基于SRv6技术的云网安全服务链自动编排方法

doi:10.3969/j.issn.1006-2475.2024.01.001

摘要/Abstract

摘要：

摘要：为提高云网数据中心的资源利用率、节约通信开销，基于SRv6（Segment Route IPv6）技术设计一种云网安全服务链自动编排方法。本文方法辅助并引导网络数据包沿着指定路径通过云网，确定报文的具体转发路径，减少对服务节点的依赖；建立最小化总带宽的目标函数，结合多种约束条件，满足自动编排的安全性；定义本地行为报文，架构安全服务链自动编排框架，建立安全服务策略，解决策略冲突和网络流调度问题，达到服务链的安全编排。实验结果表明，本文方法能有效地实现云网服务链自动编排，减少CPU平均总带宽消耗，提升用户的请求成功率，降低云网中边缘设备的负载，节省通信开销。

关键词: 关键词：SRv6技术, 云网安全, 安全服务链, 自动编排, 调度优化

Abstract: Abstract: To improve the resource utilization rate of cloud network data centers and save communication costs， a cloud network security service chain automatic orchestration method is designed based on SRv6 （Segment Route IPv6） technology. The method assists and guides network data packets to pass through the cloud network along the specified path， determines the specific forwarding path of the message， and reduces dependence on service nodes； establishes an objective function to minimize the total bandwidth， combines with various constraints to meet the security requirements of automatic orchestration； defines local behavior message， constructs automatic arrangement framework of security service chain， establishes security service policy， solves policy conflict and flow network scheduling problem， and achieves security arrangement of service chain. Experimental results show that the proposed method can effectively implement the automatic scheduling of cloud service chain， reduce the average total bandwidth consumption of CPU， improve the success rate of user requests， reduce the load of edge device in the cloud， and save communication costs.

Key words: Key words: SRv6 technology, cloud network security, security service chain, automatic arrangement, scheduling optimization

中图分类号:

TP393.4

王宏杰, 徐胜超, 杨波, 毛明扬, 蒋金陵. 基于SRv6技术的云网安全服务链自动编排方法[J]. 计算机与现代化, 2024, 0(01): 1-5.

WANG Hong-jie, XU Sheng-chao, YANG Bo, MAO Ming-yang, JIANG Jin-ling. Automatic Arrangement Method of Cloud Network Security Service Chain Based on SRv6 Technology[J]. Computer and Modernization, 2024, 0(01): 1-5.

参考文献［27］

［1］	NEJABATI R， MOAZZENI S， JAISUDTHI P， et al. Zero-touch network orchestration at the edge［C］// 2021 International Conference on Computer Communications and Networks （ICCCN）. 2021. DOI:10.1109/ICCCN52240.2021.9
	522194.
［2］	KHAN T A， ABBAS K， MUHAMMAD A， et al. An intent-driven closed-loop platform for 5G network service orchestration［J］. Computers Materials & Continua， 2022，70（3）:4323-4340.
［3］	吴宇彤，周金和. 一种采用NFV架构的服务功能链动态编排与部署［J］. 电讯技术， 2022，62（10）:1506-1513.
［4］	GUO S Y， QI Y Y， JIN Y， et al. Endogenous trusted DRL-based service function chain orchestration for IoT［J］. IEEE Transactions on Computers， 2021，71（2）:397-406.
［5］	THIRUVENKADAM S， SUJITHA V， JO H， et al. A heuristic fuzzy based 5G network orchestration framework for dynamic virtual network embedding［J］. Applied Sciences， 2022，12（14）. DOI: 10.3390/app12146942.
［6］	HURMELINNA-LAUKKANEN P， MOLLER K， NATTI S. Orchestrating innovation networks: Alignment and orchestration profile approach［J］. Journal of Business Research， 2022，140:170-188.
［7］	MELEKOODAPPATTU J G， SUBBIAN P S， QUEEN M P F. Detection and classification of breast cancer from digital mammograms using hybrid extreme learning machine classifier［J］. International Journal of Imaging Systems and Technology， 2021，31（2）: 909-920.
［8］	WIĘCEK D， MICHALSKI I， RZEŹNICZAK K， et al. Multi-RAT orchestration method for heterogeneous wireless networks［J］. Applied Sciences， 2021，11（18）. DOI: 10.
	3390/app11188281.
［9］	RAN J， WANG W K， HU H F. Dynamic service function chain deployment and readjustment method based on deep reinforcement learning［J］. Sensors， 2023，23（6）. DOI: 10.
	3390/s23063054.
［10］	ZHANG Y H， ZHANG F， TONG S， et al. A dynamic planning model for deploying service functions chain in fog-cloud computing［J］. Journal of King Saud University-Computer and Information Sciences， 2022，34（10）:7948-7960.
［11］	ZHANG C C， WANG X W， DONG A W， et al. The intelligent multi-domain service function chain deployment: Architecture， challenges and solutions［J］. International Journal of Communication Systems， 2021， 34（1）. DOI: 10.1002
	/dac.4665.
［12］	KHARATI E. Creating balance on bandwidth consumption using network coding in wireless sensor networks［J］. Majlesi Journal of Electrical Engineering， 2020，14（3）:23-38.
［13］	LARIMI S S N， SALAMI B， UNSAL O S， et al. Understanding power consumption and reliability of high-bandwidth memory with voltage underscaling［C］// 2021 Design， Automation & Test in Europe Conference & Exhibition （DATE）. 2021:517-522.
［14］	ZHANG J F， ZHANG W S， XU J D. Bandwidth-efficient multi-task AI inference with dynamic task importance for the Internet of Things in edge computing［J］. Computer Networks， 2022，216. DOI: 10.1016/j.comnet.2022.109262.
［15］	LI H P， KORDI M E. DSPPV: Dynamic service function chains placement with parallelized virtual network functions in mobile edge computing［J］. Internet of Things， 2023，22（2）. DOI: 10.1016/j.iot.2023.100733.
［16］	TOKUDA K， SATO T， OKI E. Network slice reconfiguration with deep reinforcement learning under variable number of service function chains［J］. Computer Networks， 2023，224（3）. DOI: 10.1016/j.comnet.2023.109636.
［17］	QIN Y D， GUO D K， LUO L L， et al. Service function chain migration with the long-term budget in dynamic networks［J］. Computer Networks， 2023，223（99）. DOI:10.10
	16/j.comnet.2023.109563.
［18］	HUANG W W， LI SONG， WANG S N， et al. An improved adaptive service function chain mapping method based on deep reinforcement learning［J］. Electronics， 2023，12（6）. DOI : 10.3390/electronics12061307.
［19］	GAO J， FENG L， YU P， et al. Resource consumption and security-aware multi-tenant service function chain deployment based on hypergraph matching［J］. Computer Networks， 2022，216（3）. DOI: 10.1016/j.comnet.2022.109298.
［20］	YAGHOUBPOUR F， BAKHSHI B， SEIFI F. End-to-end delay guaranteed service function chain deployment: A multi-level mapping approach［J］. Computer Communications， 2022，194:433-445.
［21］	HU H Y， KANG Q Y， ZHAO S， et al. Service function chain deployment method based on traffic prediction and adaptive virtual network function scaling［J］. Electronics， 2022，11（16）. DOI: 10.3390/electronics11162625.
［22］	ZHAI D， MENG X R， YU Z H， et al. A security-aware service function chain deployment method for load balance and delay optimization［J］. Scientific Reports， 2022，12（1）. DOI: 10.1038/s41598-022-14494-2.
［23］	NAJAFI B， PARSAEEFARD S， LEON-GARCIA A. Estimation of missing data in intelligent transportation system［C］// 2020 IEEE 92nd Vehicular Technology Conference （VTC2020-Fall）. 2020:1-6. DOI: 10.1109/VTC2020-Fall
	49728.2020.9348581.
［24］	XU L Y， HU H F， LIU Y N. Heuristic strategy of service function chain deployment based on N-base continuous digital coding in network function virtualization environment［J］. Electronics， 2022，11（3）. DOI: 10.3390/electroni
	cs11030331.
［25］	MORENO J F C， SATTLER R， CISTERNA R P C C， et al. Online service function chain deployment for live-streaming in virtualized content delivery networks: A deep reinforcement learning approach［J］. Future Internet， 2021，13（11）. DOI: 10.3390/fi13110278.
［26］	DISTLER V， FASSL M， HABIB H， et al. A systematic literature review of empirical methods and risk representation in usable privacy and security research［J］. ACM Transactions on Computer-Human Interaction， 2021，18（6）:28-35.
［27］	LI Y H， LIU R F， LIU X Y， et al. Research on information security risk analysis and prevention technology of network communication based on cloud computing algorithm［J］. Journal of Physics: Conference Series，2021，1982（1）:12129-12131.

[1]	陈刚, 王志坚, 徐胜超. 基于可行点追踪-连续凸逼近的移动边缘计算任务卸载[J]. 计算机与现代化, 2023, 0(08): 93-97.
[2]	杨波, 徐胜超. 基于SRv6服务链的云网专线场景安全防护方法[J]. 计算机与现代化, 2023, 0(08): 107-111.
[3]	杨丹1，2,陈君1，2,朱小勇1. 一种大视差场景下的实时视频拼接系统[J]. 计算机与现代化, 2020, 0(04): 19-.
[4]	蔡苏亚. 改进的最优链路状态路由协议算法[J]. 计算机与现代化, 2014, 0(8): 106-109.
[5]	张建华,梁正友. 基于情感词抽取与LDA特征表示的情感分析方法[J]. 计算机与现代化, 2014, 0(5): 79-83.
[6]	门佳;李伟. 互联网体系结构中的端到端原则[J]. 计算机与现代化, 2013, 1(9): 152-156.