基于中间盒的SDN信息服务中心策略实施架构

中间盒是一种网络管理员手动设置行为策略的设备；软件定义网络（software-defined network，SDN）的出现使得中间盒实施策略的可能性变得多样化。为改善信息服务中心的安全防护，提出一种无须管理员参与即可响应网络事件的基于SDN的动态中间策略实施架构，提出可以满足控制器与中间盒之间通信的接口。在虚拟机中实施了具有防火墙和入侵防御系统（intrusion prevention system，IPS）的中间盒原型来评估策略执行体系，验证原型获得的实验效果。结果表明，该体系结构能够在不影响网络性能的前提下动态执行中间盒策略，使网络应用程序能够正常运行。

Middlebox-based SDN information service center policy implementation framework

Middlebox is a device that a network administrator manually sets behavior policies. The advent of SDN has made it possible to diversify the possibilities of implementing a middlebox implementation strategy. In order to improve the security of the information service center, this paper proposed an SDN-based dynamic intermediate policy implementation architecture which could respond to network events without administrators'' participation, and proposed an interface which could satisfy the communication between the controller and the middlebox. This paper implemented a middlebox prototype with firewall and IPS in the virtual machine to evaluate the policy execution system and verified the experimental results obtained by the prototype. The results show that the architecture can dynamically execute the middlebox policy without affecting network performance, so that the network application can run normally.