Computer Science ›› 2025, Vol. 52 ›› Issue (10): 328-335.doi: 10.11896/jsjkx.240800163

• Computer Network • Previous Articles     Next Articles

SRv6 Functional Conformance Verification Mechanism Based on the Programmable Data Plane

WANG Pengrui1, HU Yuxiang1,2,3, CUI Pengshuai1,2,3, DONG Yongji1,2,3, XIA Jiqiang1   

  1. 1 Institute of Information Technology Research,Information Engineering University,Zhengzhou 450002,China
    2 National Key Laboratory of Advanced Communication Networks,Zhengzhou 450002,China
    3 Key Laboratory of Cyberspace Security,Ministry of Education,Zhengzhou 450002,China
  • Received:2024-08-30 Revised:2024-11-25 Online:2025-10-15 Published:2025-10-14
  • About author:WANG Pengrui,born in 1997,postgra-duate.His main research interests include segment routing and programmable data plane.
    HU Yuxiang,born in 1982,Ph.D,Ph.D supervisor.His main research interests include next generation network architecture and switching technology.
  • Supported by:
    National Key Research and Development Program of China(2023YFB2903902), Science and Technology Innovation Leading Talents Subsidy Project of Central Plains(244200510038) and Key R&D Projects of Songshan Laboratory(221100210900-02).

Abstract: At present,the SID in SRv6 is designed to provide programmability for traffic engineering,security authentication,and other network functions.The realization of these functions depends on the precise matching and execution of flow tables in the data plane,but when the flow tables are maliciously modified or incorrectly configured,it is easy to cause inconsistency problems in function implementation.As a classic verification tool with programmability in SDN scenarios,the INT technology can naturally combine with the two.This paper proposes the SRv6 Function Consistency Verification(SRv6FCV) mechanism based on programmable data plane.SRv6FCV uses data plane programmability technology to insert authentication identifiers into probe pac-kets,first dynamically converts the SID into a specific INT metadata structure according to the monitoring needs,then constructs probe packets and injects them into the network to collect flow table execution information for specific network functions,and finally decodes the telemetry information and completes the function consistency verification based on symbolic execution algorithms.Simulation results show that SRv6FCV can ensure consistency between flow table rules and business function execution policies.Compared with previous studies,SRv6FCV,in addition to achieving consistency verification of network functions,has lower running overhead and significantly reduces verification time.

Key words: Segment routing,SID,SRv6,In-band network telemetry,Consistency

CLC Number: 

  • TP393
[1]SUGIURAT,TAKAHASHI K,ICHIKAWA K,et al.Acar:An application-aware network routing system using SRv6[C]//2022 IEEE 19th Annual Consumer Communications & Networking Conference(CCNC).2022:751-752.
[2]ZHENGQ,TANG S,CHEN B,et al.Highly-Efficient and Adaptive Network Monitoring:When INT Meets Segment Routing[J].IEEE Transactions on Network and Service Management,2021,18(3):2587-2597.
[3]WEI W,ZHANG X,PAN P,et al.EPM-SR:efficient perfor-mance measurement framework for KPIs to support segment routing over IPv6 Network[C]//2022 IEEE 22nd International Conference on Communication Technology(ICCT).2022:1800-1805.
[4]CHEN B,CHEN F,TANG S,et al.On Orchestration of Segment Routing and In-band Network Telemetry[J].IEEE Transactions on Network and Service Management,2023,20(4):4047-4060.
[5]ZUO Q Y,CHEN M,ZHAO G S,et al.Openflow-based SDN technologies[J].Journal of Software,2013,24(5):1078-1097.
[6]BIFULCO R,RÉTVÁRI G.A survey on the programmable data plane:Abstractions,architectures,and open problems[C]//Proceedings of the 19th IEEE International Conference on High Performance Switching and Routing(HPSR).IEEE,2018.1-7.
[7]WANG X Y,HU A Q,FANG H.Improved collusion-resistant unidirectional proxy re-encryption scheme from lattice[J].IET Information Security,2020,18(1):342-351.
[8]DUTTA P,SUSILO W,DUONG D H,et al.Collusion-resistant identitybased proxy re-encryption:lattice-based constructions in standard model[J].Theoretical Computer Science,2021,871:16-29.
[9]WANG X A,GE Y L,YANG X Y.PRE +:dual of proxy re-encryption and its application[J].International Journal of Web and Grid Services,2018,14(1):44-69.
[10]SINGH K,RANGAN C P,AGRAWAL R,et al.Provably se-cure lattice based identity based unidirectional PRE and PRE + schemes[J].Journal of Information Security and Applications,2020,54(3/4):102569.
[11]ATENIESE G,FU K,GREEN M,et al.Improved proxy re-encryption schemes with applications to secure distributed storage[J].ACM Trans on Information and System Security,2006,9(1):1-30.
[12]GUO H,ZHANG Z F,XU J,et al.Non-transferable proxy reencryption[J].The Computer Journal,2019,62(4):490-506.
[13]PEREŠÍNI P,KUŹNIAR M,AND KOSTIĆ D.Monocle:Dynamic,Fine-grained Data Plane Monitoring[C]//Proceedings of CoNEXT.2015:1-13.
[14]TAN L,SU W,MIAO J,et al.FindINT:Detect and Locate the Lost in-Band Network Telemetry Packet[J].IEEE Networking Letters,2022,4(1):20-24.
[15]MARQUES JA,GASPARY L P.Advancing Network Monitoring and Operation with In-band Network Telemetry and Data Plane Programmability[C]//NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium.2023:1-6.
[16]LIU W,ZHANG X,FENG C,et al.Segment Routing based In-Band Network Telemetry in IPv6 over Optical Networks[C]//2024 2nd International Conference On Mobile Internet,Cloud Computing and Information Security(MICCIS).2024:125-129.
[17]GENTRY C,PEIKERT C,VAIKUNTANATHAN V.How to use a short basis:trapdoors for hard lattices and new cryptographic constructions[C]//Proc. of the 40th ACM Symposium on Theory of Computing.2018:197-206.
[18]WANG F H,HU Y P,JIA Y Y.Lattice-based signature scheme in the standard model[J].Journal of Xidian University,2012,39(4):57-61,119.
[19]QIU L S,WANG L L,LIU J,et al.SRSV:Efficient Resource Reservation for Satellite Networks Based on Segment Routing[C]//2022 5th International Conference on Hot Information-Centric Networking(HotICN).2022:99-104.
[20]WANG X Y,HU A Q,HAO F.Feasibility analysis of latticebased proxy re-encryption[C]//Proc. of the 17th International Conference on Cryptography,Security and Privacy.2017:12-16.
[21]CHICA J C C,IMBACHI J C,VEGA J F B.Security in SDN:A comprehensive survey[J].Journal of Network and Computer Applications,2020,159:102595.
[1] HU Yongqing, YANG Han, LIU Ziyuan, QING Guangjun, DAI Qinglong. ACCF:Time Prediction Mechanism-driven Top-k Flow Measurement [J]. Computer Science, 2025, 52(10): 98-105.
[2] DUAN Pengsong, ZHANG Yihang, FANG Tao, CAO Yangjie, WANG Chao. WiLCount:A Lightweight Crowd Counting Model for Wireless Perception Scenarios [J]. Computer Science, 2025, 52(10): 317-327.
[3] XU Jia, LIU Jingyi, XU Lijie, LIU Linfeng. Wireless Charging Scheduling with Minimized Maximum Return-to-Work Time for Heterogeneous Mobile Rechargeable Devices [J]. Computer Science, 2025, 52(10): 336-347.
[4] WU Moxun, PENG Zeshun, YU Minghe, LI Xiaohua, DONG Xiaomei, NIE Tiezheng, YU Ge. Approach for Lightweight Verifiable Data Management Based on Blockchains [J]. Computer Science, 2025, 52(10): 348-356.
[5] HE Hao, ZHANG Hui. Intrusion Detection Method Based on Improved Active Learning [J]. Computer Science, 2025, 52(10): 357-365.
[6] ZHU Ziyi, ZHANG Jianhui, ZENG Junjieand ZHANG Hongyuan. Security-aware Service Function Chain Deployment Method Based on Deep ReinforcementLearning [J]. Computer Science, 2025, 52(10): 404-411.
[7] WU Jiagao, YI Jing, ZHOU Zehui, LIU Linfeng. Personalized Federated Learning Framework for Long-tailed Heterogeneous Data [J]. Computer Science, 2025, 52(9): 232-240.
[8] SHEN Tao, ZHANG Xiuzai, XU Dai. Improved RT-DETR Algorithm for Small Object Detection in Remote Sensing Images [J]. Computer Science, 2025, 52(8): 214-221.
[9] LONG Tie, XIAO Fu, FAN Weibei, HE Xin, WANG Junchang. Cubic+:Enhanced Cubic Congestion Control for Cross-datacenter Networks [J]. Computer Science, 2025, 52(8): 335-342.
[10] YE Miao, WANG Jue, JIANG Qiuxiang, WANG Yong. SDN-based Integrated Communication and Storage Edge In-network Storage Node Selection Method [J]. Computer Science, 2025, 52(8): 343-353.
[11] FAN Xinggang, JIANG Xinyang, GU Wenting, XU Juntao, YANG Youdong, LI Qiang. Effective Task Offloading Strategy Based on Heterogeneous Nodes [J]. Computer Science, 2025, 52(8): 354-362.
[12] ZHAO Jihong, MA Jian, LI Qianwen, NING Lijuan. Service Function Chain Deployment Method Based on VNF Divided Backup Mechanisms [J]. Computer Science, 2025, 52(7): 287-294.
[13] LIU Wenfei, LIU Jiafei, WANG Qi, WU Jingli, LI Gaoshi. Component Reliability Analysis of Interconnected Networks Based on Star Graph [J]. Computer Science, 2025, 52(7): 295-306.
[14] CHEN Shangyu, HU Hongchao, ZHANG Shuai, ZHOU Dacheng, YANG Xiaohan. Tor Multipath Selection Based on Threaten Awareness [J]. Computer Science, 2025, 52(7): 363-371.
[15] ZHOU Lei, SHI Huaifeng, YANG Kai, WANG Rui, LIU Chaofan. Intelligent Prediction of Network Traffic Based on Large Language Model [J]. Computer Science, 2025, 52(6A): 241100058-7.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!