SDN数据平面中大规模流表的高性能查找方法研究

项目名称： SDN数据平面中大规模流表的高性能查找方法研究

项目编号： No.61502056

项目类型： 青年科学基金项目

立项/批准年度： 2016

项目学科： 自动化技术、计算机技术

项目作者： 熊兵

作者单位： 长沙理工大学

项目金额： 20万元

中文摘要： 软件定义网络SDN将数据转发和逻辑控制解耦，并开放网络可编程能力，极大提高了网络的灵活性和可管控性，成为近年来未来网络领域的研究热点。SDN在实际部署时，数据平面将面临OpenFlow流表规模庞大导致的数据转发性能瓶颈。现有的流表查找方法因缺乏考虑实际网络中特别是恶意攻击发生时的流量模式而难以满足实用要求。因此，本课题将从网络流量分布特性入手，围绕大规模流表查找性能展开深入研究。引入离散度概念，探究流表字段运算时的均匀性变化规律，为设计均匀性高的流表哈希函数提供理论指导；基于网络流量局部性，构建大规模流表分类管理方案，应用启发式策略优化流表项组织管理方式，显著提升流表查找性能；利用网络攻击包流特性，建立恶意流隔离缓存机制，应用近似从属查询理论快速判定流表查找结果，有效抵御网络恶意攻击。本课题的研究将在一定程度上解决OpenFlow交换机的数据转发性能瓶颈，为推进SDN的演进和发展做出贡献。

中文关键词： 软件定义网络；数据平面；OpenFlow；大规模流表；拒绝服务攻击

英文摘要： Software defined networking (SDN) has significantly improved network flexibility, manageability and controllability by decoupling data forwarding and logic control, and opening network programmability. Thus, it has become a hot topic in the field of future network. But when it comes to actual deployment, SDN data plane will face the performance bottleneck of data forwarding caused by large-scale OpenFlow flow tables. The existing flow table lookup methods are hard to satisfy practical requirements due to the lack of consideration on traffic pattern especially under malicious attacks in real networks. This project is therefore motivated to investigate the lookup performance of large-scale flow tables based on network traffic distribution characteristics. First, we will investigate the varying pattern of the uniformity of flow table fields at the time of their operations by introducing the concept of deviation index, which will provide the theoretical guidance for designing highly uniform hash functions of the flow tables. Second, we will build a classification scheme of large-scale flow tables and apply heuristic policies to optimize the organization pattern of flow table entries based on network traffic locality to dramatically improve flow table lookup performance. Finally, we will build a malicious flow separation mechanism and employ approximate membership queries to rapidly determine the search results of network attack packets in virtue of their properties, which will effectively stand against network malicious behaviors. Therefore, this project will resolve the performance bottleneck of data forwarding in OpenFlow switches to some extent, and contribute to promote the evolution and development of SDN.

英文关键词： Software defined networking;Data plane;OpenFlow;Large-scale flow tables;Denial of service attacks