System and method for achieving security policy based on SDN virtual switch

The present invention discloses a system and a method for achieving security policy based on an SDN (Software Defined Network) virtual switch. The system comprises a plurality of virtual machines and a plurality of virtual network cards arranged on the virtual machines, wherein the virtual network cards are all connected with a virtual switch, the virtual switch is connected with a physical network card and an SDN controller. The method comprises the steps of: S1, enabling the virtual machines to access the virtual switch; S2, enabling the SDN controller and the virtual switch to successfully connect through an Openflow protocol; S3, configuring a needed security policy at the SDN controller; S4, transmitting, by the SDN controller, the security policy to the virtual switch through the Openflow protocol, and automatically setting Openflow table items; S5, checking the table items after receiving message transmitted from the virtual machines, and judging whether the security policy is accorded; and S6, forwarding the message if the security policy is accorded, and otherwise, discarding the message. The system and the method of the present invention provide different levels of security protection and defense, and effectively provide security in a virtual network.