CN104010049B - Ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN - Google Patents

Ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN Download PDF

Info

Publication number
CN104010049B
CN104010049B CN201410181020.3A CN201410181020A CN104010049B CN 104010049 B CN104010049 B CN 104010049B CN 201410181020 A CN201410181020 A CN 201410181020A CN 104010049 B CN104010049 B CN 104010049B
Authority
CN
China
Prior art keywords
message
address
server
dhcp
dynamic host
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410181020.3A
Other languages
Chinese (zh)
Other versions
CN104010049A (en
Inventor
李俊武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xingyuan Jurun Technology (Beijing) Co.,Ltd.
Original Assignee
Yi Cloud Feilingjiexun Technology (beijing) Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yi Cloud Feilingjiexun Technology (beijing) Ltd By Share Ltd filed Critical Yi Cloud Feilingjiexun Technology (beijing) Ltd By Share Ltd
Priority to CN201410181020.3A priority Critical patent/CN104010049B/en
Publication of CN104010049A publication Critical patent/CN104010049A/en
Application granted granted Critical
Publication of CN104010049B publication Critical patent/CN104010049B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The present invention proposes a kind of ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN, solves above-mentioned because two layers of head of message encapsulate the technical problem such as the forwarding process induced one complexity and efficiency of transmission reduction.Step 1: physical layer of device obtains physical signalling according to frame gap and guiding frame from transmission medium, and the physical signalling is converted into bit, gives data link layer;Step 2: data link layer carries out original processing work in addition to MAC Address is recognized and is addressed;Step 3: analysis protocol stack recognizes message;Step 4: route gives other handling processes of data link layer execution in addition to Ethernet is encapsulated with mac addressing after producing, according to header form, it is transmitted to physical layer to handle;Forwarded Step 5: the bit of message data frame is converted into photosignal by physical layer according to original mode.

Description

Ethernet ip message encapsulating method and Network Isolation and DHCP based on SDN are realized Method
Technical field
The present invention relates to a kind of ethernet ip message encapsulating method based on SDN and Network Isolation and DHCP implementation methods, Belong to ether network packet encapsulation field.
Background technology
Present Ethernet is more ripe to be applied in actual network, due to network Development history, Present ether network packet has two addresses, and one is MAC Address, and another is ip addresses, and in two layers of repeating process Middle IP address is inoperative, while in three layers of repeating process, the MAC Address of header is constantly modified, no Two in a LAN need the network equipment communicated to be that need not obtain the MAC Address of intermediary network device.Also, In the final jump of message, in addition it is also necessary to complete the transformation mapped message IP and MAC, the route or forwarding process of message are become Complicate.Same two layers of head of message also have the VLAN TAG fields of 4 bytes, this field basic in being forwarded at three layers It is also unconcerned.And because the planning to VLAND id fields in VLAN TAG is not long-range enough, cause present big by two Isolation is carried out in layer and occurs in that the problem of vlan numbers are inadequate, and in order to solve vxlan the and nvgre methods of this problem proposition Need to encapsulate message again, also result in message transmissions loss of efficiency.With the development of network technology, such as Fig. 1 TCP/ The standard that the layer models of IP tetra- come true, adds the appearance of SDN technologies, allows network technician or client can be more preferably according to oneself Demand complete to the innovation of network and use.
The message format of wired ethernet is down packaged from level to level from upper strata, until the link layer in Fig. 1 is last Change into physical bit and produce the network equipment, encapsulation process such as Fig. 2.
Four layer model link layers are the effects that some is responsible for being assembled into physical bit into data frame, and the part is Data link layer, it is divided into two layers of MAC layer and LLC layer, and the major function of media access control sublayer includes the encapsulation of data frame/remove stage makeup and costume, frame Addressing and identification, the reception and transmission of frame, the management of link, Error Control of frame etc.;LLC is in High-Level Data Link Control (HDLC:High-Level Data-Link Control) on the basis of grow up, and used HDLC specifications subsets to bear Blame to its serve upper layers.
The content of the invention
It is above-mentioned because two layers of head of message encapsulate the skill such as the forwarding process induced one complexity and efficiency of transmission reduction in order to solve Art problem, the present invention proposes a kind of ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN.
A kind of ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN, including server End packet receiving and server end are given out a contract for a project, and wherein server end packet receiving comprises the following steps:
Step 1: physical layer of device obtains physical signalling according to frame gap and guiding frame from transmission medium, and will be described Physical signalling is converted to bit, gives data link layer;
Step 2: data link layer carries out original processing work in addition to MAC Address is recognized and is addressed, including it will compare Message is handed into the processing of packet receiving function after special position binding and layout;
Step 3: analysis protocol stack recognizes message, according to new header format analytic message, the related message of message is obtained Header, enters subsequent protocol stack if message DIP (purpose IP) is the address of the server, is route if not then passing through Forward process flow;
Step 4: route produce after give data link layer perform except Ethernet encapsulate and mac addressing in addition to other Handling process, according to header form, is transmitted to physical layer to handle;
Transferred Step 5: the bit of message data frame is converted into photosignal by physical layer according to original mode Go;
Wherein server end, which is given out a contract for a project, comprises the following steps:
Step 1: adding TCP/UDP L4 header informations and trailer information after message data section is packaged first, then Carry out IP encapsulation;
Step 2: IP encapsulated messages are carried out into route querying according to DIP, to choose exit port;
Carried out Step 3: giving data link layer by the message for finding exit port except Ethernet encapsulation and mac addressing Other operations in addition;
Transferred Step 4: the bit of message data frame is converted into photosignal by physical layer according to original mode Go.
The DHCP that IP address is obtained in the above method uses following methods:
Step 1: Controller determines position and the IP information of Dynamic Host Configuration Protocol server in topology, it is ensured that Servers-all DHCP correlation discover or request message can be forwarded to the Dynamic Host Configuration Protocol server in respective range, i.e., Dynamic Host Configuration Protocol server is given tacit consent to It should be that all devices that can be provided by it in the range of DHCP service are accessed, and prevent other people from pretending to be Dynamic Host Configuration Protocol server;
Step 2: user generates the public key and private key of oneself by RSA Algorithm first;User configuring static server IP Location then enters below step three, otherwise into step 6;
Step 3: user's static configuration server ip address, then directly transmit DCHP request request messages to DHCP Server, the SIP of message is 0.0.0.0, and DIP is 255.255.255.255, IP address of the message content comprising static configuration and Public key;
Step 4: Dynamic Host Configuration Protocol server is received after message, record the public key and check whether the static IP of configuration is used;Such as Really the IP address, if the IP address is not used by other equipment, is sent by using DHCP deny messages are then sent DHCP ACK messages;The SIP of message is the IP address of Dynamic Host Configuration Protocol server, and purpose IP is 255.255.255.255;
Step 5: when receiving the DHCP DENY messages for being sent to oneself, the failure of server prompts user configuring, because The IP address has been used, and reattempts to new IP address, is continued to go to step three and is applied, until true by Dynamic Host Configuration Protocol server Recognize;Receive DHCP ACK messages and then point out configuration successful, and record the IP address of Dynamic Host Configuration Protocol server;Subsequently into step 10;
Step 6: when user's dynamic access IP address, then sending DHCP discover messages, the network equipment is then forwarded To Dynamic Host Configuration Protocol server;DHCP discover messages SIP is 0.0.0.0, and DIP is 255.255.255.255, and message content is included The IP address and public key of static configuration;
Step 7: Dynamic Host Configuration Protocol server is received after DHCP discover messages, selection is without occupied IP address, encapsulation The server for there are DHCP demands is given into DHCP OFFER messages;The SIP of DHCP OFFER messages is the IP address of Dynamic Host Configuration Protocol server, Destination address is 255.255.255.255;
Step 8: server is received after DHCP server DHCP OFFER messages, the address of Dynamic Host Configuration Protocol server is recorded, Then the IP address is received;And DHCP request messages are sent, now the SIP of message is the IP, DIP that Dynamic Host Configuration Protocol server is provided It is the IP address of Dynamic Host Configuration Protocol server;
Step 9: Dynamic Host Configuration Protocol server is received after the DHCP request messages of server, record the server IP and Public key, and send DHCP ACK messages;The SIP of message is the IP address of Dynamic Host Configuration Protocol server, and purpose IP is available to server IP address;
Recorded Step 10: public key and IP address are sent to controller by Dynamic Host Configuration Protocol server, so as to it is follow-up other Equipment issues suitable access path when accessing the IP address;Because the equipment that Dynamic Host Configuration Protocol server distributes IP address belongs to a certain In individual regional extent, even if so be not based on vlan three layer interface configuration of IP under new message encapsulation format, can also protect Same section of IP is demonstrate,proved in adjacent ranges, so that being aggregated in for route is still effective during router-level topology.
After message enters data link layer, after message does not have VLAN ID in new method for packing, Openflow is handed over Mechanism of the lookup less than then progress broadcast processing of original two layers of acquiescence need not be supported in changing planes, therefore is realized in the following way Isolation and intercommunication:
Step 1: acquiescence Servers-all between can not by network access, after the good network of network equipments configuration, Dynamic Host Configuration Protocol server configures its network and sends IP request messages;
Step 2: sending specific message to controller, controller generation full mesh topology figures record every clothes The IP address of device of being engaged in and the port of the place network equipment;
Step 3: every server is reported to controller oneself safe class, it is divided into three classes:
A. acquiescence is the equipment that all devices can be accessed, it is adaptable to website or resource service as public service;
B. acquiescence only has the equipment that the part network segment can be accessed, it is adaptable to which the equipment of company or IDC Intranets carries out networking;
C. acquiescence could access oneself using the equipment only by oneself certification, such as can be RSA etc algorithm;
Step 4: Controller is collected into after the access level of equipment, corresponding rule is issued to each network route In equipment, it is ensured that the intercommunication and isolation of each grade equipment;
Step 5: when c kind equipments have new equipment by certification in step 3, issuing new openflow rules and protecting Demonstrate,prove its intercommunication with other network equipments;
Beneficial effects of the present invention:
1st, after the fields such as MAC and VID are cancelled, the message of same length can increase the content of data segment, so improve Message mtu proportion shared by message data part, so as to improve the utilization ratio of link bandwidth;
2nd, after vlan fields are cancelled, Network Isolation can be redesigned based on SDN mechanism;So, because vlan Id exist Number is not enough and can fundamentally be addressed the problem of induce one in big two layers, because the scheme such as vxlan and nvgre is multiple Encapsulation can cause the low of link efficiency;
3rd, after MAC fields are cancelled, the network equipment no longer needs that MAC table is recorded and safeguarded, can so simplify The handling process of the network equipment, reduces network device processing MAC related hardware facility to reduce cost;
4th, by the way of SDN is supported, new message format is easily parsed, it is former for conventional network equipment processing The protocol massages and mutual message come will not functional property influence;
5th, using openflow interchangers, the transition of the forwarding scheme of new message can very easily be realized;And Openflow interchangers are acted it is also possible that very easily mutual using the equipment and traditional equipment based on MAC of this scheme It is logical;
6th, ARP the and RARP agreements of IPV4 and MAC demapping section can also be optimized in protocol stack, so can be with base Complete trails is carried out in item of failing to be sold at auction to message to table look-up forwarding according to unified mode, without there is ARP to inquire about and corresponding mechanism again;
7th, new packaged type very easily can be run in conventional network equipment, easily be realized and existing network Compatibility.
Brief description of the drawings
Fig. 1 is the layer model schematic diagrames of TCP/IP tetra- in background technology;
Fig. 2 is Ethernet encapsulation schematic diagram;
Fig. 3 is the Ethernet encapsulation schematic diagram after removal MAC in the present invention.
Embodiment
In order to simplify routing forwarding flow, the present invention proposes a kind of ethernet ip message encapsulating method and net based on SDN Network is isolated and DHCP implementation methods, and the program is only limitted to the addressing of frame and identification work(not for the modification for this layer Can remove, for server after packet receiving directly judge IP messages whether be the machine IP messages, if not then directly progress Route, if so enters back into protocol stack and is handled.And interchanger is then to packet parsing since IP heads, then basis The item of failing to be sold at auction of matching is forwarded;If being not matched to any item of failing to be sold at auction, configured and carried out according to corresponding table miss Processing.The program has following feature:
1. after the fields such as MAC and VID are cancelled, the message of same length can increase the content of data segment, so improve Message mtu proportion shared by message data part, so as to improve the utilization ratio of link bandwidth;
2. after vlan fields are cancelled, Network Isolation can be redesigned based on SDN mechanism;So, because vlanId exists Number is not enough and can fundamentally be addressed the problem of induce one in big two layers, because the scheme such as vxlan and nvgre is multiple Encapsulation can cause the low of link efficiency;
3. after MAC fields are cancelled, the network equipment no longer needs that MAC table is recorded and safeguarded, can so simplify The handling process of the network equipment, reduces network device processing MAC related hardware facility to reduce cost;
4. by the way of SDN supports, new message format is easily parsed, it is former for conventional network equipment processing The protocol massages and mutual message come will not functional property influence;
5. using openflow interchangers, the transition of the forwarding scheme of new message can be very easily realized;And Openflow interchangers are acted it is also possible that very easily mutual using the equipment and traditional equipment based on MAC of this scheme It is logical;
6. it is corresponding, ARP the and RARP agreements of IPV4 and MAC demapping section can also be optimized in protocol stack, this Sample can carry out complete trails to message based on item of failing to be sold at auction and be tabled look-up forwarding according to unified mode, without having ARP inquiries and phase again Answer mechanism;
7. new packaged type very easily can be run in conventional network equipment, easily realize and existing network Compatibility.
The program includes in the packet receiving step of server end:
1. physical layer of device obtains physical signalling according to frame gap and guiding frame using existing method from transmission medium After be converted to bit, give data link layer;
2. data link layer carries out all processing work in addition to MAC Address is recognized and is addressed, including bit is filled Message is handed into the processing of packet receiving function after frame;
3. protocol stack recognizes analysis mode such as Fig. 3 of message, follow-up association is then entered if message DIP is the server Stack is discussed, if not then walking to route forward process flow;
4. route is produce, give data link layer carry out except Ethernet is encapsulated and mac addressing in addition to other Function;
5. and then the bit of message data frame is converted into photosignal according to original mode and forwarded by physical layer;
The program includes in the step of giving out a contract for a project of server end:
L4 header informations and the trailer information such as addition TCP/UDP, then carry out IP after 1. first message data section is packaged Encapsulation;
2. message is subjected to route querying according to DIP, to choose exit port;
3. the message for finding exit port give data link layer carry out except Ethernet encapsulate and mac addressing in addition to its His function;
4. and then the bit of message data frame is converted into photosignal according to original mode and forwarded by physical layer;
For the network equipment based on openflow standards there is no two layers of forwarding and the concept of three-layer routing, but according to It is divided into two classes to network equipment port using scene:The port for needing the port of parsing and being parsed without MAC;Without MAC parsings Port be mainly used in implement this programme network range inside, and need solve parsing MAC port be used for implement this programme encapsulation Network the intercommunication of network is encapsulated with implementing traditional ethernet form;When the message that need not parse MC arrives or produced according to figure 3 pairs of messages are parsed, and the field for then obtaining parsing is matched to determine that message needs to hold with openflow list item Capable action, even without the interaction for having ARP when having arrived the direct-connected route of final jump.When need solve parsing MAC port , it is necessary to be parsed according to traditional Ethernet encapsulation format and encapsulated message when receiving or E-Packeting.I.e. when message is from need not The port of MAC parsings enters, and is produced from the port for needing to parse, then need to add the MAC of a layer switch in itself to message Address is as source address, and the physical address for equipment of giving a start is used as purpose MAC;And enter from the port for needing to parse, from need not The port of MAC parsings is when producing, it is necessary to delete the source MAC and purpose MAC of header.And the source port and destination interface of message During for a type, specially treated is made without the MAC situations to message.The availability for implementing this programme network has been achieved in that, And the intercommunity of network is encapsulated with traditional ethernet form.
Newly proposing without under MAC Address message packaged type, the DHCP needs of work for obtaining IP address are improved, can be with In the following way, to determine to be organically combined with follow-up forward-path:
1.Controller determines the information such as position and the IP of Dynamic Host Configuration Protocol server in topology, to ensure Servers-all DHCP correlation discover or request message can be forwarded to the Dynamic Host Configuration Protocol server in respective range, i.e. Dynamic Host Configuration Protocol server acquiescence should This is that all devices that can be provided by it in the range of DHCP service are accessed, and prevents other people from pretending to be Dynamic Host Configuration Protocol server;
2. the server of acquiescence access is all no IP, user generates public key and the private of oneself by RSA Algorithm first Key;User configuring static ip address then enters below step 3, otherwise into step 6;
3. user with static configuration server ip address, then can directly transmit DCHP request request messages to DHCP Server, the SIP of message is 0.0.0.0, and DIP is 255.255.255.255, IP address of the message content comprising static configuration and Public key;
4.DHCP servers are received after message, are recorded the public key and are checked whether the static IP of configuration is used;If should IP address by using DHCP deny messages are then sent, if the IP address is not used by other equipment, sends DHCP ACK messages;The SIP of message is the IP address of Dynamic Host Configuration Protocol server, and purpose IP is 255.255.255.255;Because having used RSA Certification, so the network equipment can broadcast the message, but the server for only sending request message correctly handles the message;
The DHCP DENY messages of oneself are sent to 5. receiving.Server can point out user configuring to fail, because the IP address It has been used that, new IP address can be reattempted to, continued to go to step 3 and applied, confirmed until by Dynamic Host Configuration Protocol server;Receive DHCP ACK messages then point out configuration successful, and record the IP address of Dynamic Host Configuration Protocol server;Subsequently into step 10;
6. when user's dynamic access IP address, then sending DHCP discover messages, the network equipment is then transmitted to DHCP Server;DHCP discover messages SIP is 0.0.0.0, and DIP is 255.255.255.255, and message content is matched somebody with somebody comprising static state The IP address and public key put;
7.DHCP servers are received after DHCP discover messages, and selection is packaged into DHCP without occupied IP address OFFER messages give the server for having DHCP demands;The SIP of DHCP OFFER messages is the IP address of Dynamic Host Configuration Protocol server, destination Location is 255.255.255.255;With the configuration flow of static ip address, because having used Revest-Shamir-Adleman Algorithm (RSA) authentication, the network equipment can be wide The message is broadcast, but the server for only sending request message correctly handles the message;
8. server is received after DHCP server DHCP OFFER messages, the address of Dynamic Host Configuration Protocol server, Ran Houjie are recorded By the IP address;And DHCP request messages are sent, now the SIP (source IP, SourceIP) of message is that Dynamic Host Configuration Protocol server is carried The IP of confession, DIP are the IP address of Dynamic Host Configuration Protocol server;
9.DHCP servers are received after the DHCP request messages of server, record the IP and public key of the server, And send DHCP ACK messages;The SIP of message is the IP address of Dynamic Host Configuration Protocol server, and purpose IP is with being available to the IP of server Location;
Public key and IP address are sent to controller and recorded by 10.DHCP servers, so as to follow-up other equipment Suitable access path is issued when accessing the IP address;Because the equipment that Dynamic Host Configuration Protocol server distributes IP address belongs to some area In the range of domain, even if so being not based on vlan three layer interface configuration of IP under new message encapsulation format, it is also ensured that same One section of IP is in adjacent ranges, so that being aggregated in for route is still effective during router-level topology.
After message does not have VLAN ID, need not be supported in openflow interchangers it is original two layers acquiescence lookups less than The mechanism of broadcast processing is then carried out, it is necessary to realize isolation and intercommunication in the following way:
1. can not be by network access, after the good network of network equipments configuration between giving tacit consent to Servers-all, DHCP clothes Business device configures its network and sends IP request messages,;
2. then sending specific message to controller, controller just generates the topological diagram of the whole network, record The IP address of every server and the port of the place network equipment.Be not in thus that camouflage other equipment IP is pretended to be Behavior;
3. every server is reported to controller oneself safe class, it is divided into three classes:
A. acquiescence is the equipment that all devices can be accessed, it is adaptable to website or resource service as public service;
B. acquiescence only has the equipment that same network segment can be accessed, it is adaptable to which the equipment of company or IDC Intranets carries out networking;
C. acquiescence could access oneself using the equipment only by oneself certification, such as can be RSA etc algorithm;
4.Controller is collected into after the access level of equipment, is issued corresponding rule and is arrived each networking routing device On, it is ensured that the intercommunication and isolation of each grade equipment, and list item has aging mechanism;
5. when c kind equipments have new equipment by certification in 1 step, issue new openflow rules and ensure the two Intercommunication;
So whole network can just be behaved, and realize the normal access and isolation of network, without considering further that vlan Number it is inadequate the problem of, also to solve network in some safety problems, such as ARP deception etc..
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all Any modification, equivalent substitution and improvements made within the spirit and principles in the present invention etc., are all contained in protection scope of the present invention It is interior.

Claims (1)

1. a kind of ethernet ip message encapsulation based on SDN, Network Isolation and DHCP implementation methods, including server end packet receiving and Server end is given out a contract for a project, it is characterised in that
Wherein server end packet receiving comprises the following steps:
Step 1: physical layer of device is according to frame gap and is oriented to frame and obtains physical signalling from transmission medium, and by the physics Signal is converted to bit, gives data link layer;
Step 2: data link layer carries out original processing work in addition to MAC Address is recognized and is addressed, including by bit Message is handed into the processing of packet receiving function after binding and layout;
Step 3: analysis protocol stack recognizes message, according to new header format analytic message, the related heading letter of message is obtained Breath, enters subsequent protocol stack, if not then passing through routing forwarding processing stream if message DIP is the address of the server Journey;
Step 4: route gives other processing of data link layer execution in addition to Ethernet is encapsulated with mac addressing after producing Flow, according to header form, is transmitted to physical layer to handle;
Forwarded Step 5: the bit of message data frame is converted into photosignal by physical layer according to original mode;
Wherein server end, which is given out a contract for a project, comprises the following steps:
Step 1: adding TCP/UDP L4 header informations and trailer information after message data section is packaged first, then carry out IP is encapsulated;
Step 2: IP encapsulated messages are carried out into route querying according to purpose IP address DIP, to choose exit port;
Carried out Step 3: giving data link layer by the message for finding exit port in addition to Ethernet encapsulation and mac addressing Other operation;
Forwarded Step 4: the bit of message data frame is converted into photosignal by physical layer according to original mode;
Wherein under no MAC Address message packaged type, the DHCP for obtaining IP address uses following methods:
Step 1: Controller determines position and the IP information of Dynamic Host Configuration Protocol server in topology, it is ensured that Servers-all DHCP correlations are found or request message can be forwarded to the Dynamic Host Configuration Protocol server in respective range, and Dynamic Host Configuration Protocol server acquiescence is can be by Its all devices for providing in the range of DHCP service is accessed, and prevents other people from pretending to be Dynamic Host Configuration Protocol server;
Step 2: the server of acquiescence access is all no IP, user is generated certainly by public key encryption algorithm RSA Algorithm first Oneself public key and private key;User configuring static server IP address then enters below step three, otherwise into step 6;
Step 3: user's static configuration server ip address, then directly transmit DHCP request request messages to DHCP service Device, the SIP of message is 0.0.0.0, and DIP is 255.255.255.255, and message content includes the IP address and public affairs of static configuration Key;
Step 4: Dynamic Host Configuration Protocol server is received after message, record the public key and check whether the static IP of configuration is used;If should Static IP by using DHCP deny messages are then sent, if the static IP is not used by other equipment, sends DHCP Confirmation message ACK messages;The SIP of message is the IP address of Dynamic Host Configuration Protocol server, and purpose IP is 255.255.255.255;
Step 5: when receiving the DHCP DENY messages for being sent to oneself, server prompts user configuring failure, because the IP Address has been used, and reattempts to new IP address, is continued to go to step three and is applied, is confirmed until by Dynamic Host Configuration Protocol server;Receive Configuration successful is then pointed out to DHCP ACK messages, and records the IP address of Dynamic Host Configuration Protocol server;Subsequently into step 10;
Step 6: when user's dynamic access IP address, then sending DHCP discover messages, the network equipment is then transmitted to Dynamic Host Configuration Protocol server;DHCP discover messages SIP is 0.0.0.0, and DIP is 255.255.255.255, and message content is comprising quiet The IP address and public key of state configuration;
Step 7: Dynamic Host Configuration Protocol server is received after DHCP discover messages, selection is packaged into without occupied IP address DHCP OFFER messages give the server for having DHCP demands;The SIP of DHCP OFFER messages is the IP address of Dynamic Host Configuration Protocol server, mesh Address be 255.255.255.255;
Step 8: server is received after DHCP server DHCP OFFER messages, the address of Dynamic Host Configuration Protocol server is recorded, then Receive the IP address;And DHCP request messages are sent, now the SIP of message is the IP that Dynamic Host Configuration Protocol server is provided, and DIP is The IP address of Dynamic Host Configuration Protocol server;
Step 9: Dynamic Host Configuration Protocol server is received after the DHCP request messages of server, the IP and public key of the server are recorded, And send DHCP ACK messages;The SIP of message is the IP address of Dynamic Host Configuration Protocol server, and purpose IP is with being available to the IP of server Location;
Recorded Step 10: public key and IP address are sent to controller by Dynamic Host Configuration Protocol server, so as to follow-up other equipment Suitable access path is issued when accessing the IP address;Because the equipment that Dynamic Host Configuration Protocol server distributes IP address belongs to some area In the range of domain, even if so being not based on vlan three layer interface configuration of IP under new message encapsulation format, it is also ensured that same One section of IP is in adjacent ranges, so that being aggregated in for route is still effective during router-level topology;
After message enters data link layer, after message does not have a VLAN ID in new method for packing, Openflow interchangers In need not support it is original two layers acquiescence lookups less than then carry out broadcast processing mechanism, therefore in the following way realize isolation And intercommunication:
Step 1: can not be by network access, after the good network of network equipments configuration between acquiescence Servers-all, DHCP clothes Business device configures its network and sends IP request messages;
Step 2: sending specific message to controller, controller generation full mesh topology figures record every server IP address and the place network equipment port;
Step 3: every server is reported to controller oneself safe class, it is divided into three classes:
A. acquiescence is the equipment that all devices can be accessed, it is adaptable to website or resource service as public service;
B. acquiescence only has the equipment that can access of the part network segment, it is adaptable to which company or Internet data center's IDC Intranets are set It is standby to carry out networking;
C. acquiescence could access oneself using the equipment only by oneself certification;
Step 4: Controller is collected into after the safe class of equipment, issues corresponding rule and arrive each network routing device On, it is ensured that the intercommunication and isolation of each grade equipment;
Step 5: when c kind equipments have new equipment by certification in step 3, issuing new openflow rules and ensureing it With the intercommunication of other network equipments.
CN201410181020.3A 2014-04-30 2014-04-30 Ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN Active CN104010049B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410181020.3A CN104010049B (en) 2014-04-30 2014-04-30 Ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410181020.3A CN104010049B (en) 2014-04-30 2014-04-30 Ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN

Publications (2)

Publication Number Publication Date
CN104010049A CN104010049A (en) 2014-08-27
CN104010049B true CN104010049B (en) 2017-10-03

Family

ID=51370540

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410181020.3A Active CN104010049B (en) 2014-04-30 2014-04-30 Ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN

Country Status (1)

Country Link
CN (1) CN104010049B (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9620213B2 (en) 2013-12-27 2017-04-11 Cavium, Inc. Method and system for reconfigurable parallel lookups using multiple shared memories
US9379963B2 (en) 2013-12-30 2016-06-28 Cavium, Inc. Apparatus and method of generating lookups and making decisions for packet modifying and forwarding in a software-defined network engine
US9825884B2 (en) 2013-12-30 2017-11-21 Cavium, Inc. Protocol independent programmable switch (PIPS) software defined data center networks
US9413357B2 (en) 2014-06-11 2016-08-09 Cavium, Inc. Hierarchical statistically multiplexed counters and a method thereof
US9635146B2 (en) 2014-06-19 2017-04-25 Cavium, Inc. Method of using bit vectors to allow expansion and collapse of header layers within packets for enabling flexible modifications and an apparatus thereof
US10616380B2 (en) 2014-06-19 2020-04-07 Cavium, Llc Method of handling large protocol layers for configurable extraction of layer information and an apparatus thereof
US9813327B2 (en) 2014-09-23 2017-11-07 Cavium, Inc. Hierarchical hardware linked list approach for multicast replication engine in a network ASIC
CN104320267B (en) * 2014-10-29 2017-11-17 武汉绿色网络信息服务有限责任公司 VxLAN ARP broadcast suppression systems and method is realized based on SDN frameworks
DE112016001193T5 (en) * 2015-03-13 2017-11-30 Cavium, Inc. Protocol-independent, programmable switch for software-defined data center networks
US10616144B2 (en) 2015-03-30 2020-04-07 Cavium, Llc Packet processing system, method and device having reduced static power consumption
CN105119830B (en) * 2015-09-14 2018-02-23 珠海赞同科技有限公司 Load balancing software defined network route aggregating method based on vanning optimization
CN105429946A (en) * 2015-10-28 2016-03-23 广州西麦科技股份有限公司 System and method of preventing forging IP address based on SDN virtual switch
CN108574613B (en) * 2017-03-07 2022-05-10 中兴通讯股份有限公司 Two-layer intercommunication method and device for SDN data center
CN109040004A (en) * 2018-05-25 2018-12-18 北京无线电测量研究所 ICP/IP protocol implementation method, device and storage medium
CN109347759B (en) * 2018-09-25 2022-08-02 中电莱斯信息系统有限公司 SIP multimedia communication system and method based on SDN (software defined network) for passing through intranet
CN110401923B (en) * 2019-04-19 2021-08-10 广州天链通信科技有限公司 Method for simultaneously supporting VSAT terminal network bridge and routing mode and VSAT terminal
CN113225376B (en) * 2021-03-29 2022-07-08 桂林电子科技大学 Ethernet frame and SDN data frame adapting method based on FPGA
CN113542273B (en) * 2021-07-15 2023-07-18 北京润科通用技术有限公司 Data transmission method and related equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369977A (en) * 2008-09-18 2009-02-18 华为技术有限公司 Method, apparatus and system for transmitting data
CN101951378A (en) * 2010-09-26 2011-01-19 北京品源亚安科技有限公司 Protocol stack system structure for SSL VPN and data processing method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040120315A1 (en) * 2002-12-24 2004-06-24 Kyeong-Soo Han Communication system for peer-to-peer communication between optical network units in Ethernet-based passive optical network and communication method thereof
US20090141737A1 (en) * 2007-11-30 2009-06-04 Texas Instruments Incorporated Systems and methods for prioritized channel access hardware assistance design

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369977A (en) * 2008-09-18 2009-02-18 华为技术有限公司 Method, apparatus and system for transmitting data
CN101951378A (en) * 2010-09-26 2011-01-19 北京品源亚安科技有限公司 Protocol stack system structure for SSL VPN and data processing method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于端口隔离静态IP地址冲突防范策略;陈松;《计算机工程与设计》;20090116;第30卷(第1期);正文第69-71页 *

Also Published As

Publication number Publication date
CN104010049A (en) 2014-08-27

Similar Documents

Publication Publication Date Title
CN104010049B (en) Ethernet ip message encapsulating method and Network Isolation and DHCP implementation methods based on SDN
CN107911258B (en) SDN network-based security resource pool implementation method and system
CN109561108B (en) Policy-based container network resource isolation control method
CN103905283B (en) Communication means and device based on expansible VLAN
CN104272674B (en) Multiple tunnel VPN
CN101193064B (en) Method and system for computer networking
CN109861926A (en) The transmission of message, processing method and processing device, PE node, node
CN101764709B (en) Network physical topology discovering method and network management server based on SNMP
CN104243270B (en) A kind of method and apparatus for establishing tunnel
CN103391296B (en) A kind of controller, transponder and Path Setup method and system
CN101098292B (en) Method for reducing user address analysis protocol broadcast on access equipment
CN104937896B (en) The processing method and transponder of address resolution protocol message, controller
CN104040966A (en) Method, Forwarding-plane Apparatus, And Network Device For Processing Packet
CN103650424A (en) Implementation method and server of home gateway service function
JPWO2004051935A1 (en) User identification system, user identification device, user identification method, address translation device, and program
CN101902482B (en) Method and system for realizing terminal security admission control based on IPv6 (Internet Protocol Version 6) automatic configuration
CN106712988A (en) Virtual network management method and device
US8724630B2 (en) Method and system for implementing network intercommunication
CN107404470A (en) Connection control method and device
CN108965367A (en) A kind of method and system of control view networked server
CN109691026A (en) Method and apparatus for updating multiple multiprotocol label switching (MPLS) two-way converting detection (BFD) sessions
CN107769939A (en) Network element management method, webmaster, Gateway Network Element and system in data communication network
CN109617816A (en) A kind of transmission method and device of data message
CN103561122B (en) IPv6 address collocation method, IPv6 client and server
CN104205729B (en) Method, device, and system for configuring device in network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100081, 1410, building 683, science and technology building, No. two, zone 5, Zhongguancun South Street, Haidian District, Beijing

Applicant after: Yi cloud feilingjiexun Technology (Beijing) Limited by Share Ltd

Address before: 100081, 1410, building 683, science and technology building, No. two, zone 5, Zhongguancun South Street, Haidian District, Beijing

Applicant before: Yi cloud feilingjiexun Technology (Beijing) Co. Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20181119

Address after: 750000 Room 102, Block B, Zhongweiyun Center, Zhongguancun Science and Technology Industrial Park, Ningxia Hui Autonomous Region (south of Zhongwei Campus, Ningxia University)

Patentee after: Ningxia Gold Silicon Information Technology Co., Ltd.

Address before: Room 1410, Science and Technology Building, 683 Building, No. 5 South Street, Zhongcun District, Haidian District, Beijing 100081

Patentee before: Yi cloud feilingjiexun Technology (Beijing) Limited by Share Ltd

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220208

Address after: Room 1410, Science and Technology Building, 683 Building, No. 5 South Street, Zhongcun District, Haidian District, Beijing 100081

Patentee after: Xingyuan Jurun Technology (Beijing) Co.,Ltd.

Address before: 750000 Room 102, Block B, Zhongweiyun Center, Zhongguancun Science and Technology Industrial Park, Ningxia Hui Autonomous Region (south of Zhongwei Campus, Ningxia University)

Patentee before: NINGXIA JINGUI INFORMATION TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right