Preventing flow table overflow against denial of service attack in software defined network
Aiming at denial of service attacks would cause overflow of the limited flow table space of the switch in software defined network, failure to install flow table rules for normal network packets, packet forwarding delay, and packet loss, FloodMitigation was proposed to prevent flow table overflow ag...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2023-02-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2023036/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Aiming at denial of service attacks would cause overflow of the limited flow table space of the switch in software defined network, failure to install flow table rules for normal network packets, packet forwarding delay, and packet loss, FloodMitigation was proposed to prevent flow table overflow against denial of service attacks in software defined network.The management of the rate-limit flow rule installation based on available flow table space was adopted to limit the maximum installation speed of flow rules and the number of flow table space occupied by switch ports with denial-of-service attacks, and avoid flow table overflow.In addition, path selection based on available flow table space was adopted to balance flow table utilization of switches among multiple forwarding paths to avoid denial of service attacks on switches with less available flow table in the path.The experimental results demonstrate that FloodMitigation can effectively alleviate the harm of denial of service attacks in terms of preventing switch flow table overflow and packet loss, reducing resource consumption of controllers, and ensuring packet forwarding delay. |
|---|---|
| ISSN: | 1000-436X |