跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 曾彥綸
Yen-Lun Tseng
論文名稱: 在軟體定義網路中範圍編碼基礎之網路驗證
Range Encoding-Based Network Verification in SDN
指導教授: 張貴雲
Guey-Yun Chang
口試委員:
學位類別: 碩士
Master
系所名稱: 資訊電機學院 - 資訊工程學系
Department of Computer Science & Information Engineering
論文出版年: 2015
畢業學年度: 103
語文別: 中文
論文頁數: 40
中文關鍵詞: 軟體定義網路網路驗證範圍編碼三態內容尋址儲存器
外文關鍵詞: Software-defined Networks, Network Verification, Range Encoding, Ternary Content Addressable Memory
相關次數: 點閱:10下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 現代的網路由於具有高度的複雜性,所以常常導致許多意外的錯誤網路行為。現有方法利用存於交換器內的資料層資訊來驗證網路行為,都需要利用很久的時間來驗證,以至於當錯誤發生時無法提供即時的防護。目前最大的挑戰在於,如何在最短的時間內驗證出網路的行為是否出錯,否則將會使網路的效能大大的降低。在這份論文中,我們提出了一個方法可以達到快速的驗證網路行為。我們可以找出由軟體定義網路的控制器中發出的錯誤規則並且阻止其進入並運行在資料層,避免造成了異常的網路錯誤行為,達到了及時的防護效果。經由利用現行網路的規則資料庫來實驗,我們發現我們的方法較之前的方法能夠達到更快的驗證時間。

    Modern networks are complex and prone to a lots of failures. Existing approach that verify data-plane information operate offline at timescales of seconds to hours, thus cannot detect or prevent failures as they arise. The main challenge here is to achieve extremely low latency during the verification so that network performance is not affected. In this thesis, we present our work, which achieves this goal. Our work find faulty rules issued by SDN applications, and optionally prevent them from reaching the data plane of network and causing anomalous network behavior in a quick time to provide live protection. With the help of experiments using a real world network rule sets, we found that our method is capable of processing rule update and verification in short time.

    中文摘要i Abstract ii 致謝iii Contents iv List of Figures vi List of Tables viii 1 Introduction 1 2 Related Work 6 2.1 Network Verification 6 2.1.1 Configuration Analysis 6 2.1.2 Data Plane Analysis 7 2.1.3 Packet-based Testing 8 2.1.4 Data Plane Verification 9 2.2 Range Encoding for Range Rules 10 3 Preliminary 12 3.1 Software Defined Network 12 3.2 OpenFlow Rules with Range Field 13 3.3 Equivalence Class 13 3.4 System Overview 14 4 The Proposed Algorithm 15 4.1 Prefix Field Encoding 15 4.1.1 Bit Vector Assignment 16 4.1.2 Result Vector of ECs 17 4.1.3 Ternary Match Condition of Prefix Rules 19 4.1.4 Rules Covered of the Given EC 20 4.1.5 Prefix Rule Delete 20 4.1.6 Performance of PFE 21 4.2 Range Field Encoding 22 4.2.1 Basic Concept of RFE 22 4.2.2 Range Rule Insertion 24 4.2.3 Range Rule Delete 25 4.2.4 Performance of RFE 27 4.3 Hardware Implementation 28 5 Verification 29 6 Simulation 32 6.1 Hybrid Rule Performance 32 6.2 Prefix Rule Performance 33 6.3 Range Rule Performance 34 7 Conclusion 36 Bibliography 37

    [1] Troubleshooting the network survey. http://eastzone.github.com/atpg/docs/NetDebugSurvey.pdf, 2012.
    [2] Z. Kerravala. As the value of enterprise networks escalates, so does the need for configuration management. Enterprise Computing and Networking, The Yankee Group, January 2004.
    [3] Openflow. https://www.opennetworking.org/index.php.
    [4] Nox. http://www.noxrepo.org/.
    [5] Floodlight. http://www.projectfloodlight.org/floodlight/.
    [6] Ryu. http://osrg.github.io/ryu/.
    [7] Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Brighten Godfrey, and Samuel Talmadge King. Debugging the data plane with anteater. In Proceedings
    of the 2011 ACM Conference on SIGCOMM, SIGCOMM ’11, pages 290–301, New York, NY, USA, 2011. ACM.
    [8] Nick Feamster and Hari Balakrishnan. Detecting bgp configuration faults with static analysis. In Proceedings of the 2nd USENIX Conference on Networked Systems Design and Implementation, NSDI’05, pages 43–56, Berkeley, CA, USA, 2005. USENIX Association.
    [9] Peyman Kazemian, George Varghese, and Nick McKeown. Header space analysis: Static checking for networks. In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, NSDI’12, pages 9–9, Berkeley, CA, USA, 2012. USENIX Association.
    [10] A.X. Liu and A.R. Khakpour. Quantifying and verifying reachability for access controlled networks. Networking, IEEE/ACM Transactions on, 21(2):551–565, April 2013.
    [11] Hongyi Zeng, P. Kazemian, G. Varghese, and N. McKeown. Automatic test packet generation. Networking, IEEE/ACM Transactions on, 22(2):554–566, April 2014.
    [12] Peyman Kazemian, Michael Chang, Hongyi Zeng, George Varghese, Nick McKeown, and Scott Whyte. Real time network policy checking using header space analysis. In Proceedings of the 10th USENIX Conference on Networked Systems Design and Implementation, NSDI’13, pages 99–112, Berkeley, CA, USA, 2013. USENIX Association.
    [13] Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P. Brighten Godfrey. Veriflow: Verifying network-wide invariants in real time. In Proceedings of
    the 10th USENIX Conference on Networked Systems Design and Implementation, NSDI’13, pages 15–28, Berkeley, CA, USA, 2013. USENIX Association.
    [14] Z.M. Mao, D. Johnson, J. Rexford, J. Wang, and R. Katz. Scalable and accurate identification of as-level forwarding paths. In INFOCOM, 2004 Proceedings IEEE,
    volume 3, pages 1605–1615 vol.3, March 2004.
    [15] G.G. Xie, Jibin Zhan, D.A. Maltz, Hui Zhang, Albert Greenberg, G. Hjalmtysson, and J. Rexford. On static reachability analysis of ip networks. In INFOCOM, 2005
    Proceedings IEEE, volume 3, pages 2170–2183 vol. 3, March 2005.
    [16] A.X. Liu and M.G. Gouda. Diverse firewall design. Parallel and Distributed Systems, IEEE Transactions on, 19(9):1237–1251, Sept 2008.
    [17] Huan Liu. Efficient mapping of range classifier into ternary-cam. In High Performance Interconnects, 2002. Proceedings. 10th Symposium on, pages 95–100, 2002.
    [18] J. van Lunteren and T. Engbersen. Fast and scalable packet classification. Selected Areas in Communications, IEEE Journal on, 21(4):560–571, May 2003.
    [19] A. Bremler-Barr, D. Hay, and D. Hendler. Layered interval codes for tcam-based classification. In INFOCOM, 2009 Proceedings IEEE, pages 1305–1313, April 2009.
    [20] D.-Y. Chang and P.-C. Wang. Tcam-based multi-match packet classification using multidimensional rule layering. Networking, IEEE/ACM Transactions on, PP(99): 1–14, 2015.
    [21] Yeim-Kuan Chang, Cheng-Chien Su, Yung-Chieh Lin, and Sun-Yuan Hsieh. Efficient gray-code-based range encoding schemes for packet classification in tcam. Networking, IEEE/ACM Transactions on, 21(4):1201–1214, Aug 2013.
    [22] A. Bremler-Barr and D. Hendler. Space-efficient tcam-based classification using gray coding. In INFOCOM, 2007 Proceedings IEEE, pages 1388–1396, May 2007.
    [23] V. Srinivasan, G. Varghese, S. Suri, and M. Waldvogel. Fast and scalable layer four switching. SIGCOMM Comput. Commun. Rev., 28(4):191–202, October 1998.
    [24] David E. Taylor. Survey and taxonomy of packet classification techniques. ACM Comput. Surv., 37(3):238–275, September 2005.
    [25] Haoyu Song and J.S. Turner. Toward advocacy-free evaluation of packet classification algorithms. Computers, IEEE Transactions on, 60(5):723–733, May 2011.
    [26] Header space library and netplumber.http://bitbucket.org/peymank/hassel-public/.
    [27] Martin Roesch. Snort - lightweight intrusion detection for networks. In Proceedings of the 13th USENIX Conference on System Administration, LISA ’99, pages 229–238, Berkeley, CA, USA, 1999. USENIX Association.
    [28] D.E. Taylor and J.S. Turner. Classbench: a packet classification benchmark. In INFOCOM, 2005 Proceedings IEEE, volume 3, pages 2068–2079 vol. 3, March 2005. 40

    QR CODE
    :::