CN103647658B - A software defined network system managing method of network devices and the controller - Google Patents

A software defined network system managing method of network devices and the controller Download PDF

Info

Publication number
CN103647658B
CN103647658B CN201310616278.7A CN201310616278A CN103647658B CN 103647658 B CN103647658 B CN 103647658B CN 201310616278 A CN201310616278 A CN 201310616278A CN 103647658 B CN103647658 B CN 103647658B
Authority
CN
China
Prior art keywords
network
controller
network device
defined
information
Prior art date
Application number
CN201310616278.7A
Other languages
Chinese (zh)
Other versions
CN103647658A (en
Inventor
吴鸿钟
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201310616278.7A priority Critical patent/CN103647658B/en
Publication of CN103647658A publication Critical patent/CN103647658A/en
Application granted granted Critical
Publication of CN103647658B publication Critical patent/CN103647658B/en

Links

Abstract

本发明公开了一种软件定义网络系统中网络设备的管理方法和控制器,涉及通信领域,在SDN场景下基于网络设备的物理特性提高网络设备的使用性能。 The present invention discloses a method for a software-defined network management system, network devices and controllers, relates to communication field, to improve the performance of network devices based on physical characteristics of the network device at the scene SDN. 其方法为:该软件定义网络系统包括控制器和网络设备,控制器用于管理网络设备通信,通过控制器接收网络设备上报的信息,信息包括网络设备的硬件信息及属性信息;其中,属性信息用于表明网络设备是否可以被控制器定义,当网络设备可以被控制器定义时,控制器根据硬件信息定义网络设备的数据控制功能,并向网络设备下发定义指令,使网络设备根据定义指令设定数据控制功能。 Which method: the controller comprises a software-defined network system and a network device, a communication controller for managing a network device, the network device receiving the information reported by the controller, the attribute information includes hardware information and device information of the network; wherein the attribute information to indicate whether the network control device may be defined, when the network device may be defined as a controller according to the data control information defines the hardware network devices, and sends the network device definition instruction, provided that the network device definition instruction given data control function.

Description

一种软件定义网络系统中网络设备的管理方法和控制器 A software defined network system managing method of network devices and the controller

技术领域 FIELD

[0001]本发明涉及通信领域,尤其涉及一种软件定义网络系统中网络设备的管理方法和控制器。 [0001] The present invention relates to communication field, and particularly relates to a method for software-defined network management system, network devices and controllers.

背景技术 Background technique

[0002] 软件定义网络(software defined network,SDN)为一种新型网络创新架构,其核心技术通过使用控制器将网络控制平面与数据平面分离开来,从而实现了网络流量的灵活控制,为核心网络及应用的创新提供了良好的平台。 [0002] software-defined network (software defined network, SDN) into a new innovative network architecture, which is the core technology used by the controller to the network control plane and the data plane separated, enabling flexible control of network traffic, the core networks and innovative applications provide a good platform.

[0003]对于SDN中的组件控制器来说,控制器与数据平面的网络设备的同步和异步通信是SDN的核心。 [0003] For the component SDN controller, the synchronous and asynchronous communication network data plane controller and device is the core of the SDN. 但是在SDN下,因为定义发生网络设备的变化,数据平面和控制平面的解耦可以实现逻辑功能与物理的网络设备的无关性,这样,基于网络设备的物理特性的应用由于SDN逻辑功能与物理功能的无关这一特性影响SDN场景下网络设备的使用。 However, in SDN, is defined as the change occurs in the network device, the data plane and control plane decoupling of logic functions may be implemented with a physical network device-independent, so that, based on the physical characteristics of the network application device due to the physical and logical function SDN this function is independent of network characteristics affect the use of equipment under SDN scene.

发明内容 SUMMARY

[0004]本发明的实施例提供一种软件定义网络系统中网络设备的管理方法和控制器。 Example [0004] The present invention provides a software-defined network management system, network devices and a controller.

[0005]为达到上述目的,本发明的实施例采用如下技术方案: [0005] To achieve the above object, embodiments of the present invention adopts the following technical solutions:

[0006]第一方面,提供一种软件定义网络系统中网络设备的管理方法,所述软件定义网络系统包括控制器和所述网络设备,所述控制器用于管理所述网络设备通信,所述方法包括: [0006] In a first aspect, there is provided a software-defined network system managing method of network devices, the system comprising a software-defined network and said network controller device, a controller for managing communication of the network device, the methods include:

[0007]所述控制器接收所述网络设备上报的信息,所述信息包括所述网络设备的硬件信息及属性信息;其中,所述属性信息用于表明所述网络设备是否可以被所述控制器定义; [0007] The controller receives information reported by the network device, said information comprises hardware information and attribute information of the network device; wherein the attribute information for indicating whether the network device can be the control definition;

[0008]当所述网络设备可以被所述控制器定义时,所述控制器根据所述硬件信息定义所述网络设备的数据控制功能,并向所述网络设备下发定义指令,使所述网络设备根据所述定义指令设定所述数据控制功能。 [0008] When the network device may be defined as the controller in accordance with the data control information defining the function of the hardware network device, the network device and sends the command definitions, the network control apparatus sets the function according to the data definition instruction.

[0009]结合第一方面,在第一种可能实现的方式中,所述方法还包括: [0009] with the first aspect, in a first possible implementation of the embodiment, the method further comprising:

[0010]当所述网络设备可以被所述控制器定义时,所述控制器向所述网络设备下发控制指令,使所述网络设备执行所述控制指令。 [0010] When the controller of the network device can be defined, the controller send the control command to the network device, the network device executes the control command.

[0011]结合第一方面,在第二种可能实现的方式中,当所述网络设备不可以被所述控制器定义时,所述控制还用于接收所述网络设备发送的业务数据信息。 [0011] with the first aspect, in a second possible realization of the embodiment, when the network device is not defined in the controller, the controller further for receiving traffic data transmitted by the network device information.

[0012]结合第一方面的第一种可能实现的方式或第二种可能实现的方式,在第三种可能实现的方式中,所述控制器与所述网络设备通信的方式为异步方式。 [0012] The first or second binding manner a possible implementation of the first aspect may be implemented, in a third possible implementation mode, the controller communicate with the network device to asynchronous mode.

[0013]第二方面,提供一种控制器,应用于软件定义网络系统中,所述软件定义网络系统包括所述控制器和网络设备,所述控制器用于管理所述网络设备通信,所述控制器包括: [0013] In a second aspect, there is provided a controller applied to software-defined network system, the system comprising a software-defined network and said network controller device, a controller for managing communication of the network device, the The controller includes:

[0014]接收单元,用于接收所述网络设备上报的信息,所述信息包括所述网络设备的硬件信息及属性信息;其中,所述属性信息用于表明所述网络设备是否可以被所述控制器定义; [0014] a receiving unit, for receiving information reported by the network device, said information comprises information about the hardware and network device attribute information; wherein the attribute information for indicating whether the network device may be said controller defined above;

[0015]处理单元,用于当所述网络设备可以被所述控制器定义时,根据所述硬件信息定义所述网络设备的数据控制功能; [0015] a processing unit configured to, when the network device can be defined in said controller, said hardware information according to the data defining the network control device;

[0016]发送单元,用于向所述网络设备下发定义指令,使所述网络设备根据所述定义指令设定所述数据控制功能。 [0016] The transmitting unit configured to define the network device, the next instruction, the network control apparatus sets the function according to the data definition instruction.

[0017]结合第二方面,在第一种可能实现的方式中,所述发送单元,还用于当所述网络设备可以被所述控制器定义时,向所述网络设备下发控制指令,使所述网络设备执行所述控制指令。 [0017] combination with the second aspect, the first possible implementation, the sending unit is further configured to, when the network controller of the device may be defined, the network device to send the control command, causing the network device to execute the control instruction.

[0018]结合第二方面,在第二种可能实现的方式中,所述接收单元,还用于当所述网络设备不可以被所述控制器定义时,接收所述网络设备发送的业务数据信息。 [0018] combination with the second aspect, in a second possible realization of the embodiment, the receiving unit is further configured to service data when the network device is not defined in the controller, receiving the network transmission device information.

[0019]结合第二方面的第一种可能实现的方式或第二种可能实现的方式,在第三种可能实现的方式中,所述控制器与所述网络设备通信的方式为异步方式。 [0019] The first or second binding manner a possible implementation of the second aspect may be implemented, in a third possible implementation mode, the controller communicate with the network device to asynchronous mode.

[0020]本发明实施例提供一种软件定义网络系统中网络设备的管理方法和控制器,该软件定义网络系统包括控制器和网络设备,控制器用于管理网络设备通信,通过控制器接收网络设备上报的信息,信息包括网络设备的硬件信息及属性信息;其中,属性信息用于表明网络设备是否可以被控制器定义,当网络设备可以被控制器定义时,控制器根据硬件信息定义网络设备的数据控制功能,并向网络设备下发定义指令,使网络设备根据定义指令设定数据控制功能,在SDN场景下基于网络设备的物理特性提高网络设备的使用性能。 [0020] The present invention provides a software-defined network system managing method and a network controller device, the system comprising a software-defined network and a network controller device, a communication controller for managing a network device, a receiving device through a network controller the reported information includes information of network device hardware information and attribute information; wherein the attribute information indicates whether the network device can be defined as the controller, when the network device may be defined as a controller in accordance with the definition of the network device hardware information control data, and sends the network device definition instruction, so that the network device control function setting data according to the definition instruction, improve the performance of the network device based on the physical characteristics of the network device at the scene SDN.

附图说明 BRIEF DESCRIPTION

[0021]为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。 [0021] In order to more clearly illustrate the technical solutions in the embodiments of the present invention, as briefly described in the introduction to the accompanying drawings required for use in describing the embodiments. Apparently, the drawings in the following description are only some of the present invention. embodiments, those of ordinary skill in the art is concerned, without creative efforts, can derive from these drawings other drawings.

[0022]图1为本发明实施例提供的一种软件定义网络系统中网络设备的管理方法流程示意图; [0022] FIG. 1 is a schematic flow of a method managing software-defined network system according to the embodiment of the present invention, the network device;

[0023]图2为本发明实施例提供的一种软件定义网络系统中网络设备的管理方法流程示意图; [0023] FIG. 2 is a schematic flow of a method management software-defined network system according to the embodiment of the present invention, the network device;

[0024]图3为本发明实施例提供的一种软件定义网络系统中网络设备的管理方法流程示意图; [0024] FIG. 3 is a schematic flow of a method management software-defined network system according to the embodiment of the present invention, the network device;

[0025]图4为本发明实施例提供的一种控制器结构示意图; [0025] FIG. 4 one kind of a schematic structure of a controller according to an embodiment of the present invention;

[0026]图5为本发明实施例提供的一种控制器结构示意图; [0026] FIG. 5 one kind of schematic structure of a controller according to an embodiment of the present invention;

[0027]图6为本发明实施例提供的一种通信系统结构示意图。 [0027] FIG. 6 is a diagram of a communication system according to the embodiment of the structure of the present invention.

具体实施方式 Detailed ways

[0028]下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。 [0028] below in conjunction with the present invention in the accompanying drawings, technical solutions in the embodiments will be clearly describe the present invention, obviously, the described embodiments are merely part of embodiments of the present invention rather than all embodiments. 基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。 Based on the embodiments of the present invention, all other embodiments of ordinary skill in the art without any creative effort shall fall within the scope of the present invention.

[0029]本发明实施例提供一种软件定义网络系统中网络设备的管理方法,软件定义网络系统包括控制器和网络设备,控制器用于管理网络设备通信,如图1所示,包括: [0029] The management method of the present invention provides a software-defined network system, network devices, software-defined network system includes a controller and a network device, a communication controller for managing a network device, shown in Figure 1, comprising:

[0030] 11、控制器接收网络设备上报的信息,信息包括网络设备的硬件信息及属性信息;其中,属性信息用于表明网络设备是否可以被控制器定义。 [0030] 11, the controller receiving information reported by the network device, the hardware information and device attribute information comprises a network; wherein the attribute information indicating whether the network device can be defined as a controller.

[0031]其中,SDN是一种新型网络创新架构,其核心技术通过使用控制器将网络控制平面与数据平面分离开来,从而实现了网络流量的灵活控制。 [0031] wherein, SDN is a new innovative network architecture, which is the core technology used by the controller to the network control plane and the data plane separated, enabling flexible control of network traffic. SDN控制器为网络架构的核心组件,能够接收来自为全网的安全体系提供基础性服务功能的网络设备的数据信息,与网络设备进行数据通信等功能。 SDN controller core component of the network architecture, capable of receiving information from the data to provide basic services for the entire network network security system device, data communication with the network device and other functions. 这里的网络设备可以为交换机、服务器、防火墙等。 Here the network device may be a switch, server, or firewall.

[0032] 针对SDN场景下网络设备的应用特性,可以将SDN场景下的网络设备分为两类,可定义的网络设备和不可定义的网络设备。 [0032] Applications for the characteristics of the network device SDN scenario, the network devices can be divided into two categories in SDN scenario, define the network devices and network devices can not be defined. 为了对可定义网络设备和不可定义网络设备进行区分,当控制器接收到网络设备的属性信息时,控制器根据属性信息判断网络设备的类型。 In order to define the network devices and network devices can not be defined to distinguish, when the controller receives the attribute information of the network device, the controller determines the type of the attribute information of the network device according to.

[0033]当网络设备为基于硬件才能实现的部件,如与硬件相关的SDN安全部件时,例如加密机必须借助硬件得以实现,需要在有加密芯片的网络设备上执行高效的加密能力,再比如某些虚拟机必须在可信的拥有可信平台模块(trusted platform module,TPM)芯片的主机上运行,否则虚拟机将失去安全保护的能力。 [0033] When the network device is a component-based hardware can be implemented, such as when hardware related SDN safety components, such as encryption machine must be by means of hardware to be implemented, need to perform efficient encryption capabilities on a network device encryption chip, another example some virtual machine must have a credible TPM (trusted platform module, TPM) chip running on the host, or virtual machine will lose the ability to protect the security. 这样,需要将这些安全部件随需进行定义,但是需要将这些与硬件相关的安全部件定义为特定的部件,而不随便进行定义。 Thus, it is necessary to secure these parts need to be defined with, but these need to be associated with the hardware security component is defined for a particular component, without just defined. 网络设备将硬件信息和属性信息上报给SDN控制器,以便于SDN控制器根据该硬件信息确定网络设备的设备类型,和根据属性信息确定该网络设备是否可以被控制器定义。 The network device hardware information and attribute information to a SDN controller, the device to determine the type of network device, the network device and whether the controller can be defined in accordance with the attribute information determined in the controller based on the hardware information SDN. 其中一种具体实现方式,该使用一个驻留在网络设备操作系统(windows/1 inux)上的一个可执行程序HAgent。 Wherein a specific implementation, which uses a device on the network operating system (windows / 1 inux) HAgent an executable program resides. 在HAgent程序中,设定一个向上接口,用于HAgent将网络设备的数据信息可以按照OpenFlow协议的异步(asynchronous)数据结构传递给SDN控制器,当然,控制器与网络设备之间也可以采用同步方式进行通信。 In HAgent program, set up an interface for the data network HAgent device can be passed to the controller in accordance with SDN OpenFlow protocol asynchronous (Asynchronous) data structure, of course, between the controller and the network devices may be employed synchronized communication mode. 这里的数据通信不限定于OpenFlow协议,也可以为其它协议的通信。 Here the data communication protocol is not limited to OpenFlow, other communications protocols may also.

[0034] 对于可定义的网络设备来说,例如防火墙、入侵检测系统(intrus1n detect1nsystem,IDS)以及反病毒(ant1-virus,AV)等主要由软件来执行的网络设备。 [0034] For definable network devices, such as firewalls, intrusion detection systems (intrus1n detect1nsystem, IDS) and antivirus (ant1-virus, AV) and other network equipment mainly performed by software. 也就是说,硬件无关的网络设备可以进行软件定义,其所在的网络设备能够接收SDN控制器数据平面和控制平面的信息。 That is, the hardware-independent software defined network devices can, in their SDN network device capable of receiving data plane and control plane controller information.

[00;35] 对于不能进行软件定义的网络设备来说,例如,证书授权中心(certif icateauthority ,CA)、审计系统、代码升级与管理等。 [00; 35] for the software network device is not defined, for example, a certificate authority (certif icateauthority, CA), the audit system, and management code upgrade. 通过在网络设备上分别部署一套RAgent程序,用以表示这些网络设备不能进行软件定义。 RAgent are deployed by a program on a network device to indicate the network devices can not be defined in software. 这样,不能进行软件定义的网络设备就被独立出来,置于了一个单独的区域,相当于一个SDN“隔离区”,将这些网络设备在SDN的定义之外,SDN控制器不能对这些网络设备进行定义。 Thus, the software can not be defined in the independent network device was placed in a separate region, SDN corresponds to a "quarantine", the network devices from the definition of the SDN, these devices can not SDN network controller defined. 其中,RAgent是一个驻留在网络设备操作系统(windows/1 inux)上的一个可执行程序。 Wherein, RAgent is an executable program on a network device operating system (windows / 1 inux) resides.

[0036] 102、当网络设备可以被控制器定义时,控制器根据硬件信息定义网络设备的数据控制功能,并向网络设备下发定义指令,使网络设备根据定义指令设定数据控制功能。 [0036] 102, when the network controller device may be defined, according to the data control function of the controller hardware information defining network devices, and sends the network device definition instruction, so that the network device control function setting data according to the definition instruction.

[0037]举例来说,当控制器根据网络设备上报的属性信息识别出网络设备可以被控制器定义时,控制器和网络设备中的HAgent进行通信时,控制器将HAgent传输过来的硬件信息进行统一汇总和可视化呈现,并根据硬件信息确定网络设备的数据控制功能,并向网络设备下发定义指令,使网络设备根据定义指令设定数据控制功能。 When [0037] For example, the controller may be defined when the controller identifies the attribute information reported by the network device the network device, network device, and a controller in communication HAgent, the controller will be transmitted by the hardware information HAgent summary unified presentation and visualization, and the network device based on the hardware information for determining control data, and sends the network device definition instruction, so that the network device control function setting data according to the definition instruction.

[0038] 举例来说,网络设备的硬件信息中涉及到TPM硬件,控制器就可以将该网络设备定义为安全服务器、可信云主机等,并向该网络设备下发定义指令,网络设备在接收到定义指令后,就知道自身设备应该具有安全服务器或可信云主机的数据控制功能。 [0038] For example, the hardware information of the network devices involved in a hardware TPM, the controller may define the network devices security server, the trusted cloud host like, and sends instruction is defined by the network device, the network device Upon receiving the definition instruction, the device should know its own security server having a data control function or trusted host cloud.

[0039]此外,当控制器根据网络设备上报的属性信息识别出网络设备可以被控制器定义时,就可以向网络设备下发控制指令,即向网络设备下发控制平面的信息,使网络设备可以根据控制指令执行与控制指令对应的功能。 [0039] Further, the controller may be defined when the controller identifies the attribute information reported by the network device the network device, can send a control command to the network device, network device, ie under the control of the information plane, so that the network device It may correspond to a function control command execution control command. 从可以被定义的网络设备的角度来说,就可以既接收控制平面的信息,也可以接收数据平面的信息。 From the perspective of the network device can be defined, they can receive both the control plane information, the information can also receive data plane.

[0040]其中,对于可定义的安全网络设备来说,又可以分为与硬件相关的安全网络设备和与硬件无关的安全网络设备。 [0040] where, for definable network security devices, can be divided into network-related hardware security devices and hardware-independent network security equipment. 对于与硬件相关的安全网络设备,例如加密机、虚拟机等,控制器只能将其定义为特定的网络设备,即不能随便进行定义,但是其控制平面和数据平面仍然可以分离,但是与SDN控制器的信息交互仍然处于SDN逻辑架构内,只是物理的安全设备网络不能复用。 For the hardware security-related network devices, such as encryption, virtual machine, the controller can be defined for a particular network device, i.e., can not easily be defined, but the control and data planes can still be separated, but the SDN interactive information within the SDN controller is still in the logical architecture, physical security devices on the network but can not be reused. 相应的,这些物理的安全网络设备参数要保持不变,以保障安全网络设备的正确定位和功能实现。 Accordingly, these physical security network equipment parameters to be maintained to ensure proper positioning and network equipment to achieve functional safety. 其中,参数可以包括IP(internet protocol)地址,介质访问控制(media access control,MAC),虚拟局域网(virtual local area network,VLAN)和子网等。 Wherein the parameters may include IP (internet protocol) address, a media access control (media access control, MAC), VLAN (virtual local area network, VLAN), and subnets. 而与硬件无关的安全网络设备,例如防火墙等主要由软件来执行的安全网络设备,即可以接收控制器下发的控制指令而对其进行定义。 And hardware-independent security network equipment, network equipment such as firewalls and other security mainly performed by software, which can receive control commands issued by the controller and define it.

[0041]举例来说,当控制器根据网络设备上报的属性信息识别出网络设备不可以被控制器定义时,也即对于SDN“隔离区”的网络设备来说,部署的RAgent可对数据面实施监控、或审计、或统计,获得数据平面的信息,并将该网络设备数据平面的信息发送给SDN控制器,使得SDN控制器与“隔离区”的服务器进行数据通信。 [0041] For example, when the controller of a network apparatus according to the information for identifying the network device is not defined attribute reported by the controller, i.e. for SDN "quarantine" for network equipment, RAgent data plane may be deployed monitoring embodiment, or auditing, or statistical, obtaining information data plane, the network device and sends the information to the data plane SDN controller so that the controller in data communication with SDN "Quarantine" server. 控制器就从不可被定义的网络设备接收业务数据信息,该业务数据信息就如上所述的监控数据,或审计数据或统计数据。 Controller receives from the network device is not defined in the service data information, monitoring data to the service data information as described above, or audit data or statistics. 也就是说,对于部署了RAgent的网络设备来说,在不能进行软件定义的情况下,与SDN控制器就只进行数据平面的通信,而不接收SDN控制器的控制平面的信息对网络设备进行软件定义。 That is, for RAgent deployed network devices, in a case where the software can not be defined, and only the communication controller SDN data plane, the control plane information without receiving the SDN controller network devices software-defined. 这样,SDN隔离区的网络设备在不进行软件定义时,可以提高SDN系统的安全性。 Thus, SDN network device isolation region is not performed when a software defined, the system can improve the security of the SDN. 但是,网络设备中安装的软件系统仍然能够接收来自控制器上的信息,具体可以通过Op enF I ο w的异步数据传输结构来实现,当然,也可以通过同步数据传输结构来实现。 However, the software system installed in the network device is still able to receive information from the controller, particularly by Op enF I ο w structures asynchronous data transmission is achieved, of course, synchronous data transfer can be achieved by the structure. 其中,RAgent可以有两个接口,向下接口可以使得生产厂商通过该向下接口将数据统计、网络传输状态等信息上传至RAgent,RAgent向上接口可以将数据按照OpenFlow的异步数据结构或同步数据结构发送给SDN控制器。 Wherein, RAgent there may be two interfaces, the interface may allow manufacturers downwardly through the downwardly interface to upload statistics, status and other information to the network transmission RAgent, RAgent up interface in accordance with the data structure of asynchronous data or synchronization data structure OpenFlow SDN sent to the controller.

[0042]本发明实施例提供一种软件定义网络系统中网络设备的管理方法,该软件定义网络系统包括控制器和网络设备,控制器用于管理网络设备通信,通过控制器接收网络设备上报的信息,信息包括网络设备的硬件信息及属性信息;其中,属性信息用于表明网络设备是否可以被控制器定义,当网络设备可以被控制器定义时,控制器根据硬件信息定义网络设备的数据控制功能,并向网络设备下发定义指令,使网络设备根据定义指令设定数据控制功能,在SDN场景下基于网络设备的物理特性提高网络设备的使用性能。 [0042] Information embodiment of the present invention provides a software-defined network system managing method of network devices, the system comprising a software-defined network and a network controller device, a communication controller for managing a network device, a receiving device through a network controller reported , information including a network device hardware information and attribute information; wherein the attribute information indicates whether the network device can be defined as the controller, when the network device may be defined as a controller in accordance with the data control information defining the network hardware devices , and sends the network device definition instruction to cause a data control function to set the network device definition instruction, to improve the physical characteristics of the network device based on the network device in a performance scene SDN.

[0043]本发明实施例提供一种软件定义网络系统中网络设备的管理方法,如图2所示,包括: [0043] The embodiments of the present invention provides a software-defined network system managing method of network devices, shown in Figure 2, comprising:

[0044] 201、网络设备向控制器发送网络设备的硬件信息和属性信息,使得控制器根据硬件信息确定网络设备的数据控制功能,属性信息用于表明网络设备可以被控制器定义。 [0044] 201, the network device sends a network to the controller device hardware information and attribute information, such that the controller determines that network device based on the hardware information data control function, the attribute information for indicating a network controller device may be defined.

[0045]其中,这里的网络设备可以为部署有基于硬件实现的部件的设备,控制器为SDN控制器。 [0045] wherein, where the network devices may be deployed with a hardware-based device components, the controller SDN controller.

[0046]举例来说,控制器根据接收到的属性信息判断网络设备可被定义为特定的设备类型。 [0046] For example, the controller may be defined as a specific type of device is determined according to the attribute information of the network device receives. 具体当网络设备通过运行HAgent程序实现该属性信息上报时,表明该网络设备的功能是基于硬件实现的。 Specifically, when the network device attribute information reporting program implemented by running HAgent, indicating functionality of the network device is a hardware-based implementation. 如与硬件相关的SDN安全部件,例如:必须要在加密芯片的服务器上执行高效加密能力的加密机,和必须在可信的拥有TPM芯片的主机上运行的虚拟机等。 SDN safety components such as hardware-related, such as: encryption machine must perform efficient encryption capabilities on the server encryption chip, and must be running on the host computer has a TPM chip trusted virtual machines. 其中一种具体实现方式,使用一个驻留在为网络设备操作系统(windows/1 inux)上的可执行程序HAgent,用于向控制器表明网络设备为可定义为特定设备类型。 Wherein a specific implementation, resides in the use of a (windows / 1 inux) devices on the network operating system executable HAgent, for the controller to indicate that the network device can be defined as a particular device type. HAgent还用于将网络设备的硬件信息上报给SDN控制器和接收控制器的指令。 HAgent further instructions for the network device hardware information reported to the controller and a receiving controller SDN.

[0047] 在HAgent将网络设备的硬件信息上报给SDN控制器后,控制器可以将HAgent传输过来的硬件信息进行统一汇总和可视化呈现,并根据该硬件信息确定HAgent所能硬件定义的设备类型。 After [0047] In HAgent hardware device information reported to the network controller SDN, HAgent controller may transmit information over the unified hardware and aggregated visual rendering, and can be determined HAgent defined hardware device type information based on the hardware. 例如,某一服务器上部署的HAgent上报的硬件信息包括TPM硬件,控制器便可以将该服务器定义为安全服务器,可信云主机等。 For example, HAgent deployed on a report server hardware information including TPM hardware, the server controller can be defined as a secure server, cloud hosting, and credible. 即控制器可以根据硬件信息定义网络设备的数据控制功能,从而向网络设备下发定义指令,使得网络设备根据定义指令设定数据控制功能。 I.e., the data controller may control the network device hardware information defining functions to send the next instruction to define the network devices, so that the network device control function setting data according to the definition instruction.

[0048] 其中,HAgent程序中设有一向上接口,用于HAgent通过该向上接口将数据信息可以按照OpenFlow的异步数据结构传递给SDN控制器,或者按照同步数据结构向控制器上报数据信息。 [0048] wherein, HAgent program interface has been provided, the data for HAgent the information can be passed upwardly in accordance with the interface to the asynchronous data structure OpenFlow SDN controller, or the controller in accordance with the information to report data synchronized data structure. 这里的数据通信不限定于OpenFlow协议,也可以为其它协议的通信。 Here the data communication protocol is not limited to OpenFlow, other communications protocols may also.

[0049]另外,对部署有HAgent的可定义的特定网络设备来说,其控制平面与数据平面仍然可以分离,与SDN控制器的信息交互仍然处于SDN的逻辑架构内,只是物理的安全设备网络不能复用,例如有TPM硬件的服务器就为安全设备,不能复用为其它类型的设备。 Specific network device [0049] In addition, the deployed HAgent defined, its control plane and the data plane may still be separated, interact with the information in the SDN controller still SDN logical architecture, but the physical network security devices can not be reused, for example, server hardware TPM security device, can not be reused for the other types of devices. 相应的,这些物理的安全网络设备参数(IP/MAC/VLAN/子网)要保持不变,以保障安全系统安全网络设备的正确定位和功能实现。 Accordingly, these physical network devices security parameters (IP / MAC / VLAN / subnet) should remain unchanged, to ensure proper positioning and functionality of network devices and the security systems implemented.

[0050] 202、网络设备接收控制器下发的控制指令,执行控制指令。 [0050] 202, the device sent by the network controller receives the control command execution control instruction.

[0051]具体的,对于可以被定义并部署有HAgent程序,即与硬件相关的网络设备来说,控制器根据硬件信息确定了网络设备的设备类型后,就可以向网络设备下发控制指令,使得网络设备执行该控制指令。 [0051] Specifically, for the post may be defined and deployed with HAgent procedures, i.e., associated with network hardware devices, the controller determines the device type of network device based on the hardware information, you can send a control command to the network device, so that the network device executes the control command. .

[0052]对于可以被定义但没有部署HAgent程序的网络设备,即与硬件无关的网络设备来说,可以接收控制器下发的指令,即控制平面的信息,将网络设备进行按需定义,也就是说可以被定义但没有部署HAgent程序的网络设备既可以接收控制平面的信息,也可以接收数据平面的信息。 [0052] can be defined for deploying HAgent program without network devices, i.e., hardware-independent network equipment, issued by the controller may receive an instruction, i.e., the control plane information, on-demand network device definition, That can not be defined, but the network device may be deployed HAgent program reception control plane information, the information may also receive data plane.

[0053]这样,就将可被定义的网络设备分为可被定义的特定网络设备和可被按需定义的网络设备,从而在SDN场景下基于网络设备的物理特性提高网络设备的使用性能。 [0053] Thus, the network devices will be defined into a specific network device may be defined and may be defined as needed network devices to improve the performance of network devices based on physical characteristics of the network device at the scene SDN.

[0054]本发明实施例提供一种软件定义网络系统中网络设备的管理方法,网络设备向控制器发送网络设备的硬件信息和属性信息,使得控制器根据硬件信息确定网络设备的数据控制功能,属性信息用于表明网络设备可以被控制器定义,网络设备接收控制器下发的控制指令,执行控制指令,在SDN场景下基于网络设备的物理特性提高网络设备的使用性能。 [0054] An embodiment provides a software-defined network system, a network device management method of the present invention, the network device sends a network to the controller device hardware information and attribute information, such that the controller determines control data based on the hardware information of the network device, attribute information can be used to indicate network device controller defines, sent by the network controller receives the device control command execution control instruction, improve the performance of the network device based on the physical characteristics of the network device at the scene SDN.

[0055]本发明实施例提供一种软件定义网络系统中网络设备的管理方法,如图3所示,包括: [0055] The embodiments of the present invention provides a software-defined network system, a network device management method, shown in Figure 3, comprising:

[0056] 301、网络设备向控制器发送网络设备的硬件信息和属性信息,使得控制器根据硬件信息确定网络设备的数据控制功能,属性信息用于表明网络设备不可以被控制器定义。 [0056] 301, the network device sends a network to the controller device hardware information and attribute information, such that the controller determines that network device based on the hardware information data control function, the attribute information for indicating a network controller device may not be defined.

[0057]举例来说,当网络设备上报的属性信息为部署有RAgent程序时,向控制器表明该网络设备不可以被控制器定义。 [0057] For example, when the network equipment to report the attribute information deployed RAgent program, the controller indicates that the network controller device may not be defined. 这里的网络设备,例如可以为CA中心,审计系统以及代码升级与管理以及身份认证服务器等。 Here's a network device, for example, as the CA center, audit system, and code upgrades and management and authentication server.

[0058] 其中,RAgent为驻留在网络设备操作系统(windows/1 inux)上的可执行程序,用于对网络设备数据面信息实施监控、或审计或统计,将本地网络设备数据平面的信息转发至SDN控制器。 [0058] wherein, RAgent executable programs residing on a network device operating system (windows / 1 inux) for information on the data plane network device embodiments monitor or audit or statistics, information of the local network device to a data plane forwarded to the SDN controller. 在RAgent程序中可以设定向上接口和向下接口。 In RAgent program interfaces can be set up and down interfaces. 向下接口可以用于生产厂商通过该向下接口将数据统计、网络传输状态等信息上传至网络设备的RAgent,向上接口可以将网络设备的数据信息按照OpenFlow的异步数据结构传递给SDN控制器,以便于SDN控制器根据数据信息向网络设备分发策略信息。 Manufacturer down interface may be used to upload data interface statistics, network transmission status information through the network down to the device RAgent, upward data network interface may be transmitted to the device according to the SDN controller asynchronous data structure of OpenFlow, to distribute policy information to the network device according to the SDN controller data. 这里的数据通信不限定于OpenFlow协议,也可以为其它协议的通信 Here the data communication is not limited to the OpenFlow protocol, other protocols may be a communication

[0059]这样,部署有RAgent从而不能软件定义的网络设备就被独立出来,置于了一个单独的区域,相当于一个“SDN隔离区”,将这些网络设备置在SDN的定义之外,但是其上安装的软件系统仍然能够接收来自SDN控制器上的信息,与SDN控制器保持异步通信能力,从而能够为整个SDN系统提供基础性的安全服务,例如审计功能。 [0059] Thus, the software can not be deployed so RAgent defined network independent device was placed in a separate region, it corresponds to a "quarantine SDN", these network devices in the defined set SDN outside, but installed thereon software system is still capable of receiving information from a controller on the SDN, the SDN holding capacity and asynchronous communication controller, which can provide basic security services for the entire system, SDN, e.g. audit function.

[0060] 302、网络设备根据数据控制功能,向控制器发送业务数据信息,以与控制器进行数据平面通信。 [0060] 302, the network device control function according to the data transmission service data information to the controller, the data plane for communication with the controller.

[0061]具体的,对于不可以被控制器定义的网络设备来说,控制器下发的数据控制功能并不是控制器对网络设备下发的控制平面的信息,即不对网络设备进行定义,但是网络设备上的软件系统仍然能够接收控制器上的信息,具体可以通过OpenFlow的异步数据传输结构实现,也可以通过同步数据传输结构实现。 [0061] Specifically, the controller may not be defined for the network device, the data delivered by the control function of the controller does not control the information delivered by the control plane of the network equipment, the network equipment that is not defined, but the software systems on the network device is still capable of receiving information on the controller, specifically via the asynchronous data transmission structure OpenFlow implementation, may be realized by synchronous data transmission structure. 即该网络设备从控制器接收到的就是数据平面的信息,同时,网络设备中部署的RAgent程序可以将网络设备业务数据信息发送给控制器,以使得控制器可以根据该业务数据信息向网络设备分发策略信息。 That is, the network device receives information from the controller is the data plane, while, RAgent program deployed in the network device may send the service data network device information to the controller so that the controller can be the network device based on the service data information distribute policy information.

[0062]其中,这里的业务数据信息可以是RAgent程序将本地网络设备的监控数据信息、或审计数据信息、或统计数据信息等上报给了控制器。 [0062] wherein, where the service data information may be RAgent program monitoring data information of the local network device, or audit data, or statistics information reported to the controller.

[0063]这样,排除在SDN软件定义之外的网络设备不会发生物理设备的变化,能够更好地提高SDN系统的安全性能。 [0063] Thus, the network device outside the exclusion SDN Software defined does not change the physical device occurs, it is possible to better improve the security of the system SDN.

[0064]本发明实施例提供一种软件定义网络系统中网络设备的管理方法,网络设备向控制器发送网络设备的硬件信息和属性信息,使得控制器根据硬件信息确定网络设备的数据控制功能,属性信息用于表明网络设备不可以被控制器定义,网络设备根据数据控制功能,向控制器发送业务数据信息,以与控制器进行数据平面通信,在SDN场景下基于网络设备的物理特性提高网络设备的使用性能。 [0064] An embodiment provides a software-defined network system, a network device management method of the present invention, the network device sends a network to the controller device hardware information and attribute information, such that the controller determines control data based on the hardware information of the network device, attribute information for indicating a network controller device may not be defined, the network equipment, the controller transmits information to the service data according to the data control function to perform communication with a data plane controller, to improve the physical characteristics of the network based on the network device at the scene SDN equipment performance. .

[0065]本发明实施例提供一种控制器01,应用于软件定义网络系统中,软件定义网络系统包括控制器01和网络设备,控制器用于管理网络设备通信,如图4所示,包括: [0065] Example embodiments of the present invention is to provide a controller 01, applied to the software-defined network system, the system comprising a software-defined network controller and network device 01, a communication controller for managing a network device, shown in Figure 4, comprising:

[0066]接收单元011,用于接收网络设备上报的信息,信息包括网络设备的硬件信息及属性信息;其中,属性信息用于表明网络设备是否可以被控制器定义。 [0066] The receiving unit 011 for receiving information reported by the network device, information including hardware information and attribute information of the network device; wherein the attribute information indicates whether the controller network device may be defined.

[0067]处理单元012,用于当网络设备可以被控制器定义时,根据硬件信息定义网络设备的数据控制功能。 [0067] The processing unit 012 for, when a network device can be defined as a controller, a data control function based on the hardware information defining the network device.

[0068]发送单元013,用于向网络设备下发定义指令,使网络设备根据定义指令设定数据控制功能。 [0068] The transmitting unit 013 configured to send the next instruction to define the network equipment, the network device control function setting data according to the definition instruction.

[0069] 可选的,发送单元013,还可以用于当网络设备可以被控制器定义时,向网络设备下发控制指令,使网络设备根据控制指令执行控制指令。 [0069] Alternatively, the transmission unit 013, may also be used when the network controller device may be defined, send a control command to the network equipment, the network device control command execution control instruction.

[0070]可选的,接收单元011,还用于当网络设备不可以被控制器定义时,接收网络设备发送的业务数据信息。 [0070] Alternatively, the receiving unit 011, a network device is further configured to, when the controller can not be defined, the network transmits service data information receiving apparatus. .

[0071]可选的,控制器与网络设备通信的方式为异步方式。 [0071] Alternatively, the controller communicate asynchronously network device.

[0072]本发明实施例提供一种控制器,应用于软件定义网络系统中,软件定义网络系统包括控制器和网络设备,控制器用于管理网络设备通信,通过控制器接收网络设备上报的信息,信息包括网络设备的硬件信息及属性信息;其中,属性信息用于表明网络设备是否可以被控制器定义,当网络设备可以被控制器定义时,控制器根据硬件信息定义网络设备的数据控制功能,并向网络设备下发定义指令,使网络设备根据定义指令设定数据控制功能,在SDN场景下基于网络设备的物理特性提高网络设备的使用性能。 [0072] An embodiment provides a controller of the present invention is applied to software-defined network system, the system comprising a software-defined network and a network controller device, a communication controller for managing a network device, the network device receiving the information reported by the controller, information includes hardware information and network device attribute information; wherein the attribute information indicating whether the network device can be defined as a controller, when a network controller device may be defined, according to the data control function of the controller hardware information defining the network device, definition instruction and sends the network equipment, the network device control function setting data according to the definition instruction, improve the performance of the network device based on the physical characteristics of the network device at the scene SDN.

[0073]本发明实施例提供一种控制器02,应用于软件定义网络系统中,软件定义网络系统包括控制器和网络设备,控制器用于管理网络设备通信,如图5所示,包括总线041,处理器042,发射器043,接收器044,以及存储器045,其中,存储器045用于存储指令和数据,接收器044执行该指令用于接收网络设备上报的信息,信息包括网络设备的硬件信息及属性信息;其中,属性信息用于表明网络设备是否可以被控制器定义,处理器042执行该指令用于当网络设备可以被控制器定义时,控制器根据硬件信息定义网络设备的数据控制功能,发射器043用于向网络设备下发定义指令,使网络设备根据定义指令设定数据控制功能。 [0073] Example embodiments of the present invention is to provide a controller 02, applied to the software-defined network system, the system comprising a software-defined network and a network controller device, a communication controller for managing the network device, shown in Figure 5, includes a bus 041 , a processor 042, a transmitter 043, a receiver 044, and a memory 045, wherein the hardware information memory 045 for storing instructions and data, the receiver 044 executes the instruction for receiving information reported by the network device, network device information including and attribute information; wherein the attribute information indicates whether the network device can be defined a controller, a processor 042 for executing the instruction when the network device may be defined as a controller in accordance with the data control information defining the network hardware devices , a transmitter 043 to a network device, the instructions define the network device control function setting data according to the definition instruction.

[0074]在本发明实施例中,可选的,发射器043可以用于当网络设备可以被控制器定义时,控制器向网络设备下发控制指令,使网络设备根据控制指令执行控制指令。 [0074] In an embodiment of the present invention, optionally, the transmitter 043 may be used when the network device may be defined as a controller, the controller issues a control command to the network equipment, the network device control command execution control instruction.

[0075]在本发明实施例中,可选的,接收器044还可以用于当网络设备不可以被控制器定义时,控制还用于接收网络设备发送的业务数据信息。 [0075] In an embodiment of the present invention, optionally, the receiver 044 may also be used when the network controller device may not be defined, but also the control information for receiving service data sent by the network device.

[0076]在本发明实施例中,可选的,控制器与网络设备通信的方式为异步方式。 [0076] In an embodiment of the present invention, optionally, communicate with the controller asynchronous network device.

[0077]本发明实施例提供一种控制器,应用于软件定义网络系统中,软件定义网络系统包括控制器和网络设备,控制器用于管理网络设备通信,通过控制器接收网络设备上报的信息,信息包括网络设备的硬件信息及属性信息;其中,属性信息用于表明网络设备是否可以被控制器定义,当网络设备可以被控制器定义时,控制器根据硬件信息定义网络设备的数据控制功能,并向网络设备下发定义指令,使网络设备根据定义指令设定数据控制功能,在SDN场景下基于网络设备的物理特性提高网络设备的使用性能。 Embodiment [0077] The present invention provides a controller applied to software-defined network system, the system comprising a software-defined network and a network controller device, a communication controller for managing a network device, the network device receiving the information reported by the controller, information includes hardware information and network device attribute information; wherein the attribute information indicating whether the network device can be defined as a controller, when a network controller device may be defined, according to the data control function of the controller hardware information defining the network device, definition instruction and sends the network equipment, the network device control function setting data according to the definition instruction, improve the performance of the network device based on the physical characteristics of the network device at the scene SDN.

[0078]本发明实施例提供一种软件定义网络系统1,如图6所示,包括控制器01,不可定义的网络设备,可定义的网络设备,其中,可定义的网络设备包括与硬件相关的软件程序所网络设备和与硬件无关的网络设备。 [0078] The embodiments of the present invention provides a software-defined network system 1, as shown in Figure 6, includes a controller 01, a network device is not defined, define the network devices, wherein the network device comprises a defined hardware associated with software program and hardware-independent network equipment network equipment. 其中,各部分的实现方式与前述实施例相应的实现方式相同,不再赘述。 Wherein portions of the implementations of the same embodiment corresponding implementation embodiment, is omitted.

[0079]在本申请所提供的几个实施例中,应该理解到,所揭露的系统,服务器和方法,可以通过其它的方式实现。 [0079] In several embodiments provided herein present embodiment, it should be understood that the disclosed system, the server and method may be implemented in other ways. 例如,以上所描述的设备实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。 For example, the device described in the above embodiments are merely illustrative of, for example, the unit division is merely logical function division, there may be other division in actual implementation, for example, a plurality of units or components may be combined or It can be integrated into another system, or some features may be ignored or not performed. 另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。 Another point, displayed or coupling or direct coupling or communication between interconnected in question may be through some interface, device, or indirect coupling or communication connection unit, may be electrical, mechanical, or other forms.

[0080]另外,在本发明各个实施例中的设备和系统中,各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理包括,也可以两个或两个以上单元集成在一个单元中。 [0080] Further, in the embodiment of the apparatus and system according to various embodiments of the present invention, the functional units may be integrated into a processing unit, separate units may be physically, or two or more units are integrated in a unit. 且上述的各单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。 And said each unit may be implemented in hardware, the hardware may be used in the form of software functional units realized.

[0081]实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read Only Memory,简称ROM)、随机存取存储器(Random Access Memory,简称RAM)、磁碟或者光盘等各种可以存储程序代码的介质。 [0081] all or part of the steps of the above process embodiments may be implemented by a program instructing relevant hardware to complete, the program may be stored in a computer readable storage medium, the program, when executed, perform a method comprising the above-described embodiment step; and the storage medium includes: U disk, mobile hard disk, a read-only memory (Read Only memory, referred to as ROM), a random access memory (random access memory, referred to as RAM), various magnetic disk or an optical storage medium program codes.

[0082]以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。 [0082] The above are only specific embodiments of the present invention, but the scope of the present invention is not limited thereto, any skilled in the art in the art within the technical scope of the present invention is disclosed, variations may readily occur or Alternatively, it shall fall within the protection scope of the present invention. 因此,本发明的保护范围应以所述权利要求的保护范围为准。 Accordingly, the scope of the present invention should be defined by the scope of the claims.

Claims (8)

1.一种软件定义网络系统中网络设备的管理方法,其特征在于,所述软件定义网络系统包括控制器和所述网络设备,所述控制器用于管理所述网络设备通信,所述方法包括: 所述控制器接收所述网络设备上报的信息,所述信息包括所述网络设备的硬件信息及属性信息;其中,所述属性信息用于表明所述网络设备是否可以被所述控制器定义; 当所述网络设备可以被所述控制器定义时,所述控制器根据所述硬件信息定义所述网络设备的数据控制功能,并向所述网络设备下发定义指令,使所述网络设备根据所述定义指令设定所述数据控制功能。 1. A method of managing a network system software-defined network devices, wherein said software-defined network and the network system includes a controller device, a controller for managing communication of the network device, the method comprising : the controller receives the information reported by the network device, said information comprises hardware information and attribute information of the network device; wherein the attribute information for indicating whether the network device can be defined as the controller ; when the network device may be defined as the controller in accordance with the data control information defining the function of the hardware network device, the network device and sends the command definitions, the network device the data setting control function according to the defined command.
2.根据权利要求1所述的方法,其特征在于,所述方法还包括: 当所述网络设备可以被所述控制器定义时,所述控制器向所述网络设备下发控制指令,使所述网络设备执行所述控制指令。 2. The method according to claim 1, wherein said method further comprises: when the network device can be defined in the controller send the control command to the network device, so that the network device executes the control instruction.
3.根据权利要求1所述的方法,其特征在于,当所述网络设备不可以被所述控制器定义时,所述控制器还用于接收所述网络设备发送的业务数据信息。 3. The method according to claim 1, wherein, when the network device is not defined in the controller, the controller further for receiving traffic data transmitted by the network device information.
4.根据权利要求2或3所述的方法,其特征在于,所述控制器与所述网络设备通信的方式为异步方式。 4. The method of claim 2 or claim 3, wherein the controller communicate with the network device to asynchronous mode.
5.—种控制器,其特征在于,应用于软件定义网络系统中,所述软件定义网络系统包括所述控制器和网络设备,所述控制器用于管理所述网络设备通信,所述控制器包括: 接收单元,用于接收所述网络设备上报的信息,所述信息包括所述网络设备的硬件信息及属性信息;其中,所述属性信息用于表明所述网络设备是否可以被所述控制器定义; 处理单元,用于当所述网络设备可以被所述控制器定义时,根据所述硬件信息定义所述网络设备的数据控制功能; 发送单元,用于向所述网络设备下发定义指令,使所述网络设备根据所述定义指令设定所述数据控制功能。 5.- species controller, wherein the system is applied to software-defined network, the system comprising a software-defined network and said network controller device, a controller for managing communication of the network device, the controller comprising: receiving means for receiving information reported by the network device, the information comprising the network device hardware information and attribute information; wherein the attribute information is used to indicate whether the network device can be controlled definition; a processing unit, configured to, when the network controller of the device may be defined, according to the data control information defining the hardware of the network device; and a sending unit configured to send the network device definition instructions to cause the network control apparatus sets the function according to the data definition instruction.
6.根据权利要求5所述的控制器,其特征在于,还包括: 所述发送单元,还用于当所述网络设备可以被所述控制器定义时,向所述网络设备下发控制指令,使所述网络设备执行所述控制指令。 6. The controller according to claim 5, characterized in that, further comprising: when the transmitting unit is further configured to, when the network device may be defined as the controller, at the network device to send a control command the network apparatus to execute the control instruction.
7.根据权利要求5所述的控制器,其特征在于,所述接收单元,还用于当所述网络设备不可以被所述控制器定义时,接收所述网络设备发送的业务数据信息。 7. The controller according to claim 5, wherein the receiving unit is further configured to, when the network device is not defined in the controller, receive the service data sent by the information network.
8.根据权利要求6或7所述的控制器,其特征在于,所述控制器与所述网络设备通信的方式为异步方式。 The controller according to claim 6 or claim 7, wherein the controller communicate with the network device to asynchronous mode.
CN201310616278.7A 2013-11-27 2013-11-27 A software defined network system managing method of network devices and the controller CN103647658B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310616278.7A CN103647658B (en) 2013-11-27 2013-11-27 A software defined network system managing method of network devices and the controller

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310616278.7A CN103647658B (en) 2013-11-27 2013-11-27 A software defined network system managing method of network devices and the controller

Publications (2)

Publication Number Publication Date
CN103647658A CN103647658A (en) 2014-03-19
CN103647658B true CN103647658B (en) 2016-12-07

Family

ID=50252819

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310616278.7A CN103647658B (en) 2013-11-27 2013-11-27 A software defined network system managing method of network devices and the controller

Country Status (1)

Country Link
CN (1) CN103647658B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105099646A (en) * 2014-05-14 2015-11-25 中兴通讯股份有限公司 Synchronization link determination method and apparatus
CN105830038B (en) * 2014-06-30 2019-03-05 华为技术有限公司 A kind of method and host of access storage equipment
CN107003860A (en) * 2014-08-19 2017-08-01 华为技术有限公司 Software defined network controller and method for its creation
CN105376275A (en) * 2014-08-25 2016-03-02 中兴通讯股份有限公司 Software-defined network (SDN)-based data management method and system
CN105490960A (en) * 2014-09-15 2016-04-13 中兴通讯股份有限公司 SDN configuration, and message forwarding method based on same
US9432380B2 (en) * 2014-09-22 2016-08-30 Empire Technology Development Llc Network control security

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101554033A (en) * 2006-12-08 2009-10-07 微软公司 System capability discovery for software defined radio
CN102594579A (en) * 2011-01-06 2012-07-18 卓思网络公司 Automatic configuration and network deployment for network devices
CN102904975A (en) * 2012-09-28 2013-01-30 华为技术有限公司 Method and associated device for message processing
CN103051557A (en) * 2012-12-27 2013-04-17 华为技术有限公司 Data stream processing method and system, controller and switching equipment
CN103051565A (en) * 2013-01-04 2013-04-17 中兴通讯股份有限公司 Framework system of grade software defined network software controller and implementation method thereof
CN103166876A (en) * 2011-12-08 2013-06-19 中兴通讯股份有限公司 Transmission method for data among OpenFlow network domains and device
CN103209225A (en) * 2013-04-03 2013-07-17 北京邮电大学 Software defined network (SDN) broadcast processing method based on cycle trigger agent
CN103347013A (en) * 2013-06-21 2013-10-09 北京邮电大学 OpenFlow network system and method for enhancing programmable capability
WO2013173482A1 (en) * 2012-05-18 2013-11-21 Brocade Communications Systems, Inc. Network feedback in software-defined networks

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1947872B1 (en) * 2007-01-22 2014-04-16 Alcatel Lucent Software defined radio base station and configuration method
CN103095565B (en) * 2012-10-18 2015-12-16 中兴通讯股份有限公司 A software-defined network operating system and its implementation
CN103209121B (en) * 2013-03-15 2019-02-01 中兴通讯股份有限公司 The discovery processing method and processing device of control plane equipment based on open flow agreement

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101554033A (en) * 2006-12-08 2009-10-07 微软公司 System capability discovery for software defined radio
CN102594579A (en) * 2011-01-06 2012-07-18 卓思网络公司 Automatic configuration and network deployment for network devices
CN103166876A (en) * 2011-12-08 2013-06-19 中兴通讯股份有限公司 Transmission method for data among OpenFlow network domains and device
WO2013173482A1 (en) * 2012-05-18 2013-11-21 Brocade Communications Systems, Inc. Network feedback in software-defined networks
CN102904975A (en) * 2012-09-28 2013-01-30 华为技术有限公司 Method and associated device for message processing
CN103051557A (en) * 2012-12-27 2013-04-17 华为技术有限公司 Data stream processing method and system, controller and switching equipment
CN103051565A (en) * 2013-01-04 2013-04-17 中兴通讯股份有限公司 Framework system of grade software defined network software controller and implementation method thereof
CN103209225A (en) * 2013-04-03 2013-07-17 北京邮电大学 Software defined network (SDN) broadcast processing method based on cycle trigger agent
CN103347013A (en) * 2013-06-21 2013-10-09 北京邮电大学 OpenFlow network system and method for enhancing programmable capability

Also Published As

Publication number Publication date
CN103647658A (en) 2014-03-19

Similar Documents

Publication Publication Date Title
Nunes et al. A survey of software-defined networking: Past, present, and future of programmable networks
US9769049B2 (en) Monitoring virtualized network
CN101283539B (en) Network security equipment
US9270650B2 (en) System and method for providing secure subnet management agent (SMA) in an infiniband (IB) network
US20160359878A1 (en) Synthetic data for determining health of a network security system
CN102739645B (en) VM migration method and device security policy
EP2154825A1 (en) Systems and methods for provisioning network devices
EP2288077B1 (en) Secure creation of a virtual network interface
US20100287262A1 (en) Method and system for guaranteed end-to-end data flows in a local networking domain
CN104081371B (en) Cloud stamp of automation expansion
CN104579732B (en) Virtual network management functions of the network elements, devices and systems
US8909758B2 (en) Physical server discovery and correlation
US9380075B2 (en) System for supervising the security of an architecture
CN104704775B (en) Discovering, validating and configuring the hardware inventory component
CN103026660B (en) Network policy configuration, device management and network management center equipment
CN102474515B (en) Connection device certification
US9742790B2 (en) Technologies for secure personalization of a security monitoring virtual network function
Flauzac et al. SDN based architecture for IoT and improvement of the security
US9612854B2 (en) System and method for virtualizing a remote device
CN107548499A (en) Technologies for secure bootstrapping of virtual network functions
CN107251514A (en) Technologies for scalable security architecture of virtualized networks
CN103685250A (en) Virtual machine security policy migration system and method based on SDN
KR101562726B1 (en) Communication path control system, and communication path control method
CN105577637B (en) Calculating equipment, method and machine readable storage medium for being communicated between secured virtual network function
US9872205B2 (en) Method and system for sideband communication architecture for supporting manageability over wireless LAN (WLAN)

Legal Events

Date Code Title Description
C10 Entry into substantive examination
C14 Grant of patent or utility model