1. 2019/4/11
Tree in the List : Accelerated List-based Packet Classification Through Controlled Rule Set Expansion
Miultiple controller 的 load balancing 機制，使用一個叫 Load informing 的方法。
Author: Sven Hager, Stefan Selent, Bjorn Scheuermann
Conference: CoNEXT’14, Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies
Presenter: YiFang - Huang
Date: 2018/10/17
Department of Computer Science and Information Engineering
National Cheng Kung University, Taiwan R.O.C.
CSIE CIAL Lab 1

2. 2019/4/11
Introduction
DDoS attacks are attempts to make a computer resource (i.e. website, , VoIP, or a whole network)
unavailable to its intended users. In the final quarter of 2015, the number of DDoS attacks has hit a new record .
Most of DDoS attacks use Internet Protocol (IP) address spoofing technique that allows attackers to modify source IP address of a packet difference from its original address so that their true identities are hidden. Spoofer Project has shown that 13.5% overall address space is spoofable .
DDoS flooding attacks are classified into two categories: (i) Network/transport-level DDoS attacks; and
(ii) Application-level DDoS attacks. In the literature, several DDoS defense techniques have been proposed to combat DDoS flooding attacks. These techniques are also classified into two categories as DDoS attacks: (i) DDoS mechanisms against Network/transport-level DDoS attacks; and (ii) DDoS mechanisms against Application-level DDoS attacks .
However, systems proposed in the literature using these techniques are either implemented as software programs only or
against only one DDoS attack type .
With high-speed networks, software-based DDoS countermeasure systems cannot fully decode and classify all incoming packets. Meanwhile, defense against only one DDoS attack technique is not efficient enough.
在 Multiple SDN Controller 的環境下，每個 switch 都被固定的 Controller 管理。
如果其中一個 Controller 處理 Switch 發送過來的訊息太多，負載就會太高，而且不能分給其他 Controller 處理。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

3. 2019/4/11
Introduction
In contrast to these approaches, we propose an FPGAbased multicore architecture (hardware-based) to integrate multiple DDoS defense mechanisms. Our design goals are not only high-performance but also high efficiency DDoS defense system with various mitigation techniques. The use of FPGA allows DDoS mitigation mechanisms to be implemented by both soft general purpose processor (GPP) cores and hardware-based dedicated processing elements. In all cases, the applied mitigation techniques can be modified or updated at both runtime and design time. With the soft GPP-based approach, each DDoS countermeasure technique is executed by each GPP. When the DDoS countermeasure technique needs to be modified or updated, the system just needs to change or update the instruction cache of the processor.While using hardware dedicated processing elements as DDoS countermeasure engines, the updating and modifying process can be done by dynamic partial reconfiguration technique , a specialized technique for FPGA technology only. This is one of the main advantages of FPGA technology.Besides, the use of FPGA also allows the number of DDoS defense techniques integrated into the system to be flexibly changed to adapt DDoS flooding attacks.
在 Multiple SDN Controller 的環境下，每個 switch 都被固定的 Controller 管理。
如果其中一個 Controller 處理 Switch 發送過來的訊息太多，負載就會太高，而且不能分給其他 Controller 處理。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

4. 2019/4/11
Introduction
The proposed architecture consists of two separated partitions static and dynamic. The static partition includes hardware cores for pre-processing incoming packets and conducting decisions of the DDoS filtering cores (drop or bypass a packet). The dynamic partition accommodates DDoS defense techniques which can be implemented by soft GPPs or dedicated hardware computing cores. Compared to the GPP-based approach, the dedicated hardware computing core approach provides a better system performance but the updating or modifying process using the dynamic partial reconfiguration technique is longer than updating instruction caches in the GPP-based approach. By separating static partition from dynamic partition, one DDoS filtering core can be updated or replaced by an another core implementing a different defense technique to adapt DDoS attacks without interfering other cores.
在 Multiple SDN Controller 的環境下，每個 switch 都被固定的 Controller 管理。
如果其中一個 Controller 處理 Switch 發送過來的訊息太多，負載就會太高，而且不能分給其他 Controller 處理。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

5. 2019/4/11
Introduction
We implement our first prototype system with the Hop-count filtering and Ingress/Engress filtering
techniques using the Xilinx Virtex 5 xc5vtx240t FPGA device. The synthesis results show that the system can work at up to MHz while utilizing about 41% LUTs, 47% Registers, and 53% Block Memory of the available hardware resources. Experimental results show that our system achieves a 100% detection rate (true positive) with a 0% false negative rate and the maximum 0.74% false positive rate.
Moreover, the prototype system obtains packet processing throughput by up to Gbps in half-duplex mode and Gbps in full-duplex mode.
有大概提到 Multiple controller 有分成兩種類型，集中式的判斷和分散式的判斷。
集中式會蒐集所有 Controller 的資料再決定 load balancing 的方式，所以時間效能會比較慢。
分散式可以在 local 做決定，本篇論文要改善這個模式。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

6. PROPOSED SYSTEM ARCHITECTURE
2019/4/11
PROPOSED SYSTEM ARCHITECTURE
Static partition
The static partition accommodates static modules that
are fixed at design time. The modules in this partition are
mainly responsible for decoding incoming packets and processing
those packets based on decisions of DDoS defense
mechanism modules.
Controller 使用 Floodlight
交換負載資訊使用 JGroup
JGroup 是一個用 Java 實現的群組通訊工具，可以做 point to peer 或 point to point 的溝通。
是否是負載最重的 Controller。
找出發送訊息最多的 switch。
找到負載小且速度快的 Target Controller。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

7. PROPOSED SYSTEM ARCHITECTURE
2019/4/11
PROPOSED SYSTEM ARCHITECTURE
2.1.1 Packet Decoder
This module decodes and extracts incoming packets into
header fields and payload fields. These fields are then sent
to Defense Cores that implement DDoS defense mechanisms
located in the dynamic partition. While the header field
includes source IP address, destination IP address, source
port, destination port, and TTL value; the payload field
contains information. The raw incoming packets are stored
in a Packet FIFO module while waiting for classifying results
from DDoS defense mechanisms.
Controller 使用 Floodlight
交換負載資訊使用 JGroup
JGroup 是一個用 Java 實現的群組通訊工具，可以做 point to peer 或 point to point 的溝通。
是否是負載最重的 Controller。
找出發送訊息最多的 switch。
找到負載小且速度快的 Target Controller。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

8. PROPOSED SYSTEM ARCHITECTURE
2019/4/11
PROPOSED SYSTEM ARCHITECTURE
2.1.2 Packet FIFO
In high-speed network processing systems, when an incoming
package is processing, others are coming continuously
or simultaneously at different ports. Moreover, processing
a packet takes time, the packet needs to be stored
somewhere to wait for decisions from processing cores. In
this work, we store incoming packets in a Packet FIFO module.
The size of this FIFO depends on system performance
(throughput) as well as network speed. The higher performance
the system can process, the smaller the size of
this FIFO is required. Therefore, the size of this FIFO will
vary from system implementation to system implementation.
In other words, this FIFO can be implemented by onchip
memory or off-chip memory based on its size. Although
the module is fixed at design time, we do not consider it as a
module of the static partition (as depicted in Figure 1) due
to the fact that this module can be implemented by off-chip
memory.
Controller 使用 Floodlight
交換負載資訊使用 JGroup
JGroup 是一個用 Java 實現的群組通訊工具，可以做 point to peer 或 point to point 的溝通。
是否是負載最重的 Controller。
找出發送訊息最多的 switch。
找到負載小且速度快的 Target Controller。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

9. PROPOSED SYSTEM ARCHITECTURE
2019/4/11
PROPOSED SYSTEM ARCHITECTURE
2.1.3 Packet Processing
The Packet Processing module receives decisions from the
Defense Decision module located in the dynamic partition.
The decisions are either bypass to allow the corresponding
packet to be bypassed to output ports or drop to alert that
the corresponding packet belongs to a DDoS attack. Based
on these decisions, the Packet Processing module sends the
corresponding packet from the Packet FIFO module to the
destination output port if the packet is legitimate. Otherwise,
the packet is deleted from Packet FIFO.
Controller 使用 Floodlight
交換負載資訊使用 JGroup
JGroup 是一個用 Java 實現的群組通訊工具，可以做 point to peer 或 point to point 的溝通。
是否是負載最重的 Controller。
找出發送訊息最多的 switch。
找到負載小且速度快的 Target Controller。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

10. PROPOSED SYSTEM ARCHITECTURE
2019/4/11
PROPOSED SYSTEM ARCHITECTURE
2.1.4 Dispatch Interface
As stated above, one of the primary goals of this proposed
architecture is the runtime reconfiguration of DDoS defense
processing cores. In order words, Defense Cores implementing
DDoS defense mechanisms can be updated or changed
at runtime to adapt quickly DDoS attacks. While a Defense
Core is being updated or replaced by an another core,
others can keep working without any interfering. To support
this goal, the Dispatch Interface module is responsible
for communication between a central host processor, which
monitors and controls the DDoS protection system. When
Defense Cores are soft GPPs, the host processor can configure
the cores by sending new instruction caches through
this interface. Otherwise, dynamic partial reconfiguration
bitstream is sent from the host processor to modify Defense
Cores if these cores are dedicated hardware processing cores.
Controller 使用 Floodlight
交換負載資訊使用 JGroup
JGroup 是一個用 Java 實現的群組通訊工具，可以做 point to peer 或 point to point 的溝通。
是否是負載最重的 Controller。
找出發送訊息最多的 switch。
找到負載小且速度快的 Target Controller。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

11. PROPOSED SYSTEM ARCHITECTURE
2019/4/11
PROPOSED SYSTEM ARCHITECTURE
2.1.5 Updating Controller
The main purpose of this module is to control the process
updating or changing Defense Cores. However, the Updating
Controller module will vary from implementation to implementation.
If the system executes DDoS defense mechanisms by soft GPPs, Updating Controller just needs to select
the right instruction cache to update it by a new instruction
cache. However, Updating Controller should include different
modules that support the dynamic partial reconfiguration
technique in the cases of dedicated hardware processing
cores are used to execute DDoS defense mechanisms. These
supporting modules depend on FPGA families. Therefore,
we only describe the Updating Controller module in the proposed
architecture.
Controller 使用 Floodlight
交換負載資訊使用 JGroup
JGroup 是一個用 Java 實現的群組通訊工具，可以做 point to peer 或 point to point 的溝通。
是否是負載最重的 Controller。
找出發送訊息最多的 switch。
找到負載小且速度快的 Target Controller。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

12. Proposed algorithm 2.2 Dynamic partition
2019/4/11
Proposed algorithm
2.2 Dynamic partition
Attackers usually deploy DDoS attacks by using different
attack methods. Therefore, one of the requirements
towards building a comprehensive DDoS defense system is
to combine multiple DDoS defense mechanisms. Moreover,
these mechanisms should be updated or changed at runtime.
Therefore, the dynamic partition includes different
DDoS Defense Cores, each of them implements one different
DDoS countermeasure technique. When at least one Defense
Core recognizes a packet as an attacking packet, the
system should remove the packet.
單純蒐集資訊用。
訊息送到 controller 的速度，每秒多少個 message，相當於 CPU 的負載。
Switch 到 Controller 再回到 switch 花費的時間，決定 target controller 時會用到。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

13. Proposed algorithm 2.2.1 Defense Cores
2019/4/11
Proposed algorithm
2.2.1 Defense Cores
Defense Cores are mainly responsible for scanning incoming
packets to classify those packets as legitimate packets
or DDoS attacking packets. Different DDoS filtering techniques
require different data input such as header fields or
payload fields. These fields are supplied by the Packer Decoder
module. Defense Cores can be implemented by soft
GPPs (such as MicroBlaze [18] or NIOS [2] processors) or
dedicated custom hardware processing cores or both. However,
in all cases, Defense Cores can be updated or changed
at both runtime and design time. The update process when
Defense Cores are soft GPPs just requires new instruction
caches of GPPs changed. Meanwhile, we need to use the dynamic
partial reconfiguration technique for FPGA devices if
Defense Cores are specialized hardware cores. Compared
to the GPP approach, dedicated hardware Defense Cores
achieve better performance due to parallelism.
單純蒐集資訊用。
訊息送到 controller 的速度，每秒多少個 message，相當於 CPU 的負載。
Switch 到 Controller 再回到 switch 花費的時間，決定 target controller 時會用到。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

14. Proposed algorithm 2.2.2 Defense Decision
2019/4/11
Proposed algorithm
2.2.2 Defense Decision
DDoS attacking packets can be deployed by different methods.
One defense mechanism can only detect one type of
DDoS attack. Therefore, if a packet is classified as an attacking
packet by one DDoS filtering technique, we do not
need to wait for decisions of other techniques in a multiple
filtering mechanisms DDoS protection system. The main
duty of the Defense Decision module is to monitor classified
information from Defense Cores to determine whether
a packet is legitimate or belongs to a DDoS attack. If there
exists one Defense Core recognizing a packet as an attacking
packet, Defense Decision right away sends a drop signal
the Packet Processing module accommodated in the static
partition. Consequently, Defense Decision resets all Defense
Cores to start processing the next packet since we do not
need to wait until all Defense Cores finish their scanning
process. In contrast, if all Defense Cores vote for a packet
as a legitimate packet, Defense Decision sends a bypass signal
to the Packet Processing module.
單純蒐集資訊用。
訊息送到 controller 的速度，每秒多少個 message，相當於 CPU 的負載。
Switch 到 Controller 再回到 switch 花費的時間，決定 target controller 時會用到。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

15. SYSTEM IMPLEMENTATION
2019/4/11
SYSTEM IMPLEMENTATION
This section presents our first prototype version implementing
the proposed FPGA-based multicore architecture
to integrate two well-known DDoS defense techniques Hopcount
filterting (HCF) and Ingress/Egress filtering (IEF).
The NetFPGA-10G board containing a Xilinx xc5vtx240t
device is used as an experimental platform. The board consists
of four SFP+ ports (NIC Rx and NIC Tx) that are
suitable to build a high-speed network processing system.
Two Defense Cores implementing HCF and IEF techniques
are developed as dedicated hardware processing cores using
Verilog-HDL. Therefore, we apply the dynamic partial reconfiguration
technique to update and modify Defense Cores
as stated above. In this section, we mainly highlight the
two DDoS filtering techniques, Updating Controller (DPR)
module used to control the dynamic partial reconfiguration
process, and Dispatch Interface (ICAP) to receive dynamic
partial reconfiguration bitstream from the host processor.
Figure 2 depicts our prototype system based on the proposed
architecture.
讓每個 Controller 固定時間發送自己的負載狀況給其他 Controller。
儲存其他 Controller 送過來的負載狀況，用來計算 load balancing 用。
如果自己的負載狀況變化不大，發送自己的負載狀況給其他 controller 是不必要的。
使用 inhibition 演算法決定負載狀況發送的頻率。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

16. SYSTEM IMPLEMENTATION
2019/4/11
SYSTEM IMPLEMENTATION
3.1 Static partition
Static partition mainly accommodates Packet Decoder,
Packet Processing, Dispatch Interface, and Updating Controller.
Depending on system implementation, this partition
maybe includes the Packet FIFO if it is implemented by onchip
memory.
3.1.1 Packet Decoder & Packet Processing modules
These modules are implemented using Verilog-HDL as described
above. The Packet Decoder module receives incoming
packet from the NIC Rx inputs of the SFP+ ports while
the Packet Processing modules forwards legitimate packets
to the destination NIC Tx outputs of the SFP+ ports.
讓每個 Controller 固定時間發送自己的負載狀況給其他 Controller。
儲存其他 Controller 送過來的負載狀況，用來計算 load balancing 用。
如果自己的負載狀況變化不大，發送自己的負載狀況給其他 controller 是不必要的。
使用 inhibition 演算法決定負載狀況發送的頻率。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

17. SYSTEM IMPLEMENTATION
2019/4/11
SYSTEM IMPLEMENTATION
3.1.2 Packet FIFO
In this prototype version, we implement the Packet FIFO
by FPGA block memory (on-chip memory). We use the
FIFO IP core provided by Xilinx [16] to develop the buffer.
The size of Packet FIFO is 256-bits in width and 1024 entries
in depth.
3.1.3 Dispatch Interface (ICAP)
Due to dedicated hardware processing cores used for implementing
DDoS filtering mechanisms, runtime update and
change should be done by the dynamic partial reconfiguration
technique. Therefore, the Dispatch Interface module
needs to support this technique. The dynamic partial reconfiguration
technique is technology dependency. Hence,
we use a Xilinx proposed interface to reconfigure the FPGA
device at runtime. Xilinx supports various interface to configure
their FPGA devices. Among those interfaces, an
ICAP primitive interface [19] is able to read and write efficiently
the FPGA internal configuration memory. In this
work, we use ICAP as our Dispatch Interface allowing partial
reconfiguration bitstream to be transferred from the central
host processor to internal configuration memory of the Xilinx
FPGA device through a 256-bit Direct Memory Access
(DMA) protocol. Figure 3 shows the internal architecture
of our implemented Dispatch Interface based on ICAP.
讓每個 Controller 固定時間發送自己的負載狀況給其他 Controller。
儲存其他 Controller 送過來的負載狀況，用來計算 load balancing 用。
如果自己的負載狀況變化不大，發送自己的負載狀況給其他 controller 是不必要的。
使用 inhibition 演算法決定負載狀況發送的頻率。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

18. SYSTEM IMPLEMENTATION
2019/4/11
SYSTEM IMPLEMENTATION
3.1.4 Updating Controller (DPR)
As aforementioned, one of the main goals of this work
is to update or change one processing core that implement
one DDoS defense technique without interfering other cores,
and, of course, without interfering the packet classification
process. The Updating Controller module is responsible
for the dynamic partial reconfiguration process. Updating
Controller stops the updated core and sends classified information
to Defense Decision on-behalf-of the updated core
When the updating process is done by ICAP, the new core is
authorized by Updating Controller to scan incoming packets
and send its classified results to Defense Decision.
讓每個 Controller 固定時間發送自己的負載狀況給其他 Controller。
儲存其他 Controller 送過來的負載狀況，用來計算 load balancing 用。
如果自己的負載狀況變化不大，發送自己的負載狀況給其他 controller 是不必要的。
使用 inhibition 演算法決定負載狀況發送的頻率。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

19. SYSTEM IMPLEMENTATION
2019/4/11
SYSTEM IMPLEMENTATION
This section presents our first prototype version implementing
the proposed FPGA-based multicore architecture
to integrate two well-known DDoS defense techniques Hopcount
filterting (HCF) and Ingress/Egress filtering (IEF).
The NetFPGA-10G board containing a Xilinx xc5vtx240t
device is used as an experimental platform. The board consists
of four SFP+ ports (NIC Rx and NIC Tx) that are
suitable to build a high-speed network processing system.
Two Defense Cores implementing HCF and IEF techniques
are developed as dedicated hardware processing cores using
Verilog-HDL. Therefore, we apply the dynamic partial reconfiguration
technique to update and modify Defense Cores
as stated above. In this section, we mainly highlight the
two DDoS filtering techniques, Updating Controller (DPR)
module used to control the dynamic partial reconfiguration
process, and Dispatch Interface (ICAP) to receive dynamic
partial reconfiguration bitstream from the host processor.
Figure 2 depicts our prototype system based on the proposed
architecture.
讓每個 Controller 固定時間發送自己的負載狀況給其他 Controller。
儲存其他 Controller 送過來的負載狀況，用來計算 load balancing 用。
如果自己的負載狀況變化不大，發送自己的負載狀況給其他 controller 是不必要的。
使用 inhibition 演算法決定負載狀況發送的頻率。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

20. Load Informing component
3.2.1 Hop-Count Filtering
Although DDoS attackers can forge any data in the header
field of a packet, they cannot falsify the number of hops that
a packet traverses to reach its destination. The number of
traversed hops of a packet, named hop-count, is calculated
by subtracting the final Time-to-Live (TTL) from the initial
TTL values, so-called calculated Hop-count. TTL is an 8-bit
field [11] in the header field that is originally introduced to
specify the maximum lifetime of a packet on the Internet.
The final TTL is the value when the packet reaches the
destination. The initial TTL values are set to 30, 32, 60, 64,
128, or 255 depending on Operating System (OS) where the
packet is packed.
The HCF module in this work consists of three blocks
(described in Figure 4). These are (i) Hop-count calculation
to calculate Hop-count value of an incoming packet,
(ii) Content Addressable Memory (CAM) to store known
Hop-count values of packets coming from specific sources,
and (iii) Comparator to compare stored Hop-count values
with calculated Hop-count values. Due to the limitation of
NetFPGA 10G board hardware resources, we build two versions
of CAM, 128 and 256 entries. This module receives a
header field of an incoming packet from the Packet Decoder
module, located in the static partition, and calculates the
actual Hop-count value. The module, then, uses the source
IP address of the packet to look up corresponding stored
Hop-count value in CAM. If the stored Hop-count value is
identical to calculated Hop-count, the packet is legitimate.
Otherwise, the packet is spoofed. When this is the first time
the packet has come to the system (i.e., whose source IP does
not exist in CAM), CAM returns a MISS signal and stores
both source IP address of the packet and calculated Hopcount
value. This packet is considered as legitimate packet.
However, the initial TTL can be forged. It means that the
packet is spoofed, but HCF could not recognize that because
of the lack of information. That is the main disadvantage
and limitation of the HCF mechanism.
2019/4/11
Load Informing component
目前 controller 自己的負載狀況。
上一個 controller 自己的負載狀況。
使用固定頻率有什麼問題。
如果負載很接近 threshold 時，如果被其他 controller 認定為 target controller 而接收 load balancing 後的流量，一樣會導致 overhead。
所以越接近時越提高負載狀況發送的頻率，讓高負載的 controller 有足夠的資訊去找更適合的 controller 做 load balancing。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

21. Balance Decision component
2019/4/11
Balance Decision component
判斷自己是不是負載最重的節點。
選擇訊息量最高的 switch。
選擇負載較低的 controller，將 switch 轉移給 target controller。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

22. Balance Decision component
2019/4/11
Balance Decision component
目前 controller 自己的負載情況
高負載的判斷界線
算出每個一個 controller 的 P over load，並判斷自己是不是最重的。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

23. Balance Decision component
2019/4/11
Balance Decision component
找出發送最多訊息到 controller 的 switch。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

24. Balance Decision component
2019/4/11
Balance Decision component
找出所有符合這個條件的 switch 並作遷移。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

25. Balance Decision component
2019/4/11
Balance Decision component
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab

26. Switch migration component
2019/4/11
Switch migration component
Floodlight 實作 switch 的轉移。
因為每個 controller 上儲存的負載狀況可能都會有點誤差，
所以可能同時有兩個 controller 認為自己是負載最重的 controller，而都轉移 switch 到同一個 target controller 上，導致負載過高。
所以 target controller 一次只接受一個 controller 的轉移。
National Cheng Kung University CSIE Computer & Internet Architecture Lab
CSIE CIAL Lab