在互联网、云计算弹性扩展,方式灵活的高速推广下,大量的高流量业务快速增长,其中网络中重要体系结构数据中心面临着设备之间负载不均衡,网络带宽使用率底等突出问题.原有网络对流量的控制通常通过网络硬件设备完成,软件定义网络(Softwa...在互联网、云计算弹性扩展,方式灵活的高速推广下,大量的高流量业务快速增长,其中网络中重要体系结构数据中心面临着设备之间负载不均衡,网络带宽使用率底等突出问题.原有网络对流量的控制通常通过网络硬件设备完成,软件定义网络(Software Defined Network,SDN)重要的中心思想是将数据层和网络控制层进行分离,然后通过集中可编程的软件平台控制底层设备,最终灵活实现网络资源按需分布.提出利用SDN优势,选择Ryu作为控制平台,REST API定义相应的模块来对网络数据中心流量的负载均衡进行研究,最后利用仿真模拟平台进行测试,结果表明该策略可以有效地提高网络流量的利用率,减少网络延迟等问题.展开更多
软件定义网络(Software-defined Network,SDN)以可编程的形式定义路由,对传统网络架构进行了一次彻底颠覆。通过采用中心化的拓扑结构,SDN有效实现了对网络基础设施的全局控制。然而这种中心化的拓扑极易受到网络攻击的威胁,如分布式拒...软件定义网络(Software-defined Network,SDN)以可编程的形式定义路由,对传统网络架构进行了一次彻底颠覆。通过采用中心化的拓扑结构,SDN有效实现了对网络基础设施的全局控制。然而这种中心化的拓扑极易受到网络攻击的威胁,如分布式拒绝服务攻击(Distributed Denial of Service,DDoS)。传统的DDoS通过堵塞交换机带宽,消耗控制器计算资源的方式实现拒绝服务。近年来,又有新型的DDoS变种通过攻击控制器与交换机通信的南向通道,攻击交换机流表的方式实现拒绝服务。为了缓解传统DDoS和新型DDoS带来的安全问题,本文提出了一个面向SDN的轻量化DDoS检测防御框架SDDetector(Software Defined Detector)。可以在粗粒度和细粒度两种模式下运行,粗粒度模式通过提取SDN交换机中的统计特征对可疑的攻击行为进行阈值警报;触发警报后,细粒度模式再进行二次特征提取,并利用熵检测算法和SVM检测算法做进一步地攻击判别。研究发现,熵检测算法擅长处理采用源IP伪造技术的DDoS攻击以及针对SDN的新型DDoS攻击;而SVM检测算法擅长处理基于应用层协议的、需要交互的DDoS攻击。SDDetector以近似并行的模式运行两种算法,自动使特征提取速度最快的算法来完成攻击检测,从而大幅降低了系统对攻击的响应时间。经过实验验证发现,在特定场景下,本文提出的模型能够比单一的检测方案少用75%的响应时间。展开更多
In Software-Dened Networks(SDN),the divergence of the control interface from the data plane provides a unique platform to develop a programmable and exible network.A single controller,due to heavy load trafc triggered...In Software-Dened Networks(SDN),the divergence of the control interface from the data plane provides a unique platform to develop a programmable and exible network.A single controller,due to heavy load trafc triggered by different intelligent devices can not handle due to it’s restricted capability.To manage this,it is necessary to implement multiple controllers on the control plane to achieve quality network performance and robustness.The ow of data through the multiple controllers also varies,resulting in an unequal distribution of load between different controllers.One major drawback of the multiple controllers is their constant conguration of the mapping of the switch-controller,quickly allowing unequal distribution of load between controllers.To overcome this drawback,Software-Dened Vehicular Networking(SDVN)has evolved as a congurable and scalable network,that has quickly achieved attraction in wireless communications from research groups,businesses,and industries administration.In this paper,we have proposed a load balancing algorithm based on latency for multiple SDN controllers.It acknowledges the evolving characteristics of real-time latency vs.controller loads.By choosing the required latency and resolving multiple overloads simultaneously,our proposed algorithm solves the loadbalancing problems with multiple overloaded controllers in the SDN control plane.In addition to the migration,our algorithm has improved 25%latency as compared to the existing algorithms.展开更多
文摘在互联网、云计算弹性扩展,方式灵活的高速推广下,大量的高流量业务快速增长,其中网络中重要体系结构数据中心面临着设备之间负载不均衡,网络带宽使用率底等突出问题.原有网络对流量的控制通常通过网络硬件设备完成,软件定义网络(Software Defined Network,SDN)重要的中心思想是将数据层和网络控制层进行分离,然后通过集中可编程的软件平台控制底层设备,最终灵活实现网络资源按需分布.提出利用SDN优势,选择Ryu作为控制平台,REST API定义相应的模块来对网络数据中心流量的负载均衡进行研究,最后利用仿真模拟平台进行测试,结果表明该策略可以有效地提高网络流量的利用率,减少网络延迟等问题.
文摘软件定义网络(Software-defined Network,SDN)以可编程的形式定义路由,对传统网络架构进行了一次彻底颠覆。通过采用中心化的拓扑结构,SDN有效实现了对网络基础设施的全局控制。然而这种中心化的拓扑极易受到网络攻击的威胁,如分布式拒绝服务攻击(Distributed Denial of Service,DDoS)。传统的DDoS通过堵塞交换机带宽,消耗控制器计算资源的方式实现拒绝服务。近年来,又有新型的DDoS变种通过攻击控制器与交换机通信的南向通道,攻击交换机流表的方式实现拒绝服务。为了缓解传统DDoS和新型DDoS带来的安全问题,本文提出了一个面向SDN的轻量化DDoS检测防御框架SDDetector(Software Defined Detector)。可以在粗粒度和细粒度两种模式下运行,粗粒度模式通过提取SDN交换机中的统计特征对可疑的攻击行为进行阈值警报;触发警报后,细粒度模式再进行二次特征提取,并利用熵检测算法和SVM检测算法做进一步地攻击判别。研究发现,熵检测算法擅长处理采用源IP伪造技术的DDoS攻击以及针对SDN的新型DDoS攻击;而SVM检测算法擅长处理基于应用层协议的、需要交互的DDoS攻击。SDDetector以近似并行的模式运行两种算法,自动使特征提取速度最快的算法来完成攻击检测,从而大幅降低了系统对攻击的响应时间。经过实验验证发现,在特定场景下,本文提出的模型能够比单一的检测方案少用75%的响应时间。
基金The authors are thankful for the support of Taif University Researchers Supporting Project No.(TURSP-2020/10),Taif University,Taif,Saudi Arabia.Taif University Researchers Supporting Project No.(TURSP-2020/10),Taif University,Taif,Saudi Arabia.
文摘In Software-Dened Networks(SDN),the divergence of the control interface from the data plane provides a unique platform to develop a programmable and exible network.A single controller,due to heavy load trafc triggered by different intelligent devices can not handle due to it’s restricted capability.To manage this,it is necessary to implement multiple controllers on the control plane to achieve quality network performance and robustness.The ow of data through the multiple controllers also varies,resulting in an unequal distribution of load between different controllers.One major drawback of the multiple controllers is their constant conguration of the mapping of the switch-controller,quickly allowing unequal distribution of load between controllers.To overcome this drawback,Software-Dened Vehicular Networking(SDVN)has evolved as a congurable and scalable network,that has quickly achieved attraction in wireless communications from research groups,businesses,and industries administration.In this paper,we have proposed a load balancing algorithm based on latency for multiple SDN controllers.It acknowledges the evolving characteristics of real-time latency vs.controller loads.By choosing the required latency and resolving multiple overloads simultaneously,our proposed algorithm solves the loadbalancing problems with multiple overloaded controllers in the SDN control plane.In addition to the migration,our algorithm has improved 25%latency as compared to the existing algorithms.