With　the　rapid　growth　of　application　migration,　the　anonymity　in　data　center　networks　becomes　important　in　breaking　attack　chains　and　guaranteeing　user　privacy.　However,　existing　anonymity　systems　are　designed　for　the　Internet　environment,　which　suffer　from　high　computational　and　network　resource　consumption　and　deliver　low　performance,　thus　failing　to　be　directly　deployed　in　data　centers.　In　order　to　address　this　problem,　this　paper　proposes　an　efficient　and　easily　deployed　anonymity　scheme　for　software　defined　networking-based　data　centers,　called　mimic　channel　MIC.　The　main　idea　behind　MIC　is　to　conceal　the　communication　participants　by　modifying　the　source/destination　addresses,　such　as　media　access　control　MAC　and　Internet　protocol　IP　address　at　switch　nodes,　so　as　to　achieve　anonymity.　Compared　with　the　traditional　overlay-based　approaches,　our　in-network　scheme　has　shorter　transmission　paths　and　less　intermediate　operations,　thus　achieving　higher　performance　with　less　overhead.　We　also　propose　a　collision　avoidance　mechanism　to　ensure　the　correctness　of　routing,　and　three　mechanisms　to　enhance　the　traffic-analysis　resistance.　To　enhance　the　practicality,　we　further　propose　solutions　to　enable　MIC　co-existing　with　some　MIC-incompatible　systems,　such　as　packet　analysis　systems,　intrusion　detection　systems,　and　firewall　systems.　Our　security　analysis　demonstrates　that　MIC　ensures　unlinkability　and　improves　traffic-analysis　resistance.　Our　experiments　show　that　MIC　has　extremely　low　overhead　compared　with　the　base-line　transmission　control　protocol　TCP　or　secure　sockets　layer　SSL,　e.g.,　less　than　1　overhead　in　terms　of　throughput.　Experiments　on　MIC-based　distributed　file　system　show　the　applicability　and　efficiency　of　MIC.　©　2017　IEEE.