一级黄色片免费播放|中国黄色视频播放片|日本三级a|可以直接考播黄片影视免费一级毛片

高級搜索

留言板

尊敬的讀者、作者、審稿人, 關(guān)于本刊的投稿、審稿、編輯和出版的任何問題, 您可以本頁添加留言。我們將盡快給您答復(fù)。謝謝您的支持!

姓名
郵箱
手機(jī)號碼
標(biāo)題
留言內(nèi)容
驗(yàn)證碼

一種基于數(shù)據(jù)平面可編程的軟件定義網(wǎng)絡(luò)報文轉(zhuǎn)發(fā)驗(yàn)證機(jī)制

左志斌 常朝穩(wěn) ?,F(xiàn)威

左志斌, 常朝穩(wěn), 祝現(xiàn)威. 一種基于數(shù)據(jù)平面可編程的軟件定義網(wǎng)絡(luò)報文轉(zhuǎn)發(fā)驗(yàn)證機(jī)制[J]. 電子與信息學(xué)報, 2020, 42(5): 1110-1117. doi: 10.11999/JEIT190381
引用本文: 左志斌, 常朝穩(wěn), ?,F(xiàn)威. 一種基于數(shù)據(jù)平面可編程的軟件定義網(wǎng)絡(luò)報文轉(zhuǎn)發(fā)驗(yàn)證機(jī)制[J]. 電子與信息學(xué)報, 2020, 42(5): 1110-1117. doi: 10.11999/JEIT190381
Zhibin ZUO, Chaowen CHANG, Xianwei ZHU. A Software-Defined Networking Packet Forwarding Verification Mechanism Based on Programmable Data Plane[J]. Journal of Electronics & Information Technology, 2020, 42(5): 1110-1117. doi: 10.11999/JEIT190381
Citation: Zhibin ZUO, Chaowen CHANG, Xianwei ZHU. A Software-Defined Networking Packet Forwarding Verification Mechanism Based on Programmable Data Plane[J]. Journal of Electronics & Information Technology, 2020, 42(5): 1110-1117. doi: 10.11999/JEIT190381

一種基于數(shù)據(jù)平面可編程的軟件定義網(wǎng)絡(luò)報文轉(zhuǎn)發(fā)驗(yàn)證機(jī)制

doi: 10.11999/JEIT190381
基金項(xiàng)目: 國家自然科學(xué)基金(61572517)
詳細(xì)信息
    作者簡介:

    左志斌:男,1979年生,博士生,研究方向?yàn)镾DN、網(wǎng)絡(luò)安全

    常朝穩(wěn):男,1965年生,教授,博士生導(dǎo)師,研究方向?yàn)榫W(wǎng)絡(luò)安全、態(tài)勢感知

    ?,F(xiàn)威:男,1991年生,博士生,研究方向?yàn)镾DN、信息安全

    通訊作者:

    常朝穩(wěn) changchaowen5@163.com

  • 中圖分類號: TP393

A Software-Defined Networking Packet Forwarding Verification Mechanism Based on Programmable Data Plane

Funds: The National Natural Science Foundation of China (61572517)
  • 摘要:

    針對軟件定義網(wǎng)絡(luò)(SDN)中OpenFlow協(xié)議匹配字段固定且數(shù)量有限,數(shù)據(jù)流轉(zhuǎn)發(fā)缺少有效的轉(zhuǎn)發(fā)驗(yàn)證機(jī)制等問題,該文提出一種基于數(shù)據(jù)平面可編程的軟件定義網(wǎng)絡(luò)報文轉(zhuǎn)發(fā)驗(yàn)證機(jī)制。通過為數(shù)據(jù)報文添加自定義密碼標(biāo)識,將P4轉(zhuǎn)發(fā)設(shè)備加入基于OpenFlow的軟件定義網(wǎng)絡(luò),在不影響數(shù)據(jù)流正常轉(zhuǎn)發(fā)的基礎(chǔ)上,對網(wǎng)絡(luò)業(yè)務(wù)流精確控制和采樣??刂破黩?yàn)證采樣業(yè)務(wù)報文完整性,并針對異常報文下發(fā)流規(guī)則至OpenFlow轉(zhuǎn)發(fā)設(shè)備,對惡意篡改、偽造等異常數(shù)據(jù)流進(jìn)行轉(zhuǎn)發(fā)控制。最后,構(gòu)建基于開源BMv2的P4轉(zhuǎn)發(fā)設(shè)備和基于OpenFlow的Open vSwitch轉(zhuǎn)發(fā)設(shè)備的轉(zhuǎn)發(fā)驗(yàn)證原型,并構(gòu)建仿真網(wǎng)絡(luò)進(jìn)行實(shí)驗(yàn)。實(shí)驗(yàn)結(jié)果表明,該機(jī)制能夠有效檢測業(yè)務(wù)報文篡改、偽造等轉(zhuǎn)發(fā)異常行為,與同類驗(yàn)證機(jī)制相比,在安全驗(yàn)證處理開銷保持不變的情況下,能夠?qū)崿F(xiàn)更細(xì)粒度的業(yè)務(wù)流精確控制采樣和更低的轉(zhuǎn)發(fā)時延。

  • 圖  1  體系結(jié)構(gòu)

    圖  2  密碼標(biāo)識結(jié)構(gòu)圖

    圖  3  轉(zhuǎn)發(fā)驗(yàn)證過程

    圖  4  控制程序流程圖

    圖  5  轉(zhuǎn)發(fā)處理模塊處理過程

    圖  6  實(shí)驗(yàn)拓?fù)鋱D

    圖  7  轉(zhuǎn)發(fā)延遲CDF

    圖  8  檢測漏報率

    圖  9  控制器處理時間

    表  1  不同機(jī)制特點(diǎn)比較

    機(jī)制采樣設(shè)備及粒度驗(yàn)證設(shè)備及驗(yàn)證開銷轉(zhuǎn)發(fā)時延實(shí)現(xiàn)功能
    機(jī)制1(文獻(xiàn)[9])任意OpenFlow交換機(jī),OpenFlow匹配字段控制器,0.15 ms33.17 ms(3層樹形結(jié)構(gòu))定位并檢測偽造、篡改報文
    機(jī)制2(文獻(xiàn)[12])任意OpenFlow交換機(jī),OpenFlow匹配字段交換機(jī),遠(yuǎn)大于其它33.65 ms(4層Fattree結(jié)構(gòu))檢測偽造、篡改報文
    本文機(jī)制P4交換機(jī),自定義匹配字段控制器,0.19 ms0.83 ms(3臺OpenFlow轉(zhuǎn)發(fā)設(shè)備和1臺P4轉(zhuǎn)發(fā)設(shè)備)檢測偽造、篡改報文
    下載: 導(dǎo)出CSV
  • MCKEOWN N. Software-defined networking[J]. INFOCOM Keynote Talk, 2009, 17(2): 30–32.
    PALIWAL M, SHRIMANKAR D, and TEMBHURNE O. Controllers in SDN: A review report[J]. IEEE Access, 2018, 6: 36256–36270. doi: 10.1109/ACCESS.2018.2846236
    KARAKUS M and DURRESI A. Economic viability of Software Defined Networking (SDN)[J]. Computer Networks, 2018, 135: 81–95. doi: 10.1016/j.comnet.2018.02.015
    GAO Shang, LI Zecheng, XIAO Bin, et al. Security threats in the data plane of software-defined networks[J]. IEEE Network, 2018, 32(4): 108–113. doi: 10.1109/MNET.2018.1700283
    DARGAHI T, CAPONI A, AMBROSIN M, et al. A survey on the security of stateful SDN data planes[J]. IEEE Communications Surveys & Tutorials, 2017, 19(3): 1701–1725. doi: 10.1109/COMST.2017.2689819
    RANA D S, DHONDIYAL S A, and CHAMOLI S K. Software Defined Networking (SDN) challenges, issues and solution[J]. International Journal of Computer Sciences and Engineering, 2019, 7(1): 884–889. doi: 10.26438/ijcse/v7i1.884889
    SHAGHAGHI A, KAAFAR M A, BUYYA R, et al. Software-Defined Network (SDN) data plane security: Issues, solutions and future directions[EB/OL]. https://arxiv.org/pdf/1804.00262.pdf, 2018.
    OPEN Networking Foundation. OpenFlow switch specification version 1.4.0[EB/OL]. https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.4.0.pdf, 2013.
    王首一, 李琦, 張?jiān)? 輕量級的軟件定義網(wǎng)絡(luò)數(shù)據(jù)包轉(zhuǎn)發(fā)驗(yàn)證[J]. 計(jì)算機(jī)學(xué)報, 2019, 42(1): 176–189. doi: 10.11897/SP.J.1016.2019.00176

    WANG Shouyi, LI Qi, and ZHANG Yun. LPV: Lightweight packet forwarding verification in SDN[J]. Chinese Journal of Computers, 2019, 42(1): 176–189. doi: 10.11897/SP.J.1016.2019.00176
    SHIN S and GU Guofei. CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?)[C]. The 20th IEEE International Conference on Network Protocols, Austin, USA, 2012: 1–6. doi: 10.1109/ICNP.2012.6459946.
    SASAKI T, PAPPAS C, LEE T, et al. SDNsec: Forwarding accountability for the SDN data plane[C]. The 25th IEEE International Conference on Computer Communication and Networks, Waikoloa, USA, 2016: 1–10. doi: 10.1109/ICCCN.2016.7568569.
    秦晰, 唐國棟, 常朝穩(wěn), 等. 軟件定義網(wǎng)絡(luò)中基于密碼標(biāo)識的報文轉(zhuǎn)發(fā)驗(yàn)證機(jī)制[J]. 電子與信息學(xué)報, 2018, 40(9): 2042–2049. doi: 10.11999/JEIT171226

    QIN Xi, TANG Guodong, CHANG Chaowen, et al. Packet forwarding authentication mechanism based on cipher identification in software-defined network[J]. Journal of Electronics &Information Technology, 2018, 40(9): 2042–2049. doi: 10.11999/JEIT171226
    BOSSHART P, DALY D, GIBB G, et al. P4: Programming protocol-independent packet processors[J]. ACM SIGCOMM Computer Communication Review, 2014, 44(3): 87–95. doi: 10.1145/2656877.2656890
    The P4 Language Consortium. The P4 language specification version 1.0.5[EB/OL]. https://p4lang.github.io/p4-spec/p4-14/v1.0.5/tex/p4.pdf, 2018.
    PRAJAPATI A, SAKADASARIYA A, and PATEL J. Software defined network: Future of networking[C]. The 2nd IEEE International Conference on Inventive Systems and Control, Coimbatore, India, 2018: 1351-1354. doi: 10.1109/ICISC.2018.8399028.
    Defense Advanced Research Projects Agency. RFC 791: Internet protocol[EB/OL]. http://www.faqs.org/rfcs/rfc791.html, 1981.
    Ryu Development Team. Ryu documentation release 4.30[EB/OL]. https://ryu.readthedocs.io/en/latest/library_packet.html, 2019.
    CASADO M, FREEDMAN M J, PETTIT J, et al. Ethane: Taking control of the enterprise[C]. 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Kyoto, Japan, 2007: 1–12. doi: 10.1145/1282380.1282382.
  • 加載中
圖(9) / 表(1)
計(jì)量
  • 文章訪問數(shù):  2377
  • HTML全文瀏覽量:  1050
  • PDF下載量:  138
  • 被引次數(shù): 0
出版歷程
  • 收稿日期:  2019-05-24
  • 修回日期:  2019-09-28
  • 網(wǎng)絡(luò)出版日期:  2020-01-31
  • 刊出日期:  2020-06-04

目錄

    /

    返回文章
    返回