A Software-Defined Networking Packet Forwarding Verification Mechanism Based on Programmable Data Plane

For the fixed and limited number of OpenFlow protocol matching fields, and the lack of effective forwarding verification mechanism for data packet forwarding in the Software-Defined Networking (SDN), a SDN packet forwarding verification mechanism based on programmable data plane is proposed. By adding a cipher identification to the data packet, the P4 forwarding device joins the OpenFlow-based SDN network to control accurately and sample network traffic flow without affecting the normal forwarding of the data flow. The controller verifies the integrity of the sampled packet, and sends flow rules to the OpenFlow forwarding device to control the abnormal data flow such as malicious tampering and forgery. Finally, the forwarding verification prototype and simulation network based on P4 forwarding device and Open vSwitch forwarding device are constructed and tested. The experimental results show that the mechanism can effectively detect the forwarding abnormal behaviors such as packet tampering and forgery. Compared with similar verification mechanisms, in the case of the same security verification processing overhead, it can achieve more fine-grained flow precise control sampling and lower forwarding delay.