SDN Data Plane Rules Quickly Update Mechanism And Application Layer Protocol Recognition System

A key advantage of software-defined networking is the granular management of network traffic by performing specific operations based on the inspection and matching of various packet fields.However,current network forwarding devices limit the fields checked to Layer 2-4 headers and require the data packets to be passed to the controller for further identification when processing traffic using higher-level information.While this approach is easy to implement,secondary applications in the controller require remote packet processing,a process that introduces additional processing delays.Therefore,this paper presents an SDN architecture that data plane supports regex engine to efficiently process data traffic,and uses the rule set of regular expression delivered from the controller to check the payload of data packet locally in the data plane.However,another problem introduced here is that recompiling a collection of rules is time-consuming when the regular expression rule set is updated,which delays the forwarding of the data plane.To this end,we also proposed an incremental construction of DFA algorithm.Compared with the traditional algorithm of subset construction,this algorithm improves the compilation speed by more than 98%,and solves the problem of time consuming compilation of rulesets in data plane.The main innovation and work content of the dissertation are as follows:1.Most of the foreign research on SDN application awareness,through the controller to the data stream application layer intelligence analysis and then sent the decision to the data plane for further processing,which not only consumes the controller's processing resources,But also increased the data flow processing delay.In response to this problem,we propose an SDN application aware architecture that incorporates a regular expression engine in the data plane to enable intelligent application layer analysis and fast decision processing.2.We study the traditional regular expression matching compilation process,and draw a conclusion that the subset construction from NFA to DFA is the time bottleneck of the whole compilation,which takes more than 90%of compilation time.In view of this,we optimize the process of constructing subsets,and propose incremental construction of DFA algorithm,including incremental rule construction and delete rule construction,which can solve the problem by keeping the intermediate state and avoiding the repeated compilation of compiled rules DFA compilation process changes a lot of time to compile the issue of the rules.3.Through the C++ programming simulation incremental update rules data plane application layer protocol recognition system,we wrote a total of more than 2500 lines of C++ code to simulate the switch through a separate process and call the pthread to complete the exchange of internal communications,combined with the network queuing model and took theoretical analysis.During the experiment,different data traffic is differentiated by the application layer protocol recognition engine combined with the scheduling model of classified queue,and finally the designated traffic is accelerated and forwarded to ensure its service quality.