normal operation after the master controller fails and switch remapping process that is suitable for the network dynamic changes. The experimental results show that the three methods have good effect on improving the security of SDON.Solving the problem that the network nodes and network links are disrupted. We implement the security-enhanced controller deployment mechanism (SCDM) at the beginning of the network operation. Some related experiments show that the quantity and placement of controllers have big impact on network security. Based on controller number, deployment way and communication routing researches, SCDM covers slaves deployment, controller and switch mapping and master deployment strategies. Finally,the simulation results show that the SCDM mechanism can improve the performance of network security, balance network load and reduce delay comparing with other two controller deployment mechanisms.Focused on the problem of master controller fails, this paper designs the master controller election mechanism (MCEM) for master/slave controller architecture, it can elect new one spontaneously to take over the work of the master controller in cluster.In MCEM, the qualification of the controller is defined, and the distributed consensus algorithm is the core of election process, which can solve the master election problem.The experimental results show that, compared with the general distributed consensus algorithm,MCEM has better performance in network fault tolerance, operation time and network load aspects.In order to meet the topology dynamic adjustment needs, solve the problem of lack or conflict of control information in the transmit process, this paper designs two kinds of switch smooth remapping mechanism when removed controller normal or failed,including detailed operation processes, transmit directions and detailed contents,which keeps the control information consistent and connections persistent, makes the network work well. |
PDF Full Text Request