Management system of mirror network flow in virtual network environment and control method

Abstract

The invention discloses a management system of mirror network flow in a virtual network environment and a software definition based mirror flow management and control method. A mirror network flow management and control system comprises a mirror network flow central control node, virtual mirror flow management nodes and virtual mirror flow distribution nodes. The mirror network flow central control node is utilized for global control; the virtual mirror flow management nodes deployed near a service virtual machine are utilized for realizing capturing of data packets and forwarding based on a flow table; and the virtual mirror flow distribution nodes deployed near a safety device are utilized for copying and distribution of the data packets based on safety services. According to the management system of the mirror network flow in the virtual network environment and the software definition based mirror flow management and control method, an optimal mirror flow exporting policy in a global perspective is obtained, the mirror flow scheduling is quick and complete, and only a few computing resource is occupied by the mirror flow management nodes.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to the management of mirrored network traffic in a virtualized network environment and a network security monitoring solution based on the mirrored network traffic. Background technique [0002] In a virtualized network environment, user business systems are deployed on virtual machines. In order to ensure the security of these systems and comply with relevant security compliance, it is still necessary to perform network security on these virtual machines as in traditional physical network environments. monitor. However, traditional hardware physical security products cannot accurately capture the network traffic of business virtual machines that need to be monitored. [0003] Software Defined Networks (SDN) is a new network control architecture proposed in recent years that utilizes the control layer, forwarding layer and data layer of decoupling network hardware to a...

AI Technical Summary

Problems solved by technology

[0006] The purpose of the present invention is to implement a new technical architecture and system that utilizes the concept of software definition to realize the forwarding management and control of mirrored network traffic, which is used to solve: 1) the problem of capturing network traffic by security devices during the security monitoring process; 2) Due to performance limitations, the network traffic capture terminal cannot implement a fine-grained bypass network traffic forwarding strategy; 3) Due to the lack of global vision, the network traffic capture terminal captures repeated traffic; 4) To multiple security The problem that the bandwidth of the service host is too large due to the multi-purpose traffic forwarding of the device forwarding traffic at the same time

Images