基于OpenFlow的SDN技术研究

软件定义网络(software-defined networking,简称SDN)技术分离了网络的控制平面和数据平面,为研发网络新应用和未来互联网技术提供了一种新的解决方案.综述了基于OpenFlow 的SDN 技术发展现状,首先总结了逻辑控制和数据转发分离架构的研究背景,并介绍了其关键组件和研究进展,包括OpenFlow交换机、控制器和SDN技术,然后从4 个方面分析了基于OpenFlow 的SDN 技术目前所面临的问题和解决思路.结合近年来的发展现状,归纳了在校园网、数据中心以及面向网络管理和网络安全方面的应用,最后探讨了未来的研究趋势.     

基于OpenFlow的SDN状态防火墙

提出了一种基于OpenFlow的状态检测防火墙系统,该方案通过在SDN控制器和交换机中添加状态表和变换流表,并根据包的类型分别制定相应的状态转换规则,实现对SDN网络状态的监测。最后,在开源控制器Floodlight和Open vSwitch上实现了一个基于状态检测的防火墙系统,并对该防火墙的性能进行了评估,结果表明基于OpenFlow的SDN状态检测防火墙能够识别不同类型的包并实现现有SDN防火墙不能实现的基于状态的细粒度访问控制。     

FAE:一种OpenFlow协议FlowMod消息的action扩展机制

SDN网络对数据转发平面的抽象是OpenFlow等南向接口协议制定的前提,目前标准OpenFlow协议假设数据平面每个流表项由确定的规则定义和对应的动作集合组成,每个配置数据平面的FlowMod消息会携带这些规则和动作集合。然而,随着SDN应用场景的不断发展,OpenFlow协议有限的预定义动作难以满足一些新的配置需求,例如集中控制的段路由管理配置和SDPA的配置等。为了提高当前SDN对动作定义的灵活性,解除其对动作的限制,首先提出了一种基于OpenFlow协议FlowMod消息的action扩展机制FAE,该机制具有满足用户自定义动作,且动作扩展灵活简单的特点,然后基于开源的Floodlight控制器和FAST交换机实现了FAE机制,实验表明,该机制在集中控制的段路由下,可以有效地支持其管理配置中的动作。     

一种针对基于OpenFlow的SDN网络中控制层面的DoS攻击研究

针对OpenFlow协议报文交换机制里所有非数据报文均需要通过PACKET_IN报文上传控制器的弱点,提出一种不停查询未知转发地址从而造成SDN网络控制层面资源耗尽的新型DoS攻击方式,同时基于SDN网络可编程性提出检测攻击与降低网络时延的解决策略。首先通过SDN控制器北向应用接口,使用Defense4ALL应用中自定义功能,针对DoS攻击特性检测网络中恶意流量。然后利用控制器动态配置特性,实时更新交换机配置文件,改变网络转发策略,从而减轻攻击对整个网络造成的影响。实验仿真表明,在大规模高速攻击中,该方法的检测成功率接近100%,在攻击源较少的慢速攻击中检测成功率低于80%,整体网络延迟降低10ms以上。所提出的解决策略可以有效减少针对控制平面的DoS攻击对整个网络的干扰。     

面向协议无感知转发技术的SDN试验床

基于OpenFlow的软件定义网络(SDN)中的转发设备不便于支持新协议的转发,因此协议无感知转发(Protocol Oblivious Forwarding,POF)技术被提出.本文基于POF技术和OpenFlow控制器POX,设计并实现了一种支持POF技术的SDN控制器,POF控制器可以充分利用POF转发设备并且体现了SDN的可编程性.同时,我们基于POF控制器搭建了POF试验床,实验结果表明POF控制器能够有效地管理POF网络,并提供高效的控制功能.     

OpenFlow网络中控制器负载均衡策略研究

控制器是软件定义网络(SDN)的核心,控制平面的可用性、可扩展性对SDN至关重要。本文首先提出了一种基于角色的分布式控制平面,并在此架构下,提出了一种交换机迁移的控制器负载均衡策略,从而解决控制平面可扩展性问题。     

基于SDN的OpenFlow交换机数据包流水线处理机制

目前,软件定义网络(Software Defined Networking,SDN)已成为网络研究与开发的重点,但相关的研究与开发工作还仅仅局限于园区网络和数据中心网络等。由于SDN控制层与数据层处理效率的限制,SDN面向互联网这样超大规模网络的研究还基本处于空白阶段。为了提升SDN的性能以使其适应大规模网络的特点,挖掘SDN数据层中并行加速处理的可能性,提出了将流水线技术应用到SDN数据层中交换机对数据包的转发过程。另外,结合SDN南向接口OpenFlow协议提供的交换机工作规范,设计了适用于OpenFlow交换机数据包转发的三级流水线处理机制。仿真实验说明,将流水线应用到SDN中能有效加快OpenFlow交换机的数据包转发速度。     

基于SDN的web访问控制应用的实现

软件定义网络(Software Defined Network,SDN)及其主流协议OpenFlow通过解耦控制平面与数据平面,提供应用平面编程接口,给数据中心提供了更为方便的网络设备管理手段。本文基于OpenDayLight(ODL)控制器北向接口,在一个对外提供web服务的网络中,实现了控制用户访问某一TCP/IP协议端口的功能,并能使管理员进行实时配置。     

SDN交换机转发规则TCAM存储优化综述

软件定义网络(SDN)将传统网络的控制平面和数据平面解耦,通过控制平面的控制器灵活地对网络进行管理,目前应用最广泛的控制协议是OpenFlow.三态内容寻址存储器(TCAM)查找速度快、支持三态掩码存储,在SDN网络中应用广泛.但TCAM成本高、功耗大,并且在存储含有范围字段匹配域的规则时候存在范围膨胀问题,因此交换机中可存储的转发规则数量,尤其是匹配域的数量和类型都比较多的OpenFlow规则数目非常有限,这成为约束SDN网络大规模扩展和应用的瓶颈.研究机构从不同角度提出了针对SDN中交换机转发规则的TCAM存储优化方案.本文从转发规则存储架构优化、本地交换机转发规则压缩、全局转发规则动态优化以及控制器参与的网络转发规则管理四个角度总结了相关研究工作,并提出了适合未来SDN网络的转发规则存储的综合优化方案.     

基于通用宽带路由器的OpenFlow交换机设计

基于OpenFlow协议的软件定义网络离不开控制器与OpenFlow交换机。然而,支持OpenFlow协议的交换机异常昂贵且难于获得。为了方便地获得支持OpenFlow协议的交换机,介绍一种基于通用宽带路由器的OpenFlow交换机设计。该设计可以仅用市场上常见的通用宽带路由器以及开源Linux软件构建出一款完整支持OpenFlow协议的交换机。实验结果显示,该设计以可接受的性能实现现阶段OpenFlow协议的所有功能。     

煤矿井下安全监控分站的设计及其仿真实现

为了设计一种具有低成本、低功耗、易操作、功能强且可靠性高的煤矿井下安全分站,针对煤矿安全生产实际,文章提出了采用MCS-51系列单片机为核心、具有CAN总线通信接口的煤矿井下安全监控分站的设计方案;首先给出煤矿井下安全监控分站的整体构架设计,然后着重阐述模拟量输入信号处理系统的设计过程,最后说明单片机最小系统及其键盘、显示、报警、通信等各个组成部分的设计;为验证设计方案的可行性与有效性,使用Proteus软件对设计内容进行仿真验证,设计的煤矿井下安全监控分站具有瓦斯、温度等模拟量参数超标报警功能和电机开停、风门开闭等开关量指示功能;仿真结果表明:设计的煤矿井下安全监控分站具有一定的实际应用价值.     

View-based model-driven architecture for enhancing maintainability of data access services

In modern service-oriented architectures, database access is done by a special type of services, the so-called data access services (DAS). Though, particularly in data-intensive applications, using and developing DAS are very common today, the link between the DAS and their implementation, e.g. a layer of data access objects (DAOs) encapsulating the database queries, still is not sufficiently elaborated, yet. As a result, as the number of DAS grows, finding the desired DAS for reuse and/or associated documentation can become an impossible task. In this paper we focus on bridging this gap between the DAS and their implementation by presenting a view-based, model-driven data access architecture (VMDA) managing models of the DAS, DAOs and database queries in a queryable manner. Our models support tailored views of different stakeholders and are scalable with all types of DAS implementations. In this paper we show that our view-based and model driven architecture approach can enhance software development productivity and maintainability by improving DAS documentation. Moreover, our VMDA opens a wide range of applications such as evaluating DAS usage for DAS performance optimization. Furthermore, we provide tool support and illustrate the applicability of our VMDA in a large-scale case study. Finally, we quantitatively prove that our approach performs with acceptable response times.     

A pragmatic multi-method investigation of discrepant technological events: Coping,attributions, and ‘accidental’ learning

Discrepant technological events or situations that entail a problem, a misunderstanding or a difficulty with the Information Technology (IT) being employed, are common in the workplace, and can lead to frustration and avoidance behaviors. Little is known, however, about how individuals cope with these events. This paper examines these events by using a multi-method pragmatic approach informed by coping theory. The results of two studies – a critical incident study and an experiment – serve to build and test, respectively, a theoretical model that posits that individuals use a variety of strategies when dealing with these events: they experience negative emotions, make external attributions, and adopt engagement coping strategies directed at solving the event, eventually switching to a disengagement coping strategy when they feel they have no control over the situation. Furthermore, users’ efforts may result in ‘accidental’ learning as they try to overcome the discrepant IT events through engagement coping. The paper ends with a discussion of the results in light of existing literature, future opportunities for research, and implications for practice.     

The Distributed Time-Triggered Simulation Scheme: Core Principles and Supporting Execution Engine

Distributed real-time simulation is a young technology field but its practice is under increasing demands. In recent years the author and his collaborators have been establishing a new approach called the distributed time-triggered simulation (DTS) scheme which is conceptually simple and easy to use but widely applicable. The concept was initiated in the course of developing a new-generation object-oriented real-time programming scheme called the time-triggered message-triggered object (TMO) programming scheme. Some fundamental issues inherent in distributed real-time simulation that were learned during recent experimental studies are discussed along with some approaches for resolving the issues. An execution engine developed to support both the TMOs engaged in control computation and the TMOs engaged in DTS is also discussed along with its possible extensions that will enable significantly larger-scale DTSs.     

Software-Konfigurationsmanagement in großen Softwareprojekten

Zusammenfassung Mit zunehmender Größe der Softwaresysteme verschärfen sich die für die Software-Herstellung typischen Probleme: Beherrschen großer Objektmengen, Erhalten der Systemkonsistenz, Kontrolle der ständigen Änderungseinflüsse und Gewährleisten einer langen Lebensdauer. Die Disziplin Konfigurationsmanagement bildet den methodischen Ansatz, diese Probleme besser zu beherrschen. Software-Konfigurationsmanagement faßt die Herstellung von Softwaresystemen als eine Abfolge von kontrollierten Änderungen an gesicherten Zwischen- und Endergebnissen auf. Dargestellt werden die Objekte und Funktionen des Software-Konfigurationsmanagements sowie die hierfür in großen Software-Projekten benötigten Methoden, Instanzen und Hilfsmittel.     

Information for Authors

正http://www.zju.edu.cn/jzus http://www.springerlink.com Aim The Journals of Zhejiang University-SCIENCE(A/B/C)are edited by the international board of distinguished Chinese and foreign scientists,and are aimed to present the latest developments and achievements in scientific research in China and     

Editorial:Brain-machine interface(BMI) and cyborg intelligence

正Brain-machine interfaces(BMIs)aim at building a direct communication pathway between the brain and an external device,and represent an area of research where significant progress has been made during the past decade.Based on BMIs,mind information can be read out by neural signals to control     

Information for Authors

正http://www.zju.edu.cn/jzus http://www.springerlink.com Aim The Journals of Zhejiang University-SCIENCE(A/B/C)are edited by the international board of distinguished Chinese and foreign scientists,and are aimed to present the latest developments and achievements in scientific research in China and overseas to the world’s scientific circles,especially to stimulate     

SCIENCE CHINA Information Sciences SUBJECT INDEX TO VOLUME 57(2014)

正~~     

Information for Authors

正http://www.zju.edu.cn/jzus http://www.springerlink.com Aim The Journals of Zhejiang University-SCIENCE(A/B/C)are edited by the international board of distinguished Chinese and foreign scientists,and are aimed to present the latest developments and achievements in scientific research in China and overseas to the world’s scientific circles,especially to stimulate