ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2021, Vol. 58 ›› Issue (7): 1544-1562.doi: 10.7544/issn1000-1239.2021.20200480

• 网络技术 • 上一篇    下一篇

OpenFlow交换机流表溢出缓解技术研究综述

谢升旭,邢长友,张国敏,宋丽华,胡谷雨   

  1. (陆军工程大学指挥控制工程学院 南京 210007) (xsx1727@qq.com)
  • 出版日期: 2021-07-01
  • 基金资助: 
    国家自然科学基金项目(61379149,61772271);中国博士后科学基金项目(2017M610286)

Survey of OpenFlow Switch Flow Table Overflow Mitigation Techniques

Xie Shengxu, Xing Changyou, Zhang Guomin, Song Lihua, Hu Guyu   

  1. (Command & Control Engineering College, Army Engineering University of PLA, Nanjing 210007)
  • Online: 2021-07-01
  • Supported by: 
    This work was supported by the National Natural Science Foundation of China (61379149, 61772271) and the China Postdoctoral Science Foundation (2017M610286).

摘要: 软件定义网络的转发控制分离、集中控制、开放接口等特性使网络变得灵活可控,其架构得到了充分的发展.由于与各种云化业务的良好结合,软件定义网络(software defined networking, SDN)在近些年来得到了大量的商业部署.在基于OpenFlow的SDN架构中,为了实现流表项的快速查找、掩码匹配等目标,商业部署的硬件交换机大多使用三态内容寻址存储器(ternary content addressable memory, TCAM)来存储控制器下发的流表项.但受限于TCAM的容量和价格,目前商用OpenFlow交换机至多能支持存储数万条流表项,导致其存在因突发流和流表攻击等原因而产生流表溢出问题,严重影响了网络性能.因此,如何建立高效的流表溢出缓解机制引起了研究人员的广泛关注.首先对OpenFlow交换机流表溢出问题产生的原因及其影响进行了分析,在此基础上按照流量突发和攻击行为2种情况归纳对比了流表溢出缓解技术的研究现状,总结分析了现有研究存在的问题与不足,并展望了未来的发展方向和面临的挑战.

关键词: 软件定义网络, OpenFlow交换机, 三态内容寻址存储器, 流表溢出, 缓解机制

Abstract: The features of software defined networking (SDN) such as forwarding and control separation, centralized control, and open interfaces make the network flexible and controllable, and its architecture has been fully developed. Due to the good combination with various cloud services, SDN has received a large number of commercial deployments in recent years. In OpenFlow-based SDN architecture, ternary content addressable memory (TCAM) is mostly used on hardware switches to store flow entries installed by the controller in order to achieve such goals as fast lookup of flow entries and mask matching. However, limited by the capacity and price of TCAM, the current commercial OpenFlow switches can store at most tens of thousands of flow entries, which leads to the problem of flow table overflow caused by burst traffic or flow table overflow attacks, which seriously affects the network performance. How to establish an efficient flow table overflow mitigation mechanism has attracted extensive attention from researchers. Firstly, the causes and effects of flow table overflow problem in OpenFlow switch are discussed. On this basis, the current research status of flow table overflow mitigation technology is summarized and compared according to the two situations of burst traffic and attack behavior. Finally, the existing research problems are summarized and analyzed, and the future development direction and challenges are forecasted.

Key words: software defined networking, OpenFlow switch, ternary content addressable memory, flow table overflow, mitigation mechanism

中图分类号: