CN104010049A - Ethernet IP message packaging method based on SDN and network isolation and DHCP implementing method based on SDN - Google Patents
Ethernet IP message packaging method based on SDN and network isolation and DHCP implementing method based on SDN Download PDFInfo
- Publication number
- CN104010049A CN104010049A CN201410181020.3A CN201410181020A CN104010049A CN 104010049 A CN104010049 A CN 104010049A CN 201410181020 A CN201410181020 A CN 201410181020A CN 104010049 A CN104010049 A CN 104010049A
- Authority
- CN
- China
- Prior art keywords
- message
- address
- dhcp
- server
- dynamic host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an Ethernet IP message packaging method based on the SDN and a network isolation and DHCP implementing method based on the SDN. The technical problems that due to message layer two head packaging introduction, the transfer process is complex and the transmission efficiency is reduced are solved. The methods include the steps that firstly, an equipment physical layer obtains a physical signal from a transmission medium according to a frame gap and a guide frame, converts the physical signal into a bit and transfers the bit to a data link layer; secondly, the data link layer carries out prior processing work besides MAC address recognition and addressing; thirdly, a protocol stack recognition message is analyzed; fourthly, after being transferred out through a router, the message is transferred to the data link layer for carrying out other processing procedures besides Ethernet packaging and MAC addressing, and the message is sent to the physical layer to be processed according to the format of the message header; fifthly, the physical layer converts the bit of the data frame of the message into an optoelectronic signal in a prior mode and forwards the optoelectronic signal out.
Description
Technical field
The present invention relates to a kind of ethernet ip message encapsulating method and Network Isolation and DHCP implementation method based on SDN, belong to Ethernet message encapsulation field.
Background technology
Present Ethernet is comparatively ripe being applied in actual network, reason due to network Development history, present Ethernet message has two addresses, one is MAC Address, another is ip address, and IP address is inoperative in two layers of repeating process, simultaneously in three layers of repeating process, the MAC Address of header is constantly modified, and at two of local area network (LAN) network equipments that need communication, is not without the MAC Address that obtains intermediary network device.And, in the final jump of message, also needed the transformation to message IP and MAC mapping, the route of message or forwarding process are become to complicated.Same two layers of head of message also have the VLAN TAG field of 4 bytes, and this field is substantially also unconcerned in three layers of forwarding.And due to long-range not to the planning of VLAND id field in VLAN TAG, cause isolating and having occurred the inadequate problem of vlan number in present large two layers, and need to again encapsulate message in order to address this problem vxlan and the nvgre method of proposition, also can cause the loss of message transmissions efficiency.Along with the development of network technology, the standard as TCP/IP tetra-layer models of Fig. 1 come true, adds the appearance of SDN technology, and network technology personnel or client can better according to the demand of oneself, be completed the innovation of network and use.
The message format of wired ethernet is down to encapsulate from level to level from upper strata, until the link layer in Fig. 1 finally changes into physics bit, produces this network equipment, and encapsulation process is as Fig. 2.
Four layer model link layers are that some is the effect of being responsible for physics bit to be assembled into Frame, this part is data link layer, it is divided into two-layer MAC layer and LLC layer, the major function of media access control sublayer comprises the encapsulation of Frame/remove stage makeup and costume, the addressing of frame and identification, the reception of frame and transmission, the management of link, the error control of frame etc.; LLC grows up on the basis of High-Level Data Link Control (HDLC:High-Level Data-Link Control), and has used HDLC standard subset to be responsible for providing service to its upper strata.
Summary of the invention
In order to solve the technical problems such as the complicated and efficiency of transmission reduction of the above-mentioned forwarding process inducing one due to the encapsulation of two layers of head of message, the present invention proposes a kind of ethernet ip message encapsulating method and Network Isolation and DHCP implementation method based on SDN.
Ethernet ip message encapsulating method based on SDN and Network Isolation and a DHCP implementation method, comprise that server end packet receiving and server end give out a contract for a project, and wherein server end packet receiving comprises the following steps:
Step 1, physical layer of device obtain physical signalling according to frame gap and guiding frame from transmission medium, and described physical signalling is converted to bit, give data link layer;
Step 2, data link layer are carried out the original work for the treatment of except MAC Address identification and addressing, comprise and processing message being handed to after bit binding and layout to packet receiving function;
Step 3, analysis protocol stack identification message, according to new header format analytic message, obtain the heading information that message is relevant, if message DIP (object IP) is the address of this server, enter follow-up protocol stack, if not passing through routing forwarding handling process;
After step 4, route produce, give data link layer and carry out other handling processes except Ethernet encapsulation and mac addressing, according to header form, pass to physical layer and process;
Step 5, physical layer convert the bit of message data frame to photosignal according to original mode and forward;
Wherein server end is given out a contract for a project and is comprised the following steps:
Step 1, first by the packed rear interpolation TCP/UDP L4 header information of message data section and trailer information, then carry out IP encapsulation;
Step 2, IP encapsulated message is carried out to route querying according to DIP, to choose outbound port;
Step 3, by the message that finds outbound port, give data link layer and carry out other operations except Ethernet encapsulation and mac addressing;
Step 4, physical layer convert the bit of message data frame to photosignal according to original mode and forward.
The DHCP that obtains IP address in said method adopts following method:
Step 1, Controller determine position and the IP information of Dynamic Host Configuration Protocol server in topology, the relevant discover of DHCP or the request message that guarantee Servers-all can only be transmitted to the Dynamic Host Configuration Protocol server in respective range, be that Dynamic Host Configuration Protocol server acquiescence should be to be provided all devices in DHCP service range to access by it, and prevent that other people from pretending to be Dynamic Host Configuration Protocol server;
First step 2, user generate oneself PKI and private key by RSA Algorithm; User's configuring static server ip address enters step 3 below, otherwise enters step 6;
Step 3, user's static configuration server ip address, directly send the request request message of DCHP to Dynamic Host Configuration Protocol server, and the SIP of message is 0.0.0.0, and DIP is 255.255.255.255, IP address and PKI that message content comprises static configuration;
Step 4, Dynamic Host Configuration Protocol server are received after message, record this PKI and check whether the static IP of configuration is used; If this IP address is used, send DHCP deny message, if this IP address is not used by other equipment, send the ACK message of DHCP; The SIP of message is the IP address of Dynamic Host Configuration Protocol server, and object IP is 255.255.255.255;
Step 5, when receiving the DHCP DENY message that sends to oneself, server prompts user's configuration failure, because this IP address is used, attempts new IP address again, continues to go to step three and applies for, until confirmed by Dynamic Host Configuration Protocol server; Receive that DHCP ACK message points out configuration successful, and record the IP address of Dynamic Host Configuration Protocol server; Then enter step 10;
Step 6, when user's dynamic obtaining IP address, send DHCP discover message, the network equipment is transmitted to Dynamic Host Configuration Protocol server; DHCP discover message SIP is 0.0.0.0, and DIP is 255.255.255.255, IP address and PKI that message content comprises static configuration;
Step 7, Dynamic Host Configuration Protocol server receive after DHCP discover message, and selecting does not have occupied IP address, is packaged into DHCP OFFER message to the server that has DHCP demand; The SIP of DHCP OFFER message is the IP address of Dynamic Host Configuration Protocol server, and destination address is 255.255.255.255;
Step 8, server receive that, after the DHCP OFFER message of DHCP server, the address of recording Dynamic Host Configuration Protocol server, then accepts this IP address; And send DHCP request message, and now the SIP of message is the IP that Dynamic Host Configuration Protocol server provides, DIP is the IP address of Dynamic Host Configuration Protocol server;
Step 9, Dynamic Host Configuration Protocol server receive after the DHCP request message of server, record IP and the PKI of this server, and send the ACK message of DHCP; The SIP of message is the IP address of Dynamic Host Configuration Protocol server, and object IP is to provide the IP address to server;
Step 10, Dynamic Host Configuration Protocol server send to controller to carry out record PKI and IP address, so that follow-up other equipment issue suitable access path during to the access of this IP address; Because the equipment of Dynamic Host Configuration Protocol server distributing IP address belongs in some regional extents, even so there is no the three layer interface configuration of IP based on vlan under new message encapsulation format, also can guarantee that same section of IP is in adjacent scope, thus still effective during being aggregated in route and calculating of route.
At message, enter after data link layer, after message does not have VLAN ID in new method for packing, in Openflow switch, without the mechanism of processing less than broadcasting of searching of supporting original two layers of acquiescence, therefore realize in the following way isolation and intercommunication:
Cannot be by access to netwoks between step 1, acquiescence Servers-all, after the good network of network equipments configuration, Dynamic Host Configuration Protocol server configures its network and sends IP request message;
Step 2, send specific message to controller, controller generates full mesh topology figure, records the IP address of every station server and the port of the place network equipment;
Step 3, every station server are reported the safe class to controller oneself, are divided three classes:
A. acquiescence is the equipment that all devices can be accessed, and is applicable to website or resource service as public service;
B. the equipment that acquiescence only has the part network segment to access, the equipment that is applicable to company or IDC Intranet carries out networking;
C. acquiescence adopts the equipment only having by oneself authentication could access oneself, such as being the algorithm of RSA and so on;
Step 4, Controller collect after the access level of equipment, issue corresponding rule to each network routing device, guarantee intercommunication and the isolation of each grade equipment;
Step 5, when c kind equipment has the new equipment that passes through authentication in step 3, issue the intercommunication that new openflow rule guarantees itself and other network equipment;
Beneficial effect of the present invention:
1, after the fields such as MAC and VID are cancelled, the message of same length can increase the content of data segment, has improved so the proportion of the shared message mtu of message data part, thereby improves the utilization ratio of link bandwidth;
2, after vlan field is cancelled, Network Isolation can redesign based on SDN mechanism; Like this, because vlan Id number in large two layers problem not enough and that induce one can fundamentally be solved, because the repeatedly encapsulation of the schemes such as vxlan and nvgre can cause the low of link efficiency;
3,, after MAC field is cancelled, the network equipment no longer needs MAC table record and safeguard, handling process that like this can simplified network equipment, thus the related hardware facility that reduces network device processing MAC reduces costs;
4, the mode that adopts SDN to support, resolves new message format easily, processes original protocol massages do not have functional impact with mutual message for conventional network equipment;
5, adopt openflow switch, can be implemented to very easily the transition of the forwarding scheme of new message; And the action of openflow switch also can be so that adopt equipment and the equipment very easily intercommunication of tradition based on MAC of this scheme;
6, in protocol stack, to ARP and the RARP agreement of the mapping part of IPV4 and MAC, also can optimize, can to message, carry out complete trails according to forwardings of tabling look-up of unified mode based on failing to be sold at auction like this, and without there being again ARP to inquire about and corresponding mechanism;
7, new packaged type can very easily move in conventional network equipment, easily the compatibility of realization and existing network.
Accompanying drawing explanation
Fig. 1 is TCP/IP tetra-layer model schematic diagrames in background technology;
Fig. 2 is Ethernet encapsulation schematic diagram;
Fig. 3 is the Ethernet encapsulation schematic diagram of removing in the present invention after MAC.
Embodiment
In order to simplify routing forwarding flow process, the present invention proposes a kind of ethernet ip message encapsulating method and Network Isolation and DHCP implementation method based on SDN, this scheme is not for the modification for this layer, only limit to the addressing of frame and recognition function to remove, for server, after packet receiving, directly judge whether IP message is the IP message of the machine, if not directly carrying out route, if words enter again protocol stack and process.Switch to packet parsing from IP head, then according to failing to be sold at auction of coupling, forward; If do not match any item of failing to be sold at auction, according to corresponding table miss configuration, process.This scheme has following feature:
1., after the fields such as MAC and VID being cancelled, the message of same length can increase the content of data segment, has improved so the proportion of the shared message mtu of message data part, thereby improves the utilization ratio of link bandwidth;
2., after vlan field being cancelled, Network Isolation can redesign based on SDN mechanism; Like this, because vlanId number in large two layers problem not enough and that induce one can fundamentally be solved, because the repeatedly encapsulation of the schemes such as vxlan and nvgre can cause the low of link efficiency;
3., after MAC field being cancelled, the network equipment no longer needs MAC table record and safeguard, handling process that like this can simplified network equipment, thus the related hardware facility that reduces network device processing MAC reduces costs;
4. the mode that adopts SDN to support, resolves new message format easily, processes original protocol massages do not have functional impact with mutual message for conventional network equipment;
5. adopt openflow switch, can be implemented to very easily the transition of the forwarding scheme of new message; And the action of openflow switch also can be so that adopt equipment and the equipment very easily intercommunication of tradition based on MAC of this scheme;
6. corresponding, in protocol stack, to ARP and the RARP agreement of the mapping part of IPV4 and MAC, also can optimize, can to message, carry out complete trails according to forwardings of tabling look-up of unified mode based on failing to be sold at auction like this, and without there being again ARP to inquire about and corresponding mechanism;
7. new packaged type can very easily move in conventional network equipment, easily the compatibility of realization and existing network.
This scheme comprises in the packet receiving step of server end:
1. physical layer of device utilizes existing method after transmission medium obtains physical signalling, to be converted to bit according to frame gap and guiding frame, gives data link layer;
2. data link layer is carried out all works for the treatment of except MAC Address identification and addressing, comprises and processing message being handed to after bit binding and layout to packet receiving function;
3. the analysis mode of protocol stack identification message, as Fig. 3, if then message DIP is this server, enters follow-up protocol stack, if not walking route forward process flow process;
4., when route produces, give data link layer and carry out other functions except Ethernet encapsulation and mac addressing;
5. then physical layer converts the bit of message data frame to photosignal according to original mode and forwards;
This scheme comprises in the step of giving out a contract for a project of server end:
1. first by L4 header information and trailer information such as the packed rear interpolation TCP/UDP of message data section, then carry out IP encapsulation;
2. message is carried out to route querying according to DIP, to choose outbound port;
3. the message that finds outbound port is given data link layer and is carried out other functions except Ethernet encapsulation and mac addressing;
4. then physical layer converts the bit of message data frame to photosignal according to original mode and forwards;
For the network equipment based on openflow standard, no longer include the concept of two layers of forwarding and three layers of route, but according to using sight to be divided into two classes to network equipment port: the port that needs are resolved and the port of resolving without MAC; The port of resolving without MAC is mainly used in implementing the network range inside of this programme, and the port that need to separate parsing MAC is for implementing the network and the intercommunication of implementing traditional ethernet form encapsulation network of this programme encapsulation; When arriving or produce, the message without resolving MC according to Fig. 3, message is resolved, then field parsing being obtained mate with the list item of openflow the action that decides message to carry out, even while having arrived the direct-connected route of final jump also without have ARP alternately.In the time need to separating the port reception of parsing MAC or E-Packet, need to resolve and encapsulated message according to traditional Ethernet encapsulation format.When message enters from the port of resolving without MAC, the port of resolving from needs produces, and needs so the MAC Address that adds last layer switch itself to message as source address, and the physical address of the equipment of giving a start is as object MAC; And the port of resolving from needs enters, while producing from the port of resolving without MAC, need to delete source MAC and the object MAC of header.And the source port of message and destination interface are while being a type, without the MAC situation to message, do special processing.Realized like this availability of implementing this programme network, and with the interoperability of traditional ethernet form encapsulation network.
New not having under MAC Address message packaged type of proposing, the DHCP need of work that obtains IP address improves, and can in the following way, with the forward-path with follow-up, determine and organically combine:
The information such as the position of 1.Controller definite Dynamic Host Configuration Protocol server in topology and IP, to guarantee that the relevant discover of DHCP or the request message of Servers-all can only be transmitted to the Dynamic Host Configuration Protocol server in respective range, be that Dynamic Host Configuration Protocol server acquiescence should be to be provided all devices in DHCP service range to access by it, and prevent that other people from pretending to be Dynamic Host Configuration Protocol server;
2. the server of acquiescence access does not all have IP, and first user generates oneself PKI and private key by RSA Algorithm; User's configuring static IP address enters step 3 below, otherwise enters step 6;
3. user can static configuration server ip address, directly sends the request request message of DCHP to Dynamic Host Configuration Protocol server, and the SIP of message is 0.0.0.0, and DIP is 255.255.255.255, IP address and PKI that message content comprises static configuration;
4.DHCP server is received after message, records this PKI and checks whether the static IP of configuration is used; If this IP address is used, send DHCP deny message, if this IP address is not used by other equipment, send the ACK message of DHCP; The SIP of message is the IP address of Dynamic Host Configuration Protocol server, and object IP is 255.255.255.255; Because used Revest-Shamir-Adleman Algorithm (RSA) authentication, so the network equipment can be broadcasted this message, the server that still only sends request message is correctly processed this message;
5. receive the DHCP DENY message that sends to oneself.Server can be pointed out user's configuration failure, because this IP address is used, can again attempt new IP address, continues to go to step 3 and applies for, until confirmed by Dynamic Host Configuration Protocol server; Receive that DHCP ACK message points out configuration successful, and record the IP address of Dynamic Host Configuration Protocol server; Then enter step 10;
6. when user's dynamic obtaining IP address, send DHCP discover message, the network equipment is transmitted to Dynamic Host Configuration Protocol server; DHCP discover message SIP is 0.0.0.0, and DIP is 255.255.255.255, IP address and PKI that message content comprises static configuration;
7.DHCP server receives after DHCP discover message, and selecting does not have occupied IP address, is packaged into DHCP OFFER message to the server that has DHCP demand; The SIP of DHCP OFFER message is the IP address of Dynamic Host Configuration Protocol server, and destination address is 255.255.255.255; With the configuration flow of static ip address, because used Revest-Shamir-Adleman Algorithm (RSA) authentication, so the network equipment can be broadcasted this message, the server that still only sends request message is correctly processed this message;
8. server receives that, after the DHCP OFFER message of DHCP server, the address of recording Dynamic Host Configuration Protocol server, then accepts this IP address; And send DHCP request message, and now the SIP of message (source IP, SourceIP) is the IP that Dynamic Host Configuration Protocol server provides, DIP is the IP address of Dynamic Host Configuration Protocol server;
9.DHCP server receives after the DHCP request message of server, records IP and the PKI of this server, and sends the ACK message of DHCP; The SIP of message is the IP address of Dynamic Host Configuration Protocol server, and object IP is to provide the IP address to server;
10.DHCP server sends to controller to carry out record PKI and IP address, so that follow-up other equipment issue suitable access path during to the access of this IP address; Because the equipment of Dynamic Host Configuration Protocol server distributing IP address belongs in some regional extents, even so there is no the three layer interface configuration of IP based on vlan under new message encapsulation format, also can guarantee that same section of IP is in adjacent scope, thus still effective during being aggregated in route and calculating of route.
After message does not have VLAN ID, in openflow switch, without the mechanism of processing less than broadcasting of searching of supporting original two layers of acquiescence, need to realize in the following way isolation and intercommunication:
1. cannot be by access to netwoks between acquiescence Servers-all, after the good network of network equipments configuration, Dynamic Host Configuration Protocol server configures its network and sends IP request message;
2. then send specific message to controller, controller has just generated the topological diagram of the whole network, has recorded the IP address of every station server and the port of the place network equipment.Behavior with regard to not existing other device IP of camouflage to pretend to be like this;
3. every station server is reported the safe class to controller oneself, is divided three classes:
A. acquiescence is the equipment that all devices can be accessed, and is applicable to website or resource service as public service;
B. the equipment that acquiescence only has same network segment to access, the equipment that is applicable to company or IDC Intranet carries out networking;
C. acquiescence adopts the equipment only having by oneself authentication could access oneself, such as being the algorithm of RSA and so on;
4.Controller collects after the access level of equipment, issues corresponding rule to each networking routing device, guarantee intercommunication and the isolation of each grade equipment, and list item has aging mechanism;
5., when c kind equipment has the new equipment that passes through authentication in 1 step, issue the intercommunication that new openflow rule guarantees the two;
Whole like this network just can move, and realizes normal access and the isolation of network, without the inadequate problem of the number of considering again vlan, also give to solve some safety problems in network, such as ARP deception etc.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.All any modifications of doing within the spirit and principles in the present invention, be equal to replacement, improvement etc., be all included in protection scope of the present invention.
Claims (3)
1. the ethernet ip message encapsulating method based on SDN and Network Isolation and a DHCP implementation method, comprise that server end packet receiving and server end give out a contract for a project, it is characterized in that,
Wherein server end packet receiving comprises the following steps:
Step 1, physical layer of device obtain physical signalling according to frame gap and guiding frame from transmission medium, and described physical signalling is converted to bit, give data link layer;
Step 2, data link layer are carried out the original work for the treatment of except MAC Address identification and addressing, comprise and processing message being handed to after bit binding and layout to packet receiving function;
Step 3, analysis protocol stack identification message, according to new header format analytic message, obtain the heading information that message is relevant, if message DIP is the address of this server, enters follow-up protocol stack, if not passing through routing forwarding handling process;
After step 4, route produce, give data link layer and carry out other handling processes except Ethernet encapsulation and mac addressing, according to header form, pass to physical layer and process;
Step 5, physical layer convert the bit of message data frame to photosignal according to original mode and forward;
Wherein server end is given out a contract for a project and is comprised the following steps:
Step 1, first by the packed rear interpolation TCP/UDP L4 header information of message data section and trailer information, then carry out IP encapsulation;
Step 2, IP encapsulated message is carried out to route querying according to DIP, to choose outbound port;
Step 3, by the message that finds outbound port, give data link layer and carry out other operations except Ethernet encapsulation and mac addressing;
Step 4, physical layer convert the bit of message data frame to photosignal according to original mode and forward.
2. a kind of ethernet ip message encapsulating method and Network Isolation and DHCP implementation method based on SDN as claimed in claim 1, is characterized in that, the DHCP that obtains IP address in said method adopts following method:
Step 1, Controller determine position and the IP information of Dynamic Host Configuration Protocol server in topology, the relevant discover of DHCP or the request message that guarantee Servers-all can only be transmitted to the Dynamic Host Configuration Protocol server in respective range, be that Dynamic Host Configuration Protocol server acquiescence should be to be provided all devices in DHCP service range to access by it, and prevent that other people from pretending to be Dynamic Host Configuration Protocol server;
First step 2, user generate oneself PKI and private key by RSA Algorithm; User's configuring static server ip address enters step 3 below, otherwise enters step 6;
Step 3, user's static configuration server ip address, directly send the request request message of DCHP to Dynamic Host Configuration Protocol server, and the SIP of message is 0.0.0.0, and DIP is 255.255.255.255, IP address and PKI that message content comprises static configuration;
Step 4, Dynamic Host Configuration Protocol server are received after message, record this PKI and check whether the static IP of configuration is used; If this IP address is used, send DHCP deny message, if this IP address is not used by other equipment, send the ACK message of DHCP; The SIP of message is the IP address of Dynamic Host Configuration Protocol server, and object IP is 255.255.255.255;
Step 5, when receiving the DHCP DENY message that sends to oneself, server prompts user's configuration failure, because this IP address is used, attempts new IP address again, continues to go to step three and applies for, until confirmed by Dynamic Host Configuration Protocol server; Receive that DHCP ACK message points out configuration successful, and record the IP address of Dynamic Host Configuration Protocol server; Then enter step 10;
Step 6, when user's dynamic obtaining IP address, send DHCP discover message, the network equipment is transmitted to Dynamic Host Configuration Protocol server; DHCP discover message SIP is 0.0.0.0, and DIP is 255.255.255.255, IP address and PKI that message content comprises static configuration;
Step 7, Dynamic Host Configuration Protocol server receive after DHCP discover message, and selecting does not have occupied IP address, is packaged into DHCP OFFER message to the server that has DHCP demand; The SIP of DHCP OFFER message is the IP address of Dynamic Host Configuration Protocol server, and destination address is 255.255.255.255;
Step 8, server receive that, after the DHCP OFFER message of DHCP server, the address of recording Dynamic Host Configuration Protocol server, then accepts this IP address; And send DHCP request message, and now the SIP of message is the IP that Dynamic Host Configuration Protocol server provides, DIP is the IP address of Dynamic Host Configuration Protocol server;
Step 9, Dynamic Host Configuration Protocol server receive after the DHCP request message of server, record IP and the PKI of this server, and send the ACK message of DHCP; The SIP of message is the IP address of Dynamic Host Configuration Protocol server, and object IP is to provide the IP address to server;
Step 10, Dynamic Host Configuration Protocol server send to controller to carry out record PKI and IP address, so that follow-up other equipment issue suitable access path during to the access of this IP address; Because the equipment of Dynamic Host Configuration Protocol server distributing IP address belongs in some regional extents, even so there is no the three layer interface configuration of IP based on vlan under new message encapsulation format, also can guarantee that same section of IP is in adjacent scope, thus still effective during being aggregated in route and calculating of route.
3. a kind of ethernet ip message encapsulating method and Network Isolation and DHCP implementation method based on SDN as claimed in claim 1 or 2, it is characterized in that, at message, enter after data link layer, after in new method for packing, message does not have VLAN ID, in Openflow switch, without the mechanism of processing less than broadcasting of searching of supporting original two layers of acquiescence, therefore realize in the following way isolation and intercommunication:
Cannot be by access to netwoks between step 1, acquiescence Servers-all, after the good network of network equipments configuration, Dynamic Host Configuration Protocol server configures its network and sends IP request message;
Step 2, send specific message to controller, controller generates full mesh topology figure, records the IP address of every station server and the port of the place network equipment;
Step 3, every station server are reported the safe class to controller oneself, are divided three classes:
A. acquiescence is the equipment that all devices can be accessed, and is applicable to website or resource service as public service;
B. the equipment that acquiescence only has the part network segment to access, the equipment that is applicable to company or IDC Intranet carries out networking;
C. acquiescence adopts the equipment only having by oneself authentication could access oneself, such as being the algorithm of RSA and so on;
Step 4, Controller collect after the access level of equipment, issue corresponding rule to each network routing device, guarantee intercommunication and the isolation of each grade equipment;
Step 5, when c kind equipment has the new equipment that passes through authentication in step 3, issue the intercommunication that new openflow rule guarantees itself and other network equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410181020.3A CN104010049B (en) | 2014-04-30 | 2014-04-30 | Ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410181020.3A CN104010049B (en) | 2014-04-30 | 2014-04-30 | Ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104010049A true CN104010049A (en) | 2014-08-27 |
| CN104010049B CN104010049B (en) | 2017-10-03 |
Family
ID=51370540
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410181020.3A Active CN104010049B (en) | 2014-04-30 | 2014-04-30 | Ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104010049B (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104320267A (en) * | 2014-10-29 | 2015-01-28 | 武汉绿色网络信息服务有限责任公司 | ARP broadcast restraining system and method for achieving VxLAN based on SDN framework |
| CN105119830A (en) * | 2015-09-14 | 2015-12-02 | 珠海赞同科技有限公司 | Load balancing software defined networking routing aggregation method based on packing optimization |
| CN105429946A (en) * | 2015-10-28 | 2016-03-23 | 广州西麦科技股份有限公司 | System and method of preventing forging IP address based on SDN virtual switch |
| CN107529352A (en) * | 2015-03-13 | 2017-12-29 | 凯为公司 | Programmable switch (PIPS) for the agreement independence of the data center network of software definition |
| CN108574613A (en) * | 2017-03-07 | 2018-09-25 | 中兴通讯股份有限公司 | The double layer intercommunication method and device of SDN data centers |
| CN109040004A (en) * | 2018-05-25 | 2018-12-18 | 北京无线电测量研究所 | ICP/IP protocol implementation method, device and storage medium |
| CN109347759A (en) * | 2018-09-25 | 2019-02-15 | 中国电子科技集团公司第二十八研究所 | The SIP multimedia communications system and method for Intranet are passed through based on SDN |
| CN110401923A (en) * | 2019-04-19 | 2019-11-01 | 广州天链通信科技有限公司 | A kind of method and VSAT terminal of VSAT terminal bridge and routing mode support simultaneously |
| US10840912B2 (en) | 2014-06-11 | 2020-11-17 | Marvell Asia Pte, Ltd. | Hierarchical statistically multiplexed counters and a method thereof |
| US10855573B2 (en) | 2014-09-23 | 2020-12-01 | Marvell Asia Pte, Ltd. | Hierarchical hardware linked list approach for multicast replication engine in a network ASIC |
| US11050859B2 (en) | 2014-06-19 | 2021-06-29 | Marvell Asia Pte, Ltd. | Method of using bit vectors to allow expansion and collapse of header layers within packets for enabling flexible modifications and an apparatus thereof |
| CN113225376A (en) * | 2021-03-29 | 2021-08-06 | 桂林电子科技大学 | Ethernet frame and SDN data frame adapting method based on FPGA |
| CN113542273A (en) * | 2021-07-15 | 2021-10-22 | 北京润科通用技术有限公司 | Data transmission method and related equipment |
| US11258886B2 (en) | 2014-06-19 | 2022-02-22 | Marvell Asia Pte, Ltd. | Method of handling large protocol layers for configurable extraction of layer information and an apparatus thereof |
| US11297012B2 (en) | 2015-03-30 | 2022-04-05 | Marvell Asia Pte, Ltd. | Packet processing system, method and device having reduced static power consumption |
| US11435925B2 (en) | 2013-12-27 | 2022-09-06 | Marvell Asia Pte, Ltd. | Method and system for reconfigurable parallel lookups using multiple shared memories |
| US11677664B2 (en) | 2013-12-30 | 2023-06-13 | Marvell Asia Pte, Ltd. | Apparatus and method of generating lookups and making decisions for packet modifying and forwarding in a software-defined network engine |
| US11824796B2 (en) | 2013-12-30 | 2023-11-21 | Marvell Asia Pte, Ltd. | Protocol independent programmable switch (PIPS) for software defined data center networks |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040120315A1 (en) * | 2002-12-24 | 2004-06-24 | Kyeong-Soo Han | Communication system for peer-to-peer communication between optical network units in Ethernet-based passive optical network and communication method thereof |
| CN101369977A (en) * | 2008-09-18 | 2009-02-18 | 华为技术有限公司 | Method, apparatus and system for transmitting data |
| US20090141737A1 (en) * | 2007-11-30 | 2009-06-04 | Texas Instruments Incorporated | Systems and methods for prioritized channel access hardware assistance design |
| CN101951378A (en) * | 2010-09-26 | 2011-01-19 | 北京品源亚安科技有限公司 | Protocol stack system structure for SSL VPN and data processing method |
-
2014
- 2014-04-30 CN CN201410181020.3A patent/CN104010049B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040120315A1 (en) * | 2002-12-24 | 2004-06-24 | Kyeong-Soo Han | Communication system for peer-to-peer communication between optical network units in Ethernet-based passive optical network and communication method thereof |
| US20090141737A1 (en) * | 2007-11-30 | 2009-06-04 | Texas Instruments Incorporated | Systems and methods for prioritized channel access hardware assistance design |
| CN101369977A (en) * | 2008-09-18 | 2009-02-18 | 华为技术有限公司 | Method, apparatus and system for transmitting data |
| CN101951378A (en) * | 2010-09-26 | 2011-01-19 | 北京品源亚安科技有限公司 | Protocol stack system structure for SSL VPN and data processing method |
Non-Patent Citations (1)
| Title |
|---|
| 陈松: "基于端口隔离静态IP地址冲突防范策略", 《计算机工程与设计》 * |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11435925B2 (en) | 2013-12-27 | 2022-09-06 | Marvell Asia Pte, Ltd. | Method and system for reconfigurable parallel lookups using multiple shared memories |
| US11824796B2 (en) | 2013-12-30 | 2023-11-21 | Marvell Asia Pte, Ltd. | Protocol independent programmable switch (PIPS) for software defined data center networks |
| US11677664B2 (en) | 2013-12-30 | 2023-06-13 | Marvell Asia Pte, Ltd. | Apparatus and method of generating lookups and making decisions for packet modifying and forwarding in a software-defined network engine |
| US10840912B2 (en) | 2014-06-11 | 2020-11-17 | Marvell Asia Pte, Ltd. | Hierarchical statistically multiplexed counters and a method thereof |
| US11843378B2 (en) | 2014-06-11 | 2023-12-12 | Marvel Asia PTE., LTD. | Hierarchical statistically multiplexed counters and a method thereof |
| US11799989B2 (en) | 2014-06-19 | 2023-10-24 | Marvell Asia Pte, Ltd. | Method of using bit vectors to allow expansion and collapse of header layers within packets for enabling flexible modifications and an apparatus thereof |
| US11258886B2 (en) | 2014-06-19 | 2022-02-22 | Marvell Asia Pte, Ltd. | Method of handling large protocol layers for configurable extraction of layer information and an apparatus thereof |
| US11050859B2 (en) | 2014-06-19 | 2021-06-29 | Marvell Asia Pte, Ltd. | Method of using bit vectors to allow expansion and collapse of header layers within packets for enabling flexible modifications and an apparatus thereof |
| US10855573B2 (en) | 2014-09-23 | 2020-12-01 | Marvell Asia Pte, Ltd. | Hierarchical hardware linked list approach for multicast replication engine in a network ASIC |
| US11765069B2 (en) | 2014-09-23 | 2023-09-19 | Marvell Asia Pte, Ltd. | Hierarchical hardware linked list approach for multicast replication engine in a network ASIC |
| CN104320267A (en) * | 2014-10-29 | 2015-01-28 | 武汉绿色网络信息服务有限责任公司 | ARP broadcast restraining system and method for achieving VxLAN based on SDN framework |
| CN104320267B (en) * | 2014-10-29 | 2017-11-17 | 武汉绿色网络信息服务有限责任公司 | VxLAN ARP broadcast suppression systems and method is realized based on SDN frameworks |
| CN107529352A (en) * | 2015-03-13 | 2017-12-29 | 凯为公司 | Programmable switch (PIPS) for the agreement independence of the data center network of software definition |
| CN107529352B (en) * | 2015-03-13 | 2020-11-20 | 马维尔亚洲私人有限公司 | Protocol Independent Programmable Switch (PIPS) for software defined data center networks |
| US11297012B2 (en) | 2015-03-30 | 2022-04-05 | Marvell Asia Pte, Ltd. | Packet processing system, method and device having reduced static power consumption |
| US11652760B2 (en) | 2015-03-30 | 2023-05-16 | Marvell Asia Pte., Ltd. | Packet processing system, method and device having reduced static power consumption |
| CN105119830A (en) * | 2015-09-14 | 2015-12-02 | 珠海赞同科技有限公司 | Load balancing software defined networking routing aggregation method based on packing optimization |
| CN105119830B (en) * | 2015-09-14 | 2018-02-23 | 珠海赞同科技有限公司 | Load balancing software defined network route aggregating method based on vanning optimization |
| CN105429946A (en) * | 2015-10-28 | 2016-03-23 | 广州西麦科技股份有限公司 | System and method of preventing forging IP address based on SDN virtual switch |
| CN108574613A (en) * | 2017-03-07 | 2018-09-25 | 中兴通讯股份有限公司 | The double layer intercommunication method and device of SDN data centers |
| CN109040004A (en) * | 2018-05-25 | 2018-12-18 | 北京无线电测量研究所 | ICP/IP protocol implementation method, device and storage medium |
| CN109347759A (en) * | 2018-09-25 | 2019-02-15 | 中国电子科技集团公司第二十八研究所 | The SIP multimedia communications system and method for Intranet are passed through based on SDN |
| CN110401923A (en) * | 2019-04-19 | 2019-11-01 | 广州天链通信科技有限公司 | A kind of method and VSAT terminal of VSAT terminal bridge and routing mode support simultaneously |
| CN113225376A (en) * | 2021-03-29 | 2021-08-06 | 桂林电子科技大学 | Ethernet frame and SDN data frame adapting method based on FPGA |
| CN113542273B (en) * | 2021-07-15 | 2023-07-18 | 北京润科通用技术有限公司 | Data transmission method and related equipment |
| CN113542273A (en) * | 2021-07-15 | 2021-10-22 | 北京润科通用技术有限公司 | Data transmission method and related equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104010049B (en) | 2017-10-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104010049A (en) | Ethernet IP message packaging method based on SDN and network isolation and DHCP implementing method based on SDN | |
| CN107911258B (en) | SDN network-based security resource pool implementation method and system | |
| CN109194660B (en) | Network access method and device of mobile terminal | |
| US10454888B2 (en) | Method and device for processing data message | |
| US11671898B2 (en) | Systems and methods for routing data | |
| CN103905283B (en) | Communication means and device based on expansible VLAN | |
| CN102970227B (en) | The method and apparatus of VXLAN message repeating is realized in ASIC | |
| US10193707B2 (en) | Packet transmission method and apparatus | |
| EP2482502B1 (en) | Message handling method and apparatus | |
| US10574480B2 (en) | Tunnelling time-critical messages between substations over WAN | |
| US20140010234A1 (en) | Media Access Control (MAC) Address Summation in Datacenter Ethernet Networking | |
| CN104135446B (en) | System and methods of the IPv4 to IPv6 transition is realized based on SDN | |
| CN109889420B (en) | Service processing method and device | |
| CN106559302A (en) | Single tunnel method for building up, device and system | |
| US20120198091A1 (en) | Network system, control apparatus and network apparatus | |
| CN105933235B (en) | Data communications method and device | |
| CN107733765B (en) | Mapping method, system and related equipment | |
| CN102868642B (en) | The method and apparatus of NVGRE message repeating is realized in ASIC | |
| CN107547691B (en) | Address resolution protocol message proxy method and device | |
| CN101841548B (en) | Method for mapping host identity to network addresses | |
| CN115499392A (en) | Tenant isolation service method and device, and electronic equipment | |
| CN105282034B (en) | ARP/NDP learning system and learning method | |
| CN107231309A (en) | Obtain method, controller and the purpose switching node of SDN the whole network views | |
| CN106506718A (en) | IVI transition methods and network system based on the pure IPv6 networks of multiple NAT | |
| WO2016070725A1 (en) | Method and device for realizing vlan n:1 conversion on dhcp broadcast interaction packet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100081, 1410, building 683, science and technology building, No. two, zone 5, Zhongguancun South Street, Haidian District, Beijing Applicant after: Yi cloud feilingjiexun Technology (Beijing) Limited by Share Ltd Address before: 100081, 1410, building 683, science and technology building, No. two, zone 5, Zhongguancun South Street, Haidian District, Beijing Applicant before: Yi cloud feilingjiexun Technology (Beijing) Co. Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181119 Address after: 750000 Room 102, Block B, Zhongweiyun Center, Zhongguancun Science and Technology Industrial Park, Ningxia Hui Autonomous Region (south of Zhongwei Campus, Ningxia University) Patentee after: Ningxia Gold Silicon Information Technology Co., Ltd. Address before: Room 1410, Science and Technology Building, 683 Building, No. 5 South Street, Zhongcun District, Haidian District, Beijing 100081 Patentee before: Yi cloud feilingjiexun Technology (Beijing) Limited by Share Ltd |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220208 Address after: Room 1410, Science and Technology Building, 683 Building, No. 5 South Street, Zhongcun District, Haidian District, Beijing 100081 Patentee after: Xingyuan Jurun Technology (Beijing) Co.,Ltd. Address before: 750000 Room 102, Block B, Zhongweiyun Center, Zhongguancun Science and Technology Industrial Park, Ningxia Hui Autonomous Region (south of Zhongwei Campus, Ningxia University) Patentee before: NINGXIA JINGUI INFORMATION TECHNOLOGY Co.,Ltd. |