CN104348716A - Message processing method and equipment - Google Patents

Message processing method and equipment Download PDF

Info

Publication number
CN104348716A
CN104348716A CN201310315236.XA CN201310315236A CN104348716A CN 104348716 A CN104348716 A CN 104348716A CN 201310315236 A CN201310315236 A CN 201310315236A CN 104348716 A CN104348716 A CN 104348716A
Authority
CN
China
Prior art keywords
table
flow
protocol
flow table
classification
Prior art date
Application number
CN201310315236.XA
Other languages
Chinese (zh)
Other versions
CN104348716B (en
Inventor
易仁杰
Original Assignee
杭州华三通信技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杭州华三通信技术有限公司 filed Critical 杭州华三通信技术有限公司
Priority to CN201310315236.XA priority Critical patent/CN104348716B/en
Publication of CN104348716A publication Critical patent/CN104348716A/en
Application granted granted Critical
Publication of CN104348716B publication Critical patent/CN104348716B/en

Links

Abstract

The invention discloses a message processing method applied to the network comprising control equipment based on an OpenFlow protocol and data forwarding equipment. The method comprises steps that a message is received by the data forwarding equipment; a message head portion of the message is analyzed by the data forwarding equipment to acquire protocol information corresponding to data fields borne by the message; a corresponding flow graph category of the message is determined by the data forwarding equipment according to pre-established corresponding relations between the protocol information and flow graph categories; matching flow graph items are searched in the determined flow graph category by the data forwarding equipment, and processing on the message is carried out. The invention further discloses the data forwarding equipment. Through the method, the flow graph matching efficiency can be improved.

Description

一种报文处理方法及设备 One kind of packet processing method and apparatus

技术领域 FIELD

[0001] 本发明涉及网络通信技术领域,特别涉及一种报文处理方法及设备。 [0001] The present invention relates to network communication technology field, particularly to a method and apparatus for packet processing.

背景技术 Background technique

[0002] Openflow交换机将传统交换机上的报文转发和转发策略分离开来,采用专门的一台控制设备(controller)通过网线与交换机连接。 [0002] Openflow switch packets traditional switches and forwarding forwarding policy separated using a dedicated control unit (Controller) is connected to the switch through the network cable. 这样原来同在一台交换机设备上的报文转发功能(硬件芯片实现)和报文转发策略(各种软件协议)就被分开到了不同的硬件设备上。 So that the original message with a switch on the device forwarding (hardware chip) and packet forwarding strategy (a variety of software protocols) were separated into different hardware devices. 基本的Openflow网络包括:控制面的网络控制器和转发面的Openflow交换机,分别称之为控制设备和数据转发设备。 Basic Openflow network comprising: a control plane and forwarding the network controller switches Openflow surface, and the control device are called data transfer apparatus. Openflow网络中的转发数据报文的方法为利用流表进行数据报文转发,具体为:控制设备通过标准化的Openflow协议控制数据转发设备并下发流表给数据转发设备;数据转发设备接收并保存流表;当数据转发设备收到网络发来的数据报文后,查看流表中是否有匹配的流表项,若有,则按照流表项中的动作转发数据报文;若没有查找到匹配的流表项,则将数据报文的头信息封装为Packet-in消息通过安全通道发给控制设备,由控制设备来决策相关行为。 Openflow network method for forwarding data packets to the use of the flow table for data packet forwarding, specifically: the control device data transfer apparatus and delivers the flow table to a data transfer apparatus via a standardized Openflow protocol control; data transfer apparatus receives and stores flow table; when the device receives data forwarding network to send data packets, whether there is a matching flow entry in the flow table view, and if so, in accordance with the flow entry in the action forward data packets; if not found package information header matching flow table entry, the data packets to packet-in message to the control device via a secure channel, to the decision by the control device-related behavior.

[0003] 现有技术中,流表的存储非常混乱,当报文进行匹配流表时,需要对所有流表数据进行匹配,影响转发的效率。 [0003] In the prior art, the flow table stored very confusing, when packets matching flow table, the need to match all of the data stream table, the forwarding efficiency of impact. 对于一个庞大的流表数据,每个报文进入数据转发设备后,根据优先级排序遍历所有流表项。 For a large flow table data, each data packet into the forwarding device, flow through all the entries in order of priority. 如果流表数据太过庞大,算法的效率将会很降低。 If the data flow table is too large, it will reduce the efficiency of the algorithm.

发明内容 SUMMARY

[0004] 本发明的目的在于提供一种报文处理方法及设备,能够提高流表匹配效率。 [0004] The object of the present invention is to provide a packet processing method and apparatus capable of improving the efficiency of the matching flow table.

[0005] 为实现上述发明目的,本发明提供了一种报文处理方法,应用于包括基于OpenFlow协议的控制设备和数据转发设备的网络中,该方法包括: [0005] In order to achieve the above object, the present invention provides a method of processing text messages, forwarding apparatus applied to a control device and based OpenFlow protocol data network, the method comprising:

[0006] 数据转发设备接收到报文; [0006] The data transfer device receiving the message;

[0007] 数据转发设备对所述报文的报文头部进行解析,获得所述报文承载的数据字段对应的协议信息; [0007] The data transfer apparatus parsing the packet header of the packet, to obtain the protocol information field of the packet data corresponding to the carrier;

[0008] 数据转发设备根据预先建立的协议信息与流表分类之间的对应关系,确定所述报文对应的流表分类; [0008] The data transfer apparatus according to a correspondence relationship between the flow protocol information table pre-established classification, determining the table corresponding to the packet flow classification;

[0009] 数据转发设备在所确定的流表分类中查找匹配的流表项,对所述报文进行处理。 [0009] The data transfer apparatus lookup flow entry matching the determined stream classification table, the packet processing.

[0010] 为实现上述发明目的,本发明还提供了一种数据转发设备,应用于包括基于OpenFlow协议的控制设备和数据转发设备的网络中;该设备包括: [0010] In order to achieve the above object, the present invention also provides a data forwarding device, it applied to a forwarding device based on the control device and the data network OpenFlow protocol; the apparatus comprising:

[0011] 接收单元,用于接收报文; [0011] receiving unit for receiving messages;

[0012] 解析单元,用于对所述报文的报文头部进行解析,获得所述报文承载的数据字段对应的协议信息; [0012] The parsing unit for parsing the packet header of the packet, to obtain the protocol information field of the packet data corresponding to the carrier;

[0013] 对应关系确定单元,用于根据预先建立的协议信息与流表分类之间的对应关系, 确定所述报文对应的流表分类; [0013] correspondence relationship determining unit, for the corresponding relationship between information and the stream classification table according to pre-established protocol, determining the table corresponding to the packet flow classification;

[0014] 匹配单元,用于在所确定的流表分类中查找匹配的流表项,对所述报文进行处理。 [0014] The matching unit for matching to find the determined flow stream classification table entry, the packet is processed.

[0015] 综上所述,本发明实施例数据转发设备接收到报文;数据转发设备对所述报文的报文头部进行解析,获得所述报文承载的数据字段对应的协议信息;数据转发设备根据预先建立的协议信息与流表分类之间的对应关系,确定所述报文对应的流表分类;数据转发设备在所确定的流表分类中查找匹配的流表项,对所述报文进行处理。 [0015] In summary, the embodiment of the data transfer device receives the packets embodiment of the present invention; data transfer apparatus of the packet parsing packet header to obtain the protocol information field of the packet data corresponding to the carrier; the data transfer apparatus according to the correspondence between the protocol information stream classification table established in advance, determining the flow table corresponding to the packet classification message; data forwarding device searches the flow table entries that match the determined stream classification table, for the said process packets. 由于本发明中控制设备下发流表时,已经对流表进行分类,报文匹配流表时,不需要像现有技术那样进行遍历匹配,直接在相应的流表分类中进行流表匹配,所以大大提高了流表匹配效率,优化了流表生成、匹配及管理等机制。 Since the apparatus of the present invention, when the hair flow control table, the flow table has been classified, packet when matching flow table does not need to traverse matching as in the conventional technology, the matching flow table directly in the corresponding stream classification table, so greatly improving the flow table matching efficiency, optimize the flow table generation, matching and management mechanism.

附图说明 BRIEF DESCRIPTION

[0016] 图1为本发明实施例报文处理方法的流程示意图。 [0016] FIG. 1 is a schematic flow example of the packet processing method according to embodiments of the present invention.

[0017] 图2为本发明根据Openflow协议解析报文的流程图返回流表分类值的示意图。 [0017] FIG. 2 is a schematic flowchart showing the flow value classification table parsing packets Openflow return protocol according to the present invention.

[0018] 图3为本发明实施例多级流表示意图。 [0018] Figure 3 represents a flow multistage embodiment of the present invention is intended.

[0019] 图4为本发明具体实施例中应用于上述方法的数据转发设备的结构示意图。 [0019] Fig 4 a schematic structural diagram of the method described above is applied to a specific embodiment of the data transfer apparatus of the present invention.

具体实施方式 Detailed ways

[0020] 为使本发明的目的、技术方案及优点更加清楚明白,以下参照附图并举实施例,对本发明所述方案作进一步地详细说明。 [0020] To make the objectives, technical solutions and advantages of the present invention will become more apparent, with reference to the accompanying drawings and the following embodiments, the embodiment of the present invention will be described in further detail.

[0021] 本发明的核心思想是:针对Openflow协议对不同协议类型的报文解析结果不同, 设计了与之相匹配的流表分类,利用控制设备的策略控制能力,将分类后的多个流表下发给数据转发设备,数据转发设备对报文进行流表匹配时,按照报文解析得到的结果返回流表分类值,在对应的流表分类中查找匹配流表项。 [0021] The core idea of ​​the invention is: for packets Openflow protocol analysis results of different types of different protocols, designed to match the stream classification table, and the control device control policies, the plurality of the classified stream forwarding data addressed to the device in the table, when the data transfer apparatus of packets matching a flow table, the flow returns classification table according to the result value obtained by parsing the message for matches in the flow table entry corresponding to the stream classification table. 由于本发明中控制设备下发流表时,已经对流表进行分类,报文匹配流表时,不需要像现有技术那样进行遍历匹配,直接在相应的流表分类中进行流表匹配,所以大大提高了流表匹配效率,优化了流表生成、匹配及管理等机制。 Since the apparatus of the present invention, when the hair flow control table, the flow table has been classified, packet when matching flow table does not need to traverse matching as in the conventional technology, the matching flow table directly in the corresponding stream classification table, so greatly improving the flow table matching efficiency, optimize the flow table generation, matching and management mechanism.

[0022] 本发明实施例提供了一种报文处理方法,应用于包括控制设备和数据转发设备的Openflow网络中;其流程示意图如图1所示,该方法包括: [0022] Example embodiments of the present invention provides a method of processing text messages, it applied to a control device and a data forwarding network devices Openflow; the schematic flow diagram shown in Figure 1, the method comprising:

[0023] 步骤11、数据转发设备接收到报文; [0023] Step 11, the data forwarding device receiving the message;

[0024] 步骤12、数据转发设备对所述报文的报文头部进行解析,获得所述报文承载的数据字段对应的协议信息; [0024] Step 12, the data forwarding device parsing the packet header of the packet, to obtain the protocol information field of the packet data corresponding to the carrier;

[0025] 其中,对报文头部进行解析时,根据所述报文的以太网首部中的帧类型字段和/ 或IP首部中的IP协议字段,确定所述报文承载的数据字段对应的协议信息。 [0025] wherein, when the packet header parsing, according to the packet type field in the Ethernet frame header and / or IP header of the IP protocol field, determining the packet bearer corresponding to the data field protocol information.

[0026] 协议信息具体包括:帧类型字段为ARP协议;帧类型字段为ARP协议和IP协议外的其他协议;非IP分片报文且IP协议字段为M)P或TCP协议;非IP分片报文且IP协议字段为ICMP协议;非IP分片报文且IP协议字段为UDP、TCP协议或ICMP协议外的其他协议;分片报文且IP协议字段为M)P、TCP协议或ICMP协议。 [0026] protocol information comprises: a frame type field of the ARP protocol; other protocol frame type field of the outer ARP protocol and IP protocol; non-fragmented IP packets and the IP protocol field is M) P or TCP protocol; non-IP sub fragmented packets and the IP protocol field of the ICMP protocol; non-fragmented IP packets and the IP protocol field other protocols outer UDP, TCP protocol or the ICMP protocol; fragmented packets and the IP protocol field is M) P, TCP protocol, or ICMP protocol.

[0027] 步骤13、数据转发设备根据预先建立的协议信息与流表分类之间的对应关系,确定所述报文对应的流表分类; [0027] Step 13, the data transfer apparatus according to the correspondence relationship between the flow protocol information table pre-established classification, determining the table corresponding to the packet flow classification;

[0028] 步骤14、数据转发设备在所确定的流表分类中查找匹配的流表项,对所述报文进行处理。 [0028] Step 14, the data transfer device to find a matching flow table at the determined stream classification table entry, the packet is processed.

[0029] 为清楚说明本发明,下面列举实施例对上述方法进行详细说明。 [0029] To clearly illustrate the present invention, the above-described method include the following detailed description of embodiments. 图2为本发明根据Openflow协议解析报文的流程图返回流表分类值的示意图。 Schematic flow value classification table according to the flowchart of FIG. 2 of the present invention Openflow analytical protocol packets returned. 其中,Openflow协议解析报文的过程与现有相同。 Wherein, Openflow protocol parsing packets similar to the conventional process.

[0030] 数据转发设备根据Openflow协议对报文头部进行解析并返回流表分类值的方法包括: Method [0030] Analytical data transfer device according Openflow protocol packet header and the return flow value classification table comprises:

[0031] 步骤21、解析入端口、源MAC地址和目的MAC地址以及帧类型字段(Ethernet Type); [0031] Step 21, parses ingress port, source MAC address and destination MAC address field and a frame type (Ethernet Type);

[0032] 步骤22、判断帧类型字段是否为0x8100,如果是,则执行步骤23、解析出虚拟局域网(VLAN)标识等信息; [0032] Step 22, it is judged whether the field is 0x8100 frame type, if yes, step 23 is executed, parses the virtual local area network (VLAN) identification information;

[0033] 步骤24、判断帧类型字段是否为0x0806,如果是,则为地址解析协议(ARP)报文, 执行步骤25、解析出目的IP和源IP,返回流表分类值01000,进行流表匹配;如果否,执行步骤26 ; [0033] Step 24, it is determined whether the frame type 0x0806 field, if it does, Address Resolution Protocol (ARP) packet, step 25, the parsed destination IP and source IP, the return flow value classification table 01000, a flow table matching; if not, executes step 26;

[0034] 步骤26、判断帧类型字段是否为0x0800,如果不是,则为除ARP、IP的以太网协议报文,返回流表分类值10000,进行流表匹配; [0034] Step 26, it is determined whether the frame type field is 0x0800, if not, for the except ARP, IP Ethernet packets, the return flow value classification table 10000, a matching flow table;

[0035] 如果是,则为IP报文,执行步骤27、解析出目的IP和源IP以及服务类型(ToS)字段;进一步执行步骤28、判断是否是IP分片,如果是IP分片,则返回流表分类值00010或者00011,进行流表匹配; [0035] If, for the IP packet, step 27, the parsed destination IP and source IP and type of service (ToS) field; a further step 28, it is determined whether the IP fragments, if an IP fragment, the The return flow value classification table 00010 or 00011, for matching a flow table;

[0036] 具体地,如果是传输控制协议/用户数据报协议/互联网控制消息协议(TCP/UDP/ ICMP)分片报文,则返回00010,如果是其他IP协议类型的分片报文,则返回00011 ; [0036] Specifically, if Transmission Control Protocol / User Datagram Protocol / Internet Control Message Protocol (TCP / UDP / ICMP) fragmented packets, then return 00010, if the other IP protocol type of fragmented packets, the return 00011;

[0037] 如果不是IP分片,执行步骤29、进一步判断IP协议字段(IPProtocol)是否为6 或17,如果是则为UDP/TCP报文,执行步骤30、解析出源端口号和目的端口号,返回流表分类值〇〇〇〇〇,进行流表匹配; [0037] If it is not an IP fragment, step 29, the IP protocol field is further determined (IPProtocol) whether the 6 or 17, if it is compared with UDP / TCP packet, step 30, the parsed source port number and destination port number , 〇〇〇〇〇 return flow value classification table, a matching flow table;

[0038] 如果不是IP分片,且IP协议字段不是6或17,则执行步骤31、进一步判断IP协议字段是否为1,如果是,则为ICMP报文,执行步骤32、解析出源端口号和目的端口号,返回流表分类值00001,进行流表匹配; [0038] If fragmentation is not an IP, and IP protocol field is not 6 or 17, step 31 is executed, further determines whether the IP protocol field is 1, if it does, the ICMP packet, step 32, source port number parsed and destination port number, the return flow value classification table 00001, a matching flow table;

[0039] 如果不是IP分片,且IP协议字段不是1、6或17,则为除TCP/UDP/ICMP的IP层报文,返回流表分类值00011,进行流表匹配。 [0039] If fragmentation is not an IP, and IP protocol field is not 6 or 17, for the addition to TCP / UDP / ICMP packets at the IP layer, the return flow value classification table 00011, a matching flow table.

[0040] 因此,根据上述解析报文的流程得到的结果,返回流表分类值有6个,所以将流表分为6类,每一类流表对应上述6个返回值的一个,在每个流表的flow_class字段中携带流表分类值,对每一类流表进行区分。 [0040] Thus, according to the result of the packet parsing process obtained values ​​are returned stream classification table 6, so the flow table divided into 6 categories, each category corresponding to the above-described flow table 6 a return value in each flow_class streams table field carries the flow value classification table, for each type of flow meter to distinguish.

[0041] 之所以根据上述解析报文的结果返回6种流表分类值,是基于现有Openflow协议对不同协议类型的报文解析结果不同而设计的。 [0041] It returns a value of six kinds of stream classification table according to the result of the parsing of packets, is based on the existing protocol Openflow different protocols for different types of packets designed analysis results. 本发明实施例通过5比特(bit)来区分不同协议类型的报文如表1所示。 Example distinguished by 5 bits (bit) of the present invention, different types of protocol packet as shown in Table 1.

[0042] [0042]

Figure CN104348716AD00071

[0043]表1 [0043] TABLE 1

[0044] 根据网络通信协议规范,报文封装包括以太网层、网络层和传输层等,用00表示以太网的上层协议为IP协议;用01表示以太网的上层协议为ARP协议;用10表示以太网的上层协议为除IP和ARP的其他三层协议;用11表示所有以太网协议,即二层为以太网的所有三层协议;用〇〇〇表示IP协议的上层协议为M)P/TCP协议;用001表示IP协议的上层协议为ICMP协议;用010表示UDP/TCP/ICMP协议的分片报文;用011表示IP协议的上层协议为除ICMP/UDP/TCP的其他四层协议;100表示所有IP层协议,即三层为IP协议的所有四层协议。 [0044] A network communications protocol specification, including Ethernet packets encapsulating layer, network layer and the transport layer, with the upper layer 00 of the Ethernet protocol is IP protocol; 01 represented by the upper layer protocol is Ethernet ARP protocol; 10 represents the upper layer protocol is Ethernet, among other Layer 3 protocol IP and ARP; and 11 represents all with Ethernet protocols, i.e. two for all three layers of the Ethernet protocol; 〇〇〇 by the upper layer protocol is IP protocol M) P / TCP protocol; represents IP protocol with 001 upper layer protocol ICMP protocol; with 010 represents UDP / TCP / fragmented packets ICMP protocol; represents IP protocol with 011 upper layer protocol other ICMP / UDP / TCP of the other four layer protocol; 100 represents all IP layer protocol, i.e., all the IP protocol layer 4 protocol. 通过将表1中的以太网协议标志位和网络层协议标志位结合起来,就得到了上述6种流表分类值:00000、00001、00010、00011、01000和10000。 Table 1 by the Ethernet protocol and the network layer protocol flags flag combined to give the above six kinds of classification flow table value: 00000,00001,00010,00011,01000 and 10,000. 通过组合,还可以看出, 存在流表分类值00100和11000,这两种流表分类,作为上述6种流表的上级流表在后面再进行详细说明。 By the combination, it can also be seen that the presence of the flow value classification table 00100 and 11000, either stream classification table, the flow table as the parent these six flow table further described in detail later. 先将这8种流表的分类方法,在表2中进行介绍。 Classification of these eight first flow table, are described in Table 2.

[0045] [0045]

Figure CN104348716AD00081

[0046]表2 [0046] TABLE 2

[0047] 一个流表包含多个流表项,每个流表项包括匹配项和动作项。 [0047] a flow table entry contains a plurality of flow, each flow table entry includes a matching items and action items. 从表2可以看出,根据不同类型的协议分类的流表的流表项所包含的匹配项和动作项的内容不同。 As can be seen from Table 2, and the operation of different content item matches according to the flow entry of a flow table of the different types of protocol classification included. 也就是说, 本发明的控制设备生成流表时,就排除非法流表,根据不同协议,按照预定规则生成流表。 That is, the control apparatus of the present invention to generate a flow table, a flow table to exclude illegal, depending on the protocol, the flow meter generates in accordance with a predetermined rule. [0048] 总结来说,控制设备按照以下规则生成流表: [0048] In summary, the control device generates a flow table according to the following rules:

[0049]针对帧类型字段为IP协议的报文,才能生成流表匹配项中存在IP协议字段和IP ToS字段、动作项存在修改源IP地址和/或目的IP地址的动作的流表; Packet [0049] for the frame type field of the IP protocol, IP protocol field in order to generate and present IP ToS field matching flow table entry, the operation key exists modify the source IP address and / or operation of the flow table of the destination IP address;

[0050] 针对帧类型字段为IP协议或ARP协议的报文,才能生成流表匹配项中存在源IP 地址和/或目的IP地址字段的流表; Packet [0050] for the frame type field of the ARP protocol, or IP protocol, the presence of a flow table in order to generate the source IP address and / or destination IP address field matching flow table entry;

[0051] 针对帧类型字段为IP协议,且IP协议字段为TCP/UDP协议的非分片报文,才能生成动作项中存在修改源端口号和/或目的端口号的流表; [0051] The frame type field for the IP protocol and the IP protocol field is non-fragmented packet TCP / UDP protocol, in order to generate a flow table to modify source port number and / or destination port number is present in the action items;

[0052] 针对帧类型字段为IP协议,且IP协议字段为TCP/UDP/ICMP协议的非分片报文, 才能生成流表匹配项中存在源端口号和/或目的端口号的流表。 [0052] The frame type field for the IP protocol and the IP protocol field is non-fragmented packet TCP / UDP / ICMP protocol, in order to generate the flow stream table table exists source port number and / or destination port number of matches.

[0053] 例如,数据转发设备接收到的报文为ARP报文,通过解析,获得的解析结果为入端口号(Input_port)a、源和目的MAC地址(bl和b2),巾贞类型字段(e_type)c(0x0806)、源和目的IP地址(dl和d2)。 [0053] For example, the data transfer device receives the packet is ARP packets, by analyzing the analysis results obtained for the ingress port number (Input_port) a, source and destination MAC address (BL and B2), towel Zhen Type field ( e_type) c (0x0806), IP source and destination addresses (dl and d2). 这里需要注意的是,报文的解析是根据现有的Openflow协议进行的,由于ARP报文是承载于以太网协议上的三层协议报文,所以对ARP报文的解析只进行至IJ以太网这一层,不会解析到IP层,也就是说不会解析出源端口号和目的端口号。 It should be noted that the packet analysis is performed according to conventional protocols Openflow, since the ARP packet is carried on an Ethernet protocol in Layer 3 protocol packets, so parsing the ARP packet only to the Ethernet IJ this layer network, not resolved to the IP layer, that does not resolve the source port number and destination port number.

[0054] 因为解析出报文的协议类型为ARP报文,即帧类型字段为0x0806,所以返回的流表分类值为01000,从而找到对应的流表分类01000,fl〇w_claSS字段为01000的流表分类这样规定了这一类的流表: [0054] Since the parsed stream protocol packet type is an ARP packet, i.e., frame type field is 0x0806, the flow is returned classification table 01000 is, to find the corresponding stream classification table 01000, 01000 fl〇w_claSS field such classification table defines the flow table in this category:

[0055] 匹配项中Ethernettype仅能为0x0806,匹配项不能包含IPproto、IPToS、源端口和目的端口。 [0055] matches in only Ethernettype is 0x0806, a match can not contain IPproto, IPToS, source and destination ports. 动作项中不包含修改(modify)源IP地址、目的IP地址、IPToS、源端口和目的端口。 Action items does not contain modifications (Modify) source IP address, destination IP address, IPTOS, source and destination ports.

[0056] 找到该流表分类后,进而查找到匹配流表项,假设匹配项为Input_port=a,src_ mac=bl,dst_mac=b2,e_type=c,src_ip=dl,dst_ip=d2,因为动作项中不可能像现有技术那样,由于流表存储混乱,出现修改源端口号和目的端口号,所以匹配到上述流表项后,会顺利根据动作项进行转发。 After [0056] found the flow table classification, and thus find the matching flow table entry, assuming a match for Input_port = a, src_ mac = bl, dst_mac = b2, e_type = c, src_ip = dl, dst_ip = d2, because the action items not like in the prior art, since the flow table storage disorder, a source port number modification has occurred and a destination port number, so after matching to the flow entry will be forwarded in accordance with smooth action item. 因此,就不会像现有技术那样,在动作项中存在传输协议的字段(源端口号和目的端口号),导致数据转发设备无法处理这个报文的转发。 Therefore, not as in the prior art, field (source port number and destination port number) in the presence of transmission protocol action items, resulting in the data transfer apparatus can not process the packet forwarding.

[0057] 进一步地,数据转发设备还接收控制设备下发的各流表分类的上级流表及该上级流表对应的流表分类的信息,并将接收到的上级流表保存在对应的上级流表分类中。 [0057] Further, the data forwarding device also receives traffic classification table issued by the higher flow table apparatus each stream classification table and the table corresponding to the higher control flow, and stores the received flow table corresponding to the upper superior stream classification table.

[0058] 然后数据转发设备将控制设备下发的所有流表按照深度优先匹配原则预先设置流表分类之间的级别关系,建立多级流表,下一级流表的匹配深度高于上一级流表的匹配深度;当在对应的流表分类中未查找到匹配流表项时,在上一级流表中查找匹配流表项,直至匹配到流表项,或者在最上一级流表中仍未匹配到流表项时,将接收到的报文上送控制设备进行处理。 Depth All matching flow table [0058] The data transfer apparatus then delivered by the control device in accordance with the principle of depth-first pre-set level matching the relationship between the flow classification table, the flow table to establish a multi-stage, the next stage is higher than a flow table depth levels matching a flow table; when the corresponding stream classification table is not found matching flow table entry lookup table in a matching flow stream entry, stream entry until a match to, or at the most a stream when not matched to the flow table entry, the transmission control device for processing the received packets. 这里,在第一流表分类的流表匹配项多于第二流表分类,且包括有第二流表分类的所有流表匹配项时,第一流表分类即为第二流表分类的下级流表,第二流表分类即为第一流表分类的上级流表。 Here, in the flow table entry matching the first flow is greater than the second flow table classification table classification, and comprising a second flow table classification table matches all streams, the first stream classification table classification table is the second flow stream is lower table, that is, the upper second flow table classification table the first flow stream classification table.

[0059] 00100和11000这两个流表分类是控制设备主动下发的,作为上述6种流表分类的上级流表。 [0059] 00100 and 11000 are classified both flow table actively sent by the control device, the flow table as higher flow table above six categories. 上述6种流表分类是通过报文触发的,即首次进入数据转发设备的报文未找到匹配流表项时,将该报文上送控制设备,控制设备对报文进行解析,再下发具有相应流表分类值的流表。 Flow table above six classification is triggered by the message, that the message first enters the data forwarding device found matching flow entry, the packet is sent to the control equipment, control equipment for packet parsing, and then issued flow table having values ​​corresponding stream classification table.

[0060] 多级流表示意图如图3所示。 [0060] Multi-level flow shown in Figure 3 is intended to represent. 00000、00001、00010和00011是00100的下一级流表,00100是11000的下一级流表;同时01000和10000都是11000的下一级流表。 00000,00001,00010 and 00011 is a flow table 00100, 00100 is a flow table 11000; 01000 while under a stream table are 11,000 and 10,000.

[0061] 因为多级流表之间按照深度优先匹配原则建立,所以下一级流表相比于上一级流表,匹配项和动作项包含的内容更多,也就是说作为最低一级的流表,其一定是最长匹配, 匹配粒度最细。 [0061] Because, according to the depth of the flow between the multi-stage matching principle to establish a priority list, so the next level flow table compared to the previous flow table, the contents of matches and action items contained more, that as the lowest level flow table, which must be the longest match, matching the smallest size. 这样,数据转发设备接收到报文后,根据Openflow协议对报文进行解析,并根据解析后的结果,找到所对应的最低一级的流表分类,当在对应的流表分类中未查找到匹配流表项时,在上一级流表中查找匹配流表项,直至匹配到流表项;如果在最上一级流表中未匹配到流表项,则将接收到的报文上送控制设备进行处理。 Thus, the data transfer apparatus receives the packet, the packets by parsing Openflow protocol, according to the parsed result, to find the stream classification table corresponding to the lowest level, when the corresponding stream classification table is not found when matching flow table entry, matching flow table entry lookup in a flow table, until a match to the flow entry; if the feed stream at the top level table to the flow entry does not match, then the received packet a control device for processing.

[0062] 实施例一: [0062] Example a:

[0063]IPv6协议报文的帧类型字段为0x86DD,IPproto为41,IPv6报文经过解析后,返回的值为10000,在对应的流表分类中查找匹配的流表项。 [0063] IPv6 protocol packet frame type field 0x86DD, IPproto 41, is 10000, lookup table entries that match the flow stream corresponding IPv6 packet classification table after parsing returned.

[0064] 由于10000对应的流表分类中,每个流表项的匹配项帧类型字段仅能为除去0x0806和0x0800的其他以太网协议号。 [0064] Since the stream classification table 10000 corresponding to, for each frame type field matches the flow entry is removed only other Ethernet protocol number of 0x0806 and 0x0800. 假设在10000对应的流表分类中,匹配项不存在帧类型字段为0x86DD字段,数据转发设备在对应的流表分类10000中就无法找到匹配的流表项。 Assuming the stream classification table 10000 corresponding to the matching entry does not exist 0x86DD frame type field is a field, the data transfer apparatus is unable to find the matching entry in the flow table corresponding to the stream classification table 10000. 进而数据转发设备指向10000的上一级流表分类11000。 The data transfer apparatus further point on a stream classification table 10000 11000. 之所以将11000作为10000 的上一级流表,是因为11000的匹配粒度相对粗一点,在11000对应的流表分类中,每个流表项的匹配项不包含帧类型字段字段、源IP地址、目的IP地址、IPproto、IPToS、源端口和目的端口。 The reason why a flow table 11000 as the 10000, 11000 because relatively coarse granularity matching point in the stream classification table 11000 corresponding to, for each flow table entry matches the field does not contain the frame type field, source IP address , destination IP address, IPproto, IPToS, source and destination ports. 动作项中不包含modify源IP地址、目的IP地址、IPToS、源端口和目的端口。 Action items does not contain modify the source IP address, destination IP address, IPTOS, source and destination ports. 由于对帧类型字段和IP协议字段都不作限定,所以匹配到相对较少的项就可以实现转发。 Since the frame type field of the IP protocol and is not limited in the field, so the match to the relatively small number of items can be achieved forwarded.

[0065] 而且,在11000对应的流表分类中,匹配项包含源MAC地址和目的MAC地址,动作项包含转发或者丢弃报文动作等。 [0065] Further, when the stream classification table 11000 corresponding to the matching entry including a source MAC address and destination MAC addresses, the operation items to forward or discard packets containing operation and the like. 所以将控制设备下发的11000流表分类,对应以太网的访问控制列表(ACL)或者服务质量(QoS)的调控。 So the issue is under the control equipment 11000 Flow classification table, the corresponding Ethernet access control list (ACL) or the regulation of quality of service (QoS) of. 也就是说,在数据转发设备接收到控制设备下发的各流表分类的上级流表及该上级流表对应的流表分类的信息时,对该上级流表进行判断,当该上级流表分类的下级流表分类中具有与该上级流表的流表匹配项相匹配,且与该上级流表的流表动作项不匹配的流表,则删除该下级流表。 That is, the data forwarding device receives traffic classification table of each table in the upper flow stream classification table issued by the higher-level control apparatus and the corresponding flow table, the flow table superior judge, when the higher flow table lower stream classification table classification matches entries having the higher flow table matching flow table and the flow table does not match the operation flow table entries in the higher flow table, deleting the subordinate flow table.

[0066] 例如,第一种情况:假设在10000对应的流表分类中,匹配项不存在帧类型字段为0x86DD字段,数据转发设备在对应的流表分类10000中就无法找到匹配的流表项,当IPv6 报文匹配到11000对应的流表分类,进而在11000流表分类中查找匹配的流表项,在匹配到源MAC地址和目的MAC地址后,执行转发或者丢弃报文的动作。 [0066] For example, the first case: Suppose the stream classification table 10000 corresponding to the matching entry does not exist 0x86DD frame type field is a field, the data transfer apparatus is unable to find the matching entry in the flow table corresponding to the stream classification table 10000 , matched to the IPv6 packet classification table 11000 corresponding to the flow, and thus the flow lookup table entries that match the classification table 11000 stream, after matching the source MAC address and destination MAC address, the packet forwarding is performed or discard operation.

[0067] 第二种情况:假设在10000对应的流表分类中,匹配项的源MAC地址src_mac=cl, 目的MAC地址dst_mac=c2,动作项为丢弃;同时在11000对应的流表分类中,匹配项的源MAC地址src_mac=cl,目的MAC地址dst_mac=c2,动作项为转发。 [0067] The second case: Suppose stream classification table 10000 corresponding to, source MAC address matches src_mac = cl, destination MAC address dst_mac = c2, the action item is dropped; the same classification in the flow table corresponding to 11,000, matches the source MAC address src_mac = cl, destination MAC address dst_mac = c2, to the forwarding action item. 则数据转发设备在接收至IJ11000对应的流表时,就会将10000对应的流表删除。 The data transfer apparatus when receiving a stream corresponding to IJ11000 table, it will delete the flow table corresponding to 10,000. IPv6报文就会直接匹配到11000 对应的流表分类,进而在11000流表分类中查找匹配的流表项,在匹配到源MAC地址和目的MAC地址后,执行转发报文的动作,从而实现以太网的ACL或者QoS调控。 IPv6 packets will flow directly into the matching classification table 11000 corresponding flow entry further match lookup 11,000 stream classification table, after matching the source MAC address and destination MAC address, perform packet forwarding operation, in order to achieve ACL or QoS regulation of Ethernet.

[0068] 实施例二 [0068] Second Embodiment

[0069]ICMP协议报文的帧类型字段为0x0800,IPproto为1,ICMP报文经过解析后,返回的值为〇〇〇〇1,在对应的流表分类中查找匹配的流表项。 [0069] ICMP protocol packet frame type field is 0x0800, IPproto is 1, ICMP packet is parsed, the returned value 〇〇〇〇1 find the matching entry in the flow table corresponding to the stream classification table.

[0070] 如果没有找到匹配的流表项,进而指向00001的上一级流表分类00100,在00100 对应的流表分类中查找匹配的流表项。 [0070] If no matching flow table entry, in turn, points on a flow table 00001 00100 classification, matching flow table entry lookup in flow table 00100 corresponding to the classification.

[0071] 如果还是没有找到匹配的流表项,进而指向00100的上一级流表分类11000,在11000对应的流表分类中查找匹配的流表项。 [0071] If a matching flow table entry is not found, a further point on the stream classification table 00100 11000, find a match in the flow classification table 11000 corresponding flow table entry.

[0072] 如果仍然没有找到匹配的流表项,就会将ICMP报文上送到控制设备进行处理。 [0072] If the flow table entries that match is still not found, it will be sent to the control device for processing the ICMP packets.

[0073] 而且,在00100对应的流表分类中,匹配项不包含IPProto字段,包含源IP地址和目的IP地址,动作项包含转发或者丢弃报文动作等。 [0073] Further, when the stream classification table 00100 corresponding to the matching entry does not contain IPProto field, including the source IP address and destination IP addresses, the operation items to forward or discard packets containing operation and the like. 所以将控制设备下发的00100流表分类,对应IP层的ACL或者QoS的调控。 Therefore, the control device will be delivered by the flow table 00100 classification, the corresponding ACL IP layer QoS or regulation. 也就是说,在数据转发设备接收到控制设备下发的各流表分类的上级流表及该上级流表对应的流表分类的信息时,对该上级流表进行判断, 当该上级流表分类的下级流表分类中具有与该上级流表的流表匹配项相匹配,且与该上级流表的流表动作项不匹配的流表,则删除该下级流表。 That is, the data forwarding device receives traffic classification table of each table in the upper flow stream classification table issued by the higher-level control apparatus and the corresponding flow table, the flow table superior judge, when the higher flow table lower stream classification table classification matches entries having the higher flow table matching flow table and the flow table does not match the operation flow table entries in the higher flow table, deleting the subordinate flow table.

[0074] 例如,第一种情况:数据转发设备在对应的流表分类00001中无法找到匹配的流表项,当ICMP报文匹配到00100对应的流表分类,进而在00100流表分类中查找匹配的流表项,在匹配到源IP地址和目的IP地址后,执行转发或者丢弃报文的动作。 [0074] For example, the first case: the data transfer apparatus can not find the matching entry in the flow table corresponding to the stream classification table 00001, when mated to the ICMP packet stream classification table 00100 corresponding to the turn table lookup in the flow classification 00100 matching flow table entry, the match to the source IP address and destination IP address, the packet forwarding is performed or discard operation.

[0075] 第二种情况:假设在00001对应的流表分类中,匹配项的帧类型字段为0x0800,源IP地址src_ip=pl,目的IP地址dst_ip=p2,动作项为转发;同时在00100对应的流表分类中,匹配项的巾贞类型字段为0x0800,源IP地址src_ip=pl,目的IP地址dst_ip=p2,动作项为丢弃。 [0075] The second case: Suppose stream classification table 00001 corresponding to the frame type field match is 0x0800, the source IP address src_ip = pl, destination IP address dst_ip = p2, the forwarding action items; 00100 while the corresponding stream classification table, the match type field is 0x0800 towel Zhen, source IP address src_ip = pl, destination IP address dst_ip = p2, action item to discard. 则数据转发设备在接收到00100对应的流表时,就会将00001对应的流表删除。 The data transfer apparatus upon receiving a corresponding flow table 00100, 00001 will deletes the corresponding flow table. ICMP报文就会直接匹配到00100对应的流表分类,进而在00100流表分类中查找匹配的流表项,在匹配到源IP地址和目的IP地址后,执行丢弃报文的动作,从而实现IP层的ACL或者QoS调控。 ICMP packets will be sent directly to the matching flow table 00100 corresponding to the classification, and thus the flow lookup table entries that match the classification table 00100 stream, after matching the source IP address and destination IP address, discard the packets operation, in order to achieve ACL IP layer QoS or regulation.

[0076]需要说明的是,本发明实施例的流表分类,是基于现有Openflow协议的,当Openflow协议解析报文的流程发生变化时,流表分类也随之变化的。 [0076] Incidentally, the stream classification table according to an embodiment of the present invention is based on the existing protocol Openflow, when Openflow packet protocol analysis processes change, the flow also changes the classification table. 现有Openflow协议对IPv6报文是不解析源IP和目的IP的,如果Openflow协议后续得到扩展,对IPv6协议进行源IP和目的IP的解析,那么,根据本发明的方法就可以在IPv6协议进行源IP和目的IP的解析后,返回一个流表分类值。 Openflow existing IPv6 protocol packets does not parse the source and destination IP, and if a subsequent expanded Openflow protocol, IPv6 protocol for the source and destination IP analysis, then, may be carried out according to the invention the IPv6 protocol is after the source and destination IP parsing, it returns a stream classification table values. 因为本发明实施例以太网协议标志位用2bit表示四种情况,如果增加了针对IPv6协议的解析结果后,就需要增加以太网协议标志位,以满足增加了的这种解析结果,也就是说可以将以太网标志位用3bit或者更多比特进行区分。 Because the Ethernet protocol flags embodiment of the present invention represented embodiment by 2bit four cases, if the increase in the analysis results for the IPv6 protocol, the Ethernet protocol requires increased flag, in order to meet the increased this analysis result, i.e. Ethernet 3bit flag may be used to distinguish or more bits. 推而广之,除本发明的具体实施例外,可以增加以太网协议标志位或者IP层协议标志位,这样就可以在Openflow协议扩展的情况下,完成更多字段的匹配和操作功能。 By extension, in addition to the specific embodiment of the present invention exception flag may be increased or the Ethernet protocol layer protocol IP flag bit, so that you can in the case of protocol extensions Openflow, matching is completed and operational functions more fields.

[0077] 本发明报文处理方法,会带来如下好处: [0077] The text message processing method of the present invention, will bring the following benefits:

[0078] 一、提商流表匹配效率; [0078] First, the business flow table matching efficiency mention;

[0079] 二、数据转发设备保存的流表数据库更加有条理; [0079] Second, the data flow forwarding table stored in the device database more organized;

[0080] 三、可以根据Openflow协议的扩展灵活更新流表分类。 [0080] Third, the classification can be flexibly extended Openflow protocol updates the flow table according.

[0081] 基于同样的发明构思,本发明还提出一种数据转发设备,应用于包括基于OpenFlow协议的控制设备和数据转发设备的网络中;参见图4,图4为本发明具体实施例中应用于上述方法的数据转发设备的结构示意图。 [0081] Based on the same inventive concept, the present invention further provides a data transfer apparatus, comprising a forwarding device is applied to a control device based on the data and network protocol OpenFlow; see FIG. 4, FIG embodiment applying specific embodiment of the present invention 4 schematic structure of the apparatus to the data forwarding process. 该数据转发设备包括: The data transfer apparatus comprising:

[0082] 接收单元401,用于接收报文; [0082] The receiving unit 401 is configured to receive a packet;

[0083] 解析单元402,用于对所述报文的报文头部进行解析,获得所述报文承载的数据字段对应的协议信息; [0083] The parsing unit 402 for parsing the packet header of the packet, to obtain the protocol information field of the packet data corresponding to the carrier;

[0084] 对应关系确定单元403,用于根据预先建立的协议信息与流表分类之间的对应关系,确定所述报文对应的流表分类; [0084] correspondence relationship determining unit 403, according to a correspondence relationship between pre-established protocol information stream classification table, to determine the flow table corresponding to the packet classification;

[0085] 匹配单元404,用于在所确定的流表分类中查找匹配的流表项,对所述报文进行处理。 [0085] The matching unit 404 for matching to find the determined flow stream classification table entry, the packet is processed.

[0086] 所述设备还包括多级流表建立单元405 ; [0086] The apparatus further comprises a multi-stage flow table creating unit 405;

[0087] 所述多级流表建立单元,用于预先设置流表分类之间的级别关系,其中,下一级流表分类的匹配深度大于上一级流表分类的匹配深度; [0087] The multi-stage flow table creating unit configured to set in advance the relationship between the level of the stream classification table, wherein the depth of the flow matching the table on the classification match at a depth greater than a stream classification table;

[0088]所述匹配单元404,用于当在所述报文对应的流表分类中未查找到匹配流表项时, 进一步在上一级流表中查找匹配流表项,直至匹配到流表项,或者在最上一级流表中仍未匹配到流表项时,将接收到的报文上送控制设备进行处理。 [0088] The matching unit 404, when a packet stream corresponding to the classification table is not found matching flow table entry, further find a match a flow entry in the flow table, the flow until a match when the entry, or an uppermost stream table entry has not yet matched to the flow, the transmission control device for processing the received packets.

[0089] 所述接收单元401,还用于接收控制设备生成并下发针对所述报文的流表及该流表所属的流表分类的信息,并将接收到的流表保存在对应的流表分类中。 [0089] The receiving unit 401 is configured to receive the control apparatus further generates and delivers traffic classification table for the packet flow in flow table and the table belongs, and stores the received in the corresponding flow table stream classification table.

[0090] 所述接收单元401,还用于接收控制设备下发的各流表分类的上级流表及该上级流表对应的流表分类的信息,并将接收到的上级流表保存在对应的上级流表分类中; [0090] The receiving unit 401 is further configured to stream classification table superior flow table each stream classification table issued by the higher level of the reception control apparatus and the corresponding flow table, and stores the received flow table corresponding to the upper the higher the flow classification table;

[0091] 所述设备还包括判断控制单元406,用于对该上级流表进行判断,当该上级流表分类的下级流表分类中具有与该上级流表的流表匹配项相匹配,且与该上级流表的流表动作项不匹配的流表,则删除该下级流表。 [0091] The apparatus further comprises a determination control unit 406, for determining the higher flow table when the flow table classification lower the higher flow table having the classification matches flow table entry that matches the higher flow table, and the superior flow table with flow meter flow table entry does not match the actions of the subordinate flow table is deleted.

[0092]综上所述,本发明具体实施例中,通过报文触发控制设备下发流表分类,该流表分类是根据Openflow协议对不同协议类型的报文解析结果不同而设计的,这样报文通过数据转发设备后,解析出相应类别的报文,返回相应的流表分类值,这个值与流表中fl〇w_ class字段中的值相对应,这样就可以提高流表检索效率,不需要像现有技术那样进行遍历匹配。 [0092] In summary, specific embodiments of the present invention, by sending the packet stream classification table trigger control device, the stream classification table according Openflow different protocol types of protocol packets of different analytical results and design, so that after the data packet forwarding device parses the packets corresponding category, the corresponding return flow value classification table, the table value of the flow field fl〇w_ corresponding class so that it can improve the efficiency of the flow table search, as image matching does not need to be traversed prior art. 进一步地,控制设备还主动下发分类后的多个流表的上级流表,下一级流表的匹配深度高于上一级流表的匹配深度;当在对应的流表分类中未查找到匹配流表项时,在上一级流表中查找匹配流表项,直至匹配到流表项。 Further, the control apparatus further actively delivers the classified plurality of flow table superior flow table, the flow table matching a depth greater than the depth of matching a flow table; if not found in the corresponding stream classification table when matching flow table entry, matching flow table entry lookup in a flow table, the flow entry until a match. 通过多级流表的管理,使数据转发设备保存的流表数据库更加有条理。 By managing multi-level flow table, the data saved in the forward flow table database more organized.

[0093] 以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。 [0093] The above descriptions are merely preferred embodiments of the present invention but are not intended to limit the scope of the present invention. 凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 Any modification within the spirit and principle of the present invention, made, equivalent substitutions, improvements, etc., should be included within the scope of the present invention.

Claims (11)

1. 一种报文处理方法,应用于包括基于化enFlow协议的控制设备和数据转发设备的网络中,其特征在于,该方法包括: 数据转发设备接收到报文; 数据转发设备对所述报文的报文头部进行解析,获得所述报文承载的数据字段对应的协议信息; 数据转发设备根据预先建立的协议信息与流表分类之间的对应关系,确定所述报文对应的流表分类; 数据转发设备在所确定的流表分类中查找匹配的流表项,对所述报文进行处理。 A message processing method applied to a control device and based on the data forwarding device of enFlow protocol network, characterized in that, the method comprising: a data forwarding device receives packet; forwarding data packets to said device of a packet header is parsed to obtain the protocol information field of the packet data corresponding to the bearer; data transfer apparatus according to a correspondence relationship between pre-established protocol information stream classification table, to determine the packet stream corresponding to table classification; data forwarding device searches the flow table entries that match the determined stream classification table, the packet processing.
2. 如权利要求1所述的方法,其特征在于,该方法进一步包括: 预先设置流表分类之间的级别关系,其中,下一级流表分类的匹配深度大于上一级流表分类的匹配深度; 当在所述报文对应的流表分类中未查找到匹配流表项时,进一步在上一级流表中查找匹配流表项,直至匹配到流表项,或者在最上一级流表中仍未匹配到流表项时,将接收到的报文上送控制设备进行处理。 2. The method according to claim 1, characterized in that, the method further comprising: setting in advance the relationship between the level of the flow classification table, wherein the depth matching a flow table classification is greater than an upper stream classification table matching depth; when, upon further search the flow table corresponding to the packet classification is not found to match a flow entry in the flow table entry matching flow, flow entry until a match to, or at the most a when not matching flow table entry to the flow table, the transmission control device for processing the received packets.
3. 如权利要求2所述的方法,其特征在于,在将所述报文上送控制设备后,所述方法还包括: 数据转发设备接收控制设备生成并下发针对所述报文的流表及该流表所属的流表分类的信息,并将接收到的流表保存在对应的流表分类中。 3. The method according to claim 2, characterized in that the message sent to the control device, the method further comprising: receiving a data forwarding device control apparatus for generating and delivers the packet stream stream classification table and the table of the flow table belongs, and stored in the flow table corresponding to the received stream classification table.
4. 如权利要求3所述的方法,其特征在于, 所述数据转发设备还接收控制设备下发的各流表分类的上级流表及该上级流表对应的流表分类的信息,并将接收到的上级流表保存在对应的上级流表分类中; 所述数据转发设备对该上级流表进行判断,当该上级流表分类的下级流表分类中具有与该上级流表的流表匹配项相匹配,且与该上级流表的流表动作项不匹配的流表,则删除该下级流表。 4. The method according to claim 3, wherein the data forwarding device also receives traffic classification table of each table in the upper flow stream classification table issued by the higher-level control apparatus and the corresponding flow table, and the data stream forwarding table of the apparatus for determining the upper stream table when the lower table classification higher flow stream classification table having the higher flow table; received table is stored in the upper stream corresponding to the upper stream classification table match match, the higher the flow table and the flow table entry does not match the flow of the operation table, deleting the subordinate flow table.
5. 如权利要求1所述的方法,其特征在于,所述数据转发设备进一步根据所述报文的W太网首部中的峽类型字段和/或IP首部中的IP协议字段,确定所述报文承载的数据字段对应的协议信息。 5. The method according to claim 1, wherein said data transfer apparatus according to the further packet header Gap W Ethernet Type fields and / or IP header fields in the IP protocol, determining the protocol information packets carrying data corresponding field.
6. 如权利要求5所述的方法,其特征在于,所述协议信息具体包括;峽类型字段为ARP 协议;峽类型字段为ARP协议和IP协议外的其他协议;非IP分片报文且IP协议字段为UDP 或TCP协议;非IP分片报文且IP协议字段为ICMP协议;非IP分片报文且IP协议字段为UDP、TCP协议或ICMP协议外的其他协议;分片报文且IP协议字段为UDP、TCP协议或ICMP 协议。 6. The method according to claim 5, wherein the protocol information comprises; Gap field of the ARP protocol type; Gap ARP protocol type field of the outer IP protocol and other protocols; non-fragmented IP packets and IP protocol field is UDP or TCP protocol; non-fragmented IP packets and the IP protocol field of the ICMP protocol; non-fragmented IP packets and the IP protocol field is UDP, other protocols outside of the TCP protocol or the ICMP protocol; fragmented packets and the IP protocol field is UDP, TCP or ICMP protocol agreement.
7. 如权利要求6所述的方法,其特征在于,所述数据转发设备进一步接收所述控制设备按照W下规则生成的流表: 针对峽类型字段为IP协议的报文,才能生成流表匹配项中存在IP协议字段和IP ToS 字段、动作项存在修改源IP地址和/或目的IP地址的动作的流表; 针对峽类型字段为IP协议或ARP协议的报文,才能生成流表匹配项中存在源IP地址和/或目的IP地址字段的流表; 针对峽类型字段为IP协议,且IP协议字段为TCP/UDP协议的非分片报文,才能生成动作项中存在修改源端口号和/或目的端口号的流表; 针对峽类型字段为IP协议,且IP协议字段为TCP/UDP/ICMP协议的非分片报文,才能生成流表匹配项中存在源端口号和/或目的端口号的流表。 7. The method according to claim 6, wherein said data transfer apparatus further receives the flow control table generation apparatus according to rules W: Gap Type field for the IP protocol packets in order to generate the flow table There is an IP protocol field and the IP ToS field matches, the operation key exists modify the source IP address and / or flow table operation of the destination IP address; packet for Gap type field of the IP protocol or ARP protocol, in order to generate a flow table matching there is a modification source port entry operation type field for Gap IP protocol and the IP protocol field is TCP / UDP protocol non-fragmented packet, to generate; present source IP address and / or destination IP flow table entry address field number and / or destination port number of the flow table; Gap type field for the IP protocol and the IP protocol field is non-fragmented packet TCP / UDP / ICMP protocol, in order to generate a flow table entry matches the source port number and the presence / flow table or destination port number.
8. -种数据转发设备,应用于包括基于化enFlow协议的控制设备和数据转发设备的网络中;该设备包括: 接收单元,用于接收报文; 解析单元,用于对所述报文的报文头部进行解析,获得所述报文承载的数据字段对应的协议信息; 对应关系确定单元,用于根据预先建立的协议信息与流表分类之间的对应关系,确定所述报文对应的流表分类; 匹配单元,用于在所确定的流表分类中查找匹配的流表项,对所述报文进行处理。 8. - kind of data forwarding devices, applied to a network forwarding device based on the control device and the data protocol of enFlow; the apparatus comprising: a receiving unit for receiving a packet; parsing means, for the message packet header parsing, to obtain information data field of the protocol message corresponding to the carrier; correspondence relationship determining unit, according to a correspondence relationship between pre-established protocol information stream classification table, corresponding to the packet is determined stream classification table; matching means for finding matching the determined flow stream classification table entry, the packet is processed.
9. 如权利要求8所述的设备,其特征在于,所述设备还包括多级流表建立单元; 所述多级流表建立单元,用于预先设置流表分类之间的级别关系,其中,下一级流表分类的匹配深度大于上一级流表分类的匹配深度; 所述匹配单元,用于当在所述报文对应的流表分类中未查找到匹配流表项时,进一步在上一级流表中查找匹配流表项,直至匹配到流表项,或者在最上一级流表中仍未匹配到流表项时,将接收到的报文上送控制设备进行处理。 9. The apparatus according to claim 8, wherein said apparatus further comprises a multi-stage flow table creating unit; the multistage flow table creating unit configured to set in advance the relationship between the level of the stream classification table, wherein , matching the depth of a stream classification table is greater than the depth matching a flow table of classification; the matching unit, for, when the flow table corresponding to the packet classification is not found matching flow table entry, further the lookup table in the stream matching a flow table entry until a match to the flow entry, or an uppermost stream table entry has not yet matched to the flow, the transmission control device for processing the received packets.
10. 如权利要求9所述的设备,其特征在于,所述接收单元,还用于接收控制设备生成并下发针对所述报文的流表及该流表所属的流表分类的信息,并将接收到的流表保存在对应的流表分类中。 10. The apparatus according to claim 9, wherein the receiving unit is further configured to receive information and a control device for generating the stream classification table packet flow table and the flow table belongs issued, and stored in the stream classification table corresponding to the received flow table.
11. 如权利要求10所述的设备,其特征在于,所述接收单元,还用于接收控制设备下发的各流表分类的上级流表及该上级流表对应的流表分类的信息,并将接收到的上级流表保存在对应的上级流表分类中; 所述设备还包括判断控制单元,用于对该上级流表进行判断,当该上级流表分类的下级流表分类中具有与该上级流表的流表匹配项相匹配,且与该上级流表的流表动作项不匹配的流表,则删除该下级流表。 11. The apparatus according to claim 10, wherein the receiving unit is further configured to stream classification table superior flow table each stream classification table issued by the higher level of the reception control apparatus and the corresponding flow table, and stores the received flow table corresponding to the upper stream of the upper table classification; said apparatus further comprises a judgment control means for determining the higher flow table when the lower table classification of the higher flow stream classification table having the superior flow table and the flow table entry matches the match, and the flow table does not match the operation flow table entry with the higher flow table, deleting the subordinate flow table.
CN201310315236.XA 2013-07-23 2013-07-23 One kind of packet processing method and apparatus CN104348716B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310315236.XA CN104348716B (en) 2013-07-23 2013-07-23 One kind of packet processing method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310315236.XA CN104348716B (en) 2013-07-23 2013-07-23 One kind of packet processing method and apparatus

Publications (2)

Publication Number Publication Date
CN104348716A true CN104348716A (en) 2015-02-11
CN104348716B CN104348716B (en) 2018-03-23

Family

ID=52503568

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310315236.XA CN104348716B (en) 2013-07-23 2013-07-23 One kind of packet processing method and apparatus

Country Status (1)

Country Link
CN (1) CN104348716B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104821923A (en) * 2015-05-15 2015-08-05 杭州华三通信技术有限公司 Method and device for transmitting upper-supply controller protocol message in SDN network
CN105515995A (en) * 2015-12-01 2016-04-20 华为技术有限公司 Message processing method and apparatus, and flow table generation method and apparatus
CN105553851A (en) * 2015-12-10 2016-05-04 中国电子科技集团公司第三十二研究所 SDN (software defined network)-based network processor microcode and flow table implementing device and method
CN105959222A (en) * 2016-04-25 2016-09-21 上海斐讯数据通信技术有限公司 Message forwarding method, route nodes, and software defined network
CN106357535A (en) * 2016-08-29 2017-01-25 广州西麦科技股份有限公司 Issuing method, system and controller of SDN flow table
WO2017024571A1 (en) * 2015-08-12 2017-02-16 华为技术有限公司 Packet processing method, apparatus and system
CN106453144A (en) * 2015-08-10 2017-02-22 华为技术有限公司 Message processing method and device in software-defined network
CN107070693A (en) * 2017-01-12 2017-08-18 烽火通信科技股份有限公司 Method and device for rapidly configuring POTN services based on OpenFlow flow table

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1937574A (en) * 2005-09-19 2007-03-28 北京大学 Network flow classifying, state tracking and message processing device and method
CN102685006A (en) * 2012-05-03 2012-09-19 中兴通讯股份有限公司 Method and device for forwarding data messages
CN102769576A (en) * 2012-08-17 2012-11-07 北京傲天动联技术有限公司 Flow table self learning method, message transferring method and switch board
CN102957603A (en) * 2012-11-09 2013-03-06 盛科网络(苏州)有限公司 Multilevel flow table-based Openflow message forwarding method and system
WO2013059991A1 (en) * 2011-10-25 2013-05-02 华为技术有限公司 Data message processing method and system, message forwarding device
CN103141058A (en) * 2010-09-23 2013-06-05 思科技术公司 Network interface controller for virtual and distributed services

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1937574A (en) * 2005-09-19 2007-03-28 北京大学 Network flow classifying, state tracking and message processing device and method
CN103141058A (en) * 2010-09-23 2013-06-05 思科技术公司 Network interface controller for virtual and distributed services
WO2013059991A1 (en) * 2011-10-25 2013-05-02 华为技术有限公司 Data message processing method and system, message forwarding device
CN102685006A (en) * 2012-05-03 2012-09-19 中兴通讯股份有限公司 Method and device for forwarding data messages
CN102769576A (en) * 2012-08-17 2012-11-07 北京傲天动联技术有限公司 Flow table self learning method, message transferring method and switch board
CN102957603A (en) * 2012-11-09 2013-03-06 盛科网络(苏州)有限公司 Multilevel flow table-based Openflow message forwarding method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
OPENFLOW CONSORTIUM: "《OpenFlow Switch Specification》", 《OPENFLOW SWITCH SPECIFICATION VERSION 1.1.0 IMPLEMENTED》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104821923A (en) * 2015-05-15 2015-08-05 杭州华三通信技术有限公司 Method and device for transmitting upper-supply controller protocol message in SDN network
CN106453144A (en) * 2015-08-10 2017-02-22 华为技术有限公司 Message processing method and device in software-defined network
WO2017024571A1 (en) * 2015-08-12 2017-02-16 华为技术有限公司 Packet processing method, apparatus and system
CN105515995A (en) * 2015-12-01 2016-04-20 华为技术有限公司 Message processing method and apparatus, and flow table generation method and apparatus
CN105515995B (en) * 2015-12-01 2018-09-21 华为技术有限公司 Packet processing method and apparatus
CN105553851A (en) * 2015-12-10 2016-05-04 中国电子科技集团公司第三十二研究所 SDN (software defined network)-based network processor microcode and flow table implementing device and method
CN105959222A (en) * 2016-04-25 2016-09-21 上海斐讯数据通信技术有限公司 Message forwarding method, route nodes, and software defined network
CN106357535A (en) * 2016-08-29 2017-01-25 广州西麦科技股份有限公司 Issuing method, system and controller of SDN flow table
CN107070693A (en) * 2017-01-12 2017-08-18 烽火通信科技股份有限公司 Method and device for rapidly configuring POTN services based on OpenFlow flow table

Also Published As

Publication number Publication date
CN104348716B (en) 2018-03-23

Similar Documents

Publication Publication Date Title
US9755960B2 (en) Session-aware service chaining within computer networks
US8948174B2 (en) Variable-based forwarding path construction for packet processing within a network device
US10097452B2 (en) Chaining of inline services using software defined networking
US7602787B2 (en) Using ternary and binary content addressable memory stages to classify information such as packets
US8520672B2 (en) Packet switching device using results determined by an application node
US7039018B2 (en) Technique to improve network routing using best-match and exact-match techniques
US7765313B2 (en) Hierarchical protocol classification engine
CN104704779B (en) Method and apparatus for accelerating software-defined network forwarding
US7778194B1 (en) Examination of connection handshake to enhance classification of encrypted network traffic
US9800697B2 (en) L2/L3 multi-mode switch including policy processing
US20060203721A1 (en) Apparatus and method for packet forwarding with quality of service and rate control
CN101421991B (en) Hardware filtering support for denial-of-service attacks
EP2667545A1 (en) Network system, controller, switch, and traffic monitoring method
CN102238083B (en) Systems and methods for adapting the packet processing pipeline
CN102783098B (en) Communication system, a path control device, the packet forwarding device and path control method
US20070201490A1 (en) System and method for implementing ethernet MAC address translation
CN101019405B (en) Method and system for mitigating denial of service in a communication network
CN101019357B (en) A method and apparatus for transmitting information through the switch
US7680943B2 (en) Methods and apparatus for implementing multiple types of network tunneling in a uniform manner
US7684400B2 (en) Logarithmic time range-based multifield-correlation packet classification
US8774177B2 (en) Classifying traffic at a network node using multiple on-chip memory arrays
US20110205931A1 (en) System and method for managing flow of packets
CN104823416B (en) Apparatus and method for ordering packets OpenFlow implemented in a software-defined network
US8782739B2 (en) Access list key compression
US9451056B2 (en) Method for mapping packets to network virtualization instances

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
CB02
GR01