Advanced Search
Volume 42 Issue 5
Jun.  2020
Turn off MathJax
Article Contents
Zhibin ZUO, Chaowen CHANG, Xianwei ZHU. A Software-Defined Networking Packet Forwarding Verification Mechanism Based on Programmable Data Plane[J]. Journal of Electronics & Information Technology, 2020, 42(5): 1110-1117. doi: 10.11999/JEIT190381
Citation: Zhibin ZUO, Chaowen CHANG, Xianwei ZHU. A Software-Defined Networking Packet Forwarding Verification Mechanism Based on Programmable Data Plane[J]. Journal of Electronics & Information Technology, 2020, 42(5): 1110-1117. doi: 10.11999/JEIT190381

A Software-Defined Networking Packet Forwarding Verification Mechanism Based on Programmable Data Plane

doi: 10.11999/JEIT190381
Funds:  The National Natural Science Foundation of China (61572517)
  • Received Date: 2019-05-24
  • Rev Recd Date: 2019-09-28
  • Available Online: 2020-01-31
  • Publish Date: 2020-06-04
  • For the fixed and limited number of OpenFlow protocol matching fields, and the lack of effective forwarding verification mechanism for data packet forwarding in the Software-Defined Networking (SDN), a SDN packet forwarding verification mechanism based on programmable data plane is proposed. By adding a cipher identification to the data packet, the P4 forwarding device joins the OpenFlow-based SDN network to control accurately and sample network traffic flow without affecting the normal forwarding of the data flow. The controller verifies the integrity of the sampled packet, and sends flow rules to the OpenFlow forwarding device to control the abnormal data flow such as malicious tampering and forgery. Finally, the forwarding verification prototype and simulation network based on P4 forwarding device and Open vSwitch forwarding device are constructed and tested. The experimental results show that the mechanism can effectively detect the forwarding abnormal behaviors such as packet tampering and forgery. Compared with similar verification mechanisms, in the case of the same security verification processing overhead, it can achieve more fine-grained flow precise control sampling and lower forwarding delay.

  • MCKEOWN N. Software-defined networking[J]. INFOCOM Keynote Talk, 2009, 17(2): 30–32.
    PALIWAL M, SHRIMANKAR D, and TEMBHURNE O. Controllers in SDN: A review report[J]. IEEE Access, 2018, 6: 36256–36270. doi: 10.1109/ACCESS.2018.2846236
    KARAKUS M and DURRESI A. Economic viability of Software Defined Networking (SDN)[J]. Computer Networks, 2018, 135: 81–95. doi: 10.1016/j.comnet.2018.02.015
    GAO Shang, LI Zecheng, XIAO Bin, et al. Security threats in the data plane of software-defined networks[J]. IEEE Network, 2018, 32(4): 108–113. doi: 10.1109/MNET.2018.1700283
    DARGAHI T, CAPONI A, AMBROSIN M, et al. A survey on the security of stateful SDN data planes[J]. IEEE Communications Surveys & Tutorials, 2017, 19(3): 1701–1725. doi: 10.1109/COMST.2017.2689819
    RANA D S, DHONDIYAL S A, and CHAMOLI S K. Software Defined Networking (SDN) challenges, issues and solution[J]. International Journal of Computer Sciences and Engineering, 2019, 7(1): 884–889. doi: 10.26438/ijcse/v7i1.884889
    SHAGHAGHI A, KAAFAR M A, BUYYA R, et al. Software-Defined Network (SDN) data plane security: Issues, solutions and future directions[EB/OL]. https://arxiv.org/pdf/1804.00262.pdf, 2018.
    OPEN Networking Foundation. OpenFlow switch specification version 1.4.0[EB/OL]. https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.4.0.pdf, 2013.
    王首一, 李琦, 张云. 轻量级的软件定义网络数据包转发验证[J]. 计算机学报, 2019, 42(1): 176–189. doi: 10.11897/SP.J.1016.2019.00176

    WANG Shouyi, LI Qi, and ZHANG Yun. LPV: Lightweight packet forwarding verification in SDN[J]. Chinese Journal of Computers, 2019, 42(1): 176–189. doi: 10.11897/SP.J.1016.2019.00176
    SHIN S and GU Guofei. CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?)[C]. The 20th IEEE International Conference on Network Protocols, Austin, USA, 2012: 1–6. doi: 10.1109/ICNP.2012.6459946.
    SASAKI T, PAPPAS C, LEE T, et al. SDNsec: Forwarding accountability for the SDN data plane[C]. The 25th IEEE International Conference on Computer Communication and Networks, Waikoloa, USA, 2016: 1–10. doi: 10.1109/ICCCN.2016.7568569.
    秦晰, 唐国栋, 常朝稳, 等. 软件定义网络中基于密码标识的报文转发验证机制[J]. 电子与信息学报, 2018, 40(9): 2042–2049. doi: 10.11999/JEIT171226

    QIN Xi, TANG Guodong, CHANG Chaowen, et al. Packet forwarding authentication mechanism based on cipher identification in software-defined network[J]. Journal of Electronics &Information Technology, 2018, 40(9): 2042–2049. doi: 10.11999/JEIT171226
    BOSSHART P, DALY D, GIBB G, et al. P4: Programming protocol-independent packet processors[J]. ACM SIGCOMM Computer Communication Review, 2014, 44(3): 87–95. doi: 10.1145/2656877.2656890
    The P4 Language Consortium. The P4 language specification version 1.0.5[EB/OL]. https://p4lang.github.io/p4-spec/p4-14/v1.0.5/tex/p4.pdf, 2018.
    PRAJAPATI A, SAKADASARIYA A, and PATEL J. Software defined network: Future of networking[C]. The 2nd IEEE International Conference on Inventive Systems and Control, Coimbatore, India, 2018: 1351-1354. doi: 10.1109/ICISC.2018.8399028.
    Defense Advanced Research Projects Agency. RFC 791: Internet protocol[EB/OL]. http://www.faqs.org/rfcs/rfc791.html, 1981.
    Ryu Development Team. Ryu documentation release 4.30[EB/OL]. https://ryu.readthedocs.io/en/latest/library_packet.html, 2019.
    CASADO M, FREEDMAN M J, PETTIT J, et al. Ethane: Taking control of the enterprise[C]. 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Kyoto, Japan, 2007: 1–12. doi: 10.1145/1282380.1282382.
  • Cited by

    Periodical cited type(7)

    1. 周海,沈岳,李伟. SDN中DDoS攻击与防御研究综述. 网络安全技术与应用. 2025(01): 12-21 .
    2. 叶小波. 基于嵌入式及ASG技术的物联网节点捕获攻击检测系统. 计算机测量与控制. 2023(08): 77-83 .
    3. 胡睿,徐芹宝,王昌达. SDN中一种基于机器学习的DDoS入侵检测与防御方法. 计算机与数字工程. 2023(07): 1590-1596+1610 .
    4. 吴平,常朝稳,左志斌,马莹莹. 基于地址重载的SDN分组转发验证. 通信学报. 2022(03): 88-100 .
    5. 陈何雄,罗宇薇,韦云凯,郭威,杭菲璐,毛正雄,张振红,何映军,罗震宇,谢林江,杨宁. 基于区块链的软件定义网络数据帧安全验证机制. 计算机应用. 2022(10): 3074-3083 .
    6. 常朝稳,金建树,韩培胜,祝现威. 基于属性签名标识的SDN数据包转发验证方案. 通信学报. 2021(06): 131-144 .
    7. 李铭轩,曹畅,杨建军. 基于可编程网络的算力调度机制研究. 中兴通讯技术. 2021(03): 18-22+61 .

    Other cited types(11)

  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(9)  / Tables(1)

    Article Metrics

    Article views (2391) PDF downloads(138) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return