基於虛擬交換器結合Openflow的網路隔離和管理

網路隔離是一個控制大型網路安全的方法，它將網路切割成多個邏輯網路區域並提供額外的保護及更高的可用性。VLAN是個常用來提供網路隔離的服務。為了支持VLAN這個服務，我們需要一些昂貴的網管型交換器來達成。在這篇論文中，我們使用Openflow虛擬交換器來達到網路隔離的效果，在網路管理的部分，我們用sFlow來監測虛擬交換器。

關鍵字

虛擬交換器；網路隔離

並列摘要

Network segregation is a method of controlling the security of large networks is to divide them into separate logical network domains which has been used for provide additional protection and high availability. VLAN is a common method to provide the segmentation services. To support VLAN function, we need to have some managed switches which are more expensive then commodity off-the-shelf (COTS) Ethernet switches. In this paper, we use an Openflow virtual switch which can be built in any Linux based machine to achieve network segregation. For network management, we use sFlow to monitor virtual switches.

並列關鍵字

virtual switch ； network segregation ； Openflow

參考文獻

[1] Barakat, C., E. Altman, Dabbous, W (2000). "On TCP performance in a heterogeneous network: a survey." Communications Magazine, IEEE 38(1): 40-46.

[2] Baroncelli, F., B. Martini, Castoldi, P. (2010). "Network virtualization for cloud computing." Annals of Telecommunications 65(11): 713-721.

[3] Chowdhury, N. and R. Boutaba (2010). "A survey of network virtualization." Computer Networks 54(5): 862-876.

[4] Chowdhury, N. M. M. K. and R. Boutaba (2009). "Network virtualization: state of the art and research challenges." Communications Magazine, IEEE 47(7): 20-26.

[5] Duffield, N., C. Lund, Thorup, M. (2002). Properties and prediction of flow statistics from sampled packet streams, ACM.

國際替代計量

基於虛擬交換器結合Openflow的網路隔離和管理

主題瀏覽