Tongxin xuebao (Mar 2022)
Address overloading-based packet forwarding verification in SDN
Abstract
Aiming at the problem that the most existing forwarding verification mechanisms in software-defined network (SDN) verified packets hop-by-hop by incorporating new secure communication protocols, which incurred significant computation and communication overhead, an address overloading-based forwarding verification mechanism was proposed.The flow runtime was divided into consecutive random intervals by the ingress switch via overloading address fields of packet, basing on overloading address, packets were forwarded by each subsequent switch, and the controller sampled the packets forwarded by ingress and egress switch in the interval to detect abnormal behavior on the path.Finally, the proposed mechanism and simulation network was implemented and evaluated.Experiments show that the mechanism achieves efficient forwarding and effective anomaly detection with less than 8% of additional forwarding delays.