A network-based Virtual Private Network (VPN) architecture by using fundamental routing mechanism is proposed. This network is a virtual overlay network based on the relay of IP-in-IP tunneling of virtual routing modu...A network-based Virtual Private Network (VPN) architecture by using fundamental routing mechanism is proposed. This network is a virtual overlay network based on the relay of IP-in-IP tunneling of virtual routing modules. The packet format employs the encapsulation of IPSec ESP(Encapsulating Security Payload), an impact path code and an extended DS(Differentiated Services) code to support multi-path routing and QoS. Comparing with other models of VPN, this network system can be deployed in the current network with little investment, and it is easy to implement. The simulation result shows its performance is better than the traditional VPN system of black box mode.展开更多
Software-Defined Networking(SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However,t...Software-Defined Networking(SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However,traditional routing mechanisms in SDN, based on the Dijkstra shortest path, do not take the capacity of nodes into account, which may lead to network congestion. Moreover, security resource utilization in SDN is inefficient and is not addressed by existing routing algorithms. In this paper, we propose Route Guardian, a reliable securityoriented SDN routing mechanism, which considers the capabilities of SDN switch nodes combined with a Network Security Virtualization framework. Our scheme employs the distributed network security devices effectively to ensure analysis of abnormal traffic and malicious node isolation. Furthermore, Route Guardian supports dynamic routing reconfiguration according to the latest network status. We prototyped Route Guardian and conducted theoretical analysis and performance evaluation. Our results demonstrate that this approach can effectively use the existing security devices and mechanisms in SDN.展开更多
文摘A network-based Virtual Private Network (VPN) architecture by using fundamental routing mechanism is proposed. This network is a virtual overlay network based on the relay of IP-in-IP tunneling of virtual routing modules. The packet format employs the encapsulation of IPSec ESP(Encapsulating Security Payload), an impact path code and an extended DS(Differentiated Services) code to support multi-path routing and QoS. Comparing with other models of VPN, this network system can be deployed in the current network with little investment, and it is easy to implement. The simulation result shows its performance is better than the traditional VPN system of black box mode.
基金supported in part by the National Natural Science Foundation of China (Nos. 61402029, 61370190, and 61379002)the National Key Basic Research Program (973) of China (No. 2012CB315905)
文摘Software-Defined Networking(SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However,traditional routing mechanisms in SDN, based on the Dijkstra shortest path, do not take the capacity of nodes into account, which may lead to network congestion. Moreover, security resource utilization in SDN is inefficient and is not addressed by existing routing algorithms. In this paper, we propose Route Guardian, a reliable securityoriented SDN routing mechanism, which considers the capabilities of SDN switch nodes combined with a Network Security Virtualization framework. Our scheme employs the distributed network security devices effectively to ensure analysis of abnormal traffic and malicious node isolation. Furthermore, Route Guardian supports dynamic routing reconfiguration according to the latest network status. We prototyped Route Guardian and conducted theoretical analysis and performance evaluation. Our results demonstrate that this approach can effectively use the existing security devices and mechanisms in SDN.
