引入区块链的SDN路由一致性检测

doi:10.19678/j.issn.1000-3428.0065661

摘要/Abstract

摘要：

为使软件定义网络(SDN)能满足复杂多样的应用层网络需求，SDN控制层采用多控制器结构，然而新制定的路由策略与已有路由策略间存在路由一致性问题，可能会导致数据层流表项存储冗余和网络流量的转发环路。提出一种基于区块链的SDN路由策略一致性检测方案RCDB-SDN，利用区块链不可篡改特性存储SDN流表项特征属性等网络信息，采用基于投票的实用拜占庭容错共识机制在控制层实现对流表项集的一致性验证，并降低路由策略一致性问题给网络带来的不良影响。通过验证输出端流表项的一致性，比较新制定的路由策略与已有策略的转发效果，检测造成存储冗余的重叠路径。根据有向图的环路检测算法及转发路径关键节点上的流表项，检测引起网络流量转发环路的环路路径。基于Multichain平台针对导致路径重叠和路径环路的流表项进行仿真实验，结果表明RCDB-SDN方案的检测精确率高于WedgeTail方案，达到95%以上，并且能在一定程度上减少控制层与数据层间的消息传递次数。

关键词: 软件定义网络, 区块链, 路由一致性, 共识机制, 流表项

Abstract:

A multi-controller structure is adopted for the Software-Defined Network(SDN) control layer to meet complex and diverse application layer network requirements. However, there is still the problem of routing consistency between the latest and existing routing policies, which may lead to storage redundancy of flow entries in the data layer and flow forwarding loops.To address this issue, Routing strategy Consistency Detection based on Blockchain for SDN(RCDB-SDN) is proposed, whereby network information, such as feature attributes of flow entries stored in SDN switches, can also be obtained benefiting from the tamper-proof characteristics of the blockchain.By leveraging blockchain technology, RCDB-SDN can reduce the adverse impact of routing policy inconsistency on networks.The RCDB-SDN scheme verifies the consistency of flow entry sets at the control layer through a Practical Byzantine Fault Tolerant(PBFT) consensus mechanism based on voting.To detect whether path overlaps lead to storage redundancy, the proposed RCDB-SDN scheme compares the forwarding effectiveness of the newly formulated and existing routing policies by verifying the consistency of new and existing output flow entries. A circuit detection algorithm is applied with direction graphs and flow entry detection on key nodes of the forwarding path, to determine whether a path loop causes a flow forwarding loop in the current network.Experiments are carried out on flow entries leading to path overlaps and loops on the multichain platform.The results demonstrate that the detection accuracy of the RCDB-SDN scheme is higher than that of the WedgeTail scheme and can reach more than 95%, reducing the messaging times between control and data layers to a certain extent.

Key words: Software-Defined Network(SDN), blockchain, routing consistency, consensus mechanism, flow entry

刘宇宸, 唐菀, 杨喜敏, 张艳. 引入区块链的SDN路由一致性检测[J]. 计算机工程, 2023, 49(11): 160-168.

Yuchen LIU, Wan TANG, Ximin YANG, Yan ZHANG. Routing Consistency Detection with Blockchain for SDN[J]. Computer Engineering, 2023, 49(11): 160-168.

http://www.ecice06.com/CN/Y2023/V49/I11/160

图/表 15

图1 RCDB-SDN方案架构

Fig.1 Architecture of RCDB-SDN scheme

图2 流表项集上链过程

Fig.2 Up-chaining process of the set of flow entries

图3 基于投票的流表项共识验证

Fig.3 Consensus verification of flow entries based on voting

图4 路径重叠检测

Fig.4 Detection of path overlap

图5 路径环路检测

Fig.5 Detection of path loop

图6 仿真实验平台的Fat-Tree网络拓扑结构

Fig.6 Fat-Tree network topology of simulation platform

图7 路径重叠检测对比

Fig.7 Comparison of path overlap detection

图8 路径重叠检测的消息传递次数

Fig.8 Messaging times during path overlap detection

图9 路径环路检测对比

Fig.9 Comparison of path loop detection

图10 路径环路检测的消息传递次数

Fig.10 Messaging times during path loop detection

参考文献 27

1	YRJÖLÄ S. How could blockchain transform 6G towards open ecosystemic business models?[C]//Proceedings of IEEE International Conference on Communications Workshops. Washington D. C., USA: IEEE Press, 2020: 1-6.
2	AUJLA G S, GARG S, KAUR K, et al. Software defined Internet of everything. Berlin, Germany: Springer, 2022.
3	ZHANG P, ZHANG F Z, XU S M, et al. Network-wide forwarding anomaly detection and localization in software defined networks. IEEE/ACM Transactions on Networking, 2021, 29 (1): 332- 345. doi: 10.1109/TNET.2020.3033588
4	GEMBER-JACOBSON A, VISWANATHAN R, AKELLA A, et al. Fast control plane analysis using an abstract representation[C]//Proceedings of 2016 ACM SIGCOMM Conference. New York, USA: ACM Press, 2016: 300-313.
5	KHORSANDROO S, SÁNCHEZ A G, TOSUN A S, et al. Hybrid SDN evolution: a comprehensive survey of the state-of-the-art. Computer Networks, 2021, 192, 107981. doi: 10.1016/j.comnet.2021.107981
6	NGUYEN T, TRAN N, LOVEN L, et al. Privacy-aware blockchain innovation for 6G: challenges and opportunities[C]//Proceedings of the 2nd 6G Wireless Summit. Washington D. C., USA: IEEE Press, 2020: 1-5.
7	关建峰, 牛晓彤, 高先明, 等. SDN多控制器共识机制研究综述. 数据与计算发展前沿, 2021, 3 (1): 15- 33. URL
	GUAN J F, NIU X T, GAO X M, et al. Review on consensus mechanism of SDN multi-controller. Frontiers of Data & Computing, 2021, 3 (1): 15- 33. URL
8	LATIF S A, WEN F B X, IWENDI C, et al. AI-empowered, blockchain and SDN integrated security architecture for IoT network of cyber physical systems. Computer Communications, 2022, 181, 274- 283. doi: 10.1016/j.comcom.2021.09.029
9	WARNAT-HERRESTHAL S, SCHULTZE H. Swarm Learning for decentralized and confidential clinical machine learning. Nature, 2021, 594 (7862): 265- 270. doi: 10.1038/s41586-021-03583-3
10	FAN W J, CHANG S Y, KUMAR S, et al. Blockchain-based secure coordination for distributed SDN control plane[C]//Proceedings of the 7th International Conference on Network Softwarization. Washington D. C., USA: IEEE Press, 2021: 253-257.
11	唐菀, 张艳, 杨喜敏, 等. 引入区块链的SDN-IoT网络安全: 架构、方案与挑战. 小型微型计算机系统, 2022, 43 (10): 2179- 2199. URL
	TANG W, ZHANG Y, YANG X M, et al. Network security of SDN-IoT with blockchain: architecture, scheme and challenge. Journal of Chinese Computer Systems, 2022, 43 (10): 2179- 2199. URL
12	张亮, 刘百祥, 张如意, 等. 区块链技术综述. 计算机工程, 2019, 45 (5): 1- 12. doi: 10.19678/j.issn.1000-3428.0053554
	ZHANG L, LIU B X, ZHANG R Y, et al. Overview of blockchain technology. Computer Engineering, 2019, 45 (5): 1- 12. doi: 10.19678/j.issn.1000-3428.0053554
13	ZHOU W X, CROFT J, LIU B Z, et al. Automatically correcting networks with NEAt[C]//Proceedings of the 15th USENIX Conference on Networked Systems Design and Implementation. New York, USA: ACM Press, 2018: 595-608.
14	ABHASHKUMAR A, GEMBER-JACOBSON A, AKELLA A. Tiramisu: fast multilayer network verification[C]//Proceedings of the 17th USENIX Conference on Networked Systems Design and Implementation. New York, USA: ACM Press, 2020: 201-220.
15	MA Q Q, DONG L G, JIANG X, et al. Research on anomaly detection method for SDN multi-controller[C]//Proceedings of International Conference on Information Science, Parallel and Distributed Systems. Washington D. C., USA: IEEE Press, 2022: 136-139.
16	SHAGHAGHI A, ALI KAAFAR M, JHA S. WedgeTail: an intrusion prevention system for the data plane of software defined networks[C]//Proceedings of 2017 ACM on Asia Conference on Computer and Communications Security. New York, USA: ACM Press, 2017: 849-861.
17	LEI K, LI K K, HUANG J L, et al. Measuring the control-data plane consistency in software defined networking[C]//Proceedings of IEEE International Conference on Communications. Washington D. C., USA: IEEE Press, 2018: 1-7.
18	MONDAL A, MISRA S. BIND: blockchain-based flow-table partitioning in distributed multi-tenant software-defined networks[C]//Proceedings of IEEE Conference on Computer Communications Workshops. Washington D. C., USA: IEEE Press, 2020: 219-224.
19	CHATTARAJ D, BERA B, DAS A K, et al. Designing fine-grained access control for software-defined networks using private blockchain. IEEE Internet of Things Journal, 2022, 9 (2): 1542- 1559. doi: 10.1109/JIOT.2021.3088115
20	LI P, GUO S T, WU J H, et al. BlockREV: blockchain-enabled multi-controller rule enforcement verification in SDN[EB/OL]. [2022-08-20]. https://doi.org/10.1155/2022/7294638.
21	GUO X, WANG C, CAO L C, et al. A novel security mechanism for software defined network based on Blockchain. Computer Science and Information Systems, 2022, 19 (2): 523- 545. doi: 10.2298/CSIS210222001G
22	TONG W, TIAN W S, DONG X W, et al. B-SDN: a novel blockchain-based software defined network architecture[C]//Proceedings of International Conference on Networking and Network Applications. Washington D. C., USA: IEEE Press, 2021: 206-212.
23	RAHMAN A, ISLAM M J, MONTIERI A, et al. SmartBlock-SDN: an optimized blockchain-SDN framework for resource management in IoT. IEEE Access, 2021, 9, 28361- 28376. doi: 10.1109/ACCESS.2021.3058244
24	谭敏生, 杨杰, 丁琳, 等. 区块链共识机制综述. 计算机工程, 2020, 46 (12): 1- 11. doi: 10.3778/j.issn.1002-8331.2002-0402
	TAN M S, YANG J, DING L, et al. Review of consensus mechanism of blockchain. Computer Engineering, 2020, 46 (12): 1- 11. doi: 10.3778/j.issn.1002-8331.2002-0402
25	陈志鹏, 徐明伟, 杨芫. SDN交换机转发规则TCAM存储优化综述. 计算机学报, 2021, 44 (7): 1341- 1362. URL
	CHEN Z P, XU M W, YANG Y. A survey on TCAM storage optimization for SDN switch forwarding rules. Chinese Journal of Computers, 2021, 44 (7): 1341- 1362. URL
26	Coin Sciences Company. Multichain[EB/OL]. [2022-08-20]. http://www.multichain.com.
27	HEMACHANDRA K G R P, JAYASENA K P N, RANKOTHGE W, et al. Investigating the performance in SDN based data centers under different network topologies[C]//Proceedings of the 2nd International Conference on Advanced Research in Computing. Washington D. C., USA: IEEE Press, 2022: 361-366.

[1]	刘阳, 张圣杰. 一种基于时间自动机的安全智能合约生成方法[J]. 计算机工程, 2023, 49(9): 137-143, 157.
[2]	赵徐炎, 崔允贺, 钱清, 郭春, 申国伟. 基于虚拟扩展网络的虚拟机及路由路径联合部署[J]. 计算机工程, 2023, 49(8): 154-162.
[3]	王群, 李馥娟, 倪雪莉, 夏玲玲, 梁广俊. 区块链数据形成与隐私威胁[J]. 计算机工程, 2023, 49(8): 1-12.
[4]	刘向举, 赵犇, 方贤进, 徐杨洋. SDN中基于过程优化的动态负载均衡策略[J]. 计算机工程, 2023, 49(8): 137-145.
[5]	陈福安, 柳毅. 基于区块链的V2G无证书环签密隐私保护方案[J]. 计算机工程, 2023, 49(6): 34-41,52.
[6]	潘雪, 袁凌云, 黄敏敏. 基于区块链和域信任度的物联网跨域信任评估模型[J]. 计算机工程, 2023, 49(5): 181-190.
[7]	高健博, 张家硕, 李青山, 陈钟. RegLang监管合约规则冲突检测方法[J]. 计算机工程, 2023, 49(5): 12-21,28.
[8]	王群, 李馥娟, 倪雪莉, 夏玲玲, 梁广俊. 区块链隐私保护机制研究[J]. 计算机工程, 2023, 49(4): 1-13.
[9]	黄金荣, 刘百祥, 张亮, 张展鹏. 基于智能合约和非同质化代币的去中心化匿名身份认证模型[J]. 计算机工程, 2023, 49(4): 14-22.
[10]	白首圳, 陈美娟. 面向工业互联网的区块链分层分片研究[J]. 计算机工程, 2023, 49(3): 58-66,79.
[11]	陈何雄, 罗宇薇, 韦云凯, 郭威, 杭菲璐, 何映军, 杨宁. 基于联邦学习的SDN异常流量协同检测技术[J]. 计算机工程, 2023, 49(3): 168-176.
[12]	田秀霞, 杨明夷. 家庭物联网中基于智能合约的访问控制机制[J]. 计算机工程, 2023, 49(3): 18-28.
[13]	苏瑞国, 阳建, 秦继伟, 武晓雄, 贾振红. 基于物联网区块链的轻量级共识算法研究[J]. 计算机工程, 2023, 49(2): 175-180.
[14]	孙林昆, 蒋文保, 郭阳楠, 李春强. 基于密码累加器的无状态区块链性能优化[J]. 计算机工程, 2023, 49(2): 46-53.
[15]	刘泽坤, 王峰, 贾海蓉. 结合动态信用机制的PBFT算法优化方案[J]. 计算机工程, 2023, 49(2): 191-198.

选择文件类型/文献管理软件名称

选择包含的内容