CN104715019A - Rule dynamic issuing method and devoice for software-defined network - Google Patents

Abstract

The invention provides a rule dynamic issuing method for a software-defined network. The method comprises the steps that S1, multiple rule subsets RS are established for a rule universal set R, rules in each rule subset RS are made to meet a complete hierarchy nesting relation, and a complete hierarchy nesting tree is generated for each rule subset RS; S2, corresponding issuing rules are established according to the complete hierarchy nesting trees generated by all the rule subsets and uploaded network packages; S3, geometric space intersection operations are carried out on the established issuing rules to obtain a final single issuing rule, and then rule issuing operations are carried out. According to the rule dynamic issuing method for the software-defined network, on the premise that the decision consistency of a control plane and a data plane can be guaranteed, the flow effective covering range of the issuing rules is increased greatly, memory usage of equipment is saved remarkably, and the occurrence rate of rule loss is reduced.

Description

A kind of dynamic delivery method of rule of software defined network and device

Technical field

The present invention relates to network filtering and monitoring technique field, be specifically related to a kind of dynamic delivery method of rule and device of software defined network.

Background technology

Software defined network (SDN) is a kind of new network framework.It is by peeling off the chain of command of the network equipment from data surface, steering logic is concentrated in the middle of a special controller, can realize and flexibly management and control more concentrated to network function.At the data surface of SDN, each network equipment is classified to the net bag flowing through self according to the regular collection self stored, and namely finds and wraps the rule of mating and make corresponding disposal decision with netting.Rule set wherein in each network equipment is issued by the controller of SDN chain of command: namely controller is responsible for processing overall steering logic, and issues algorithm by rule and issue corresponding rule set to each network equipment.

The available computational geometry of rule stored in controller or the network equipment carries out modelling description: in rule, the span in each territory opens into whole hyperspace, each rule is to should a hypercube in hyperspace, and the domain of dependence value in each net handbag head is to should a point in space.If the point that certain net bag is corresponding falls into hypercube corresponding to certain rule, then this net bag is claimed to mate with this rule.A net bag may mate with many rules, now chooses the highest rule of its medium priority and carries out respective handling.

Controller directly affects the handling property of the network equipment to flow to the dynamic delivery method of rule of the network equipment: 1) the rale store limited space of the network equipment, issues too much rule and can exceed its processing power.2) if net Bao Wei finds matched rule (being called rule disappearance) in the network device, then this net package informatin dynamically can be uploaded to controller by the network equipment, waits for that controller issues respective rule and processes.If the regular small volume that controller issues, then rule disappearance is more, causes the network equipment to the average treatment rate reduction of flow; If the regular volume that controller issues is excessive, then the decision-making of the network equipment and controller may be caused inconsistent.Therefore, consistance is ensured and efficiently dynamic programming delivery method receives much concern in academia and industry member.

The exemplary process that existing dynamic programming issues comprises: the rule issuing exact matching (namely without asterisk wildcard) according to the net package informatin uploaded, and the method can ensure decision-making consistance but can cause a large amount of rule disappearance; All rules relied on mutually with hit rule all issued according to the net package informatin uploaded, the method often takies too much device memory, even exceeds the device storage upper limit.

Summary of the invention

For the deficiencies in the prior art, the invention provides a kind of dynamic delivery method of rule and device of software defined network, can under guarantee chain of command and the conforming prerequisite of data surface decision-making, greatly improve the flow effective coverage range issuing rule, significantly save the incidence that device memory takies, reduces rule disappearance.

For achieving the above object, the present invention is achieved by the following technical programs:

First aspect, the invention provides a kind of dynamic delivery method of rule of software defined network, comprising:

S1. regular complete or collected works R is built some rules subset RS, make the rule in each rules subset RS all meet complete hierarchy nesting relation, and each rules subset RS is generated as a complete hierarchy nesting tree;

Wherein, a rules subset is RS={R1, R2 ..., Rn}; Wherein R1, R2 ..., Rn is the rule in rules subset; Rn.match={ [Rns1, Rne1], [Rns2, Rne2] ..., [RnsD, RneD] }; Rn.match represents the matching range of regular Rn, total D dimension, D >=1, and [Rnsd, Rned] represents the matching range of regular Rn in d dimension, 1≤d≤D;

For a rules subset RS={R1, R2 ..., any two regular Ri and Rj in Rn}, for any dimension d, if meet following relation, then the rule in this rules subset all meets complete hierarchy nesting relation, 1≤i < j≤n:

$[\mathrm{Risd},\mathrm{Ried}]\&SubsetEqual;[\mathrm{Rjsd},\mathrm{Rjed}],$ Namely Ri is nested in Rj;

S2. the net bag that the complete hierarchy nesting generated according to each rules subset is set and uploaded, builds and issues rule accordingly;

Wherein, concrete building process comprises:

S21. read the net bag P reported, obtain P.match, be designated as Rm; Wherein, P.value={p1, p2 ..., pD}, P.value represent the concrete value in net bag territory, P packet header, total D dimension, and wherein the value of d dimension is pd; P.match represents the rule that the priority in the rule of net bag P coupling is the highest;

S22. read complete hierarchy nesting tree T, judge that whether Rm is the leafy node of T;

If S23. Rm is the leafy node of T, then return Rm; If Rm is not the leafy node of T, make Rout=Rm; All child nodes of Rout in T are sent into queue Q;

S24. judge whether queue Q is empty, if it is empty, then returns Rout as issuing rule; If not empty, then from Q, regular Robs is taken out; According to Volume Loss minimum principle, choose a dimension cutting Rout, make Rout and the Robs after cutting not overlapping;

S3. the rule that issues of above-mentioned structure is carried out to geometric space and " intersected " operation, obtain final singlely issuing rule, then carry out rule and issue operation;

Described " intersecting " operates, and is the overlapping region of the matching range of the strictly all rules by calculating above-mentioned structure, as the matching range of final rule.

Wherein, the dynamic delivery method of rule of described software defined network, also comprises S4. and carries out incremental update to regular complete or collected works, specifically comprise:

S41. utilize the method described in S1 that the strictly all rules of increase is divided into some rules subset, build the corresponding tree of hierarchy nesting completely; The complete hierarchy nesting tree of all structures is sent into queue Q_add;

S42. judge whether Q_add is empty, if so, then terminates incremental update; Otherwise, from Q_add, take out Branch, get the root node R of Branch;

S43. all complete hierarchy nesting tree in rules subset RS is sent into queue Q_original;

S44. judge whether Q_original is empty, if so, then add a complete hierarchy nesting tree to rules subset RS, be initialized as Branch, return and perform S42; Otherwise, from Q_original, take out T;

S45. judge whether R.start.match equals R.end.match, wherein, R.start={Rs1, Rs2 ..., RsD}, R.end={Re1, Re2 ..., ReD}, if be not equal to, then returns step S44; Otherwise, make Rm be R.start.match; All for Rm child nodes are entered queue Qc, and initialization list subR is empty;

S46. judge whether Qc is empty; If it is empty, then R adds child node according to rule in subR, and Rm is according to redundant rule elimination child node in subR, and Rm adds child node R, returns and performs S42; Otherwise from Qc, take out regular Rc;

S47. judge whether Rc is nested in R, if so, then Rc is added subR, return and perform S46; Otherwise judge that whether Rc and R is overlapping, if so, then add a complete hierarchy nesting tree to rules subset RS, be initialized as Branch, return and perform S42; Otherwise return and perform S46.

Second aspect, the rule that present invention also offers a kind of software defined network dynamically descends transmitting apparatus, comprises pretreatment unit, issues regular construction unit Sum fanction and dynamically issue unit;

Described pretreatment unit, for regular complete or collected works R is built some rules subset RS, makes the rule in each rules subset RS all meet complete hierarchy nesting relation, and each rules subset RS is generated as a complete hierarchy nesting tree;

Wherein, a rules subset is RS={R1, R2 ..., Rn}; Wherein R1, R2 ..., Rn is the rule in rules subset; Rn.match={ [Rns1, Rne1], [Rns2, Rne2] ..., [RnsD, RneD] }; Rn.match represents the matching range of regular Rn, total D dimension, D >=1, and [Rnsd, Rned] represents the matching range of regular Rn in d dimension, 1≤d≤D;

For a rules subset RS={R1, R2 ..., any two regular Ri and Rj in Rn}, for any dimension d, if meet following relation, then the rule in this rules subset all meets complete hierarchy nesting relation, 1≤i < j≤n:

$[\mathrm{Risd},\mathrm{Ried}]\&SubsetEqual;[\mathrm{Rjsd},\mathrm{Rjed}],$ Namely Ri is nested in Rj;

Describedly issue regular construction unit, for the complete hierarchy nesting tree generated according to each rules subset and the net bag uploaded, build and issue rule accordingly;

Wherein, concrete building process comprises:

Read the net bag P reported, obtain P.match, be designated as Rm; Wherein, P.value={p1, p2 ..., pD}, P.value represent the concrete value in net bag territory, P packet header, total D dimension, and wherein the value of d dimension is pd; P.match represents the rule that the priority in the rule of net bag P coupling is the highest;

Read complete hierarchy nesting tree T, judge that whether Rm is the leafy node of T;

If Rm is the leafy node of T, then return Rm; If Rm is not the leafy node of T, make Rout=Rm; All child nodes of Rout in T are sent into queue Q;

Judge whether queue Q is empty, if it is empty, then returns Rout as issuing rule; If not empty, then from Q, regular Robs is taken out; According to Volume Loss minimum principle, choose a dimension cutting Rout, make Rout and the Robs after cutting not overlapping;

Described rule dynamically issues unit for carrying out geometric space " intersect " operation to the rule that issues of above-mentioned structure, obtains final singlely issuing rule, then carries out rule and issue operation;

Described " intersecting " operates, and is the overlapping region of the matching range of the strictly all rules by calculating above-mentioned structure, as the matching range of final rule.

Wherein, the rule of described software defined network dynamically descends transmitting apparatus, also comprises Policy Updates unit, for carrying out incremental update to regular complete or collected works, specifically comprises:

A1. utilize described pretreatment unit that the strictly all rules of increase is divided into some rules subset, build the corresponding tree of hierarchy nesting completely; The complete hierarchy nesting tree of all structures is sent into queue Q_add;

A2. judge whether Q_add is empty, if so, then terminates incremental update; Otherwise, from Q_add, take out Branch, get the root node R of Branch;

A3. all complete hierarchy nesting tree in rules subset RS is sent into queue Q_original;

A4. judge whether Q_original is empty, if so, then add a complete hierarchy nesting tree to rules subset RS, be initialized as Branch, return and perform A2; Otherwise, from Q_original, take out T;

A5. judge whether R.start.match equals R.end.match, wherein, R.start={Rs1, Rs2 ..., RsD}, R.end={Re1, Re2 ..., ReD}, if be not equal to, then returns steps A 4; Otherwise, make Rm be R.start.match; All for Rm child nodes are entered queue Qc, and initialization list subR is empty;

A6. judge whether Qc is empty; If it is empty, then R adds child node according to rule in subR, and Rm is according to redundant rule elimination child node in subR, and Rm adds child node R, returns and performs A2; Otherwise from Qc, take out regular Rc;

A7. judge whether Rc is nested in R, if so, then Rc is added subR, return and perform A4; Otherwise judge that whether Rc and R is overlapping, if so, then add a complete hierarchy nesting tree to rules subset RS, be initialized as Branch, return and perform A2; Otherwise return and perform A6.

Wherein, the rule of described software defined network dynamically descends transmitting apparatus can be installed on the controller of chain of command, and the regular missing information dynamic construction uploaded according to the network equipment of data surface also issues respective rule.

Wherein, the rule of described software defined network dynamically descends transmitting apparatus can be installed between the controller of chain of command and the network equipment of data surface, and the regular missing information dynamic construction uploaded according to the network equipment of data surface also issues respective rule.

The dynamic delivery method of rule of software defined network of the present invention can under guarantee chain of command and the conforming prerequisite of data surface decision-making, greatly improve the flow effective coverage range issuing rule, significantly save the incidence that device memory takies, reduces rule disappearance.The rule of software defined network of the present invention dynamically descends transmitting apparatus can be arranged on the controller of software defined network chain of command, or is installed between controller and the data surface network equipment.

Accompanying drawing explanation

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.

Fig. 1 shows the process flow diagram of the dynamic delivery method of rule of the software defined network that the embodiment of the present invention one provides;

Fig. 2 shows the process flow diagram of embodiment one step 101 preprocessing process;

Fig. 3 shows the process flow diagram flow chart building and issue rule;

Fig. 4 shows the process flow diagram regular complete or collected works being carried out to incremental update;

Fig. 5 describes the geometric model of the regular complete or collected works that table 1 defines;

Fig. 6 describes a kind of regular complete or collected works defined based on table 1, for the Sample Rules figure reporting net package informatin dynamically to issue of a rule disappearance;

Fig. 7 shows the structural representation of the regular dynamic apparatus of the software defined network that the embodiment of the present invention two provides;

Fig. 8 shows the another kind of structural representation that rule that the embodiment of the present invention two proposes dynamically descends transmitting apparatus;

Fig. 9 shows the deployed position schematic diagram describing the dynamic lower transmitting apparatus of rule.

Embodiment

For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, clear, complete description is carried out to the technical scheme in the embodiment of the present invention, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.

The embodiment of the present invention one provides a kind of dynamic delivery method of rule of software defined network, see Fig. 1, comprising:

Step 101: regular complete or collected works R is built some rules subset RS, makes the rule in each rules subset RS all meet complete hierarchy nesting relation, and each rules subset RS is generated as a complete hierarchy nesting tree.

In this step, a rules subset is RS={R1, R2 ..., Rn}; Wherein R1, R2 ..., Rn is the rule in rules subset; Rn.match={ [Rns1, Rne1], [Rns2, Rne2] ..., [RnsD, RneD] }; Rn.match represents the matching range of regular Rn, total D dimension, D >=1, and [Rnsd, Rned] represents the matching range of regular Rn in d dimension, 1≤d≤D;

For a rules subset RS={R1, R2 ..., any two regular Ri and Rj in Rn}, for any dimension d, if meet following relation, then the rule in this rules subset all meets complete hierarchy nesting relation, 1≤i < j≤n:

$[\mathrm{Risd},\mathrm{Ried}]\&SubsetEqual;[\mathrm{Rjsd},\mathrm{Rjed}],$ Namely Ri is nested in Rj;

Here introduce the relation between rule for any two regular R1, R2, the relation wherein between any two rules has four kinds of situations.Specific as follows:

It is not 1) overlapping: if there is certain dimension d, then claim R1 and R2 not overlapping (otherwise R1 and R2 is overlapping for title).

It is 2) nested: if to any dimension d, r1 is then claimed to be nested in R2.

3) intersect: if R1 and R2 is overlapping, and there is dimension d1, d2 simultaneously, meet $R1\mathrm{ed}1]\&Subset;[R2\mathrm{sd}1,R2\mathrm{ed}1],[R1\mathrm{sd}2,R1\mathrm{ed}2]\&Superset;[R2\mathrm{sd}2,R2\mathrm{ed}2],$ R1 and R2 is then claimed to intersect.

4) partially overlapping: if the relation of R1, R2 does not belong to any one in above three kinds of relations, then partially overlapping both claiming.

In this step, rule set meets complete hierarchy nesting to close what mean is exactly that any two rules in rule set all meet above-mentioned relation 2).

Preprocessing process in this step specifically can be shown in Figure 2 process flow diagram.

In addition, in this step, also need nested for above-mentioned all levels data tree structure to be deployed to corresponding sharing on memory location.

Step 102: the complete hierarchy nesting tree generated according to each rules subset and the net bag uploaded, build and issue rule accordingly.

In this step, rule structure engine can be adopted to build rule, each rule that issues builds the rule structure of engine as shown in Figure 3, and concrete building process comprises:

S21. read the net bag P reported, obtain P.match, be designated as Rm; Wherein, P.value={p1, p2 ..., pD}, P.value represent the concrete value in net bag territory, P packet header, total D dimension, and wherein the value of d dimension is pd; P.match represents the rule that the priority in the rule of net bag P coupling is the highest;

S22. read complete hierarchy nesting tree T, judge that whether Rm is the leafy node of T;

If S23. Rm is the leafy node of T, then return Rm; If Rm is not the leafy node of T, make Rout=Rm; All child nodes of Rout in T are sent into queue Q;

S24. judge whether queue Q is empty, if it is empty, then returns Rout as issuing rule; If not empty, then from Q, regular Robs is taken out; According to Volume Loss minimum principle, choose a dimension cutting Rout, make Rout and the Robs after cutting not overlapping;

Step 103: the rule that issues of above-mentioned structure is carried out to geometric space and " intersected " operation, obtains final singlely issuing rule, then carries out rule and issue operation.

In this step, described " intersecting " operates, and is the overlapping region of the matching range of the strictly all rules by calculating above-mentioned structure, as the matching range of final rule.

From the description of step 102 and step 103, rule dynamically issues and actually comprises two steps: 1) according to all complete hierarchy nesting trees, parallel build each rules subset corresponding issue rule.2) rule built above-mentioned each engine is carried out geometric space and " is intersected " operation, obtains final singlely issuing rule, and line discipline of going forward side by side issues.

In a preferred embodiment of the invention, the dynamic delivery method of rule of described software defined network, also comprises:

Step 104: incremental update is carried out to regular complete or collected works.

In this step, when carrying out incremental update to regular complete or collected works, under the prerequisite not destroying level nest relation, upgrade relevant rules subset hierarchy nesting tree, see Fig. 3, the treatment scheme increasing by one group of rule as shown in Figure 4, is carried out incremental update to regular complete or collected works and is specifically comprised:

S41. utilize the method described in step 101 that the strictly all rules of increase is divided into some rules subset, build the corresponding tree of hierarchy nesting completely; The complete hierarchy nesting tree of all structures is sent into queue Q_add;

S42. judge whether Q_add is empty, if so, then terminates incremental update; Otherwise, from Q_add, take out branch Branch, get the root node R of Branch;

S43. all complete hierarchy nesting tree in rules subset RS is sent into queue Q_original;

S44. judge whether Q_original is empty, if so, then add a complete hierarchy nesting tree to rules subset RS, be initialized as Branch, return and perform S42; Otherwise, from Q_original, take out T;

S45. judge whether R.start.match equals R.end.match, wherein, left end point R.start={Rs1, Rs2 ..., RsD}, right endpoint R.end={Re1, Re2 ..., ReD}, if be not equal to, then returns step S44; Otherwise, make Rm be R.start.match; All for Rm child nodes are entered queue Qc, and initialization list subR is empty;

S46. judge whether Qc is empty; If it is empty, then R adds child node according to rule in subR, and Rm is according to redundant rule elimination child node in subR, and Rm adds child node R, returns and performs S42; Otherwise from Qc, take out regular Rc;

S47. judge whether Rc is nested in R, if so, then Rc is added subR, return and perform S46; Otherwise judge that whether Rc and R is overlapping, if so, then add a complete hierarchy nesting tree to rules subset RS, be initialized as Branch, return and perform S42; Otherwise return and perform S46.

Wherein for the process of deletion one group of rule: delete each rule successively.When wherein deleting each rule, first transfer to the father node of this rule as child node all child nodes of this rule, then delete this regular node.

Table 1 describes the regular complete or collected works on controller, and wherein strictly all rules is described based on X, Y two territories.

Table 1

Rule	Priority	Field-X	Field-Y	Action
					R1	1	[0，3]	[0，13]	Action1
R2	5	[13，15]	[10，12]	Action2
					R3	9	[8，15]	[9，12]	Action3
R4	10	[10，15]	[5，6]	Action4
					R5	36	[0，5]	[3，15]	Action5
R6	120	[0，15]	[0，2]	Action6
					R7	200	[8，15]	[5，12]	Action7
R8	999	[0，15]	[0，15]	Action8

The priority R.priority representing regular R is shown in above-mentioned priority mono-list, and this rule prioritization of the lower expression of numerical value is higher; Above-mentioned Action mono-list shows that regular R is mated rear performed operation R.action.

Rules subset described in upper table is R={R1, R2 ..., R8}; Wherein R1, R2 ..., R8 is the rule in rules subset; As to the regular R1:R1.match={ [0,3] in upper table, [0,13] }; R1.priority=1, R1.action=Action1, the dimension of this rules subset is 2.

Fig. 5 describes the geometric model of the regular complete or collected works that table 1 defines.Fig. 6 describes a kind of regular complete or collected works defined based on table 1, for the Sample Rules figure reporting net package informatin dynamically to issue of a rule disappearance.P point describes the value that this reports the net package informatin domain of dependence: X=12, Y=7.Dash area describes one and can ensure conformingly to issue rule: X belongs to [8,15], and Y belongs to [7,8].Definition reports net bag P:P.value={p1, p2 ..., pD}, P.match=R.Wherein P.value represents the concrete value in net bag territory, P packet header, total D dimension, and wherein the value of i-th dimension is pi; P.match represents that the rule of all net bag P couplings is (if to each dimension, the value of P all falls into the matching range of R, P is then claimed to mate R) rule that medium priority is the highest, i.e. the hit rule of net bag P, this regular available net packet classification calculates fast and finds.To above-mentioned example, P.value={12,7}, P.match=R7.

The dynamic delivery method of rule of the software defined network described in the embodiment of the present invention can under guarantee chain of command and the conforming prerequisite of data surface decision-making, greatly improve the flow effective coverage range issuing rule, significantly save the incidence that device memory takies, reduces rule disappearance.

The rule that the embodiment of the present invention two additionally provides a kind of software defined network dynamically descends transmitting apparatus, see Fig. 7, comprises pretreatment unit 11, issues regular construction unit 22 Sum fanction and dynamically issue unit 33;

Described pretreatment unit 11, for regular complete or collected works R is built some rules subset RS, makes the rule in each rules subset RS all meet complete hierarchy nesting relation, and each rules subset RS is generated as a complete hierarchy nesting tree;

Wherein, a rules subset is RS={R1, R2 ..., Rn}; Wherein R1, R2 ..., Rn is the rule in rules subset; Rn.match={ [Rns1, Rne1], [Rns2, Rne2] ..., [RnsD, RneD] }; Rn.match represents the matching range of regular Rn, total D dimension, D >=1, and [Rnsd, Rned] represents the matching range of regular Rn in d dimension, 1≤d≤D;

For a rules subset RS={R1, R2 ..., any two regular Ri and Rj in Rn}, for any dimension d, if meet following relation, then the rule in this rules subset all meets complete hierarchy nesting relation, 1≤i < j≤n:

$[\mathrm{Risd},\mathrm{Ried}]\&SubsetEqual;[\mathrm{Rjsd},\mathrm{Rjed}],$ Namely Ri is nested in Rj;

Describedly issue regular construction unit 22, for the complete hierarchy nesting tree generated according to each rules subset and the net bag uploaded, build and issue rule accordingly;

Wherein, concrete building process comprises:

Read the net bag P reported, obtain P.match, be designated as Rm; Wherein, P.value={p1, p2 ..., pD}, P.value represent the concrete value in net bag territory, P packet header, total D dimension, and wherein the value of d dimension is pd; P.match represents the rule that the priority in the rule of net bag P coupling is the highest;

Read complete hierarchy nesting tree T, judge that whether Rm is the leafy node of T;

If Rm is the leafy node of T, then return Rm; If Rm is not the leafy node of T, make Rout=Rm; All child nodes of Rout in T are sent into queue Q;

Judge whether queue Q is empty, if it is empty, then returns Rout as issuing rule; If not empty, then from Q, regular Robs is taken out; According to Volume Loss minimum principle, choose a dimension cutting Rout, make Rout and the Robs after cutting not overlapping;

Described rule dynamically issues unit 33 for carrying out geometric space " intersect " operation to the rule that issues of above-mentioned structure, obtains final singlely issuing rule, then carries out rule and issue operation.

Described " intersecting " operates, and is the overlapping region of the matching range of the strictly all rules by calculating above-mentioned structure, as the matching range of final rule.

In a preferred embodiment of the invention, the rule of described software defined network dynamically descends transmitting apparatus, also comprises Policy Updates unit 44, for carrying out incremental update to regular complete or collected works, specifically comprises:

A1. utilize described pretreatment unit that the strictly all rules of increase is divided into some rules subset, build the corresponding tree of hierarchy nesting completely; The complete hierarchy nesting tree of all structures is sent into queue Q_add;

A2. judge whether Q_add is empty, if so, then terminates incremental update; Otherwise, from Q_add, take out Branch, get the root node R of Branch;

A3. all complete hierarchy nesting tree in rules subset RS is sent into queue Q_original;

A4. judge whether Q_original is empty, if so, then add a complete hierarchy nesting tree to rules subset RS, be initialized as Branch, return and perform A2; Otherwise, from Q_original, take out T;

A5. judge whether R.start.match equals R.end.match, wherein, R.start={Rs1, Rs2 ..., RsD}, R.end={Re1, Re2 ..., ReD}, if be not equal to, then returns steps A 4; Otherwise, make Rm be R.start.match; All for Rm child nodes are entered queue Qc, and initialization list subR is empty;

A6. judge whether Qc is empty; If it is empty, then R adds child node according to rule in subR, and Rm is according to redundant rule elimination child node in subR, and Rm adds child node R, returns and performs A2; Otherwise from Qc, take out regular Rc;

A7. judge whether Rc is nested in R, if so, then Rc is added subR, return and perform A4; Otherwise judge that whether Rc and R is overlapping, if so, then add a complete hierarchy nesting tree to rules subset RS, be initialized as Branch, return and perform A2; Otherwise return and perform A6.

Fig. 8 shows the another kind of structural representation that rule that the embodiment of the present invention two proposes dynamically descends transmitting apparatus.

Pretreatment unit: according to regular complete or collected works, strictly all rules is divided into some subsets by pre-processing engine, generates hierarchy nesting data tree structure to each subset, and above-mentioned all data structures is placed on the regular position dynamically issuing unit and can read.

Policy Updates unit: when there is the incremental update to regular complete or collected works, Policy Updates processing engine upgrades relevant rules subset hierarchy nesting tree under the prerequisite not destroying level nest relation.

Issue regular construction unit Sum fanction and dynamically issue unit: corresponding one of the rules subset hierarchy nesting tree that each pretreatment unit generates issues rule structure engine.Use hierarchy nesting data tree structure, each build engine walk abreast build each rules subset corresponding issue rule.Afterwards, result merges engine and carries out geometric space to the rule that all structure engines obtain and " intersect " operation, obtains final issuing rule.

Wherein, the rule of described software defined network dynamically descends transmitting apparatus can be installed on the controller of chain of command, and the regular missing information dynamic construction uploaded according to the network equipment of data surface also issues respective rule.

In addition, the rule of described software defined network dynamically descends transmitting apparatus can be installed between the controller of chain of command and the network equipment of data surface, and the regular missing information dynamic construction uploaded according to the network equipment of data surface also issues respective rule.

Fig. 9 describes the deployed position of the dynamic lower transmitting apparatus of rule.Storage rule complete or collected works shared by itself and SDN controller, and the regular missing information dynamic construction uploaded according to the network equipment also issues respective rule.

The rule of the software defined network described in the embodiment of the present invention dynamically descends transmitting apparatus can be arranged on the controller of software defined network chain of command, or is installed between controller and the data surface network equipment.The rule of the software defined network described in the embodiment of the present invention dynamically descends transmitting apparatus ensureing under chain of command and the conforming prerequisite of data surface decision-making, greatly improve the flow effective coverage range issuing rule, significantly save the incidence that device memory takies, reduces rule disappearance.

Above embodiment only for illustration of technical scheme of the present invention, is not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (6)

1. the dynamic delivery method of the rule of software defined network, is characterized in that, comprising:

S1. regular complete or collected works R is built some rules subset RS, make the rule in each rules subset RS all meet complete hierarchy nesting relation, and each rules subset RS is generated as a complete hierarchy nesting tree;

Wherein, a rules subset is RS={R1, R2 ..., Rn}; Wherein R1, R2 ..., Rn is the rule in rules subset; Rn.match={ [Rns1, Rne1], [Rns2, Rne2] ..., [RnsD, RneD] }; Rn.match represents the matching range of regular Rn, total D dimension, D >=1, and [Rnsd, Rned] represents the matching range of regular Rn in d dimension, 1≤d≤D;

For a rules subset RS={R1, R2 ..., any two regular Ri and Rj in Rn}, for any dimension d, if meet following relation, then the rule in this rules subset all meets complete hierarchy nesting relation, 1≤i < j≤n:

$[\mathrm{Risd},\mathrm{Ried}]\&SubsetEqual;[\mathrm{Rjsd},\mathrm{Rjed}],$ Namely Ri is nested in Rj;

S2. the net bag that the complete hierarchy nesting generated according to each rules subset is set and uploaded, builds and issues rule accordingly;

Wherein, concrete building process comprises:

S21. read the net bag P reported, obtain P.match, be designated as Rm; Wherein, P.value={p1, p2 ..., pD}, P.value represent the concrete value in net bag territory, P packet header, total D dimension, and wherein the value of d dimension is pd; P.match represents the rule that the priority in the rule of net bag P coupling is the highest;

S22. read complete hierarchy nesting tree T, judge that whether Rm is the leafy node of T;

If S23. Rm is the leafy node of T, then return Rm; If Rm is not the leafy node of T, make Rout=Rm; All child nodes of Rout in T are sent into queue Q;

S24. judge whether queue Q is empty, if it is empty, then returns Rout as issuing rule; If not empty, then from Q, regular Robs is taken out; According to Volume Loss minimum principle, choose a dimension cutting Rout, make Rout and the Robs after cutting not overlapping;

S3. the rule that issues of above-mentioned structure is carried out to geometric space and " intersected " operation, obtain final singlely issuing rule, then carry out rule and issue operation.

Described " intersecting " operates, and is the overlapping region of the matching range of the strictly all rules by calculating above-mentioned structure, as the matching range of final rule.

2. the dynamic delivery method of the rule of software defined network according to claim 1, is characterized in that, also comprises S4. and carries out incremental update to regular complete or collected works, specifically comprise:

S41. utilize the method described in S1 that the strictly all rules of increase is divided into some rules subset, build the corresponding tree of hierarchy nesting completely; The complete hierarchy nesting tree of all structures is sent into queue Q_add;

S42. judge whether Q_add is empty, if so, then terminates incremental update; Otherwise, from Q_add, take out Branch, get the root node R of Branch;

S43. all complete hierarchy nesting tree in rules subset RS is sent into queue Q_original;

S44. judge whether Q_original is empty, if so, then add a complete hierarchy nesting tree to rules subset RS, be initialized as Branch, return and perform S42; Otherwise, from Q_original, take out T;

S45. judge whether R.start.match equals R.end.match, wherein, R.start={Rs1, Rs2 ..., RsD}, R.end={Re1, Re2 ..., ReD}, if be not equal to, then returns step S44; Otherwise, make Rm be R.start.match; All for Rm child nodes are entered queue Qc, and initialization list subR is empty;

S46. judge whether Qc is empty; If it is empty, then R adds child node according to rule in subR, and Rm is according to redundant rule elimination child node in subR, and Rm adds child node R, returns and performs S42; Otherwise from Qc, take out regular Rc;

S47. judge whether Rc is nested in R, if so, then Rc is added subR, return and perform S46; Otherwise judge that whether Rc and R is overlapping, if so, then add a complete hierarchy nesting tree to rules subset RS, be initialized as Branch, return and perform S42; Otherwise return and perform S46.

3. the rule of software defined network dynamically descends a transmitting apparatus, it is characterized in that, comprises pretreatment unit, issues regular construction unit Sum fanction and dynamically issue unit;

Described pretreatment unit, for regular complete or collected works R is built some rules subset RS, makes the rule in each rules subset RS all meet complete hierarchy nesting relation, and each rules subset RS is generated as a complete hierarchy nesting tree;

Wherein, a rules subset is RS={R1, R2 ..., Rn}; Wherein R1, R2 ..., Rn is the rule in rules subset; Rn.match={ [Rns1, Rne1], [Rns2, Rne2] ..., [RnsD, RneD] }; Rn.match represents the matching range of regular Rn, total D dimension, D >=1, and [Rnsd, Rned] represents the matching range of regular Rn in d dimension, 1≤d≤D;

For a rules subset RS={R1, R2 ..., any two regular Ri and Rj in Rn}, for any dimension d, if meet following relation, then the rule in this rules subset all meets complete hierarchy nesting relation, 1≤i < j≤n:

$[\mathrm{Risd},\mathrm{Ried}]\&SubsetEqual;[\mathrm{Rjsd},\mathrm{Rjed}],$ Namely Ri is nested in Rj;

Describedly issue regular construction unit, for the complete hierarchy nesting tree generated according to each rules subset and the net bag uploaded, build and issue rule accordingly;

Wherein, concrete building process comprises:

Read the net bag P reported, obtain P.match, be designated as Rm; Wherein, P.value={p1, p2 ..., pD}, P.value represent the concrete value in net bag territory, P packet header, total D dimension, and wherein the value of d dimension is pd; P.match represents the rule that the priority in the rule of net bag P coupling is the highest;

Read complete hierarchy nesting tree T, judge that whether Rm is the leafy node of T;

If Rm is the leafy node of T, then return Rm; If Rm is not the leafy node of T, make Rout=Rm; All child nodes of Rout in T are sent into queue Q;

Judge whether queue Q is empty, if it is empty, then returns Rout as issuing rule; If not empty, then from Q, regular Robs is taken out; According to Volume Loss minimum principle, choose a dimension cutting Rout, make Rout and the Robs after cutting not overlapping;

Described rule dynamically issues unit for carrying out geometric space " intersect " operation to the rule that issues of above-mentioned structure, obtains final singlely issuing rule, then carries out rule and issue operation;

Described " intersecting " operates, and is the overlapping region of the matching range of the strictly all rules by calculating above-mentioned structure, as the matching range of final rule.

4. the rule of software defined network according to claim 3 dynamically descends transmitting apparatus, it is characterized in that, also comprises Policy Updates unit, for carrying out incremental update to regular complete or collected works, specifically comprises:

A1. utilize described pretreatment unit that the strictly all rules of increase is divided into some rules subset, build the corresponding tree of hierarchy nesting completely; The complete hierarchy nesting tree of all structures is sent into queue Q_add;

A2. judge whether Q_add is empty, if so, then terminates incremental update; Otherwise, from Q_add, take out Branch, get the root node R of Branch;

A3. all complete hierarchy nesting tree in rules subset RS is sent into queue Q_original;

A4. judge whether Q_original is empty, if so, then add a complete hierarchy nesting tree to rules subset RS, be initialized as Branch, return and perform A2; Otherwise, from Q_original, take out T;

A5. judge whether R.start.match equals R.end.match, wherein, R.start={Rs1, Rs2 ..., RsD}, R.end={Re1, Re2 ..., ReD}, if be not equal to, then returns steps A 4; Otherwise, make Rm be R.start.match; All for Rm child nodes are entered queue Qc, and initialization list subR is empty;

A6. judge whether Qc is empty; If it is empty, then R adds child node according to rule in subR, and Rm is according to redundant rule elimination child node in subR, and Rm adds child node R, returns and performs A2; Otherwise from Qc, take out regular Rc;

A7. judge whether Rc is nested in R, if so, then Rc is added subR, return and perform A4; Otherwise judge that whether Rc and R is overlapping, if so, then add a complete hierarchy nesting tree to rules subset RS, be initialized as Branch, return and perform A2; Otherwise return and perform A6.

5. the rule of the software defined network according to claim 3 or 4 dynamically descends transmitting apparatus, it is characterized in that, the rule of described software defined network dynamically descends transmitting apparatus can be installed on the controller of chain of command, and the regular missing information dynamic construction uploaded according to the network equipment of data surface also issues respective rule.

6. the rule of the software defined network according to claim 3 or 4 dynamically descends transmitting apparatus, it is characterized in that, the rule of described software defined network dynamically descends transmitting apparatus can be installed between the controller of chain of command and the network equipment of data surface, and the regular missing information dynamic construction uploaded according to the network equipment of data surface also issues respective rule.