安全服务链中的虚拟网络功能(virtual network function,VNF)将传统网络安全功能与硬件设备解耦,使得服务功能的部署更具动态性和可扩展性。然而VNF向节点的合理分配以及节点上VNF的高效调度问题仍亟待解决。为此,基于软件定义网络(soft...安全服务链中的虚拟网络功能(virtual network function,VNF)将传统网络安全功能与硬件设备解耦,使得服务功能的部署更具动态性和可扩展性。然而VNF向节点的合理分配以及节点上VNF的高效调度问题仍亟待解决。为此,基于软件定义网络(software defined network,SDN)和网络功能虚拟化(network function virtuali-zation,NFV)环境,提出基于优化算法的解决方案。对资源分配与调度问题进行举例并形式化定义问题的优化目标,提出基于贪心算法的资源分配方案和基于混合蜂群算法的资源调度方案,统一协调解决VNF的资源分配与调度问题。仿真实验验证,所提算法的时间复杂性和在总资源成本及总服务收益方面的提升,对比混合蜂群算法和传统蜂群算法,结果显示前者具有更快的收敛速度。展开更多
为防范港口业务和各种信息化应用的快速增加对网络安全带来的冲击,文章基于软件定义网络(Software Defined Network,SDN)平台实现安全设备资源池化进行了研究,针对不同品牌、不同类型的安全设备,通过SDN平台实现港口网络安全设备统一集...为防范港口业务和各种信息化应用的快速增加对网络安全带来的冲击,文章基于软件定义网络(Software Defined Network,SDN)平台实现安全设备资源池化进行了研究,针对不同品牌、不同类型的安全设备,通过SDN平台实现港口网络安全设备统一集中调配使用,最大化地发挥安全设备的功能和性能,增加安全设备的可靠性,避免因设备切换所造成的网络中断,同时针对港口网络出口的网络安全设备及相关核心设备进行资源重新整合,以满足港口业务对网络安全的全新要求。展开更多
针对网络功能虚拟化(network function virtualization,NFV)环境下安全服务链(security service chain,SSC)故障问题,提出一种基于比例资源预留的备份恢复机制.该方法采用前摄性处理思想,预先在物理网络中按比例划分主备用资源并构造节...针对网络功能虚拟化(network function virtualization,NFV)环境下安全服务链(security service chain,SSC)故障问题,提出一种基于比例资源预留的备份恢复机制.该方法采用前摄性处理思想,预先在物理网络中按比例划分主备用资源并构造节点/链路候选集合;当发生节点故障时,从候选集合中选取重映射目标并为其分配预留的备用资源,利用改进的离散粒子群(discrete particle swarm optimization,DPSO)算法及时地解决节点故障重映射问题,在降低资源占用的同时提高故障修复率;当发生链路故障时,通过改变底层物理路径流量分割比例,将受影响流量迁移到候选集合的可用链路中,设计动态路径分割算法有效解决了链路故障重定向问题,实现底层物理网络资源剩余价值最大化.仿真实验验证了算法在不同物理网络环境下的适应性和不同故障模型下的有效性,此外,还初步探索了主用比例的取值对所提备份恢复机制的影响.展开更多
Real-time multimedia sharing in Consumer-centric Multimedia Network(CMN) requires usability anywhere, anytime and from any device. However, CMNs are usually located or implemented on application layer, which makes CMN...Real-time multimedia sharing in Consumer-centric Multimedia Network(CMN) requires usability anywhere, anytime and from any device. However, CMNs are usually located or implemented on application layer, which makes CMNs subjected to their fixed substrate security framework. A fundamental diversifying attribute for the customized security experiences of CMNs is pressing. This paper proposes a programmable network structure which is named Service Processing Chain(SPC) based on network function combination. The SPC is established by the ordinal combination of network functions in substrate switches dynamically, and therefore constructs a special channel for each CMN with required security. The construction and reconfiguration algorithms of SPC are also discussed in this paper. Evaluations and implementation show that above approaches are effective in providing multilevel security with flexibility and expansibility. It is believed that the SPC could provide customized security service and drive participative real-time multimedia sharing for CMNs.展开更多
文摘安全服务链中的虚拟网络功能(virtual network function,VNF)将传统网络安全功能与硬件设备解耦,使得服务功能的部署更具动态性和可扩展性。然而VNF向节点的合理分配以及节点上VNF的高效调度问题仍亟待解决。为此,基于软件定义网络(software defined network,SDN)和网络功能虚拟化(network function virtuali-zation,NFV)环境,提出基于优化算法的解决方案。对资源分配与调度问题进行举例并形式化定义问题的优化目标,提出基于贪心算法的资源分配方案和基于混合蜂群算法的资源调度方案,统一协调解决VNF的资源分配与调度问题。仿真实验验证,所提算法的时间复杂性和在总资源成本及总服务收益方面的提升,对比混合蜂群算法和传统蜂群算法,结果显示前者具有更快的收敛速度。
文摘为防范港口业务和各种信息化应用的快速增加对网络安全带来的冲击,文章基于软件定义网络(Software Defined Network,SDN)平台实现安全设备资源池化进行了研究,针对不同品牌、不同类型的安全设备,通过SDN平台实现港口网络安全设备统一集中调配使用,最大化地发挥安全设备的功能和性能,增加安全设备的可靠性,避免因设备切换所造成的网络中断,同时针对港口网络出口的网络安全设备及相关核心设备进行资源重新整合,以满足港口业务对网络安全的全新要求。
文摘针对网络功能虚拟化(network function virtualization,NFV)环境下安全服务链(security service chain,SSC)故障问题,提出一种基于比例资源预留的备份恢复机制.该方法采用前摄性处理思想,预先在物理网络中按比例划分主备用资源并构造节点/链路候选集合;当发生节点故障时,从候选集合中选取重映射目标并为其分配预留的备用资源,利用改进的离散粒子群(discrete particle swarm optimization,DPSO)算法及时地解决节点故障重映射问题,在降低资源占用的同时提高故障修复率;当发生链路故障时,通过改变底层物理路径流量分割比例,将受影响流量迁移到候选集合的可用链路中,设计动态路径分割算法有效解决了链路故障重定向问题,实现底层物理网络资源剩余价值最大化.仿真实验验证了算法在不同物理网络环境下的适应性和不同故障模型下的有效性,此外,还初步探索了主用比例的取值对所提备份恢复机制的影响.
基金supported by The National Basic Research Program of China (973) (Grant No. 2012CB315901, 2013CB329104)The National Natural Science Foundation of China (Grant No. 61521003, 61372121, 61309019, 61572519, 61502530)The National High Technology Research and Development Program of China (863) (Grant No. 2015AA016102)
文摘Real-time multimedia sharing in Consumer-centric Multimedia Network(CMN) requires usability anywhere, anytime and from any device. However, CMNs are usually located or implemented on application layer, which makes CMNs subjected to their fixed substrate security framework. A fundamental diversifying attribute for the customized security experiences of CMNs is pressing. This paper proposes a programmable network structure which is named Service Processing Chain(SPC) based on network function combination. The SPC is established by the ordinal combination of network functions in substrate switches dynamically, and therefore constructs a special channel for each CMN with required security. The construction and reconfiguration algorithms of SPC are also discussed in this paper. Evaluations and implementation show that above approaches are effective in providing multilevel security with flexibility and expansibility. It is believed that the SPC could provide customized security service and drive participative real-time multimedia sharing for CMNs.
