Gong-kuang zidonghua (Aug 2022)
Research on network security service chain technology of data center in coal mine enterprise
Abstract
At present, most of the network security equipment between the production network and data center of coal mine enterprises are deployed in serial mode. This mode has the problems of single point of failure, link bottleneck, and operation and maintenance coupling. In order to solve the above problems, the network security service chain technology of data center in coal mine enterprise based on software defined network (SDN) is studied. The parallel deployment mode of the security equipment of the data center in coal mine enterprise is designed as follows. A service function chain (SFC) switch is connected in series on the physical topology. All security equipment is connected to the SFC switch. The SDN controller is used to control security equipment and flow through the SFC switch. The SFC switch regularly sends detection messages to the security equipment to detect the health status of the security equipment. According to the configuration, the SDN security service chain in the case of security equipment failure, upgrade or increase is realized. This chain ensures that the security equipment is not aware of online and offline. The test results show that the technology supports the visual and flexible scheduling of security service resources. The technology can enable/disable security services on service chains or configure service chains with different priorities according to needs. The technology can automatically update security service paths in the case of security equipment failure. The technology has low packet loss rate and realizes unaware switching.
Keywords