Research And Implementation Of Cross-protocol Identifier Mapping System Based On P4

With the continuous expansion of the number of users and the scale of applications in the network,new protocols for specific scenarios are emerging.The traditional network architecture has many disadvantages in scalability and other aspects.In order to support the cross-protocol transmission of data packets in the network and solve the problem of semantic overload of IP addresses in traditional networks,a complete mapping system is needed to control the cross-protocol transmission of data packets.However,in the existing mapping system,it is not compatible with various network protocols,and it's not scalable for new protocols that may appear in the future.It's impossible to issue encryption strategies of different security levels according to the degree of data packet confidentiality.The mapping entries in the system have been solidified in advance,and the strategy of the forwarding device cannot be customized according to user needs.In response to the above problems,this paper relies on the laboratory's cross-protocol transmission project based on P4 programmable technology,and proposes a cross-protocol identification mapping system based on P4.This system can solve the problem of IP semantic overload in the traditional network,and can also centralize the control functions dispersed in different gateway devices.This system can be used for decision making,instruction issuance and other operations,and it supports the safe transmission of data packets in the core network of various types of protocols.The specific work is as follows:First,this paper outlines the design requirements of the mapping system and gives the overall design of the system.After detailed analysis of the system's communication signaling process,this paper proposes a cross-protocol forwarding mapping scheme to support cross-protocol transmission of data packets in the data plane.This paper designs an address allocation mapping module and a cross-protocol forwarding mapping module in the cross-protocol forwarding mapping scheme.This paper proposes a cross-protocol security mapping scheme,in order to deliver different security policies and obfuscate and encrypt data packets in the data plane according to user needs or traffic content.This paper designs obfuscation encryption strategy and obfuscation encryption mapping module in the cross-protocol security mapping scheme.Secondly,this paper combines cross-protocol forwarding mapping scheme and cross-protocol security mapping scheme in the ONOS controller in combination with the related design of each module function.This paper maintains the newly accessed user information by establishing a subnet list,establishes an address allocation mapping table and a cross-protocol forwarding mapping table to maintain information such as packet source address,destination address and cross-protocol forwarding tunnel configuration addresses.When the user requests communication in the access network,the mapping system calls the cross-protocol forwarding mapping module,and sends the information such as the address configuration of the cross-protocol forwarding of the data packet to the P4 access gateway device to complete the cross-protocol transmission of the data packet.This paper establishes the obfuscation encryption mapping table,matches the mapping entries in the obfuscation encryption mapping table after identifying user needs or traffic content,and delivers the security policy to the P4 access gateway device.After receiving the security encryption instruction issued by the mapping system,the P4 access gateway device confuses the TCP sequence number of the data packet to realize the secure transmission of the data.Finally,based on the mapping system,this paper verifies and analyzes the functional realization of the cross-protocol forward mapping module and cross-protocol security mapping module in the system.The experimental results show that the functions of each module in the system can be realized.In addition,the cross-protocol identification mapping system designed in this paper supports data plane cross-protocol forwarding of data packets on the premise of ensuring transmission delay and transmission bandwidth.Under the premise of ensuring encryption overhead and network performance,the security of data packets with different degrees of confidentiality in the network is guaranteed during transmission.