Please wait a minute...
FITEE
Front. Inform. Technol. Electron. Eng.  2016, Vol. 17 Issue (7): 634-646    DOI: 10.1631/FITEE.1500321
    
一种安全、高性能的软件定义网络多控制器体系结构
Huan-zhao Wang, Peng Zhang, Lei Xiong, Xin Liu, Cheng-chen Hu
Department of Computer Science and Technology, Xi'an Jiaotong University, Xi'an 710049, China; Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, Shijiazhuang 050081, China; MOE Key Laboratory for Intelligent Networks and Network Security, Xi'an Jiaotong University, Xi'an 710049, China
A secure and high-performance multi-controller architecture for software-defined networking
Huan-zhao Wang, Peng Zhang, Lei Xiong, Xin Liu, Cheng-chen Hu
Department of Computer Science and Technology, Xi'an Jiaotong University, Xi'an 710049, China; Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, Shijiazhuang 050081, China; MOE Key Laboratory for Intelligent Networks and Network Security, Xi'an Jiaotong University, Xi'an 710049, China
 全文: PDF 
摘要: 目的:控制器在软件定义网络(software-defined networking,SDN)中扮演着至关重要的角色。然而现有的SDN控制器体系结构存在单点失效、响应时延较大等问题。本文提出一种名为分布式数据存储(distributed rule store,DRS)的SDN多控制器体系结构,预先计算流表规则,并分布式缓存在不同控制器实例上。如此,每个控制器仅存储其中的一部分规则,且来自交换机的请求被分配到不同的控制器进行并行处理,从而达到减小响应时延,解决单点失效的目的。
创新点:提出一种名为DRS的软件定义网络多控制器体系结构;通过实验证明该控制器体系结果对于已有的ONOS和Floodlight控制器,数据流建立的时间更短、吞吐量更大。
方法:在控制器中预先计算网络中的流表规则,利用分布式哈希表将这些规则存储在不同的控制器实例上。每个控制器周期性地检查其他控制器中规则的完整性,防止单个控制器上规则的失效和篡改。当交换机请求流表时,系统根据控制器当前负载,将请求分配到相应控制器进行处理。
结论:本文提出的多控制体系结构可以有效保证分布式规则存储的一致性(图5);相对于已有的ONOS和Floodlight控制器,数据流建立的时间更短(图6、7),吞吐量更大(图8);多个控制器实例的负载相对均衡(图9、10)。
关键词: 软件定义网络安全多控制器分布式规则存储    
Abstract: Controllers play a critical role in software-defined networking (SDN). However, existing single-controller SDN architectures are vulnerable to single-point failures, where a controller’s capacity can be saturated by flooded flow requests. In addition, due to the complicated interactions between applications and controllers, the flow setup latency is relatively large. To address the above security and performance issues of current SDN controllers, we propose distributed rule store (DRS), a new multi-controller architecture for SDNs. In DRS, the controller caches the flow rules calculated by applications, and distributes these rules to multiple controller instances. Each controller instance holds only a subset of all rules, and periodically checks the consistency of flow rules with each other. Requests from switches are distributed among multiple controllers, in order to mitigate controller capacity saturation attack. At the same time, when rules at one controller are maliciously modified, they can be detected and recovered in time. We implement DRS based on Floodlight and evaluate it with extensive emulation. The results show that DRS can effectively maintain a consistently distributed rule store, and at the same time can achieve a shorter flow setup time and a higher processing throughput, compared with ONOS and Floodlight.
Key words: Software-defined networking (SDN)    Security    Multi-controller    Distributed rule store
收稿日期: 2015-10-07 出版日期: 2016-07-05
CLC:  TP393  
服务  
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章  
Huan-zhao Wang
Peng Zhang
Lei Xiong
Xin Liu
Cheng-chen Hu

引用本文:

Huan-zhao Wang, Peng Zhang, Lei Xiong, Xin Liu, Cheng-chen Hu. A secure and high-performance multi-controller architecture for software-defined networking. Front. Inform. Technol. Electron. Eng., 2016, 17(7): 634-646.

链接本文:

http://www.zjujournals.com/xueshu/fitee/CN/10.1631/FITEE.1500321        http://www.zjujournals.com/xueshu/fitee/CN/Y2016/V17/I7/634

[1] Gaurav Bansod, Narayan Pisharoty, Abhijit Patil. BORON:面向普适计算的超轻量低功耗加密设计[J]. Frontiers of Information Technology & Electronic Engineering, 2017, 18(3): 332-345.
[2] Shuo Wang, Jiao Zhang, Tao Huang, Jiang Liu, Yun-jie Liu, F. Richard Yu. 流追踪:一种软件定义网络中低开销的时延测量和路径追踪方法[J]. Frontiers of Information Technology & Electronic Engineering, 2017, 18(2): 206-219.
[3] Shui-qing Gong, Jing Chen, Qiao-yan Kang, Qing-wei Meng, Qing-chao Zhu, Si-yi Zhao. 面向虚拟SDN网络的高效协调映射算法[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(7): 701-716.
[4] Peng Xiao, Zhi-yang Li, Song Guo, Heng Qi, Wen-yu Qu, Hai-sheng Yu. 一种K自适应的广域网SDN控制器部署方法[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(7): 620-633.
[5] En-zhong Yang, Lin-kai Zhang, Zhen Yao, Jian Yang. 软件定义网络中采用可伸缩视频组播的视频会议系统[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(7): 672-681.
[6] Gang Xiong, Yu-xiang Hu, Le Tian, Ju-long Lan, Jun-fei Li, Qiao Zhou. 一种基于改进量子遗传算法的虚拟服务部署方法[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(7): 661-671.
[7] Mingjie Feng, Shiwen Mao, Tao Jiang. 利用软件定义网络结构提升未来无线通信网络性能的方法研究与展望[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(7): 606-619.
[8] Vignesh Renganathan Raja, Chung-Horng Lung, Abhishek Pandey, Guo-ming Wei, Anand Srinivasan. 软件定义网络组播中一种基于Subtree来进行失败检测和保护的方法[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(7): 682-700.
[9] Gao-qi He, Yi Jin, Qi Chen, Zhen Liu, Wen-hui Yue, Xing-jian Lu. 基于影子障碍物模型的真实感人群转弯行为模拟[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(3): 200-211.
[10] Gui-lin CAI, Bao-sheng WANG, Wei HU, Tian-zuo WANG. 移动目标防御:现状及特征[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(11): 1122-1153.
[11] Hong-jiang Lei, Imran Shafique Ansari, Chao Gao, Yong-cai Guo, Gao-feng Pan, Khalid A. Qaraqe. 基于generalized-K信道的SIMO的物理层安全性能分析[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(10): 1074-1084.
[12] Guang-jia Song, Zhen-zhou Ji. 匿名地址解析模型[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(10): 1044-1055.
[13] Kuo-Hui Yeh. 一套具备使用者不可追踪性的轻量化身分鉴别机制[J]. Front. Inform. Technol. Electron. Eng., 2015, 16(4): 259-271.
[14] Osama A. Khashan, Abdullah M. Zin, Elankovan A. Sundararajan. ImgFS:一种利用用户空间文件系统的图片存储透明加密技术[J]. Front. Inform. Technol. Electron. Eng., 2015, 16(1): 28-42.
[15] Shuang Tan, Yan Jia. NaEPASC:一种新颖且高效的云数据公开审计机制[J]. Front. Inform. Technol. Electron. Eng., 2014, 15(9): 794-804.