TW201820835A - Network system control method and network system - Google Patents

Abstract

A network system control method includes intercepting a flow modification message from an internet protocol path between a switch and a controller so as to obtain a new flow entry, accessing a flow table of the switch to obtain a plurality of flow entries, inserting at least one redundant flow entry according to the new flow entry and the plurality of flow entries, performing an aggregation operation to the new flow entry, the plurality of flow entries and the at least one redundant flow entry so as to generate a set of aggregated flow entries, and updating the flow table using the set of aggregated flow entries.

Description

Network system control method and network system

The present invention relates to a network system control method, and more particularly to a network system control method that can use a redundant process entry to perform an aggregation operation to generate a set of aggregated process entries, and to update the flow table.

Soft-defined networking (SDN) separates the control plane of the router from the data plane, which helps simplify the management of response rules and behavior patterns for network events and makes hardware and protocol updates even more Easy to achieve. Therefore, software-defined networks are often considered to be the next generation of better network architecture solutions.

At present, the software-defined network can adopt, for example, an interface technology such as OpenFlow. Currently, the technology can set a flow table in a switch, and the flow table can include multiple flow entries for using the converter. The received packets are compared to determine the transmission of the packets.

The controller can send a new process entry to write the process table. However, when the process table is full, it may not be able to write normally. This is the flow table overflow problem. For example, when using ternary content addressable memory (TCAM), the capacity of the flow table is limited by the size of the memory, resulting in new process entries not being updated in the process table. Therefore, there is a need in the art for solutions to improve the lack of process overflow.

An embodiment of the present invention provides a network system control method, including a network protocol path between a switch and a controller, intercepting a process modification message sent by the controller, thereby obtaining a new process entry; Taking a flow table in the switch to obtain a plurality of process entries; and inserting at least one redundant process entry according to the new process entry and the plurality of process entries; the new process entry, the plurality of process entries, and The at least one redundant process entry performs an aggregation operation to generate a set of aggregated process entries; and updates the process table using the set of aggregated process entries.

An embodiment of the invention provides a network system including a controller and a switch. The controller is used to send a process modification message and a packet. The switch includes a secure channel module and a routing unit. The secure channel module is coupled to the controller via a network protocol path for receiving the process modification message. The routing unit is configured to store a flow table having a plurality of process entries, the plurality of process entries being used to compare the packets, thereby confirming a destination address and a corresponding operation of the packet. The switch is configured to obtain a new process entry according to the process modification message, and according to the new process entry and the plurality of process entries, at least one redundant process entry, the new process entry, the plurality of process entries, and The at least one redundant process entry performs an aggregation operation to generate a set of aggregated process entries; and the process list is updated using the set of aggregated process entries. The invention is related to a high-efficiency network system control method, which can effectively solve the defects of the flow table overflow in the current Internet of Things architecture.

1 is a schematic diagram of a network system 100 of a software-defined network in an embodiment of the present invention. Network system 100 can include controller 110 and switch 120. The switch 120 can include a security channel module 120a and a routing unit 120b. The secure channel module 120a can be coupled to the controller 110 via a network protocol path Pt. The controller 110 can be further switched to the endpoints 1301 to 130x, wherein the endpoints can be, for example, a transceiver such as a personal computer. The network protocol path Pt may be, for example, a path conforming to Transport Layer Security (TLS), or Secure Sockets Layer (SSL), and may conform to an OpenFlow protocol. The controller 100 can be used to send a process modification message fm (such as the flow_mod request message taught by the OpenFlow file) and a packet Pk to the switch 120. The routing unit 120b may include a flow table Tf, the flow table Tf may include a plurality of flow entries, and the flow table Tf may be used to compare the packets Pk, thereby confirming the destination address of the packet Pk and corresponding operations, for example, should be transmitted to the end A certain correct endpoint of points 1301 to 130x, therefore, the process entry in the flow table Tf can also be used as a flow rule. The network system 100 can be a system architecture for hardware devices and control software integration.

FIG. 2 is a block diagram showing a network control method according to an embodiment of the present invention. The method provided by the embodiment of the present invention may be referred to as an in-switch dynamic flow aggregation method (IDFA). Figure 3 is a flow diagram of a network control method 200 in accordance with an embodiment of the present invention. Fig. 3 can be used with reference to Fig. 1 and Fig. 2. The network control method 200 can include:

Step 210: Intercept the flow modification message fm sent by the controller 110 to the network protocol path Pt between the switch 120 and the controller 110, thereby obtaining a new process entry nFE;

Step 220: Accessing the flow table Tf in the switch 120, thereby obtaining a plurality of flow entries FE1-FEm;

Step 230: According to the new process entry nFE and the plurality of process entries FE1 to FEm, at least one redundant flow entry RFE is placed;

Step 240: Perform an aggregation operation on the new process entry nFE, the process entries FE1 to FEm, and the at least one redundant process entry RFE, thereby generating a set of aggregated flow entries AFE;

Step 250: Update the flow table Tf using the group of post-aggregation process entries AFE.

Steps 220 to 230 may sort the new process entry nFE and the plurality of process entries FE1 to Fem, and then fill in the redundant process entry, which is described below.

Figure 4 is a diagram showing an example of filling in a redundant process entry to perform an aggregation operation in an embodiment of the present invention. For example, in the case of OpenFlow technology, each process entry can record a match field, a priority, a counter, an instruction, a timeout, a temporary cookie, and a flag. Flag, etc., where the match field records the Ethernet Type, the protocol, the source protocol (IP) address, and the destination IP. The address (hereinafter referred to as the destination address), and the action field (action), etc., therefore, the flow entry contains a large number of bits. For a simple flow, it is permissible to check only the destination address in accordance with an embodiment of the present invention. The address described herein can be represented by a dot-decimal notation. For example, the IP address 140.113.6.2 can be represented as an address consisting of four binary octet fields. Such as 10001100.01110001.00000110.00000010. According to the method provided by the embodiment of the present invention, when the first three fields of the address are the same, the aggregation operation can be performed using the last field of the address. In the example of FIG. 3, in the table 310, there are three known process entries, where the remaining fields are omitted, and the known process entries are represented as 10110101→2, 10110010→2, and 10110000→2. . The first octet can be the last field of the destination address, and the number behind the arrow can be the action field of the process entry, corresponding to the connection nickname of the switch 120, for example, "→2", which indicates that The packet is transmitted to the destination address through the second port. When the destination addresses are the same, it can be confirmed that the connection nicknames of the transmissions are the same. Therefore, in the embodiment of the present invention, the aggregation operation is performed using the destination address to ensure that the action fields match. This technique can be applied to IPv4 networks and to the application of routing algorithms that take the shortest path. Therefore, according to the embodiment of the present invention, the foregoing step 230 may be based on a destination address of the new process entry nFE (for example, a destination address recorded by the dst_ip constant mentioned in the OpenFlow file) and a plurality of known flow entries FE1-Fem. A plurality of destination addresses are used to place at least one redundant process entry RFE.

Referring to the table 320, it can be seen that the three process entries of the table 310 (ie, 10110101→2, 10110010→2, and 10110000→2) have been sequenced by the first, third, and sixth items from the top. If the two figures are the same, it can be seen that the figures of the first five digits are the same (ie 11010). The latter three digits can have a total of eight combinations of 000 to 111. Since three combinations have been found in Form 310, they can be filled in Form 320. Into the remaining five combinations. Therefore, five values such as 10110001, 10110011, 10110100, 10110110, and 10110111 can be filled in the second, fourth, fifth, seventh, and eighth items of the table 320 to complement the eight combinations. The action field corresponding to the five-valued value that is filled in should be unknown when initially filled in. After validation, it can correspond to the process entry known in table 310, which is also →2. The verification mode may, for example, transmit a packet input message (such as a packet_in message in OpenFlow technology) to the controller 110 to confirm the correctness of the action field of the at least one redundant process entry RFE placed. The five values and the action fields filled in the table 320 can be regarded as five filled process entries, which can also be the redundant process entry RFE mentioned in the above step 230. Table 330 is the result of the aggregation operation of the eight process entries of table 320. The aggregation operation described herein can be regarded as a simplification operation. Since the first five digits of the values in the eight process entries of the table 320 are the same, after aggregation, it can be expressed as 10110** in the table 330, and The corresponding action field is also indicated as 10110***→2. The process entry 10110***→2 in the table 330 is the post-aggregation process entry. It can be seen that the three process entries originally shown in the table 310 can be represented by a process entry after aggregation, so the number of process entries can be reduced. The fourth drawing is only an example for the purpose of illustration and not limitation of the scope of the invention.

FIG. 5 is a flowchart of a network control method 200a according to an embodiment of the present invention. The network control method 200a can be based on the principles of the network control method 200 of FIG. As described above, in the embodiment of the present invention, the placement of the redundancy process entry may be performed according to the destination address of the process entry for subsequent execution of the aggregation operation. Step 230 may include steps 2310 and 2320. The network control method 200a can include:

Step 210: Intercept the flow modification message fm sent by the controller 110 to the network protocol path Pt between the switch 120 and the controller 110, thereby obtaining a new process entry nFE;

Step 220: Accessing the flow table Tf in the switch 120, thereby obtaining a plurality of flow entries FE1-FEm;

Step 2310: The destination address of the new process entry nFE and the plurality of destination addresses of the plurality of known process entries FE1 to FEm are expanded and sequentially arranged;

Step 2320: View the destination address of the new process entry nFE and the arrangement of the plurality of destination addresses of the known process entries FE1-FEm, and fill in at least one redundant process entry REF at the discontinuity, so that the new process entry nFE The destination address, the destination address of the known process entry FE1-FEm, and the at least one destination address of the at least one redundant process entry RFE may be consecutive;

Step 240: Perform an aggregation operation on the new process entry nFE, the process entries FE1 to FEm, and the at least one redundant process entry RFE, thereby generating a set of aggregated flow entries AFE;

Step 250: Update the flow table Tf using the group of post-aggregation process entries AFE.

Steps 2310 and 2320 may be an embodiment of filling in a redundant process entry in the embodiment of the present invention. In addition, step 240 of FIG. 3 may be implemented by retaining a destination address of a new process entry nFE, a plurality of destination addresses of the previously known process entries FE1-FEm in the flow table Tf, and at least one redundancy added. The same part of the at least one destination address of the process entry RFE is set, and the different parts are represented as wildcard signs, such as asterisks, to generate the set of post-aggregation process entries AFE. For example, in the table 330 of FIG. 4, the generated post-aggregation process entries (eg, 10110***→2) are represented using wildcard symbols. According to the embodiment of the present invention, the post-aggregation process entry generated by the aggregation operation may be represented by a Classless Inter-Domain Routing (hereinafter referred to as CIDR) format. For example, if the generated destination address of the aggregated process entry is 140.113.1.000110** (or 10001100.1110001.00000001.000110** in IPv4 notation), the last byte 000110** can be expressed as 24/30. Among them, 24 before the slash can be the fourth bit, the fifth bit is 1, and the slash is 30, which can be used to calculate 32-30=2, so the last two digits are two wildcard symbols (ie **) It can cover four combinations of 00, 01, 10, and 11 in essence.

Figure 6 is a flow chart of the network control method 200b of the embodiment of the present invention. The network control method 200b can be based on the principles of the network control method 200. However, between steps 230 and 240, step 2610 can be selectively performed. The network control method 200b can include:

Step 210: Intercept the flow modification message fm sent by the controller 110 to the network protocol path Pt between the switch 120 and the controller 110, thereby obtaining a new process entry nFE;

Step 220: Accessing the flow table Tf in the switch 120, thereby obtaining a plurality of flow entries FE1-FEm;

Step 230: According to the new process entry nFE and the plurality of process entries FE1 to FEm, at least one redundant flow entry RFE is placed;

Step 2610: View the ratio of the number of new process entries nFE and the known plurality of process entries FE1-FEm, relative to the sum of the number of new process entries nFE and process entries FE1-FEm and the number of at least one redundant process entry RFE Whether the threshold value is reached; if yes, proceed to step 240, if no, proceed to step 210;

Step 240: Perform an aggregation operation on the new process entry nFE, the process entries FE1 to FEm, and the at least one redundant process entry RFE, thereby generating a set of aggregated flow entries AFE;

Step 250: Update the flow table Tf using the group of post-aggregation process entries AFE.

The principle is illustrated by taking Figure 4 as an example. The table 310 can be, for example, a new process entry nFE and a plurality of known process entries FE1-FEm taken from the process table Tf, in this case the number is three entries. After reviewing, it can be seen that five redundant process entries should be placed, thus adding up to eight process entries (the principle is not further described). According to an embodiment of the present invention, as in the example of FIG. 4, the number of current and subsequent process entries placed in the redundant process bar can be used to obtain a ratio of 3/8, that is, 37.5%. Assuming that the threshold value is set to 40%, this ratio (37.5%) does not reach the threshold value and may not trigger the aggregation operation. Assuming the threshold is set to 35%, this ratio (37.5%) has reached the threshold and triggers the aggregation operation. Threshold values can be set according to statistics or developers. If the threshold is too high, it is too difficult to trigger the aggregation operation, which will result in poor performance of the process entry, and even cause the process entry in the flow table Tf to expire (expired) still cannot trigger the aggregation operation. If the threshold is too low, the aggregation operation may be excessively triggered, resulting in the hardware of the controller 110 being overburdened. Therefore, a reasonable threshold can be set to properly trigger the aggregation operation.

According to an embodiment of the invention, the aforementioned threshold value may be dynamically adjusted as a result of, for example, but not limited to, an aggregation operation. The following mathematical formula eq-1 can be used to calculate the threshold:

Th _n+1 = f (Th _n , C _n , C _n-1 ) ...... (eq-1)

Where f() can represent a function, Th _n can represent the threshold value of the current judgment whether to trigger the aggregation operation, and Th _n+1 can be the threshold of the lower round, that is, the next threshold value for determining whether to trigger the aggregation operation. The compression ratio C _n can be the ratio of the number of process entries AFE after aggregation and the number of process entries FE1-FEm. The previous compression ratio C _n-1 can be the number of process entries FE1-FEm after a previous aggregation operation. And the ratio of the number of process entries before the previous aggregation operation. For example, if in the (n-1)th aggregation operation, the number of process entries is aggregated from K1 to K2, the compression ratio _Cn-1 may be K2/K1. Further, when the polymerization in the n-th operation for deciding whether to trigger the polymerization may be operated threshold Th _n, if the polymerization operation is triggered, and the number of entries in the flow section K2, K3 are polymerized reduced section, the compression ratio C _n can be K3/K2. Before the (n+1)th aggregation operation, the threshold value for determining whether to trigger the aggregation operation may be the threshold value Th _n+1 . According to an embodiment of the invention, the function of the mathematical formula eq-1 may be, for example but not limited to, the mathematical formula eq-2:

Th _n+1 = f (Th _n , C _n , C _n-1 ) = Th _n +α(C _n -C _n-1 ) ...... (eq-2)

The constant α can be adjusted according to requirements, for example, 1.5 or 2. If the mathematical formula eq-2 is used, the threshold value of each time can be gradually increased, so when the process entry (or process rule) in the flow table Tf approaches convergence due to multiple aggregation operations, the aggregation is triggered. The number of operations can be reduced. The mathematical formula eq-2 is only an example, and the remaining dynamic adjustment threshold values are still within the scope of the embodiments of the present invention.

FIG. 7 is a flowchart of the network control method 200c according to an embodiment of the present invention. Network control method 200c may be based on the principles of network control method 200, and step 240 may include steps 2410 through 2430. FIG. 8 is a schematic diagram showing an example of generating an aggregated process entry AFE by using an initial process entry OFE in the embodiment of the present invention. Referring to FIG. 8, the network control method 200c of FIG. 7 may include:

Step 210: Intercept the flow modification message fm sent by the controller 110 to the network protocol path Pt between the switch 120 and the controller 110, thereby obtaining a new process entry nFE;

Step 220: Accessing the flow table Tf in the switch 120, thereby obtaining a plurality of flow entries FE1-FEm;

Step 230: According to the new process entry nFE and the plurality of process entries FE1 to FEm, at least one redundant flow entry RFE is placed;

Step 2410: Define a new process entry nFE, a plurality of process entries FE1-FEm, and at least one redundancy process entry RFE as a set of initial process entries OFE, and group the initial process entry OFE according to the action field to generate a complex number Group process entries, classified as group G1-Gj;

Step 2420: Each group of process entries in the groups G1-Gj may perform an aggregation operation, respectively, thereby generating a plurality of intermediate process entries FEp1-FEpj;

Step 2430: Generate the group of post-aggregation process entries AFE according to the intermediate process entry FEp1-FEpj; and

Step 250: Update the flow table Tf using the group of post-aggregation process entries AFE.

For convenience of explanation, in the example of Fig. 8, the variable j described in Fig. 7 is exemplified by 4. FIG. 8 is merely an illustrative example and is not intended to limit the scope of the embodiments of the present invention. The process entries FE01 to FE16 shown in FIG. 8 may be a plurality of process entries obtained by collecting new process entries and process entries in the process table. In this example, process entries FE01 through FE16 may be defined as a set of initial process entries OFE. In other words, the set of initial process entries OFE is a set of process entries that have not yet performed an aggregate operation but are available to perform an aggregate operation. The flow entries FE01 to FE16 shown in Fig. 8 do not depict the complete format of the process entry, only the destination address associated with the aggregation operation, and the action field are drawn for illustration. In the example of Figure 8, it can be seen that the action fields of process entries FE01, FE02 and FE04 are all "→2", and the action fields of process entries FE03 and FE05-FE08 are all "→1", process entries FE09 and FE13. The action fields are all "→3", and the action fields of the process entries FE10-FE12 and FE14-FE16 are all "→4", so the process entries FE01-FE16 can be divided into groups G1 according to the action fields. There are four groups of G2, G3 and G4. Taking group G1 as an example, group G1 includes process entries FE01, FE02, and FE04. The first three fields (10, 0, 0) of the destination address of the three process entries are the same, and the fourth field uses eight bits. In the representation, only the last two digits are different, so the group G1 can perform the aggregation operation, and the intermediate process entry FEp1 is generated, and the FEp1 system is 10.0.0.0001000**→2. If expressed in the aforementioned CIDR format, FEp1 can be expressed as 10.0.0.16/30→2. Similarly, groups G2, G3, and G4 can perform operation operations to generate intermediate process entries FEp1 (10.0.0.16/29→1 in this example) and FEp2 (10.0.0.24/29→3 in this example). ), FEp3 (10.0.0.24/29→4 in this example).

In step 2430, the group of aggregated process entries AFE generated according to the intermediate process entry FEp1-FEpj can be generated according to the following manner. According to the embodiment of the present invention, whether the destination address of the intermediate process entry FEp1-FEpj is duplicated can be checked. If the destination address of the two process entries of the intermediate process entry FEp1-FEpj is repeated, the two process entries can be associated with the initial group. If the process entry OFE has a larger number of process entries, the process entry AFE is selected. For example, the intermediate process entries FEp1 and FEp2 of FIG. 8 correspond to the destination address 10.0.0.16, but the intermediate process entry FEp1 is associated with three process entries of the process entries FE01, FE02, and FE04 of the initial process entry OFE. The intermediate process entry FEp2 is associated with four process entries FE03, FE05, FE06, and FE07 of the initial process entry OFE. Therefore, the intermediate process entry FEp2 is associated with a large number of process entries of the initial process entry OFE, and the intermediate process entry FEp2 can be added. The process entry AFE is selected after the aggregation. Similarly, the destination addresses corresponding to the intermediate process entries FEp3 and FEp4 are the same, and the intermediate process entry FEp4 can be selected into the aggregated process entry AFE. As shown in FIG. 8, a stack 810 can be set in the switch 120 to place selected process entries (such as midway flow entries FEp2, FEp4) into the stack 810. According to an embodiment of the present invention, the stack 810 is placed, that is, it is selected into the post-aggregation process entry AFE.

According to an embodiment of the present invention, the step 2430 may further include: selecting, in the intermediate process entries FEp1 to FEpj, the lowest degree of the destination address of the process entry associated with the initial flow entry OFE of the group, and selecting the group after the aggregation. Process entry AFE. For example, if the first halfway process entry corresponds to the process entry in the initial process entry, the destination address is 10.0.0.00010000, 10.0.0.00010001, however, the second intermediate process entry corresponds to the initial process entry, the destination bit The process entry with the address of 10.0.0.00010000 and 10.0.0.00010010, because the destination address of the process entry corresponding to the second intermediate process entry is less continuous, the second intermediate process entry can be selected into the aggregated process entry AFE, for example Place stack 810 of Figure 8. Since the corresponding process entry has a destination address that is less continuous, the degree of dispersion is higher, and subsequent degrade operations are more likely to perform aggregation operations with other process entries. The reduction operation will be described below.

According to an embodiment of the present invention, in step 2430, the plurality of intermediate process entries FEp1 to FEpj may be included, and when the destination address is expressed in the CIDR format, the number behind the slash is larger, and the group is aggregated. Process entry AFE. The larger the number behind the diagonal line of the CIDR format, the smaller the number of bits that are masked by the wildcard symbol, and the less likely to perform the step-down operation, so it is closer to the process items that cannot be aggregated or simplified, so it can be given earlier. Select the stack to select the process entry AFE after the group is selected. The implementation of step 2430 mentioned above may be employed without exclusion. For example, according to an embodiment of the present invention, the priority order of the foregoing embodiments may be, but is not limited to, described in Table 1, wherein: (Table 1)

According to an embodiment of the present invention, regarding step 2430, the plurality of intermediate process entries FEp1 to FEpj may be included to perform a reduced-order operation, thereby generating a set of reduced-order process entries, and the group-reduced process entries are selected into the Process group entry AFE after group aggregation. The reduced-order operation described here may be such that when the destination address of the process entry is expressed in the CIDR format, the number behind the slash is increased, and the bit represented by the wildcard symbol (such as an asterisk) is also to be used. The number is reduced. According to the embodiment of the present invention, if multiple process entries may be covered by an aggregated process entry due to an aggregation operation, the aggregated process entry may be used as a process rule, and the reduced-order operation may be repeated until the process entry cannot be performed again. After performing the aggregation operation and no further reduction, it is placed in the stack (such as 810), and is selected into the group after the process entry AFE.

FIG. 9 is a schematic diagram showing an example of generating a post-aggregation process entry AFE by using an initial process entry OFE in the embodiment of the present invention. Figure 9 can be divided into stages PH1 to PH4 according to the time axis. The flow entries FE01-FE16 in the initial flow entry OFE shown in Fig. 9 are the same as the example in Fig. 8, so in the phase PH1, the generation of the intermediate process entries FEp1 to FEp4, and the intermediate process entries FEp2, FEp4 The stack 810 is selected and selected into the post-aggregation process entry AFE, the principle of which is not described again. In the phase PH2 of FIG. 9, the intermediate process entry FEp1, which is not selected into the stack 810, can perform the aforementioned reduced-order operation, that is, its destination address is 10.0.0.16/30→2 (ie, 10.0.0.000100**→ 2) After the slash, the number is increased, and is rewritten as 10.0.0.16/31→2 (ie, 10.0.0.0001000*→2) and 10.0.0.18/31→2 (ie, 10.0.0.0001001*→2). Corresponding to the reduced-order process entries FEd1 and FEd2, respectively. Similarly, the intermediate process entry FEp3 (having the destination address 10.0.0.24/29→3) that is not selected into the stack 810 can perform the aforementioned reduced-order operation and is rewritten to the equivalent 10.0.0.24/30→3 and 10.0.0.28/30→3, which may correspond to the reduced order flow entries FEd3 and FEd4, respectively. With the above principle, the reduced-order process entry FEd1 can be associated with the process entries FE01 and FE02 of the initial process entry OFE, but the reduced-order process entry FEd2 can only be associated with the process entry FE04, so the reduced-order process entry FEd1 can be selected into the stack 810. Similarly, in stage PH3, the process entries FEd2, FEd3, and FEd4 can be reduced by the reduced order to generate the reduced-order process entries FEd21, FEd31, and FEd41, respectively. Since the process entry FEd2 is reduced after the reduced order, the process entry FEd21 is restored to its original process entry (ie, FE04). The destination address is represented in the CIDR format, and the slash is 0. After the step is reduced, the post-gradation process entry FEd21 can be placed in the stack 810 to select the post-aggregation process entry AFE. Similarly, in the phase PH3, PH4, the process entries FEd3 and FEd4 can be stepped down to generate the reduced-order process entries FEd311 and FEd411, wherein the FEd311 can correspond to the process entry FE09 of the initial process entry OFE, and the FEd311 can be Corresponds to the flow entry FE13. At stage PH4, the reduced process entries FEd311 and FEd411 can be placed in the stack 810, respectively. As can be seen from FIG. 9, at stage PH4, the stack 810 can include process entries FEp2, FEp4, FEd1, FEd411, and FEd311 from bottom to top. These process entries can be used to update the flow table Tf shown in FIG. Process rules. According to the stack-architecture (last-in-first-out; LILO) principle, in the stack 810, the closer to the top of the process entry, the priority is taken to check whether the process entries sent by the controller 110 match. According to an embodiment of the present invention, when a process entry is placed into the stack 810, it may be checked whether the placed process entry is duplicated with the process entry in the stack 810, and if so, may not be placed. It can be seen from FIG. 9 that the 16 process entries FE01 to FE16 in the initial process entry OFE can be reduced to 6 process entries via the aggregation operation and the reduced operation, so that the number of process entries can be effectively reduced.

In summary, by using the network system control method (IDFA method) and the network system provided by the embodiments of the present invention, the number of process entries (or process rules) in the process table can be effectively reduced, thereby improving the overflow of the process table. Missing. In addition, the operation speed and performance of the control method of the embodiment of the present invention are good. For example, in the test case of the laboratory, the compression ratio of the process item reaches convergence is up to 1.29%, and the operation time can be shortened much more than the earlier technology. For example, the method provided by the embodiment of the present invention may have an operation time of about 20% of the Flow Table Reduction Scheme (FTRs). In addition, the IDFA method of the embodiment of the present invention can ensure the semantic equivalency of the data, and can have the advantages of IP routing, and can perform process element aggregation on the edge switch. Conducive to the compression rate of the number of process entries, and reduce the hardware computing load. Therefore, the control method and system provided by the embodiments of the present invention are helpful in the field. The above are only the preferred embodiments of the present invention, and all changes and modifications made to the scope of the present invention should be within the scope of the present invention.

100‧‧‧Network System
110‧‧‧ Controller
120‧‧‧Switch
120a‧‧‧Safe Channel Module
120b‧‧‧Route unit
Tf‧‧‧Flowsheet
1301 to 130x‧‧‧ endpoints
FE1 to FEm, FE01 to FE16‧‧‧ process entries
nFE‧‧‧ new process entry
Pk‧‧‧Package
Pt‧‧‧ network agreement path
Fm‧‧‧ process modification message
RFE‧‧‧ redundant process entry
AFE‧‧‧ post-aggregation process entry
200, 200a, 200b, 200c‧‧‧ network control methods
210, 220, 230, 240, 250, 2310, 2320, 2610, 2410, 2420, 2430 ‧ ‧ steps
Forms 310, 320, 330‧‧
Group G1, G2, G3, G4, Gj‧‧
OFE‧‧‧ initial process entry
FEp1, FEp2, FEp3, FEp4‧‧‧ midway process entries
810‧‧‧Stacking
PH1, PH2, PH3, PH4‧‧‧
FEd1-FEd4, FEd21, FEd31, FEd41, FEd311, FEd411‧‧‧

FIG. 1 is a schematic diagram of a network architecture of a software-defined network in an embodiment of the present invention. FIG. 2 is a block diagram showing a network control method according to an embodiment of the present invention. Figure 3 is a flow chart of the network control method of the embodiment of the present invention. Figure 4 is a schematic diagram showing an example of filling in a redundant process entry to perform an aggregation operation in an embodiment of the present invention. Figure 5 is a flow chart of a network control method in accordance with an embodiment of the present invention. Figure 6 is a flow chart of the network control method of the embodiment of the present invention. Figure 7 is a flow chart of the network control method of the embodiment of the present invention. FIG. 8 is a schematic diagram showing an example of generating an aggregated process entry by using an initial process entry in the embodiment of the present invention. FIG. 9 is a schematic diagram showing an example of generating an aggregated process entry by using an initial process entry in an embodiment of the present invention.

Claims (10)

A network system control method includes: a network protocol path between a switch and a controller, intercepting a process modification message sent by the controller, thereby obtaining a new process entry; accessing the switch a process table to obtain a plurality of process entries; according to the new process entry and the plurality of process entries, at least one redundant process entry is placed; the new process entry, the plurality of process entries, and the at least one redundancy The process entry performs an aggregation operation to generate a set of post-aggregation process entries; and updates the process table using the group of post-aggregation process entries. The method of claim 1, further comprising: the switch transmitting a packet input message to the controller to confirm the correctness of the action field of the at least one redundant process entry. The method of claim 1, wherein the at least one redundant process entry is placed according to the new process entry and the plurality of process entries, based on: a destination address of the new process entry and the plurality of process entries The plurality of destination addresses are used to place the at least one redundant process entry. The method of claim 3, wherein: the at least one redundant process entry is placed according to the new process entry and the plurality of process entries, including: a destination address of the new process entry and the plurality of processes a plurality of destination addresses of the entry, which are sequentially arranged after being expanded; and viewing the destination address of the new process entry and the arrangement of the plurality of destination addresses of the plurality of process entries, filling the at least one of the discontinuities Redoing the process entry such that the destination address of the new process entry, the plurality of destination addresses of the plurality of process entries, and the at least one destination address of the at least one redundant process entry are contiguous; The new process entry, the plurality of process entries, and the at least one redundant process entry perform the aggregation operation to generate the set of aggregated process entries, including: retaining the destination address of the new process entry, the plurality of process entries The plurality of destination addresses, and the same portion of the at least one destination address of the at least one redundant process entry, and the different portions are represented Wildcard (wildcard sign), to produce the set of polymerization process after entry. The method of claim 1, further comprising: reviewing the new process entry and the number of the plurality of process entries, relative to the new process entry and the number of the plurality of process entries and the number of the at least one redundant process entry Whether a ratio of the sum reaches a threshold; wherein the aggregation operation is performed on the new process entry, the plurality of process entries, and the at least one redundant process entry, thereby generating the group of aggregated process entries in the ratio Executed when the threshold is reached. The method of claim 5, further comprising generating a round threshold based on a compression ratio, a previous compression ratio, and the threshold, wherein the compression ratio is the number of the group of aggregated process entries and the plurality of processes The ratio of the number of entries, and the previous compression ratio is the ratio of the number of the plurality of process entries and the number of the pre-aggregation process entries before the previous aggregation operation after a previous aggregation operation. The method of claim 1, wherein the aggregating operation is performed on the new process entry, the plurality of process entries, and the at least one redundant process entry, thereby generating the set of post-aggregation process entries, comprising: the new process entry The plurality of process entries and the at least one redundant process entry are defined as a set of initial process entries, and the set of initial process entries are grouped according to action fields to generate a complex array process entry; each group of the complex array process entries Each of the process entries performs an aggregation operation to generate a plurality of intermediate process entries; and generates the set of aggregated process entries based on the plurality of intermediate process entries. The method of claim 7, wherein the generating the group of post-aggregation process entries according to the plurality of intermediate process entries comprises: checking whether a destination address of the plurality of intermediate process entries is repeated; and if the plurality of intermediate process entries are The destination address of the two process entries is duplicated, and the number of process entries associated with the initial process entry of the two process entries is selected, and the process group entry is selected. The method of claim 7, wherein the group of post-aggregation process entries are generated according to the plurality of midway process entries, comprising: slashing the destination address in the non-categorical inter-domain routing format in the plurality of intermediate process entries If the number in the rear is larger, the process entry of the group is selected. A network system includes: a controller for transmitting a process modification message and a packet; and a switch including a secure channel module and a routing unit, the secure channel module passing through a network protocol path Linked to the controller for receiving the process modification message, the routing unit is configured to store a flow table, the flow table has a plurality of process entries, and the plurality of process entries are used to compare the packets to confirm the packet a destination address and a corresponding operation, the switch is configured to obtain a new process entry according to the process modification message, and insert at least one redundant process entry according to the new process entry and the plurality of process entries, The new process entry, the plurality of process entries, and the at least one redundant process entry perform an aggregation operation to generate a set of aggregated process entries; and the process list is updated using the group of aggregated process entries.