计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (5): 284-292.doi: 10.11896/jsjkx.230400030

• 计算机网络 • 上一篇    下一篇

面向内生安全交换机的段路由带内遥测方法

顾周超1, 程光2, 赵玉宇1   

  1. 1 东南大学网络空间安全学院 南京 211189
    2 教育部计算机网络和信息集成重点实验室(东南大学) 南京 211189
  • 收稿日期:2023-04-05 修回日期:2023-08-11 出版日期:2024-05-15 发布日期:2024-05-08
  • 通讯作者: 程光(gcheng@njnet.edu.cn)
  • 作者简介:(220205121@seu.edu.cn)
  • 基金资助:
    国家重点研发计划(2020YFB1804604);山东计算机学会省重点实验室联合开放基金(SKLCN-2023-05)

Segmental Routing in Band Telemetry Method for Endogenous Secure Switches

GU Zhouchao1, CHENG Guang2, ZHAO Yuyu1   

  1. 1 School of Cyber Science and Technology,Southeast University,Nanjing 211189,China
    2 Key Laboratory of Computer Network and Information Integration of Ministry of Education(Southeast University),Nanjing 211189,China
  • Received:2023-04-05 Revised:2023-08-11 Online:2024-05-15 Published:2024-05-08
  • About author:GU Zhouchao,born in 1996,postgra-duate.His main research interests include segment routing and telemetry.
    CHENG Guang,born in 1973,Ph.D.His main research interests include network security and network measurement.
  • Supported by:
    This work was support by the National Key Research and Development Program of China(2020YFB1804604) and Joint Open Fund of Provincial Key Laboratory of Shandong Computer Federation(SKLCN-2023-05).

PDF (PC)

316

摘要: 近年来,网络技术的发展日新月异,基础设备及其所提供的网络服务也日益复杂。传统的网络管理和监控手段面临严峻的挑战。国内外研究人员提出段路由(Segment Routing,SR)和带内网络遥测(In-band Network Telemetry,INT)等技术来进行实时性更高、更细粒度的网络测量。然而,在流量迅速增长的网络环境下,带内网络遥测技术在实际使用中仍然存在着灵活部署、动态部署、高效部署等诸多难题。首先,传统INT技术缺乏合适的载体,数据包的开销随遥测路径长度线性增加,从而导致遥测监控的性能瓶颈问题。针对传统带内网络遥测系统比特开销大、难以高效部署的问题,提出了基于SRv6(Segment Routing IPv6,SRv6)的带内网络遥测方法(SRv6_Based INT),通过研究减小INT和SR的开销,将两者无缝结合以实现轻量级的遥测。在本项工作中,通过设计INT的元数据,使其长度等于SRv6中的Segment字段,然后在每一跳中根据监控服务器下发的流表将SID修改成相应的INT元数据。该方法充分结合了两项技术的优点,并将开销控制在合理的范围,优于传统的带内网络遥测方法。

关键词: 段路由, 带内网络遥测, 软件定义网络

Abstract: In recent years,network technology has evolved rapidly,and the infrastructure and network services provided have become increasingly complex.Traditional network management and monitoring tools are facing serious challenges.Domestic and international researchers have proposed segment routing(SR) and in-band network telemetry(INT) technologies to perform more real-time and fine-grained network measurements.However,in-band network telemetry technologies still have many challenges in practical use,such as flexible deployment,dynamic deployment,and efficient deployment in the rapidly growing network environment.First,the traditional INT technology lacks a suitable carrier,and the packet overhead increases linearly with the telemetry path length,which leads to the performance bottleneck problem of telemetry monitoring.For the problem of high bit overhead and difficulties in efficient deployment of traditional in-band network telemetry systems,this paper proposes an SRv6_Based in-band network telemetry approach(SRv6_Based INT).In this work,the overhead of INT and SR is reduced and the two are seamlessly combined to achieve a lightweight and adaptive telemetry approach.In this work,the metadata of INT is designed so that its length is equal to the Segment field in SRv6,and then the corresponding SID is modified to the corresponding INT metadata in each hop according to the flow table issued by the monitoring server.This method fully combines the advantages of both techniques and keeps the overhead within a reasonable range,which is better than the traditional in-band network telemetry methods.

Key words: Segment routing, In-band network telemetry, Software-defined network

中图分类号: 

  • TP311
[1]DAI M,CHENG G,ZHOU Y.Research on Measurement Me-thods for Software Defined Networks [J].Journal of Software,2019,30(6):22-25.
[2]BAST R B,RAMANATHAN S,LI Y L,et al.PINT:Probabilistic In-band Network Telemetry[C]//SIGCOMM.ACM,2020.
[3]ZHENG Q,TANG S,CHEN B,et al.Highly-efficient and adaptive network monitoring:When INT meets segmen trouting[J].IEEE Transactions on Network and Service Management,2021,18(3):2587-2597.
[4]FEAMSTER N,LIVINGOOD J.Measuring internet speed:current challenges and future recommendations[J].arXiv.1905.02334,2019.
[5]HELLMUND A M,WIRGES S,TAŞ Ö Ş,et al.Robot operatingsystem:A modular software framework for automated driving[C]//2016 IEEE 19th International Conference on Intelligent Transportation Systems(ITSC).2016:1564-1570.
[6]LIU Z,BI J,ZHOU Y,et al.Netvision: Towards Network Telemetry As A Service[C]//2018 IEEE 26th International Conference on Network Protocols(ICNP).IEEE,2018:247-248.
[7]CASTRO A G,LORENZON A F,ROSSI F D,et al.Near-optimal Probing Planning For In-band Network Telemetry[J].IEEE Communications Letters,2021, 5(5):1630-1634.
[8]LIN Y,ZHOU Y,LIU Z,et al.,NetView:Towards On-Demand Network-Wide Telemetry in the Data Center[C]//2020 IEEE International Conference on Communications(ICC 2020).2020:1-6.
[9]CHEN X,HUANG Q,WANG P,et al.MTP:Avoiding Control Plane Overload with Measurement Task Placement[C]//IEEE Conference on Computer Communications(INFOCOM 2021).IEEE,2021.
[10]HUANG H,NIU B,TANG S,et al.Realizing highly-available,scalable and protocol independent vSDN slicing with a distributed network hypervisor system[J].IEEE Access,2018(99):513-522.
[11]ZHANG K,ZHANG W,LIU L,et al.Hawkeye:Efficient In-band Network Telemetry with Hybrid Proactive-Passive Mechanism[C]//2022 IEEE International Conference on Parallel & Distributed Processing with Applications,Big Data & Cloud Computing,Sustainable Computing & Communications,Social Computing & Networking(ISPA/BDCloud/SocialCom/SustainCom).IEEE,2022:903-912.
[12]BREUER J,VIGNER V,ROZTOČIL J.Precise Packet Delay Measurement in an Ethernet Network [J].Measurement,2014(54):215-221.
[13]EIDSON J C,FISCHER M,WHITE J.IEEE-1588TM Stanard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems[C]//Proceedings of the 34th Annual Precise Time and Time Interval Systems and Applications Meeting.Reston,Virginia,2002:243-254.
[14]PAN T,SONG E,BIAN Z,et al.Int-path:Towards OptimalPath Planning For In-band Network-wide Telemetry[C]//IEEE INFOCOM 2019-IEEE Conference On Computer Communications.IEEE,2019:487-495.
[15]RUSSELL R,KIM L,HAMILTON L,et al.Automated Vulne-rability Detection in Source Code Using Deep Representation Learning[C]//2018 17th IEEE International Conference on Machine Learning and Applications.2018:757-762.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发