煤矿企业数据中心网络安全服务链技术研究

Research on network security service chain technology of data center in coal mine enterprise

  • 摘要: 目前,煤矿企业生产网络和数据中心之间的网络安全设备大多采用串行部署方式,存在单点故障、链路瓶颈、运维耦合等问题。针对上述问题,研究了基于软件定义网络(SDN)的煤矿企业数据中心网络安全服务链技术。设计了煤矿企业数据中心安全设备并行部署方式,在物理拓扑上串入1台服务功能链(SFC)交换机,将各安全设备接入SFC交换机,通过SDN控制器控制安全设备及经过SFC交换机的流量,通过SFC交换机定期向安全设备发送检测报文来实现安全设备健康状况检测,并根据配置实现安全设备故障、升级、增加情况下的SDN安全服务链,保障安全设备无感知上下线。测试结果表明,该技术支持安全服务资源的可视化灵活调度,可按需启用/停用服务链上安全服务或配置不同优先级的服务链,在安全设备故障情况下可自动更新安全服务路径,且丢包率低,实现了无感知切换。

     

    Abstract: At present, most of the network security equipment between the production network and data center of coal mine enterprises are deployed in serial mode. This mode has the problems of single point of failure, link bottleneck, and operation and maintenance coupling. In order to solve the above problems, the network security service chain technology of data center in coal mine enterprise based on software defined network (SDN) is studied. The parallel deployment mode of the security equipment of the data center in coal mine enterprise is designed as follows. A service function chain (SFC) switch is connected in series on the physical topology. All security equipment is connected to the SFC switch. The SDN controller is used to control security equipment and flow through the SFC switch. The SFC switch regularly sends detection messages to the security equipment to detect the health status of the security equipment. According to the configuration, the SDN security service chain in the case of security equipment failure, upgrade or increase is realized. This chain ensures that the security equipment is not aware of online and offline. The test results show that the technology supports the visual and flexible scheduling of security service resources. The technology can enable/disable security services on service chains or configure service chains with different priorities according to needs. The technology can automatically update security service paths in the case of security equipment failure. The technology has low packet loss rate and realizes unaware switching.

     

/

返回文章
返回