共查询到20条相似文献,搜索用时 31 毫秒
1.
随着SDN技术的发展,新型的网络架构提出一种将网络控制平面与数据平面分离的设计思路,从而更灵活地实现网络流量控制、网络安全,并可以结合自身的组网环境和组网结构,对网络系统进行改进,结合农垦的网络现状,提出一种新的路由协议EDRP(Enhance Deter-mined Routing Protocol),以简化网络的管理和运维成本,并提高网络的安全性和健壮性. 相似文献
2.
摘要:软件定义网络(software defined networking,SDN)是一种新型网络创新架构,其分离了控制平面与转发平面,使得网络管理更为灵活。借助SDN控制与转发分离的思想,在SDN基础上引入一个集中式安全中心,在数据平面设备上采集数据,用于对网络流量进行分析,通过熵值计算和分类算法判断异常流量行为。对于检测到的网络异常情况,安全中心通过与SDN控制器的接口通告SDN控制器上的安全处理模块,进行流表策略的下发,进而缓解网络异常行为。通过本系统可以在不影响SDN控制器性能的情况下,快速检测网络中的异常行为,并通过SDN下发流表策略对恶意攻击用户进行限制,同时对SDN控制器进行保护。 相似文献
3.
软件定义网络(SDN)采用控制和转发的分离架构,使研究者可以通过软件实现任意的网络控制逻辑,而不需对网络设备本身进行修改,具备极强的灵活性,已经在路由决策、网络虚拟化、无线接入、云计算数据中心网络等领域得到研究和应用,成为一项热点技术。但SDN在蓬勃发展的同时,也引入了新的安全风险,带来新的安全问题。另一方面,SDN也给传统安全技术以冲击,带来创新的网络安全应用发展的机会。鉴于此,结合SDN网络架构的特点综述了SDN安全的研究现状,包括SDN安全风险分析和安全技术及应用,并思考了SDN对信息安全的意义。 相似文献
4.
软件定义网络(Software Defined Network,SDN)依靠着其集中控制、可编程性和数控分离等优点,能够有效解决无人机网络(Flying Ad Hoc Network,FANET)面临的任务拓扑高度变化、网络链路连接不稳定、网络安全防护脆弱以及应用程序的异构性等问题,极大地提升FANET的灵活性和可靠性。针对SDN架构与FANET的结合问题,描述了SDN的体系架构,并以SDN控制器部署方式为关注点分类别概括了近几年软件定义无人机网络(Software-defined Flying Ad Hoc Network,SD-FANET)的研究进展,重点阐述了结合移动边缘计算(Mobile Edge Computing,MEC)的SD-FANET研究现状,最后指出了SD-FANET的应用场景和一些具体的未来研究方向。 相似文献
5.
6.
7.
8.
Pilar Manzanares‐Lopez Juan Pedro Muoz‐Gea Josemaria Malgosa‐Sanahuja Adrian Flores‐de la Cruz 《International Journal of Communication Systems》2019,32(10)
The separation of control and forwarding planes in software‐defined networking (SDN) networks is a key issue of the SDN technology. This feature and the existence of the SDN controller allow the developing of dynamic, adaptable and manageable networks, networks that require adequate services, and applications. However, the separation of these planes prevents the use of existing powerful tools that were coded considering traditional networks. In this paper, we make use of the potential of network virtualization (NV) technologies to propose the use of a virtualized infrastructure that makes possible the incorporation of these existing services and/or applications to an SDN network, without the need for programming additional and complex software modules in the SDN controller. Thus, in this paper, NV is not employed to develop a network managed by SDN but to broaden and give support to the SDN control layer. As an example, we describe the incorporation of nmap (a versatile and powerful tool widely used by security experts for network exploration) into the SDN framework. It is only necessary to develop a simple control plane service that thanks to the proposed virtualized infrastructure allows the inclusion of this powerful management application. The result offers the complete functionality of the nmap utility to the network administrators, who control the SDN network through the out‐of‐band control plane. In addition, a northbound REST API has been defined to offer the main functionality of the tool (host discovery, port scanning, and operating system detection) to the application layer. 相似文献
9.
10.
SummarySoftware‐defined network (SDN) is constructed by decoupling the control and data plane from the forwarding devices. The control plane operations are managed by centralized or distributed controllers, and the data plane operation is managed by respective forwarding devices. SDN provides an easy and efficient management solutions for software‐programmed consolidated middlebox in virtual machines. Additionally, SDN with centralized controller faces complications like scalability, network bottle neck, and single point failure. In this study, a stateful inspection firewall acts as a middlebox in distributed SDN‐controlled network. The controller is programmed with a failure detection and recovery mechanism to provide reliability and redundancy and enhance the overall performance of the network. The objective of stateful firewall on SDN architecture is to secure the network by monitoring the current connections and maintain its state information until the connection is active. In this paper, the performance of firewall‐enabled SDN with centralized and distributed controllers are measured, compared, and analyzed. The experiments are done using POX controller, and the results are verified by Mininet network emulation tool. The results show that the stateful firewall‐enabled SDN with distributed controller network improves the security, reliability, availability, and overall performance of the network. In the proposed SDN, average network throughput is improved by 43%, average network delay is reduced by 4%, average channel utilization is increased by 40%, average network overhead is reduced by 26%, and average network response time is reduced by 23%. 相似文献
11.
12.
云计算的出现给传统网络带来了巨大的挑战和改变。爆炸式的数据增长暴露了传统数据网络的不足,而这个问题催生了软件定义网络(SDN,SoftwareDefinedNetworking)。SDN把网络作为资源向上层IT业务开发,从而实现网络的动态,实时和灵活的调整,解决了私有云网络部署中的瓶颈问题。主要对现有SDN模式下的网络管理方案进行了相关探讨并对该方案提出了开放性的意见以及其不足之处。 相似文献
13.
The control and data planes are decoupled in software-defined networking(SDN),which enables both planes to evolve independently,and brings about many advantages such as high flexibility,programmability,and rapid implementation of new network protocols.However,in order to improve the scalability of the control plane at present,some control functionalities are added to the data plane,which is probably to impact on the generality of the data plane.The key challenge of adding control functionalities to the data plane is to strike a careful balance between the generality of the data plane and the scalability of the control plane.We propose some basic principles that both control and data planes should comply with,based on the evolutionary trend of SDN.Moreover,we take two approaches for reference according to the principles,viewed from the control messages in OpenFlow-based SDN.Our evaluations demonstrate that the approaches can maintain the generality of the data plane and improve the scalability of the control plane. 相似文献
14.
Lylia Alouache Nga Nguyen Makhlouf Aliouat Rachid Chelouah 《International Journal of Communication Systems》2019,32(2)
As today, vehicles are equipped with wireless sensors and on‐board computers capable of collecting and processing a large amount of data; they can communicate to each other via different communication types and through different relay nodes. Internet of Vehicles (IoV) routing protocols are deployed to monitor these communications with various strategies to achieve a high availability of communication. In this paper, we propose to extend an existing taxonomy representing the necessary criteria to build IoV routing algorithms, by adding two new important criteria: security aspect and network architecture. Enhanced vehicular routing protocols with different security mechanisms have been studied, compared, and classified with respect to the authentication, the integrity, the confidentiality, the nonrepudiation, and the availability of data and communications. Routing protocols using the software‐defined networking (SDN) paradigm have also been reviewed in order to compare with those with traditional network architectures. Three types of SDN routing protocols, namely, centralized, decentralized, and hybrid control planes, have been analyzed. This survey will be useful for the choice of IoV routing protocols that take into account the flexibility, the scalability, and the intelligence of vehicular networks, as well as the security mechanisms against cyberattacks while being cost aware. 相似文献
15.
16.
软件定义网络是一种数据和控制平面分离、软件可编程的新型网络架构及技术,控制平面使用以OpenFlow为代表的协议对转发平面进行集中式控制。SDN架构的这些特点能很好地满足了云计算对虚拟网络的集中化、标准化、自动化的配置管理要求。针对传统虚拟网络技术支持云计算平台的不足,提出基于OpenFlow的SDN技术设计虚拟网络的思路,论述了几种虚拟网络实现的原理与处理流程,并给出了模块化的软件设计及部分关键代码功能描述。 相似文献
17.
18.
软件定义网络(SDN)采用OpenFlow技术分离网络设备的数据平面和控制平面,实现灵活控制网络资源的目的。基于此,设计了量子密码通信网络模型,实现灵活控制密码通信网络整体量子密匙资源,确保了信息的安全传输。此外,提出了综合到端可用密匙和跳数的路由算法,提高了QKD生成密匙的有效利用率。由测试结果可知,通过基于SDN的量子密码通信网络及路由算法,可提高量子密匙资源利用率,提高网络性能。 相似文献
19.
现有研究者采用威胁建模和安全分析系统的方法评估和预测软件定义网络(software defined network, SDN)安全威胁,但该方法未考虑SDN控制器的漏洞利用概率以及设备在网络中的位置,安全评估不准确。针对以上问题,根据设备漏洞利用概率和设备关键度结合PageRank算法,设计了一种计算SDN中各设备重要性的算法;根据SDN攻击图和贝叶斯理论设计了一种度量设备被攻击成功概率的方法。在此基础上设计了一种基于贝叶斯攻击图的SDN安全预测算法,预测攻击者的攻击路径。实验结果显示,该方法能够准确预测攻击者的攻击路径,为安全防御提供更准确的依据。 相似文献
20.
战术通信网络具有高动态、弱连接、低带宽和多链路备份等特性,软件定义网络(software defined network,SDN)技术通过传统网络控制设备软硬件解耦,将核心控制功能软件化,通过集中控制策略获取全局视图,从而实现资源的灵活调度与信道资源的高效利用,推动战术通信网络朝着更加智能化的弹性适变网络发展。首先介绍了SDN的发展现状及优势,分析了传统架构战术通信网络的若干问题,并对SDN技术在外军战术通信领域的应用情况进行了分析,提出了SDN在军事通信领域应用的可行性思路,对应用场景进行了构想,最后对SDN在军事通信领域的应用可行性进行了总结。 相似文献