| To ensure that users enjoy network services securely,quickly,and stably,network service data flows usually need to be ordered through some network service functions,such as firewalls and intrusion detection.If the business data flow passes through the service function node in an orderly manner according to the specific business logic,it needs to configure the service path.Although the new network architecture software definition network SDN brings great convenience to the service path configuration,there are also architectural security issues.The purpose of this paper is to solve the problem of service path configuration security in SDN and provide a set of safe and reliable defense methods.SDN mimetic defense architecture for path configuration is designed.Firstly,the dynamic heterogeneous redundancy of the mimicry defense idea is applied to the SDN control layer,and the heterogeneous redundant dynamic SDN control layer is designed.Secondly,the majority of the random scheduling algorithm and the majority decision algorithm used in the current mimicry defense are improved,which improves the mimic defense performance,and effectively solves the problem that the current SDN control layer is vulnerable,and ensures the security of the service path configuration in the SDN.A path verification mechanism based on packet_in message is proposed.Configure the switch path authentication ID to send the packet_in message collection identifier when the data stream passes through the switch,and finally obtain the actual transmission path of the data stream.The actual transmission path is compared with the configured transmission path to verify the forwarding path of the data flow,ensuring the correct implementation of the path configuration information on the switch,and ensuring that the data flow is normally forwarded according to the transmission path configured by the service path. |
PDF Full Text Request