An Open Task Control Model for Quality of Service Adaptation

SDN and traditional network the main difference lies in their different network architectures.In traditional network architecture diagram, the most important thing is to control layer and data layer separation. Each level has different tasks, layer with layer provides the data forwarding, routing functions. Here, the control layer is responsible for the equipment configuration of the routing and data flow procedures. When you manage a switch, you are actually in the deal and switches control layer. Like a routing table, spanning tree protocol and all these things are calculated by the control layer. These tables built from such as BPDU (bridge protocol data unit, used to run the STP switches to exchange information between true), the Hello message such as frame relay, according to these newsframe, switches to determine the available forward path. Once the packet forwarding path, the path information will be sent to the data layer down, usually stored on hardware. Data level usually choose the latest by the control level for message forwarding path information transmission to come over. This model is very efficient in traditionally, the decision-making process of hardware is very fast, the overall delay controllable and control plane can handle heavy configuration requirements.There are no problems with this approach, we focus on scalability. In order to prove the scalability problem, with our quality of service (QoS) as an example. QoS allowed according to the characteristics of the frame, according to the requirements of the scheduling, priority forward specific data frames. This to some extent reduced the specific traffic congestion in the network data transmission delay. Delay-sensitive, for example, voice and video traffic is classified as high priority and forwarded to ensure that the user experience. Traffic priority is usually based on the level of service (CoS) of a data frame or distinguish service code point (DSCP) tag. The frame must be unified in the data frame into the network, then the corresponding rules must also be set in the network, the demand in the traditional multiple exchange network becomes awkward, because each device needs to have the same configuration information.To illustrate the current network management challenges, we consider that each port on each device node in the network, the administrator needs to beconfigured individually, such work is very time-consuming and error-prone and awkward.In addition, in the data classification and appropriate routing network challenges still exist. For example, now we have two kinds of completely different data traffic, is a kind of iSCSI traffic, is a kind of voice traffic. ISCSI as the storage flow, usually packets are full size, and sometimes there will be a huge data frames; While voice traffic is usually in a small packet transmission. In addition, there are different two kinds of traffic transport demand: voice traffic is sensitive to delay, this is to ensure the quality of voice communication, the iSCSI is sensitive to low latency, but need more bandwidth. Almost without any tools in the traditional networks can differentiate between the two kinds of flow path and choose different depending on the type of traffic data to meet the specific needs of two kinds of traffic. Is SDN hope to solve all these problems.1. SDN architectureAccording to the definition of ONF, SDN is divided into infrastructure layer, control layer and application layer, as shown in figure 1. Virtualization in infrastructure and control layer on two levels, the equipment level of virtualization, such as a physical support multiple logical switch; Which realizes the network level virtualization, first is SDN controller will of the entire network as a logical super switches on management control, the second will be the physical resources further according to the port, the media access control (MAC) address,IP address and other information is divided into multiple virtual network in accordance with traditional practice in the field of communication, in the architecture diagram below for south, above for the north, so the interface between infrastructure and forward layer called south interface. ONF standardized is OpenFlow protocol, the Internet engineering task force (IETF) routing system interface (rs) protocol is being worked out. Control layer and application layer called north to interfaces, the interfaces between the industry mainstream implementation is based on the hypertext transfer protocol (HTTP) RESTful interface, the concrete programming interface differ according to the different application scenarios.Figure 1 SDN layered architecture enlarge imagesIn a more generalized SDN architecture, control layer and business choreography layer, the main resources of SDN domain between the unity of theunified management, SDN network and other resources scheduling, such as 0 penstack + SDN data center solutions.Unified dispatching calculation, network and storage resources, it is equivalent to the business choreography layer of SDN. Standing in the point of view of SDN, how control layer is divided into the concrete behavior of vendor application solutions, implementation, as the transmission control protocol, network protocol (TCP/IP) don't care about the application layer further layered design, referred to as the application layer. Standing in the whole network architecture level SDN, industry exist different opinions:(1) SDN only regional network renovation, to SDN control domain as a super equipment. SDN transverse interface does not change the original network, border gateway protocol (BGP)/multi-protocol label switching (MPLS) is still valid.(2) SDN control field definition specifically/enhanced SDN east-west between interfaces, SDN as the entire network control plane.The author believes that the first scheme is more realistic, conducive to the smooth evolution of the network. The second solution of east-west interface can either through the expansion of existing BGP, MPLS protocol implementation, or can be realized through the north to the interface in the aspect of business choreography, if you want to define more specialized SDN east-west interface,although it is possible to enhance the ability of the whole network, but also increase the difficulty for deployment, the industry is under exploration.2. The ZENIC architecture and key technology to realize control surfaces Implementation is based on the existing open source from academia SDN controller OpenFlow agreement, the forward model is also bound to a specific OpenFlow protocol version ". For the commercial system, must consider the entire product life cycle agreement the compatibility of the interface, consider the difference of different application scenarios and more manufacturers, the difference of multi-protocol interface, therefore SDN control surfaces must be set a compatible version OpenFlow, a variety of forward control protocol and the different ability of abstraction, we call forwarding abstraction layer (FAL), on top of this for the network operating system (NOS) core and the application layer provides the interface is independent of the specific agreement and the ability of hardware. In OpenDaylight, this level is called a business abstraction layer (SAL) ". This paper implemented a SDN controller - ZENIC, its architecture is shown in figure 2. Figure 2 top-down mainly includes protocol stack, driving and forward abstraction layer, NOS kernel and application layer.Figure 2 ZENIC architecture enlarge images2.1 forward abstraction layer and drive layerForward forward abstraction layer defines a unified control interface, including the abstract forwarding state below, turning ability, hardware resources, published, read/operation such as statistics, equivalent to drive the base class. Forward abstraction layer also forward management face driver instance, according to the forwarding plane when access to the basic ability to negotiate the different instances of drive, will forward the control connection is bound to the corresponding driver instance.Each specific device driver implementation forward abstraction layer interface, complete different interface protocols and hardware ability to forward theunification of the abstraction layer adaptation. From the point of view of control surface and the upper applications, FAL transmit manipulation interface provides a unified, but due to the forwarding the capacity difference is bigger, the application for forwarding the operation there is the possibility of failure, therefore FAL need to provide application forward interface surface abilityget/negotiation. ZENIC is implemented for OpenFlow1.1 adaptive negotiation /1.2/1.3.2.2 the network operating system kernel layerNOS kernel layer is the management of the network, the system resources, including topology management, host, interfaces, resource management, publication management, and manage the physical topology, virtual topology, turn in a network of information database, etc. In general, the kernel layer, there is no default forward network logic to handle, but to preserve the accurate network topology, the resources status and storage, synthesis of the published, accept the application for subscription and applications of network, resource state for network resources, forward logical operation.Topology management, the implementation of the current can be implemented based on standardization of OpenFlow cycle distributed across the link detection is based on controller message, Ethernet is generally based on link layer discovery protocol (LLDP) implementation. Forward this implementation has the advantage of surface completely without perception, the disadvantage is thatmore link and shorter test timer, controller of high overhead. Another way is to have the forwarding plane maintenance link test timer, to detect, report will state that the implementation has the advantage of control surface overhead is small, the disadvantage is that need to be forwarded surface have certain default logic. The kernel layer is not only to maintain the network nodes, topology status, but also need to collect the basic host location, status, which can be applied to provide a complete network view, further make forwarding, business decisions. Network virtualization should be built-in support for SDN controller. Should be built-in support for virtualization. Virtualization is the forwarding plane resources first division and isolation, such as according to the ports, logic, the host MAC address and IP address section for the division of the virtual network, the second is the virtual topology for customer/application permissions management. OpenFlow flow table model as well as for switches, flattening management unified view has brought about many problems, including switching hardware complexity, not flexible, host, and to be tightly coupled. "in the ZENIC system, inline network management as one of the kernel services, decoupling access networks and the Internet. The kernel management of Internet network encapsulation format, upper application need only decision SDN control domain two access port position and strategy. The kernel to calculate the completeend-to-end path, and then forwarding decision by access side is mapped to the interconnection network path packaging labels. ZENIC supports a variety ofInternet encapsulation format, including MPLS, virtual local area network (VLAN), etc., the next step is to support the virtual local area network (LAN) extension (VXLAN)/generic routing encapsulation protocol (GRE). This mode of access to the Internet, the application of completely without awareness, focusing on the host access side strategy. At the same time within the network management itself also can open interface, support custom routing algorithm and strategy.2.3 north to application programming interfaceNorth to application programming interface (API) in the different application requirements in the scene is different, also have to the requirement of packaging. If the network ability of atom exposed to the application, it is possible to form a unified API, but due to lack of encapsulation and ease of use, application programming, implementation complexity is higher. Such as manufacturers realize the equipment level of open API up to more than 700, covering almost all protocols and equipment features, but for SDN, there will be at least two types of applications, different requirements:(1) professional network applicationsCustomized specification is high, need more details of the API, to the operation of the underlying network control ability is strong, such as routing protocols, custom tailored development intensification of traffic scheduling.(2) the common applicationThe network as a service, just request network to provide service for application, don't care about the network details.In the latter case, north to interface to encapsulate A few best model and interactive service interface is simple, and easy to understand, such as to create A network request from switches A port to the switch port 2 B A l lGb/s bandwidth guarantee access, rather than by the application turns published and distributed to the path switches individually corresponding queue configuration parameters. There is a north to the ideas of the interface is defined by the application itself to the demand of the network and operation interface, network vendors plugin to realize the application of network interface. Typically it is Quantum components, it defines the network API, provided by the various manufacturers Quantum plug-in - to control In own SDN controller or network devices. This architecture is equivalent to the SDN north interface standardization work up to the application, network adapter application requirements.Both advantages and disadvantages of each train of thought in north interface defined by SDN is idealized, trying to solve all problems, but it's not possible for the network to understand the application requirements, standardization of advancing the work is relatively difficult, but also it is difficult to guarantee ease of use; Application driven model facilitates the SDN landing, but exchange between applications and multivendor network to a greater cost. ZENIC providesbasic fine granularity of the underlying API, while providing encapsulation of API, virtual network has provided it is Quantum plug-in - In access to it.2.4 distributed processing algorithmThe distributed architecture of control surfaces and SDN separation architecture brought forward control state synchronization overhead, accurate SDN global view can ensure the accuracy and real time of decision, for a applications such as load balancing can improve resource utilization, but need more frequent information synchronization, which greatly reduces the performance of the system. Starting from the design USES two kinds of methods: controller is distributed as far as possible reduce the message copy; Control forwarding state synchronization between configured by the user according to the demand, necessary and sufficient condition only copy.Traditional cluster network system control surface is basically based on the distributed processing process, such as different business process distribution on different cpus, but a kind of process is still a single instance or a few instances, the parallelism is limited. In a single business process under the condition of sudden load, such as autonomous domain the way by adjusting the border gateway protocol (BGP) process is the "bottleneck". For SDN, as a result of the control network could be far higher than that of the cluster router, node number of the control surface of abortion is more demanding, so this method is the "bottleneck" is not feasible.Distributed hash table (DHT) algorithm provides a scalable distributed data storage/routing algorithm. For the traditional application of unstable network Log2 (N) to find the complexity of the algorithm, the data center, telecommunications network applications, the industry a variety of enhanced one hop algorithm is proposed, based in part on a single hop DHT enhanced structured query language (SQL) No - open source systems have also been through commercial test, including the chateau marmont, Cassandra, etc., the first open distributed algorithm adopts DHT SDN controller is onix feeds, OpenDaylight project in the near future are also mentioned by Cassandra as the underlying distributed database system. The author's team also realized the improved single hop DHT algorithm ".DHT algorithm based on consistent hashing, apply to a Key Value (Key, Value) storage model, type of structured query language (SQL) support need to be further encapsulation. For SDN controller, the topology information is global, not suitable for DHT storage, but the need for additional global replication. Forward equipment related information organization in exchange for a node as a unit for distributed storage, can satisfy the basic requirement, but granularity coarser, unfavorable to the load balance between the control node. Can host information by IP address, MAC table two dimension distribution, more even.3. The forwarding plane forward abstraction technologyOpenFlow 1.0 provides a single abstract model of the flow table 91, OpenFlow after 1.1 defines a model of a multistage flow table. 12 rs and parts manufacturers open interface to the application of exposure is a routing information base (RIB) on a variety of business table, the table an implied agreement between all kinds of logic. OpenFlow gave application/control in the face of forwarding plane manipulation ability, to a great extent in theory can not be restricted by the existing network protocol completely, forwarding plane can be completely making a fool of instruction execution engine, and other open API is open API, under the framework of existing agreements have strict limit condition.OpenFlowl. 0 is very simple, but need to three states content addressable memory (TCAM) support, and the price of TCAM is relatively expensive, at the same time the single table structure makes forward complex logical decomposition is very difficult. In the existing based on application-specific integrated circuit chip (ASIC) on the switch of OpenFlow1.0 above can easily be mapped to AcL lines, thus support OpenFlow Ethernet switches on the market at present the vast majority are only support OpenFlow 1.0.OpenFlow 1 x provides a multi-stage flow table model, added more table matching fields and instruction type, ability is more and more strong, but far from existing switches ASIC's ability more and more. Software switch can easily realize OpenFlow1. X more table model. Hardware switches can through theirown traditional ASIC assembly line for some necessary encapsulation, the formation of multistage flow chart to control surface, adapted by the control surfaces, only support instructions issued by the forwarding plane and table structure. This increase in counter rotating and controller are put forward higher requirements. Industry there are a few manufacturers launched a configurable ASIC link TCAM running water, these will be a fixed width of TCAM look-up table processing unit into smaller shard, such as every 32 bit TCAM is a basic fragmentation. Flexible application can define multiple subdivision level OpenFlow flow table, which support the OpenFlow multistage flow table model. Applications can exchange of L2, L3 switching, routing, such as the ACL decomposed to different on the flow chart of implementation, thereby avoiding the super-long top table keyword unnecessary TCAM costs.。

2021年9月Journal on Communications September 2021 第42卷第9期通信学报V ol.42No.9基于CPN的安全协议形式化建模及安全分析方法龚翔，冯涛，杜谨泽（兰州理工大学计算机与通信学院，甘肃兰州 730050）摘 要：为了解决有色Petri网（CPN）对安全协议进行形式化建模分析时，仅能判断协议是否存在漏洞而无法找出漏洞具体位置和攻击路径的问题，以及CPN建模时随着攻击者模型引入，安全协议的形式化模型可能的消息路径数量激增，状态空间容易发生爆炸导致难以提取准确攻击路径的问题，改进了基于CPN的安全协议形式化建模方法，验证并提取攻击路径的同时，采用更细粒度的协议建模及控制。

在状态空间收敛方面提出了CPN模型不同进程在各分层模型中等待−同步的方法控制状态空间规模。

通过针对TMN协议的安全评估分析，成功提取出该协议25条攻击路径，评估了该协议安全性的同时证明了所述方法的有效性。

关键词：有色Petri网；安全协议；形式化分析；状态空间；攻击路径中图分类号：TP393.06文献标识码：ADOI: 10.11959/j.issn.1000−436x.2021175Formal modeling and security analysis method ofsecurity protocol based on CPNGONG Xiang, FENG Tao, DU JinzeSchool of Computer and Communication, Lanzhou University of Technology, Lanzhou 730050, China Abstract: To solve the problem of modeling and analyzing with colored Petri net (CPN), which was determining vulne-rabilities in hole location but couldn’t identify any attack path, and the problem of when the introduction of the attacker model, the number of possible message paths in the CPN formal model of security protocol surges the state space prone to explosion, which made it difficult to extract accurate attack paths, the formal modeling method of security protocol was improved base on CPN, the attack paths were verified and extracted, further the fine-grained protocol modeling and control were adopted. As well as in the aspect of state-space convergence, and a waiting-sync method for different processes of CPN model in each hierarchy model was proposed, which effectively controlled the state-space scale of the model. Through the security evaluation and analysis of TMN protocol, 25 attack paths of the protocol are extracted suc-cessfully, the security of the protocol is evaluated, and the effectiveness of the proposed method is proved.Keywords: colored Petri net, security protocol, formal analysis, state space, attack path1 引言安全协议已成为现代计算机网络正常运转的基础，但由于其设计阶段的规范缺失和不可避免的逻辑缺陷，常会带来潜在的安全隐患，使各种协议的开发和安全性验证成为一项艰巨的任务[1]。

基于SERVPERF模型的高校快递终端服务质量的评价与分析随着电商平台的飞速发展，快递服务逐渐成为了消费者生活中不可或缺的一部分。

这种趋势也促使着高校内快递业务的不断发展。

同时，快递终端服务质量是学校里对于快递管理和服务的一项重要的考核指标。

本文将通过对服务质量模型的引入和评价分析，为高校快递终端服务的提升提供一些实践性的建议。

服务质量模型剖析服务质量模型(SERVQUAL)是由美国学者A. Parasuraman、ValarieZeitham和LeonardL. Berry提出的一种通用的衡量服务质量的模型,这一模型同样可以用于解决高校快递终端服务的质量提升问题。

其中，SERVPERF模型是SERVQUAL的简化版本，是基于绩效的服务质量模型。

除了期望值这一指标外，该模型不仅考虑到了其他方面的消费体验，还关注消费者在使用过程中所获得的实际价值，从而更好的反映了消费者对快递终端的整体满意度。

SERVPERF模型包含五个维度:可靠性、响应性、保证、同理心和通达性。

可靠性指的是服务提供者提供的服务是否及时、准确、可靠。

响应性指服务提供者是否能及时响应消费者的需求，以及对客户的服务态度和乐于助人程度。

保证指服务提供者在维护其品质时所作的努力，包括快递服务质量、准确性、安全性、以及快递物品未能准确地被送达时，提供的补偿政策等。

同理心则是指服务提供者是否能够为消费者着想，关心他们的诉求。

通达性则是指服务提供者的通信渠道是否易于使用和方便。

评价与分析在高校快递终端服务中，我们可以将服务质量分为以下三类：管理规范与安全、交付速度、服务水平等。

管理规范与安全，是指服务提供者在服务过程中是否能够遵守相关规定、加强对快递物品的保护、确保用户的信息安全等，这是服务质量非常重要的一部分，与快递终端的基本建设密切相关。

交付速度，是快递业务的核心竞争力之一。

尤其是在校内，快递服务必须保证快速、准确、及时。

对此，学校应该优化管理，提高效率，确保快递服务到位。