计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (21): 56-64.DOI: 10.3778/j.issn.1002-8331.1804-0364

• 网络、通信与安全 • 上一篇    下一篇

基于服务功能链的多域安全服务按需适配方法

李  畅,徐  琪,李光磊,周华春   

  1. 北京交通大学 电子信息工程学院,北京 100044
  • 出版日期:2018-11-01 发布日期:2018-10-30

On-demand adaptation method for multi-domain security services based on service function chaining

LI Chang, XU Qi, LI Guanglei, ZHOU Huachun   

  1. School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China
  • Online:2018-11-01 Published:2018-10-30

摘要: 传统网络的服务管理和供应模式静态僵化,难以从全局角度为跨域数据流制定统一的安全和调度策略,无法满足多样化的安全需求。提出一种基于服务功能链(SFC)的多域安全服务按需适配方法,利用软件定义网络(SDN)和网络功能虚拟化(NFV)等技术,通过多层接口建立统一的描述模型,配置所需的安全服务资源,实例化所需的安全服务功能,并使用服务功能链将安全服务功能组合,进而实现安全服务的按需适配。最后,通过搭建原型系统,在不同的实验场景中验证所提方法的可行性。

关键词: 多域网络, 服务功能链, 按需适配, 安全服务策略

Abstract: The service management and provisioning mode of traditional networks is static and rigid, which makes it difficult to formulate a unified security and scheduling policy for cross-domain data flows from a global perspective, and fails to meet diversified security requirements. This paper proposes an on-demand adaptation method for multi-domain security services based on Service Function Chaining(SFC). It uses Software Defined Network(SDN) and Network Function Virtualization(NFV), and establishes a unified description model through multiple layers of interfaces, then it configures the required security service resources, instantiates the required security service functions, and uses SFC to combine the security service functions to achieve on-demand adaptation of security services. Finally, with the implementation of prototype, the feasibility of the proposed method is verified in different experimental scenarios.

Key words: multi-domain networks, service function chaining, on-demand adaptation, security service policy