云资源池集成虚拟防火墙方案及关键技术
|
摘要
防火墙服务(FWaaS)是云资源池网络服务的关键组件之一,要求具备自动开通、按需灵活调整的能力,适合采用软件形态的虚拟防火墙(virtualfirewall,v FW)承载。对于云资源池而言,虚拟防火墙具有特殊性,本身既是网络服务需要被业务系统编排,又是网元组件需要被网络系统配置。云资源池环境下,虚拟防火墙面临与云平台、SDN等其他组件集成的问题。研究了现有云资源池集成虚拟防火墙的主要方案,分析了云资源池集成虚拟防火墙的主要问题,提出了基于可扩展的模型框架实现云资源池集成虚拟防火墙的方法。
FWaaS is one of the key cloud network services, which requires ability of auto provisioning and flexibility of on-demand adjustment. It is suitable for cloud platforms to provide FWaaS based on virtual firewalls(vFW) appliance. vFW has its own particularity comparing to other cloud components. It is not only a network service but also a network element, which should be orchestrated by business systems and should be automatically configured by network systems. In the environment of cloud resource pool, vFW faces the integration problem with other cloud components like SDN and cloud management platform. The main method of integrating vFW in cloud resource pool was studied, the existing integration problems were analyzed, and an integration method based on extensible model driven framework was proposed.
FWaaS is one of the key cloud network services, which requires ability of auto provisioning and flexibility of on-demand adjustment. It is suitable for cloud platforms to provide FWaaS based on virtual firewalls(vFW) appliance. vFW has its own particularity comparing to other cloud components. It is not only a network service but also a network element, which should be orchestrated by business systems and should be automatically configured by network systems. In the environment of cloud resource pool, vFW faces the integration problem with other cloud components like SDN and cloud management platform. The main method of integrating vFW in cloud resource pool was studied, the existing integration problems were analyzed, and an integration method based on extensible model driven framework was proposed.
引文
[1]樊勇兵,陈楠,黄志兰,等.解惑SDN[M].北京:人民邮电出版社,2015.FAN Y B,CHEN N,HUANG Z L,et al.Disabuse SDN[M].Beijing:Posts and Telecom Press,2015.
[2]陈楠,樊勇兵,何晓武,等.面向应用的云数据中心网络技术研究[J].电信科学,2014,30(9):128-132.CHEN N,FAN Y B,HE X W,et al.Research on the technology of application-oriented cloud data center network[J].Telecommunications Science,2014,30(9):128-132.
[3]樊宁,沈军,金华敏.云计算环境下防火墙技术发展现状及趋势[M]//2013-2014中国通信行业发展分析报告.北京:人民邮电出版社,2014:250-253.FAN N,SHEN J,JIN H M.Development and trend of firewall technology in cloud computing environment[M]//2013-2014China Communications Industry Development Analysis Report.Beijing:Posts and Telecom Press,2014:250-253.
[4]李洪,伍思源,渠凯,等.大规模云资源池中虚拟防火墙部署问题研究[J].电信科学,2014,30(Z1):164-167.LI H,WU S Y,QU K,et al.Research on deployment of virtual firewall in large scale cloud resource pool[J].Telecommunications Science,2014,30(Z1):164-167.
[5]Service function chaining(SFC)architecture:RFC 7665[S].2015.
[6]李晨,陈俏钢,李凤凯,等.SDN的网络模型及北向接口[J].中兴通讯技术,2016,22(6):17-21.LI C,CHEN Q G,LI F K,et al.Network model and northbound interface of SDN[J].ZTE Technology Journal,2016,22(6):17-21.
[7]黄志兰,樊勇兵,陈楠,等.Overlay SDN实现异构兼容的关键技术[J].电信科学,2016,32(11):112-118.HUANG Z L,FAN Y B,CHEN N,et al.Key technologies of heterogeneous compatibility in overlay SDN[J].Telecommunications Science,2016,32(11):112-118.
[8]赵鹏,段晓东.SDN/NFV发展中的关键:编排器的发展与挑战[J].电信科学,2017,33(4):18-25.ZHAO P,DUAN X D.Key of SDN/NFV development:development and challenge of orchestrator[J].Telecommunications Science,2017,33(4):18-25.
[2]陈楠,樊勇兵,何晓武,等.面向应用的云数据中心网络技术研究[J].电信科学,2014,30(9):128-132.CHEN N,FAN Y B,HE X W,et al.Research on the technology of application-oriented cloud data center network[J].Telecommunications Science,2014,30(9):128-132.
[3]樊宁,沈军,金华敏.云计算环境下防火墙技术发展现状及趋势[M]//2013-2014中国通信行业发展分析报告.北京:人民邮电出版社,2014:250-253.FAN N,SHEN J,JIN H M.Development and trend of firewall technology in cloud computing environment[M]//2013-2014China Communications Industry Development Analysis Report.Beijing:Posts and Telecom Press,2014:250-253.
[4]李洪,伍思源,渠凯,等.大规模云资源池中虚拟防火墙部署问题研究[J].电信科学,2014,30(Z1):164-167.LI H,WU S Y,QU K,et al.Research on deployment of virtual firewall in large scale cloud resource pool[J].Telecommunications Science,2014,30(Z1):164-167.
[5]Service function chaining(SFC)architecture:RFC 7665[S].2015.
[6]李晨,陈俏钢,李凤凯,等.SDN的网络模型及北向接口[J].中兴通讯技术,2016,22(6):17-21.LI C,CHEN Q G,LI F K,et al.Network model and northbound interface of SDN[J].ZTE Technology Journal,2016,22(6):17-21.
[7]黄志兰,樊勇兵,陈楠,等.Overlay SDN实现异构兼容的关键技术[J].电信科学,2016,32(11):112-118.HUANG Z L,FAN Y B,CHEN N,et al.Key technologies of heterogeneous compatibility in overlay SDN[J].Telecommunications Science,2016,32(11):112-118.
[8]赵鹏,段晓东.SDN/NFV发展中的关键:编排器的发展与挑战[J].电信科学,2017,33(4):18-25.ZHAO P,DUAN X D.Key of SDN/NFV development:development and challenge of orchestrator[J].Telecommunications Science,2017,33(4):18-25.