CN106953848B - Software defined network implementation method based on ForCES - Google Patents
Software defined network implementation method based on ForCES Download PDFInfo
- Publication number
- CN106953848B CN106953848B CN201710114858.4A CN201710114858A CN106953848B CN 106953848 B CN106953848 B CN 106953848B CN 201710114858 A CN201710114858 A CN 201710114858A CN 106953848 B CN106953848 B CN 106953848B
- Authority
- CN
- China
- Prior art keywords
- function block
- logic function
- network
- forces
- floating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000012545 processing Methods 0.000 claims abstract description 11
- 238000007667 floating Methods 0.000 claims description 45
- 230000008569 process Effects 0.000 claims description 12
- 230000009471 action Effects 0.000 claims description 9
- 230000003068 static effect Effects 0.000 claims description 8
- 238000013461 design Methods 0.000 abstract description 4
- 230000003993 interaction Effects 0.000 abstract description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 24
- 239000003795 chemical substances by application Substances 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000000926 separation method Methods 0.000 description 4
- 230000007547 defect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013499 data model Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- -1 load balancing Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1045—Proxies, e.g. for session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/133—Protocols for remote procedure calls [RPC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/562—Brokering proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a software defined network implementation method based on ForCES. The invention provides an implementation scheme based on ForCES extension plug-in based on an SDN framework of Neutron, and a basic framework of the ForCES extension plug-in comprises two parts, namely plug-in and plug-in agent. The plug-in establishes a three-layer route through the message interaction with Neutron, converts the attribute operation of a user on the logic function block into specific operation on a virtual network, the route and a network interface, and the plug-in agent is positioned above the network node and the computing node and is a container for containing the logic function block entity to realize the network layer processing of the data packet; the invention also provides a design and modeling method of the related IETF ForCES logic function block, so that a user can conveniently redefine the Openstack network through a northbound interface provided by the ForCES extension plug-in.
Description
Technical Field
The invention relates to the technical field of network communication, in particular to a software defined network implementation method based on ForCES.
Background
Cloud computing is a new revolution in the information technology industry, and is an important technical revolution after the computer revolution and the internet revolution. The appearance of cloud computing means that people can use virtual resources of the internet, users can manage and control purchased services, and network resources distributed as required can be obtained in a multi-tenant environment through cloud computing. Since the network is only part of the service deployment. In addition to the network, there is also a need to allocate computing resources, storage resources, etc. for the traffic. If a platform exists, the resources can be managed in a centralized manner, and when the virtual machine needs to be changed (added, deleted and migrated), only the resource parameters needed by the virtual machine need to be input, and then the platform can automatically calculate and allocate the resources according to the resource parameters, so that the platform is the cloud computing platform. Cloud computing is technically required to implement virtualization, parallel computing, utility computing, load balancing, network storage and the like, and although cloud computing is an integration of the previous technologies, cloud computing can bring about changes in life and production modes and business modes. OpenStack has such processing and computing capabilities, and the construction of private cloud, enterprise public cloud and hybrid cloud can be realized through the deployment of various modes of each component of OpenStack.
OpenStack, an open source cloud operating system, attracts developers and technical experts from the world to participate. OpenStack is a collection of open source technology products that provide an extensible, secure, standards-based cloud computing software solution that can be used to manage resources in some infrastructure, such as computing resources, storage resources, network resources, etc. The network service functionality of OpenStack is provided by Neutron, a component for managing network resources in OpenStack, which provides an extensible architecture that allows users to deploy and manage third-party plug-ins and other network services. Neutron as a research hotspot in the current OpenStack field has evolved towards software-defined networking of networks. IETF ForCES (Forwarding and Control Element Separation, ForCES) is an important implementation mode for realizing a software-defined network architecture, and is less involved in the research field of OpenStack at present.
The IETF ForCES is an important technical means for realizing the software defined network, and the core idea is that forwarding and control are separated. The black box phenomenon of a single network device is broken as the design initiatives of ForCES, the loose coupling relation between a control element and a forwarding element in the network device is emphasized, and the open programmable network can be supported in a friendly way. Since the technology of the previous IETF ForCES working group is defined in a network device node, the ForCES technology is not well popularized to the application of a cloud computing network, and the attention and influence of the ForCES in the industry are limited. The invention combines the ideas of ForCES open programming, forwarding and control separation, realizes the separation of a control plane and a data plane in a mode of combining OpenStack and ForCES, and improves the flexibility of a Neutron network and the centralized control of the network. In a multi-tenant, large-scale cloud environment, the performance of Neutron may be degraded in order to alleviate the bottleneck of three-tier traffic concentration of network nodes. The invention overcomes the defect of Neutron by introducing ForCES, provides a distributed virtual routing function for Neutron by realizing a three-layer service interface of Neutron, reduces a fault domain and avoids single-point faults. The invention aims to improve the expandability, performance and reliability of OpenStackNeutron by introducing ForCES.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a software defined network implementation method based on ForCES, which comprises the following steps:
the method comprises the following steps that (1) a control element is located in an OpenStack control node in a Neutron plug-in mode and consists of a database module and a remote process call module, wherein the remote process call module maintains a message queue consisting of ForCES format messages, the OpenStack is a common open source cloud operating system, the Neutron is a basic component for realizing network functions, and the ForCES is a network control protocol determined by an Internet engineering task group;
the forwarding element is positioned in an OpenStack computing node and a network node in a Neutron plug-in agent mode, is responsible for realizing specific network layer functions, consists of a forwarding element object logic function block, an interface logic function block, a remote procedure call logic function block, a routing logic function block and a floating IP logic function block, and specifically comprises the following steps:
2-1, the logic function block of the forwarding object adopts the name space of a Linux operating system to isolate the forwarding of the data packet, isolates a physical three-layer network into two or more independent virtual three-layer networks, and provides routing service for the virtual three-layer networks by creating a virtual router, and the attribute of the logic function block has physical and virtual network equipment information and routing rules;
2-2, the interface logic function block creates a port for the virtual router and binds the subnet in the tenant network to the newly created port, and the attributes of the logic function block comprise a port identification number, an identification number of the port connected subnet, an MAC address of the port and an IP address corresponding to the port;
2-3, the remote procedure call logic function block circularly detects remote procedure call requests sent from the control element and processes the requests, wherein the requests comprise tenant network creation, route updating, router interface adding and floating IP creation, and the attributes of the logic function block comprise an ID number, a processing action and a returning action of the logic function block;
2-4, configuring a static routing table for the established virtual router by the routing logic function block, wherein the attribute content of the routing table comprises a non-class target address, next hop information and the ID of the router;
2-5, the logic function block of the floating IP allocates a floating IP for the virtual machine and maps the floating IP and the internal IP of the virtual machine one to one, so that an external network can access the virtual machine in the internal network by accessing the floating IP, and the attributes of the logic function block comprise a floating IP number, a floating IP, a fixed IP address, a network identification number and a virtual router number;
step (3) the user realizes the redefinition of the network through the northbound interfaces provided by the control part, wherein the northbound interfaces comprise: creating a tenant network, modifying the attributes of each logic function block in the step (2) and inquiring, and specifically comprising the following steps:
3-1. the user sends a network redefinition request to the control by calling the northbound interface, the request type comprising: creating a tenant network and performing attribute operation on a logic function block;
3-2, the database module in the control element performs writing or deleting of the database according to the information contained in the network redefinition request;
3-3, constructing a ForCES format message by a remote procedure calling module in the control element according to the information contained in the network redefinition request, and putting the ForCES format message into the message queue in the step (1);
3-4, extracting a request type and a ForCES format message from the message queue by a remote procedure call logic function block in the forwarding element, and entering 3-5 if the request type is the tenant network creation in the step 3-1; if the request type is the logic function block attribute operation in the step 3-1, entering 3-6;
3-5, the logic function block of the forwarding object creates the name space in the step 2-1, and further creates a virtual three-layer network for the user;
and 3-6, the remote procedure call logic function block in the forwarding element modifies and inquires the attributes of the interface logic function block, the remote procedure call logic function block, the routing logic function block and the floating IP logic function block in the step 2 according to the ForCES format message in the step 3-4.
The invention provides a realization scheme based on ForCES extended plug-in based on an SDN framework of Neutron, wherein a basic framework of the ForCES extended plug-in comprises two parts, namely a plug-in and a plug-in agent, a control element is used as the plug-in, namely the extended API of the Neutron, a forwarding element is used as the plug-in agent, namely an agent for realizing the 3-layer network service and is embedded into the Neutron, information interaction between the control element and the forwarding element adopts an RPC mode, and a north interface adopts a standard API interface, namely an REST API. The invention can realize the separation of the control plane and the data plane, improve the flexibility of the Neutron network and the centralized control of the network; by introducing ForCES, the defect that performance of Neutron is reduced in a multi-tenant large-scale cloud environment is overcome, and own virtualized resources and networks are managed through a centralized control plane.
Drawings
FIG. 1 is a diagram of the logical architecture of a ForCES plug-in;
FIG. 2 remote procedure call model;
FIG. 3 is a diagram illustrating invocation of a northbound interface provided by the control plug-in.
Detailed Description
The invention provides a software defined network implementation method based on ForCES, which comprises the following steps:
the method comprises the following steps that (1) a control element is located in an OpenStack control node in a Neutron plug-in mode and consists of a database module and a remote process call module, wherein the remote process call module maintains a message queue consisting of ForCES format messages, the OpenStack is a common open source cloud operating system, the Neutron is a basic component for realizing network functions, and the ForCES is a network control protocol determined by an Internet engineering task group;
the forwarding element is positioned in an OpenStack computing node and a network node in a Neutron plug-in agent mode, is responsible for realizing specific network layer functions, consists of a forwarding element object logic function block, an interface logic function block, a remote procedure call logic function block, a routing logic function block and a floating IP logic function block, and specifically comprises the following steps:
2-1, the logic function block of the forwarding object adopts the name space of a Linux operating system to isolate the forwarding of the data packet, isolates a physical three-layer network into two or more independent virtual three-layer networks, and provides routing service for the virtual three-layer networks by creating a virtual router, and the attribute of the logic function block has physical and virtual network equipment information and routing rules;
2-2, the interface logic function block creates a port for the virtual router and binds the subnet in the tenant network to the newly created port, and the attributes of the logic function block comprise a port identification number, an identification number of the port connected subnet, an MAC address of the port and an IP address corresponding to the port;
2-3, the remote procedure call logic function block circularly detects remote procedure call requests sent from the control element and processes the requests, wherein the requests comprise tenant network creation, route updating, router interface adding and floating IP creation, and the attributes of the logic function block comprise an ID number, a processing action and a returning action of the logic function block;
2-4, configuring a static routing table for the established virtual router by the routing logic function block, wherein the attribute content of the routing table comprises a non-class target address, next hop information and the ID of the router;
2-5, the logic function block of the floating IP allocates a floating IP for the virtual machine and maps the floating IP and the internal IP of the virtual machine one to one, so that an external network can access the virtual machine in the internal network by accessing the floating IP, and the attributes of the logic function block comprise a floating IP number, a floating IP, a fixed IP address, a network identification number and a virtual router number;
step (3) the user realizes the redefinition of the network through the northbound interfaces provided by the control part, wherein the northbound interfaces comprise: creating a tenant network, modifying the attributes of each logic function block in the step (2) and inquiring, and specifically comprising the following steps:
3-1. the user sends a network redefinition request to the control by calling the northbound interface, the request type comprising: creating a tenant network and performing attribute operation on a logic function block;
3-2, the database module in the control element performs writing or deleting of the database according to the information contained in the network redefinition request;
3-3, constructing a ForCES format message by a remote procedure calling module in the control element according to the information contained in the network redefinition request, and putting the ForCES format message into the message queue in the step (1);
3-4, extracting a request type and a ForCES format message from the message queue by a remote procedure call logic function block in the forwarding element, and entering 3-5 if the request type is the tenant network creation in the step 3-1; if the request type is the logic function block attribute operation in the step 3-1, entering 3-6;
3-5, the logic function block of the forwarding object creates the name space in the step 2-1, and further creates a virtual three-layer network for the user;
and 3-6, the remote procedure call logic function block in the forwarding element modifies and inquires the attributes of the interface logic function block, the remote procedure call logic function block, the routing logic function block and the floating IP logic function block in the step 2 according to the ForCES format message in the step 3-4.
Examples
In order to facilitate the understanding and implementation of the present invention for those skilled in the art, the technical solutions of the present invention will be further described with reference to the accompanying drawings, and a specific embodiment of the method of the present invention is provided.
One) overall scheme design
The invention adopts a control element and a forwarding element to realize the extended plug-in of ForCES, realizes the three-layer forwarding function of Neutron based on the ForCES plug-in, realizes the distributed routing function by deploying the plug-in agent at each computing node, and ensures that only south and north flow in OpenStack walks through network nodes, and east and west flow does not walk through network nodes and is directly forwarded by the plug-in agent on the computing nodes. As shown in fig. 1, the control element is deployed at the control node and is composed of a database module and a remote procedure call module; the forwarding component is deployed at a network node and a computing node and consists of a forwarding component object logic function block, an interface logic function block, a remote procedure call logic function block, a routing logic function block and a floating IP logic function block.
In order for Neutron support to support possible IP address overlap, the forwarder object logic block uses the Linux operating system namespace to isolate packet forwarding. On a three-layer network, a namespace may divide a physical three-layer network into several independent virtual three-layer networks. Each router runs in a namespace, named by qrouter-and can only support one virtual router if a node does not support namespaces. The logic function block of the forwarding object mainly creates a router for the Neutron network and provides three-layer network service for OpenStack tenants through the configuration of the router. The interface logic function creates a port for the virtual router and binds a subnet in the tenant network to the newly created port. The loop detects the remote procedure call requests sent from the control element, and if the remote procedure call requests come, such as updating the route, adding an interface of the route, creating a floating IP and the like, when the requests are received, the corresponding logic function blocks are informed to perform further processing. The routing logic function block provides three-layer routing function for the Neutron network, and configures static routing for the created virtual router. The main function of the floating IP logic function block is to allocate a floating IP for the virtual machine and to map the floating IP with the internal IP of the virtual machine in a one-to-one manner, so that an external network can access the virtual machine of the internal network by accessing the floating IP.
II) design of main module of control element
1. Database module
The database module is a core module of the control element and is responsible for performing read-write operation of the corresponding database on the request sent by the user. When a user sends an operation related to a router or a floating IP through a Horizon, a CLI command or a custom script, the API requests firstly reach a Neutron server, correspond to API extensions provided by the Neutron, and are completed by a control element and a database if the operation is creation, update, deletion and the like, the control element operation database writes and deletes corresponding request data to the API extensions, and then a forwarding element on a network node or a computing node is informed to perform the corresponding operation through a remote procedure call protocol mechanism. If the user creates a router only by Horizon without any action, the control element will only operate the database to write the requested data and will not inform the forwarding element to process it. Fig. 2 is a data model of a Neutron three-layer network.
2. Remote procedure call module
In Neutron, a Remote Procedure Call (RPC) mechanism is used for communication between a plug-in and an agent, in OpenStack, an application layer standard Advanced Message Queuing Protocol (AMQP) Protocol is used for RPC to perform interprocess communication, and in OpenStack, RabbitMQ and Qpid are used, for example.
AMQP, an advanced message queue protocol, is an open application layer standard protocol that serves message-based middleware. It can effectively support various communication models and aims at realizing open cooperative development. A complete AMQP includes system type, asynchronous communication protocol for interprocess symmetry, message format, a series of standardized but extensible "message capabilities". The AMQP model is mainly composed of a publisher, middleware and a subscriber. The middleware is used for connecting a publisher and a subscriber to realize the functions of storing, exchanging and routing the messages, the publisher firstly sends the messages to the middleware, then the middleware stores the messages in the message queues, and finally the subscriber acquires the messages from the message queues.
Two RPC remote call modes are defined in the control plug-in and the forwarding agent, namely RPC. The call mode is that when the RPC Client sends the RPC call to the RPC Server, the response of the RPC Server needs to be acquired. The case method does not require the acquisition of a response from the server. Call needs two message exchange modes, namely, topic exchange and direct exchange, wherein the topic exchange is used for sending an RPC request to a Server end by the Client end, and the direct exchange mode is used for returning an RPC calling result to the Client end by the Server end. And (2) initiating to create a Publisher, then sending the message to the message exchanger, distributing the message to a corresponding message queue by the message exchanger, and finally acquiring the message by the consumer.
The RPC module has the main function that the control element plug-in sends an RPC request to the forwarding element proxy, and when the control element plug-in receives an API request (such as a request for creating a network sent by Nova) sent by a Neutron server, the control element plug-in can manipulate the database module to call a Neutron database to write the requested data, or inform the forwarding element proxy to perform corresponding processing operation of the network request through the RPC.
As shown in fig. 2, the Neutron server is responsible for receiving the incoming API network request, and if the network requester on three layers sends the network request to the control plug-in via RPC for further processing, the control plug-in then sends the network request to the forwarding agent via RPC for creation of a three-layer network.
3. Calling process of northbound interface provided by control plug-in
The Neutron containing the control plug-in provides northbound REST API which is divided into two groups of standard API and extended API, defines the interface of two-layer network resources in the Neutron and the basic attribute of the interface, namely the core API of the Neutron, and allows a user to add, delete, change, check and the like on the Neutron core network resources, wherein the network, the port and the subnet are included. For the extended API of Neutron, the extended attributes of the network resources are defined for L2, and at the same time, all the APIs of the high-level services of the network also belong to the extended API, such as load balancing, API of the virtual private network, and the like. Fig. 3 illustrates the processing of the neutron api request.
When a Neutron service is started, a Web Server Gateway Interface (WSGI) service is started, RPC-server creation and RPC-client creation are carried out, after the Neutron starts the WSGI, an API request is monitored, then the API request is distributed to a controller of the Neutron by an application program Interface Router (API Router), a factor method is arranged in the API Router class, the method can return an API Router object, the API Router class carries out two things, one is a loading plug-in object, the other is a registering corresponding URL for each resource of the Neutron, a plug-in which is instantiated is arranged in the controller to process the sent API request, and then a specific method in the plug-in is called to process and return a result.
Three) correlation logic function block model modeling
1. Forwarding object logical function Block
After the network name space is introduced, a plurality of same or different networks can exist on the same physical device at the same time even if network technologies such as VLAN and the like are not adopted. The network name space can isolate the network devices, so that the network devices belonging to different network name spaces do not influence each other. The main functions of the forwarding object logic function block are to create a router for the Neutron network, namely, to open a network name space named by qrouter-and then to control other logic function blocks to configure the router by issuing a ForCES protocol through the control element, so as to realize mutual access of subnets of different network segments between tenants and access of internal networks of the tenants to external networks.
(1) Inputting a description:
(2) Outputting a description:
(3)Metadata:
(4) And attribute description:
the main attributes of the logical function block of the forwarding object include some physical or virtual network device information, and some routing rule information. The routing rule attribute can be configured, and ForCES protocol messages are issued by the control element to control the routing logic function block to configure the routing table information of the router, i.e. some static routes are added to the router.
2. Interface logic function block
The interface logic function block is deployed behind the forwarding object logic function block, adds a port for the router created by the forwarding object logic function block, and binds a subnet for the port, so that the subnet (virtual switch) can be connected to the router. When no subnet exists, an error is reported, and error information is reported to the forwarding element.
(1) Inputting a description:
(2) Outputting a description:
(3)Metadata:
(4) And attribute description:
the main attributes of the interface logic function block include a port identification number, an identification number of a port connection subnet, a MAC address of a port, an IP address corresponding to the port, and the like.
3. Remote procedure call logic function block
The main function of the remote procedure call logic function block is to cycle the ForCES protocol message sent by the detection control element via RPC, such as creating a route, updating a route, creating a router port, or updating a floating IP. When receiving the ForCES message, it will inform the corresponding LFB (logic function block) to process, such as forwarding object logic function block, interface logic function block, etc.
(1) Inputting a description:
(2) Outputting a description:
(3)Metadata:
(4) And attribute description:
the main attributes of the remote procedure call logic function block include the ID number of the called LFB, the processing action, the return action, etc. When a user sends a request to update the Neutron three-layer network by calling the northbound REST API, the request is sent to the control element, then processed by the remote procedure call module of the control element, the request is sent to the remote procedure call logic function block of the forwarding element, and finally the remote procedure call logic function block notifies the corresponding logic function block for further processing.
4. Routing logic function block
The routing logic function is deployed behind the interface logic function, and its main function is to add static routes for the created routers.
(1) Inputting a description:
(2) Outputting a description:
(3)Metadata:
(4) And attribute description:
the main attributes of the routing logic function block comprise a static routing table, and the attribute content of the routing table comprises a non-class destination address, next hop information and the ID of the router.
5. Floating IP logic function block
When an external network user wants to access a virtual machine of a tenant network, a public network IP which is allowed to be accessed by a firewall needs to be configured, then the public network IP is mapped with an internal network IP of the virtual machine, and the main function of the floating IP logic function block is to create the public network IPs which can be accessed, map the public network IPs to the internal network IP of the virtual machine, and then bind the floating IPs to the virtual machine. If the virtual machine is down, the floating IP does not disappear and can be distributed to other virtual machines.
(1) Inputting a description:
(2) Outputting a description:
(3)Metadata:
(4) And attribute description:
the main attribute of the floating IP logic function block comprises a floating IP matching table, and the main content of the floating IP matching table comprises the ID number of the floating IP, the floating IP address, the fixed IP address, the network identification ID number, the Router ID number and the like.
Claims (1)
1. A software defined network implementation method based on ForCES is characterized by comprising the following steps:
the control element is positioned in an OpenStack control node in a Neutron plug-in mode and consists of a database module and a remote procedure call module, and the remote procedure call module maintains a message queue consisting of ForCES format messages;
the forwarding element is positioned in an OpenStack computing node and a network node in a Neutron plug-in agent mode, is responsible for realizing specific network layer functions, consists of a forwarding element object logic function block, an interface logic function block, a remote procedure call logic function block, a routing logic function block and a floating IP logic function block, and specifically comprises the following steps:
2-1, the logic function block of the forwarding object adopts the name space of a Linux operating system to isolate the forwarding of the data packet, isolates a physical three-layer network into two or more independent virtual three-layer networks, and provides routing service for the virtual three-layer networks by creating a virtual router, and the attribute of the logic function block has physical and virtual network equipment information and routing rules;
2-2, the interface logic function block creates a port for the virtual router and binds the subnet in the tenant network to the port, and the attributes of the logic function block comprise a port identification number, an identification number of the port connected subnet, an MAC address of the port and an IP address corresponding to the port;
2-3, the remote procedure call logic function block circularly detects remote procedure call requests sent from the control element and processes the requests, wherein the requests comprise tenant network creation, route updating, router interface adding and floating IP creation, and the attributes of the logic function block comprise an ID number, a processing action and a returning action of the logic function block;
2-4, configuring a static routing table for the established virtual router by the routing logic function block, wherein the attribute content of the routing table comprises a non-class target address, next hop information and the ID of the router;
2-5, the logic function block of the floating IP allocates a floating IP for the virtual machine and maps the floating IP with the internal IP of the virtual machine in a one-to-one way, so that an external network can access the virtual machine in the internal network by accessing the floating IP, and the attributes of the logic function block comprise a floating IP number, a floating IP, a fixed IP address, a network identification number and a virtual router number;
step (3) the user realizes the redefinition of the network through the northbound interfaces provided by the control part, wherein the northbound interfaces comprise: creating a tenant network, modifying the attributes of each logic function block in the step (2) and inquiring, and specifically comprising the following steps:
3-1. the user sends a network redefinition request to the control by calling the northbound interface, the request type comprising: creating a tenant network and performing attribute operation on a logic function block;
3-2, the database module in the control element performs writing or deleting of the database according to the information contained in the network redefinition request;
3-3, constructing a ForCES format message by a remote procedure calling module in the control element according to the information contained in the network redefinition request, and putting the ForCES format message into the message queue in the step (1);
3-4, extracting a request type and a ForCES format message from the message queue by a remote procedure call logic function block in the forwarding element, and entering 3-5 if the request type is the tenant network creation in the step 3-1; if the request type is the logic function block attribute operation in the step 3-1, entering 3-6;
3-5, the logic function block of the forwarding object creates the name space in the step 2-1, and further creates a virtual three-layer network for the user;
and 3-6, the remote procedure call logic function block in the forwarding element modifies and inquires the attributes of the interface logic function block, the remote procedure call logic function block, the routing logic function block and the floating IP logic function block in the step 2 according to the ForCES format message in the step 3-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710114858.4A CN106953848B (en) | 2017-02-28 | 2017-02-28 | Software defined network implementation method based on ForCES |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710114858.4A CN106953848B (en) | 2017-02-28 | 2017-02-28 | Software defined network implementation method based on ForCES |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106953848A CN106953848A (en) | 2017-07-14 |
CN106953848B true CN106953848B (en) | 2020-04-28 |
Family
ID=59466613
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710114858.4A Expired - Fee Related CN106953848B (en) | 2017-02-28 | 2017-02-28 | Software defined network implementation method based on ForCES |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106953848B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107171899B (en) * | 2017-07-18 | 2019-12-03 | 江南大学 | A kind of high-throughput routing simulation method based on cloud platform |
CN107566181B (en) * | 2017-09-12 | 2021-05-04 | 郑州云海信息技术有限公司 | Network management method and virtualization management platform |
CN108713309B (en) * | 2018-03-21 | 2021-04-16 | 达闼机器人有限公司 | SD-WAN system, use method of SD-WAN system and related device |
CN108804238B (en) * | 2018-03-29 | 2022-03-04 | 中国工程物理研究院计算机应用研究所 | Soft bus communication method based on remote procedure call |
CN108540408B (en) * | 2018-04-16 | 2020-11-13 | 广东亿迅科技有限公司 | Openstack-based distributed virtual switch management method and system |
CN110311803B (en) * | 2019-05-20 | 2022-08-26 | 平安科技(深圳)有限公司 | Method and device for realizing software defined network, computer equipment and storage medium |
CN114466011B (en) * | 2022-01-29 | 2023-08-04 | 苏州浪潮智能科技有限公司 | Metadata service request method, device, equipment and medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103067287A (en) * | 2013-01-18 | 2013-04-24 | 浙江工商大学 | Method achieving virtual programmable router under framework of forwarding and control separation |
WO2013104375A1 (en) * | 2012-01-09 | 2013-07-18 | Telefonaktiebolaget L M Ericsson (Publ) | Network device control in a software defined network |
CN106209677A (en) * | 2016-07-15 | 2016-12-07 | 深圳市永达电子信息股份有限公司 | The method that neutron based on Openstack realizes network QOS |
-
2017
- 2017-02-28 CN CN201710114858.4A patent/CN106953848B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013104375A1 (en) * | 2012-01-09 | 2013-07-18 | Telefonaktiebolaget L M Ericsson (Publ) | Network device control in a software defined network |
CN103067287A (en) * | 2013-01-18 | 2013-04-24 | 浙江工商大学 | Method achieving virtual programmable router under framework of forwarding and control separation |
CN106209677A (en) * | 2016-07-15 | 2016-12-07 | 深圳市永达电子信息股份有限公司 | The method that neutron based on Openstack realizes network QOS |
Non-Patent Citations (3)
Title |
---|
SDN的ForCES实现及服务部署研究;高明;《中国博士学位论文全文数据库 信息科技辑》;20140615;全文 * |
The Implementation of Virtualization in Data Plane of ForCES;Xi, Zou;Ming, Gao;Wang, Yining;Wu, Chunming;《Seventh International Symposium on Parallel Architectures, Algorithms and Programming》;20151214;全文 * |
基于ForCES的SDN配置层中网络虚拟化关键技术研究;周磊;《中国优秀硕士学位论文全文数据库 信息科技辑》;20150515;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN106953848A (en) | 2017-07-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106953848B (en) | Software defined network implementation method based on ForCES | |
US9450823B2 (en) | Hybrid network management | |
CN107947961B (en) | SDN-based Kubernetes network management system and method | |
US11818040B2 (en) | Systems and methods for a VLAN switching and routing service | |
Wang et al. | A survey on data center networking for cloud computing | |
US9178828B2 (en) | Architecture for agentless service insertion | |
CN107147509B (en) | Virtual private network service implementation method, device and communication system | |
US10142218B2 (en) | Hypervisor routing between networks in a virtual networking environment | |
US10880248B2 (en) | Orchestrator agnostic application container visibility | |
US20220210158A1 (en) | Layer-2 networking using access control lists in a virtualized cloud environment | |
CN103997513B (en) | A kind of programmable virtual network service system | |
CN106209688B (en) | Cloud data multicast methods, devices and systems | |
US10931559B2 (en) | Distribution of network-policy configuration, management, and control using model-driven and information-centric networking | |
JP2015534320A (en) | System and method for providing policy-based data center network automation | |
WO2019127418A1 (en) | Network service management method, related device and system | |
US11855893B2 (en) | Tag-based cross-region segment management | |
US9590855B2 (en) | Configuration of transparent interconnection of lots of links (TRILL) protocol enabled device ports in edge virtual bridging (EVB) networks | |
JP2024503600A (en) | Layer 2 networking span ports in virtualized cloud environments | |
CN109863726A (en) | Distributed clients guard station device | |
US11799755B2 (en) | Metadata-based cross-region segment routing | |
US20240121186A1 (en) | Layer-2 networking using access control lists in a virtualized cloud environment | |
WO2023096811A1 (en) | Tag-based cross-region segment management | |
WO2022028092A1 (en) | Vnf instantiation method and apparatus | |
JP2024507146A (en) | Packet flow in cloud infrastructure based on cached and non-cached configuration information | |
US20240143365A1 (en) | Initializing a container environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200428 |