Design And Implementation Of A DDos Defense System Based On SDN

With the development of the Internet of Things and the rise of 5G networks,DDos(Distributed Denial of Service),which is a distributed denial of service attack,has become more and more destructive.From the perspective of service providers,DDos attacks have two characteristics.First,DDos attack traffic is huge,and second,DDos attack time is short.Based on the above two contradictions,the DDos defense cloud service has also emerged.It mainly deals with the contradiction of high resource cost and low utilization rate required by service providers for DDos defense,and provides an on-demand service solution.Strike a balance between.The main work of this paper is as follows.First,research the current cloud defense system.In order to improve the resource utilization rate of the service,the current DDos cloud defense system runs in the high-defense computer room and the ordinary computer room,and realizes the switch between normal service and DDos defense by using DNS resolution.The main advantage of this method is that the method of losing the attack traffic and replacing the service IP increases the difficulty of the attacker's attack.The main disadvantage is that the normal access traffic will also be discarded during the traffic migration process,and the user who is receiving the service needs to re-establish the request.Ensure that the service continues.Then,according to the advantages and disadvantages of the existing cloud defense system,combine and introduce Software-Defined Networking(SDN).As a new-generation network architecture,SDN separates the forwarding plane and control plane in the network,decouples data and logic,and brings new solutions to DDos detection and defense.Therefore,this article proposes an SDN-based DDos defense system.Finally,this paper designs and implements a set of SDN-based DDos defense system.First,analyze the functional requirements and performance requirements of the DDos defense system;then,in terms of system architecture design,the system includes a total of five layers:interaction layer,service layer,data layer,SDN application layer,and hardware layer;Key technology selection and database design;In addition,the main content of the system implementation includes the forwarding module/statistic module/security strategy module,which realizes the DDos defense function one by one;finally,the system is verified through experiments and data collection and analysis.The experimental results show that the defense system proposed in this paper can guarantee the access of legitimate users to the service resources to the maximum extent during the DDoS attack and large-scale access,and alleviate the impact of the attack.