CN105553863B - A kind of more logic variant route control systems and control method based on OpenFlow - Google Patents
A kind of more logic variant route control systems and control method based on OpenFlow Download PDFInfo
- Publication number
- CN105553863B CN105553863B CN201510925071.7A CN201510925071A CN105553863B CN 105553863 B CN105553863 B CN 105553863B CN 201510925071 A CN201510925071 A CN 201510925071A CN 105553863 B CN105553863 B CN 105553863B
- Authority
- CN
- China
- Prior art keywords
- data
- routing
- openflow
- flow table
- data surface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/58—Association of routers
Abstract
The invention discloses a kind of more logic variant route control systems and control method based on OpenFlow, are logically independent of each other the system comprises multiple, are deployed in the route test face on same network node;Each route test face independently runs identical routing protocol, generates corresponding routing table, is exported after being converted into corresponding control plane data stream list;Communication arbitration unit, to control each route test face and the uplink and downlink data communication process routeing between data surface and routing data surface, the routing data surface is completing the data communication process with current network node.The present invention realize the separation of the control plane and data surface of router and by arbitration unit is set to analyze the flow table, arbitrate, merge after again to data surface carry out flow table output;It has been effectively ensured and in the control plane exception of some router, has still ensured that the executable flow table that data surface receives is correct, so as to not influence normal network communication.
Description
Technical field
The present invention relates to Network Communicate Security technical fields, particularly relate to a kind of more logics based on openflow
Variant route control system and control method.
Background technology
Traditional router is in a hardware platform, control plane and data surface is made closely to tie using close coupled system
It closes.But once this mode but exists by successful routing attack, the lighter causes net applied in a network environment
Network service data loss, severe one cause the critical defect of a wide range of network paralysis.Generally, in practical applications, in order to prevent
Such case occurs, and can be improved by following two ways:It on the one hand can be from strengthening router safety measure in itself
Start with, redundant fashion on the other hand can be used to reduce the risk of this respect.
Wherein when carrying out evading the above problem using redundant fashion, particularly in the redundant measure of device level, single node
The redundant fashion for disposing multiple devices is commonplace, but this mode, since redundancy is limited, its using effect is not satisfactory,
The problems such as also bringing along the rising of lower deployment cost and management cost simultaneously.
Invention content
In view of defects in the prior art, the invention aims to provide a kind of more logics change based on openflow
Body route control system, which realizes the separation of the control plane and data surface of router, by same net
The more route test faces being logically independent of each other are disposed on network node, and routing is generated in the control plane of above-mentioned multiple routers
After table, these routing tables be converted into flow table that data surface can perform to data surface export when, pass through and analysis and arbitration machine be set
Structure analyzes the flow table, arbitrated, merge after carry out flow table output to data surface again;It has been effectively ensured in some router
Control plane exception when, it is correct to still ensure that executable flow table that data surface receives, so as to not influence normal network
Communication, while alarm the router of election failure, so as to start automatic or manual error correction and Restoration Mechanism.
To achieve these goals, technical scheme of the present invention:
A kind of more logic variant route control systems based on openflow, it is characterised in that:
The control system includes
It is multiple to be logically independent of each other, it is deployed in the route test face on same network node;Each route test face point
The identical routing protocol of other independent operating, generates corresponding routing table, is converted into defeated after corresponding control plane data stream list
Go out;
Communication arbitration unit, to the row data communication mistake up and down for controlling each route test face and routeing between data surface
Journey, the uplink and downlink data communication process include each control plane data stream list that each route test face exports carrying out arbitration conjunction
And after handling, export the downlink data communication process of corresponding data surface data stream list to data surface and will route on data surface
The data information configuration of biography is sent to the upstream data communication process in route test face corresponding with the data information address;
And routing data surface, the routing data surface is completing the data communication process with current network node.
Further, the route test face includes openflow controllers, openflow adapters and routing logic
Unit;The openflow controllers to upper-layer service using providing the northbound interface that open and based on openflow associations
View realizes the communication with the routing data surface;The north that the openflow adapters are provided based on the openflow controllers
To interface, the communication matching process between the openflow controllers and the routing logic unit is realized;The routing is patrolled
Unit is collected to realize its network layer and data link layer functions as router component, i.e., it is raw to run routing protocol
Into corresponding routing table and complete the logic control of data link.
Preferably, the routing logic unit in the route test face is only realizing its network layer as router component
Function that is, to run routing protocol, generates corresponding routing table;Simultaneously north is provided by the openflow controllers
To interface, the logic control of data link is completed using independent data link control module.
Preferably, the routing data surface is realized using openflow interchangers.
Further, the communication arbitration unit using it is default to control each route test face and routing data surface it
Between uplink and downlink data communication process communication arbitration rule openflow servers realize.
The communication arbitration rule includes:The downlink data communication of flow table is issued towards routing data surface in route test
In the process, the corresponding flow table item matching domain content of control plane data stream list based on the output of each route test face, analyzes each flow table
Corresponding movement content, if the movement content of each flow table item is consistent, using entry-into-force time earliest flow table item as data surface
Data stream list is exported to data surface;If the movement content of each flow table item is inconsistent, it is most to select the consistent number of movement content
Movement content as target action content, and by flow table item corresponding with the target action content and that the entry-into-force time is earliest
It is exported as data surface data stream list to data surface.
Further, the communication arbitration rule further includes alarm mechanism for correcting errors, i.e., in the action for finding each flow table item
When holding inconsistent, the route test face corresponding to the flow table item inconsistent with target action content is subjected to alarm mark, it will be right
The route test face answered is identified as anomalous routes control plane.
A kind of control method of more logic variant route control systems based on OpenFlow, it is characterised in that:
Including
S1, corresponding control plane data stream list is issued by each route test face or receives routing data surface upload
Data information;
S2, each route test face and the row data communication up and down routeing between data surface are controlled by communication arbitration unit
Process, the uplink and downlink data communication process include arbitrating each control plane data stream list that each route test face exports
After merging treatment, export the downlink data communication process of corresponding data surface data stream list to data surface and data surface will be route
The data information configuration of upload is sent to the upstream data communication process in route test face corresponding with the data information address.
Further, the route test face includes openflow controllers, openflow adapters and routing logic
Unit;The openflow controllers to upper-layer service using providing the northbound interface that open and based on openflow associations
View realizes the communication with the routing data surface;The north that the openflow adapters are provided based on the openflow controllers
To interface, the communication matching process between the openflow controllers and the routing logic unit is realized;The routing is patrolled
Unit is collected to realize its network layer and data link layer functions as router component, i.e., it is raw to run routing protocol
Into corresponding routing table and complete the logic control of data link.
Preferably, the routing logic unit in the route test face is only realizing its network layer as router component
Function that is, to run routing protocol, generates corresponding routing table;Simultaneously north is provided by the openflow controllers
To interface, the logic control of data link is completed using independent data link control module.
Preferably, the routing data surface is realized using openflow interchangers.
Further, the communication arbitration unit using it is default to control each route test face and routing data surface it
Between uplink and downlink data communication process communication arbitration rule openflow servers realize.
The communication arbitration rule includes:The downlink data communication of flow table is issued towards routing data surface in route test
In the process, the corresponding flow table item matching domain content of control plane data stream list based on the output of each route test face, analyzes each flow table
Corresponding movement content, if the movement content of each flow table item is consistent, using entry-into-force time earliest flow table item as data surface
Data stream list is exported to data surface;If the movement content of each flow table item is inconsistent, it is most to select the consistent number of movement content
Movement content as target action content, and by flow table item corresponding with the target action content and that the entry-into-force time is earliest
It is exported as data surface data stream list to data surface.
Further, the communication arbitration rule further includes alarm mechanism for correcting errors, i.e., in the action for finding each flow table item
When holding inconsistent, the route test face corresponding to the flow table item inconsistent with target action content is subjected to alarm mark, it will be right
The route test face answered is identified as anomalous routes control plane.
Compared with prior art, beneficial effects of the present invention:
The present invention is logically independent of each other by multiple, the route test face being deployed on same network node and is passed through
Communication arbitration unit constitutes the router topology of a similar changeable body with the topological structure of data plane communication, from physical arrangement
On, which has only sealed in a physical node, has then been equivalent to multiple routers parallel connections, and each router in logic
Routing Protocol can be operated independently from, the update of routing can be also normally carried out between each variant;The present invention is each simultaneously
In the case of the identical routing parameter of configuration of routers, the present invention realizes redundance by communication arbitration rule and characteristic is elected to keep away
Network failure caused by exempting from some variant exception;In addition, the present invention is realized in the case of respective separate configurations in network layer
Redundancy backup, also can caused by monomer exception is avoided to a certain degree network failure.
Description of the drawings
Fig. 1 is more logic variant route control system structure diagrams one based on openflow;
Fig. 2 is more logic variant route control system structure diagrams two based on openflow;
Fig. 3 is the process flow steps figure that the communication arbitration unit adds flow table item in processing stream table handling message;
Fig. 4 adds the corresponding arbitration process process step figure of flow table item for Fig. 3;
Fig. 5 is the process flow steps figure that the communication arbitration unit deletes flow table item in processing stream table handling message;
Fig. 6 deletes the corresponding arbitration process process step figure of flow table item for Fig. 5;
Fig. 7 is upstream data communication in the process for the process flow steps figure of Packet_In message;
Fig. 8 is upstream data communication in the process for the process flow steps figure of packet-out message;
The corresponding specific example structure diagram of Fig. 9 schemes of the present invention.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with attached drawing, to the present invention into
Row is further described.
Design principle of the present invention:Using the SDN concepts based on OpenFlow protocol realizations, to realize route test face sum number
According to the separation in face, i.e., the more route test faces being logically independent, the control of every router are disposed on a network node
Face operates independently from identical routing protocol, the control planes of these routers can with the conventional router outside network rank point into
Walking along the street generates independent routing table by protocol discovery and negotiation.Due to the network environment residing for the control plane of these routers
Identical, the configuration parameter of routing protocol is also identical, and under normal circumstances, they can generate identical routing table;In multiple routings
After the control plane generation routing table of device, these routing tables are converted into the data surface flow table that data surface can perform and are exported to data surface
When, an analysis and arbitration organ are added in, the flow table of multiple route test faces output is analyzed and arbitrated, multiple controls
After the flow table in face merges, exported to a flow table executing agency (data surface).
Wherein export principle (or to arbitrate principle):If more to the movement content of the multiple flow table items of some specified path
Number is consistent (being known as redundance election), can be exported to data surface.This guarantees the control plane in some router is abnormal
When, by arbitrating principle, still ensure that the executable flow table that data surface receives is correct, so as to not influence normal network
Communication, while using redundance election as a result, alarming the router of election failure, so as to start automatic or manual entangle
Wrong and Restoration Mechanism.For such structure from the point of view of the control plane of each router, they are all independent routing lists simultaneously
Member, but from the point of view of whole system, the control plane of each router has only embodied partial action in executing agency again, because
And each route test face can be known as a variant.Therefore the present invention actually can be described as more logics based on openflow
Variant router.
Based on above-mentioned principle and Fig. 1-Fig. 2, more logic variant route control systems based on openflow are main
Including multiple route test faces (being at least 3), communication arbitration unit and routing data surface;
(1) it is multiple to be logically independent of each other, it is deployed in the route test face on same network node;Each route test face
Identical routing protocol is independently run, generates corresponding routing table, after being converted into corresponding control plane data stream list
Output;
Further, the route test face includes openflow controllers, openflow adapters and routing logic
Unit;The openflow controllers are to upper-layer service, using the northbound interface opened is provided, (northbound interface is to pass through control
The interface that device processed is opened to upper-layer service application, target is the Internet resources that service application is enabled advantageously to call bottom
And ability.By northbound interface, the developer of network service can call various Internet resources in the form of software programming;On simultaneously
The network resource management system of layer can be and right by the resource status of the entire net network of northbound interface overall situation control of controller
Resource carries out United Dispatching) and based on openflow protocol realizations and the communication for routeing data surface;The openflow
The northbound interface that adapter is provided based on the openflow controllers realizes that the openflow controllers are patrolled with the routing
Collect the communication matching process between unit;The routing logic unit is realizing its network layer sum number as router component
According to link layer functionality, i.e., running routing protocol, generate corresponding routing table and complete the logic control of data link.
Due to the routing logic unit of each route test face (i.e. the routing of variant), difference all is configured with to forwarding interface
Network layer logical address, these interfaces all expose external network, therefore in terms of external network, in network layer, there are multiple roads
By device entity, and actually access network transponder only there are one.Therefore this system is considered as a physical entity, as
The router of multiple logic variants.
Preferably, the routing logic unit in the route test face is only realizing its network layer as router component
Function that is, to run routing protocol, generates corresponding routing table;Simultaneously north is provided by the openflow controllers
To interface, the logic control of data link is completed using independent data link control module.
Preferably, the route test face can be deployed on different hosts such as Fig. 1 by multirouting control plane, to reach
Into more logic variants of hardware-level, such as Fig. 2 can be also deployed on same host, realizes more logic variants of software level.
(2) in view of communication between control plane and data surface, other than general configuration and inquiry, control system is opposite
The influence of the behavior of external network is mainly reflected in, and the controller of control plane is to the flow table operation and control process and net of data surface
The communication of the controller of network data and control plane, including the data message for being up to controller and from controller to external network,
It is encapsulated as Packet-IN and Packet-Out data packets respectively in openflow connections.In order to realize to above-mentioned OpenFlow
The analyzing and processing of data packet, this control system add in communication arbitration in connection of multiple route test faces with routing data surface
Unit, it is described to control the data communication process on each route test face and the up-downlink direction routeing between data surface
Uplink and downlink data communication process includes:1., in the downstream direction, by each route test face export each control plane data stream list
After carrying out arbitration merging treatment, the downlink data communication process of corresponding data surface data stream list is exported to data surface, to realize
Each route test face to routing data surface when issuing configuration-direct, if there is instruction repetition or instruction conflict, then to it
It is arbitrated and false judgment, ensures that correct configuration-direct is handed down to routing data surface;2., on up direction, number will be route
The data information configuration uploaded according to face is sent to the upstream data communication mistake in route test face corresponding with the data information address
Journey to realize that communication arbitration unit judges its purpose when routeing the generation of data surface upstream data, ensures correct reach
Suitable route test face.
Simultaneously in view of in the SDN network based on OpenFLow agreements, data surface (OFP interchangers) is to the place of service message
Main Basiss flow table is managed to carry out, usually, one or more flow tables can be included in data surface, and can be held in each flow table
Receive multiple flow table items (content of flow table item mainly include two aspect:Matching domain content and movement content;Matching domain content is used for
Specified network message feature, movement content are used to specify the action taken the message data face for meeting this feature, in matching domain
Appearance typically comprises IP address, mask, procotol etc., and action typically comprises discarding, forwards, uploads to control plane etc..)
The communication arbitration unit use is default upper and lower between each route test face and routing data surface to control
The openflow servers of the communication arbitration rule of row data communication process are realized and the communication arbitration rule includes:On road
By control towards routing data surface issue the downlink data communication of flow table during, based on each route test face output control plane
The corresponding flow table item matching domain content of data stream list, analyzes the corresponding movement content of each flow table item, if in the action of each flow table item
Hold unanimously, then export entry-into-force time earliest flow table item to data surface as data surface data stream list;If each flow table item is dynamic
It is inconsistent to make content, then selecting movement content, unanimously the largest number of movement contents, and will be with institute as target action content
The flow table item that target action content is corresponding and the entry-into-force time is earliest is stated to export to data surface as data surface data stream list.
By above-mentioned communication arbitration rule on routing data surface, the difference that is issued in addition to possessing each route test face
Whole flow table contents, also achieve to the deduplication operation of duplicate contents in each flow table content and in each flow table content
The different flow table of keyword same action, carry out arbitration election, during ensureing to be abnormal in some route test face, normally
The flow table in route test face work on routing data surface, realize a kind of redundance election effect and realize route test
The redundancy in face.
Preferably, the communication arbitration unit is in processing stream table handling message, by two class flow table pair of internal maintenance
This data structure, to preserve by before communication arbitration rule process and treated flow table item, and can be directed to different
Operation carries out different processing, and operation is even added to flow table, then is carried out according to Fig. 3-Fig. 4 flows, is directed to often with reaching
A existing route test face can safeguard one for preserving the changeable body flow table copy for the flow table item that each control plane issues;
For routing data surface can safeguard one for store be issued to by openflow servers and route the flow table item of data surface
Decision flow table copy;Delete operation even is carried out to flow table, then is carried out according to Fig. 5-Fig. 6 flows, wherein the table- in each figure
Miss list items are acquiescence list item, are used to indicate object data packet under not match any other performance occasion, data surface is to this
The action that data packet is taken..
Further, the communication arbitration rule further includes alarm mechanism for correcting errors, i.e., in the action for finding each flow table item
When holding inconsistent, the route test face corresponding to the flow table item inconsistent with target action content is subjected to alarm mark, it will be right
The route test face answered is identified as anomalous routes control plane.
Further, upstream data communication process includes the data information configuration for routeing data surface upload being sent to and should
The corresponding route test face in data information address, such as the business number for being uploaded to route test face from OpenFLow interchangers
According in OpenFlow connections, the data message of data link layer being packaged into Packet_In message, by the communication arbitration
After cell processing, according to the realistic objective of business datum, suitable route test face is sent to, processing procedure is as shown in Figure 7:
Upstream data communication process further includes the business datum to being sent from route test towards routing data surface simultaneously,
In OpenFlow connections, network link layer data is encapsulated as Packet_Out message, after the communication arbitration cell processing,
It according to the realistic objective of network link layer data, is distributed, distribution rules are illustrated in fig. 8 shown below.
(3) data surface is route, the routing data surface is completing the data communication process with current network node.
Preferably, the routing data surface is realized using openflow interchangers.
The control method of more logic variant route control systems based on above-mentioned OpenFlow simultaneously, including
S1, corresponding control plane data stream list is issued by each route test face or receives routing data surface upload
Data information;
S2, each route test face and the row data communication up and down routeing between data surface are controlled by communication arbitration unit
Process, the uplink and downlink data communication process include arbitrating each control plane data stream list that each route test face exports
After merging treatment, export the downlink data communication process of corresponding data surface data stream list to data surface and data surface will be route
The data information configuration of upload is sent to the upstream data communication process in route test face corresponding with the data information address.
Further, the route test face includes openflow controllers, openflow adapters and routing logic
Unit;The openflow controllers to upper-layer service using providing the northbound interface that open and based on openflow associations
View realizes the communication with the routing data surface;The north that the openflow adapters are provided based on the openflow controllers
To interface, the communication matching process between the openflow controllers and the routing logic unit is realized;The routing is patrolled
Unit is collected to realize its network layer and data link layer functions as router component, i.e., it is raw to run routing protocol
Into corresponding routing table and complete the logic control of data link.
Preferably, the routing logic unit in the route test face is only realizing its network layer as router component
Function that is, to run routing protocol, generates corresponding routing table;Simultaneously north is provided by the openflow controllers
To interface, the logic control of data link is completed using independent data link control module.
Preferably, the routing data surface is realized using openflow interchangers.
Further, the communication arbitration unit using it is default to control each route test face and routing data surface it
Between uplink and downlink data communication process communication arbitration rule openflow servers realize.
The communication arbitration rule includes:The downlink data communication of flow table is issued towards routing data surface in route test
In the process, the corresponding flow table item matching domain content of control plane data stream list based on the output of each route test face, analyzes each flow table
Corresponding movement content, if the movement content of each flow table item is consistent, using entry-into-force time earliest flow table item as data surface
Data stream list is exported to data surface;If the movement content of each flow table item is inconsistent, it is most to select the consistent number of movement content
Movement content as target action content, and by flow table item corresponding with the target action content and that the entry-into-force time is earliest
It is exported as data surface data stream list to data surface.
Further, the communication arbitration rule further includes alarm mechanism for correcting errors, i.e., in the action for finding each flow table item
When holding inconsistent, the route test face corresponding to the flow table item inconsistent with target action content is subjected to alarm mark, it will be right
The route test face answered is identified as anomalous routes control plane.
Below by concrete function example, above-mentioned technology contents are described further:
For deployment scenario example as shown in Figure 9, be illustrated in route test face 3 (route test face is referred to herein as variant,
It is following to be also collectively referred to as variant) generate wrong routing table for some reason in the case of, the control system or method
Corresponding processing procedure is as follows.In this structure, 10.0.0.0/8 networks can be reached on the interface 1 of conventional router A.
It is function course below:
First part:Before the abnormal generation of variant 3
The routing table of the routing logic unit of each variant
| Target network | Next-hop | |
| Variant 1 | 10.0.0.0 | intf2 |
| Variant 2 | 10.0.0.0 | intf2 |
| Variant 3 | 10.0.0.0 | intf2 |
Routing table is switched to Openflow flow tables by the Openflow adapters of each variant
| Matching domain | Action | Entry-into-force time | |
| Variant 1 | addr:10.0.0.0mask:255.0.0.0 | O:port1 | 1442906118 |
| Variant 2 | addr:10.0.0.0mask:255.0.0.0 | O:port1 | 1442906020 |
| Variant 3 | addr:10.0.0.0mask:255.0.0.0 | O:port1 | 1442906132 |
The flow table arbitrated procedure of communication arbitration unit:
Matching domain content key=ddr:10.0.0.0&&mask:255.0.0.0
Movement content action1=action2=action3=O:port1
Entry-into-force time createtime2<createtime1<createtime3
One list item is respectively retrieved, and the action of 3 flow table items is all identical in 3 variant flow tables by same key respectively,
Earliest one is selected according to communication arbitration rule, i.e., the flow table item of variant 2 is as execution flow table item.
Second part:After the abnormal generation of variant 3, the variation of mistake occurs for its corresponding routing performance
The routing table of the routing logic unit of each variant
| Target network | Next-hop | |
| Variant 1 | 10.0.0.0 | intf2 |
| Variant 2 | 10.0.0.0 | intf2 |
| Variant 3 | 10.0.0.0 | NULL (discarding) |
Routing table is switched to Openflow flow tables by the Openflow adapters of each variant
| Matching domain | Action | Entry-into-force time | |
| Variant 1 | addr:10.0.0.0mask:255.0.0.0 | O:port1 | 1442906118 |
| Variant 2 | addr:10.0.0.0mask:255.0.0.0 | O:port1 | 1442906020 |
| Variant 3 | addr:10.0.0.0mask:255.0.0.0 | NULL | 1442906132 |
The flow table arbitrated procedure of communication arbitration unit:
Matching domain content key=ddr:10.0.0.0&&mask:255.0.0.0
Movement content action1==action2!=action3
Entry-into-force time createtime2<createtime1
One list item is respectively retrieved in 3 variant flow tables by same key respectively, in 3 flow table items
Variant 1 and variant 2 are identical, and different from variant 3, and variant 2 is selected earlier than variant 1 according to communication arbitration rule
Earliest one during majority is identical, the i.e. flow table item of variant 2 are as execution flow table item.
It summarizes:Before and after the abnormal generation of control, after 3 flow table of variant is abnormal variation, performs flow table item and be all taken from
The flow table item of variant 2, does not change.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto,
Any one skilled in the art in the technical scope disclosed by the present invention, according to the technique and scheme of the present invention and its
Inventive concept is subject to equivalent substitution or change, should be covered by the protection scope of the present invention.
Claims (7)
1. a kind of more logic variant route control systems based on openflow, it is characterised in that:
The control system includes
It is multiple to be logically independent of each other, it is deployed in the route test face on same network node;Each route test face difference is only
The identical routing protocol of vertical operation, generates corresponding routing table, is exported after being converted into corresponding control plane data stream list;
Communication arbitration unit, to control the uplink and downlink data communication process between each route test face and routing data surface,
The uplink and downlink data communication process includes each control plane data stream list that each route test face exports carrying out arbitration merging
After processing, export the downlink data communication process of corresponding data surface data stream list to data surface and upload routing data surface
Data information configuration be sent to the upstream data communication process in route test face corresponding with the data information address;It is described logical
Letter arbitration unit is using the default uplink and downlink data communication process to control each route test face and route between data surface
Communication arbitration rule openflow servers realize;The communication arbitration rule includes:In route test towards routing
During data surface issues the downlink data communication of flow table, the control plane data stream list based on the output of each route test face is corresponding
Flow table item matching domain content analyzes the corresponding movement content of each flow table item, if the movement content of each flow table item is consistent, will come into force
Time earliest flow table item is exported as data surface data stream list to data surface;If the movement content of each flow table item is inconsistent,
Selecting movement content, unanimously the largest number of movement contents, and will be with the target action content pair as target action content
Flow table item answer and earliest the entry-into-force time is exported as data surface data stream list to data surface;
And routing data surface, the routing data surface is completing the data communication process with current network node.
2. more logic variant route control systems according to claim 1 based on openflow, it is characterised in that:
The route test face includes openflow controllers, openflow adapters and routing logic unit;It is described
Openflow controllers to upper-layer service using the northbound interface that open is provided and based on openflow protocol realizations and
The communication of the routing data surface;The northbound interface that the openflow adapters are provided based on the openflow controllers,
Realize the communication matching process between the openflow controllers and the routing logic unit;The routing logic unit is used
To realize its network layer and data link layer functions as router component, i.e., to run routing protocol, generation is respectively right
The routing table answered and the logic control for completing data link.
3. more logic variant route control systems according to claim 2 based on openflow, it is characterised in that:
The routing logic unit in the route test face only to realize its Network layer function as router component, i.e., to
Routing protocol is run, generates corresponding routing table;Northbound interface is provided by the openflow controllers simultaneously, is used
Data link control module completes the logic control of data link.
4. more logic variant route control systems according to claim 1 based on openflow, it is characterised in that:
The communication arbitration rule further includes alarm mechanism for correcting errors, i.e., will when the movement content for finding each flow table item is inconsistent
Route test face with target action content corresponding to inconsistent flow table item carries out alarm mark, by corresponding route test face
It is identified as anomalous routes control plane.
5. a kind of control method realized based on control system described in claim 1, it is characterised in that:
Including
S1, corresponding control plane data stream list is issued by each route test face or receives the number that routing data surface uploads
It is believed that breath;
S2, each route test face and the row data communication mistake up and down routeing between data surface are controlled by communication arbitration unit
Journey, the uplink and downlink data communication process include each control plane data stream list that each route test face exports carrying out arbitration conjunction
And after handling, export the downlink data communication process of corresponding data surface data stream list to data surface and will route on data surface
The data information configuration of biography is sent to the upstream data communication process in route test face corresponding with the data information address;It is described
Communication arbitration unit is using the default row data communication mistake up and down to control each route test face and route between data surface
The openflow servers of the communication arbitration rule of journey are realized;The communication arbitration rule includes:In route test towards road
During the downlink data communication that flow table is issued by data surface, the control plane data stream list based on the output of each route test face corresponds to
Flow table item matching domain content, analyze the corresponding movement content of each flow table item, will be raw if the movement content of each flow table item is consistent
Time earliest flow table item is imitated as data surface data stream list to data surface output;If the movement content of each flow table item is inconsistent,
Then selecting movement content, unanimously the largest number of movement contents, and will be with the target action content as target action content
Corresponding and earliest entry-into-force time flow table item is exported as data surface data stream list to data surface.
6. control method according to claim 5, it is characterised in that:
The route test face includes openflow controllers, openflow adapters and routing logic unit;It is described
Openflow controllers to upper-layer service using the northbound interface that open is provided and based on openflow protocol realizations and
The communication of the routing data surface;The northbound interface that the openflow adapters are provided based on the openflow controllers,
Realize the communication matching process between the openflow controllers and the routing logic unit;The routing logic unit is used
To realize its network layer and data link layer functions as router component, i.e., to run routing protocol, generation is respectively right
The routing table answered and the logic control for completing data link.
7. control method according to claim 6, it is characterised in that:
The routing logic unit in the route test face only to realize its Network layer function as router component, i.e., to
Routing protocol is run, generates corresponding routing table;Northbound interface is provided by the openflow controllers simultaneously, is used
Independent data link control module completes the logic control of data link.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510925071.7A CN105553863B (en) | 2015-12-14 | 2015-12-14 | A kind of more logic variant route control systems and control method based on OpenFlow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510925071.7A CN105553863B (en) | 2015-12-14 | 2015-12-14 | A kind of more logic variant route control systems and control method based on OpenFlow |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105553863A CN105553863A (en) | 2016-05-04 |
| CN105553863B true CN105553863B (en) | 2018-06-19 |
Family
ID=55832801
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510925071.7A Expired - Fee Related CN105553863B (en) | 2015-12-14 | 2015-12-14 | A kind of more logic variant route control systems and control method based on OpenFlow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105553863B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105897576B (en) * | 2016-06-23 | 2019-08-30 | 中国电子科技集团公司第五十四研究所 | A kind of router design method of shared route test logic |
| CN107547379B (en) * | 2016-06-23 | 2020-08-25 | 华为技术有限公司 | Method for generating route control action in software defined network and related equipment |
| CN106713131A (en) * | 2016-11-18 | 2017-05-24 | 上海红阵信息科技有限公司 | Multi-BGP routing instance parallel execution device |
| CN109587061B (en) * | 2018-11-08 | 2022-04-22 | 华为技术有限公司 | Method, device and equipment for processing route |
| CN111654384A (en) * | 2019-09-27 | 2020-09-11 | 中兴通讯股份有限公司 | Main/standby switching method, BRAS (broadband remote Access Server) equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546351A (en) * | 2012-03-15 | 2012-07-04 | 北京邮电大学 | System and method for interconnecting openflow network and conventional Internet protocol (IP) network |
| EP2765751A1 (en) * | 2012-12-24 | 2014-08-13 | Huawei Technologies Co., Ltd. | Software defined network based data processing method, node and system |
| CN104009871A (en) * | 2014-06-06 | 2014-08-27 | 中国科学院声学研究所 | SDN controller implementation method and SDN controller |
| CN104158763A (en) * | 2014-08-29 | 2014-11-19 | 重庆大学 | Software-defined content centric network architecture |
| CN104935604A (en) * | 2015-06-29 | 2015-09-23 | 南京邮电大学 | Open Flow protocol-based SDN firewall system and method |
| CN105007224A (en) * | 2015-07-28 | 2015-10-28 | 清华大学 | System and method for intercommunication between SDN (Software Defined Networking) network and IP (Internet Protocol) network |
-
2015
- 2015-12-14 CN CN201510925071.7A patent/CN105553863B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546351A (en) * | 2012-03-15 | 2012-07-04 | 北京邮电大学 | System and method for interconnecting openflow network and conventional Internet protocol (IP) network |
| EP2765751A1 (en) * | 2012-12-24 | 2014-08-13 | Huawei Technologies Co., Ltd. | Software defined network based data processing method, node and system |
| CN104009871A (en) * | 2014-06-06 | 2014-08-27 | 中国科学院声学研究所 | SDN controller implementation method and SDN controller |
| CN104158763A (en) * | 2014-08-29 | 2014-11-19 | 重庆大学 | Software-defined content centric network architecture |
| CN104935604A (en) * | 2015-06-29 | 2015-09-23 | 南京邮电大学 | Open Flow protocol-based SDN firewall system and method |
| CN105007224A (en) * | 2015-07-28 | 2015-10-28 | 清华大学 | System and method for intercommunication between SDN (Software Defined Networking) network and IP (Internet Protocol) network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105553863A (en) | 2016-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105553863B (en) | A kind of more logic variant route control systems and control method based on OpenFlow | |
| KR101907752B1 (en) | SDN capable of detection DDoS attacks using artificial intelligence and controller including the same | |
| Shukla et al. | Towards meticulous data plane monitoring | |
| Dhawan et al. | Sphinx: detecting security attacks in software-defined networks. | |
| Zhang et al. | Mind the gap: Monitoring the control-data plane consistency in software defined networks | |
| JP5440691B2 (en) | Packet transfer system, control device, transfer device, processing rule creation method and program | |
| US9491083B2 (en) | Systems and methods of test packet handling | |
| US9853859B2 (en) | Network element and a controller for managing the network element | |
| US9401928B2 (en) | Data stream security processing method and apparatus | |
| US11277770B2 (en) | Method and system for steering bidirectional network traffic to a same service device | |
| US11283683B2 (en) | Network modification impact prediction | |
| WO2017073089A1 (en) | Communication device, system, and method | |
| Yang et al. | Scalable verification of networks with packet transformers using atomic predicates | |
| KR20170049509A (en) | Collecting and analyzing selected network traffic | |
| TW201830919A (en) | Software Defined Network controller, service function chaining system and trace tracking METHOD | |
| Morzhov et al. | Firewall application for Floodlight SDN controller | |
| US20200028762A1 (en) | Network verification system | |
| WO2017215378A1 (en) | Software-defined network, node, path calculation method and device, and storage medium | |
| CN105357114A (en) | Distributed network equipment | |
| US20200186429A1 (en) | Determining violation of a network invariant | |
| CN116055254A (en) | Safe and trusted gateway system, control method, medium, equipment and terminal | |
| WO2016199404A1 (en) | Network verification device, network verification method and program recording medium | |
| US11438376B2 (en) | Problematic autonomous system routing detection | |
| Zakharov et al. | A formal model and verification problems for software defined networks | |
| Wang et al. | Rule anomalies detecting and resolving for software defined networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180619 Termination date: 20191214 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |