A Parallel Processing and Synthesis Structure for Improving Access Security and Efficiency in SDN Environment

ZHANG Peng; CHEN Xiangning; GE Yun; JIN Lin

doi:10.1049/cje.2016.06.004

Volume 25 Issue 5

Turn off MathJax

Article Contents

Article Navigation > Chinese Journal of Electronics > 2016 > 25(5): 817-823

ZHANG Peng, CHEN Xiangning, GE Yun, et al., “A Parallel Processing and Synthesis Structure for Improving Access Security and Efficiency in SDN Environment,” Chinese Journal of Electronics, vol. 25, no. 5, pp. 817-823, 2016, doi: 10.1049/cje.2016.06.004

Citation:

ZHANG Peng, CHEN Xiangning, GE Yun, et al., “A Parallel Processing and Synthesis Structure for Improving Access Security and Efficiency in SDN Environment,” Chinese Journal of Electronics, vol. 25, no. 5, pp. 817-823, 2016, doi: 10.1049/cje.2016.06.004

Citation:

PDF( 500 KB)

A Parallel Processing and Synthesis Structure for Improving Access Security and Efficiency in SDN Environment

doi: 10.1049/cje.2016.06.004

1.
School of Electronic Science and Engineering, Nanjing University, Nanjing 210023, China;
2.
The Fourteenth Research Institute of China Electronics Technology Group Corporation, Nanjing 210039, China

More Information

Corresponding author: CHEN Xiangning (corresponding author) is a professor in School of Electronic Science and Engineering, Nanjing University. His research interests include access network, next generation network and information security. (Email:shining@nju.edu.cn)
Received Date: 2014-06-20
Rev Recd Date: 2014-09-24
Publish Date: 2016-09-10

Abstract

Abstract

After studying the routing and forwarding process of network stream and the implementation of SDN, we propose a retractable management model for flow table. A structure with parallel tables and synthesis processing is proposed according to the feature of SDN and traditional network. The parallel tables share the same storage resources. Thanks to the separation of data plane and control plane, control plane owns more computing resources than traditional device. It evaluates the role of nodes and the action of network flows, makes adjustment according to the historical and current information and streamlines flow tables by consolidating and simplifying old flow entries. Through simulation, it is proved that the realized method can defend offensive traffic while ensuring the safety of accessing and forwarding, especially existing blocking attack.
- Access network,
- Software-defined networking,
- Flow table,
- Parallel,
- Synthesis,
- Security and efficiency

FullText(HTML)

References(19)

References

G.I. Papadimitriou, C. Papazoglou and A.S. Pomportsis, "Optical switching:Switch fabrics, techniques, and architectures", Journal of Lightwave Technology, Vol.21, No.2 pp.384-405, 2003.

J. Aweya, "IP router architectures:An overview", International Journal of Communication Systems, Vol.14, No.5, pp.447-475, 2001.

S. Sezer, S. Scott-Hayward, P.K. Chouhan, et al., "Are we ready for SDN implementation challenges for software-defined networks", Communications Magazine, Vol.51, No.7, pp.36-43, 2013.

S.H. Yeganeh, A. Tootoonchian and Y. Ganjali, "On scalability of software-defined networking", Communication Magazine, Vol.51, No.2, pp.136-141, 2013.

R. Bolla and R. Bruschi, "An open-source platform for distributed linux software routers", Computer Communications, Vol.36, No.4, pp.396-410, 2013.

T. Wolf and M.A. Franklin, "Performance models for network processor design", IEEE Transactions on Parallel and Distributed Systems, Vol.17, No.6, pp.548-561, 2006.

D. Wang, Y. Xue and Y. Dong, "Memory-efficient hypercube flow table for packet processing on multi-cores", IEEE Global Telecommunications Conference, Houston, Texas, USA, pp.1-5, 2011.

M. Gort and J.H. Anderson, "Combined architecture algorithm approach to fast FPGA routing", IEEE Transactions on Very Large Scale Integration Systems, Vol.21, No.6, pp.1067-1079, 2013.

L.Q. Han, J.K. Wan and X.W. Wang,"A function migration algorithm based on programmable router of multipath networks", Chinese Journal of Electronics, Vol.20, No.1, pp.170-174, 2011.

L.D. Carli, Y. Pan, A. Kumar, et al., "Plug:Flexible lookup modules for rapid deployment of new protocols in high-speed routers", ACM SIGCOMM 2009, Barcelona, Spain, pp.207-218, 2009.

P. Bosshart, G. Gibb, H.S. Kim, et al., "Forwarding metamorphosis:Fast programmable match action processing in hardware for sdn", ACM SIGCOMM 2013, Hong Kong, China, pp.99-110, 2013.

S.Q. Liao, C.M. Wu, Q. Yang, et al., " A resource-efficient load balancing algorithm for network virtualization", Chinese Journal of Electronics, Vol.20, No.4, pp.667-670, 2011.

A.R. Curtis, J.C. Mogul, J. Tourrilhes, et al., "Devoflow:Scaling flow management for high-performance networks", ACM SIGCOMM 2011, Toronto, Ontario, Canada, pp.254-265, 2011.

N.S. Ko, H. Heo, J.D. Park, et al., "Openqflow:Scalable open flow with flow-based QoS", IEICE Transactions on Communications, Vol.E96-B, No.2, pp.479-488, 2013.

M. Shirazipour, W. John, J. Kempf, et al., "Realizing packetoptical integration with SDN and Openflow 1.1 Extensions", IEEE International Conference on Communications, Ottawa, Canada, pp.6633-6637, 2012.

M. Handley and E. Rescorla, "Rfc 4732:Internet denialof-service considerations", http://tools.ietf.org/html/rfc4732, 2014-6-20.

N. Katta, O. Alipourfard, J. Rexford, et al., "Infinite cacheflow in software-defined networks", Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, Chicago, IL, USA, pp.175-180, 2014.

D. Staessens, S. Sharma, D. Colle, et al., "Software defined networking:Meeting carrier grade requirements", IEEE Workshop on Local and Metropolitan Area Networks, Chapel Hill, NC, USA, pp.1-6, 2011.

K. Hu, H. Chandrikakutty, R. Tessier, et al., "Scalable hardware monitors to protect network processors from data plane attacks", IEEE Conference on Communications and Network Security, National Harbor, MD, USA, pp.314-322, 2013.

Relative Articles

Supplements(0)

Cited By

Proportional views