虛擬化技術應用與雲端服務的出現，使企業能夠以更低的成本在取得所需的資源。隨著在虛擬化技術的效能提升，閒置的處理效能得到更有效的利用。大量虛擬機的出現，使得目前的網路架構無法有效的管理這些虛擬主機對網路的需求。

本文將針對虛擬機器的網路的安全管理的各種方法進行探討，提出以軟體定義網路（Software Defined Network － SDN）為基礎的邏輯網路架構，將實體網路切割與抽象化。並提供有效的管理機制讓客戶能夠針對所得到的虛擬機器自行調整及管理虛擬機的網路安全與架構。

The active use of virtualization technology and cloud services, enables easy acquisition of computing resources for corporations and enterprises. However as the increase in performance of virtualization software allows more virtual machines running on a single physical host. The current network structure and technologies does not have the required ability to effectively manage network services and requests for the virtual machines.

This research will be studding currently available network management methods. Proposing a suggested management methods based on Software Defined Network technologies, providing network abstraction and segmentation services to allow customer of cloud services to manage and customizing their network environment and network security policies freely and easily through APIs and dedicated web portals.

第壹章	緒論	1
1.1	前言	1
1.2	研究背景與目的	2
第貳章	網路設備管理虛擬化技術探討	4
2.1	軟體定義網路（SDN）	5
2.2	Open vSwitch	6
2.3	OpenDaylight	7
2.4	小結	8
第參章	解決虛擬網路中多用戶個別網管的可行方案	9
3.1	劃分多台虛擬層交換器方案	10
3.2	運用虛擬區域網（VLAN） 方案	12
3.3	運用複合式虛擬區域網（Nested VLAN）方案	13
3.4	軟體定義網路（SDN）方案	16
3.5	小結	18
第肆章	以SDN概念解決多用戶個別網管的構想與實現	20
4.1	構想	20
4.2	架構設計	20
4.2.1.	實體網路	21
4.2.2.	邏輯網路	22
4.2.3.	用戶管理區塊	25
4.3	實作	26
4.3.1.	組件安裝方式	28
4.4	結果展示	31
第伍章	結論	40
第陸章	參考文獻	42

圖 1、支援OpenFlow協定網路設備與控制器通訊過程	6
圖2、OpenDaylight 系統架構圖	7
圖 3、網頁應用程式範例架構	10
圖 4、多台虛擬層交換器方案	11
圖 5、虛擬區域網	13
圖 6、複合式虛擬區域網	15
圖 7、軟體定義網路方案	17
圖 8、軟體定義網路架構設計	21
圖 9、實體網路示意圖	22
圖 10、邏輯網路元件示意圖	23
圖 11、邏輯網路示意圖	24
圖 12、用戶管理區塊示意圖	25
圖13、實作環境架構	27
圖14、OpenDaylight執行方式	29
圖15、OpenDaylight 圖形化界面	29
圖16、Open vSwitch 啟動過程與指令	30
圖17、虛擬主機通訊測試 - 1	31
圖18、OpenDaylight 圖形化管理界面	31
圖 19、實作網路之邏輯網路規劃	32
圖20、虛擬主機通訊測試 – 2	37
圖21、客戶-3 邏輯網路區塊示意圖	38
圖22、邏輯網路設定網頁程式	38

表 1、四種可能實作方式比較表	19

黃翊宸, "運用軟體定義網路進行早期網路攻擊災害消弭之研究" ，碩士論文, 江大學資訊管理研究所, 2014.
[2]	"IEEE Standard for Local and metropolitan area networks--Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks," IEEE Std 802.1Q-2011 (Revision of IEEE Std 802.1Q-2005), pp. 1-1365, 2011.
[3]	K. Bakshi, "Considerations for Software Defined Networking (SDN): Approaches and use cases," in Aerospace Conference, 2013 IEEE, 2013, pp. 1-9.
[4]	T. J. Bittman, G. J. Weiss, M. A. Margevicius, and P. Dawson, "Magic Quadrant for x86 server virtualization infrastructure," Gartner Research Note G, vol. 213635, 2011.
[5]	O. N. Foundation. Software-Defined Networking: The New Norm for Networks. Available: https://www.opennetworking.org/sdn-resources/sdn-library/whitepapers#introducing-SDN. Accessed: 2014/3/4
[6]	N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, et al., "OpenFlow: enabling innovation in campus networks," ACM SIGCOMM Computer Communication Review, vol. 38, pp. 69-74, 2008.
[7]	J. Mudigonda, P. Yalagandula, J. Mogul, B. Stiekes, and Y. Pouffary, "NetLord: a scalable multi-tenant network architecture for virtualized datacenters," ACM SIGCOMM Computer Communication Review, vol. 41, pp. 62-73, 2011.
[8]	S. Myung-Ki, N. Ki-Hyuk, and K. Hyoung-Jun, "Software-defined networking (SDN): A reference architecture and open APIs," in ICT Convergence (ICTC), 2012 International Conference on, 2012, pp. 360-361.
[9]	I. OpenDaylight Project. OpenDaylight Techinical Overview. Available: http://www.opendaylight.org/project/technical-overview. Accessed: 2014/7/11
[10]	B. Pfaff, J. Pettit, K. Amidon, M. Casado, T. Koponen, and S. Shenker, "Extending Networking into the Virtualization Layer," in Hotnets, 2009.
[11]	A. C. Risdianto and E. Mulyana, "Implementation and analysis of control and forwarding plane for SDN," in Telecommunication Systems, Services, and Applications (TSSA), 2012 7th International Conference on, 2012, pp. 227-231.
[12]	R. Sherwood, G. Gibb, K.-K. Yap, G. Appenzeller, M. Casado, N. McKeown, et al., "Flowvisor: A network virtualization layer," OpenFlow Switch Consortium, Tech. Rep, 2009.