Open Access Open Access  Restricted Access Subscription Access


Shan-Hsiang Shen,


在未來的5G網路之中,軟體定義網路將被廣泛地運用。然而,軟體定義網路仰賴中央控制器去對網路交換機下達命令來更新其轉發規則。在更新的過程之中,網路還是會有正在運行的封包。規則更新在不同交換機被應用的時間點和順序,會對這些正在運行的封包造成不同的影響。也可能造成不同於我們預期的結果而出現安全上的問題,因此如何確保每個封包被正確的交換機規則處理變成軟體定義網路中很重要的問題。本篇論文中提出了一個隨資料流路徑做規則更新的機制。更新規則的控制封包將延著資料封包的路徑跟資料封包一起做轉發,並對延途的交換機做規則的更新。我們方法可以確保封包全程使用新的規則或是全程使用舊的規則,來保證其正確性以避免造成網路安全性問題。本篇論文中,也設計藉由交換機規則的安排,達到控制封包隨著資料封包的路徑做更新的目的。In the next generation 5G networks, software-defined networking will be widely used to manage ISP networks. The new SDN architecture arises new network security issues. To apply new policies, a central controller sends control messages to switches to update their forwarding rules. During the rule updates, there are on-going packets in switches, so the sequence of new rules applied in the switches is crucial for policy correctness. However, the varying transmission latency between the controller and switches makes it difficult to guarantee all packets follow either a new policy or an old policy. To address this issue, we propose a novel data flow aware OpenFlow control signaling system (DOC). In DOC, SDN control messages for rule updates are forwarded with the same route as data packets and update rules in the sequence of the switches along the path. DOC can guarantee the policy correctness to avoid security issues during policy updates.


資安通訊; 軟體定義網路; 控制層; Security; Software-defined networking; Control plane

Citation Format:
Shan-Hsiang Shen, "隨資料流的OpenFlow控制訊息機制," Communications of the CCISA, vol. 24, no. 1 , pp. 73-90, Jan. 2018.

Full Text:



  • There are currently no refbacks.

Published by Chinese Cryptology and Information Security Association (CCISA), Taiwan, R.O.C
CCCISA Editorial Office