CN111786843B - Traffic acquisition method and device, network equipment and storage medium - Google Patents

Traffic acquisition method and device, network equipment and storage medium Download PDF

Info

Publication number
CN111786843B
CN111786843B CN201910272723.XA CN201910272723A CN111786843B CN 111786843 B CN111786843 B CN 111786843B CN 201910272723 A CN201910272723 A CN 201910272723A CN 111786843 B CN111786843 B CN 111786843B
Authority
CN
China
Prior art keywords
target
flow
collection
traffic
acquisition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910272723.XA
Other languages
Chinese (zh)
Other versions
CN111786843A (en
Inventor
毕以峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201910272723.XA priority Critical patent/CN111786843B/en
Priority to PCT/CN2020/076073 priority patent/WO2020199780A1/en
Publication of CN111786843A publication Critical patent/CN111786843A/en
Application granted granted Critical
Publication of CN111786843B publication Critical patent/CN111786843B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • H04L43/062Generation of reports related to network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • H04L43/0894Packet rate
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/20Arrangements for monitoring or testing data switching networks the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/30Peripheral units, e.g. input or output ports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0896Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities
    • H04L41/0897Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities by horizontal or vertical scaling of resources, or by migrating entities, e.g. virtual resources or entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a flow acquisition method, a flow acquisition device, network equipment and a storage medium, which are used for converting target flow acquisition aiming at the incoming direction of an original acquisition object into target flow acquisition aiming at the outgoing direction of the target acquisition object, and only the forwarding equipment connected with the target acquisition object is required to acquire the incoming flow of the target flow in order to acquire the target flow of the outgoing direction of the target acquisition object. Therefore, in the process of collecting the incoming target flow aiming at a certain collecting object, the corresponding switch is not required to collect the flow of all ports of the target flow, the processing burden of the switch is reduced, and the efficiency of flow collection is improved. Meanwhile, when the incoming target flow is acquired aiming at a certain acquisition object, the flow direction of the flow to be acquired by the forwarding equipment is designated, so that the repeated acquisition of the forwarding equipment is avoided even if the target flow is forwarded on the forwarding equipment for multiple times, and the multiple acquisition and the false acquisition of the flow are avoided.

Description

Traffic acquisition method and device, network equipment and storage medium
Technical Field
The present invention relates to the field of communications, and in particular, to a traffic collection method, a device, a network device, and a storage medium.
Background
As operators have a need to collect and monitor traffic, it is necessary to collect traffic on demand in the network. However, in the related flow acquisition scheme, there is a problem in that: when the traffic to be collected is incoming traffic with respect to the VNF (Network Function Virtualization ), then the traffic is outgoing traffic with respect to the switch to which the VNF is attached. Therefore, theoretically, the switch is only required to collect outgoing traffic on the port corresponding to the VNF interface on the switch. However, because the capacity of the switch chip is limited, the switch cannot bind the flow characteristic collection strategy of the outgoing flow to a specific port, so that when the switch collects the outgoing flow of a certain port, the flow collection action will take effect globally, that is, no matter which port on the switch is used for collecting the incoming and outgoing flow, and then filtering is performed according to the flow characteristic collection strategy. This tends to result in an increase in the processing burden on the switch while reducing the efficiency with which the switch performs traffic collection.
Disclosure of Invention
The flow acquisition method, the device, the network equipment and the storage medium provided by the embodiment of the invention mainly solve the technical problems that: in the related flow collection scheme, when a certain interface of a certain network element is subjected to incoming flow collection, the switch responsible for flow collection has the problems of large processing burden and low efficiency.
In order to solve the above technical problems, an embodiment of the present invention provides a flow collection method, including:
determining a target acquisition object corresponding to an original acquisition object according to a network topological relation, wherein the original acquisition object is an object for which an incoming target flow is required to be acquired, the flow direction of the target flow is an outgoing direction relative to the target acquisition object, and the target acquisition object is an object for supporting the outgoing target flow;
and collecting incoming target flow of forwarding equipment connected with the target collecting object.
The embodiment of the invention also provides a flow acquisition device, which comprises:
the object determining unit is used for determining a target acquisition object corresponding to an original acquisition object according to the network topological relation, wherein the original acquisition object is an object for which the input target flow is required to be acquired, the flow direction of the target flow is an output direction relative to the target acquisition object, and the target acquisition object is an object for supporting the acquisition of the output target flow;
and the acquisition control unit is used for acquiring incoming target flow of forwarding equipment connected with the target acquisition object.
The embodiment of the invention also provides a network device, which comprises a processor, a memory and a communication bus;
The communication bus is used for realizing connection communication between the processor and the memory;
the processor is configured to execute one or more programs stored in the memory to implement the steps of the flow acquisition method described above.
The embodiment of the invention also provides a storage medium, which stores one or more programs, and the one or more programs can be executed by one or more processors to implement the steps of the flow collection method.
The beneficial effects of the invention are as follows:
according to the flow collection method, the flow collection device, the network equipment and the storage medium, when the fact that the incoming target flow collection needs to be conducted on a certain collection object is determined, the collection object can be used as an original collection object, and the target collection object corresponding to the original collection object is determined according to the network topological relation. The target collection object and the original collection object have the same transmission of the target flow, in other words, the outgoing flow on the target collection object and the incoming flow on the original collection object are the same flow. Therefore, the target flow collection aiming at the inlet direction of the original collection object can be considered to be converted into the target flow collection aiming at the outlet direction of the target collection object, and the target flow collection aiming at the outlet direction of the target collection object is collected, so that the inlet direction target flow collection of the original collection object is completed. In order to collect the outgoing target flow of the target collection object, only the forwarding device connected with the target collection object needs to collect the incoming flow of the target flow. Therefore, in the process of collecting the incoming target flow aiming at a certain collecting object, the corresponding switch is not required to collect the flow of all ports of the target flow, the processing burden of the switch is reduced, and the efficiency of flow collection is improved.
Meanwhile, in the flow collection scheme provided by the embodiment, when incoming target flow collection is performed for a certain collection object, the flow direction of the flow to be collected by the forwarding device is designated, so that even if the target flow is repeatedly forwarded on the forwarding device, the repeated collection of the forwarding device is not caused, and the multiple collection and the false collection of the flow are avoided.
Additional features and corresponding advantages of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a schematic diagram of a logical relationship between a controller and a switch in an SDN network according to a first embodiment of the present invention;
FIG. 2 is a flow interactive chart of flow collection in the related art;
FIG. 3 is a flow chart of a flow rate acquisition method according to a first embodiment of the present invention;
fig. 4 is a schematic flow chart of traffic flow between VNFs in an SDN network according to a first embodiment of the present invention;
fig. 5 is a flowchart of the NFVO performing outgoing target traffic collection for a target collection object according to the first embodiment of the present invention;
FIG. 6 is a flow chart of a flow rate acquisition method according to a second embodiment of the present invention;
FIG. 7 is a flow chart of a flow collection process according to a second embodiment of the present invention;
fig. 8 is a schematic flow diagram of target traffic between VNF1 and VNF2 shown in example 2 of the third embodiment of the invention;
FIG. 9 is a flow interaction diagram of the flow acquisition process provided in example 2 of the third embodiment of the present invention;
fig. 10 is a flow direction schematic diagram of each network element in the SDN network shown in example 3 in the third embodiment of the present invention;
fig. 11 is a schematic flow diagram of the target flow rate between ER and VNF1 shown in example 3 of the embodiment of the invention;
FIG. 12 is a flow interaction diagram of the flow acquisition process provided in example 3 of the third embodiment of the present invention;
FIG. 13 is a flowchart showing the migration of the traffic collection policy with the VM provided in example 4 according to the fourth embodiment of the present invention;
fig. 14 is a flowchart of a flow acquisition process in a VM scale-up scenario provided in example 5 according to an embodiment of the present invention;
fig. 15 is a flowchart of flow acquisition management in the VNF capacitive scene provided in example 6 of the fourth embodiment of the present invention;
fig. 16 is a flowchart of a flow acquisition procedure in a situation where a VM deploying a VNF is a cluster, which is provided in example 7 of the fourth embodiment of the present invention;
Fig. 17 is a schematic structural diagram of a flow collection device according to a fifth embodiment of the present invention;
fig. 18 is a schematic hardware structure of a network device according to a sixth embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following detailed description of the embodiments of the present invention is given with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Embodiment one:
NFVI (Network Function Virtualisation Infrastructure, network function virtualization infrastructure) is a set of resources used to host and connect virtual functions. Specifically, NFVI is a cloud data center that contains servers, virtualization hypervisors, operating systems, virtual machines, virtual switches, and network resources. NFV uses general-purpose hardware such as x86 and virtualization technology to carry software processing of many functions, thereby reducing the expensive equipment cost of the network. The NFV can decouple and abstract functions through software and hardware, so that the functions of network equipment are not dependent on special hardware, resources can be fully and flexibly shared, quick development and deployment of new services are realized, and automatic deployment, elastic expansion, fault isolation, self-healing and the like are performed based on actual service requirements.
One of the network virtualization schemes in NFVI is implemented through SDN (Software Defined Network ) technology, which is also a hotspot technology of current communications domain research. The SDN includes a Controller (C) of the control plane and a Switch (SW or S) of the forwarding plane. According to the definition OF the current SDN technology, a control instruction is issued between a Controller and a Switch through an OPENFLOW (OF for short) protocol to guide the data flow forwarding on the Switch. For a schematic of the specific logic principle, please refer to fig. 1.
Above NFVI there is NFV management and orchestration (ManagementandOrchestration, MANO), the architecture of which consists of NFVO (NetworkFunctionVirtualization Orchestrator, NFV orchestrator), VNF management (VNFManager), VIM (virtualized infrastructure manager). NFVO is responsible for managing and maintaining data storage, reference points (reference points) and interfaces, enabling the exchange of data by the various components that make up the service, thus orchestrating the operation of NFVI and VNF. There are several options for VIM and different implementations for VNFM. According to the mainstream scheme in the current industry, VIM selects multiple functional enhancements based on Openstack, please continue to refer to fig. 1.
VNFs are deployed in NFVI, such as vcp (virtualizedEvolved Packet Core, virtualized packet core evolution) network elements of mobile core network, xGW (xgateway), MME (Mobility Management Entity, mobile management entity), PCRF (Policy and Charging Rules Function ), AAA (Authentication, authorization, accounting), etc. may be deployed on the virtual machines of NFVI in the form of virtual machines. The interfaces between different VNFs exist in a logical form and are opened up through an SDN network. For example, the Gx interface between xGW and PCRF, as shown by the dashed line 1 (thin dashed line) in the figure, the traffic on the interface is forwarded by switch a under the control of SDN controller 10; as another example, traffic on the S6 interface between xGW and AAA, as shown by dashed line 2 (bold dashed line) in the figure, is accomplished by forwarding switch a, switch C, and switch B, one level at a time.
In order to meet the needs of operators for traffic collection and monitoring, traffic needs to be collected from the network as required, and assuming that the current traffic needs to be collected is the outgoing traffic on the VNF1 logical interface 1 in fig. 1, the current traffic collection scheme is as follows in fig. 2:
S201: NFVO receives a tenant configured stream mirror policy;
s202: NFVO queries VNFM for a target Virtual Machine (VM) deploying VNF 1;
s203: NFVO queries VIM for port UUID (port Universally Unique Identifier, port universal unique identifier) of SDN network accessed by target VM;
s204: NFVO sends traffic collection policy to VIM;
the NFVO may send traffic collection policies to the VIM through a TAAS (Test Access Point as a Service, TAP as a service, also known as TAPaaS) interface that invokes the VIM. And binding a port UUID of the SDN accessed by the target VM in a flow collection strategy sent to the VIM.
S205: the VIM sends a flow collection strategy to the SDN controller;
in the scenario illustrated in fig. 2, the VIM may send the traffic collection policy by invoking the north interface of the SDN controller.
S206: and the SDN controller issues the flow acquisition instruction to the switch A on which the target virtual machine is hung.
The direction of flow will be described herein: the flow direction is relative, for the VNF, there are an outgoing flow and an incoming flow, and the ports of the corresponding switch are the incoming flow and the outgoing flow respectively, that is, the outgoing flow of the VNF interface is actually the incoming flow of the switch end to which the target virtual machine deploying the VNF is connected; the incoming flow of the VNF interface is actually the outgoing flow of the switch end accessed by the target virtual machine deploying the VNF.
Therefore, the tenant wants to collect outgoing traffic on VNF1 logical interface 1, then in fact, the incoming traffic of the P1 port is collected by switch a. Therefore, it can be understood that the SDN controller converts the received traffic collection policy to obtain a traffic collection indication: in the flow collection indication, the target flow to be collected is changed from the outgoing flow of the target virtual machine to the incoming flow of the switch port accessed by the target virtual machine.
S207: and the exchanger A executes the flow collection operation and sends the collected flow to the destination terminal.
In the solution shown in fig. 2, the traffic collection policy configured by the tenant on the NFVO is issued from the VNFM, and the traffic collection policy reaches the SDN controller through the VIM transfer (S201-S205), and the SDN controller issues the traffic collection policy to the corresponding switch (S206). Typically, the traffic collection policy injected into the SDN controller by the upper layer includes traffic collection features (including port UUID of the target virtual machine, five tuple information of the flow, direction of the flow). The switch accessed by the target virtual machine filters the flow on the switch according to the flow collection characteristic, and the matched flow is ready to be copied and then sent to the destination end through a special channel of flow collection (S207). In the related traffic collection scheme, the collected traffic can be sent to a destination end through a VLAN (Virtual Local Area Network ) channel, a VxLAN (Virtual Extensible LAN, virtual extended local area network) channel or a GRE (Generic Routing Encapsulation ) channel, and the destination end performs analysis processing on the traffic, or the destination end serves as a transfer station, and after preprocessing the received traffic, the traffic is sent to other second-stage destination ends.
In the above example, because the target traffic that needs to be collected by the tenant is the outgoing flow with respect to VNF1, and thus is the incoming flow with respect to the corresponding switch, the switch may directly collect. However, if the target traffic that the tenant wants to collect is an incoming traffic of a certain VNF, the target traffic is an outgoing traffic with respect to a port of the switch corresponding to the VNF, and in the related traffic collection scheme, because the processing capability of the switch chip is limited, the switch cannot bind the traffic characteristics of the outgoing traffic to the port when collecting the outgoing traffic of the port of the switch itself, and the traffic collection action can only be globally validated on the switch, that is, the traffic entering and exiting from the port of the switch can be collected, and then screening and filtering are performed according to the traffic collection policy received by the switch, so as to obtain the target traffic. This results in low efficiency and heavy burden in the switch to collect outgoing streams from its ports. Meanwhile, if a flow passes through the different ports on the switch back and forth for two or more times, the flow which should be collected once is collected many times, and unnecessary burden and impact are caused to the flow destination end and the conveying link.
In order to solve the above-mentioned problems, the present embodiment provides a flow rate collection method, please refer to a flow chart of the flow rate collection method shown in fig. 3:
s302: and determining a target acquisition object corresponding to the original acquisition object according to the network topological relation.
In this embodiment, the original acquisition object refers to an object designated by a tenant or an operator and required to perform incoming target traffic acquisition on the object. It should be noted that, in the related art, when collecting the outgoing traffic of the VNF interface, the corresponding switch may directly collect the target traffic at the corresponding port of the switch, so that the problem that the load of the processing is large and the efficiency is low as in the case of collecting the incoming traffic of the VNF interface is avoided, so in this embodiment, the original collected object refers to the object for which the incoming traffic is required to be collected, that is, the target traffic; when the incoming flow flows through the switch port connected to the original acquisition object, for example, assume that in the example corresponding to fig. 1, the tenant requests to acquire the incoming flow of the logic interface 2 of the VNF1, and then the logic interface 2 of the VNF1 is the original acquisition object. If the tenant requires that the incoming flow of the VNF3 logical interface 3 is collected, the logical interface 3 of the VNF3 is the original collection object.
The target collection object is an object supporting the collection of the target flow in the outgoing direction, that is, the incoming flow when the target flow flows through the switch port connected with the target collection object, so that the switch can directly achieve the collection of the target flow with relatively high collection efficiency and relatively low collection burden. It should be appreciated that the tenant or operator requires that the collected target traffic flow from the port of the first switch into the original collection object, and that the target traffic flow from the target collection object into the second switch. Although the flow direction of the target flow is different in the original acquisition object and the target acquisition object, the same flow flows in the original acquisition object and the target acquisition object. Therefore, when the tenant or the operator requires to collect the incoming target flow in the original collection object, namely, the tenant or the operator requires to collect the outgoing target flow which is not suitable for the collection of the first switch, the outgoing flow of the target collection object can be collected instead, namely, the collection of the incoming target flow is realized on the port of the second switch instead, so that the collection requirement of the tenant or the operator is completed with smaller collection processing burden and higher collection efficiency.
In this embodiment, the target acquisition object corresponding to the original acquisition object may be determined according to the network topology, and therefore, according to the network topology, it may be determined which interface of which network element and the flow through which one interface of another network element flows are the same flow, or which network element and the flow through which one interface of another network element flows are the same flow, so that the target acquisition object corresponding to the original acquisition object may be determined according to the network topology.
Generally, when an operator performs network planning, a mapping relationship between each original acquisition object and each target acquisition object can be determined according to a planned network topology, and the mapping relationship between the original acquisition object and the target acquisition object planned by the operator is referred to as a "communication relationship map" in this embodiment. Therefore, in some examples of this embodiment, the target acquisition object corresponding to the original acquisition object may be determined according to the communication relationship map of each network element communication in the SDN network.
For example, fig. 4 shows a flow-direction diagram between VNFs in an SDN network: there is a bidirectional flow of traffic between interface 1 of VNF1 and interface 1 of VNF 2; there is a bidirectional flow of traffic between interface 2 of VNF1 and interface 2 of VNF 3; there is a bi-directional flow of traffic between interface 3 of VNF1 and interface 3 of VNF 4; there is a bi-directional flow of traffic between the interface 4 of the VNF2 and the interface 4 of the VNF 4. Table 1 shows a communication relationship map in the SDN network in fig. 4:
TABLE 1
Original acquisition object Target acquisition object
<VNF1, interface 1> <VNF2, interface 1>
<VNF1, interface 2> <VNF3, interface 2>
<VNF1, interface 3> <VNF4, interface 3>
<VNF2, interface 1> <VNF1, interface 1>
<VNF2, interface 4> <VNF4, interface 4>
<VNF3, interface 2> <VNF1, interface 2>
<VNF4, interface 3> <VNF1, interface 3>
<VNF4, interface 4> <VNF2, interface 4>
It is assumed that when the tenant or the operator indicates to collect the target flow of the incoming direction of a certain original collection object in table 1, the target collection object corresponding to the original collection object can be determined according to the additional communication relationship map shown in table 1.
S304: and collecting incoming target flow of forwarding equipment connected with the target collecting object.
After the target acquisition object corresponding to the original acquisition object is determined, the target acquisition object can be acquired in the output direction of the target flow. It is clear that the process of outgoing target traffic collection for a target collection object is actually collection of incoming target traffic for the forwarding device to which the target collection object is connected. For example, the target collection object is connected with the forwarding device through the port 4 of the forwarding device, so that the forwarding device can collect the incoming flow of the port 4 of the forwarding device, and therefore the collection of the outgoing flow of the target collection object to the target flow is achieved, that is, the collection of the incoming flow of the original collection object to the target flow is achieved.
In this embodiment, the forwarding device may be a switch or a DC GW (data center gateway), and the traffic collection method may be performed by NFVO or may be implemented by an SDN controller. The following describes the case where the flow collection method is implemented by NFVO:
the NFVO may obtain and store, in advance, a communication relationship map of each network element in the SDN network, for example, an operator may input the communication relationship map into the NFVO, so when the NFVO needs to query a target acquisition object corresponding to a certain original acquisition object, the NFVO may directly determine the corresponding target acquisition object according to the stored communication relationship map and the original acquisition object query.
For example, NFVO may determine the original collection object according to a flow mirroring policy entered by the tenant or operator and then query the target collection object. In a flow mirroring policy configured by a tenant or an operator, several kinds of information may be included, such as VNF index, interface name, and flow direction. After the NFVO receives a flow mirror policy, the flow direction of the target flow to be collected relative to the interface specified by the VNF specified in the flow mirror policy may be determined according to the flow direction therein, if the flow direction specified target flow direction is an incoming direction relative to the interface specified by the VNF specified by the flow mirror policy, the NFVO may determine that the collection object specified by the current tenant is an original collection object, and then, the NFVO will determine the corresponding target collection object according to the communication relationship map stored by the NFVO. After determining the target acquisition object, the NFVO will issue a traffic acquisition policy to the SDN controller, where the traffic acquisition policy includes information indicating the target acquisition object and information indicating a flow direction of the target traffic.
After the SDN controller receives the traffic collection policy, it converts the collection indication in the new traffic collection policy, and because the new traffic collection policy indicates that the target collection object performs outgoing target traffic collection, but in fact, performs traffic collection, the SDN controller converts the indication of the outgoing target collection object to the incoming target traffic of the port connected to the target collection object on the collection forwarding device. After the conversion is completed, the SDN controller sends the converted flow acquisition instruction to the forwarding equipment, so that the forwarding equipment can acquire the incoming target flow according to the flow acquisition instruction, and the acquired target flow is transmitted to the destination.
Of course, it can be understood by those skilled in the art that if the NFVO determines that the flow mirror policy requires that the incoming traffic is collected for a certain collection object, the target traffic is the incoming target traffic with respect to the port of the forwarding device connected to the target collection object, in this case, the NFVO may directly perform the incoming target traffic collection by notifying the corresponding forwarding device (see fig. 2 for a specific flow, which is not repeated herein), and need not use the collection object in the flow mirror policy as the original collection object.
The following describes the process of collecting the outgoing target traffic of the NFVO aiming at the target collection object by combining several original collection objects and target collection objects:
scenario 1: assuming that the original acquisition object is a first interface of a first VNF in DC (data center) (e.g., < VNF1, interface 1> in table 1), the NFVO determines that the target acquisition object is a second interface of a second VNF (e.g., < VNF2, interface 1> in table 1), please refer to fig. 5:
s502: the NFVO determines a target virtual machine deploying the second VNF.
It is to be appreciated that the second VNF may be deployed on only one Virtual Machine (VM), in which case the NFVO queries the target virtual machine as one. If the second VNF is deployed on two or even more virtual machines, then the target virtual machine naturally has more than one virtual machine, and the query result obtained by the NFVO is a virtual machine list, where the virtual machine list includes indication information of each virtual machine on which the second VNF is deployed.
Optionally, the NFVO may query the VNFM for the virtual machine deployed by the second VNF, and after receiving the query request of the NFVO, the VNFM feeds back the query result to the NFVO as a response.
S504: NFVO determines an access port UUID of the target virtual machine to access the SDN network.
After querying the target virtual machine, the NFVO determines a port UUID of the target virtual machine in the SDN network, and in this embodiment, the NFVO may query the VIM for the port UUID of the port corresponding to the target virtual machine. In this embodiment, a port of the target virtual machine accessing the SDN network is referred to as an "access port". It should be noted that, when the second VNF is deployed on multiple virtual machines, these virtual machines are usually also accessed to the SDN network through different ports, so in this case, the NFVO may query, from the VIM, multiple access ports UUIDs corresponding to different target virtual machines respectively, so that the VIM feeds back to the NFVO, which is likely to be a port list. If there is only one target virtual machine, there is naturally only one access port UUID corresponding to the target virtual machine, in which case, the VIM feeds back only one port UUID according to the query request of the NFVO.
S506: NFVO sends traffic collection policies to SDN controller.
After determining the UUID of the port of the target virtual machine and the access port, the NFVO may send a traffic collection policy to the SDN controller, where the traffic collection policy may include the following information:
A target virtual machine list for at least one target virtual machine;
the flow direction of the target flow to be acquired on the target virtual machine;
UUID of access port.
The traffic collection policy sent to the SDN controller can instruct the SDN controller to control the forwarding device accessed by the target virtual machine to collect incoming traffic of the target port, where the "target port" refers to a port on the forwarding device for the target virtual machine to access.
After the SDN controller receives the traffic collection policy, the processing manner in the related technology is basically the same, and will not be described herein.
Scenario 2: assuming that the original acquisition object is the first interface of the first VNF inside the DC, and the target acquisition object is the second network element outside the DC, in this example, after the NFVO determines that the original acquisition object corresponds to the target acquisition object, the flow acquisition policy may be directly sent to the SDN controller, without querying the target virtual machine and the UUID of the port of the access port.
In this case, the traffic collection policy sent by the NFVO to the SDN controller may instruct the SDN controller to control the forwarding device accessed by the second network element to collect the incoming traffic of the target port, where the target port in scenario 2 is a port on the forwarding device for the second network element to access. The traffic collection policy sent by the NFVO to the SDN controller may include the following information:
Network element indication information, which is used for indicating information of a second network element, namely indicating to an SDN controller that an object for which the target flow is currently collected is the second network element;
the flow direction of the target traffic to be collected on the second network element.
According to the flow collection method provided by the embodiment, when the situation that the incoming target flow collection is required for the original collection object is determined, the process of the incoming flow collection for the original collection object can be transferred to the outgoing flow collection for the target collection object according to the network topology relation, through the method, forwarding equipment such as a switch does not need to conduct outgoing flow collection for a port of the forwarding equipment, the collection load of the switch for flow collection is reduced, and meanwhile the flow collection efficiency is improved.
Embodiment two:
in the first embodiment, the scheme of implementing the flow collection method by the NFVO is mainly described, and this embodiment will be described with respect to a scenario of implementing the flow collection method by the SDN controller, before describing a flow of the flow collection method in the scenario, it should be described that a scenario of implementing the flow collection method by the SDN controller is mainly a case that an original collection object is a first Host (Host) in a DC, and a target collection object is a second Host in the DC. Please refer to the flowchart shown in fig. 6:
S602: and the SDN controller determines a target acquisition object corresponding to the first Host according to a pre-stored communication relation map.
In this embodiment, a communication relationship map between network elements in the present network is pre-stored in the SDN controller, when the SDN controller determines that an incoming target traffic needs to be collected for a certain network element currently, the SDN controller may use the network element as an original collection object and query the communication relationship map according to the original collection object, so as to determine a target collection object corresponding to the original collection object, and, taking the original collection object as a first Host as an example, the SDN controller may determine, according to the communication relationship map, that the target collection object corresponding to the first Hsot is a second Host.
In this embodiment, the Host is a physical server Host, or a virtual machine Host, or a router, or a switch, or any other three-layer device, which is only required to be a device that is uniformly managed in the SDN network.
S604: and the SDN controller sends a flow acquisition instruction to the forwarding equipment accessed by the queried second Host.
After determining the second Host, the SDN controller may also determine a forwarding device connected to the second Host, where the forwarding device may be a switch or a DC GW. Then, the traffic collection instruction sent by the SDN controller to the forwarding device can instruct the forwarding device to collect incoming traffic of a target port, where the target port is a port on the forwarding device for the second Host to access.
This scenario is further illustrated below with example 1, see fig. 7:
s701: the SDN controller receives a communication relationship map among all hosts in the SDN network.
The network operator may input the communication relationship map to the SDN controller directly from the interaction interface of the SDN controller or through a command line of the SDN controller. Table 2 shows a map of the communication relationship between hosts:
TABLE 2
Original acquisition object Target acquisition object
Host1 Host2
Host2 Host1
Host3 Host4
Host4 Host3
S702: the SDN controller receives the configured flow mirror policy.
For example, when the tenant or the operator requests to collect the incoming traffic of the logical interface 1 on the Host1, the SDN controller should cooperate with other network elements to copy the target traffic to be collected and then transmit the target traffic to the destination.
S703: the SDN controller inquires that a target acquisition object corresponding to the Host1 is the Host2.
After receiving the flow mirroring policy, the SDN controller may determine that the target traffic required to be collected is in an incoming direction with respect to Host1 according to the flow mirroring policy, which is inconvenient for the switch connected to Host1 to collect, so that the SDN controller may use Host1 as an original collection object and then query the communication relationship map for a target collection object corresponding to Host1, where it is known from the communication relationship map shown in table 2 that the target collection object corresponding to Host1 is Host2.
S704: the SDN controller issues a flow acquisition instruction to the switch on which the Host2 is hung.
The flow collection instruction sent by the SDN controller indicates the switch on which the Host2 is hung, switch B, and switch B is enabled to collect the incoming flow of the target port.
S705: and the exchanger B executes the flow collection operation and sends the collected incoming target flow to the destination.
In this embodiment, the switch may send the collected target traffic to the destination through any one of the VLAN channel, vxLAN channel and GRE channel.
The traffic collection method provided by the embodiment is mainly based on communication scenes among different Host inside DC, so that the burden of the switch for traffic collection can be reduced, the traffic collection efficiency is improved, and the limitation on NFVO and VIM is eliminated.
Embodiment III:
in order to make the advantages and details of the foregoing flow rate acquisition method more apparent to those skilled in the art, the present embodiment will be described with reference to more examples of the flow rate acquisition method provided in the foregoing embodiment:
example 2:
the present example will continue to describe a flow collection method based on embodiment 1, please refer to fig. 4 in combination with fig. 8 and fig. 9, fig. 8 shows a flow schematic diagram of a target flow between VNF1 and VNF2, and fig. 9 shows a flow interaction diagram of flow collection:
S901: the NFVO receives a communication relationship map between VNFs in the SDN network.
The tenant or operator's operation and maintenance personnel may inject a map of the interconnection relationship between VNFs to the NFVO, and a specific communication relationship map is shown in table 1.
According to the communication relation map, the NFVO can query the key value pair of the target acquisition object by inputting the key value pair of the original acquisition object. For example, if incoming traffic on the interface 1 of the VNF1 is to be collected, but collection is inconvenient, the communication relationship map shown in table 1 may be queried by inputting < VNF1, interface 1> to query < VNF2, interface 1>, in this case, the interface 1 of the VNF2 is the target collection object, and the collection requirement of tenant or operator for collecting incoming traffic of the interface 1 of the VNF1 can be reached by collecting outgoing traffic of the interface 1 of the VNF 2.
S902: NFVO receives tenant or operation and maintenance personnel configuration stream mirror strategy;
for example, assume in this example that a tenant or an operation and maintenance person requests to collect incoming traffic of interface 1 on VNF1 through a flow mirroring policy.
S903: NFVO determines a target acquisition object through a communication relationship map query;
the NFVO may query that the target collection object is < VNF2, interface 1> from the communication relationship map according to < VNF1, interface 1>, so that the NFVO determines that the traffic of VNF2 interface 1 needs to be collected, and determines that the outgoing traffic of VNF2 interface 1 needs to be collected.
S904: NFVO queries VNFM for a target virtual machine deploying VNF 2;
s905: NFVO queries VIM about port UUID of SDN network accessed by target VM;
it may be understood that the port UUID corresponding to the target virtual machine queried by the NFVO according to VNF2 may be a UUID list including a plurality of port UUIDs.
S906: NFVO sends traffic collection policy to VIM;
alternatively, the NFVO may send the traffic collection policy to the VIM by invoking the TAAS interface of the VIM. It should be appreciated that in this traffic collection policy, the NFVO has replaced the collection object with the target collection object, specifies the flow direction of the target traffic to be collected, and also binds the port UUID of the SDN network to which the target VM is connected.
S907: the VIM sends a flow collection strategy to the SDN controller;
the VIM sends the traffic collection policy by invoking the north interface of the SDN controller.
S908: the SDN controller issues a flow acquisition instruction to a switch B on which the target virtual machine is hung;
it will be appreciated that what the tenant wants to collect is the incoming traffic on VNF1 logical interface 1, then in fact the incoming traffic of the P4 port is collected by switch B. After the received flow collection strategy, the SDN controller can convert the received flow collection strategy to obtain a flow collection instruction: in the flow collection indication, the target flow to be collected is changed from the outgoing flow of the target virtual machine to the incoming flow of the switch port accessed by the target virtual machine.
S909: and the exchanger B executes the flow collection operation and sends the collected flow to the destination terminal.
And the exchanger B collects the flow according to the corresponding strategy and sends the collected flow to a destination end at a far end through a tunnel.
Example 3:
the embodiment is based on an explanation of a scenario 1 for a traffic collection method, please refer to fig. 10-12, in which fig. 10 shows a flow direction diagram among network elements in an SDN network, fig. 11 shows a flow direction diagram of a target traffic between an ER (External Router) and a VNF1, and fig. 12 shows a flow interaction diagram of traffic collection:
as can be seen from fig. 11, VNF1, VNF2 and VNF3 are included in the SDN network, while ER is also included. As can be seen from fig. 10, there is a bidirectional flow of traffic between interface 1 of VNF1 and interface 1 of VNF 2; there is a bidirectional flow of traffic between interface 2 of VNF1 and interface 2 of VNF 3; there is a bi-directional flow of traffic between the interface 5 of the VNF1 and the interface 5 of the ER. Table 3 shows a communication relationship map in the SDN network in fig. 10:
TABLE 3 Table 3
Figure BDA0002018931720000161
/>
Figure BDA0002018931720000171
S1201: the NFVO receives a communication relationship map of the SDN network.
The tenant or operator's operation and maintenance personnel may inject a communication relationship map into the NFVO, with a specific communication relationship map as shown in table 3. The communication relation map includes communication connection relations between VNFs in the SDN network and between the VNFs and the DC external network.
S1202: NFVO receives tenant or operation and maintenance personnel configuration stream mirror strategy;
for example, assume in this example that a tenant or an operation and maintenance person requests to collect incoming traffic of interface 5 on VNF1 through a flow mirroring policy.
S1203: NFVO determines a target acquisition object through a communication relationship map query;
the NFVO may query that the target collection object is < ER, interface 5> from the communication relationship map of table 3 according to < VNF1, interface 5>, so the NFVO determines that the traffic of the ER interface 5 needs to be collected, and determines that the outgoing traffic of the ER interface 5 needs to be collected.
S1204: NFVO sends traffic collection policy to VIM;
alternatively, the NFVO may send the traffic collection policy to the VIM by invoking the TAAS interface of the VIM. It should be appreciated that in this traffic acquisition strategy, the NFVO has replaced the acquisition object with the target acquisition object, specifying the flow direction of the target traffic to be acquired. In this embodiment, the traffic collection policy may not carry the UUID of the ER access interface, or may carry the UUID, but the value corresponding to the UUID is a default value.
S1205: the VIM sends a flow collection strategy to the SDN controller;
the VIM sends the traffic collection policy by invoking the north interface of the SDN controller.
S1206: the SDN controller transmits a flow acquisition instruction to a DC GW on which the ER is hung;
it will be appreciated that what the tenant wants to collect is the incoming traffic on the VNF1 logical interface 5, then in fact the incoming traffic of the P5 port is collected by the DC GW. After the received flow collection strategy, the SDN controller can convert the received flow collection strategy to obtain a flow collection instruction: in the flow collection indication, the target flow to be collected is changed from the outgoing flow of ER to the incoming flow of the DC GW P5 port.
S1207: and the DC GW executes a traffic collection operation and sends the collected traffic to the destination terminal.
And the DC GW performs the collection operation of the incoming flow on the P5 port according to the corresponding strategy, and sends the collected flow to the far-end destination end through the tunnel.
It should be appreciated that by the query of S1203, it has been determined that the outgoing traffic of the ER interface 5 is collected. In S1206, the SDN controller maps the acquisition requirements in the flow mirroring policy to the incoming traffic of port P5 of the acquisition DC GW. It can be seen that the incoming traffic of the P5 port on the DC GW and the outgoing traffic of the ER are the same traffic as the incoming traffic of the VNF1 interface 5 that is initially required in the flow mirror policy, so by the collection scheme of this example, the collection requirement of the tenant in the flow mirror policy can be achieved.
Embodiment four:
in this embodiment, a flow collection process in a migration scenario of a VM that deploys a VNF, a flow collection process in a flicking scenario of a VM that deploys a VNF, a flow collection process in a capacity shrinking scenario of a VM that deploys a VNF, and a flow collection process in a scenario in which a VM that deploys a VNF is a cluster will be described in conjunction with examples:
example 4:
the present example describes, on the basis of example 2, a flow collection procedure in a VM migration scenario where VNF2 is deployed, please refer to fig. 13:
s1300: collecting flow;
in this example, what is required to collect in the flow mirroring policy is the incoming traffic collection of the VNF1 interface 1, and as can be seen from the description in example 2, this traffic collection will eventually be converted into collection of incoming traffic on the port P4 of the switch 2 connected to the target VM for the VNF 2. This procedure may be referred to in the description of example 2 and will not be described here again.
S1301: the virtual machine VM2 deploying VNF2 is migrated.
Deployment assumes that the virtual machine of VNF2 is VM2, which would otherwise be accessed to the SDN network through port P4 of switch B, after migration occurs, VM2 is accessed to the SDN network through port P5 of switch C.
S1302: the SDN controller receives port online events reported to the SDN controller by the P5 port of the switch C.
The P5 port of the switch C reports a port online event to the SDN controller and carries a port UUID of a virtual machine VM2' of the VNF2 after virtual machine migration, and the UUID before migration are kept unchanged.
S1303: the SDN controller updates the flow acquisition strategy according to the corresponding relation between the flow acquisition strategy obtained from the VIM and the UUID;
s1304: the SDN controller issues a flow collection strategy on a port P5 of a switch C newly on line of the VM2', and flow collection is changed into collection from the port P5 of the switch C and sent to a corresponding destination.
S1305: the SDN controller deletes the flow collection strategy on the port P4 of the switch B which is originally on line with the VM 2.
In this way, port P4 of switch B no longer collects traffic.
The example illustrates an automatic following mechanism of the flow collection strategy in the migration scene of the virtual machine at the target collection object side, namely after the virtual machine at the target collection object side is migrated, the flow collection strategy automatically follows the migration, so that the flow requirement of the tenant can be met continuously. It should be appreciated that if the migration occurs to the original collection object side virtual machine, for example, on the basis of example 2, the migration occurs to the virtual machine where VNF1 is deployed, then because the target collection object side virtual machine is unchanged, and thus the traffic collection location is unchanged, the SDN controller does not need to adjust the location point of the traffic collection policy.
Example 5:
the present example describes a flow collection procedure in a VM-generation flicking scenario where VNF2 is deployed, on the basis of example 2, please refer to fig. 14:
in this example, what is required to collect in the flow mirroring policy is the incoming traffic collection of the VNF1 interface 1, and as can be seen from the description in example 2, this traffic collection will eventually be converted into collection of incoming traffic on the port P4 of the switch 2 connected to the target VM for the VNF 2. This procedure may be referred to in the description of example 2 and will not be described here again.
S1401: the VNF2 expands the capacity and pops up the virtual machine VM3;
in this embodiment, it is assumed that the ejected VM3 is accessed through the P5 port of the switch C.
S1402: NFVO queries VNFM for a new pop-up virtual machine VM3;
s1403: NFVO queries VIM for Port UUID of VM3;
s1404: NFVO invokes the via TAAS interface of VIM to issue a traffic collection policy;
the traffic collection policy is for VM 3.
S1405: the VIM calls a north interface of the SDN controller to issue a flow collection strategy;
s1406: the SDN controller sends the flow acquisition instruction to a corresponding port P5 of the switch C;
the SDN controller converts the received flow collection strategy to obtain a flow collection instruction, and sends the flow collection instruction to a corresponding port P5 of the switch C on which the VM3 is hung.
S1407: and the exchanger C executes the flow collection operation and sends the collected flow to the destination terminal.
This example illustrates a flow collection scheme of VNF2 on the target collection object side in the scenario of expanding and adding virtual machine VM3, where a flow collection policy is automatically generated and issued to an SDN controller, and the SDN controller generates a flow collection instruction according to the flow collection policy and sends the flow collection instruction to a corresponding switch port, so that it can be ensured that service flow on a new virtual machine can be collected and not lost.
Example 6:
the present example will explain a flow collection procedure in a VM occurrence capacity reduction scenario where VNF2 is deployed, please refer to fig. 15:
first, assume that the traffic collection scenario before the VM scaling occurs in this example is the traffic collection scenario after the scaling in example 5, that is, the original collection object is VNF1 interface 1, the target collection object is interface 1 of VNF2, and the virtual machine deploying VNF2 includes VM2 and VM3, VM2 is accessed into the SDN network through port P4 of switch B, and VM3 is accessed into the SDM network through port P5 of switch C. And the switch B and the switch C can collect corresponding service flow.
S1501: the VNF2 performs virtual machine capacity reduction;
it is assumed here that the scaling of VNF2 is to delete virtual machine VM3 under original switch C port P5. Then virtual machine VM3 under switch C port P5 will no longer exist.
S1502: the NFVO calls the TAAS interface of the VIM to send a strategy deletion instruction;
s1503: the VIM calls a north interface of the SDN controller to send a strategy deletion instruction;
after receiving the policy deletion instruction, the SDN controller deletes the traffic collection policy from the network side.
S1504: the SDN controller deletes the flow collection strategy from the port P5 of the exchanger C;
after the traffic collection policy on the P5 port of the switch C is deleted, the switch C will not collect incoming traffic of the P5 port any more.
This example illustrates that the traffic collection policy in the scenario of deleting the virtual machine VM3 is deleted, preventing the legacy garbage policy, by scaling the VNF2 on the target collection object side.
Example 7:
the present example will explain a flow collection procedure in a scenario where a VM of a target collection object side deployment VNF is a cluster, please refer to fig. 16:
s1600: the NFVO receives a communication relationship map between VNFs in the SDN network.
In this example, it is assumed that the communication relationship map is injected by the tenant to the NFVO, however, those skilled in the art will appreciate that the communication relationship map may also be injected by the operator's operation and maintenance personnel to the NFVO.
S1601: NFVO receives the stream mirror policy;
suppose in this example that the tenant requires collection of incoming traffic of VNF1 interface 1 in a flow mirroring policy.
S1602: the NFVO determines a target acquisition object corresponding to the VNF1 interface 1 according to the communication relation map.
And determining that the target acquisition object corresponding to the interface 1 of the VNF1 is the interface 1 of the VNF2 through the communication relation map.
S1603: NFVO queries VNFM for a target virtual machine deploying VNF 2;
assume here that the virtual machines deploying VNF2 include three, VM1, VM2, and VM3, respectively, where VM1 is under port P4-1 of switch a, VM2 is under port P4-2 of switch B, and VM3 is under port P4-3 of switch C.
S1604: NFVO queries VIM about port UUID of SDN network accessed by target VM;
assume here that UUIDs of access interfaces of VM1, VM2 and VM3 to the SDN network are UUID1, UUID2, UUID3, respectively.
S1605: NFVO invokes the tam's TAAS interface to issue traffic collection policies;
here, the traffic collection policy indicates that outbound traffic collection is performed on interface 1 of VNF2, and at the same time, the traffic collection policy specifies that the port UUID is UUID1, UUID2, and UUID3, respectively.
S1606: the VIM calls a north interface of the SDN controller to issue flow collection strategies aiming at three virtual machines;
s1607: the SDN controller respectively transmits the flow acquisition instructions to the switches on which the three target virtual machines are hung;
the SDN controller sends a flow collection instruction for the VM1 to the port P4-1 of the switch A, sends the flow collection instruction for the VM1 to the port P4-2 of the switch B, and sends the flow collection instruction for the VM3 to the port P4-3 of the switch C.
S1608: and the three switches respectively collect the flow, and the collected flow is sent to the destination end through the respective VxLAN tunnel.
This example illustrates how traffic collection may be performed when the target collection object-side VNF is deployed on the cluster VM.
Fifth embodiment:
the present embodiment provides a flow rate collection device, please refer to a schematic structural diagram of the flow rate collection device shown in fig. 17:
the flow collection device 170 includes an object determining unit 172 and a collection control unit 174, where the object determining unit 172 is configured to determine a target collection object corresponding to an original collection object according to a network topology relationship, and the collection control unit 174 is configured to collect incoming target flow of a forwarding device to which the target collection object is connected.
In this embodiment, the original acquisition object refers to an object designated by a tenant or an operator and required to perform incoming target traffic acquisition on the object. It should be noted that, in the related art, when collecting the outgoing traffic of the VNF interface, the corresponding switch may directly collect the target traffic at the corresponding port of the switch, so that the problem that the load of the processing is large and the efficiency is low as in the case of collecting the incoming traffic of the VNF interface is avoided, so in this embodiment, the original collected object refers to the object for which the incoming traffic is required to be collected, that is, the target traffic; when the incoming flow flows through the switch port connected to the original acquisition object, for example, assume that in the example corresponding to fig. 1, the tenant requests to acquire the incoming flow of the logic interface 2 of the VNF1, and then the logic interface 2 of the VNF1 is the original acquisition object. If the tenant requires that the incoming flow of the VNF3 logical interface 3 is collected, the logical interface 3 of the VNF3 is the original collection object.
The target collection object is an object supporting the collection of the target flow in the output direction, that is, the incoming flow when the target flow flows through the port of the switch connected with the target collection object, so that the switch can directly achieve the collection of the target flow with relatively high collection efficiency and relatively low collection burden. It should be appreciated that the tenant or operator requires that the collected target traffic flow from the port of the first switch into the original collection object, and that the target traffic flow from the target collection object into the second switch. Although the flow direction of the target flow is different in the original acquisition object and the target acquisition object, the same flow flows in the original acquisition object and the target acquisition object. Therefore, when the tenant or the operator requires to collect the incoming target flow in the original collection object, namely, the tenant or the operator requires to collect the outgoing target flow which is not suitable for the collection of the first switch, the outgoing flow of the target collection object can be collected instead, namely, the collection of the incoming target flow is realized on the port of the second switch instead, so that the collection requirement of the tenant or the operator is completed with smaller collection processing burden and higher collection efficiency.
In this embodiment, the object determining unit 172 may determine, according to the network topology, a target acquisition object corresponding to an original acquisition object, because it may determine, according to the network topology, which interface of which network element is the same traffic as the traffic flowing through by one interface of another network element, or which network element is the same traffic as the traffic flowing through by one interface of another network element, the object determining unit 172 may determine, according to the network topology, the target acquisition object corresponding to the original acquisition object.
Generally, when an operator performs network planning, a mapping relationship between each original acquisition object and each target acquisition object can be determined according to a planned network topology, and the mapping relationship between the original acquisition object and the target acquisition object planned by the operator is referred to as a "communication relationship map" in this embodiment. Therefore, in some examples of the present embodiment, the object determining unit 172 may determine the target acquisition object corresponding to the original acquisition object according to the communication relationship map of the network element communication in the SDN network.
After the object determining unit 172 determines the target acquisition object corresponding to the original acquisition object, the acquisition control unit 174 may perform acquisition of the outgoing target flow rate for the target acquisition object. It is clear that the process of outgoing target traffic collection for a target collection object is actually collection of incoming target traffic for the forwarding device to which the target collection object is connected. For example, the target collection object is connected with the forwarding device through the port 4 of the forwarding device, so that the forwarding device can collect the incoming flow of the port 4 of the forwarding device, and therefore the collection of the outgoing flow of the target collection object to the target flow is achieved, that is, the collection of the incoming flow of the original collection object to the target flow is achieved.
In this embodiment, the traffic collection device 170 may be disposed on the NFVO network element, or may be disposed on the SDN controller. When the traffic acquisition device 170 may be disposed on the NFVO network element, the function of the object determining unit 172 may be implemented by a processor of a network device on which the NFVO network element is disposed, and the function of the acquisition control unit 174 is implemented by a communication device and the processor of the network device together. When the flow collection device 170 is deployed on an SDN controller, the function of the object determination unit 172 may be implemented by a processor on which the SDN controller is deployed, and the function of the collection control unit 174 is implemented by a communication device and a processor of the SDN controller.
According to the flow collection device provided by the embodiment, when the situation that the incoming flow collection needs to be carried out on the original collection object is determined, the process of the incoming flow collection on the original collection object can be transferred to the outgoing flow collection on the target collection object according to the network topology relation, through the method, forwarding equipment such as a switch does not need to carry out the outgoing flow collection on a port of the forwarding equipment, the collection burden of the switch for carrying out the flow collection is reduced, and meanwhile the flow collection efficiency is improved.
Example six:
the present embodiment provides a storage medium in which one or more computer programs that may be read, compiled and executed by one or more processors may be stored, and in this embodiment, the computer readable storage medium may store a flow collection program that may be used by the one or more processors to execute a flow for implementing any of the flow collection methods described in the foregoing embodiments.
In this embodiment, there is also provided a network device, as shown in fig. 18: the network device 180 comprises a processor 181, a memory 182 and a communication bus 183 for connecting the processor 181 and the memory 182, wherein the memory 182 may be the aforementioned storage medium storing the traffic collection program. The processor 181 may read the flow collection program, compile and execute the flow of implementing the flow collection method described in the foregoing embodiment:
The processor 181 is configured to determine a target acquisition object corresponding to the original acquisition object according to the network topology relationship, and acquire incoming target traffic for a forwarding device connected to the target acquisition object.
In this embodiment, the original acquisition object refers to an object designated by a tenant or an operator and required to perform incoming target traffic acquisition on the object. It should be noted that, in the related art, when collecting the outgoing traffic of the VNF interface, the corresponding switch may directly collect the target traffic at the corresponding port of the switch, so that the problem that the load of the processing is large and the efficiency is low as in the case of collecting the incoming traffic of the VNF interface is avoided, so in this embodiment, the original collected object refers to the object for which the incoming traffic is required to be collected, that is, the target traffic; when the incoming flow flows through the switch port connected to the original acquisition object, for example, assume that in the example corresponding to fig. 1, the tenant requests to acquire the incoming flow of the logic interface 2 of the VNF1, and then the logic interface 2 of the VNF1 is the original acquisition object. If the tenant requires that the incoming flow of the VNF3 logical interface 3 is collected, the logical interface 3 of the VNF3 is the original collection object.
The target collection object is an object supporting the collection of the target flow in the output direction, that is, the incoming flow when the target flow flows through the port of the switch connected with the target collection object, so that the switch can directly achieve the collection of the target flow with relatively high collection efficiency and relatively low collection burden. It should be appreciated that the tenant or operator requires that the collected target traffic flow from the port of the first switch into the original collection object, and that the target traffic flow from the target collection object into the second switch. Although the flow direction of the target flow is different in the original acquisition object and the target acquisition object, the same flow flows in the original acquisition object and the target acquisition object. Therefore, when the tenant or the operator requires to collect the incoming target flow in the original collection object, namely, the tenant or the operator requires to collect the outgoing target flow which is not suitable for the collection of the first switch, the outgoing flow of the target collection object can be collected instead, namely, the collection of the incoming target flow is realized on the port of the second switch instead, so that the collection requirement of the tenant or the operator is completed with smaller collection processing burden and higher collection efficiency.
In this embodiment, the processor 181 may determine, according to the network topology, a target acquisition object corresponding to an original acquisition object, because it may determine, according to the network topology, which interface of which network element is the same traffic as the traffic flowing through by one interface of another network element, or which network element is the same traffic as the traffic flowing through by one interface of another network element, the processor 181 may determine, according to the network topology, the target acquisition object corresponding to the original acquisition object.
Generally, when an operator performs network planning, a mapping relationship between each original acquisition object and each target acquisition object can be determined according to a planned network topology, and the mapping relationship between the original acquisition object and the target acquisition object planned by the operator is referred to as a "communication relationship map" in this embodiment. Therefore, in some examples of this embodiment, the processor 181 may determine the target acquisition object corresponding to the original acquisition object according to the communication relationship map of the network element communication in the SDN network.
After the processor 181 determines the target acquisition object corresponding to the original acquisition object, the output target flow may be acquired for the target acquisition object. It is clear that the process of outgoing target traffic collection for a target collection object is actually collection of incoming target traffic for the forwarding device to which the target collection object is connected. For example, the target collection object is connected with the forwarding device through the port 4 of the forwarding device, so that the forwarding device can collect the incoming flow of the port 4 of the forwarding device, and therefore the collection of the outgoing flow of the target collection object to the target flow is achieved, that is, the collection of the incoming flow of the original collection object to the target flow is achieved.
In this embodiment, the forwarding device may be a switch or a DC GW, and the network device 180 may be an NFVO network element or an SDN controller.
When the network equipment provided by the embodiment determines that the incoming target flow acquisition is required for the original acquisition object, the process of the incoming flow acquisition for the original acquisition object can be transferred to the outgoing flow acquisition for the target acquisition object according to the network topology relation, so that forwarding equipment such as a switch does not need to carry out the outgoing flow acquisition for the port of the switch, the acquisition burden of the switch for carrying out the flow acquisition is reduced, and meanwhile, the flow acquisition efficiency is also improved.
It will be apparent to one skilled in the art that all or some of the steps of the methods, systems, functional modules/units in the apparatus disclosed above may be implemented as software (which may be implemented in program code executable by a computing apparatus), firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed cooperatively by several physical components. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer-readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media), for execution by a computing device, and in some cases, the steps shown or described may be performed in a different order than that described herein. The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Therefore, the present invention is not limited to any specific combination of hardware and software.
The foregoing is a further detailed description of embodiments of the invention in connection with the specific embodiments, and it is not intended that the invention be limited to the specific embodiments described. It will be apparent to those skilled in the art that several simple deductions or substitutions may be made without departing from the spirit of the invention, and these should be considered to be within the scope of the invention.

Claims (12)

1. A method of traffic acquisition comprising:
determining a target acquisition object corresponding to an original acquisition object according to a network topological relation, wherein the original acquisition object is an object for which an incoming target flow is required to be acquired, the flow direction of the target flow is an outgoing direction relative to the target acquisition object, and the target acquisition object is an object for supporting the target flow of which the outgoing direction is acquired;
collecting the incoming target flow of forwarding equipment connected with the target collecting object;
the forwarding equipment is a switch or a data center gateway DC GW.
2. The flow collection method of claim 1, wherein the flow collection method further comprises:
if it is determined that the current need is for the acquisition of the outgoing target flow for a certain acquisition object;
And collecting the incoming target flow of forwarding equipment connected with the collecting object.
3. The traffic collection method according to claim 1, wherein the determining a target collection object corresponding to the original collection object according to the network topology relation comprises:
and determining a target acquisition object corresponding to the original acquisition object according to a pre-stored communication relation map of communication of each network element in the SDN network, wherein the communication relation map is configured based on network topology planning of an operator.
4. A traffic collection method according to any one of claims 1-3, wherein the original collection object is a first interface of a first virtual network function VNF, the target collection object is a second interface of a second VNF, and the collection of the target traffic incoming to the forwarding device to which the target collection object is connected includes:
determining a target virtual machine deploying the second VNF;
determining a UUID (universal unique identifier) of an access port of the target virtual machine accessed to the SDN network;
and sending a flow collection strategy to an SDN controller, wherein the flow collection strategy can instruct the SDN controller to control forwarding equipment accessed by the target virtual machine to collect incoming flow of a target port, and the target port is a port on the forwarding equipment for the target virtual machine to access.
5. The traffic collection method according to claim 4, wherein the traffic collection policy includes the following information:
the system comprises a target virtual machine list, wherein the target virtual machine list comprises at least one target virtual machine;
the flow direction of the target flow to be acquired on the target virtual machine;
and UUID of the access port.
6. A traffic collection method according to any one of claims 1-3, wherein the original collection object is a first interface of a first VNF inside a data center DC, the target collection object is a second network element outside the DC, and the collection of the target traffic incoming to the forwarding device to which the target collection object is connected includes:
and sending a flow collection strategy to an SDN controller, wherein the flow collection strategy can instruct the SDN controller to control forwarding equipment accessed by the second network element to collect incoming flow of a target port, and the target port is a port on the forwarding equipment for the second network element to access.
7. The traffic collection method according to claim 6, wherein the traffic collection policy includes the following information:
the network element indication information is used for indicating the information of the second network element;
And the flow direction of the target flow to be acquired on the second network element.
8. A traffic collection method according to any one of claims 1 to 3, wherein the original collection object is a first Host, the target collection object is a second Host, and the collection of the target traffic incoming to the forwarding device to which the target collection object is connected includes:
and sending a flow acquisition instruction to forwarding equipment accessed by the second Host, wherein the flow acquisition instruction can instruct the forwarding equipment to acquire incoming flow of a target port, and the target port is a port on the forwarding equipment for the second Host to access.
9. A flow acquisition device comprising:
the object determining unit is used for determining a target acquisition object corresponding to an original acquisition object according to a network topological relation, wherein the original acquisition object is an object for which incoming target flow needs to be acquired, the flow direction of the target flow is outgoing relative to the target acquisition object, and the target acquisition object is an object for supporting the target flow of which the outgoing direction is acquired;
and the acquisition control unit is used for acquiring the target flow in the incoming direction of forwarding equipment connected with the target acquisition object, wherein the forwarding equipment is a switch or a data center gateway DC GW.
10. A network device comprising a processor, a memory, and a communication bus;
the communication bus is used for realizing connection communication between the processor and the memory;
the processor is configured to execute one or more programs stored in the memory to implement the steps of the flow collection method of any one of claims 1 to 8.
11. The network device of claim 10, wherein the network device is a network function virtualization orchestrator NFVO network element or an SDN controller.
12. A storage medium storing one or more programs executable by one or more processors to implement the steps of the flow collection method of any one of claims 1 to 8.
CN201910272723.XA 2019-04-04 2019-04-04 Traffic acquisition method and device, network equipment and storage medium Active CN111786843B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910272723.XA CN111786843B (en) 2019-04-04 2019-04-04 Traffic acquisition method and device, network equipment and storage medium
PCT/CN2020/076073 WO2020199780A1 (en) 2019-04-04 2020-02-20 Traffic collection method and device, network apparatus and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910272723.XA CN111786843B (en) 2019-04-04 2019-04-04 Traffic acquisition method and device, network equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111786843A CN111786843A (en) 2020-10-16
CN111786843B true CN111786843B (en) 2023-07-04

Family

ID=72664916

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910272723.XA Active CN111786843B (en) 2019-04-04 2019-04-04 Traffic acquisition method and device, network equipment and storage medium

Country Status (2)

Country Link
CN (1) CN111786843B (en)
WO (1) WO2020199780A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115834459B (en) * 2022-10-10 2024-03-26 大连海事大学 Dynamic cleaning system and method for link flooding attack flow

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104579810A (en) * 2013-10-23 2015-04-29 中兴通讯股份有限公司 Flow sampling method and system for software-defined network
JP2015195519A (en) * 2014-03-31 2015-11-05 株式会社Nttドコモ flow control device and flow control method
CN106100999A (en) * 2016-08-28 2016-11-09 北京瑞和云图科技有限公司 Image network flow control protocol in a kind of virtualized network environment
WO2017167029A1 (en) * 2016-03-29 2017-10-05 华为技术有限公司 Control method, device and system for traffic counting

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3606941B2 (en) * 1995-03-23 2005-01-05 株式会社東芝 Flow control apparatus and flow control method
JP2004165996A (en) * 2002-11-13 2004-06-10 Ntt Docomo Inc Ip router, method for totalizing point to point traffic on ip network, and ip network system
US7474666B2 (en) * 2003-09-03 2009-01-06 Cisco Technology, Inc. Switch port analyzers
CN102082692B (en) * 2011-01-24 2012-10-17 华为技术有限公司 Method and equipment for migrating virtual machines based on network data flow direction, and cluster system
CN105471670B (en) * 2014-09-11 2019-08-02 中兴通讯股份有限公司 Data on flows classification method and device
WO2017028317A1 (en) * 2015-08-20 2017-02-23 Hewlett Packard Enterprise Development Lp Containerized virtual network function
US9781037B2 (en) * 2015-09-15 2017-10-03 Cisco Technology, Inc. Method and apparatus for advanced statistics collection
CN106549792B (en) * 2015-09-22 2019-10-15 中国移动通信集团公司 A kind of method, apparatus and system of the security control of VNF
US10701076B2 (en) * 2016-01-14 2020-06-30 Arbor Networks, Inc. Network management device at network edge for INS intrusion detection based on adjustable blacklisted sources
US10601778B2 (en) * 2016-09-15 2020-03-24 Arbor Networks, Inc. Visualization of traffic flowing through a host
EP3334104A1 (en) * 2016-12-08 2018-06-13 Alcatel Lucent A network element and packet forwarding network element with traffic mirroring function, and corresponding method
US10574513B2 (en) * 2017-06-16 2020-02-25 Cisco Technology, Inc. Handling controller and node failure scenarios during data collection
CN107360100B (en) * 2017-07-31 2019-11-15 中通服咨询设计研究院有限公司 A kind of network flow arranging system and method based on SDN technology
CN107404421A (en) * 2017-09-18 2017-11-28 赛尔网络有限公司 Flow monitoring, monitoring and managing method and system
CN108650154B (en) * 2018-06-29 2020-11-27 新华三技术有限公司 Flow control method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104579810A (en) * 2013-10-23 2015-04-29 中兴通讯股份有限公司 Flow sampling method and system for software-defined network
JP2015195519A (en) * 2014-03-31 2015-11-05 株式会社Nttドコモ flow control device and flow control method
WO2017167029A1 (en) * 2016-03-29 2017-10-05 华为技术有限公司 Control method, device and system for traffic counting
CN106100999A (en) * 2016-08-28 2016-11-09 北京瑞和云图科技有限公司 Image network flow control protocol in a kind of virtualized network environment

Also Published As

Publication number Publication date
WO2020199780A1 (en) 2020-10-08
CN111786843A (en) 2020-10-16

Similar Documents

Publication Publication Date Title
US11586461B2 (en) Service creation and management
CN107209709B (en) Network function virtualization management and arrangement device, system, management method, and program
US10481953B2 (en) Management system, virtual communication-function management node, and management method for managing virtualization resources in a mobile communication network
EP3300298B1 (en) Method and apparatus for switching vnf
WO2016095121A1 (en) Method and system for automatically adjusting network service capability
EP3337097A1 (en) Network element upgrading method and device
US20160328258A1 (en) Management system, overall management node, and management method
US9465641B2 (en) Selecting cloud computing resource based on fault tolerance and network efficiency
CN108632063B (en) Method, device and system for managing network slice instances
CN104636184A (en) Deploying method, device and equipment of instances of virtual machine
CN109167670A (en) PFCP connection processing method, device, network element, system and storage medium
US20180004563A1 (en) Orchestrator apparatus, system, virtual machine creation method, and computer-readable recording medium
JP2019525604A (en) Network function NF management method and NF management apparatus
CN111786843B (en) Traffic acquisition method and device, network equipment and storage medium
CN113162785A (en) Method, device and system for establishing network interface
WO2018050013A1 (en) Method and apparatus for managing network function node
CN112752352B (en) Method and equipment for determining I-SMF (intermediate session management function)
US20180198708A1 (en) Data center linking system and method therefor
Li et al. Complexity in 5G Network Applications and use cases
CN112020100B (en) Management method, equipment and system of packet flow description information
CN108833435B (en) Network access control method and device and network system
KR101585413B1 (en) Openflow controller and method of disaster recoverty for cloud computing system based on software definition network
EP4149062A1 (en) Deployment method and apparatus for virtualized network service
WO2018120222A1 (en) Vnffg management method, device and system
CN108646137A (en) A kind of line node positioning system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant