| Software-Defined Networking(SDN)has become one of the most important network architectures since it simplifies network management and strengthens network innovation.It has been gradually deployed in data center interconnection and wide area network in recent years,aiming to reduce network complexity and operation costs,improve network flexibility and automation level.Currently,Software-Defined Data Center Interconnection(SD-DCI)and Software-Defined Wide Area Network(SD-WAN)are the two hot topics in SDN research.This new application trend of SDN puts forward new requirements,i.e.,controller,which is the core component,should meet the capacity and security requirements for managing the large scale network.Many studies on the scalability and security of SDN controller have been conducted in the past years,such as the dynamic mapping of the control plane and the data plane to improve the flexibility of the control plane,deploying multiple controllers to enhance robustness and security.However,there are two main issues in the current research and need to be improved.One is about the scalability,the load imbalance of the control plane is not only reflected in the different controller instances,but also may exists between different types of resources inside one controller instance.Another issue is about security,the simple deployment of multiple controllers cannot resist attacks,the reusable attacks are not eliminated as well.This research topic focuses on the scalability and security of the control plane,mainly studies the fine-grained elastic control plane and the diverse security control plane.Firstly,this paper models the controller as a multi-dimensional resource entity.Due to the different resource requirements of the controller,construct a resource utilization maximization problem model,and propose a game-based algorithm to solve the model.Secondly,control plane strategy is modeled as a formalized knowledge base,and we construct a strategy conflict resolution system based on expert reasoning,moreover,for the conflicts that cannot be resolved,a game model is established to guide the selection of strategy.Last but not least,study the diversity of the control plane architecture to avoid the reusability of the attack.Specifically,the main research are as follows:1.Aiming at the load imbalance of different types of resources inside a single controller instance of the distributed control plane,this paper proposes a fine-grained elastic control plane for the load balance of resource utilization,and a game decision mechanism for dynamic migration switch.First,under the constraint of multiple resource dimensions,the switch migration decision is modeled as a centralized resource utilization maximization problem.Secondly,inspired by the multi-player decision-making method in the non-central model,the problem is modeled from the perspective of game theory,and the non-central algorithm is designed to obtain the approximate optimal solution.The numerical result shows that,the proposed method can fully utilize the available resources in the control plane.2.Aiming at the need for automatic analysis of strategy conflict on SDN control plane,especially the conflict issue in policy configuration or composition,this paper proposes a conflict resolution method based on inference system for OpenFlow network strategy.Firstly,this paper formalizes the strategy and builds the knowledge base,and designs the multi-granularity reasoning rules by using header field,flow pattern and flow space.Second,the strategy conflict is divided into lossless and lossy in order to solve the strategic conflict.In the lossless way,the reasoning engine can resolve conflicts caused by compatible policies,while in the lossy way,the completely incompatible strategy is modeled as a game participant,and a game theory is used to optimally select the strategy.The numerical simulation validates the game-based conflict resolution method.3.Concerning the vulnerability of the homogeneity of the distributed control plane to waterfall attack,a control plane placement method oriented to security and resilience was proposed proceeded from the biological diversity.First,the probability model of attackers was established based on the assumption that homogeneous controllers have similar flaws.Then,the heterogeneity placement problem was formalized to be an integral linear programming(ILP)problem.Considering the tradeoff between the optimal solution and time consumption,we designed an optimal algorithm for small network size and a greedy algorithm which can only get near optimum solution for large network size.Finally,a comparison of the performance of the optimal algorithm,the greedy algorithm and the random placement algorithm was conducted on variety of topologies,based on which the resilience of the heterogeneous control plane and the performance of the greedy algorithm was verified.4.Concerning the vulnerability of a single controller in the distributed control plane,a control plane parallel decision framework based on heterogeneous redundancy was presented.First,we built heterogeneous redundant controller nodes,configure multiple heterogeneous controller instances for each switch device,and aggregate the output of the multi-controller to the decision maker output.Thus,the controller instances are independent of each other and can effectively avoid Byzantine attacks.Secondly,the above architecture is modeled as a parallel distributed fusion model.The decision maker as its core component,in the case that the controller instance is given,its decision rules determine the attack tolerance performance of the overall structure.Based on that,this paper presents a zero-sum game model,which models the attacker and judgment as a game model between the attacker and judgment in the framework,and using nash equilibrium solution to guide the design of optimal decision rules.The numerical experiments prove that the proposed optimal decision rule based on game theory outperforms the decision rules of large number in terms of the defense capabilities towards attack. |
PDF Full Text Request