Data stream security processing method and apparatus

摘要

Embodiments of the present invention provide a data stream security processing method and apparatus. In the embodiments of the present invention, security levels of data streams are determined according to different feature information of the data streams, and forwarding paths corresponding to the data streams are determined according to the security levels, where a forwarding path may go through a security device to implement a corresponding security function of the forwarding path, thereby improving data stream forwarding security and lightening load of a central controller.

主权项

1. A data stream security processing method, comprising:
acquiring, by a controller, feature information of a data stream, wherein the feature information comprises source information and destination information of the data stream; determining, by the controller, a security level of the data stream according to the feature information; determining a shortest security path finding rule according to the security level; splitting a security node into split nodes according to degrees of the security node, wherein the security node is associated with a security device, and a quantity of the split nodes is equal to a quantity of the degrees of the security node; acquiring paths from a source node to the split nodes; acquiring paths from a destination node to the split nodes; determining, according to the shortest security path finding rule, a forwarding path for transmitting the data stream, wherein the forwarding path is a shortest path in paths that go through a same security node but different split nodes, wherein the paths are among the paths from the source node to the split nodes and the paths from the destination node to the split nodes; and delivering, by the controller, information which indicates the forwarding path to devices in the forwarding path.