Source address filtering for large scale network: A cooperative software mechanism design

Shu Yang, Mingwei Xu, Dan Wang, Jianping Wu

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

2 Citations (Scopus)

Abstract

Source address filtering is used as an important mechanism to prevent malicious traffic. Currently, most networks store filters in hardware such as TCAM, which has limited capacity, high power consumption and high cost. Although software can accommodate large number of filters, it needs multiple accesses to memory on the border router, which bears much more additional burden than other routers. In this paper, we propose a software-based mechanism for source address filtering. In our mechanism, we only need to check a few bits in source addresses on each router, rather than checking all bits on the ingress router. Through cooperation among routers, our mechanism ensures that malicious traffic will be filtered in the network. We formulate this problem as finding a cooperative scheme such that the loads on all routers are optimally balanced. We show that the problem can be optimally solved by dynamic programming. We evaluate our algorithms using comprehensive simulations with BRITE generated topologies and real world topologies. We conduct a case study on China Education and Research Network 2 (CERNET2) configurations, a large IPv6 network. Compared to checking 128-bit IP addresses on ingress routers, our algorithm checks at most 40 bits on each router.

Original languageEnglish
Title of host publication2012 21st International Conference on Computer Communications and Networks, ICCCN 2012 - Proceedings
DOIs
Publication statusPublished - 29 Oct 2012
Event2012 21st International Conference on Computer Communications and Networks, ICCCN 2012 - Munich, Germany
Duration: 30 Jul 20122 Aug 2012

Publication series

Name2012 21st International Conference on Computer Communications and Networks, ICCCN 2012 - Proceedings

Conference

Conference2012 21st International Conference on Computer Communications and Networks, ICCCN 2012
Country/TerritoryGermany
CityMunich
Period30/07/122/08/12

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this