CN106375207A - Time exceeded message control method and system based on SDN (Software Defined Network) - Google Patents
Time exceeded message control method and system based on SDN (Software Defined Network) Download PDFInfo
- Publication number
- CN106375207A CN106375207A CN201610803044.7A CN201610803044A CN106375207A CN 106375207 A CN106375207 A CN 106375207A CN 201610803044 A CN201610803044 A CN 201610803044A CN 106375207 A CN106375207 A CN 106375207A
- Authority
- CN
- China
- Prior art keywords
- switch
- message
- timeout packet
- data message
- attribute information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/20—Hop count for routing purposes, e.g. TTL
Abstract
The invention discloses a time exceeded message control method based on an SDN (Software Defined Network). The method comprises the steps that S1, switches report private messages to a controller; S2, the controller receives the private messages reported by all switches and obtains switch attribute information according to the private messages; S3, forwarding paths are calculated according to the switch attribute information, and time exceeded message filtering dynamic tables are generated according to the forwarding paths; S4, the controller issues the time exceeded message filtering dynamic tables to the switches; and S5, the switches process received data messages according to the received time exceeded message filtering dynamic tables. According to the method and the system, excessive TTL time exceeded messages are prevented from being generated; the excessive TTL time exceeded messages are prevented from impacting network devices; and the transmission efficiency of the data messages in the network is greatly improved.
Description
Technical field
The present invention relates to internet arena, more particularly, to a kind of timeout packet control method based on sdn and system.
Background technology
When network has route loop, ip message mutually forwards in equipment room, often forwards one to jump then ttl value and subtracts one,
Lead to ttl value time-out eventually.After the network equipment receives ttl timeout packet, need to send ttl time-out notification to source device, inform
Opposite end ttl time-out, traceroute is exactly the purpose reaching path detection using this function.Excessive ttl timeout packet, can rush
Hit the control plane of the network equipment, lead to the decline of network equipment regular traffic process performance.
The detection of conventional switch product support ttl timeout packet and filtering function, when equipment receive ttl be equal to 0 or
During ip message equal to 1, directly abandon, do not forwarded or on send cpu process.
Although prior art supports detection and the filtering function of ttl timeout packet, it is limited in that it is local computing, when
When equipment detects the ip message that ttl is equal to 0, directly abandon it is impossible to find the generation of ttl time-out in time, therefore cannot avoid
The generation of excessive ttl timeout packet.
Content of the invention
For solving above-mentioned technical problem, the present invention provides a kind of timeout packet control method based on sdn and system, will be pre-
First judge the generation of ttl time-out, be prevented from the excessive ttl timeout packet impact network equipment.
The technical scheme that the present invention provides is as follows:
The invention discloses a kind of timeout packet control method based on sdn, including step: s1, switch report privately owned
Message is to controller;S2, controller receive the privately owned message that all switches report, and obtain exchange according to described privately owned message
Machine attribute information;S3, according to described switch property information calculate forward-path, and according to described forward-path generate time-out report
Literary composition filters dynamic table;S4, controller issue described timeout packet and filter dynamic table to switch;S5, switch are according to receiving
Described timeout packet filter the data message that dynamic list processing receives.
It is further preferred that described step s5 " switch filters dynamic table processing data message according to described timeout packet "
Further include step: s51, switch receiving data message, and obtain the message attribute information of described data message;S53, look into
Look for described timeout packet to filter dynamic table and whether there is the list item with described message attribute information matches;S54, when described time-out report
When literary composition filters the list item that dynamic table exists with described message attribute information matches, switch filters dynamic according to described timeout packet
Table obtains the forward-path of described data message, and calculates described data according to described forward-path and described message attribute information
Whether message is timeout packet;S55, when judging described data message for timeout packet, switch directly abandons described data
Message.
It is further preferred that described step s55 further includes that step: s551, switch obtain described timeout packet mistake
With filtration types matching field in the list item of described message attribute information matches in filter dynamic table;S552, judge described filtration class
Whether type matching field is access switch filtration types;If so, switch directly abandons described data message;Otherwise, execute
Next step;S553, according to described message attribute information whether judge the ttl value of described data message be preset value when;If so, hand over
Change planes and directly abandon described data message;Otherwise, switch forwards described data message.
It is further preferred that further comprising the steps of: s52 between described step s51 and described step s53, according to described data
The message attribute information of message judges whether switch is access switch;If so, execution step s53;Otherwise, switch forwards
Described data message.
It is further preferred that described step s5 further comprises the steps of: s56, does not deposit when described timeout packet filters in dynamic table
In the list item mating with described attribute information, switch reports described data message to controller.
It is further preferred that further comprise the steps of: s6, described data message that controller desampler reports, obtain institute
State the message attribute information of data message, calculate the forward-path of described data message;S7, controller are according to described message attribute
Information and the generation of described forward-path and the list item of described message attribute information matches, update described timeout packet and filter dynamically
Table;S8, calculate whether described data message is timeout packet according to described forward-path and described message attribute information;If so,
Execution next step;Otherwise, controller issues described timeout packet to the switch on described forward-path and filters dynamic table;s9、
Controller issues described timeout packet to access switch and filters dynamic table.
Invention additionally discloses a kind of timeout packet control system based on sdn, using the above-mentioned timeout packet control based on sdn
Method processed, comprising: at least one switch and controller;Described controller is connected with described switch;Described switch includes:
Privately owned message reporting module, is used for reporting privately owned message to controller;Memory module, the time-out report issuing for storage control
Literary composition filters dynamic table;Timeout packet processing module, for filtering, according to described timeout packet, the data that dynamic list processing receives
Message;Described controller includes: message receiver module, for receiving the privately owned message that all switches report;First attribute letter
Breath acquisition module, for obtaining switch property information according to described privately owned message;First computation module, for root
Calculate forward-path according to described switch property information;Dynamic table generation module, for generating time-out according to described forward-path
Packet filtering dynamic table;Table issues module, is used for issuing described timeout packet filtration dynamic table to all switches.
It is further preferred that described timeout packet processing module further includes: the second attribute information acquisition module, it is used for
Obtain the message attribute information of the described data message receiving;Matching module, filters dynamically for searching described timeout packet
Table whether there is the list item with described message attribute information matches;First overtime judge module, for according to described data message
Forward-path and described message attribute information judge whether described data message is timeout packet;Performing module, sentences for working as
When the described data message that breaks is timeout packet, directly abandon described data message.
It is further preferred that described switch also includes: switch judge module, for the report according to described data message
Civilian attribute information judges whether switch is access switch;Described performing module is additionally operable to sentence when described switch judge module
Breaking off a friendship changes planes when being not access switch, directly abandons the described data message receiving.
It is further preferred that described message receiver module is additionally operable to receive the data message that all switches report;Described
First attribute information acquisition module is additionally operable to obtain message attribute information according to described data message;Described first forward-path meter
Calculate module to be additionally operable to calculate forward-path according to described switch property information;Described controller also includes: update module, described
Update module is used for generating the table with described message attribute information matches according to described message attribute information and described forward-path
, update described timeout packet and filter dynamic table;Second overtime judge module, for the forward-path according to described data message
Judge whether described data message is timeout packet with described message attribute information;Described table issues module and is additionally operable to work as and judges institute
When stating data message for timeout packet, issue the described timeout packet after renewal and filter dynamic table to access switch.
Compared with prior art, the invention provides a kind of timeout packet control method based on sdn and system, by
At access switch, data message is judged, when judging data message for timeout packet, just will at access switch
Data message abandons, thus avoiding the generation of excessive ttl timeout packet, preventing excessive ttl timeout packet from impacting network and setting
Standby, greatly improve the efficiency of transmission of data message in network.
Brief description
Below by the way of clearly understandable, preferred implementation is described with reference to the drawings, the present invention is given furtherly
Bright.
Fig. 1 is a kind of key step schematic diagram of the timeout packet control method based on sdn of the present invention;
Fig. 2 is a kind of general flow chart of the timeout packet control method based on sdn of the present invention;
Fig. 3 is a kind of step schematic diagram of an embodiment of the timeout packet control method based on sdn of the present invention;
Fig. 4 is a kind of flow chart of an embodiment of the timeout packet control method based on sdn of the present invention;
Fig. 5 is a kind of step schematic diagram of another embodiment of the timeout packet control method based on sdn of the present invention;
Fig. 6 is a kind of flow chart of another embodiment of the timeout packet control method based on sdn of the present invention;
Fig. 7 is a kind of main composition schematic diagram of the timeout packet control system based on sdn of the present invention;
Fig. 8 is fully composed schematic diagram for a kind of timeout packet control system based on sdn of the present invention;
Drawing reference numeral illustrates:
1st, switch, 11, privately owned message reporting module, 12, memory module, 13, timeout packet processing module, 131, second
Attribute information acquisition module, the 132, matching module, 133, first overtime judge module, 134, performing module, 14, switch judges
Module,
2nd, controller, 21, message receiver module, the 22, first attribute information acquisition module, the 23, first computation
Module, 24, dynamic table generation module, 25, table issue module, 26, update module, the 27, second overtime judge module.
Specific embodiment
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, brief description will be compareed below
The specific embodiment of the present invention.It should be evident that drawings in the following description are only some embodiments of the present invention, for
For those of ordinary skill in the art, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings
Accompanying drawing, and obtain other embodiments.
For making simplified form, each in figure only schematically show part related to the present invention, and they do not represent
It is as the practical structures of product.In addition, so that simplified form readily appreciates, there is identical structure or function in some in figures
Part, only symbolically depicts one of, or has only marked one of.Herein, " one " not only represents
" only this " is it is also possible to represent the situation of " more than one ".
Fig. 1 is a kind of key step schematic diagram of the timeout packet control method based on sdn of the present invention, as the present invention's
One specific embodiment, as shown in figure 1, a kind of timeout packet control method based on sdn, including step: s1, switch report
Privately owned message is to controller;S2, controller receive the privately owned message that all switches report, and are obtained according to described privately owned message
Switch property information;S3, forward-path is calculated according to described switch property information, and generated according to described forward-path super
When packet filtering dynamic table;S4, controller issue described timeout packet and filter dynamic table to switch;S5, switch are according to connecing
The described timeout packet receiving filters the data message that dynamic list processing receives.
The present invention is based on sdn framework, so-called sdn be software defined network (software defined network,
Sdn), it is a kind of new network of Emulex network innovation framework of emulex network, be a kind of implementation of network virtualization, its core technology
Openflow, by separating network equipment chain of command and data surface, it is achieved thereby that the flexible control of network traffics, makes
Network becomes more intelligent as pipeline.
Specifically, in the present invention, controller should support that the ttl timeout packet based on sdn filters configuration task sequence, should wrap
Include: the ttl timeout packet based on stream filters dynamic table, is opened or closed based on the ttl timeout packet filter algorithm function of sdn,
As shown in Table 1 and Table 2.
Table 1 timeout packet filters configuration task sequence
Table 2 timeout packet filters dynamic table
The privately owned message that in the present embodiment, switch reports is the privately owned extension from switch to controller
Experimenter message, its form is as shown in table 3 below.As shown in table 3, experimenter value needs to onf for 255
(open networking foundation, open network foundation) is applied for.Experimenter type value is shown to be for 1
From switch direction to controller.Privately owned extension experimenter message reports controller by switch.
Table 3
As shown in table 3, controller obtains switch property information, the specially port of switch and end by privately owned message
Mouth ip address, the port according to all switches and port ip address computation data message forwarding path, generate timeout packet mistake
Filter dynamic table.
Specifically, Fig. 2 is a kind of general flow chart of the timeout packet control method based on sdn of the present invention.As shown in Fig. 2
The present invention obtains all switch property information according to privately owned message, and described attribute information includes the port of switch and port
Ip address;Before data message forwarding, the source ip of the privately owned Receive message user that controller reports according to switch, purpose ip
And the port of switch and port address, dynamic table is filtered according to the ttl timeout packet that above- mentioned information generates based on stream, and counts
Calculate forward-path.Last controller issues timeout packet to the switch on forward-path and filters dynamic table, and switch is according to super
When packet filtering dynamic list processing timeout packet.
In conjunction with Fig. 2, describe main-process stream of the present invention in detail, specific as follows:
200th, start.
201st, the privately owned message that controller reports according to switch, obtains switch property information.
202nd, controller generates timeout packet according to switch property information and filters dynamic table, and calculates forward-path.
203rd, controller issues timeout packet and filters dynamic table, and switch filters dynamic table processing data according to timeout packet
Message.
204th, terminate.
Fig. 3 is a kind of step schematic diagram of an embodiment of the timeout packet control method based on sdn of the present invention.As figure
Shown in 3, described step s5 " switch filters dynamic table processing data message according to described timeout packet " further includes step:
S51, switch receiving data message, and obtain the message attribute information of described data message;S53, the described timeout packet of lookup
Filter dynamic table and whether there is the list item with described message attribute information matches;S54, when described timeout packet filter dynamic table deposit
In the list item with described message attribute information matches, switch filters dynamic table according to described timeout packet and obtains described data
The forward-path of message, and calculate whether described data message is time-out according to described forward-path and described message attribute information
Message;S55, when judging described data message for timeout packet, switch directly abandons described data message.
Specifically, in the present invention, switch filters dynamic table to the data receiving according to the timeout packet that controller generates
Message is processed, and when receiving a data message, filters in timeout packet first and has searched whether in dynamic table and number
According to the list item of the message attribute information matches of message, in the present embodiment, message attribute information refers to source ip address and mesh in message
Ip address.If it is present calculating whether this data message is timeout packet.
Calculating the algorithm whether message is timeout packet in the present embodiment is:
1st, calculate the ttl field in data message first.
Ttl is the maximum hop count that ip packet can forward in a computer network.Ttl field is by the transmission of ip packet
Person is arranged, on whole forward-path from source to purpose for the ip packet, often through a switch/router, switch/road
This ttl field value all can be changed by device, specific way is that the value of this ttl is subtracted 1, then forwards ip bag again.As
Fruit ip bag arrival purpose ip before, ttl is reduced to 0, switch/router will abandon the ttl=0 receiving ip bag and to
The sender of ip bag sends icmp time exceeded message.The effect of ttl is to limit ip packet in a computer network
Presence time, it is to avoid ip bag Infinite Cyclic in a network and transmitting-receiving, save Internet resources, and the transmission of ip bag can be made
Person can receive alarm information.The maximum of ttl is a recommendation of 255, ttl is 64.
2nd, the forward-path that dynamic table calculates this data message is filtered according to timeout packet, calculate and forward this data message to need
Switch quantity to be passed through.
3rd, compare ttl value and the switch quantity of data message ttl field, if ttl value be less than switch quantity then it represents that
If this data message is a time out message ttl value is more than switch quantity then it represents that this data message is not a time out message.
Preferably, described step s55 further includes that step: s551, switch obtain described timeout packet and filter dynamically
With filtration types matching field in the list item of described message attribute information matches in table;S552, judge described filtration types coupling
Whether field is access switch filtration types;If so, switch directly abandons described data message;Otherwise, execute next step;
S553, according to described message attribute information whether judge the ttl value of described data message be preset value when;If so, switchboard direct
Connect the described data message of discarding;Otherwise, switch forwards described data message.
Specifically, the present invention is extended on the basis of existing flow table, increased filtration types matching field, generates
The timeout packet based on sdn in the present invention filters dynamic table.
Table 4 extension of flow table definition
As shown in table 4, dynamic stream is filtered in timeout packet in the purpose ip address of data message and source ip address by switch
Mated in table, and obtained filtration types.When calculating data message for timeout packet, executed corresponding according to filtration types
Action, when filtration types are for access switch filtration types, direct dropping packets.
Fig. 4 is a kind of flow chart of an embodiment of the timeout packet control method based on sdn of the present invention.As Fig. 4 institute
Show, switch workflow of the present invention is specific as follows:
400th, start.
401st, switch receiving data message.
402nd, judge that the message attribute information of data message and timeout packet filter whether dynamic table mates;If so, then hold
Row step 403, otherwise, execution step 406, reported data message are to controller.
403rd, determine whether whether data message is timeout packet;If so, execution step 404;Otherwise, execution step
405.
404th, judge that timeout packet filters whether filtration types matching field in dynamic table is access switch filtration types;
If so, execution step 407,;Otherwise, execution step 405.
405th, when the ttl value of data message is for 0, data message is dropped, and otherwise data message is forwarded.
408th, terminate.
Preferably, further comprise the steps of: s52 between described step s51 and described step s53, according to described data message
Message attribute information judges whether switch is access switch;If so, execution step s53;Otherwise, switch forwards described number
According to message.
By judging to switch in the present embodiment, it is possible to reduce the calculating process of intermediary switch, as long as entering
At mouth switch, data message is calculated, when judging that data message is not timeout packet, in theory in repeating process no
Again data message need to be calculated.Judge to greatly reduce amount of calculation by access switch type,
Preferably, described step s5 further comprises the steps of: s56, does not exist and institute when described timeout packet filters in dynamic table
When stating the list item that attribute information mates, switch reports described data message to controller.
Fig. 5 is a kind of step schematic diagram of another embodiment of the timeout packet control method based on sdn of the present invention.As
Shown in Fig. 5 it is preferred that further comprise the steps of: s6, described data message that controller desampler reports, obtain described data
The message attribute information of message, calculates the forward-path of described data message;S7, controller according to described message attribute information and
Described forward-path generates the list item with described message attribute information matches, updates described timeout packet and filters dynamic table;S8, root
Calculate whether described data message is timeout packet according to described forward-path and described message attribute information;If so, execute next
Step;Otherwise, controller issues described timeout packet to the switch on described forward-path and filters dynamic table;S9, controller to
Access switch issues described timeout packet and filters dynamic table.
Specifically, controller of the present invention receives message, extraction source ip, purpose ip from switch.According to source ip, purpose ip is given birth to
The timeout packet based on stream is become to filter the list item of dynamic table.Then controller calculates forward-path, whether judges this data message
It is a time out message, if not timeout packet, issue timeout packet to the switch on forward-path and filter dynamic table, normal turn
Transmit messages literary composition.
If timeout packet, judge filtration types, if access switch (data message has just enter into the exchange of network
Machine) filtration types, issue timeout packet to access switch and filter dynamic table, ttl timeout packet is abandoned on access switch.
If ttl is zero filtration types, issue flow table to the switch of forward-path, when ttl is 0, abandon ttl time-out report
Literary composition.
Fig. 6 is a kind of flow chart of another embodiment of the timeout packet control method based on sdn of the present invention.As Fig. 6
Shown, controller of the present invention, when receiving the data message not mating timeout packet filtration dynamic table, processes workflow tool
Body is as follows:
600th, start.
601st, controller, from switch receiving data message, extracts message attribute information.
602nd, the list item that timeout packet filters dynamic table is generated according to message attribute information.
603rd, calculate data message forwarding path, judge whether this data message is a time out message;If so, execution step
604;Otherwise, execution step 607, issue to the switch of forward-path timeout packet filter dynamic table, when ttl be 0 when,
Switch abandons timeout packet.
604th, judge whether filtration types are access switch filtration types;If so, execution step 605;Otherwise, execute step
Rapid 607;
605th, issue timeout packet to access switch and filter dynamic table, timeout packet is abandoned on access switch.
606th, terminate.
Fig. 7 is a kind of main composition schematic diagram of the timeout packet control system based on sdn of the present invention, is based on using above-mentioned
The timeout packet control method of sdn, comprising: at least one switch 1 and controller 2;Described controller 2 and described switch 1
It is connected;Described switch 1 includes: privately owned message reporting module 11, is used for reporting privately owned message to controller;Memory module 12,
Filter dynamic table for the timeout packet that storage control 2 issues;Timeout packet processing module 13, for according to described time-out report
Literary composition filters the data message that dynamic list processing receives;Described controller 2 includes: message receiver module 21, all for receiving
The privately owned message that switch 1 reports;First attribute information acquisition module 22, belongs to for obtaining switch according to described privately owned message
Property information;First computation module 23, for calculating forward-path according to described switch property information;Dynamic table is given birth to
Become module 24, filter dynamic table for timeout packet is generated according to described forward-path;Table issues module 25, is used for issuing described
Timeout packet filters dynamic table to all switches 1.
Preferably, Fig. 8 be a kind of timeout packet control system based on sdn of the present invention be fully composed schematic diagram, such as Fig. 8
Shown, described timeout packet processing module 13 further includes: the second attribute information acquisition module 131, receives for obtaining
Described data message message attribute information;For searching described timeout packet, matching module 132, filters whether dynamic table is deposited
In the list item with described message attribute information matches;First overtime judge module 133, for the forwarding according to described data message
Path and described message attribute information judge whether described data message is timeout packet;Performing module 134, judges institute for working as
When stating data message for timeout packet, directly abandon described data message.
Preferably, described switch 1 also includes: switch judge module 14, for the message according to described data message
Attribute information judges whether switch 1 is access switch;Described performing module 134 is additionally operable to when described switch judge module
14 when judging that switch 1 is not access switch, directly abandons the described data message receiving.
Preferably, described message receiver module 21 is additionally operable to receive the data message that all switches 1 report;Described first
Attribute information acquisition module 22 is additionally operable to obtain message attribute information according to described data message;Described first computation
Module 23 is additionally operable to calculate forward-path according to described switch property information;Described controller 2 also includes: update module 26,
Described update module 26 is used for being generated and described message attribute information according to described message attribute information and described forward-path
The list item joined, updates described timeout packet and filters dynamic table;Second overtime judge module 27, for according to described data message
Forward-path and described message attribute information judge whether described data message is timeout packet;Described table issues module 25 and also uses
Filter dynamic table in when judging described data message for timeout packet, issuing the described timeout packet after renewal to ingress switch
Machine.
It should be noted that the content such as the information exchange between each module, implementation procedure and said method are real in the system
Apply example and be based on same design, particular content can be found in the narration in the inventive method embodiment, and here is omitted.
It should be noted that above-described embodiment all can independent assortment as needed.The above is only the preferred of the present invention
Embodiment it is noted that for those skilled in the art, in the premise without departing from the principle of the invention
Under, some improvements and modifications can also be made, these improvements and modifications also should be regarded as protection scope of the present invention.
Claims (10)
1. a kind of timeout packet control method based on sdn is it is characterised in that include step:
S1, switch report privately owned message to controller;
S2, controller receive the privately owned message that all switches report, and obtain switch property letter according to described privately owned message
Breath;
S3, according to described switch property information calculate forward-path, and according to described forward-path generate timeout packet filter
Dynamic table;
S4, controller issue described timeout packet and filter dynamic table to switch;
S5, switch filter, according to the described timeout packet receiving, the data message that dynamic list processing receives.
2. the timeout packet control method based on sdn as claimed in claim 1 is it is characterised in that described step s5 " switch
Dynamic table processing data message is filtered according to described timeout packet " further include step:
S51, switch receiving data message, and obtain the message attribute information of described data message;
S53, the described timeout packet of lookup filter dynamic table and whether there is the list item with described message attribute information matches;
S54, when described timeout packet filters dynamic table and exists with the list item of described message attribute information matches, switch according to
Described timeout packet filters the forward-path that dynamic table obtains described data message, and according to described forward-path and described message
Attribute information calculates whether described data message is timeout packet;
S55, when judging described data message for timeout packet, switch directly abandons described data message.
3. the timeout packet control method based on sdn as claimed in claim 2 is it is characterised in that described step s55 is further
Including step:
S551, switch obtain in described timeout packet filtration dynamic table and filter with the list item of described message attribute information matches
Type matching field;
S552, judge whether described filtration types matching field is access switch filtration types;If so, switch directly abandons
Described data message;Otherwise, execute next step;
S553, according to described message attribute information whether judge the ttl value of described data message be preset value when;If so, exchange
Machine directly abandons described data message;Otherwise, switch forwards described data message.
4. the timeout packet control method based on sdn as claimed in claim 1 is it is characterised in that described step s51 and described
Further comprise the steps of: between step s53
S52, judge whether switch is access switch according to the message attribute information of described data message;If so, execute step
Rapid s53;Otherwise, switch forwards described data message.
5. the timeout packet control method based on sdn as claimed in claim 2 is it is characterised in that described step s5 also includes
Step:
S56, when described timeout packet filter dynamic table in there is not the list item mating with described attribute information when, switch reports
Described data message is to controller.
6. the timeout packet control method based on sdn as claimed in claim 5 is it is characterised in that further comprise the steps of:
The described data message that s6, controller desampler report, obtains the message attribute information of described data message, calculates
The forward-path of described data message;
S7, controller generate the table with described message attribute information matches according to described message attribute information and described forward-path
, update described timeout packet and filter dynamic table;
S8, calculate whether described data message is timeout packet according to described forward-path and described message attribute information;If so,
Execution next step;Otherwise, controller issues described timeout packet to the switch on described forward-path and filters dynamic table;
S9, controller issue described timeout packet to access switch and filter dynamic table.
7. a kind of timeout packet control system based on sdn, using described in the claims 1-6 any one claim
Timeout packet control method based on sdn is it is characterised in that include: at least one switch and controller;Described controller with
Described switch is connected;
Described switch includes:
Privately owned message reporting module, is used for reporting privately owned message to controller;
Memory module, filters dynamic table for the timeout packet that storage control issues;
Timeout packet processing module, for filtering, according to described timeout packet, the data message that dynamic list processing receives;
Described controller includes:
Message receiver module, for receiving the privately owned message that all switches report;
First attribute information acquisition module, for obtaining switch property information according to described privately owned message;
First computation module, for calculating forward-path according to described switch property information;
Dynamic table generation module, filters dynamic table for generating timeout packet according to described forward-path;
Table issues module, is used for issuing described timeout packet filtration dynamic table to all switches.
8. the timeout packet control system based on sdn as claimed in claim 7 is it is characterised in that described timeout packet is processed
Module further includes:
Second attribute information acquisition module, for obtaining the message attribute information of the described data message receiving;
Matching module, filters dynamic table with the presence or absence of the table with described message attribute information matches for searching described timeout packet
?;
First overtime judge module, for described in the forward-path according to described data message and the judgement of described message attribute information
Whether data message is timeout packet;
Performing module, for when judging described data message for timeout packet, directly abandoning described data message.
9. the timeout packet control system based on sdn as claimed in claim 7 is it is characterised in that described switch also includes:
According to the message attribute information of described data message, switch judge module, for judging whether switch is ingress switch
Machine;
Described performing module is additionally operable to when described switch judge module judges that switch is not access switch, directly abandons
The described data message receiving.
10. the timeout packet control system based on sdn as claimed in claim 7 it is characterised in that:
Described message receiver module is additionally operable to receive the data message that all switches report;
Described first attribute information acquisition module is additionally operable to obtain message attribute information according to described data message;
Described first computation module is additionally operable to calculate forward-path according to described switch property information;
Described controller also includes:
Update module, described update module is used for being generated and described message according to described message attribute information and described forward-path
The list item of attribute information coupling, updates described timeout packet and filters dynamic table;
Second overtime judge module, for described in the forward-path according to described data message and the judgement of described message attribute information
Whether data message is timeout packet;
Described table issues module and is additionally operable to, when judging described data message for timeout packet, issue the described time-out report after renewal
Literary composition filters dynamic table to access switch.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610803044.7A CN106375207A (en) | 2016-09-05 | 2016-09-05 | Time exceeded message control method and system based on SDN (Software Defined Network) |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610803044.7A CN106375207A (en) | 2016-09-05 | 2016-09-05 | Time exceeded message control method and system based on SDN (Software Defined Network) |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106375207A true CN106375207A (en) | 2017-02-01 |
Family
ID=57899988
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610803044.7A Pending CN106375207A (en) | 2016-09-05 | 2016-09-05 | Time exceeded message control method and system based on SDN (Software Defined Network) |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106375207A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005116A (en) * | 2017-06-07 | 2018-12-14 | 华为技术有限公司 | A kind of message forwarding method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101582833A (en) * | 2008-05-15 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Method and device for processing spoofed IP data packet |
CN101674312A (en) * | 2009-10-19 | 2010-03-17 | 中兴通讯股份有限公司 | Method for preventing source address spoofing in network transmission and device thereof |
CN105577669A (en) * | 2015-12-25 | 2016-05-11 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for identifying false source attack |
CN105634660A (en) * | 2014-07-16 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Data packet detection method and system |
-
2016
- 2016-09-05 CN CN201610803044.7A patent/CN106375207A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101582833A (en) * | 2008-05-15 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Method and device for processing spoofed IP data packet |
CN101674312A (en) * | 2009-10-19 | 2010-03-17 | 中兴通讯股份有限公司 | Method for preventing source address spoofing in network transmission and device thereof |
CN105634660A (en) * | 2014-07-16 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Data packet detection method and system |
CN105577669A (en) * | 2015-12-25 | 2016-05-11 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for identifying false source attack |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005116A (en) * | 2017-06-07 | 2018-12-14 | 华为技术有限公司 | A kind of message forwarding method and device |
CN109005116B (en) * | 2017-06-07 | 2020-07-24 | 华为技术有限公司 | Message forwarding method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108512760B (en) | Routing method based on SDN guarantee service QoS | |
CN103825823B (en) | Data forwarding method based on different priorities in software-defined network | |
US11159432B2 (en) | Data transmission method, and switch and network control system using the method | |
CN112615818B (en) | SDN-based DDOS attack protection method, device and system | |
US8115617B2 (en) | Alarm reordering to handle alarm storms in large networks | |
CN109756421B (en) | Congestion control system and method based on OpenFlow technology | |
CN104717098B (en) | A kind of data processing method and device | |
CN103873379B (en) | A kind of distributed route based on overlay network is anti-to ruin tactics configuring method and system | |
CN103618677B (en) | Network flow regulation method and system | |
CN103595626B (en) | Method for achieving dynamic path planning in ring network | |
CN106130767A (en) | The system and method that a kind of service path failure monitoring and fault solve | |
CN106411820A (en) | Industrial communication flow transmission safety control method based on SDN architecture | |
CN108040057A (en) | Suitable for guaranteeing network security, the SDN systems of network communication quality | |
CN105634952B (en) | The quick notifying method of LSP message and device | |
CN107888617A (en) | The method of work of the network architecture of software definition | |
CN105516025B (en) | Path clustering and data transmission method, OpenFlow controller and interchanger end to end | |
CN104539461A (en) | Device and method for inhibitory protocol port oscillation reporting | |
CN106533832A (en) | Distributed-deployment-based network flow detection system | |
CN104980302A (en) | STP-based method for removing redundancy link under SDN framework | |
CN105530115B (en) | A kind of method and device for realizing operation management maintainance function | |
CN108337179A (en) | Link flow control method and device | |
CN105359472A (en) | Data processing method and apparatus for OpenFlow network | |
CN105379210A (en) | Data flow processing method and apparatus | |
CN106375207A (en) | Time exceeded message control method and system based on SDN (Software Defined Network) | |
CN110536187A (en) | Forward the method and access layer exchange device of data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170201 |
|
WD01 | Invention patent application deemed withdrawn after publication |