在軟體定義網路中範圍編碼基礎之網路驗證

現代的網路由於具有高度的複雜性，所以常常導致許多意外的錯誤網路行為。現有方法利用存於交換器內的資料層資訊來驗證網路行為，都需要利用很久的時間來驗證，以至於當錯誤發生時無法提供即時的防護。目前最大的挑戰在於，如何在最短的時間內驗證出網路的行為是否出錯，否則將會使網路的效能大大的降低。在這份論文中，我們提出了一個方法可以達到快速的驗證網路行為。我們可以找出由軟體定義網路的控制器中發出的錯誤規則並且阻止其進入並運行在資料層，避免造成了異常的網路錯誤行為，達到了及時的防護效果。經由利用現行網路的規則資料庫來實驗，我們發現我們的方法較之前的方法能夠達到更快的驗證時間。

關鍵字

軟體定義網路；網路驗證；範圍編碼；三態內容尋址儲存器

並列摘要

Modern networks are complex and prone to a lots of failures. Existing approach that verify data-plane information operate offline at timescales of seconds to hours, thus cannot detect or prevent failures as they arise. The main challenge here is to achieve extremely low latency during the verification so that network performance is not affected. In this thesis, we present our work, which achieves this goal. Our work find faulty rules issued by SDN applications, and optionally prevent them from reaching the data plane of network and causing anomalous network behavior in a quick time to provide live protection. With the help of experiments using a real world network rule sets, we found that our method is capable of processing rule update and verification in short time.

並列關鍵字

Software-defined Networks ； Network Verification ； Range Encoding ； Ternary Content Addressable Memory

參考文獻

[7] Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Brighten Godfrey, and Samuel Talmadge King. Debugging the data plane with anteater. In Proceedings

[10] A.X. Liu and A.R. Khakpour. Quantifying and verifying reachability for access controlled networks. Networking, IEEE/ACM Transactions on, 21(2):551–565, April 2013.

[13] Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P. Brighten Godfrey. Veriflow: Verifying network-wide invariants in real time. In Proceedings of

[14] Z.M. Mao, D. Johnson, J. Rexford, J. Wang, and R. Katz. Scalable and accurate identification of as-level forwarding paths. In INFOCOM, 2004 Proceedings IEEE,

volume 3, pages 1605–1615 vol.3, March 2004.

國際替代計量

在軟體定義網路中範圍編碼基礎之網路驗證

未授權

主題瀏覽