Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Security resource management and control method and device in SDN network

A resource management and security control technology, applied in electrical components, transmission systems, etc., can solve problems such as inability to support large-scale network deployment, deployment, and VXLAN forwarding

Inactive Publication Date: 2019-11-05
SUZHOU LANGCHAO INTELLIGENT TECH CO LTD
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] 1. Through the solution of deploying openstack network nodes, this solution completes the security control of traffic through the implementation of software firewall, but because it is a software method, it cannot support large-scale network deployment, and the forwarding capability is limited when the network traffic is large;
[0004] 2. Through the solution of deploying physical security devices, this solution implements security traffic control by deploying a security firewall outside the gateway and forwarding through the VXLAN (Virtual Extensible Local Area Network, Virtual Extended Local Area Network) network. However, due to the traditional security firewall equipment VXLAN forwarding is not supported, so this solution cannot be used for deployment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security resource management and control method and device in SDN network
  • Security resource management and control method and device in SDN network
  • Security resource management and control method and device in SDN network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] like figure 1 As shown, the embodiment of the present invention provides a security resource management and control method in an SDN network, including S101-S103:

[0051] S101, interconnecting the gateway and the firewall connected in series outside the gateway using VLAN;

[0052] S102. Forward the traffic data sent from the virtual machine to the external network from the gateway to the firewall through the VLAN;

[0053] S103. Perform security control on the traffic data through the firewall and forward it to the external network.

[0054] The embodiment of the present invention can realize security resource management and control in the SDN network, by connecting firewall physical devices in series outside the gateway, and interconnecting the gateway and the firewall using vlan, realizing the security management and control of the north-south traffic of the virtual machine. In the embodiment of the present invention, the vlan network interconnection between the g...

Embodiment 2

[0068] like figure 2 As shown, the embodiment of the present invention provides a security resource management and control device in an SDN network, including:

[0069] The interconnection module is configured to interconnect the gateway and the firewalls connected in series outside the gateway using VLAN;

[0070] A forwarding module configured to forward the traffic data sent by the virtual machine to the external network from the gateway to the firewall through the VLAN;

[0071] The data analysis module is configured to carry out security control on the traffic data through the firewall and then forward it to the external network.

[0072] In the embodiment of the present invention, the interconnection module interconnecting the gateway and the firewall connected in series outside the gateway using VLAN includes:

[0073] A forwarding configuration resource pool for gateways and firewalls is provided, where the forwarding configuration resource pool includes a virtual r...

Embodiment 3

[0085] like image 3 As shown, the gateway resources and firewall resources of the controller in the embodiment of the present invention have been created to realize the interconnection between the gateway and the firewall. The specific process is as follows:

[0086] 1. Create a VLAN pool, which is used when the gateway and firewall devices are connected to each other;

[0087] 2. Create an interconnected IP address pool, which is used when the gateway and firewall devices are interconnected;

[0088] 3. Create a virtual router, which is used for Layer 3 forwarding;

[0089] 4. The virtual router is bound to the gateway resource, and the gateway resource carries the third layer of the virtual machine router and the traffic going out of the external network;

[0090] 5. The virtual router is bound to the firewall resource, and the firewall resource performs security control on the traffic of the virtual machine going out of the external network;

[0091] 6 Allocate a VLAN f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a security resource management and control method and device in an SDN (Software Defined Network). The method comprises the following steps: interconnecting agateway with firewalls connected in series outside the gateway in a VLAN (Virtual Local Area Network) manner; forwarding the flow data sent to the external network by the virtual machine from the gateway to the firewall in the VLAN mode; and performing security control on the flow data through the firewall, and forwarding the flow data to an external network. The security management and control of the network flow of the virtual machine are realized.

Description

technical field [0001] Embodiments of the present invention relate to network security control technologies, and in particular to a method and device for managing and controlling security resources in an SDN network. Background technique [0002] SDN (Software Defined Networks, software-defined network) is a new type of network architecture, which realizes flexible control of network traffic by separating the control plane and data plane. In order to implement security control of external network traffic, the SDN controller usually needs to have a firewall function. How to effectively manage firewall resources and deploy services through SDN controllers has become an important research direction in SDN networks. Generally, the SDN controller manages security resources as follows: [0003] 1. Through the solution of deploying openstack network nodes, this solution completes the security control of traffic through the implementation of software firewall, but because it is a ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/0272
Inventor 徐继浩
Owner SUZHOU LANGCHAO INTELLIGENT TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com