Research On Lightweight Detection Technology Of SDN Flow Rules

As a new type of network architecture,Software-Defined Networking(SDN)is one of the important research contents that leads the future development of the network because of its huge advantages compared with the traditional network architecture.The separation of the data plane and the control plane of the SDN can effectively solve many problems existing in the network,and its unique architectural features also bring new challenges to the maintenance of its own network security.The flow rule of the SDN network is the basis for data forwarding by the SDN data plane,reflecting the internal details of the SDN network,and is the core of the SDN network.Due to the customization and refinement of its network configuration,SDN network presents different behavior characteristics and delay attributes from traditional networks.Therefore,this paper studies the detection technology of flow rules in SDN networks.This paper deeply analyzes the characteristics of SDN network.Inspired by the existing SDN network detection technology,this paper proposes an SDN network flow rule detection mechanism LDSFR based on the characteristics of SDN structure.Detailed description of the principle and simulation of LDSFR is provided.Aiming the problems existing in the LDSFR mechanism,an improved solution LDSFR-A is proposed.In addition,in order to facilitate the research of SDN detection technology,this paper also introduces the "SDN detection technology intelligent simulation system" based on Open vSwitch and Docker.The main work of this paper is as follows:1.Aiming at the detection problem of flow rules in SDN network,a lightweight flow rule detection mechanism LDSFR based on SDN network delay characteristics is proposed.The main idea of LDSFR is to observe the behavior of the packet processed by the SDN network,collect the delay information of the processed packet,and infer the existence of the flow rule matching the packet and the content of the flow rule by calculation.In order to reduce the overhead,LDSFR determines the flow rule matching field firstly to reduce the number of invalid probe packets.Then,the spatial search method is used to regularly detect the flow rule,and the next probe packet is constructed according to the detected information,so as to improve the pertinence of the detection and reduce the number of probe packets.In this thesis,the LDSFR mechanism is simulated and verified.The results show that the LDSFR mechanism can effectively detect the flow rules of the SDN network.Compared with the traditional detection methods,the LDSFR mechanism proposed in this paper has better performance on time overhead,accuracy and the number of packets required for probing.2.In order to facilitate the research of the theoretical algorithm and verification of key technologies,this thesis designs and implements the SDN detection intelligent simulation system.The simulation system mainly consists of three parts: user interface,web background and Overlay network simulation platform.The simulation platform is built by Open vSwitch,Docker and SDN controller.This simulation system uses Web software to hide the calls for backgrand program and provides a user-friendly graphical interface,which can complete a series of operations such as topology definition,simulation program call,and the simulation result analysis.