CN107743097B - Multicast method and device based on SDN network - Google Patents
Multicast method and device based on SDN network Download PDFInfo
- Publication number
- CN107743097B CN107743097B CN201711046989.XA CN201711046989A CN107743097B CN 107743097 B CN107743097 B CN 107743097B CN 201711046989 A CN201711046989 A CN 201711046989A CN 107743097 B CN107743097 B CN 107743097B
- Authority
- CN
- China
- Prior art keywords
- multicast
- link
- source
- receiver
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
- H04L49/201—Multicast operation; Broadcast operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a multicast method and a device based on an SDN network, which are applied to an SDN controller, and the method comprises the following steps: receiving registration information of a multicast source and multicast receivers and generating a multicast source service directory and a multicast receiver list; acquiring a multicast service request, wherein the multicast service request comprises information of a multicast source and/or information of a multicast receiver of a multicast service; judging whether the multicast service request is matched with the multicast source service directory and the multicast receiver list; if the multicast service request matches the multicast source service directory and the multicast receiver list, performing multicast authority authentication on the multicast source and the multicast receiver; when the multicast source and the multicast receiver obtain multicast authority authentication, establishing a link between the multicast source and the multicast receiver; acquiring service requirements and link state information input by a user; and controlling the link according to the service requirement and the link state information.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a multicast method and apparatus based on an SDN network.
Background
SDN (Software Defined Network) is a novel Network innovation architecture, one of the core technologies is OpenFlow technology, and the technology separates a Network device control plane from a forwarding plane, thereby implementing flexible control of Network traffic and providing good technical conditions for innovation of Network applications.
OpenFlow is a novel network technology that enables a user or a program to control network processing behavior through a flow table. The OpenFlow network realizes the separation of a data forwarding layer and a control layer. The OpenFlow switch realizes forwarding of a data layer, and the SDN controller realizes functions of a control layer. The controller controls SDN forwarding devices (including an SDN forwarding device including an OpenFlow switch) through an OpenFlow protocol, so that the whole network is controlled in a centralized manner.
In current network activities, a special transmission mode exists, namely Multicast (Multicast): a point-to-multipoint network connection is implemented between the sender and each recipient. If a sender transmits the same data to multiple receivers simultaneously, only one copy of the same data packet needs to be copied at the intermediate transmission node. Through multicast, the data transmission efficiency can be improved, the probability of congestion of a backbone network is reduced, and the pressure of a sender on sending a message is also reduced. However, the current multicast technology and application have many defects: for example, the multicast receiver and multicast source need other protocols for authentication, authentication and charging; the security of the multicast data is difficult to guarantee, and the layered and graded security is difficult to realize; the multicast path can not carry out dynamic comprehensive control according to the attribute of the multicast data and the current state of the link; abnormal multicast data can not be isolated and reported in time in the multicast process (including the situation of counterfeit multicast sources).
Disclosure of Invention
In view of this, the present invention provides a multicast method and apparatus based on an SDN network, so as to flexibly and efficiently manage an interconnection link of a data center.
The multicast method based on the SDN network provided by the embodiment of the invention is applied to an SDN controller, and comprises the following steps: receiving registration information of a multicast source and multicast receivers and generating a multicast source service directory and a multicast receiver list; acquiring a multicast service request, wherein the multicast service request comprises information of a multicast source and information of a multicast receiver of a multicast service; judging whether the multicast service request is matched with the multicast source service directory and/or the multicast receiver list; if the multicast service request matches the multicast source service directory and the multicast receiver list, performing multicast authority authentication on the multicast source and the multicast receiver; when the multicast source and the multicast receiver obtain multicast authority authentication, establishing a link between the multicast source and the multicast receiver; acquiring service requirements and link state information input by a user; and controlling the link according to the service requirement and the link state information.
Optionally, after the step of establishing a link between the multicast source and the multicast receiver, the SDN controller connects a plurality of SDN forwarding devices, and the method further includes: and combining a plurality of links between the two SDN forwarding equipment ports to form a multicast link.
Optionally, after the step of establishing the link between the multicast source and the multicast receiver, the method further includes: presetting a multicast content grading keyword; corresponding the content grading keywords to related label information of multicast streams; identifying the preset multicast content grading keywords corresponding to the related labels in the multicast stream and grading the multicast content data according to the grading keywords; encrypting or not encrypting the multicast content data of different grades after grading by different encryption algorithms; and multicasting the encrypted multicast content data through the link.
Optionally, the SDN controller is further connected to an edge forwarding device of an SDN network, where the edge forwarding device is configured to connect the SDN network and a non-SDN network, and the edge forwarding device of the SDN network communicates with a multicast source and a multicast receiver in an external non-SDN network within a range specified by the multicast source service directory and the multicast receiver list.
Optionally, the link state information includes link traffic monitoring information, the link traffic monitoring information includes abnormal traffic information, and the step of controlling the link according to the service requirement configured by the user and the link state information specifically includes determining a source of abnormal data according to the abnormal traffic information; if the abnormal data comes from the multicast source, stopping the multicast service or limiting the flow of the multicast service; if the abnormal data comes from the multicast receiver, discarding the abnormal flow and even closing a link between the multicast source and the multicast receiver sending the abnormal data; judging whether the abnormal flow information is larger than a preset value of the multicast flow nominal value in the service directory or not; if yes, carrying out current limiting or current cutoff operation on the multicast stream; judging whether the multicast stream is copied at a non-preset copy point or not according to the abnormal traffic information; if yes, correcting the replication point; judging whether the multicast stream is sent to a receiving port which does not obtain the multicast authorization according to the abnormal flow information; if yes, the multicast stream transmission of the receiving port is cancelled.
The multicast device based on the SDN network provided in the embodiment of the invention is applied to an SDN controller, and comprises a memory, a processor and a multicast program based on the SDN network, wherein the multicast program based on the SDN network is stored in the memory and can run on the processor, and when being executed by the processor, the multicast program based on the SDN network realizes the following steps: receiving registration information of a multicast source and multicast receivers and generating a multicast source service directory and/or a multicast receiver list; acquiring a multicast service request, wherein the multicast service request comprises information of a multicast source and information of a multicast receiver of a multicast service; judging whether the multicast service request matches the multicast source service directory and the multicast receiver list; if the multicast service request matches the multicast source service directory and the multicast receiver list, performing multicast authority authentication on the multicast source and the multicast receiver; when the multicast source and the multicast receiver obtain multicast authority authentication, establishing a link between the multicast source and the multicast receiver; acquiring service requirements and link state information input by a user; and controlling the link according to the service requirement and the link state information.
Optionally, after the step of establishing a link between the multicast source and the multicast receiver, the processor is further configured to execute the multicast program to implement the following steps: and combining a plurality of links between the two SDN forwarding equipment ports to form a multicast link.
Optionally, after the step of establishing the link between the multicast source and the multicast receiver, the processor is further configured to execute the multicast program to implement the following steps: presetting a multicast content grading keyword; corresponding the content grading key words to related label information of the multicast stream; identifying the preset multicast content grading keywords corresponding to the related labels in the multicast stream and grading the multicast content data according to the grading keywords; encrypting or not encrypting the multicast content data of different grades after grading by different encryption algorithms; and multicasting the encrypted multicast content data through the link.
Optionally, the SDN controller is further connected to an edge forwarding device of an SDN network, where the edge forwarding device is configured to connect the SDN network and a non-SDN network, and the edge forwarding device of the SDN network communicates with a multicast source and a multicast receiver in an external non-SDN network within a range specified by the multicast source service directory and the multicast receiver list.
Optionally, the link state information includes link traffic monitoring information, the link traffic monitoring information includes abnormal traffic information, and the step of controlling the link according to the service requirement and the link state information, which is executed by the processor, specifically includes: judging the source of abnormal data according to the abnormal flow information; if the abnormal data comes from the multicast source, stopping the multicast service or limiting the flow of the multicast service; if the abnormal data originates from the multicast receiver, discarding the abnormal flow and even closing a link between the multicast source and the multicast receiver sending the abnormal data; judging whether the abnormal flow information is larger than a preset value of the multicast flow nominal value in the service directory or not; if yes, carrying out current limiting or current breaking operation on the multicast stream; judging whether the multicast stream is copied at a non-preset copy point or not according to the abnormal flow information; if yes, correcting the replication point; judging whether the multicast stream is sent to a receiving port which does not obtain the multicast authorization or not according to the abnormal flow information; if yes, the multicast stream transmission of the receiving port is cancelled.
By implementing the multicast method and device based on the SDN, the multicast can be more efficient and safer in the environment of the SDN, and the management of the multicast is more convenient.
The invention is described in detail below with reference to the drawings and specific examples, but the invention is not limited thereto.
Drawings
Fig. 1 is a diagram of an application environment of an embodiment of a multicast device 10 based on an SDN network according to the present invention.
Fig. 2 is a flowchart of an embodiment of a multicast method based on an SDN network according to the present invention.
Fig. 3 is a block diagram of an embodiment of a multicast apparatus 10 based on an SDN network according to the present invention.
Description of the main elements
SDN controller 1
Edge SDN forwarding device 4
The following detailed description will further illustrate the invention in conjunction with the above-described figures.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is an application environment diagram of an embodiment of a multicast device based on an SDN network according to the present invention. The SDN controller 1 is configured to connect a plurality of area networks, which include SDN networks or non-SDN networks, such as area network a, area network b, area network c, and area network d in the figure, where area network a, area network b, and area network c are SDN networks, and area network d is a non-SDN network. The SDN network comprises at least one host 2 and an SDN forwarding device 3 connected to the host 2, and the non-SDN network also comprises at least one host 2, and is connected to the SDN network through an edge SDN forwarding device 4 in the SDN network. As for the SDN forwarding devices 3 and the edge SDN forwarding devices 4, the SDN controller 1 is connected, that is, the interconnection and interworking between the SDN network and the non-SDN network are realized. Once one host 2 in all networks controlled by the SDN controller 1 has multicast requirements (including a multicast sending request or a multicast receiving request), flexible control of multicast may be achieved according to the scheme disclosed in this application.
Fig. 2 is a flowchart of an embodiment of a multicast method based on an SDN network according to the present invention, and the multicast method is applied to an SDN controller 1, where the SDN controller 1 connects a plurality of SDN forwarding devices 3 or edge SDN forwarding devices 4. By implementing the multicast method based on the SDN, the control of network multicast is more flexible, safer and more efficient.
At step S200, the SDN controller 1 receives registration information of a multicast source and multicast receivers and generates a multicast source service directory and a multicast receiver list.
In the present embodiment, the multicast source and the multicast receiver are both devices of the host-2 or host-type, and any one of the hosts 2 may be a multicast source or a multicast receiver, but in the aspect disclosed in the present invention, it is necessary to perform information registration for both the multicast source and the multicast receiver. Therefore, in the above steps, once the registration information of the multicast source or the multicast receiver is received, a multicast source service directory and a multicast receiver list are automatically generated after optional authentication and verification processes, where the multicast source service directory records multicast services that can be provided by the multicast source, and the multicast source service directory and the multicast receiver list are two logical tables and can be physically combined into one table.
In this embodiment, the registration information includes: 1. a unicast IP address of the multicast source; 2. the ID, slot number and port number of the device connected with the multicast source; 3. the multicast source comprises all multicast service names, attributes, white lists or/and black lists of service objects (multicast receivers); 4. a unicast IP address of the multicast recipient; 5. the ID, slot number and port number of the physical device connected with the multicast receiver; 6. the attribute of the multicast receiver, the white list or/and the black list of the multicast service that can be received are specifically as the following table one:
watch 1
In step S202, the SDN controller 1 obtains a multicast service request, where the multicast service request includes information of a multicast source and/or information of a multicast receiver of a multicast service.
In this embodiment, the multicast service request acquired by the SDN controller 1 may be divided into two types according to different sources, one type is a multicast service request initiated by a multicast source, and the other type is a multicast service request initiated by a multicast receiver. Different multicast service requests include different information, for example, a multicast service request from a multicast source includes the identity of the multicast source and which hosts to multicast to, and a multicast service request from a multicast receiver includes the identity of the multicast receiver and which multicast services to receive.
In step S204, it is determined whether the multicast service request matches the multicast source service directory and the multicast recipient list.
In this embodiment, once the SDN controller 1 receives a multicast service request from either a multicast source or a multicast receiver, it needs to determine whether the multicast service request is included in a multicast source service directory or a multicast receiver list. And if the multicast source information or the multicast receiver information carried in the multicast service request is matched with the information in the multicast source service directory and the multicast receiver list of the multicast source, the multicast service request belongs to the normal multicast service request, namely is admitted, or else, a related log or alarm is given. Examples are as follows: 1. for example, the multicast service B1-1 only allows the multicast receivers R1-1, R1-2 and R1-5 to serve, then the requests for the multicast service except for those sent by R1-1, R1-2 and R2-5 are rejected and relevant logs and alarms are given; 2. for example, the multicast receiver R1-1 does not allow to receive the multicast service B2-2, and the multicast receiver can reject and give related logs and alarms no matter whether R1-1 sends out the multicast service request aiming at B2-2 or B2-2 sends out the multicast service request aiming at R1-1; 3. for example, multicast service B2-1 may provide services to registered multicast receivers in addition to the receivers of R1-1.
In step S206, if the multicast service request matches the multicast source service directory and the multicast receiver list, performing multicast permission authentication on the multicast source and the multicast receiver simultaneously.
In this embodiment, if the information carried in the multicast service request sent by the multicast source or sent by the multicast receiver matches the multicast source service directory and the multicast receiver list, it indicates that the multicast source or the multicast receiver initiating the multicast service request belongs to the multicast source or the multicast receiver that has been registered on the SDN controller 1. In this case, multicast authentication, authorization and accounting are required for the multicast source and the multicast receiver carrying the corresponding multicast service. In this embodiment, the authentication of multicast authority for the multicast source and the multicast receiver may be implemented by an independent authentication and authorization system such as AAA, and of course, it may also directly perform authentication, authorization and accounting according to configuration information input by the user, for example, the following table two (where the authority list is a summary of authority information including a black list and a white list in the above table):
watch two
In step S208, if the multicast source and the multicast receiver obtain the multicast permission, a link between the multicast source and the multicast receiver is established.
In the present embodiment, when both the multicast source and the multicast receiver have the multicast authority, the SDN controller 1 can quickly establish a multicast link between the multicast source and the multicast receiver by using the network topology that the SDN controller 1 knows to connect all network nodes. The steps of the SDN network to establish the multicast link are as follows: 1. acquiring the physical connection relation of all the SDN forwarding devices 3 and quality attribute information (link type, total bandwidth, used bandwidth, average delay, jitter, packet loss, etc.) of a physical link between each two points; 2. acquiring all physical links (possibly a plurality of links) between all multicast sources and multicast receivers which are allowed and need to establish the links; 3. selecting a proper link for each pair of multicast source and multicast receiver according to the requirement of multicast service; 4. merging the superposed links in all links in step 3 for each multicast service of each multicast source, wherein after merging, the link bifurcation point is the replication point of the multicast source, and how many more than 1 bifurcation points are the replication points.
In addition, in this embodiment, after the link between the multicast source and the multicast receiver is established, encryption of data at different levels may be performed according to multicast content of the multicast, so as to implement encryption of data in the multicast process, and ensure security of the multicast process without increasing encryption and decryption functions inside the multicast source and the multicast receiver, which is specifically as follows: presetting multicast content grading keywords; corresponding the content grading key words to related label information of the multicast stream; identifying the preset multicast content grading keywords by identifying the related labels and grading the multicast content data according to the grading keywords; encrypting or not encrypting the multicast content data of different grades after grading by different encryption algorithms; and multicasting the encrypted multicast content data through the link, decrypting the multicast content data on equipment which is closest to a receiver and has a decryption function, and sending the multicast stream to the multicast receiver or directly decrypting the multicast stream on a host of the multicast receiver.
In step S210, the service requirement and the link status information input by the user are acquired.
In this embodiment, the input service requirement refers to a security requirement and a QoS (quality of service) requirement of the user for the multicast service; the link state information includes link quality information and link traffic monitoring information, the link quality information may include information such as total link bandwidth, used bandwidth, delay, packet loss, jitter, encryption/decryption, and network service load, and the link traffic monitoring information includes normal traffic data and link traffic classification statistical data; abnormal traffic statistics (including but not limited to data sent by an abnormal multicast source, abnormal data sent by a normal multicast source, abnormal data sent by a multicast receiver, etc.). The abnormal traffic information mainly refers to the following situations: multicast streams that are not listed in the service directory or that are outdated in the service directory appear in the network; non-multicast data streams and should not appear in the link (e.g., unicast data streams, data streams for a multicast recipient ping a multicast source, etc.); the normal multicast data flow in the service directory is far larger than the nominal value of the multicast flow; the multicast stream is duplicated at an incorrect duplication point; the multicast stream is sent to a receiving port that has not obtained authorization for the multicast stream, and so on.
In step S212, the link is controlled according to the service requirement configured by the user and the link state information.
In this embodiment, once the service requirement configured by the user and the state information of the multicast link are acquired, the current multicast link can be controlled. The link state information includes traffic monitoring information of the link, for example, the link is controlled according to the traffic monitoring information of the link, that is: judging the source of abnormal data according to the abnormal flow information; if the abnormal data comes from the multicast source, stopping the multicast service or limiting the flow of the multicast service; if the abnormal data comes from the multicast receiver, discarding the abnormal flow and even closing a link between the multicast source and the multicast receiver which sends the abnormal data; judging whether the abnormal flow information is larger than a preset value of the multicast flow nominal value in the service directory or not; if yes, carrying out current limiting or current cutoff operation on the multicast stream; judging whether the multicast stream is copied at a non-preset copy point or not according to the abnormal traffic information; if yes, correcting the replication point; judging whether the multicast stream is sent to a receiving port which is not authorized by the multicast stream according to the abnormal traffic information; if yes, the multicast stream transmission of the receiving port is cancelled. All the above situations and operations require submitting related logs and alarms. In the above embodiment, the multicast link is adjusted according to the information of the link, so as to meet the multicast service requirement and improve the utilization rate of link resources.
In the above solution, the SDN controller 1 is connected to a plurality of SDN forwarding devices 3, and further includes an edge forwarding device 4 of the SDN network, where the edge forwarding device 4 is configured to connect the SDN network and a non-SDN network, and the edge forwarding device 4 of the SDN network communicates with a multicast source and a multicast receiver in an external non-SDN network within a range specified by a service directory, that is, enabling the multicast receiver in the non-SDN network to join a multicast service in the SDN network, and enabling the multicast source in the non-SDN network to provide a multicast service for the multicast receiver in the SDN network. For the service directory, a multicast receiver in a non-SDN network can acquire a multicast service in the service directory in the SDN multicast network; it also means that a multicast source in a non-SDN network can only provide multicast services to multicast receivers in the SDN multicast network in the service directory.
Fig. 3 is a block diagram of an embodiment of a multicast apparatus 10 based on an SDN network according to the present invention. Wherein the SDN network based multicast device 10 is applied to the SDN controller 1 and comprises a memory 100, a processor 102 and an SDN network based multicast program stored on the memory and executable on the processor, the SDN network based multicast program implementing the following steps when executed by the processor 102:
receiving registration information of a multicast source and multicast receivers and generating a multicast source service directory and a multicast receiver list;
acquiring a multicast service request, wherein the multicast service request comprises information of a multicast source and information of a multicast receiver of a multicast service;
judging whether the multicast service request is matched with the multicast source service directory and/or the multicast receiver list;
if the multicast service request matches the multicast source service directory and the multicast receiver list, performing multicast authority authentication on the multicast source and the multicast receiver;
when the multicast source and the multicast receiver obtain multicast authority authentication, establishing a link between the multicast source and the multicast receiver;
acquiring service requirements and link state information input by a user;
and controlling the link according to the service requirement and the link state information.
Specifically, in the present embodiment, the multicast source and the multicast receiver are both devices of the host 2 or host nature, and any one of the hosts 2 may be a multicast source or a multicast receiver, but in the aspect disclosed in the present invention, it is necessary to perform information registration for both the multicast source and the multicast receiver. Therefore, in the above steps, once the registration information of the multicast source or the multicast receiver is received, a multicast source service directory and a multicast receiver list are automatically generated after optional authentication and verification processes, where the multicast source service directory records the multicast services that can be provided by the multicast source, and the multicast source service directory and the multicast receiver list are two logical tables and can be physically combined into one table. In this embodiment, the registration information includes: 1. a unicast IP address of the multicast source; 2. the ID, slot number and port number of the device connected with the multicast source; 3. the multicast source comprises all multicast service names, attributes, white lists or/and black lists of service objects (multicast receivers); 4. a unicast IP address of the multicast recipient; 5. the ID, slot number and port number of the physical device connected with the multicast receiver; 6. the attributes of the multicast receivers, the white list or/and the black list of the multicast services that can be received, refer to table one above.
Specifically, in this embodiment, the multicast service request acquired by the SDN controller 1 may be divided into two types according to different sources, one type is a multicast service request initiated by a multicast source, and the other type is a multicast service request initiated by a multicast receiver. Different multicast service requests include different information, for example, a multicast service request initiated by a multicast source includes identification information of the multicast source itself and which hosts to multicast to, and a multicast service request initiated by a multicast receiver includes identification information of the multicast receiver and which multicast services to receive.
Specifically, in the present embodiment, once the SDN controller 1 receives a multicast service request from a multicast source or a multicast service request from a multicast receiver, it needs to determine whether the multicast service request is included in a multicast source service directory or a multicast receiver list. And if the multicast source information or the multicast receiver information carried in the multicast service request is matched with the information in the multicast source service directory and the multicast receiver list of the multicast source, the multicast service request belongs to the normal multicast service request, namely is admitted, otherwise, a related log or alarm is given. Examples are as follows: 1. for example, the multicast service B1-1 only allows the multicast receivers R1-1, R1-2 and R1-5 to serve, then the requests for the multicast service except for those sent by R1-1, R1-2 and R2-5 are rejected and relevant logs and alarms are given; 2. for example, the multicast receiver R1-1 does not allow to receive the multicast service B2-2, and the multicast receiver can reject and give related logs and alarms no matter whether R1-1 sends out the multicast service request aiming at B2-2 or B2-2 sends out the multicast service request aiming at R1-1; 3. for example, multicast service B2-1 may provide services to registered multicast receivers in addition to the receivers of R1-1.
Specifically, if the information carried in the multicast service request sent by the multicast source or sent by the multicast receiver matches the multicast source service directory and the multicast receiver list, it indicates that the multicast source or the multicast receiver initiating the multicast service request is registered on the SDN controller 1. In this case, multicast authentication, authentication and charging are required for the multicast source and the multicast receiver carrying the corresponding multicast service. In this embodiment, the authentication of the multicast authority for the multicast source and the multicast receiver may be implemented by an authentication and authorization system such as an independent AAA, or, of course, the authentication and authorization and the charging may be directly performed according to the configuration information input by the user, which is specifically referred to the above table two.
Specifically, in this embodiment, when both the multicast source and the multicast receiver have multicast authority, the SDN controller 1 can quickly establish a multicast link between the multicast source and the multicast receiver by using the network topology that the SDN controller 1 knows to connect all network nodes. The steps of the SDN network for establishing the multicast link are as follows: 1. acquiring the physical connection relation of all the SDN forwarding devices 3 and quality attribute information (link type, total bandwidth, used bandwidth, average delay, jitter, packet loss, etc.) of a physical link between each two points; 2. acquiring all physical links (possibly a plurality of links) between all multicast sources and multicast receivers which are allowed and need to establish the links; 3. selecting a proper link for each pair of multicast source and multicast receiver according to the requirement of multicast service; 4. merging the superposed links in all links in step 3 for each multicast service of each multicast source, wherein after merging, the link bifurcation point is the replication point of the multicast source, and how many more than 1 bifurcation points are the replication points.
Specifically, after the link between the multicast source and the multicast receiver is established, encryption at different levels can be performed according to multicast content of the multicast, so that encryption of data in the multicast process is realized, and the security of the multicast process is ensured under the condition that the encryption and decryption functions in the multicast source and the multicast receiver are not increased, which is specifically as follows: presetting a multicast content grading keyword; corresponding the content grading keywords to related label information of multicast streams; identifying the preset multicast content grading keywords by identifying the related labels and grading the multicast content data according to the grading keywords; encrypting or not encrypting the multicast content data of different grades after grading by different encryption algorithms; and multicasting the encrypted multicast content data through the link, decrypting the encrypted multicast content data on a device which is closest to a receiver and has a decryption function, and transmitting the multicast stream to the multicast receiver or directly decrypting the multicast stream on a multicast receiver host.
Specifically, the input service requirement refers to a security requirement and a QoS (quality of service) requirement of the user for the multicast service; the link state information includes link quality information and link traffic monitoring information, the link quality information may include information such as total link bandwidth, used bandwidth, delay, packet loss, jitter, encryption/decryption, and network service load, and the link traffic monitoring information includes normal traffic data and link traffic classification statistical data; abnormal traffic statistics (including but not limited to data sent by an abnormal multicast source, abnormal data sent by a normal multicast source, abnormal data sent by a multicast receiver, etc.). The abnormal traffic information mainly refers to the following situations: multicast streams that are not listed in the service directory or that are out of date in the service directory appear in the network; non-multicast data streams and should not be present in the link (e.g., unicast data streams, data streams for a multicast recipient ping a multicast source, etc.); the normal multicast data flow in the service directory is far larger than the nominal value of the multicast flow; the multicast stream is replicated at an incorrect replication point; the multicast stream is sent to a receiving port that has not obtained authorization for the multicast stream, and so on.
Specifically, once the service requirement configured by the user and the state information of the multicast link are obtained, the current multicast link may be controlled. The link state information includes traffic monitoring information of the link, for example, the link is controlled according to the traffic monitoring information of the link, that is: judging the source of abnormal data according to the abnormal flow information; if the abnormal data comes from the multicast source, stopping the multicast service or limiting the flow of the multicast service; if the abnormal data originates from the multicast receiver, discarding the abnormal flow and even closing a link between the multicast source and the multicast receiver sending the abnormal data; judging whether the abnormal flow information is larger than a preset value of the multicast flow nominal value in the service directory or not; if yes, carrying out current limiting or current breaking operation on the multicast stream; judging whether the multicast stream is copied at a non-preset copy point or not according to the abnormal traffic information; if yes, correcting the replication point; judging whether the multicast stream is sent to a receiving port which is not authorized by the multicast stream according to the abnormal traffic information; if yes, the multicast stream transmission of the receiving port is cancelled. All the above-mentioned situations and operations are subject to the submission of relevant logs and alarms. In the above embodiment, the multicast link is adjusted according to the information of the link, so as to meet the multicast service requirement and improve the utilization rate of link resources.
In the above solution, the SDN controller 1 is connected to multiple SDN forwarding devices 3, where the SDN forwarding devices further include edge forwarding devices of the SDN network, the edge forwarding devices are used to connect the SDN network and a non-SDN network, and the edge forwarding devices 10 of the SDN network communicate with external multicast sources and multicast receivers in the non-SDN network within a range specified by a service directory, that is, multicast receivers in the non-SDN network join a multicast service in the SDN network, and multicast sources in the non-SDN network provide multicast services for multicast receivers in the SDN network.
By the multicast method and device based on the SDN, multicast in the SDN can be more efficient and safer, and management of multicast is more convenient.
Based on another aspect of the foregoing embodiments, the present invention also provides a computer-readable storage medium storing one or more programs, which are executable by one or more processors to implement the steps of the above-mentioned SDN network-based multicast method.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a component of' 8230; \8230;" does not exclude the presence of another like element in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can clearly understand that the above embodiment method can be implemented by software and a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention or portions thereof contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A multicast method based on an SDN network is applied to an SDN controller, and is characterized in that the method comprises the following steps:
receiving registration information of a multicast source and multicast receivers and generating a multicast source service directory and a multicast receiver list;
acquiring a multicast service request, wherein the multicast service request comprises information of a multicast source of a multicast service or/and information of a multicast receiver;
judging whether the multicast service request matches the multicast source service directory and the multicast receiver list;
if the multicast service request matches the multicast source service directory and the multicast receiver list, performing multicast authority authentication on the multicast source and the multicast receiver;
when the multicast source and the multicast receiver obtain multicast authority authentication, establishing a link between the multicast source and the multicast receiver;
acquiring link state information and service requirements input by a user;
and controlling the link according to the service requirement and the link state information.
2. The SDN network-based multicasting method of claim 1 wherein the SDN controller interfaces with a plurality of SDN forwarding devices, the step of establishing a link between the multicast source and the multicast receiver being followed by the method further comprising:
and combining a plurality of links between the two SDN forwarding equipment ports to form a multicast link.
3. The SDN network-based multicasting method of claim 1 wherein, after the step of establishing a link between the multicast source and the multicast receiver, the method further comprises:
presetting a multicast content grading keyword;
corresponding the content grading keywords to related label information of multicast streams;
identifying the preset multicast content grading keywords corresponding to the related labels in the multicast stream and grading the multicast content data according to the grading keywords;
encrypting or not encrypting the multicast content data of different grades after grading by different encryption algorithms;
and multicasting the encrypted multicast content data through the link.
4. The SDN network-based multicasting method of claim 1 wherein the SDN controller is further connected to an edge forwarding device of an SDN network, the edge forwarding device being configured to connect the SDN network and a non-SDN network, the edge forwarding device of the SDN network communicating with multicast sources and multicast receivers in an external non-SDN network within a range specified by the multicast source service directory and the multicast receiver list.
5. The SDN network-based multicasting method of claim 1, wherein the link-state information includes link-traffic monitoring information, wherein the link-traffic monitoring information includes abnormal-traffic information, and wherein the step of controlling the link according to the user-configured service requirement and the link-state information specifically includes:
judging the source of abnormal data according to the abnormal flow information;
if the abnormal data comes from the multicast source, stopping the multicast service or limiting the flow of the abnormal data;
if the abnormal data comes from the multicast receiver, discarding the abnormal flow and even closing a link between the multicast source and the multicast receiver sending the abnormal data;
judging whether the abnormal flow information is larger than a preset value of the multicast flow nominal value in the service directory or not;
if yes, carrying out current limiting or current breaking operation on the multicast stream;
judging whether the multicast stream is copied at a non-preset copy point or not according to the abnormal traffic information;
if yes, correcting the replication point;
judging whether the multicast stream is sent to a receiving port which does not obtain the multicast authorization according to the abnormal flow information;
if yes, the multicast stream transmission of the receiving port is cancelled.
6. An SDN network-based multicast device applied to an SDN controller, wherein the SDN network-based multicast device includes a memory, a processor, and an SDN network-based multicast program stored in the memory and executable on the processor, and when executed by the processor, the SDN network-based multicast program implements the following steps:
receiving registration information of a multicast source and multicast receivers and generating a multicast source service directory and a multicast receiver list;
acquiring a multicast service request, wherein the multicast service request comprises information of a multicast source and/or information of a multicast receiver of a multicast service;
judging whether the multicast service request is matched with the multicast source service directory and the multicast receiver list;
if the multicast service request matches the multicast source service directory and the multicast receiver list, performing multicast authority authentication on the multicast source and the multicast receiver;
when the multicast source and the multicast receiver obtain multicast authority authentication, establishing a link between the multicast source and the multicast receiver;
acquiring link state information and service requirements input by a user;
and controlling the link according to the service requirement and the link state information.
7. The SDN network-based multicasting apparatus of claim 6 wherein the SDN controller interfaces with a plurality of SDN forwarding devices, and wherein after the step of establishing a link between the multicast source and the multicast receiver, the processor is further configured to execute the multicasting procedure to implement the steps of:
and combining a plurality of links between the two SDN forwarding equipment ports to form a multicast link.
8. The SDN network-based multicast apparatus of claim 6, wherein after the step of establishing a link between the multicast source and the multicast receiver, the processor is further configured to execute the multicast program to implement the steps of:
presetting multicast content grading keywords;
corresponding the content grading keywords to related label information of multicast streams;
identifying the preset multicast content grading keywords corresponding to the related labels in the multicast stream and grading the multicast content data according to the grading keywords;
encrypting or not encrypting the multicast content data of different grades after grading by different encryption algorithms;
and multicasting the encrypted multicast content data through the link.
9. The SDN network-based multicasting apparatus of claim 6 wherein the SDN controller is further connected to an edge forwarding device of an SDN network, the edge forwarding device being configured to connect the SDN network and a non-SDN network, the edge forwarding device of the SDN network communicating with multicast sources and multicast receivers in an external non-SDN network within a range specified by the multicast source service directory and multicast receiver list.
10. The SDN network-based multicast apparatus of claim 6, wherein the link state information includes link traffic monitoring information, wherein the link traffic monitoring information includes abnormal traffic information, and wherein the step performed by the processor of controlling the link according to the service requirement and the link state information specifically includes:
judging the source of abnormal data according to the abnormal flow information;
if the abnormal data is from the multicast source, stopping the multicast service or limiting the flow of the link;
if the abnormal data comes from the multicast receiver, discarding the abnormal flow and even closing a link between the multicast source and the multicast receiver sending the abnormal data;
judging whether the abnormal flow information is larger than a preset value of the multicast flow nominal value in the service directory or not;
if yes, carrying out current limiting or current breaking operation on the multicast stream;
judging whether the multicast stream is copied at a non-preset copy point or not according to the abnormal traffic information;
if yes, correcting the replication point;
judging whether the multicast stream is sent to a receiving port which does not obtain the multicast authorization or not according to the abnormal flow information;
if yes, the multicast stream transmission of the receiving port is cancelled.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711046989.XA CN107743097B (en) | 2017-10-31 | 2017-10-31 | Multicast method and device based on SDN network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711046989.XA CN107743097B (en) | 2017-10-31 | 2017-10-31 | Multicast method and device based on SDN network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107743097A CN107743097A (en) | 2018-02-27 |
CN107743097B true CN107743097B (en) | 2023-01-31 |
Family
ID=61233735
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711046989.XA Active CN107743097B (en) | 2017-10-31 | 2017-10-31 | Multicast method and device based on SDN network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107743097B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110730109A (en) * | 2019-10-12 | 2020-01-24 | 北京百度网讯科技有限公司 | Method and apparatus for generating information |
CN111818521B (en) | 2020-06-14 | 2022-05-06 | 苏州浪潮智能科技有限公司 | Authority authentication method and system based on data center 5G network encryption multicast |
CN115473843B (en) * | 2021-06-10 | 2023-06-20 | 中国电信股份有限公司 | Information interaction method, router and communication system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101155053A (en) * | 2006-09-25 | 2008-04-02 | 华为技术有限公司 | Method and system for implementing multicast broadcasting service |
CN103312514A (en) * | 2013-06-21 | 2013-09-18 | 中国人民解放军信息工程大学 | Multicast receiver verification method based on unicast forwarding mode |
CN106209622A (en) * | 2016-06-23 | 2016-12-07 | 广州海格通信集团股份有限公司 | A kind of method of multicasting based on SDN |
-
2017
- 2017-10-31 CN CN201711046989.XA patent/CN107743097B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101155053A (en) * | 2006-09-25 | 2008-04-02 | 华为技术有限公司 | Method and system for implementing multicast broadcasting service |
CN103312514A (en) * | 2013-06-21 | 2013-09-18 | 中国人民解放军信息工程大学 | Multicast receiver verification method based on unicast forwarding mode |
CN106209622A (en) * | 2016-06-23 | 2016-12-07 | 广州海格通信集团股份有限公司 | A kind of method of multicasting based on SDN |
Also Published As
Publication number | Publication date |
---|---|
CN107743097A (en) | 2018-02-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108809836B (en) | Multicast data message forwarding method and device | |
EP2641187B1 (en) | Method and apparatus to create and manage virtual private groups in a content oriented network | |
US7830825B2 (en) | Method for realizing the multicast service | |
US8451717B2 (en) | Method and apparatus for rapid switchover from primary to standby multicast trees | |
US8631134B2 (en) | Network architecture for secure data communications | |
US8555056B2 (en) | Method and system for including security information with a packet | |
CN107743097B (en) | Multicast method and device based on SDN network | |
KR101097548B1 (en) | Digital object title authentication | |
US20160315964A1 (en) | System and method for authorizing devices joining a network fabric | |
CN109067578B (en) | Method and device for multicast fast switching | |
US9369490B2 (en) | Method for the secure exchange of data over an ad-hoc network implementing an Xcast broadcasting service and associated node | |
US11552800B2 (en) | Apparatus, system and method for operating a software-defined network | |
US9647876B2 (en) | Linked identifiers for multiple domains | |
CN112822103B (en) | Information reporting method, information processing method and equipment | |
CN103326882B (en) | A kind of video monitoring network management method and device | |
US20050129236A1 (en) | Apparatus and method for data source authentication for multicast security | |
CN110912875B (en) | Network encryption method, system, medium and equipment based on southbound interface | |
US6587943B1 (en) | Apparatus and method for limiting unauthorized access to a network multicast | |
WO2017124712A1 (en) | Message generating method, message forwarding method and device | |
KR20130121164A (en) | Efficient multicasting in a distributed system architecture | |
WO2015157947A1 (en) | Software defined network based networking method and device | |
US20080080716A1 (en) | Back-up for key authority point for scaling and high availability for stateful failover | |
US10700938B2 (en) | Efficient configuration of multicast flows | |
WO2016095750A1 (en) | Communication method and device in virtual switching cluster | |
US20230224336A1 (en) | Methods and apparatus for performing targeted lawful intercept in a system including content delivery networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |