CN108011823B - Multi-stage method and device for multi-domain flow table and multi-stage flow table searching method and device - Google Patents
Multi-stage method and device for multi-domain flow table and multi-stage flow table searching method and device Download PDFInfo
- Publication number
- CN108011823B CN108011823B CN201610935403.4A CN201610935403A CN108011823B CN 108011823 B CN108011823 B CN 108011823B CN 201610935403 A CN201610935403 A CN 201610935403A CN 108011823 B CN108011823 B CN 108011823B
- Authority
- CN
- China
- Prior art keywords
- matching
- rule
- domain
- level
- flow table
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
- H04L45/74591—Address table lookup; Address filtering using content-addressable memories [CAM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/14—Routing performance; Theoretical aspects
Abstract
The invention discloses a method and a device for multi-stage of a multi-domain flow table and a method and a device for searching the multi-stage flow table, wherein the method for converting the multi-stage flow table of the multi-domain flow table comprises the following steps: generating flow tables from level 1 to level m according to the determined parameter alpha and the attribute information of the multi-domain flow table; respectively determining a first matching rule table in the flow tables from the 1 st level to the m th level according to the multi-domain flow table, wherein the first matching rule table is a set of matching domain value information of which the number of times of occurrence of a matching domain value in each level of flow table in the multi-domain flow table is 1; respectively determining a second matching rule table in the flow tables from the 1 st level to the m th level according to the multi-domain flow table, wherein the second matching rule table is a set of matching domain value information of which the occurrence frequency of the matching domain values in each level of flow table is more than 1 in the multi-domain flow table; and respectively storing the first matching rule table and the second matching rule table into the flow tables from the 1 st level to the m th level.
Description
Technical Field
The invention relates to the technical field of forwarding of Software Defined Network (SDN) switches, in particular to a multi-level method and device for a multi-domain flow table and a multi-level flow table searching method and device.
Background
SDN flow class forwarding is a basic function in network devices. The essence is that the matched rule is found for the arriving network data packet according to the predefined classification rule set in the flow table, wherein the classification rule set is a set containing a series of rules, each rule is composed of a plurality of matching conditions corresponding to some fields in the data packet header, and a corresponding processing method (Action) is assigned to each rule, so that the data packet is processed differently, such as discarded or forwarded, according to the obtained different matching results.
In openflow1.0 version, a single flow table design is employed, and uniformly replacing with a flow entry record having a maximum length causes an increase in the size of the flow entry. Secondly, the controller programmer is difficult to write a reasonable control program to control the huge single-flow table, and the problem is greatly simplified because the multi-stage flow table structure can be independently used. At present, 41 keywords are defined in OpenFlow, which puts higher requirements on classification forwarding, so that a large flow table cannot meet the requirement on lookup time.
A multi-stage flow table is designed in OpenFlowv1.1 to reduce the overhead of the flow table, a matching process is decomposed into a plurality of steps, and a processing form of a pipeline is formed, so that the total number of records of the flow table is reduced. For the matching result of each step of the multistage flow table, a traditional cross product mode is adopted, a huge table needs to be maintained and a large number of cross products need to be made, the space complexity of the algorithm is greatly influenced, and the method cannot be suitable for 41 domains proposed by openflow1.4 and even more N domains independently forwarded by the SDN protocol.
The existing method suitable for multi-stage flow tables is as follows: according to the field matching type of each stage of flow table, a hash table algorithm stored based on a Static Random Access Memory (SRAM) is adopted for the field needing the accurate matching type, and hardware parallel matching based on a Ternary Content Addressable Memory (TCAM) is adopted for the field needing the prefix matching.
The problems of the existing method suitable for the multi-stage flow table are as follows: the feature extraction of the flow table is rough, the resource requirement of the scheme is high, a chip with huge storage capacity is needed to work normally, and the method is not suitable for practical application. If a traditional cross product aggregation mode is adopted, a huge table needs to be maintained and a large number of cross products need to be made, the space complexity of the algorithm is greatly influenced, and the method cannot be suitable for 41 domains proposed by OpenFlow1.4 and even more N domains independently forwarded by an SDN protocol.
Currently, multi-stage flow tables have considerable advantages over single-flow tables in terms of theoretical performance. However, in practical applications, a large number of technical problems need to be solved, for example, how to sort the flow tables of each stage and how to divide the flow tables of each stage become important problems to be solved by the current multi-stage flow table technology.
Disclosure of Invention
In order to solve the existing technical problem, embodiments of the present invention provide a method and an apparatus for multi-stage multi-domain flow table and a method and an apparatus for searching multi-stage flow table, which can effectively reduce the scale of the conventional cross product table and improve the storage efficiency.
In order to achieve the above purpose, the technical solution of the embodiment of the present invention is realized as follows:
in a first aspect, an embodiment of the present invention provides a method for translating a multi-level flow table of a multi-domain flow table, where the method includes:
generating a level 1 to a level m flow table according to the determined parameter α and the attribute information of the multi-domain flow table, wherein m is a natural number which is greater than 1 and less than or equal to N, the level 1 to the level m flow table at least comprise one matching domain value, the multi-domain flow table comprises at least one rule and a forwarding action corresponding to the at least one rule, the rule comprises the matching domain values of N matching domains, N is a natural number which is greater than 1, and each matching domain comprises at least one matching domain value;
respectively determining a first matching rule table in the flow tables from the 1 st level to the m th level according to the multi-domain flow table, wherein the first matching rule table is a set of matching domain value information of which the number of times of occurrence of a matching domain value in each level of flow table in the multi-domain flow table is 1;
respectively determining a second matching rule table in the flow tables from the 1 st level to the m th level according to the multi-domain flow table, wherein the second matching rule table is a set of matching domain value information of which the occurrence frequency of the matching domain values in each level of flow table is more than 1 in the multi-domain flow table;
and respectively storing the first matching rule table and the second matching rule table into the flow tables from the 1 st level to the m th level.
In a second aspect, an embodiment of the present invention provides a method for searching a multi-stage flow table of a multi-domain flow table, where the method includes:
receiving a data packet sent by upper-level equipment of a switch;
sequentially matching the data packet with a first matching domain value in a first matching rule table in the multi-level flow table to correspondingly obtain first identification information of a first rule, wherein the multi-domain flow table is converted into m-level flow tables, each level of flow table comprises a first matching rule table and a second matching rule table, and the first matching rule table comprises the first matching domain value and identification information of a rule corresponding to the first matching domain value;
matching the data packet with a second matching field value in a second matching rule table in the multistage flow table in sequence to obtain second identification information of a second rule, wherein the second matching rule table at least comprises the second matching field value;
respectively determining a first priority of the first rule and a second priority of the second rule according to the first identification information and the second identification information;
determining a rule with a higher priority of the first rule and the second rule as a target rule;
determining a forwarding action corresponding to the target rule according to the identification information of the target rule;
and forwarding the data packet according to the forwarding action.
In a third aspect, an embodiment of the present invention provides a multi-stage flow table translation apparatus for a multi-domain flow table, where the apparatus includes: the first generation module is used for generating flow tables from level 1 to level m according to the determined parameter alpha and the attribute information of the multi-domain flow table, wherein m is a natural number which is more than 1 and less than or equal to N, and the flow tables from level 1 to level m at least comprise one matching domain value; the multi-domain flow table comprises at least one rule and a forwarding action corresponding to the at least one rule, the rule comprises matching domain values of N matching domains, N is a natural number greater than 1, each matching domain comprises at least one matching domain value,
a first determining module, configured to determine, according to the multi-domain flow tables, first matching rule tables in the flow tables from the level 1 to the level m, where the first matching rule table is a set of matching threshold information in which a matching threshold in each level of the flow table appears in the multi-domain flow table for 1 time;
a second determining module, configured to determine, according to the multi-domain flow tables, second matching rule tables in the flow tables from the level 1 to the level m, where the second matching rule table is a set of matching domain information in which a number of times that a matching domain appears in the multi-domain flow table in each level of the flow tables is greater than 1;
the first storage module is used for storing the first matching rule table and the second matching rule table into the flow tables from the 1 st level to the m th level respectively.
In a fourth aspect, an embodiment of the present invention provides a device for searching a multi-stage flow table of a multi-domain flow table, where the device includes:
the fourth receiving module is used for receiving the data packet sent by the upper-level equipment of the switch;
the first matching module is used for sequentially matching the data packet with a first matching domain value in a first matching rule table in the multi-level flow table to correspondingly obtain first identification information of a first rule, wherein the multi-domain flow table is converted into m-level flow tables, each level of flow table comprises a first matching rule table and a second matching rule table, and the first matching rule table comprises the first matching domain value and identification information of a rule corresponding to the first matching domain value;
the second matching module is used for sequentially matching the data packet with a second matching domain value in a second matching rule table in the multistage flow table to obtain second identification information of a second rule, wherein the second matching rule table at least comprises the second matching domain value;
a fourteenth determining module, configured to determine a first priority of the first rule and a second priority of the second rule according to the first identification information and the second identification information, respectively;
a fifteenth determining module, configured to determine a rule with a higher priority of the first rule and the second rule as a target rule;
a sixteenth determining module, configured to determine, according to the identification information of the target rule, a forwarding action corresponding to the target rule;
and the forwarding module is used for forwarding the data packet according to the forwarding action.
The embodiment of the invention discloses a multi-stage method and a device of a multi-domain flow table and a searching method and a device of the multi-stage flow table, wherein the multi-stage method of the multi-domain flow table comprises the following steps: generating flow tables from level 1 to level m according to the determined parameter alpha and the attribute information of the multi-domain flow table, wherein m is a natural number which is greater than 1 and less than or equal to N, and the flow tables from level 1 to level m at least comprise one matching domain value; the multi-domain flow table comprises at least one rule and a forwarding action corresponding to the at least one rule, the rule comprises matching domain values of N matching domains, N is a natural number greater than 1, and each matching domain comprises at least one matching domain value; respectively determining a first matching rule table in the flow tables from the 1 st level to the m th level according to the multi-domain flow table, wherein the first matching rule table is a set of matching domain value information of which the number of times of occurrence of a matching domain value in each level of flow table in the multi-domain flow table is 1; respectively determining a second matching rule table in the flow tables from the 1 st level to the m th level according to the multi-domain flow table, wherein the second matching rule table is a set of matching domain value information of which the occurrence frequency of the matching domain values in each level of flow table is more than 1 in the multi-domain flow table; and respectively storing the first matching rule table and the second matching rule table into the flow tables from the 1 st level to the m th level. Therefore, the scale of the traditional cross product table can be reduced, and the storage efficiency is improved.
Drawings
Fig. 1 is a schematic flow chart illustrating an implementation process of a multi-level method of a multi-domain flow table according to an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating an implementation process of a method for searching a multi-stage flow table of a three-multi-domain flow table according to an embodiment of the present invention;
fig. 3 is a schematic flow chart illustrating an implementation process of a method for converting a multi-stage flow table of a four-multi-domain flow table according to an embodiment of the present invention;
fig. 4-1 is a schematic diagram illustrating a process of generating a final tag table when an α ═ 1 multi-stage flow table generates a multi-match combined tag table according to an embodiment of the present invention;
fig. 4-2 is a schematic diagram illustrating a process of generating a final tag table when an α ═ 2 multi-stage flow table generates a multi-match combined tag table according to an embodiment of the present invention;
fig. 5 is a schematic flow chart illustrating an implementation process of a method for searching a multi-stage flow table of a multi-domain flow table according to an embodiment of the present invention;
FIG. 6-1 is a diagram illustrating a lookup process of a multi-stage flow table according to an embodiment of the present invention;
FIG. 6-2 is a diagram illustrating a lookup process of a multi-stage flow table according to an embodiment of the invention;
fig. 7 is a system flowchart of a method for converting and searching a multi-stage flow table of a multi-domain flow table according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a multi-stage flow table conversion device of a six-multi-domain flow table according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a lookup apparatus of a multi-stage flow table of eight multi-domain flow tables according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the following describes specific technical solutions of the present invention in further detail with reference to the accompanying drawings in the embodiments of the present invention. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
Example one
In order to solve technical problems in the background art, an embodiment of the present invention provides a method for multi-stage of a multi-domain flow table, which is applied to a multi-stage device of the multi-domain flow table, and fig. 1 is a schematic diagram of an implementation flow of the method for multi-stage of the multi-domain flow table according to the embodiment of the present invention, as shown in fig. 1, the method includes:
step S101, generating flow tables from level 1 to level m according to the determined parameter alpha and the attribute information of the multi-domain flow table;
here, m is a natural number greater than 1 and equal to or less than N, and the 1 st to m-th stage flow tables include at least one matching field value; the multi-domain flow table comprises at least one rule and a forwarding action corresponding to the at least one rule, the rule comprises matching domain values of N matching domains, N is a natural number greater than 1, and each matching domain comprises at least one matching domain value;
in other embodiments of the present invention, the step S101 further includes: receiving a parameter alpha input by a user, wherein the alpha is a natural number which is more than or equal to 1 and less than N;
according to the formula
Determining the number m of stages for multi-stage the multi-domain flow table, wherein the flow table from the 1 st stage to the m-1 st stage comprises alpha matching domain values, and the flow table of the m stage comprises N- (m-1) alpha matching domain values.
Step S102, respectively determining a first matching rule table in the flow tables from the level 1 to the level m according to the multi-domain flow table;
here, the first matching rule table is a set of matching field value information in which the number of occurrences of a matching field value in each level of flow table in the multi-field flow table is 1;
in other embodiments of the present invention, the step S102 further includes: according to the multi-domain flow table, the times of occurrence of matching domain values in the flow tables from the 1 st level to the m th level in the multi-domain flow table are respectively determined, and a statistical table from the 1 st level to the m th level is correspondingly formed, wherein the statistical table comprises the matching domain values, identification information of the matching domain values and the times of occurrence of the matching domain values;
respectively extracting a first matching domain value with the matching domain value occurrence frequency of 1 and identification information of a rule corresponding to the first matching domain value from a 1 st-m-th statistical table;
and respectively determining a first matching rule table in the flow tables from the 1 st level to the m th level according to the first matching domain value in the 1 st level to the m th level and the identification information of the rule corresponding to the first matching domain value.
Step S103, respectively determining second matching rule tables in the flow tables from the level 1 to the level m according to the multi-domain flow tables;
here, the second matching rule table is a set of matching field value information in which the number of occurrences of a matching field value in each stage of the flow table is greater than 1 in the multi-field flow table.
In other embodiments of the present invention, the step S103 further includes: respectively extracting a second matching threshold value with the occurrence frequency of the matching threshold value larger than 1 and the occurrence frequency of the second matching threshold value from the 1 st level to the m th level statistical tables;
respectively determining identification information of second matching domain values in the 1 st level to the m th level;
and respectively determining a second matching rule table from the 1 st level to the m th level according to the second matching domain value from the 1 st level to the m th level, the identification information of the second matching domain value and the occurrence frequency of the second matching domain value.
Step S104, storing the first matching rule table and the second matching rule table into the flow tables from level 1 to level m respectively.
And step S105, determining a third matching rule table according to the second matching rule table in the flow tables from the 1 st level to the m th level.
Here, the step S105 further includes: respectively extracting identification information of a second matching domain value from a second matching rule table of each stage of the flow tables from the 1 st stage to the m th stage to form a set containing the identification information of the m second matching domain values until the identification information of all the second matching domain values in the second matching rule tables from the 1 st stage to the m th stage is traversed;
respectively calculating the identification information of the m second matching domain values in the set according to a preset algorithm to correspondingly obtain fifth identification information;
respectively determining the identification information of the rule corresponding to the fifth identification information according to the second matching domain value combinations corresponding to the identification information of the m second matching domain values in the set;
and determining a third matching rule table according to the set, the fifth identification information and the identification information of the rule corresponding to the fifth identification information.
And S106, storing the third matching rule table in a Static Random Access Memory (SRAM) in the switch where the multi-domain flow table is located.
In the embodiment of the invention, the flow tables from the 1 st level to the m th level are generated according to the determined parameter alpha and the attribute information of the multi-domain flow table, wherein m is a natural number which is more than 1 and less than or equal to N, and the flow tables from the 1 st level to the m th level at least comprise one matching domain value; the multi-domain flow table comprises at least one rule and a forwarding action corresponding to the at least one rule, the rule comprises matching domain values of N matching domains, N is a natural number greater than 1, and each matching domain comprises at least one matching domain value; respectively determining a first matching rule table in the flow tables from the 1 st level to the m th level according to the multi-domain flow table, wherein the first matching rule table is a set of matching domain value information of which the number of times of occurrence of a matching domain value in each level of flow table in the multi-domain flow table is 1; respectively determining a second matching rule table in the flow tables from the 1 st level to the m th level according to the multi-domain flow table, wherein the second matching rule table is a set of matching domain value information of which the occurrence frequency of the matching domain values in each level of flow table is more than 1 in the multi-domain flow table; and respectively storing the first matching rule table and the second matching rule table into the flow tables from the 1 st level to the m th level. Therefore, the scale of the traditional cross product table can be reduced, and the storage efficiency is improved.
Example two
Based on the foregoing embodiment, an embodiment of the present invention provides a method for converting a multi-stage flow table of a multi-domain flow table, where the method in the embodiment of the present invention is directed to a method for converting an updated multi-domain flow table into a multi-stage flow table when an original multi-domain flow table is updated. And the updating of the multi-domain flow table may include adding a rule or adding a new matching domain.
When the updating of the multi-domain flow table is to add a rule, the method for converting the multi-stage flow table of the multi-domain flow table comprises the following steps:
firstly, receiving a rule which is sent by a controller and needs to be added into the multi-domain flow table;
secondly, judging whether the matching domain value in the rule is the same as the matching domain value in the first matching rule table;
thirdly, if the matching domain value in the rule is the same as the matching domain value in the first matching rule table, adding the matching domain value, the identification information of the matching domain value and the occurrence frequency of the matching domain value to a second matching rule table to obtain an updated second matching rule table;
and step four, determining the updated second matching rule table as a fourth matching rule table.
Step five, if the matching domain value in the rule is different from the matching domain value in the first matching rule table, judging whether the matching domain value in the rule is the same as the matching domain value in the second matching rule table;
sixthly, if the matching domain value in the rule is the same as the matching domain value in the second matching rule table, adding 1 to the occurrence frequency corresponding to the matching domain value in the second matching rule table to obtain an updated second matching rule table;
seventhly, determining the updated second matching rule table as a fourth matching rule table;
and eighthly, if the matching domain value in the rule is different from the matching domain value in the second matching rule table, adding the matching domain value in the rule and the identification information of the logic rule to the first matching rule table.
And ninthly, determining a fifth matching rule table according to a fourth matching rule table in the flow tables from the 1 st level to the m th level.
When the updating of the multi-domain flow table is to add a matching domain and a matching domain value corresponding to the matching domain, the method for converting the multi-level flow table of the multi-domain flow table comprises the following steps:
the method comprises the steps of firstly, receiving a matching domain value which is sent by a controller and is to be added to a matching domain in the multi-domain flow table and the matching domain;
secondly, judging whether the number of the matching domains of the mth level flow table of the multi-domain flow table is less than alpha or not;
and thirdly, if the number of the matching domains in the mth stage flow table of the multi-domain flow table is not less than alpha, generating an m +1 stage flow table.
Fourthly, determining a first matching rule table of the (m + 1) th-level flow table according to the matching domain value of the matching domain to be added;
fifthly, determining a second matching rule table of the (m + 1) th-level flow table according to the matching domain value of the matching domain to be added;
and sixthly, storing the first matching rule table and the second matching rule table of the (m + 1) th-level flow table into the (m + 1) th-level flow table.
And seventhly, determining a sixth matching rule table according to the second matching rule table in the flow tables from the level 1 to the level m + 1.
And eighthly, if the number of the matching domains in the mth-level flow table of the multi-domain flow table is less than alpha, determining a seventh matching rule table of the mth-level flow table according to the multi-domain flow table and the matching domain value to be added.
Here, the seventh matching rule table is a set of matching field value information in which a matching field value in the mth stage flow table and a matching field value to be added appear in the multi-field flow table by the number of times of 1;
ninthly, determining an eighth matching rule table of the m-level flow table according to the multi-domain flow table and the matching domain value to be added;
here, the eighth matching rule table is a set of matching field value information in which a matching field value in the mth stage flow table and a matching field value to be added appear more than 1 times in the multi-field flow table;
tenth, deleting the first matching rule table and the second matching rule table of the m-level flow table;
and step ten, storing a seventh matching rule table and an eighth matching rule table of the mth-level flow table into the mth-level flow table.
And a twelfth step of determining a ninth matching rule table according to the second matching rule table in the flow tables from the level 1 to the level m-1 and the eighth matching rule table in the flow table from the level m.
In the embodiment of the invention, the dynamic update of the rules and the keywords is realized by maintaining the data structures of the statistical label table, the single matching combined rule set, the multi-matching combined label table and the final label table. When a rule is added to the rule of the rule set, the repeated field value only needs to be added to the Count value +1 of the tag table; when only a certain domain value of the rule is not equal to the label table, only the label tables of the domain and the following domains need to be modified and updated, and not all the domain values need to be modified. When a new domain is added to the domain of the rule set, only the new domain needs to be added to the last-stage flow table, the final tag table is modified, and all the tag tables do not need to be modified.
EXAMPLE III
Based on the foregoing embodiments, an embodiment of the present invention provides a method for searching a multi-stage flow table of a multi-domain flow table, which is applied to a device for searching a multi-stage flow table of a multi-domain flow table, and fig. 2 is a schematic flow chart illustrating an implementation of the method for searching a multi-stage flow table of a three-multi-domain flow table according to an embodiment of the present invention, as shown in fig. 2, the method includes:
step S201, receiving a data packet sent by a superior device of a switch;
step S202, the data packet is sequentially matched with a first matching domain value in a first matching rule table in the multi-stage flow table, and first identification information of a first rule is correspondingly obtained;
here, the multi-domain flow table is converted into m-level flow tables, each level of flow table includes a first matching rule table including a first matching domain value and identification information of a rule corresponding to the first matching domain value and a second matching rule table.
Step S203, the data packet is sequentially matched with a second matching domain value in a second matching rule table in the multistage flow table to obtain second identification information of a second rule;
here, the second matching rule table includes at least a second matching threshold.
In other embodiments of the present invention, the step S203 further includes: matching the data packet with a second matching field value in a second matching rule table in the multistage flow table in sequence to respectively obtain fourth identification information of the matching field value matched with the data packet;
calculating the fourth identification information according to a preset algorithm, and determining fifth identification information corresponding to the fourth identification information;
and determining the identification information of the second rule according to the fifth identification information.
Step S204, respectively determining a first priority of the first rule and a second priority of the second rule according to the first identification information and the second identification information;
here, it is possible to select to adopt the number of each rule as the priority of each rule in practical application.
Step S205, determining a rule with a higher priority of the first rule and the second rule as a target rule;
step S206, determining a forwarding action corresponding to the target rule according to the identification information of the target rule;
and step S207, forwarding the data packet according to the forwarding action.
In the embodiment of the invention, a data packet sent by upper-level equipment of a switch is received; sequentially matching the data packet with a first matching domain value in a first matching rule table in the multi-level flow table to correspondingly obtain first identification information of a first rule, wherein the multi-domain flow table is converted into m-level flow tables, each level of flow table comprises a first matching rule table and a second matching rule table, and the first matching rule table comprises the first matching domain value and identification information of a rule corresponding to the first matching domain value; matching the data packet with a second matching field value in a second matching rule table in the multistage flow table in sequence to obtain second identification information of a second rule, wherein the second matching rule table at least comprises the second matching field value; respectively determining a first priority of the first rule and a second priority of the second rule according to the first identification information and the second identification information; determining a rule with a higher priority of the first rule and the second rule as a target rule; determining a forwarding action corresponding to the target rule according to the identification information of the target rule; and forwarding the data packet according to the forwarding action.
Example four
Based on the foregoing embodiments, an embodiment of the present invention first provides a method for converting a multi-stage flow table of a multi-domain flow table.
For ease of understanding, four terms are defined herein. And (3) counting a label table: and a table for counting each domain value combination in the projection formed by the alpha fields, wherein the counting information comprises the type, the ID value and the counting value Count of the domain.
Single matching combination rule set: in the projection of specific alpha fields, each domain value combination has only one matching rule set.
Multi-matching combined label table: in the projection formed by specific alpha fields, each domain value combination has a plurality of matching rules, namely, entries with a Count value not being 1 in the statistical label table, and the statistical information includes the type, ID value and Count value of the domain.
Final label table: and combining the multiple matching combined label tables, and then making a table formed by cross products, wherein the statistical information comprises the type, the ID value and the matching rule of the domain.
As shown in fig. 3, firstly, according to a parameter α, a multi-domain flow table is decomposed into a multi-level flow table containing at most α combinations of domain values, and feature statistics is performed on the multi-domain flow table (rule set), so as to establish a statistical tag table; extracting a single matching combination rule set from the rules influencing the scale of the cross product table; and establishing a multi-matching combined label table according to rules suitable for cross product, and finally establishing a cross product table. Therefore, the number information of the matched rule can be obtained through the matching result of the single matching combined rule set and the multi-matching combined label table, and the stored rule is accessed according to the number information.
Step S300, dividing the rule set of N dimension into a plurality of stages according to the parameter alpha (the manufacturer can control the stage number of the multi-stage flow table by setting alpha, and the default is initialized to 1) which can be input and configured by the user
Stage flow tables, each stage flow table accommodating up to a domainsA combination of values. The combination of the domain values is related to the parameter α, and considering that the number of stages of the multi-stage flow table may be more, and it is impossible to process the flow table of each stage only with a single domain, therefore, when the value of α is larger, the number of combinations of the domain values in the multi-matching combined tag table stored in the flow table of each stage is larger, and the number of stages of the multi-stage flow table can be reduced. For example, when the preset value of α is 2, it means that the content of only two fields is saved in each stage of the flow table.
Step S310, all the rules in the multi-domain flow table (rule set) are sequenced from the most to the least according to the occurrence frequency, and each level of flow table is established according to the combination of each alpha domain value. And (3) counting each domain value combination to establish a statistical tag table, wherein each statistical tag table comprises three statistical information: a field value, an ID, and a Count value Count of the same field value.
Taking 98241 rule sets of a certain type as an example, the statistical result of different values of each domain is: the Destination Address (DA) field has the highest distinguishability, and 90448 different values exist; secondly, a Source Address (SA) field, wherein 86323 different values are provided; then, a Destination Port (DP) field, which has 55 different values; next, Source Port (SP) fields, with 35 different values; finally, the protocol (Prot) field has 7 different values.
For ease of understanding, this embodiment is illustrated by a simple rule set containing 10 fields as shown in table 1, and a specific implementation flow is described.
TABLE 1A simple rule set containing 10 fields
According to the configuration of α, the specific implementation flows of α ═ 1 and α ═ 2 are stated as shown in fig. 4-1 and 4-2, respectively, and the two modes are analyzed.
(1) When the configurable parameter α is 1, the 5-dimensional rule set is divided into 5-level flow tables. And establishing 5 statistical label tables according to the 10 rules in the rule set, namely an SA domain, a DA domain, an SP domain, a DP domain and a Prot domain, and sequentially storing the tables into a multi-stage flow table according to distinctiveness. The table of the statistical labels in the SA domain is shown in table 2, the table of the statistical labels in the DA domain is shown in table 3, the table of the statistical labels in the SP domain is shown in table 4, the table of the statistical labels in the DP domain is shown in table 5, and the table of the statistical labels in the Prot domain is shown in table 6.
TABLE 2 statistical tag Table of SA fields
| SA | Statistical tag | Count | |
| 001* | 1 | 4 | |
| * | 2 | 3 | |
| 1101 | 3 | 1 | |
| 011* | 4 | 1 | |
| 000* | 5 | 1 |
TABLE 3 statistical tag Table of DA Domain
TABLE 4 statistical tag Table of SP fields
| SP | Statistical tag Table ID | Count |
| [8:10] | 1 | 4 |
| [0:15] | 2 | 3 |
| [11:15] | 3 | 1 |
| [2:4] | 4 | 1 |
| [7:7] | 5 | 1 |
TABLE 5 statistical tag Table of DP Domain
| DP | Statistical tag Table ID | Count |
| [2:4] | 1 | 6 |
| [0:15] | 2 | 2 |
| [8:10] | 3 | 1 |
| [1:1] | 4 | 1 |
TABLE 6 statistical tag Table of Prot fields
| Prot | Statistical tag Table ID | Count |
| * | 1 | 10 |
(2) When the configurable parameter α is 2, similar to the method of α being 1, where SA field is combined with DA field, SP field is combined with DP field, and since only Prot field is left, it is one stage alone, 3 statistical tag tables are established for 10 rules in the rule set according to SA field combined with DA field, SP field combined with DP field and Prot field, and are stored in the multi-stage flow table in sequence according to distinctiveness.
Step S320, extract a rule set of single matching combination from the rule (i.e. only the uniquely matched rule in each domain value combination) with the Count value of 1 counted by the statistical tag table, where the rule set is an important component affecting the scale of the cross product table.
Step S330, directly storing the number information of the rule in the single matching combination rule set of each stage of the flow table for the rule corresponding to the single matching combination rule set (when the incoming packet searches for the single matching combination rule set, because each domain value combination has only a unique matching number, the stored rule can be accessed according to the number information).
Step S340, counting a plurality of matching rules in each domain value combination, that is, counting the entries with the Count value not being 1 in the tag table, and establishing a multi-matching combination tag table.
(1) The | combination tag tables of the flow tables at each stage when α is 1 are shown in table 7, table 8, table 9, table 10, and table 11. The multi-matching combined label table mainly records two parts of contents: taking the first table entry of table 7 as an example, the multiple matching combination tag table 001 indicates the lookup field value of the SA, and the combination ID is the ID value to be cross-multiplied and the Count value Count. In the multi-stage flow table searching process, the combined ID values of all the flow tables are first found out, and then cross product is performed to obtain the final matched rule number information.
Table 7, multi-matching combined tag table of first-stage flow table
| Multi-matching combined label meter (SA) | | Count | |
| 001* | 1 | 4 | |
| * | 2 | 3 |
Table 8, multi-matching combined tag table of second-stage flow table
| Multi-matching combined label table (DA) | | Count | |
| 101* | 1 | 2 | |
| * | 2 | 5 |
Table 9, multi-matching combined tag table of third-stage flow table
| Multi-matching combined label table (SP) | Combination ID | Count |
| [8:10] | 1 | 4 |
| [0:15] | 2 | 3 |
Table 10, fourth stage flow table multiple matching combined label table
| Multi-matching combined label table (DP) | Combination ID | Count |
| [2:4] | 1 | 6 |
| [0:15] | 2 | 2 |
Table 11, multi-matching combined tag table of fifth-stage flow table
| Multi-matching combined label table (DA) | Combination ID | Count |
| * | 1 | 10 |
(2) When α is 2, the multiple matching combination tag tables of the flow tables of the respective stages are shown in table 13, table 14, and table 15.
Table 13, multi-matching combined tag table of first-stage flow table
| Multi-matching combined label table (SA, DA) | Combination ID | Count |
| (001*,101*) | 1 | 2 |
| (*,*) | 2 | 2 |
Table 14, multi-matching combined tag table of second stage flow table
| Multi-matching combined label table (SP, DP) | Combination ID | Count |
| ([8:10],[2:4]) | 1 | 4 |
| ([0:15],[0:15]) | 2 | 2 |
Table 15, multi-matching combined tag table of third-stage flow table
| Multi-matching combined label table (Prot) | Combination ID | Count |
| * | 1 | 10 |
Step S350, constructing a cross product table from the multi-matching combined tag tables in all the flow tables, thereby constructing a final tag table.
(1) The multi-matching combination tag tables shown in tables 7, 8, 9, 10, and 11 are cross-multiplied when α is 1, thereby constructing a final tag table. The final label table is shown in table 12. The final tag table mainly records three parts of contents: taking the first entry of table 12 as an example, the final tag table (1,1,1,1,1) indicates (SA multi-match combined tag table ID, DA multi-match combined tag table ID, SP multi-match combined tag table ID, DP multi-match combined tag table ID, Prot multi-match combined tag table ID); after the final ID is used for matching the combined ID of the 5-level flow table, the combined ID calculates the searched ID value through a cross product formula; the final matching is to directly find the number information in the final tag table according to the calculated final ID, so as to match the rule. Therefore, for the multi-matching combined tag table, the combined ID of each stage of the flow table is searched step by step, and then the combined ID is calculated by the cross product formula to find out the final matching rule, and the decomposition process is as shown in fig. 4-1. It can be calculated from tables 2, 3, 4, 5 and 6 that if 5 × 4 × 1 is 500 entries for building the cross product table by using the conventional cross product method, the invention only needs to build the cross product table with 16 entries, which reduces the size by one order of magnitude.
Table 12 final tag table of α ═ 1
(2) When α is 2, the multiple matching combination tag tables shown in table 13, table 14, and table 15 are cross-product aggregated to construct a final tag table. The final label table is shown in table 16. For the multi-matching combined tag table, the combined ID of each stage of the flow table is searched step by step, then the combined ID is calculated through a cross product formula, and the final matching rule is searched, wherein the decomposition process is shown in fig. 4-2. It can be seen that when α is 2, it is only necessary to build a cross-product table of 4 entries, which is reduced in size by a factor of 4 compared to when α is 1.
Table 16, final tag table of α ═ 2
And finally, the dynamic update of the rules and the keywords is realized by maintaining the data structures of the statistical label table, the single matching combined rule set, the multi-matching combined label table and the final label table. When a rule is added to the rule of the rule set, the repeated field value only needs to be added to the Count value +1 of the tag table; when only a certain domain value of the rule is not equal to the label table, only the label tables of the domain and the following domains need to be modified and updated, and not all the domain values need to be modified. When a new domain is added to the domain of the rule set, only the new domain needs to be added to the last-stage flow table, the final tag table is modified, and all the tag tables do not need to be modified.
In the embodiment of the invention, the matching process is decomposed into a plurality of steps to form a pipeline processing form, so that the total number of records of the flow table is reduced. According to the embodiment of the invention, through observation of data characteristics, the scale of the cross product table is mainly influenced by the Count value of 1, namely the single-matching combined rule set when the rule set is decomposed into the multi-stage flow table, so that the rule influencing the scale of the cross product table is extracted into the single-matching combined rule set; and establishing a multi-matching combined label table according to rules suitable for cross product, and finally establishing a cross product table. Compared with the traditional cross product algorithm, the scale of the cross product table is effectively reduced, and the space complexity of the algorithm is greatly reduced.
EXAMPLE five
Based on the foregoing embodiments, embodiments of the present invention provide a method for searching a multi-stage flow table of a multi-domain flow table, where the searching of the multi-stage flow table conversion method of the multi-domain flow table is shown in fig. 5. For an incoming network packet, a single matching combination rule set and a multi-matching combination label table need to be searched simultaneously. In the searching process, for the single matching combination rule set, the rules in the single matching combination rule set of the multi-stage flow table are searched in sequence until the rules are matched or the single matching combination rule set of the last stage flow table is searched. And for the multi-matching combined tag table, searching each stage of flow table step by step, and performing cross product on the search result of each stage of flow table to match the serial number information of the rule. And then, accessing the stored rule according to the number information by combining the number information matched in the single matching combination rule set and the multiple matching combination tag table, and finally selecting the corresponding Action according to the priority order (the number order of the rule) of the rule.
(1) When the configurable parameter α is 1, as shown in fig. 6-1, the input packet (0010,0011,12,9,0x06) may be found by finding the combination ID values 1 and 2 in the multi-matching combination tag table of the first-stage flow table; similarly, finding a combined ID value of 2 in a multi-matching combined label table of the second-stage flow table; similarly, finding a combined ID value of 2 in a multi-matching combined label table of the third-stage flow table; similarly, finding a combined ID value of 2 in a multi-matching combined label table of the fourth-stage flow table; similarly, the combination ID value of 1 is found in the multi-matching combination tag table of the fifth-stage flow table. The cross product is calculated as follows, for example, the combined ID value such as (1,2,2,2,1) found in the 5-stage flow table is calculated to be the final ID of 8 by the cross product formula (2-1) × 4+ (2-1) × 2+ (2-1) × 1+1, and the number information of R10 is obtained in the final tag table. Meanwhile, the data packet (0010,0011,12,9,0x06) is found to the number information of R5 in the single matching combining rule set. And accessing the stored rule according to the number information by combining the number information matched in the single matching combination rule set and the multi-matching combination label table. Therefore, the final matching rule is R5.
(2) When the configurable parameter α is 2, similar to the method of α being 1, as shown in fig. 6-2, the input packet (0010,0011,12,9,0x06) may be looked up through the multi-matching combined tag table, and the number information of R10 is obtained in the final tag table. Meanwhile, the data packet (0010,0011,12,9,0x06) is searched in the single matching combining rule set, and the number information of the R5 is searched in the single matching combining rule set of the first-stage flow table. And accessing the stored rule according to the number information by combining the number information matched in the single matching combination rule set and the multi-matching combination label table. Therefore, the final matching rule is R5.
With reference to the foregoing embodiment, a system flowchart of a method for converting a multi-stage flow table of a multi-domain flow table and a method for searching the multi-stage flow table in the embodiment of the present invention is shown in fig. 7, where the process includes:
step S700, after establishing a multi-stage flow table, storing a rule set in the flow table for searching;
step S710 searches for an incoming data packet using the established multi-stage flow table, and matches an optimal matching rule, where the establishment of the multi-stage flow table is shown in fig. 3;
step S720 maintains the multi-stage flow table, and is responsible for updating the rule base.
EXAMPLE six
An embodiment of the present invention provides a multi-stage device of a multi-domain flow table, fig. 8 is a schematic structural diagram of a multi-stage device of a six-multi-domain flow table according to an embodiment of the present invention, and as shown in fig. 8, the device 800 includes: a first receiving module 801, a third determining module 802, a first generating module 803, a first determining module 804, a second determining module 805, a first storing module 806, a fourth determining module 807, a second storing module 808, wherein:
the first receiving module 801 is configured to receive a parameter α input by a user;
here, α is a natural number of 1 or more and less than N;
the third determining module 802 for determining according to a formula
Determining a number m of stages for which the multi-domain flow table is multistage;
here, α matching field values are included in each of the 1 st-stage flow table to the m-1 st-stage flow table, and N- (m-1) α matching field values are included in the m-stage flow table.
The first generating module 803 is configured to generate flow tables of level 1 to level m according to the determined parameters and the attribute information of the multi-domain flow table;
here, m is a natural number greater than 1 and less than or equal to N, at least one matching domain value is included in the flow tables from level 1 to level m, the multi-domain flow table includes at least one rule and a forwarding action corresponding to the at least one rule, the rule includes matching domain values of N matching domains, N is a natural number greater than 1, and each matching domain includes at least one matching domain value;
the first determining module 804 is configured to determine, according to the multi-domain flow tables, first matching rule tables in the flow tables from the level 1 to the level m, respectively;
here, the first matching rule table is a set of matching field value information in which the number of occurrences of a matching field value in each level of flow table in the multi-field flow table is 1;
in other embodiments of the present invention, the first determining module further comprises: a first determining unit, configured to respectively determine, according to the multi-domain flow table, the number of times that a matching domain value in the flow tables from level 1 to level m appears in the multi-domain flow table, and correspondingly form statistical tables from level 1 to level m, where the statistical tables include the matching domain value, identification information of the matching domain value, and the number of times that the matching domain value appears;
the first extraction unit is used for respectively extracting a first matching domain value with the matching domain value occurrence frequency of 1 and identification information of a rule corresponding to the first matching domain value from the 1 st-m-th-level statistical table;
and a second determining unit, configured to determine, according to the first matching domain value in the 1 st to m-th stages and identification information of a rule corresponding to the first matching domain value, a first matching rule table in the 1 st to m-th stage flow tables, respectively.
The second determining module 805 is configured to determine, according to the multi-domain flow tables, second matching rule tables in the flow tables from the level 1 to the level m respectively;
here, the second matching rule table is a set of matching field value information in which the number of occurrences of a matching field value in each level of flow table in the multi-field flow table is greater than 1;
in other embodiments of the present invention, the second determining module further comprises: the second extraction unit is used for respectively extracting a second matching threshold value with the occurrence frequency of the matching threshold value larger than 1 and the occurrence frequency of the second matching threshold value from the 1 st level to the m th level statistical table;
a third determining unit configured to determine identification information of second matching field values in the 1 st level to the m th level, respectively;
a fourth determining unit, configured to determine a second matching rule table from the level 1 to the level m according to the second matching threshold from the level 1 to the level m, the identification information of the second matching threshold, and the number of times of occurrence of the second matching threshold, respectively.
The first storing module 806 is configured to store the first matching rule table and the second matching rule table in the flow tables from level 1 to level m, respectively.
The fourth determining module 807, configured to determine a third matching rule table according to the second matching rule table in the flow tables from level 1 to level m;
in other embodiments of the present invention, the fourth determining module further comprises: a third extracting unit, configured to extract identification information of one second matching domain value from each second matching rule table of each stage of the flow tables from the 1 st stage to the m th stage, to form a set including the identification information of the m second matching domain values, until the identification information of all the second matching domain values in the second matching rule tables in the flow tables from the 1 st stage to the m th stage is traversed;
the first calculating unit is used for calculating the identification information of the m second matching threshold values in the set according to a preset algorithm respectively to correspondingly obtain fifth identification information;
a fifth determining unit, configured to determine, according to second matching domain value combinations corresponding to the identification information of m second matching domain values in the set, identification information of rules corresponding to the fifth identification information, respectively;
a sixth determining unit, configured to determine a third matching rule table according to the set, the fifth identification information, and the identification information of the rule corresponding to the fifth identification information.
The second storage module 808 is configured to store the third matching rule table in a static random access memory SRAM in the switch where the multi-domain flow table is located.
Here, it should be noted that: the above description of the embodiment of the apparatus is similar to the above description of the embodiment of the method, and has similar beneficial effects to the embodiment of the method, and therefore, the description thereof is omitted. For technical details that are not disclosed in the embodiments of the apparatus of the present invention, please refer to the description of the embodiments of the method of the present invention for understanding, and therefore, for brevity, will not be described again.
EXAMPLE seven
Based on the foregoing embodiments, an embodiment of the present invention provides a translation device for a multi-stage flow table of a multi-domain flow table, where the translation device in the embodiment of the present invention is a device that, when an original multi-domain flow table is updated, converts the updated multi-domain flow table into the multi-stage flow table. And the updating of the multi-domain flow table may include adding a rule or adding a new matching domain.
When the updating of the multi-domain flow table is to add a rule, the translation device of the multi-stage flow table of the multi-domain flow table includes: the device comprises a second receiving module, a first judging module, a first updating module, a fifth determining module, a second judging module, a second updating module, a sixth determining module, a third updating module and a seventh determining module, wherein:
the second receiving module is used for receiving the rule which is sent by the controller and needs to be added into the multi-domain flow table;
the first judging module is used for judging whether the matching domain value in the rule is the same as the matching domain value in the first matching rule table or not;
a first updating module, configured to add, if a matching threshold in the rule is the same as a matching threshold in a first matching rule table, the matching threshold, identification information of the matching threshold, and the number of times the matching threshold appears to a second matching rule table, so as to obtain an updated second matching rule table;
and the fifth determining module is used for determining the updated second matching rule table as a fourth matching rule table.
A second judging module, configured to judge whether the matching domain value in the rule is the same as the matching domain value in the second matching rule table if the matching domain value in the rule is not the same as the matching domain value in the first matching rule table;
a second updating module, configured to add 1 to the occurrence frequency corresponding to the matching threshold in the second matching rule table to obtain an updated second matching rule table if the matching threshold in the rule is the same as the matching threshold in the second matching rule table;
a sixth determining module, configured to determine the updated second matching rule table as a fourth matching rule table;
and the third updating module is used for adding the matching domain value in the rule and the identification information of the logic rule to the first matching rule table if the matching domain value in the rule is different from the matching domain value in the second matching rule table.
And the seventh determining module is used for determining a fifth matching rule table according to the fourth matching rule table in the flow tables from the 1 st level to the m th level.
When the updating of the multi-domain flow table is to add a matching domain and a matching domain value corresponding to the matching domain, the conversion device of the multi-level flow table of the multi-domain flow table comprises: a third receiving module, a third judging module, a second generating module, an eighth determining module, a ninth determining module, a third storing module, a tenth determining module, an eleventh determining module, a twelfth determining module, a first deleting module, a fourth storing module, and a thirteenth determining module, wherein:
a third receiving module, configured to receive a matching field to be added to the multi-field flow table and a matching field value of the matching field sent by the controller;
the third judging module is used for judging whether the number of the matching domains of the mth-level flow table of the multi-domain flow table is less than alpha or not;
and the second generating module is used for generating an m + 1-level flow table if the number of the matching domains in the m-level flow table of the multi-domain flow table is not less than alpha.
An eighth determining module, configured to determine, according to the matching domain value of the matching domain to be added, a first matching rule table of the (m + 1) -th stage flow table;
a ninth determining module, configured to determine a second matching rule table of the (m + 1) th stage flow table according to the matching domain value of the matching domain to be added;
a third storage module, configured to store the first matching rule table and the second matching rule table of the (m + 1) -th stage flow table in the (m + 1) -th stage flow table.
And the tenth determining module is used for determining a sixth matching rule table according to the second matching rule table in the flow tables from the 1 st level to the m +1 th level.
An eleventh determining module, configured to determine, according to the multi-domain flow table and the matching domain value to be added, a seventh matching rule table of the m-th stage flow table if the number of matching domains in an m-th stage flow table of the multi-domain flow table is less than α, where the seventh matching rule table is a set of matching domain value information in which the number of occurrences of the matching domain value in the m-th stage flow table and the matching domain value to be added in the multi-domain flow table is 1;
a twelfth determining module, configured to determine, according to the multi-domain flow table and the matching domain value to be added, an eighth matching rule table of the mth-level flow table, where the eighth matching rule table is a set of matching domain value information in which the number of occurrences of the matching domain value in the mth-level flow table and the matching domain value to be added in the multi-domain flow table is greater than 1;
the first deleting module is used for deleting a first matching rule table and a second matching rule table of the m-level flow table;
and the fourth storage module is used for storing the seventh matching rule table and the eighth matching rule table of the mth-level flow table into the mth-level flow table.
A thirteenth determining module, configured to determine a ninth matching rule table according to the second matching rule table in the flow tables from level 1 to level m-1 and the eighth matching rule table in the flow table from level m.
Here, it should be noted that: the above description of the embodiment of the apparatus is similar to the above description of the embodiment of the method, and has similar beneficial effects to the embodiment of the method, and therefore, the description thereof is omitted. For technical details that are not disclosed in the embodiments of the apparatus of the present invention, please refer to the description of the embodiments of the method of the present invention for understanding, and therefore, for brevity, will not be described again.
Example eight
Based on the foregoing embodiments, an embodiment of the present invention provides a device for searching a multi-stage flow table of a multi-domain flow table, where fig. 9 is a schematic view of a composition structure of the device for searching a multi-stage flow table of an eight-multi-domain flow table according to the embodiment of the present invention, and as shown in fig. 9, the device 900 includes: a fourth receiving module 901, a first matching module 902, a second matching module 903, a fourteenth determining module 904, a fifteenth determining module 905, a sixteenth determining module 906, and a forwarding module 907, wherein:
the fourth receiving module 901 is configured to receive a data packet sent by a superior device of the switch;
the first matching module 902 is configured to match the data packet with a first matching domain value in a first matching rule table in the multi-stage flow table in sequence, and obtain first identification information of a first rule correspondingly, where the multi-domain flow table is converted into m-stage flow tables, each stage of flow table includes a first matching rule table and a second matching rule table, and the first matching rule table includes the first matching domain value and identification information of a rule corresponding to the first matching domain value;
the second matching module 903 is configured to match the data packet with a second matching threshold in a second matching rule table in the multistage flow table in sequence to obtain second identification information of a second rule, where the second matching rule table at least includes the second matching threshold;
in other embodiments of the present invention, the second matching module further comprises: the matching unit is used for sequentially matching the data packet with a second matching field value in a second matching rule table in the multistage flow table to respectively obtain fourth identification information of the matching field value matched with the data packet;
the calculating unit is used for calculating the fourth identification information according to a preset algorithm and determining fifth identification information corresponding to the fourth identification information;
a seventh determining unit, configured to determine, according to the fifth identification information, the identification information of the second rule.
The fourteenth determining module 904 is configured to determine a first priority of the first rule and a second priority of the second rule according to the first identification information and the second identification information, respectively;
the fifteenth determining module 905 is configured to determine a rule with a higher priority of the first rule and the second rule as a target rule;
the sixteenth determining module 906, configured to determine, according to the identification information of the target rule, a forwarding action corresponding to the target rule;
the forwarding module 907 is configured to forward the data packet according to the forwarding action.
Here, it should be noted that: the above description of the embodiment of the apparatus is similar to the above description of the embodiment of the method, and has similar beneficial effects to the embodiment of the method, and therefore, the description thereof is omitted. For technical details that are not disclosed in the embodiments of the apparatus of the present invention, please refer to the description of the embodiments of the method of the present invention for understanding, and therefore, for brevity, will not be described again.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.
Claims (15)
1. A method of multi-staging a multi-domain flow table, the method comprising:
generating a level 1 to a level m flow table according to the determined parameter α and the attribute information of the multi-domain flow table, wherein m is a natural number which is greater than 1 and less than or equal to N, the level 1 to the level m flow table at least comprise one matching domain value, the level 1 to the level m-1 flow tables all comprise α matching domain values, the level m flow table has N- (m-1) α matching domain values, the multi-domain flow table comprises at least one rule and a forwarding action corresponding to the at least one rule, the rule comprises the matching domain values of N matching domains, N is a natural number which is greater than 1, and each matching domain comprises at least one matching domain value;
respectively determining a first matching rule table in the flow tables from the 1 st level to the m th level according to the multi-domain flow table, wherein the first matching rule table is a set of matching domain value information of which the number of times of occurrence of a matching domain value in each level of flow table in the multi-domain flow table is 1;
respectively determining a second matching rule table in the flow tables from the 1 st level to the m th level according to the multi-domain flow table, wherein the second matching rule table is a set of matching domain value information of which the occurrence frequency of the matching domain values in each level of flow table is more than 1 in the multi-domain flow table;
storing the first matching rule table and the second matching rule table in a flow table from level 1 to level m respectively;
respectively extracting identification information of a second matching domain value from a second matching rule table of each stage of the flow tables from the 1 st stage to the m th stage to form a set containing the identification information of the m second matching domain values until the identification information of all the second matching domain values in the second matching rule tables from the 1 st stage to the m th stage is traversed;
respectively calculating the identification information of the m second matching domain values in the set according to a preset algorithm to correspondingly obtain fifth identification information;
respectively determining the identification information of the rule corresponding to the fifth identification information according to the second matching domain value combinations corresponding to the identification information of the m second matching domain values in the set;
determining a third matching rule table according to the set, the fifth identification information and the identification information of the rule corresponding to the fifth identification information;
and storing the third matching rule table in a Static Random Access Memory (SRAM) in the switch where the multi-domain flow table is located.
2. The method according to claim 1, wherein before the generating the level 1 to level m flow tables based on the determined parameter α and the attribute information of the multi-domain flow table, the method further comprises:
receiving a parameter alpha input by a user, wherein the alpha is a natural number which is more than or equal to 1 and less than N;
according to the formula m =
And determining the number m of the stages of the multi-domain flow table.
3. The method of claim 1, wherein said determining a first matching rule table in said level 1 to m-th flow tables, respectively, according to said multi-domain flow tables comprises:
according to the multi-domain flow table, the times of occurrence of matching domain values in the flow tables from the 1 st level to the m th level in the multi-domain flow table are respectively determined, and a statistical table from the 1 st level to the m th level is correspondingly formed, wherein the statistical table comprises the matching domain values, identification information of the matching domain values and the times of occurrence of the matching domain values;
respectively extracting a first matching domain value with the matching domain value occurrence frequency of 1 and identification information of a rule corresponding to the first matching domain value from a 1 st-m-th statistical table;
and respectively determining a first matching rule table in the flow tables from the 1 st level to the m th level according to the first matching domain value in the 1 st level to the m th level and the identification information of the rule corresponding to the first matching domain value.
4. The method of claim 3, wherein said determining a second matching rule table in said level 1 to m-th flow tables, respectively, according to said multi-domain flow tables comprises:
respectively extracting a second matching threshold value with the occurrence frequency of the matching threshold value larger than 1 and the occurrence frequency of the second matching threshold value from the 1 st level to the m th level statistical tables;
respectively determining identification information of second matching domain values in the 1 st level to the m th level;
and respectively determining a second matching rule table from the 1 st level to the m th level according to the second matching domain value from the 1 st level to the m th level, the identification information of the second matching domain value and the occurrence frequency of the second matching domain value.
5. The method of claim 1, further comprising:
receiving a rule which is sent by a controller and needs to be added into the multi-domain flow table;
judging whether the matching domain value in the rule is the same as the matching domain value in the first matching rule table;
if the matching domain value in the rule is the same as the matching domain value in the first matching rule table, adding the matching domain value, the identification information of the matching domain value and the occurrence frequency of the matching domain value to the second matching rule table to obtain an updated second matching rule table;
and determining the updated second matching rule table as a fourth matching rule table.
6. The method of claim 5, further comprising:
if the matching domain value in the rule is different from the matching domain value in the first matching rule table, judging whether the matching domain value in the rule is the same as the matching domain value in the second matching rule table;
if the matching domain value in the rule is the same as the matching domain value in the second matching rule table, adding 1 to the occurrence frequency corresponding to the matching domain value in the second matching rule table to obtain an updated second matching rule table;
determining the updated second matching rule table as the fourth matching rule table;
and if the matching domain value in the rule is different from the matching domain value in the second matching rule table, adding the matching domain value in the rule and the identification information of the logic rule to the first matching rule table.
7. The method of claim 5 or 6, further comprising:
determining a fifth matching rule table according to the fourth matching rule table in the 1 st to m-th stage flow tables.
8. The method of claim 1, further comprising:
receiving a matching field value sent by a controller to be added to a matching field and the matching field in the multi-field flow table;
judging whether the number of matching domains of the mth stage flow table of the multi-domain flow table is less than alpha or not;
and if the number of the matching domains in the m-th stage flow table of the multi-domain flow table is not less than alpha, generating an m + 1-th stage flow table.
9. The method of claim 8, further comprising:
determining a first matching rule table of the (m + 1) th-level flow table according to the matching domain value of the matching domain to be added;
determining a second matching rule table of the (m + 1) th-level flow table according to the matching domain value of the matching domain to be added;
storing the first matching rule table and the second matching rule table of the (m + 1) th stage flow table into the (m + 1) th stage flow table.
10. The method of claim 8 or 9, further comprising:
and determining a sixth matching rule table according to the second matching rule table in the flow tables from the level 1 to the (m + 1) th level.
11. The method of claim 8, further comprising:
if the number of the matching domains in the mth-level flow table of the multi-domain flow table is less than alpha, determining a seventh matching rule table of the mth-level flow table according to the multi-domain flow table and the matching domain value to be added, wherein the seventh matching rule table is a set of matching domain value information of which the number of times of occurrence of the matching domain value in the mth-level flow table and the matching domain value to be added in the multi-domain flow table is 1;
determining an eighth matching rule table of the mth-level flow table according to the multi-domain flow table and the matching domain value to be added, wherein the eighth matching rule table is a set of matching domain value information of which the number of times of occurrence of the matching domain value in the mth-level flow table and the matching domain value to be added in the multi-domain flow table is greater than 1;
deleting a first matching rule table of the mth stage flow table and a second matching rule table of the mth stage flow table;
storing a seventh matching rule table and the eighth matching rule table of the mth stage flow table to the mth stage flow table.
12. The method of claim 8 or 11, further comprising:
and determining a ninth matching rule table according to the second matching rule table in the flow tables from the 1 st level to the m-1 st level and the eighth matching rule table in the flow table of the m level.
13. A method of lookup of a multi-level flow table of a multi-domain flow table, the method comprising:
receiving a data packet sent by upper-level equipment of a switch;
sequentially matching the data packet with a first matching domain value in a first matching rule table in the multi-level flow table to correspondingly obtain first identification information of a first rule, wherein the multi-domain flow table is converted into m-level flow tables, each level of flow table comprises a first matching rule table and a second matching rule table, and the first matching rule table comprises the first matching domain value and identification information of a rule corresponding to the first matching domain value;
matching the data packet with a second matching field value in a second matching rule table in the multistage flow table in sequence to obtain second identification information of a second rule, wherein the second matching rule table at least comprises the second matching field value;
respectively determining a first priority of the first rule and a second priority of the second rule according to the first identification information and the second identification information;
determining a rule with a higher priority of the first rule and the second rule as a target rule;
determining a forwarding action corresponding to the target rule according to the identification information of the target rule;
forwarding the data packet according to the forwarding action;
wherein, the sequentially matching the data packet with the second matching field value in the second matching rule table in the multistage flow table to obtain the second identification information of the second rule includes:
matching the data packet with a second matching field value in a second matching rule table in the multistage flow table in sequence to respectively obtain fourth identification information of the matching field value matched with the data packet;
calculating the fourth identification information according to a preset algorithm, and determining fifth identification information corresponding to the fourth identification information;
and determining the second identification information of the second rule according to the fifth identification information.
14. An apparatus for multi-staging a multi-domain flow table, the apparatus comprising:
the multi-domain flow table comprises a first generation module, a second generation module and a forwarding module, wherein the first generation module is used for generating a level 1 flow table to a level m flow table according to a determined parameter alpha and attribute information of the multi-domain flow table, m is a natural number which is more than 1 and less than or equal to N, the level 1 flow table to the level m flow table at least comprise one matching domain value, the level 1 flow table to the level m-1 flow table respectively comprise alpha matching domain values, the level m flow table comprises N- (m-1) alpha matching domain values, the multi-domain flow table comprises at least one rule and a forwarding action corresponding to the at least one rule, the rule comprises the matching domain values of N matching domains, N is a natural number which is more than 1, and each matching domain comprises at least one matching domain value;
a first determining module, configured to determine, according to the multi-domain flow tables, first matching rule tables in the flow tables from the level 1 to the level m, where the first matching rule table is a set of matching threshold information in which a matching threshold in each level of the flow table appears in the multi-domain flow table for 1 time;
a second determining module, configured to determine, according to the multi-domain flow tables, second matching rule tables in the flow tables from the level 1 to the level m, where the second matching rule table is a set of matching domain information in which a number of times that a matching domain appears in the multi-domain flow table in each level of the flow tables is greater than 1;
the first storage module is used for storing the first matching rule table and the second matching rule table into the flow tables from level 1 to level m respectively;
a third determining module, configured to extract identification information of a second matching domain value from a second matching rule table of each stage of flow tables in the 1 st-m th stage of flow tables, to form a set including identification information of m second matching domain values, until the identification information of all second matching domain values in the second matching rule tables in the 1 st-m th stage of flow tables is traversed; respectively calculating the identification information of the m second matching domain values in the set according to a preset algorithm to correspondingly obtain fifth identification information; respectively determining the identification information of the rule corresponding to the fifth identification information according to the second matching domain value combinations corresponding to the identification information of the m second matching domain values in the set; determining a third matching rule table according to the set, the fifth identification information and the identification information of the rule corresponding to the fifth identification information;
and the second storage module is used for storing the third matching rule table in a Static Random Access Memory (SRAM) in the switch where the multi-domain flow table is located.
15. An apparatus for looking up a multi-stage flow table of a multi-domain flow table, the apparatus comprising:
the fourth receiving module is used for receiving the data packet sent by the upper-level equipment of the switch;
the first matching module is used for sequentially matching the data packet with a first matching domain value in a first matching rule table in the multistage flow table to correspondingly obtain first identification information of a first rule; the multi-domain flow table is converted into m-level flow tables, each level of flow table comprises a first matching rule table and a second matching rule table, and the first matching rule table comprises a first matching domain value and identification information of a rule corresponding to the first matching domain value;
the second matching module is used for sequentially matching the data packet with a second matching domain value in a second matching rule table in the multistage flow table to obtain second identification information of a second rule; wherein the second matching rule table comprises at least the second matching threshold; wherein, the sequentially matching the data packet with the second matching field value in the second matching rule table in the multistage flow table to obtain the second identification information of the second rule includes: matching the data packet with a second matching field value in a second matching rule table in the multistage flow table in sequence to respectively obtain fourth identification information of the matching field value matched with the data packet; calculating the fourth identification information according to a preset algorithm, and determining fifth identification information corresponding to the fourth identification information; determining the second identification information of the second rule according to the fifth identification information;
a fourteenth determining module, configured to determine a first priority of the first rule and a second priority of the second rule according to the first identification information and the second identification information, respectively;
a fifteenth determining module, configured to determine a rule with a higher priority of the first rule and the second rule as a target rule;
a sixteenth determining module, configured to determine, according to the identification information of the target rule, a forwarding action corresponding to the target rule;
and the forwarding module is used for forwarding the data packet according to the forwarding action.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610935403.4A CN108011823B (en) | 2016-11-01 | 2016-11-01 | Multi-stage method and device for multi-domain flow table and multi-stage flow table searching method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610935403.4A CN108011823B (en) | 2016-11-01 | 2016-11-01 | Multi-stage method and device for multi-domain flow table and multi-stage flow table searching method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108011823A CN108011823A (en) | 2018-05-08 |
| CN108011823B true CN108011823B (en) | 2021-11-19 |
Family
ID=62048090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610935403.4A Active CN108011823B (en) | 2016-11-01 | 2016-11-01 | Multi-stage method and device for multi-domain flow table and multi-stage flow table searching method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108011823B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109039914B (en) * | 2018-08-23 | 2020-11-27 | 迈普通信技术股份有限公司 | Message processing method and device and electronic equipment |
| CN109347745A (en) * | 2018-09-20 | 2019-02-15 | 郑州云海信息技术有限公司 | A kind of flow table matching process and device based on OpenFlow interchanger |
| CN109672669B (en) * | 2018-12-03 | 2021-07-30 | 国家计算机网络与信息安全管理中心 | Method and device for filtering flow message |
| CN109815263B (en) * | 2019-01-04 | 2021-10-26 | 烽火通信科技股份有限公司 | Fuzzy search data stream identification method and system |
| CN110365590B (en) * | 2019-07-12 | 2021-06-04 | 北京大学深圳研究生院 | Two-stage caching method and two-stage timeout flow table structure |
| US11552887B2 (en) * | 2019-08-07 | 2023-01-10 | Arista Networks, Inc. | System and method of processing packet classification with range sets |
| CN113645137B (en) * | 2021-08-02 | 2022-05-31 | 清华大学 | Software defined network multi-level flow table compression method and system |
| CN114900475B (en) * | 2022-04-29 | 2023-07-14 | 鹏城实验室 | Mixed flow forwarding method, device, equipment and storage medium |
| CN115277582B (en) * | 2022-07-13 | 2024-03-26 | 清华大学 | Software data packet classification acceleration method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102957603A (en) * | 2012-11-09 | 2013-03-06 | 盛科网络(苏州)有限公司 | Multilevel flow table-based Openflow message forwarding method and system |
| CN103354522A (en) * | 2013-06-28 | 2013-10-16 | 华为技术有限公司 | Method and device for searching multistage flow table |
| CN103581021A (en) * | 2013-10-23 | 2014-02-12 | 华为技术有限公司 | Method and equipment for detecting services in software defined network |
| CN104823416A (en) * | 2012-11-29 | 2015-08-05 | 华为技术有限公司 | Packet prioritization in a software-defined network implementing OpenFlow |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9680748B2 (en) * | 2013-09-15 | 2017-06-13 | Nicira, Inc. | Tracking prefixes of values associated with different rules to generate flows |
| CN104468357B (en) * | 2013-09-16 | 2019-07-12 | 中兴通讯股份有限公司 | Multipolarity method, the multilevel flow table processing method and processing device of flow table |
-
2016
- 2016-11-01 CN CN201610935403.4A patent/CN108011823B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102957603A (en) * | 2012-11-09 | 2013-03-06 | 盛科网络(苏州)有限公司 | Multilevel flow table-based Openflow message forwarding method and system |
| CN104823416A (en) * | 2012-11-29 | 2015-08-05 | 华为技术有限公司 | Packet prioritization in a software-defined network implementing OpenFlow |
| CN103354522A (en) * | 2013-06-28 | 2013-10-16 | 华为技术有限公司 | Method and device for searching multistage flow table |
| CN103581021A (en) * | 2013-10-23 | 2014-02-12 | 华为技术有限公司 | Method and equipment for detecting services in software defined network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108011823A (en) | 2018-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108011823B (en) | Multi-stage method and device for multi-domain flow table and multi-stage flow table searching method and device | |
| US9984144B2 (en) | Efficient lookup of TCAM-like rules in RAM | |
| US10496680B2 (en) | High-performance bloom filter array | |
| Schuetz et al. | Efficient modularity optimization by multistep greedy algorithm and vertex mover refinement | |
| CN107967219B (en) | TCAM-based large-scale character string high-speed searching method | |
| US8856203B1 (en) | System and method for algorithmic TCAM packet classification | |
| US20160342662A1 (en) | Multi-stage tcam search | |
| CN108287840B (en) | Data storage and query method based on matrix hash | |
| CN108875064B (en) | OpenFlow multidimensional data matching search method based on FPGA | |
| US10164884B2 (en) | Search apparatus, search configuration method, and search method | |
| JP4995125B2 (en) | How to search fixed length data | |
| CN102301342A (en) | Regular Expression Matching Method And System, And Searching Device | |
| CN101345707A (en) | Method and apparatus for implementing IPv6 packet classification | |
| CN107431660B (en) | Search device, search method, and recording medium | |
| CN109905413B (en) | IP address matching method and device | |
| CN111666468A (en) | Method for searching personalized influence community in social network based on cluster attributes | |
| CN101848248B (en) | Rule searching method and device | |
| CN109800228B (en) | Method for efficiently and quickly solving hash conflict | |
| CN111475511A (en) | Data storage method, data access method, data storage device, data access device and data access equipment based on tree structure | |
| CN104253754A (en) | ACL (access control list) fast matching method and equipment | |
| Kekely et al. | Packet classification with limited memory resources | |
| US10795580B2 (en) | Content addressable memory system | |
| CN109039911B (en) | Method and system for sharing RAM based on HASH searching mode | |
| KR101587756B1 (en) | Apparatus and method for searching string data using bloom filter pre-searching | |
| Li et al. | Deterministic and efficient hash table lookup using discriminated vectors |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |