Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Strategy conflict detection and solution method based on graphic representation in SDN environment

A technology of conflict detection and graphic representation, which is applied in the field of network security and can solve problems such as the complexity of SDN applications

Active Publication Date: 2021-03-02
ANHUI UNIVERSITY
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

To make matters worse, SDN applications programmed in high-level languages ​​such as Java or Python can be very complex

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Strategy conflict detection and solution method based on graphic representation in SDN environment
  • Strategy conflict detection and solution method based on graphic representation in SDN environment
  • Strategy conflict detection and solution method based on graphic representation in SDN environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0107] Experimental environment: SDN controller adopts Floodlight1.2, network topology simulates Mininet2.2, strategies in the network are generated in two small experiments with different methods, the first is generated by script files, and the second is simulated by the tool ClassBench to generate specific network endpoint policy.

[0108] Network topology: such as Figure 10 As shown, Fattree topology, 10 switches, 2 servers, 6 clients, a total of 8 hosts.

[0109] Experimental parameters: The experimental initial setting information of the optimal strategy layout module is shown in the table below.

[0110]

[0111] Implementation process:

[0112] 1. First use mininet to create a Fattree topology, and then create a set of flow rules by writing script files. Use scapy to generate packets. In the network model of this embodiment, the feasibility of policy conflict detection and resolution is tested respectively. First, one or two flow rules of topological communicati...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a strategy conflict detection and solution method based on graphic representation in an SDN environment, and the method comprises the steps: storing a flow rule through an extended multi-bit prefix tree, generating a corresponding equivalence class EC and a configuration graph, displaying a network strategy in the form of a strategy graph, firstly applying strategy change generated by each network updating to a network model, and calculating an affected EC from the network model; secondly, checking whether each affected EC in the network model has strategy violation ornot through a violation detection module; if any violation occurs, compressing the configuration graph and the physical topological graph and transmitting the configuration graph and the physical topological graph to a violation solving module; then, enabling the optimizer to return a group of edges of the EC configuration diagram to be added or deleted, applying the edges to the network model andconverting the edges into specific OpenFlow rules; and finally, realizing optimal deployment of the rule on the forwarding equipment by utilizing a heuristic algorithm. According to the method, the correctness condition of the network strategy is expressed as a graph instead of a path set of a traditional method, so that richer strategy sets can be processed, and the detected violation behavior can be optimally repaired. Meanwhile, a heuristic rule layout algorithm is adopted, and the number of rules in the switch is minimized. According to the method, illegal flow rules are rejected with relatively low overhead, so that all policy violation problems are solved, rule conflicts of a large number of endpoint policies are avoided, and certain network service quality is ensured.

Description

technical field [0001] The invention relates to network security technology, in particular to a strategy conflict detection and resolution method based on graphic representation in an SDN environment. Background technique [0002] Software Defined Networking (SDN) is a new type of network architecture that helps to better manage the network and simplify the deployment of new network functions by separating the control module from the forwarding device. The network control logic is composed of bloated routing protocols running on physical devices, which work in conjunction with the network topology information and device configuration information in traditional networks, while the network control logic is implemented by the SDN controller, and the logic is centrally controlled in the SDN. OpenFlow is one of the most well-known southbound interface protocols, which empowers the controller to rely on the forwarding path of packets in the switch. Network availability, security,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/20H04L63/205H04L41/145H04L41/22H04L41/12
Inventor 房忠万仲红杨明崔杰许艳田苗苗孙秀文
Owner ANHUI UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com