软件定义网络在电力数据通信网中的应用研究

软件定义网络(Software Defined Network,SDN)是一种全新的网络架构,它的设计理念是将网络的控制平面与数据转发平面分离,并实现可编程化控制。Openflow由美国斯坦福大学于2007年提出,它提供了标准化的接口,采用流表控制方式,将传统网络通信设备的数据转发和路由控制功能分离,是实现SDN的关键技术。从技术内涵、设备模型等方面对SDN进行了深入研究,同时研究了电力数据通信网的实际需求和现存问题,最后对软件定义网络在电力数据通信网中的应用进行了讨论。     

基于SDN网络的防火墙系统设计与实现

软件定义网络（SDN）作为新的网络技术,能很好地满足现在对网络规模和性能的要求。为了进一步提升SDN网络的安全性,文章对SDN网络的防火墙系统进行了研究,利用控制平面与数据平面分离的特点,采用控制平面对网络集中进行实时监控与网络管理,在SDN控制器中实现数据包过滤与入侵监测,通过自定义数据转发和安全策略,实现集中式安全控制,最终实现网络安全性能提升。     

宽带智能提速平台向SDN演进的探讨

SDN(软件定义网络)是一种新型网络架构,通过将网络设备控制平面与数据转发平面分离,实现了网络流量的灵活控制.宽带智能提速平台是中国电信遵循PCC/RACF架构提出的智能管道策略管控核心网元,分析了该平台和SDN基本架构的异同,并针对现有智能提速平台的不足,提出了智能提速平台依据SDN理论进一步演进的可行性方案.     

一种SDN中基于熵值计算的异常流量检测方法

摘要：软件定义网络（software defined networking,SDN）是一种新型网络创新架构,其分离了控制平面与转发平面,使得网络管理更为灵活。借助SDN控制与转发分离的思想,在SDN基础上引入一个集中式安全中心,在数据平面设备上采集数据,用于对网络流量进行分析,通过熵值计算和分类算法判断异常流量行为。对于检测到的网络异常情况,安全中心通过与SDN控制器的接口通告SDN控制器上的安全处理模块,进行流表策略的下发,进而缓解网络异常行为。通过本系统可以在不影响SDN控制器性能的情况下,快速检测网络中的异常行为,并通过SDN下发流表策略对恶意攻击用户进行限制,同时对SDN控制器进行保护。     

SDN应用场景分析与探讨

SDN(软件定义网络)技术将网络的控制平面与数据转发平面分离,支持更灵活的网络控制和业务带宽按需调度的能力,为不断涌现的网络新应用和未来网络技术提供了一种新的解决方案。文章从SDN的概念和总体架构出发,介绍SDN技术特点,在此基础上对SDN在数据中心网络、数据中心互联、政企网络、电信运营商网络、互联网公司业务部署等场景的应用进行探讨。     

软件定义网络核心原理与应用实践

本书分为核心原理和应用实践两大部分,对软件定义网络(SDN)技术进行了全面剖析和深入解读。第一部分首先阐述了SDN的设计思想与体系架构,详细分析了软件定义网络的控制转发分离和可编程两个突出属性,其次介绍了以OpenFlow为代表的SDN南向接口协议,以及北向和东西向接口协议,接下来根据SDN的层次化架构,依次介绍了SDN数据平面、控制平面以及SDN应用案例,最后梳理总结了SDN标准化进展以     

SDN在传送网络中的应用

软件定义网络技术能够实现网络控制平面和转发平面的分离,为应用提供动态的网络资源和网络服务。SDN技术由于自身的优势在今后业务流量高速增长的时代会占有一席之地。就目前而言,软件定义网络技术在数据中心以以太网为交换的优化应用方面已经取得较为明显的效果。基于此,文章将对SDN技术进行介绍,重点分析SDN技术在传送网络的应用情况。     

基于OpenFlow的虚拟网实现研究

软件定义网络是一种数据和控制平面分离、软件可编程的新型网络架构及技术,控制平面使用以OpenFlow为代表的协议对转发平面进行集中式控制。SDN架构的这些特点能很好地满足了云计算对虚拟网络的集中化、标准化、自动化的配置管理要求。针对传统虚拟网络技术支持云计算平台的不足,提出基于OpenFlow的SDN技术设计虚拟网络的思路,论述了几种虚拟网络实现的原理与处理流程,并给出了模块化的软件设计及部分关键代码功能描述。     

基于Mininet的SDN网络拓扑带宽性能分析

软件定义网络(SDN)是计算机网络领域的巨大创新,该技术实现了由软件来控制转发路由数据包。SDN控制器可以实现使用控制平面来管理各种虚拟交换转发设备,从而节约了大量经费,并缩短SDN的开发测试周期。由于SDN交换机种类少,并且价格昂贵,使用Mininet对计算机网络进行仿真,为SDN研究提供有效的技术支撑,其实验结果几乎可以不做任何修改直接部署到真实的硬件环境中去。     

SDN技术在光传送网络中的应用

软件定义网络(SDN)技术将网络的控制平面和转发平面分离,使得应用能够动态获得所需的网络资源和网络服务。目前SDN主要使用在数据中心以太网交换的优化方面。文章在简述了SDN原理后,主要论述了将SDN技术在光传送网络中的应用方向,并比较了SDN技术集中式管理和传统的分散式管理之间区别。     

基于端侧计算的天地一体化SDN实现思路

天地一体化网络结构复杂，并且存在网络异构、拓扑动态、间歇连通、节点高度暴露等特性，传统SDN实现存在诸多限制，提出了一种基于端侧计算的SDN实现方法，基于SDN理念实现的天地一体化信息网络，将天基网络控制与数据分离，利用通信端（移动终端和固定地面骨干网络）的计算能力，卸载天基平面的SDN控制器的计算工作量，从而实现了数据转发平面的极大简化，并提出了切实有效的验证方法。     

Stateful firewall‐enabled software‐defined network with distributed controllers: A network performance study

SummarySoftware‐defined network (SDN) is constructed by decoupling the control and data plane from the forwarding devices. The control plane operations are managed by centralized or distributed controllers, and the data plane operation is managed by respective forwarding devices. SDN provides an easy and efficient management solutions for software‐programmed consolidated middlebox in virtual machines. Additionally, SDN with centralized controller faces complications like scalability, network bottle neck, and single point failure. In this study, a stateful inspection firewall acts as a middlebox in distributed SDN‐controlled network. The controller is programmed with a failure detection and recovery mechanism to provide reliability and redundancy and enhance the overall performance of the network. The objective of stateful firewall on SDN architecture is to secure the network by monitoring the current connections and maintain its state information until the connection is active. In this paper, the performance of firewall‐enabled SDN with centralized and distributed controllers are measured, compared, and analyzed. The experiments are done using POX controller, and the results are verified by Mininet network emulation tool. The results show that the stateful firewall‐enabled SDN with distributed controller network improves the security, reliability, availability, and overall performance of the network. In the proposed SDN, average network throughput is improved by 43%, average network delay is reduced by 4%, average channel utilization is increased by 40%, average network overhead is reduced by 26%, and average network response time is reduced by 23%.     

SDN技术和产业分析及运营商应对策略建议

软件定义网络（SDN）提出了一种全新的网络设计理念,强调控制与转发的分离以及网络的可编程,实现网络架构的开放。SDN正和云计算一道重塑互联网网络模型和产业结构。介绍了SDN的基本概念、本质及特征,分析了SDN核心技术体系及其产业发展现状,从运营商视角探讨了SDN对未来网络的影响,并给出了相应的应用建议。     

Nature‐inspired meta‐heuristic algorithms for solving the load balancing problem in the software‐defined network

The growth of the networks has difficult network management. Recently, a concept called software‐defined network (SDN) has been proposed to address this issue, which makes network management more adaptable. Control and forwarding planes are separated in SDN. The control plane is a centralized logical controller that controls the network. The forwarding plane that consists of transfer devices is responsible for transmitting packets. Because the network resources are limited, optimizing the use of resources in the networks is an important issue. Load balancing improves the balanced distribution of loads across multiple resources in order to maximize the reliability and network resources efficiency. SDN controllers can create an optimal load balancing compared to traditional networks because they have a network global view. The load‐balancing problem can be solved using many different nature‐inspired meta‐heuristic techniques because it has the NP‐complete nature. Hence, for solving load balancing problem in SDN, nature‐inspired meta‐heuristic techniques are important methods. However, to the best of our knowledge, there is not a survey or systematic review on studying these matters. Accordingly, in the area of the load balancing in the SDN, this paper reviews systematically the nature‐inspired meta‐heuristic techniques. Also, this study demonstrates advantages and disadvantages regarded of the chosen nature‐inspired meta‐heuristic techniques and considers their algorithms metrics. Moreover, to apply better load balancing techniques in the future, the important challenges of these techniques have been investigated.     

Data Communication Speed and Network Fault Tolerant Enhancement over Software Defined Networking

Software Defined Networking (SDN) is a new networking paradigm where control plane is decoupled from the forwarding plane. Nowadays, for the development of information technology large number of data traffic has been added in the global network each day. Due to proliferation of the Internet, e-commerce, video content and personalized cloud-based services higher channel bandwidth required to deliver larger data from one center to others. Lower data communication speed and fault tolerance are major factors for SDN which degrades network performance. This paper presents enhancement of data communication speed and fault tolerance over SDN using link aggregation control protocol (LACP). The result of this paper shows network performance has been improved by increasing approximately 31% data transmission speed over SDN using LACP. Moreover, this paper shows fault tolerance have been improved by LACP which prevents failure of any single component link from leading to breakdown the entire communications.     

A virtualized infrastructure to offer network mapping functionality in SDN networks

The separation of control and forwarding planes in software‐defined networking (SDN) networks is a key issue of the SDN technology. This feature and the existence of the SDN controller allow the developing of dynamic, adaptable and manageable networks, networks that require adequate services, and applications. However, the separation of these planes prevents the use of existing powerful tools that were coded considering traditional networks. In this paper, we make use of the potential of network virtualization (NV) technologies to propose the use of a virtualized infrastructure that makes possible the incorporation of these existing services and/or applications to an SDN network, without the need for programming additional and complex software modules in the SDN controller. Thus, in this paper, NV is not employed to develop a network managed by SDN but to broaden and give support to the SDN control layer. As an example, we describe the incorporation of nmap (a versatile and powerful tool widely used by security experts for network exploration) into the SDN framework. It is only necessary to develop a simple control plane service that thanks to the proposed virtualized infrastructure allows the inclusion of this powerful management application. The result offers the complete functionality of the nmap utility to the network administrators, who control the SDN network through the out‐of‐band control plane. In addition, a northbound REST API has been defined to offer the main functionality of the tool (host discovery, port scanning, and operating system detection) to the application layer.     

A Parallel Processing and Synthesis Structure for Improving Access Security and Efficiency in SDN Environment

After studying the routing and forwarding process of network stream and the implementation of SDN,we propose a retractable management model for flow table.A structure with parallel tables and synthesis processing is proposed according to the feature of SDN and traditional network.The parallel tables share the same storage resources.Thanks to the separation of data plane and control plane,control plane owns more computing resources than traditional device.It evaluates the role of nodes and the action of network flows,makes adjustment according to the historical and current information and streamlines flow tables by consolidating and simplifying old flow entries.Through simulation,it is proved that the realized method can defend offensive traffic while ensuring the safety of accessing and forwarding,especially existing blocking attack.     

一种基于数据平面可编程的软件定义网络报文转发验证机制

针对软件定义网络(SDN)中OpenFlow协议匹配字段固定且数量有限,数据流转发缺少有效的转发验证机制等问题,该文提出一种基于数据平面可编程的软件定义网络报文转发验证机制。通过为数据报文添加自定义密码标识,将P4转发设备加入基于OpenFlow的软件定义网络,在不影响数据流正常转发的基础上,对网络业务流精确控制和采样。控制器验证采样业务报文完整性,并针对异常报文下发流规则至OpenFlow转发设备,对恶意篡改、伪造等异常数据流进行转发控制。最后,构建基于开源BMv2的P4转发设备和基于OpenFlow的Open vSwitch转发设备的转发验证原型,并构建仿真网络进行实验。实验结果表明,该机制能够有效检测业务报文篡改、伪造等转发异常行为,与同类验证机制相比,在安全验证处理开销保持不变的情况下,能够实现更细粒度的业务流精确控制采样和更低的转发时延。     

Balanced multiple controllers placement with latency and capacity bound in software-defined network

Software-defined network (SDN) used a network architecture which separates the control plane and data plane. The control logic of SDN was implemented by the controller. Because controller's capacity was limited, in large scale SDN networks, single controller can not satisfy the requirement of all switches. Multiple controllers were needed to han-dle all data flows. By the reason that the latency between controller and switch would significantly affect the forwarding of new data flow, the rational placement of controllers would effectively improve the performance of entire network. By partition the network into multiple sub domains, on the base of spectral clustering, a method that added a balanced de-ployment object function into k-means was given and a balanced multiple controllers placement algorithm in SDN net-works which has the latency and capacity limitations was proposed. In this approach, a penalty function was introduced in the algorithm to avoid isolation nodes appearing. The simulations show that this algorithm can balance partition the net-work, keep the latency between controller and switch small and keep loads balancing between controllers.     

基于SDN的光传送网研究

SDN作为目前通信行业热门技术,主要利用控制和数据相分离的思想,对网络和业务进行可编程,从而解决目前互联网技术的快速发展下带来的宽带需求量大、建设成本高、调度不灵活等问题,虽然SDN的网络演进还处于初级阶段,但SDN对整个光传送网带来的影响仍需要积极研究。