At the beginning of the Internet architecture design,no consideration was given to the trusted validation of the source address in IP packets,which gradually became a security risk in the subsequent development of the network.Source address validation technologies are constantly updated.In recent years,the industry has proposed a distributed source address validation mechanism based on the routing protocol to extend the notification message and generate an independent source address validation table.However,it is limited by the problems of asymmetric routing,device heterogeneity,and local upgrades.At the same time,it lacks visualization and capability openness.Combined with the actual situation of carrier networks,the article proposes a network controller-based source address validation capability enhancement scheme.It is designed to adaptively improve the accuracy of source address validation within and between inter-domain and intra-domains and strengthen the perception,detection,and analysis network capabilities.The article firstly outlines the technical system and development history of source address validation,secondly analyses the deployment situation and capability requirements of source address validation technology in carrier networks,then describes the system architecture and key technologies of the proposed scheme,and finally gives an outlook on the future development of source address validation technology to provide direction suggestions for building a more secure and efficient next-generation network architecture.
维普
万方数据