CN112019458A - Data message forwarding method and device - Google Patents
Data message forwarding method and device Download PDFInfo
- Publication number
- CN112019458A CN112019458A CN202010956580.7A CN202010956580A CN112019458A CN 112019458 A CN112019458 A CN 112019458A CN 202010956580 A CN202010956580 A CN 202010956580A CN 112019458 A CN112019458 A CN 112019458A
- Authority
- CN
- China
- Prior art keywords
- flow table
- data message
- matched
- stage
- matching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/10—Packet switching elements characterised by the switching fabric construction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
- H04L49/252—Store and forward routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/30—Peripheral units, e.g. input or output ports
- H04L49/3009—Header conversion, routing tables or routing tags
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a data message forwarding method, which belongs to the technical field of communication and comprises the following steps: acquiring attribute information of the data message; matching in a multi-stage flow table created by a user according to the attribute information; recording the flow table matched with the data message and generating an independent primary flow table; forwarding the independent primary flow table. By the scheme, the mapping from the multi-stage flow table to the independent one-stage flow table is completed, the ACL rule is generated according to the independent one-stage flow table and is issued to the chip for forwarding, the difficulty of realizing Openflow by the TCAM of the switching chip is reduced, and the application range and the efficiency of the multi-stage flow table are improved. The invention also provides a data message forwarding device.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for forwarding a data packet.
Background
Openflow is currently the most dominant scheme in sdn (software Defined networking) networks. In a scenario where OpenFlow is used, generally, packet forwarding is implemented in a multi-stage flow table manner, an OpenFlow implementation device often supports multi-stage flow tables according to OpenFlow specification requirements, the multi-stage flow table means that a packet entering the OpenFlow device can be searched in different flow tables according to different fields, and a result of a previous flow table may affect a table searching process of a next flow table.
In the prior art, an asic (application Specific Integrated circuit) chip is generally implemented in a TCAM (ternary Content Addressable memory) manner to implement a multi-level flow table, and the TCAM is divided into several areas corresponding to several levels of OpenFlow flow tables, for example: dividing the TCAM into 3 regions can only support 3 levels of OpenFlow flow tables. The OpenFlow standard is to support 255-level flow tables, and if a multi-level flow table supported by the OpenFlow standard is to be implemented, the TCAM needs to be divided into 255 levels. In the prior art, because the switching chip TCAM considers the reasons of cost and power consumption, the size of the TCAM is not too large, generally from several K to dozens of K, if the TCAM is divided into 255 areas, each area is matched with one field, and the division into 255x32 areas is equivalent to the division into 32 areas matched with an IP packet header, a flow table in each area can only store several flow tables, and in actual use, few flow tables need hundreds of flow tables, and many flow tables need hundreds of thousands of flow tables. Therefore, the Openflow is mostly 3-4 level flow table by using the TCAM method.
Therefore, how to provide a method capable of supporting the implementation of the OpenFlow multi-level flow table based on the ACL is an urgent problem to be solved in the industry.
Disclosure of Invention
The purpose of the invention is as follows: in order to overcome the defects in the prior art, the invention provides a data message forwarding method capable of realizing an OpenFlow multistage flow table based on an ACL.
The technical scheme is as follows: a data message forwarding method comprises the following steps:
acquiring attribute information of the data message;
matching in a multi-stage flow table created by a user according to the attribute information;
recording the flow table matched with the data message, summarizing the matching items and action items in the hit matched flow table and generating an independent primary flow table;
generating an ACL rule for the independent primary flow table conversion;
and issuing the ACL rule.
Further, when matching is performed in the multi-stage flow tables according to the attribute information, matching is performed on the multi-stage flow tables according to the first packet of the data message, and a hit matching flow table is obtained.
Further, after generating the independent primary flow table:
deleting the corresponding independent one-stage flow table when the hit flow table in the multi-stage flow tables is aged/modified/deleted.
Further, when no independent first-stage flow table ACL rule is matched and forwarded, the data message is transmitted to a multi-stage flow table, and a full-flow matching is performed once to regenerate and issue a new ACL rule.
Furthermore, if the matched multi-stage flow table has the jump action, jumping to other flow tables for matching and executing the action, recording the flow tables matched and executed in the multi-stage flow table, and summarizing to generate an independent one-stage flow table.
Further, if the data message is not matched in the multi-stage flow table, the attribute information of the data message is uploaded, and a new multi-stage flow table is obtained.
A data message forwarding apparatus comprising:
the acquisition unit is used for acquiring the attribute information of the data message;
the matching unit is used for matching in the multi-stage flow table created by the user according to the acquired attribute information, summarizing the matching items and the action items in the flow table to be matched in a hit mode, generating the independent one-stage flow table and recording the flow table matched in a hit mode;
the conversion unit is used for summarizing the hit and matched flow tables to generate an independent primary flow table;
and the forwarding unit is used for converting the generated independent primary flow table into an ACL rule and forwarding the ACL rule.
Further, when the matching unit matches in the multi-stage flow table according to the attribute information, the matching unit matches the multi-stage flow table according to the first packet of the data packet, and acquires a hit-matched flow table.
Further, the multi-stage flow table aging device further comprises a deleting unit used for deleting the independent one-stage flow table generated correspondingly when the hit flow table in the multi-stage flow table is aged/modified/deleted.
Further, in the conversion unit, when there is no independent one-stage flow table ACL rule matching forwarding, the acquisition unit sends the datagram to the multi-stage flow table, performs one-time full-flow matching to regenerate and send a new ACL rule.
The data message forwarding method of the invention has the following beneficial effects: by the scheme, the mapping from the multi-stage flow table to the independent one-stage flow table is completed, the ACL rule is generated according to the independent one-stage flow table and is issued to the chip for forwarding, the difficulty of realizing Openflow by the TCAM of the switching chip is reduced, and the application range and the efficiency of the multi-stage flow table are improved.
Drawings
Fig. 1 is a schematic step diagram of an embodiment of a data packet forwarding method according to the present invention;
fig. 2 is a schematic diagram of a multi-stage flow table created by a user in the data packet forwarding method shown in fig. 1;
fig. 3 is a schematic diagram of a primary flow table for generating an independent data packet forwarding method shown in fig. 1;
fig. 4 is a schematic circuit diagram of an embodiment of the data packet forwarding device according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the description relating to "first", "second", etc. in the present invention is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions between the various embodiments can be combined with each other, but must be based on the realization of those skilled in the art.
Referring to fig. 1-3, an embodiment of a data packet forwarding method according to the present invention includes:
110: and acquiring attribute information of the data message, wherein the attribute information comprises matching items, action items, priorities, counters, timeout time, cookies and the like.
210: and matching in the multi-stage flow table created by the user according to the attribute information, wherein each stage of flow table in the multi-stage flow table created by the user has a matching domain and an action thereof as shown in fig. 2, and the action domain of the multi-stage flow table is from the user data entering the ASIC port to leaving the ASIC. In this embodiment, the multi-stage flow table is issued by a user through an OpenFlow protocol.
310: the flow tables matched with the data messages are recorded and extracted, an independent first-level flow table is generated, the independent first-level flow table is shown in fig. 2, specifically, matching items and action items in the hit matched flow tables are collected to generate the independent first-level flow table, and each matching item and action item of each level of the multi-level flow table are independent and do not conflict with each other, so that each matching domain and each action item of the collected independent first-level flow table are not conflicted, and an independent flow table entry can be formed.
410: in order to enable hardware to read the converted data message, before forwarding the independent primary flow table, extracting a matching item and an action item from the independent primary flow table and converting the matching item and the action item into an ACL rule.
510: forwarding the ACL rule.
By the scheme, the mapping from the multi-stage flow table to the independent one-stage flow table is completed, the ACL rule is generated according to the independent one-stage flow table and is issued to the chip for forwarding, the difficulty of realizing Openflow by the TCAM of the switching chip is reduced, and the application range and the efficiency of the multi-stage flow table are improved.
Moreover, in the process of converting the multi-stage flow table into the independent one-stage flow table, it is likely that the generated independent one-stage flow table cannot accurately forward data because the original data performs an action item in the flow table, thereby causing a data change. By adopting the scheme in the embodiment, the complete action can be recorded, so that the original data message can be constantly and accurately found.
As a further optimization for this embodiment, in step 210, the specific steps include: and when the multi-stage flow tables are matched according to the attribute information, matching the multi-stage flow tables according to the first packet of the data message, and acquiring the hit matched flow tables. Because multiple flow table combinations are obtained when the multiple flow tables are arranged and combined, for example: 4 stages of flow tables, each stage having 3 flow tables, then the possibility of forwarding the flow tables after permutation and combination has 4 powers of 3 up to 81 combinations. However, in actual use, there are no such multiple combinations for data packet forwarding, so that when actual data forwarding is performed, matching is performed according to the first packet of the actual data packet, so that the problem of insufficient TCAM space caused by issuing and generating multiple permutation and combination flow tables can be solved.
Preferably, the step 310 of recording the flow table matched with the data packet and generating an independent primary flow table further includes the step 311:
deleting the corresponding independent one-stage flow table when the hit flow table in the multi-stage flow tables is aged/modified/deleted.
When no independent primary flow table ACL rule is matched and forwarded, the data message is sent to the multi-level flow table, and the step 110 and the step 510 are repeated to perform one-time full-flow matching to regenerate and send the new ACL rule.
In step 210, if the matched multi-stage flow table has a jump action, jumping to another flow table for matching and executing the action, recording the flow table matched and executed in the multi-stage flow table, and summarizing to generate an independent one-stage flow table. In this way, only the flow tables which are matched and acted in the multi-stage flow tables need to be remembered, and the matched matching items and action items can be recorded and summarized to form an independent one-stage flow table.
In step 210, if the data packet is not matched in the multi-stage flow table, the attribute information of the data packet is uploaded, and step 110 is repeated to obtain a new multi-stage flow table.
The present invention further provides a data packet forwarding apparatus, which, referring to the embodiment shown in fig. 4, includes an obtaining unit 1, a matching unit 2, a converting unit 3, and a forwarding unit 4, which are connected in sequence.
The acquiring unit 1 is used for acquiring attribute information of the data message, wherein the attribute information comprises a matching item, an action item, a priority, a counter, timeout time, cookies and the like;
the matching unit 2 is used for matching in the multi-stage flow table created by the user according to the acquired attribute information and recording the hit matched flow table;
the conversion unit 3 summarizes the matching items and the action items in the flow tables to be hit-matched, so as to generate the independent primary flow table.
The forwarding unit 4 forwards the generated independent primary flow table.
As a further optimization of this embodiment, when matching is performed in the multi-stage flow table according to the attribute information, the matching unit 2 matches the multi-stage flow table according to the first packet of the data packet, and acquires a hit-matched flow table.
As a further optimization for this embodiment, a deleting unit 5 is further included, configured to delete the one-stage flow table that is generated independently when the hit flow table in the multi-stage flow tables is aged/modified/deleted.
As a further optimization for this embodiment, in the conversion unit 3, when there is no independent one-stage flow table ACL rule matching forwarding, the obtaining unit 1 sends the datagram to the multi-stage flow table, performs one-time full-flow matching, regenerates a new ACL rule, and issues the new ACL rule.
The above description is only of the preferred embodiments of the present invention, and it should be noted that: it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the invention and these are intended to be within the scope of the invention.
Claims (10)
1. A data message forwarding method is characterized by comprising the following steps:
acquiring attribute information of the data message;
matching in a multi-stage flow table created by a user according to the attribute information;
recording the flow table matched with the data message, summarizing the matching items and action items in the hit matched flow table and generating an independent primary flow table;
generating an ACL rule for the independent primary flow table conversion;
and issuing the ACL rule.
2. A data message forwarding method according to claim 1, wherein: and when the multi-stage flow tables are matched according to the attribute information, matching the multi-stage flow tables according to the first packet of the data message, and acquiring the hit matched flow tables.
3. A data message forwarding method according to claim 1, wherein: after generating the independent primary flow table:
deleting the corresponding independent one-stage flow table when the hit flow table in the multi-stage flow tables is aged/modified/deleted.
4. A data message forwarding method according to claim 3, wherein: and when no independent primary flow table ACL rule is matched and forwarded, the data message is transmitted to a multi-stage flow table, and a full-flow matching is carried out once to regenerate and issue a new ACL rule.
5. A data message forwarding method according to claim 1, wherein: and if the matched multistage flow tables have the jump action, jumping to other flow tables for matching and executing the action, recording the flow tables matched and executed in the multistage flow tables, and summarizing to generate an independent one-stage flow table.
6. A data message forwarding method according to claim 1, wherein: and if the data message is not matched in the multi-stage flow table, uploading attribute information of the data message, and acquiring a new multi-stage flow table.
7. A data message forwarding apparatus, comprising:
the acquisition unit is used for acquiring the attribute information of the data message;
the matching unit is used for matching in the multi-stage flow table created by the user according to the acquired attribute information, summarizing the matching items and the action items in the flow table to be matched in a hit mode, generating the independent one-stage flow table and recording the flow table matched in a hit mode;
the conversion unit is used for summarizing the hit and matched flow tables to generate an independent primary flow table;
and the forwarding unit is used for converting the generated independent primary flow table into an ACL rule and forwarding the ACL rule.
8. The device for forwarding data packets according to claim 7, wherein: and when the matching unit matches in the multi-stage flow tables according to the attribute information, the matching unit matches the multi-stage flow tables according to the first packet of the data message to acquire the hit matched flow tables.
9. The device for forwarding data packets according to claim 7, wherein: the multi-stage flow table aging device further comprises a deleting unit used for deleting the independent one-stage flow table when the hit flow table in the multi-stage flow table is aged/modified/deleted.
10. The data packet forwarding device of claim 9, wherein: in the conversion unit, when no independent first-stage flow table ACL rule is matched and forwarded, the acquisition unit transmits the data message to a multi-stage flow table, and performs one-time full-flow matching to regenerate and send a new ACL rule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010956580.7A CN112019458A (en) | 2020-09-11 | 2020-09-11 | Data message forwarding method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010956580.7A CN112019458A (en) | 2020-09-11 | 2020-09-11 | Data message forwarding method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112019458A true CN112019458A (en) | 2020-12-01 |
Family
ID=73522940
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010956580.7A Pending CN112019458A (en) | 2020-09-11 | 2020-09-11 | Data message forwarding method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112019458A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637090A (en) * | 2020-12-30 | 2021-04-09 | 上海欣诺通信技术股份有限公司 | Dynamic multilevel flow control method based on programmable switching chip |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150010000A1 (en) * | 2013-07-08 | 2015-01-08 | Nicira, Inc. | Hybrid Packet Processing |
| CN104426768A (en) * | 2013-09-05 | 2015-03-18 | 华为技术有限公司 | Data message forwarding method and device |
| US20190372894A1 (en) * | 2018-06-05 | 2019-12-05 | NEC Laboratories Europe GmbH | Method and system for performing state-aware software defined networking |
-
2020
- 2020-09-11 CN CN202010956580.7A patent/CN112019458A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150010000A1 (en) * | 2013-07-08 | 2015-01-08 | Nicira, Inc. | Hybrid Packet Processing |
| CN104426768A (en) * | 2013-09-05 | 2015-03-18 | 华为技术有限公司 | Data message forwarding method and device |
| US20190372894A1 (en) * | 2018-06-05 | 2019-12-05 | NEC Laboratories Europe GmbH | Method and system for performing state-aware software defined networking |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637090A (en) * | 2020-12-30 | 2021-04-09 | 上海欣诺通信技术股份有限公司 | Dynamic multilevel flow control method based on programmable switching chip |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11757740B2 (en) | Aggregation of select network traffic statistics | |
| CN104426768B (en) | A kind of data message forwarding method and device | |
| US8577817B1 (en) | System and method for using network application signatures based on term transition state machine | |
| US8494985B1 (en) | System and method for using network application signatures based on modified term transition state machine | |
| CN105684382A (en) | Packet control method, switch and controller | |
| CN112866111B (en) | Method and device for managing flow table | |
| EP3905622A1 (en) | Botnet detection method and system, and storage medium | |
| CN108399176A (en) | A kind of rule-based data processing method and regulation engine device | |
| CN110708250A (en) | Method for improving data forwarding performance, electronic equipment and storage medium | |
| CN100553206C (en) | Internet, applications method for recognizing flux based on packet sampling and application signature | |
| JP2005051736A (en) | Packet transfer apparatus provided with statistics collection apparatus and statistics collection method | |
| CN104580027A (en) | OpenFlow message forwarding method and equipment | |
| CN105429879B (en) | Flow entry querying method, equipment and system | |
| US20170171039A1 (en) | Network flow information collection method and apparatus | |
| CN110912826B (en) | Method and device for expanding IPFIX table items by using ACL | |
| CN112486914A (en) | Data packet storage and fast check method and system | |
| CN112019458A (en) | Data message forwarding method and device | |
| CN115225734A (en) | Message processing method and network equipment | |
| KR100681000B1 (en) | Apparatus and method for measuring per-flow information of traffic | |
| CN102868775B (en) | Method for expanding capacity of address resolution protocol table, and message forwarding method and device | |
| CN112688924A (en) | Network protocol analysis system | |
| CN112087389B (en) | Message matching table look-up method, system, storage medium and terminal | |
| EP4280561A1 (en) | Information flow identification method, network chip, and network device | |
| CN114095383B (en) | Network flow sampling method and system and electronic equipment | |
| CN108833724B (en) | CDR synthesis method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |