ИСТИНА |
Войти в систему Регистрация |
|
ИПМех РАН |
||
The invention relates to network communication technologies. Messages are sent by a controller to switches subordinate thereto; commands from the controller, ordering the switches to change their behaviour, are delayed using a proxy server, which sends a copy of the commands to a model corrector; the model corrector is used to construct a mathematical model describing the configuration of the network which may result from the application of the commands, using information received by the model corrector about the controller commands; the formal models obtained are checked for compliance with the requirements applicable to the network using a verifier; with the aid of the verifier, a controller command is marked safe if a formal model satisfies each of the requirements of a routing policy, or is marked unsafe if a formal model fails to satisfy at least one of the requirements of a routing policy; safe controller commands are transmitted to the switches by means of the proxy server, or unsafe commands are blocked by the proxy server and the controller is notified that a particular command is unsafe. The present method is directed toward reducing the risks arising as a result of the non-compliance of the behaviour of software-defined networks with the requirements applicable thereto.