在軟體定義網路中範圍編碼基礎之網路驗證

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：76

、訪客IP：13.59.34.87

姓名

曾彥綸(Yen-Lun Tseng) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

在軟體定義網路中範圍編碼基礎之網路驗證
(Range Encoding-Based Network Verification in SDN)

相關論文

★ 基於OP-TEE的可信應用程式軟體生態系統	★ 在低軌道衛星無線通訊中的CSI預測方法
★ 為多流量低軌道衛星系統提出的動態換手策略	★ 基於Trustzone的智慧型設備語音隱私保護系統
★ 一種減輕LEO衛星網路干擾的方案	★ TruzGPS:基於TrustZone的位置隱私權保護系統
★ 衛星地面整合網路之隨機接入前導訊號設計與偵測	★ SatPolicy: 基於Trustzone的衛星政策執行系統
★ TruzMalloc: 基於TrustZone 的隱私資料保護系統	★ 衛星地面網路中基於物理層安全的CSI保護方法
★ 低軌道衛星地面整合網路之安全非正交多重存取傳輸	★ 低軌道衛星地面網路中的DRX機制設計
★ 衛星地面整合網路之基於集合系統的前導訊號設計	★ 基於省電的低軌衛星網路路由演算法
★ 衛星上可重組化計算之安全FPGA動態部分可重組架構	★ 衛星網路之基於空間多樣性的前導訊號設計

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

現代的網路由於具有高度的複雜性，所以常常導致許多意外的錯誤網路行為。現有方法利用存於交換器內的資料層資訊來驗證網路行為，都需要利用很久的時間來驗證，以至於當錯誤發生時無法提供即時的防護。目前最大的挑戰在於，如何在最短的時間內驗證出網路的行為是否出錯，否則將會使網路的效能大大的降低。在這份論文中，我們提出了一個方法可以達到快速的驗證網路行為。我們可以找出由軟體定義網路的控制器中發出的錯誤規則並且阻止其進入並運行在資料層，避免造成了異常的網路錯誤行為，達到了及時的防護效果。經由利用現行網路的規則資料庫來實驗，我們發現我們的方法較之前的方法能夠達到更快的驗證時間。

摘要(英)

Modern networks are complex and prone to a lots of failures. Existing approach that verify data-plane information operate offline at timescales of seconds to hours, thus cannot detect or prevent failures as they arise. The main challenge here is to achieve extremely low latency during the verification so that network performance is not affected. In this thesis, we present our work, which achieves this goal. Our work find faulty rules issued by SDN applications, and optionally prevent them from reaching the data plane of network and causing anomalous network behavior in a quick time to provide live protection. With the help of experiments using a real world network rule sets, we found that our method is capable of processing rule update and verification in short time.

關鍵字(中)

★ 軟體定義網路
★ 網路驗證
★ 範圍編碼
★ 三態內容尋址儲存器

關鍵字(英)

★ Software-defined Networks
★ Network Verification
★ Range Encoding
★ Ternary Content Addressable Memory

論文目次

中文摘要i
Abstract ii
致謝iii
Contents iv
List of Figures vi
List of Tables viii
1 Introduction 1
2 Related Work 6
2.1 Network Verification 6
2.1.1 Configuration Analysis 6
2.1.2 Data Plane Analysis 7
2.1.3 Packet-based Testing 8
2.1.4 Data Plane Verification 9
2.2 Range Encoding for Range Rules 10
3 Preliminary 12
3.1 Software Defined Network 12
3.2 OpenFlow Rules with Range Field 13
3.3 Equivalence Class 13
3.4 System Overview 14
4 The Proposed Algorithm 15
4.1 Prefix Field Encoding 15
4.1.1 Bit Vector Assignment 16
4.1.2 Result Vector of ECs 17
4.1.3 Ternary Match Condition of Prefix Rules 19
4.1.4 Rules Covered of the Given EC 20
4.1.5 Prefix Rule Delete 20
4.1.6 Performance of PFE 21
4.2 Range Field Encoding 22
4.2.1 Basic Concept of RFE 22
4.2.2 Range Rule Insertion 24
4.2.3 Range Rule Delete 25
4.2.4 Performance of RFE 27
4.3 Hardware Implementation 28
5 Verification 29
6 Simulation 32
6.1 Hybrid Rule Performance 32
6.2 Prefix Rule Performance 33
6.3 Range Rule Performance 34
7 Conclusion 36
Bibliography 37

參考文獻

[1] Troubleshooting the network survey. http://eastzone.github.com/atpg/docs/NetDebugSurvey.pdf, 2012.
[2] Z. Kerravala. As the value of enterprise networks escalates, so does the need for configuration management. Enterprise Computing and Networking, The Yankee Group, January 2004.
[3] Openflow. https://www.opennetworking.org/index.php.
[4] Nox. http://www.noxrepo.org/.
[5] Floodlight. http://www.projectfloodlight.org/floodlight/.
[6] Ryu. http://osrg.github.io/ryu/.
[7] Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Brighten Godfrey, and Samuel Talmadge King. Debugging the data plane with anteater. In Proceedings
of the 2011 ACM Conference on SIGCOMM, SIGCOMM ’11, pages 290–301, New York, NY, USA, 2011. ACM.
[8] Nick Feamster and Hari Balakrishnan. Detecting bgp configuration faults with static analysis. In Proceedings of the 2nd USENIX Conference on Networked Systems Design and Implementation, NSDI’05, pages 43–56, Berkeley, CA, USA, 2005. USENIX Association.
[9] Peyman Kazemian, George Varghese, and Nick McKeown. Header space analysis: Static checking for networks. In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, NSDI’12, pages 9–9, Berkeley, CA, USA, 2012. USENIX Association.
[10] A.X. Liu and A.R. Khakpour. Quantifying and verifying reachability for access controlled networks. Networking, IEEE/ACM Transactions on, 21(2):551–565, April 2013.
[11] Hongyi Zeng, P. Kazemian, G. Varghese, and N. McKeown. Automatic test packet generation. Networking, IEEE/ACM Transactions on, 22(2):554–566, April 2014.
[12] Peyman Kazemian, Michael Chang, Hongyi Zeng, George Varghese, Nick McKeown, and Scott Whyte. Real time network policy checking using header space analysis. In Proceedings of the 10th USENIX Conference on Networked Systems Design and Implementation, NSDI’13, pages 99–112, Berkeley, CA, USA, 2013. USENIX Association.
[13] Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P. Brighten Godfrey. Veriflow: Verifying network-wide invariants in real time. In Proceedings of
the 10th USENIX Conference on Networked Systems Design and Implementation, NSDI’13, pages 15–28, Berkeley, CA, USA, 2013. USENIX Association.
[14] Z.M. Mao, D. Johnson, J. Rexford, J. Wang, and R. Katz. Scalable and accurate identification of as-level forwarding paths. In INFOCOM, 2004 Proceedings IEEE,
volume 3, pages 1605–1615 vol.3, March 2004.
[15] G.G. Xie, Jibin Zhan, D.A. Maltz, Hui Zhang, Albert Greenberg, G. Hjalmtysson, and J. Rexford. On static reachability analysis of ip networks. In INFOCOM, 2005
Proceedings IEEE, volume 3, pages 2170–2183 vol. 3, March 2005.
[16] A.X. Liu and M.G. Gouda. Diverse firewall design. Parallel and Distributed Systems, IEEE Transactions on, 19(9):1237–1251, Sept 2008.
[17] Huan Liu. Efficient mapping of range classifier into ternary-cam. In High Performance Interconnects, 2002. Proceedings. 10th Symposium on, pages 95–100, 2002.
[18] J. van Lunteren and T. Engbersen. Fast and scalable packet classification. Selected Areas in Communications, IEEE Journal on, 21(4):560–571, May 2003.
[19] A. Bremler-Barr, D. Hay, and D. Hendler. Layered interval codes for tcam-based classification. In INFOCOM, 2009 Proceedings IEEE, pages 1305–1313, April 2009.
[20] D.-Y. Chang and P.-C. Wang. Tcam-based multi-match packet classification using multidimensional rule layering. Networking, IEEE/ACM Transactions on, PP(99): 1–14, 2015.
[21] Yeim-Kuan Chang, Cheng-Chien Su, Yung-Chieh Lin, and Sun-Yuan Hsieh. Efficient gray-code-based range encoding schemes for packet classification in tcam. Networking, IEEE/ACM Transactions on, 21(4):1201–1214, Aug 2013.
[22] A. Bremler-Barr and D. Hendler. Space-efficient tcam-based classification using gray coding. In INFOCOM, 2007 Proceedings IEEE, pages 1388–1396, May 2007.
[23] V. Srinivasan, G. Varghese, S. Suri, and M. Waldvogel. Fast and scalable layer four switching. SIGCOMM Comput. Commun. Rev., 28(4):191–202, October 1998.
[24] David E. Taylor. Survey and taxonomy of packet classification techniques. ACM Comput. Surv., 37(3):238–275, September 2005.
[25] Haoyu Song and J.S. Turner. Toward advocacy-free evaluation of packet classification algorithms. Computers, IEEE Transactions on, 60(5):723–733, May 2011.
[26] Header space library and netplumber.http://bitbucket.org/peymank/hassel-public/.
[27] Martin Roesch. Snort - lightweight intrusion detection for networks. In Proceedings of the 13th USENIX Conference on System Administration, LISA ’99, pages 229–238, Berkeley, CA, USA, 1999. USENIX Association.
[28] D.E. Taylor and J.S. Turner. Classbench: a packet classification benchmark. In INFOCOM, 2005 Proceedings IEEE, volume 3, pages 2068–2079 vol. 3, March 2005. 40

指導教授

張貴雲(Guey-Yun Chang)

審核日期

2015-8-13

推文