摘要
SDN与NFV技术带来了网络管理的灵活性与便捷性,但SDN的动态转发策略可能导致网络功能策略失效,同时不同网络功能的策略可能互相影响,引起冲突问题。为了在基于SDN/NFV的云网络中对网络功能的策略进行验证,分析了网络功能与SDN设备之间、跨网络功能之间的策略冲突,建立了统一策略表达进行策略解析,设计策略验证方案、框架并进行原型实现,检验不同场景下的虚拟网络功能策略的正确性,并与现有策略冲突验证方案对比,用实验进行了有效性与性能分析。
Although the newly introduced SDN and NFV technologies bring flexibility and convenience in network management,the dynamic forwarding policies introduced by SDN may cause invalidation in the network function policies,and the policies in different network functions may also cause conflicts due to their own behaviors.In order to verify the policies in SDN/NFV-based cloud network,the verification on policies between the network function and the SDN device,as well as across the network functions were considered.A unified policy expression for analysis was summa-rized,and policy verification scheme,framework and prototype implementation were proposed to verify the correctness of polices in different scenarios,then experiments were conducted to justify the effectiveness and performance.
作者
陈浩宇
邹德清
金海
CHEN Haoyu;ZOU Deqing;JIN Hai(National Engineering Research Center for Big Data Technology and System,School of Computer Science and Technology,Huazhong University of Science and Technology,Wuhan 430074,China;Services Computing Technology and System Lab,School of Computer Science and Technology,Huazhong University of Science and Technology,Wuhan 430074,China;Cluster and Grid Computing Lab,School of Computer Science and Technology,Huazhong University of Science and Technology,Wuhan 430074,China;Hubei Engineering Research Center on Big Data Security,School of Cyber Science and Engineering,Huazhong University of Science and Technology,Wuhan 430074,China)
出处
《网络与信息安全学报》
2021年第3期59-71,共13页
Chinese Journal of Network and Information Security
基金
国家重点研发计划(2019YFB2101700)
广州市未来产业关键技术研发专题项目(201902020016)。
关键词
策略验证
云网络
软件定义网络
网络功能虚拟化
policy verification
cloud network
software-defined networking
network function virtualization
