Troubleshooting Based on Packet Traceback in Software-defined Networks

doi:10.3969/j.issn.1671-1122.2016.03.012

Abstract

Abstract:

With the increasingly numbers of serious problems of network security, network operators solve specific problems mainly use the tools such as ping, traceroute, SNMP, tcpdump and so on. Their experience and ability is crucial to find the position of the fault. This paper describes the troubleshooting way based on provenance traceback and improves it with packets traceback. Provenance traceback is used in detection of rule conflicts, which using graph theory to locate the root cause, but not used widely in the detection of rule loss. This paper presents a troubleshooting solution that based on packet traceback, which can effectively detect the rule conflicts and rules loss and expand the scope, which is an important complement to the provenance traceback. Constructing packets by specific source IP addresses, using back policy to get the fault location. The whole process does not require the user to back human intervention, with real-time and automated features.

Key words: software-defined networks, provenance traceback, troubleshooting

CLC Number:

TP309

Kuan JIANG, Peng YANG. Troubleshooting Based on Packet Traceback in Software-defined Networks[J]. Netinfo Security, 2016, 16(3): 71-76.

[1]	GHEORGHE G, AVANESOV T, PALATTELLA M R, et al.SDN-RADAR: Network troubleshooting combining user experience and SDN Capabilities[C]//IEEE. Network Softwarization, 2015 1st IEEE Conference onSoftware-Defined Infrastructures (SDI) for Networks, Clouds and Services. IEEE, 2015:1-5.
[2]	卿斯汉.关键基础设施安全防护[J]. 信息网络安全,2015(2):1-6.
[3]	ZHANG H, REICH J, REXFORD. Packet Traceback for Software-defined Networks[R].Princeton:Princeton University, TR-978-15, 2015.
[4]	文伟平,郭荣华,孟正,等.信息安全风险评估关键技术研究与实现[J]. 信息网络安全,2015(2):7-14.
[5]	HANDIGOL N, HELLER B, JEYAKUMAR V, et al.I Know What Your Packet Did Last Hop: Using packet Histories to Troubleshoot Networks[C]//USENIX.11th USENIX Symposium on Networked Systems Design and Implementation, April 2-4, 2014,Seattle, WA, USA. Seattle:USENIX Association, 2014: 71-85.
[6]	王学强,雷灵光,王跃武. 移动互联网安全威胁研究[J]. 信息网络安全,2014(9):30-33.

[1]	Zhiyan ZHAO, Xiaomo JI. Research on the Intelligent Fusion Model of Network Security Situation Awareness [J]. Netinfo Security, 2020, 20(4): 87-93.
[2]	Min LIU, Shuhui CHEN. Research on VoLTE Traffic Based on Association Fusion [J]. Netinfo Security, 2020, 20(4): 81-86.
[3]	Lingyu BIAN, Linlin ZHANG, Kai ZHAO, Fei SHI. Ethereum Malicious Account Detection Method Based on LightGBM [J]. Netinfo Security, 2020, 20(4): 73-80.
[4]	Yifeng DU, Yuanbo GUO. A Dynamic Access Control Method for Fog Computing Based on Trust Value [J]. Netinfo Security, 2020, 20(4): 65-72.
[5]	Zhizhou FU, Liming WANG, Ding TANG, Shuguang ZHANG. HBase Secondary Ciphertext Indexing Method Based on Homomorphic Encryption [J]. Netinfo Security, 2020, 20(4): 55-64.
[6]	Rong WANG, Chunguang MA, Peng WU. An Intrusion Detection Method Based on Federated Learning and Convolutional Neural Network [J]. Netinfo Security, 2020, 20(4): 47-54.
[7]	Xiaoli DONG, Shuai SHANG, Jie CHEN. Impossible Differential Attacks on 9-Round Block Cipher Rijndael-192 [J]. Netinfo Security, 2020, 20(4): 40-46.
[8]	Chun GUO, Changqing CHEN, Guowei SHEN, Chaohui JIANG. A Ransomware Classification Method Based on Visualization [J]. Netinfo Security, 2020, 20(4): 31-39.
[9]	Lu CHEN, Yajie SUN, Liqiang ZHANG, Yun CHEN. A Scheme of Measurement for Terminal Equipment Based on DICE in IoT [J]. Netinfo Security, 2020, 20(4): 21-30.
[10]	Jinfang JIANG, Guangjie HAN. Survey of Trust Management Mechanism in Wireless Sensor Network [J]. Netinfo Security, 2020, 20(4): 12-20.
[11]	Jianwei LIU, Yiran HAN, Bin LIU, Beiyuan YU. Research on 5G Network Slicing Security Model [J]. Netinfo Security, 2020, 20(4): 1-11.
[12]	Peng LIU, Qian HE, Wangyang LIU, Xu CHENG. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption [J]. Netinfo Security, 2020, 20(3): 90-97.
[13]	Yubo SONG, Ming FAN, Junjie YANG, Aiqun HU. Multipath Solution and Blocking Method of Network Attack Traffic Based on Topology Analysis [J]. Netinfo Security, 2020, 20(3): 9-17.
[14]	Tengfei WANG, Manchun CAI, Tianliang LU, Ting YUE. IPv6 Network Attack Source Tracing Method Based on iTrace_v6 [J]. Netinfo Security, 2020, 20(3): 83-89.
[15]	Yi ZHANG, Hongyan LIU, Hequn XIAN, Chengliang TIAN. A Cloud Storage Encrypted Data Deduplication Method Based on Authorization Records [J]. Netinfo Security, 2020, 20(3): 75-82.

Troubleshooting Based on Packet Traceback in Software-defined Networks

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 6

Related Articles 15

Recommended Articles

Metrics

Comments