Reserch On Legitimacy And Consistency Of SDN Multi-controller Network Policy Verifying Method

With the rapid development of the Internet,traditional networks have been unable to meet the increasingly complex network business needs and massive data traffic processing,a new type network architecture called Software Defined Network(SDN)have come into being.In SDN research,single controller often encounters bottlenecks in network performance in large-scale SDN networks.For example,when the controller load is large,single controller cannot respond to the transmission requests in time,resulting in data loss and network paralysis.To solve this problem,multi-controller SDN network is proposed to divide the whole network into multiple domains.Each controller is responsible for controlling and managing network devices in a domain,which can meet the needs of largescale traffic processing.However,as the forwarding device in the data plane has full trust in the traffic rules installed by the SDN controller.Once the malicious application provides the network strategy or the network strategy to be modified,the security of the SDN will be seriously threatened.In addition,how to ensure the consistency between the network functions defined on the upper layer and the configuration of the underlying forwarding devices,that is,the network function strategy formulated on the control plane should be implemented in the data plane.SDN is a flow rule driven network.The legality and consistency of network strategy is the basis for ensuring the normal operation of SDN.Therefore,it is crucial for SDN to verify the legality and consistency of network policies,prevent the spread of illegal network policies,and ensure the correct forwarding and execution of traffic forwarding strategies.In this paper,we first build dynamic resource coordination plane based on FPGA computing device,and construct a SDN multi-controller collaborative model based on FPGA to verify the validity of the network strategy formulated by application.Then,the detection packet is constructed to verify whether the forwarding behavior of the data plane is consistent with the decision of the control plane.The innovation work in this paper can be summarized as follows:(1)Aiming at the problem of network strategy legitimacy verification of SDN multicontroller network,a SDN multi-controller collaborative model based on FPGA is built,and a SDN multi-controller network strategy validation method is designed.By using the advantages of FPGA parallel processing and fast computing,it speeds up the digital signature algorithm,reduces the application authentication delay and the computing load of the controller,and the operation permission of network application is checked to ensure the correct delivery of SDN network policy.(2)Aiming at the problem of consistency verification of SDN multi-controller network strategy,a SDN multi-controller network policy consistency segment verification method is designed.Through the improvement of the optimal monitor assignment(OMA)algorithm,we select segmented verification points,and construct the packet forwarding packet to verify the actual traffic forwarding behavior.Experimental results show that this method can not only reduce the header overhead of detecting packets,save the flow table space of switch equipment,but also reduce the delay of obtaining data plane path forwarding information.It can quickly verify the consistency of control plane network strategy and data plane packet forwarding behavior,locate abnormal switches,and ensure the correct implementation of SDN network strategy.