CN104954186A - Application-oriented SDN (software defined network) strategy control method - Google Patents

Application-oriented SDN (software defined network) strategy control method Download PDF

Info

Publication number
CN104954186A
CN104954186A CN201510344547.8A CN201510344547A CN104954186A CN 104954186 A CN104954186 A CN 104954186A CN 201510344547 A CN201510344547 A CN 201510344547A CN 104954186 A CN104954186 A CN 104954186A
Authority
CN
China
Prior art keywords
sdn
policy
application
strategy
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510344547.8A
Other languages
Chinese (zh)
Other versions
CN104954186B (en
Inventor
黄祖源
马文
杜洁
李芹
陈何雄
李寒箬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Center of Yunnan Power Grid Co Ltd
Original Assignee
Information Center of Yunnan Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Center of Yunnan Power Grid Co Ltd filed Critical Information Center of Yunnan Power Grid Co Ltd
Priority to CN201510344547.8A priority Critical patent/CN104954186B/en
Publication of CN104954186A publication Critical patent/CN104954186A/en
Application granted granted Critical
Publication of CN104954186B publication Critical patent/CN104954186B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an application-oriented SDN (software defined network) strategy control method. The application-oriented SDN strategy control method comprises the following steps of partitioning application terminal system TE (terminal equipment) with similar strategy demands into the same TG (terminal group) by an SDN basic control environment which consists of an SDN strategy controller, an SDN intelligent switch and basic application system TE; encapsulating flow in an SDN in a VXLAN (virtual extensible local area network) for transmission by an overlay encapsulation technology, and adding new TG markers to extension VXLAN headers so as to distinguish different strategy groups. The application-oriented SDN strategy control method disclosed by the invention has the beneficial effects that based on the SDN basic environment, through the extended VXLAN technology and the added strategy group markers, a relation of a physical location, a safety strategy and an IP (internet protocol) address is separated, therefore servers can be deployed and transferred more conveniently; by setting a safety control strategy, the automation performance and the safety management performance of the SDN are improved.

Description

一种面向应用的SDN网络策略控制方法An application-oriented SDN network policy control method

技术领域  本发明适用于数据中心、广域网网络下的软件定义网络技术研究,属于软件及网络技术领域。Technical field The present invention is applicable to the research of software-defined network technology under the data center and wide area network, and belongs to the field of software and network technology.

背景技术Background technique

SDN发展如火如荼。随着SDN概念的提出并飞速发展,企业对SDN的期望也是越来越高,包括改善网络利用率、自动化配置管理、提升安全性能、应用可视化、降低复杂度、降低运营成本、提升可伸缩性、支持创建私有云和混合云等。其中,大多都与数据中心的运维相关,通过SDN的方式,创建更加灵活、高效的数据中心网络,为业务应用提供更好的IT基础支撑。The development of SDN is in full swing. With the introduction and rapid development of the SDN concept, enterprises have higher and higher expectations for SDN, including improving network utilization, automatic configuration management, improving security performance, application visualization, reducing complexity, reducing operating costs, and improving scalability. , Support the creation of private clouds and hybrid clouds, etc. Most of them are related to the operation and maintenance of data centers. Through SDN, a more flexible and efficient data center network can be created to provide better IT infrastructure support for business applications.

在数据中心应用部署与运维中,服务器的新建部署,部署策略牵涉网络各个节点的信息配置,较为繁琐。在二层网络环境下,迁移前后的IP和MAC地址保持不变,当对于跨越不同机房或地域的迁移,得实现大二层网络,容易出现环路和广播风暴,难以管理。同时,同一VLAN下不容易做访问策略,针对不同应用的访问控制策略较为复杂。上述问题是数据中心面临迫切问题。In the data center application deployment and operation and maintenance, the new deployment of the server, the deployment strategy involves the information configuration of each node of the network, which is relatively cumbersome. In a Layer 2 network environment, the IP and MAC addresses before and after migration remain unchanged. When migrating across different computer rooms or regions, a large Layer 2 network must be implemented, which is prone to loops and broadcast storms, making it difficult to manage. At the same time, it is not easy to implement access policies in the same VLAN, and the access control policies for different applications are more complicated. The above problems are pressing problems facing the data center.

发明内容Contents of the invention

为了解决上述问题,本发明提供一种面向应用的SDN网络策略控制方法,包含SDN的基础架构环境及其网络策略控制方法,以此来做到在数据中心应用部署与运维中,将物理位置、安全策略与网络IP地址进行解耦,提高SDN的自动化性能和安全管理性能。In order to solve the above problems, the present invention provides an application-oriented SDN network policy control method, including the SDN infrastructure environment and its network policy control method, so as to realize the application deployment and operation and maintenance of the data center, the physical location , Security policy and network IP address are decoupled to improve the automation performance and security management performance of SDN.

本发明的技术方案是:一种面向应用的SDN网络策略控制方法,包含基础架构包含SDN策略控制器、SDN智能交换机、基础应用系统组成的SDN基础环境,其中,The technical solution of the present invention is: an application-oriented SDN network policy control method, including an SDN basic environment composed of an SDN policy controller, an SDN smart switch, and a basic application system in which the infrastructure includes,

SDN策略控制器作为集中策略管理中心,全局控制网络应用策略信息;As a centralized policy management center, the SDN policy controller globally controls network application policy information;

SDN智能交换机能够解析并执行SDN策略控制器下发的策略信息;The SDN smart switch can analyze and execute the policy information issued by the SDN policy controller;

基础应用系统包含服务器裸机、虚拟机或者应用实体服务,将基础应用系统节点标记成一个TE,根据应用需求将网络应用策略相似的TE划分到同一组,称为TG;The basic application system includes server bare metal, virtual machine or application entity services. The basic application system node is marked as a TE, and TEs with similar network application strategies are divided into the same group according to application requirements, called TG;

使用Overlay多重封装技术,将SDN网络内的流量封装在VXLAN中传输,基础应用系统节点的MAC或IP与VETP映射,并扩展VXLAN报头添加新的TG标识,将物理位置、安全策略与网络IP地址解耦合;Using Overlay multi-encapsulation technology, the traffic in the SDN network is encapsulated in VXLAN for transmission, the MAC or IP of the basic application system node is mapped to VETP, and the VXLAN header is extended to add a new TG identifier, and the physical location, security policy and network IP address Decoupling;

上述SDN策略控制器在进行策略管理时,服务器新增迁移、网络安全策略作用粒度为TG,TG之间的访问控制策略用{Cij,Rij}表示,其中Cij表示TG的连接关系,Rij表示TG的互访关系。When the above-mentioned SDN policy controller performs policy management, the granularity of new server migration and network security policy is TG, and the access control policy between TGs is represented by {Cij, Rij}, where Cij represents the connection relationship of TGs, and Rij represents the TG visit relationship.

上述SDN策略控制器在进行策略管理时,通过API接口,将TG标识下发至KVM、VCENTER等服务器管理平台,标识终端应用系统节点所属策略组;When the above-mentioned SDN policy controller performs policy management, it sends the TG identification to server management platforms such as KVM and VCENTER through the API interface, and identifies the policy group to which the terminal application system node belongs;

根据上述控制方法,采取如下步骤:According to the above control method, take the following steps:

S1.初始化SDN基础环境;S1. Initialize the SDN basic environment;

S2.在SDN策略控制器中,划分TG标识并通过API下发TG标识,区分终端应用系统节点所属策略组;S2. In the SDN policy controller, divide the TG identification and issue the TG identification through the API, and distinguish the policy group to which the terminal application system node belongs;

S3.根据应用系统访问关系和安全策略需求,在SDN策略控制器中配置访问控制策略{Cij,Rij};S3. According to the application system access relationship and security policy requirements, configure the access control policy {Cij, Rij} in the SDN policy controller;

S4.应用系统连接至SDN智能交换机后,根据所属策略组绑定相应的TG;S4. After the application system is connected to the SDN smart switch, bind the corresponding TG according to the policy group to which it belongs;

S5.应用系统数据转发时,到达SDN智能交换机的数据包均通过新增TG标识的扩展VXLAN进行封装再进行转发。S5. When the data of the application system is forwarded, the data packets arriving at the SDN smart switch are encapsulated by the extended VXLAN with the added TG mark and then forwarded.

S6.SDN策略控制器下发TG间的访问控制策略至SDN智能交换机;S6. The SDN policy controller delivers the access control policy between TGs to the SDN smart switch;

S7.SDN智能交换机解析并执行访问控制策略。The S7.SDN smart switch parses and executes access control policies.

本发明的有益效果:本发明基于SDN基础环境,通过扩展VXLAN技术和增加策略组标识,分离物理位置、安全策略与IP地址关系,从而更加方便的部署、迁移服务器,设置安全控制策略,提高SDN的自动化性能和安全管理性能。Beneficial effects of the present invention: Based on the SDN basic environment, the present invention separates the relationship between physical location, security policy and IP address by extending VXLAN technology and adding policy group identifiers, so that it is more convenient to deploy and migrate servers, set security control policies, and improve SDN Automation performance and safety management performance.

附图说明Description of drawings

图1为本发明采用的SDN物理组件架构图。FIG. 1 is a structural diagram of SDN physical components used in the present invention.

图2为本发明使用SDN网络策略组件模型。Fig. 2 is a component model of the SDN network policy used in the present invention.

图3为本发明使用的TG划分示例。Fig. 3 is an example of TG division used in the present invention.

图4为扩展VXLAN报文与原始数据报文映射图。Figure 4 is a mapping diagram of extended VXLAN packets and original data packets.

具体实施方式Detailed ways

下面结合附图和具体的实施例对本发明做进一步的说明:The present invention will be further described below in conjunction with accompanying drawing and specific embodiment:

为了便于本领域的普通技术人员理解本发明的原理、工作过程,首先对本发明的中用到的重要词汇作如下定义:In order to facilitate those of ordinary skill in the art to understand the principle of the present invention, the working process, at first important words used in the present invention are defined as follows:

(1)SDN:Software Defined Network,软件定义网络(1) SDN: Software Defined Network, software defined network

(2)TE:Terminal Equipment,应用终端节点(2) TE: Terminal Equipment, application terminal node

(3)TG:Terminal Group,应用终端节点组(3) TG: Terminal Group, application terminal node group

(4)eVXLAN:扩展VXLAN,根据标准VXLAN协议的部分保留字段进行扩展(4) eVXLAN: extended VXLAN, extended according to some reserved fields of the standard VXLAN protocol

(5)VTEP:VXLAN Tunneling End Point,VXLAN隧道终端,用于多VXLAN报文进行封装与解封装,包括MAC请求报文和正常VXLAN数据报文数据中心网络逐渐增大,运维难度日益增加。如在数据中心应用服务器部署策略牵涉网络各个节点的信息配置,较为繁琐;在二层网络环境下,迁移前后的IP和MAC地址保持不变,当对于跨越不同机房或地域的迁移,得实现大二层网络,容易出现环路和广播风暴,难以管理;同时,同一VLAN下不容易做访问策略,针对不同应用的访问控制策略较为复杂等。上述问题是数据中心面临迫切问题。(5) VTEP: VXLAN Tunneling End Point, VXLAN tunnel terminal, used for encapsulation and decapsulation of multiple VXLAN packets, including MAC request packets and normal VXLAN data packets. The data center network is gradually increasing, and the difficulty of operation and maintenance is increasing. For example, the application server deployment strategy in the data center involves the information configuration of each node in the network, which is relatively cumbersome; in the two-layer network environment, the IP and MAC addresses before and after migration remain unchanged. When migrating across different computer rooms or regions, large Layer 2 networks are prone to loops and broadcast storms, which are difficult to manage. At the same time, it is not easy to implement access policies under the same VLAN, and the access control policies for different applications are more complicated. The above problems are pressing problems facing the data center.

SDN发展近几年已经风靡全球,理念是硬件软件分离、控制转发分离、管理控制集中、开源,将带来低成本、高效率以及业务灵活。通过SDN的方式来解决上述问题,是本发明正式基于上述考虑而设计的。The development of SDN has become popular all over the world in recent years. The concept is separation of hardware and software, separation of control and forwarding, centralized management and control, and open source, which will bring low cost, high efficiency, and business flexibility. Solving the above problems by means of SDN is the formal design of the present invention based on the above considerations.

下面以具体实例来说明本发明的面向应用的SDN网络策略控制方法。The application-oriented SDN network policy control method of the present invention will be described below with specific examples.

如图1所示,本发明是基于SDN网络系统,包括SDN策略控制器、SDN智能交换机、基础应用系统组成的SDN基础环境。SDN智能交换机包括核心交换机(Core)和接入交换机(Access),两者之间流量通过VXLAN封装,则接入交换机也为VXLAN的隧道终端。接入交换机下联基础应用系统,包括物理机、虚拟机等。Controller作为SDN策略控制器作为集中策略管理中心,全局控制网络应用策略信息。As shown in FIG. 1 , the present invention is based on an SDN network system, including an SDN basic environment composed of an SDN policy controller, an SDN smart switch, and a basic application system. The SDN smart switch includes a core switch (Core) and an access switch (Access). The traffic between the two is encapsulated by VXLAN, and the access switch is also the tunnel terminal of VXLAN. Access switches downlink basic application systems, including physical machines, virtual machines, etc. The Controller acts as an SDN policy controller as a centralized policy management center, and globally controls network application policy information.

SDN策略控制器在进行策略调度的时候,需要将所有的管理的对象进行抽象,建立对象资源池,通过制定策略进行资源池中对象的调度。如图2所示为抽象的SDN网络策略组件模型,包含其中Controller代表SDN策略控制器,SW代表SDN智能交换机,TG代表策略作用的应用终端节点组。SDN策略控制器在进行策略管理时,将应用系统标记成一个TE(Terminal Equipment),将相似的一组TE划分到同一组里面,称之为TG(Terminal Group)。When the SDN policy controller performs policy scheduling, it needs to abstract all managed objects, establish an object resource pool, and schedule objects in the resource pool by formulating policies. As shown in Figure 2, the abstract SDN network policy component model includes Controller representing the SDN policy controller, SW representing the SDN smart switch, and TG representing the application terminal node group for policy functions. When the SDN policy controller performs policy management, it marks the application system as a TE (Terminal Equipment), and divides a group of similar TEs into the same group, which is called TG (Terminal Group).

SDN策略控制器会通过开放的API接口,将TG标识下发至KVM、VCENTER等服务器管理平台,进行服务节点标识。如通过下发Network Group至VCENTER,标记VCENTER中的每个虚拟机。The SDN policy controller will send the TG logo to KVM, VCENTER and other server management platforms through the open API interface to identify the service node. For example, mark each virtual machine in VCENTER by sending the Network Group to VCENTER.

图3为典型的应用部署架构,用户通过WEB系统,APP和DB作为后台系统,可以根据实际的需求,将此系统划分成4个TG,分别为TG-User、TG-Web、TG-App、TG-DB,后续的安全策略则以TG为对象进行执行。Figure 3 shows a typical application deployment architecture. Users use the WEB system, APP and DB as the background system. This system can be divided into four TGs according to actual needs, namely TG-User, TG-Web, TG-App, TG-DB, and subsequent security policies are executed with TG as the object.

服务器新增迁移、网络安全策略作用粒度为TG,TG之间通过{Cij,Rij}表示,其中Cij表示TG的连接关系,Rij表示TG的互访关系。Cij=0,表示如果两个EPG之间没有连接关系,Cij=1表示两个EPG之间存在连接关系。Rij示例表示为{Filter:TCP source port X,destination port Y;Qos:Q1|Q2|Q3|…}表示限制EPG-outside源端口X只能访问EPG-Web目的端口Y;访问的QoS要求通过QoS等级进行标识。The granularity of server new migration and network security policy is TG, and TG is represented by {Cij, Rij}, where Cij represents the connection relationship of TG, and Rij represents the mutual access relationship of TG. Cij=0 means that there is no connection relationship between the two EPGs, and Cij=1 means that there is a connection relationship between the two EPGs. The Rij example is expressed as {Filter:TCP source port X,destination port Y; Qos:Q1|Q2|Q3|…}, which means that the EPG-outside source port X can only access the EPG-Web destination port Y; the QoS for access requires passing QoS Levels are identified.

如图4所示为本发明的报文在SDN环境中转发时,使用Overlay多重封装技术,将SDN网络内的流量封装在VXLAN之中。图中下半部分为基础应用系统收发的多种格式的数据报文;如图上半部分所示,当到达智能接入交换机后,需要进行封装,添加VXLAN包头。通过新报文的封装,将服务器的位置与网络IP地址解耦合,使服务器位置地址无关,提高应用部署与迁移的灵活性。As shown in Fig. 4, when the message of the present invention is forwarded in the SDN environment, the Overlay multiple encapsulation technology is used to encapsulate the traffic in the SDN network in the VXLAN. The lower part of the figure shows data packets in various formats sent and received by the basic application system; as shown in the upper part of the figure, when they arrive at the smart access switch, they need to be encapsulated and added with a VXLAN header. Through the encapsulation of the new message, the location of the server is decoupled from the network IP address, making the location and address of the server irrelevant, and improving the flexibility of application deployment and migration.

同时,通过扩展VXLAN包头新增TG标识,所有的安全策略以TG为对象进行执行,而不再使用传统的访问控制列表的方式。通过灵活划分TG,更加灵活调整安全策略,增强安全管控性。At the same time, by extending the VXLAN packet header to add a TG identifier, all security policies are executed with the TG as the object, instead of using the traditional access control list. By flexibly dividing TGs, security policies can be adjusted more flexibly, and security control can be enhanced.

根据上述控制方法,采取如下步骤:According to the above control method, take the following steps:

S1.初始化SDN基础环境;S1. Initialize the SDN basic environment;

S2.在SDN策略控制器中,划分TG标识并通过API下发TG标识,区分终端应用系统节点所属策略组;S2. In the SDN policy controller, divide the TG identification and issue the TG identification through the API, and distinguish the policy group to which the terminal application system node belongs;

S3.根据应用系统访问关系和安全策略需求,在SDN策略控制器中配置访问控制策略{Cij,Rij};S3. According to the application system access relationship and security policy requirements, configure the access control policy {Cij, Rij} in the SDN policy controller;

S4.应用系统连接至SDN智能交换机后,根据所属策略组绑定相应的TG;S4. After the application system is connected to the SDN smart switch, bind the corresponding TG according to the policy group to which it belongs;

S5.应用系统数据转发时,到达SDN智能交换机的数据包均通过新增TG标识的扩展VXLAN进行封装再进行转发。S5. When the data of the application system is forwarded, the data packets arriving at the SDN smart switch are encapsulated by the extended VXLAN with the added TG mark and then forwarded.

S6.SDN策略控制器下发TG间的访问控制策略至SDN智能交换机;S6. The SDN policy controller delivers the access control policy between TGs to the SDN smart switch;

S7.SDN智能交换机解析并执行访问控制策略。The S7.SDN smart switch parses and executes access control policies.

Claims (1)

1.一种面向应用的SDN网络策略控制方法,其特征在于,包括:SDN策略控制器、SDN智能交换机、基础应用系统组成的SDN基础环境,其中,1. An application-oriented SDN network policy control method, characterized in that, comprising: an SDN basic environment composed of an SDN policy controller, an SDN smart switch, and a basic application system, wherein, SDN策略控制器作为集中策略管理中心,全局控制网络应用策略信息;As a centralized policy management center, the SDN policy controller globally controls network application policy information; SDN智能交换机能够解析并执行SDN策略控制器下发的策略信息;The SDN smart switch can analyze and execute the policy information issued by the SDN policy controller; 基础应用系统包含服务器裸机、虚拟机或者应用实体服务,将基础应用系统节点标记成一个TE,根据应用需求将网络应用策略相似的TE划分到同一组,称为TG;The basic application system includes server bare metal, virtual machine or application entity services. The basic application system node is marked as a TE, and TEs with similar network application strategies are divided into the same group according to application requirements, called TG; 使用Overlay多重封装技术,将SDN网络内的流量封装在VXLAN中传输,基础应用系统节点的MAC或IP与VETP映射,并扩展VXLAN报头添加新的TG标识,将物理位置、安全策略与网络IP地址解耦合;Using Overlay multi-encapsulation technology, the traffic in the SDN network is encapsulated in VXLAN for transmission, the MAC or IP of the basic application system node is mapped to VETP, and the VXLAN header is extended to add a new TG identifier, and the physical location, security policy and network IP address Decoupling; 通过API接口,将TG标识下发至KVM、VCENTER等服务器管理平台,标识终端应用系统节点所属策略组;Send the TG logo to server management platforms such as KVM and VCENTER through the API interface, and identify the policy group to which the terminal application system node belongs; 服务器新增迁移、网络安全策略作用粒度为TG,TG之间的访问控制策略用{Cij,Rij}表示,其中Cij表示TG的连接关系,Rij表示TG的互访关系。The granularity of server new migration and network security policy is TG, and the access control policy between TGs is represented by {Cij, Rij}, where Cij represents the connection relationship of TGs, and Rij represents the mutual access relationship of TGs. 根据上述方法,采取如下步骤:According to the above method, take the following steps: S1.初始化SDN基础环境;S1. Initialize the SDN basic environment; S2.在SDN策略控制器中,划分TG标识并通过API下发TG标识,区分终端应用系统节点所属策略组;S2. In the SDN policy controller, divide the TG identification and issue the TG identification through the API, and distinguish the policy group to which the terminal application system node belongs; S3.根据应用系统访问关系和安全策略需求,在SDN策略控制器中配置访问控制策略{Cij,Rij};S3. According to the application system access relationship and security policy requirements, configure the access control policy {Cij, Rij} in the SDN policy controller; S4.应用系统连接至SDN智能交换机后,根据所属策略组绑定相应的TG;S4. After the application system is connected to the SDN smart switch, bind the corresponding TG according to the policy group to which it belongs; S5.应用系统数据转发时,到达SDN智能交换机的数据包均通过新增TG标识的扩展VXLAN进行封装再进行转发。S5. When the data of the application system is forwarded, the data packets arriving at the SDN smart switch are encapsulated by the extended VXLAN with the added TG mark and then forwarded. S6.SDN策略控制器下发TG间的访问控制策略至SDN智能交换机;S6. The SDN policy controller delivers the access control policy between TGs to the SDN smart switch; S7.SDN智能交换机解析并执行访问控制策略。The S7.SDN smart switch parses and executes access control policies.
CN201510344547.8A 2015-06-19 2015-06-19 A kind of application oriented SDN policy control method Active CN104954186B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510344547.8A CN104954186B (en) 2015-06-19 2015-06-19 A kind of application oriented SDN policy control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510344547.8A CN104954186B (en) 2015-06-19 2015-06-19 A kind of application oriented SDN policy control method

Publications (2)

Publication Number Publication Date
CN104954186A true CN104954186A (en) 2015-09-30
CN104954186B CN104954186B (en) 2018-01-30

Family

ID=54168560

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510344547.8A Active CN104954186B (en) 2015-06-19 2015-06-19 A kind of application oriented SDN policy control method

Country Status (1)

Country Link
CN (1) CN104954186B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107579850A (en) * 2017-09-05 2018-01-12 郑州云海信息技术有限公司 A wired and wireless hybrid networking method based on SDN control in cloud data center
CN109076028A (en) * 2016-05-19 2018-12-21 思科技术公司 Micro-segmentation in heterogeneous software-defined networking environments
CN109246100A (en) * 2018-09-07 2019-01-18 刘洋 A kind of software defined network safely performs method
CN110048946A (en) * 2018-01-15 2019-07-23 厦门靠谱云股份有限公司 A kind of unicast VXLAN management system based on Linux bridge and SDN controller
WO2020019958A1 (en) * 2018-07-25 2020-01-30 华为技术有限公司 Vxlan message encapsulation method, device and system, and strategy execution method, device and system
WO2020252895A1 (en) * 2019-06-17 2020-12-24 平安科技(深圳)有限公司 Deployment method, apparatus and device for hybrid software self-defined network, and storage medium
WO2021017930A1 (en) * 2019-07-26 2021-02-04 新华三技术有限公司 Message forwarding
CN114175583A (en) * 2019-07-29 2022-03-11 思科技术公司 System resource management in self-healing networks

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763367A (en) * 2014-01-17 2014-04-30 浪潮(北京)电子信息产业有限公司 Method and system for designing distributed virtual network in cloud calculating data center
CN103763310A (en) * 2013-12-31 2014-04-30 曙光云计算技术有限公司 Firewall service system and method based on virtual network
US20140123211A1 (en) * 2012-10-30 2014-05-01 Kelly Wanser System And Method For Securing Virtualized Networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140123211A1 (en) * 2012-10-30 2014-05-01 Kelly Wanser System And Method For Securing Virtualized Networks
CN103763310A (en) * 2013-12-31 2014-04-30 曙光云计算技术有限公司 Firewall service system and method based on virtual network
CN103763367A (en) * 2014-01-17 2014-04-30 浪潮(北京)电子信息产业有限公司 Method and system for designing distributed virtual network in cloud calculating data center

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109076028A (en) * 2016-05-19 2018-12-21 思科技术公司 Micro-segmentation in heterogeneous software-defined networking environments
CN109076028B (en) * 2016-05-19 2021-06-18 思科技术公司 Micro-segmentation in heterogeneous software-defined networking environments
CN107579850A (en) * 2017-09-05 2018-01-12 郑州云海信息技术有限公司 A wired and wireless hybrid networking method based on SDN control in cloud data center
CN110048946A (en) * 2018-01-15 2019-07-23 厦门靠谱云股份有限公司 A kind of unicast VXLAN management system based on Linux bridge and SDN controller
CN110048946B (en) * 2018-01-15 2020-08-28 厦门靠谱云股份有限公司 Linux bridge and SDN controller-based unicast VXLAN management method
WO2020019958A1 (en) * 2018-07-25 2020-01-30 华为技术有限公司 Vxlan message encapsulation method, device and system, and strategy execution method, device and system
CN110768884A (en) * 2018-07-25 2020-02-07 华为技术有限公司 VXLAN packet encapsulation and policy execution method, device, and system
US11588665B2 (en) 2018-07-25 2023-02-21 Huawei Technologies Co., Ltd. VXLAN packet encapsulation and policy execution method, and VXLAN device and system
CN109246100A (en) * 2018-09-07 2019-01-18 刘洋 A kind of software defined network safely performs method
WO2020252895A1 (en) * 2019-06-17 2020-12-24 平安科技(深圳)有限公司 Deployment method, apparatus and device for hybrid software self-defined network, and storage medium
WO2021017930A1 (en) * 2019-07-26 2021-02-04 新华三技术有限公司 Message forwarding
CN114175583A (en) * 2019-07-29 2022-03-11 思科技术公司 System resource management in self-healing networks
CN114175583B (en) * 2019-07-29 2023-08-18 思科技术公司 System resource management in self-healing networks

Also Published As

Publication number Publication date
CN104954186B (en) 2018-01-30

Similar Documents

Publication Publication Date Title
CN104954186B (en) A kind of application oriented SDN policy control method
CN109120494B (en) Method for accessing physical machine in cloud computing system
CN109660443B (en) SDN-based physical device and virtual network communication method and system
US10063470B2 (en) Data center network system based on software-defined network and packet forwarding method, address resolution method, routing controller thereof
CN107222353B (en) Support protocol-independent software-defined network virtualization management platform
CN107135134B (en) Private network access method and system based on virtual switch and SDN technology
CN103997414B (en) Method and network control unit for generating configuration information
EP3176979A1 (en) Information processing method and device
CN106936777A (en) Cloud computing distributed network implementation method based on OpenFlow, system
CN105991387A (en) Message transformation method and device of virtual extensible local area network (VXLAN)
CN106487695A (en) A kind of data transmission method, virtual network managing device and data transmission system
WO2015149253A1 (en) Data center system and virtual network management method of data center
CN103931149A (en) Implementing a 3g packet core in a cloud computer with openflow data and control planes
CN105247826A (en) Network function virtualization for a network device
CN103763367A (en) Method and system for designing distributed virtual network in cloud calculating data center
CN104350467A (en) Elastic enforcement layer for cloud security using SDN
CN112602292B (en) Inter-slice sharing in a 5G core network
CN105531966B (en) Method, device and system for implementing message routing in a network
CN103581325B (en) A kind of cloud computing resources cell system and its implementation method
CN103905303A (en) Method, device and system for processing data after VM transfer across subnet
WO2016159113A1 (en) Control device, control method, and program
WO2016159192A1 (en) Control device, control method, and program
CN109861899A (en) Virtual home gateway and implementation method, home network center and data processing method
CN106899478A (en) The method that power test business realizes resource resilient expansion by cloud platform
CN107306215A (en) A kind of data processing method, system and node

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant