論文名稱 基於OpenFlow交換機之Middlebox部署管理機制研究
(On the study of OpenFlow Switch-based Middlebox Deployment Management Mechanism)
摘要(中) 隨著雲端網路環境的蓬勃發展,有越來越多企業採用雲端運算架構來提供服務,因此服務的安全與效能也逐漸成了重要的議題。企業為了確保提供的應用服務與內部網路的安全性,往往透過安全設備或Middlebox進行封包的處理。雖然安全需求帶來龐大商機,但隨著網路環境更趨複雜,也帶來了部署(Deployment)管理的問題。部署Middlebox往往帶來龐大的維護開銷,而傳統以人工方式管理Middlebox,容易造成不必要的設置錯誤。
摘要(英) With the rapid development of cloud computing environment, it become more and more important for enterprises to adopt cloud computing architecture to provide services. In order to ensure security of services and enterprise network, appliances or middlebox were usually adopted to process packets. Although the security requirements bring enormous business opportunities, it also brings the deployment management issues. Because deployment of middlebox often caused huge maintenance overhead costs, and manual manage of middlebox often caused misconfiguration error.
In order to address the deployment management issues, there are many academic literatures start to use the existing network backbone with OpenFlow switch to build a Software-Defined Networking (SDN) platform. Our study presents the Middlebox Deployment Mechanism (MBDM). MBDM could simplify redirect flow into middlebox by Dijkstra′s algorithm, while allowing users to participate in security controls to meet the security requirements.
The MBDM we proposed has been proven feasibility of deployment management by using software-defined network and be able to accommodate the user′s security policy requirements to redirect the flow into Middlebox.
關鍵字(中) ★ 軟體定義網路
★ OpenFlow
★ Middlebox
★ 迪科斯徹最短路徑演算法
關鍵字(英) ★ Software-Defined Networking
★ OpenFlow
★ Middlebox
★ Dijkstra′s algorithm
論文目次 中文摘要 i
英文摘要 ii
誌謝 iii
目錄 iv
圖目錄 vi
表目錄 ix
第一章 緒論 1
1-1 研究背景 1
1-2 動機與目的 5
1-3 研究貢獻 8
1-4 章節架構 8
第二章 相關研究 9
2-1 OpenFlow交換機與NOX控制器 9
2-1-1 OpenFlow交換機簡介 9
2-1-2 NOX控制器 12
2-2 基於SDN架構之Middlebox部署管理 13
2-2-1 基於SDN架構之資料層設計- FLOW TAG 13
2-2-2 基於SDN架構之控制層設計- CloudWatcher 15
2-2-3 基於SDN架構之控制層設計- SIMPLE 17
2-3 相關研究之比較 19
2-4 基於控制器上之路由演算法介紹 21
第三章 Middlebox部署管理機制 22
3-1 系統架構 22
3-2 系統控制器元件設計 23
3-2-1 安全政策處理模組(Policy Handler) 23
3-2-2 部署管理模組(Middlebox Deployment Manager) 24
3-2-3 路由規則轉換模組(Rule Translator) 26
3-2-4 網路拓樸探勘 27
3-2-5 路由演算法 28
3-3 OpenFlow交換機上Middlebox State機制 32
3-4 系統運作流程 34
3-4-1 網路拓樸更新 34
3-4-2 路由規則的產生與設置 35
3-4-3 封包轉送 36
第四章 實驗與討論 37
4-1 實驗環境 37
4-2 系統架設及操作 38
4-2-1 NOX控制器設置 38
4-2-2 OpenFlow交換機設置 39
4-3 實驗一:MBDM封包轉送實驗 41
4-4 實驗二:MBDM執行安全政策 44
4-5 實驗三:MBDM對於NOX控制器的效能影響 49
4-6 小結 52
第五章 結論與未來研究 53
5-1 結論與研究貢獻 53
5-2 研究限制 53
5-3 未來研究 54
參考文獻 56
指導教授 陳奕明(Yi-ming Chen) 審核日期 2014-7-25
