CN105099916B - Open flows route exchange device and its processing method to data message - Google Patents
Open flows route exchange device and its processing method to data message Download PDFInfo
- Publication number
- CN105099916B CN105099916B CN201410174615.6A CN201410174615A CN105099916B CN 105099916 B CN105099916 B CN 105099916B CN 201410174615 A CN201410174615 A CN 201410174615A CN 105099916 B CN105099916 B CN 105099916B
- Authority
- CN
- China
- Prior art keywords
- flow table
- data message
- flow
- entry data
- miniflow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 4
- 230000009471 action Effects 0.000 claims abstract description 64
- 230000004044 response Effects 0.000 claims abstract description 59
- 238000000034 method Methods 0.000 claims abstract description 58
- 238000001514 detection method Methods 0.000 claims abstract description 40
- 230000004069 differentiation Effects 0.000 claims 2
- 238000012217 deletion Methods 0.000 claims 1
- 230000037430 deletion Effects 0.000 claims 1
- 238000007689 inspection Methods 0.000 claims 1
- 238000003860 storage Methods 0.000 description 23
- 238000012545 processing Methods 0.000 description 16
- 230000000875 corresponding effect Effects 0.000 description 15
- 230000006870 function Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 13
- 238000004891 communication Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 6
- 238000004590 computer program Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000003068 static effect Effects 0.000 description 4
- 238000001914 filtration Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000001902 propagating effect Effects 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 238000010187 selection method Methods 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 241000406668 Loxodonta cyclotis Species 0.000 description 1
- 241000699666 Mus <mouse, genus> Species 0.000 description 1
- 241000699670 Mus sp. Species 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- HRULVFRXEOZUMJ-UHFFFAOYSA-K potassium;disodium;2-(4-chloro-2-methylphenoxy)propanoate;methyl-dioxido-oxo-$l^{5}-arsane Chemical compound [Na+].[Na+].[K+].C[As]([O-])([O-])=O.[O-]C(=O)C(C)OC1=CC=C(Cl)C=C1C HRULVFRXEOZUMJ-UHFFFAOYSA-K 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明公开了一种开放流路由交换设备及其对数据报文的处理方法,方法包括:响应于接收入口数据报文,解析该入口数据报文;将解析的入口数据报文与位于TCAM的宏流表中的流表项进行匹配;响应于解析的入口数据报文与所述宏流表中的流表项匹配,执行所述宏流表中的流表项相关联的启动长流检测的动作;以及响应于该入口数据报文在长流检测中被判别属于长流,通知与所述开放流路由交换设备相连的开放流控制器检测到长流,并从所述开放流控制器接收位于SRAM的微流表的流表项,该微流表的流表项与检测到的长流对应的入口数据报文中的特征值相关。该路由交换设备及其方法降低了开放流路由交换设备的成本,并使得开放流控制器能够优化流量转发路径。
The invention discloses an OpenFlow routing switching device and its processing method for data messages. The method includes: responding to receiving an ingress data message, parsing the ingress data message; combining the parsed ingress data message with the The flow entry in the macro flow table is matched; in response to the parsed ingress data packet matching the flow entry in the macro flow table, the start long flow detection associated with the flow entry in the macro flow table is executed action; and in response to the ingress data packet being judged to belong to a long flow in the long flow detection, notify the OpenFlow controller connected to the OpenFlow routing and switching device to detect a long flow, and send a message from the OpenFlow controller The flow entry of the microflow table located in the SRAM is received, and the flow entry of the microflow table is related to the feature value in the ingress data packet corresponding to the detected long flow. The routing switching device and the method thereof reduce the cost of the OpenFlow routing switching device, and enable the OpenFlow controller to optimize the flow forwarding path.
Description
技术领域technical field
本发明涉及网络技术,更具体地,涉及一种开放流路由交换设备及其对数据报文的处理方法。The present invention relates to network technology, more specifically, to an open flow routing switching device and a processing method for data packets.
背景技术Background technique
网络中,长流(Long-lived Flow)又被称为大象流(elephant flow),指代那些存活时间长,有大量数据发送需求的网络连接对应的报文流量,例如,FTP 下载某个视频文件,就可以视这个FTP连接所对应的报文流为长流。短流(Short-lived Flow),又被称为老鼠流(mice flow),其特征和长流恰好相反,指代那些连接存活时间很短,数据量小的网络连接所对应的报文流。例如,Web 请求往往在客户端和服务器之间传输几个报文的数据量就完成了一次会话,就属于短流。近来,随着多媒体业务和Web2.0的高速发展,大量的网络测量和研究报告表明,网络中80%的流量是由20%的长流贡献的。如果能够监视20%的长流,就可以很好地控制及优化网络流量,掌握整个网络80%的流量的动向,这对于网络流量的优化将是一个非常不错的举措。In the network, Long-lived Flow is also called elephant flow, which refers to the packet flow corresponding to those network connections that survive for a long time and require a large amount of data transmission. For example, FTP downloads a certain video files, the packet flow corresponding to this FTP connection can be regarded as a long flow. Short-lived Flow (Short-lived Flow), also known as mouse flow (mice flow), its characteristics are exactly the opposite of long-lived flow, and refers to the packet flow corresponding to the network connection whose connection survival time is very short and the amount of data is small. For example, a web request usually transmits the data volume of several packets between the client and the server to complete a session, which is a short flow. Recently, with the rapid development of multimedia services and Web2.0, a large number of network measurement and research reports show that 80% of the traffic in the network is contributed by 20% of the long flow. If you can monitor 20% of long flows, you can well control and optimize network traffic, grasp the movement of 80% of the entire network traffic, which will be a very good measure for network traffic optimization.
传统的通信网络把控制逻辑和数据转发紧密耦合在路由交换设备上,导致网络控制平面管理异常复杂。软件定义网络SDN(Software Defined Networking) 技术使得网络的控制和转发分离,将控制平面分离到核心的控制器或控制器集群上,而路由交换设备只负责数据转发。SDN为网络新应用和未来互联网技术提供了一种新的解决方案。开放流(OpenFlow)为SDN提供了技术上的支持。 OpenFlow是通过如下方式将控制功能从网络设备中分离出来的:在网络设备上维护流表(Flow Table)结构,报文按照流表中的流表项进行转发,而流表的生成、维护、配置则由开放流控制器来管理。SDN和OpenFlow的关系是,SDN是一种网络设计理念,而OpenFlow则是为实现SDN这一理念提供的具体技术。In traditional communication networks, control logic and data forwarding are tightly coupled to routing and switching devices, resulting in extremely complex management of the network control plane. Software Defined Networking (SDN) technology separates the control and forwarding of the network, and separates the control plane to the core controller or controller cluster, while the routing and switching devices are only responsible for data forwarding. SDN provides a new solution for new network applications and future Internet technologies. Open Flow (OpenFlow) provides technical support for SDN. OpenFlow separates the control function from the network device in the following way: the flow table (Flow Table) structure is maintained on the network device, the message is forwarded according to the flow table entry in the flow table, and the generation, maintenance, and Configuration is managed by the OpenFlow controller. The relationship between SDN and OpenFlow is that SDN is a network design concept, and OpenFlow is a specific technology provided to realize the concept of SDN.
如今,OpenFlow和SDN分离了网络路由交换设备的控制和转发。使得路由交换设备功能更加单一和模块化,基本上只负责报文的转发。而那些原先被整合到网络设备中的复杂的控制协议和逻辑被分离出来,并集中到一个或多个核心的开放流控制器上,对全网的硬件设备进行管控。使得网络流量优化在这种集中式的网络控制架构上非常容易地实现,并且这种流量信息对于开放流控制器也是一种很好的补充。因为开放流控制器本身已经能够感知到全网的拓扑结构,最缺乏的是对全网流量信息实时动态的掌握,需要路由交换设备提供网络中的信息,尤其是长流信息。Today, OpenFlow and SDN separate the control and forwarding of network routing and switching devices. This makes the functions of routing and switching devices more single and modular, basically only responsible for packet forwarding. The complex control protocols and logic that were originally integrated into network devices are separated and concentrated on one or more core OpenFlow controllers to manage and control the hardware devices of the entire network. It is very easy to implement network traffic optimization on this centralized network control architecture, and this traffic information is also a good supplement to the OpenFlow controller. Because the OpenFlow controller itself has been able to perceive the topology of the entire network, the most lacking is the real-time dynamic grasp of the entire network traffic information, which requires routing and switching devices to provide information in the network, especially long flow information.
但是,OpenFlow技术的发展遇到了硬件上暂时无法解决的瓶颈。在开放流路由交换设备上,需要上述的流表,用于处理流量转发和定义各种流量策略。现有的开放流路由交换设备一般采用TCAM实现开放流流表,因为TCAM具有查找快速、操作简单、并且能够支持掩码匹配的优点,但同时它具有3个明显的缺点:成本高、功耗大和表项更新复杂。另外,现有的开放流路由交换设备将报文解析、匹配、执行等控制装置以及实现流表的TCAM,甚至通信装置都集成在ASIC芯片中,受制于ASIC硬件工艺的限制以及成本、功耗、体积等方面的考虑,ASIC开发商一般只会在传统的路由交换设备中集成很少量的 TCAM,并且现有的路由交换设备无法监视长流。因此,本领域需要一种低成本的路由交换设备来监视网络中的长流。However, the development of OpenFlow technology has encountered a bottleneck that cannot be solved temporarily on the hardware. On the OpenFlow routing and switching device, the above-mentioned flow table is required to process traffic forwarding and define various traffic policies. Existing OpenFlow routing and switching devices generally use TCAM to implement OpenFlow flow tables, because TCAM has the advantages of fast search, simple operation, and support for mask matching, but it has three obvious disadvantages at the same time: high cost, power consumption Yamato table entry update is complex. In addition, the existing OpenFlow routing and switching equipment integrates control devices such as message parsing, matching, and execution, as well as TCAM for implementing flow tables, and even communication devices into the ASIC chip, which is limited by the limitations of ASIC hardware technology, cost, and power consumption. Considering the size and other aspects, ASIC developers generally only integrate a small amount of TCAM in traditional routing and switching equipment, and existing routing and switching equipment cannot monitor long flows. Therefore, there is a need in the art for a low-cost routing and switching device to monitor long flows in the network.
发明内容Contents of the invention
根据本发明的一个方面,提供了一种开放流路由交换设备对数据报文的处理方法,包括:According to one aspect of the present invention, a method for processing data packets by an OpenFlow routing and switching device is provided, including:
响应于接收入口数据报文,解析该入口数据报文;In response to receiving the ingress data message, parsing the ingress data message;
将解析的入口数据报文与位于TCAM的宏流表中的流表项进行匹配,其中,在所述宏流表的流表项中相关联的动作包含启动长流检测;Matching the parsed ingress data message with the flow entry in the macro flow table of the TCAM, wherein the associated actions in the flow entry of the macro flow table include starting long flow detection;
响应于解析的入口数据报文与所述宏流表中的流表项匹配,执行所述宏流表中的流表项相关联的启动长流检测的动作;In response to the parsed ingress data packet matching the flow entry in the macro flow table, perform an action associated with the flow entry in the macro flow table to start long flow detection;
响应于该入口数据报文在长流检测中被判别属于长流,通知与所述开放流路由交换设备相连的开放流控制器检测到长流,并从所述开放流控制器接收位于SRAM的微流表的流表项,该微流表的流表项与检测到的长流对应的入口数据报文中的特征值相关。In response to the ingress data packet being judged to belong to a long flow in the long flow detection, the OpenFlow controller connected to the OpenFlow routing and switching device is notified to detect a long flow, and receives a message located in the SRAM from the OpenFlow controller. A flow entry of the microflow table, where the flow entry of the microflow table is related to the feature value in the ingress data packet corresponding to the detected long flow.
根据本发明的另一个方面,提供了一种开放流路由交换设备,包括:According to another aspect of the present invention, an OpenFlow routing and switching device is provided, including:
解析装置,被配置为响应于接收入口数据报文,解析该入口数据报文;A parsing device configured to parse the ingress data message in response to receiving the ingress data message;
匹配装置,被配置为将解析的入口数据报文与位于TCAM的宏流表中的流表项进行匹配,其中,在所述宏流表的流表项中相关联的动作包含启动长流检测;The matching device is configured to match the parsed ingress data packet with the flow entry in the macro flow table of the TCAM, wherein the associated action in the flow entry of the macro flow table includes starting long flow detection ;
执行装置,被配置为响应于解析的入口数据报文与所述宏流表中的流表项匹配,执行所述宏流表中的流表项相关联的启动长流检测的动作;The executing device is configured to execute an action of starting long flow detection associated with the flow entry in the macro flow table in response to the parsed ingress data message matching the flow entry in the macro flow table;
通知装置,被配置为响应于该入口数据报文在长流检测中被判别属于长流,通知与所述开放流路由交换设备相连的开放流控制器检测到长流,并从所述开放流控制器接收位于SRAM的微流表的流表项,该微流表的流表项与检测到的长流对应的入口数据报文中的特征值相关。The notification device is configured to, in response to the ingress data message being determined to belong to a long flow in the long flow detection, to notify the OpenFlow controller connected to the OpenFlow routing and switching device The controller receives the flow entry of the microflow table located in the SRAM, and the flow entry of the microflow table is related to the feature value in the entry data packet corresponding to the detected long flow.
本发明提出的方法很好地解决了ASIC对TCAM表项的依赖,降低了开放流路由交换设备对TCAM空间的需求。通过识别网络中的长流并将匹配长流的流表项迁移到比TCAM更加廉价和更低能耗的SRAM上,大大降低了开放流路由交换设备的成本,并提供了一种节能的设计。同时,由于本发明把贡献了80%的流量的长流识别出来,使得开放流控制器对全网的流量信息有了更进一步的了解和更细粒度的控制,结合其对全网拓扑的掌握情况,可以优化流量转发路径,并且避免拥塞点的出现。The method proposed by the invention well solves the dependence of the ASIC on the TCAM table items, and reduces the requirement of the OpenFlow routing and switching equipment on the TCAM space. By identifying the long flow in the network and migrating the flow entry matching the long flow to the SRAM which is cheaper and has lower energy consumption than TCAM, the cost of the OpenFlow routing and switching equipment is greatly reduced, and an energy-saving design is provided. At the same time, because the present invention identifies the long flow that contributes 80% of the flow, the OpenFlow controller has a further understanding of the flow information of the entire network and finer-grained control, combined with its grasp of the entire network topology In this situation, the traffic forwarding path can be optimized and the occurrence of congestion points can be avoided.
附图说明Description of drawings
通过结合附图对本公开示例性实施方式进行更详细的描述,本公开的上述以及其它目的、特征和优势将变得更加明显,其中,在本公开示例性实施方式中,相同的参考标号通常代表相同部件。The above and other objects, features and advantages of the present disclosure will become more apparent by describing the exemplary embodiments of the present disclosure in more detail with reference to the accompanying drawings, wherein, in the exemplary embodiments of the present disclosure, the same reference numerals generally represent same parts.
图1示出了适于用来实现本发明实施方式的示例性计算机系统/服务器12的框图;Figure 1 shows a block diagram of an exemplary computer system/server 12 suitable for use in implementing embodiments of the present invention;
图2示出了传统的开放流路由交换设备和控制器的通信框架;Fig. 2 shows the communication framework of traditional OpenFlow routing switching device and controller;
图3示出了开放流路由交换设备对数据报文的处理方法的流程框图;以及Fig. 3 shows the flow diagram of the method for processing the data message by the OpenFlow routing and switching equipment; and
图4示出了根据本发明一种实施方式的OpenFlow通信框架下的开放流路由交换设备的结构组成。FIG. 4 shows the structural composition of an OpenFlow routing and switching device under the OpenFlow communication framework according to an embodiment of the present invention.
具体实施方式Detailed ways
下面将参照附图更详细地描述本公开的优选实施方式。虽然附图中显示了本公开的优选实施方式,然而应该理解,可以以各种形式实现本公开而不应被这里阐述的实施方式所限制。相反,提供这些实施方式是为了使本公开更加透彻和完整,并且能够将本公开的范围完整地传达给本领域的技术人员。Preferred embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although preferred embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
图1示出了适于用来实现本发明实施方式的示例性计算机系统/服务器12的框图。图1显示的计算机系统/服务器12仅仅是一个示例,不应对本发明实施例的功能和使用范围带来任何限制。Figure 1 shows a block diagram of an exemplary computer system/server 12 suitable for use in implementing embodiments of the present invention. The computer system/server 12 shown in FIG. 1 is only an example, and should not limit the functions and scope of use of the embodiments of the present invention.
如图1所示,计算机系统/服务器12以通用计算设备的形式表现。计算机系统/服务器12的组件可以包括但不限于:一个或者多个处理器或者处理单元16,系统存储器28,连接不同系统组件(包括系统存储器28和处理单元16)的总线18。As shown in Figure 1, computer system/server 12 takes the form of a general-purpose computing device. Components of computer system/server 12 may include, but are not limited to, one or more processors or processing units 16, system memory 28, bus 18 connecting various system components including system memory 28 and processing unit 16.
总线18表示几类总线结构中的一种或多种,包括存储器总线或者存储器控制器,外围总线,图形加速端口,处理器或者使用多种总线结构中的任意总线结构的局域总线。举例来说,这些体系结构包括但不限于工业标准体系结构 (ISA)总线,微通道体系结构(MAC)总线,增强型ISA总线、视频电子标准协会(VESA)局域总线以及外围组件互连(PCI)总线。Bus 18 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus structures. These architectures include, by way of example, but are not limited to Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MAC) bus, Enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect ( PCI) bus.
计算机系统/服务器12典型地包括多种计算机系统可读介质。这些介质可以是任何能够被计算机系统/服务器12访问的可用介质,包括易失性和非易失性介质,可移动的和不可移动的介质。Computer system/server 12 typically includes a variety of computer system readable media. These media can be any available media that can be accessed by computer system/server 12 and include both volatile and nonvolatile media, removable and non-removable media.
系统存储器28可以包括易失性存储器形式的计算机系统可读介质,例如随机存取存储器(RAM)30和/或高速缓存存储器32。计算机系统/服务器12可以进一步包括其它可移动/不可移动的、易失性/非易失性计算机系统存储介质。仅作为举例,存储系统34可以用于读写不可移动的、非易失性磁介质(图1 未显示,通常称为“硬盘驱动器”)。尽管图1中未示出,可以提供用于对可移动非易失性磁盘(例如“软盘”)读写的磁盘驱动器,以及对可移动非易失性光盘(例如CD-ROM,DVD-ROM或者其它光介质)读写的光盘驱动器。在这些情况下,每个驱动器可以通过一个或者多个数据介质接口与总线18相连。存储器28可以包括至少一个程序产品,该程序产品具有一组(例如至少一个)程序模块,这些程序模块被配置以执行本发明各实施例的功能。System memory 28 may include computer system readable media in the form of volatile memory, such as random access memory (RAM) 30 and/or cache memory 32 . Computer system/server 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read and write to non-removable, non-volatile magnetic media (not shown in FIG. 1, commonly referred to as a "hard drive"). Although not shown in Figure 1, a disk drive for reading and writing to removable non-volatile disks (e.g. "floppy disks") may be provided, as well as for removable non-volatile optical disks (e.g. CD-ROM, DVD-ROM) or other optical media) CD-ROM drive. In these cases, each drive may be connected to bus 18 via one or more data media interfaces. Memory 28 may include at least one program product having a set (eg, at least one) of program modules configured to perform the functions of various embodiments of the present invention.
具有一组(至少一个)程序模块42的程序/实用工具40,可以存储在例如存储器28中,这样的程序模块42包括——但不限于——操作系统、一个或者多个应用程序、其它程序模块以及程序数据,这些示例中的每一个或某种组合中可能包括网络环境的实现。程序模块42通常执行本发明所描述的实施例中的功能和/或方法。A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory 28, such program modules 42 including - but not limited to - an operating system, one or more application programs, other program Modules and program data, each or some combination of these examples may include the implementation of the network environment. Program modules 42 generally perform the functions and/or methodologies of the described embodiments of the invention.
计算机系统/服务器12也可以与一个或多个外部设备14(例如键盘、指向设备、显示器24等)通信,还可与一个或者多个使得用户能与该计算机系统/ 服务器12交互的设备通信,和/或与使得该计算机系统/服务器12能与一个或多个其它计算设备进行通信的任何设备(例如网卡,调制解调器等等)通信。这种通信可以通过输入/输出(I/O)接口22进行。并且,计算机系统/服务器12 还可以通过网络适配器20与一个或者多个网络(例如局域网(LAN),广域网 (WAN)和/或公共网络,例如因特网)通信。如图所示,网络适配器20通过总线18与计算机系统/服务器12的其它模块通信。应当明白,尽管图中未示出,可以结合计算机系统/服务器12使用其它硬件和/或软件模块,包括但不限于:微代码、设备驱动器、冗余处理单元、外部磁盘驱动阵列、RAID系统、磁带驱动器以及数据备份存储系统等。Computer system/server 12 may also communicate with one or more external devices 14 (e.g., keyboards, pointing devices, displays 24, etc.), and with one or more devices that enable user interaction with computer system/server 12, And/or communicate with any device (eg, network card, modem, etc.) that enables the computer system/server 12 to communicate with one or more other computing devices. Such communication may occur through input/output (I/O) interface 22 . Also, computer system/server 12 may also communicate with one or more networks (eg, local area network (LAN), wide area network (WAN) and/or public networks such as the Internet) via network adapter 20 . As shown, network adapter 20 communicates with other modules of computer system/server 12 via bus 18 . It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with computer system/server 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, Tape drives and data backup storage systems, etc.
图2示出了传统的开放流路由交换设备和控制器的通信框架,根据图2,在OpenFlow通信框架下,传统的路由交换设备的转发和控制分离开来,开放流路由交换设备负责数据报丈的转发,开放流控制器负责协议控制进程。在开放流控制器中维护了全网的拓扑信息。开放流路由交换设备中流表的所有流表项都是由开放流控制器下发的,开放流路由交换设备和开放流控制器之间的通信使用OpenFlow协议在一条加密的通道上传输。开放流控制器下发的每条流表项都可以关联统计计数器,开放流控制器可以查询流表项的统计计数器来收集流量统计信息。Figure 2 shows the communication framework of traditional OpenFlow routing and switching devices and controllers. According to Figure 2, under the OpenFlow communication framework, the forwarding and control of traditional routing and switching devices are separated, and OpenFlow routing and switching devices are responsible for datagram Zhang's forwarding, the OpenFlow controller is responsible for the protocol control process. The topology information of the whole network is maintained in the OpenFlow controller. All flow entries in the flow table in the OpenFlow routing and switching device are issued by the OpenFlow controller, and the communication between the OpenFlow routing and switching device and the OpenFlow controller is transmitted on an encrypted channel using the OpenFlow protocol. Each flow entry delivered by the OpenFlow controller can be associated with a statistical counter, and the OpenFlow controller can query the statistical counter of the flow entry to collect traffic statistics.
在开放流路由交换设备设置了若干个流表(Flow Table)用于存储报文转发和策略控制相关的流表项。流表通常是一系列流表项的集合,OpenFlow规范中定义了流表项需要支持的标准协议字段,每条流表项主要包含了如下几个信息:Several flow tables (Flow Tables) are set on the OpenFlow routing and switching device for storing flow entries related to packet forwarding and policy control. A flow table is usually a collection of a series of flow entries. The OpenFlow specification defines the standard protocol fields that a flow entry needs to support. Each flow entry mainly includes the following information:
1)匹配字段:要匹配报文头部的哪些字段,如源/目的MAC地址、VLAN ID、 VLAN优先级、源/目的IP地址、DSCP、IP协议号、TCP/UDP源/目的端口号等。最新的OpenFlow规范(openflow-spec-v1.4.0)中定义了多达42个不同的匹配字段。流表具有不同的实现,可以只包含感兴趣的某些字段,比如只关心IP 五元组;也可以包含OpenFlow规范中定义的绝大部分字段。1) Matching fields: which fields in the packet header to match, such as source/destination MAC address, VLAN ID, VLAN priority, source/destination IP address, DSCP, IP protocol number, TCP/UDP source/destination port number, etc. . Up to 42 different match fields are defined in the latest OpenFlow specification (openflow-spec-v1.4.0). The flow table has different implementations, and it may only contain certain fields of interest, such as only caring about the IP quintuple; it may also contain most of the fields defined in the OpenFlow specification.
2)匹配优先级:每条流表项都被安排一个匹配优先级。报文在某个流表中可能和多条流表项都匹配,在这种情况下,只执行匹配优先级最高的那条流表项所关联的动作。2) Matching priority: each flow entry is assigned a matching priority. A packet may match multiple flow entries in a certain flow table. In this case, only the action associated with the flow entry with the highest matching priority is executed.
3)关联的动作:当报文匹配到流表项中定义的字段之后,执行与之关联的动作,这些动作可能包含但不限于:修改报文头部指定字段的值、添加一个新的报文头、删除某个报文头部、将报文从某个(某些)端口发送出去、维护报文统计信息等。除了这些动作外,还可以根据流表的具体实现自定义与流表项相关联的其它动作。3) Associated actions: After the message matches the fields defined in the flow entry, perform the actions associated with it. These actions may include but are not limited to: modify the value of the specified field in the message header, add a new message Text header, delete a certain packet header, send the packet from a certain (certain) port, maintain packet statistics, etc. In addition to these actions, other actions associated with the flow entry can also be customized according to the specific implementation of the flow table.
回到图2,现有的开放流路由交换设备中的报文解析、匹配、执行等控制装置可以分解为解析装置、匹配装置和执行装置。入口数据报文经过解析装置后,会将所有报文头部的字段解析出来,接着匹配装置在硬件为TCAM的存储了流表项的流表里面查找,看报文是否与其中的流表项匹配,如果与某条流表项匹配,执行装置就执行该流表项中相应的动作。而流表中的流表项是开放流控制器通过开放流路由交换设备的通信装置向TACM中的流表下发的。Referring back to Figure 2, the control devices for packet parsing, matching, and execution in existing OpenFlow routing and switching devices can be decomposed into parsing devices, matching devices, and execution devices. After the ingress data message passes through the parsing device, it will parse out all the fields in the message header, and then the matching device will search in the flow table in which the flow table item is stored in TCAM hardware to see if the message matches the flow table item in it. Matching, if it matches a certain flow entry, the execution device executes the corresponding action in the flow entry. The flow entry in the flow table is issued by the OpenFlow controller to the flow table in the TACM through the communication device of the OpenFlow routing and switching device.
已有的开放流路由交换设备一般采用三态内容寻址存储器TCAM(TernaryContent Addressable Memory)作为流表的存储载体,一般的内容寻址存储器 (CAM)每个位(bit)只有两个值:0和1。而TCAM中每个位有三种状态值,即除了0和1之外,还有一个不关注(don't care)状态,表示不关心这个位的值具体是多少,也就是网络领域中经常所说的“掩码”,例如:一个8位的二进制数据8’b1101xxxx就可以匹配8’b11010000到8’b11011111范围内的所有值,换算成十进制数值,就是208到223之间的所有值。由于TCAM查找效率高并且支持任意位的掩码屏蔽功能,在使用TCAM作为流表的存储载体时,就可以非常方便的实现网络管理策略。例如,管理员想封锁所有去往192.168.0.1的FTP 流量,在IP五元组(源IP地址,目的IP地址,协议号,源端口号,目的端口号) 的流表定义下,即可表示为(*,192.168.0,1,TCP,*,21),其中符号*表示不关心该字段的值。这种通过掩码把某些字段屏蔽掉的流表项通常会匹配到很多条连接。Existing OpenFlow routing and switching devices generally use a ternary content addressable memory (TCAM) as the storage carrier for the flow table. Generally, each bit of the content addressable memory (CAM) has only two values: 0 and 1. Each bit in TCAM has three state values, that is, in addition to 0 and 1, there is also a don't care state, which means that you don't care about the value of this bit, which is often used in the network field. The so-called "mask", for example: an 8-bit binary data 8'b1101xxxx can match all values in the range of 8'b11010000 to 8'b11011111, converted to decimal values, that is, all values between 208 and 223. Because TCAM has high search efficiency and supports the mask mask function of any bit, when TCAM is used as the storage carrier of the flow table, the network management strategy can be implemented very conveniently. For example, if the administrator wants to block all FTP traffic going to 192.168.0.1, it can be expressed under the flow table definition of IP quintuple (source IP address, destination IP address, protocol number, source port number, destination port number) It is (*, 192.168.0, 1, TCP, *, 21), where the symbol * means that the value of this field is not concerned. This kind of flow entry with certain fields masked out usually matches many connections.
使用TCAM 成本高,为了在低成本下监视长流,本发明将传统OpenFlow 框架下的流表进行了进一步的分割,分为宏流表和微流表。相关的概念包括:若干连续报文组成报文序列,一个或若干个报文序列就成为一个数据流。通信双方的某个特定应用之间的报文序列称为一条微流。在流表中的流表项可以要求精确匹配所有要求的字段,这时候就称匹配到这条精确流表项的报文序列为“微流”(micro flow);流表的流表项的某些字段也可以用“掩码”屏蔽掉,这时候就称匹配到这条掩码流表项的报文序列为“宏流”(macro flow)。因此,宏流表中的流表项一般会出现一个或多个字段被掩码屏蔽掉,用于匹配宏流,并且需要使用TCAM实现;微流表的流表项一般要求精确匹配预设的所有字段,即微流,可以使用SRAM实现。SRAM(Static Random Access Memory)是静态随机访问存储器,是一种具有静止存期功能的内存,不需要刷新电路即能保存内部存储的数据。和TCAM不同的是,SRAM中每个bit位只能是0或者1两种值,所以无法直接做到掩码匹配功能,但是SRAM每一个bit的成本比TCAM 便宜30倍,每一个bit的功耗比TCAM低150倍。将原来TCAM实现的流表分成TCAM实现的宏流表和SRAM实现的微流表能够降低开放流路由交换设备的成本和功耗。后续将介绍为什么这样替换以及如何使用。The cost of using TCAM is high. In order to monitor long flow at low cost, the present invention further divides the flow table under the traditional OpenFlow framework into macro flow table and micro flow table. Related concepts include: a number of consecutive messages form a message sequence, and one or several message sequences become a data stream. A message sequence between a specific application of two communicating parties is called a microflow. The flow entry in the flow table may require an exact match to all required fields. At this time, the packet sequence matching this exact flow entry is called a "micro flow"; the flow entry of the flow table Certain fields can also be masked out with a "mask". In this case, the sequence of packets matching this mask flow entry is called a "macro flow". Therefore, the flow entry in the macro flow table generally has one or more fields masked out to match the macro flow, and needs to be implemented using TCAM; the flow entry of the micro flow table generally requires an exact match with the preset All fields, i.e. microflows, can be implemented using SRAM. SRAM (Static Random Access Memory) is a static random access memory, which is a kind of memory with a static storage function, which can save the internally stored data without refreshing the circuit. Different from TCAM, each bit in SRAM can only be 0 or 1, so the mask matching function cannot be directly implemented, but the cost of each bit of SRAM is 30 times cheaper than that of TCAM, and the power of each bit Consumption is 150 times lower than TCAM. Dividing the original TCAM-implemented flow table into a TCAM-implemented macro-flow table and an SRAM-implemented micro-flow table can reduce the cost and power consumption of OpenFlow routing and switching devices. The reason for this replacement and how to use it will be introduced later.
在这样的前提下,本发明的实施例公开了一种开放流路由交换设备对数据报文的处理方法,图3示出了开放流路由交换设备对数据报文的处理方法的流程框图,根据图3,On such a premise, the embodiment of the present invention discloses a method for processing data packets by an OpenFlow routing and switching device. FIG. 3 shows a flow chart of a method for processing data packets by an OpenFlow routing and switching device. image 3,
在步骤S301,响应于接收入口数据报文,解析该入口数据报文;In step S301, in response to receiving the ingress data message, parsing the ingress data message;
在步骤S302,将解析的入口数据报文与位于TCAM的宏流表中的流表项进行匹配,其中,在所述宏流表的流表项中相关联的动作包含启动长流检测;In step S302, match the parsed ingress data message with the flow entry located in the macroflow table of the TCAM, wherein the associated action in the flow entry of the macroflow table includes starting long flow detection;
在步骤S303,响应于解析的入口数据报文与所述宏流表中的流表项匹配,执行所述宏流表中的流表项相关联的启动长流检测的动作;In step S303, in response to the parsed ingress data message matching the flow entry in the macro flow table, execute the action of starting long flow detection associated with the flow entry in the macro flow table;
在步骤S304,响应于该入口数据报文在长流检测中被判别属于长流,通知与所述开放流路由交换设备相连的开放流控制器检测到长流,并从所述开放流控制器接收位于SRAM的微流表的流表项,该微流表的流表项与检测到的长流对应的入口数据报文中的特征值相关。In step S304, in response to the ingress data packet being judged to belong to a long flow in the long flow detection, the OpenFlow controller connected to the OpenFlow routing and switching device is notified to detect a long flow, and the OpenFlow controller receives The flow entry of the microflow table located in the SRAM is received, and the flow entry of the microflow table is related to the feature value in the ingress data packet corresponding to the detected long flow.
步骤S301为现有开放流路由交换设备中的常用技术,这里不再赘述其如何实现。Step S301 is a commonly used technique in existing OpenFlow routing and switching devices, and how to implement it will not be repeated here.
在步骤S302中,宏流表位于TCAM中,微流表位于SRAM中,原来所有的流表都要使用TCAM,占用的存储空加大,并且成本和功耗都很高;使用 SRAM实现的微流表代替大部分TCAM实现的宏流表,可以减小成本和功耗。宏流表的流表项中某个匹配字段被掩码屏蔽。例如:针对IP五元组的流表定义 (源IP地址、目的IP地址、协议号、源端口号、目的端口号),流表项 (202.197.65.34,198.54.24.22,TCP,*,21)就是一条宏流表的流表项,表示从IP 地址202.197.65.34的主机到IP地址198.54.24.22的主机的所有FTP流量。相关联的动作包含启动长流检测的动作。前面叙述相关联的动作时已经指出,相关联的动作可以根据流表的实现自定义其他动作。在本发明中,定义了启动长流检测的动作。该流表项也是从开放流控制器获得的。在宏流表的流表项中,可以对特定字段定义标志位,来标识相关联的动作为:是否启动长流检测,如果该标志位被置位(为0或1)就标识着相关联的动作包括启动长流检测,如果该标志位没有被置位(为1或0),就标识着相关联的动作不包含启动启动长流检测。例如,在某字段中增加一个标志位:LFD(Long-liVed Flow Detection)。 LFD标志位被置为1表示当检测到有入口数据报文与该流表项匹配时,启动长流检测机制。开放流控制器在向开放流路由交换设备的宏流表中下发流表项时,可以根据网络拓扑信息以及从路由交换设备上收集的流量统计信息来决定是否设置该宏流流表项的LFD标志位。例如,当控制器查询到发往某个网段的流量特别大的时候,就可以下发一条流表项来匹配所有去往这个网段的流量,并在流表项的关联的动作中设置LFD标志位,从而启动开放流路由交换设备对匹配该流表项的报文的长流识别。In step S302, the macro-flow table is located in TCAM, and the micro-flow table is located in SRAM. Originally, all flow tables must use TCAM, and the occupied storage space is increased, and the cost and power consumption are high; the micro-flow table implemented by SRAM The flow table replaces the macro flow table implemented by most TCAMs, which can reduce cost and power consumption. A matching field in the flow entry of the macro flow table is masked. For example: flow table definition for IP quintuple (source IP address, destination IP address, protocol number, source port number, destination port number), flow entry (202.197.65.34, 198.54.24.22, TCP, *, 21) It is a flow entry of a macro flow table, indicating all FTP traffic from the host with IP address 202.197.65.34 to the host with IP address 198.54.24.22. Associated actions include actions to enable long-flow detection. When describing the associated actions, it has been pointed out that the associated actions can customize other actions according to the implementation of the flow table. In the present invention, the action of starting long flow detection is defined. This flow entry is also obtained from the OpenFlow controller. In the flow entry of the macro flow table, a flag bit can be defined for a specific field to identify the associated action: whether to start long flow detection, if the flag bit is set (0 or 1), it indicates the associated action The action includes starting long flow detection, if the flag bit is not set (1 or 0), it indicates that the associated action does not include starting long flow detection. For example, add a flag in a certain field: LFD (Long-liVed Flow Detection). If the LFD flag bit is set to 1, it means that when it is detected that an ingress data packet matches the flow entry, the long flow detection mechanism will be started. When the OpenFlow controller sends a flow entry to the macroflow table of the OpenFlow routing and switching device, it can decide whether to set the macroflow flow entry according to the network topology information and the traffic statistics information collected from the routing and switching device. LFD flag. For example, when the controller finds that the traffic destined for a certain network segment is particularly large, it can issue a flow entry to match all the traffic destined for this network segment, and set it in the associated action of the flow entry The LFD flag bit, so as to enable the OpenFlow routing and switching device to recognize the long flow of the packet matching the flow entry.
在步骤S303,当入口数据报文匹配宏流表中的某条流表项后,假设LFD 标志位被设置为启动长流检测,可以使用概率选判、流量统计和过滤算法等方法来判断该报文是否属于某个长流。In step S303, when the ingress data packet matches a certain flow entry in the macro flow table, assuming that the LFD flag is set to enable long flow detection, methods such as probability selection, traffic statistics, and filtering algorithms can be used to judge the flow. Whether the packet belongs to a long flow.
方法一:概率选判方法Method 1: Probability selection method
概率选判方法属于现有技术,在该方法中,宏流表的流表项关联了概率选判的动作,入口数据报文匹配到该流表项之后,以某个概率将其判属为长流。假设选判概率为p,某条流需要传输N个报文,每个报文均有概率p的机会被选判为属于长流。根据概率统计方法,该流在第k个报文被选判为长流的概率为P=1-(1-p)^k。从此公式中可以看出,k值越大,网络流被选判为长流的概率 P值会越高。例如,当概率p=1/64时,某条流在第10个报文被判别为长流的概率是14.6%,在第100个报文被判别为长流的概率是79.3%,而在第150个报文被判别为长流的概率高达90.1%。这说明,该方法对长流识别是有一个时间过程的。一般而言,从时间跨度上来看,长流需要传输的报文数量非常多,它被识别出来的概率会非常大,而短流因为传输的报文数量非常少,它被误判为长流的概率非常小。The probabilistic selection method belongs to the prior art. In this method, the flow entry of the macro flow table is associated with the action of probabilistic selection. After the ingress data packet matches the flow entry, it is judged as long flow. Assuming that the selection probability is p, a flow needs to transmit N packets, and each packet has a probability of p to be selected as belonging to the long flow. According to the probability statistics method, the probability that the kth packet of this flow is selected as a long flow is P=1-(1-p)^k. It can be seen from this formula that the larger the value of k, the higher the probability P of the network flow being selected as a long flow. For example, when the probability p=1/64, the probability that a certain flow is judged as a long flow in the 10th packet is 14.6%, and the probability that the 100th packet is judged as a long flow is 79.3%. The probability that the 150th packet is judged as a long flow is as high as 90.1%. This shows that this method has a time process for identifying long streams. Generally speaking, from the perspective of the time span, a long flow needs to transmit a large number of packets, and its probability of being identified is very high, while a short flow is misjudged as a long flow because the number of packets transmitted is very small. probability is very small.
方法二:流量统计方法Method 2: traffic statistics method
流量统计方法也属于现有技术,该方法可以将满足一定流量速率的连接所对应的报文流识别为长流。该方法中,宏流表的流表项关联一个PB(Packet-Byte) 计数器,同时统计报文数量(Packet计数器)和数据量(Byte计数器)。该PB 计数器每隔一个固定周期被清零,该固定周期可以用户设定。匹配该宏流表的流表项的报文都会触发流量统计动作:Packet计数器自动加1,并将报文大小累加到Byte计数器上。一旦Packet计数器和Byte计数器同时超过规定的阈值后,所有报文被候选为长流,直至PB计数器被清零为止。本阶段的筛选条件是把满足一定速率的连接所对应的报文流选判为长流。The traffic statistics method also belongs to the prior art, and the method can identify the message flow corresponding to the connection satisfying a certain flow rate as a long flow. In this method, the flow entry of the macro flow table is associated with a PB (Packet-Byte) counter, and the number of packets (Packet counter) and data volume (Byte counter) are counted at the same time. The PB counter is cleared every fixed period, which can be set by the user. Packets that match the flow entries of the macro flow table will trigger traffic statistics actions: the Packet counter is automatically incremented by 1, and the packet size is added to the Byte counter. Once the Packet counter and Byte counter exceed the specified thresholds at the same time, all packets are selected as long flows until the PB counter is cleared. The screening condition at this stage is to select and determine the packet flow corresponding to the connection meeting a certain rate as a long flow.
方法三:过滤器方法Method 3: Filter method
过滤器方法也属于现有技术,在该方法中,当报文匹配宏流表的流表项后,进入Bloom过滤器进行筛选。Bloom过滤器由m个哈希表组成,每个哈希表包含N(N远大于m)个PB计数器。报文由m个哈希函数hl,…,hm生成m个索引值,在每个哈希表中寻址到一个PB计数器。每个PB计数器每隔一个设定周期被清零。匹配该宏流的流表项的报文都会触发Bloom过滤动作:所有m个 Packet计数器自动加1,报文大小分别累加到这m个Byte计数器上。报文经过 Bloom过滤器寻址到m个PB计数器,当且仅当所有m个PB计数器同时超过设定阈值后,该报文被候选为长流。The filter method also belongs to the prior art. In this method, when the packet matches the flow entry of the macro flow table, it enters the Bloom filter for screening. Bloom filters consist of m hash tables, each of which contains N (N is much larger than m) PB counters. The message generates m index values by m hash functions hl, ..., hm, and addresses a PB counter in each hash table. Each PB counter is cleared every other set cycle. Packets that match the flow entries of the macroflow will trigger Bloom filtering actions: all m Packet counters are automatically incremented by 1, and the packet size is added to the m Byte counters respectively. The message is addressed to m PB counters through the Bloom filter. If and only if all the m PB counters exceed the set threshold at the same time, the message is selected as a long flow.
这些长流识别方法在数学上都可以归为概率统计方法,原理上需要一定容量的样本。但在网络传输过程中,报文到达交换设备在时间上是离散的。所以,需要一定跨度的时间,才能收集到容量足够大的样本。而在样本的收集过程中,可能存在长流识别的滞后效果,例如,某个方法可能在传输第10个报文时,某条长流才被识别出来,而前9个报文就被认为不是长流,就会经过开放流路由交换设备进行转发。不同方法的样本容量决定了不同长流识别方法能以多快的速度将报文识别为属于某条长流。These long-flow identification methods can be classified as probabilistic statistical methods in mathematics, and in principle, a certain amount of samples is required. However, in the network transmission process, the time when packets arrive at the switching device is discrete. Therefore, it takes a certain span of time to collect samples with a large enough capacity. In the process of sample collection, there may be a lagging effect of long-flow identification. For example, a method may recognize a long flow when the 10th packet is transmitted, and the first 9 packets are considered as If it is not a long flow, it will be forwarded through the OpenFlow routing and switching device. The sample size of different methods determines how quickly different long flow identification methods can identify packets as belonging to a certain long flow.
此外,方法一和方法二存在两种误判的可能:既可能把短流误判为长流,又可能漏判某个长流。方法三在参数调整合理后,只会出现短流被误判为长流。上述三种方法可以单独使用,也可以组合起来,以获得更高的精度,减小误判。In addition, there are two kinds of misjudgment possibilities in method 1 and method 2: it is possible to misjudge a short flow as a long flow, and it is possible to miss a certain long flow. Method 3 After the parameters are adjusted properly, only short flows are misjudged as long flows. The above three methods can be used alone or combined to obtain higher accuracy and reduce misjudgment.
在步骤S304中,通知与所述开放流路由交换设备相连的开放流控制器检测到长流可以使用现有的加密通道。具体可以发送中断请求给开放流路由交换设备的ASIC硬件驱动程序(通信装置),告诉检测到长流,驱动程序发送 PACKET-IN消息给开放流控制器,在PACKET-IN消息中,可以将Reason字段的值设置为OFPR_LFI指示该报丈被判别属于长流;对应地,开放流控制器得知当前入口数据报文为长流之后,从长流对应的入口数据报文中提取预定的特征值(例如IP五元组),这些特征值被组装成微流表的流表项,并且,开放流控制器可以基于一定的策略,对该长流所关联的微流表的流表项中的执行动作进行修改,以达到其控制目的和策略,然后将形成的微流表的流表项下发到微流表中,因此,该微流表的流表项与检测到的长流对应的入口数据报文中的特征值相关。或者,也可以在开放流路由交换设备中提取预定的特征值,直接发送给开放流控制器,然后由控制器基于一定的策略,对该长流所关联的微流表的流表项中的执行动作进行修改,得到组装成的流表项,下发到微流表中。In step S304, the OpenFlow controller connected to the OpenFlow routing and switching device is notified that the long flow detected can use the existing encrypted channel. Specifically, an interrupt request can be sent to the ASIC hardware driver (communication device) of the OpenFlow routing switching device to tell that a long flow is detected, and the driver sends a PACKET-IN message to the OpenFlow controller. In the PACKET-IN message, Reason The value of the field is set to OFPR_LFI to indicate that the report is determined to belong to a long flow; correspondingly, after the OpenFlow controller learns that the current ingress data packet is a long flow, it extracts a predetermined feature value from the ingress data packet corresponding to the long flow (such as IP quintuples), these feature values are assembled into flow entries of the microflow table, and the OpenFlow controller can, based on a certain policy, Execute actions to modify to achieve its control purpose and strategy, and then send the flow entries of the formed microflow table to the microflow table. Therefore, the flow entry of the microflow table corresponds to the detected long flow The characteristic value in the entry data message is related. Alternatively, the predetermined characteristic value can also be extracted in the OpenFlow routing and switching device, and directly sent to the OpenFlow controller, and then the controller, based on a certain policy, Execute actions to modify, obtain assembled flow table items, and send them to the microflow table.
上述下发到微流表中的流表项的一个直接目的就是识别长流。在前面的步骤中,长流识别一直需要宏流表的流表项;一旦识别出长流的特征值,就可以将这些特征值组装成为微流表的流表项,从而直接识别出属于长流的报文,并通过相关联的动作进行精细控制,而不再需要利用宏流表对属于原来长流的数据报文进行长流识别。换句话说,原来都需要TACM的工作转移到SRAM中,就可以减少对TCAM的需求。本发明只是要把长流在开放流路由交换设备上识别出来并告诉开放流控制器,开放流控制器里面可能有各种各样的控制策略,可以依据这些控制策略来设置开放流路由交换设备上的微流表的流表项。开放流控制器的策略实施不在本发明的讨论范围之内。A direct purpose of the above-mentioned flow entries sent to the micro-flow table is to identify long flows. In the previous steps, long-flow identification has always required the flow entry of the macro flow table; once the characteristic values of the long flow are identified, these characteristic values can be assembled into the flow entry of the micro-flow table, so as to directly identify the flow entries belonging to the long flow table. The packet of the flow can be finely controlled through the associated action, and it is no longer necessary to use the macro flow table to identify the long flow of the data packet belonging to the original long flow. In other words, the work that originally required TACM to be transferred to SRAM can reduce the demand for TCAM. The present invention only needs to identify the long flow on the OpenFlow routing switching device and tell the OpenFlow controller that there may be various control strategies in the OpenFlow controller, and the OpenFlow routing switching device can be set according to these control strategies The flow entry of the microflow table above. Policy enforcement by the OpenFlow controller is outside the scope of this invention.
因此,在一种实施方式中,图3所示的方法还包括以下步骤(图3未示出):在步骤S305,响应于接收到新的入口数据报文,将该新的入口数据报文与所述微流表中的流表项进行匹配。Therefore, in one embodiment, the method shown in FIG. 3 further includes the following steps (not shown in FIG. 3 ): in step S305, in response to receiving a new entry data message, the new entry data message Match the flow entry in the microflow table.
在另一种实施方式中,图3所示的方法还包括(图3未示出):在步骤S306,响应于该新的入口数据报文与所述微流表中的流表项匹配,对该新的入口数据报文执行所述微流表中的流表项相关联的动作;以及在步骤S307,如果该新的入口数据报文与所述微流表中的流表项不匹配,说明说明该入口数据报文不属于长流,则将该新的入口数据报文与所述宏流表中的流表项进行匹配,从而进一步判别该新的入口数据报文是否属于长流。In another embodiment, the method shown in FIG. 3 further includes (not shown in FIG. 3 ): in step S306, in response to the new entry data packet matching the flow entry in the microflow table, Execute the action associated with the flow entry in the microflow table for the new entry data packet; and in step S307, if the new entry data packet does not match the flow entry in the microflow table , indicating that the entry data packet does not belong to the long flow, then match the new entry data packet with the flow entry in the macro flow table, so as to further determine whether the new entry data packet belongs to the long flow .
以IP五元组(源IP地址、目的IP地址、协议号、源端口号、目的端口号) 为例。开放流控制器要监视去往10.10.1.0/24网段的TCP流量,会在开放流路由交换设备的宏流表中下发(*,10.10.1.0/24,TCP,*,*)的表项来监视这些流量,同时启动长流检测。当匹配该宏流表的流表项的报文被判别为属于长流后,开放流控制器提取出该报文的IP五元组信息,假设为(20.20.1.1,10.10.1.1,TCP,5001,21)。进而,开放流控制器向开放流路由交换设备微流表中下发一条微流表项,即(20.20.1.1,10.10.1.1,TCP,5001,21)。那么,后续的从IP地址为20.20.1.1 的主机向IP地址为10.10.1.1的主机发送的TCP流量中,源端口为5001,目的端口号为21的所有报文都会匹配该微流表中的微流表项,被认为是属于长流的报文,执行的动作也就是该微流表项所关联的动作,而不会执行也与之匹配的宏流表规则所关联的动作。例如所执行的动作为:将匹配报文从到某个负载较轻的链路上传输。Take IP quintuple (source IP address, destination IP address, protocol number, source port number, destination port number) as an example. To monitor the TCP traffic going to the 10.10.1.0/24 network segment, the OpenFlow controller will issue the (*, 10.10.1.0/24, TCP, *, *) table in the macro flow table of the OpenFlow routing and switching device item to monitor these flows and enable long flow detection at the same time. When the message matching the flow entry of the macro flow table is judged to belong to the long flow, the OpenFlow controller extracts the IP quintuple information of the message, assuming (20.20.1.1, 10.10.1.1, TCP, 5001, 21). Furthermore, the OpenFlow controller issues a microflow entry to the microflow table of the OpenFlow routing and switching device, namely (20.20.1.1, 10.10.1.1, TCP, 5001, 21). Then, among the subsequent TCP traffic sent from the host with IP address 20.20.1.1 to the host with IP address 10.10.1.1, all packets with source port number 5001 and destination port number 21 will match the A microflow entry is regarded as a packet belonging to a long flow, and the action to be executed is the action associated with the microflow entry, and the action associated with the matching macroflow entry rule will not be executed. For example, the action to be performed is: transmitting the matching packet from a link with a light load.
在另外一种实施方式中,也可以同时将入口数据报文与微流表和宏流表中的流表项进行匹配,如果同时匹配,优先选择与微流表中的流表项匹配结果,这样可以同时识别原来的长流,并且识别新的长流。也就是说,图3所示的方法还包括以下步骤(图3未示出):在步骤S308,响应于接收到新的入口数据报文,同时将该新的入口数据报文与宏流表和微流表中的流表项进行匹配;在步骤S310响应于该新的入口数据报文至少与微流表中的流表项匹配,对该新的入口数据报文执行所述微流表中的流表项相关联的动作;在步骤S311,响应于该新的入口数据报文只与宏流表中的流表项匹配,进一步判别该新的入口数据报文是否属于长流。也就是说,响应于该新的入口数据报文与宏流表和微流表中的流表项同时匹配或者仅与微流表中的流表项匹配,都对该新的入口数据报文执行所述微流表中的流表项相关联的动作。这可以通过设定微流表中的流表项匹配优先级大于宏流表的流表项的匹配优先级来实现,也可以通过仲裁器来实现。In another embodiment, the ingress data packet can also be matched with the flow entries in the microflow table and the macroflow table at the same time. If they are matched at the same time, the matching result with the flow entry in the microflow table is preferred, so that The original long flow and the new long flow can be identified at the same time. That is to say, the method shown in FIG. 3 further includes the following steps (not shown in FIG. 3 ): in step S308, in response to receiving a new entry data packet, simultaneously combine the new entry data packet with the macro flow table Match the flow entry in the micro-flow table; in step S310, in response to the new entry data message at least matching the flow entry in the micro-flow table, execute the micro-flow table entry for the new entry data message The action associated with the flow entry in the macro flow table; in step S311, in response to the new ingress data packet only matching the flow entry in the macro flow table, it is further determined whether the new ingress data packet belongs to a long flow. That is to say, in response to the new ingress data packet matching the flow entries in the macroflow table and the microflow table or only matching the flow entry in the microflow table, the new ingress data packet Execute actions associated with flow entries in the microflow table. This can be achieved by setting the matching priority of the flow entries in the micro-flow table to be higher than that of the flow entries in the macro-flow table, or through an arbitrator.
在一种实施方式中,使用微流表的流表项判别放流时,可能会将短流误判为长流,这时需要消除这些误差。因此,图3所示的方法在将该新的入口数据报文与所述微流表中的流表项进行匹配还包括(图3未示出):在步骤S3011,响应于该新的入口数据报文与微流表中的流表项匹配,判断是否将该新的入口数据报文误判为属于长流;步骤S3012,响应于确定该新的入口数据报文被误判为属于长流,通知所述开放流控制器;步骤S3013,从所述开放流控制器接收删除的微流表的流表项;以及步骤S3014,删除对应的微流表的流表项。这样就把识别的错误的属于长流的微流表的流表项删除,后续就不用该微流表的流表项识别长流。本发明还提供一种判断是否将该新的入口数据报文误判为属于长流的方法。在步骤1,将微流表中的每条流表项与一个计数器关联;在步骤2,响应于该新的入口数据报文与该微流流表项匹配,将对应的计数器加1;在步骤3,每隔固定周期对计数器清零;在步骤4,响应于连续若干个周期计数器清零前的计数都低于设定阈值时,确定将该新的入口数据报文误判为属于长流,In one embodiment, when the flow entry of the micro-flow meter is used to judge the discharge, the short flow may be misjudged as the long flow, and these errors need to be eliminated at this time. Therefore, the method shown in FIG. 3 further includes (not shown in FIG. 3 ) when matching the new entry data packet with the flow entry in the microflow table: in step S3011, in response to the new entry The data packet matches the flow entry in the microflow table, and judges whether the new entry data packet is misjudged as belonging to the long flow; Step S3012, in response to determining that the new entry data packet is misjudged as belonging to the long flow flow, notify the OpenFlow controller; step S3013, receive the deleted flow entry of the microflow table from the OpenFlow controller; and step S3014, delete the corresponding flow entry of the microflow table. In this way, the wrongly identified flow entry of the microflow table belonging to the long flow is deleted, and the flow entry of the microflow table is not used to identify the long flow subsequently. The invention also provides a method for judging whether the new entry data message is misjudged as belonging to a long flow. In step 1, associate each flow entry in the microflow table with a counter; in step 2, increase the corresponding counter by 1 in response to the new entry data packet matching the microflow flow entry; Step 3, clear the counter every fixed period; in step 4, when the count before the counter is cleared for several consecutive periods is lower than the set threshold, it is determined that the new entry data message is misjudged as belonging to the long flow,
在一种实施方式中,长流的数据报文发送结束后,需要从微流表中删除该微流表的流表项,从而不需要微流表的流表项来判别该入口数据报文是否属于长流。可以结合上述方法,也就是说图3的方法还包括步骤送312,响应于在设定周期没有与该微流表的流表项相匹配的数据报文,从微流表中删除该流表项。此时说明该长流已经传输完毕,可以释放存储空间。In one embodiment, after the long-flow data message is sent, the flow entry of the micro-flow table needs to be deleted from the micro-flow table, so that the flow entry of the micro-flow table is not needed to identify the entry data message Whether it belongs to long flow. The above method can be combined, that is to say, the method in FIG. 3 also includes step 312, in response to no data message matching the flow entry of the microflow table in the set period, delete the flow table from the microflow table item. At this point, it means that the long stream has been transmitted and the storage space can be released.
在同一个发明构思下,图4示出了根据本发明一种实施方式的OpenFlow 通信框架下的开放流路由交换设备400的结构组成。根据图4,开放流路由交换设备包括微流表401、宏流表402、解析装置403、匹配装置404、执行装置 405和通信装置406。具体来说,开放流路由交换设备400中,解析装置403,被配置为响应于接收入口数据报文,解析该入口数据报文;匹配装置404,被配置为将解析的入口数据报文与位于TCAM的宏流表401中的流表项进行匹配,其中,在所述宏流表的流表项中相关联的动作包含启动长流检测;执行装置405,被配置为响应于解析的入口数据报文与所述宏流表中的流表项匹配,执行所述宏流表中的流表项相关联的启动长流检测的动作;通知装置406,被配置为响应于该入口数据报文在长流检测中被判别属于长流,通知与所述开放流路由交换设备相连的开放流控制器检测到长流,并从所述开放流控制器接收位于SRAM的微流表402的流表项,该微流表的流表项与检测到的长流对应的入口数据报文中的特征值相关。Under the same inventive concept, FIG. 4 shows the structural composition of an OpenFlow routing and switching device 400 under the OpenFlow communication framework according to an embodiment of the present invention. According to FIG. 4 , the OpenFlow routing and switching device includes a micro-flow table 401 , a macro-flow table 402 , an analysis unit 403 , a matching unit 404 , an execution unit 405 and a communication unit 406 . Specifically, in the OpenFlow routing and switching device 400, the parsing means 403 is configured to parse the ingress data message in response to receiving the ingress data message; the matching means 404 is configured to match the parsed ingress data message with the The flow entry in the macroflow table 401 of the TCAM is matched, wherein the associated action in the flow entry of the macroflow table includes starting long flow detection; the executing device 405 is configured to respond to the parsed entry data The message matches the flow entry in the macro flow table, and executes the action of starting long flow detection associated with the flow entry in the macro flow table; the notification device 406 is configured to respond to the entry data message In the long flow detection, it is judged to belong to the long flow, notify the OpenFlow controller connected to the OpenFlow routing and switching device to detect the long flow, and receive the flow table located in the microflow table 402 of the SRAM from the OpenFlow controller item, the flow entry of the microflow table is related to the feature value in the ingress data packet corresponding to the detected long flow.
在一种实施方式中,该宏流表的流表项中相关联的动作包含启动长流检测包括:在宏流表的流表项中对特定字段定义标志位,其中该标志位标识相关联的动作为是否启动长流检测;响应于该标志位被置位,则该宏流表的流表项中相关联的动作包含In one embodiment, the associated action in the flow entry of the macro flow table includes starting long flow detection including: defining a flag bit for a specific field in the flow entry of the macro flow table, wherein the flag bit identifies the associated The action is whether to start long flow detection; in response to the flag bit being set, the associated action in the flow entry of the macro flow table includes
在一种实施方式中,所述执行装置405执行所述宏流表中的流表项相关联的启动长流检测的动作采用以下至少一种方法进行检测:概率选判;流量统计;过滤算法。In one embodiment, the execution device 405 executes the action of starting long flow detection associated with the flow entry in the macro flow table by using at least one of the following methods for detection: probabilistic selection; traffic statistics; filtering algorithm .
在一种实施方式中,所述匹配装置404被进一步配置为:响应于接收到新的入口数据报文,将该新的入口数据报文与所述微流表中的流表项进行匹配。In one embodiment, the matching device 404 is further configured to: in response to receiving a new ingress data packet, match the new ingress data packet with the flow entry in the microflow table.
在一种实施方式中,所述执行装置405被进一步配置为:响应于该新的入口数据报文与所述微流表中的流表项匹配,对该新的入口数据报文执行所述微流表中的流表项相关联的动作;并且所述匹配装置404还被进一步配置为:响应于该新的入口数据报文与所述微流表中的流表项不匹配,将该新的入口数据报文与所述宏流表中的流表项进行匹配,从而进一步判别该新的入口数据报文是否属于长流。In one embodiment, the executing means 405 is further configured to: in response to the new ingress data message matching the flow entry in the microflow table, execute the The action associated with the flow entry in the microflow table; and the matching device 404 is further configured to: respond to the new ingress data packet not matching the flow entry in the microflow table, the The new ingress data packet is matched with the flow entry in the macroflow table, so as to further determine whether the new ingress data packet belongs to a long flow.
在一种实施方式中,所述匹配装置404还被进一步配置为:响应于接收到新的入口数据报文,同时将该新的入口数据报文与宏流表和微流表中的流表项进行匹配;并且所述执行装置405被进一步配置为:响应于该新的入口数据报文至少与微流表中的流表项匹配,对该新的入口数据报文执行所述微流表中的流表项相关联的动作;响应于该新的入口数据报文只与宏流表中的流表项匹配,进一步判别该新的入口数据报文是否属于长流。In one embodiment, the matching device 404 is further configured to: in response to receiving a new ingress data message, simultaneously combine the new ingress data message with the flow table in the macro flow table and the micro flow table entry; and the executing means 405 is further configured to: in response to the new ingress data message matching at least the flow entry in the micro-flow table, execute the micro-flow table for the new ingress data message The action associated with the flow entry in the macro flow table; in response to the new ingress data packet only matching the flow entry in the macro flow table, further judging whether the new ingress data packet belongs to the long flow.
在一种实施方式中,所述匹配装置404还包括长流误判装置(图4未示出),被配置为:响应于该新的入口数据报文与微流表中的流表项匹配,判断是否将入口数据报文误判为属于长流;所述通知装置还被进一步配置为:响应于确定入口数据报文被误判为属于长流,通知所述开放流控制器;从所述开放流控制器接收删除的微流表的流表项;并且所述匹配装置还被进一步配置为:响应于接收到删除的微流表的流表项,删除对应的微流表的流表项。In one embodiment, the matching device 404 further includes a long flow misjudgment device (not shown in FIG. 4 ), configured to: respond to the new ingress data packet matching the flow entry in the microflow table , judging whether the ingress data packet is misjudged as belonging to the long flow; the notification device is further configured to: in response to determining that the ingress data packet is misjudged as belonging to the long flow, notify the OpenFlow controller; The open flow controller receives the deleted flow entry of the microflow table; and the matching device is further configured to: in response to receiving the deleted flow entry of the microflow table, delete the flow table of the corresponding microflow table item.
在一种实施方式中,其中所述匹配装置还包括长流误判装置,被配置为:将微流表中的每条流表项与一个计数器关联;响应于入口数据报文与该微流流表项匹配,对对应的计数器加1;每隔固定周期对计数器清零;以及响应于连续若干个周期计数器清零前的计数都低于设定阈值时,确定将该新的入口数据报文误判为属于长流。In one embodiment, the matching device further includes a long flow misjudgment device configured to: associate each flow entry in the microflow table with a counter; If the flow table item matches, add 1 to the corresponding counter; clear the counter every fixed period; and when the count before the counter is cleared for several consecutive periods is lower than the set threshold, determine that the new entry datagram Wen was misjudged as belonging to Changliu.
在一种实施方式中,所述匹配装置404还被进一步配置为:响应于在设定周期没有与该微流表的流表项相匹配的数据报文,从微流表中删除该流表项。In one embodiment, the matching device 404 is further configured to: delete the flow table from the micro-flow table in response to no data packet matching the flow entry of the micro-flow table within the set period item.
本发明可以是系统、方法和/或计算机程序产品。计算机程序产品可以包括计算机可读存储介质,其上载有用于使处理器实现本发明的各个方面的计算机可读程序指令。The present invention can be a system, method and/or computer program product. A computer program product may include a computer readable storage medium having computer readable program instructions thereon for causing a processor to implement various aspects of the present invention.
计算机可读存储介质可以是可以保持和存储由指令执行设备使用的指令的有形设备。计算机可读存储介质例如可以是——但不限于——电存储设备、磁存储设备、光存储设备、电磁存储设备、半导体存储设备或者上述的任意合适的组合。计算机可读存储介质的更具体的例子(非穷举的列表)包括:便携式计算机盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、静态随机存取存储器(SRAM)、便携式压缩盘只读存储器(CD-ROM)、数字多功能盘(DVD)、记忆棒、软盘、机械编码设备、例如其上存储有指令的打孔卡或凹槽内凸起结构、以及上述的任意合适的组合。这里所使用的计算机可读存储介质不被解释为瞬时信号本身,诸如无线电波或者其他自由传播的电磁波、通过波导或其他传输媒介传播的电磁波 (例如,通过光纤电缆的光脉冲)、或者通过电线传输的电信号。A computer readable storage medium may be a tangible device that can retain and store instructions for use by an instruction execution device. A computer readable storage medium may be, for example, but is not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of computer-readable storage media include: portable computer diskettes, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM), or flash memory), static random access memory (SRAM), compact disc read only memory (CD-ROM), digital versatile disc (DVD), memory stick, floppy disk, mechanically encoded device, such as a printer with instructions stored thereon A hole card or a raised structure in a groove, and any suitable combination of the above. As used herein, computer-readable storage media are not to be construed as transient signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., pulses of light through fiber optic cables), or transmitted electrical signals.
这里所描述的计算机可读程序指令可以从计算机可读存储介质下载到各个计算/处理设备,或者通过网络、例如因特网、局域网、广域网和/或无线网下载到外部计算机或外部存储设备。网络可以包括铜传输电缆、光纤传输、无线传输、路由器、防火墙、交换机、网关计算机和/或边缘服务器。每个计算/处理设备中的网络适配卡或者网络接口从网络接收计算机可读程序指令,并转发该计算机可读程序指令,以供存储在各个计算/处理设备中的计算机可读存储介质中。Computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or downloaded to an external computer or external storage device over a network, such as the Internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers, and/or edge servers. A network adapter card or a network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in each computing/processing device .
用于执行本发明操作的计算机程序指令可以是汇编指令、指令集架构 (ISA)指令、机器指令、机器相关指令、微代码、固件指令、状态设置数据、或者以一种或多种编程语言的任意组合编写的源代码或目标代码,所述编程语言包括面向对象的编程语言—诸如Java、Smalltalk、C++等,以及常规的过程式编程语言—诸如“C”语言或类似的编程语言。计算机可读程序指令可以完全地在用户计算机上执行、部分地在用户计算机上执行、作为一个独立的软件包执行、部分在用户计算机上部分在远程计算机上执行、或者完全在远程计算机或服务器上执行。在涉及远程计算机的情形中,远程计算机可以通过任意种类的网络—包括局域网(LAN)或广域网(WAN)—连接到用户计算机,或者,可以连接到外部计算机(例如利用因特网服务提供商来通过因特网连接)。在一些实施例中,通过利用计算机可读程序指令的状态信息来个性化定制电子电路,例如可编程逻辑电路、现场可编程门阵列(FPGA)或可编程逻辑阵列(PLA),该电子电路可以执行计算机可读程序指令,从而实现本发明的各个方面。Computer program instructions for carrying out operations of the present invention may be assembly instructions, instruction set architecture (ISA) instructions, machine instructions, machine-related instructions, microcode, firmware instructions, state setting data, or Source or object code written in any combination, including object-oriented programming languages—such as Java, Smalltalk, C++, etc., and conventional procedural programming languages—such as the “C” language or similar programming languages. Computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer, or entirely on the remote computer or server implement. In cases involving a remote computer, the remote computer can be connected to the user computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computer (such as via the Internet using an Internet service provider). connect). In some embodiments, an electronic circuit, such as a programmable logic circuit, field programmable gate array (FPGA), or programmable logic array (PLA), can be customized by utilizing state information of computer-readable program instructions, which can Various aspects of the invention are implemented by executing computer readable program instructions.
这里参照根据本发明实施例的方法、装置(系统)和计算机程序产品的流程图和/或框图描述了本发明的各个方面。应当理解,流程图和/或框图的每个方框以及流程图和/或框图中各方框的组合,都可以由计算机可读程序指令实现。Aspects of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It should be understood that each block of the flowcharts and/or block diagrams, and combinations of blocks in the flowcharts and/or block diagrams, can be implemented by computer-readable program instructions.
这些计算机可读程序指令可以提供给通用计算机、专用计算机或其它可编程数据处理装置的处理器,从而生产出一种机器,使得这些指令在通过计算机或其它可编程数据处理装置的处理器执行时,产生了实现流程图和/或框图中的一个或多个方框中规定的功能/动作的装置。也可以把这些计算机可读程序指令存储在计算机可读存储介质中,这些指令使得计算机、可编程数据处理装置和/ 或其他设备以特定方式工作,从而,存储有指令的计算机可读介质则包括一个制造品,其包括实现流程图和/或框图中的一个或多个方框中规定的功能/动作的各个方面的指令。These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine such that when executed by the processor of the computer or other programmable data processing apparatus , producing an apparatus for realizing the functions/actions specified in one or more blocks in the flowchart and/or block diagram. These computer-readable program instructions can also be stored in a computer-readable storage medium, and these instructions cause computers, programmable data processing devices and/or other devices to work in a specific way, so that the computer-readable medium storing instructions includes An article of manufacture comprising instructions for implementing various aspects of the functions/acts specified in one or more blocks in flowcharts and/or block diagrams.
也可以把计算机可读程序指令加载到计算机、其它可编程数据处理装置、或其它设备上,使得在计算机、其它可编程数据处理装置或其它设备上执行一系列操作步骤,以产生计算机实现的过程,从而使得在计算机、其它可编程数据处理装置、或其它设备上执行的指令实现流程图和/或框图中的一个或多个方框中规定的功能/动作。It is also possible to load computer-readable program instructions into a computer, other programmable data processing device, or other equipment, so that a series of operational steps are performed on the computer, other programmable data processing device, or other equipment to produce a computer-implemented process , so that instructions executed on computers, other programmable data processing devices, or other devices implement the functions/actions specified in one or more blocks in the flowcharts and/or block diagrams.
附图中的流程图和框图显示了根据本发明的多个实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段或指令的一部分,所述模块、程序段或指令的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个连续的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以用执行规定的功能或动作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in a flowchart or block diagram may represent a module, a portion of a program segment, or an instruction that includes one or more Executable instructions. In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks in succession may, in fact, be executed substantially concurrently, or they may sometimes be executed in the reverse order, depending upon the functionality involved. It should also be noted that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by a dedicated hardware-based system that performs the specified function or action , or may be implemented by a combination of dedicated hardware and computer instructions.
以上已经描述了本发明的各实施例,上述说明是示例性的,并非穷尽性的,并且也不限于所披露的各实施例。在不偏离所说明的各实施例的范围和精神的情况下,对于本技术领域的普通技术人员来说许多修改和变更都是显而易见的。本文中所用术语的选择,旨在最好地解释各实施例的原理、实际应用或对市场中的技术的技术改进,或者使本技术领域的其它普通技术人员能理解本文披露的各实施例。Having described various embodiments of the present invention, the foregoing description is exemplary, not exhaustive, and is not limited to the disclosed embodiments. Many modifications and alterations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen to best explain the principles of the various embodiments, practical applications or technical improvements over technologies in the market, or to enable other persons of ordinary skill in the art to understand the various embodiments disclosed herein.
Claims (18)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410174615.6A CN105099916B (en) | 2014-04-28 | 2014-04-28 | Open flows route exchange device and its processing method to data message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410174615.6A CN105099916B (en) | 2014-04-28 | 2014-04-28 | Open flows route exchange device and its processing method to data message |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105099916A CN105099916A (en) | 2015-11-25 |
| CN105099916B true CN105099916B (en) | 2018-08-03 |
Family
ID=54579505
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410174615.6A Active CN105099916B (en) | 2014-04-28 | 2014-04-28 | Open flows route exchange device and its processing method to data message |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105099916B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105515850B (en) * | 2015-12-02 | 2018-08-14 | 浙江工商大学 | The control management method to ForCES forwarding elements is realized using OpenFlow controllers and collocation point |
| CN110703817B (en) | 2016-03-29 | 2022-04-05 | 华为技术有限公司 | A control method, device and system for statistical flow |
| CN107528794B (en) | 2016-06-19 | 2021-01-15 | 华为技术有限公司 | Data processing method and device |
| CN107818151B (en) * | 2017-10-24 | 2020-12-11 | 湖南恒茂高科股份有限公司 | Data searching method and device, computer equipment and storage medium |
| CN114221849B (en) * | 2020-09-18 | 2024-03-19 | 芯启源(南京)半导体科技有限公司 | Method for realizing intelligent network card by combining FPGA with TCAM |
| CN114374648B (en) * | 2020-10-14 | 2024-03-19 | 芯启源(南京)半导体科技有限公司 | Method for realizing intelligent network card by combining NP chip with TCAM |
| CN112769703A (en) * | 2021-02-09 | 2021-05-07 | 芯河半导体科技(无锡)有限公司 | Efficient TCAM implementation method based on SRAM |
| US11784935B2 (en) * | 2021-09-14 | 2023-10-10 | Avago Technologies International Sales Pte. Limited | Centralized aggregated elephant flow detection and management |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102957603A (en) * | 2012-11-09 | 2013-03-06 | 盛科网络(苏州)有限公司 | Multilevel flow table-based Openflow message forwarding method and system |
| CN103166866A (en) * | 2011-12-12 | 2013-06-19 | 华为技术有限公司 | Method for generating entry, method for receiving message, and corresponding device and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9124515B2 (en) * | 2010-11-22 | 2015-09-01 | Hewlett-Packard Development Company, L.P. | Elephant flow detection in a computing device |
| CN102984064A (en) * | 2012-12-28 | 2013-03-20 | 盛科网络(苏州)有限公司 | Method and system for distinguishing and transmitting elephant flow |
-
2014
- 2014-04-28 CN CN201410174615.6A patent/CN105099916B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103166866A (en) * | 2011-12-12 | 2013-06-19 | 华为技术有限公司 | Method for generating entry, method for receiving message, and corresponding device and system |
| CN102957603A (en) * | 2012-11-09 | 2013-03-06 | 盛科网络(苏州)有限公司 | Multilevel flow table-based Openflow message forwarding method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105099916A (en) | 2015-11-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105099916B (en) | Open flows route exchange device and its processing method to data message | |
| US11481242B2 (en) | System and method of flow source discovery | |
| US11128550B2 (en) | Logical network traffic analysis | |
| US10574556B2 (en) | System for aggregating statistics associated with interfaces | |
| CN103379039B (en) | A kind of for flowing the method for statistics, Apparatus and system | |
| US9515900B2 (en) | Measuring latency within a networking device | |
| CN102769565B (en) | Based on the method and apparatus selected for network path of stream duration | |
| US20140230062A1 (en) | Detecting network intrusion and anomaly incidents | |
| CN104954271B (en) | Data package processing method and device in SDN network | |
| US9590922B2 (en) | Programmable and high performance switch for data center networks | |
| US20180278498A1 (en) | Process representation for process-level network segmentation | |
| US11943128B1 (en) | Path telemetry data collection | |
| CN105740133B (en) | A kind of Distributed Application method for monitoring performance based on service call topology | |
| US10187286B2 (en) | Method and system for tracking network device information in a network switch | |
| US20210336960A1 (en) | A System and a Method for Monitoring Traffic Flows in a Communications Network | |
| TW201707417A (en) | Anomaly prediction method and system for heterogeneous network architecture | |
| JP2015173406A (en) | Analysis system, analysis device, and analysis program | |
| Gómez et al. | Traffic classification in IP networks through Machine Learning techniques in final systems | |
| WO2022152230A1 (en) | Information flow identification method, network chip, and network device | |
| US12166660B2 (en) | Detecting in-transit inband telemetry packet drops | |
| US10505834B2 (en) | Session aware adaptive packet filtering | |
| CN114095383B (en) | Network flow sampling method and system and electronic equipment | |
| WO2017058137A1 (en) | Latency tracking metadata for a network switch data packet | |
| CN114826775A (en) | Method, device, system, equipment and medium for generating filtering rule of data packet | |
| US20150180775A1 (en) | Communication System, Control Apparatus, Communication Method, and Program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200826 Address after: 23 / F, Lincoln building, 979 King's road, Quarry Bay, Hong Kong, China Patentee after: Lenovo Global Technology International Co.,Ltd. Address before: Armank, New York Patentee before: International Business Machines Corp. |
|
| TR01 | Transfer of patent right |