Research And Implementation On Fiow Table Overflow Mitigation Technology In Software Defined Networking

Software defined networking(SDN)separates the control plane of the data plane.The forwarding devices in the data plane implement fast forwarding of packets by buffering the forwarding policies issued by the control plane.However,due to the limitation of manufacturing cost and power consumption,the hardware switch has limited cache capacity and is vulnerable to resource exhaustion attacks.The overflow of the flow table will lead to an increase in the packet delay and packet loss rate,which will affect the stability of the network and the quality of service.This thesis studies the problem of switch flow table overflow in SDN.With the goal of mitigating switch flow table overflow attacks,this thesis proposes a mitigation strategy based on rate-limiting installation of flow entries.Based on the ONOS controller,the SDN switch flow table overflow mitigation system is designed and implemented.The main research contents and research results are as follows:This thesis studies the problem of switch flow table overflow in SDN,analyzes and summarizes the relevant research results,and analyzes the cause of switch flow table overflow.This thesis proposes a mitigation strategy based on the flow table entry delay rate limit delivery mechanism.The switch flow table overflow mitigation strategy first calculates the minimum flow entry installation rate that causes the switch flow table to overflow based on the remaining space of the switch's flow table,and then determines whether a flow table overflow attack exists on the switch port based on the new flow arrival rate of the switch port Traffic,then take mitigation measures for switch ports that may have attack traffic,and take different mitigation strategies according to the position of the switch in the network topology,and finally select the forwarding path based on the remaining space in the switch flow table when issuing flow entries,with priority select a forwarding path with a sufficient remaining flow table space of the switch on the path.The experimental results show that the strategy has a lower flow table usage when the attack happens,and the controller CPU usage is less affected by the attack.A switch flow table overflow mitigation system for SDN networks is designed and implemented.The system includes six main modules:data collection,suspicious port location,flow table overflow mitigation,topology management,path selection,and data display.Finally,the function of the system was tested.