Source Address Filtering for Large Scale Network: A Cooperative Software Mechanism Design
Source address filtering is used as an important mechanism to prevent malicious traffic. Currently, most networks store filters in hardware such as TCAM, which has limited capacity, high power consumption and high cost. Although software can accommodate large number of filters, it needs multiple accesses to memory on the border router, which bears much more additional burden than other routers. In this paper, the authors propose a software-based mechanism for source address filtering. In their mechanism, they only need to check a few bits in source addresses on each router, rather than checking all bits on the ingress router. Through cooperation among routers, their mechanism ensures that malicious traffic will be filtered in the network.