摘要
为提高云网数据中心的资源利用率、节约通信开销,基于SRv6(Segment Route IPv6)技术设计一种云网安全服务链自动编排方法。本文方法辅助并引导网络数据包沿着指定路径通过云网,确定报文的具体转发路径,减少对服务节点的依赖;建立最小化总带宽的目标函数,结合多种约束条件,满足自动编排的安全性;定义本地行为报文,架构安全服务链自动编排框架,建立安全服务策略,解决策略冲突和网络流调度问题,达到服务链的安全编排。实验结果表明,本文方法能有效地实现云网服务链自动编排,减少CPU平均总带宽消耗,提升用户的请求成功率,降低云网中边缘设备的负载,节省通信开销。
To improve the resource utilization rate of cloud network data centers and save communication costs,a cloud network security service chain automatic orchestration method is designed based on SRv6(Segment Route IPv6)technology.The method assists and guides network data packets to pass through the cloud network along the specified path,determines the specific for warding path of the message,and reduces dependence on service nodes;establishes an objective function to minimize the total bandwidth,combines with various constraints to meet the security requirements of automatic orchestration;defines local behav ior message,constructs automatic arrangement framework of security service chain,establishes security service policy,solves policy conflict and flow network scheduling problem,and achieves security arrangement of service chain.Experimental results show that the proposed method can effectively implement the automatic scheduling of cloud service chain,reduce the average to tal bandwidth consumption of CPU,improve the success rate of user requests,reduce the load of edge device in the cloud,and save communication costs.
作者
王宏杰
徐胜超
杨波
毛明扬
蒋金陵
WANG Hong-jie;XU Sheng-chao;YANG Bo;MAO Ming-yang;JIANG Jin-ling(School of Data Science,Guangzhou Huashang College,Guangzhou 511300,China)
出处
《计算机与现代化》
2024年第1期1-5,12,28,共7页
Computer and Modernization
基金
国家自然科学基金面上项目(61772221)
广东省华商学院校内科研导师制项目(2023HSDS30)。
关键词
SRv6技术
云网安全
安全服务链
自动编排
调度优化
SRv6 technology
cloud network security
security service chain
automatic arrangement
scheduling optimization
