基于虚拟拓扑的多级可信传输体系及路由计算
|
摘要
路由器及转发路径的安全可信一直备受关注.不同厂商的网络设备或处于不同管理环境中的同一款网络设备,都具有不同的安全可信度.人们期望为不同安全需求的流量提供相应可信级别的转发路径,实现网络数据的可信传输.设计了多级可信传输机制(credible transmission with multiple levels,CETML),提出了基本的可信管理策略.所有路由节点和IP前缀都被指定可信级别,网络流量也基于源、目的IP被设置可信级别.CETML为不同可信级别的传输网络构建虚拟拓扑,确保网络中的报文必须通过不小于其可信级别的路由器进行转发.路由器转发项要包含多个下一跳信息,会引入极少量的存储开销.面向SDN网络环境,分析多级虚拟拓扑的关联,基于Floyd算法思想设计了可依次迭代的多关联拓扑路由计算方法,计算时间相对典型的路由算法显著降低.
The credibility of routers and forwarding paths in the Internet has been a popular topic.Not only network equipment of different vendors,but also the same one in different management environments has different credibility.The network flows with diverse credibility requirements are supposed to be transmitted along paths with the corresponding credibility levels(CR).In this paper,the credible transmission mechanism with multiple levels(CETML)is proposed,and the fundamental credible management strategies are suggested.Both routers and IP prefixes are associated with a CR,and the CRof a network flow is obtained according to its source and destination IP addresses.CETML constructs different virtual topologies for every transmission network with different CR,and insures that IP packets is forwarded by the routers whose CRis not less than the CR of these packets.Because the forwarding entries include multiple next hops,a small quantity of additional memory overhead is introduced in CETML.Analyzing the relevancy of the multi-level virtual topologies,we design a new routing calculating method based on Floyd algorithm in SDN environment.All the routing tables of virtual topologies can be achieved during the process of successive iterating calculation.Compared with current typical routing algorithms,the calculation time of CETML is significantly reduced.
The credibility of routers and forwarding paths in the Internet has been a popular topic.Not only network equipment of different vendors,but also the same one in different management environments has different credibility.The network flows with diverse credibility requirements are supposed to be transmitted along paths with the corresponding credibility levels(CR).In this paper,the credible transmission mechanism with multiple levels(CETML)is proposed,and the fundamental credible management strategies are suggested.Both routers and IP prefixes are associated with a CR,and the CRof a network flow is obtained according to its source and destination IP addresses.CETML constructs different virtual topologies for every transmission network with different CR,and insures that IP packets is forwarded by the routers whose CRis not less than the CR of these packets.Because the forwarding entries include multiple next hops,a small quantity of additional memory overhead is introduced in CETML.Analyzing the relevancy of the multi-level virtual topologies,we design a new routing calculating method based on Floyd algorithm in SDN environment.All the routing tables of virtual topologies can be achieved during the process of successive iterating calculation.Compared with current typical routing algorithms,the calculation time of CETML is significantly reduced.
引文
[1]National Security Agency.PRISM/US-984XN Overview.2013[2017-11-22].https://edwardsnowden.com/zh/2013/06/07/prism-overview-slides/
[2]Nunes B A A,Mendonca M,Nguyen X N,et al.A survey of software-defined networking:Past,present,and future of programmable networks.IEEE Communications Surveys and Tutorials,2014,16(3):1617-1634
[3]Lin Chuang,Peng Xuehai.Research on trustworthy networks[J].Chinese Journal of Computers,2005,28(5):751-758(in Chinese)(林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758)
[4]Cai Hongyun,Tian Junfeng,Li Zhen,et al.Trust model based on trust area and evaluation credibility[J].Journal of Computer Research and Development,2011,48(11):2131-2138(in Chinese)(蔡红云,田俊峰,李珍,等.基于信任领域和评价可信度量的信任模型研究[J].计算机研究与发展,2011,48(11):2131-2138)
[5]Josang A,Hayward R,Pope S.Trust network analysis with subjective logic[C]//Proc of the 29th Australasian Computer Science Conf(ACSC2006).Piscataway,NJ:IEEE,2006:179-184
[6]Josang A,Bhuiyan T.Optimal trust network analysis with subjective logic[C]//Proc of the 2nd Int Conf on Emerging Security Information,Systems and Technologies.Los Alamitos,CA:IEEE Computer Society,2008:179-184
[7]Xu Ke,Zhao Yudong,Chen Wenlong,et al.Paradigm-based routing&switching system for data interception attacks[J].Chinese Journal of Computers,2017,40(7):1649-1663(in Chinese)(徐恪,赵玉东,陈文龙,等.防御数据窃听攻击的路由交换范式体系[J].计算机学报,2017,40(7):1649-1663)
[8]Xu Lei,Xu Ke,Shen Meng,et al.MINOS:Regulating router data plane actions in dynamic runtime environments[C]//Proc of ACM Turing 50th Celebration Conf.New York:ACM,2017:No.40
[9]Zheng Lijuan,Han Zhen.Trusted intra-domain fast authentication protocol based on split mechanism network[J].Journal of Computer Research and Development,2012,49(5):939-948(in Chinese)(郑丽娟,韩臻.基于分离机制网络的可信域内快速认证协议[J].计算机研究与发展,2012,49(5):939-948)
[10]Xu Mingwei,Yang Shu,Wang Dan,et al.Two dimensionalIP routing[C]//Proc of Int Conf on Computing,NETWORKING and Communications.Los Alamitos,CA:IEEE Computer Society,2013:835-839
[11]Shailendra S,Bhattacharjee R,Bose S K.Optimized flow division modeling for multi-path transport[C]//Proc of India Conf(INDICON).Piscataway,NJ:IEEE,2011:1-4
[12]Du Wenfeng,Lai Liqian,Wu Zhen.Transmission delay prediction based data allocation scheme for concurrent mutipath transfer[J].Journal of Software,2015,26(8):2041-2055(in Chinese)(杜文峰,赖力潜,吴真.基于传输时延预测的多路径并发传输数据分配算法[J].软件学报,2015,26(8):2041-2055)
[13]Du Wenfeng,Wu Zhen,Lai Liqian.Delay-sensitive data allocation scheme for CMT over diversity paths[J].Journal on Communications,2013,34(4):149-157(in Chinese)(杜文峰,吴真,赖力潜.传输延迟感知的多路径并发差异化路径数据分配方[J].通信学报,2013,34(4):149-157)
[14]Tao Jing,Gao Xianming,Wang Baosheng,et al.Multi-path based link-state routing mechanism[C]//Proc of the 18th Int Conf on Advanced Communication Technology(ICACT).Piscataway,NJ:IEEE,2016:342-351
[15]Casoni M,Grazia C A,Klapez M.SDN-based resource pooling to provide transparent multi-path communications[J].IEEE Communications Magazine,2017,55(12):1-7
[16]Zhang Chaokun,Cui Yong,Tang Heyi,et al.State-of-theart survey on software-defined networking(SDN)[J].Journal of Software,2015,26(1):62-81(in Chinese)(张朝昆,崔勇,唐翯祎,等.软件定义网络(SDN)研究进展[J].软件学报,2015,26(1):62-81)
[17]Bao Peiming.An optimization algorithm based on Dijkstra algorithm in search of shortcut[J].Journal of Computer Research and Development,2001,38(3):307-311(in Chinese)(鲍培明.距离寻优中Dijkstra算法的优化[J].计算机研究与发展,2001,38(3):307-311)
[18]Huang Y,Yi Q,Shi M.An improved Dijkstra shortest path algorithm[C]//Proc of the 2nd Int Conf on Computer Science and Electronics Engineering(ICCSEE-13).Paris,France:Atlantis Press,2013:226-229
[19]Aini A,Salehipour A.Speeding up the Floyd-Warshall algorithm for the cycled shortest path problem[J].Applied Mathematics Letters,2012,25(1):1-5
[20]Wei Dachuan.Implementation of route selection function based on improved Floyd algorithm[C]//Proc of Wase Int Conf on Information Engineering.Piscataway,NJ:IEEE,2010:223-227
[21]Hassan M S,Aref W G,Aly A M.Graph indexing for shortest-path finding over dynamic sub-graphs[C]//Proc of the 2016ACM SIGMOD Int Conf on Management of Data.New York:ACM,2016:1183-1197
[22]Cernet Network.Cernet topology[OL].[2017-11-22].http://www.cernet.com/aboutus/gyce_tpt.htm
[23]Cernet Network.Cernet2topology[OL].[2017-11-22].http://www.cernet.com/aboutus/internet2_tp.htm
[24]Internet2 Offices.Abilene topology[OL].[2017-11-22].https://www.internet2.edu/media/medialibrary/2017/05/17/I2-Network-Infrastructure-Topology-Layer_3logos-201705_TnrVotx.pdf
[25]Geant.Geant topology[OL].[2017-11-22].https://www.geant.org/Resources/Documents/GEANT_top ology_map_august2017.pdf
[2]Nunes B A A,Mendonca M,Nguyen X N,et al.A survey of software-defined networking:Past,present,and future of programmable networks.IEEE Communications Surveys and Tutorials,2014,16(3):1617-1634
[3]Lin Chuang,Peng Xuehai.Research on trustworthy networks[J].Chinese Journal of Computers,2005,28(5):751-758(in Chinese)(林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758)
[4]Cai Hongyun,Tian Junfeng,Li Zhen,et al.Trust model based on trust area and evaluation credibility[J].Journal of Computer Research and Development,2011,48(11):2131-2138(in Chinese)(蔡红云,田俊峰,李珍,等.基于信任领域和评价可信度量的信任模型研究[J].计算机研究与发展,2011,48(11):2131-2138)
[5]Josang A,Hayward R,Pope S.Trust network analysis with subjective logic[C]//Proc of the 29th Australasian Computer Science Conf(ACSC2006).Piscataway,NJ:IEEE,2006:179-184
[6]Josang A,Bhuiyan T.Optimal trust network analysis with subjective logic[C]//Proc of the 2nd Int Conf on Emerging Security Information,Systems and Technologies.Los Alamitos,CA:IEEE Computer Society,2008:179-184
[7]Xu Ke,Zhao Yudong,Chen Wenlong,et al.Paradigm-based routing&switching system for data interception attacks[J].Chinese Journal of Computers,2017,40(7):1649-1663(in Chinese)(徐恪,赵玉东,陈文龙,等.防御数据窃听攻击的路由交换范式体系[J].计算机学报,2017,40(7):1649-1663)
[8]Xu Lei,Xu Ke,Shen Meng,et al.MINOS:Regulating router data plane actions in dynamic runtime environments[C]//Proc of ACM Turing 50th Celebration Conf.New York:ACM,2017:No.40
[9]Zheng Lijuan,Han Zhen.Trusted intra-domain fast authentication protocol based on split mechanism network[J].Journal of Computer Research and Development,2012,49(5):939-948(in Chinese)(郑丽娟,韩臻.基于分离机制网络的可信域内快速认证协议[J].计算机研究与发展,2012,49(5):939-948)
[10]Xu Mingwei,Yang Shu,Wang Dan,et al.Two dimensionalIP routing[C]//Proc of Int Conf on Computing,NETWORKING and Communications.Los Alamitos,CA:IEEE Computer Society,2013:835-839
[11]Shailendra S,Bhattacharjee R,Bose S K.Optimized flow division modeling for multi-path transport[C]//Proc of India Conf(INDICON).Piscataway,NJ:IEEE,2011:1-4
[12]Du Wenfeng,Lai Liqian,Wu Zhen.Transmission delay prediction based data allocation scheme for concurrent mutipath transfer[J].Journal of Software,2015,26(8):2041-2055(in Chinese)(杜文峰,赖力潜,吴真.基于传输时延预测的多路径并发传输数据分配算法[J].软件学报,2015,26(8):2041-2055)
[13]Du Wenfeng,Wu Zhen,Lai Liqian.Delay-sensitive data allocation scheme for CMT over diversity paths[J].Journal on Communications,2013,34(4):149-157(in Chinese)(杜文峰,吴真,赖力潜.传输延迟感知的多路径并发差异化路径数据分配方[J].通信学报,2013,34(4):149-157)
[14]Tao Jing,Gao Xianming,Wang Baosheng,et al.Multi-path based link-state routing mechanism[C]//Proc of the 18th Int Conf on Advanced Communication Technology(ICACT).Piscataway,NJ:IEEE,2016:342-351
[15]Casoni M,Grazia C A,Klapez M.SDN-based resource pooling to provide transparent multi-path communications[J].IEEE Communications Magazine,2017,55(12):1-7
[16]Zhang Chaokun,Cui Yong,Tang Heyi,et al.State-of-theart survey on software-defined networking(SDN)[J].Journal of Software,2015,26(1):62-81(in Chinese)(张朝昆,崔勇,唐翯祎,等.软件定义网络(SDN)研究进展[J].软件学报,2015,26(1):62-81)
[17]Bao Peiming.An optimization algorithm based on Dijkstra algorithm in search of shortcut[J].Journal of Computer Research and Development,2001,38(3):307-311(in Chinese)(鲍培明.距离寻优中Dijkstra算法的优化[J].计算机研究与发展,2001,38(3):307-311)
[18]Huang Y,Yi Q,Shi M.An improved Dijkstra shortest path algorithm[C]//Proc of the 2nd Int Conf on Computer Science and Electronics Engineering(ICCSEE-13).Paris,France:Atlantis Press,2013:226-229
[19]Aini A,Salehipour A.Speeding up the Floyd-Warshall algorithm for the cycled shortest path problem[J].Applied Mathematics Letters,2012,25(1):1-5
[20]Wei Dachuan.Implementation of route selection function based on improved Floyd algorithm[C]//Proc of Wase Int Conf on Information Engineering.Piscataway,NJ:IEEE,2010:223-227
[21]Hassan M S,Aref W G,Aly A M.Graph indexing for shortest-path finding over dynamic sub-graphs[C]//Proc of the 2016ACM SIGMOD Int Conf on Management of Data.New York:ACM,2016:1183-1197
[22]Cernet Network.Cernet topology[OL].[2017-11-22].http://www.cernet.com/aboutus/gyce_tpt.htm
[23]Cernet Network.Cernet2topology[OL].[2017-11-22].http://www.cernet.com/aboutus/internet2_tp.htm
[24]Internet2 Offices.Abilene topology[OL].[2017-11-22].https://www.internet2.edu/media/medialibrary/2017/05/17/I2-Network-Infrastructure-Topology-Layer_3logos-201705_TnrVotx.pdf
[25]Geant.Geant topology[OL].[2017-11-22].https://www.geant.org/Resources/Documents/GEANT_top ology_map_august2017.pdf
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |