Design And Implementation Of Group Based Policy System Based On SDN Controller

With the advent of the big data era,the traditional network architecture becomes increasingly complicated.Also,traditional network security technologies can not keep up with rapid business iterations.How to simplify traditional networks and deploy network-safe service efficiently has become a problem for network development.As a result,Software Defined Networking(SDN)came into being as a solution.The group-based strategy(GBP),as an SDN controller-based and intent-based northbound interface,provides an easy and automated way to deploy security services efficiently.The GBP system based on SDN controller is a system that provides users with fast and convenient network configuration templates in northbound and calls to other network applications to complete the virtual network setup in southbound.The network resources managed by southbound network applications include Open Flow switches and various Virtual network service equipment.GBP system according to the function is divided into four parts: GBP logic module,network management module,high availability module,data conversion module.In addition,there are database functions.The GBP logic module designed a fixed flow for the reference relationship between the GBP primitives,and ensured the correctness of the logic by increasing the verification.Network management module to achieve with other network applications,network layout,subnet distribution of three functions.The GBP system uses the observer mode to interact with other web applications,allowing other web applications to register GBP listeners,configure them for delivery,and also register listeners for other web applications for feedback on configuration delivery.The network Orchestration is achieved through the sequential access algorithm of the service chain to realize the sequential access of the network security device;and the subnet allocation implements the sequence allocation of the L2 Policy in the L3 Policy by using the point set class to represent the IP address range andList.High-availability module calls Zookeeper-based Bus and Key Store services to achieve real-time data synchronization and bulk synchronization,resulting in high availability.The module adopts the factory mode to realize the data conversion.In the end,the GBP system based on SDN controller is realized through the above scheme,which can reduce the admittance threshold of the controller and greatly improve the configuration efficiency,and realize the rapid deployment of the virtual network service in a real sense.