| Citation: | Zhibin ZUO, Chaowen CHANG, Xianwei ZHU. A Software-Defined Networking Packet Forwarding Verification Mechanism Based on Programmable Data Plane[J]. Journal of Electronics & Information Technology, 2020, 42(5): 1110-1117. doi: 10.11999/JEIT190381
|
For the fixed and limited number of OpenFlow protocol matching fields, and the lack of effective forwarding verification mechanism for data packet forwarding in the Software-Defined Networking (SDN), a SDN packet forwarding verification mechanism based on programmable data plane is proposed. By adding a cipher identification to the data packet, the P4 forwarding device joins the OpenFlow-based SDN network to control accurately and sample network traffic flow without affecting the normal forwarding of the data flow. The controller verifies the integrity of the sampled packet, and sends flow rules to the OpenFlow forwarding device to control the abnormal data flow such as malicious tampering and forgery. Finally, the forwarding verification prototype and simulation network based on P4 forwarding device and Open vSwitch forwarding device are constructed and tested. The experimental results show that the mechanism can effectively detect the forwarding abnormal behaviors such as packet tampering and forgery. Compared with similar verification mechanisms, in the case of the same security verification processing overhead, it can achieve more fine-grained flow precise control sampling and lower forwarding delay.
|
MCKEOWN N. Software-defined networking[J]. INFOCOM Keynote Talk, 2009, 17(2): 30–32.
|
|
PALIWAL M, SHRIMANKAR D, and TEMBHURNE O. Controllers in SDN: A review report[J]. IEEE Access, 2018, 6: 36256–36270. doi: 10.1109/ACCESS.2018.2846236
|
|
KARAKUS M and DURRESI A. Economic viability of Software Defined Networking (SDN)[J]. Computer Networks, 2018, 135: 81–95. doi: 10.1016/j.comnet.2018.02.015
|
|
GAO Shang, LI Zecheng, XIAO Bin, et al. Security threats in the data plane of software-defined networks[J]. IEEE Network, 2018, 32(4): 108–113. doi: 10.1109/MNET.2018.1700283
|
|
DARGAHI T, CAPONI A, AMBROSIN M, et al. A survey on the security of stateful SDN data planes[J]. IEEE Communications Surveys & Tutorials, 2017, 19(3): 1701–1725. doi: 10.1109/COMST.2017.2689819
|
|
RANA D S, DHONDIYAL S A, and CHAMOLI S K. Software Defined Networking (SDN) challenges, issues and solution[J]. International Journal of Computer Sciences and Engineering, 2019, 7(1): 884–889. doi: 10.26438/ijcse/v7i1.884889
|
|
SHAGHAGHI A, KAAFAR M A, BUYYA R, et al. Software-Defined Network (SDN) data plane security: Issues, solutions and future directions[EB/OL]. https://arxiv.org/pdf/1804.00262.pdf, 2018.
|
|
OPEN Networking Foundation. OpenFlow switch specification version 1.4.0[EB/OL]. https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.4.0.pdf, 2013.
|
|
王首一, 李琦, 张云. 轻量级的软件定义网络数据包转发验证[J]. 计算机学报, 2019, 42(1): 176–189. doi: 10.11897/SP.J.1016.2019.00176
WANG Shouyi, LI Qi, and ZHANG Yun. LPV: Lightweight packet forwarding verification in SDN[J]. Chinese Journal of Computers, 2019, 42(1): 176–189. doi: 10.11897/SP.J.1016.2019.00176
|
|
SHIN S and GU Guofei. CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?)[C]. The 20th IEEE International Conference on Network Protocols, Austin, USA, 2012: 1–6. doi: 10.1109/ICNP.2012.6459946.
|
|
SASAKI T, PAPPAS C, LEE T, et al. SDNsec: Forwarding accountability for the SDN data plane[C]. The 25th IEEE International Conference on Computer Communication and Networks, Waikoloa, USA, 2016: 1–10. doi: 10.1109/ICCCN.2016.7568569.
|
|
秦晰, 唐国栋, 常朝稳, 等. 软件定义网络中基于密码标识的报文转发验证机制[J]. 电子与信息学报, 2018, 40(9): 2042–2049. doi: 10.11999/JEIT171226
QIN Xi, TANG Guodong, CHANG Chaowen, et al. Packet forwarding authentication mechanism based on cipher identification in software-defined network[J]. Journal of Electronics &Information Technology, 2018, 40(9): 2042–2049. doi: 10.11999/JEIT171226
|
|
BOSSHART P, DALY D, GIBB G, et al. P4: Programming protocol-independent packet processors[J]. ACM SIGCOMM Computer Communication Review, 2014, 44(3): 87–95. doi: 10.1145/2656877.2656890
|
|
The P4 Language Consortium. The P4 language specification version 1.0.5[EB/OL]. https://p4lang.github.io/p4-spec/p4-14/v1.0.5/tex/p4.pdf, 2018.
|
|
PRAJAPATI A, SAKADASARIYA A, and PATEL J. Software defined network: Future of networking[C]. The 2nd IEEE International Conference on Inventive Systems and Control, Coimbatore, India, 2018: 1351-1354. doi: 10.1109/ICISC.2018.8399028.
|
|
Defense Advanced Research Projects Agency. RFC 791: Internet protocol[EB/OL]. http://www.faqs.org/rfcs/rfc791.html, 1981.
|
|
Ryu Development Team. Ryu documentation release 4.30[EB/OL]. https://ryu.readthedocs.io/en/latest/library_packet.html, 2019.
|
|
CASADO M, FREEDMAN M J, PETTIT J, et al. Ethane: Taking control of the enterprise[C]. 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Kyoto, Japan, 2007: 1–12. doi: 10.1145/1282380.1282382.
|
| 1. | 周海,沈岳,李伟. SDN中DDoS攻击与防御研究综述. 网络安全技术与应用. 2025(01): 12-21 .  | |
| 2. | 叶小波. 基于嵌入式及ASG技术的物联网节点捕获攻击检测系统. 计算机测量与控制. 2023(08): 77-83 . | |
| 3. | 胡睿,徐芹宝,王昌达. SDN中一种基于机器学习的DDoS入侵检测与防御方法. 计算机与数字工程. 2023(07): 1590-1596+1610 . | |
| 4. | 吴平,常朝稳,左志斌,马莹莹. 基于地址重载的SDN分组转发验证. 通信学报. 2022(03): 88-100 . | |
| 5. | 陈何雄,罗宇薇,韦云凯,郭威,杭菲璐,毛正雄,张振红,何映军,罗震宇,谢林江,杨宁. 基于区块链的软件定义网络数据帧安全验证机制. 计算机应用. 2022(10): 3074-3083 . | |
| 6. | 常朝稳,金建树,韩培胜,祝现威. 基于属性签名标识的SDN数据包转发验证方案. 通信学报. 2021(06): 131-144 . | |
| 7. | 李铭轩,曹畅,杨建军. 基于可编程网络的算力调度机制研究. 中兴通讯技术. 2021(03): 18-22+61 . |
Figures(9) / Tables(1)
Zhibin ZUO, Chaowen CHANG, Xianwei ZHU. A Software-Defined Networking Packet Forwarding Verification Mechanism Based on Programmable Data Plane[J]. Journal of Electronics & Information Technology, 2020, 42(5): 1110-1117. doi: 10.11999/JEIT190381
DownLoad:
