Abstract
For software-defined networking (SDN), the match fields of the OpenFlow protocol are fixed and limited, packet forwarding lacks fine-grained control and a valid forwarding verification mechanism, and the forwarding device cannot effectively monitor packet forgery; therefore, we propose P4Label, which is an SDN packet forwarding control mechanism based on P4. Because P4 has the feature of allowing the data plane of the network to be programmed, we construct a new P4Label protocol header. For realizing precise control of the forwarding behavior of network packet, the data plane forwarding device verifies the source authenticity and integrity of the forwarded packet, clears abnormal flow such as malicious tampering and forgery of data, and implements fine-grained packet forwarding and verification capabilities based P4Label. Finally, the study constructs a P4Label prototype system based on the open source BMv2 software switch and verifies the effectiveness and performance of the mechanism through experimental analysis. The experiments are conducted in the Mininet simulation environment; the analysis results indicate that P4Label is a valid forwarding control mechanism that can guarantee precise packet forwarding, packet source verification, and packet integrity.
Similar content being viewed by others
Data availability
The data used to support the findings of this study are included within the article.
References
Agarwal K, Rozner E, Dixon C, Carter J (2014) SDN traceroute: Tracing SDN forwarding without changing network behavior. In: Proceedings of the third workshop on Hot topics in software defined networking, ACM, pp 145–150. https://doi.org/10.1145/2620728.2620756
Akhunzada A, Gani A, Anuar NB, Abdelaziz A, Khan MK, Hayat A, Khan SU (2016) Secure and dependable software defined networks. J Netw Comput Appl 61:199–221. https://doi.org/10.1016/j.jnca.2015.11.012
Ballard JR, Rae I, Akella A (2010) Extensible and scalable network monitoring using OpenSAFE. In: INM/WREN 10
Benton K, Camp LJ, Small C (2013) OpenFlow vulnerability assessment. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, ACM, pp 151–152. https://doi.org/10.1145/2491185.2491222
Bhushan K, Gupta BB (2019) Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. J Ambient Intell Human Comput 10:1985–1997. https://doi.org/10.1007/s12652-018-0800-9
Bosshart P, Daly D, Izzard M et al (2014) P4: Programming protocol-independent packet processors. ACM SIGCOMM Comput Commun Rev 44:87–95. https://doi.org/10.1145/2656877.2656890
Casado M, Freedman MJ, Pettit J, Luo J, McKeown N, Shenker S (2007) Ethane: taking control of the enterprise. In: ACM SIGCOMM computer communication review, vol 4. ACM, pp 1–12. https://doi.org/10.1145/1282380.1282382
Dearlove C (2016) Identity-based signatures for mobile ad hoc network (MANET) routing protocols. https://tools.ietf.org/html/rfc7859.. Accessed 20 Jan 2020
Dhawan M, Poddar R, Mahajan K, Mann V (2015) SPHINX: detecting security attacks in software-defined networks. In: NDSS, pp 8–11. https://doi.org/10.14722/ndss.2015.23064
Diro AA, Reda HT, Chilamkurti N (2018) Differential flow space allocation scheme in SDN based fog computing for IoT applications. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-017-0677-z
Festijo E, Jung Y, Peradilla M (2019) Software-defined security controller-based group management and end-to-end security management. J Ambient Intell Human Comput 10:3365–3382. https://doi.org/10.1007/s12652-018-0678-6
Fundation ON (2012) Software-defined networking: the new norm for networks. ONF White Paper 2:2–6
Guodong T, Xi Q, Chaowen C (2017) A SDN security control forwarding mechanism based on cipher identification. In: 2017 IEEE 9th international conference on communication software and networks (ICCSN), IEEE, pp 1419–1425. https://doi.org/10.1109/ICCSN.2017.8230343
Jararweh Y, Al-Ayyoub M, Benkhelifa E, Vouk M, Rindos A (2015) SDIoT: a software defined based internet of things framework. J Ambient Intell Humaniz Comput 6:453–461. https://doi.org/10.1007/s12652-015-0290-y
Kate A, Zaverucha GM, Goldberg I (2010) Pairing-based onion routing with improved forward secrecy. ACM Transact Inf Syst Secur (TISSEC) 13:29. https://doi.org/10.1145/1880022.1880023
Kreutz D, Ramos FM, Verissimo P, Rothenberg CE, Azodolmolky S, Uhlig S (2015) Software-defined networking: a comprehensive survey. Proc IEEE 103:14–76. https://doi.org/10.1109/JPROC.2014.2371999
Liu C, Raghuramu A, Chuah C-N, Krishnamurthy B (2017) Piggybacking network functions on SDN reactive routing: a feasibility study. In: Proceedings of the symposium on SDN research, ACM, pp 34–40. https://doi.org/10.1145/3050220.3050225
Lynn B (2006) PBC library manual 0.5.14. Stanford University. https://crypto.stanford.edu/pbc/manual.html. Accessed 20 Jan 2020
Pillutla H, Arjunan A (2019) Fuzzy self organizing maps-based DDoS mitigation mechanism for software defined networking in cloud computing. J Ambient Intell Human Comput 10:1547–1559. https://doi.org/10.1007/s12652-018-0754-y
Rajaram S, Maitra T, Vollala S, Ramasubramanian N, Amin R (2019) eUASBP: enhanced user authentication scheme based on bilinear pairing. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-019-01388-x
Scott-Hayward S, Natarajan S, Sezer S (2015) A survey of security in software defined networks. IEEE Commun Surv Tutor 18:623–654. https://doi.org/10.1109/COMST.2015.2453114
Shamir A (1984) Identity-based cryptosystems and signature schemes. In: Workshop on the theory and application of cryptographic techniques, Springer, pp 47–53. https://doi.org/10.1007/3-540-39568-7_5
Shin SW, Gu G (2012) Cloudwatcher: Network security monitoring using openflow in dynamic cloud networks. In: Network Protocols (ICNP) 2012, IEEE, pp 1–6. https://doi.org/10.1109/ICNP.2012.6459946
Shin SW, Porras P, Yegneswara V, Fong M, Gu G, Tyson M (2013) Fresco: modular composable security services for software-defined networks. In: 20th annual network and distributed system security symposium, Ndss
Yuan H, Bi J, Li BH, Tan W (2017) Cost-aware request routing in multi-geography cloud data centres using software-defined networking. Enterp Inf Syst 11:359–388. https://doi.org/10.1080/17517575.2015.1048833
Zhang H, Tang F, Barolli L (2019) Efficient flow detection and scheduling for SDN-based big data centers. J Ambient Intell Human Comput 10:1915–1926. https://doi.org/10.1007/s12652-018-0783-6
Acknowledgements
This work was supported by the National Science Foundation of China (No. 61572517). The work was also partially supported by the grants from the Department of Industrial and Systems Engineering, the Hong Kong Polytechnic University, China (H-ZG3K).
Author information
Authors and Affiliations
Corresponding authors
Ethics declarations
Conflicts of interest
The authors declare that there are no conflicts of interest regarding the publication of this paper.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zuo, Z., Chang, C., Zhang, Y. et al. P4Label: packet forwarding control mechanism based on P4 for software-defined networking. J Ambient Intell Human Comput (2020). https://doi.org/10.1007/s12652-020-01719-3
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s12652-020-01719-3