Research On Control Information Consistency Detection Technology In Software Defined Networking

The introduction of Software Defined Networking(SDN)brings new development directions for computing networks.It separates the control layer of the traditional network from the data forwarding layer.The control layer provides the status of the data plane device to the application layer through the northbound interface,and directs packet forwarding through the southbound interface.While software defined networking simplifies network management,it also brings new security threats to the network.As user requirements become more and more complex,the number of applications will continue to increase on the network.When multiple applications formulate forwarding strategies for the same network,conflicts may occur between multiple policies,and resulting in conflicts in compilation flow rules;if switches have hardware or software failures,data layer devices are not updated in time,the specific forwarding behavior of the data layer may be inconsistent with the configuration of the control layer.These are many security issues that should draw wide attention from all walks of life.The main research contents of this thesis are as follows:(1)Aiming at the conflict of control layer flow rules,a transaction-based consistency verification model(TCVM)is proposed.The detection model is implemented by the cooperation of the application layer and the data layer.First,the TCVM model assigns a transaction id and priority to each network function which is generated by the application;second,if the application is not a malicious program,TCVM assigns a public key and a private key to each network function,which is used for the signature certification of each transaction.The signature authentication is to ensure that the policy formulated by the program has not been maliciously changed maliciously changed when there is a communication between the data layer and the control layer;third,the control layer performs conflict detection on the flow rule sets that were generated by the applications.If a conflict occurs,the conflicting strategy should be repaired;if there is no conflict,the flow rule sets will be sent to the data layer for packet forwarding.Finally,a simulation experiment was conducted on Mininet.The experimental results show that the TCVM model can quickly detect conflicting flow rules in the network and repair the conflicting flow rules in real time.(2)In view of the inconsistent flow rules between the control plane and data plane in software-defined networks,a VeriC consistency detection model is proposed.First,the data packet is sampled on the ingress switch;then,a label field is added to the sampled data packet to record the forwarding of the data packet,and the updated actual label value is uploaded to the control plane;finally,the verification algorithm determines whether the actual forwarding path of the packet meets the consistency check.If the consistency check is not satisfied,the faulty switch is located by comparing the actual label value with the correct label value.Finally,after experimenting with the NS-3 simulator,it is determined that the VeriC detection model can not only perform consistency detection,but also accurately locate the problem switch.