准确获取网络拓扑是软件定义网络(Software Defined Network,SDN)中控制器进行有效决策的前提,而现有拓扑发现机制难以有效应对低速率拒绝服务(Low rate Denial of Service,LDoS)攻击等行为。通过理论和实验分析LDoS攻击对SDN拓扑发现...准确获取网络拓扑是软件定义网络(Software Defined Network,SDN)中控制器进行有效决策的前提,而现有拓扑发现机制难以有效应对低速率拒绝服务(Low rate Denial of Service,LDoS)攻击等行为。通过理论和实验分析LDoS攻击对SDN拓扑发现造成的影响,提出了一种面向SDN拓扑发现的LDoS攻击防御机制TopoGuard。TopoGuard根据LDoS攻击的周期性特征,通过连续突发检测快速发现存在的疑似攻击场景,并基于主动链路识别策略避免攻击行为造成网络拓扑中断。最后,在OpenDaylight控制器上实现了TopoGuard。实验结果显示,TopoGuard能够有效检测和防御LDoS攻击行为,保证控制器获取全局拓扑信息的正确性。展开更多
the Information-Centric Networking(ICN) paradigm is proved to have the advantages of decreasing data delivery latency, enhancing user mobility, etc. However, current implementations of ICN require changing the infrast...the Information-Centric Networking(ICN) paradigm is proved to have the advantages of decreasing data delivery latency, enhancing user mobility, etc. However, current implementations of ICN require changing the infrastructure of Internet, which hinders its deployment and development. Meanwhile, Software Defined Networking(SDN) emerges as a viable solution to facilitate the deployment of new network paradigm without disrupting production traffic by decoupling the control plane from data forwarding plane. In this paper, the essential properties which reflect ICN working principles are summarized, and a framework called SDICN is designed in accordance to the SDN philosophy. The algorithmic frameworks of SDICN which can satisfy the essential properties are designed based on the programmability and virtualization functions of SDN. Based on Open Flow and data center technology, a prototype of SDICN is implemented. By comparing the performance with the CCNx, the SDICN is proved to be feasibility and availability.展开更多
软件定义网络的转发控制分离、集中控制、开放接口等特性使网络变得灵活可控,其架构得到了充分的发展.由于与各种云化业务的良好结合,软件定义网络(software defined networking,SDN)在近些年来得到了大量的商业部署.在基于OpenFlow的SD...软件定义网络的转发控制分离、集中控制、开放接口等特性使网络变得灵活可控,其架构得到了充分的发展.由于与各种云化业务的良好结合,软件定义网络(software defined networking,SDN)在近些年来得到了大量的商业部署.在基于OpenFlow的SDN架构中,为了实现流表项的快速查找、掩码匹配等目标,商业部署的硬件交换机大多使用三态内容寻址存储器(ternary content addressable memory,TCAM)来存储控制器下发的流表项.但受限于TCAM的容量和价格,目前商用OpenFlow交换机至多能支持存储数万条流表项,导致其存在因突发流和流表攻击等原因而产生流表溢出问题,严重影响了网络性能.因此,如何建立高效的流表溢出缓解机制引起了研究人员的广泛关注.首先对OpenFlow交换机流表溢出问题产生的原因及其影响进行了分析,在此基础上按照流量突发和攻击行为2种情况归纳对比了流表溢出缓解技术的研究现状,总结分析了现有研究存在的问题与不足,并展望了未来的发展方向和面临的挑战.展开更多
文摘准确获取网络拓扑是软件定义网络(Software Defined Network,SDN)中控制器进行有效决策的前提,而现有拓扑发现机制难以有效应对低速率拒绝服务(Low rate Denial of Service,LDoS)攻击等行为。通过理论和实验分析LDoS攻击对SDN拓扑发现造成的影响,提出了一种面向SDN拓扑发现的LDoS攻击防御机制TopoGuard。TopoGuard根据LDoS攻击的周期性特征,通过连续突发检测快速发现存在的疑似攻击场景,并基于主动链路识别策略避免攻击行为造成网络拓扑中断。最后,在OpenDaylight控制器上实现了TopoGuard。实验结果显示,TopoGuard能够有效检测和防御LDoS攻击行为,保证控制器获取全局拓扑信息的正确性。
基金supported by the State Key Development Program for Basic Research of China under Grant No.2012CB315806National Natural Science Foundation of China(No.61379149,No.61402521 and No.61103225)+1 种基金Natural Science Foundation of Jiangsu(BK 20140070,BK20140068)Jiangsu Future Network Innovation Institute Research Project on Future Networks(BY2013095-1-06)
文摘the Information-Centric Networking(ICN) paradigm is proved to have the advantages of decreasing data delivery latency, enhancing user mobility, etc. However, current implementations of ICN require changing the infrastructure of Internet, which hinders its deployment and development. Meanwhile, Software Defined Networking(SDN) emerges as a viable solution to facilitate the deployment of new network paradigm without disrupting production traffic by decoupling the control plane from data forwarding plane. In this paper, the essential properties which reflect ICN working principles are summarized, and a framework called SDICN is designed in accordance to the SDN philosophy. The algorithmic frameworks of SDICN which can satisfy the essential properties are designed based on the programmability and virtualization functions of SDN. Based on Open Flow and data center technology, a prototype of SDICN is implemented. By comparing the performance with the CCNx, the SDICN is proved to be feasibility and availability.