CN106953848A - A kind of software defined network implementation method based on ForCES - Google Patents
A kind of software defined network implementation method based on ForCES Download PDFInfo
- Publication number
- CN106953848A CN106953848A CN201710114858.4A CN201710114858A CN106953848A CN 106953848 A CN106953848 A CN 106953848A CN 201710114858 A CN201710114858 A CN 201710114858A CN 106953848 A CN106953848 A CN 106953848A
- Authority
- CN
- China
- Prior art keywords
- network
- logic function
- function block
- address
- forces
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000007667 floating Methods 0.000 claims description 41
- 230000009471 action Effects 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 8
- 230000003068 static effect Effects 0.000 claims description 8
- 239000000203 mixture Substances 0.000 claims description 6
- 238000012986 modification Methods 0.000 claims description 6
- 230000004048 modification Effects 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 5
- 239000000284 extract Substances 0.000 claims 1
- 238000013461 design Methods 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000003860 storage Methods 0.000 description 4
- 238000013507 mapping Methods 0.000 description 3
- 238000000926 separation method Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013499 data model Methods 0.000 description 1
- 230000009849 deactivation Effects 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1045—Proxies, e.g. for session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/133—Protocols for remote procedure calls [RPC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/562—Brokering proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of software defined network implementation method based on ForCES.A kind of implementation based on ForCES expansion plugins is proposed in the present invention based on Neutron SDN frameworks, the basic framework of ForCES expansion plugins includes plug-in unit and plug-in unit acts on behalf of two parts.Plug-in unit creates three-layer routing by the interacting message with Neutron, and user is converted into the specific operation to virtual net, route and network interface to the property operations of logic function block, plug-in unit agency is on network node and calculate node, it is the container for holding logic function block entity, realizes the network layer handles of packet;The present invention gives the design and modeling method of related IETF ForCES logic function blocks so that the northbound interface that user can be provided by ForCES expansion plugins easily carries out redefining for Openstack networks.
Description
Technical field
The present invention relates to network communication technology field, and in particular to a kind of software defined network realization side based on ForCES
Method.
Background technology
Cloud computing is a new revolution of IT industry, is after another field after computer revolution and Net-volution
Important technological revolution.The appearance of cloud computing, it is meant that people can use the virtual resource of internet, user can manage and
The bought service of control, the Internet resources that can be distributed according to need by cloud computing in the environment of multi-tenant.Due to net
Network is a part for service deployment.Except network, in addition it is also necessary to for traffic assignments computing resource, storage resource etc..If one
Individual platform, can manage these resources concentratedly, and when virtual machine needs change (increase, is deleted, migration), it is only necessary to it is defeated
Enter the resource parameters needed for virtual machine, then the platform just can automatically calculate according to resource parameters and distribute resource, such
Platform is exactly cloud computing platform.Cloud computing technically need realize virtualize, parallel computation, effectiveness calculate, load balancing and
Network storage etc., although cloud computing is the integration of former technology, but can but bring in the life mode of production and business model
Change.OpenStack just has such processing computing capability, passes through the portion of OpenStack each component various modes
Administration can realize private clound, and enterprise's public cloud and mixed cloud are built.
OpenStack has attracted developer and technical specialist from the whole world to participate in as a cloud operating system of increasing income
Wherein.OpenStack is the set of open source technology product, and it provides expansible, safe, measured cloud computing software and solved
Scheme, available for the resource managed in some infrastructure such as computing resource, storage resource, Internet resources etc..OpenStack's
Network service function is provided by Neutron, and Neutron is the component for managing Internet resources in OpenStack, Neutron
The extensible architecture of offer allows user to dispose and management third party's plug-in unit and other network services.Neutron is as instantly
The study hotspot in OpenStack fields, the software defined network direction towards network develop.IETF ForCES
(Forwarding and Control Element Separation, ForCES) is used as and realizes software defined network network rack
A kind of important implementation of structure, is related to less in OpenStack research field at present.
IETF ForCES are the important technicals for realizing software defined network, and its core concept is forwarding and control point
From.Break the black box phenomenon of single network equipment as ForCES design original intention, emphasize control piece in the network equipment with
The loose coupling relation of forwarding element, and the friendly support open programmable network of energy.Due to former IETF ForCES working groups one
Directly by its technical definition in a network equipment node, so ForCES technologies are not generalized to similar cloud computing well
In the application of network, its concerned degree and influence in the industry cycle is limited.The present invention exactly combines ForCES open programmables, turned
The thought with controlling to separate is sent out, the separation of control plane and datum plane is realized in the way of OpenStack is combined with ForCES,
The retractility of Neutron networks is improved, and to the centralized Control of network.In multi-tenant, large-scale cloud environment,
Neutron performance can decline, the bottleneck in three laminar flow quantity sets in order to mitigate network node.The present invention is by introducing ForCES
To overcome Neutron defect, distributed virtual road is provided by realizing Neutron three layers of service interface for Neutron
By function, failure domain is reduced, it is to avoid Single Point of Faliure.The present invention is intended to improve OpenStack by introducing ForCES
Neutron scalability, Performance And Reliability.
The content of the invention
The purpose of the present invention is to overcome the deficiencies in the prior art to be realized there is provided a kind of software defined network based on ForCES
Method, comprises the following steps:
Step (1) control piece is located within OpenStack control nodes with the form of Neutron plug-in units, by database mould
Block and remote procedure call module composition, remote procedure call module safeguard the message queue being made up of ForCES format messages,
The OpenStack is a kind of common cloud operating system of increasing income, and Neutron is that it realizes the basic module of network function,
ForCES is a kind of Network Control Protocol assert by Internet Engineering Task group;
The form that step (2) forwarding element is acted on behalf of with Neutron plug-in units be located at OpenStack calculate nodes and network node it
It is interior, it is responsible for the realization of specific Network layer function, is adjusted by forwarding element object logicses functional block, interface logic functional block, remote process
Constituted, specifically comprised the following steps with logic function block, logical routing functional block, Floating IP address logic function block:
2-1. forwarding element object logicses functional blocks turning come isolated data bag using the NameSpace of (SuSE) Linux OS
Hair, the three-layer network of a physics is isolated into two or more independent virtual three-layer networks, and virtual by creating one
Router to provide route service for these virtual three-layer networks, and the attribute of the logic function block has physics and virtual network device
Information and routing rule;
2-2. interface logics functional block is that virtual router creates port, and it is new that the subnet in tenant network is tied into this
Port is created, the attribute of the logic function block has port-mark number, the identification number of port connection subnet, the MAC Address of port, port
Corresponding IP address;
The remote procedure call request that 2-3. remote procedure call logic function block cycle detections are sended over from control piece,
And these requests are handled, these requests include tenant network and create, update route, addition router interface and create and float
IP, the attribute of the logic function block has No. ID of logic function block, processing action and return action;
2-4. logical routings functional block is in the virtual router configuration static routing table created, route Table Properties
Hold and include the ID without class destination address, next hop information, and router;
2-5. Floating IP address logic function block is that virtual machine distributes Floating IP address, and by a pair of the Floating IP address and virtual machine internal IP
One mapping so that external network can access the virtual machine in internal network by accessing the Floating IP address, the logic function block
Attribute have Floating IP address numbering, Floating IP address, fixed ip address, mobile network identification number, virtual router number;
Northbound interface that step (3) user is provided by control piece realizes redefining for network, and these north orientations connect
Mouth includes:Tenant network is created, the modification to the attribute of step (2) each logic function block and inquiry operation, is specifically included
Following steps:
3-1. user redefines request to control piece by calling northbound interface to send network, and request type includes:Tenant
Network creation and logic function block property operations;
Database module in 3-2. control pieces redefines the information included in asking according to network, performs database
Write-in is deleted;
Remote procedure call module in 3-3. control pieces redefines the information structuring included in request according to network
ForCES format messages, and it is put into the message queue described in step (1);
Remote procedure call logic function block in 3-4. forwarding elements extracted from message queue request type and
ForCES format messages, if request type is the tenant network establishment described in step 3-1, into 3-5;If request type
For the logic function block property operations described in step 3-1, then into 3-6;
NameSpace described in 3-5. forwarding element object logicses functional block foundation steps 2-1, and then create virtual for user
Three-layer network;
ForCES format messages pair of the remote procedure call logic function block according to step 3-4 in 3-6. forwarding elements
Interface logic functional block, remote procedure call logic function block, logical routing functional block composition described in step 2, Floating IP address are patrolled
Collect modification and inquiry operation that functional block carries out attribute.
The present invention proposes a kind of implementation based on ForCES expansion plugins based on Neutron SDN frameworks,
The basic framework of ForCES expansion plugins includes plug-in unit and plug-in unit acts on behalf of two parts, and control piece is used as the expansion that plug-in unit is Neutron
API is opened up, forwarding element is that an agency for realizing 3 layer network services is embedded into Neutron as plug-in unit agency, and control piece is with turning
The information exchange of outbox is by the way of RPC, and northbound interface is REST API using the api interface of standard.The present invention can be real
The separation of existing control plane and datum plane, improves the retractility of Neutron networks, and to the centralized Control of network;Pass through
It is introduced into ForCES to overcome the defect of Neutron hydraulic performance declines in multi-tenant, large-scale cloud environment, passes through the control of centralization
Plane processed manages oneself virtual resources and network.
Brief description of the drawings
The logical architecture figure of Fig. 1 ForCES plug-in units;
Fig. 2 remote procedure call models;
What Fig. 3 control piece plug-in units provided northbound interface calls schematic diagram.
Embodiment
The invention provides a kind of software defined network implementation method based on ForCES, comprise the following steps:
Step (1) control piece is located within OpenStack control nodes with the form of Neutron plug-in units, by database mould
Block and remote procedure call module composition, remote procedure call module safeguard the message queue being made up of ForCES format messages,
The OpenStack is a kind of common cloud operating system of increasing income, and Neutron is that it realizes the basic module of network function,
ForCES is a kind of Network Control Protocol assert by Internet Engineering Task group;
The form that step (2) forwarding element is acted on behalf of with Neutron plug-in units be located at OpenStack calculate nodes and network node it
It is interior, it is responsible for the realization of specific Network layer function, is adjusted by forwarding element object logicses functional block, interface logic functional block, remote process
Constituted, specifically comprised the following steps with logic function block, logical routing functional block, Floating IP address logic function block:
2-1. forwarding element object logicses functional blocks turning come isolated data bag using the NameSpace of (SuSE) Linux OS
Hair, the three-layer network of a physics is isolated into two or more independent virtual three-layer networks, and virtual by creating one
Router to provide route service for these virtual three-layer networks, and the attribute of the logic function block has physics and virtual network device
Information and routing rule;
2-2. interface logics functional block is that virtual router creates port, and it is new that the subnet in tenant network is tied into this
Port is created, the attribute of the logic function block has port-mark number, the identification number of port connection subnet, the MAC Address of port, port
Corresponding IP address;
The remote procedure call request that 2-3. remote procedure call logic function block cycle detections are sended over from control piece,
And these requests are handled, these requests include tenant network and create, update route, addition router interface and create and float
IP, the attribute of the logic function block has No. ID of logic function block, processing action and return action;
2-4. logical routings functional block is in the virtual router configuration static routing table created, route Table Properties
Hold and include the ID without class destination address, next hop information, and router;
2-5. Floating IP address logic function block is that virtual machine distributes Floating IP address, and by a pair of the Floating IP address and virtual machine internal IP
One mapping so that external network can access the virtual machine in internal network by accessing the Floating IP address, the logic function block
Attribute have Floating IP address numbering, Floating IP address, fixed ip address, mobile network identification number, virtual router number;
Northbound interface that step (3) user is provided by control piece realizes redefining for network, and these north orientations connect
Mouth includes:Tenant network is created, the modification to the attribute of step (2) each logic function block and inquiry operation, is specifically included
Following steps:
3-1. user redefines request to control piece by calling northbound interface to send network, and request type includes:Tenant
Network creation and logic function block property operations;
Database module in 3-2. control pieces redefines the information included in asking according to network, performs database
Write-in is deleted;
Remote procedure call module in 3-3. control pieces redefines the information structuring included in request according to network
ForCES format messages, and it is put into the message queue described in step (1);
Remote procedure call logic function block in 3-4. forwarding elements extracted from message queue request type and
ForCES format messages, if request type is the tenant network establishment described in step 3-1, into 3-5;If request type
For the logic function block property operations described in step 3-1, then into 3-6;
NameSpace described in 3-5. forwarding element object logicses functional block foundation steps 2-1, and then create virtual for user
Three-layer network;
ForCES format messages pair of the remote procedure call logic function block according to step 3-4 in 3-6. forwarding elements
Interface logic functional block, remote procedure call logic function block, logical routing functional block composition described in step 2, Floating IP address are patrolled
Collect modification and inquiry operation that functional block carries out attribute.
Embodiment
Understand for the ease of persons skilled in the art and realize the present invention, the present invention is further illustrated in conjunction with accompanying drawing
Technical scheme, provide a kind of embodiment of the method for the invention.
One) collectivity Scheme Design
The present invention realizes ForCES expansion plugin using a control piece and a forwarding element, and based on this ForCES
Plug-in unit realizes Neutron three layers of forwarding capability, and distributed road is realized by disposing plug-in unit agency in each calculate node
By function, make only have north and south flow to walk network node in OpenStack, and east-west traffic is without network node of going further, directly by
Plug-in unit in calculate node, which is acted on behalf of, to be forwarded.As shown in figure 1, control piece is deployed in control node, by database module and far
Journey invocation of procedure module is constituted;Forwarding element is deployed in network node and calculate node, by forwarding element object logicses functional block, interface
Logic function block, remote procedure call logic function block, logical routing functional block, Floating IP address logic function block composition.
In order that Neutron supports that the IP address being likely to occur is overlapping, forwarding element object logicses functional block is grasped using Linux
The NameSpace for making system carrys out the forwarding of isolated data bag.NameSpace can be by the three-layer network of a physics on three-layer network
It is divided into several independent virtual three-layer networks.Each router is operated in a NameSpace, is named by qrouter-,
If a node does not support NameSpace, then a virtual router can only be supported.Forwarding element object logicses functional block
Predominantly one router of Neutron network creations, and three are provided by the OpenStack tenant that is configured to this router
Layer network is serviced.Interface logic functional block is that virtual router creates port, and it is new that the subnet in tenant network is tied into this
Create port.The remote procedure call request that cycle detection is sended over from control piece, if remote procedure call request comes,
Than that if desired for updating route, the interface of addition route, creating Floating IP address etc., when these requests are received, can go to notify phase
The logic function block answered is further to be handled.Logical routing functional block provides three-layer routing function for Neutron networks, is
Virtual router through creating configures its static routing.The major function of Floating IP address logic function block is floated for virtual machine distribution
Dynamic IP, and by the Floating IP address and virtual machine internal IP one-to-one mappings, external network is come to visit by accessing the Floating IP address
Ask the virtual machine of internal network.
Two) control piece main modular is designed
1. database module
Database module is the nucleus module of control piece, and the request for being responsible for sending over user carries out associated databases
Read-write operation.As user passes through Horizon, CLI command or custom script, the transmission operation related to router or Floating IP address
When, these API requests arrive first at Neutron servers, and the API extensions provided by Neutron are corresponding, if wound
The operation such as build, update, deleting, then being completed by control piece and database, control piece operating database carries out respective request to it
The write-in and deletion of data, then notify the forwarding in network node or calculate node by remote procedure call protocol mechanism
Part is operated accordingly.If user only creates a router by Horizon, if any operation, control
Part only understands the write-in that operating database makes requests on data, without being notified that forwarding element is handled.Fig. 2 is tri- layers of Neutron
The data model of network.
2. remote procedure call module
Plug-in unit uses a kind of remote procedure call (Remote Process with agent communication in Neutron
Call, RPC) mechanism, in OpenStack, RPC uses application layer standard advanced message queue protocol (Advanced
Message Queuing Protocol, AMQP) communication between agreement carry out process, such as OpenStack employs RabbitMQ
And Qpid.
AMQP is that advanced message queue protocol is that the application layer standard agreement of opening a kind of serves message based centre
Part.It can effectively support various traffic models, and it is for the purpose of realizing open cooperative development.One complete AMQP bag
Include asynchronous communications protocol symmetrical between system type, process, message format, series of standards but expansible " message energy
Power ".AMQP models are main to be made up of publisher, middleware and the part of subscriber three.Middleware is used for connecting publisher and subscription
Person, realizes the storage, exchange and routing function of message, and publisher transmits the message to middleware first, and then middleware will disappear
Breath is stored in message queue, and last subscriber obtains message from message queue.
Two kinds of RPC far call modes, i.e., respectively rpc.call defined in control piece plug-in unit and forwarding element agency
With rpc.cast.Rpc.call modes are when RPC Client are sent when RPC is called, it is necessary to get to RPC Server
RPC Server response.And rpc.cast modes, it is that need not obtain the response of server end.Rpc.call needs to use master
Topic exchanges and directly exchanged both message exchange scenarios, and it is to send RPC requests for Client ends to arrive Server that theme, which is exchanged,
End, and directly exchanged form is that Server ends return to RPC call results to Client ends.Rpc.cast is that initialization creates one
Publisher, then sends a message to message exchange device, and message is distributed to corresponding message queue by exchanger, finally quilt
Consumer is got.
The major function of RPC modules is that control piece plug-in unit sends RPC requests to forwarding element agency, when control piece plug-in unit is received
When API request (such as Nova sends over the request for creating network) sended over to Neutron servers, it can go to manipulate
Database module calls write-in of the Neutron databases to request data, or notifies that forwarding element agency carries out network by RPC
The corresponding processing operation of request.
As shown in Fig. 2 Neutron servers are responsible for receiving external API network requests, if on three layers of network
Requestor can be sent to control piece plug-in unit by RPC and is further processed, and then control piece plug-in unit can be by the network request
The establishment that forwarding element agency carries out three-layer network is sent to by RPC.
3. control piece plug-in unit provides the invoked procedure of northbound interface
The Neutron for containing control piece plug-in unit externally unifies to provide the REST API of north orientation, and standard is divided among these
API and two groups of API of extension, that define the interface of double layer network resource and its base attribute in Neutron is Neutron
Core API, it is allowed to which user such as is increased, deleted, changed, looked at the operation to Neutron core-network resources, among these including network, end
Mouth, subnet.For Neutron extension API, L2 Internet resources are defined with the attribute of its extension, while network is all high
The API of level service also belongs to the API of extension, such as load balancing, API of Virtual Private Network etc..Fig. 3 illustrates NeutronAPI
The processing procedure of request.
Can one Web server gateway interface (Web Server of deactivation when Neutron, which is serviced, to be started
Gateway Interface, WSGI) service, and RPC-server establishment, RPC-client establishment works as Neutron
Start after WSGI, can go to monitor API request, then by Neutron application programming interfaces router (API Router) point
Neutron controller is sent to, there is a factory method in API Router classes, this method can return to an API
Router object, API Router classes have done two pieces thing, and one is loading plug-in object, and one is for each of Neutron
The individual corresponding URL of resource registering, has instantiated plug-in unit to handle the API request sent, then calls in the controller
Specific method handle and returning result in the plug-in unit.
Three) interrelated logic functional block model modeling
1. forwarding element object logicses functional block
Introduce after network namespace, even if not using the network technologies such as VLAN, can also make in same physical equipment
It is upper to there are multiple identical or different networks simultaneously.Network namespace can isolate to the network equipment, make to belong to different
The network equipment of network namespace be independent of each other.Forwarding element object logicses functional block major function is for Neutron networks
It is to open a network namespace named by qrouter- to create a router, then issues ForCES by control piece
Other logic function blocks of protocol integrated test system are configured to the router, realize the mutual visit of the subnet of different segment between tenant
Ask, and access of tenant's internal network to outer net.
(1) input description:
Input:Common IP packets.
(2) output description:
Output 1:Export service request bag.
Output 2:Nothing.
(3)Metadata:
<RouterID,value>:No. ID of Router.
<nsname,value>:The name that namespace is named by qrouter-RouterID.
(4) attribute description:
The underlying attribute of forwarding element object logicses functional block includes some physics or virtual network device information, and some
Routing rule information.Routing rule attribute therein can be configured, and ForCES protocol messages can be issued by control piece
Logical routing functional block is controlled to carry out the routing table information of configuration router, as router adds some static routing.
2. interface logic functional block
Interface logic functional block is deployed in after forwarding element object logicses functional block, to pass through forwarding element object logicses function
The router addition port that block is created, and be one subnet of this port binding, the subnet (virtual switch) is connected
Onto router.When no subnet is present, then it can report an error, and error message is reported forwarding element.
(1) input description:
Input:Nothing
(2) output description:
Output:Nothing
(3)Metadata:
<IFID,Value>:Router port id.
<SubnetID,Value>:No. ID of the subnet that the port is connected.
<MAC,Value>:The MAC Address of the port.
<IFIP,Value>:The IP address of the port
(4) attribute description:
The underlying attribute of interface logic functional block includes port-mark number, the identification number of port connection subnet, the MAC of port
Address, the corresponding IP address in port etc..
3. remote procedure call logic function block
The major function of remote procedure call logic function block is that cycle detection control piece is sended over by RPC
ForCES protocol messages, such as create route, updates route, creates router port, or update Floating IP address etc..When receiving this
It after ForCES message, can go to notify that corresponding LFB (logic function block) is handled, such as forwarding element object logicses functional block, connect
Mouth logic function block etc..
(1) input description:
Input 1:ForCES protocol messages
Input 2:Metadata is inputted
(2) output description:
Output:ForCES protocol messages after parsing
(3)Metadata:
<RFID,Value>:The ForCES protocol messages ID passed over
(4) attribute description:
The underlying attribute of remote procedure call logic function block include No. ID of called LFB, processing action, return action
Deng.When user updates the request of Neutron three-layer networks by calling north orientation REST API to send, the request can be sent
To control piece, then handled by the remote procedure call module of control piece, send the request to the long-range mistake of forwarding element
Journey calling logic functional block, finally notifies that corresponding logic function block is carried out further by remote procedure call logic function block
Processing.
4. logical routing functional block
Logical routing functional block is deployed in after interface logic functional block, and its major function is added for the router created
Plus static routing.
(1) input description:
Input:Nothing
(2) output description:
Output:Nothing
(3)Metadata:
<RuleID,Value>Router static routing table Entry ID
(4) attribute description:
The underlying attribute of logical routing functional block includes static routing table, and routing table property content is with including without class target
The ID of location, next hop information, and router.
5. Floating IP address logic function block
, it is necessary to configure the public affairs that a fire wall allows to access when external user will access the virtual machine of tenant network
IP is netted, is then mapped the Intranet IP of this public network IP and virtual machine, the major function of Floating IP address logic function block is exactly
These public network IPs that can be accessed are created, and these public network IPs are mapped to virtual machine Intranet IP, then these Floating IP address are bound
To virtual machine.If virtual machine is delayed, machine is talked about, and Floating IP address will not disappear, and can distribute to other virtual machines.
(1) input description:
Input:Nothing
(2) output description:
Output:Nothing
(3)Metadata:
<FTID>:Distribute Floating IP address No. ID
(4) attribute description:
The underlying attribute of Floating IP address logic function block includes Floating IP address matching list, and the main contents of Floating IP address matching list include
No. ID of Floating IP address, floating IP address, fixed ip address, network identity ID, Router ID etc..
Claims (1)
1. a kind of software defined network implementation method based on ForCES, it is characterised in that comprise the following steps:
Step (1) control piece is located within OpenStack control nodes with the form of Neutron plug-in units, by database module and
Remote procedure call module is constituted, and remote procedure call module safeguards the message queue being made up of ForCES format messages;
The form that step (2) forwarding element is acted on behalf of with Neutron plug-in units is located within OpenStack calculate nodes and network node,
It is responsible for the realization of specific Network layer function, is patrolled by forwarding element object logicses functional block, interface logic functional block, remote procedure call
Functional block, logical routing functional block, Floating IP address logic function block composition are collected, is specifically comprised the following steps:
2-1. forwarding element object logicses functional blocks, come the forwarding of isolated data bag, are incited somebody to action using the NameSpace of (SuSE) Linux OS
The three-layer network of one physics is isolated into two or more independent virtual three-layer networks, and by creating a virtual router
To provide route service for these virtual three-layer networks, the attribute of the logic function block have physics and virtual network device information and
Routing rule;
2-2. interface logics functional block is that virtual router creates port, and the subnet in tenant network is tied into the new wound end
Mouthful, the attribute of the logic function block has port-mark number, the identification number of port connection subnet, the MAC Address of port, port correspondence
IP address;
The remote procedure call request that 2-3. remote procedure call logic function block cycle detections are sended over from control piece, and it is right
These requests are handled, and these requests include tenant network and create, update route, addition router interface and create and float
IP, the attribute of the logic function block has No. ID of logic function block, processing action and return action;
2-4. logical routings functional block is the virtual router configuration static routing table created, routing table property content bag
Containing the ID without class destination address, next hop information, and router;
2-5. Floating IP address logic function block is that virtual machine distributes Floating IP address, and by the Floating IP address with virtual machine internal IP is one-to-one reflects
Penetrate so that external network can access the virtual machine in internal network, the category of the logic function block by accessing the Floating IP address
Property has Floating IP address numbering, Floating IP address, fixed ip address, mobile network identification number, virtual router number;
The northbound interface that step (3) user is provided by control piece realizes redefining for network, these northbound interface bags
Include:Tenant network is created, the modification to the attribute of step (2) each logic function block and inquiry operation, specifically comprising as follows
Step:
3-1. user redefines request to control piece by calling northbound interface to send network, and request type includes:Tenant network
Create and logic function block property operations;
Database module in 3-2. control pieces redefines the information included in asking according to network, performs the write-in of database
Or delete;
Remote procedure call module in 3-3. control pieces redefines the information structuring ForCES included in request according to network
Format messages, and it is put into the message queue described in step (1);
Remote procedure call logic function block in 3-4. forwarding elements extracts request type and ForCES lattice from message queue
Formula message, if request type is the tenant network establishment described in step 3-1, into 3-5;If request type is step 3-
Logic function block property operations described in 1, then into 3-6;
NameSpace described in 3-5. forwarding element object logicses functional block foundation steps 2-1, and then create virtual three for user
Layer network;
ForCES format messages of the remote procedure call logic function block according to step 3-4 in 3-6. forwarding elements are to step
Interface logic functional block, remote procedure call logic function block described in 2, logical routing functional block, Floating IP address logic function block
Carry out modification and the inquiry operation of attribute.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710114858.4A CN106953848B (en) | 2017-02-28 | 2017-02-28 | Software defined network implementation method based on ForCES |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710114858.4A CN106953848B (en) | 2017-02-28 | 2017-02-28 | Software defined network implementation method based on ForCES |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106953848A true CN106953848A (en) | 2017-07-14 |
| CN106953848B CN106953848B (en) | 2020-04-28 |
Family
ID=59466613
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710114858.4A Expired - Fee Related CN106953848B (en) | 2017-02-28 | 2017-02-28 | Software defined network implementation method based on ForCES |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106953848B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107171899A (en) * | 2017-07-18 | 2017-09-15 | 江南大学 | A kind of high-throughput routing simulation method based on cloud platform |
| CN107566181A (en) * | 2017-09-12 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of network management and virtual management platform |
| CN108540408A (en) * | 2018-04-16 | 2018-09-14 | 广东亿迅科技有限公司 | A kind of management method and system of the distributed virtual switch based on Openstack |
| CN108713309A (en) * | 2018-03-21 | 2018-10-26 | 深圳前海达闼云端智能科技有限公司 | SD-WAN system, use method of SD-WAN system and related device |
| CN108804238A (en) * | 2018-03-29 | 2018-11-13 | 中国工程物理研究院计算机应用研究所 | A kind of flexible bus communication means based on remote procedure call |
| CN110311803A (en) * | 2019-05-20 | 2019-10-08 | 平安科技(深圳)有限公司 | Implementation method, device, computer equipment and the storage medium of software defined network |
| CN113821268A (en) * | 2020-06-18 | 2021-12-21 | 复旦大学 | Kubernetes network plug-in method fused with OpenStack Neutron |
| CN114466011A (en) * | 2022-01-29 | 2022-05-10 | 苏州浪潮智能科技有限公司 | Metadata service request method, device, equipment and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067287A (en) * | 2013-01-18 | 2013-04-24 | 浙江工商大学 | Method achieving virtual programmable router under framework of forwarding and control separation |
| WO2013104375A1 (en) * | 2012-01-09 | 2013-07-18 | Telefonaktiebolaget L M Ericsson (Publ) | Network device control in a software defined network |
| CN106209677A (en) * | 2016-07-15 | 2016-12-07 | 深圳市永达电子信息股份有限公司 | The method that neutron based on Openstack realizes network QOS |
-
2017
- 2017-02-28 CN CN201710114858.4A patent/CN106953848B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013104375A1 (en) * | 2012-01-09 | 2013-07-18 | Telefonaktiebolaget L M Ericsson (Publ) | Network device control in a software defined network |
| CN103067287A (en) * | 2013-01-18 | 2013-04-24 | 浙江工商大学 | Method achieving virtual programmable router under framework of forwarding and control separation |
| CN106209677A (en) * | 2016-07-15 | 2016-12-07 | 深圳市永达电子信息股份有限公司 | The method that neutron based on Openstack realizes network QOS |
Non-Patent Citations (3)
| Title |
|---|
| XI, ZOU;MING, GAO;WANG, YINING;WU, CHUNMING: "The Implementation of Virtualization in Data Plane of ForCES", 《SEVENTH INTERNATIONAL SYMPOSIUM ON PARALLEL ARCHITECTURES, ALGORITHMS AND PROGRAMMING》 * |
| 周磊: "基于ForCES的SDN配置层中网络虚拟化关键技术研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 高明: "SDN的ForCES实现及服务部署研究", 《中国博士学位论文全文数据库 信息科技辑》 * |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107171899A (en) * | 2017-07-18 | 2017-09-15 | 江南大学 | A kind of high-throughput routing simulation method based on cloud platform |
| CN107566181A (en) * | 2017-09-12 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of network management and virtual management platform |
| CN107566181B (en) * | 2017-09-12 | 2021-05-04 | 郑州云海信息技术有限公司 | Network management method and virtualization management platform |
| CN108713309B (en) * | 2018-03-21 | 2021-04-16 | 达闼机器人有限公司 | SD-WAN system, use method of SD-WAN system and related device |
| CN108713309A (en) * | 2018-03-21 | 2018-10-26 | 深圳前海达闼云端智能科技有限公司 | SD-WAN system, use method of SD-WAN system and related device |
| WO2019178756A1 (en) * | 2018-03-21 | 2019-09-26 | 深圳前海达闼云端智能科技有限公司 | Sd-wan system, use method of sd-wan system, and related apparatus |
| CN108804238A (en) * | 2018-03-29 | 2018-11-13 | 中国工程物理研究院计算机应用研究所 | A kind of flexible bus communication means based on remote procedure call |
| CN108804238B (en) * | 2018-03-29 | 2022-03-04 | 中国工程物理研究院计算机应用研究所 | Soft bus communication method based on remote procedure call |
| CN108540408B (en) * | 2018-04-16 | 2020-11-13 | 广东亿迅科技有限公司 | Openstack-based distributed virtual switch management method and system |
| CN108540408A (en) * | 2018-04-16 | 2018-09-14 | 广东亿迅科技有限公司 | A kind of management method and system of the distributed virtual switch based on Openstack |
| CN110311803A (en) * | 2019-05-20 | 2019-10-08 | 平安科技(深圳)有限公司 | Implementation method, device, computer equipment and the storage medium of software defined network |
| CN110311803B (en) * | 2019-05-20 | 2022-08-26 | 平安科技(深圳)有限公司 | Method and device for realizing software defined network, computer equipment and storage medium |
| CN113821268A (en) * | 2020-06-18 | 2021-12-21 | 复旦大学 | Kubernetes network plug-in method fused with OpenStack Neutron |
| CN113821268B (en) * | 2020-06-18 | 2024-06-04 | 复旦大学 | Kubernetes network plug-in method fused with OpenStack Neutron |
| CN114466011A (en) * | 2022-01-29 | 2022-05-10 | 苏州浪潮智能科技有限公司 | Metadata service request method, device, equipment and medium |
| CN114466011B (en) * | 2022-01-29 | 2023-08-04 | 苏州浪潮智能科技有限公司 | Metadata service request method, device, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106953848B (en) | 2020-04-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106953848A (en) | A kind of software defined network implementation method based on ForCES | |
| CN105577780B (en) | A kind of college teaching cloud platform based on micro services | |
| CN103825954B (en) | A kind of OpenFlow control methods and corresponding plug-in unit, platform and network | |
| CN102710432B (en) | System and method for managing virtual network in cloud computation data center | |
| CN103891209B (en) | Controllers for network control system | |
| CN107147509B (en) | Virtual private network service implementation method, device and communication system | |
| CN103997513B (en) | A kind of programmable virtual network service system | |
| CN105554015B (en) | The management network and method of multi-tenant container cloud computing system | |
| CN104038401B (en) | Method and system for interoperability for distributed overlay virtual environments | |
| CN103944768B (en) | Logical networking functionality is provided for managed computer networks | |
| CN103997414B (en) | Generate method and the network control unit of configuration information | |
| CN105049361B (en) | Identifying likely faulty components in a distributed system | |
| CN105553849B (en) | A kind of traditional IP and SPTN network intercommunication method and system | |
| CN109600768A (en) | Management method, equipment and the system of network slice | |
| CN107113219A (en) | VLAN marks in virtual environment | |
| CN107819742A (en) | A kind of system architecture and its method of Dynamical Deployment Network Security Service | |
| CN105282191B (en) | SiteServer LBS, controller and method | |
| CN103607430A (en) | Network processing method and system, and network control center | |
| CN103607432B (en) | A kind of method and system of network creation and the network control center | |
| CN103763367A (en) | Method and system for designing distributed virtual network in cloud calculating data center | |
| CN109547349A (en) | Flow managing method, device, terminal and storage medium based on virtual flow-line | |
| CN108123818A (en) | A kind of emulation mode of the expansible fusion of actual situation network agile | |
| CN110086640A (en) | The enabled method and apparatus of business | |
| CN107580077A (en) | Public network IP distribution method, device and Visualized data centre system | |
| CN109863726A (en) | Distributed clients guard station device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200428 |