Sdn的研究应用现状

(SDN)

In recent years, realising a “clean-state” design for the future Internet has become an important research focus. An architecture combining an Information-Centric Network (ICN) and Software-Defined Network (SDN) (IC-SDN) has gradually attracted more attention. However, the existing studies regarding IC-SDN still lack support in terms of the “network status awareness” function, resulting in unreasonable resource allocation. In this paper, we propose a new status-aware resource adaptation scheme, i.e. a status-aware module is embedded into basic elements (Forwarding Node (FN) and Resource adaption Manager (RM)). The FNs collect the

network status dynamically for the controller to reallocate network resources according to the fluctuations in environmental conditions. Simulation results show that, compared with the existing IC-SDN mechanism, the proposed scheme reduced the link bandwidth variance by 56% and the content delivery latency by 40%. The proof-of-concept implementation demonstrates the feasibility of our proposed scheme for small-scale deployment.

SDN architecture may enable, facilitate or enhance network-related security applications due to the controller’s central view of the network, and its capacity to reprogram the data plane at any time. While security of SDN architecture itself remains an open question that has already been studied a couple of times in the research community, the following paragraphs only focus on the security applications made possible or revisited using SDN.

Several research works on SDN have already investigated security applications built upon the SDN controller, with different aims in mind. Distributed Denial of Service (DDoS) detection and mitigation, as well as botne and worm propagation, are some concrete use-cases of such applications: basically, the idea consists in periodically collecting network statistics from the forwarding plane of the network in a

standardized manner (e.g. using Openflow), and then apply classification algorithms

on those statistics in order to detect any network anomalies. If an anomaly is detected, the application instructs the controller how to reprogram the data plane in order to mitigate it.

Another kind of security applications leverages the SDN controller by implementing some moving target defense (MTD) algorithms. MTD algorithms are typically used to make any attack on a given system or network more difficult than usual by periodically hiding or changing key properties of that system or network. In traditional networks, implementing MTD algorithms is not a trivial task since it is difficult to build a central authority able of determining - for each part of the system to be protected - which key properties are hid or changed. In an SDN network, such tasks become more straightforward thanks to the centrality of the controller. One application can for example periodically assign virtual IPs to hosts within the network, and the mapping virtual IP/real IP is then performed by the controller. Another application can simulate some fake opened/closed/filtered ports on random hosts in the network in order to add significant noise during reconnaissance phase (e.g. scanning) performed by an attacker.

Additional value regarding security in SDN enabled networks can also be gained using FlowVisor and FlowChecker respectively. The former tries to use a single hardware forwarding plane sharing multiple separated logical networks. Following this approach the same hardware resources can be used for production and development purposes as well as separating monitoring, configuration and internet traffic, where each scenario can have its own logical topology which is called slice. In conjunction with this approach FlowChecker realizes the validation of new OpenFlow rules that are deployed by users using their own slice.

Developing applications for software defined networks requires comprehensive checks of possible programming errors. Since SDN controller applications are mostly deployed in large scale scenarios a programming model checking solution requires scalability. These functionalities are provided among others through NICE.

Introducing an overarching security architecture requires a comprehensive and protracted approach to SDN. Since it was introduced, designers are looking at possible ways to secure SDN that do not compromise scalability. This architecture is called SN-SECA (SDN+NFV) Security Architecture.

Research status of SDN: In recent years, SDN (software defined networking, software defined network) the heat continues to heat up. In 2012, the international Gartne research institutions: the next 5 yearsas one of the ten key technology of IT field. The same year, Google announced that the SDN technique has been used in the backbone network, marking the SDN into the commercial stage. The major manufacturers also have released SDN strategy and launched commercial products. Due to the development momentum of SDN greatly exceeded expectations, telecom industry well-known market consulting company IDC (International DataCorporation,International Data Corporation) to the 2016 SDN market is expected from the original$2000000000 to $3700000000, an increase of nearly 90%. Just a few years, the birth of SDNfrom the Stanford

University laboratory research program in the United States in the product,has become the world's attention to the hot network technology. So what did SDN mean? Whythe industry will be regarded as the

network technology revolution subversive? Whether it willcompletely change the industrial chain structure of the telecom industry at present? This article from the SDN origin, try to through the analysis of characteristics, key technology and SDN industry chain of the current development of SDN to make a comprehensive analysis,and briefly forecast its future development trend.

SDN has become the most popular research direction in the field of global

network, the authority of IT field to predict the future ten key trends in five years and the effect oftechnology ranked second. Google, Microsoft and other Internet Co have invested a lot ofscientific research in the field of

SDN, CISCO, HUAWEI, Ericsson, IBM, HP and other IT manufacturers are also developing SDN controllers and switches.

SDN refers to the narrow OpenFlow southbound interface based network, generalized SDNrefers to all network with this idea. The biggest difference with the previous SDN network is the network control mode, will be divided into the underlying network layer and control layerforwarding. The control layer uses a centralized controller to control the different network devices, so that the network easier to control and management, and let the bit in the

forwarding layer smooth transmission. The controller communicate through a secure channel and OpenFlow switches, flow meter flow and control principle to decide the flow, in order to achieve routing mechanism, packet analysis and network virtualization functions. SDN can use for different needs, establish the service level agreement allows the user to access the service, receive due protection. The existing SDN technology development process, to network operators and IT industry based ONF organization is the

main promoter, ONF regularly released technical reports and technical white paper, standards and related testing organization. The main research resultsas the basic framework, OpenFlow standard definition, configuration and

managementprotocol. The SDN network architecture is divided into application layer, control layer,infrastructure layer, control layer and forwarding behavior to change the traditional network equipment.

SDN can successfully promote, with one hand from the communications equipment manufacturers and telecommunications services operators, equipment manufacturers and operators to use SDN API, let the network equipment to control the characteristics of the SDN network, IDC and cloud

applications for service deployment, while also looking at theapplication of SDN in the future direction of the development of the cloud network andcommunication network, a user can expect access behavior to obtain the best service level. SDN’s new concept will impact on the traditional network, the network device is not compatible with the OpenFlow function, so the future will take a gradual deployment of devices with OpenFlow function.

At present the customer market is mainly for

large IDC, communication operators, cloudservice center and cross in IDC

network, SDN network architecture, the products are mainly divided into the feasible direction:

The application layer includes: providing information

security management, and cloud virtualization services, main function is to provide SLA, QoE, Security and Firewall and other network services.

Control layer: remote controller based, and with SDN control software and solution of networkL4 to L7.

Basic equipment: switches, routers and network layer chip. Network equipment manufacturers or chip makers will use with network virtualization and cloud

computing platform software, application software and hardware key follow-up SDN integration technology, will become the core of commercial value.

In the future. SDN may be on the existing network equipment sales mode caused a great deal of subversion, complex software can operate in a more inexpensive and simple equipment, letthe customer of the future market is no longer belongs to large Internet service providers.

SDN rapid development may have a significant impact on the traditional pattern of network industry, communication equipment enterprises will face enormous challenges, IT and software developers will have a higher market value. According to the design idea of ONF hierarchical architecture, implemented by running NOS server network control, forwardingfunction and performance of the device is mainly composed of a universal chip decision, can greatly reduce the development costs caused by. The future focus of open architecture SDNcompetition will focus on NOS, communications equipment manufacturers in the development of open architecture control layer will no longer have the first mover advantage, so thegeneral strategy is a follow new technology and released in support of

OpenFlow SDN products and solutions, on the other hand also actively explore in the

existing networkstructure. Centralized control and open

application API interface customization andprivatization, in order to avoid the loss of research value and competitive advantage.

The development of ICT technology industry is committed to SDN and service development,open source code to use the SDN software to make forwarding equipment mode, to provide a full set of solutions of the SDN network, the traditional network equipment manufacturers tooccupy the market

space. The present SDN as IT industry to extend to the field of network,which means all the software defined as SDN technology and application development is still at the initial stage, in recent years may be used in the IDC, the company's internal network,campus. Soon after, SDN may extend to the field of related transmission networks, cloud services, wireless communications and other fields. SDN focuses on the separation of the forwarding plane and control plane, virtualization and NFV focused on the network function, for telecom operators, is to use the IT virtualizationmethod to reform the existing communication network, make the network function can bearbitrarily scheduling at any time, any place, any scene.

At present, no one has been deliberately in opposition to the SDN and NFV, most people think that SDN and NFV are complementary: only to achieve the extreme virtual network function, in order to ensure the SDN into or allow SDN and SDN to really go to the battle-front without any burden, different from the traditional mode of separation of the forwarding control. The SDN infrastructure is NFV in a network domain enabling technology, global, centralized control mode can effectively support cyber source virtualization and pool, conducive to the realization of the demand of automation and dynamic multi tenant virtual network. In the field of cloud computing IaaS, OpenStack limelight Masamori, in addition to the datacenter, and even become the options for the NFV operating system network operators. In the pipeline and network field, SDN is also the birth of several open source systems, some aimed at the mainstream, some targeting branches, such as

OpenDaylight controller architecture is aimed at the SDN, if successful, will be a trend which cannot be halted to APP developers, canraise, down can be firmly in the control of many network hardware vendors.