本文選題：軟件定義網(wǎng)絡(luò) + 擬態(tài)路由　； 參考：《電子科技大學(xué)》2017年碩士論文

【摘要】：SDN技術(shù)革命性的改變了現(xiàn)有網(wǎng)絡(luò)架構(gòu),適應(yīng)了降低網(wǎng)絡(luò)復(fù)雜度、云計(jì)算和大數(shù)據(jù)的需求。研究人員通常關(guān)注SDN網(wǎng)絡(luò)本身,對網(wǎng)絡(luò)的SDN化演進(jìn)過程,傳統(tǒng)網(wǎng)絡(luò)設(shè)備與SDN設(shè)備將長期在實(shí)際網(wǎng)絡(luò)中共存的現(xiàn)實(shí)考慮的不多。SDN技術(shù)數(shù)據(jù)面通用、簡單、高效的特點(diǎn),以及控制面與數(shù)據(jù)面分離的架構(gòu),也給我們在網(wǎng)絡(luò)路由安全方面帶來了新思路。同時(shí)隨著網(wǎng)絡(luò)功能的復(fù)雜化,網(wǎng)絡(luò)受到多用戶和多應(yīng)用的控制,目前的開源控制器在支持多用戶多應(yīng)用方面還存在缺陷。為此,本文分別在SDN混合網(wǎng)絡(luò)路由安全和SDN網(wǎng)絡(luò)操作系統(tǒng)方向,進(jìn)行了一些研究嘗試。本文首先研究SDN網(wǎng)絡(luò)與傳統(tǒng)IP網(wǎng)絡(luò)的三層路由互通問題,設(shè)計(jì)實(shí)現(xiàn)OpenFlow路由控制器,實(shí)現(xiàn)SDN網(wǎng)絡(luò)與傳統(tǒng)IP網(wǎng)絡(luò)之間路由協(xié)議的交互和數(shù)據(jù)報(bào)文的正確轉(zhuǎn)發(fā),促進(jìn)SDN技術(shù)在實(shí)際網(wǎng)絡(luò)中的部署。在此基礎(chǔ)之上,本文在多個(gè)OpenFlow路由控制器與OpenFlow交換機(jī)之間引入路由決策層,形成擬態(tài)路由系統(tǒng)。該系統(tǒng)將路由實(shí)體擬態(tài)化,增大了網(wǎng)絡(luò)攻擊者探查路由實(shí)體漏洞的難度,隔離被網(wǎng)絡(luò)攻擊者致癱致亂的路由實(shí)體,保證網(wǎng)絡(luò)路由的穩(wěn)定與正確。但隨著SDN網(wǎng)絡(luò)的發(fā)展,網(wǎng)絡(luò)功能越來越復(fù)雜,現(xiàn)有的開源控制器在北向接口的簡潔性,數(shù)據(jù)持久化能力等方面顯得力不從心。尤其是網(wǎng)絡(luò)資源被虛擬化,多個(gè)用戶共享網(wǎng)絡(luò)資源,網(wǎng)絡(luò)受到多個(gè)上層網(wǎng)絡(luò)應(yīng)用的控制。多用戶與多應(yīng)用可能出現(xiàn)相互間的網(wǎng)絡(luò)規(guī)則沖突,造成網(wǎng)絡(luò)管理狀態(tài)的不一致,甚至被某些惡意的應(yīng)用或者用戶利用,故意致亂網(wǎng)絡(luò)。擬態(tài)路由系統(tǒng)只能實(shí)現(xiàn)單一路由節(jié)點(diǎn)的防護(hù),對上述情況無能為力。因此,本文隨后研究了網(wǎng)絡(luò)操作系統(tǒng)的實(shí)現(xiàn),針對網(wǎng)絡(luò)規(guī)則沖突檢測的問題,提出了基于狀態(tài)分解的規(guī)則沖突檢測算法,并且在本文的網(wǎng)絡(luò)操作系統(tǒng)中予以實(shí)現(xiàn)。通過系統(tǒng)測試證明,本文的擬態(tài)路由系統(tǒng)可以實(shí)現(xiàn)SDN與傳統(tǒng)IP網(wǎng)絡(luò)的路由交互,并且做到路由實(shí)體的擬態(tài)化,增加網(wǎng)絡(luò)路由的安全性;本文的網(wǎng)絡(luò)操作系統(tǒng),簡化了北向接口,方便上層應(yīng)用的開發(fā)與部署,實(shí)現(xiàn)網(wǎng)絡(luò)狀態(tài)數(shù)據(jù)的持久化,其中的規(guī)則沖突檢測模塊可以準(zhǔn)確高效地檢測到網(wǎng)絡(luò)規(guī)則沖突的情況。
[Abstract]:SDN technology has revolutionized the existing network architecture, adapted to reduce network complexity, cloud computing and big data's needs.The researchers usually pay attention to the SDN network itself. The traditional network equipment and the SDN equipment will coexist in the real network for a long time. The technical data surface of SDN is not common, simple and efficient, for the evolution process of the network, the traditional network equipment and the SDN equipment will coexist in the real network for a long time.The separation architecture of control surface and data surface also brings us new ideas in network routing security.At the same time, with the complexity of the network function, the network is controlled by multi-user and multi-application. At present, the open source controller has some defects in supporting multi-user and multi-application.Therefore, this paper makes some research attempts in the direction of SDN hybrid network routing security and SDN network operating system.This paper first studies the problem of three-layer routing interworking between SDN network and traditional IP network, designs and implements OpenFlow routing controller, realizes the interaction of routing protocol between SDN network and traditional IP network, and correctly forwards data packets.Facilitate the deployment of SDN technology in real networks.On this basis, this paper introduces a routing decision layer between multiple OpenFlow routing controllers and OpenFlow switches to form a pseudo routing system.The system simulates the routing entities, increases the difficulty of network attackers to explore the vulnerabilities of routing entities, isolates the routing entities that are paralyzed by network attackers, and ensures the stability and correctness of network routing.However, with the development of SDN network, the network functions are becoming more and more complex, the existing open source controller in the north interface simplicity, data persistence ability and other aspects appear to be inadequate.In particular, network resources are virtualized, multiple users share network resources, and the network is controlled by multiple upper network applications.The conflict of network rules between multi-user and multi-application may lead to the inconsistency of network management state, and even be used by some malicious applications or users to cause the network to be scrambled intentionally.The pseudo-routing system can only protect a single routing node.Therefore, the implementation of network operating system is studied in this paper. Aiming at the problem of network rule conflict detection, a rule conflict detection algorithm based on state decomposition is proposed and implemented in the network operating system of this paper.The system test shows that the pseudo routing system in this paper can realize the routing interaction between SDN and traditional IP network, and make the routing entity mimic, increase the security of network routing, the network operating system of this paper simplifies the northward interface,It is convenient for the development and deployment of the upper application to realize the persistence of network state data. The rule conflict detection module can detect the conflict of network rules accurately and efficiently.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.0

【參考文獻(xiàn)】

中國期刊全文數(shù)據(jù)庫 前1條

1 鳳丹;鄒敏;;Cisco IOS系統(tǒng)緩沖區(qū)溢出攻擊研究[J];計(jì)算機(jī)工程;2007年24期

，

本文編號：1755703