The Design And Implementation Of Network Traffic Statistics And Analysis System Based On OVS

With the rapid development of cloud computing,more and more enterprises deploy their services to the cloud due to its advantages of flexibility,high scalability and on-demand services,so the network traffic in the cloud computing environment also increases sharply.However,the network is also full of a large number of malicious traffic,which may have a huge impact on the state of the network,so it is of great significance to monitor the network in the cloud computing environment.Monitoring the network generally depends on the underlying network equipments and the traffic statistics they provides.Among them,OVS(Open vSwitch)is widely used in cloud computing scenarios to build virtual network due to its excellent performance.However,the current network traffic statistics and analysis methods supported by OVS are not flexible enough,and the configuration options provided are relatively simple.They don't support per-packet sampling,and the network traffic information cannot be persisted to analyze the network status offline.To solve the problems above,this paper uses NetStream technology and OVS as the infrastructure to implement an improved network traffic statistics and analysis system,which can configure traffic statistics for OVS according to user requirements.After the traffic statistics function is enabled,the system will sample IP packets in the network to generate NetStream flows for flow information statistics.And when the NetStream flows meet the aging conditions,the system sends the NetStream packets with flow statistics to the specified server,and can choose to save the aging flows statistics in the local database designed by SQLite.The system also provides a flow query tool,which can query the flow statistics stored in the database according to the specified conditions,and can display the query results clearly and intuitively in front of users.In addition,the system can detect TCP SYN flooding attacks in real time by receiving NetStream packets on the Ryu controller and combining information entropy and exponential smoothing algorithm based on the flow statistics in the packets.After the completion of the system design,this paper uses Mininet and Ryu controller to build the system test environment,and designs some test cases to verify the system functions.The test results show that the system can correctly count,store and query IP traffic in the network,and can detect TCP SYN flooding attacks,which meets the requirements of system correctness,security and stability.