计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (4): 103-109.DOI: 10.3778/j.issn.1002-8331.1609-0121

• 网络、通信与安全 • 上一篇    下一篇

基于SDN网络的安全设备路由研究

张林霞,何利文,黄  俊   

  1. 南京邮电大学 计算机学院/软件学院,南京 210003
  • 出版日期:2018-02-15 发布日期:2018-03-07

Route of security device research based on SDN Network

ZHANG Linxia, HE Liwen, HUANG Jun   

  1. School of Computer Science, Nanjing University of Posts and Telecommunication, Nanjing 210003, China
  • Online:2018-02-15 Published:2018-03-07

摘要: SDN(Software Defined Networking,软件定义网络)是一种新型的网络架构,是网络实现自动化部署灵活管理的一个重要方式。SDN技术将网络的数据平面和控制平面相分离,从而实现了网络流量的灵活控制。因此,基于SDN技术提出了一种基于SDN网络的安全设备路由模型,该模型结合改进的内嵌式安全设备最短路由算法和旁路式最短路由算法及神经网络最短路由算法,得到一种高效的安全设备路由策略,并且在此基础上构建了一个网络安全服务调度系统,能够在安全设备混合部署的复杂网络环境中,按用户需求提供个性化的安全服务;同时,通过计算较低网络成本的最短安全路径,提高了网络的路由效率和资源利用率。

关键词: 软件定义网络(SDN), 安全设备, 个性化安全服务, 最短路径

Abstract: Software defined networking is a new kind of network architecture. It is an important way that realizes automated deployment and flexible management for network. SDN separates data plane and control plane of network, so as to realize the flexible control of the network traffic. Therefore, this paper proposes a security device routing model based on SDN network. The model combines the improved shortest routing algorithm of inline and passive security devices, and the shortest-path routing algorithm using neural network, gets a highly efficient routing policy of security devices. Coupled with SDN network architecture, it builds a scheduling system of network security service. In the complex network environment with security devices mixed deploy, it can provide users with personalized security service, at the same time, it calculates the shortest security path with lower network cost, improves the efficiency of network routing and resource utilization.

Key words: Software Defined Networking(SDN), security device, personalized security service, the shortest path