搜索
20133SDN*1,2,1,1(1.中国联通集团研究院北京100048;2.北京邮电大学北京100876):、,、、、。SDN,。SDN,。SDN,SDN;SDN、;,SDN,、、3SDN。:;;OpenFlowdoi:10.3969/j.issn.1000-0801.2013.03.0201、,、、。,IP*(No.1172134),“”(No.2012ZX03002001002,No.2013ZX03002004002,No.2013ZX03002003005)ResearchonSDNArchitectureandSecurityWangShuling1,LiJihan2,ZhangYunyong1,FangBingyi1(1.ChinaUnicomResearchInstitute,Beijing100048,China;2.BeijingUniversityofPostsandTelecommunications,Beijing100876,China)Abstract:Withtherapiddevelopmentofcloudcomputingandmobileinternet,thefeaturesthatnetworkexhibits,suchasdiversity,declareforurgentrequirementsforscalability,manageabilityandsecurityofthedatacenter.TheSDNarchitectureshowsapromisingwayofdealingwiththeaboverequirementsofnetworkthroughrevolutionaryinnovationofthetraditionalnetworkarchitecture,whichattractsgreatinterestofcompaniesandresearchinstitutes.However,accordingtotherecentresearchandprogressofSDN,securityproblemhasnotbeenaddressed,whichwillbeasignificantissue.Basedonthesituation,thebasisofSDN,includingtheorigination,architecture,standardizationworkandstandardizedprotocol,weredescribed,andthesecurityissuewasalsoanalyzed.Inthesecuritypart,theexhibitingnewfeaturesofsecurityproblemforSDN,wereanalyzed,bylistingtheundergoingwork,andthenthesecuritythreatsinSDNwereconcluded.Finally,asuggestedarchitectureforsecurityresearchofSDNwasproposed.Keywords:softwaredefinednetwork,security,OpenFlow117。,“、”[1],[2]。,[3](softwaredefinednetwork,SDN)。SDNCleanState[4],,SDN,,SDN。SDN、,,,。SDN,、、、。,SDN,,SDN,。,SDN,、。SDN,SDN、,SDN,,SDN。2SDN/OpenFlow2.1SDN/OpenFlowSDNCleanState[4]。,,,、,。CleanState,MartinCasadoEthane,,,。,MartinNickMcKeown,Ethane,,,、,。,OpenFlow,2008“OpenFlow:EnablingInnovationinCampusNetwrok”,OpenFlow,OpenFlow,、、VLAN。OpenFlow,NickSDN。2.2SDNSDN,、、3,,1。,,:(),、,,;(),,。SDN,。OpenFlowSDN、、,。1SDN118201332OpenFlow·:,,;,SDN,。·:SDN,,,。·:,SDN,。2.3SDN(opennetworkfoundation,ONF)、Facebook、Google、Microsoft、Verizon、Yahoo!7,,SDN,SDN,SDN。,ONF7、70,Extensibility、Configuration&Management、Testing&Interoperability、Hybrid、MarketEducation、Architecture&Framework、ForwardingAbstractions7NorthboundAPI、Transport、SkillsCertification。SDN、、、。201212,ONFOpenFlowOpenFlow。OpenFlowSDN。2010OF1.0[5],OpenFlow,OF1.1、OF1.2。,OpenFlow。OpenFlow2,。,OpenFlow,。(FlowTable)。,0。,。,(matchfield)、(counter)(instruction)。,L2、L3、L4,MAC、IPIP。OpenFlow,。,0。i,(),,、。,,,。OpenFlowOpenFlow,SDN、OpenFlow。OpenFlow(OFConfig)SDN3。3SDNSDN,。、,SDN3OpenFlowSDN119。SDNSDN。、、SDN。,,。SDN,,。,,,,。SDN,SDN、、。SDN。,SDN、,。,SDNSDN,,DDoS,,。,SDN,、。SDNSDN3。·,OSI4~7,SDN,2~7,。·SDN,。·SDN。,。4SDNSDN,SDN。2012114,(IETF)SAAG(SecurityAreaAdvisoryGroup)SDN,SDN,、、,[6],SDN。,、,、、,,,。,VMwarevCloud,,IT。,vCloudNetworking&Security(4),、、,。,、3,;,,,,;,,,、。5SDNSDN、,,SDN,SDN,SDN。SDN,SDN。(1),,、,SDN。,:·,Internet,,;120201334VMwarevCloudNetworking&Security·IP,,IPIP,,;·DDoS,,,;·、,,,。(2)SDN,,。。·:、,、、,,。·:,,。,,。6SDNSDN,SDN、、、,SDN,。,、、3SDN,5。,。,,、、;,、,;,,、、,。,,,、,SDN;,,,,。,、、。,、、,,。121,。7,、、,。,SDN,,,。SDN。SDN,,,SDN、,SDN,SDN。1..,20112,,..,2012,35(6)3ONFMarketEducationCommittee.Softwaredefinednetworking:thenewnormfornetworks.://cleanslate.stanford.edu/,20125OpenFlow.OpenFlowconfigurationandmanagementprotocolOFCONFIG1.0.://[](收稿日期:2013-02-25)5SDN,,,,、。,,、。,,,,,、、,,、、、。,,,,、。122