Design And Implementation Of Service Function Chain Based On Software Defined Security

With the rapid development and widespread application of cloud computing and big data,more and more network services are gradually being migrated to cloud data centers.The network traffic of data centers has grown exponentially,and the scale of networks has been continuously expanded.It has brought unprecedented challenges to the dynamic management of traditional networks.The Software Defined Network(SDN)architecture separates the logical control functions from the traditional network architecture to form the control plane to improve the centralized control and dynamic management capabilities of the data plane network.However,this architecture brings convenience and also brings certain security risks.The SDN network not only faces traditional network security threats,but also faces new types of network security threats brought about by the centralized and programmable control plane.For this kind of complicated network security problem,a kind of flexible network security protection idea Software Defined Security(SDS)came into being.The security protection service of traditional network devices is based on the deployment of physical lines,and the security devices are connected in series to the service traffic.This method is obviously not applicable to today's ever-changing security requirements.The SDS,on the architecture,separates the security data plane and the control plane,and concentrates the security control on the security control platform to enable the security interface to be programmable;On the deployment of the underlying security device,the traditional function is achieved through the network function virtualization(NFV).The security functions of hardware devices are deployed in the form of software on standard and high-capacity servers.The control plane organizes and manages security services through software programming to implement flexible security protection mechanisms.The security service function chain is a technical support for software-defined security.The security protection function can be implemented in a virtualized security service manner.With the continuous development of SDN,the security service function chain gradually becomes more important.This paper proposes a software-defined security-based service function chain that mainly studies the following aspects: 1)builds a security service function chain according to user requirements;2)bases the load condition of the host(CPU,memory,hard disk)as a basis for secure resource scheduling Select the corresponding security service operations on the virtual security device in the host computer;3)Classify the security service function chain rules in the form of an OpenFlow flow table and in turn redirect them to the corresponding security device to achieve dynamic network traffic control.In order to verify the feasibility and effectiveness of the software-defined security-based service function chain scheme proposed in this paper,we first design and implement the scheme based on OpenDayLight controller/security controller,and then use the OpenvSwitch virtual switch,virtual security device,and Ubuntu virtual machine.experiment.The experimental results show that the software-defined security-based service function chain scheme proposed in this paper can realize the dynamic deployment of security services and can effectively balance the load of physical hosts.