Full metadata record
DC FieldValueLanguage
dc.contributor.author葉治宏en_US
dc.contributor.authorYeh, Chih-Hungen_US
dc.contributor.author林盈達en_US
dc.contributor.authorLin, Ying-Daren_US
dc.date.accessioned2014-12-12T02:41:32Z-
dc.date.available2014-12-12T02:41:32Z-
dc.date.issued2013en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#GT070156545en_US
dc.identifier.urihttp://hdl.handle.net/11536/74812-
dc.description.abstract在現有的OpenFlow-based 軟體定義網路(SDN)架構下,由於資料層之交換器功能過於簡化,若欲提供額外的網路安全加值服務與服務串接,流量分類的工作勢必完全仰賴控制器。這將造成交換器傳送大量OpenFlow訊息之流量至控制器處理。為了減輕此問題,我們提出一個從OpenFlow-based SDN延伸之架構,並在其控制層與資料層中設計相應機制。我們於資料層設計了兩層流量分類機制,並透過延伸原有的OpenFlow協定設計新的訊息類別與格式。透過此一設計,網路事件於資料層就可分析,不必再轉送至控制層。此一設計可減少了在OpenFlow-based SDN下以網路加值服務實現入侵防禦系統時,轉送至控制器的流量。我們也探討在此延伸架構下產生至各個結點的流量比例。同時透過校園網路流量應用在此架構下之結果來驗證設計。zh_TW
dc.description.abstractProviding value-added services under current OpenFlow-based SDN architecture makes huge traffic of OpenFlow message be generated to the controller for traffic classification because the simplicity of the switches in the data plane. For relieving this problem, we proposed an architecture which is extended from OpenFlow-based SDN and design the corresponding mechanism in this architecture. We design the two-layer traffic classification mechanism in the data plane. Also, we extended the OpenFlow protocol message types and formats. By our design, network events can be analyzed in data plane but control plane. In the case of the implementation of the intrusion prevention system using value-added services, we reduced the traffic generated to the controller under the OpenFlow-based SDN. We also discuss the ratio of the traffic generated to particular network nodes of the extended architecture designed. We qualify our design by the results from the campus network traffic.en_US
dc.language.isoen_USen_US
dc.subject軟體定義網路zh_TW
dc.subject流量分類zh_TW
dc.subject加值服務zh_TW
dc.subject網路服務zh_TW
dc.subject服務串接zh_TW
dc.subject入侵防禦系統zh_TW
dc.subjectsoftware-defined networkingen_US
dc.subjectSDNen_US
dc.subjectOpenFlowen_US
dc.subjecttraffic classificationen_US
dc.subjectvalue-added serviceen_US
dc.subjectnetwork serviceen_US
dc.subjectservice chainingen_US
dc.subjectintrusion prevention systemen_US
dc.subjectIPSen_US
dc.title以入侵防禦之案例探討將加值服務對應到延伸軟體定義網路架構zh_TW
dc.titleAn Extended SDN Architecture for Value-added Services with a Case Study on Intrusion Preventionen_US
dc.typeThesisen_US
dc.contributor.department網路工程研究所zh_TW
Appears in Collections:Thesis