Research On On-demand Adaptation Mechanism Of Security Services In Multiple Datacenters

The high coupling of traditional network architecture leads to the static and rigid adaptation of security services,the inflexible deployment and the inability to supply on demand of security service resources in multiple datacenters.At the same time,there is a lack of a mechanism to formulate a unified scheduling strategy and security strategy for data flows in multiple datacenters from a global perspective.These drawbacks make it difficult for datacenters to meet diverse security needs.With the continuous development of network technology,the multiple datacenters based on Software Defined Network(SDN)and Network Function Virtualization(NFV)have become the development trend of datacenter networking.This paper is supported by The National 863 Project "Key Technologies and Demonstration of Future Integrated Networks"(NO.2015AA015702)and The National Natural Science Foundation Project " Research on Key Technologies of Security On-Demand Service for Multi-domain Networks"(U1530118).The on-demand adaptation mechanism of security services in multiple datacenters is proposed,which uses Software Defined Network and Network Function Virtualization as the research background,integrates Service Function Chaining and Interface to Network Security Function technology and through the design of multilayer interface,to establish a unified information model and data model for different dimensional strategies,deploy required security service resources,combine security service functions on demand and flexibly,and finally configure the policy rules of the security service functions to implement the on-demand adaptation of the security services.First of all,this paper deeply analyzes the problems existing in the traditional data center caused by the shortcomings of the current network architecture when providing security service,which leads to the need for a flexible and efficient security services on-demand adaptation mechanism in multiple datacenters environment to solve existing problems.Secondly,this paper analyzes the current development trend of cloud datacenters and some key technologies,and expounds the implementation ideas of management,control and adaptation of security services in cloud datacenters.Then,the design of the on-demand adaptation mechanism of security services in multiple datacenters is proposed,the overall structure is divided into three layers:service orchestration,control and data layer,and includes management interface,security function interface,security service chaining interface and SDN southbound interface.Subsequently,the implementation methods and technical details of the scheme are explained,by introducing the design of three-levels,components,composition of each component's modules and definition of four key interfaces,at the same time,combining the functional realization of each module and the data processing and information interaction process between layers and modules,explain how to achieve the desired functionality and design goals.Finally,in order to analyze and verify the feasibility and applicability of the security services on-demand adaptation mechanism,this paper builds a prototype system to simulate a multiple datacenters environment.The characteristics and advantages of this mechanism are demonstrated by designing and completing three scenarios:hierarchical adaptation of security services based on different requirements,adjustment of security service chain on demand and adaptation of security services based on VPN gateway in multiple datacenters.The experimental results show that the on-demand adaptation mechanism of security services in multiple datacenters proposed in this paper can achieve centralized control and dynamic flexible adaptation of security services in multiple datacenters based on security requirements.