SDN-based dynamic anti-MAC address spoofing method

Abstract

An SDN-based method for dynamically preventing MAC address spoofing comprises the steps as follows: connecting interchangers in whole network to an SDN controller, establishing a dynamic network based on the SDN, calculating a forward path of a message in real time according to MAC address information, interchanger port information and network topology information, which are reported by interchangers with the SDN controller, obtaining a corresponding relation of the MAC address and a interchanger port on all interchangers on the forward path, issuing real-time dynamic condition of a binding relation to the interchangers on the forward path via a flow table instruction set with the SDN controller, updating a target MAC address and a port binding relational table on the interchangers and binding the MAC address and the interchanger port. Using an SDN frame to sense forward path and network change of the message, the SDN-based method for dynamically preventing MAC address spoofing of the invention realizes the dynamic binding of the MAC address and the interchanger port so as to prevent the MAC address spoofing in whole network to enable management and configuration of the whole network to be simple and intelligent so as to effectively managing the whole SDN network.

Description

technical field [0001] The invention relates to a dynamic anti-MAC address spoofing method based on SDN (Self-Defending Network, Self-Defending Network). Background technique [0002] Traditional switches rely on the MAC address table (a Layer 2 forwarding table that maintains the mapping relationship between MAC addresses, VLANs, and ports, which is the basis for fast forwarding of Layer 2 packets) to forward data packets. A single-address message with a specific destination MAC address will not be simply copied to other ports like the Hub, but will only be sent to the corresponding learning port. Hackers use forged MAC messages to allow the switch to learn the wrong mapping relationship between MAC addresses, VLANs, and ports, resulting in the failure of data packets to be forwarded to the correct destination address. [0003] Traditional switches support the binding of MAC addresses and ports to solve this potential security risk, such as figure 1 As shown, on switch S2...

AI Technical Summary

Problems solved by technology

To implement manual static binding, the network administrator needs to manually enter the user's MAC address and port number into the network. For a large-scale network, this work is obviously not easy. It is necessary to manually configure static binding on all switches in the forwarding path. binding relationship, so it is very error-prone

Images