Research On SDN Key Generic Techniques

The key ideas of Software-defined Network(SDN)could be concluded as follows:(1)it decouples the tight combination of the control component and the forwarding com-ponent in the conventional network architecture and enables the control plane to instruct the forwarding plane by a southbound protocol,e.g.,OpenFlow,and(2)it centralizes the control components of a network in the control plane.These key ideas of SDN bring programmability and evolvability for the network,which will enable agile and flexible network management,simplify the implementation of network engineering projects and extremely stimulate network innovation.After these years,SDN is now widely accept-ed by academia and industry communities,and it is considered to be a promising way to reshape networks.However,along with the development of SDN from one domain to multi-domain from LAN to WAN,new problems emerge,e.g.,interconnection and collaboration among multiple SDN domains,and SDN security.To achieve further de-velopment of SDN,these frontier problems of key technologies need to be solved.Aiming at overcoming these critical problems,we conduct the following four kinds of research.(1)To avoid numerous packet losses and service disruptions during SDN inter-domain route updates,we propose a lossless method based on current SDN inter-domain routing mechanisms.The primary idea of this method is to achieve a lossless inter-domain route update by communications and collaborations among relevant domain con-trollers.The effectiveness of this method is theoretically validated,and the simulation results further indicate that this method succeeds in avoiding packet losses and maintain-ing service availability during the update even when the network sending rate is large.(2)To improve the accuracy and computational complexity of current SDN large-scale traffic matrix estimation methods,we propose a more accurate method with low computational complexity.The primary idea of this method is that:under limited mea-surement resources,it selects a low-cost method to achieve the fast accurate selection of the best original-destination(OD)flows for directly measuring,and it improves the estimation accuracy by utilizing the data of the mean value of every OD flow obtained by rotational short-time measurement of all the rest OD flows in different time.The sim-ulation results based on real-world network data indicate that the proposed method has better accuracy than the current best accurate SDN-based method and its computational complexity is small for practical deployment.(3)To enhance SDN security and deal with current and future security problems,we conceive and design a novel conceptual network security mechanism which inherits a proactive defense ability.This mechanism is based on the dynamic network configuration mechanism,and will select efficient network configuration variation strategies to prevent corresponding security threats according to the security requirements from the system,the user and the network security state.This mechanism offers a novel way to deal with security problems,and is able to evolve as the development of new security technologies.Simulation studies validate this mechanism.(4)To reduce security risks from SDN device hijacking,we propose a novel method to detect compromised SDN devices in real time.The proposed method aims at solving the detection problem of compromised SDN devices when both the controller and switch are trustless.Our primary idea is to employ backup controllers to audit the handling infor-mation of network update events collected from the primary controller and its switches,and to detect compromised devices by recognizing inconsistent or unexpected handling behaviors among the primary controller,backup controllers and switches.The effective-ness of the proposed method in enforcing security is theoretically validated.Based on our prototype implementation,our experimental results further validate the proposed method and its low costs.Our research is mainly depended on the National Basic Research Program of China,the National High Technology Research Program of China,the National Natural Science Foundation of China and the National Key Research and Development Program of China.Our research findings offer new methods and reference for the SDN research in those frontier research fields.