WO2023115373A1 - Heterogeneous convergence network and path consistency verification method therefor, and storage medium - Google Patents

Heterogeneous convergence network and path consistency verification method therefor, and storage medium Download PDF

Info

Publication number
WO2023115373A1
WO2023115373A1 PCT/CN2021/140359 CN2021140359W WO2023115373A1 WO 2023115373 A1 WO2023115373 A1 WO 2023115373A1 CN 2021140359 W CN2021140359 W CN 2021140359W WO 2023115373 A1 WO2023115373 A1 WO 2023115373A1
Authority
WO
WIPO (PCT)
Prior art keywords
path
information
switch
actual
expected
Prior art date
Application number
PCT/CN2021/140359
Other languages
French (fr)
Chinese (zh)
Inventor
雷凯
伍楷舜
李伟
张良杰
张梅梅
张亚朋
何晟
易望
陈佩淑
Original Assignee
北京大学深圳研究生院
金蝶软件(中国)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京大学深圳研究生院, 金蝶软件(中国)有限公司 filed Critical 北京大学深圳研究生院
Priority to CN202180043494.XA priority Critical patent/CN115918037A/en
Priority to PCT/CN2021/140359 priority patent/WO2023115373A1/en
Publication of WO2023115373A1 publication Critical patent/WO2023115373A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks

Definitions

  • the present application relates to the technical field of network management, in particular to a heterogeneous fusion network and its path consistency verification method and storage medium.
  • SDN Software-defined networking
  • the switches in the data plane forward data packets, and the controller in the control plane guides the forwarding behavior of the switches. Inconsistencies may occur between the data plane and the control plane, and at this time, it is necessary to perform consistency verification on the data packet forwarding paths of the control plane and the data plane.
  • the controller will generate an expected path for the data packet. After the data packet is forwarded by the switch on the data plane, an actual path will be generated. Path consistency detection is performed by comparing the actual path with the expected path. ; Path consistency verification can obtain the conclusion whether the control plane and the data plane are consistent by detecting whether the expected path of the data packet is consistent with the actual forwarding path of the data packet.
  • SDN network that supports multiple protocols (i.e., an SDN heterogeneous converged network)
  • path consistency problem changes, and path detection becomes more complicated.
  • the data plane may be composed of various types of switches, and different types of switches may support different protocols (such as switches supporting IP protocol, switches supporting ICN protocol, switches supporting Hybrid-ICN protocol ); then in the SDN heterogeneous integration scenario, the path consistency verification problem between the actual path and the expected path of data packet forwarding will become very complicated and difficult to solve.
  • switches supporting IP protocol switches supporting ICN protocol, switches supporting Hybrid-ICN protocol
  • switches supporting Hybrid-ICN protocol switches supporting Hybrid-ICN protocol
  • the technical problem mainly solved by this application is: how to realize path consistency verification in the SDN heterogeneous converged network.
  • the present application proposes a heterogeneous fusion network and its path consistency verification method and storage medium.
  • an embodiment provides a heterogeneous converged network, which includes: a data plane, including a plurality of switches connected topologically, and each switch can perform data forwarding according to at least one communication protocol; a control plane, and The switch in the data plane is connected to control the data forwarding path of the switch; wherein, the control plane constructs a multi-information combination detection packet according to a preset communication protocol, and sends it to the data plane
  • the detection packet includes packet header information, and forwarding rule information of several switches that are expected to perform forwarding;
  • the data layer forwards the detection packet according to the actual path forwarded by each switch, and sends to the control
  • the layer reports the actual forwarding information;
  • the control layer generates multiple pieces of expected path information according to the forwarding rule information, and uses the multiple pieces of expected path information to form the expected path set information corresponding to the detection packet;
  • the actual forwarding information generates the actual path information corresponding to the detection packet; the control plane judges whether the expected path set information contains the expected path information consistent with the
  • the data layer forwards the detection packet according to the actual forwarding path of each switch, and reports the actual forwarding information to the control layer, including: the data layer receives the distributed detection packet, and forwards the detection packet in each Forwarding between switches and forming an actual forwarding path; the switch that forwards the detection packet for the first time on the actual path is the ingress switch, the switch that forwards the detection packet last on the actual path is the egress switch, and the remaining switches on the actual path are intermediate switches ;
  • the data plane utilizes an ingress switch on the actual path to insert an initial label value in the detection packet, and reports the initial label value to the control plane; the data plane utilizes an intermediate switch and an egress switch on the actual path
  • the initial label value of the detection packet is updated; the data layer forms corresponding actual forwarding information with the header information of the detection packet according to the label value updated by any switch in the intermediate switch and the egress switch on the actual path and report to the control plane.
  • the data plane uses the intermediate switch and the egress switch on the actual path to update the initial label value of the detection packet, including: for the intermediate switch on the actual path, the intermediate switch uses its own feature matrix and the detection packet Perform matrix multiplication on the inserted initial label value to obtain the first label value; for the egress switch on the actual path, the egress switch performs matrix multiplication operation on its own characteristic matrix and the first label value to obtain the second label value value; in the matrix multiplication operation, a modulo calculation is performed on the feature matrix involved in the operation to prevent matrix multiplication from overflowing; both the first label value and the second label value are updated label values.
  • the control plane generates multiple pieces of expected path information according to the forwarding rule information, and uses the multiple pieces of expected path information to form the expected path set information corresponding to the detection packet, including: the control plane according to the forwarding rule information Constructing multiple expected paths; each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path; the control plane obtains the feature matrix that constitutes all the switches on each expected path, And obtain the initial label value reported by the ingress switch on the actual path; the control plane uses the characteristic matrix of one or more switches on each expected path to update and calculate the initial label value, and obtain the label corresponding to each expected path value; the control plane generates a piece of expected path information according to the header information of the detection packet and the label value corresponding to each expected path; the control plane counts the expected path information corresponding to each expected path to form the detection The expected path set information corresponding to the package.
  • the control plane also stores the desired path set information in a preset path table, and uses a Bloom filter in the path table to map and store label values corresponding to each desired path.
  • the control plane generates the actual path information corresponding to the detection packet according to the actual forwarding information, including: the control plane obtains the label values reported by the intermediate switch and the egress switch on the actual path of the detection packet respectively, and obtains The packet header information of the detection packet; the control plane determines the actual path for the detection packet to be forwarded between switches in the data plane according to the obtained label value, and according to the obtained label value and the packet header information of the detection packet Generate corresponding actual path information.
  • the control plane determines whether the expected path set information contains the expected path information consistent with the actual path information, including: the control plane acquires the packet header information and label value in the expected path set information, and acquires The packet header information and label value in the actual path information; the control plane compares the packet header information in the actual path information with the packet header information in the expected path set information, and performs path consistency when the packet header information matches Verification: the control plane judges whether there is a tag value identical to the actual path information in the expected path set information, and if so, passes the path consistency verification.
  • an embodiment provides a heterogeneous converged network, including a data plane and a control plane, the data plane includes a plurality of switches connected topologically, the controller is deployed in the control plane and the The controller is connected to each switch, and the controller includes: a path detection generation module, configured to construct a detection packet according to a preset communication protocol, and send the detection packet to the data layer; an expected path set generation module, It is used to generate corresponding expected path set information according to multiple expected paths forwarded by the detection packet among several switches in the data plane; a path consistency verification module is used to detect that the detection packet is in the data plane the actual path forwarded between the switches and generate corresponding actual path information; Path consistency verification of forwarded expected path and actual path.
  • a path detection generation module configured to construct a detection packet according to a preset communication protocol, and send the detection packet to the data layer
  • an expected path set generation module It is used to generate corresponding expected path set information according to multiple expected paths forwarded by the detection packet among several switches in the data plane
  • the path detection generation module constructs a detection packet according to a preset communication protocol, and sends the detection packet to the data layer, including: the path detection generation module configures header information and expected execution according to a preset communication protocol
  • the forwarding rules of several switches use the packet header information and the forwarding rule information to construct a detection packet combining multiple information; the path detection generation module sends the detection packet to the data plane, and the detection packet is in the Each switch in the data layer forwards and forms an actual forwarding path; the switch that forwards the detection packet for the first time on the actual path is an ingress switch, and the switch that forwards the detection packet last on the actual path is an egress switch, and the actual path
  • the remaining switches on the actual path are intermediate switches; the ingress switch on the actual path is used to insert the initial label value in the detection packet and report it to the control plane, and the intermediate switch and the egress switch on the actual path are used to update the initial label, and report the updated label value and the header information of the detection packet to the control plane.
  • the expected path set generation module generates corresponding expected path set information according to multiple expected paths forwarded by the detection packet among several switches in the data plane, including: the expected path set generation module according to the forwarding rule The information constructs multiple expected paths; each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path; the expected path set generation module obtains all switches on each expected path feature matrix, and obtain the initial tag value reported by the ingress switch on the actual path; the expected path set generation module uses the feature matrix of one or more switches on each expected path to update and calculate the initial tag value, Obtain the tag value corresponding to each expected path; the expected path set generation module generates an expected path information according to the header information of the probe packet and the tag value corresponding to each expected path; the expected path set generation module counts each Expected path information corresponding to the expected paths respectively to form expected path set information corresponding to the detection packet.
  • the path consistency verification module detects the actual path forwarded by the detection packet between the switches in the data layer and generates corresponding actual path information, including: the path consistency verification module obtains the detection packet on the actual path The label values reported by the intermediate switch and the egress switch on the network respectively, and the header information of the detection packet; the path consistency verification module determines the forwarding of the detection packet between the switches in the data plane according to the obtained label value the actual path, and generate corresponding actual path information according to the obtained label value and the header information of the detection packet.
  • the path consistency verification module judges whether the expected path set information contains the expected path information consistent with the actual path information, and if so, passes the path consistency verification of the expected path forwarded by the probe packet and the actual path , including: the path consistency verification module obtains the packet header information and label value in the expected path set information, and obtains the packet header information and label value in the actual path information; the path consistency verification module obtains the actual path The packet header information in the information is compared with the packet header information in the expected path set information, and path consistency verification is performed when the packet header information matches; If the tag value of the actual path information is the same, it passes the path consistency verification.
  • an embodiment provides a heterogeneous converged network, including a data plane and a control plane, the data plane includes a plurality of switches connected topologically, and the control plane communicates with the switches in the data plane connected and used to control the data forwarding path of each of the switches, the data plane can receive the detection packets distributed by the control plane, and forward the detection packets among the switches to form an actual forwarding path;
  • the switch that forwards the detection packet for the first time on the actual path is the ingress switch, the switch that forwards the detection packet last on the actual path is the egress switch, and the rest of the switches on the actual path are intermediate switches;
  • the switch inserts an initial label value into the detection packet, and reports the initial label value to the control plane;
  • the data plane uses the intermediate switch and the egress switch on the actual path to update the initial label value of the detection packet ;
  • the data layer forms corresponding actual forwarding information based on the label value updated by any switch in the intermediate switch and the egress switch on the actual path, and
  • the data plane uses the intermediate switch and the egress switch on the actual path to update the initial label value of the detection packet, including: for the intermediate switch on the actual path, the intermediate switch uses its own feature matrix and the detection packet Perform matrix multiplication on the inserted initial label value to obtain the first label value; for the egress switch on the actual path, the egress switch performs matrix multiplication operation on its own characteristic matrix and the first label value to obtain the second label value value; in the matrix multiplication operation, a modulo calculation is performed on the feature matrix involved in the operation to prevent matrix multiplication from overflowing; both the first label value and the second label value are updated label values.
  • an embodiment provides a path consistency verification method for a heterogeneous converged network
  • the heterogeneous converged network includes a data plane and a control plane
  • the data plane includes a plurality of switches connected topologically
  • the control plane is used to control the data forwarding path of each switch
  • the path consistency verification method includes: constructing a detection packet according to a preset communication protocol, and sending the detection packet to the data plane; according to The plurality of expected paths forwarded by the detection packets among several switches in the data plane generate corresponding expected path set information; detect the actual paths forwarded by the probe packets among the switches in the data plane and generate corresponding Actual path information: judging whether the expected path set information contains expected path information consistent with the actual path information, and if so, verifying the path consistency between the expected path forwarded by the probe packet and the actual path.
  • Constructing a detection packet according to a preset communication protocol sending the detection packet to the data plane, and generating corresponding expected Path aggregation information, including: configuring packet header information and forwarding rules of several switches expected to be executed according to a preset communication protocol, using the packet header information and the forwarding rule information to construct a detection packet combining multiple information; Issued to the data plane, the detection packet is forwarded among the switches in the data plane to form an actual path for forwarding; the switch that forwards the detection packet for the first time on the actual path is the ingress switch, and the last switch on the actual path The switch that forwards the detection packet is an egress switch, and the rest of the switches on the actual path are intermediate switches; the ingress switch on the actual path is used to insert an initial label value into the detection packet and report it to the control plane.
  • the intermediate switch and the egress switch are used to update the initial label of the detection packet, and report the updated label value and the header information of the detection packet to the control plane; path; each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path; obtain the feature matrix of all switches on each expected path, and obtain the report of the ingress switch on the actual path.
  • the initial label value of each expected path; the characteristic matrix of one or more switches on each expected path is used to update and calculate the initial label value to obtain the corresponding label value of each expected path; according to the header information of the detection packet and
  • the label value corresponding to each expected path generates a piece of expected path information; the expected path information corresponding to each expected path is counted to form the expected path set information corresponding to the detection packet.
  • the generating the actual path information corresponding to the detection packet according to the actual forwarding information includes: obtaining the label values reported by the intermediate switch and the egress switch of the detection packet on the actual path, and the header information of the detection packet ; Determine the actual path forwarded by the detection packet among the switches in the data plane according to the obtained label value, and generate corresponding actual path information according to the obtained label value and the header information of the detection packet.
  • the judging whether the expected path set information contains the expected path information consistent with the actual path information includes: obtaining the packet header information and label value in the expected path set information, and obtaining the packet header in the actual path information information and tag values; compare the header information in the actual path information with the header information in the expected path set information, and perform path consistency verification under the condition that the header information matches; judge the expected path set information Whether there is a tag value identical to the actual path information, and if so, pass the path consistency verification.
  • an embodiment provides a computer-readable storage medium, on which a program is stored, and the program can be executed by a processor to implement the path consistency verification described in the fourth aspect above method.
  • heterogeneous converged network and its path consistency verification method and storage medium wherein the heterogeneous converged network includes a data plane and a control plane, and the control plane constructs a detection packet according to a preset communication protocol and downloads it to the data plane.
  • the data layer forwards the detection packet according to the actual path forwarded by each switch and reports the actual forwarding information to the control layer;
  • the control layer generates multiple expected path information according to the forwarding rule information, and uses multiple expected path information to form a detection packet The corresponding expected path set information;
  • the control layer generates the actual path information corresponding to the detection packet according to the actual forwarding information;
  • the control layer judges whether the expected path set information contains the expected path information consistent with the actual path information, and if so, forwards the detection packet The path consistency verification of the expected path and the actual path.
  • the technical solution proposes a generalized path consistency verification scheme based on labels and active detection, which is used to verify the consistency between the expected path on the control plane and the actual forwarding path of data packets on the data plane in the heterogeneous converged network
  • the second point is that the technical solution uses an active detection mechanism to send a detection packet for a specific switch forwarding path. After receiving the detection packet, the switch will insert label information into the packet header of the data packet.
  • the control level can verify whether the actual path that the data packet passes is consistent with the expected path;
  • the technical solution essentially models the generalized path consistency problem as a set of expected paths and a set of actual paths that can pass the path consistency verification In the surjective model between , the actual forwarding path of the data packet does not need to be strictly equal to the expected path of the controller, as long as the actual forwarding path of the data packet is consistent with the expected path of the controller in terms of protocol semantics, it can pass the path consistency verification , so as to improve the verification efficiency;
  • the label update process in the technical solution is realized by the multi-protocol switch on the data plane, which can be applied to various protocol scenarios.
  • the generalized path consistency verification scheme needs to be adapted to the new The network protocol certificate, the label update module of the multi-protocol switch and the path consistency verification module of the controller do not need to be changed, only the path detection module of the controller and the expected path set generation module need to be incrementally modified, thereby improving the Migration Adaptability of Path Consistency Verification Scheme in Heterogeneous Converged Networks.
  • FIG. 1 is a structural diagram of a heterogeneous fusion network in an embodiment of the present application
  • FIG. 2 is a structural diagram of a controller in an embodiment of the present application.
  • FIG. 3 is a flowchart of a path consistency verification method in an embodiment of the present application.
  • Fig. 4 is the flowchart of constructing detection bag
  • Fig. 5 is the flow chart that generates expected route set information
  • Fig. 6 is the flowchart of generating actual path information
  • FIG. 7 is a flow chart of performing path consistency verification
  • FIG. 8 is a structural diagram of a network control device in an embodiment of the present application.
  • connection and “connection” mentioned in this application include direct and indirect connection (connection) unless otherwise specified.
  • the technical solution of this application proposes a generalized path consistency verification scheme based on tags and active detection mechanisms for the generalized path consistency verification problem.
  • a heterogeneous converged network which mainly includes a data plane 1 and a control plane 2, which will be described separately below.
  • the data layer 1 includes a plurality of switches connected topologically, such as switches 11, 12, 13, 14, 15, and 16.
  • the switch 11 is connected to the switches 12 and 13 respectively, and the switch 12 is connected to the switches 13 and 14 respectively.
  • the control plane 2 is connected to the switches in the data plane 1, and is used to control the data forwarding path of each switch.
  • the control plane 2 may include at least one controller 21, and the controller 21 is respectively connected to the switches 11, 12, 13, 14, 15, and 16 in communication.
  • the controller 21 can send control information to each switch, and can also receive feedback from each switch. report information, so as to realize the control of the data forwarding path of each switch.
  • each switch in the data layer 1 is to provide network access between different hosts, for example, for the hosts 31, 32, 33, and 34 in Figure 1, the host 31 communicates with the switch 11, and the host 32 communicates with the switch 14 communication connection, the host 33 is connected to the switch 15, the host 34 is connected to the switch 16, and each host relies on each switch to realize the interconnection and intercommunication of the network.
  • control plane 2 controlling the data forwarding path of each switch in the data plane 1
  • process of the control plane 2 controlling the data forwarding path of each switch in the data plane 1 can be described as follows:
  • the control layer 2 constructs a detection packet combining multiple information according to the preset communication protocol, and sends the detection packet to the data layer.
  • the communication protocol used to construct the detection packet can adopt the TCP/IP protocol, and the detection packet should include packet header information and forwarding rule information of several switches expected to perform forwarding, wherein the packet header information can include its own identification mark, ingress switch address, protocol Type and other information, forwarding rule information can be considered as packet body information, and can include addresses of several switches expected to perform forwarding (such as the respective addresses of switches 11, 12, 13, and 14). It can be understood that the function of the detection packet is to detect the data forwarding paths of the switches in the data plane 1 .
  • the data layer 1 will respond, and the data layer 1 will forward the detection packet according to the actual path forwarded by each switch, and report to the control layer to actually forward the information.
  • the detection packet contains the forwarding rule information of several switches that are expected to perform forwarding, there may be a case where a switch forwards incorrectly during the actual data forwarding process, which will cause the actual forwarding path to be different from the expected path.
  • the inconsistency it is necessary to make each switch that actually participates in the forwarding record the actual forwarding path of the detection packet, so as to generate the actual forwarding information.
  • the control plane 2 In the third processing link, the control plane 2 generates multiple pieces of expected path information according to the forwarding rule information, and uses the multiple pieces of expected path information to form the expected path set information corresponding to the detection packet.
  • the controller 21 if the controller 21 expects to build a network path between the host 31 and the host 32 through the switches 11, 12, 13, and 14, the expected path information that can be generated includes switches 11-12-13-14, and switches 11 -13-14, and a switch 11-12-14, then these expected path information can constitute the expected path set information corresponding to the detection packet, for example, the expected path set information is recorded as Q.
  • the control plane 2 In the fourth processing link, the control plane 2 generates actual path information corresponding to the detection packet according to the actual forwarding information.
  • the detection packet After the controller 21 sends the detection packet to the ingress switch 11, the detection packet starts to be forwarded in the data layer 1. If the actual forwarding path of the detection packet is recorded by the switch 11-13-14, then this The actual path information corresponding to the detection packet can be generated, for example, the actual path information can be recorded as s.
  • the control plane 2 judges whether the expected path set information contains the expected path information consistent with the actual path information, and if so, passes the path consistency verification of the expected path forwarded by the probe packet and the actual path. It can be understood that the control plane 2 is to judge whether the expected path set information Q contains the actual path information s, and pass the path consistency verification only when the actual path information is included.
  • the process of forwarding the detection packet according to the actual path forwarded by each switch at the data plane 1 includes:
  • the data layer 1 receives the detection packets that are distributed, and forwards the detection packets between switches to form the actual forwarding path.
  • the switch that forwards the detection packet on the actual path for the first time can be regarded as the ingress switch.
  • the switch that forwards the detection packet last on the actual path is the egress switch, and the remaining switches on the actual path are intermediate switches.
  • the controller 21 sends the detection packet to the switch 11 of the data layer 1, and the switches 11, 12, 13, and 14 of the data layer 1 forward the detection packet, then the switch 11 is an ingress switch, and the switch 14 is an egress switch , the switches 12 and 13 are all intermediate switches.
  • the data plane 1 uses the ingress switch on the actual path to insert the initial label value into the detection packet, and reports the initial label value to the control plane.
  • the initialization tag value may consist of a two-dimensional random vector (v 1 , v 2 ) and a 32-bit modulus p, wherein the two-dimensional random vector may include two 32-bit integers.
  • the initial label value is used in subsequent label update calculations.
  • Data layer 1 updates the initial label value of the detection packet by using the intermediate switch and the egress switch on the actual path, and the label update module 111 in the switch may specifically execute the label update algorithm.
  • the controller 21 can assign a matrix address to each switch and send it to the corresponding switch, so that each switch can have a unique 2*2 characteristic matrix (indicated by Mi), and The four values in the feature matrix are all 32-bit integers. Every time the detection packet passes through a switch (indicated by Si), the switch Si will perform matrix multiplication between the label value in the detection packet and the characteristic matrix Mi of the switch Si, so as to obtain a new label value to replace the original label value.
  • the update process of the tag value refers to the following formula
  • p is the modulus in the label value
  • det represents the matrix determinant
  • (v 2i-1 , v 2i ) both represent two-dimensional random vectors
  • the subscript i represents the switch
  • the serial number, % means modulo operation.
  • the update process of the label value of the label update module 111 in the intermediate switch and the egress switch is as follows: a) For the intermediate switch on the actual path, the intermediate switch uses its own characteristic matrix and the initial label inserted in the detection packet Values are matrix multiplied to obtain the first label value; b) For the egress switch on the actual path, the egress switch performs a matrix multiplication operation on its own characteristic matrix and the first label value to obtain the second label value; c) In the matrix multiplication During the operation, a modulo calculation (such as Mi%p) is performed on the feature matrix involved in the operation to prevent matrix multiplication overflow, and both the first tag value and the second tag value are updated tag values, which need to be combined with the header information to form the actual Forward information.
  • a modulo calculation such as Mi%p
  • the final result of the matrix multiplication can reflect the sequence of the switches that the probe packets actually pass through.
  • an additional modulo operation is added, and the result after the modulus is updated to the label as a new two-dimensional vector. In this way, the matrix can be avoided.
  • Multiplication overflows The value of the modulus p is related to the determinant of the characteristic matrix of the switch, and the value of the modulus will be continuously increased through the multiplication operation of the modulus and the determinant. It is important to note that because the update of the modulus is also a multiplication operation, there is also a risk of modulus overflow. In order to avoid this risk, the determinant size of the switch must be controlled within a reasonable range. As for the determinant The format size can be set according to the requirement.
  • the data layer 1 forms corresponding actual forwarding information based on the label value updated by any switch in the intermediate switch and the egress switch on the actual path, and the header information of the detection packet, and reports it to the control layer 2. It can be understood that since both the intermediate switch and the egress switch can update the tag value to obtain the updated tag value, then in order for the controller 21 to know the forwarding state of the detection packet, the intermediate switch and the egress switch can update the tag value The label value and the header information of the detection packet are formed into actual forwarding information, which is reported to the controller 21 .
  • control layer 2 generates multiple pieces of expected path information according to the forwarding rule information, and uses the multiple pieces of expected path information to form the expected path set information corresponding to the probe packet, including:
  • the control plane 2 constructs multiple expected paths according to the forwarding rule information, each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path. For example, in Fig. 1, if a network path between the host 31 and the host 32 is to be constructed, there are three expected paths, namely switch 11-12-13-14, switch 11-13-14, switch 11-12-14, Wherein the switch 11 is an ingress switch on the desired path.
  • the control plane 2 obtains the characteristic matrix of all switches on each expected path, and obtains the initial label value reported by the ingress switch on the actual path. For example, in Figure 1, for three expected paths (respectively switches 11-12-13-14, switches 11-13-14, and switches 11-12-14), the controller 21 can obtain the characteristics of switches 11, 12, 13, and 14 matrix, and obtain the initial label value of switch 11.
  • the control plane 2 uses the feature matrix of one or more switches on each expected path to update and calculate the initial label value, and obtain the label value corresponding to each expected path.
  • the initial label value can be multiplied by the feature matrix of the switch 11 to obtain a new label value and then Multiply with the feature matrix of the switch 12 to get a new label value and then multiply it with the feature matrix of the switch 13 to get a new label value and then multiply it with the feature matrix of the switch 14, the final label value is the expected path (switch 11 -12-13-14); then similarly, the desired path (switch 11-13-14) and the label value of the desired path (switch 11-12-14) can be obtained.
  • the control plane 2 generates a piece of expected path information according to the header information of the detection packet and the label value corresponding to each expected path.
  • the control plane 2 counts the expected path information corresponding to each expected path, and then can form the expected path set information corresponding to the detection packet.
  • the controller 21 in the control plane 2 can store the desired path set information into a preset path table, and use a Bloom filter in the path table to filter each desired path
  • the tag values corresponding to the paths are mapped and stored.
  • the expected path set information stores the label values corresponding to each expected path, that is, the 1*2 vector corresponding to any expected path; in order to reduce the storage space required by the expected path set information, by The tag values corresponding to multiple expected paths are mapped to a fixed-length Bloom filter to save storage space.
  • Bloom filters are usually used to quickly determine whether an element exists in a set, which consists of several independent hash functions and a binary vector; and, Bloom filters pass through multiple hash maps To determine whether an element is in the set, the hash function will map this element into several values, these values correspond to the subscripts of the Bloom filter, if the values corresponding to these subscripts of the Bloom filter are all 1, then The element belongs to this set; of course, if the values corresponding to these subscripts of the Bloom filter are not all 1, the element does not belong to this set.
  • control plane 2 generates the actual path information corresponding to the detection packet according to the actual forwarding information, including:
  • the control plane 2 obtains the label values reported by the intermediate switch and the egress switch of the detection packet on the actual path, and obtains the header information of the detection packet. For example, in FIG. 1 , when the actual forwarding path is the switch 11-13-14, the switches 13 and 14 will respectively upload the updated label value and header information of the detection packet, and the controller 21 will receive the label value and header information.
  • the control plane 2 determines the actual path for the detection packet to be forwarded between the switches in the data plane according to the obtained label value, and generates the corresponding actual path information according to the obtained label value and the header information of the detection packet.
  • the controller 21 has received the label value and packet header information. Since the label value is the result of calculating the characteristic matrix of the switch through matrix multiplication, the characteristic matrix of the switch can be obtained through the inverse matrix operation, so as to know which switch participated in the detection packet. The actual forwarding; and, the label value and packet header information reported by the egress switch can be used to generate the corresponding actual path information.
  • control plane 2 judges whether the expected route set information contains the expected route information consistent with the actual route information including:
  • the control plane 2 obtains the packet header information and label value in the expected path set information, and obtains the packet header information and label value in the actual path information.
  • the expected path set information includes multiple pieces of expected path information
  • each piece of expected path information includes the header information of the probe packet and the corresponding label value
  • the actual path information also includes the header information of the probe packet and the corresponding label value, so the path consistency verification can be performed on the expected path information and the actual path information based on the packet header information and label value.
  • the control plane 2 compares the packet header information in the actual path information with the packet header information in the expected path set information, and performs path consistency verification when the packet header information matches. It can be understood that it is only meaningful to verify the consistency between the expected path and the actual path of the same detection packet.
  • the header information of the detection packet is unique, so the matching judgment is made on the header information. Only when the header information matches can the path be determined.
  • the object of the consistency verification is the actual path information and the expected path information of a probe packet.
  • the control plane 2 judges whether there is the same label value as the actual path information in the expected path set information, and if so, passes the path consistency verification. It can be understood that since the expected path set information includes multiple pieces of expected path information, each piece of expected path information includes a corresponding tag value, so the expected path set information includes multiple tag values with different values, as long as there is one If the label value is the same as the label value in the actual path information, it means that the sequence of switches expected to be forwarded by the same probe packet is consistent with the sequence of switches actually forwarded, and there is no switch forwarding error, so the path consistency verification has passed.
  • the technical solution will construct the detection packet according to the forwarding rules, and then send the actively generated detection packet to the data layer, and judge whether it is consistent with the expected path of the detection packet by detecting the actual forwarding path of the detection packet, thereby Determine whether the data plane is consistent with the control plane. If the actual forwarding behavior of the detection packet is inconsistent with the expectation, it indicates that there is an inconsistency between the data plane and the control plane, and the faulty switch needs to be maintained.
  • the technical solution is to realize the path consistency detection of lower layer data forwarding through the active detection mechanism of the upper layer controller.
  • a data packet or detection packet
  • the ingress switch will send a Packet_In message to the controller, and the controller will calculate the route for the data packet after receiving the Packet_In message path, and deliver the corresponding flow table rules to the corresponding switches; then, the controller uses the active detection mechanism to generate detection packets on the corresponding path for path detection, so as to determine whether the flow table rules are correctly delivered and whether installed and implemented correctly by the switch.
  • the actual forwarding path information that the detection packet passes is compressed and recorded through the label value.
  • the ingress switch will execute the label insertion algorithm to insert the initial label value into the detection packet.
  • the label value will be updated by the switch through the label update algorithm; when the detection packet reaches the end of the path, the egress switch will remove the label value and report it to the controller for path consistency verification. It should be noted that the storage, transmission and calculation overhead of label values should not be too large, and the limited space should be used to carry enough rich actual path information to provide assistance for generalized path consistency verification.
  • the data plane of the traditional SDN network is a single-protocol architecture, that is, the switches on the data plane can only support the forwarding of IPv4 protocol data packets, and the routing function of the network forwarding equipment is moved up to the control plane, and the controller It is responsible for the end-to-end routing calculation of data packets.
  • the forwarding function of the network forwarding device is reserved on the switch on the data plane, and the switch has no cache function, which makes the path consistency verification problem easier.
  • the path consistency verification problem in the traditional SDN network belongs to strict path consistency, that is, the actual path of the data packet must be strictly equal to the expected path of the controller, so that the path consistency verification can pass.
  • strict path consistency problem there is only one expected path for data packets, and there is only one actual path that can pass path consistency verification, which is a one-to-one relationship.
  • the traditional strict path consistency problem can be modeled as a bijection model between the expected path set X and the actual path set Y that can make the path consistency verification pass.
  • the multi-protocol switch on the data plane can simultaneously support the forwarding of IPv4 protocol, IPv6 protocol and NDN protocol data packets, and the routing function of the network forwarding device is activated
  • the controller is responsible for the end-to-end routing calculation of data packets.
  • the forwarding function of the network forwarding device is reserved on the multi-protocol switch in the data plane. Because the data plane in MPSDN can support the forwarding of NDN protocol data packets, the multi-protocol switch on the data plane also has a cache function.
  • the path consistency problem in the multi-protocol heterogeneous fusion network belongs to the generalized path consistency, that is, the actual forwarding path of the data packet (or detection packet) It is not necessary to be strictly equal to the expected path of the controller to pass the path consistency verification. As long as the actual forwarding path of the data packet is consistent with the expected path of the controller in terms of protocol semantics, it is considered that the path consistency verification is passed.
  • the generalized path consistency problem there is only one expected path for a data packet, but there may be many actual paths that can make the path consistency verification pass, which is a one-to-many relationship.
  • the generalized path consistency problem is modeled as a surjective model between the expected path set X and the actual path set Y that can make the path consistency verification pass.
  • data traffic generated by the host may also be forwarded and detected.
  • an edge switch such as an ingress switch
  • an edge switch of the heterogeneous converged network will mark the header of the data packet by inserting label information.
  • the marked data packet When the marked data packet is forwarded to a switch at the edge of the network (such as an egress switch), it will report the header information and label information of the data packet to the upper-layer controller, and the controller will obtain the actual forwarding path of the data packet through the label information , and then determine whether there is a rule inconsistency by comparing whether the actual path information of the data packet is consistent with the expected path.
  • a switch at the edge of the network such as an egress switch
  • the controller can implement path consistency detection at the path granularity.
  • the ingress switch When the data packet generated by the host enters the network, if the ingress switch does not know how to forward the data packet, the ingress switch will send a message to the controller. After receiving the message, the controller will calculate the routing path for the data packet, and then send the corresponding forwarding rules to the corresponding switch.
  • the controller can use the active detection mechanism to generate a detection packet on the corresponding path for path detection, so as to judge whether the forwarding rule is correctly issued and whether it is correctly installed and executed by the switch.
  • This embodiment discloses a heterogeneous converged network, including a data plane 1 and a control plane 2.
  • the data plane 1 includes a plurality of switches connected topologically, such as switches 11, 12, 13, 14, and 15. , 16, a controller 21 is deployed in the control plane 2, and the controller 21 is connected to each switch.
  • switches 11, 12, 13, 14, and 15. switches 11, 12, 13, 14, and 15.
  • 16 a controller 21 is deployed in the control plane 2, and the controller 21 is connected to each switch.
  • controller 21 may be an independent control device, or may be a functional component distributed on the cloud or on a local logical operation circuit.
  • related functions are given to the controller 21 by means of software design and program programming.
  • the functions realized by the controller 21 can be embodied by running software, as long as the software can be executed on the processor.
  • the controller 21 includes a path detection generation module 211 , an expected path set generation module 212 , and a path consistency verification module 213 , which will be described separately below.
  • the role of the path detection generation module 211 is to construct a multi-information combined detection packet according to a preset communication protocol, and deliver the constructed detection packet to the ingress switch in the data plane 1 .
  • the function of the detection packet is to detect the data forwarding path of each switch in the data layer 1.
  • the function of the expected path set generation module 212 is to generate the corresponding expected path set information according to the multiple expected paths forwarded by the probe packet among several switches in the data plane 1 .
  • the role of the path consistency verification module 213 is to detect the actual path forwarded between the switches in the data layer 1 and generate corresponding actual path information; If the expected path information is consistent with the actual path information, the path consistency verification of the expected path forwarded by the probe packet and the actual path is passed.
  • the communication protocols used to construct the detection packet include but are not limited to TCP/IP protocol, NetBEUI protocol, IPX/SPX protocol, NDN orchestration control protocol, blockchain on-chain/off-chain collaboration protocol.
  • the communication protocol used to construct the detection packet can adopt the TCP/IP protocol, and the detection packet should include packet header information and forwarding rule information of several switches that are expected to perform forwarding, wherein the packet header information can include its own identification mark, the address of the ingress switch , protocol type and other information, forwarding rule information can be considered as packet body information, and can include addresses of several switches expected to perform forwarding.
  • the path detection generation module 211 configures header information and forwarding rules of several switches expected to be executed according to a preset communication protocol, and uses the packet header information and forwarding rule information to construct a detection packet; then, the path detection generation module 211 will The detection packet is delivered to the ingress switch in the data plane 1, and then the detection packet can be forwarded among the switches in the data plane 1 to form an actual forwarding path.
  • the switch that forwards the detection packet for the first time on the actual path is the ingress switch
  • the switch that forwards the detection packet last on the actual path is the egress switch
  • the rest of the switches on the actual path are intermediate switches
  • the ingress switch on the actual path is represented by
  • the intermediate switch and the egress switch on the actual path are used to update the initial label value of the detection packet, and report the updated label value and the header information of the detection packet to the control plane. Controller 21 in Level 2.
  • the expected path set generation module 212 constructs multiple expected paths according to the forwarding rule information, each expected path has one or more switches, and the ingress switches on the expected path are actual The entry switch on the path; then, the expected path set generation module 212 obtains the feature matrix of all switches on each expected path, and obtains the initial label value reported by the entry switch on the actual path; next, the expected path set generation module 212 utilizes The feature matrix of one or more switches on each expected path updates and calculates the initial label value to obtain the corresponding label value of each expected path; then, the expected path set generation module 212 is based on the header information of the probe packet and each The tag value corresponding to the expected path generates a piece of expected path information; thus, the expected path set generating module 212 counts the expected path information corresponding to each expected path, thus forming the expected path set information corresponding to the detection packet.
  • the controller 21 can obtain the characteristic matrix of the switch 11, 12, 13, 14, and obtain the initial label value of the switch 11; since the controller 21 has obtained the characteristic matrix of the switch 11, 12, 13, 14, and the initial tag value of switch 11, then the initial tag value can be multiplied with the feature matrix of switch 11 to obtain a new tag value and then multiplied with the feature matrix of switch 12 to obtain a new tag value and then be used with the feature matrix of switch 13.
  • the controller 21 generates a piece of expected path information according to the header information of the detection packet and the label value corresponding to each expected path, and then counts each The expected path information corresponding to the expected paths respectively can be used to obtain the expected path set information.
  • the path consistency verification module 213 obtains the label value reported by the intermediate switch and the egress switch of the detection packet on the actual path, and the header information of the detection packet; then, the path consistency verification The module 213 determines the actual path forwarded by the detection packet among the switches in the data plane according to the obtained label value, and generates corresponding actual path information according to the obtained label value and header information of the detection packet.
  • the path consistency verification module 213 determines the actual path forwarded by the detection packet among the switches in the data plane according to the obtained label value, and generates corresponding actual path information according to the obtained label value and header information of the detection packet.
  • switches 13, 14 will respectively upload updated tag values and packet header information of probe packets, and controller 21 will receive tag values and packet header information; It is the result of the characteristic matrix of the switch calculated by matrix multiplication, so the characteristic matrix of the switch can be obtained through the reverse matrix operation, so as to know which switch participated in the actual forwarding of the detection packet; and, the label value reported by the egress switch can be used Generate actual path information corresponding to the packet header information.
  • the path consistency verification module 213 in order to realize the path consistency verification of the expected path and the actual path, obtains the packet header information and label value in the expected path set information, and obtains the packet header information and label value in the actual path information ; Then, the path consistency verification module 213 compares the packet header information in the actual path information with the packet header information in the expected path set information, and performs path consistency verification under the condition that the packet header information matches; Next, the path consistency verification module 213 Determine whether there is a tag value identical to the actual path information in the expected path set information, and if so, pass the path consistency verification.
  • each piece of expected path information includes the header information of the probe packet and the corresponding label value
  • the actual path information also includes the header information of the probe packet and the corresponding label value
  • the path consistency verification module 213 can perform path consistency verification on the expected path information and the actual path information based on the header information and the label value.
  • This embodiment discloses a heterogeneous converged network, including a data plane 1 and a control plane 2.
  • the data plane 1 includes a plurality of switches connected topologically, such as switches 11, 12, 13, 14, and 15. , 16, a controller 21 is deployed in the control plane 2 and connected to each switch, and the controller 21 in the control plane 2 is used to control the data forwarding path of each switch in the data plane 1 .
  • the data forwarding process of the probe packet will be described from the perspective of data plane 1.
  • the controller 21 in the control plane 2 can construct a detection packet combining multiple information according to the preset communication protocol, and send the detection packet to the data plane 1, the data plane 1 can receive the detection packet sent by the control plane 2, and The probe packets are forwarded among the switches to form the actual forwarding path.
  • the switch that first forwards the detection packet on the actual path is the ingress switch
  • the switch that forwards the detection packet last on the actual path is the egress switch
  • the remaining switches on the actual path are intermediate switches.
  • the controller 21 sends the detection packet to the switch 11 of the data layer 1, and the switches 11, 12, 13, and 14 of the data layer 1 forward the detection packet, then the switch 11 is an ingress switch, and the switch 14 is an egress switch , the switches 12 and 13 are all intermediate switches.
  • the data plane 1 uses the ingress switch on the actual path to insert the initial label value into the detection packet, and reports the initial label value to the control plane.
  • the initialization tag value may consist of a two-dimensional random vector (v 1 , v 2 ) and a 32-bit modulus p, wherein the two-dimensional random vector may include two 32-bit integers. The initial label value is used in subsequent label update calculations.
  • the data plane 1 uses the intermediate switch and the egress switch on the actual path to update the initial label value of the detection packet.
  • the controller 21 can assign a matrix address to each switch and send it to the corresponding switch, so that each switch can have a unique 2*2 feature matrix (represented by Mi), and the four in the feature matrix Both values are 32-bit integers.
  • the switch Si will perform matrix multiplication between the label value in the detection packet and the characteristic matrix Mi of the switch Si, so as to obtain a new label value to replace the original label value.
  • the modulus in the value, det represents the matrix determinant, (v 2i+1 ,v 2i+2 ), (v 2i-1 ,v 2i ) both represent two-dimensional random vectors, the subscript i represents the serial number of the switch, % represents Modulo operation.
  • the data layer 1 forms corresponding actual forwarding information based on the label value updated by any switch in the intermediate switch and the egress switch on the actual path, and the header information of the detection packet, and reports it to the control layer in the control layer 2.
  • Device 21 the data layer 1 forms corresponding actual forwarding information based on the label value updated by any switch in the intermediate switch and the egress switch on the actual path, and the header information of the detection packet, and reports it to the control layer in the control layer 2.
  • the update process of the tag value is as follows:
  • the intermediate switch For the intermediate switch on the actual path, the intermediate switch performs a matrix multiplication operation on its own characteristic matrix and the initial label value inserted in the detection packet to obtain the first label value.
  • the egress switch For the egress switch on the actual path, the egress switch performs a matrix multiplication operation on its own characteristic matrix and the first label value to obtain the second label value.
  • the modulus calculation (such as Mi%p) is performed on the feature matrix involved in the operation to prevent matrix multiplication overflow, and the first label value and the second label value are updated label values, which need to be compared with The header information together forms the actual forwarding information.
  • the final result of the matrix multiplication can reflect the sequence of the switches that the probe packets actually pass through.
  • an additional modulo operation is added, and the result after the modulus is updated to the label as a new two-dimensional vector. In this way, the matrix can be avoided.
  • Multiplication overflows The value of the modulus p is related to the determinant of the characteristic matrix of the switch, and the value of the modulus will be continuously increased through the multiplication operation of the modulus and the determinant. It is important to note that because the update of the modulus is also a multiplication operation, there is also a risk of modulus overflow. In order to avoid this risk, the determinant size of the switch must be controlled within a reasonable range. As for the determinant The format size can be set according to the requirement.
  • this embodiment discloses a path consistency verification method for a heterogeneous converged network.
  • the heterogeneous converged network here, it includes a data plane 1 and a control plane 2, and the data plane 1 includes multiple switches connected topologically, such as switches 11, 12, 13, 14, 15, 16, and the control plane 2
  • a controller 21 is deployed in and connected to each switch, and the controller 21 in the control plane 2 is used to control the data forwarding path of each switch in the data plane 1 .
  • the method for verifying path consistency includes steps 410-440, which will be described respectively below.
  • Step 410 the controller 21 constructs a detection packet combining multiple information according to a preset communication protocol, and delivers the detection packet to the data plane.
  • step 420 the controller 21 generates corresponding expected path set information according to the multiple expected paths forwarded by the detection packet among several switches in the data plane.
  • step 430 the controller 21 detects the actual path forwarded by the detection packet among the switches in the data plane and generates corresponding actual path information.
  • step 440 the controller 21 judges whether the expected path set information contains expected path information consistent with the actual path information, and if so, passes the path consistency verification between the expected path forwarded by the probe packet and the actual path.
  • step 410 is mainly related to the process of constructing a detection packet, so refer to FIG. 4 , this step 410 may specifically include steps 411-413, which are respectively described as follows.
  • the controller 21 configures packet header information and forwarding rule information of several switches expected to be implemented according to a preset communication protocol.
  • the communication protocol used for constructing the detection packet may adopt the TCP/IP protocol, the NetBEUI protocol or the IPX/SPX protocol.
  • the packet header information of the detection packet can include information such as self-identification mark, entry switch address, protocol type, etc., and the forwarding rule information of the detection packet can be considered as packet body information, and can include the addresses of several switches expected to perform forwarding, such as switch 11, Addresses of 12, 13, and 14 respectively.
  • step 412 the controller 21 uses the packet header information and forwarding rule information to construct a detection packet combining multiple information.
  • the controller 21 sends the detection packet to the data plane 1, and the detection packet is forwarded among the switches in the data plane 1 to form an actual forwarding path.
  • the switch that forwards the detection packet for the first time on the actual path is the ingress switch
  • the switch that forwards the detection packet last on the actual path is the egress switch
  • the rest of the switches on the actual path are intermediate switches; and, the actual path
  • the ingress switch on the path is used to insert the initial label value in the detection packet and report it to the control plane 2
  • the intermediate switch and the egress switch on the actual path are used to update the initial label value of the detection packet, and compare the updated label value with the The header information of the detection packet is reported to the control plane 2 .
  • this step 420 is mainly related to the process of generating the expected path set information, so refer to FIG. 5 , this step 420 may specifically include steps 421-425, which are respectively described as follows.
  • step 421 the controller 21 constructs multiple expected paths according to the forwarding rule information, and each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path. For example, in Fig. 1, if a network path between the host 31 and the host 32 is to be constructed, there are three expected paths, namely switch 11-12-13-14, switch 11-13-14, switch 11-12-14, Wherein the switch 11 is an ingress switch on the desired path.
  • the controller 21 obtains the characteristic matrix of all switches on each expected path, and obtains the initial label value reported by the ingress switch on the actual path. For example, in Figure 1, for three expected paths (respectively switches 11-12-13-14, switches 11-13-14, and switches 11-12-14), the controller 21 can obtain the characteristics of switches 11, 12, 13, and 14 matrix, and obtain the initial label value of switch 11.
  • the controller 21 uses the feature matrix of one or more switches on each expected path to update and calculate the initial label value, so as to obtain the label value corresponding to each expected path. For example, in Fig. 1, since the controller 21 has obtained the feature matrix of the switches 11, 12, 13, 14, and the initial label value of the switch 11, then the initial label value can be multiplied by the feature matrix of the switch 11 to obtain a new label value and then Multiply with the feature matrix of the switch 12 to get a new label value and then multiply it with the feature matrix of the switch 13 to get a new label value and then multiply it with the feature matrix of the switch 14, the final label value is the expected path (switch 11 -12-13-14); then similarly, the desired path (switch 11-13-14) and the label value of the desired path (switch 11-12-14) can be obtained.
  • step 424 the controller 21 generates a piece of expected path information according to the header information of the detection packet and the label value corresponding to each expected path.
  • step 425 the controller 21 collects the expected path information corresponding to each expected path, so as to form the expected path set information corresponding to the detection packet.
  • this step 430 is mainly related to the process of generating actual path information, so refer to FIG. 6 , this step 430 may specifically include steps 431-433, which are respectively described as follows.
  • step 431 the controller 21 obtains the label values reported by the intermediate switch and the egress switch of the detection packet on the actual path, and the header information of the detection packet.
  • the actual forwarding path is the switch 11-13-14
  • the switches 13 and 14 will respectively upload the updated label value and header information of the detection packet, and the controller 21 will receive the label value and header information.
  • step 432 the controller 21 determines the actual path for the detection packet to be forwarded among the switches in the data plane according to the obtained label value.
  • the controller 21 In step 433, the controller 21 generates corresponding actual path information according to the acquired tag value and header information of the detection packet.
  • the controller 21 has received the label value and packet header information. Since the label value is the result of calculating the characteristic matrix of the switch through matrix multiplication, the characteristic matrix of the switch can be obtained through the inverse matrix operation, so as to know which switch Participated in the actual forwarding of the detection packet; and, can use the label value and packet header information reported by the egress switch to generate the corresponding actual path information.
  • this step 440 mainly involves the process of verifying path consistency, so refer to FIG. 7 , this step 440 may specifically include steps 441-443, which are respectively described as follows.
  • the controller 21 obtains the packet header information and label value in the expected path set information, and obtains the packet header information and label value in the actual path information.
  • the expected path set information includes multiple pieces of expected path information
  • each piece of expected path information includes the header information of the probe packet and the corresponding label value
  • the actual path information also includes the header information of the probe packet and the corresponding label value, so the path consistency verification can be performed on the expected path information and the actual path information based on the packet header information and label value.
  • step 442 the controller 21 compares the packet header information in the actual path information with the packet header information in the expected path set information, and performs path consistency verification when the packet header information matches.
  • step 443 the controller 21 judges whether there is a tag value identical to the actual path information in the expected path set information, and if so, passes the path consistency verification.
  • the header information of the detection packet is unique, so the matching judgment of the header information can only be performed when the header information matches.
  • each piece of expected path information includes a corresponding tag value, so the expected path set information includes multiple tag values with different values, as long as there is one tag value If the value is the same as the label value in the actual path information, it indicates that the sequence of switches expected to be forwarded by the same probe packet is consistent with the sequence of switches actually forwarded, and no switch forwarding errors occur, so the path consistency verification has passed.
  • this embodiment discloses a network control device, and the network control device 5 includes a memory 51 and a processor 52 .
  • the memory 51 and the processor 52 are the main components of the network control device 5.
  • the network control device 5 may also include some functional modules connected to the processor 52. For details, refer to the first embodiment above. Let's go into more detail.
  • the memory 51 may be used as a computer-readable storage medium for storing a program here, and the program may be a program code corresponding to the path consistency verification method in Embodiment 4.
  • the processor 52 is connected to the memory 51, and is used to execute the program stored in the memory 51 to implement the path consistency verification method disclosed in the fourth embodiment above. It should be noted that the functions implemented by the processor 52 can refer to the controller 21 in the first embodiment, and no detailed description is given here.
  • the program can also be stored in a storage medium such as a server, another computer, a magnetic disk, an optical disk, a flash disk, or a mobile hard disk, and saved by downloading or copying.
  • a storage medium such as a server, another computer, a magnetic disk, an optical disk, a flash disk, or a mobile hard disk, and saved by downloading or copying.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present application relates to a heterogeneous convergence network, a path consistency verification method therefor, and a storage medium. The heterogeneous convergence network comprises a data plane and a control plane, wherein the control plane constructs an explorer packet according to a preset communication protocol and issues multi-information combined explorer packets to the data plane; the data plane forwards the explorer packet according to an actual path forwarded by each switch and reports actual forwarding information to the control plane; the control plane generates a plurality of pieces of expected path information according to forwarding rule information, and forms the plurality of pieces of expected path information into expected path set information corresponding to the explorer packet; the control plane generates, according to the actual forwarding information, actual path information corresponding to the explorer packet; and the control plane determines whether the expected path set information contains expected path information consistent with the actual path information or not, and if yes, the path consistency of the expected path forwarded by the explorer packet and the actual path are verified.

Description

一种异构融合网络及其路径一致性验证方法、存储介质A heterogeneous fusion network and its path consistency verification method and storage medium 技术领域technical field
本申请涉及网络管理技术领域,具体涉及一种异构融合网络及其路径一致性验证方法、存储介质。The present application relates to the technical field of network management, in particular to a heterogeneous fusion network and its path consistency verification method and storage medium.
背景技术Background technique
软件定义网络(SDN)将网络分为数据平面和控制平面,数据平面中的交换机对数据包进行转发,控制平面中的控制器指导交换机的转发行为。在数据平面和控制平面之间可能会出现不一致的现象,这时就需要对控制平面和数据平面的数据包转发路径进行一致性验证。Software-defined networking (SDN) divides the network into a data plane and a control plane. The switches in the data plane forward data packets, and the controller in the control plane guides the forwarding behavior of the switches. Inconsistencies may occur between the data plane and the control plane, and at this time, it is necessary to perform consistency verification on the data packet forwarding paths of the control plane and the data plane.
对于一个数据包,控制器会对该数据包产生一条期望路径,该数据包在数据平面上经过交换机的转发后会生成一条实际路径,通过对比实际路径和期望路径是否一致来进行路径一致性检测;路径一致性验证能够通过检测数据包的期望路径和数据包的实际转发路径是否一致,来得到控制平面和数据平面是否一致的结论。然而,在支持多协议的SDN网络(即SDN异构融合网络)中,路径一致性问题发生变化,路径检测也变得更加复杂。For a data packet, the controller will generate an expected path for the data packet. After the data packet is forwarded by the switch on the data plane, an actual path will be generated. Path consistency detection is performed by comparing the actual path with the expected path. ; Path consistency verification can obtain the conclusion whether the control plane and the data plane are consistent by detecting whether the expected path of the data packet is consistent with the actual forwarding path of the data packet. However, in an SDN network that supports multiple protocols (i.e., an SDN heterogeneous converged network), the path consistency problem changes, and path detection becomes more complicated.
在SDN异构融合网络中,数据平面可能是由多种类型的交换机构成,不同类型的交换机可能支持不同的协议(例如支持IP协议的交换机、支持ICN协议的交换机、支持Hybrid-ICN协议的交换机);那么在SDN异构融合场景下,数据包转发的实际路径和期望路径之间的路径一致性验证问题将变得非常复杂和难解。然而,现有的路径一致性检测方案均没有针对SDN异构融合网络的应用情形,那么有必要针对多协议SDN场景下的路径一致性问题提出解决方案。In the SDN heterogeneous converged network, the data plane may be composed of various types of switches, and different types of switches may support different protocols (such as switches supporting IP protocol, switches supporting ICN protocol, switches supporting Hybrid-ICN protocol ); then in the SDN heterogeneous integration scenario, the path consistency verification problem between the actual path and the expected path of data packet forwarding will become very complicated and difficult to solve. However, none of the existing path consistency detection schemes is aimed at the application of SDN heterogeneous converged networks, so it is necessary to propose a solution to the path consistency problem in the multi-protocol SDN scenario.
技术问题technical problem
本申请主要解决的技术问题是:如何在SDN异构融合网络中实现路径一致性验证。The technical problem mainly solved by this application is: how to realize path consistency verification in the SDN heterogeneous converged network.
技术解决方案technical solution
为解决上述技术问题,本申请提出一种异构融合网络及其路径一致性验证方法、存储介质。In order to solve the above technical problems, the present application proposes a heterogeneous fusion network and its path consistency verification method and storage medium.
根据第一方面,一种实施例中提供一种异构融合网络,其包括:数据层面,包括拓扑连接的多个交换机,每个交换机能够根据至少一种通信协议进行数据转发;控制层面,与所述数据层面中的交换机进行连接,用于控制所述交换机的数据转发的路径;其中,所述控制层面根据预设的通信协议构造多信息结合的探测包,并向所述数据层面下发所述探测包;所述探测包包括包头信息,和期望执行转发的若干个交换机的转发规则信息;所述数据层面将所述探测包按照各交换机转发的实际路径进行转发,并向所述控制层面上报实际转发信息;所述控制层面根据所述转发规则信息生成多条期望路径信息,且利用所述多条期望路径信息构成所述探测包对应的期望路径集合信息;所述控制层面根据所述实际转发信息生成所述探测包对应的实际路径信息;所述控制层面判断所述期望路径集合信息中是否包含有与所述实际路径信息一致的期望路径信息,若是则通过对所述探测包转发的期望路径和实际路径的路径一致性验证。According to the first aspect, an embodiment provides a heterogeneous converged network, which includes: a data plane, including a plurality of switches connected topologically, and each switch can perform data forwarding according to at least one communication protocol; a control plane, and The switch in the data plane is connected to control the data forwarding path of the switch; wherein, the control plane constructs a multi-information combination detection packet according to a preset communication protocol, and sends it to the data plane The detection packet; the detection packet includes packet header information, and forwarding rule information of several switches that are expected to perform forwarding; the data layer forwards the detection packet according to the actual path forwarded by each switch, and sends to the control The layer reports the actual forwarding information; the control layer generates multiple pieces of expected path information according to the forwarding rule information, and uses the multiple pieces of expected path information to form the expected path set information corresponding to the detection packet; The actual forwarding information generates the actual path information corresponding to the detection packet; the control plane judges whether the expected path set information contains the expected path information consistent with the actual path information, and if so, through the detection packet Path consistency verification of forwarded expected path and actual path.
所述数据层面将所述探测包按照各交换机转发的实际路径进行转发,并向所述控制层面上报实际转发信息,包括:所述数据层面接收被下放的探测包,将所述探测包在各交换机间进行转发并形成转发的实际路径;实际路径上首次转发所述探测包的交换机为入口交换机,实际路径上最后转发所述探测包的交换机为出口交换机,实际路径上其余的交换机为中间交换机;所述数据层面利用实际路径上的入口交换机在所述探测包内插入初始标签值,并向所述控制层面上报所述初始标签值;所述数据层面利用实际路径上的中间交换机和出口交换机对所述探测包的初始标签值进行更新;所述数据层面根据实际路径上的中间交换机和出口交换机中的任一交换机更新的标签值,和所述探测包的包头信息形成对应的实际转发信息并上报给所述控制层面。The data layer forwards the detection packet according to the actual forwarding path of each switch, and reports the actual forwarding information to the control layer, including: the data layer receives the distributed detection packet, and forwards the detection packet in each Forwarding between switches and forming an actual forwarding path; the switch that forwards the detection packet for the first time on the actual path is the ingress switch, the switch that forwards the detection packet last on the actual path is the egress switch, and the remaining switches on the actual path are intermediate switches ; The data plane utilizes an ingress switch on the actual path to insert an initial label value in the detection packet, and reports the initial label value to the control plane; the data plane utilizes an intermediate switch and an egress switch on the actual path The initial label value of the detection packet is updated; the data layer forms corresponding actual forwarding information with the header information of the detection packet according to the label value updated by any switch in the intermediate switch and the egress switch on the actual path and report to the control plane.
所述数据层面利用实际路径上的中间交换机和出口交换机对所述探测包的初始标签值进行更新,包括:对于实际路径上的中间交换机,所述中间交换机将自身的特征矩阵和所述探测包内插入的初始标签值进行矩阵乘法运算,得到第一标签值;对于实际路径上的出口交换机,所述出口交换机将自身的特征矩阵和所述第一标签值进行矩阵乘法运算,得到第二标签值;在所述矩阵乘法运算中,对参与运算的特征矩阵进行取模计算以防止矩阵乘法溢出;所述第一标签值和所述第二标签值均为更新的标签值。The data plane uses the intermediate switch and the egress switch on the actual path to update the initial label value of the detection packet, including: for the intermediate switch on the actual path, the intermediate switch uses its own feature matrix and the detection packet Perform matrix multiplication on the inserted initial label value to obtain the first label value; for the egress switch on the actual path, the egress switch performs matrix multiplication operation on its own characteristic matrix and the first label value to obtain the second label value value; in the matrix multiplication operation, a modulo calculation is performed on the feature matrix involved in the operation to prevent matrix multiplication from overflowing; both the first label value and the second label value are updated label values.
所述控制层面根据所述转发规则信息生成多条期望路径信息,且利用所述多条期望路径信息构成所述探测包对应的期望路径集合信息,包括:所述控制层面根据所述转发规则信息构建多条期望路径;每条期望路径上具有一个或多个交换机,且期望路径上的入口交换机为实际路径上的入口交换机;所述控制层面获取构成各条期望路径上所有交换机的特征矩阵,以及获取实际路径上的入口交换机上报的初始标签值;所述控制层面利用每条期望路径上一个或多个交换机的特征矩阵对所述初始标签值进行更新计算,得到每条期望路径对应的标签值;所述控制层面根据所述探测包的包头信息和每条期望路径对应的标签值生成一条期望路径信息;所述控制层面统计各条期望路径分别对应的期望路径信息,以构成所述探测包对应的期望路径集合信息。The control plane generates multiple pieces of expected path information according to the forwarding rule information, and uses the multiple pieces of expected path information to form the expected path set information corresponding to the detection packet, including: the control plane according to the forwarding rule information Constructing multiple expected paths; each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path; the control plane obtains the feature matrix that constitutes all the switches on each expected path, And obtain the initial label value reported by the ingress switch on the actual path; the control plane uses the characteristic matrix of one or more switches on each expected path to update and calculate the initial label value, and obtain the label corresponding to each expected path value; the control plane generates a piece of expected path information according to the header information of the detection packet and the label value corresponding to each expected path; the control plane counts the expected path information corresponding to each expected path to form the detection The expected path set information corresponding to the package.
所述控制层面还将所述期望路径集合信息存入预设的路径表,并在所述路径表中使用布隆过滤器对各条期望路径分别对应的标签值进行映射存储。The control plane also stores the desired path set information in a preset path table, and uses a Bloom filter in the path table to map and store label values corresponding to each desired path.
所述控制层面根据所述实际转发信息生成所述探测包对应的实际路径信息,包括:所述控制层面获取所述探测包在实际路径上的中间交换机、出口交换机分别上报的标签值,以及获取所述探测包的包头信息;所述控制层面根据获取的标签值确定所述探测包在所述数据层面中各交换机间转发的实际路径,并根据获取的标签值和所述探测包的包头信息生成对应的实际路径信息。The control plane generates the actual path information corresponding to the detection packet according to the actual forwarding information, including: the control plane obtains the label values reported by the intermediate switch and the egress switch on the actual path of the detection packet respectively, and obtains The packet header information of the detection packet; the control plane determines the actual path for the detection packet to be forwarded between switches in the data plane according to the obtained label value, and according to the obtained label value and the packet header information of the detection packet Generate corresponding actual path information.
所述控制层面判断所述期望路径集合信息中是否包含有与所述实际路径信息一致的期望路径信息,包括:所述控制层面获取所述期望路径集合信息中的包头信息和标签值,以及获取实际路径信息中的包头信息和标签值;所述控制层面将所述实际路径信息中的包头信息和所述期望路径集合信息中的包头信息进行比较,在包头信息匹配的情况下进行路径一致性验证;所述控制层面判断所述期望路径集合信息中是否存在与所述实际路径信息相同的标签值,若是则通过路径一致性验证。The control plane determines whether the expected path set information contains the expected path information consistent with the actual path information, including: the control plane acquires the packet header information and label value in the expected path set information, and acquires The packet header information and label value in the actual path information; the control plane compares the packet header information in the actual path information with the packet header information in the expected path set information, and performs path consistency when the packet header information matches Verification: the control plane judges whether there is a tag value identical to the actual path information in the expected path set information, and if so, passes the path consistency verification.
根据第二方面,一种实施例中提供一种异构融合网络,包括数据层面和控制层面,所述数据层面包括拓扑连接的多个交换机,所述控制层面中部署有所述控制器且所述控制器与各交换机连接,所述控制器包括:路径探测生成模块,用于根据预设的通信协议构造探测包,并向所述数据层面下发所述探测包;期望路径集合生成模块,用于根据所述探测包在所述数据层面中若干个交换机间转发的多条期望路径生成对应的期望路径集合信息;路径一致性验证模块,用于探测所述探测包在所述数据层面中各交换机间转发的实际路径并生成对应的实际路径信息;以及,用于判断所述期望路径集合信息中是否包含有与所述实际路径信息一致的期望路径信息,若是则通过对所述探测包转发的期望路径和实际路径的路径一致性验证。According to the second aspect, an embodiment provides a heterogeneous converged network, including a data plane and a control plane, the data plane includes a plurality of switches connected topologically, the controller is deployed in the control plane and the The controller is connected to each switch, and the controller includes: a path detection generation module, configured to construct a detection packet according to a preset communication protocol, and send the detection packet to the data layer; an expected path set generation module, It is used to generate corresponding expected path set information according to multiple expected paths forwarded by the detection packet among several switches in the data plane; a path consistency verification module is used to detect that the detection packet is in the data plane the actual path forwarded between the switches and generate corresponding actual path information; Path consistency verification of forwarded expected path and actual path.
所述路径探测生成模块根据预设的通信协议构造探测包,并向所述数据层面下发所述探测包,包括:所述路径探测生成模块根据预设的通信协议配置包头信息和期望执行的若干个交换机的转发规则,利用所述包头信息和所述转发规则信息构造多信息结合的探测包;所述路径探测生成模块将所述探测包下发至所述数据层面,所述探测包在所述数据层面中的各交换机间进行转发并形成转发的实际路径;实际路径上首次转发所述探测包的交换机为入口交换机,实际路径上最后转发所述探测包的交换机为出口交换机,实际路径上其余的交换机为中间交换机;实际路径上的入口交换机用于在所述探测包内插入初始标签值并上报给所述控制层面,实际路径上的中间交换机和出口交换机用于对所述探测包的初始标签进行更新,并将更新的标签值和所述探测包的包头信息上报给所述控制层面。The path detection generation module constructs a detection packet according to a preset communication protocol, and sends the detection packet to the data layer, including: the path detection generation module configures header information and expected execution according to a preset communication protocol The forwarding rules of several switches use the packet header information and the forwarding rule information to construct a detection packet combining multiple information; the path detection generation module sends the detection packet to the data plane, and the detection packet is in the Each switch in the data layer forwards and forms an actual forwarding path; the switch that forwards the detection packet for the first time on the actual path is an ingress switch, and the switch that forwards the detection packet last on the actual path is an egress switch, and the actual path The remaining switches on the actual path are intermediate switches; the ingress switch on the actual path is used to insert the initial label value in the detection packet and report it to the control plane, and the intermediate switch and the egress switch on the actual path are used to update the initial label, and report the updated label value and the header information of the detection packet to the control plane.
所述期望路径集合生成模块根据所述探测包在所述数据层面中若干个交换机间转发的多条期望路径生成对应的期望路径集合信息,包括:所述期望路径集合生成模块根据所述转发规则信息构建多条期望路径;每条期望路径上具有一个或多个交换机,且期望路径上的入口交换机为实际路径上的入口交换机;所述期望路径集合生成模块获取各条期望路径上所有交换机的特征矩阵,以及获取实际路径上的入口交换机上报的初始标签值;所述期望路径集合生成模块利用每条期望路径的上的一个或多个交换机的特征矩阵对所述初始标签值进行更新计算,得到每条期望路径对应的标签值;所述期望路径集合生成模块根据所述探测包的包头信息和每条期望路径对应的标签值生成一条期望路径信息;所述期望路径集合生成模块统计各条期望路径分别对应的期望路径信息,以构成所述探测包对应的期望路径集合信息。The expected path set generation module generates corresponding expected path set information according to multiple expected paths forwarded by the detection packet among several switches in the data plane, including: the expected path set generation module according to the forwarding rule The information constructs multiple expected paths; each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path; the expected path set generation module obtains all switches on each expected path feature matrix, and obtain the initial tag value reported by the ingress switch on the actual path; the expected path set generation module uses the feature matrix of one or more switches on each expected path to update and calculate the initial tag value, Obtain the tag value corresponding to each expected path; the expected path set generation module generates an expected path information according to the header information of the probe packet and the tag value corresponding to each expected path; the expected path set generation module counts each Expected path information corresponding to the expected paths respectively to form expected path set information corresponding to the detection packet.
所述路径一致性验证模块探测所述探测包在所述数据层面中各交换机间转发的实际路径并生成对应的实际路径信息,包括:所述路径一致性验证模块获取所述探测包在实际路径上的中间交换机、出口交换机分别上报的标签值,以及所述探测包的包头信息;所述路径一致性验证模块根据获取的标签值确定所述探测包在所述数据层面中各交换机间转发的实际路径,并根据获取的标签值和所述探测包的包头信息生成对应的实际路径信息。The path consistency verification module detects the actual path forwarded by the detection packet between the switches in the data layer and generates corresponding actual path information, including: the path consistency verification module obtains the detection packet on the actual path The label values reported by the intermediate switch and the egress switch on the network respectively, and the header information of the detection packet; the path consistency verification module determines the forwarding of the detection packet between the switches in the data plane according to the obtained label value the actual path, and generate corresponding actual path information according to the obtained label value and the header information of the detection packet.
所述路径一致性验证模块判断所述期望路径集合信息中是否包含有与所述实际路径信息一致的期望路径信息,若是则通过对所述探测包转发的期望路径和实际路径的路径一致性验证,包括:所述路径一致性验证模块获取所述期望路径集合信息中的包头信息和标签值,以及获取实际路径信息中的包头信息和标签值;所述路径一致性验证模块将所述实际路径信息中的包头信息和所述期望路径集合信息中的包头信息进行比较,在包头信息匹配的情况下进行路径一致性验证;所述路径一致性验证模块判断所述期望路径集合信息中是否存在与所述实际路径信息相同的标签值,若是则通过路径一致性验证。The path consistency verification module judges whether the expected path set information contains the expected path information consistent with the actual path information, and if so, passes the path consistency verification of the expected path forwarded by the probe packet and the actual path , including: the path consistency verification module obtains the packet header information and label value in the expected path set information, and obtains the packet header information and label value in the actual path information; the path consistency verification module obtains the actual path The packet header information in the information is compared with the packet header information in the expected path set information, and path consistency verification is performed when the packet header information matches; If the tag value of the actual path information is the same, it passes the path consistency verification.
根据第三方面,一种实施例中提供一种异构融合网络,包括数据层面和控制层面,所述数据层面包括拓扑连接的多个交换机,所述控制层面与所述数据层面中的交换机进行连接且用于控制每个所述交换机的数据转发的路径,所述数据层面能够接收所述控制层面下放的探测包,并将所述探测包在各交换机间进行转发以形成转发的实际路径;实际路径上首次转发所述探测包的交换机为入口交换机,实际路径上最后转发所述探测包的交换机为出口交换机,实际路径上其余的交换机为中间交换机;所述数据层面利用实际路径上的入口交换机在所述探测包内插入初始标签值,并向所述控制层面上报所述初始标签值;所述数据层面利用实际路径上的中间交换机和出口交换机对所述探测包的初始标签值进行更新;所述数据层面根据实际路径上的中间交换机和出口交换机中的任一交换机更新的标签值,和所述探测包的包头信息形成对应的实际转发信息并上报给所述控制层面。According to the third aspect, an embodiment provides a heterogeneous converged network, including a data plane and a control plane, the data plane includes a plurality of switches connected topologically, and the control plane communicates with the switches in the data plane connected and used to control the data forwarding path of each of the switches, the data plane can receive the detection packets distributed by the control plane, and forward the detection packets among the switches to form an actual forwarding path; The switch that forwards the detection packet for the first time on the actual path is the ingress switch, the switch that forwards the detection packet last on the actual path is the egress switch, and the rest of the switches on the actual path are intermediate switches; The switch inserts an initial label value into the detection packet, and reports the initial label value to the control plane; the data plane uses the intermediate switch and the egress switch on the actual path to update the initial label value of the detection packet ; The data layer forms corresponding actual forwarding information based on the label value updated by any switch in the intermediate switch and the egress switch on the actual path, and the header information of the detection packet, and reports it to the control layer.
所述数据层面利用实际路径上的中间交换机和出口交换机对所述探测包的初始标签值进行更新,包括:对于实际路径上的中间交换机,所述中间交换机将自身的特征矩阵和所述探测包内插入的初始标签值进行矩阵乘法运算,得到第一标签值;对于实际路径上的出口交换机,所述出口交换机将自身的特征矩阵和所述第一标签值进行矩阵乘法运算,得到第二标签值;在所述矩阵乘法运算中,对参与运算的特征矩阵进行取模计算以防止矩阵乘法溢出;所述第一标签值和所述第二标签值均为更新的标签值。The data plane uses the intermediate switch and the egress switch on the actual path to update the initial label value of the detection packet, including: for the intermediate switch on the actual path, the intermediate switch uses its own feature matrix and the detection packet Perform matrix multiplication on the inserted initial label value to obtain the first label value; for the egress switch on the actual path, the egress switch performs matrix multiplication operation on its own characteristic matrix and the first label value to obtain the second label value value; in the matrix multiplication operation, a modulo calculation is performed on the feature matrix involved in the operation to prevent matrix multiplication from overflowing; both the first label value and the second label value are updated label values.
根据第四方面,一种实施例中提供一种用于异构融合网络的路径一致性验证方法 ,所述异构融合网络包括数据层面和控制层面,所述数据层面包括拓扑连接的多个交换机,所述控制层面用于控制每个交换机的数据转发的路径,所述路径一致性验证方法包括:根据预设的通信协议构造探测包,并向所述数据层面下发所述探测包;根据所述探测包在所述数据层面中若干个交换机间转发的多条期望路径生成对应的期望路径集合信息;探测所述探测包在所述数据层面中各交换机间转发的实际路径并生成对应的实际路径信息;判断所述期望路径集合信息中是否包含有与所述实际路径信息一致的期望路径信息,若是则通过对所述探测包转发的期望路径和实际路径的路径一致性验证。According to the fourth aspect, an embodiment provides a path consistency verification method for a heterogeneous converged network, the heterogeneous converged network includes a data plane and a control plane, and the data plane includes a plurality of switches connected topologically , the control plane is used to control the data forwarding path of each switch, and the path consistency verification method includes: constructing a detection packet according to a preset communication protocol, and sending the detection packet to the data plane; according to The plurality of expected paths forwarded by the detection packets among several switches in the data plane generate corresponding expected path set information; detect the actual paths forwarded by the probe packets among the switches in the data plane and generate corresponding Actual path information: judging whether the expected path set information contains expected path information consistent with the actual path information, and if so, verifying the path consistency between the expected path forwarded by the probe packet and the actual path.
所述根据预设的通信协议构造探测包,并向所述数据层面下发所述探测包,根据所述探测包在所述数据层面中若干个交换机间转发的多条期望路径生成对应的期望路径集合信息,包括:根据预设的通信协议配置包头信息和期望执行的若干个交换机的转发规则,利用所述包头信息和所述转发规则信息构造多信息结合的探测包;将所述探测包下发至所述数据层面,所述探测包在所述数据层面中的各交换机间进行转发并形成转发的实际路径;实际路径上首次转发所述探测包的交换机为入口交换机,实际路径上最后转发所述探测包的交换机为出口交换机,实际路径上其余的交换机为中间交换机;实际路径上的入口交换机用于在所述探测包内插入初始标签值并上报给所述控制层面,实际路径上的中间交换机和出口交换机用于对所述探测包的初始标签进行更新,并将更新的标签值和所述探测包的包头信息上报给所述控制层面;根据所述转发规则信息构建多条期望路径;每条期望路径上具有一个或多个交换机,且期望路径上的入口交换机为实际路径上的入口交换机;获取各条期望路径上所有交换机的特征矩阵,以及获取实际路径上的入口交换机上报的初始标签值;利用每条期望路径的上的一个或多个交换机的特征矩阵对所述初始标签值进行更新计算,得到每条期望路径对应的标签值;根据所述探测包的包头信息和每条期望路径对应的标签值生成一条期望路径信息;统计各条期望路径分别对应的期望路径信息,以构成所述探测包对应的期望路径集合信息。Constructing a detection packet according to a preset communication protocol, sending the detection packet to the data plane, and generating corresponding expected Path aggregation information, including: configuring packet header information and forwarding rules of several switches expected to be executed according to a preset communication protocol, using the packet header information and the forwarding rule information to construct a detection packet combining multiple information; Issued to the data plane, the detection packet is forwarded among the switches in the data plane to form an actual path for forwarding; the switch that forwards the detection packet for the first time on the actual path is the ingress switch, and the last switch on the actual path The switch that forwards the detection packet is an egress switch, and the rest of the switches on the actual path are intermediate switches; the ingress switch on the actual path is used to insert an initial label value into the detection packet and report it to the control plane. The intermediate switch and the egress switch are used to update the initial label of the detection packet, and report the updated label value and the header information of the detection packet to the control plane; path; each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path; obtain the feature matrix of all switches on each expected path, and obtain the report of the ingress switch on the actual path The initial label value of each expected path; the characteristic matrix of one or more switches on each expected path is used to update and calculate the initial label value to obtain the corresponding label value of each expected path; according to the header information of the detection packet and The label value corresponding to each expected path generates a piece of expected path information; the expected path information corresponding to each expected path is counted to form the expected path set information corresponding to the detection packet.
所述根据所述实际转发信息生成所述探测包对应的实际路径信息,包括:获取所述探测包在实际路径上的中间交换机、出口交换机分别上报的标签值,以及所述探测包的包头信息;根据获取的标签值确定所述探测包在所述数据层面中各交换机间转发的实际路径,并根据获取的标签值和所述探测包的包头信息生成对应的实际路径信息。The generating the actual path information corresponding to the detection packet according to the actual forwarding information includes: obtaining the label values reported by the intermediate switch and the egress switch of the detection packet on the actual path, and the header information of the detection packet ; Determine the actual path forwarded by the detection packet among the switches in the data plane according to the obtained label value, and generate corresponding actual path information according to the obtained label value and the header information of the detection packet.
所述判断所述期望路径集合信息中是否包含有与所述实际路径信息一致的期望路径信息,包括:获取所述期望路径集合信息中的包头信息和标签值,以及获取实际路径信息中的包头信息和标签值;将所述实际路径信息中的包头信息和所述期望路径集合信息中的包头信息进行比较,在包头信息匹配的情况下进行路径一致性验证;判断所述期望路径集合信息中是否存在与所述实际路径信息相同的标签值,若是则通过路径一致性验证。The judging whether the expected path set information contains the expected path information consistent with the actual path information includes: obtaining the packet header information and label value in the expected path set information, and obtaining the packet header in the actual path information information and tag values; compare the header information in the actual path information with the header information in the expected path set information, and perform path consistency verification under the condition that the header information matches; judge the expected path set information Whether there is a tag value identical to the actual path information, and if so, pass the path consistency verification.
根据第五方面,一种实施例中提供一种算机可读存储介质,所述介质上存储有程序,所述程序能够被处理器执行以实现上述第四方面中所述的路径一致性验证方法。According to the fifth aspect, an embodiment provides a computer-readable storage medium, on which a program is stored, and the program can be executed by a processor to implement the path consistency verification described in the fourth aspect above method.
有益效果Beneficial effect
本申请的有益效果是:The beneficial effect of this application is:
依据上述实施例的一种异构融合网络及其路径一致性验证方法、存储介质,其中异构融合网络包括数据层面和控制层面,控制层面根据预设的通信协议构造探测包并向数据层面下发探测包;数据层面将探测包按照各交换机转发的实际路径进行转发并向控制层面上报实际转发信息;控制层面根据转发规则信息生成多条期望路径信息,且利用多条期望路径信息构成探测包对应的期望路径集合信息;控制层面根据实际转发信息生成探测包对应的实际路径信息;控制层面判断期望路径集合信息中是否包含有与实际路径信息一致的期望路径信息,若是则通过对探测包转发的期望路径和实际路径的路径一致性验证。第一点,技术方案提出了基于标签和主动探测的广义路径一致性验证方案,用来对异构融合网络中控制层面上的期望路径和数据平面上的数据包实际转发路径之间的一致性进行验证;第二点,技术方案采用主动探测机制针对特定的交换机转发路径发送探测包,交换机接收到探测包之后会往数据包的包头插入标签信息,通过挖掘标签信息中压缩的路径信息,控制层面就可以验证数据包所经过的实际路径是否和期望路径一致;第三点,技术方案实质上是将广义路径一致性问题建模成期望路径集合和能够使得路径一致性验证通过的实际路径集合之间的满射模型,数据包的实际转发路径并不需要严格等于控制器的期望路径,只要数据包的实际转发路径在协议语义上与控制器的期望路径保持一致就能够通过路径一致性验证,从而提高验证效率;第四点,技术方案中的标签更新过程是由数据平面上的多协议交换机来实现,能够适用于多种协议场景,如果未来需要将广义路径一致性验证方案适应于新型网络协议证,多协议交换机的标签更新模块和控制器的路径一致性验证模块不需要做更改,只需对控制器的路径探测模块和期望路径集合生成模块进行增量修改即可,从而提高了路径一致性验证方案在异构融合网络中的迁移适应能力。A heterogeneous converged network and its path consistency verification method and storage medium according to the above-mentioned embodiments, wherein the heterogeneous converged network includes a data plane and a control plane, and the control plane constructs a detection packet according to a preset communication protocol and downloads it to the data plane. Send the detection packet; the data layer forwards the detection packet according to the actual path forwarded by each switch and reports the actual forwarding information to the control layer; the control layer generates multiple expected path information according to the forwarding rule information, and uses multiple expected path information to form a detection packet The corresponding expected path set information; the control layer generates the actual path information corresponding to the detection packet according to the actual forwarding information; the control layer judges whether the expected path set information contains the expected path information consistent with the actual path information, and if so, forwards the detection packet The path consistency verification of the expected path and the actual path. First, the technical solution proposes a generalized path consistency verification scheme based on labels and active detection, which is used to verify the consistency between the expected path on the control plane and the actual forwarding path of data packets on the data plane in the heterogeneous converged network The second point is that the technical solution uses an active detection mechanism to send a detection packet for a specific switch forwarding path. After receiving the detection packet, the switch will insert label information into the packet header of the data packet. By mining the path information compressed in the label information, the control level can verify whether the actual path that the data packet passes is consistent with the expected path; the third point, the technical solution essentially models the generalized path consistency problem as a set of expected paths and a set of actual paths that can pass the path consistency verification In the surjective model between , the actual forwarding path of the data packet does not need to be strictly equal to the expected path of the controller, as long as the actual forwarding path of the data packet is consistent with the expected path of the controller in terms of protocol semantics, it can pass the path consistency verification , so as to improve the verification efficiency; the fourth point, the label update process in the technical solution is realized by the multi-protocol switch on the data plane, which can be applied to various protocol scenarios. If the generalized path consistency verification scheme needs to be adapted to the new The network protocol certificate, the label update module of the multi-protocol switch and the path consistency verification module of the controller do not need to be changed, only the path detection module of the controller and the expected path set generation module need to be incrementally modified, thereby improving the Migration Adaptability of Path Consistency Verification Scheme in Heterogeneous Converged Networks.
附图说明Description of drawings
图1为本申请一种实施例中异构融合网络的结构图;FIG. 1 is a structural diagram of a heterogeneous fusion network in an embodiment of the present application;
图2为本申请一种实施例中控制器的结构图;FIG. 2 is a structural diagram of a controller in an embodiment of the present application;
图3为本申请一种实施例中路径一致性验证方法的流程图;FIG. 3 is a flowchart of a path consistency verification method in an embodiment of the present application;
图4为构造探测包的流程图;Fig. 4 is the flowchart of constructing detection bag;
图5为生成期望路径集合信息的流程图;Fig. 5 is the flow chart that generates expected route set information;
图6为生成实际路径信息的流程图;Fig. 6 is the flowchart of generating actual path information;
图7为进行路径一致性验证的流程图;FIG. 7 is a flow chart of performing path consistency verification;
图8为本申请一种实施例中网络控制装置的结构图。FIG. 8 is a structural diagram of a network control device in an embodiment of the present application.
本发明的实施方式Embodiments of the present invention
下面通过具体实施方式结合附图对本申请作进一步详细说明。其中不同实施方式中类似元件采用了相关联的类似的元件标号。在以下的实施方式中,很多细节描述是为了使得本申请能被更好的理解。然而,本领域技术人员可以毫不费力的认识到,其中部分特征在不同情况下是可以省略的,或者可以由其他元件、材料、方法所替代。在某些情况下,本申请相关的一些操作并没有在说明书中显示或者描述,这是为了避免本申请的核心部分被过多的描述所淹没,而对于本领域技术人员而言,详细描述这些相关操作并不是必要的,他们根据说明书中的描述以及本领域的一般技术知识即可完整了解相关操作。The present application will be described in further detail below through specific embodiments in conjunction with the accompanying drawings. Wherein, similar elements in different implementations adopt associated similar element numbers. In the following implementation manners, many details are described for better understanding of the present application. However, those skilled in the art can readily recognize that some of the features can be omitted in different situations, or can be replaced by other elements, materials, and methods. In some cases, some operations related to the application are not shown or described in the description, this is to avoid the core part of the application being overwhelmed by too many descriptions, and for those skilled in the art, it is necessary to describe these operations in detail Relevant operations are not necessary, and they can fully understand the relevant operations according to the description in the specification and general technical knowledge in the field.
另外,说明书中所描述的特点、操作或者特征可以以任意适当的方式结合形成各种实施方式。同时,方法描述中的各步骤或者动作也可以按照本领域技术人员所能显而易见的方式进行顺序调换或调整。因此,说明书和附图中的各种顺序只是为了清楚描述某一个实施例,并不意味着是必须的顺序,除非另有说明其中某个顺序是必须遵循的。In addition, the characteristics, operations or characteristics described in the specification can be combined in any appropriate manner to form various embodiments. At the same time, the steps or actions in the method description can also be exchanged or adjusted in a manner obvious to those skilled in the art. Therefore, the various sequences in the specification and drawings are only for clearly describing a certain embodiment, and do not mean a necessary sequence, unless otherwise stated that a certain sequence must be followed.
本文中为部件所编序号本身,例如“第一”、“第二”等,仅用于区分所描述的对象,不具有任何顺序或技术含义。而本申请所说“连接”、“联接”,如无特别说明,均包括直接和间接连接(联接)。The serial numbers assigned to components in this document, such as "first", "second", etc., are only used to distinguish the described objects, and do not have any sequence or technical meaning. The "connection" and "connection" mentioned in this application include direct and indirect connection (connection) unless otherwise specified.
如果将软件定义网络(SDN)的路径一致性验证问题分为严格路径一致性和广义路径一致性,可认为在支持多协议的异构融合网络中的路径一致性验证问题属于广义路径一致性问题,那么本申请技术方案就针对广义路径一致性验证问题提出了一种基于标签和主动探测机制的广义路径一致性验证方案。If the path consistency verification problem of software-defined network (SDN) is divided into strict path consistency and generalized path consistency, it can be considered that the path consistency verification problem in the multi-protocol heterogeneous converged network belongs to the generalized path consistency problem , then the technical solution of this application proposes a generalized path consistency verification scheme based on tags and active detection mechanisms for the generalized path consistency verification problem.
实施例一、Embodiment one,
请参考图1,本实施例中公开一种异构融合网络,主要包括数据层面1和控制层面2,下面分别说明。Please refer to FIG. 1. In this embodiment, a heterogeneous converged network is disclosed, which mainly includes a data plane 1 and a control plane 2, which will be described separately below.
数据层面1包括拓扑连接的多个交换机,如交换机11、12、13、14、15、16,交换机11分别与交换机12、13通信连接,交换机12分别与交换机13、14通信连接,交换机13分别与交换机14、15、16通信连接;并且,每个交换机能够根据至少一种通信协议进行数据转发,即每个交换机具有多协议的数据转发功能,也可称之为多协议交换机;这里的通信协议包括但不限于TCP/IP协议、NetBEUI协议、IPX/SPX协议。The data layer 1 includes a plurality of switches connected topologically, such as switches 11, 12, 13, 14, 15, and 16. The switch 11 is connected to the switches 12 and 13 respectively, and the switch 12 is connected to the switches 13 and 14 respectively. Communicatively connected with switches 14, 15, and 16; and, each switch can perform data forwarding according to at least one communication protocol, that is, each switch has a multi-protocol data forwarding function, and can also be called a multi-protocol switch; the communication here Protocols include but are not limited to TCP/IP protocol, NetBEUI protocol, IPX/SPX protocol.
控制层面2与数据层面1中的交换机进行连接,用于控制各个交换机的数据转发的路径。比如,控制层面2可以包括至少一个控制器21,控制器21分别与交换机11、12、13、14、15、16通信连接,控制器21能够向各交换机发送控制信息,也能够接收各交换机反馈的上报信息,从而实现对各个交换机的数据转发路径的控制。The control plane 2 is connected to the switches in the data plane 1, and is used to control the data forwarding path of each switch. For example, the control plane 2 may include at least one controller 21, and the controller 21 is respectively connected to the switches 11, 12, 13, 14, 15, and 16 in communication. The controller 21 can send control information to each switch, and can also receive feedback from each switch. report information, so as to realize the control of the data forwarding path of each switch.
需要说明的是,数据层面1中的各交换机目的是提供不同主机之间的网络通路,比如对于图1中的主机31、32、33、34,主机31与交换机11通信连接,主机32与交换机14通信连接,主机33与交换机15通信连接,主机34与交换机16通信连接,各个主机依靠各个交换机实现网络的互连互通。It should be noted that the purpose of each switch in the data layer 1 is to provide network access between different hosts, for example, for the hosts 31, 32, 33, and 34 in Figure 1, the host 31 communicates with the switch 11, and the host 32 communicates with the switch 14 communication connection, the host 33 is connected to the switch 15, the host 34 is connected to the switch 16, and each host relies on each switch to realize the interconnection and intercommunication of the network.
在本实施例中,控制层面2控制数据层面1中各个交换机的数据转发路径的过程可以描述如下:In this embodiment, the process of the control plane 2 controlling the data forwarding path of each switch in the data plane 1 can be described as follows:
(1)第一处理环节,控制层面2根据预设的通信协议构造多信息结合的探测包,并向数据层面下发探测包。构造探测包所使用的通信协议可以采用TCP/IP协议,并且,探测包应当包括包头信息和期望执行转发的若干个交换机的转发规则信息,其中包头信息可以包括自身识别标记、入口交换机地址、协议类型等信息,转发规则信息可被认为是包体信息,可以包括期望执行转发的几个交换机的地址(如交换机11、12、13、14分别的地址)。可以理解,探测包的作用就是对数据层面1中各交换机的数据转发路径进行探测。(1) In the first processing link, the control layer 2 constructs a detection packet combining multiple information according to the preset communication protocol, and sends the detection packet to the data layer. The communication protocol used to construct the detection packet can adopt the TCP/IP protocol, and the detection packet should include packet header information and forwarding rule information of several switches expected to perform forwarding, wherein the packet header information can include its own identification mark, ingress switch address, protocol Type and other information, forwarding rule information can be considered as packet body information, and can include addresses of several switches expected to perform forwarding (such as the respective addresses of switches 11, 12, 13, and 14). It can be understood that the function of the detection packet is to detect the data forwarding paths of the switches in the data plane 1 .
(2)第二处理环节,控制层面2将探测包下发到数据层面1之后,数据层面1将作出反应,数据层面1将探测包按照各交换机转发的实际路径进行转发,并向控制层面上报实际转发信息。可以理解,探测包内虽然包含有期望执行转发的若干个交换机的转发规则信息,然而实际的数据转发过程中可能存在某个交换机转发出错的情况,这就会造成转发的实际路径可能与期望路径不一致的情况发生,这就有必要使得实际参与转发的各交换机对探测包的实际转发路径进行信息记录,从而生成实际转发信息。(2) In the second processing link, after the control layer 2 sends the detection packet to the data layer 1, the data layer 1 will respond, and the data layer 1 will forward the detection packet according to the actual path forwarded by each switch, and report to the control layer to actually forward the information. It can be understood that although the detection packet contains the forwarding rule information of several switches that are expected to perform forwarding, there may be a case where a switch forwards incorrectly during the actual data forwarding process, which will cause the actual forwarding path to be different from the expected path. When the inconsistency occurs, it is necessary to make each switch that actually participates in the forwarding record the actual forwarding path of the detection packet, so as to generate the actual forwarding information.
(3)第三处理环节,控制层面2根据转发规则信息生成多条期望路径信息,且利用多条期望路径信息构成探测包对应的期望路径集合信息。参见图1,如果控制器21期望通过交换机11、12、13、14构建起主机31和主机32之间的网络通路,可生成的期望路径信息有交换机11—12—13—14,也有交换机11—13—14,还有交换机11—12—14,那么这些期望路径信息可构成探测包对应的期望路径集合信息,比如将期望路径集合信息记为Q。(3) In the third processing link, the control plane 2 generates multiple pieces of expected path information according to the forwarding rule information, and uses the multiple pieces of expected path information to form the expected path set information corresponding to the detection packet. Referring to FIG. 1, if the controller 21 expects to build a network path between the host 31 and the host 32 through the switches 11, 12, 13, and 14, the expected path information that can be generated includes switches 11-12-13-14, and switches 11 -13-14, and a switch 11-12-14, then these expected path information can constitute the expected path set information corresponding to the detection packet, for example, the expected path set information is recorded as Q.
(4)第四处理环节,控制层面2根据实际转发信息生成探测包对应的实际路径信息。参见图1,控制器21将探测包下发到入口的交换机11之后,探测包开始在数据层面1内被执行数据转发,如果记录探测包实际转发路径的是交换机11-13-14,那么这就可以生成探测包对应的实际路径信息,比如可以将实际路径信息记为s。(4) In the fourth processing link, the control plane 2 generates actual path information corresponding to the detection packet according to the actual forwarding information. Referring to FIG. 1, after the controller 21 sends the detection packet to the ingress switch 11, the detection packet starts to be forwarded in the data layer 1. If the actual forwarding path of the detection packet is recorded by the switch 11-13-14, then this The actual path information corresponding to the detection packet can be generated, for example, the actual path information can be recorded as s.
(5)第五处理环节,控制层面2判断期望路径集合信息中是否包含有与实际路径信息一致的期望路径信息,若是则通过对探测包转发的期望路径和实际路径的路径一致性验证。可以理解,控制层面2中就是判断期望路径集合信息Q中是否包含有实际路径信息s,只有在包含实际路径信息的情况下才通过路径一致性验证。(5) In the fifth processing link, the control plane 2 judges whether the expected path set information contains the expected path information consistent with the actual path information, and if so, passes the path consistency verification of the expected path forwarded by the probe packet and the actual path. It can be understood that the control plane 2 is to judge whether the expected path set information Q contains the actual path information s, and pass the path consistency verification only when the actual path information is included.
在本实施例中,对于上面的第二处理环节,数据层面1按照各交换机转发的实际路径对探测包进行转发的过程包括:In this embodiment, for the above second processing link, the process of forwarding the detection packet according to the actual path forwarded by each switch at the data plane 1 includes:
1)数据层面1接收被下放的探测包,将探测包在各交换机间进行转发并形成转发的实际路径,为了便于理解实际转发过程,可将实际路径上首次转发探测包的交换机为入口交换机,实际路径上最后转发探测包的交换机为出口交换机,实际路径上其余的交换机为中间交换机。比如图1,控制器21将探测包下发到数据层面1的交换机11,数据层面1的交换机11、12、13、14对探测包进行转发,则交换机11为入口交换机,交换机14为出口交换机,交换机12、13均为中间交换机。1) The data layer 1 receives the detection packets that are distributed, and forwards the detection packets between switches to form the actual forwarding path. In order to facilitate the understanding of the actual forwarding process, the switch that forwards the detection packet on the actual path for the first time can be regarded as the ingress switch. The switch that forwards the detection packet last on the actual path is the egress switch, and the remaining switches on the actual path are intermediate switches. For example, in Figure 1, the controller 21 sends the detection packet to the switch 11 of the data layer 1, and the switches 11, 12, 13, and 14 of the data layer 1 forward the detection packet, then the switch 11 is an ingress switch, and the switch 14 is an egress switch , the switches 12 and 13 are all intermediate switches.
2)数据层面1利用实际路径上的入口交换机在探测包内插入初始标签值,并向控制层面上报初始标签值。2) The data plane 1 uses the ingress switch on the actual path to insert the initial label value into the detection packet, and reports the initial label value to the control plane.
在一个具体实施例中,初始化标签值可由一个二维随机向量(v 1,v 2)和一个32位的模数p组成的,其中二维随机向量可包含两个32位的整数。初始标签值用于后续的标签更新计算。 In a specific embodiment, the initialization tag value may consist of a two-dimensional random vector (v 1 , v 2 ) and a 32-bit modulus p, wherein the two-dimensional random vector may include two 32-bit integers. The initial label value is used in subsequent label update calculations.
3)数据层面1利用实际路径上的中间交换机和出口交换机对探测包的初始标签值进行更新,具体执行标签更新算法的可以是交换机中的标签更新模块111。3) Data layer 1 updates the initial label value of the detection packet by using the intermediate switch and the egress switch on the actual path, and the label update module 111 in the switch may specifically execute the label update algorithm.
在一个具体实施例中,控制器21可为每个交换机分配一个矩阵地址并下发到对应的交换机,这样每个交换机都可拥有一个唯一的2*2的特征矩阵(用Mi表示),并且特征矩阵中的四个数值都是32位的整数。探测包每经过一个交换机(用Si表示),该交换机Si都会将探测包中的标签值与该交换机Si的特征矩阵Mi就进行矩阵乘法的运算,从而得到新的标签值以代替原标签值。In a specific embodiment, the controller 21 can assign a matrix address to each switch and send it to the corresponding switch, so that each switch can have a unique 2*2 characteristic matrix (indicated by Mi), and The four values in the feature matrix are all 32-bit integers. Every time the detection packet passes through a switch (indicated by Si), the switch Si will perform matrix multiplication between the label value in the detection packet and the characteristic matrix Mi of the switch Si, so as to obtain a new label value to replace the original label value.
比如,标签值的更新过程参考下面公式For example, the update process of the tag value refers to the following formula
p=p*det(Mi);p=p*det(Mi);
(v 2i+1,v 2i+2)=(v 2i-1,v 2i)*Mi%p。 (v 2i+1 ,v 2i+2 )=(v 2i-1 ,v 2i )*Mi%p.
其中,p为标签值中的模数,det表示矩阵行列式,(v 2i+1,v 2i+2)、(v 2i-1,v 2i)均表示二维随机向量,下标i表示交换机的序号,%表示求模运算。 Among them, p is the modulus in the label value, det represents the matrix determinant, (v 2i+1 , v 2i+2 ), (v 2i-1 , v 2i ) both represent two-dimensional random vectors, and the subscript i represents the switch The serial number, % means modulo operation.
在一个具体实施例中,中间交换机和出口交换机中的标签更新模块111标签值的更新过程如下:a)对于实际路径上的中间交换机,中间交换机将自身的特征矩阵和探测包内插入的初始标签值进行矩阵乘法运算,得到第一标签值;b)对于实际路径上的出口交换机,出口交换机将自身的特征矩阵和第一标签值进行矩阵乘法运算,得到第二标签值;c)在矩阵乘法运算中,对参与运算的特征矩阵进行取模计算(如Mi%p)以防止矩阵乘法溢出,并且第一标签值和第二标签值均为更新的标签值,都需要与包头信息一起形成实际转发信息。In a specific embodiment, the update process of the label value of the label update module 111 in the intermediate switch and the egress switch is as follows: a) For the intermediate switch on the actual path, the intermediate switch uses its own characteristic matrix and the initial label inserted in the detection packet Values are matrix multiplied to obtain the first label value; b) For the egress switch on the actual path, the egress switch performs a matrix multiplication operation on its own characteristic matrix and the first label value to obtain the second label value; c) In the matrix multiplication During the operation, a modulo calculation (such as Mi%p) is performed on the feature matrix involved in the operation to prevent matrix multiplication overflow, and both the first tag value and the second tag value are updated tag values, which need to be combined with the header information to form the actual Forward information.
需要说明的是,因为矩阵乘法存在不可逆的特性,所以矩阵乘法的最终结果能够反映探测包实际经过的各交换机的顺序。另外,为了避免出现溢出的现象,这里在矩阵乘法的操作之外,额外增加了取模的操作,将取模后的结果作为新的二维向量更新到标签中,通过这种方式可以避免矩阵乘法溢出。模数p的取值和交换机的特征矩阵的行列式有关,会通过模数与行列式的累乘操作来不断增加模数的值。需要特别注意的是,因为模数的更新也是一个乘法操作,因此也存在模数溢出的风险,为了避免这种风险的发生,必须将交换机的行列式大小控制在一个合理的范围内,至于行列式大小可以根据需求而设定。It should be noted that, because the matrix multiplication has an irreversible property, the final result of the matrix multiplication can reflect the sequence of the switches that the probe packets actually pass through. In addition, in order to avoid overflow, in addition to the matrix multiplication operation, an additional modulo operation is added, and the result after the modulus is updated to the label as a new two-dimensional vector. In this way, the matrix can be avoided. Multiplication overflows. The value of the modulus p is related to the determinant of the characteristic matrix of the switch, and the value of the modulus will be continuously increased through the multiplication operation of the modulus and the determinant. It is important to note that because the update of the modulus is also a multiplication operation, there is also a risk of modulus overflow. In order to avoid this risk, the determinant size of the switch must be controlled within a reasonable range. As for the determinant The format size can be set according to the requirement.
4)数据层面1根据实际路径上的中间交换机和出口交换机中的任一交换机更新的标签值,和探测包的包头信息形成对应的实际转发信息并上报给控制层面2。可以理解,由于中间交换机、出口交换机都可对标签值进行更新,从而得到更新后的标签值,那么为了让控制器21了解到探测包的转发状态,则中间交换机和出口交换机可将更新后的标签值和探测包的包头信息形成为实际转发信息,从而上报给控制器21。4) The data layer 1 forms corresponding actual forwarding information based on the label value updated by any switch in the intermediate switch and the egress switch on the actual path, and the header information of the detection packet, and reports it to the control layer 2. It can be understood that since both the intermediate switch and the egress switch can update the tag value to obtain the updated tag value, then in order for the controller 21 to know the forwarding state of the detection packet, the intermediate switch and the egress switch can update the tag value The label value and the header information of the detection packet are formed into actual forwarding information, which is reported to the controller 21 .
在本实施例中,对于上面的第三处理环节,控制层面2根据转发规则信息生成多条期望路径信息,且利用多条期望路径信息构成探测包对应的期望路径集合信息包括:In this embodiment, for the above third processing link, the control layer 2 generates multiple pieces of expected path information according to the forwarding rule information, and uses the multiple pieces of expected path information to form the expected path set information corresponding to the probe packet, including:
1)控制层面2根据转发规则信息构建多条期望路径,每条期望路径上具有一个或多个交换机,且期望路径上的入口交换机为实际路径上的入口交换机。比如图1,如要构建起主机31和主机32之间的网络通路,期望路径可有三条,分别为交换机11—12—13—14,交换机11—13—14,交换机11—12—14,其中交换机11就为期望路径上的入口交换机。1) The control plane 2 constructs multiple expected paths according to the forwarding rule information, each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path. For example, in Fig. 1, if a network path between the host 31 and the host 32 is to be constructed, there are three expected paths, namely switch 11-12-13-14, switch 11-13-14, switch 11-12-14, Wherein the switch 11 is an ingress switch on the desired path.
2)控制层面2获取构成各条期望路径上所有交换机的特征矩阵,以及获取实际路径上的入口交换机上报的初始标签值。比如图1,对于三条期望路径(分别为交换机11—12—13—14,交换机11—13—14,交换机11—12—14),控制器21可获取交换机11、12、13、14的特征矩阵,以及获取交换机11的初始标签值。2) The control plane 2 obtains the characteristic matrix of all switches on each expected path, and obtains the initial label value reported by the ingress switch on the actual path. For example, in Figure 1, for three expected paths (respectively switches 11-12-13-14, switches 11-13-14, and switches 11-12-14), the controller 21 can obtain the characteristics of switches 11, 12, 13, and 14 matrix, and obtain the initial label value of switch 11.
3)控制层面2利用每条期望路径上一个或多个交换机的特征矩阵对初始标签值进行更新计算,得到每条期望路径对应的标签值。比如图1,由于控制器21得到了交换机11、12、13、14的特征矩阵,以及交换机11的初始标签值,那么可用初始标签值与交换机11的特征矩阵做乘法,得到新的标签值再与交换机12的特征矩阵做乘法,得到新的标签值再与交换机13的特征矩阵做乘法,得到新的标签值再与交换机14的特征矩阵做乘法,最终得到的标签值就是期望路径(交换机11—12—13—14)的标签值;那么同理,可以得到期望路径(交换机11—13—14),以及期望路径(交换机11—12—14)的标签值。3) The control plane 2 uses the feature matrix of one or more switches on each expected path to update and calculate the initial label value, and obtain the label value corresponding to each expected path. For example, in Fig. 1, since the controller 21 has obtained the feature matrix of the switches 11, 12, 13, 14, and the initial label value of the switch 11, then the initial label value can be multiplied by the feature matrix of the switch 11 to obtain a new label value and then Multiply with the feature matrix of the switch 12 to get a new label value and then multiply it with the feature matrix of the switch 13 to get a new label value and then multiply it with the feature matrix of the switch 14, the final label value is the expected path (switch 11 -12-13-14); then similarly, the desired path (switch 11-13-14) and the label value of the desired path (switch 11-12-14) can be obtained.
4)控制层面2根据探测包的包头信息和每条期望路径对应的标签值生成一条期望路径信息。4) The control plane 2 generates a piece of expected path information according to the header information of the detection packet and the label value corresponding to each expected path.
5)控制层面2统计各条期望路径分别对应的期望路径信息,就可以构成探测包对应的期望路径集合信息。5) The control plane 2 counts the expected path information corresponding to each expected path, and then can form the expected path set information corresponding to the detection packet.
进一步地,为了保证期望路径集合信息存储的有效性,控制层面2中的控制器21可将期望路径集合信息存入预设的路径表,并在路径表中使用布隆过滤器对各条期望路径分别对应的标签值进行映射存储。需要说明的是,期望路径集合信息中存储的是各条期望路径分别对应的标签值,即任意一条期望路径对应的1*2的向量;为了减少期望路径集合信息所需要的存储空间,通过将多个期望路径分别对应的标签值映射到一个固定长度的布隆过滤器中即可实现节省存储空间的目的。可以理解,布隆过滤器通常被用来快速判断某个元素是否存在于一个集合中,其由若干个独立的哈希函数和一个二进制向量组成;并且,布隆过滤器通过多个哈希映射来判断某个元素是否在集合中,哈希函数会把这个元素映射成若干个数值,这些数值对应布隆过滤器的下标,如果布隆过滤器这些下标对应的值都为1,则该元素属于这个集合;当然,如果布隆过滤器的这些下标对应的值不全为1,则该元素不属于这个集合。Further, in order to ensure the validity of the storage of the desired path set information, the controller 21 in the control plane 2 can store the desired path set information into a preset path table, and use a Bloom filter in the path table to filter each desired path The tag values corresponding to the paths are mapped and stored. It should be noted that the expected path set information stores the label values corresponding to each expected path, that is, the 1*2 vector corresponding to any expected path; in order to reduce the storage space required by the expected path set information, by The tag values corresponding to multiple expected paths are mapped to a fixed-length Bloom filter to save storage space. It can be understood that Bloom filters are usually used to quickly determine whether an element exists in a set, which consists of several independent hash functions and a binary vector; and, Bloom filters pass through multiple hash maps To determine whether an element is in the set, the hash function will map this element into several values, these values correspond to the subscripts of the Bloom filter, if the values corresponding to these subscripts of the Bloom filter are all 1, then The element belongs to this set; of course, if the values corresponding to these subscripts of the Bloom filter are not all 1, the element does not belong to this set.
在上面的第四处理环节中,控制层面2根据实际转发信息生成探测包对应的实际路径信息包括:In the fourth processing link above, the control plane 2 generates the actual path information corresponding to the detection packet according to the actual forwarding information, including:
1)控制层面2获取探测包在实际路径上的中间交换机、出口交换机分别上报的标签值,以及获取探测包的包头信息。比如图1,对于实际转发路径是交换机11-13-14的情况,交换机13、14将分别上传更新的标签值和探测包的包头信息,由控制器21接收标签值和包头信息。1) The control plane 2 obtains the label values reported by the intermediate switch and the egress switch of the detection packet on the actual path, and obtains the header information of the detection packet. For example, in FIG. 1 , when the actual forwarding path is the switch 11-13-14, the switches 13 and 14 will respectively upload the updated label value and header information of the detection packet, and the controller 21 will receive the label value and header information.
2)控制层面2根据获取的标签值确定探测包在数据层面中各交换机间转发的实际路径,并根据获取的标签值和探测包的包头信息生成对应的实际路径信息。控制器21接收到了标签值和包头信息,由于标签值是交换机的特征矩阵通过矩阵乘法计算的结果,所以通过反向矩阵运算即可得到交换机的特征矩阵,从而了解到哪一个交换机参与了探测包的实际转发;并且,可利用出口交换机上报的标签值和包头信息生成对应的实际路径信息。2) The control plane 2 determines the actual path for the detection packet to be forwarded between the switches in the data plane according to the obtained label value, and generates the corresponding actual path information according to the obtained label value and the header information of the detection packet. The controller 21 has received the label value and packet header information. Since the label value is the result of calculating the characteristic matrix of the switch through matrix multiplication, the characteristic matrix of the switch can be obtained through the inverse matrix operation, so as to know which switch participated in the detection packet. The actual forwarding; and, the label value and packet header information reported by the egress switch can be used to generate the corresponding actual path information.
在本实施例中,对于上面的第五处理环节,控制层面2判断期望路径集合信息中是否包含有与实际路径信息一致的期望路径信息包括:In this embodiment, for the above fifth processing link, the control plane 2 judges whether the expected route set information contains the expected route information consistent with the actual route information including:
1)控制层面2获取期望路径集合信息中的包头信息和标签值,以及获取实际路径信息中的包头信息和标签值。比如图1,由于期望路径集合信息中包括多条期望路径信息,而每条期望路径信息包括探测包的包头信息和对应的标签值,并且实际路径信息也包括探测包的包头信息和对应的标签值,所以基于包头信息和标签值可对期望路径信息和实际路径信息进行路径一致性验证。1) The control plane 2 obtains the packet header information and label value in the expected path set information, and obtains the packet header information and label value in the actual path information. For example, in Figure 1, since the expected path set information includes multiple pieces of expected path information, each piece of expected path information includes the header information of the probe packet and the corresponding label value, and the actual path information also includes the header information of the probe packet and the corresponding label value, so the path consistency verification can be performed on the expected path information and the actual path information based on the packet header information and label value.
2)控制层面2将实际路径信息中的包头信息和期望路径集合信息中的包头信息进行比较,在包头信息匹配的情况下进行路径一致性验证。可以理解,只有针对同一个探测包的期望路径和实际路径进行一致性验证才有意义,探测包的包头信息具有唯一性,所以对包头信息进行匹配判断,只有包头信息匹配的情况下才能确定路径一致性验证的对象同一个探测包的实际路径信息和期望路径信息。2) The control plane 2 compares the packet header information in the actual path information with the packet header information in the expected path set information, and performs path consistency verification when the packet header information matches. It can be understood that it is only meaningful to verify the consistency between the expected path and the actual path of the same detection packet. The header information of the detection packet is unique, so the matching judgment is made on the header information. Only when the header information matches can the path be determined. The object of the consistency verification is the actual path information and the expected path information of a probe packet.
3)控制层面2判断期望路径集合信息中是否存在与实际路径信息相同的标签值,若是则通过路径一致性验证。可以理解,由于期望路径集合信息中包括多条期望路径信息,每条期望路径信息包括一个对应的标签值,所以期望路径集合信息中包括有多个标签值且数值各不相同,只要其中有一个标签值与实际路径信息中的标签值相同,则表明同一个探测包期望转发的交换机顺序与实际转发的交换机顺序一致,没有出现交换机转发出错的情况发生,所以通过了路径一致性验证。3) The control plane 2 judges whether there is the same label value as the actual path information in the expected path set information, and if so, passes the path consistency verification. It can be understood that since the expected path set information includes multiple pieces of expected path information, each piece of expected path information includes a corresponding tag value, so the expected path set information includes multiple tag values with different values, as long as there is one If the label value is the same as the label value in the actual path information, it means that the sequence of switches expected to be forwarded by the same probe packet is consistent with the sequence of switches actually forwarded, and there is no switch forwarding error, so the path consistency verification has passed.
在本实施例中,技术方案会根据转发规则构造探测包,然后将主动生成的探测包发送到数据层面,通过检测探测包的实际转发路径,来判断是否与探测包的期望路径是否一致,从而判断数据层面与控制层面是否一致。如果探测包的实际转发行为与预期不符,则说明数据层面和控制层面之间出现了不一致的现象,需要对出错的交换机进行维护。In this embodiment, the technical solution will construct the detection packet according to the forwarding rules, and then send the actively generated detection packet to the data layer, and judge whether it is consistent with the expected path of the detection packet by detecting the actual forwarding path of the detection packet, thereby Determine whether the data plane is consistent with the control plane. If the actual forwarding behavior of the detection packet is inconsistent with the expectation, it indicates that there is an inconsistency between the data plane and the control plane, and the faulty switch needs to be maintained.
在本实施例中,技术方案是通过上层控制器的主动探测机制实现下层数据转发的路径一致性检测。当数据包(或探测包)进入到网络之后,如果入口交换机不知道如何转发该数据包,则入口交换机就会向控制器发送Packet_In消息,控制器接收到Packet_In消息之后会对该数据包计算路由路径,将对应的流表规则下发到对应的交换机上;然后,控制器利用主动探测机制生成对应路径上的探测包来进行路径探测,以此来判断流表规则是否正确的下发以及是否被交换机正确的安装和执行。In this embodiment, the technical solution is to realize the path consistency detection of lower layer data forwarding through the active detection mechanism of the upper layer controller. When a data packet (or detection packet) enters the network, if the ingress switch does not know how to forward the data packet, the ingress switch will send a Packet_In message to the controller, and the controller will calculate the route for the data packet after receiving the Packet_In message path, and deliver the corresponding flow table rules to the corresponding switches; then, the controller uses the active detection mechanism to generate detection packets on the corresponding path for path detection, so as to determine whether the flow table rules are correctly delivered and whether installed and implemented correctly by the switch.
在本实施例中,通过标签值来压缩记录探测包所经过的实际转发路径信息。当控制器生成的探测包进入到数据层面后,入口交换机会执行标签插入算法将初始标签值插入到探测包中。随着探测包在数据层面中进行转发,标签值会被交换机通过标签更新算法进行更新;当探测包到达路径终点时,出口交换机会将标签值移除并且上报给控制器进行路径一致性验证。需要说明的是,标签值的存储、传输和计算开销不能太大,应该利用有限的空间携带足够丰富的实际路径信息,来为广义的路径一致性验证提供帮助。In this embodiment, the actual forwarding path information that the detection packet passes is compressed and recorded through the label value. When the detection packet generated by the controller enters the data plane, the ingress switch will execute the label insertion algorithm to insert the initial label value into the detection packet. As the detection packet is forwarded in the data plane, the label value will be updated by the switch through the label update algorithm; when the detection packet reaches the end of the path, the egress switch will remove the label value and report it to the controller for path consistency verification. It should be noted that the storage, transmission and calculation overhead of label values should not be too large, and the limited space should be used to carry enough rich actual path information to provide assistance for generalized path consistency verification.
需要说明的是,传统SDN网络的数据层面是单一协议的架构,即其数据层面上的交换机仅能够支持IPv4协议数据包的转发,网络转发设备的路由功能被上移到了控制平面,由控制器负责数据包的端到端路由计算,然而网络转发设备的转发功能被保留在数据平面上的交换机上,并且交换机没有缓存功能,如此使得路径一致性验证问题变得简单。在传统的技术方案中,假如控制器要对路径A-B-C-D进行路径一致性验证,且控制器的期望路径为A-B-C-D,只有当IPv4数据包的实际转发路径严格等于A-B-C-D时,路径一致性验证才能够通过。因此,传统SDN网络中的路径一致性验证问题属于严格路径一致性,即数据包实际路径必须严格等于控制器的期望路径,才能够使得路径一致性验证通过。在严格路径一致性问题中数据包的期望路径只有一条,而能够使路径一致性验证通过的实际路径也只有一条,这是一对一的关系。为了直观描述,可将传统的严格路径一致性问题建模成期望路径集合X和能够使得路径一致性验证通过的实际路径集合Y之间的双射模型,双射是数学集合中的概念,假如映射f是集合X到集合Y的一个映射,如果集合Y中的任意元素y,在集合X内存在唯一一个元素x,使得y=f(x),此时认为映射f是集合X和集合Y之间的双射。It should be noted that the data plane of the traditional SDN network is a single-protocol architecture, that is, the switches on the data plane can only support the forwarding of IPv4 protocol data packets, and the routing function of the network forwarding equipment is moved up to the control plane, and the controller It is responsible for the end-to-end routing calculation of data packets. However, the forwarding function of the network forwarding device is reserved on the switch on the data plane, and the switch has no cache function, which makes the path consistency verification problem easier. In the traditional technical solution, if the controller wants to perform path consistency verification on the path A-B-C-D, and the expected path of the controller is A-B-C-D, only when the actual forwarding path of the IPv4 data packet is strictly equal to A-B-C-D, the path consistency verification can pass . Therefore, the path consistency verification problem in the traditional SDN network belongs to strict path consistency, that is, the actual path of the data packet must be strictly equal to the expected path of the controller, so that the path consistency verification can pass. In the strict path consistency problem, there is only one expected path for data packets, and there is only one actual path that can pass path consistency verification, which is a one-to-one relationship. For intuitive description, the traditional strict path consistency problem can be modeled as a bijection model between the expected path set X and the actual path set Y that can make the path consistency verification pass. Bijection is a concept in mathematical sets. If The mapping f is a mapping from the set X to the set Y. If any element y in the set Y has only one element x in the set X, so that y=f(x), then the mapping f is considered to be the set X and the set Y between bijections.
相比与传统的路径一致性验证思路,本实施例进行了技术改进。在本实施例中,对于多协议的异构融合网络(MPSDN),数据层面上的多协议交换机能够同时支持IPv4协议、IPv6协议和NDN协议数据包的转发,而且网络转发设备的路由功能被上移到了控制层面,由控制器负责数据包的端到端路由计算。网络转发设备的转发功能则被保留在了数据层面中的多协议交换机上。因为MPSDN中数据层面能够支持NDN协议数据包的转发,所以数据层面的多协议交换机还拥有缓存功能。可以理解,在这种场景下路径一致性验证问题将变得比较复杂,多协议异构融合网络中的路径一致性问题属于广义路径一致性,即数据包(或探测包)的实际转发路径并不需要严格等于控制器的期望路径,才能够使路径一致性验证通过。只要数据包的实际转发路径在协议语义上与控制器的期望路径保持一致,就认为路径一致性验证通过。广义路径一致性问题中数据包的期望路径只有一条,但是能够使得路径一致性验证通过的实际路径可能有多条,这是一对多的关系。本实施例中将广义路径一致性问题建模成期望路径集合X和能够使得路径一致性验证通过的实际路径集合Y之间的满射模型,满射是数学集合中的概念,假如映射f是集合X到集合Y的一个映射,如果集合Y中的任意元素y在集合X内至少存在一个元素x与之相对应,使得y=f(x),则认为映射f是集合X和集合Y之间的满射。那么,可以基于这种满射模型的映射思路来解决广义的路径一致性验证问题。在本实施例中,基于探测包的探测原理,也可以对主机(如主机31)产生的数据流量进行转发探测。比如,当代表真实流量的数据包进入到异构融合网络中,异构融合网络的边缘交换机(如入口交换机)会对数据包的包头插入标签信息进行标记。当被标记的数据包经过转发到达网络边缘的交换机(如出口交换机)时,会将数据包的包头信息和标签信息上报给上层的控制器,控制器会通过标签信息获得数据包的实际转发路径,然后通过对比数据包的实际路径信息和期望路径是否一致来判断是否存在规则不一致的现象。Compared with the traditional way of verifying path consistency, technical improvements are made in this embodiment. In this embodiment, for a multi-protocol heterogeneous converged network (MPSDN), the multi-protocol switch on the data plane can simultaneously support the forwarding of IPv4 protocol, IPv6 protocol and NDN protocol data packets, and the routing function of the network forwarding device is activated Moved to the control plane, the controller is responsible for the end-to-end routing calculation of data packets. The forwarding function of the network forwarding device is reserved on the multi-protocol switch in the data plane. Because the data plane in MPSDN can support the forwarding of NDN protocol data packets, the multi-protocol switch on the data plane also has a cache function. It can be understood that in this scenario, the path consistency verification problem will become more complicated. The path consistency problem in the multi-protocol heterogeneous fusion network belongs to the generalized path consistency, that is, the actual forwarding path of the data packet (or detection packet) It is not necessary to be strictly equal to the expected path of the controller to pass the path consistency verification. As long as the actual forwarding path of the data packet is consistent with the expected path of the controller in terms of protocol semantics, it is considered that the path consistency verification is passed. In the generalized path consistency problem, there is only one expected path for a data packet, but there may be many actual paths that can make the path consistency verification pass, which is a one-to-many relationship. In this embodiment, the generalized path consistency problem is modeled as a surjective model between the expected path set X and the actual path set Y that can make the path consistency verification pass. The surjective is a concept in a mathematical set. If the mapping f is A mapping from a set X to a set Y, if any element y in the set Y has at least one element x corresponding to it in the set X, so that y=f(x), then the mapping f is considered to be between the set X and the set Y Full shot in between. Then, the generalized path consistency verification problem can be solved based on the mapping idea of this surjective model. In this embodiment, based on the detection principle of the detection packet, data traffic generated by the host (such as the host 31 ) may also be forwarded and detected. For example, when a data packet representing real traffic enters a heterogeneous converged network, an edge switch (such as an ingress switch) of the heterogeneous converged network will mark the header of the data packet by inserting label information. When the marked data packet is forwarded to a switch at the edge of the network (such as an egress switch), it will report the header information and label information of the data packet to the upper-layer controller, and the controller will obtain the actual forwarding path of the data packet through the label information , and then determine whether there is a rule inconsistency by comparing whether the actual path information of the data packet is consistent with the expected path.
在本实施例中,控制器可以实现路径粒度的路径一致性检测。当主机产生的数据包进入到网络之后,如果入口交换机不知道如何转发该数据包,入口交换机就会向控制器发送消息。控制器接收到消息之后会对该数据包计算路由路径,然后将对应的转发规则下发到对应的交换机上。控制器可以利用主动探测机制生成对应路径上的探测包来进行路径探测,以此来判断转发规则是否正确的下发以及是否被交换机正确的安装和执行。In this embodiment, the controller can implement path consistency detection at the path granularity. When the data packet generated by the host enters the network, if the ingress switch does not know how to forward the data packet, the ingress switch will send a message to the controller. After receiving the message, the controller will calculate the routing path for the data packet, and then send the corresponding forwarding rules to the corresponding switch. The controller can use the active detection mechanism to generate a detection packet on the corresponding path for path detection, so as to judge whether the forwarding rule is correctly issued and whether it is correctly installed and executed by the switch.
实施例二、Embodiment two,
请参考图1和图2,本实施例公开一种异构融合网络,包括数据层面1和控制层面2,数据层面1包括拓扑连接的多个交换机,如交换机11、12、13、14、15、16,控制层面2中部署有控制器21且控制器21与各交换机连接。接下来,将从控制器21的角度对异构融合网络的路径一致性验证过程进行详细说明。Please refer to FIG. 1 and FIG. 2. This embodiment discloses a heterogeneous converged network, including a data plane 1 and a control plane 2. The data plane 1 includes a plurality of switches connected topologically, such as switches 11, 12, 13, 14, and 15. , 16, a controller 21 is deployed in the control plane 2, and the controller 21 is connected to each switch. Next, the path consistency verification process of the heterogeneous converged network will be described in detail from the perspective of the controller 21 .
需要说明的是,控制器21可以是独立的控制设备,也可以是分布于云端或本地逻辑运算电路上的功能部件。比如,通过软件设计、程序编程的方式赋予控制器21的相关功能,当然,控制器21所实现的功能可以通过软件运行来体现,只要软件能够在处理器上被执行即可。It should be noted that the controller 21 may be an independent control device, or may be a functional component distributed on the cloud or on a local logical operation circuit. For example, related functions are given to the controller 21 by means of software design and program programming. Of course, the functions realized by the controller 21 can be embodied by running software, as long as the software can be executed on the processor.
控制器21包括路径探测生成模块211、期望路径集合生成模块212、路径一致性验证模块213,下面分别说明。The controller 21 includes a path detection generation module 211 , an expected path set generation module 212 , and a path consistency verification module 213 , which will be described separately below.
路径探测生成模块211的作用是根据预设的通信协议构造多信息结合的探测包,并将构造完成的探测包下发到数据层面1中的入口交换机。探测包的作用就是对数据层面1中各交换机的数据转发路径进行探测。The role of the path detection generation module 211 is to construct a multi-information combined detection packet according to a preset communication protocol, and deliver the constructed detection packet to the ingress switch in the data plane 1 . The function of the detection packet is to detect the data forwarding path of each switch in the data layer 1.
期望路径集合生成模块212的作用是根据探测包在数据层面1中若干个交换机间转发的多条期望路径生成对应的期望路径集合信息。The function of the expected path set generation module 212 is to generate the corresponding expected path set information according to the multiple expected paths forwarded by the probe packet among several switches in the data plane 1 .
路径一致性验证模块213的作用是探测探测包在数据层面1中各交换机间转发的实际路径并生成对应的实际路径信息;以及,路径一致性验证模块213判断期望路径集合信息中是否包含有与实际路径信息一致的期望路径信息,若是则通过对探测包转发的期望路径和实际路径的路径一致性验证。The role of the path consistency verification module 213 is to detect the actual path forwarded between the switches in the data layer 1 and generate corresponding actual path information; If the expected path information is consistent with the actual path information, the path consistency verification of the expected path forwarded by the probe packet and the actual path is passed.
需要说明的是,构造探测包所采用的通信协议包括但不限于TCP/IP协议、NetBEUI协议、IPX/SPX协议、NDN编排控制协议、区块链链上/链下协同协议。比如,构造探测包所使用的通信协议可以采用TCP/IP协议,并且,探测包应当包括包头信息和期望执行转发的若干个交换机的转发规则信息,其中包头信息可以包括自身识别标记、入口交换机地址、协议类型等信息,转发规则信息可被认为是包体信息,可以包括期望执行转发的几个交换机的地址。It should be noted that the communication protocols used to construct the detection packet include but are not limited to TCP/IP protocol, NetBEUI protocol, IPX/SPX protocol, NDN orchestration control protocol, blockchain on-chain/off-chain collaboration protocol. For example, the communication protocol used to construct the detection packet can adopt the TCP/IP protocol, and the detection packet should include packet header information and forwarding rule information of several switches that are expected to perform forwarding, wherein the packet header information can include its own identification mark, the address of the ingress switch , protocol type and other information, forwarding rule information can be considered as packet body information, and can include addresses of several switches expected to perform forwarding.
在一个实施例中,路径探测生成模块211根据预设的通信协议配置包头信息和期望执行的若干个交换机的转发规则,利用包头信息和转发规则信息构造探测包;然后,路径探测生成模块211将探测包下发至数据层面1中的入口交换机,接下来,探测包就可以在数据层面1中的各交换机间进行转发并形成转发的实际路径。为了便于理解实际转发过程,实际路径上首次转发探测包的交换机为入口交换机,实际路径上最后转发探测包的交换机为出口交换机,实际路径上其余的交换机为中间交换机;实际路径上的入口交换机用于在探测包内插入初始标签值并上报给控制层面,实际路径上的中间交换机和出口交换机用于对探测包的初始标签进行更新,并将更新的标签值和探测包的包头信息上报给控制层面2中的控制器21。In one embodiment, the path detection generation module 211 configures header information and forwarding rules of several switches expected to be executed according to a preset communication protocol, and uses the packet header information and forwarding rule information to construct a detection packet; then, the path detection generation module 211 will The detection packet is delivered to the ingress switch in the data plane 1, and then the detection packet can be forwarded among the switches in the data plane 1 to form an actual forwarding path. In order to facilitate the understanding of the actual forwarding process, the switch that forwards the detection packet for the first time on the actual path is the ingress switch, the switch that forwards the detection packet last on the actual path is the egress switch, and the rest of the switches on the actual path are intermediate switches; the ingress switch on the actual path is represented by To insert the initial label value in the detection packet and report it to the control plane, the intermediate switch and the egress switch on the actual path are used to update the initial label value of the detection packet, and report the updated label value and the header information of the detection packet to the control plane. Controller 21 in Level 2.
在一个实施例中,为了生成期望路径集合信息,期望路径集合生成模块212根据转发规则信息构建多条期望路径,每条期望路径上具有一个或多个交换机,且期望路径上的入口交换机为实际路径上的入口交换机;然后,期望路径集合生成模块212获取各条期望路径上所有交换机的特征矩阵,以及获取实际路径上的入口交换机上报的初始标签值;接下来,期望路径集合生成模块212利用每条期望路径的上的一个或多个交换机的特征矩阵对初始标签值进行更新计算,得到每条期望路径对应的标签值;接着,期望路径集合生成模块212根据探测包的包头信息和每条期望路径对应的标签值生成一条期望路径信息;从而,期望路径集合生成模块212统计各条期望路径分别对应的期望路径信息,这样就构成了探测包对应的期望路径集合信息。比如图1,如要构建起主机31和主机32之间的网络通路,期望路径可有三条,分别为交换机11—12—13—14,交换机11—13—14,交换机11—12—14,对于这三条期望路径,控制器21可获取交换机11、12、13、14的特征矩阵,以及获取交换机11的初始标签值;由于控制器21得到了交换机11、12、13、14的特征矩阵,以及交换机11的初始标签值,那么可用初始标签值与交换机11的特征矩阵做乘法,得到新的标签值再与交换机12的特征矩阵做乘法,得到新的标签值再与交换机13的特征矩阵做乘法,得到新的标签值再与交换机14的特征矩阵做乘法,最终得到的标签值就是期望路径(交换机11—12—13—14)的标签值;那么同理,可以得到期望路径(交换机11—13—14),以及期望路径(交换机11—12—14)的标签值;控制器21此时根据探测包的包头信息和每条期望路径对应的标签值生成一条期望路径信息,然后统计各条期望路径分别对应的期望路径信息即可得到期望路径集合信息。In one embodiment, in order to generate the expected path set information, the expected path set generation module 212 constructs multiple expected paths according to the forwarding rule information, each expected path has one or more switches, and the ingress switches on the expected path are actual The entry switch on the path; then, the expected path set generation module 212 obtains the feature matrix of all switches on each expected path, and obtains the initial label value reported by the entry switch on the actual path; next, the expected path set generation module 212 utilizes The feature matrix of one or more switches on each expected path updates and calculates the initial label value to obtain the corresponding label value of each expected path; then, the expected path set generation module 212 is based on the header information of the probe packet and each The tag value corresponding to the expected path generates a piece of expected path information; thus, the expected path set generating module 212 counts the expected path information corresponding to each expected path, thus forming the expected path set information corresponding to the detection packet. For example, in Fig. 1, if a network path between the host 31 and the host 32 is to be constructed, there are three expected paths, namely switch 11-12-13-14, switch 11-13-14, switch 11-12-14, For these three expected paths, the controller 21 can obtain the characteristic matrix of the switch 11, 12, 13, 14, and obtain the initial label value of the switch 11; since the controller 21 has obtained the characteristic matrix of the switch 11, 12, 13, 14, and the initial tag value of switch 11, then the initial tag value can be multiplied with the feature matrix of switch 11 to obtain a new tag value and then multiplied with the feature matrix of switch 12 to obtain a new tag value and then be used with the feature matrix of switch 13. Multiplication, get the new label value and then multiply it with the feature matrix of the switch 14, the final label value is the label value of the expected path (switch 11-12-13-14); then similarly, you can get the expected path (switch 11 -13-14), and the label value of the expected path (switch 11-12-14); at this time, the controller 21 generates a piece of expected path information according to the header information of the detection packet and the label value corresponding to each expected path, and then counts each The expected path information corresponding to the expected paths respectively can be used to obtain the expected path set information.
在一个实施例中,为了生成实际路径信息,路径一致性验证模块213获取探测包在实际路径上的中间交换机、出口交换机分别上报的标签值,以及探测包的包头信息;然后,路径一致性验证模块213根据获取的标签值确定探测包在数据层面中各交换机间转发的实际路径,并根据获取的标签值和探测包的包头信息生成对应的实际路径信息。比如图1,对于实际转发路径是交换机11-13-14的情况,交换机13、14将分别上传更新的标签值和探测包的包头信息,由控制器21接收标签值和包头信息;由于标签值是交换机的特征矩阵通过矩阵乘法计算的结果,所以通过反向矩阵运算即可得到交换机的特征矩阵,从而了解到哪一个交换机参与了探测包的实际转发;并且,可利用出口交换机上报的标签值和包头信息生成对应的实际路径信息。In one embodiment, in order to generate the actual path information, the path consistency verification module 213 obtains the label value reported by the intermediate switch and the egress switch of the detection packet on the actual path, and the header information of the detection packet; then, the path consistency verification The module 213 determines the actual path forwarded by the detection packet among the switches in the data plane according to the obtained label value, and generates corresponding actual path information according to the obtained label value and header information of the detection packet. Such as Fig. 1, for the situation that the actual forwarding path is switches 11-13-14, switches 13, 14 will respectively upload updated tag values and packet header information of probe packets, and controller 21 will receive tag values and packet header information; It is the result of the characteristic matrix of the switch calculated by matrix multiplication, so the characteristic matrix of the switch can be obtained through the reverse matrix operation, so as to know which switch participated in the actual forwarding of the detection packet; and, the label value reported by the egress switch can be used Generate actual path information corresponding to the packet header information.
在一个实施例中,为了实现期望路径和实际路径的路径一致性验证,路径一致性验证模块213获取期望路径集合信息中的包头信息和标签值,以及获取实际路径信息中的包头信息和标签值;然后,路径一致性验证模块213将实际路径信息中的包头信息和期望路径集合信息中的包头信息进行比较,在包头信息匹配的情况下进行路径一致性验证;接下来,路径一致性验证模块213判断期望路径集合信息中是否存在与实际路径信息相同的标签值,若是则通过路径一致性验证。比如图1,由于期望路径集合信息中包括多条期望路径信息,而每条期望路径信息包括探测包的包头信息和对应的标签值,并且实际路径信息也包括探测包的包头信息和对应的标签值,所以路径一致性验证模块213基于包头信息和标签值可对期望路径信息和实际路径信息进行路径一致性验证。In one embodiment, in order to realize the path consistency verification of the expected path and the actual path, the path consistency verification module 213 obtains the packet header information and label value in the expected path set information, and obtains the packet header information and label value in the actual path information ; Then, the path consistency verification module 213 compares the packet header information in the actual path information with the packet header information in the expected path set information, and performs path consistency verification under the condition that the packet header information matches; Next, the path consistency verification module 213 Determine whether there is a tag value identical to the actual path information in the expected path set information, and if so, pass the path consistency verification. For example, in Figure 1, since the expected path set information includes multiple pieces of expected path information, each piece of expected path information includes the header information of the probe packet and the corresponding label value, and the actual path information also includes the header information of the probe packet and the corresponding label value, so the path consistency verification module 213 can perform path consistency verification on the expected path information and the actual path information based on the header information and the label value.
实施例三、Embodiment three,
请参考图1和图2,本实施例公开一种异构融合网络,包括数据层面1和控制层面2,数据层面1包括拓扑连接的多个交换机,如交换机11、12、13、14、15、16,控制层面2中部署有控制器21且控制器21与各交换机连接,控制层面2中的控制器21用于控制数据层面1中每个交换机的数据转发的路径。接下来,将从数据层面1的角度对探测包的数据转发过程进行说明。Please refer to FIG. 1 and FIG. 2. This embodiment discloses a heterogeneous converged network, including a data plane 1 and a control plane 2. The data plane 1 includes a plurality of switches connected topologically, such as switches 11, 12, 13, 14, and 15. , 16, a controller 21 is deployed in the control plane 2 and connected to each switch, and the controller 21 in the control plane 2 is used to control the data forwarding path of each switch in the data plane 1 . Next, the data forwarding process of the probe packet will be described from the perspective of data plane 1.
由于控制层面2中的控制器21可以根据预设的通信协议构造多信息结合的探测包,并向数据层面1下发探测包,所以数据层面1就能够接收控制层面2下放的探测包,并将探测包在各交换机间进行转发以形成转发的实际路径。需要说明的是,实际路径上首次转发探测包的交换机为入口交换机,实际路径上最后转发探测包的交换机为出口交换机,实际路径上其余的交换机为中间交换机。比如图1,控制器21将探测包下发到数据层面1的交换机11,数据层面1的交换机11、12、13、14对探测包进行转发,那么交换机11为入口交换机,交换机14为出口交换机,交换机12、13均为中间交换机。Since the controller 21 in the control plane 2 can construct a detection packet combining multiple information according to the preset communication protocol, and send the detection packet to the data plane 1, the data plane 1 can receive the detection packet sent by the control plane 2, and The probe packets are forwarded among the switches to form the actual forwarding path. It should be noted that the switch that first forwards the detection packet on the actual path is the ingress switch, the switch that forwards the detection packet last on the actual path is the egress switch, and the remaining switches on the actual path are intermediate switches. For example, in Figure 1, the controller 21 sends the detection packet to the switch 11 of the data layer 1, and the switches 11, 12, 13, and 14 of the data layer 1 forward the detection packet, then the switch 11 is an ingress switch, and the switch 14 is an egress switch , the switches 12 and 13 are all intermediate switches.
在数据层面1中,数据层面1利用实际路径上的入口交换机在探测包内插入初始标签值,并向控制层面上报初始标签值。比如,初始化标签值可由一个二维随机向量(v 1,v 2)和一个32位的模数p组成的,其中二维随机向量可包含两个32位的整数。初始标签值用于后续的标签更新计算。 In the data plane 1, the data plane 1 uses the ingress switch on the actual path to insert the initial label value into the detection packet, and reports the initial label value to the control plane. For example, the initialization tag value may consist of a two-dimensional random vector (v 1 , v 2 ) and a 32-bit modulus p, wherein the two-dimensional random vector may include two 32-bit integers. The initial label value is used in subsequent label update calculations.
在数据层面1中,数据层面1利用实际路径上的中间交换机和出口交换机对探测包的初始标签值进行更新。比如,控制器21可为每个交换机分配一个矩阵地址并下发到对应的交换机,这样每个交换机都可拥有一个唯一的2*2的特征矩阵(用Mi表示),并且特征矩阵中的四个数值都是32位的整数。探测包每经过一个交换机(用Si表示),该交换机Si都会将探测包中的标签值与该交换机Si的特征矩阵Mi就进行矩阵乘法的运算,从而得到新的标签值以代替原标签值。比如,标签值的更新过程参考下面公式p=p*det(Mi)、(v 2i+1,v 2i+2)=(v 2i-1,v 2i)*Mi%p,其中,p为标签值中的模数,det表示矩阵行列式, (v 2i+1,v 2i+2)、(v 2i-1,v 2i)均表示二维随机向量,下标i表示交换机的序号,%表示求模运算。 In the data plane 1, the data plane 1 uses the intermediate switch and the egress switch on the actual path to update the initial label value of the detection packet. For example, the controller 21 can assign a matrix address to each switch and send it to the corresponding switch, so that each switch can have a unique 2*2 feature matrix (represented by Mi), and the four in the feature matrix Both values are 32-bit integers. Every time the detection packet passes through a switch (indicated by Si), the switch Si will perform matrix multiplication between the label value in the detection packet and the characteristic matrix Mi of the switch Si, so as to obtain a new label value to replace the original label value. For example, the update process of the label value refers to the following formula p=p*det(Mi), (v 2i+1 ,v 2i+2 )=(v 2i-1 ,v 2i )*Mi%p, where p is the label The modulus in the value, det represents the matrix determinant, (v 2i+1 ,v 2i+2 ), (v 2i-1 ,v 2i ) both represent two-dimensional random vectors, the subscript i represents the serial number of the switch, % represents Modulo operation.
在数据层面1中,数据层面1根据实际路径上的中间交换机和出口交换机中的任一交换机更新的标签值,和探测包的包头信息形成对应的实际转发信息并上报给控制层面2中的控制器21。In the data layer 1, the data layer 1 forms corresponding actual forwarding information based on the label value updated by any switch in the intermediate switch and the egress switch on the actual path, and the header information of the detection packet, and reports it to the control layer in the control layer 2. Device 21.
在一个具体实施例中,标签值的更新过程如下:In a specific embodiment, the update process of the tag value is as follows:
a)对于实际路径上的中间交换机,中间交换机将自身的特征矩阵和探测包内插入的初始标签值进行矩阵乘法运算,得到第一标签值。a) For the intermediate switch on the actual path, the intermediate switch performs a matrix multiplication operation on its own characteristic matrix and the initial label value inserted in the detection packet to obtain the first label value.
b)对于实际路径上的出口交换机,出口交换机将自身的特征矩阵和第一标签值进行矩阵乘法运算,得到第二标签值。b) For the egress switch on the actual path, the egress switch performs a matrix multiplication operation on its own characteristic matrix and the first label value to obtain the second label value.
c)在矩阵乘法运算中,对参与运算的特征矩阵进行取模计算(如Mi%p)以防止矩阵乘法溢出,并且第一标签值和第二标签值均为更新的标签值,都需要与包头信息一起形成实际转发信息。c) In the matrix multiplication operation, the modulus calculation (such as Mi%p) is performed on the feature matrix involved in the operation to prevent matrix multiplication overflow, and the first label value and the second label value are updated label values, which need to be compared with The header information together forms the actual forwarding information.
需要说明的是,因为矩阵乘法存在不可逆的特性,所以矩阵乘法的最终结果能够反映探测包实际经过的各交换机的顺序。另外,为了避免出现溢出的现象,这里在矩阵乘法的操作之外,额外增加了取模的操作,将取模后的结果作为新的二维向量更新到标签中,通过这种方式可以避免矩阵乘法溢出。模数p的取值和交换机的特征矩阵的行列式有关,会通过模数与行列式的累乘操作来不断增加模数的值。需要特别注意的是,因为模数的更新也是一个乘法操作,因此也存在模数溢出的风险,为了避免这种风险的发生,必须将交换机的行列式大小控制在一个合理的范围内,至于行列式大小可以根据需求而设定。It should be noted that, because the matrix multiplication has an irreversible property, the final result of the matrix multiplication can reflect the sequence of the switches that the probe packets actually pass through. In addition, in order to avoid overflow, in addition to the matrix multiplication operation, an additional modulo operation is added, and the result after the modulus is updated to the label as a new two-dimensional vector. In this way, the matrix can be avoided. Multiplication overflows. The value of the modulus p is related to the determinant of the characteristic matrix of the switch, and the value of the modulus will be continuously increased through the multiplication operation of the modulus and the determinant. It is important to note that because the update of the modulus is also a multiplication operation, there is also a risk of modulus overflow. In order to avoid this risk, the determinant size of the switch must be controlled within a reasonable range. As for the determinant The format size can be set according to the requirement.
实施例四、Embodiment four,
基于上面实施例一、实施例二、实施例三中分别公开的异构融合网络,本实施例中公开一种用于异构融合网络的路径一致性验证方法。Based on the heterogeneous converged networks respectively disclosed in Embodiment 1, Embodiment 2, and Embodiment 3 above, this embodiment discloses a path consistency verification method for a heterogeneous converged network.
参考图1,对于这里的异构融合网络,其包括数据层面1和控制层面2,数据层面1包括拓扑连接的多个交换机,如交换机11、12、13、14、15、16,控制层面2中部署有控制器21且控制器21与各交换机连接,控制层面2中的控制器21用于控制数据层面1中每个交换机的数据转发的路径。Referring to Figure 1, for the heterogeneous converged network here, it includes a data plane 1 and a control plane 2, and the data plane 1 includes multiple switches connected topologically, such as switches 11, 12, 13, 14, 15, 16, and the control plane 2 A controller 21 is deployed in and connected to each switch, and the controller 21 in the control plane 2 is used to control the data forwarding path of each switch in the data plane 1 .
在本实施例中,参见图3,路径一致性验证方法包括步骤410-440,下面分别说明。In this embodiment, referring to FIG. 3 , the method for verifying path consistency includes steps 410-440, which will be described respectively below.
步骤410,控制器21根据预设的通信协议构造多信息结合的探测包,并向数据层面下发所述探测包。Step 410, the controller 21 constructs a detection packet combining multiple information according to a preset communication protocol, and delivers the detection packet to the data plane.
步骤420,控制器21根据探测包在数据层面中若干个交换机间转发的多条期望路径生成对应的期望路径集合信息。In step 420, the controller 21 generates corresponding expected path set information according to the multiple expected paths forwarded by the detection packet among several switches in the data plane.
步骤430,控制器21探测探测包在数据层面中各交换机间转发的实际路径并生成对应的实际路径信息。In step 430, the controller 21 detects the actual path forwarded by the detection packet among the switches in the data plane and generates corresponding actual path information.
步骤440,控制器21判断期望路径集合信息中是否包含有与实际路径信息一致的期望路径信息,若是则通过对探测包转发的期望路径和实际路径的路径一致性验证。In step 440, the controller 21 judges whether the expected path set information contains expected path information consistent with the actual path information, and if so, passes the path consistency verification between the expected path forwarded by the probe packet and the actual path.
在本实施例中,上面的步骤410主要涉及构造探测包的过程,那么可参考图4,该步骤410可具体包括步骤411-413,分别说明如下。In this embodiment, the above step 410 is mainly related to the process of constructing a detection packet, so refer to FIG. 4 , this step 410 may specifically include steps 411-413, which are respectively described as follows.
步骤411,控制器21根据预设的通信协议配置包头信息和期望执行的若干个交换机的转发规则信息。构造探测包所使用的通信协议可以采用TCP/IP协议、NetBEUI协议或IPX/SPX协议。探测包的包头信息可以包括自身识别标记、入口交换机地址、协议类型等信息,探测包的转发规则信息可被认为是包体信息,可以包括期望执行转发的几个交换机的地址,比如交换机11、12、13、14分别的地址。In step 411, the controller 21 configures packet header information and forwarding rule information of several switches expected to be implemented according to a preset communication protocol. The communication protocol used for constructing the detection packet may adopt the TCP/IP protocol, the NetBEUI protocol or the IPX/SPX protocol. The packet header information of the detection packet can include information such as self-identification mark, entry switch address, protocol type, etc., and the forwarding rule information of the detection packet can be considered as packet body information, and can include the addresses of several switches expected to perform forwarding, such as switch 11, Addresses of 12, 13, and 14 respectively.
步骤412,控制器21利用包头信息和转发规则信息构造多信息结合的探测包。In step 412, the controller 21 uses the packet header information and forwarding rule information to construct a detection packet combining multiple information.
步骤413,控制器21将探测包下发至数据层面1,探测包在数据层面1中的各交换机间进行转发并形成转发的实际路径。需要说明的是,在数据层面中,实际路径上首次转发探测包的交换机为入口交换机,实际路径上最后转发探测包的交换机为出口交换机,实际路径上其余的交换机为中间交换机;而且,实际路径上的入口交换机用于在探测包内插入初始标签值并上报给控制层面2,实际路径上的中间交换机和出口交换机用于对探测包的初始标签进行更新,并将更新的标签值和所述探测包的包头信息上报给控制层面2。In step 413, the controller 21 sends the detection packet to the data plane 1, and the detection packet is forwarded among the switches in the data plane 1 to form an actual forwarding path. It should be noted that, in the data plane, the switch that forwards the detection packet for the first time on the actual path is the ingress switch, the switch that forwards the detection packet last on the actual path is the egress switch, and the rest of the switches on the actual path are intermediate switches; and, the actual path The ingress switch on the path is used to insert the initial label value in the detection packet and report it to the control plane 2, the intermediate switch and the egress switch on the actual path are used to update the initial label value of the detection packet, and compare the updated label value with the The header information of the detection packet is reported to the control plane 2 .
在本实施例中,上面的步骤420主要涉及生成期望路径集合信息的过程,那么可参考图5,该步骤420可具体包括步骤421-425,分别说明如下。In this embodiment, the above step 420 is mainly related to the process of generating the expected path set information, so refer to FIG. 5 , this step 420 may specifically include steps 421-425, which are respectively described as follows.
步骤421,控制器21根据转发规则信息构建多条期望路径,并且,每条期望路径上具有一个或多个交换机,且期望路径上的入口交换机为实际路径上的入口交换机。比如图1,如要构建起主机31和主机32之间的网络通路,期望路径可有三条,分别为交换机11—12—13—14,交换机11—13—14,交换机11—12—14,其中交换机11就为期望路径上的入口交换机。In step 421, the controller 21 constructs multiple expected paths according to the forwarding rule information, and each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path. For example, in Fig. 1, if a network path between the host 31 and the host 32 is to be constructed, there are three expected paths, namely switch 11-12-13-14, switch 11-13-14, switch 11-12-14, Wherein the switch 11 is an ingress switch on the desired path.
步骤422,控制器21获取各条期望路径上所有交换机的特征矩阵,以及获取实际路径上的入口交换机上报的初始标签值。比如图1,对于三条期望路径(分别为交换机11—12—13—14,交换机11—13—14,交换机11—12—14),控制器21可获取交换机11、12、13、14的特征矩阵,以及获取交换机11的初始标签值。In step 422, the controller 21 obtains the characteristic matrix of all switches on each expected path, and obtains the initial label value reported by the ingress switch on the actual path. For example, in Figure 1, for three expected paths (respectively switches 11-12-13-14, switches 11-13-14, and switches 11-12-14), the controller 21 can obtain the characteristics of switches 11, 12, 13, and 14 matrix, and obtain the initial label value of switch 11.
步骤423,控制器21利用每条期望路径的上的一个或多个交换机的特征矩阵对初始标签值进行更新计算,得到每条期望路径对应的标签值。比如图1,由于控制器21得到了交换机11、12、13、14的特征矩阵,以及交换机11的初始标签值,那么可用初始标签值与交换机11的特征矩阵做乘法,得到新的标签值再与交换机12的特征矩阵做乘法,得到新的标签值再与交换机13的特征矩阵做乘法,得到新的标签值再与交换机14的特征矩阵做乘法,最终得到的标签值就是期望路径(交换机11—12—13—14)的标签值;那么同理,可以得到期望路径(交换机11—13—14),以及期望路径(交换机11—12—14)的标签值。In step 423, the controller 21 uses the feature matrix of one or more switches on each expected path to update and calculate the initial label value, so as to obtain the label value corresponding to each expected path. For example, in Fig. 1, since the controller 21 has obtained the feature matrix of the switches 11, 12, 13, 14, and the initial label value of the switch 11, then the initial label value can be multiplied by the feature matrix of the switch 11 to obtain a new label value and then Multiply with the feature matrix of the switch 12 to get a new label value and then multiply it with the feature matrix of the switch 13 to get a new label value and then multiply it with the feature matrix of the switch 14, the final label value is the expected path (switch 11 -12-13-14); then similarly, the desired path (switch 11-13-14) and the label value of the desired path (switch 11-12-14) can be obtained.
步骤424,控制器21根据探测包的包头信息和每条期望路径对应的标签值生成一条期望路径信息。In step 424, the controller 21 generates a piece of expected path information according to the header information of the detection packet and the label value corresponding to each expected path.
步骤425,控制器21统计各条期望路径分别对应的期望路径信息,从而构成探测包对应的期望路径集合信息。In step 425, the controller 21 collects the expected path information corresponding to each expected path, so as to form the expected path set information corresponding to the detection packet.
在本实施例中,上面的步骤430主要涉及生成实际路径信息的过程,那么可参考图6,该步骤430可具体包括步骤431-433,分别说明如下。In this embodiment, the above step 430 is mainly related to the process of generating actual path information, so refer to FIG. 6 , this step 430 may specifically include steps 431-433, which are respectively described as follows.
步骤431,控制器21获取探测包在实际路径上的中间交换机、出口交换机分别上报的标签值,以及探测包的包头信息。比如图1,对于实际转发路径是交换机11-13-14的情况,交换机13、14将分别上传更新的标签值和探测包的包头信息,由控制器21接收标签值和包头信息。In step 431, the controller 21 obtains the label values reported by the intermediate switch and the egress switch of the detection packet on the actual path, and the header information of the detection packet. For example, in FIG. 1 , when the actual forwarding path is the switch 11-13-14, the switches 13 and 14 will respectively upload the updated label value and header information of the detection packet, and the controller 21 will receive the label value and header information.
步骤432,控制器21根据获取的标签值确定探测包在数据层面中各交换机间转发的实际路径。In step 432, the controller 21 determines the actual path for the detection packet to be forwarded among the switches in the data plane according to the obtained label value.
步骤433,控制器21根据获取的标签值和探测包的包头信息生成对应的实际路径信息。比如图1,控制器21接收到了标签值和包头信息,由于标签值是交换机的特征矩阵通过矩阵乘法计算的结果,所以通过反向矩阵运算即可得到交换机的特征矩阵,从而了解到哪一个交换机参与了探测包的实际转发;并且,可利用出口交换机上报的标签值和包头信息生成对应的实际路径信息。In step 433, the controller 21 generates corresponding actual path information according to the acquired tag value and header information of the detection packet. For example, in Figure 1, the controller 21 has received the label value and packet header information. Since the label value is the result of calculating the characteristic matrix of the switch through matrix multiplication, the characteristic matrix of the switch can be obtained through the inverse matrix operation, so as to know which switch Participated in the actual forwarding of the detection packet; and, can use the label value and packet header information reported by the egress switch to generate the corresponding actual path information.
在本实施例中,上面的步骤440主要涉及路径一致性验证的过程,那么可参考图7,该步骤440可具体包括步骤441-443,分别说明如下。In this embodiment, the above step 440 mainly involves the process of verifying path consistency, so refer to FIG. 7 , this step 440 may specifically include steps 441-443, which are respectively described as follows.
步骤441,控制器21获取期望路径集合信息中的包头信息和标签值,以及获取实际路径信息中的包头信息和标签值。比如图1,由于期望路径集合信息中包括多条期望路径信息,而每条期望路径信息包括探测包的包头信息和对应的标签值,并且实际路径信息也包括探测包的包头信息和对应的标签值,所以基于包头信息和标签值可对期望路径信息和实际路径信息进行路径一致性验证。In step 441, the controller 21 obtains the packet header information and label value in the expected path set information, and obtains the packet header information and label value in the actual path information. For example, in Figure 1, since the expected path set information includes multiple pieces of expected path information, each piece of expected path information includes the header information of the probe packet and the corresponding label value, and the actual path information also includes the header information of the probe packet and the corresponding label value, so the path consistency verification can be performed on the expected path information and the actual path information based on the packet header information and label value.
步骤442,控制器21将实际路径信息中的包头信息和期望路径集合信息中的包头信息进行比较,在包头信息匹配的情况下进行路径一致性验证。In step 442, the controller 21 compares the packet header information in the actual path information with the packet header information in the expected path set information, and performs path consistency verification when the packet header information matches.
步骤443,控制器21判断期望路径集合信息中是否存在与实际路径信息相同的标签值,若是则通过路径一致性验证。In step 443, the controller 21 judges whether there is a tag value identical to the actual path information in the expected path set information, and if so, passes the path consistency verification.
需要说明的是,只有针对同一个探测包的期望路径和实际路径进行一致性验证才有意义,探测包的包头信息具有唯一性,所以对包头信息进行匹配判断,只有包头信息匹配的情况下才能确定路径一致性验证的对象同一个探测包的实际路径信息和期望路径信息。并且,由于期望路径集合信息中包括多条期望路径信息,每条期望路径信息包括一个对应的标签值,所以期望路径集合信息中包括有多个标签值且数值各不相同,只要其中有一个标签值与实际路径信息中的标签值相同,则表明同一个探测包期望转发的交换机顺序与实际转发的交换机顺序一致,没有出现交换机转发出错的情况发生,所以通过了路径一致性验证。It should be noted that it is only meaningful to verify the consistency between the expected path and the actual path of the same detection packet. The header information of the detection packet is unique, so the matching judgment of the header information can only be performed when the header information matches. Determine the actual path information and expected path information of the same detection packet as the object of path consistency verification. Moreover, since the expected path set information includes multiple pieces of expected path information, each piece of expected path information includes a corresponding tag value, so the expected path set information includes multiple tag values with different values, as long as there is one tag value If the value is the same as the label value in the actual path information, it indicates that the sequence of switches expected to be forwarded by the same probe packet is consistent with the sequence of switches actually forwarded, and no switch forwarding errors occur, so the path consistency verification has passed.
实施例五、Embodiment five,
在实施例四中公开的路径一致性验证方法的基础上,本实施例中公开一种网路控制装置,该网络控制装置5包括存储器51和处理器52。On the basis of the path consistency verification method disclosed in Embodiment 4, this embodiment discloses a network control device, and the network control device 5 includes a memory 51 and a processor 52 .
在本实施例中,存储器51和处理器52是网络控制装置5的主要部件,当然网络控制装置5还可以包括一些与处理器52连接的功能模块,具体可参考上面的实施例一,这里不再详细说明。In this embodiment, the memory 51 and the processor 52 are the main components of the network control device 5. Of course, the network control device 5 may also include some functional modules connected to the processor 52. For details, refer to the first embodiment above. Let's go into more detail.
其中,存储器51可作为计算机可读存储介质,这里用于存储程序,该程序可以是实施例四中路径一致性验证方法对应的程序代码。Wherein, the memory 51 may be used as a computer-readable storage medium for storing a program here, and the program may be a program code corresponding to the path consistency verification method in Embodiment 4.
其中,处理器52与存储器51连接,用于执行存储器51中存储的程序以实现上面实施例四中公开的路径一致性验证方法。需要说明的是,处理器52实现的功能可以参考实施例一中的控制器21,这里不再进行详细说明。Wherein, the processor 52 is connected to the memory 51, and is used to execute the program stored in the memory 51 to implement the path consistency verification method disclosed in the fourth embodiment above. It should be noted that the functions implemented by the processor 52 can refer to the controller 21 in the first embodiment, and no detailed description is given here.
本领域技术人员可以理解,上述实施方式中各种方法的全部或部分功能可以通过硬件的方式实现,也可以通过计算机程序的方式实现。当上述实施方式中全部或部分功能通过计算机程序的方式实现时,该程序可以存储于一计算机可读存储介质中,存储介质可以包括:只读存储器、随机存储器、磁盘、光盘、硬盘等,通过计算机执行该程序以实现上述功能。例如,将程序存储在设备的存储器中,当通过处理器执行存储器中程序,即可实现上述全部或部分功能。另外,当上述实施方式中全部或部分功能通过计算机程序的方式实现时,该程序也可以存储在服务器、另一计算机、磁盘、光盘、闪存盘或移动硬盘等存储介质中,通过下载或复制保存到本地设备的存储器中,或对本地设备的系统进行版本更新,当通过处理器执行存储器中的程序时,即可实现上述实施方式中全部或部分功能。Those skilled in the art can understand that all or part of the functions of the various methods in the foregoing implementation manners can be realized by means of hardware, or by means of computer programs. When all or part of the functions in the above embodiments are implemented by means of a computer program, the program can be stored in a computer-readable storage medium, and the storage medium can include: read-only memory, random access memory, magnetic disk, optical disk, hard disk, etc., through The computer executes the program to realize the above-mentioned functions. For example, the program is stored in the memory of the device, and when the processor executes the program in the memory, all or part of the above-mentioned functions can be realized. In addition, when all or part of the functions in the above embodiments are realized by means of a computer program, the program can also be stored in a storage medium such as a server, another computer, a magnetic disk, an optical disk, a flash disk, or a mobile hard disk, and saved by downloading or copying. To the memory of the local device, or to update the version of the system of the local device, when the processor executes the program in the memory, all or part of the functions in the above embodiments can be realized.
以上应用了具体个例对本申请进行阐述,只是用于帮助理解本申请技术方案,并不用以限制本申请。对于所属技术领域的技术人员,依据本申请的思想,还可以做出若干简单推演、变形或替换。The above uses specific examples to illustrate the present application, which is only used to help understand the technical solutions of the present application, and is not intended to limit the present application. For those skilled in the art, based on the idea of the present application, some simple deduction, deformation or replacement can also be made.

Claims (19)

  1. 一种异构融合网络,其特征在于,包括:A heterogeneous fusion network, characterized in that it includes:
    数据层面,包括拓扑连接的多个交换机,每个交换机能够根据至少一种通信协议进行数据转发;Data layer, including multiple switches connected topologically, each switch can forward data according to at least one communication protocol;
    控制层面,与所述数据层面中的交换机进行连接,用于控制所述交换机的数据转发的路径;其中,The control plane is connected to the switch in the data plane, and is used to control the data forwarding path of the switch; wherein,
    所述控制层面根据预设的通信协议构造多信息结合的探测包,并向所述数据层面下发所述探测包;所述探测包包括包头信息,和期望执行转发的若干个交换机的转发规则信息;The control plane constructs a detection packet combining multiple information according to a preset communication protocol, and sends the detection packet to the data plane; the detection packet includes header information and forwarding rules of several switches expected to perform forwarding information;
    所述数据层面将所述探测包按照各交换机转发的实际路径进行转发,并向所述控制层面上报实际转发信息;The data layer forwards the detection packet according to the actual path forwarded by each switch, and reports the actual forwarding information to the control layer;
    所述控制层面根据所述转发规则信息生成多条期望路径信息,且利用所述多条期望路径信息构成所述探测包对应的期望路径集合信息;The control plane generates multiple pieces of expected path information according to the forwarding rule information, and uses the multiple pieces of expected path information to form expected path set information corresponding to the detection packet;
    所述控制层面根据所述实际转发信息生成所述探测包对应的实际路径信息;The control plane generates actual path information corresponding to the probe packet according to the actual forwarding information;
    所述控制层面判断所述期望路径集合信息中是否包含有与所述实际路径信息一致的期望路径信息,若是则通过对所述探测包转发的期望路径和实际路径的路径一致性验证。The control plane judges whether the expected path set information contains the expected path information consistent with the actual path information, and if so, passes the path consistency verification of the expected path forwarded by the probe packet and the actual path.
  2. 如权利要求1所述的异构融合网络,其特征在于,所述数据层面将所述探测包按照各交换机转发的实际路径进行转发,并向所述控制层面上报实际转发信息,包括:The heterogeneous converged network according to claim 1, wherein the data layer forwards the detection packet according to the actual path forwarded by each switch, and reports the actual forwarding information to the control layer, including:
    所述数据层面接收被下放的探测包,将所述探测包在各交换机间进行转发并形成转发的实际路径;实际路径上首次转发所述探测包的交换机为入口交换机,实际路径上最后转发所述探测包的交换机为出口交换机,实际路径上其余的交换机为中间交换机;The data layer receives the probing packets that are distributed, and forwards the probing packets among the switches to form an actual forwarding path; the switch that forwards the probing packets for the first time on the actual path is the ingress switch, and the last forwarding packet on the actual path is the ingress switch. The switch of the detection packet mentioned above is the egress switch, and the remaining switches on the actual path are intermediate switches;
    所述数据层面利用实际路径上的入口交换机在所述探测包内插入初始标签值,并向所述控制层面上报所述初始标签值;The data plane uses an ingress switch on the actual path to insert an initial label value into the detection packet, and reports the initial label value to the control plane;
    所述数据层面利用实际路径上的中间交换机和出口交换机对所述探测包的初始标签值进行更新;The data plane updates the initial label value of the detection packet by using the intermediate switch and the egress switch on the actual path;
    所述数据层面根据实际路径上的中间交换机和出口交换机中的任一交换机更新的标签值,和所述探测包的包头信息形成对应的实际转发信息并上报给所述控制层面。The data plane forms corresponding actual forwarding information based on the label value updated by any one of the intermediate switch and the egress switch on the actual path, and the header information of the detection packet, and reports it to the control plane.
  3. 如权利要求2所述的异构融合网络,其特征在于,所述数据层面利用实际路径上的中间交换机和出口交换机对所述探测包的初始标签值进行更新,包括:The heterogeneous converged network according to claim 2, wherein the data plane uses an intermediate switch and an egress switch on the actual path to update the initial label value of the detection packet, including:
    对于实际路径上的中间交换机,所述中间交换机将自身的特征矩阵和所述探测包内插入的初始标签值进行矩阵乘法运算,得到第一标签值;For the intermediate switch on the actual path, the intermediate switch performs matrix multiplication with its own characteristic matrix and the initial label value inserted in the detection packet to obtain the first label value;
    对于实际路径上的出口交换机,所述出口交换机将自身的特征矩阵和所述第一标签值进行矩阵乘法运算,得到第二标签值; For the egress switch on the actual path, the egress switch performs a matrix multiplication operation on its own feature matrix and the first label value to obtain a second label value;
    在所述矩阵乘法运算中,对参与运算的特征矩阵进行取模计算以防止矩阵乘法溢出;所述第一标签值和所述第二标签值均为更新的标签值。In the matrix multiplication operation, a modulo calculation is performed on the feature matrices involved in the operation to prevent matrix multiplication from overflowing; both the first label value and the second label value are updated label values.
  4. 如权利要求2所述的异构融合网络,其特征在于,所述控制层面根据所述转发规则信息生成多条期望路径信息,且利用所述多条期望路径信息构成所述探测包对应的期望路径集合信息,包括:The heterogeneous converged network according to claim 2, wherein the control plane generates multiple pieces of expected path information according to the forwarding rule information, and uses the multiple pieces of expected path information to form the expected path corresponding to the detection packet. Path collection information, including:
    所述控制层面根据所述转发规则信息构建多条期望路径;每条期望路径上具有一个或多个交换机,且期望路径上的入口交换机为实际路径上的入口交换机;The control plane constructs multiple expected paths according to the forwarding rule information; each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path;
    所述控制层面获取构成各条期望路径上所有交换机的特征矩阵,以及获取实际路径上的入口交换机上报的初始标签值;The control plane obtains the characteristic matrix of all switches on each expected path, and obtains the initial label value reported by the ingress switch on the actual path;
    所述控制层面利用每条期望路径上一个或多个交换机的特征矩阵对所述初始标签值进行更新计算,得到每条期望路径对应的标签值;The control plane uses the feature matrix of one or more switches on each expected path to update and calculate the initial label value to obtain the label value corresponding to each expected path;
    所述控制层面根据所述探测包的包头信息和每条期望路径对应的标签值生成一条期望路径信息;The control plane generates a piece of expected path information according to the header information of the detection packet and the label value corresponding to each expected path;
    所述控制层面统计各条期望路径分别对应的期望路径信息,以构成所述探测包对应的期望路径集合信息。The control plane collects the expected path information corresponding to each expected path to form the expected path set information corresponding to the detection packet.
  5. 如权利要求4所述的异构融合网络,其特征在于,所述控制层面还将所述期望路径集合信息存入预设的路径表,并在所述路径表中使用布隆过滤器对各条期望路径分别对应的标签值进行映射存储。The heterogeneous fusion network according to claim 4, wherein the control plane also stores the expected path set information into a preset path table, and uses a Bloom filter in the path table to The tag values corresponding to the expected paths are mapped and stored.
  6. 如权利要求4所述的异构融合网络,其特征在于,所述控制层面根据所述实际转发信息生成所述探测包对应的实际路径信息,包括:The heterogeneous fusion network according to claim 4, wherein the control plane generates actual path information corresponding to the probe packet according to the actual forwarding information, including:
    所述控制层面获取所述探测包在实际路径上的中间交换机、出口交换机分别上报的标签值,以及获取所述探测包的包头信息;The control plane obtains the label values reported by the intermediate switch and the egress switch of the detection packet on the actual path, and obtains the header information of the detection packet;
    所述控制层面根据获取的标签值确定所述探测包在所述数据层面中各交换机间转发的实际路径,并根据获取的标签值和所述探测包的包头信息生成对应的实际路径信息。The control plane determines the actual path forwarded by the detection packet among the switches in the data plane according to the obtained label value, and generates corresponding actual path information according to the obtained label value and header information of the detection packet.
  7. 如权利要求6所述的异构融合网络,其特征在于,所述控制层面判断所述期望路径集合信息中是否包含有与所述实际路径信息一致的期望路径信息,包括:The heterogeneous converged network according to claim 6, wherein the control plane judges whether the expected path set information contains expected path information consistent with the actual path information, including:
    所述控制层面获取所述期望路径集合信息中的包头信息和标签值,以及获取实际路径信息中的包头信息和标签值;The control plane acquires header information and label values in the desired path set information, and acquires header information and label values in actual path information;
    所述控制层面将所述实际路径信息中的包头信息和所述期望路径集合信息中的包头信息进行比较,在包头信息匹配的情况下进行路径一致性验证;The control plane compares the header information in the actual path information with the header information in the expected path set information, and performs path consistency verification when the header information matches;
    所述控制层面判断所述期望路径集合信息中是否存在与所述实际路径信息相同的标签值,若是则通过路径一致性验证。The control plane judges whether there is a tag value identical to the actual path information in the expected path set information, and if so, passes the path consistency verification.
  8. 一种异构融合网络,包括数据层面和控制层面,所述数据层面包括拓扑连接的多个交换机,所述控制层面中部署有所述控制器且所述控制器与各交换机连接,其特征在于,所述控制器包括:A heterogeneous converged network, including a data plane and a control plane, the data plane includes a plurality of switches connected topologically, the controller is deployed in the control plane and the controller is connected to each switch, characterized in that , the controller consists of:
    路径探测生成模块,用于根据预设的通信协议构造探测包,并向所述数据层面下发所述探测包;A path detection generating module, configured to construct a detection packet according to a preset communication protocol, and deliver the detection packet to the data plane;
    期望路径集合生成模块,用于根据所述探测包在所述数据层面中若干个交换机间转发的多条期望路径生成对应的期望路径集合信息;An expected path set generating module, configured to generate corresponding expected path set information according to multiple expected paths forwarded by the detection packet among several switches in the data plane;
    路径一致性验证模块,用于探测所述探测包在所述数据层面中各交换机间转发的实际路径并生成对应的实际路径信息;以及,用于判断所述期望路径集合信息中是否包含有与所述实际路径信息一致的期望路径信息,若是则通过对所述探测包转发的期望路径和实际路径的路径一致性验证。The path consistency verification module is used to detect the actual path forwarded by the detection packet between the switches in the data plane and generate corresponding actual path information; If the expected path information is consistent with the actual path information, the verification of path consistency between the expected path forwarded by the probe packet and the actual path is passed.
  9. 如权利要求8所述的异构融合网络,其特征在于,所述路径探测生成模块根据预设的通信协议构造探测包,并向所述数据层面下发所述探测包,包括:The heterogeneous fusion network according to claim 8, wherein the path detection generation module constructs a detection packet according to a preset communication protocol, and sends the detection packet to the data layer, including:
    所述路径探测生成模块根据预设的通信协议配置包头信息和期望执行的若干个交换机的转发规则信息,利用所述包头信息和所述转发规则信息构造多信息结合的探测包;The path detection generation module configures packet header information and forwarding rule information of several switches expected to be executed according to a preset communication protocol, and uses the packet header information and the forwarding rule information to construct a detection packet combining multiple information;
    所述路径探测生成模块将所述探测包下发至所述数据层面,所述探测包在所述数据层面中的各交换机间进行转发并形成转发的实际路径;The path detection generation module sends the detection packet to the data layer, and the detection packet is forwarded between switches in the data layer to form an actual forwarding path;
    实际路径上首次转发所述探测包的交换机为入口交换机,实际路径上最后转发所述探测包的交换机为出口交换机,实际路径上其余的交换机为中间交换机;实际路径上的入口交换机用于在所述探测包内插入初始标签值并上报给所述控制层面,实际路径上的中间交换机和出口交换机用于对所述探测包的初始标签进行更新,并将更新的标签值和所述探测包的包头信息上报给所述控制层面。The switch that forwards the detection packet for the first time on the actual path is an ingress switch, the switch that forwards the detection packet last on the actual path is an egress switch, and the rest of the switches on the actual path are intermediate switches; the ingress switch on the actual path is used to The initial label value is inserted into the detection packet and reported to the control plane, the intermediate switch and the egress switch on the actual path are used to update the initial label of the detection packet, and the updated label value and the detection packet The packet header information is reported to the control plane.
  10. 如权利要求9所述的异构融合网络,其特征在于,所述期望路径集合生成模块根据所述探测包在所述数据层面中若干个交换机间转发的多条期望路径生成对应的期望路径集合信息,包括:The heterogeneous converged network according to claim 9, wherein the expected path set generation module generates a corresponding expected path set according to multiple expected paths forwarded by the detection packet among several switches in the data plane information, including:
    所述期望路径集合生成模块根据所述转发规则信息构建多条期望路径;每条期望路径上具有一个或多个交换机,且期望路径上的入口交换机为实际路径上的入口交换机;The expected path set generation module constructs multiple expected paths according to the forwarding rule information; each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path;
    所述期望路径集合生成模块获取各条期望路径上所有交换机的特征矩阵,以及获取实际路径上的入口交换机上报的初始标签值;The expected path set generation module obtains the feature matrix of all switches on each expected path, and obtains the initial label value reported by the ingress switch on the actual path;
    所述期望路径集合生成模块利用每条期望路径的上的一个或多个交换机的特征矩阵对所述初始标签值进行更新计算,得到每条期望路径对应的标签值;The expected path set generation module uses the feature matrix of one or more switches on each expected path to update and calculate the initial label value to obtain the corresponding label value of each expected path;
    所述期望路径集合生成模块根据所述探测包的包头信息和每条期望路径对应的标签值生成一条期望路径信息;The expected path set generation module generates an expected path information according to the header information of the detection packet and the label value corresponding to each expected path;
    所述期望路径集合生成模块统计各条期望路径分别对应的期望路径信息,以构成所述探测包对应的期望路径集合信息。The expected path set generation module counts the expected path information corresponding to each expected path to form the expected path set information corresponding to the detection packet.
  11. 如权利要求9所述的异构融合网络,其特征在于,所述路径一致性验证模块探测所述探测包在所述数据层面中各交换机间转发的实际路径并生成对应的实际路径信息,包括:The heterogeneous converged network according to claim 9, wherein the path consistency verification module detects the actual path forwarded by the detection packet between switches in the data plane and generates corresponding actual path information, including :
    所述路径一致性验证模块获取所述探测包在实际路径上的中间交换机、出口交换机分别上报的标签值,以及所述探测包的包头信息;The path consistency verification module obtains the label values reported by the intermediate switch and the egress switch of the detection packet on the actual path, and the header information of the detection packet;
    所述路径一致性验证模块根据获取的标签值确定所述探测包在所述数据层面中各交换机间转发的实际路径,并根据获取的标签值和所述探测包的包头信息生成对应的实际路径信息。The path consistency verification module determines the actual path forwarded by the detection packet between switches in the data plane according to the obtained label value, and generates a corresponding actual path according to the obtained label value and the header information of the detection packet information.
  12. 如权利要求11所述的异构融合网络,其特征在于,所述路径一致性验证模块判断所述期望路径集合信息中是否包含有与所述实际路径信息一致的期望路径信息,若是则通过对所述探测包转发的期望路径和实际路径的路径一致性验证,包括:The heterogeneous fusion network according to claim 11, wherein the path consistency verification module judges whether the expected path set information contains expected path information consistent with the actual path information, and if so, passes the The path consistency verification of the expected path forwarded by the probe packet and the actual path includes:
    所述路径一致性验证模块获取所述期望路径集合信息中的包头信息和标签值,以及获取实际路径信息中的包头信息和标签值;The path consistency verification module acquires header information and tag values in the expected path set information, and acquires header information and tag values in actual path information;
    所述路径一致性验证模块将所述实际路径信息中的包头信息和所述期望路径集合信息中的包头信息进行比较,在包头信息匹配的情况下进行路径一致性验证;The path consistency verification module compares the header information in the actual path information with the header information in the expected path set information, and performs path consistency verification when the header information matches;
    所述路径一致性验证模块判断所述期望路径集合信息中是否存在与所述实际路径信息相同的标签值,若是则通过路径一致性验证。The path consistency verification module judges whether the expected path set information has the same tag value as the actual path information, and if so, passes the path consistency verification.
  13. 一种异构融合网络,包括数据层面和控制层面,所述数据层面包括拓扑连接的多个交换机,所述控制层面与所述数据层面中的交换机进行连接且用于控制每个所述交换机的数据转发的路径,其特征在于, A heterogeneous converged network, including a data plane and a control plane, the data plane includes a plurality of switches connected topologically, the control plane is connected to the switches in the data plane and is used to control each of the switches The path of data forwarding is characterized in that,
    所述数据层面能够接收所述控制层面下放的探测包,并将所述探测包在各交换机间进行转发以形成转发的实际路径;实际路径上首次转发所述探测包的交换机为入口交换机,实际路径上最后转发所述探测包的交换机为出口交换机,实际路径上其余的交换机为中间交换机;The data plane can receive the detection packet sent by the control plane, and forward the detection packet between switches to form an actual forwarding path; the switch that forwards the detection packet on the actual path for the first time is the ingress switch, and the actual The switch that forwards the detection packet at last on the path is an egress switch, and the remaining switches on the actual path are intermediate switches;
    所述数据层面利用实际路径上的入口交换机在所述探测包内插入初始标签值,并向所述控制层面上报所述初始标签值;The data plane uses an ingress switch on the actual path to insert an initial label value into the detection packet, and reports the initial label value to the control plane;
    所述数据层面利用实际路径上的中间交换机和出口交换机对所述探测包的初始标签值进行更新;The data plane updates the initial label value of the detection packet by using the intermediate switch and the egress switch on the actual path;
    所述数据层面根据实际路径上的中间交换机和出口交换机中的任一交换机更新的标签值,和所述探测包的包头信息形成对应的实际转发信息并上报给所述控制层面。The data plane forms corresponding actual forwarding information based on the label value updated by any one of the intermediate switch and the egress switch on the actual path, and the header information of the detection packet, and reports it to the control plane.
  14. 如权利要求13中所述的异构融合网络,其特征在于,所述数据层面利用实际路径上的中间交换机和出口交换机对所述探测包的初始标签值进行更新,包括:The heterogeneous converged network according to claim 13, wherein the data plane utilizes an intermediate switch and an egress switch on the actual path to update the initial label value of the detection packet, including:
    对于实际路径上的中间交换机,所述中间交换机将自身的特征矩阵和所述探测包内插入的初始标签值进行矩阵乘法运算,得到第一标签值;For the intermediate switch on the actual path, the intermediate switch performs matrix multiplication with its own characteristic matrix and the initial label value inserted in the detection packet to obtain the first label value;
    对于实际路径上的出口交换机,所述出口交换机将自身的特征矩阵和所述第一标签值进行矩阵乘法运算,得到第二标签值; For the egress switch on the actual path, the egress switch performs a matrix multiplication operation on its own feature matrix and the first label value to obtain a second label value;
    在所述矩阵乘法运算中,对参与运算的特征矩阵进行取模计算以防止矩阵乘法溢出;所述第一标签值和所述第二标签值均为更新的标签值。In the matrix multiplication operation, a modulo calculation is performed on the feature matrices involved in the operation to prevent matrix multiplication from overflowing; both the first label value and the second label value are updated label values.
  15. 一种用于异构融合网络的路径一致性验证方法,所述异构融合网络包括数据层面和控制层面,所述数据层面包括拓扑连接的多个交换机,所述控制层面用于控制每个交换机的数据转发的路径,其特征在于,所述路径一致性验证方法包括:A path consistency verification method for a heterogeneous converged network, the heterogeneous converged network includes a data plane and a control plane, the data plane includes a plurality of switches connected topologically, and the control plane is used to control each switch The data forwarding path is characterized in that the path consistency verification method includes:
    根据预设的通信协议构造探测包,并向所述数据层面下发所述探测包;Constructing a detection packet according to a preset communication protocol, and delivering the detection packet to the data plane;
    根据所述探测包在所述数据层面中若干个交换机间转发的多条期望路径生成对应的期望路径集合信息;generating corresponding expected path set information according to multiple expected paths forwarded by the detection packet among several switches in the data plane;
    探测所述探测包在所述数据层面中各交换机间转发的实际路径并生成对应的实际路径信息;Detecting the actual path forwarded by the detection packet between switches in the data plane and generating corresponding actual path information;
    判断所述期望路径集合信息中是否包含有与所述实际路径信息一致的期望路径信息,若是则通过对所述探测包转发的期望路径和实际路径的路径一致性验证。Judging whether the expected path set information contains expected path information consistent with the actual path information, and if so, verifying the path consistency between the expected path forwarded by the probe packet and the actual path.
  16. 如权利要求15所述的路径一致性验证方法,其特征在于,所述根据预设的通信协议构造探测包,并向所述数据层面下发所述探测包,根据所述探测包在所述数据层面中若干个交换机间转发的多条期望路径生成对应的期望路径集合信息,包括:The method for verifying path consistency according to claim 15, wherein the detection packet is constructed according to a preset communication protocol, and the detection packet is sent to the data layer, and the detection packet is transmitted according to the detection packet in the Multiple expected paths forwarded between several switches in the data plane generate corresponding expected path set information, including:
    根据预设的通信协议配置包头信息和期望执行的若干个交换机的转发规则信息,利用所述包头信息和所述转发规则信息构造多信息结合的探测包;Configuring packet header information and forwarding rule information of several switches expected to be executed according to a preset communication protocol, using the packet header information and the forwarding rule information to construct a detection packet combining multiple information;
    将所述探测包下发至所述数据层面,所述探测包在所述数据层面中的各交换机间进行转发并形成转发的实际路径;实际路径上首次转发所述探测包的交换机为入口交换机,实际路径上最后转发所述探测包的交换机为出口交换机,实际路径上其余的交换机为中间交换机;实际路径上的入口交换机用于在所述探测包内插入初始标签值并上报给所述控制层面,实际路径上的中间交换机和出口交换机用于对所述探测包的初始标签进行更新,并将更新的标签值和所述探测包的包头信息上报给所述控制层面;Sending the detection packet to the data layer, the detection packet is forwarded among the switches in the data layer to form an actual forwarding path; the switch that forwards the detection packet for the first time on the actual path is an ingress switch , the switch that forwards the detection packet last on the actual path is the egress switch, and the remaining switches on the actual path are intermediate switches; the ingress switch on the actual path is used to insert the initial label value in the detection packet and report it to the control level, the intermediate switch and the egress switch on the actual path are used to update the initial label of the detection packet, and report the updated label value and the header information of the detection packet to the control plane;
    根据所述转发规则信息构建多条期望路径;每条期望路径上具有一个或多个交换机,且期望路径上的入口交换机为实际路径上的入口交换机;Construct multiple expected paths according to the forwarding rule information; each expected path has one or more switches, and the ingress switch on the expected path is the ingress switch on the actual path;
    获取各条期望路径上所有交换机的特征矩阵,以及获取实际路径上的入口交换机上报的初始标签值;Obtain the feature matrix of all switches on each expected path, and obtain the initial label value reported by the ingress switch on the actual path;
    利用每条期望路径的上的一个或多个交换机的特征矩阵对所述初始标签值进行更新计算,得到每条期望路径对应的标签值;Using the feature matrix of one or more switches on each expected path to update and calculate the initial label value to obtain the label value corresponding to each expected path;
    根据所述探测包的包头信息和每条期望路径对应的标签值生成一条期望路径信息;generating a piece of expected path information according to the header information of the detection packet and the label value corresponding to each expected path;
    统计各条期望路径分别对应的期望路径信息,以构成所述探测包对应的期望路径集合信息。The expected path information corresponding to each expected path is counted to form the expected path set information corresponding to the detection packet.
  17. 如权利要求16所述的路径一致性验证方法,其特征在于,所述根据所述实际转发信息生成所述探测包对应的实际路径信息,包括:The path consistency verification method according to claim 16, wherein said generating the actual path information corresponding to the probe packet according to the actual forwarding information comprises:
    获取所述探测包在实际路径上的中间交换机、出口交换机分别上报的标签值,以及所述探测包的包头信息;Acquiring the label values reported by the intermediate switch and the egress switch of the detection packet on the actual path, and the header information of the detection packet;
    根据获取的标签值确定所述探测包在所述数据层面中各交换机间转发的实际路径,并根据获取的标签值和所述探测包的包头信息生成对应的实际路径信息。Determining the actual path forwarded by the detection packet among the switches in the data plane according to the obtained label value, and generating corresponding actual path information according to the obtained label value and header information of the detection packet.
  18. 如权利要求17所述的路径一致性验证方法,其特征在于,所述判断所述期望路径集合信息中是否包含有与所述实际路径信息一致的期望路径信息,包括:The path consistency verification method according to claim 17, wherein said judging whether said expected path set information contains expected path information consistent with said actual path information comprises:
    获取所述期望路径集合信息中的包头信息和标签值,以及获取实际路径信息中的包头信息和标签值;Acquiring header information and label values in the expected path set information, and acquiring header information and label values in actual path information;
    将所述实际路径信息中的包头信息和所述期望路径集合信息中的包头信息进行比较,在包头信息匹配的情况下进行路径一致性验证;Comparing the header information in the actual path information with the header information in the expected path set information, and verifying path consistency when the header information matches;
    判断所述期望路径集合信息中是否存在与所述实际路径信息相同的标签值,若是则通过路径一致性验证。Judging whether there is a tag value identical to the actual path information in the expected path set information, and if so, passing the path consistency verification.
  19. 一种计算机可读存储介质,其特征在于,所述介质上存储有程序,所述程序能够被处理器执行以实现如权利要求15-18中任一项所述的路径一致性验证方法。A computer-readable storage medium, wherein a program is stored on the medium, and the program can be executed by a processor to implement the path consistency verification method according to any one of claims 15-18.
PCT/CN2021/140359 2021-12-22 2021-12-22 Heterogeneous convergence network and path consistency verification method therefor, and storage medium WO2023115373A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202180043494.XA CN115918037A (en) 2021-12-22 2021-12-22 Heterogeneous convergence network, path consistency verification method thereof and storage medium
PCT/CN2021/140359 WO2023115373A1 (en) 2021-12-22 2021-12-22 Heterogeneous convergence network and path consistency verification method therefor, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/140359 WO2023115373A1 (en) 2021-12-22 2021-12-22 Heterogeneous convergence network and path consistency verification method therefor, and storage medium

Publications (1)

Publication Number Publication Date
WO2023115373A1 true WO2023115373A1 (en) 2023-06-29

Family

ID=86494031

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/140359 WO2023115373A1 (en) 2021-12-22 2021-12-22 Heterogeneous convergence network and path consistency verification method therefor, and storage medium

Country Status (2)

Country Link
CN (1) CN115918037A (en)
WO (1) WO2023115373A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150281076A1 (en) * 2014-03-25 2015-10-01 Nec Laboratories America, Inc. Layer 2 Path Tracing Through Context Encoding in Software Defined Networking
CN108768769A (en) * 2018-05-17 2018-11-06 南方科技大学 The detection method of control plane and data surface consistency, detecting system and interchanger
CN111464340A (en) * 2020-03-19 2020-07-28 北京大学深圳研究生院 Network control method, data forwarding method and software defined network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150281076A1 (en) * 2014-03-25 2015-10-01 Nec Laboratories America, Inc. Layer 2 Path Tracing Through Context Encoding in Software Defined Networking
CN108768769A (en) * 2018-05-17 2018-11-06 南方科技大学 The detection method of control plane and data surface consistency, detecting system and interchanger
CN111464340A (en) * 2020-03-19 2020-07-28 北京大学深圳研究生院 Network control method, data forwarding method and software defined network

Also Published As

Publication number Publication date
CN115918037A (en) 2023-04-04

Similar Documents

Publication Publication Date Title
EP3665866B1 (en) Scalable network path tracing
US9438512B2 (en) Stacking metadata contexts for service chains
US9331910B2 (en) Methods and systems for automatic generation of routing configuration files
US20150019902A1 (en) OpenFlow Controller Master-slave Initialization Protocol
WO2019100598A1 (en) Transaction processing method and device, computer equipment, and storage medium
JP2014175924A (en) Transmission system, transmission device, and transmission method
US10574570B2 (en) Communication processing method and apparatus
US9379964B2 (en) Discovering a topology—transparent zone
US11139995B2 (en) Methods and router devices for verifying a multicast datapath
JP7430224B2 (en) Packet processing methods and gateway devices
CN107566292B (en) Message forwarding method and device
WO2017143717A1 (en) Multicast information processing method and device
US11979412B2 (en) Verification of in-situ network telemetry data in a packet-switched network
US11863454B2 (en) Systems and methods for scalable validation of multiple paths in a network using segment routing
US20240129223A1 (en) Systems and methods for data plane validation of multiple paths in a network
US10680930B2 (en) Method and apparatus for communication in virtual network
Lebrun Reaping the benefits of ipv6 segment routing
WO2023115373A1 (en) Heterogeneous convergence network and path consistency verification method therefor, and storage medium
US11855888B2 (en) Packet verification method, device, and system
WO2018036453A1 (en) Method for synchronizing topology information in sfc network and routing network element
Newport et al. The (surprising) computational power of the SDN data plane
JP5045551B2 (en) Route aggregation device and aggregation processing method
WO2018018567A1 (en) Method and device for managing switch
US20240056412A1 (en) Underlay path selection in fabric/overlay access networks
WO2024108493A1 (en) Virtual and real combined dynamic traffic scheduling method and apparatus based on sdn and ndn

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21968523

Country of ref document: EP

Kind code of ref document: A1