CN109450811A - Flow control methods, device and server - Google Patents

Flow control methods, device and server Download PDF

Info

Publication number
CN109450811A
CN109450811A CN201811450342.8A CN201811450342A CN109450811A CN 109450811 A CN109450811 A CN 109450811A CN 201811450342 A CN201811450342 A CN 201811450342A CN 109450811 A CN109450811 A CN 109450811A
Authority
CN
China
Prior art keywords
flow
movement
forwarded
value
statistical indicant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811450342.8A
Other languages
Chinese (zh)
Other versions
CN109450811B (en
Inventor
王剑
唐强
金凯斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Cloud Technologies Co Ltd
Original Assignee
New H3C Cloud Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Cloud Technologies Co Ltd filed Critical New H3C Cloud Technologies Co Ltd
Priority to CN201811450342.8A priority Critical patent/CN109450811B/en
Publication of CN109450811A publication Critical patent/CN109450811A/en
Application granted granted Critical
Publication of CN109450811B publication Critical patent/CN109450811B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure provides a kind of flow control methods, device and server, extend a variety of behaviors in flow repeating process, including controlling the study of source MAC and not learning, save exit port corresponding with flow to be forwarded is not saved, and support the processing of flow table turn function and do not forward flow to be forwarded etc. in the same level flow table, it additionally supports to hide above-mentioned behavior before jumping to next flow table to avoid above-mentioned extension function on the matched influence of next flow table.In this way, can further support more flexible configuration abundant on the basis of the flow control function based on virtual switch, enhance the scalability of virtual switch flow forwarding control in practical business scene.

Description

Flow control methods, device and server
Technical field
This disclosure relates to field of cloud computer technology, in particular to a kind of flow control methods, device and server.
Background technique
For connecting virtual machine network, the virtual switch that has been born (Vswitch), virtual switch realizes physical exchange Major part function possessed by machine, such as the double layer network function of physical switches can be realized by software mode.At present more A kind of common virtual switch is OVS (OpenVswitch, virtual switch of increasing income).
After the success of virtual machine flow table issuance, multilevel flow table will be stored in the flow table of OVS, and OVS passes through inquiry flow table It treats converting flow and carries out match control.But there are various functions shortcomings for the mode of the existing converting flow of OVS, so that OVS needle Flexible configuration abundant, functional expansionary cannot achieve under many practical business scenes to the flow control function of virtual machine It is weaker.
Summary of the invention
In order to overcome above-mentioned deficiency in the prior art, the disclosure is designed to provide a kind of flow control methods, dress It sets and server, to solve or improve the above problem.
To achieve the goals above, the embodiment of the present disclosure the technical solution adopted is as follows:
In a first aspect, the disclosure provides a kind of flow control methods, it is applied to virtual switch, which comprises
Receive flow to be forwarded;
Judge whether the flow to be forwarded matches with any one flow entry in the flow table of virtual switch, wherein Each flow entry in the flow table includes matching domain and action fields, which includes being matched with the flow to be forwarded Matching condition, the action fields include when the flow to be forwarded meets the matching condition of the matching domain it is corresponding execute it is dynamic Make, execution movement includes whether to forbid learning that the first movement of source MAC, whether to save the flow to be forwarded corresponding Exit port the second movement, whether jump to next stage flow table third movement, whether the forwarding of the same level flow table it is described to The 4th of converting flow acts and whether hides before jumping to next stage flow table the 5th of above-mentioned first to fourth movement Wherein at least one in movement;
When any one flow entry successful match in the flow to be forwarded and flow table, execute dynamic in the flow entry Make to execute movement in domain.
Second aspect, the embodiment of the present disclosure also provide a kind of volume control device, are applied to virtual switch, described device Include:
Receiving module, for receiving flow to be forwarded;
Judgment module, for judge the flow to be forwarded whether with any one flow table in the flow table of virtual switch Matching, wherein each flow entry in the flow table includes matching domain and action fields, the matching domain include with it is described to be forwarded Flow carries out matched matching condition, which includes when the flow to be forwarded meets the matching condition of the matching domain pair That answers executes movement, the execution movement include whether to forbid learning the first movement of source MAC, whether save it is described wait turn Whether the second movement of the corresponding exit port of hair flow, the third for whether jumping to next stage flow table act, not in the same level flow table The 4th of the flow to be forwarded is forwarded to act and whether hide above-mentioned first to fourth before jumping to next stage flow table Wherein at least one in 5th movement of movement;
Action executing module, for when any one flow entry successful match in the flow to be forwarded and flow table, It executes in the action fields in the flow entry and executes movement.
The third aspect, the embodiment of the present disclosure also provide a kind of server, and the server includes:
Storage medium;
Processor;And
Above-mentioned volume control device, the volume control device are stored in the storage medium and including by described Manage the computer executable instructions that device executes.
Fourth aspect, the embodiment of the present disclosure also provide a kind of readable storage medium storing program for executing, are stored in the readable storage medium storing program for executing Computer program, the computer program, which is performed, realizes above-mentioned flow control methods.
In terms of existing technologies, the disclosure has the advantages that
The a variety of behaviors in flow control methods, device and Server Extension flow repeating process that the disclosure provides, Including controlling the study of source MAC and not learning, save exit port corresponding with flow to be forwarded is not saved, and support flow table The processing of turn function and flow to be forwarded etc. is not forwarded in the same level flow table, additionally supported before jumping to next flow table Above-mentioned behavior is hidden to avoid above-mentioned extension function on the matched influence of next flow table.In this way, based on virtual switch On the basis of flow control function, more flexible configuration abundant can be further supported, enhance virtual switch in practical industry The scalability of flow forwarding control in scene of being engaged in.
Detailed description of the invention
It, below will be to needed in the embodiment attached in order to illustrate more clearly of the technical solution of the embodiment of the present disclosure Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the disclosure, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 is a kind of application scenarios schematic diagram for flow control methods that the embodiment of the present disclosure provides;
Fig. 2 is a kind of flow diagram for flow control methods that the embodiment of the present disclosure provides;
Fig. 3 is that the virtual firewall that the embodiment of the present disclosure provides disposes schematic diagram;
Fig. 4 is the schematic diagram for the virtual machine configuration drainage rule that the embodiment of the present disclosure provides;
Fig. 5 be the embodiment of the present disclosure provide it is a kind of enter direction drainage table schematic diagram;
Fig. 6 is a kind of drainage schematic diagram that direction redirects out that the embodiment of the present disclosure provides;
Fig. 7 is a kind of schematic diagram for direction drainage table out that the embodiment of the present disclosure provides;
Fig. 8 is the schematic diagram that flow table is arranged in a kind of exit port that the embodiment of the present disclosure provides;
Fig. 9 is a kind of the functional block diagram for volume control device that the embodiment of the present disclosure provides;
Figure 10 is a kind of structural frames for server for realizing above-mentioned flow control methods that the embodiment of the present disclosure provides Figure.
Icon: 100- server;110- bus;120- processor;130- storage medium;140- bus interface;150- net Network adapter;160- user interface;200- volume control device;210- receiving module;220- judgment module;230- movement executes Module.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present disclosure, the technical solution in the embodiment of the present disclosure is carried out clear, complete Site preparation description, it is clear that described embodiment is disclosure a part of the embodiment, instead of all the embodiments.Usually herein The component of the embodiment of the present disclosure described and illustrated in place's attached drawing can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiment of the disclosure provided in the accompanying drawings is not intended to limit below claimed The scope of the present disclosure, but be merely representative of the selected embodiment of the disclosure.Based on the embodiment in the disclosure, the common skill in this field Art personnel all other embodiment obtained without creative efforts belongs to the range of disclosure protection.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
The technical solution of the disclosure in order to better understand, first below to the flow control methods of the embodiment of the present disclosure Application scenarios are described.As shown in Figure 1, running virtual switch (Vswitch) on server 100 and at least one is virtual Machine (Virtual Machine), such as virtual machine A, B, C etc..Multiple virtual ports are provided in virtual switch, for connecting Virtual machine port and physical port, the virtual machine port are arranged on the Microsoft Loopback Adapter of virtual machine, and physical port is arranged in physics On network interface card.The physical port of physical network card is communicated with external physical network on connection server 100.Connect Microsoft Loopback Adapter Virtual port connect with the virtual machine on the server 100, for realizing virtual machine and external network or virtual machine mutually it Between data exchange.In general, a virtual switch can manage all virtual machine (such as Fig. 1 on a server 100 It is shown), the mode that can also manage in a distributed manner while managing the virtual machine on multiple servers 100.Microsoft Loopback Adapter is usually set It sets on a virtual machine, one or more Microsoft Loopback Adapters can be set in a virtual machine.When multiple Microsoft Loopback Adapters are arranged in virtual machine, The virtual machine can be made to connect different virtual networks.
It is appreciated that application scenarios shown in FIG. 1 are only to illustrate, server 100 may also include it is more than shown in Fig. 1 or The less component of person, or with the configuration different from shown in Fig. 1.
In above-mentioned application scenarios, the repeating process of flow is general are as follows: MAC (Media is stored in virtual switch Access Control, media access control) table, which includes the MAC Address of each virtual machine and the virtual terminal that is connected Corresponding relationship between mouthful.If virtual machine A is received to virtual machine B transmitted traffic, virtual switch by virtual port A The flow sent to virtual machine A, and detect the MAC Address that whether there is virtual machine A in the MAC table.It will learn if it does not exist The MAC Address of virtual machine A is practised, and is recorded corresponding between the MAC Address of virtual machine A and the virtual port A for connecting virtual machine A It is related in MAC table., whereas if detecting that there are the MAC Address of virtual machine B and corresponding virtual port in the MAC table, then The purpose virtual port of connecting virtual machine B is found according to the target MAC (Media Access Control) address (namely MAC Address of virtual machine B) in flow, Namely virtual port B, flow is then transmitted to virtual machine B from virtual port B.In addition, if detecting the MAC table In be not present virtual machine B MAC Address, then then can to each virtual machine send include destination IP broadcast ARP request, virtually Whether machine B is identical as the IP of itself by comparative purpose IP after the ARP request for receiving broadcast, if the same can be to virtual Interchanger (such as by way of unicast) feedback includes the arp reply information of the source MAC of virtual machine B, empty at this time Intend interchanger for the source MAC of the virtual machine B arp reply information sent and corresponding virtual port (namely virtual port B) It updates in the MAC table of oneself, is then turned according still further to the flow that above-mentioned method sends virtual machine A by virtual port B It is dealt into virtual machine B.
Wherein, for above-mentioned virtual switch for OVS (OpenVswitch, virtual switch of increasing income), OVS is received When above-mentioned flow, which can be matched one by one with the list item in flow table, and according in hit list item at the movement recorded Manage the flow.It is right when OVS receives the flow of virtual machine A transmission by virtual port A such as in application scenarios shown in FIG. 1 The process flow of the flow generally includes protocol analysis, entry lookup and movement and executes.Wherein, protocol analysis is by program point Analyse flow agreement head and tail, thus obtain the flow generate and transmission process in behavioural information, for example, the flow when Between, source address, destination address, protocol version, status code etc..Entry lookup is searched preparatory according to the behavioural information parsed The flow table set obtains hit list item;The movement recorded in hit list item is finally executed again, for example, virtual by what is specified Port forwarding abandons the flow etc., to complete the process flow to the flow.
However, there are many shortcomings for above-mentioned flow pass-through mode, so that OVS is being permitted for the flow control function of virtual machine It cannot achieve flexible configuration abundant under more practical business scenes, functional expansionary is weaker.For example, in above process, OVS It is unable to control the update of MAC table, i.e., can not forbid learning source MAC, as long as detecting in MAC table does not have this MAC Address all Many useless MAC Address storages can be in turn resulted in into MAC table by MAC address learning into MAC table.But by MAC table itself Memory capacity limitation, will affect the overall performance of OVS after storing a large amount of inessential MAC Address, in addition, if the later period is intended to To these, useless MAC Address is cleared up, and also brings along biggish workload.
It is jumped in another example OVS in flow treatment process, can not carry out flow table, the flow table only actively issued in user In have and just can be carried out flow table when executing the movement that flow table jumps and jump, be unfavorable for extension and optimization of subsequent flow table function etc..
Discovery based on above-mentioned technical problem, present inventor propose that following technical proposals are above-mentioned to solve or improve Problem.It is inventor by practice and careful it should be noted that defect present in the above scheme in the prior art It is being obtained after research as a result, therefore, the discovery procedure of the above problem and hereinafter the embodiment of the present application institute regarding to the issue above The solution of proposition all should be the contribution that inventor makes the application during the application.
Flow control methods shown in Fig. 2 are described in detail below with reference to Fig. 1, the flow control methods are by Fig. 1 Shown in virtual switch execute.It should be appreciated that in other embodiments, its middle part of flow control methods described in the present embodiment Sequence step by step can be exchanged with each other according to actual needs or part steps therein also can be omitted or delete.The stream The detailed step of amount control method is described below.
Step S110 receives flow to be forwarded.
In the present embodiment, flow to be forwarded can be the flow sent from a virtual machine to another virtual machine, such as The flow that virtual machine A is sent to virtual machine B in Fig. 1, the address in flow to be forwarded can specifically include IP address, MAC Address Or other can be with the address of unique identification virtual machine.The address may include source address, i.e. the ground of source virtual machine (Source VM) Location also may include destination address, i.e. the address of purpose virtual machine (Destination VM).
Step S120, judges whether flow to be forwarded matches with any one flow entry in the flow table of virtual switch.
At least two-stage flow table can be set in the present embodiment, in OVS, each flow table includes at least one respective flow table , each flow entry includes matching domain and action fields, which includes carrying out matched matching condition with flow to be forwarded, should Action fields include corresponding when flow to be forwarded meets the matching condition of the matching domain executing movement.Wherein, execution movement can Including forbidding the first movement for learning source MAC, the second movement for saving the corresponding exit port of flow to be forwarded, jumping to down The third movement of level-one flow table does not forward the 4th movement of flow to be forwarded in the same level flow table and is jumping to next stage flow table The wherein at least one in the 5th movement of above-mentioned first to fourth movement is hidden before.
Virtual switch carries out protocol analysis to the flow to be forwarded first after receiving the flow to be forwarded, can be with Analyze the agreement head and tail of the flow to be forwarded with obtain the flow to be forwarded generate and transmission process in behavioural information, For example, the time of the flow, source address, destination address, protocol version, status code etc..Then, believed according to the behavior parsed Breath, search the flow table pre-set, behavioural information matched with each matching domain of flow entry each in flow table, The flow entry to match with behavioural information can be obtained when with success.
Step S130 executes the flow entry when any one flow entry successful match in flow to be forwarded and flow table In action fields in execute movement.
In one embodiment, if action fields in matched flow entry include the first movement, by the of register The value of one default flag bit is set as the corresponding value of statistical indicant of the first movement, and learns virtual switch not according to the value of statistical indicant of setting Practise the source MAC in flow to be forwarded.
In yet another embodiment, if the action fields in matched flow entry include the second movement, by register The value of second default flag bit is set as the corresponding value of statistical indicant of the second movement, and makes virtual switch will according to the value of statistical indicant of setting The corresponding exit port of flow to be forwarded saves in a register.
In yet another embodiment, if the action fields in matched flow entry include third movement, by register The value that third presets flag bit is set as third and acts corresponding value of statistical indicant, and jumps virtual switch according to the value of statistical indicant of setting It goes to next stage flow table and treats converting flow and matched.
In yet another embodiment, if the action fields in matched flow entry include the 4th movement, by register The value of 4th default flag bit is set as the corresponding value of statistical indicant of the 4th movement, and makes virtual switch not according to the value of statistical indicant of setting Flow to be forwarded is forwarded in the flow treatment process of the same level flow table.
In yet another embodiment, if the action fields in matched flow entry include the 5th movement, by register The value of 5th default flag bit is set as the corresponding value of statistical indicant of the 5th movement, and so that virtual switch is existed according to the value of statistical indicant of setting Jump to before next stage flow table the first movement, the second movement that the action fields hidden in the same level flow table in a register include, Third movement or the corresponding value of statistical indicant of the 4th movement.
It is appreciated that the action fields in flow entry can execute movement including multiple simultaneously, in matched flow entry When action fields include multiple execution movement, that is, it is performed simultaneously these movements.For example, the action fields in matched flow entry are simultaneously It, then respectively will be each pre- in register when including the first movement, the second movement, third movement, the 4th movement and the 5th movement If the value of flag bit be set as the first movement, the second movement, third movement, the 4th movement and the 5th corresponding mark of movement Value, and so that virtual switch is not learnt the source MAC in flow to be forwarded, by stream to be forwarded according to respectively arranged value of statistical indicant The preservation of corresponding exit port is measured not forward flow to be forwarded in the flow treatment process of the same level flow table in a register, or not jump Converting flow is treated to next stage flow table to carry out matching and hide in a register before jumping to next stage flow table above-mentioned Act corresponding value of statistical indicant.
Optionally, the mark of the first above-mentioned movement, the second movement, third movement, the 4th movement and the 5th movement difference Will value can store in some storage region (for example, reg0) of the register of virtual switch.For example, a kind of replaceable Embodiment in, above-mentioned first movement, the second movement, third movement, the can be saved respectively by binary digit to reg0 Four movements and the corresponding value of statistical indicant Flag of the 5th movement, illustratively, the setting information of the value of statistical indicant of each execution movement is such as Shown in table 1:
The setting table of each value of statistical indicant Flag of table 1
Illustratively, the setting position of storage of the value of statistical indicant Flag of each execution movement in the reg0 of register is table Shown in 2:
Flag value Storage location
no learn Reg0 first
save outport Reg0 second
goto next Reg0 third position
no output Reg0 the 4th
stash Reg0 the 5th
The storage location table of each value of statistical indicant Flag of table 2
In this way, virtual switch can be made to execute different movements according to the setting of the Flag of each execution movement, work as institute When the value for the Flag for having execution to act is both configured to 0, then it represents that the corresponding movement of the Flag is not executed, conversely, executing when existing When the Flag of movement is set as 1, then corresponding movement is executed.For example, if the action fields in matched flow entry include first dynamic Make, then then setting 1 for the first bit value in the reg0 of register, the source MAC of flow to be forwarded can not be learnt.Instead It then demonstrates the need for the source MAC for learning flow to be forwarded when the first bit value is set as 0 in the reg0 of register.
It is worth noting that since the value of Flag needs to be set before entering flow table process flow according to the configuration of user It sets, so needing for Flag to be stored in the Regx for retaining 8 32 in OVS, and other positions cannot be stored in, to avoid user Arbitrarily it is arranged.
In addition, also needing to store virtual fire prevention when needing to treat converting flow and being protected in multilevel flow table design The identification information VFW_id of wall (Virtual Firewall, VFW) and the port numbers out_port of some virtual ports.As A kind of embodiment, the present embodiment still store these expanding values using the regx of register.Specific design is as shown in table 3.
Deposit region Storage value
Reg1[1..16] out_port
Reg2 VFW_id
3 multilevel flow table of table extends value table storage
Wherein, out_port is go out port numbers, and in OVS, go out port numbers generally have sixteen bit, so will use Regx Sixteen bit, therefore storage end slogan can be used for by first 16 of Reg1.VFW_id is the identification information of virtual firewall Reg2 can be used to store VFW_id by VFW_id.As a result, in multilevel flow table, Reg1 represents go out port numbers, and Reg2, which is represented, to be used The VFW_id value of the virtual firewall of family setting, the VFW_id of VFW_id and virtual firewall itself including virtual machine setting.
In this way, on the basis of foregoing description, it is assumed that virtual machine A is to virtual machine B transmitted traffic L, first order flow table Table1, second level flow table are Table2, wherein the matching priority of Table1 is higher than the matching priority of Table2, namely In the matching process to flow L, flow L can be matched with each flow entry of Table1 first, when it fails to match Just flow L is matched with each flow entry of Table2, below with reference to application scenarios shown in FIG. 1 to this step carry out into One step illustrates.
If the action fields in the flow entry of the matched Table1 of flow L include the first movement, then will be in register Value of statistical indicant on Reg0 first (the first default flag bit) is set as 1, and is not learnt in flow L according to the value of statistical indicant of setting 1 Source MAC.
If the action fields in the flow entry of the matched Table1 of flow L include the second movement, then will be in register Value of statistical indicant on Reg0 second (the second default flag bit) is set as 1, and according to the value of statistical indicant of setting 1 that flow L is corresponding Exit port, namely the port numbers out_port of virtual port B that connect with virtual machine B are stored in the Reg1 [1..16] of register In.
If the action fields in the flow entry of the matched Table1 of flow L include third movement, then will be in register Value of statistical indicant on Reg0 third position (third presets flag bit) is set as 1, and is jumped in Table2 according to the value of statistical indicant of setting 1 Flow L is matched.
If the action fields in the flow entry of the matched Table1 of flow L include the 4th movement, then will be in register Value of statistical indicant on Reg0 the 4th (the 4th default flag bit) is set as 1, and is not sent out in Table1 according to the value of statistical indicant of setting 1 Send flow L.
If the action fields in the flow entry of the matched Table1 of flow L include the 5th movement, then will be in register Value of statistical indicant on Reg0 the 5th (the 5th default flag bit) is set as 1, and hides the dynamic of Table1 according to the value of statistical indicant of setting 1 The first movement, the second movement, third movement or the corresponding value of statistical indicant of the 4th movement for including as domain, namely it is next jumping to Need to hide before grade flow table Table2 Reg0 first, second, third and fourth it is upper for 1 value of statistical indicant, from next stage flow table Table2 Restore that the value of statistical indicant for being originally used for 1 on Reg0 first, second, third and fourth is arranged again after return.
Specifically, the first movement, the second movement, for including according to the action fields that the value of statistical indicant of setting 1 hides Table1 The specific implementation of three movements or the 4th corresponding value of statistical indicant of movement can be with are as follows: jump to next stage flow table Table2 it Before, the first default flag bit, the second default flag bit, third are preset and are originally used for 1 on flag bit or the 4th default flag bit Value of statistical indicant be temporarily set as 0, and after returning to the same level flow table Table1 from next stage flow table Table2, by the first default mark Position, the second default flag bit, third, which are preset, to be originally used for 1 but currently sets again for 0 value on flag bit and the 4th default flag bit It is set to 1.
That is, can be according to the value of statistical indicant 1 being arranged on Reg0 the 5th (the 5th default flag bit), from Table1 The first movement for having turned on function, the second movement, third movement or the 4th are moved before jumping to next stage flow table Table2 Make temporary close, in the first movement for restoring above-mentioned temporary close again after next stage flow table Table2 return Table1, second Movement, third movement or the 4th movement.It so, it is possible to avoid after jumping to next stage flow table Table2, due to the same level stream Tool of the first movement, the second movement, third movement or the 4th movement extended in table Table1 to next stage flow table Table2 Body execution movement impacts.Meanwhile restoring this again after jumping back to the same level flow table Table1 again from next stage flow table Table2 The first movement, the second movement, third movement or the 4th movement of grade flow table Table1 extension, so as to continue to hold in subsequent needs Row the same level flow table Table1 extension first movement, second movement, third movement or the 4th movement when do not jumped influence and It closes.
Based on foregoing description, it can be seen that exist between the second movement, third movement, the 4th movement and the 5th movement Incidence relation is necessarily required to first save the corresponding exit port of flow, and not in the same level flow table when needing to carry out flow table to jump Converting flow, while the value of statistical indicant of hiding the same level flow table setting namely the second movement, third are moved before jumping to next stage flow table Make, the 4th movement and the 5th movement generally require while being arranged.
In this way, the present embodiment extends a variety of behaviors in flow repeating process, including control source MAC study and Do not learn, save exit port corresponding with flow to be forwarded is not saved, and support flow table turn function processing and not this Grade flow table forwards flow to be forwarded etc., supports to hide above-mentioned behavior before jumping to next flow table additionally to avoid above-mentioned expansion Function is opened up on the matched influence of next flow table.It, can be into this way, on the basis of the flow control function based on virtual switch It supports to one step more flexible configuration abundant, enhances virtual switch flow in practical business scene and forward expanding for control Malleability.
It is illustrated below with reference to the flow control methods that Fig. 3-Fig. 8 provides the embodiment of the present disclosure.It please refers to Fig. 3 can use the shape of virtual machine (VirtualMachine, VM) when needing the flow sent to virtual machine to protect Formula will be suspended on virtual switch under virtual firewall (VirtualFire Wall, VFW).VFW is special virtual as one Machine operates in server 100, and the VFW of the creation can have function of safety protection identical with conventional physical firewall.Work as clothes When flowing of access between business 100 internal virtual machine VM of device needs to carry out security protection, administrator can configure corresponding peace on VFW Full strategy, and VFW can automatically configure the drainage strategy in OVS, and can be stored in OVS in the form of flow table, OVS can be according to flow table Content matches flow, so as to drain into the message of particular VM in VFW, carries out safety to the flow VM by VFW Protective treatment is most returned in OVS afterwards through the processed flow of VFW and is normally forwarded.By this programme, in virtual environment In, it VFW can be used to realize the protection between flow 100 inside VM of server, avoid flow from being forwarded to external treatment, cause to service Device 100 and physical switches waist performance.
Under deployment framework shown in Fig. 3, VFW can will treated that flow is sent to after carrying out flow protective treatment OVS, it is not difficult to find out that, VFW temporarily becomes the source virtual machine of OVS, however OVS need not be gone with learning the MAC of the port VFW at this time Location, therefore the source MAC for not learning the flow of VFW transmission should be configured.
Below will according to the first of above-mentioned extension movement to the 5th movement multilevel flow table will be optimized, and analyze with The process of flow control in flow repeating process after family configuration flow table between VM.Referring to Fig. 4, OVS respectively with VM0, VM1, VM2, VM3, VM4, VFW1, VFW2 are connected by corresponding virtual port, corresponding to draw for the drainage rule configured in Fig. 4 Stream flow table please refers to figure 5-8, respectively includes into direction drainage table Table1, goes out direction redirection drainage table Table2, out side To drainage table Table3 and exit port, flow table Table10 is set.Wherein, Table1 respectively includes A, B, C, D, E, F flow entry, Table2 respectively includes G, H, J, K, L, M flow entry, and Table3 respectively includes N, O, P flow entry, Table10 respectively include Q, R, S flow entry.
Wherein, in Table1, Table2, Table3 and Table10, part before arrow is matching domain, after arrow Part be action fields.Wherein, inport indicates that inbound port, setVFW_id indicate that the VFW protected in current flow entry is arranged, Xnormal indicates that the need to be implemented first movement to the 5th movement, resubmit (10) expression jump to Table10, goto n Ext expression jumps to next stage flow table, and default indicates default matching, and out_port indicates exit port, action: indicating dynamic It executes, from exit port converting flow, drop indicates to abandon flow output out.
If VM1 communicates flow table matching process to VM3 transmitted traffic, VM1-VM3 are as follows:
Input=VM1, the output=VM3_port for the flow that process a:VM1 is sent, the flow start after entering OVS Each flow table in OVS is matched, first matching Table1, according to the A in matching condition inport=VM1 successful match Table1 Flow entry.Then each movement for including in action fields is executed respectively;
Process b:set VFW_id=VFW1_id, the flow that VM1 is sent are configured as needing to be forwarded in VFW1 being prevented Shield processing;
Process c:Xnormal (save_out, no_output) saves the corresponding exit port of flow that VM1 is sent, and The flow for forwarding VM1 to send not in Table1.That is, the value of statistical indicant on the second of the Reg0 of register and the 4th is set It is set to 1, so that the virtual port VM3_port connecting on OVS with VM3 is stored in above-mentioned table 2 according to the value of statistical indicant 1 of setting Shown in register Reg1 [1..16] in, while not in Table1 forward VM1 send flow;
Process d:resubmit (10), jumps in Table10, according to matching condition VFW_id=VFW1_id success With the Q flow entry in Table10, then set outport=VFW1_port, the corresponding outlet of flow for again sending VM1 Mouth outport is set as the virtual port VFW1_port connecting on OVS with VFW1, then jumps back in Table1;
Process e:goto next sets 1 for the value of statistical indicant on three of the Reg0 of register, thus according to setting Value of statistical indicant 1 jumps in next stage flow table Table2, according to the success of matching condition outport=VFW1_port successful match With the M flow entry in Table2, then branch in next stage flow table Table3, according to matching condition outport=VFW1_ P flow entry in port successful match Table3, then action:output out (NXM_NX_REG [1...16]): by this Flow is forwarded in VFW1;
Process f:VFW1 carries out protective treatment to flow is received, and the flow after protective treatment is sent to OVS, VFW1 It is sent to the input=VFW1 of the flow of OVS, output=VM3_port.Then, the flow that OVS is sent according to VFW1 again Flow table is matched, first matching Table1, according to the B flow entry in matching condition inport=VFW1 successful match Table1, so Execute each movement for including in action fields respectively afterwards;
Process g:Xnormal (no_learn, save_out, stash, gonext, no_output), by register Value of statistical indicant on the first of Reg0 to the 5th is set as 1, to not learn the flow of VFW1 transmission according to the value of statistical indicant 1 of setting In source MAC, save VFW1 send the corresponding exit port of flow, not in Table1 forward VFW1 send flow, Next stage flow table Table2 is jumped to, and hides above-mentioned each movement before jumping to Table2;
Process h: after jumping to next stage flow table Table2, according to matching condition out_port=VM3_port, VFW_id J flow entry in=VFW1_id successful match Table2, then goto next, into next stage flow table Table3, according to With the P flow entry in condition out_port=VM3_port successful match Table3, then action:output out (NXM_ NX_REG [1...16]): the flow is forwarded in VM3.
In another example, if VM1 is to VM4 transmitted traffic, VM1-VM4 communicates flow table matching process are as follows:
Input=VM1, the output=VM4_port for the flow that process a:VM1 is sent, the flow start after entering OVS Each flow table in OVS is matched, first matching Table1, according to the A in matching condition inport=VM1 successful match Table1 Flow entry.Then each movement for including in action fields is executed respectively;
Process b:set VFW_id=VFW1_id, the flow that VM1 is sent are configured as needing to be forwarded in VFW1 being prevented Shield processing;
Process c:Xnormal (save_out, no_output) saves the corresponding exit port of flow that VM1 is sent, and The flow for forwarding VM1 to send not in Table1.That is, the value of statistical indicant on the second of the Reg0 of register and the 4th is set It is set to 1, so that the virtual port VM4_port connecting on OVS with VM4 is stored in above-mentioned table 2 according to the value of statistical indicant 1 of setting Shown in register Reg1 [1..16] in, while not in Table1 forward VM1 send flow;
Process d:resubmit (10), jumps in Table10, according to matching condition VFW_id=VFW1_id success With the Q flow entry in Table10, then set outport=VFW1_port, the corresponding outlet of flow for again sending VM1 Mouth outport is set as the virtual port VFW1_port connecting on OVS with VFW1, then jumps back in Table1;
Process e:goto next sets 1 for the value of statistical indicant on three of the Reg0 of register, thus according to setting Value of statistical indicant 1 jumps in next stage flow table Table2, according to the success of matching condition output=VM1_output successful match With the M flow entry in Table2, then branch in next stage flow table Table3, according to matching condition output=VM1_ P flow entry in output successful match Table3, then action:output out (NXM_NX_REG [1...16]): will The flow is forwarded in VFW1;
Process f:VFW1 carries out protective treatment to flow is received, and the flow after protective treatment is sent to OVS, VFW1 It is sent to the input=VFW1 of the flow of OVS, output=VM4_port.Then, the flow that OVS is sent according to VFW1 again Flow table is matched, first matching Table1, according to the B flow entry in matching condition inport=VFW1 successful match Table1, so Execute each movement for including in action fields respectively afterwards;
Process g:Xnormal (no_learn, save_out, stash, gonext, no_output), by register Value of statistical indicant on the first of Reg0 to the 5th is set as 1, to not learn the flow of VFW1 transmission according to the value of statistical indicant 1 of setting In source MAC, save VFW1 send the corresponding exit port of flow, not in Table1 forward VFW1 send flow, Next stage flow table Table2 is jumped to, and hides above-mentioned each movement before jumping to Table2;
Process h: after jumping to next stage flow table Table2, according to matching condition out_port=VM4_port successful match L flow entry in Table2, then set VFW_id=VFW2_id, the flow that VM1 is sent are configured as needing to be forwarded to VFW1 Middle carry out protective treatment;
Process i:resubmit (10), jumps in Table10, according to matching condition VFW_id=VFW2_id success With the R flow entry in Table10, then set outport=VFW2_port, the flow for again sending VFW1 are corresponding out Port outport is set as the virtual port VFW2_port connecting on OVS with VFW2, then jumps back in Table2;
Process j:goto next, into next stage flow table Table3, according to matching condition output=VFW2_output Then action:outputout (NXM_NX_REG [1...16]): P flow entry in successful match Table3 the flow is turned It is dealt into VFW2;
Process k:VFW2 carries out protective treatment to flow is received, and the flow after protective treatment is sent to OVS, VFW2 It is sent to the input=VFW2 of the flow of OVS, output=VM4_port.Then, the flow that OVS is sent according to VFW2 again Flow table is matched, first matching Table1, according to the E flow entry in matching condition inport=VFW2 successful match Table1, so Execute each movement for including in action fields respectively afterwards;
Process l:Xnormal (no_learn, save_out, stash, gonext, no_output), by register Value of statistical indicant on the first of Reg0 to the 5th is set as 1, to not learn the flow of VFW2 transmission according to the value of statistical indicant 1 of setting In source MAC, save VFW2 send the corresponding exit port of flow, not in Table1 forward VFW2 send flow, Next stage flow table Table2 is jumped to, and hides above-mentioned each movement before jumping to Table2;
Process m: after jumping to next stage flow table Table2, according to matching condition out_port=VM4_port, VFW_id K flow entry in=VFW2_id successful match Table2, then goto next, into next stage flow table Table3, according to With the P flow entry in condition out_port=VM4_port successful match Table3, then action:output out (NXM_ NX_REG [1...16]): the flow is forwarded in VM4.
It is worth noting that about other examples, such as VM1 is to VM2 transmitted traffic, VM2 to VM3 transmitted traffic, VM2 to VM4 transmitted traffic etc. can be implemented in conjunction with above-mentioned example, no longer herein to repeat more.
In this way, in entire application scenarios, the various motion for having used the disclosure to extend, including when VFW1 is sent to OVS When flow, OVS does not learn the source MAC in flow, and OVS saves the corresponding exit port of flow when jumping flow table every time, and Furthermore selection hides the movement of setting before jumping to next flow table not in the same level flow table converting flow to avoid the dynamic of setting The matched influence of next flow table of opposing, to enhance the scalability of OVS flow forwarding control in practical business scene.
Further, referring to Fig. 9, the embodiment of the present disclosure additionally provides a kind of volume control device 200, it is applied to virtual Interchanger.It should be noted that the technical effect of volume control device provided by the present embodiment, basic principle and generation with Preceding method embodiment is identical, to briefly describe, does not refer to part in the present embodiment, can refer to the phase in preceding method embodiment Answer content.Volume control device 200 includes:
Receiving module 210, for receiving flow to be forwarded.It is appreciated that the receiving module 210 can be used for executing it is above-mentioned Step S110, the detailed implementation about the receiving module 210 are referred to above-mentioned to the related content of step S110.
Judgment module 220, for judge flow to be forwarded whether with any one flow table in the flow table of virtual switch Item matching, wherein each flow entry in flow table includes matching domain and action fields, which includes and flow to be forwarded carries out Matched matching condition, the action fields include when flow to be forwarded meets the matching condition of the matching domain it is corresponding execute it is dynamic Work, execution movement include forbidding learn source MAC first to act, save the second of the corresponding exit port of flow to be forwarded to move Make, jump to the third movement of next stage flow table, forward the 4th movement of flow to be forwarded in the same level flow table and jumping The wherein at least one in the 5th movement of above-mentioned first to fourth movement is hidden before to next stage flow table.It is appreciated that should Judgment module 220 can be used for executing above-mentioned steps S120, and the detailed implementation about the judgment module 220 is referred to It states to the related content of step S120.
Action executing module 230, for holding when any one flow entry successful match in flow to be forwarded and flow table Movement is executed in action fields in the row flow entry.It is appreciated that the action executing module 230 can be used for executing above-mentioned step Rapid S130, the detailed implementation about the action executing module 230 are referred to above-mentioned to the related content of step S130.
Optionally, if the action fields in matched flow entry include the first movement, action executing module 230 is specifically used for: The corresponding value of statistical indicant of the first movement is set by the value of the first of register the default flag bit;Made virtually according to the value of statistical indicant of setting Interchanger does not learn the source MAC in flow to be forwarded.
Optionally, if the action fields in matched flow entry include the second movement, action executing module 230 is specifically used for: The corresponding value of statistical indicant of the second movement is set by the value of the second of register the default flag bit;Made virtually according to the value of statistical indicant of setting Interchanger saves the corresponding exit port of flow to be forwarded in a register.
Optionally, if the action fields in matched flow entry include third movement, action executing module 230 is specifically used for: Third, which is set, by the value that the third of register presets flag bit acts corresponding value of statistical indicant;Made virtually according to the value of statistical indicant of setting Interchanger, which jumps to next stage flow table, to be treated converting flow and is matched.
Optionally, if the action fields in matched flow entry include the 4th movement, action executing module 230 is specifically used for: The corresponding value of statistical indicant of the 4th movement is set by the value of the 4th default flag bit of register;Made virtually according to the value of statistical indicant of setting Interchanger does not forward flow to be forwarded in the flow treatment process of the same level flow table.
Optionally, if the action fields in matched flow entry include the 5th movement, action executing module 230 is specifically used for: If the action fields in matched flow entry include the 5th movement, the 5th is set by the value of the 5th default flag bit of register Act corresponding value of statistical indicant;According to the value of statistical indicant of setting make virtual switch before jumping to next stage flow table in a register Hide the first movement, the second movement, third movement or the corresponding mark of the 4th movement that the action fields in the same level flow table include Value.
Further, referring to Fig. 10, the embodiment of the present disclosure additionally provides one kind for realizing above-mentioned flow control methods Server 100, in the present embodiment, the server 100 can be made general bus architecture by bus 110 Lai real It is existing.According to the concrete application of server 100 and overall design constraints condition, bus 110 may include that any number of interconnection is total Line and bridge joint.Together by various circuit connections, these circuits include processor 120, storage medium 130 and bus to bus 110 Interface 140.Optionally, server 100 can be used bus interface 140 and connect network adapter 150 etc. via bus 110. Network adapter 150 can be used for realizing the signal processing function of physical layer in server 100, and realize radiofrequency signal by antenna Send and receive.User interface 160 can connect external equipment, such as: keyboard, display, mouse or control stick etc..Always Line 110 can also connect various other circuits, such as timing source, peripheral equipment, voltage regulator or management circuit, this A little circuits are known in the art, therefore are no longer described in detail.
It can replace, server 100 may also be configured to generic processing system, such as be commonly referred to as chip, the general procedure System includes: to provide the one or more microprocessors of processing function, and provide at least part of outer of storage medium 130 Portion's memory, it is all these all to be linked together by external bus architecture and other support circuits.
Alternatively, following realize can be used in server 100: having processor 120, bus interface 140, Yong Hujie The ASIC (specific integrated circuit) of mouth 160;And it is integrated at least part of the storage medium 130 in one single chip, alternatively, Following realize: one or more FPGA (field programmable gate array), PLD (programmable logic device can be used in server 100 Part), controller, state machine, gate logic, discrete hardware components, any other suitable circuit or to be able to carry out the application logical Any combination of the circuit of various functions described in.
Wherein, processor 120 is responsible for management bus 110 and general processing (is stored on storage medium 130 including executing Software).One or more general processors and/or application specific processor can be used to realize in processor 120.Processor 120 Example includes microprocessor, microcontroller, dsp processor and the other circuits for being able to carry out software.It should be by software broadly It is construed to indicate instruction, data or any combination thereof, regardless of being called it as software, firmware, middleware, microcode, hard Part description language or other.
Storage medium 130 is illustrated as separating with processor 120 in Figure 10, however, those skilled in the art be easy to it is bright White, storage medium 130 or its arbitrary portion can be located at except server 100.For example, storage medium 130 may include passing Defeated line, the carrier waveform modulated with data, and/or the computer product that separates with radio node, these media can be by Processor 120 is accessed by bus interface 140.Alternatively, storage medium 130 or its arbitrary portion are desirably integrated into processing In device 120, for example, it may be cache and/or general register.
Above-described embodiment can be performed in the processor 120, specifically, can store in the storage medium 130 described Volume control device 200, the processor 120 can be used for executing the flow identification device 200.
Further, the embodiment of the present application also provides a kind of nonvolatile computer storage media, the computer is deposited Storage media is stored with computer executable instructions, which can be performed the stream in above-mentioned any means embodiment Amount control method.
In the embodiment provided by the disclosure, it should be understood that disclosed device and method, it can also be by other Mode realize.Device and method embodiment described above is only schematical, for example, flow chart and frame in attached drawing Figure shows the system frame in the cards of the system of multiple embodiments according to the disclosure, method and computer program product Structure, function and operation.In this regard, each box in flowchart or block diagram can represent a module, section or code A part, a part of the module, section or code includes one or more for implementing the specified logical function Executable instruction.It should also be noted that function marked in the box can also be with not in some implementations as replacement It is same as the sequence marked in attached drawing generation.For example, two continuous boxes can actually be basically executed in parallel, they have When can also execute in the opposite order, this depends on the function involved.It is also noted that in block diagram and or flow chart Each box and the box in block diagram and or flow chart combination, can function or movement as defined in executing it is dedicated Hardware based system realize, or can realize using a combination of dedicated hardware and computer instructions.
In addition, each functional module in each embodiment of the disclosure can integrate one independent portion of formation together Point, it is also possible to modules individualism, an independent part can also be integrated to form with two or more modules.
It can replace, can be realized wholly or partly by software, hardware, firmware or any combination thereof.When When using software realization, can entirely or partly it realize in the form of a computer program product.The computer program product Including one or more computer instructions.It is all or part of when loading on computers and executing the computer program instructions Ground is generated according to process or function described in the embodiment of the present disclosure.The computer can be general purpose computer, special purpose computer, Computer network or other programmable devices.The computer instruction may be stored in a computer readable storage medium, or Person is transmitted from a computer readable storage medium to another computer readable storage medium, for example, the computer instruction Wired (such as coaxial cable, optical fiber, digital subscriber can be passed through from a web-site, computer, server or data center Line (DSL)) or wireless (such as infrared, wireless, microwave etc.) mode to another web-site, computer, server or data It is transmitted at center.The computer readable storage medium can be any usable medium that computer can access and either wrap The data storage devices such as electronic equipment, server, the data center integrated containing one or more usable mediums.The usable medium It can be magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid-state Hard disk Solid State Disk (SSD)) etc..
It should be noted that, in this document, term " including ", " including " or its any other variant are intended to non-row Its property includes, so that the process, method, article or equipment for including a series of elements not only includes those elements, and And further include the other elements being not explicitly listed, or further include for this process, method, article or equipment institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence " including one ... ", it is not excluded that including institute State in the process, method, article or equipment of element that there is also other identical elements.
It is obvious to a person skilled in the art that the present disclosure is not limited to the details of above-mentioned exemplary embodiment, Er Qie Without departing substantially from the disclosure spirit or essential attributes in the case where, can realize the disclosure in other specific forms.Therefore, no matter From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present disclosure is by appended power Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims Variation is included in the disclosure.Any reference signs in the claims should not be construed as limiting the involved claims.

Claims (13)

1. a kind of flow control methods, which is characterized in that be applied to virtual switch, which comprises
Receive flow to be forwarded;
Judge whether the flow to be forwarded matches with any one flow entry in the flow table of virtual switch, wherein described Each flow entry in flow table includes matching domain and action fields, which includes carrying out matched with the flow to be forwarded With condition, which includes corresponding when the flow to be forwarded meets the matching condition of the matching domain executing movement, institute Stating execution movement includes forbidding learning the first movement of source MAC, saving the of the corresponding exit port of the flow to be forwarded Two movement, jump to next stage flow table thirds movement, not the same level flow table forward the flow to be forwarded the 4th act with And hidden before jumping to next stage flow table it is above-mentioned first to fourth movement the 5th movement in wherein at least one;
When any one flow entry successful match in the flow to be forwarded and flow table, the action fields in the flow entry are executed In execute movement.
2. flow control methods according to claim 1, which is characterized in that described when in the flow to be forwarded and flow table Any one flow entry successful match when, execute in the action fields in the flow entry execution movement the step of, comprising:
If the action fields in matched flow entry include first movement, the value of the first of register the default flag bit is set It is set to the corresponding value of statistical indicant of first movement;
The virtual switch is set not learn the source MAC in the flow to be forwarded according to the value of statistical indicant of setting.
3. flow control methods according to claim 1, which is characterized in that described when in the flow to be forwarded and flow table Any one flow entry successful match when, execute in the action fields in the flow entry execution movement the step of, comprising:
If the action fields in matched flow entry include second movement, the value of the second of register the default flag bit is set It is set to the corresponding value of statistical indicant of second movement;
The virtual switch is stored in by the corresponding exit port of the flow to be forwarded according to the value of statistical indicant of setting to post In storage.
4. flow control methods according to claim 1, which is characterized in that described when in the flow to be forwarded and flow table Any one flow entry successful match when, execute in the action fields in the flow entry execution movement the step of, comprising:
If the action fields in matched flow entry include the third movement, the value that the third of register presets flag bit is set It is set to the third and acts corresponding value of statistical indicant;
Make the virtual switch jump to next stage flow table according to the value of statistical indicant of setting to carry out the flow to be forwarded Matching.
5. flow control methods according to claim 1, which is characterized in that described when in the flow to be forwarded and flow table Any one flow entry successful match when, execute in the action fields in the flow entry execution movement the step of, comprising:
If the action fields in matched flow entry include the 4th movement, the value of the 4th default flag bit of register is set It is set to the corresponding value of statistical indicant of the 4th movement;
Described in the virtual switch being forwarded not in the flow treatment process of the same level flow table according to the value of statistical indicant of setting Flow to be forwarded.
6. flow control methods according to claim 1, which is characterized in that described when in the flow to be forwarded and flow table Any one flow entry successful match when, execute in the action fields in the flow entry execution movement the step of, comprising:
If the action fields in matched flow entry include the 5th movement, the value of the 5th default flag bit of register is set It is set to the corresponding value of statistical indicant of the 5th movement;
The virtual switch is hidden in a register before jumping to next stage flow table according to the value of statistical indicant of setting The first movement, the second movement, third movement or the corresponding value of statistical indicant of the 4th movement that action fields in the same level flow table include.
7. a kind of volume control device, which is characterized in that be applied to virtual switch, described device includes:
Receiving module, for receiving flow to be forwarded;
Judgment module, for judge the flow to be forwarded whether with any one flow entry in the flow table of virtual switch Match, wherein each flow entry in the flow table includes matching domain and action fields, which includes and the flow to be forwarded Matched matching condition is carried out, which includes corresponding when the flow to be forwarded meets the matching condition of the matching domain Movement is executed, the execution movement is corresponding including forbidding learn source MAC first to act, saving the flow to be forwarded Second movement of exit port, in the same level flow table does not forward the flow to be forwarded at the third movement for jumping to next stage flow table 4th movement and hidden before jumping to next stage flow table in the 5th movement of above-mentioned first to fourth movement wherein extremely Few one kind;
Action executing module, for executing when any one flow entry successful match in the flow to be forwarded and flow table Movement is executed in action fields in the flow entry.
8. volume control device according to claim 7, which is characterized in that if the action fields in matched flow entry include First movement, the action executing module are specifically used for:
The corresponding value of statistical indicant of first movement is set by the value of the first of register the default flag bit;
The virtual switch is set not learn the source MAC in the flow to be forwarded according to the value of statistical indicant of setting.
9. volume control device according to claim 7, which is characterized in that if the action fields in matched flow entry include Second movement, the action executing module are specifically used for:
The corresponding value of statistical indicant of second movement is set by the value of the second of register the default flag bit;
The virtual switch is stored in by the corresponding exit port of the flow to be forwarded according to the value of statistical indicant of setting to post In storage.
10. volume control device according to claim 7, which is characterized in that if the action fields packet in matched flow entry The third movement is included, the action executing module is specifically used for:
The third, which is set, by the value that the third of register presets flag bit acts corresponding value of statistical indicant;
Make the virtual switch jump to next stage flow table according to the value of statistical indicant of setting to carry out the flow to be forwarded Matching.
11. volume control device according to claim 7, which is characterized in that if the action fields packet in matched flow entry The 4th movement is included, the action executing module is specifically used for:
The corresponding value of statistical indicant of the 4th movement is set by the value of the 4th default flag bit of register;
Described in the virtual switch being forwarded not in the flow treatment process of the same level flow table according to the value of statistical indicant of setting Flow to be forwarded.
12. volume control device according to claim 7, which is characterized in that if the action fields packet in matched flow entry The 5th movement is included, the action executing module is specifically used for:
If the action fields in matched flow entry include the 5th movement, the value of the 5th default flag bit of register is set It is set to the corresponding value of statistical indicant of the 5th movement;
The virtual switch is hidden in a register before jumping to next stage flow table according to the value of statistical indicant of setting The first movement, the second movement, third movement or the corresponding value of statistical indicant of the 4th movement that action fields in the same level flow table include.
13. a kind of server, which is characterized in that the server includes:
Storage medium;
Processor;And
Volume control device described in any one of claim 7-12, the volume control device are stored in the storage and are situated between In matter and the computer executable instructions including being executed by the processor.
CN201811450342.8A 2018-11-30 2018-11-30 Flow control method and device and server Active CN109450811B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811450342.8A CN109450811B (en) 2018-11-30 2018-11-30 Flow control method and device and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811450342.8A CN109450811B (en) 2018-11-30 2018-11-30 Flow control method and device and server

Publications (2)

Publication Number Publication Date
CN109450811A true CN109450811A (en) 2019-03-08
CN109450811B CN109450811B (en) 2022-08-12

Family

ID=65555365

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811450342.8A Active CN109450811B (en) 2018-11-30 2018-11-30 Flow control method and device and server

Country Status (1)

Country Link
CN (1) CN109450811B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113595924A (en) * 2021-06-28 2021-11-02 济南浪潮数据技术有限公司 Two-layer drainage method, system and device based on openflow protocol
CN113630315A (en) * 2021-09-03 2021-11-09 中国联合网络通信集团有限公司 Network drainage method and device, electronic equipment and storage medium

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243316A (en) * 2014-09-25 2014-12-24 杭州华三通信技术有限公司 Mainframe learning method and device
CN104320340A (en) * 2014-10-21 2015-01-28 杭州华三通信技术有限公司 Method and device for defining study source MAC address in network by software
CN104660469A (en) * 2015-02-15 2015-05-27 华为技术有限公司 Layer-2 network connectivity detecting method and associated equipment
CN105591909A (en) * 2015-10-21 2016-05-18 杭州华三通信技术有限公司 Method and device for improvement of message forwarding performance
CN105610617A (en) * 2015-12-29 2016-05-25 合肥工业大学 QoS management mechanism for distinguishing user priorities in WLAN based on SDN and AP (Access Point) virtualization technique
CN105763465A (en) * 2016-01-29 2016-07-13 杭州华三通信技术有限公司 Distributed combination flow control method and device
CN105847157A (en) * 2016-03-21 2016-08-10 中国人民解放军国防科学技术大学 End-to-end communication method between identification networks based on SDN
CN105874758A (en) * 2014-11-28 2016-08-17 华为技术有限公司 Memory access method, switch and multi-processor system
CN106464596A (en) * 2014-06-03 2017-02-22 华为技术有限公司 Openflow communication method, system, controller, and service gateway
CN106936777A (en) * 2015-12-29 2017-07-07 中移(苏州)软件技术有限公司 Cloud computing distributed network implementation method based on OpenFlow, system
WO2017203327A1 (en) * 2016-05-25 2017-11-30 Telefonaktiebolaget Lm Ericsson (Publ) Packet forwarding using vendor extension in a software-defined networking (sdn) system
CN107623635A (en) * 2017-10-30 2018-01-23 深圳市德赛微电子技术有限公司 A kind of network exchanging chip can recognize that the intelligent Matching method of flow table
CN108023814A (en) * 2017-11-30 2018-05-11 北京邮电大学 SDN control plane failure emergency systems and method
CN108540387A (en) * 2018-06-06 2018-09-14 新华三云计算技术有限公司 Method for network access control and device
CN108900420A (en) * 2018-06-26 2018-11-27 新华三云计算技术有限公司 Ductility limit speed method, apparatus and server

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106464596A (en) * 2014-06-03 2017-02-22 华为技术有限公司 Openflow communication method, system, controller, and service gateway
CN104243316A (en) * 2014-09-25 2014-12-24 杭州华三通信技术有限公司 Mainframe learning method and device
CN104320340A (en) * 2014-10-21 2015-01-28 杭州华三通信技术有限公司 Method and device for defining study source MAC address in network by software
CN105874758A (en) * 2014-11-28 2016-08-17 华为技术有限公司 Memory access method, switch and multi-processor system
CN104660469A (en) * 2015-02-15 2015-05-27 华为技术有限公司 Layer-2 network connectivity detecting method and associated equipment
CN105591909A (en) * 2015-10-21 2016-05-18 杭州华三通信技术有限公司 Method and device for improvement of message forwarding performance
CN106936777A (en) * 2015-12-29 2017-07-07 中移(苏州)软件技术有限公司 Cloud computing distributed network implementation method based on OpenFlow, system
CN105610617A (en) * 2015-12-29 2016-05-25 合肥工业大学 QoS management mechanism for distinguishing user priorities in WLAN based on SDN and AP (Access Point) virtualization technique
CN105763465A (en) * 2016-01-29 2016-07-13 杭州华三通信技术有限公司 Distributed combination flow control method and device
CN105847157A (en) * 2016-03-21 2016-08-10 中国人民解放军国防科学技术大学 End-to-end communication method between identification networks based on SDN
WO2017203327A1 (en) * 2016-05-25 2017-11-30 Telefonaktiebolaget Lm Ericsson (Publ) Packet forwarding using vendor extension in a software-defined networking (sdn) system
CN107623635A (en) * 2017-10-30 2018-01-23 深圳市德赛微电子技术有限公司 A kind of network exchanging chip can recognize that the intelligent Matching method of flow table
CN108023814A (en) * 2017-11-30 2018-05-11 北京邮电大学 SDN control plane failure emergency systems and method
CN108540387A (en) * 2018-06-06 2018-09-14 新华三云计算技术有限公司 Method for network access control and device
CN108900420A (en) * 2018-06-26 2018-11-27 新华三云计算技术有限公司 Ductility limit speed method, apparatus and server

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
宴思宇: ""OVS中Action源码分析&自定义Action"", 《HTTPS://WWW.SDNLAB.COM/14662.HTML》 *
朱向阳,陈兵: "软件定义网络中可扩展的流表项处理机制", 《计算机技术与发展》 *
梁昊驰: "SDN可扩展路由及流表资源优化研究", 《中国优秀硕士学位论文全文数据库》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113595924A (en) * 2021-06-28 2021-11-02 济南浪潮数据技术有限公司 Two-layer drainage method, system and device based on openflow protocol
CN113595924B (en) * 2021-06-28 2024-03-15 济南浪潮数据技术有限公司 Two-layer drainage method, system and device based on openflow protocol
CN113630315A (en) * 2021-09-03 2021-11-09 中国联合网络通信集团有限公司 Network drainage method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN109450811B (en) 2022-08-12

Similar Documents

Publication Publication Date Title
US11924072B2 (en) Technologies for annotating process and user information for network flows
US8837322B2 (en) Method and apparatus for snoop-and-learn intelligence in data plane
US9007895B2 (en) Method for routing data packets in a fat tree network
CN115037575A (en) Message processing method and device
US11343187B2 (en) Quantitative exact match distance in network flows
CN107196939B (en) Mixed packet label tracing system and method suitable for SDN network
US11929944B2 (en) Network forwarding element with key-value processing in the data plane
EP2525532A1 (en) Method and apparatus of connectivity discovery between network switch and server based on vlan identifiers
CN104937892B (en) Multinode virtual exchange system
CN109831390A (en) Message transmission control method and device
CN112019545B (en) Honeypot network deployment method, device, equipment and medium
US11641320B2 (en) Intent-based network virtualization design
CN101924699B (en) Message forwarding method, system and provider edge equipment
US9548922B2 (en) Enabling scalable virtual machine tracking in a data center fabric
CN110266679B (en) Container network isolation method and device
KR102155262B1 (en) Elastic honeynet system and method for managing the same
CN104734955A (en) Network function virtualization implementation method, wide-band network gateway and control device
WO2021222224A1 (en) Systems for providing an lpm implementation for a programmable data plane through a distributed algorithm
US20150052575A1 (en) Steering Traffic Among Multiple Network Services Using a Centralized Dispatcher
WO2020081457A1 (en) Realization of a programmable forwarding pipeline through packet header summaries in a data processing unit
CN109450811A (en) Flow control methods, device and server
US20240214412A1 (en) Hierarchical novelty detection using intended states for network security
CN115426312A (en) Method and device for managing, optimizing and forwarding identifiers in large-scale multi-modal network
CN106992918A (en) Message forwarding method and device
CN114465750A (en) Network topology confusion virtual path creating method, device, terminal and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant