CN106936608B

CN106936608B - Method, related equipment and system for establishing SSH connection

Info

Publication number: CN106936608B
Application number: CN201511019498.7A
Authority: CN
Inventors: 孙大宇; 常欣; 雷歆
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2015-12-29
Filing date: 2015-12-29
Publication date: 2020-09-18
Anticipated expiration: 2035-12-29
Also published as: CN106936608A

Abstract

The embodiment of the invention discloses a method for establishing a secure Shell protocol (SSH) connection, related equipment and a system. The main controller receives a forwarding device identifier and a controller identifier sent by a cluster controller, and the cluster controller is used for managing controllers in a cluster; the main controller and the forwarding equipment indicated by the forwarding equipment identification obtain negotiation parameters through SSH negotiation, and SSH connection is established with the forwarding equipment based on the negotiation parameters; and the main controller sends the negotiation parameters to the controller indicated by the controller identifier, wherein the negotiation parameters are used for enabling the controller to establish new SSH connection with the forwarding equipment after the SSH connection established between the main controller and the forwarding equipment is disconnected. By adopting the invention, the efficiency of establishing a new SSH connection with the controller after the SSH connection established between the forwarding equipment and the main controller is disconnected can be improved.

Description

Method, related equipment and system for establishing SSH connection

Technical Field

The invention relates to the technical field of computers, in particular to a method, related equipment and a system for establishing a Secure Shell (SSH) connection.

Background

A software-defined network (SDN) is a new type of network, and its core is to divide an underlying network into a control layer and a forwarding layer, and a controller of the control layer configures services (such as vlan configuration) for forwarding devices of the forwarding layer. When conditions such as controller software failure, communication link failure between the controller and the forwarding device, and power failure of a data center room where the controller is located cause disconnection of a pre-established SSH connection between the forwarding device and the controller in the SDN, services of the forwarding device cannot be configured.

In order to solve the above problem, the prior art provides an SDN network architecture, as shown in fig. 1, the network architecture includes a cluster controller 300, controllers 311 to 314, and forwarding devices 321 to 323. The cluster controller 300 is in communication connection with the controllers 311 to 314, each forwarding device registers with the cluster controller 300 when accessing the SDN network, and the cluster controller selects one controller from the controllers 311 to 314 for the forwarding device as a master controller of the forwarding device and selects another controller as a slave controller of the forwarding device. The forwarding device establishes a communication connection with the host controller (as indicated by the solid lines in the figure) but not with the controller (as indicated by the dashed lines in the figure). For example, when the forwarding device 321 accesses the SDN network, the forwarding device 321 is registered with the cluster controller 300, and the cluster controller 300 allocates the controller 311 to the forwarding device 321 as a main controller of the forwarding device 321, and allocates the controller 312 to the forwarding device 321 as a slave controller of the forwarding device 321. The cluster controller 300 instructs the controller 311 to establish an SSH connection with the forwarding device 321, however, the cluster controller 300 does not instruct the controller 312 to establish an SSH connection with the forwarding device 321. When the controller 311 establishes the SSH connection with the forwarding device 321, the controller 311 and the forwarding device 321 determine negotiation parameters required for communication between the two parties through SSH negotiation, and establish the SSH connection with the forwarding device 321 based on the negotiation parameters, where the negotiation parameters include a version number, a data encryption algorithm, a D-H key, and other parameters.

After the SSH connection is established, the controller 311 may configure the service for the forwarding device 321. Thereafter, the cluster controller 300 monitors the SSH connection between the main controller 311 and the forwarding device 321 in real time, and determines whether the SSH connection is disconnected, and if the SSH connection is disconnected, the cluster controller 300 sends a notification message to the controller 312 to notify the controller 312 to establish a new SSH connection with the forwarding device 321 to replace the original controller 311 to configure a service for the forwarding device 321. When the controller 312 establishes a new SSH connection with the forwarding device 321, the controller 312 and the forwarding device 321 determine negotiation parameters required for communication between the two parties through SSH negotiation, and establish an SSH connection with the forwarding device 321 based on the negotiation parameters. After the SSH connection is established, the controller 312 may configure the service for the forwarding device 321.

The prior art has the defect that when the SSH connection between the main controller and the forwarding device is disconnected, the controller of the forwarding device needs to perform SSH negotiation with the forwarding device again to establish a new SSH connection, and the SSH negotiation process takes a long time, which results in low efficiency of establishing the SSH connection between the controller and the forwarding device.

Disclosure of Invention

The embodiment of the invention discloses a method, related equipment and a system for establishing SSH connection, which can improve the efficiency of establishing new SSH connection with a controller after a forwarding device is disconnected from the SSH connection established with a main controller.

In a first aspect, an embodiment of the present invention provides a method for establishing a secure shell protocol SSH connection, where the method includes:

the method comprises the steps that a main controller receives a forwarding device identifier and a controller identifier sent by a cluster controller, wherein the cluster controller is used for managing controllers in a cluster;

the main controller and the forwarding equipment indicated by the forwarding equipment identification obtain negotiation parameters through SSH negotiation, and SSH connection is established with the forwarding equipment based on the negotiation parameters;

the main controller sends the negotiation parameters to a controller indicated by the controller identifier, and the negotiation parameters are used for enabling the controller to establish a new SSH connection with the forwarding equipment after the SSH connection established between the main controller and the forwarding equipment is disconnected; when the controller establishes the SSH with the forwarding device, a Transmission Control Protocol/Internet Protocol (TCP/IP) connection needs to be established first, that is, a requesting party of the SSH connection needs to know an IP address of a requested party, and the IP address of the requested party can be sent to the requesting party in advance by the cluster controller or the main controller.

By executing the steps, the main controller sends the negotiation parameters generated when the main controller establishes the SSH connection with the forwarding equipment to the controller, and after the SSH connection between the main controller and the forwarding equipment is disconnected, the controller and the forwarding equipment directly establish new SSH connection based on the negotiation parameters without renegotiating the negotiation parameters, so that the efficiency of establishing new SSH connection between the controller and the forwarding equipment is improved.

With reference to the first aspect, in a first possible implementation manner of the first aspect, the sending, by the master controller, the negotiation parameter to the controller indicated by the controller identifier includes:

and the main controller sends the forwarding equipment identifier and the negotiation parameter to a controller indicated by the controller identifier, wherein the negotiation parameter is used for enabling the controller to establish a new SSH connection with the forwarding equipment according to the forwarding equipment identifier and the negotiation parameter after receiving a reconnection message sent by the cluster controller after the cluster controller detects that the SSH connection established between the main controller and the forwarding equipment is disconnected.

With reference to the first aspect, in a second possible implementation manner of the first aspect, the sending, by the master controller, the negotiation parameter to the controller indicated by the controller identifier includes:

the main controller judges whether the SSH connection established between the main controller and the forwarding equipment is disconnected;

and if the connection is disconnected, the main controller sends a reconnection message containing the forwarding equipment identifier and the negotiation parameter to the controller indicated by the controller identifier so as to indicate the controller to establish a new SSH connection with the forwarding equipment according to the forwarding equipment identifier and the negotiation parameter.

With reference to the first aspect, in a third possible implementation manner of the first aspect, the sending, by the master controller, the negotiation parameter to the controller indicated by the controller identifier includes:

the main controller sends the negotiation parameters to a controller indicated by the controller identifier;

and if the connection is disconnected, the main controller sends a disconnection prompt message to the cluster controller so that the cluster controller sends a reconnection message containing the forwarding equipment identifier to the controller, wherein the reconnection message is used for indicating the controller to establish a new SSH connection with the forwarding equipment according to the forwarding equipment identifier and the negotiation parameters.

With reference to the first aspect, in a fourth possible implementation manner of the first aspect, after the master controller receives a forwarding device identifier and a controller identifier sent by a cluster controller, the method further includes:

and the main controller sends the controller identifier to the forwarding equipment, so that the forwarding equipment establishes a new SSH connection with the controller according to the controller identifier and the negotiation parameters after judging that the SSH connection is disconnected.

In a second aspect, an embodiment of the present invention provides a method for establishing a secure shell protocol SSH connection, where the method includes:

the method comprises the steps that a controller receives negotiation parameters sent by a main controller, wherein the negotiation parameters are obtained by the main controller and forwarding equipment managed by the main controller through SSH negotiation;

and after the main controller is disconnected with the SSH established by the forwarding equipment based on the negotiation parameters, the controller establishes a new SSH connection with the forwarding equipment based on the negotiation parameters.

With reference to the second aspect, in a first possible implementation manner of the second aspect, the establishing, by the forwarding device, a new SSH connection based on the negotiated parameters includes:

the controller receives a reconnection message sent by the main controller or a cluster controller after judging that the SSH connection established by the main controller and the forwarding equipment based on the negotiation parameters is disconnected, wherein the cluster controller is used for managing all controllers in a cluster, and the reconnection message contains the forwarding equipment identification of the forwarding equipment;

and the controller sends an indication message to the forwarding equipment according to the forwarding equipment identifier so as to establish a new SSH connection with the forwarding equipment based on the negotiation parameters.

With reference to the second aspect, in a second possible implementation manner of the second aspect, the establishing, by the forwarding device, a new SSH connection based on the negotiated parameters includes:

the controller receives a request message which is sent by the forwarding equipment and used for requesting to establish a new SSH connection based on the negotiation parameters after the forwarding equipment judges that the SSH connection established by the main controller and the forwarding equipment based on the negotiation parameters is disconnected;

and the controller and the forwarding equipment establish a new SSH connection based on the negotiation parameters.

In a third aspect, an embodiment of the present invention provides a method for establishing a secure shell protocol SSH connection, where the method includes:

the forwarding device and a main controller allocated to the forwarding device by a cluster controller obtain a negotiation parameter through SSH negotiation, and establish SSH connection with the main controller based on the negotiation parameter, wherein the cluster controller is used for managing controllers in a cluster, and the main controller is used for sending the negotiation parameter to a controller allocated to the forwarding device by the cluster controller;

and after the SSH connection established between the forwarding equipment and the main controller is disconnected, the forwarding equipment and the controller establish a new SSH connection based on the negotiation parameters.

With reference to the third aspect, in a first possible implementation manner of the third aspect, the establishing, by the controller, a new SSH connection based on the negotiated parameters includes:

the forwarding device receives a controller identifier of the controller sent by the main controller, and the controller identifier is sent to the main controller by the cluster controller;

the forwarding equipment judges whether the SSH connection established between the forwarding equipment and the main controller is disconnected;

and if the connection is disconnected, the forwarding equipment sends a request message to the controller according to the identifier of the controller so as to establish a new SSH connection with the controller based on the negotiation parameters.

With reference to the third aspect, in a second possible implementation manner of the third aspect, the establishing, by the controller, a new SSH connection based on the negotiated parameters includes:

the forwarding device receives an indication message sent by the controller, wherein the indication message is a message which is sent by the controller after the SSH connection established between the forwarding device and the main controller is disconnected and is used for indicating that a new SSH connection is established based on the negotiation parameters;

and the forwarding equipment and the controller establish a new SSH connection based on the negotiation parameters according to the indication message.

In a fourth aspect, an embodiment of the present invention provides a controller, where the controller is a main controller, where the main controller includes an input component, an output component, a memory, and a processor, and the processor invokes a program in the memory for establishing an SSH connection, so as to perform the following operations:

receiving a forwarding device identifier and a controller identifier sent by a cluster controller through the input component, wherein the cluster controller is used for managing controllers in a cluster;

obtaining a negotiation parameter through SSH negotiation with the forwarding equipment indicated by the forwarding equipment identification, and establishing SSH connection with the forwarding equipment based on the negotiation parameter;

and sending the negotiation parameter to the controller indicated by the controller identifier through the output component, wherein the negotiation parameter is used for enabling the controller to establish a new SSH connection with the forwarding equipment after the SSH connection established between the processor and the forwarding equipment is disconnected.

By executing the above operation, the main controller sends the negotiation parameters generated when the SSH connection is established with the forwarding device to the controller, and after the SSH connection between the main controller and the forwarding device is disconnected, the controller and the forwarding device directly establish a new SSH connection based on the negotiation parameters without renegotiating the negotiation parameters, thereby improving the efficiency of establishing a new SSH connection between the controller and the forwarding device.

With reference to the fourth aspect, in a first possible implementation manner of the fourth aspect, the processor is configured to send the negotiation parameter to the controller indicated by the controller identifier through the output component, and specifically:

the processor is configured to send the forwarding device identifier and the negotiation parameter to a controller indicated by the controller identifier through the output component, where the negotiation parameter is used to enable the controller to establish a new SSH connection with the forwarding device according to the forwarding device identifier and the negotiation parameter after receiving a reconnection message sent by the cluster controller after detecting that the SSH connection established between the processor and the forwarding device is disconnected.

With reference to the fourth aspect, in a second possible implementation manner of the fourth aspect, the processor is configured to send the negotiation parameter to the controller indicated by the controller identifier through the output component, and specifically:

the processor is configured to determine whether an SSH connection established between the processor and the forwarding device is disconnected;

the processor is further configured to send, through the output component, a reconnect message including the forwarding device identifier and the negotiation parameter to the controller indicated by the controller identifier after it is determined that the SSH connection established between the processor and the forwarding device is disconnected, so as to instruct the controller to establish a new SSH connection with the forwarding device according to the forwarding device identifier and the negotiation parameter.

With reference to the fourth aspect, in a third possible implementation manner of the fourth aspect, the processor is configured to send the negotiation parameter to the controller indicated by the controller identifier through the output component, and specifically, the sending is to:

the processor is used for sending the negotiation parameters to the controller indicated by the controller identifier through the output component;

the processor is further configured to determine whether an SSH connection established between the processor and the forwarding device is disconnected;

the processor is further configured to send a disconnection prompting message to the cluster controller through the output component after it is determined that the SSH connection established between the processor and the forwarding device is disconnected, so that the cluster controller sends a reconnection message including the forwarding device identifier to the controller, where the reconnection message is used to instruct the controller to establish a new SSH connection with the forwarding device according to the forwarding device identifier and the negotiation parameter.

With reference to the fourth aspect, in a fourth possible implementation manner of the fourth aspect, the processor is further configured to:

after receiving a forwarding device identifier and a controller identifier sent by a cluster controller through the input component, sending the controller identifier to the forwarding device through the output component, so that after the forwarding device judges that the SSH connection is disconnected, a new SSH connection is established with the controller according to the controller identifier and the negotiation parameters.

In a fifth aspect, an embodiment of the present invention provides a controller, where the controller is a controller, the controller includes an input component, a memory, and a processor, and the processor calls a program in the memory for establishing an SSH connection, so as to perform the following operations:

receiving negotiation parameters sent by a main controller through the input assembly, wherein the negotiation parameters are obtained by the main controller and forwarding equipment managed by the main controller through SSH negotiation;

and after the main controller is disconnected with the SSH established by the forwarding equipment based on the negotiation parameters, establishing a new SSH connection with the forwarding equipment based on the negotiation parameters.

With reference to the fifth aspect, in a first possible implementation manner of the fifth aspect, the controller further includes an output component; the processor is configured to establish a new SSH connection with the forwarding device based on the negotiation parameter, and specifically:

the processor is configured to receive, through the input component, a reconnection message sent by the master controller or the cluster controller after determining that the SSH connection established by the master controller and the forwarding device based on the negotiation parameter is disconnected, where the cluster controller is configured to manage all controllers in a cluster, and the reconnection message includes a forwarding device identifier of the forwarding device;

the processor is further configured to send an indication message to the forwarding device through the output component according to the forwarding device identifier, so as to establish a new SSH connection with the forwarding device based on the negotiation parameter.

With reference to the fifth aspect, in a second possible implementation manner of the fifth aspect, the processor is configured to establish a new SSH connection with the forwarding device based on the negotiation parameter, and specifically:

the processor is configured to receive, through the input component, a request message that is sent by the forwarding device to request establishment of a new SSH connection based on the negotiation parameter after it is determined that the SSH connection established by the forwarding device based on the negotiation parameter is disconnected from the main controller;

the processor is further configured to establish a new SSH connection with the forwarding device based on the negotiated parameters.

In a sixth aspect, an embodiment of the present invention provides a forwarding device, where the forwarding device includes a memory and a processor, where the processor invokes a program in the memory for establishing an SSH connection, and is configured to perform the following operations:

obtaining a negotiation parameter through SSH negotiation with a main controller allocated to the forwarding device by a cluster controller, and establishing SSH connection with the main controller based on the negotiation parameter, wherein the cluster controller is used for managing controllers in a cluster, and the main controller is used for sending the negotiation parameter to a controller allocated to the forwarding device by the cluster controller;

and after the SSH connection established between the processor and the main controller is disconnected, establishing a new SSH connection with the controller based on the negotiation parameters.

With reference to the sixth aspect, in a first possible implementation manner of the sixth aspect, the forwarding device further includes the input component and an output component; the processor is configured to establish a new SSH connection with the controller based on the negotiation parameter, and specifically:

the processor is used for receiving a controller identifier of the controller sent by the main controller through the input component, and the controller identifier is sent to the main controller by the cluster controller;

the processor is further configured to determine whether an SSH connection established between the processor and the main controller is disconnected;

and the processor is further configured to send a request message to the controller through the output component according to the identifier of the controller after judging that the SSH connection established between the processor and the main controller is disconnected, so as to establish a new SSH connection with the controller based on the negotiation parameters.

With reference to the sixth aspect, in a second possible implementation manner of the sixth aspect, the processor is configured to establish, with the controller, a new SSH connection based on the negotiation parameter, and specifically:

the processor is configured to receive, by the input component, an indication message sent by the controller, where the indication message is a message sent by the controller after an SSH connection established between the processor and the main controller is disconnected, and is used to indicate that a new SSH connection is established based on the negotiation parameters;

and the processor is further configured to establish a new SSH connection with the controller based on the negotiation parameters according to the indication message.

In a seventh aspect, an embodiment of the present invention provides a controller, where the controller includes a functional unit configured to perform part or all of the steps of any implementation manner of the first aspect of the embodiment of the present invention.

In an eighth aspect, an embodiment of the present invention provides a controller, where the controller includes a functional unit configured to perform part or all of the steps of any implementation manner of the second aspect of the embodiment of the present invention.

In a ninth aspect, an embodiment of the present invention provides a forwarding device, where the forwarding device includes a functional unit configured to perform part or all of the steps in any implementation manner of the third aspect of the present invention.

In a tenth aspect, an embodiment of the present invention provides a software defined network SDN system, including a master controller, a controller, and a forwarding device, where:

the main controller is used for receiving a forwarding device identifier and a controller identifier sent by a cluster controller, and the cluster controller is used for managing the controllers in the cluster; obtaining a negotiation parameter through SSH negotiation with the forwarding device indicated by the forwarding device identifier; establishing SSH connection with the forwarding equipment based on the negotiation parameters, and sending the negotiation parameters to a controller indicated by the controller identifier;

the controller is configured to receive the negotiation parameter sent by the main controller, and request the forwarding device to establish a new SSH connection based on the negotiation parameter after the SSH connection established between the main controller and the forwarding device is disconnected;

and the forwarding device is used for receiving the request sent by the controller and establishing a new SSH connection with the controller based on the negotiation parameters according to the request.

With reference to the tenth aspect, in a first possible implementation manner of the tenth aspect,

the master controller is the controller described in any possible implementation manner of the fourth aspect, or the controller described in any possible implementation manner of the seventh aspect;

the controller is the controller described in any possible implementation manner of the fifth aspect, or the controller described in any possible implementation manner of the eighth aspect;

the forwarding device is the controller described in any possible implementation manner of the sixth aspect, or the controller described in any possible implementation manner of the ninth aspect.

In some possible implementation manners, the indication message sent by the controller or the reconnection message sent by the forwarding device includes a session identifier of an SSH connection established between the main controller and the forwarding device, and is used to indicate that the forwarding device or the controller establishes a new SSH connection based on a negotiation parameter generated when the main controller establishes an SSH connection with the forwarding device.

By implementing the embodiment of the invention, the main controller sends the negotiation parameters generated when the main controller establishes the SSH connection with the forwarding equipment to the controller, and the controller and the forwarding equipment directly establish new SSH connection based on the negotiation parameters without renegotiating the negotiation parameters after the SSH connection between the main controller and the forwarding equipment is disconnected, thereby improving the efficiency of establishing new SSH connection between the controller and the forwarding equipment.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.

Figure 1 is a schematic diagram of an SDN network architecture in the prior art;

fig. 2 is a schematic flowchart of establishing an SSH connection between a controller and a forwarding device according to an embodiment of the present invention;

fig. 3 is a flowchart illustrating a method for establishing an SSH connection according to an embodiment of the present invention;

fig. 4 is a schematic flow chart of another method for establishing an SSH connection according to an embodiment of the present invention;

fig. 5 is a schematic flow chart of another method for establishing an SSH connection according to an embodiment of the present invention;

fig. 6 is a flowchart illustrating another method for establishing an SSH connection according to an embodiment of the present invention;

fig. 7 is a flowchart illustrating another method for establishing an SSH connection according to an embodiment of the present invention;

FIG. 8 is a schematic structural diagram of a controller according to an embodiment of the present invention;

FIG. 9 is a schematic structural diagram of another controller provided in an embodiment of the present invention;

fig. 10 is a schematic structural diagram of a forwarding device according to an embodiment of the present invention;

FIG. 11 is a schematic structural diagram of another controller provided in an embodiment of the present invention;

FIG. 12 is a schematic structural diagram of another controller provided in an embodiment of the present invention;

fig. 13 is a schematic structural diagram of another forwarding device provided in the embodiment of the present invention;

fig. 14 is a schematic structural diagram of an SDN system according to an embodiment of the present invention.

Detailed Description

The following will clearly describe the technical solution of the present invention with reference to the accompanying drawings, first, how to perform SSH negotiation when an SSH connection is established between a controller (which may be a main controller or a slave) and a forwarding device in the embodiment of the present invention is described in detail with reference to fig. 2, and then, how to simplify an SSH negotiation process to improve the efficiency of establishing a new SSH connection between the slave and the forwarding device after the SSH connection between the main controller and the forwarding device is disconnected in the present invention is described with reference to fig. 3 to 7.

Referring to fig. 2, fig. 2 is a schematic diagram illustrating a process of the controller performing SSH negotiation with the forwarding device to establish an SSH connection, where the process is described in detail as follows:

the method comprises the following steps: and (2) version negotiation, namely establishing a Transmission Control Protocol/Internet Protocol (TCP/IP) connection between the controller and the forwarding equipment, after the TCP/IP connection is established, sending self SSH version information to the forwarding equipment by the controller, after the forwarding equipment receives the SSH version information sent by the controller, selecting an SSH version matched with the SSH version of the controller from the usable SSH versions of the forwarding equipment, and informing the version number of the matched SSH version to the controller.

Step two: and after the two parties acquire the encryption algorithms supported by each other, the encryption algorithms supported by each other are selected for subsequent encryption.

Step three: the method comprises the following steps of key exchange, wherein forwarding equipment sends a key exchange request to a controller to inform the controller of starting key exchange; and then the controller and the forwarding equipment obtain a public and private key through interaction, and a session identifier (session _ id) for the session between the controller and the forwarding equipment is generated.

In general, there are multiple controllers and multiple forwarding devices in an SDN framework, and therefore there are multiple SSH connections, and a unique session _ id generated in the process of establishing an SSH connection may be used to identify the SSH connection, so as to distinguish the SSH connections from each other.

Step four: user authentication, wherein forwarding equipment sends an authentication message to a controller, then receives an authentication mode list sent by the controller, and selects one or more authentication modes from the authentication mode list; and finally, the controller authenticates the forwarding equipment based on the authentication mode selected by the forwarding equipment, and completes SSH negotiation if the authentication is passed.

So far, the SSH negotiation process between the controller and the forwarding device is completed, an SSH connection is established, and the controller and the forwarding device can communicate based on the SSH connection.

Referring to fig. 3, fig. 3 is a schematic flowchart of a method for establishing an SSH connection according to an embodiment of the present invention, and describes a scheme in which a controller and a forwarding device establish a new SSH connection based on a negotiation parameter obtained by an SSH negotiation between the main controller and the forwarding device after the SSH connection established between the main controller and the forwarding device through the flow shown in fig. 2 is disconnected, where the scheme specifically includes the following steps:

step S501: and the main controller receives the forwarding equipment identifier and the controller identifier sent by the cluster controller.

Specifically, the cluster controller is configured to manage controllers in a cluster, and an Identifier (ID) of a controller in an SDN network managed by the cluster controller and an identifier (e.g., an IP address) of a forwarding device are stored in the cluster controller.

When the forwarding device is on line, the cluster controller selects one controller from the controllers managed by the cluster controller, the main controller of the forwarding device and the other controller as the controller of the forwarding device, and sends the identifier of the forwarding device and the identifier of the controller to the main controller through communication connection between the cluster controller and the main controller. Accordingly, the master controller receives the forwarding device identifier and the controller identifier sent by the cluster controller.

The communication between the cluster controller, the main controller and the controller belongs to the communication between cluster nodes, and a common communication mechanism of the communication comprises message queue communication, and when the communication is performed through the message queue mechanism, a party initiating the communication needs to know a controller identifier (such as an ID number) of an opposite party. Typically, the forwarding device will only communicate with the cluster controller when it registers with the cluster controller and will not subsequently communicate with the cluster controller. The communication between the main controller (or the slave controller) and the forwarding device may be initiated by the forwarding device or the main controller (or the slave controller), and regardless of which party initiates the communication, the initiator needs to know the IP address (and possibly the port number) of the other party to establish the TCP/IP connection, which is the basis for the interactive message (or packet) in the process of establishing the SSH connection.

Step S502: and the main controller and the forwarding equipment indicated by the forwarding equipment identification obtain negotiation parameters through SSH negotiation, and establish SSH connection with the forwarding equipment based on the negotiation parameters.

Specifically, the process of SSH negotiation between the main controller and the forwarding device is performed as shown in fig. 2. The negotiation parameters generated in the negotiation process include a version number obtained through the negotiation in the first step, various algorithms (such as a data encryption algorithm, a data integrity protection algorithm, a key exchange algorithm, a data compression algorithm, a digital signature and authenticated host public key algorithm, and the like) obtained through the negotiation in the second step or indexes corresponding to the algorithms, and a key (including a session identifier) obtained through the negotiation in the third step. After the negotiation is completed, the main controller and the forwarding device both have the negotiation parameter, and the main controller and the forwarding device establish an SSH connection based on the negotiation parameter, so that the main controller configures service for the forwarding device.

Step S503: and the main controller sends the negotiation parameters to the controller indicated by the controller identifier, wherein the negotiation parameters are used for enabling the controller to establish new SSH connection with the forwarding equipment after the SSH connection established between the main controller and the forwarding equipment is disconnected.

Specifically, the master controller sends the negotiation parameter to the slave controller indicated by the slave controller identifier, for example, the slave controller identifier includes a controller ID number 35, then the master controller sends the negotiation parameter to the controller with ID number 35 in the controller cluster, and accordingly, the slave controller receives the negotiation parameter sent by the master controller. Then, if the SSH connection established between the main controller and the forwarding device is disconnected, the controller establishes a new SSH connection with the forwarding device directly based on the negotiation parameters without performing the above-mentioned steps one, two and three to generate the negotiation parameters. Since the controller and the forwarding device both have corresponding negotiated parameters, it can be considered that user authentication has been performed between the controller and the forwarding device, so step four can also be omitted. It should be noted that, if the controller initiates the establishment of SSH connection, the controller needs to know the IP address of the forwarding device; if the forwarding device initiates the establishment of SSH connection, the forwarding device needs to know the IP address of the controller; the IP address that the controller or forwarding device needs to know can originate from the cluster controller or the master controller.

There are various ways for the controller and the forwarding device to establish a new SSH connection based on the existing negotiation parameters in step S503, and some of the ways are described with the embodiments of fig. 4 to 7.

Referring to fig. 4, fig. 4 is a schematic flow chart of another method for establishing an SSH connection according to an embodiment of the present invention, where the method includes steps S601 to S609; in the method, the cluster controller detects whether the SSH connection is disconnected, and the controller initiates a new SSH connection to the forwarding device after the SSH connection is disconnected, and the detailed description of each step is as follows.

Steps S601 to S604 may correspond to the description related to steps S501 to S502, and are not described herein again.

Step S605: the main controller sends the negotiation parameter to the controller; the negotiation parameters may include the IP address and port number of the forwarding device, in addition to the related parameters of the above-mentioned step one, step two and step three.

Step S606: and the cluster controller starts to monitor the SSH connection after the SSH connection between the main controller and the forwarding equipment is established, and judges whether the SSH connection is disconnected. The SSH disconnection includes two cases, one is that the main controller fails to work at all, and the other is that the main controller still functions normally except the SSH connection with the forwarding device fails. In either case, however, the cluster controller may detect or calculate which SSH connection(s) are broken.

Step S607: when the cluster controller detects that the SSH connection between the main controller and the forwarding device is disconnected, sending a reconnection message to the controller, and correspondingly, receiving the reconnection message sent by the cluster controller by the controller, wherein at least the following information can be obtained according to the reconnection message: 1. after the SSH connection is disconnected, a new SSH connection needs to be established based on the negotiation parameters of the SSH connection; 2. the disconnected SSH connection is an SSH connection between the main controller and the forwarding device, and specifically, the purpose may be achieved by encapsulating, in the reconnect message, a forwarding device identifier of the forwarding device, or main controller information of the main controller, or forwarding device identifiers of the forwarding device and main controller information of the main controller, or a session identifier (session _ id) in a negotiation parameter of the disconnected SSH connection, or other information capable of identifying an SSH connection.

Step S608: the controller has already obtained the negotiation parameters of the SSH connection between the main controller and the forwarding device in step S605, that is, the controller and the forwarding device both have the corresponding negotiation parameters, and the controller also confirms that the SSH connection between the main controller and the forwarding device is disconnected through the reconnect message in step S607, so the controller sends an indication message to the forwarding device to indicate that the forwarding device establishes a new SSH connection with itself based on the negotiation parameters.

At least one of the negotiation parameter in step S605 and the disconnection prompting message in step S607 includes the forwarding device identifier (including the IP address) of the forwarding device, so that the controller can successfully establish the TCP/IP connection with the forwarding device based on the forwarding device identifier; and sending a message (the name of the message can be customized as required) to the forwarding device after the TCP/IP connection is established, where the message includes an indication part and a limitation part, the indication part is used to indicate that the forwarding device establishes an SSH connection with the controller based on the negotiation parameters of the existing SSH connection, and the limitation part is used to indicate which SSH connection negotiation parameters the forwarding device specifically uses.

The structure shown in table 1 is a presentation form of the message, and may be named as SSH _ MSG _ REUSE _ KEX message SSH _ MSG _ REUSE _ KEX, where the content included in the message SSH _ MSG _ REUSE _ KEX is shown in table 1:

head

length

session_id

TABLE 1

The field "length" in table 1 is used to define the length of the field "session _ id"; the session _ id encapsulates the session _ id in the negotiation parameters of the SSH connection between the main controller and the forwarding equipment; in the improved protocol, the value of the "head" field of the message SSH _ MSG _ REUSE _ KEX may be 35, which is used to instruct the receiver of the message to establish an SSH connection with the sender of the message based on the negotiation parameter belonging to the session _ id in the field "session _ id".

Step S609: the forwarding equipment receives the message sent by the controller, analyzes the message, and obtains a negotiation parameter required to be based on SSH connection between the forwarding equipment and the main controller and establishes SSH connection with the controller; at this time, the forwarding device may send an acknowledgment packet to the controller, or may communicate with the controller directly based on the version number, the encryption algorithm, the key, and the like in the negotiation parameter without sending the acknowledgment packet.

Referring to fig. 5, fig. 5 is a schematic flow chart of another method for establishing an SSH connection according to an embodiment of the present invention, which includes steps S701 to S708; in the method, the main controller detects whether the SSH connection is disconnected or not, and the controller actively requests to establish a new SSH connection after the SSH connection is disconnected, wherein the detailed description of each step is as follows.

Steps S701 to S704 may correspond to the related description referring to steps S601 to S604, and are not described herein again.

Step S705: the main controller detects whether the SSH connection between itself and the forwarding device is disconnected in real time, and in this embodiment, even if the SSH connection between the main controller and the forwarding device is disconnected, other functions of the main controller are still normal, and the disconnection condition can still be detected.

Step S706: and after judging that the SSH connection between the main controller and the forwarding equipment is disconnected, the main controller sends a reconnection message to the controller, wherein the reconnection message contains negotiation parameters negotiated by the main controller and the forwarding equipment, and the reconnection message is used for indicating the controller to establish a new SSH connection with the forwarding equipment based on the negotiation parameters. The detailed description of the reconnect message may refer to step S607.

Steps S707 and S708 may refer to the descriptions of S608 and S609, respectively, and are not described herein again.

Referring to fig. 6, fig. 6 is a schematic flow chart of another method for establishing an SSH connection according to an embodiment of the present invention, where the method includes steps S801 to S809; in the method, the main controller detects whether the SSH connection is disconnected or not, and the controller actively requests to establish a new SSH connection after the SSH connection is disconnected, wherein the detailed description of each step is as follows.

Steps S801 to S805 can refer to steps S601 to S605, and are not described herein.

Step S806 is the same as step S705, and is not described here again.

Step S807: when the main controller detects that the SSH connection between the main controller and the forwarding equipment is disconnected, the main controller sends the SSH connection disconnection condition to the cluster controller through a disconnection prompting message, and correspondingly, the cluster controller receives the disconnection prompting message sent by the main controller.

Step S808: the cluster controller obtains the controller corresponding to the forwarding device according to the disconnection prompting message, and then sends a reconnection message to the controller to instruct the controller to establish a new SSH connection with the forwarding device based on the negotiation parameter, further, refer to step S607, which is not described herein again.

Steps S809 and S608 are the same, and steps S810 and S809 are the same, and are not described again here.

Referring to fig. 7, fig. 7 is a schematic flow chart of another method for establishing an SSH connection according to an embodiment of the present invention, which includes steps S901 to S909; in the method, the forwarding device detects whether the SSH connection is disconnected, and the forwarding device actively requests to establish a new SSH connection after the SSH connection is disconnected, and the detailed description of each step is as follows.

Steps S601 to S605 can be referred to in steps S901 to S905, and are not described herein.

Step S906: the main controller sends the controller identification of the controller to the forwarding device, and accordingly, the forwarding device receives the controller message sent by the main controller, and the controller identification contains the IP address of the controller, so that the forwarding device knows which controller is its own controller.

Step S907: the forwarding device detects whether the SSH connection between itself and the host controller has been broken.

Step S908: and if the SSH connection is detected to be disconnected, the forwarding equipment sends a request message to the controller to request the controller to establish a new SSH connection with the forwarding equipment based on the negotiation parameters sent by the main controller.

Steps S909 and S609 are the same and will not be described here.

While the method of the embodiment of the present invention is described in detail above, in order to better implement the above solution of the embodiment of the present invention, the related apparatus of the embodiment of the present invention is described below with reference to fig. 8 to 13.

Referring to fig. 8, fig. 8 is a controller 80 according to an embodiment of the present invention, where the controller 80 is a main controller, and the main controller includes an input component 801, an output component 802, a memory 803, and a processor 804 (the number of the processors 804 may be one or more, and one processor is taken as an example in fig. 8), and in some embodiments of the present invention, the input component 801, the output component 802, the memory 803, and the processor 804 may be connected by a bus or in other manners, where fig. 8 is taken as an example of connection by a bus. The processor 804 calls a program in the memory 803 for establishing an SSH connection, and is configured to:

receiving, by the input component 801, a forwarding device identifier and a controller identifier sent by a cluster controller, where the cluster controller is used to manage controllers in a cluster;

and sending the negotiation parameter to the controller indicated by the controller identifier through the output component 802, where the negotiation parameter is used to enable the controller to establish a new SSH connection with the forwarding device after the SSH connection established between the processor 804 and the forwarding device is disconnected.

By running the program code for establishing the SSH connection, the main controller sends the negotiation parameters generated when the SSH connection is established with the forwarding equipment to the controller, and after the SSH connection between the main controller and the forwarding equipment is disconnected, the controller and the forwarding equipment directly establish new SSH connection based on the negotiation parameters without renegotiating the negotiation parameters, so that the efficiency of establishing new SSH connection between the controller and the forwarding equipment is improved.

In an optional scheme, the processor 804 is configured to send the negotiation parameter to the controller indicated by the controller identifier through the output component 802, specifically:

the processor 804 is configured to send the forwarding device identifier and the negotiation parameter to the controller indicated by the controller identifier through the output component 802, where the negotiation parameter is used for enabling the controller to establish a new SSH connection with the forwarding device according to the forwarding device identifier and the negotiation parameter after receiving a reconnection message sent by the cluster controller after detecting that the SSH connection established between the processor 804 and the forwarding device is disconnected.

the processor 804 is configured to determine whether an SSH connection established between the processor 804 and the forwarding device is disconnected;

the processor 804 is further configured to send a reconnection message including the forwarding device identifier and the negotiation parameter to the controller indicated by the controller identifier through the output component 802 after it is determined that the SSH connection established between the processor 804 and the forwarding device is disconnected, so as to instruct the controller to establish a new SSH connection with the forwarding device according to the forwarding device identifier and the negotiation parameter.

In another optional scheme, the processor 804 is configured to send the negotiation parameter to the controller indicated by the controller identifier through the output component 802, specifically:

the processor 804 is configured to send the negotiation parameter to the controller indicated by the controller identifier through the output component 802;

the processor 804 is further configured to determine whether an SSH connection established between the processor 804 and the forwarding device is disconnected;

the processor 804 is further configured to send a disconnection prompting message to the cluster controller through the output component 802 after it is determined that the SSH connection established between the processor 804 and the forwarding device is disconnected, so that the cluster controller sends a reconnection message including the forwarding device identifier to the controller, where the reconnection message is used to instruct the controller to establish a new SSH connection with the forwarding device according to the forwarding device identifier and the negotiation parameter.

In yet another alternative, the processor 804 is further configured to: after receiving the forwarding device identifier and the controller identifier sent by the cluster controller through the input component, sending the controller identifier to the forwarding device through the output component 802, so that after the forwarding device judges that the SSH connection is disconnected, a new SSH connection is established with the controller according to the controller identifier and the negotiation parameter.

It should be noted that the specific implementation of the controller 80 may also correspond to the related description of the method embodiment shown in fig. 3.

Referring to fig. 9, fig. 9 is a controller 90 according to another embodiment of the present invention, where the controller 90 is a controller, and the controller includes an input component 901, a memory 903, and a processor 904 (the number of the processors 904 may be one or more, and fig. 9 illustrates one processor as an example), and in some embodiments of the present invention, the input component 901, the memory 903, and the processor 904 may be connected by a bus or in other manners, where fig. 9 illustrates connection by a bus as an example. The processor 804 calls a program in the memory 803 for establishing an SSH connection, and is configured to:

receiving negotiation parameters sent by a main controller through the input component 901, wherein the negotiation parameters are obtained by the main controller and forwarding equipment managed by the main controller through SSH negotiation;

In an alternative, the controller further includes an output component 902; the processor 904 is configured to establish a new SSH connection with the forwarding device based on the negotiation parameter, specifically:

the processor 904 is configured to receive, through the input component 901, a reconnection message sent by the master controller or a cluster controller after determining that the SSH connection established by the master controller and the forwarding device based on the negotiation parameter is disconnected, where the cluster controller is configured to manage all controllers in a cluster, and the reconnection message includes a forwarding device identifier of the forwarding device;

the processor 904 is further configured to send an indication message to the forwarding device through the output component 902 according to the forwarding device identifier, so as to establish a new SSH connection with the forwarding device based on the negotiated parameters.

In another optional scheme, the processor 904 is configured to, after the main controller disconnects the SSH connection established with the forwarding device based on the negotiation parameter, establish a new SSH connection with the forwarding device based on the negotiation parameter, specifically:

the processor 904 is configured to receive, through the input component 901, a request message that is sent by the forwarding device and used for requesting to establish a new SSH connection based on the negotiation parameter after it is determined that the SSH connection established by the forwarding device is disconnected based on the negotiation parameter by the main controller;

the processor 904 is further configured to establish a new SSH connection with the forwarding device based on the negotiated parameters.

It should be noted that the specific implementation of the controller 90 may also correspond to the related description of the method embodiment shown in fig. 3.

Referring to fig. 10, fig. 10 is a forwarding apparatus 100 according to an embodiment of the present invention, where the forwarding apparatus 100 includes a memory 1003 and a processor 1004 (the number of the processors 1004 may be one or more, and fig. 10 illustrates one processor as an example), in some embodiments of the present invention, the memory 1003 and the processor 1004 may be connected through a bus or in other manners, where fig. 10 illustrates connection through a bus as an example. The processor 1004 calls a program for establishing an SSH connection in the memory 1003, and is configured to perform the following operations:

obtaining a negotiation parameter through SSH negotiation with a master controller allocated to the forwarding device 100 by a cluster controller, and establishing SSH connection with the master controller based on the negotiation parameter, where the cluster controller is configured to manage controllers in a cluster, and the master controller is configured to send the negotiation parameter to a slave controller allocated to the forwarding device 100 by the cluster controller;

after the SSH connection established by the processor 1004 with the master controller is disconnected, a new SSH connection is established with the slave controller based on the negotiated parameters.

By running the program code for establishing the SSH connection, the main controller sends the negotiation parameters generated when the SSH connection is established with the forwarding device 100 to the slave controller, and the slave controller and the forwarding device 100 establish a new SSH connection directly based on the negotiation parameters without renegotiating the negotiation parameters after the SSH connection between the main controller and the forwarding device 100 is disconnected, thereby improving the efficiency of establishing a new SSH connection between the slave controller and the forwarding device 100.

In an optional scenario, the forwarding device 100 further includes the input component 1001 and the output component 1002; the processor 1004 is configured to establish, with the controller, a new SSH connection based on the negotiation parameter, specifically:

the processor 1004 is configured to receive, through the input component 1001, a controller identifier of the controller sent by the master controller, where the controller identifier is sent by the cluster controller to the master controller;

the processor 1004 is further configured to determine whether an SSH connection established between the processor 1004 and the main controller is disconnected;

the processor 1004 is further configured to send a request message to the slave controller through the output component 1002 according to the slave controller identifier after judging that the SSH connection established between the processor 1004 and the master controller is disconnected, so as to establish a new SSH connection with the slave controller based on the negotiation parameters.

In another optional scenario, the processor 1004 is configured to establish a new SSH connection with the controller based on the negotiated parameters, specifically:

the processor 1004 is configured to receive, through the input component 1001, an indication message sent by the slave controller, where the indication message is a message sent by the slave controller after an SSH connection established between the processor 1004 and the master controller is disconnected, and is used to indicate that a new SSH connection is established based on the negotiated parameters;

the processor 1004 is further configured to establish a new SSH connection with the controller according to the indication message based on the negotiation parameter.

It should be noted that the specific implementation of the forwarding device 100 may also correspond to the related description of the method embodiment shown in fig. 3.

Referring to fig. 11, fig. 11 is a further controller 110 according to an embodiment of the present invention, where the controller 110 is a main controller, and the controller 110 includes a receiving unit 1101, a negotiation unit 1102, and a first sending unit 1103, where details of each unit are as follows:

the receiving unit 1101 is configured to receive a forwarding device identifier and a controller identifier sent by a cluster controller, where the cluster controller is configured to manage controllers in a cluster;

the negotiation unit 1102 is configured to negotiate with the forwarding device indicated by the forwarding device identifier through an SSH to obtain a negotiation parameter, and establish an SSH connection with the forwarding device based on the negotiation parameter;

the first sending unit 1103 is configured to send the negotiation parameter to the controller indicated by the controller identifier, where the negotiation parameter is used to enable the controller to establish a new SSH connection with the forwarding device after the SSH connection established between the main controller and the forwarding device is disconnected.

By operating the main controller implemented by the invention, the main controller sends the negotiation parameters generated when the main controller establishes the SSH connection with the forwarding equipment to the controller, and the controller and the forwarding equipment directly establish new SSH connection based on the negotiation parameters without renegotiating the negotiation parameters after the SSH connection between the main controller and the forwarding equipment is disconnected, thereby improving the efficiency of establishing new SSH connection between the controller and the forwarding equipment.

In an optional scheme, the first sending unit 1103 is specifically configured to: and sending the forwarding device identifier and the negotiation parameter to a controller indicated by the controller identifier, where the negotiation parameter is used to enable the controller to establish a new SSH connection with the forwarding device according to the forwarding device identifier and the negotiation parameter after receiving a reconnection message sent by the cluster controller after detecting that the SSH connection established between the master controller and the forwarding device is disconnected.

In yet another alternative, the first sending unit 1103 includes a first judging subunit and a first sending subunit, and the details of the judging subunit and the sending subunit are as follows:

the first judging subunit is configured to judge whether an SSH connection established between the main controller and the forwarding device is disconnected;

and the first sending subunit is configured to send a reconnection message including the forwarding device identifier and the negotiation parameter to the controller indicated by the controller identifier, so as to instruct the controller to establish a new SSH connection with the forwarding device according to the forwarding device identifier and the negotiation parameter, when the determination result of the first determining subunit is yes.

In yet another alternative, the first sending unit 1103 includes a second sending subunit, a second determining subunit, and a third sending subunit, and the detailed description of each subunit is as follows:

the second sending subunit is configured to send the negotiation parameter to the controller indicated by the controller identifier;

a second judging subunit, configured to judge whether an SSH connection established between the main controller and the forwarding device is disconnected;

a third sending subunit, configured to send, when a determination result of the second determining subunit is yes, a disconnection prompting message to the cluster controller, so that the cluster controller sends, to the controller, a reconnection message including the forwarding device identifier, where the reconnection message is used to instruct the controller to establish a new SSH connection with the forwarding device according to the forwarding device identifier and the negotiation parameter.

In yet another optional scheme, the controller further includes a second sending unit, where the second sending unit is configured to send, after the receiving unit 1101 receives a forwarding device identifier and a controller identifier sent by the cluster controller, the controller identifier to the forwarding device, so that after the forwarding device determines that the SSH connection is disconnected, a new SSH connection is established with the controller according to the controller identifier and the negotiation parameter.

It should be noted that the specific implementation of the controller 110 may also correspond to the related description referring to the method embodiment shown in fig. 3.

Referring to fig. 12, fig. 12 is a diagram of another controller 120 according to an embodiment of the present invention, where the controller 120 is a controller, the controller 120 includes a receiving unit 1201 and a establishing unit 1202, and the receiving unit 1201 and the establishing unit 1202 are described in detail as follows:

a receiving unit 1201, configured to receive a negotiation parameter sent by a main controller, where the negotiation parameter is obtained by an SSH negotiation between the main controller and a forwarding device managed by the main controller;

an establishing unit 1202, configured to establish a new SSH connection with the forwarding device based on the negotiation parameter after the SSH connection established by the main controller with the forwarding device based on the negotiation parameter is disconnected.

By operating the controller in the embodiment of the invention, the controller receives the negotiation generated when the main controller establishes the SSH connection with the forwarding equipment, which is sent by the main controller, and directly establishes a new SSH connection based on the negotiation parameters without renegotiating the negotiation parameters after the SSH connection between the main controller and the forwarding equipment is disconnected with the forwarding equipment, thereby improving the efficiency of establishing the new SSH connection between the controller and the forwarding equipment.

In an optional scheme, the establishing unit 1202 includes a first receiving subunit and a sending subunit, and the receiving subunit and the sending subunit are described in detail as follows:

a first receiving subunit, configured to receive a reconnection message sent by the master controller or a cluster controller after determining that an SSH connection established by the master controller and the forwarding device based on the negotiation parameter is disconnected, where the cluster controller is configured to manage all controllers in a cluster, and the reconnection message includes a forwarding device identifier of the forwarding device;

and the sending subunit is configured to send an indication message to the forwarding device according to the forwarding device identifier, so as to establish a new SSH connection with the forwarding device based on the negotiation parameter.

In yet another alternative, the establishing unit 1202 includes a second receiving subunit and an establishing subunit, and the detailed description of the second receiving subunit and the establishing subunit is as follows:

a second receiving subunit, configured to receive a request message, sent by the forwarding device, for requesting to establish a new SSH connection based on the negotiation parameter after it is determined that the SSH connection established by the main controller and the forwarding device based on the negotiation parameter is disconnected;

and the establishing subunit is used for establishing a new SSH connection with the forwarding equipment based on the negotiation parameters according to the request message.

It should be noted that the specific implementation of the controller 120 may also correspond to the related description referring to the method embodiment shown in fig. 3.

Referring to fig. 13, fig. 13 is a forwarding device 130 according to an embodiment of the present invention, where the forwarding device 130 includes a negotiation unit 1301 and a setup unit 1302, and the negotiation unit 1301 and the setup unit 1302 are described in detail as follows:

a negotiation unit 1301, configured to negotiate with a main controller, which is allocated to the forwarding device by a cluster controller, through an SSH to obtain a negotiation parameter, and establish an SSH connection with the main controller based on the negotiation parameter, where the cluster controller is configured to manage controllers in a cluster, and the main controller is configured to send the negotiation parameter to a controller, which is allocated to the forwarding device by the cluster controller;

an establishing unit 1302, configured to establish a new SSH connection with the controller based on the negotiation parameter after the SSH connection established between the forwarding device and the main controller is disconnected.

By operating the forwarding device in the embodiment of the present invention, after the main controller sends the negotiation parameters generated when the main controller establishes the SSH connection with the forwarding device to the slave controller, when the SSH connection with the main controller is disconnected, the forwarding device directly establishes a new SSH connection with the slave controller based on the negotiation parameters without renegotiating the negotiation parameters, thereby improving the efficiency of establishing a new SSH connection with the slave controller.

In an alternative scheme, the establishing unit 1302 includes a first receiving subunit, a determining subunit, and a sending subunit, and details of each subunit are as follows:

the first receiving subunit is configured to receive a controller identifier of the controller, which is sent by the master controller, and the controller identifier is sent to the master controller by the cluster controller;

a judging subunit, configured to judge whether an SSH connection established between the forwarding device and the main controller is disconnected;

and the sending subunit is configured to send, when the judgment result of the judging subunit is yes, a request message to the controller according to the identifier of the controller, so as to establish a new SSH connection with the controller based on the negotiation parameter.

In yet another alternative, the establishing unit 1302 includes a second receiving subunit and an establishing subunit, and the second sending subunit and the establishing subunit are described in detail as follows:

a second receiving subunit, configured to receive an indication message sent by the controller, where the indication message is a message sent by the controller after an SSH connection established between the forwarding device and the main controller is disconnected, and is used to indicate that a new SSH connection is established based on the negotiation parameter;

and the establishing subunit is used for establishing a new SSH connection with the controller according to the reconnection message and based on the negotiation parameters.

It should be noted that the specific implementation of the forwarding device 80 may also correspond to the related description of the method embodiment shown in fig. 3.

While the method and apparatus of embodiments of the present invention have been described in detail above, to facilitate a better understanding of the above-described aspects of embodiments of the present invention, a system of embodiments of the present invention is described below with reference to FIG. 14.

Referring to fig. 14, fig. 14 is a software defined network SDN system 140 provided in an embodiment of the present invention, and the system includes a master controller 1401, a slave controller 1402, and a forwarding device 1403, where:

the master controller 1401 is configured to receive an identifier of a forwarding device 1403 and an identifier of a controller 1402, which are sent by a cluster controller, where the cluster controller is configured to manage controllers in a cluster; obtaining a negotiation parameter through SSH negotiation with the forwarding device 1403 indicated by the identifier of the forwarding device 1403; establishing SSH connection with the forwarding device 1403 based on the negotiation parameters, and sending the negotiation parameters to the controller 1402 indicated by the identifier of the controller 1402;

the controller 1402, configured to receive the negotiation parameter sent by the main controller 1401, and request to establish a new SSH connection with the forwarding device 1403 based on the negotiation parameter after the SSH connection established between the main controller 1401 and the forwarding device 1403 is disconnected;

the forwarding device 1403 is configured to receive the request sent by the controller 1402, and establish a new SSH connection with the controller 1402 based on the negotiation parameter according to the request.

By running the program code for establishing the SSH connection, the main controller 1401 sends the negotiation parameters generated when the SSH connection is established with the forwarding device 1403 to the controller 1402, and after the SSH connection between the main controller 1401 and the forwarding device 1403 is disconnected, the controller 1402 and the forwarding device 1403 establish a new SSH connection directly based on the negotiation parameters without renegotiating the negotiation parameters, thereby improving the efficiency of establishing a new SSH connection between the controller 1402 and the forwarding device 1403.

In an alternative solution, the main controller 1401 may be the controller 80 in the embodiment shown in fig. 8, or the controller 110 in the embodiment shown in fig. 11; the controller 1402 may be the controller 90 in the embodiment shown in fig. 9, or the controller 120 in the embodiment shown in fig. 12; the forwarding device 1402 may be the forwarding device 90 in the embodiment shown in fig. 10 or the forwarding device 130 in the embodiment shown in fig. 13.

In summary, by implementing the embodiments of the present invention, the main controller sends the negotiation parameter generated when the SSH connection is established with the forwarding device to the controller, and after the SSH connection between the main controller and the forwarding device is disconnected, the controller and the forwarding device directly establish a new SSH connection based on the negotiation parameter without renegotiating the negotiation parameter, thereby improving the efficiency of establishing a new SSH connection between the controller and the forwarding device.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like.

While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims

1. A method for establishing a secure shell protocol, SSH, connection, comprising:

the main controller sends the negotiation parameters to a controller indicated by the controller identifier, and the negotiation parameters are used for enabling the controller to establish a new SSH connection with the forwarding equipment after the SSH connection established between the main controller and the forwarding equipment is disconnected;

the negotiation parameters include parameters obtained in the processes of version negotiation, algorithm negotiation and key exchange, and the mode for establishing the new SSH connection includes: under the condition that the controller and the forwarding equipment both have negotiation parameters, the forwarding equipment sends an authentication message to the controller, then the forwarding equipment receives an authentication mode list sent by the controller, and selects one or more authentication modes from the authentication mode list; and finally, the controller authenticates the forwarding equipment based on the authentication mode selected by the forwarding equipment, and completes SSH negotiation if the authentication is passed, thereby establishing SSH connection.

2. The method of claim 1, wherein the master controller sending the negotiation parameters to the controller indicated by the controller identification comprises:

3. The method of claim 1, wherein the master controller sending the negotiation parameters to the controller indicated by the controller identification comprises:

4. A method for establishing a secure shell protocol, SSH, connection, comprising:

after the main controller is disconnected with the SSH established by the forwarding equipment based on the negotiation parameters, the controller establishes a new SSH connection with the forwarding equipment based on the negotiation parameters;

5. The method of claim 4, wherein establishing the new SSH connection with the forwarding device based on the negotiated parameters comprises:

the controller receives a reconnection message sent by the main controller after judging that the SSH connection established by the main controller and the forwarding equipment based on the negotiation parameters is disconnected, wherein the reconnection message comprises the forwarding equipment identification of the forwarding equipment;

6. A method for establishing a secure shell protocol, SSH, connection, comprising:

after the SSH connection established between the forwarding equipment and the main controller is disconnected, the forwarding equipment establishes a new SSH connection with the controller based on the negotiation parameters;

7. The method of claim 6, wherein establishing a new SSH connection with the controller based on the negotiated parameters comprises:

8. A controller, wherein the controller is a master controller, and the master controller comprises an input component, an output component, a memory, and a processor, and the processor calls a program in the memory for establishing an SSH connection, and performs the following operations:

sending the negotiation parameter to the controller indicated by the controller identifier through the output component, where the negotiation parameter is used to enable the controller to establish a new SSH connection with the forwarding device after the SSH connection established between the processor and the forwarding device is disconnected;

9. The controller according to claim 8, wherein the processor is configured to send the negotiation parameter to the controller indicated by the controller identifier through the output component, specifically:

10. The controller according to claim 8, wherein the processor is configured to send the negotiation parameter to the controller indicated by the controller identifier through the output component, specifically:

11. A controller, wherein the controller is a controller, wherein the controller comprises an input component, a memory, and a processor, wherein the processor calls a program in the memory for establishing an SSH connection, and is configured to:

after the main controller is disconnected with the SSH established by the forwarding equipment based on the negotiation parameters, establishing a new SSH connection with the forwarding equipment based on the negotiation parameters;

12. The controller of claim 11, further comprising an output component; the processor is configured to establish a new SSH connection with the forwarding device based on the negotiation parameter, and specifically:

the processor is configured to receive, through the input component, a reconnection message sent by the main controller after it is determined that the SSH connection established by the main controller with the forwarding device based on the negotiation parameter is disconnected, where the reconnection message includes a forwarding device identifier of the forwarding device;

13. A forwarding device comprising a memory and a processor, wherein the processor invokes a program in the memory to establish an SSH connection, and is configured to:

after the SSH connection established between the processor and the main controller is disconnected, establishing a new SSH connection with the controller based on the negotiation parameters;

14. The forwarding device of claim 13, wherein the processor is configured to establish a new SSH connection with the controller based on the negotiated parameters, and specifically:

the processor is configured to receive, by an input component, an indication message sent by the controller, where the indication message is a message sent by the controller after an SSH connection established between the processor and the main controller is disconnected, and is used to indicate that a new SSH connection is established based on the negotiation parameters;

15. A Software Defined Network (SDN) system is characterized by comprising a main controller, a controller and a forwarding device, wherein:

the negotiation parameters include parameters obtained in the processes of version negotiation, algorithm negotiation and key exchange, and the mode for establishing the new SSH connection includes: under the condition that the controller and the forwarding equipment both have negotiation parameters, the forwarding equipment sends an authentication message to the controller, then the forwarding equipment receives an authentication mode list sent by the controller, and selects one or more authentication modes from the authentication mode list; finally, the controller authenticates the forwarding equipment based on the authentication mode selected by the forwarding equipment, and completes SSH negotiation if the authentication is passed, thereby establishing SSH connection;

16. The system of claim 15, wherein:

the main controller is the controller of any one of claims 8-10;

the controller is the controller of any one of claims 11 to 12;

the forwarding device is as claimed in any one of claims 13 to 14.