The Design And Implement Of Multi-domain Network Security Service Orchestration System

In order to solve the dynamic deployment of network security function chain in multi-domain datacenter,this paper is supported by The National 863 Project:Key Technologies and Demonstrations of Future Integrated Network(NO.2015AA015702)and National Natural Science Foundation of China's Project:Research on Key Technologies of On-Demand Security Service of Multi-Domain Network(U1530118),puting forward multi-domain network security service orchestration system architecture.This paper achieves on-demand deployment of network security services in the environment of software-defined network and network function virtualization.This paper discusses deployment environment of security services firstly.According to the development of traditional datacenter and the defect of traditional network midwares,this paper introduces existing problems of security protection.By describing strategy change and challenge of security protection such as firewalls,network address translation and depth packet inspection etc.in traditional datacenter and SDN/NFV based datacenter,this paper leads to the insistent demands of on-demand network security service deployment in multi-domain datacenter.This paper describes deployment solution of network security service in multi-domain datacenter.Through the introduction of the concept and modules of security service chain architecture,this paper puts forward a solution of on-demand network security service deployment in multi-domain datacenter.Using Docker container packaging network security services,using Open vSwitch routing addresses,this paper complishs specific header encapsulation addition and hierarchical expansion from single domain to multi domain.Then,this paper describes the architecture and technical details of multi domain network security service orchestration system.Using C language,the system is composed by three layers,using UDP protocol for signaling interaction.By describing the relationship of triple layers architecture with each module in system,this paper elaborates the nested structure and logic relationship in network security service deployment system.Building single-domain network security service deployment,this paper explains the basic deployment module technology.Expanding from single domain to multi domain,this paper expands the use of the system,joined distributed databases and hierarchical deployment solution.This paper also puts forward path orchestration algorithm of the multiple network security service chain.In the end,using network security service orchestrating system,this paper sets up experiment topology,verifying the solution of network security service deployment in multi domain datacenter environment.Results of experiment shows network security service orchestration system can provide effective security protection in multi domain network datacenter.