Research On Topology Discovery And Protection Method In Software Defined Network

Software-Defined Network(SDN)is a new type of network architecture which decouples control function and forwarding function of the traditional network,and the controller configures and manages the entire network completely.Network topology is basic for controller to operate the network.Existing SDN topology discovery protocol has low efficiency,lack of security mechanisms,and is vulnerable to network topology pollution attacks,affecting the normal operation of the SDN network,and causing network paralysis.Aiming at the efficiency and security issues in the current Open Flow topology discovery protocol(OFDP),an improved SDN topology discovery mechanism Im-OFDP is proposed,which mainly includes topology discovery mechanism and topology protection method.Aiming at the problem of the large number of messages sent by the controller,a link discovery algorithm based on the idea of a minimum vertex cover algorithm is designed,and a multi-level flow table is used to control message forwarding and reduce the number of messages sent during the topology discovery process.Aiming at the problem of the large number of packets received by the controller,the Im-OFDP link analysis rule and link merging mechanism are designed so that each link analysis only needs one data packet,which reduces the number of the controller analysis packets.Aiming at the problem of link forgery attacks,a detection technology based on port filtering,packet checking and link port reuse is designed to protect the security of the link.Aiming at the problem of device forgery attacks,a detection technology based on device registration verification is designed to prevent host forgery and switch forgery attacks,and to protect the security of network devices.Experiments use POX as controller and Mininet to build a SDN network simulation platform.Results show that compared to OFDP,the number of packet-out and packet-in packets used by Im-OFDP is reduced by more than 70% on average on the same scale network.It can resist various network topology pollution attacks,such as link forgery and hosts replay.Compared with other improved methods(OFDPv2,LADP,OFDP-PD,etc.),Im-OFDP has obvious characteristics of high efficiency and strong security.However,how to calculate a better set of backbone switches and how to defend against more types of topological attacks remains to be further studied.