分散型SDN制御プレーンへのDoS攻撃の緩和手法の提案

全文

(1)Vol.2017-IOT-39 No.11 Vol.2017-SPT-25 No.11 2017/9/29. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. ෼ࢄ‫ ܕ‬SDN ੍‫ޚ‬ϓϨʔϯ΁ͷ DoS ߈ܸͷ؇࿨ख๏ͷఏҊ দඌ ྄ี1. ࠓઘ ‫࢙و‬2. ֓ཁɿSDN Ͱ͸ɼେ‫ن‬໛ͳωοτϫʔΫΛ੍‫͢ޚ‬ΔͨΊʹɼෳ਺ͷίϯτϩʔϥʹΑΔ෼ࢄ੍‫ޚ‬Λߦ͏ख ๏͕͍͔ͭ͘ఏҊ͞Ε͍ͯΔɽ·ͨɼωοτϫʔΫ಺ͷτϥϑΟοΫͷภΓʹରԠ͢ΔͨΊʹɼεΠον ͷ؅ཧ‫ݶݖ‬ΛίϯτϩʔϥؒͰҠಈͤ͞Δख๏͕ఏҊ͞Ε͍ͯΔɽ͔͠͠ɼ͜ͷख๏͸গ਺ͷεΠονͷ ूஂʹτϥϑΟοΫྔ͕ूத͢Δ৔߹ɼޮՌతʹ‫ػ‬ೳ͠ͳ͍͜ͱ͕͋Δɽ·ͨɼۙ೥Ͱ͸ SDN-DoS ߈ܸ ͱ͍͏ɼଳҬΛѹഭͤͣޮՌతʹ੍‫ޚ‬ϓϨʔϯͷϦιʔεΛফඅͤ͞Δख๏΋ఏҊ͞Ε͍ͯΔɽෳ਺ͷί ϯτϩʔϥʹΑΔ෼ࢄ‫ޚ੍ܕ‬ϓϨʔϯʹ͓͍ͯɼ͜ͷ߈ܸΛ؇࿨͢ΔͨΊʹɼίϯτϩʔϥؒͰॲཧΛ෼ ୲͢Δख๏ΛఏҊ͠ɼੑೳͷ‫ݕ‬౼Λߦ͏ɽ ΩʔϫʔυɿSDN, DoS, ίϯτϩʔϥ. A Proposal for Relaxing Denial of Service Attacks on Distributed SDN Control Plane Ryosuke Matsuo1. 1. ͸͡Ίʹ. Takashi Imaizumi2. Λҙਤతʹར༻ͨ͠ SDN-DoS ߈ܸ͕ൃੜ͢Δ͜ͱ͕‫ݒ‬೦ ͞Ε͍ͯΔɽ௨ৗ੍‫࣌ޚ‬ͷෛՙ΁ͷରࡦͱͯ͠ɼෳ਺ͷί. ωοτϫʔΫΛ؅ཧ͢Δٕज़ͷ̍ͭʹɼSDN (Software. ϯτϩʔϥʹΑΔωοτϫʔΫͷ෼ࢄ੍‫ޚ‬ख๏͕ఏҊ͞Ε. Defined Network) ͕͋ΔɽSDN ͸ɼωοτϫʔΫΛߏ੒. ͍ͯΔ͕ɼ΄ͱΜͲ͕ωοτϫʔΫͷτϙϩδʔʹ‫͍ͮج‬. ͠σʔλసૹΛߦ͏σʔλϓϨʔϯͱɼ੍‫ྩ໋ޚ‬Λσʔλ. ͨॲཧൣғͷ෼ׂΛߦ͍ͬͯΔɽͦͷͨΊɼ߈ܸऀ͕τϥ. ϓϨʔϯ΁ద༻͢ΔίϯτϩʔϧϓϨʔϯɼ‫ܦ‬࿏੍‫Ͳͳޚ‬. ϑΟοΫΛ‫ॴہ‬తʹूதͤͨ͞৔߹ɼͦͷॲཧʹΑΔෛՙ. ͷ֤छ൑அΛߦ͏ΞϓϦέʔγϣϯʹΑͬͯߏ੒͞ΕΔɽ. ͸Ұ෦ͷίϯτϩʔϥʹूதͯ͠͠·͏ɽ. ίϯτϩʔϧϓϨʔϯ͸ɼίϯτϩʔϥͱ‫ݺ‬͹ΕΔ‫ʹثػ‬. ຊ‫Ͱڀݚ‬͸ɼ߈ܸൃੜ࣌ʹ߈ܸύέοτͷॲཧΛɼՔಇ͠. Αͬͯߏ੒͞ΕΔɽ؅ཧऀ͸ωοτϫʔΫͷ੍‫ޚ‬ϧʔνϯ. ͍ͯΔଞͷίϯτϩʔϥ΁෼ࢄͤ͞ΔγεςϜΛఏҊ͢Δɽ. ΛΞϓϦέʔγϣϯΛ௨ͯ͠ఆٛ͢Δ͜ͱͰɼωοτϫʔ. ෳ਺ͷίϯτϩʔϥΛ࠷େ‫͢༻׆ݶ‬Δ͜ͱͰɼSDN-DoS. ΫશମΛҰ‫ݩ‬తʹ؅ཧ͢Δ͜ͱ͕Ͱ͖Δɽ͜ͷ؅ཧ্ͷར. ߈ܸʹΑΓൃੜ͢Δେྔͷύέοτॲཧ΁ͷεϧʔϓοτ. ఺͔ΒɼSDN ͸࿦ཧωοτϫʔΫͷߏஙͳͲʹར༻͞Εͯ. Λ޲্ͤ͞Δ͜ͱΛ໨తͱ͢Δɽ. ͍Δɽ ͔͠͠ɼωοτϫʔΫશମͷ੍‫ޚ‬ΛίϯτϩʔϥΛհ͠ ͯߦ͏ͨΊɼίϯτϩʔϥʹ͸େ͖ͳෛՙ͕͔͔Γɼ͜Ε. 2. OpenFlow SDN ʹ͓͚Δɼ੍‫ޚ‬ϓϨʔϯͱσʔλϓϨʔϯؒͷ௨৴ ͷ࢓༷ΛఆΊͨ୅දతͳϓϩτίϧʹɼOpenFlow ͕͋Δɽ. 1. 2. ઍ༿େֶେֶӃ༥߹Պֶ‫ڀݚ‬Պ Graduate School of Advanced Integration Science, Chiba University ઍ༿େֶ౷߹৘ใηϯλʔ Institute of Management and Information Technologies, Chiba University. c 2017 Information Processing Society of Japan . OpenFlow Ͱ͸ɼσʔλϓϨʔϯΛߏ੒͢Δ OpenFlow ε Πον͸ɼϑϩʔςʔϒϧͱ‫ݺ‬͹ΕΔ໋ྩදΛ࣋ͭɽϑ ϩʔςʔϒϧͷཁૉͰ͋ΔϑϩʔΤϯτϦʹ͸ɼର৅ͱ͢ Δύέοτͷ৚݅ͱɼύέοτͷॲཧํ๏ͷ૊͕֨ೲ͞. 1.

(2) Vol.2017-IOT-39 No.11 Vol.2017-SPT-25 No.11 2017/9/29. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. Ε͍ͯΔɽOpenFlow εΠον͸ύέοτΛड৴͢Δͱɼ. Ξ֎ͷ৘ใʢѼઌϗετͷҐஔͳͲʣ͕ඞཁͳ৔߹ɼଞͷ. ϔομΛղੳ͠ɼϑϩʔςʔϒϧ಺ʹ৚݅Λຬͨ͢ϑϩʔ. ίϯτϩʔϥ΍σʔλϕʔε΁໰߹ͤΔ͜ͱͰɼඞཁͳ৘. ΤϯτϦ͕ଘࡏ͢Δ͔‫͢ࡧݕ‬Δɽ৚݅Λຬͨ͢ϑϩʔΤϯ. ใΛಘΔɽ1 ୆ͷίϯτϩʔϥ͕؅ཧ͢ΔεΠονͷ਺Λ. τϦ͕ଘࡏ͠ͳ͔ͬͨ৔߹ɼॲཧํ๏͕Θ͔Βͳ͍ͨΊɼ. গͳ͘͢Δ͜ͱͰɼίϯτϩʔϥͷ؅ཧ͢Δ‫ن‬໛Λɼੑೳ. ςʔϒϧϛεͱͳΔɽ. ʹԠͨ͡ద੾ͳൣғʹऩΊΔ͜ͱ͕ग़དྷΔɽ ෼ࢄ‫ޚ੍ܕ‬ϓϨʔϯͷߏ੒͸ɼฒྻ‫֊ͱܕ‬૚‫ʹܕ‬େ͖͘ ෼͚ΒΕΔɽ[5] ฒྻ‫Ͱܕ‬͸ɼίϯτϩʔϥͷΠϯελϯε ಉ͕࢜ɼ‫ڠ‬ௐͯ͠ωοτϫʔΫͷ੍‫ޚ‬Λߦ͏ɽฒྻ‫ܕ‬ͷί ϯτϩʔϥߏ੒ͷ୅දతͳ΋ͷͱͯ͠ɼOnix ΍ ONOS [6] ͕‫͛ڍ‬ΒΕΔɽ֊૚‫Ͱܕ‬͸ɼεΠονͱ઀ଓ͢Δ֤ίϯτ ϩʔϥ͕ɼίϯτϩʔϥΛ౷‫ׅ͢‬Δ্Ґͷίϯτϩʔϥ΁ ઀ଓ͢Δߏ੒ΛͱΔɽ ଟ͘ͷ෼ࢄ‫ޚ੍ܕ‬ϓϨʔϯͷఏҊͰ͸ɼͦΕͧΕͷίϯ τϩʔϥ͕؅ཧ͢ΔΤϦΞ͸੩తͰ͋ΓɼՔಇதʹͦͷΤ ϦΞ͸มԽ͠ͳ͍ɽ͔͠͠ɼ࣮ࡍͷωοτϫʔΫΛྲྀΕΔ τϥϑΟοΫͷྔ͸ɼ࣌ؒ΍ۭؒతͳཁҼʹΑͬͯಈతʹ. ਤ 1. OpenFlow ͷҰൠతͳߏ੒. มԽ͢Δɽ[7] ͦͷͨΊɼҰ෦ͷΤϦΞ΁τϥϑΟοΫ͕ ूதͨ͠৔߹ɼͦͷΤϦΞΛ؅ཧ͢Δίϯτϩʔϥʹաෛ. ςʔϒϧϛε͕ൃੜͨ͠ࡍͷσϑΥϧτͷಈ࡞͸ɼOpen-. Flow ͷόʔδϣϯʹΑͬͯҟͳΔɽOpenFlow1.2 ·Ͱ͸ɼ ςʔϒϧϛεΛ‫ͨ͜͠ى‬ύέοτΛ‫ʹج‬ɼPacket In ͱ͍͏ ໰͍߹ΘͤϝοηʔδΛੜ੒͠ɼίϯτϩʔϥʹૹ৴ͨ͠ɽ. ՙ͕͔͔Δ͜ͱ͕ߟ͑ΒΕΔɽ. 4. SDN-DoS ۙ೥ɼSDN ͷߏ੒ཁૉΛඪతͱͨ͠߈ܸʹର͢ΔηΩϡ. ͜Εʹର͠ɼOpenFlow1.3 Ҏ߱Ͱ͸ɼςʔϒϧϛεΛ‫͜ى‬. ϦςΟ͕஫໨͞Ε͍ͯΔɽ[8] ͦͷதͰɼ੍‫ޚ‬ϓϨʔϯʹ. ͨ͠ύέοτ͸ഁ‫͞غ‬ΕΔɽͨͩ͠ɼϦΞΫςΟϒ‫ݺͱܕ‬. ର͢Δ߈ܸख๏ͷ 1 ͭͱͯ͠ɼSDN-DoS ͱ‫ݺ‬͹ΕΔख๏. ͹ΕΔ੍‫Ͱࣜํޚ‬͸ɼίϯτϩʔϥ͕ड͚औͬͨ Packet In. ͕ࢦఠ͞Ε͍ͯΔɽ߈ܸऀ͸ɼର৅ͱͳΔ OpenFlow ε. ʹରԠ͢ΔϑϩʔΤϯτϦΛੜ੒͠ɼ‫ݩ‬ͷεΠονʹର͠. Πονͷϑϩʔςʔϒϧͷ಺༰Λਪଌ͠ɼίϯτϩʔϥ΁. ͯద༻͢Δ͜ͱͰɼಈతʹωοτϫʔΫͷ੍‫ޚ‬Λߦ͏ɽͦ. ͷ Packet In ϝοηʔδͷૹ৴Λ༠ൃͤ͞ΔΑ͏ͳύέο. ͷͨΊɼϦΞΫςΟϒ‫ޚ੍Ͱܕ‬Λߦ͏৔߹ɼ؅ཧऀ͸ಛఆ. τΛେྔʹૹ৴͢Δɽ͜ͷύέοτ͸ίϯτϩʔϥ΁ͷେ. ͷύέοτͷ໰͍߹ΘͤΛίϯτϩʔϥ΁ૹ৴ͤ͞ΔΑ͏. ྔͷ໰߹ͤΛൃੜͤ͞ɼड৴ͨ͠ίϯτϩʔϥͷϦιʔε. ʹઃఆ͢Δඞཁ͕͋Δɽ. ͷ‫ׇރ‬΍ɼԠ౴ͷ஗ԆɼύέοτϩεΛҾ͖‫͢͜ى‬ɽίϯ. 3. ෼ࢄ‫ޚ੍ܕ‬ϓϨʔϯ OpenFlow ͸ίϯτϩʔϥʕεΠονؒͷ࢓༷Ͱ͋Δͨ. τϩʔϥ͕ Packet In ʹରͯ͠Ԡ౴Ͱ͖ͳ͍৔߹ɼωοτ ϫʔΫ಺ͷϑϩʔ͸ਖ਼͍͠Ѽઌ΁ϧʔςΟϯά͞Εͣɼ੍ ‫ࣦ͕ޚ‬ΘΕΔɽ. Ίɼίϯτϩʔϥͷߏ੒ʹ͍ͭͯ͸ܾΊΒΕ͍ͯͳ͍ɽͦ. ϑϩʔΤϯτϦ͸ύέοτͷϔομΛର৅ύέοτΛࢦ. ͷͨΊɼNOX [1] ΍ Trema [2] ͳͲଟ͘ͷίϯτϩʔϥϑ. ఆ͢ΔͨΊͷ৚݅ʹ༻͍ΔͨΊɼ߈ܸύέοτ͸ϔομͷ. ϨʔϜϫʔΫͰ͸ɼ1 ୆ͷίϯτϩʔϥΠϯελϯεʹΑͬ. ஋Λௐઅͨ͠খ͍͞αΠζͷύέοτͱͳΔɽͦͷͨΊɼ. ͯωοτϫʔΫશମͷ੍‫ޚ‬Λߦ͏ઃ‫͍ͯͬͳͱܭ‬Δɽ͔͠. ߈ܸऀ͕े෼ͳྔͷ߈ܸύέοτͷੜ੒ೳྗΛ࣋ͭ৔߹ɼ. ͠ɼ਺ඦ୆ͷαʔόʔ͕૬‫઀ʹޓ‬ଓ͢Δσʔληϯλʔ΍ɼ. OpenFlow εΠονͷύέοτసૹೳྗ͕߈ܸͷ‫ن‬໛ͷ্. ෺ཧతʹ޿ൣғʹ‫ Ϳٴ‬WAN ͷΑ͏ͳɼ‫ن‬໛ͷେ͖͍ωο. ‫ͳͱݶ‬Δɽ঎༻ͷ OpenFlow εΠονͰ͸ɼ100M ύέο. τϫʔΫͷ؅ཧΛ͢Δࡍʹ͸ɼ੍‫ޚ‬ϓϨʔϯͷ෺ཧతͳू. τ/s ͷૹ৴ೳྗΛ࣋ͭ΋ͷ͕͋Γɼத‫ن‬໛Ҏ্ͷσʔλη. ໿͸ੑೳ΍஗Ԇͷ‫͔఺؍‬Β೉͍͠ɽ. ϯλʔ޲͚ͷ੡඼Ͱ͸ɼ1000M ύέοτ/s ͷૹ৴ೳྗΛ࣋. ੍‫ޚ‬ϓϨʔϯͷεέʔϥϏϦςΟΛ޲্ͤ͞ΔͨΊʹɼ ෳ਺ͷίϯτϩʔϥʹΑΔ෼ࢄ‫ޚ੍ܕ‬ϓϨʔϯΛߏ੒͢Δ ख๏͕͍͔ͭ͘ఏҊ͞Ε͍ͯΔɽ[3], [4]. ͭεΠον΋͋Δɽ[9] ‫ط‬ଘͷ‫Ͱڀݚ‬͸ɼOpenFlow ίϯτ ϩʔϥͷ Packet In ϝοηʔδͷॲཧೳྗ͸ɼγϯάϧί ΞͰಈ࡞͢ΔϑϨʔϜϫʔΫͰ͋Δ NOX Ͱ͸ 30K/s [10]ɼ. ͜ΕΒͷख๏Ͱ͸ɼσʔλϓϨʔϯΛෳ਺ͷΤϦΞʹ෼. ϚϧνεϨουʹΑΔύϑΥʔϚϯεͷ޲্Λਤͬͨख๏. ׂ͠ɼ1 ͭͷΤϦΞΛ 1 ୆ͷίϯτϩʔϥ͕؅ཧ͢Δͱ͍. Ͱ͋Δ Maestro Ͱ΋ɼ600K/s ͱͳ͍ͬͯΔɽ[11] ͜ΕΒ. ͏ߏ੒ΛͱΔɽίϯτϩʔϥ͸ࣗ਎͕؅ཧ͢ΔΤϦΞ಺ͷ. ͷ஋͸ɼPacket In Λॲཧ͢Δ੍‫ޚ‬ΞϓϦέʔγϣϯͷ࣮. τϙϩδʔ৘ใΛऩू͠ɼϑϩʔΛ੍‫͢ޚ‬Δɽࣗ਎ͷΤϦ. ૷΍ɼίϯτϩʔϥΛՔಇͤ͞ΔαʔόʔϚγϯͷੑೳʹ. c 2017 Information Processing Society of Japan . 2.

(3) Vol.2017-IOT-39 No.11 Vol.2017-SPT-25 No.11 2017/9/29. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. ΑͬͯมԽ͢Δ͕ɼSDN-DoS ʹΑΔେྔͷ߈ܸύέοτ. ͯɼSDN-DoS ߈ܸʹΑΔύέοτͷॲཧΛશͯͷίϯτ. ͷॲཧ͸ɼ̍୆ͷίϯτϩʔϥͷॲཧೳྗΛ༰қʹ௒͑Δ. ϩʔϥ΁෼ࢄͤ͞Δ͜ͱͰɼ߈ܸͷӨ‫ڹ‬Λ؇࿨͢Δγες. ΋ͷͩͱ‫͑ݴ‬Δɽ. ϜΛఏҊ͢Δɽ͜ͷγεςϜͰ͸ɼεΠονͱίϯτϩʔ. ͜ͷ߈ܸ͕ɼ෼ࢄ‫ܕ‬ͷ੍‫ޚ‬ϓϨʔϯʹΑͬͯ؅ཧ͞ΕΔ. SDN ʹରͯ͠ߦΘΕͨ৔߹ʹ͍ͭͯߟ͑Δɽ߈ܸύέο τ͕ωοτϫʔΫશମͰ‫ۉ‬Ұʹൃੜ͢Δ৔߹ɼ߈ܸʹΑͬ. ϥʹՃ͑ͯΦʔέετϨʔλͱ͍͏‫ثػ‬Λ௥Ճ͢ΔɽΦʔ έετϨʔλ͸͢΂ͯͷίϯτϩʔϥͱ઀ଓΛཱ֬͢Δɽ ʢਤ 2ʣ. ͯൃੜ͢Δॲཧྔ͸ɼ͢΂ͯͷίϯτϩʔϥʹΑͬͯ‫ۉ‬౳ ʹ෼ࢄ͞ΕΔɽ͔͠͠ɼ࣮ࡍʹ͸߈ܸऀ͸ಛఆͷϗετ͔ Β߈ܸΛߦ͏ͨΊɼͦͷϗετ͕઀ଓ͍ͯ͠ΔεΠονʹ ߈ܸύέοτ͕ूத͢Δ͜ͱʹͳΔɽ·ͨɼ֎෦͔Βͷ߈ ܸͷ৔߹΋ɼωοτϫʔΫͷ‫ڥ‬քͱͳΔεΠονʹ߈ܸύ έοτ͕౸ண͢Δ͜ͱʹͳΔɽͦͷͨΊɼ߈ܸʹΑͬͯҾ ͖‫͜͞ى‬ΕΔେྔͷ Packet In ϝοηʔδ͸ɼಛఆͷίϯ τϩʔϥʹूதͯ͠ૹ৴͞ΕΔՄೳੑ͕͋Δɽ͜ͷ৔߹ɼ ߈ܸύέοτͷॲཧ͸Ұ෦ͷίϯτϩʔϥ͚͕ͩߦ͏͜ͱ ʹͳΓɼSDN-DoS ߈ܸ΁ͷ଱‫ྗٱ‬͸গ਺ͷίϯτϩʔϥ ͷॲཧೳྗʹґଘͯ͠͠·͏ɽ ਤ 2 ఏҊख๏ͷߏ੒. 5. ؔ࿈‫ڀݚ‬ ίϯτϩʔϥͷෛՙͷόϥϯεΛऔΔͨΊʹɼ֤ίϯτ. ΦʔέετϨʔλ͸ɼωοτϫʔΫશମͷ৘ใऩूͱɼ. ϩʔϥ͕؅ཧ͢ΔΤϦΞΛಈతʹมߋ͢Δख๏͕ఏҊ͞Ε. ֤ίϯτϩʔϥͷ CPU ࢖༻཰ɼPacket In ϝοηʔδͷ౸. ͍ͯΔɽ[12, 13] ͜ΕΒͷख๏Ͱ͸ɼωοτϫʔΫՔಇ࣌ͷ. ணස౓ͷ‫ࢹ؂‬Λߦ͏ɽωοτϫʔΫ৘ใ͸֤ίϯτϩʔϥ. ෛՙʹ‫͍ͯͮج‬ಈతʹίϯτϩʔϥ͕؅ཧ͢ΔΤϦΞΛม. ͔Βऩू͠ɼίϯτϩʔϥ͸੍‫ޚ‬ͷաఔͰඞཁʹԠͯ͡৘. ߋ͢Δɽ·ͨɼ֤ίϯτϩʔϥͷෛՙΛ‫͠ࢹ؂‬ɼඞཁʹԠ. ใͷཁ‫͕ٻ‬ग़དྷΔɽ·ͨɼ֤ίϯτϩʔϥͷ CPU ࢖༻཰. ͯ͡৽ͨͳίϯτϩʔϥͷ௥Ճ΍ɼ༨෼ͳίϯτϩʔϥͷ. ΍ Packet In Ϩʔτ͸ίϯτϩʔϥຖͷෛՙͷࢦඪͱͯ͠. ࡟আ΋ߦ͏ɽ͜ΕΒͷಈ࡞Λ௨ͯ͡ɼ1 ୆ͷίϯτϩʔϥ. ར༻͢ΔɽCPU ͷ࢖༻཰͕ᮢ஋Λ௒͑ͨ৔߹ɼSDN-DoS. ʹ͔͔ΔෛՙΛɼे෼ͳॲཧೳྗΛ֬อग़དྷΔྔʹ཈͑ɼ. ߈ܸΛड͚͍ͯΔͱ൑அ͠ɼෛՙ෼ࢄϞʔυ΁ͷҠߦΛ. ֤ίϯτϩʔϥͷෛՙΛ‫ۉ‬Ұʹ͢Δ͜ͱΛ໨తͱ͢Δɽ. ର৅ͷίϯτϩʔϥ΁௨஌͢Δɽෛՙ෼ࢄϞʔυͰ͸ɼ߈. ElastiCon ͷΑ͏ͳɼෛՙʹΑͬͯίϯτϩʔϥͷ؅ཧ. ܸͷର৅ͱͳ͍ͬͯΔίϯτϩʔϥ͕ड৴͢Δ Packet In. ΤϦΞΛมߋ͢Δख๏Λ༻͍Δ৔߹ɼ߈ܸΛड͚͍ͯΔί. ϝοηʔδΛɼΦʔέετϨʔλΛ‫ܦ‬༝ͯ͠Քಇதͷଞͷ. ϯτϩʔϥ͕؅ཧ͢ΔεΠονͷ਺Λ‫ݮ‬Β͢͜ͱͰɼෛՙ. ίϯτϩʔϥ΁సૹ͢Δɽ. ͷܰ‫͕ݮ‬ग़དྷΔɽ͔͠͠ɼ؅ཧΤϦΞͷௐ੔͸εΠον୯. ͜ͷγεςϜͰ͸ɼෳ਺୆ͷίϯτϩʔϥʹॲཧΛ෼୲. ҐͷͨΊɼ߈ܸύέοτͷ౸ண͕গ਺ͷεΠονʹूத͠. ͤ͞ɼ߈ܸର৅ͷίϯτϩʔϥ͸ Packet In ͷసૹͱɼॲ. ͍ͯΔ৔߹ɼର৅ͱͳΔεΠονΛ؅ཧ͢Δίϯτϩʔϥ. ཧ݁ՌΛεΠον΁൓өͤ͞Δͱ͍͏୯७ͳಈ࡞ͷΈߦ͏. ʹɼґવͱͯ͠աෛՙ͕ൃੜͯ͠͠·͏ɽ. ͜ͱͰɼΑΓଟ͘ͷύέοτΛॲཧͰ͖ΔΑ͏ʹ͢Δɽ·. OpenFlow ͷ࢓༷Ͱ͸ɼ1 ୆ͷεΠον΁ෳ਺ͷίϯτ. ͨɼϝοηʔδͷ෼഑΍ωοτϫʔΫ৘ใͷಉ‫Ͳͳظ‬ͷ࡞. ϩʔϥ͕઀ଓग़དྷΔ͕ɼPacket In ϝοηʔδ͸ɼεΠον. ‫ۀ‬͸ઐ༻ͷΦʔέετϨʔλ͕୲౰͠ɼෛՙ෼ࢄʹΑͬͯ. ΁ͷϑϧΞΫηε‫ݖ‬Λ࣋ͭશͯͷίϯτϩʔϥ΁సૹ͞Ε. ൃੜ͢ΔॲཧΛɼίϯτϩʔϥͷෛ୲Λܰ‫͢ݮ‬Δɽ͜ΕΒ. ΔɽͦͷͨΊɼ߈ܸύέοτ͸઀ଓ͢Δશͯͷίϯτϩʔ. ͷॲཧͷ෼୲ʹΑͬͯɼSDN-DoS ߈ܸʹΑΔେྔͷϝο. ϥ΁ૹ৴͞Εͯ͠·͏ɽॲཧΛߦ͏ Packet In ϝοηʔδ. ηʔδͷॲཧʹରͯ͠ΑΓଟ͘ͷ‫ࢉܭ‬ϦιʔεΛ֬อ͠ɼ. ΛίϯτϩʔϥؒͰ૬‫ʹޓ‬෼୲͢Δ͜ͱ͕ग़དྷΕ͹ɼ1 ୆. ωοτϫʔΫશମͷ੍‫ޚ‬εϧʔϓοτΛ޲্ͤ͞Δ͜ͱΛ. ͷεΠονʹΑΔෛՙͷ෼ࢄ͕ՄೳͱͳΔ͕ɼͦͷͨΊʹ. ໨ඪͱ͢Δɽ. ͸ॲཧΛߦ͏ϝοηʔδͷௐ੔ΞϧΰϦζϜ΍ɼಉ‫ظ‬ͷͨ ΊͷϝΧχζϜ͕ඞཁͱͳΔɽ͜ΕΒͷॲཧ͸ίϯτϩʔ ϥ΁௥ՃͷෛՙΛ༩͑Δ͜ͱʹͳΔͨΊɼޮՌతͰ͸ͳ͍ɽ. 6. ఏҊख๏ ຊ‫Ͱڀݚ‬͸ෳ਺ͷίϯτϩʔϥʹΑΔ෼ࢄ੍‫ޚ‬Լʹ͓͍. c 2017 Information Processing Society of Japan . 6.1 γεςϜͷಈ࡞ ຊఏҊख๏Ͱ͸ɼՔಇ͍ͯ͠Δίϯτϩʔϥͷෛՙʹ‫ج‬ ͖ͮɼ௨ৗͷ෼ࢄ੍‫ͱޚ‬ෛՙ෼ࢄϞʔυͷͲͪΒ͔Ͱωο τϫʔΫ੍‫ޚ‬Λߦ͏ɽ(ਤ 3) ͜ͷઅͰ͸ɼ௨ৗ੍‫ͱ࣌ޚ‬ෛ ՙ෼ࢄϞʔυ࣌ɼ͓ΑͼͦΕͧΕͷϞʔυ΁ͷҠߦ࣌ͷγ. 3.

(4) Vol.2017-IOT-39 No.11 Vol.2017-SPT-25 No.11 2017/9/29. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. εςϜʹ͍ͭͯɼΦʔέετϨʔλͱ߈ܸର৅ͷίϯτ. ϝοηʔδΛɼΦʔέετϨʔλ΁సૹ͢ΔΑ͏ʹಈ࡞Λ. ϩʔϥɼͦΕҎ֎ͷίϯτϩʔϥ͕ߦ͏ಈ࡞Λղઆ͢Δɽ. มߋ͢Δɽ͜ͷҰ࿈ͷಈ࡞Λऴ͑ΔͱɼγεςϜ͸ෛՙ෼ ࢄϞʔυʹΑΔ੍‫΁ޚ‬Ҡߦ͢Δɽ. 6.1.3 ෛՙ෼ࢄϞʔυ ෛՙ෼ࢄϞʔυͰ͸ɼ߈ܸର৅ίϯτϩʔϥ΁ಧ͘. Packet In ͸͢΂ͯΦʔέετϨʔλ΁సૹ͞ΕΔɽΦʔ έετϨʔλ͸ड৴ͨ͠ Packet In Λɼଞͷίϯτϩʔϥ ΁ॱ൪ʹ෼഑͢Δɽ֤ίϯτϩʔϥ͸ɼPacket In ϝοηʔ δͷ಺༰ͱ߈ܸର৅ΤϦΞͷτϙϩδʔ৘ใʹ‫ॲ͍ͯͮج‬ ਤ 3. ఏҊख๏ͷঢ়ଶભҠ. ཧΛߦ͍ɼFlow Mod ϝοηʔδ (ϑϩʔΤϯτϦͷมߋ໋ ྩ) ͳͲͷग़ྗ͕ଘࡏ͢Δ৔߹ɼͦͷϝοηʔδΛΦʔέ. 6.1.1 ௨ৗ੍‫ޚ‬. ετϨʔλ΁ฦૹ͢ΔɽΦʔέετϨʔλ͸ड৴ͨ͠ग़ྗ. ͜ͷγεςϜͰ͸௨ৗ࣌ɼฒྻ‫ܕ‬ͷ෼ࢄ੍‫ޚ‬ϓϨʔϯʹ. Λ߈ܸର৅ίϯτϩʔϥ΁సૹ͢Δɽ߈ܸର৅ίϯτϩʔ. ΑΔωοτϫʔΫͷ੍‫ޚ‬Λߦ͏ɽ֤ίϯτϩʔϥ͸ɼࣗ਎. ϥ͸ड৴ͨ͠ग़ྗΛղੳ͠ɼຊདྷͷѼઌͱͳΔεΠον΁. ͕؅ཧ͢ΔΤϦΞ಺ͷεΠονͱ઀ଓ͠ɼϦϯΫɼϗετ. ϝοηʔδΛૹ৴͢Δɽ. ౳ͷτϙϩδʔ৘ใΛऩू͢Δɽऩूͨ͠τϙϩδʔ৘ใ. Packet In ϝοηʔδͷதʹ͸ɼΤϦΞ಺ͷϦϯΫ‫ݕ‬ग़. ͸ɼࣗ਎ͷσʔλϕʔε΁อଘ͢Δͱಉ࣌ʹɼΦʔέετ. ͷͨΊͷ LLDP ύέοτ΍ɼϗετ‫ݕ‬ग़ͷͨΊͷ ARP ύ. Ϩʔλ΁సૹ͞ΕΔɽͦͷͨΊɼΦʔέετϨʔλ͸ωο. έοτ͕‫·ؚ‬ΕΔ͜ͱ͕͋Δɽ͜ΕΒͷϝοηʔδʹΑͬ. τϫʔΫશମͷਖ਼֬ͳτϙϩδʔ৘ใΛ࣋ͭɽίϯτϩʔ. ͯ߈ܸର৅ΤϦΞͷωοτϫʔΫ৘ใ͕ߋ৽͞ΕΔ৔߹ɼ. ϥ͕ Packet In ϝοηʔδͷॲཧΛߦ͏աఔͰɼଞͷίϯ. ௨ৗ੍‫ͱ࣌ޚ‬ಉ༷ʹߋ৽৘ใΛΦʔέετϨʔλ΁సૹ͢. τϩʔϥ੍͕‫͢ޚ‬ΔΤϦΞͷ৘ใ͕ඞཁͳ৔߹ɼैདྷͷฒ. ΔɽPacket In ϝοηʔδΛਖ਼֬ʹॲཧ͢ΔͨΊʹ͸ɼ࠷. ྻ‫ޚ੍ܕ‬ͷΑ͏ʹଞͷίϯτϩʔϥ΁৘ใͷཁ‫ٻ‬ϝοηʔ. ৽ͷτϙϩδʔ৘ใ͕‫ٻ‬ΊΒΕΔͨΊɼΦʔέετϨʔλ. δΛૹ৴͢Δ͜ͱ΋Ͱ͖Δ͕ɼ͜ͷख๏Ͱ͸Φʔέετ. ͸ఆ‫ظ‬తʹ֤ίϯτϩʔϥ΁τϙϩδʔ৘ใͷมԽΛ௨஌. Ϩʔλʹ৘ใͷཁ‫ٻ‬Λߦ͏͜ͱ΋ग़དྷΔɽ. ͠ɼߋ৽ΛߦΘͤΔɽ. ·ͨɼΦʔέετϨʔλ͸ఆ‫ظ‬తʹશͯͷίϯτϩʔϥ. ΦʔέετϨʔλ͸ෛՙ෼ࢄϞʔυ࣌΋ɼ֤ίϯτϩʔ. ΁ CPU ࢖༻཰Λ֬ೝ͢ΔϝοηʔδΛૹ৴͠ɼίϯτϩʔ. ϥͷ CPU ࢖༻཰ͱ Packet In ͷස౓ͷ‫ࢹ؂‬Λߦ͏ɽ߈ܸ. ϥͷෛՙঢ়‫گ‬Λ֬ೝ͢ΔɽΦʔέετϨʔλ͸ಉ࣌ʹɼί. ର৅Ҏ֎ͷίϯτϩʔϥͷ CPU ࢖༻཰͕ɼॲཧʹӨ‫ڹ‬Λ. ϯτϩʔϥຖͷ Packet In ϝοηʔδͷ౸ணස౓΋֬ೝ͢. ‫ڪ͢΅ٴ‬Εͷ͋Δ஋ʹͳͬͨ৔߹ɼͦͷίϯτϩʔϥ͸స. Δɽ͜ͷ஋΋ෛՙͷࢦඪͱͯ͠ར༻͢Δ͕ɼPacket In ͷස. ૹઌ͔Βআ֎͠ɼCPU ࢖༻཰ͷ஋Λ‫͢࡯؍‬Δɽ߈ܸର৅. ౓ͱίϯτϩʔϥͷෛՙͷ૬ؔ͸ɼίϯτϩʔϥ಺ͷ੍‫ޚ‬. ίϯτϩʔϥͷ Packet In ϝοηʔδͷड৴ස౓͕ᮢ஋Ҏ. ΞϓϦέʔγϣϯͷ࣮૷ͳͲʹΑͬͯมԽ͢ΔͨΊɼෛՙ. Լ·ͰԼ͕ΔͷΛ֬ೝ͢Δͱɼաෛՙ͕ൃੜ͢Δঢ়ଶ͸ղ. ෼ࢄϞʔυ΁ͷҠߦ൑அʹ͸༻͍ͳ͍ɽಛఆͷίϯτϩʔ. ফ͞Εͨͱ൑அ͠ɼ௨ৗͷ੍‫΁ޚ‬ͷҠߦΛ։࢝͢Δɽ. ϥͷ CPU ࢖༻཰͕ᮢ஋Λ௒͑ͨ৔߹ɼΦʔέετϨʔλ. 6.1.4 ௨ৗ੍‫΁ޚ‬ͷҠߦ. ͸ Packet In ͷूதʹΑΔաෛՙ͕ൃੜͨ͠ͱ൑அ͠ɼෛ. ΦʔέετϨʔλ͕௨ৗ੍‫΁ޚ‬ͷҠߦΛܾఆ͢Δͱɼ࢝. ՙ෼ࢄϞʔυ΁ͷҠߦΛ։࢝͢ΔɽΦʔέετϨʔλ͸͜. Ίʹ߈ܸର৅ίϯτϩʔϥ΁௨஌͕ૹ৴͞ΕΔɽ߈ܸର৅. ͷ࣌఺Ͱͷ Packet In ͷස౓ͷ஋Λอଘ͠ɼ௨ৗ੍‫΁ޚ‬໭. ίϯτϩʔϥ͸௨஌Λड৴͢ΔͱɼPacket In ͷసૹΛࢭ. Δࡍͷᮢ஋ͷઃఆʹར༻͢Δɽ. ΊɼΦʔέετϨʔλ΁సૹऴྃϝοηʔδΛૹ৴͢Δɽ. 6.1.2 ෛՙ෼ࢄϞʔυ΁ͷҠߦ. Ҏ߱͸ɼ߈ܸର৅ίϯτϩʔϥ͕௚઀ Packet In ͷॲཧΛ. ෛՙ෼ࢄϞʔυ΁ͷҠߦ͸ɼΦʔέετϨʔλ͔Βίϯ. ߦ͏ɽΦʔέετϨʔλ͸సૹऴྃϝοηʔδΛड͚औ. τϩʔϥ΁ͷ௨஌ϝοηʔδͷૹ৴ʹΑͬͯ։࢝͞ΕΔɽ. Γɼࣗ਎ͷ Packet In ͷసૹΩϡʔ͕ۭʹͳͬͨ͜ͱΛ֬. ௨஌ͷछྨ͸ɼ߈ܸͷର৅ͱͳ͍ͬͯΔίϯτϩʔϥͱɼ. ೝ͢Δͱɼ֤ίϯτϩʔϥ΁௨ৗϞʔυ΁ͷҠߦΛ௨஌͢. ͦΕҎ֎ͷίϯτϩʔϥͰ۠ผ͞ΕΔɽ߈ܸର৅Ͱ͸ͳ͍. Δɽ֤ίϯτϩʔϥ͸߈ܸର৅ΤϦΞͷ Packet In ཁ‫͕ٻ‬. ίϯτϩʔϥʹ͸ɼ௨஌ϝοηʔδͷૹ৴ͱಉ࣌ʹɼ߈ܸ. ࢒͍ͬͯͳ͍͜ͱΛ֬ೝ͠ɼҠߦ‫ྃ׬‬ϝοηʔδΛฦૹ͢. ͕ൃੜ͍ͯ͠ΔΤϦΞͷτϙϩδʔ৘ใΛૹ৴͢Δɽ͜ͷ. ΔɽΦʔέετϨʔλ͕͢΂ͯͷίϯτϩʔϥ͔ΒҠߦ‫׬‬. ಈ࡞ʹΑͬͯɼશͯͷίϯτϩʔϥ͸߈ܸର৅ΤϦΞͷ. ྃϝοηʔδΛड͚औͬͨ࣌఺Ͱɼ௨ৗϞʔυ΁ͷҠߦ͕. Packet In Λॲཧ͢ΔͨΊʹඞཁͳ৘ใΛɼࣗ਎ͷϝϞϦʹ. ‫ͱͨྃ͠׬‬൑அ͠ɼ֤ίϯτϩʔϥ΁ͷ߈ܸର৅ΤϦΞͷ. ֨ೲ͢Δɽ߈ܸͷର৅ͱͳ͍ͬͯΔίϯτϩʔϥ͸ɼ௨஌. τϙϩδʔߋ৽৘ใͷ௨஌Λऴྃ͢Δɽ. Λड৴͢ΔͱɼͦΕҎ߱εΠον͔Βड৴͢Δ Packet In. c 2017 Information Processing Society of Japan . ίϯτϩʔϥʹ͸߈ܸର৅ΤϦΞͷτϙϩδʔ৘ใ͕. 4.

(5) Vol.2017-IOT-39 No.11 Vol.2017-SPT-25 No.11 2017/9/29. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. อଘ͞Εͨ··͕ͩɼҎ߱ߋ৽͸ߦΘΕͣɼͦͷΤϦΞͷ. ʹର͢ΔԠ౴ͱͯ͠ɼෳ਺ͷ Flow Mod ϝοηʔδͳͲ͕. Packet In ϝοηʔδ΋ಧ͔ͳ͍ͨΊɼλΠϜΞ΢τͳͲ. ੜ੒͞ΕΔ͜ͱ͕ߟ͑ΒΕΔɽ·ͨɼԠ౴ϝοηʔδΛϒ. ʹΑͬͯফ໓͢Δɽͨͩ͠ɼ੍‫ޚ‬ΞϓϦέʔγϣϯͷ࣮૷. ϩʔυΩϟετ͢Δඞཁ͕͋Δ৔߹ɼͦͷϝοηʔδ͸߈. ʹΑͬͯ͸ɼ੍‫ޚ‬ͷաఔͰ߈ܸର৅ΤϦΞͷ‫͍ݹ‬ϗετ৘. ܸର৅ΤϦΞͷ͢΂ͯͷεΠονʹରͯ͠‫ݸ‬ผʹૹ৴͢. ใΛࢀরͯ͠͠·͏Մೳੑ΋͋Δɽ͜ͷΑ͏ͳ৔߹ͷͨΊ. Δඞཁ͕͋Δɽෳ਺ͷԠ౴ύέοτΛ߈ܸର৅ίϯτϩʔ. ʹɼΦʔέετϨʔλ͸௨ৗ੍‫΁ޚ‬ͷҠߦ࣌ʹɼϗετ৘. ϥ͕ஞҰड৴͠ɼղੳ͢Δ͜ͱ͸ෛՙͷ‫ݪ‬ҼͱͳΔͨΊɼ. ใ΍ϦϯΫ৘ใͳͲΛߋ৽͠ɼ໌ࣔతʹফ໓ͤ͞Δ͜ͱ΋. Ԡ౴ϝοηʔδͷΧϓηϧԽͳͲʹΑΔରࡦ͕ߟ͑ΒΕ. ग़དྷΔɽ. ΔɽϒϩʔυΩϟετͷ৔߹ɼѼઌϒϩʔυΩϟετͰ͋. 7. ߟ࡯. Δ͜ͱΛࣔ͢ϔομΛɼૹ৴͢Δϝοηʔδʹ෇༩ͯ͠ग़ ྗ͢Δ͜ͱͰɼ߈ܸର৅ίϯτϩʔϥ͕ड͚औΔσʔλ. લষͰ͸ɼैདྷͷฒྻ‫ܕ‬෼ࢄ੍‫ޚ‬ϓϨʔϯͷߏ੒ʹ৽ͨ. ྔΛ‫ݮ‬Β͢͜ͱ͕ग़དྷΔɽ·ͨɼෳ਺ͷѼઌʹର͢Δ‫ݸ‬ผ. ʹΦʔέετϨʔλΛ௥Ճ͠ɼෛՙ෼ࢄΛߦ͏γεςϜΛ. ͷԠ౴ϝοηʔδ͕ग़ྗ͞ΕΔ৔߹ɼϔομʹѼઌͱͳ. ఏҊͨ͠ɽ͜ͷষͰ͸ෛՙ෼ࢄϞʔυͱैདྷͷ੍‫ޚ‬Λൺֱ. Δ datapath Id ͱɼϝοηʔδ௕ͷ૊Λྻ‫͠ڍ‬ɼԠ౴ϝο. ͠ɼఏҊख๏͕ੑೳʹରͯ͠༩͑ΔӨ‫͢࡯ߟ͍ͯͭʹڹ‬Δɽ. ηʔδΛ࿈݁ͤ͞Δ౳ͷରॲΛߦ͏͜ͱͰɼ߈ܸର৅ίϯ. ஗Ԇɿෛՙ෼ࢄϞʔυͰ͸ɼ߈ܸର৅ίϯτϩʔϥ͕ड ৴ͨ͠ Packet In ϝοηʔδΛɼΦʔέετϨʔλΛհ͠. τϩʔϥଆͷॲཧΛܰ‫͢ݮ‬Δɽ ίϯτϩʔϥ͸ࣗ਎͕୲౰͢ΔΤϦΞͷ੍‫ޚ‬Λߦ͍ͳ͕. ͯଞίϯτϩʔϥ΁సૹ͠ɼॲཧΛߦΘͤΔɽͦͷͨΊɼ. Βɼ߈ܸର৅ΤϦΞͷ Packet In ͷॲཧΛߦ͏ͨΊɼ୲౰. ैདྷͷ੍‫ͱޚ‬ൺֱͯ͠ɼ௥ՃͰ 4 ϗοϓ෼ͷసૹ͕ൃੜ͢. ΤϦΞͷτϥϑΟοΫྔʹΑͬͯɼίϯτϩʔϥؒͰෛՙ. Δɽ͜ΕʹΑΓɼఏҊख๏Ͱ͸εϧʔϓοτͷ޲্ͱͷτ. ͕ภΔ͜ͱ͕͋Δɽ͜ͷ৔߹ɼΦʔέετϨʔλ͕֤ίϯ. ϨʔυΦϑͱͯ͠ɼ௥ՃͷϨΠςϯγ͕ՃΘΔɽ·ͨɼ؅. τϩʔϥͷෛՙͷ‫؍‬ଌΛ‫ʹج‬ɼ෼഑ͷൺ཰Λௐ੔͢Δ͜ͱ. ཧ͢ΔωοτϫʔΫ͕஍ཧతʹ޿ൣғʹ෼ࢄ͍ͯ͠Δ৔. ʹΑΔରॲ͕ߟ͑ΒΕΔɽ. ߹ɼίϯτϩʔϥؒͷ‫ʹ཭ڑ‬ΑΔ஗Ԇ΋ൃੜ͢Δɽͦͷͨ. ·ͨɼෛՙ෼ࢄϞʔυதʹɼ߈ܸର৅ͷίϯτϩʔϥͷ. Ίɼ஍ཧతʹ͍ۙίϯτϩʔϥͷूஂຖʹ 1 ୆ͷΦʔέε. ॲཧੑೳʹ༨༟͕͋Δ৔߹ɼPacket In ϝοηʔδͷҰ෦. τϨʔλΛઃஔ͠ɼෛՙ෼ࢄΛͦͷίϯτϩʔϥूஂͷΈ. Λ߈ܸର৅ίϯτϩʔϥ͕௚઀ॲཧΛߦ͏͜ͱͰɼΑΓ. Ͱߦ͏ͳͲͷରࡦ͕ߟ͑ΒΕΔɽ͜ͷ৔߹ɼ֤Φʔέετ. εϧʔϓοτͷ޲্͕‫·ࠐݟ‬ΕΔɽͨͩ͠ɼॲཧΛߦ͏. ϨʔλΛωοτϫʔΫશମͷτϙϩδʔ৘ใͷ෼ࢄσʔλ. Packet In ͷϨʔτΛաෛՙΛ༩͑ͳ͍ఔ౓ʹௐ੔͠ͳ͚. ϕʔεͱͯ͠ར༻͢Δ͜ͱ΋ग़དྷΔɽେ‫ن‬໛ͳωοτϫʔ. Ε͹ͳΒͳ͍ͨΊɼࣄલͷςετ΍Քಇ࣌ͷύϥϝʔλͷ. Ϋͷτϙϩδʔ৘ใͷอଘ͸େྔͷ‫ه‬ԱҬΛফඅ͢Δͨ. ਪҠ͔ΒɼPacket In ͷॲཧྔͱෛՙͷ૬ؔΛ‫͓ͯ͠ࢉܭ‬. ΊɼΦʔέετϨʔλ͕৘ใͷू໿Λߦ͍ɼίϯτϩʔϥ. ͘͜ͱ͕‫ٻ‬ΊΒΕΔɽ. ͸ඞཁ࠷খ‫ݶ‬ͷ৘ใ͚ͩΛอ࣋͠ɼΦʔέετϨʔλΛհ ͯ͠ඞཁͳ৘ใΛऔಘ͢Δɽ. ෳ਺ͷΤϦΞͰաෛՙ͕ൃੜͨ͠৔߹ɼ͜ΕΒͷॲཧΛ શͯͷίϯτϩʔϥͰ෼഑͢Δͱɼ֤ίϯτϩʔϥ͕อ࣋. ৘ใͷಉ‫ظ‬ɿैདྷͷ੍‫Ͱޚ‬͸ɼίϯτϩʔϥ͸ࣗ਎͕؅. ͢Δτϙϩδʔ৘ใͷαΠζ͕େ͖͘ͳͬͯ͠·͏ɽ·. ཧ͢ΔΤϦΞͷ৘ใΛऩू͠ɼࣗ਎ͷΤϦΞͷϑϩʔΛ੍. ͨɼτϙϩδʔ৘ใͷߋ৽ස౓΋૿͑ͯ͠·͏ͨΊɼෛՙ. ‫ͨ͠ޚ‬ɽ͔͠͠ɼಛఆͷΤϦΞͷ Packet In ͷॲཧΛෳ਺. ͕େ͖͘ͳͬͯ͠·͏‫ڪ‬Ε͕͋Δɽ͜ͷ৔߹ɼաෛՙ͕ൃ. ͷίϯτϩʔϥʹ෼ࢄͤ͞Δ౎߹্ɼ෼୲Λߦ͏ίϯτ. ੜ͍ͯ͠ΔίϯτϩʔϥຖʹɼసૹઌͱͳΔίϯτϩʔϥ. ϩʔϥؒͰ߈ܸର৅ΤϦΞͷτϙϩδʔ৘ใͷಉ‫ظ‬Λߦ͏. άϧʔϓΛ‫ݸ‬ผʹઃఆ͢Δ͜ͱͰɼ֤ίϯτϩʔϥ͕อ࣋. ͜ͱ͕‫ٻ‬ΊΒΕΔɽ͜ͷλΠϛϯάͷͣΕʹΑͬͯɼಉ͡. ͢ΔωοτϫʔΫ৘ใͷྔΛ཈͑Δ͜ͱ͕ग़དྷΔɽ. Packet In ϝοηʔδʹର͢Δग़ྗ͕ίϯτϩʔϥؒͰҟ. ଞͷख๏ͱͷซ༻ɿఏҊख๏Ͱ͸σʔλϓϨʔϯͷ֦ு. ͳΔ΋ͷʹͳΔ͜ͱ͕͋Δɽྫͱͯ͠ɼϗετ৘ใͷಉ‫ظ‬. ΛߦΘͳ͍ͨΊɼσʔλϓϨʔϯଆͰͷ SDN-DoS ʹର͢. ͣΕʹΑͬͯɼѼઌ͕ෆ໌Ͱ͋ͬͨΓɼ‫͍ݹ‬Ґஔ৘ใΛ‫ج‬. ΔϑΟϧλϦϯάͳͲͷରࡦख๏ͱซ༻͢Δ͜ͱ͕ग़དྷ. ʹ‫ܦ‬࿏બ୒Λ͢Δ౳͕ߟ͑ΒΕΔɽ͜ͷ৔߹ɼෆద੾ͳ੍. Δɽ·ͨɼఏҊγεςϜͷߏ੒͸ɼ֊૚‫ܕ‬ͷ෼ࢄ੍‫ࣜํޚ‬. ‫ߦ͕ޚ‬ΘΕͯ͠·͍ɼ௨৴ͷΤϥʔ΍ɼϗετͷҐஔ֬ೝ. ͷߏ੒ʹ͍ۙɽͦͷͨΊɼ֊૚‫্͍͓ͯʹܕ‬Ґίϯτϩʔ. ͷͨΊͷ ARP ϦΫΤετͷΑ͏ͳෆཁͳग़ྗ͕ൃੜ͢Δ. ϥͰߦΘΕ͍ͯͨॲཧͷҰ෦ΛΦʔέετϨʔλ͕ߦ͏͜. ͜ͱʹͳΔɽͨͩ͠ɼ͜ͷ৔߹͸ଈ࠲ʹ࠶ཁ‫ٻ‬΍ ARP Ϧ. ͱͰɼ֊૚‫ܕ‬ͷ෼ࢄ੍‫ޚ‬ͷར఺ΛಘΔ͜ͱ΋ग़དྷΔɽྫͱ. ϓϥΠ͕ฦͬͯ͘Δͱߟ͑ΒΕΔͨΊɼͦͷ࣌఺Ͱτϙϩ. ͯ͠ɼωοτϫʔΫશମͷ৘ใΛ‫͢ࢉܭʹج‬Δ੍‫ޚ‬ϧʔν. δʔ৘ใͷಉ‫͍ͯྃ͠׬͕ظ‬Ε͹ɼվΊͯਖ਼੍͍͠‫ߦ͕ޚ‬. ϯΛɼΦʔέετϨʔλ্Ͱߦ͏Α͏ʹఆٛ͢Δ͜ͱͰɼ. ΘΕΔɽ. ίϯτϩʔϥ͕ߦ͏ॲཧΛܰ‫͢ݮ‬Δ͜ͱ͕Ͱ͖Δͱߟ͑Β. ෛՙɿ੍‫ޚ‬ΞϓϦέʔγϣϯͷ࣮૷ʹΑͬͯ͸ɼPacket In. c 2017 Information Processing Society of Japan . ΕΔɽ. 5.

(6) Vol.2017-IOT-39 No.11 Vol.2017-SPT-25 No.11 2017/9/29. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. ͜ͷख๏͸ɼSDN-DoS ߈ܸͷΑ͏ͳҰఆͷ‫ؒظ‬աෛՙ ͕‫ܧ‬ଓ͢Δঢ়‫گ‬Λ૝ఆͨ͠΋ͷ͕ͩɼෛՙͷ‫ܭ‬ଌख๏ʹ Αͬͯ͸ɼτϥϑΟοΫͷॠؒతͳ‫ʹ૿ٸ‬൓Ԡͯ͠͠·͏ Մೳੑ͕͋Δɽ·ͨɼ֤ίϯτϩʔϥͷ੍‫ޚ‬ΤϦΞ಺ͷτ. [4]. ϥϑΟοΫྔʹภΓ͕͋Δ৔߹ɼෛՙ෼ࢄϞʔυ࣌ʹίϯ τϩʔϥؒͰෛՙͷෆ‫ൃ͕ߧۉ‬ੜ͢ΔՄೳੑ͕͋Δɽͦͷ ͨΊɼElastiCon ͷΑ͏ͳಈతʹίϯτϩʔϥͷ੍‫ޚ‬ΤϦ. [5]. ΞΛௐ੔͢Δख๏ͱ૊Έ߹ΘͤΔ͜ͱ͕ߟ͑ΒΕΔɽΦʔ έετϨʔλʹ֤ίϯτϩʔϥͷ੍‫ޚ‬ΤϦΞͷௐ੔Λߦ͏ ‫ػ‬ೳΛ࣮૷͠ɼ௨ৗ੍‫࣌ޚ‬ͷ֤ίϯτϩʔϥͷෛՙΛͳΔ. [6]. ΂͘‫ۉ‬Ұʹอͭ͜ͱͰɼΑΓෛՙ෼ࢄϞʔυͷॲཧೳྗΛ ޲্ͤ͞Δ͜ͱ͕ग़དྷΔɽ. 8. ࠓ‫ޙ‬ͷ՝୊. [7]. ຊ࿦จͰ͸ɼෳ਺ͷίϯτϩʔϥʹΑΔ෼ࢄ੍‫ߦ͕ޚ‬Θ ΕΔ SDN ‫Ͱڥ؀‬ɼίϯτϩʔϥΛඪతͱͨ͠ SDN-DoS ʹ ରॲ͢ΔͨΊͷɼίϯτϩʔϥؒͷෛՙ෼ࢄγεςϜΛఏ. [8]. Ҋͨ͠ɽSDN-DoS Ͱ͸ɼগ਺ͷεΠον͔Βίϯτϩʔ ϥ΁ͷେྔͷॲཧཁ‫ൃ͕ٻ‬ੜ͢ΔͨΊɼΦʔέετϨʔλ. [9]. ͕ίϯτϩʔϥͷෛՙΛ‫ܸ߈ͯ͠ࢹ؂‬ͷൃੜΛ‫ݕ‬஌͠ɼ߈ ܸʹΑͬͯൃੜ͢Δ੍‫ޚ‬ϝοηʔδΛશίϯτϩʔϥ΁෼. [10]. ࢄͤ͞Δ͜ͱͰ‫ࢉܭ‬ϦιʔεΛ૿Ճͤ͞ɼ߈ܸʹର͢Δ੍ ‫ޚ‬εϧʔϓοτΛ޲্ͤͨ͞ɽ ͜ ͷ γ ε ς Ϝ ͷ ੑ ೳ ͸ ɼί ϯ τ ϩ ʔ ϥ ͷ ਺ ΍ ੑ ೳ ɼ. [11]. Packet In ϝοηʔδͷ౸ணϨʔτɼ͓Αͼ੍‫ޚ‬ΞϓϦ έʔγϣϯ͕̍ͭͷ Packet In ͷॲཧʹཁ͢Δ࣌ؒ౳ͷঢ়. [12]. ଶʹΑͬͯมԽ͢Δͱߟ͑ΒΕΔɽෛՙ෼ࢄ͸Քಇ͍ͯ͠ Δίϯτϩʔϥͷ਺͕ଟ͍΄ͲޮՌతͰ͋Δͱߟ͑ΒΕ ΔͨΊɼίϯτϩʔϥ਺ͱ Packet In ͷϨʔτͷӨ‫ͭʹڹ‬ ͍ͯධՁΛߦ͍ͬͯ͘ɽ·ͨɼ͜ͷख๏͸εϧʔϓοτΛ ޲্ͤ͞Δ͜ͱ͕໨త͕ͩɼసૹʹΑΔϨΠςϯγ΍Φʔ όʔϔου΋ൃੜ͢ΔͨΊɼ௨ৗͷ੍‫ͱޚ‬ൺֱͨ͠ࡍʹ͜ ΕΒͷཁૉ͕ͲΕ΄ͲӨ‫ڹ‬Λ༩͑Δ͔Λ֬ೝ͢Δɽ. [13]. Control Platform for Large-scale Production Networks, Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, pp. 351–364 (2010). Tootoonchian, A. and Ganjali, Y.: HyperFlow: A Distributed Control Plane for OpenFlow, Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking, pp. 3–3 (2010). Karakus, M. and Durresi, A.: A survey: Control plane scalability issues and approaches in Software-Defined Networking (SDN), Computer Networks, Vol. 112, pp. 279 – 293 (2017). Berde, P., Gerola, M., Hart, J., Higuchi, Y., Kobayashi, M., Koide, T., Lantz, B., O’Connor, B., Radoslavov, P., Snow, W. and Parulkar, G.: ONOS: Towards an Open, Distributed SDN OS, Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, HotSDN ’14, New York, NY, USA, ACM, pp. 1–6 (2014). Benson, T., Akella, A. and Maltz, D. A.: Network Traffic Characteristics of Data Centers in the Wild, Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, pp. 267–280 (2010). Li, W., Meng, W. and Kwok, L. F.: A Survey on OpenFlow-based Software Defined Networks, J. Netw. Comput. Appl., Vol. 68, No. C, pp. 126–139 (2016). : ੡඼࢓༷: SDN ରԠ੡඼ɹ UNIVERGE PF γϦʔζ — NECɼhttp://jpn.nec.com/univerge/pflow/spec_ pfs.html. Tavakoli, A., Casado, M., Koponen, T. and Shenker, S.: Applying NOX to the Datacenter, Proc. of workshop on Hot Topics in Networks (HotNets-VIII) (2009). Cai, Z., Cox, A. L. and Ng, T. S. E.: Maestro: A System for Scalable OpenFlow Control, Technical report, Rice University (2011). Dixit, A., Hao, F., Mukherjee, S., Lakshman, T. V. and Kompella, R. R.: ElastiCon; an elastic distributed SDN controller, 2014 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 17–27 (2014). Bari, M. F., Roy, A. R., Chowdhury, S. R., Zhang, Q., Zhani, M. F., Ahmed, R. and Boutaba, R.: Dynamic Controller Provisioning in Software Defined Networks, Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013), pp. 18– 25 (2013).. ·ͨɼΦʔέετϨʔλʹΑΔసૹઌίϯτϩʔϥͷά ϧʔϓԽ΍ɼϞʔυҠߦͷͨΊͷ࠷దͳᮢ஋Λಈతʹ‫ݕ‬ग़ ͢Δख๏ͷಋೖͳͲɼΑΓ࠷దͳγεςϜͷ࢓༷Λ‫ݕ‬౼͢ Δɽࠓ‫ޙ‬͸ɼଞͷ SDN-DoS ରࡦ΍εέʔϥϏϦςΟΛ޲ ্ͤ͞Δख๏Λࢀߟʹ͠ɼSDN-DoS ΁ͷߴ͍଱‫ٱ‬ੑΛ࣋ͬ ͨแ‫ׅ‬తͳ SDN ΞʔΩςΫνϟͷ‫ݕ‬౼Λߦ͍ͬͯ͘ɽ ࢀߟจ‫ݙ‬ [1]. [2] [3]. Gude, N., Koponen, T., Pettit, J., Pfaff, B., Casado, M., McKeown, N. and Shenker, S.: NOX: Towards an Operating System for Networks, SIGCOMM Comput. Commun. Rev., Vol. 38, No. 3, pp. 105–110 (2008). : Trema - GitHub Pages, http://trema.github.io/ trema/. Koponen, T., Casado, M., Gude, N., Stribling, J., Poutievski, L., Zhu, M., Ramanathan, R., Iwata, Y., Inoue, H., Hama, T. and Shenker, S.: Onix: A Distributed. c 2017 Information Processing Society of Japan . 6.

(7)