公开(公告)号：US20140351801A1

公开(公告)日：2014-11-27

申请号：US14284768

申请日：2014-05-22

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Myung-Ki SHIN ,  Yun-Chul CHOI ,  Jong-Hwa YI ,  Seung-Ik LEE ,  Hyoung-Jun KIM

IPC: G06F9/45

CPC classification number: G06F8/41 ,  G06F8/43 ,  H04L45/00

Abstract: The present invention relates to a formal technique-based verification apparatus and method for verifying software-defined networking. In accordance with an embodiment, a formal verification apparatus for Software-Defined Networking (SDN), includes a formal language creation unit for collecting flow table information for an entire network topology in response to a request of a SDN control unit, and creating description code in a predefined formal language based on the collected flow table information. A Symbolic Transition Graph (STG) generation unit generates a symbolic transition graph using the created description code in the formal language. A verification execution unit performs verification by applying formal verification technology to the symbolic transition graph.

Abstract translation: 本发明涉及用于验证软件定义的网络的基于形式技术的验证装置和方法。 根据实施例，用于软件定义网络（SDN）的形式验证装置包括形式语言创建单元，用于响应于SDN控制单元的请求而收集整个网络拓扑的流表信息，并且创建描述码 基于收集的流表信息以预定义的形式语言。 符号转换图（STG）生成单元使用形式语言中创建的描述代码生成符号转换图。 验证执行单元通过将形式验证技术应用于符号转换图来执行验证。

公开(公告)号：US20170359426A1

公开(公告)日：2017-12-14

申请号：US15440397

申请日：2017-02-23

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Yun-Chul CHOI

IPC: H04L29/08 ,  H04L12/46

CPC classification number: H04L67/16 ,  H04L12/4641 ,  H04L67/10 ,  H04L67/1002

Abstract: Disclosed herein are a method and apparatus for detecting a network service. The network service detection method includes generating pieces of required resource information for respective Virtual Network Functions (VNFs) with respect to one or more VNFs provided by a network, generating multiple deployment combinations by deploying the one or more VNFs on multiple servers constituting the network, calculating deployment combination resources required by respective multiple deployment combinations, based on the pieces of required resource information for respective VNFs, and detecting an executable deployment combination, among the multiple deployment combinations, as a network service that is capable of being provided by the network by comparing the deployment combination resources with pieces of specification information corresponding to the multiple servers.

公开(公告)号：US20170141944A1

公开(公告)日：2017-05-18

申请号：US15339133

申请日：2016-10-31

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Seung-Ik LEE ,  Yun-Chul CHOI ,  Myung-Ki SHIN ,  Jong-Hwa YI ,  Ji-Hyun LEE

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L41/04 ,  H04L41/044 ,  H04L41/0866 ,  H04L41/0893 ,  H04L41/5054 ,  H04L67/10 ,  H04L67/42 ,  H04L69/40

Abstract: Disclosed herein is a method for managing network resources required in a Network Function Virtualization (NFV) environment. A verifier for Network Function Virtualization (NFV) resource allocation includes a network information reception unit for receiving information about network services from Operations Support Systems (OSS) or Business Support Systems (BSS) in an NFV environment, a combination information generation unit for generating combination information made when Virtualized Network Functions (VNFs) required by each network service are allocated to physical or virtual network resources, based on the received network service information, and a verification unit for verifying whether the combination information is applicable to available network resources in the NFV environment. Accordingly, a network service provider and a network administrator may detect problems related to resource availability in advance, thus more securely deriving the design of network services and the planning to secure network resources.

公开(公告)号：US20140301226A1

公开(公告)日：2014-10-09

申请号：US14245391

申请日：2014-04-04

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Yun-Chul CHOI ,  Myung-Ki SHIN ,  Hyoung-Jun KIM

IPC: H04L12/26

CPC classification number: H04L41/145 ,  H04L43/026 ,  H04L43/06

Abstract: An apparatus and a method for network monitoring and packet inspection capable of performing network monitoring and packet inspection in real time in a network system are disclosed. In accordance with an embodiment of the present invention, the apparatus for monitoring and packet inspection includes: a controller configured to transmit and receive an open flow protocol message and perform a network control; and a switch configured to include a flow table for data transfer and a security channel for connection with the controller, wherein the flow table includes target information which is information on a flow on which a user performs the monitoring and packet inspection.

Abstract translation: 公开了一种能够在网络系统中实时地执行网络监视和分组检测的网络监视和分组检测的装置和方法。 根据本发明的实施例，用于监视和分组检测的装置包括：控制器，被配置为发送和接收开放流协议消息并执行网络控制; 以及配置为包括用于数据传送的流表和用于与控制器连接的安全信道的交换机，其中，流表包括作为用户执行监视和分组检查的流的信息的目标信息。

公开(公告)号：US20170063635A1

公开(公告)日：2017-03-02

申请号：US14954100

申请日：2015-11-30

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Yun-Chul CHOI

IPC: H04L12/24 ,  H04L12/931

CPC classification number: H04L41/12 ,  H04L41/0213 ,  H04L41/50 ,  H04L45/306 ,  H04L45/64 ,  H04L49/35

Abstract: Disclosed is a network service control device and method in an environment in which a Software Defined Network (SDN) and a legacy network are connected to each other. The network service control device according to the present invention includes: a first network acquisition unit for acquiring first network information corresponding to the SDN; a second network information acquisition unit for acquiring second network information corresponding to the legacy network; a control message creation unit for creating a service control message for controlling a service of the network environment in which the SDN and the legacy network are connected to each other, based on at least one of the first network information and the second network information; and a service control unit for controlling the service of the network environment by transmitting the service control message to at least one network switch module included in the network environment.

Abstract translation: 公开了一种在软件定义网络（SDN）和传统网络彼此连接的环境中的网络服务控制设备和方法。 根据本发明的网络服务控制装置包括：第一网络获取单元，用于获取与SDN对应的第一网络信息; 第二网络信息获取单元，用于获取对应于传统网络的第二网络信息; 控制消息创建单元，用于基于所述第一网络信息和所述第二网络信息中的至少一个，创建用于控制所述SDN和所述传统网络彼此连接的网络环境的服务的服务控制消息; 以及服务控制单元，用于通过将服务控制消息发送到包括在网络环境中的至少一个网络交换模块来控制网络环境的服务。

公开(公告)号：US20150227411A1

公开(公告)日：2015-08-13

申请号：US14618060

申请日：2015-02-10

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jong-Hwa YI ,  Yun-Chul CHOI ,  Seung-Ik LEE ,  Myung-Ki SHIN ,  Hyoung-Jun KIM

IPC: G06F11/07 ,  H04L29/08 ,  G06F9/54

CPC classification number: G06F11/0784 ,  G06F11/3608

Abstract: Disclosed herein is technology for formal verification of a network service chain in a software-defined networking environment. In an embodiment, a verification support apparatus for formal verification of a network service chain includes a Network Service Chain (NSC) descriptor information reception unit for receiving NSC descriptor information from an application program. An NSC configuration unit configures an NSC of multiple network services using the received NSC descriptor information. A verification request unit requests formal verification of each network service in the configured NSC from a formal verification unit.

Abstract translation: 这里公开了用于软件定义的网络环境中的网络服务链的形式验证的技术。 在一个实施例中，用于网络服务链的形式验证的验证支持装置包括用于从应用程序接收NSC描述符信息的网络服务链（NSC）描述符信息接收单元。 NSC配置单元使用接收到的NSC描述符信息来配置多个网络服务的NSC。 验证请求单元从形式验证单元请求在配置的NSC中的每个网络服务的形式验证。