CN106953848B - Software defined network implementation method based on ForCES - Google Patents

Software defined network implementation method based on ForCES Download PDF

Info

Publication number
CN106953848B
CN106953848B CN201710114858.4A CN201710114858A CN106953848B CN 106953848 B CN106953848 B CN 106953848B CN 201710114858 A CN201710114858 A CN 201710114858A CN 106953848 B CN106953848 B CN 106953848B
Authority
CN
China
Prior art keywords
function block
logic function
network
forces
floating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201710114858.4A
Other languages
Chinese (zh)
Other versions
CN106953848A (en
Inventor
高明
刘冠思
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN201710114858.4A priority Critical patent/CN106953848B/en
Publication of CN106953848A publication Critical patent/CN106953848A/en
Application granted granted Critical
Publication of CN106953848B publication Critical patent/CN106953848B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1045Proxies, e.g. for session initiation protocol [SIP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/133Protocols for remote procedure calls [RPC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/562Brokering proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a software defined network implementation method based on ForCES. The invention provides an implementation scheme based on ForCES extension plug-in based on an SDN framework of Neutron, and a basic framework of the ForCES extension plug-in comprises two parts, namely plug-in and plug-in agent. The plug-in establishes a three-layer route through the message interaction with Neutron, converts the attribute operation of a user on the logic function block into specific operation on a virtual network, the route and a network interface, and the plug-in agent is positioned above the network node and the computing node and is a container for containing the logic function block entity to realize the network layer processing of the data packet; the invention also provides a design and modeling method of the related IETF ForCES logic function block, so that a user can conveniently redefine the Openstack network through a northbound interface provided by the ForCES extension plug-in.

Description

Software defined network implementation method based on ForCES
Technical Field
The invention relates to the technical field of network communication, in particular to a software defined network implementation method based on ForCES.
Background
Cloud computing is a new revolution in the information technology industry, and is an important technical revolution after the computer revolution and the internet revolution. The appearance of cloud computing means that people can use virtual resources of the internet, users can manage and control purchased services, and network resources distributed as required can be obtained in a multi-tenant environment through cloud computing. Since the network is only part of the service deployment. In addition to the network, there is also a need to allocate computing resources, storage resources, etc. for the traffic. If a platform exists, the resources can be managed in a centralized manner, and when the virtual machine needs to be changed (added, deleted and migrated), only the resource parameters needed by the virtual machine need to be input, and then the platform can automatically calculate and allocate the resources according to the resource parameters, so that the platform is the cloud computing platform. Cloud computing is technically required to implement virtualization, parallel computing, utility computing, load balancing, network storage and the like, and although cloud computing is an integration of the previous technologies, cloud computing can bring about changes in life and production modes and business modes. OpenStack has such processing and computing capabilities, and the construction of private cloud, enterprise public cloud and hybrid cloud can be realized through the deployment of various modes of each component of OpenStack.
OpenStack, an open source cloud operating system, attracts developers and technical experts from the world to participate. OpenStack is a collection of open source technology products that provide an extensible, secure, standards-based cloud computing software solution that can be used to manage resources in some infrastructure, such as computing resources, storage resources, network resources, etc. The network service functionality of OpenStack is provided by Neutron, a component for managing network resources in OpenStack, which provides an extensible architecture that allows users to deploy and manage third-party plug-ins and other network services. Neutron as a research hotspot in the current OpenStack field has evolved towards software-defined networking of networks. IETF ForCES (Forwarding and Control Element Separation, ForCES) is an important implementation mode for realizing a software-defined network architecture, and is less involved in the research field of OpenStack at present.
The IETF ForCES is an important technical means for realizing the software defined network, and the core idea is that forwarding and control are separated. The black box phenomenon of a single network device is broken as the design initiatives of ForCES, the loose coupling relation between a control element and a forwarding element in the network device is emphasized, and the open programmable network can be supported in a friendly way. Since the technology of the previous IETF ForCES working group is defined in a network device node, the ForCES technology is not well popularized to the application of a cloud computing network, and the attention and influence of the ForCES in the industry are limited. The invention combines the ideas of ForCES open programming, forwarding and control separation, realizes the separation of a control plane and a data plane in a mode of combining OpenStack and ForCES, and improves the flexibility of a Neutron network and the centralized control of the network. In a multi-tenant, large-scale cloud environment, the performance of Neutron may be degraded in order to alleviate the bottleneck of three-tier traffic concentration of network nodes. The invention overcomes the defect of Neutron by introducing ForCES, provides a distributed virtual routing function for Neutron by realizing a three-layer service interface of Neutron, reduces a fault domain and avoids single-point faults. The invention aims to improve the expandability, performance and reliability of OpenStackNeutron by introducing ForCES.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a software defined network implementation method based on ForCES, which comprises the following steps:
the method comprises the following steps that (1) a control element is located in an OpenStack control node in a Neutron plug-in mode and consists of a database module and a remote process call module, wherein the remote process call module maintains a message queue consisting of ForCES format messages, the OpenStack is a common open source cloud operating system, the Neutron is a basic component for realizing network functions, and the ForCES is a network control protocol determined by an Internet engineering task group;
the forwarding element is positioned in an OpenStack computing node and a network node in a Neutron plug-in agent mode, is responsible for realizing specific network layer functions, consists of a forwarding element object logic function block, an interface logic function block, a remote procedure call logic function block, a routing logic function block and a floating IP logic function block, and specifically comprises the following steps:
2-1, the logic function block of the forwarding object adopts the name space of a Linux operating system to isolate the forwarding of the data packet, isolates a physical three-layer network into two or more independent virtual three-layer networks, and provides routing service for the virtual three-layer networks by creating a virtual router, and the attribute of the logic function block has physical and virtual network equipment information and routing rules;
2-2, the interface logic function block creates a port for the virtual router and binds the subnet in the tenant network to the newly created port, and the attributes of the logic function block comprise a port identification number, an identification number of the port connected subnet, an MAC address of the port and an IP address corresponding to the port;
2-3, the remote procedure call logic function block circularly detects remote procedure call requests sent from the control element and processes the requests, wherein the requests comprise tenant network creation, route updating, router interface adding and floating IP creation, and the attributes of the logic function block comprise an ID number, a processing action and a returning action of the logic function block;
2-4, configuring a static routing table for the established virtual router by the routing logic function block, wherein the attribute content of the routing table comprises a non-class target address, next hop information and the ID of the router;
2-5, the logic function block of the floating IP allocates a floating IP for the virtual machine and maps the floating IP and the internal IP of the virtual machine one to one, so that an external network can access the virtual machine in the internal network by accessing the floating IP, and the attributes of the logic function block comprise a floating IP number, a floating IP, a fixed IP address, a network identification number and a virtual router number;
step (3) the user realizes the redefinition of the network through the northbound interfaces provided by the control part, wherein the northbound interfaces comprise: creating a tenant network, modifying the attributes of each logic function block in the step (2) and inquiring, and specifically comprising the following steps:
3-1. the user sends a network redefinition request to the control by calling the northbound interface, the request type comprising: creating a tenant network and performing attribute operation on a logic function block;
3-2, the database module in the control element performs writing or deleting of the database according to the information contained in the network redefinition request;
3-3, constructing a ForCES format message by a remote procedure calling module in the control element according to the information contained in the network redefinition request, and putting the ForCES format message into the message queue in the step (1);
3-4, extracting a request type and a ForCES format message from the message queue by a remote procedure call logic function block in the forwarding element, and entering 3-5 if the request type is the tenant network creation in the step 3-1; if the request type is the logic function block attribute operation in the step 3-1, entering 3-6;
3-5, the logic function block of the forwarding object creates the name space in the step 2-1, and further creates a virtual three-layer network for the user;
and 3-6, the remote procedure call logic function block in the forwarding element modifies and inquires the attributes of the interface logic function block, the remote procedure call logic function block, the routing logic function block and the floating IP logic function block in the step 2 according to the ForCES format message in the step 3-4.
The invention provides a realization scheme based on ForCES extended plug-in based on an SDN framework of Neutron, wherein a basic framework of the ForCES extended plug-in comprises two parts, namely a plug-in and a plug-in agent, a control element is used as the plug-in, namely the extended API of the Neutron, a forwarding element is used as the plug-in agent, namely an agent for realizing the 3-layer network service and is embedded into the Neutron, information interaction between the control element and the forwarding element adopts an RPC mode, and a north interface adopts a standard API interface, namely an REST API. The invention can realize the separation of the control plane and the data plane, improve the flexibility of the Neutron network and the centralized control of the network; by introducing ForCES, the defect that performance of Neutron is reduced in a multi-tenant large-scale cloud environment is overcome, and own virtualized resources and networks are managed through a centralized control plane.
Drawings
FIG. 1 is a diagram of the logical architecture of a ForCES plug-in;
FIG. 2 remote procedure call model;
FIG. 3 is a diagram illustrating invocation of a northbound interface provided by the control plug-in.
Detailed Description
The invention provides a software defined network implementation method based on ForCES, which comprises the following steps:
the method comprises the following steps that (1) a control element is located in an OpenStack control node in a Neutron plug-in mode and consists of a database module and a remote process call module, wherein the remote process call module maintains a message queue consisting of ForCES format messages, the OpenStack is a common open source cloud operating system, the Neutron is a basic component for realizing network functions, and the ForCES is a network control protocol determined by an Internet engineering task group;
the forwarding element is positioned in an OpenStack computing node and a network node in a Neutron plug-in agent mode, is responsible for realizing specific network layer functions, consists of a forwarding element object logic function block, an interface logic function block, a remote procedure call logic function block, a routing logic function block and a floating IP logic function block, and specifically comprises the following steps:
2-1, the logic function block of the forwarding object adopts the name space of a Linux operating system to isolate the forwarding of the data packet, isolates a physical three-layer network into two or more independent virtual three-layer networks, and provides routing service for the virtual three-layer networks by creating a virtual router, and the attribute of the logic function block has physical and virtual network equipment information and routing rules;
2-2, the interface logic function block creates a port for the virtual router and binds the subnet in the tenant network to the newly created port, and the attributes of the logic function block comprise a port identification number, an identification number of the port connected subnet, an MAC address of the port and an IP address corresponding to the port;
2-3, the remote procedure call logic function block circularly detects remote procedure call requests sent from the control element and processes the requests, wherein the requests comprise tenant network creation, route updating, router interface adding and floating IP creation, and the attributes of the logic function block comprise an ID number, a processing action and a returning action of the logic function block;
2-4, configuring a static routing table for the established virtual router by the routing logic function block, wherein the attribute content of the routing table comprises a non-class target address, next hop information and the ID of the router;
2-5, the logic function block of the floating IP allocates a floating IP for the virtual machine and maps the floating IP and the internal IP of the virtual machine one to one, so that an external network can access the virtual machine in the internal network by accessing the floating IP, and the attributes of the logic function block comprise a floating IP number, a floating IP, a fixed IP address, a network identification number and a virtual router number;
step (3) the user realizes the redefinition of the network through the northbound interfaces provided by the control part, wherein the northbound interfaces comprise: creating a tenant network, modifying the attributes of each logic function block in the step (2) and inquiring, and specifically comprising the following steps:
3-1. the user sends a network redefinition request to the control by calling the northbound interface, the request type comprising: creating a tenant network and performing attribute operation on a logic function block;
3-2, the database module in the control element performs writing or deleting of the database according to the information contained in the network redefinition request;
3-3, constructing a ForCES format message by a remote procedure calling module in the control element according to the information contained in the network redefinition request, and putting the ForCES format message into the message queue in the step (1);
3-4, extracting a request type and a ForCES format message from the message queue by a remote procedure call logic function block in the forwarding element, and entering 3-5 if the request type is the tenant network creation in the step 3-1; if the request type is the logic function block attribute operation in the step 3-1, entering 3-6;
3-5, the logic function block of the forwarding object creates the name space in the step 2-1, and further creates a virtual three-layer network for the user;
and 3-6, the remote procedure call logic function block in the forwarding element modifies and inquires the attributes of the interface logic function block, the remote procedure call logic function block, the routing logic function block and the floating IP logic function block in the step 2 according to the ForCES format message in the step 3-4.
Examples
In order to facilitate the understanding and implementation of the present invention for those skilled in the art, the technical solutions of the present invention will be further described with reference to the accompanying drawings, and a specific embodiment of the method of the present invention is provided.
One) overall scheme design
The invention adopts a control element and a forwarding element to realize the extended plug-in of ForCES, realizes the three-layer forwarding function of Neutron based on the ForCES plug-in, realizes the distributed routing function by deploying the plug-in agent at each computing node, and ensures that only south and north flow in OpenStack walks through network nodes, and east and west flow does not walk through network nodes and is directly forwarded by the plug-in agent on the computing nodes. As shown in fig. 1, the control element is deployed at the control node and is composed of a database module and a remote procedure call module; the forwarding component is deployed at a network node and a computing node and consists of a forwarding component object logic function block, an interface logic function block, a remote procedure call logic function block, a routing logic function block and a floating IP logic function block.
In order for Neutron support to support possible IP address overlap, the forwarder object logic block uses the Linux operating system namespace to isolate packet forwarding. On a three-layer network, a namespace may divide a physical three-layer network into several independent virtual three-layer networks. Each router runs in a namespace, named by qrouter-and can only support one virtual router if a node does not support namespaces. The logic function block of the forwarding object mainly creates a router for the Neutron network and provides three-layer network service for OpenStack tenants through the configuration of the router. The interface logic function creates a port for the virtual router and binds a subnet in the tenant network to the newly created port. The loop detects the remote procedure call requests sent from the control element, and if the remote procedure call requests come, such as updating the route, adding an interface of the route, creating a floating IP and the like, when the requests are received, the corresponding logic function blocks are informed to perform further processing. The routing logic function block provides three-layer routing function for the Neutron network, and configures static routing for the created virtual router. The main function of the floating IP logic function block is to allocate a floating IP for the virtual machine and to map the floating IP with the internal IP of the virtual machine in a one-to-one manner, so that an external network can access the virtual machine of the internal network by accessing the floating IP.
II) design of main module of control element
1. Database module
The database module is a core module of the control element and is responsible for performing read-write operation of the corresponding database on the request sent by the user. When a user sends an operation related to a router or a floating IP through a Horizon, a CLI command or a custom script, the API requests firstly reach a Neutron server, correspond to API extensions provided by the Neutron, and are completed by a control element and a database if the operation is creation, update, deletion and the like, the control element operation database writes and deletes corresponding request data to the API extensions, and then a forwarding element on a network node or a computing node is informed to perform the corresponding operation through a remote procedure call protocol mechanism. If the user creates a router only by Horizon without any action, the control element will only operate the database to write the requested data and will not inform the forwarding element to process it. Fig. 2 is a data model of a Neutron three-layer network.
2. Remote procedure call module
In Neutron, a Remote Procedure Call (RPC) mechanism is used for communication between a plug-in and an agent, in OpenStack, an application layer standard Advanced Message Queuing Protocol (AMQP) Protocol is used for RPC to perform interprocess communication, and in OpenStack, RabbitMQ and Qpid are used, for example.
AMQP, an advanced message queue protocol, is an open application layer standard protocol that serves message-based middleware. It can effectively support various communication models and aims at realizing open cooperative development. A complete AMQP includes system type, asynchronous communication protocol for interprocess symmetry, message format, a series of standardized but extensible "message capabilities". The AMQP model is mainly composed of a publisher, middleware and a subscriber. The middleware is used for connecting a publisher and a subscriber to realize the functions of storing, exchanging and routing the messages, the publisher firstly sends the messages to the middleware, then the middleware stores the messages in the message queues, and finally the subscriber acquires the messages from the message queues.
Two RPC remote call modes are defined in the control plug-in and the forwarding agent, namely RPC. The call mode is that when the RPC Client sends the RPC call to the RPC Server, the response of the RPC Server needs to be acquired. The case method does not require the acquisition of a response from the server. Call needs two message exchange modes, namely, topic exchange and direct exchange, wherein the topic exchange is used for sending an RPC request to a Server end by the Client end, and the direct exchange mode is used for returning an RPC calling result to the Client end by the Server end. And (2) initiating to create a Publisher, then sending the message to the message exchanger, distributing the message to a corresponding message queue by the message exchanger, and finally acquiring the message by the consumer.
The RPC module has the main function that the control element plug-in sends an RPC request to the forwarding element proxy, and when the control element plug-in receives an API request (such as a request for creating a network sent by Nova) sent by a Neutron server, the control element plug-in can manipulate the database module to call a Neutron database to write the requested data, or inform the forwarding element proxy to perform corresponding processing operation of the network request through the RPC.
As shown in fig. 2, the Neutron server is responsible for receiving the incoming API network request, and if the network requester on three layers sends the network request to the control plug-in via RPC for further processing, the control plug-in then sends the network request to the forwarding agent via RPC for creation of a three-layer network.
3. Calling process of northbound interface provided by control plug-in
The Neutron containing the control plug-in provides northbound REST API which is divided into two groups of standard API and extended API, defines the interface of two-layer network resources in the Neutron and the basic attribute of the interface, namely the core API of the Neutron, and allows a user to add, delete, change, check and the like on the Neutron core network resources, wherein the network, the port and the subnet are included. For the extended API of Neutron, the extended attributes of the network resources are defined for L2, and at the same time, all the APIs of the high-level services of the network also belong to the extended API, such as load balancing, API of the virtual private network, and the like. Fig. 3 illustrates the processing of the neutron api request.
When a Neutron service is started, a Web Server Gateway Interface (WSGI) service is started, RPC-server creation and RPC-client creation are carried out, after the Neutron starts the WSGI, an API request is monitored, then the API request is distributed to a controller of the Neutron by an application program Interface Router (API Router), a factor method is arranged in the API Router class, the method can return an API Router object, the API Router class carries out two things, one is a loading plug-in object, the other is a registering corresponding URL for each resource of the Neutron, a plug-in which is instantiated is arranged in the controller to process the sent API request, and then a specific method in the plug-in is called to process and return a result.
Three) correlation logic function block model modeling
1. Forwarding object logical function Block
After the network name space is introduced, a plurality of same or different networks can exist on the same physical device at the same time even if network technologies such as VLAN and the like are not adopted. The network name space can isolate the network devices, so that the network devices belonging to different network name spaces do not influence each other. The main functions of the forwarding object logic function block are to create a router for the Neutron network, namely, to open a network name space named by qrouter-and then to control other logic function blocks to configure the router by issuing a ForCES protocol through the control element, so as to realize mutual access of subnets of different network segments between tenants and access of internal networks of the tenants to external networks.
(1) Inputting a description:
Figure BDA0001235367920000091
inputting: and (4) ordinary IP data packets.
(2) Outputting a description:
Figure BDA0001235367920000092
output 1: and outputting the service request packet.
Figure BDA0001235367920000093
And (3) outputting 2: none.
(3)Metadata:
Figure BDA0001235367920000094
<RouterID,value>Router ID number.
Figure BDA0001235367920000095
<nsname,value>Namespace is the name named by qrouter-RouterID.
(4) And attribute description:
the main attributes of the logical function block of the forwarding object include some physical or virtual network device information, and some routing rule information. The routing rule attribute can be configured, and ForCES protocol messages are issued by the control element to control the routing logic function block to configure the routing table information of the router, i.e. some static routes are added to the router.
2. Interface logic function block
The interface logic function block is deployed behind the forwarding object logic function block, adds a port for the router created by the forwarding object logic function block, and binds a subnet for the port, so that the subnet (virtual switch) can be connected to the router. When no subnet exists, an error is reported, and error information is reported to the forwarding element.
(1) Inputting a description:
Figure BDA0001235367920000101
inputting: is free of
(2) Outputting a description:
Figure BDA0001235367920000102
and (3) outputting: is free of
(3)Metadata:
Figure BDA0001235367920000103
<IFID,Value>Port ID of Router.
Figure BDA0001235367920000104
<SubnetID,Value>The ID number of the subnet to which the port is connected.
Figure BDA0001235367920000105
<MAC,Value>The MAC address of the port.
Figure BDA0001235367920000106
<IFIP,Value>The IP address of the port
(4) And attribute description:
the main attributes of the interface logic function block include a port identification number, an identification number of a port connection subnet, a MAC address of a port, an IP address corresponding to the port, and the like.
3. Remote procedure call logic function block
The main function of the remote procedure call logic function block is to cycle the ForCES protocol message sent by the detection control element via RPC, such as creating a route, updating a route, creating a router port, or updating a floating IP. When receiving the ForCES message, it will inform the corresponding LFB (logic function block) to process, such as forwarding object logic function block, interface logic function block, etc.
(1) Inputting a description:
Figure BDA0001235367920000107
input 1: ForCES protocol message
Figure BDA0001235367920000108
Input 2: metadata entry
(2) Outputting a description:
Figure BDA0001235367920000111
and (3) outputting: parsed ForCES protocol message
(3)Metadata:
Figure BDA0001235367920000112
<RFID,Value>ForCES protocol message ID passed over
(4) And attribute description:
the main attributes of the remote procedure call logic function block include the ID number of the called LFB, the processing action, the return action, etc. When a user sends a request to update the Neutron three-layer network by calling the northbound REST API, the request is sent to the control element, then processed by the remote procedure call module of the control element, the request is sent to the remote procedure call logic function block of the forwarding element, and finally the remote procedure call logic function block notifies the corresponding logic function block for further processing.
4. Routing logic function block
The routing logic function is deployed behind the interface logic function, and its main function is to add static routes for the created routers.
(1) Inputting a description:
Figure BDA0001235367920000113
inputting: is free of
(2) Outputting a description:
Figure BDA0001235367920000114
and (3) outputting: is free of
(3)Metadata:
Figure BDA0001235367920000115
<RuleID,Value>Router's static routing table entry ID
(4) And attribute description:
the main attributes of the routing logic function block comprise a static routing table, and the attribute content of the routing table comprises a non-class destination address, next hop information and the ID of the router.
5. Floating IP logic function block
When an external network user wants to access a virtual machine of a tenant network, a public network IP which is allowed to be accessed by a firewall needs to be configured, then the public network IP is mapped with an internal network IP of the virtual machine, and the main function of the floating IP logic function block is to create the public network IPs which can be accessed, map the public network IPs to the internal network IP of the virtual machine, and then bind the floating IPs to the virtual machine. If the virtual machine is down, the floating IP does not disappear and can be distributed to other virtual machines.
(1) Inputting a description:
Figure BDA0001235367920000121
inputting: is free of
(2) Outputting a description:
Figure BDA0001235367920000122
and (3) outputting: is free of
(3)Metadata:
Figure BDA0001235367920000123
<FTID>Assigning floating IP ID number
(4) And attribute description:
the main attribute of the floating IP logic function block comprises a floating IP matching table, and the main content of the floating IP matching table comprises the ID number of the floating IP, the floating IP address, the fixed IP address, the network identification ID number, the Router ID number and the like.

Claims (1)

1. A software defined network implementation method based on ForCES is characterized by comprising the following steps:
the control element is positioned in an OpenStack control node in a Neutron plug-in mode and consists of a database module and a remote procedure call module, and the remote procedure call module maintains a message queue consisting of ForCES format messages;
the forwarding element is positioned in an OpenStack computing node and a network node in a Neutron plug-in agent mode, is responsible for realizing specific network layer functions, consists of a forwarding element object logic function block, an interface logic function block, a remote procedure call logic function block, a routing logic function block and a floating IP logic function block, and specifically comprises the following steps:
2-1, the logic function block of the forwarding object adopts the name space of a Linux operating system to isolate the forwarding of the data packet, isolates a physical three-layer network into two or more independent virtual three-layer networks, and provides routing service for the virtual three-layer networks by creating a virtual router, and the attribute of the logic function block has physical and virtual network equipment information and routing rules;
2-2, the interface logic function block creates a port for the virtual router and binds the subnet in the tenant network to the port, and the attributes of the logic function block comprise a port identification number, an identification number of the port connected subnet, an MAC address of the port and an IP address corresponding to the port;
2-3, the remote procedure call logic function block circularly detects remote procedure call requests sent from the control element and processes the requests, wherein the requests comprise tenant network creation, route updating, router interface adding and floating IP creation, and the attributes of the logic function block comprise an ID number, a processing action and a returning action of the logic function block;
2-4, configuring a static routing table for the established virtual router by the routing logic function block, wherein the attribute content of the routing table comprises a non-class target address, next hop information and the ID of the router;
2-5, the logic function block of the floating IP allocates a floating IP for the virtual machine and maps the floating IP with the internal IP of the virtual machine in a one-to-one way, so that an external network can access the virtual machine in the internal network by accessing the floating IP, and the attributes of the logic function block comprise a floating IP number, a floating IP, a fixed IP address, a network identification number and a virtual router number;
step (3) the user realizes the redefinition of the network through the northbound interfaces provided by the control part, wherein the northbound interfaces comprise: creating a tenant network, modifying the attributes of each logic function block in the step (2) and inquiring, and specifically comprising the following steps:
3-1. the user sends a network redefinition request to the control by calling the northbound interface, the request type comprising: creating a tenant network and performing attribute operation on a logic function block;
3-2, the database module in the control element performs writing or deleting of the database according to the information contained in the network redefinition request;
3-3, constructing a ForCES format message by a remote procedure calling module in the control element according to the information contained in the network redefinition request, and putting the ForCES format message into the message queue in the step (1);
3-4, extracting a request type and a ForCES format message from the message queue by a remote procedure call logic function block in the forwarding element, and entering 3-5 if the request type is the tenant network creation in the step 3-1; if the request type is the logic function block attribute operation in the step 3-1, entering 3-6;
3-5, the logic function block of the forwarding object creates the name space in the step 2-1, and further creates a virtual three-layer network for the user;
and 3-6, the remote procedure call logic function block in the forwarding element modifies and inquires the attributes of the interface logic function block, the remote procedure call logic function block, the routing logic function block and the floating IP logic function block in the step 2 according to the ForCES format message in the step 3-4.
CN201710114858.4A 2017-02-28 2017-02-28 Software defined network implementation method based on ForCES Expired - Fee Related CN106953848B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710114858.4A CN106953848B (en) 2017-02-28 2017-02-28 Software defined network implementation method based on ForCES

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710114858.4A CN106953848B (en) 2017-02-28 2017-02-28 Software defined network implementation method based on ForCES

Publications (2)

Publication Number Publication Date
CN106953848A CN106953848A (en) 2017-07-14
CN106953848B true CN106953848B (en) 2020-04-28

Family

ID=59466613

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710114858.4A Expired - Fee Related CN106953848B (en) 2017-02-28 2017-02-28 Software defined network implementation method based on ForCES

Country Status (1)

Country Link
CN (1) CN106953848B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107171899B (en) * 2017-07-18 2019-12-03 江南大学 A kind of high-throughput routing simulation method based on cloud platform
CN107566181B (en) * 2017-09-12 2021-05-04 郑州云海信息技术有限公司 Network management method and virtualization management platform
CN108713309B (en) * 2018-03-21 2021-04-16 达闼机器人有限公司 SD-WAN system, use method of SD-WAN system and related device
CN108804238B (en) * 2018-03-29 2022-03-04 中国工程物理研究院计算机应用研究所 Soft bus communication method based on remote procedure call
CN108540408B (en) * 2018-04-16 2020-11-13 广东亿迅科技有限公司 Openstack-based distributed virtual switch management method and system
CN110311803B (en) * 2019-05-20 2022-08-26 平安科技(深圳)有限公司 Method and device for realizing software defined network, computer equipment and storage medium
CN114466011B (en) * 2022-01-29 2023-08-04 苏州浪潮智能科技有限公司 Metadata service request method, device, equipment and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067287A (en) * 2013-01-18 2013-04-24 浙江工商大学 Method achieving virtual programmable router under framework of forwarding and control separation
WO2013104375A1 (en) * 2012-01-09 2013-07-18 Telefonaktiebolaget L M Ericsson (Publ) Network device control in a software defined network
CN106209677A (en) * 2016-07-15 2016-12-07 深圳市永达电子信息股份有限公司 The method that neutron based on Openstack realizes network QOS

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013104375A1 (en) * 2012-01-09 2013-07-18 Telefonaktiebolaget L M Ericsson (Publ) Network device control in a software defined network
CN103067287A (en) * 2013-01-18 2013-04-24 浙江工商大学 Method achieving virtual programmable router under framework of forwarding and control separation
CN106209677A (en) * 2016-07-15 2016-12-07 深圳市永达电子信息股份有限公司 The method that neutron based on Openstack realizes network QOS

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SDN的ForCES实现及服务部署研究;高明;《中国博士学位论文全文数据库 信息科技辑》;20140615;全文 *
The Implementation of Virtualization in Data Plane of ForCES;Xi, Zou;Ming, Gao;Wang, Yining;Wu, Chunming;《Seventh International Symposium on Parallel Architectures, Algorithms and Programming》;20151214;全文 *
基于ForCES的SDN配置层中网络虚拟化关键技术研究;周磊;《中国优秀硕士学位论文全文数据库 信息科技辑》;20150515;全文 *

Also Published As

Publication number Publication date
CN106953848A (en) 2017-07-14

Similar Documents

Publication Publication Date Title
CN106953848B (en) Software defined network implementation method based on ForCES
US9450823B2 (en) Hybrid network management
CN107947961B (en) SDN-based Kubernetes network management system and method
US11818040B2 (en) Systems and methods for a VLAN switching and routing service
Wang et al. A survey on data center networking for cloud computing
US9178828B2 (en) Architecture for agentless service insertion
CN107147509B (en) Virtual private network service implementation method, device and communication system
US10142218B2 (en) Hypervisor routing between networks in a virtual networking environment
US10880248B2 (en) Orchestrator agnostic application container visibility
US20220210158A1 (en) Layer-2 networking using access control lists in a virtualized cloud environment
CN103997513B (en) A kind of programmable virtual network service system
CN106209688B (en) Cloud data multicast methods, devices and systems
US10931559B2 (en) Distribution of network-policy configuration, management, and control using model-driven and information-centric networking
JP2015534320A (en) System and method for providing policy-based data center network automation
WO2019127418A1 (en) Network service management method, related device and system
US11855893B2 (en) Tag-based cross-region segment management
US9590855B2 (en) Configuration of transparent interconnection of lots of links (TRILL) protocol enabled device ports in edge virtual bridging (EVB) networks
JP2024503600A (en) Layer 2 networking span ports in virtualized cloud environments
CN109863726A (en) Distributed clients guard station device
US11799755B2 (en) Metadata-based cross-region segment routing
US20240121186A1 (en) Layer-2 networking using access control lists in a virtualized cloud environment
WO2023096811A1 (en) Tag-based cross-region segment management
WO2022028092A1 (en) Vnf instantiation method and apparatus
JP2024507146A (en) Packet flow in cloud infrastructure based on cached and non-cached configuration information
US20240143365A1 (en) Initializing a container environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200428