CN107547308B - Message mirroring method and device, and controller in Software Defined Network (SDN) - Google Patents
Message mirroring method and device, and controller in Software Defined Network (SDN) Download PDFInfo
- Publication number
- CN107547308B CN107547308B CN201710633267.8A CN201710633267A CN107547308B CN 107547308 B CN107547308 B CN 107547308B CN 201710633267 A CN201710633267 A CN 201710633267A CN 107547308 B CN107547308 B CN 107547308B
- Authority
- CN
- China
- Prior art keywords
- mirror image
- mirror
- access device
- message
- flow table
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a message mirroring method and device, a controller in an SDN, an access device in the SDN and a machine readable storage medium. The method is applied to a controller in the SDN and comprises the following steps: determining a first mirror image source device locally connected with a first access device; the first access device is any one of SDN access devices, and each access device is locally connected with a mirror image destination device; and issuing a first mirror image flow table to the first access equipment, wherein the first mirror image flow table is used for indicating that the message sent by the first mirror image source equipment is subjected to mirror image processing to obtain a mirror image message, and sending the mirror image message to first mirror image destination equipment locally connected with the first access equipment, so that the first mirror image destination equipment monitors and analyzes the mirror image message to obtain an analysis result, and sends the analysis result to the monitoring equipment. Therefore, the scheme not only effectively reduces the network bandwidth occupied by the mirroring process of the message, but also effectively reduces the operating pressure on the single monitoring device.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a message mirroring method and apparatus, a controller in a Software Defined Network (SDN), an access device in the SDN, and a machine-readable storage medium.
Background
In the current software defined network SDN, if a mirror source device is connected to any access device, when performing message mirroring, the access device mirrors a message sent by the mirror source device to a uniform access device (the access device is different from the access device currently connected to the mirror source device) according to an openflow flow table issued by a controller. Then, the unified access device sends the message obtained by mirroring to the mirroring destination device locally connected to itself (the mirroring destination device is also used as a monitoring device), and the monitoring device monitors and analyzes all the obtained messages.
It is easy to see that the message is mirrored from one access device to another access device, so the mirroring process of the message spans the access devices, and the network bandwidth occupied by the mirroring process is large, which greatly affects the normal operation of other services. In addition, the monitoring device needs to monitor and analyze all messages obtained by mirroring, so the operating pressure on the monitoring device is very large.
Disclosure of Invention
Embodiments of the present invention provide a method and an apparatus for mirroring a packet, a controller in an SDN, an access device in the SDN, and a machine-readable storage medium, so as to effectively reduce a network occupied by a mirroring process of the packet and reduce an operating pressure on a monitoring device.
In a first aspect, an embodiment of the present invention provides a packet mirroring method, which is applied to a controller in a software defined network SDN, and the method includes:
determining a first mirror image source device locally connected with a first access device; the first access device is any one of the SDN, and each access device is locally connected with a mirror image destination device;
and issuing a first mirror image flow table to the first access equipment, wherein the first mirror image flow table is used for indicating that mirror image processing is carried out on the message sent by the first mirror image source equipment to obtain a mirror image message, and sending the mirror image message to first mirror image destination equipment locally connected with the first access equipment, so that the first mirror image destination equipment monitors and analyzes the mirror image message to obtain an analysis result, and sends the analysis result to monitoring equipment.
In a second aspect, an embodiment of the present invention provides a packet mirroring method, which is applied to any access device in a software defined network SDN, where each access device is locally connected to a mirror destination device, and the method includes:
receiving a first mirror image flow table issued by a controller in the SDN; the controller issues the first mirror image flow table after determining a first mirror image source device locally connected with the access device;
and carrying out mirror image processing on the message sent by the first mirror image source device according to the indication of the first mirror image flow table to obtain a mirror image message, and sending the mirror image message to a mirror image destination device locally connected to the access device, so that the mirror image destination device carries out monitoring analysis on the mirror image message to obtain an analysis result, and sends the analysis result to the monitoring device.
In a third aspect, an embodiment of the present invention provides a packet mirroring apparatus, which is applied to a controller in a software defined network SDN, and the apparatus includes:
the determining module is used for determining first mirror image source equipment locally connected with the first access equipment; the first access device is any one of the SDN, and each access device is locally connected with a mirror image destination device;
the first forwarding module is configured to forward a first mirror flow table to the first access device, where the first mirror flow table is used to instruct to perform mirror processing on a message sent by the first mirror source device to obtain a mirror message, and send the mirror message to a first mirror destination device locally connected to the first access device, so that the first mirror destination device monitors and analyzes the mirror message to obtain an analysis result, and sends the analysis result to the monitoring device.
In a fourth aspect, an embodiment of the present invention provides a packet mirroring apparatus, which is applied to any access device in a software defined network SDN, where each access device is locally connected to a mirror destination device, and the apparatus includes:
the first receiving module is used for receiving a first mirror image flow table issued by a controller in the SDN; the controller issues the first mirror image flow table after determining a first mirror image source device locally connected with the access device;
and the mirror image module is used for carrying out mirror image processing on the message sent by the first mirror image source device according to the indication of the first mirror image flow table to obtain a mirror image message, and sending the mirror image message to a mirror image destination device locally connected with the access device, so that the mirror image destination device carries out monitoring analysis on the mirror image message to obtain an analysis result, and sends the analysis result to the monitoring device.
In a fifth aspect, an embodiment of the present invention provides a controller in a software defined network, SDN, comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: the method steps applied to the controller are realized.
In a sixth aspect, an embodiment of the present invention provides an access device in a software defined network, SDN, comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: the method steps applied to the access device are realized.
In a seventh aspect, an embodiment of the present invention provides a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: the method steps applied to the controller or the access device are realized.
In the scheme, the first mirror image source device and the first mirror image destination device are both locally connected with the first access device, so that the mirror image process of the message is locally carried out on the first access device, the mirror image process does not span the access device, correspondingly, the network bandwidth occupied by the mirror image process is greatly reduced, and the normal operation of other services can be better ensured. In addition, the scheme realizes successful monitoring of the message sent by the first image source device through the cooperative work of two stages of monitoring devices consisting of the front-stage monitoring device (namely the image destination device locally connected with each access device) and the rear-stage monitoring device (namely the monitoring devices), so that the operating pressure on the single monitoring device can be effectively reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a message mirroring method provided from the perspective of a controller in an SDN according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a networking structure of a controller and an access device;
fig. 3 is a schematic diagram of another networking structure of the controller and the access device;
fig. 4 is a flowchart of a message mirroring method provided from the perspective of an access device in an SDN according to an embodiment of the present invention;
fig. 5 is a block diagram of a structure of a packet mirroring apparatus provided from the perspective of a controller in an SDN according to an embodiment of the present invention;
fig. 6 is a block diagram of a structure of a packet mirroring apparatus provided from the perspective of an access device in an SDN according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a controller in an SDN according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an access device in an SDN according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to solve the problems in the prior art, embodiments of the present invention provide a method and an apparatus for mirroring a packet, a controller in an SDN, an access device in the SDN, and a machine-readable storage medium.
First, a message mirroring method provided from the perspective of a controller in an SDN according to an embodiment of the present invention is described below.
Referring to fig. 1, a flowchart of a message mirroring method according to an embodiment of the present invention is shown. As shown in fig. 1, the method is applied to a controller in an SDN, and may include the following steps:
s101, determining a first image source device locally connected with a first access device; the first access device is any one of SDN access devices, and each access device is locally connected with a mirror image destination device.
The first access device may be a switch, which may be either an entity switch or a virtual switch vSwitch. The first image source device and the image destination device locally connected to each access device determined by the controller may be both an entity device and a virtual device (i.e., a virtual machine). It is to be understood that, when the first access device is a vSwitch and the mirroring destination device to which the first mirroring source device and the first access device are locally connected (i.e. the first mirroring destination device behind) is a virtual machine, the first access device, the first mirroring source device and the first mirroring destination device may be located in the same physical machine, for example, the same server.
It should be noted that, the specific implementation form of the first image source device that the controller determines that the first access device is locally connected to is various, and two implementation forms are described below as examples.
In a first implementation form, determining a first image source device to which a first access device is locally connected may include:
when the local migration occurs to the mirror image source device locally connected to the first access device, determining the mirror image source device with the local migration as the first mirror image source device.
The first implementation form is described below with reference to fig. 2 as a specific example.
As shown in fig. 2, it is assumed that before migration of the mirror source device 300 occurs, the mirror source device 300 is connected to the port 11 of the access device a 100. Thereafter, the mirror source device 300 is migrated, and a dashed line L1 in fig. 2 illustrates a migration direction of the mirror source device 300. It is easy to see that the mirror source device 300 after migration has occurred is connected to port 12 of access device a 100. It can be seen that the mirror source device 300 has migrated locally with respect to the access device a100, and therefore, upon detecting such a migration, the controller 400 may determine the mirror source device 300 as the first mirror source device to which the access device a100 is locally connected.
In a second implementation form, determining a first mirroring source device to which a first access device is locally connected may include:
when the mirror image source device migrates into the first access device, determining the migrated mirror image source device as the first mirror image source device.
The second implementation form is described below with reference to fig. 3 as a specific example.
As shown in fig. 3, it is assumed that before migration of the mirror source device 300 occurs, the mirror source device 300 is connected to the port 11 of the access device a 100. Thereafter, the mirror source device 300 is migrated, and a dashed line L2 in fig. 3 illustrates a migration direction of the mirror source device 300. It is easy to see that the mirror source device 300 after migration has occurred is connected to port 23 of the access device B200. As can be seen, the mirror source device 300 migrates between two access devices, that is, the mirror source device 300 migrates from the access device a100 and migrates into the access device B200, and therefore, when such a migration situation is detected, the controller 400 may determine the mirror source device 300 as the first mirror source device locally connected to the access device B200.
It should be noted that in both of the above two implementation forms, the controller 400 may detect the migration of the mirror source device 300 according to an openflow status manner to execute S101. Of course, the controller 400 may also learn about the migration situation of the mirror source device 300 through other manners, for example, the networking in fig. 2 and fig. 3 may further include a cloud platform, and the cloud platform may detect the migration situation of the mirror source device 300 and notify the controller 400 of the migration situation, so that the controller 400 learns the migration situation to execute S101.
In addition, it should be noted that, for the networking of fig. 2 and fig. 3, when initializing, the controller 400 may issue a corresponding mirror flow table to the access device according to the current networking situation. Specifically, as shown in fig. 2 and fig. 3, it is assumed that, during initialization, the mirror source device 300 is connected to the port 11 of the access device a100, and in the initialization process, the controller 11 issues a mirror flow table to the access device a100 to instruct the access device a100 to perform mirror processing on a message sent by the mirror source device 300, so as to obtain a mirror message, and send the mirror message to the mirror destination device 500 locally connected to the access device a 100. The solid line L3 in fig. 2 and the dotted line L4 in fig. 3 illustrate the sending direction of the mirror image message.
S102, a first mirror image flow table is issued to the first access device, the first mirror image flow table is used for indicating mirror image processing of messages sent by the first mirror image source device to obtain mirror image messages, the mirror image messages are sent to a first mirror image destination device locally connected with the first access device, and therefore the first mirror image destination device monitors and analyzes the mirror image messages to obtain analysis results and sends the analysis results to the monitoring device.
The first mirror image flow table may be an openflow flow table, and the matching entry in the flow table may include a source IP address and an ingress port, where the source IP address is specifically an IP address of the first mirror image source device, and the ingress port is specifically a mirror image source port, that is, a port of the first access device, which is currently connected to the first mirror image source device; the action entry in the flow table may comprise an egress port, which is specifically a mirroring destination port, i.e. a port of the first access device which is currently connected to the first mirroring destination device. Of course, it is also possible that the matching entry of the first mirrored flow table does not include an ingress port. For convenience of understanding, in the following embodiments, a case where an entry port is included in a matching entry of the first mirror flow table is described as an example.
After receiving the first mirror flow table issued by the controller, the first access device may store the first mirror flow table. Next, when receiving a message whose source address is the IP address of the first mirror source device (the message is a message sent by the first mirror source device) through the mirror source port in the first mirror flow table, the first access device performs mirror processing on the message according to the first mirror flow table stored locally to obtain a mirror message, and sends the mirror message to the mirror destination port in the first mirror flow table, where the first mirror destination device receives the mirror message through the mirror destination port. After receiving the mirror image message, the first mirror image destination device monitors and analyzes the mirror image message to obtain an analysis result, and sends the analysis result to the monitoring device. In this way, the monitoring device can further analyze the received analysis result, thereby finally realizing successful monitoring of the message sent by the first image source device.
In order to facilitate a better understanding of the present solution for those skilled in the art, two specific examples are described below with reference to fig. 2 and 3.
In the first example, as shown in fig. 2, the mirror source device 300 migrates locally with respect to the access device a100 (the mirror source device 300 migrates from the port 11 of the access device a100 to the port 12 of the access device a 100), and therefore, the controller 400 determines the mirror source device 300 as the first mirror source device to which the access device a100 is locally connected.
Next, the controller 400 issues a first mirror flow table to the access device a100, where the matching entries in the first mirror flow table include: a source IP address and an ingress port, where the source IP address is specifically an IP address of the mirror source device 300, and the ingress port is specifically a port 12 of the access device a100, and the action items include: the egress port is specifically the port 13 of the access device a 100. When the access device a100 receives the first mirrored flow table, the access device a100 stores the first mirrored flow table. Then, when receiving a message whose source address is the IP address of the mirror source device 300 through its own port 12, the access device a100 not only normally processes the message (for example, forwards the message), but also performs mirror processing on the message according to the locally stored indication of the first mirror flow table to obtain a mirror message, and sends the mirror message to its own port 13, so that the mirror destination device 500 connected to the port 13 can receive the mirror message, where a solid line L5 in fig. 2 indicates the sending direction of the mirror message after the mirror source device 300 migrates. After receiving the mirror image message, the mirror image destination device 500 connected to the port 13 performs monitoring analysis on the mirror image message to obtain an analysis result, and sends the analysis result to the monitoring device 600. In this way, the monitoring device 600 may further analyze the received analysis result, thereby finally realizing successful monitoring of the message sent by the mirroring source device 300.
It can be seen that, in the first example, when the mirroring source device 300 migrates locally with respect to the access device a100, the message sent by the mirroring source device 300 is mirrored to the port 13 of the access device a100 by the port 12 of the access device a 100. That is to say, the mirroring process of the packet is performed locally in the access device a100, and the mirroring process of the packet does not cross the access device, and accordingly, the network bandwidth occupied by the mirroring process is small, and the normal operation of other services is not affected.
It should be noted that, in the first example, if the entry port is not included in the matching entry of the mirror flow table, the controller 400 does not need to issue the first mirror flow table to the access device a100 when the mirror source device 300 migrates locally with respect to the access device a 100.
In a second example, as shown in fig. 3, the mirror source device 300 migrates from the access device a100 and migrates into the access device B200 (the mirror source device 300 migrates from the port 11 of the access device a100 to the port 23 of the access device B200), and therefore, the controller 400 determines the mirror source device 300 as the first mirror source device locally connected to the access device B200.
Next, the controller 400 issues a first mirror flow table to the access device B200, where the matching entries in the first mirror flow table include: a source IP address and an ingress port, where the source IP address is specifically an IP address of the mirror source device 300, and the ingress port is specifically a port 23 of the access device B200, and the action items include: the egress port is specifically the port 21 of the access device 200. When the access device B200 receives the first mirrored flow table, the access device B200 stores the first mirrored flow table. Then, when receiving a message whose source address is the IP address of the mirror source device 300 through its own port 23, the access device a100 not only processes the message normally (for example, forwards the message), but also performs mirror processing on the message according to the locally stored indication of the first mirror flow table to obtain a mirror message, and sends the mirror message to its own port 21, so that the mirror destination device 700 connected to the port 21 can receive the mirror message, where a solid line L6 in fig. 3 indicates the sending direction of the mirror message after the mirror source device 300 migrates. After receiving the mirror image message, the mirror image destination device 700 connected to the port 21 performs monitoring analysis on the mirror image message to obtain an analysis result, and sends the analysis result to the monitoring device 600. In this way, the monitoring device 600 may further analyze the received analysis result, thereby finally realizing successful monitoring of the message sent by the mirroring source device 300.
It can be seen that, in the second example, when the mirror source device 300 is migrated from the access device a100 and migrated into the access device B200, the message sent by the mirror source device 300 is specifically mirrored to the port 21 of the access device B200 through the port 23 of the access device B200. That is, the mirroring process of the packet does not cross the access device, and accordingly, the network bandwidth occupied by the mirroring process is small, and the normal operation of other services is not affected.
It should be noted that, in the above two examples, the mirror destination device locally connected to each access device may be regarded as a front-stage monitoring device, and the monitoring device 600 that further analyzes the analysis result from each mirror destination device may be regarded as a rear-stage monitoring device, that is, two stages of monitoring devices consisting of the front-stage monitoring device and the rear-stage monitoring device cooperate to implement successful monitoring on the message sent by the mirror source device 300.
In the scheme, the first mirror image source device and the first mirror image destination device are both locally connected with the first access device, so that the mirror image process of the message is locally carried out on the first access device, the mirror image process does not span the access device, correspondingly, the network bandwidth occupied by the mirror image process is greatly reduced, and the normal operation of other services can be better ensured. In addition, the scheme realizes successful monitoring of the message sent by the first image source device through the cooperative work of two stages of monitoring devices consisting of the front-stage monitoring device (namely the image destination device locally connected with each access device) and the rear-stage monitoring device (namely the monitoring devices), so that the operating pressure on the single monitoring device can be effectively reduced.
In a specific implementation manner of the embodiment of the present invention, after determining that an image source device migrated into a first access device is a first image source device when the image source device migrates into the first access device, the method may further include:
and issuing a deleted flow table to a migrated second access device, wherein the second access device is an access device connected before the first mirror image source device migrates into the first access device, the deleted flow table is used for indicating deletion of a second mirror image flow table, and the second mirror image flow table is used for indicating mirror image processing on a message sent by the first mirror image source device to obtain a mirror image message, and sending the mirror image message to a second mirror image destination device locally connected with the second access device.
The second mirrored flow table may be an openflow flow table.
Next, a description will be given of a specific implementation process of the present embodiment, continuing with the second example in the previous embodiment.
As can be seen from the description in the previous embodiment, when mirrored source device 300 is migrated from access device a100 and migrated into access device B200, the second mirrored flow table is stored locally in access device a 100. The entry included in the matching entry in the second mirrored flow table is port 11 of access device a100, the exit included in the action entry is port 13 of access device a100, and the matching entry in the second mirrored flow table may further include a source IP address, where the source IP address is specifically an IP address of mirrored source device 300. When receiving a message whose source address is the IP address of the mirror source device 300 through its own port 11, the access device a100 not only processes the data message normally (for example, forwards the message), but also performs mirror processing on the message according to the locally stored indication of the second mirror flow table to obtain a mirror message, and sends the mirror message to its own port 13.
In this embodiment, when the controller 400 detects that the mirror source device 300 is migrated from the access device a100 and migrated into the access device B200, the controller 400 may migrate the access device connected before the access device B200 to the mirror source device 300, that is, the access device a100 issues a deletion flow table, so as to instruct the access device a100 to delete the second mirror flow table stored locally.
Thus, when access device a100 receives the deleted flow table, it deletes the second mirrored flow table stored locally. Thereafter, when receiving a message with the source address being the IP address of the mirroring source device 300 through the port 11, the access device a100 only normally processes the message (e.g., forwards the message), and it does not mirror the message to the port 13.
It is easy to see that, in this embodiment, when the mirror source device migrates between the access devices, the controller issues a corresponding flow table deletion to the corresponding access device, so as to avoid that the mirror flow table remaining in the access device affects subsequent message mirroring behaviors.
In conclusion, the embodiment not only effectively reduces the network bandwidth occupied by the mirroring process of the message, but also effectively reduces the operating pressure on a single monitoring device.
A message mirroring method provided from the perspective of an access device in an SDN according to an embodiment of the present invention is described below.
Referring to fig. 4, a flowchart of a message mirroring method according to an embodiment of the present invention is shown. As shown in fig. 4, the method is applied to any access device in the SDN, where each access device is locally connected to a mirror destination device, and the method may include the following steps:
s401, receiving a first mirror flow table issued by a controller in the SDN; the controller issues a first mirror image flow table after determining a first mirror image source device locally connected with the access device;
s402, according to the indication of the first mirror image flow table, mirror image processing is carried out on the message sent by the first mirror image source device to obtain a mirror image message, and the mirror image message is sent to a mirror image destination device locally connected to the access device, so that the mirror image destination device carries out monitoring and analysis on the mirror image message to obtain an analysis result, and sends the analysis result to the monitoring device.
In a specific implementation manner of the embodiment of the present invention, the method may further include:
when the first image source device migrates the access device, the flow table deletion issued by the controller is received;
and deleting the local first mirror flow table according to the instruction of deleting the flow table.
In the scheme, the mirroring process of the message is performed locally in the access device, the mirroring process does not span the access device, and accordingly, the network bandwidth occupied by the mirroring process is greatly reduced, so that the normal operation of other services can be well ensured. In addition, the scheme realizes successful monitoring of the message sent by the image source equipment through the cooperative work of two-stage monitoring equipment consisting of the front-stage monitoring equipment (namely the image target equipment locally connected with the access equipment) and the rear-stage monitoring equipment (namely the monitoring equipment), so that the operating pressure on the single monitoring equipment can be effectively reduced.
A message mirroring apparatus provided from the perspective of a controller in an SDN according to an embodiment of the present invention is described below.
Referring to fig. 5, a block diagram of a structure of a message mirroring apparatus according to an embodiment of the present invention is shown. As shown in fig. 5, the apparatus is applied to a controller in an SDN, and the apparatus may include:
a determining module 51, configured to determine a first mirror source device locally connected to a first access device; the first access device is any one of SDN access devices, and each access device is locally connected with a mirror image destination device;
the first forwarding module 52 is configured to issue a first mirror flow table to the first access device, where the first mirror flow table is used to instruct to perform mirror processing on a message sent by the first mirror source device to obtain a mirror message, and send the mirror message to a first mirror destination device locally connected to the first access device, so that the first mirror destination device performs monitoring and analysis on the mirror message to obtain an analysis result, and sends the analysis result to the monitoring device.
In a specific implementation manner of the embodiment of the present invention, the determining module is specifically configured to:
when the mirror image source device migrates into the first access device, determining the migrated mirror image source device as the first mirror image source device.
In a specific implementation manner of the embodiment of the present invention, the apparatus may further include:
the second issuing module is used for issuing a deletion flow table to the second access device after the migrated image source device is determined as the first image source device when the image source device migrates into the first access device, the second access device is the access device connected before the first image source device migrates into the first access device, the deletion flow table is used for indicating deletion of the second image flow table, and the second image flow table is used for indicating mirror processing of a message sent by the first image source device to obtain an image message and sending the image message to a second image destination device locally connected with the second access device.
In a specific implementation manner of the embodiment of the present invention, the determining module is specifically configured to:
when the local migration occurs to the mirror image source device locally connected to the first access device, determining the mirror image source device with the local migration as the first mirror image source device.
In the scheme, the first mirror image source device and the first mirror image destination device are both locally connected with the first access device, so that the mirror image process of the message is locally carried out on the first access device, the mirror image process does not span the access device, correspondingly, the network bandwidth occupied by the mirror image process is greatly reduced, and the normal operation of other services can be better ensured. In addition, the scheme realizes successful monitoring of the message sent by the first image source device through the cooperative work of two stages of monitoring devices consisting of the front-stage monitoring device (namely the image destination device locally connected with each access device) and the rear-stage monitoring device (namely the monitoring devices), so that the operating pressure on the single monitoring device can be effectively reduced.
A message mirroring apparatus provided from the perspective of an access device in an SDN according to an embodiment of the present invention is described below.
Referring to fig. 6, a block diagram of a structure of a message mirroring apparatus according to an embodiment of the present invention is shown. As shown in fig. 6, the apparatus is applied to any access device in an SDN, where each access device is locally connected to a mirror destination device, and the apparatus may include:
a first receiving module 61, configured to receive a first mirror flow table issued by a controller in the SDN; the controller issues a first mirror image flow table after determining a first mirror image source device locally connected with the access device;
and the mirror image module 62 is configured to perform mirror image processing on the message sent by the first mirror image source device according to the indication of the first mirror image flow table to obtain a mirror image message, and send the mirror image message to a mirror image destination device locally connected to the access device, so that the mirror image destination device performs monitoring and analysis on the mirror image message to obtain an analysis result, and sends the analysis result to the monitoring device.
In a specific implementation manner of the embodiment of the present invention, the apparatus may further include:
the second receiving module is used for receiving the flow table deletion issued by the controller when the first mirror image source device migrates from the access device;
and the deleting module is used for deleting the local first mirror image flow table according to the indication of deleting the flow table.
In the scheme, the mirroring process of the message is performed locally in the access device, the mirroring process does not span the access device, and accordingly, the network bandwidth occupied by the mirroring process is greatly reduced, so that the normal operation of other services can be well ensured. In addition, the scheme realizes successful monitoring of the message sent by the image source equipment through the cooperative work of two-stage monitoring equipment consisting of the front-stage monitoring equipment (namely the image target equipment locally connected with the access equipment) and the rear-stage monitoring equipment (namely the monitoring equipment), so that the operating pressure on the single monitoring equipment can be effectively reduced.
A controller in an SDN according to an embodiment of the present invention is described below.
Referring to fig. 7, a schematic structural diagram of a controller in an SDN according to an embodiment of the present invention is shown. As shown in fig. 7, the controller may include: a processor 71, a machine-readable storage medium 72 storing machine-executable instructions. The processor 71 and the machine-readable storage medium 72 may communicate via a system bus 73. Also, by reading and executing machine-executable instructions in the machine-readable storage medium 72 corresponding to the message mirroring control logic, the processor 71 may perform the method steps described above as applied to the controller.
An access device in an SDN according to an embodiment of the present invention is described below.
Referring to fig. 8, a schematic structural diagram of an access device in an SDN according to an embodiment of the present invention is shown. As shown in fig. 8, the access device may include: a processor 81, and a machine-readable storage medium 82 having stored thereon machine-executable instructions. The processor 81 and the machine-readable storage medium 82 may communicate via a system bus 83. Also, the processor 81 may perform the method steps described above as applied to the access device by reading and executing machine-executable instructions in the machine-readable storage medium 82 corresponding to the message mirroring control logic.
A machine-readable storage medium provided by an embodiment of the present invention is described below.
Embodiments of the present invention also provide a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: the method steps applied to the controller or the access device are realized.
It should be noted that the machine-readable storage medium referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: RAM (random access Memory), volatile Memory, flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, dvd, etc.), or similar storage medium, or a combination thereof.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the embodiments of the apparatus, the controller, the access device and the machine-readable storage medium, since they are substantially similar to the embodiments of the method, the description is simple, and for the relevant points, reference may be made to the partial description of the embodiments of the method.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (15)
1. A message mirroring method is applied to a controller in a Software Defined Network (SDN), and comprises the following steps:
determining a first mirror image source device locally connected with a first access device; the first access device is any one of the SDN, and each access device is locally connected with a mirror image destination device;
and issuing a first mirror image flow table to the first access equipment, wherein the first mirror image flow table is used for indicating that mirror image processing is carried out on the message sent by the first mirror image source equipment to obtain a mirror image message, and sending the mirror image message to first mirror image destination equipment locally connected with the first access equipment, so that the first mirror image destination equipment monitors and analyzes the mirror image message to obtain an analysis result, and sends the analysis result to monitoring equipment.
2. The method of claim 1, wherein determining the first mirror source device to which the first access device is locally connected comprises:
and when the mirror image source equipment migrates into the first access equipment, determining the migrated mirror image source equipment as the first mirror image source equipment.
3. The method of claim 2, wherein after determining the migrated mirrored source device as the first mirrored source device when the mirrored source device migrates into the first access device, the method further comprises:
and issuing a deleted flow table to a second access device, wherein the second access device is an access device connected before the first mirror image source device is migrated into the first access device, the deleted flow table is used for indicating deletion of a second mirror image flow table, and the second mirror image flow table is used for indicating mirror image processing on a message sent by the first mirror image source device to obtain a mirror image message, and sending the mirror image message to a second mirror image destination device locally connected with the second access device.
4. The method of claim 1, wherein determining the first mirror source device to which the first access device is locally connected comprises:
when the mirror image source device locally connected to the first access device is locally migrated, determining the mirror image source device locally migrated as the first mirror image source device.
5. A message mirroring method is applied to any access device in a Software Defined Network (SDN), and each access device is locally connected with a mirror destination device, and the method comprises the following steps:
receiving a first mirror image flow table issued by a controller in the SDN; the controller issues the first mirror image flow table after determining a first mirror image source device locally connected with the access device;
and carrying out mirror image processing on the message sent by the first mirror image source device according to the indication of the first mirror image flow table to obtain a mirror image message, and sending the mirror image message to a mirror image destination device locally connected to the access device, so that the mirror image destination device carries out monitoring analysis on the mirror image message to obtain an analysis result, and sends the analysis result to the monitoring device.
6. The method of claim 5, further comprising:
when the first image source device migrates the access device, receiving a deletion flow table issued by the controller;
and deleting the local first mirror flow table according to the indication of deleting the flow table.
7. A packet mirroring apparatus applied to a controller in a Software Defined Network (SDN), the apparatus comprising:
the determining module is used for determining first mirror image source equipment locally connected with the first access equipment; the first access device is any one of the SDN, and each access device is locally connected with a mirror image destination device;
the first forwarding module is configured to forward a first mirror flow table to the first access device, where the first mirror flow table is used to instruct to perform mirror processing on a message sent by the first mirror source device to obtain a mirror message, and send the mirror message to a first mirror destination device locally connected to the first access device, so that the first mirror destination device monitors and analyzes the mirror message to obtain an analysis result, and sends the analysis result to the monitoring device.
8. The apparatus of claim 7, wherein the determining module is specifically configured to:
and when the mirror image source equipment migrates into the first access equipment, determining the migrated mirror image source equipment as the first mirror image source equipment.
9. The apparatus of claim 8, further comprising:
the second issuing module is configured to issue a deletion flow table to the second access device after determining that the migrated mirror source device is the first mirror source device when migrating the mirror source device into the first access device, where the second access device is an access device connected before the first mirror source device migrates into the first access device, the deletion flow table is used to instruct deletion of the second mirror flow table, and the second mirror flow table is used to instruct mirror processing on a message sent by the first mirror source device to obtain a mirror message, and send the mirror message to a second mirror destination device locally connected to the second access device.
10. The apparatus of claim 7, wherein the determining module is specifically configured to:
when the mirror image source device locally connected to the first access device is locally migrated, determining the mirror image source device locally migrated as the first mirror image source device.
11. A message mirroring device is applied to any access device in a Software Defined Network (SDN), and each access device is locally connected with a mirror destination device, and the device comprises:
the first receiving module is used for receiving a first mirror image flow table issued by a controller in the SDN; the controller issues the first mirror image flow table after determining a first mirror image source device locally connected with the access device;
and the mirror image module is used for carrying out mirror image processing on the message sent by the first mirror image source device according to the indication of the first mirror image flow table to obtain a mirror image message, and sending the mirror image message to a mirror image destination device locally connected with the access device, so that the mirror image destination device carries out monitoring analysis on the mirror image message to obtain an analysis result, and sends the analysis result to the monitoring device.
12. The apparatus of claim 11, further comprising:
the second receiving module is configured to receive a deletion flow table issued by the controller when the first mirror image source device migrates from the access device;
and the deleting module is used for deleting the local first mirror image flow table according to the indication of deleting the flow table.
13. A controller in a software defined network, SDN, comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: -carrying out the method steps of any one of claims 1 to 4.
14. An access device in a software defined network, SDN, comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: -carrying out the method steps of claim 5 or 6.
15. A machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to: -carrying out the method steps of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710633267.8A CN107547308B (en) | 2017-07-28 | 2017-07-28 | Message mirroring method and device, and controller in Software Defined Network (SDN) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710633267.8A CN107547308B (en) | 2017-07-28 | 2017-07-28 | Message mirroring method and device, and controller in Software Defined Network (SDN) |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107547308A CN107547308A (en) | 2018-01-05 |
| CN107547308B true CN107547308B (en) | 2020-04-28 |
Family
ID=60971274
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710633267.8A Active CN107547308B (en) | 2017-07-28 | 2017-07-28 | Message mirroring method and device, and controller in Software Defined Network (SDN) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107547308B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111404765B (en) * | 2019-01-02 | 2021-10-26 | 中国移动通信有限公司研究院 | Message processing method, device, equipment and computer readable storage medium |
| CN110784375B (en) * | 2019-10-24 | 2021-10-12 | 新华三信息安全技术有限公司 | Network data monitoring method and device, electronic equipment and storage medium |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102340447B (en) * | 2011-09-06 | 2014-09-03 | 神州数码网络(北京)有限公司 | Remote port mirroring realization system and method |
| CN102546390B (en) * | 2011-11-17 | 2015-04-29 | 杭州华三通信技术有限公司 | Method and device for remote mirror image |
| US9237129B2 (en) * | 2014-05-13 | 2016-01-12 | Dell Software Inc. | Method to enable deep packet inspection (DPI) in openflow-based software defined network (SDN) |
| CN104539625B (en) * | 2015-01-09 | 2017-11-14 | 江苏理工学院 | Network security defense system based on software definition and working method thereof |
| CN105791009A (en) * | 2016-03-02 | 2016-07-20 | 上海斐讯数据通信技术有限公司 | Method and system for collecting user internet-surfing behavior based on SDN (Software Defined Network) |
| CN106982149B (en) * | 2016-12-29 | 2019-10-01 | 中国银联股份有限公司 | Message mirror-image method and network flow monitoring management system based on SDN |
-
2017
- 2017-07-28 CN CN201710633267.8A patent/CN107547308B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN107547308A (en) | 2018-01-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9036638B2 (en) | Avoiding unknown unicast floods resulting from MAC address table overflows | |
| US9313088B2 (en) | Network system and network managing method | |
| CN108075971B (en) | Main/standby switching method and device | |
| CN109842694B (en) | Method for synchronizing MAC addresses, network equipment and computer readable storage medium | |
| US20130308646A1 (en) | Enabling media access control address mobility in an ethernet virtual private network | |
| US11463345B2 (en) | Monitoring BGP routes of a device in a network | |
| CN106888282B (en) | Address Resolution Protocol (ARP) table updating method, board card and distributed equipment | |
| CN107645402B (en) | Route management method and device | |
| CN108777663B (en) | Method and device for synchronizing routing information | |
| JP2016536920A (en) | Apparatus and method for network performance monitoring | |
| US20220353170A1 (en) | Method, apparatus, and system for controlling a flow entry | |
| CN107547308B (en) | Message mirroring method and device, and controller in Software Defined Network (SDN) | |
| CN109309617A (en) | Disaster tolerance switching method, relevant device and computer storage medium | |
| CN106549821B (en) | Network loop detection method and controller | |
| CN114363334B (en) | Cloud system, network configuration method, device and equipment of cloud desktop virtual machine | |
| US20150261562A1 (en) | Establishing Redundant Connections for Virtual Machine | |
| CN112217718A (en) | Service processing method, device, equipment and storage medium | |
| CN111010362B (en) | Monitoring method and device for abnormal host | |
| CN116708129A (en) | Method, device and storage medium for link fault detection and quick recovery | |
| CN112351050A (en) | Method, device, communication equipment and storage medium for mirroring data stream | |
| CN115665035A (en) | Information processing method and device, first node and storage medium | |
| CN106899513B (en) | VXLAN tunnel management method and device | |
| CN113114588B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN106790168B (en) | Communication preprocessing method, client and server | |
| US10476956B1 (en) | Adaptive bulk write process |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |