Scalability and security are always the serious issues in uencing the development of Software-Defined Network (SDN). Implementing Identifiers Separating and Mapping Architecture (ISMA) into SDN is a promising solution to improve the scalability and security problems by dividing the network into edge network and core network. In this paper, we propose an approach of ow table entries compression in OpenFlow network. We modify both the data plane and the control plane elements to implement the separating of identity and locator. We define an OpenFlow based access forwarding element connecting the edge network and core network which has a mapping ow table inside as well as we define an OpenFlow based core forwarding element in core network for compressing the ow table rules by coarse-grain forwarding. Besides, we propose an approach to detect and prevent DDoS attack in SDN network by analyzing the Packet_In messages with map request in the central controller. Based on the proposed approach, we design the prototype including forwarding elements and the central controller with mapping module and security analysis application. Additionally, we compare the performance of our approach with OpenFlow and verify the feasibility and effort using the prototype and simulation environment. The number of forwarding ow table entries in core network can be reduced dramatically and our approach can detect and prevent DDoS attack before undermining the victim.

• 出版日期2017-3
• 单位北京交通大学