CN110138690A - Switching equipment method for developing functions and device, switching equipment and storage medium - Google Patents
Switching equipment method for developing functions and device, switching equipment and storage medium Download PDFInfo
- Publication number
- CN110138690A CN110138690A CN201810127447.3A CN201810127447A CN110138690A CN 110138690 A CN110138690 A CN 110138690A CN 201810127447 A CN201810127447 A CN 201810127447A CN 110138690 A CN110138690 A CN 110138690A
- Authority
- CN
- China
- Prior art keywords
- information
- switching equipment
- message
- instruction
- con
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/10—Packet switching elements characterised by the switching fabric construction
- H04L49/109—Integrated on microchip, e.g. switch-on-chip
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/45—Arrangements for providing or supporting expansion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of switching equipment method for developing functions and device, switching equipment and storage medium, the switching equipment method for developing functions include: to obtain P4 code;The P4 code is parsed, when including meeting preset first operation to explain the note of specification in the P4 code, generates the first con-figuration information that instruction carries out the first operation to message;Switching equipment is written into first con-figuration information.In technical solution provided by the present application, the support for realizing switching equipment to the first operation is explained using P4, extends the function of switching equipment.
Description
Technical field
The present invention relates to the communication technology, espespecially a kind of switching equipment method for developing functions and device, switching equipment and calculating
Machine readable storage medium storing program for executing.
Background technique
SDN (Software Defined Network, software defined network) enables network owner and operator because of it
It is enough that network behavior is programmed and achieves huge success.It is put down however, its programmability is limited only to network-control at present
Face, data plane are largely limited by the fixed packet processing hardware of function.Under normal circumstances, the data of switching equipment
Packet analyzing, forwarding process is cured by the exchange chip of equipment, so equipment does not have extension in terms of the support of agreement
Ability.Also, manufacturer develops new forwarding chip to support the cost of new agreement or Extended Protocol characteristic also very high, needs
By pervious hardware re-design, certainly will cause to update it is at high cost, a series of problems, such as long period.So in certain journey
It is this to support to limit the fast development of network with the mode of hardware binding by functions of the equipments and agreement on degree.From Pu Linsi
Jennifer Rexford and Stamford Nick professor Mckeown delivered jointly data surface may be programmed paper " P4:
Programming Protocol-Independent Packet Processors ", it is programmable that paper proposes data surface
Thought, the paper cause great repercussion and attention rate in SDN circle, and then, Nick professor et al. has issued " The P4 again
Language Specification ", that is, P4 linguistic norm.The appearance of P4 is just pushing the reconstruct of exchange chip hardware to set
Meter has had the exchange chip for supporting P4 language at present, the P4 exchange chip released such as barefoot.User can support P4
Data surface forwarding process needed for customized user on the exchange chip of language does not have to again by hardware constraints.The target of P4 language is
For the forwarding behavior in guide data face, but since P4 language design is simple, the data surface function of some complexity can not be supported.
Summary of the invention
A present invention at least embodiment provides a kind of switching equipment method for developing functions, switching equipment and computer-readable
Storage medium realizes that switching equipment is to more multi-functional support in SDN network.
In order to reach the object of the invention, a present invention at least embodiment provides a kind of switching equipment method for developing functions,
Include:
Obtain P4 code;
The P4 code is parsed, when including meeting preset first operation to explain the note of specification in the P4 code,
Generate the first con-figuration information that instruction carries out the first operation to message;
Switching equipment is written into first con-figuration information.
One embodiment of the invention provides a kind of switching equipment function expanding device, comprising:
Compiler is set as, and is obtained P4 code, is parsed the P4 code, when preset including meeting in the P4 code
When the note of specification is explained in first operation, the first con-figuration information that instruction carries out the first operation to message is generated;
Configuration module is set as, and switching equipment is written in first con-figuration information.
One of present invention embodiment provides a kind of switching equipment function expanding device, including memory and processor, described
Memory is stored with program, and described program realizes friendship described in any of the above-described embodiment when reading execution by the processor
Exchange device method for developing functions.
A present invention at least embodiment provides a kind of computer readable storage medium, and the computer readable storage medium is deposited
One or more program is contained, one or more of programs can be executed by one or more processor, on realizing
State switching equipment method for developing functions described in any embodiment.
One embodiment of the invention provides a kind of switching equipment method for developing functions, comprising:
The first con-figuration information that instruction carries out the first operation to message is received, first con-figuration information is based on
Meet the note that specification is explained in preset first operation in P4 code to generate;
After receiving message, first is executed to the message for needing to carry out the first operation according to first con-figuration information
Operation.
One embodiment of the invention provides a kind of switching equipment, comprising: Switching Module and the first operated device, in which:
The Switching Module is set as, and receives the first con-figuration information that instruction carries out the first operation to message, described
First con-figuration information is generated based on the note that specification is explained in preset first operation is met in P4 code;After receiving message,
The message for carrying out the first operation will be needed to be sent to first operated device according to first con-figuration information;
First operated device is set as, and executes the first operation to message.
One embodiment of the invention provides a kind of switching equipment, including memory and processor, and the memory is stored with journey
Sequence, described program realize switching equipment Function Extension described in any of the above-described embodiment when reading execution by the processor
Method.
One embodiment of the invention provides a kind of computer readable storage medium, and the computer-readable recording medium storage has
One or more program, one or more of programs can be executed by one or more processor, to realize above-mentioned
Switching equipment method for developing functions described in one embodiment.
Compared with the relevant technologies, in one embodiment of the invention, by the note using P4 code, realize switching equipment to the
The support of one operation, to realize the Function Extension to switching equipment.And first operation specially which kind of function can be according to need
It is arranged, in one embodiment, the first operation is that IPSEC is operated, and realizes the support to IPSEC function.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by specification, right
Specifically noted structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
Attached drawing is used to provide to further understand technical solution of the present invention, and constitutes part of specification, with this
The embodiment of application technical solution for explaining the present invention together, does not constitute the limitation to technical solution of the present invention.
Fig. 1 is a kind of switching equipment method for developing functions flow chart that one embodiment of the invention provides;
Fig. 2 is a kind of switching equipment function expanding device block diagram that one embodiment of the invention provides;
Fig. 3 be another embodiment of the present invention provides a kind of switching equipment method for developing functions flow chart;
Fig. 4 is a kind of switching equipment block diagram that one embodiment of the invention provides;
Fig. 5 is the Message processing schematic diagram that one embodiment of the invention provides;
Fig. 6 be another embodiment of the present invention provides Message processing schematic diagram;
Fig. 7 be another embodiment of the present invention provides a kind of switching equipment block diagram.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention
Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application
Feature can mutual any combination.
Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions
It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable
Sequence executes shown or described step.
P4 language is supported to explain (Annotation), after joined related explain in P4 program, if compiler cannot
Identify this note, compiler can ignore this information, and can identify this compiler explained, then can be according to note
Instruction complete relevant operation, so, have Annotation property, then can be on the basis of not changing P4 grammer, to the function of P4
Expanded.Therefore, the application realizes the support to multiple functions using the note in P4 language, i.e., using the note in P4 language
Solution realizes the support to the data surface function of some complexity.P4 compiler is divided into front-end compiler and back-end compiler, and front end is compiled
It is unrelated with target device to translate device, back-end compiler is related to target device, and back-end compiler (supports P4 to program by P4 switching equipment
Switching equipment) manufacturer provide.So switching equipment function can be expanded by the note in P4 when designing P4 exchange chip
Energy.The application realizes the support to multiple functions, than strictly according to the facts by increasing the parsing to note in extension P4 note and compiler
Now to the support of IPSEC (Internet Protocol Security, Internet Protocol Security) operation.
As shown in Figure 1, one embodiment of the invention provides a kind of switching equipment method for developing functions, comprising:
Step 101, P4 code is obtained;
Step 102, the P4 code is parsed, when what is standardized in the P4 code including meeting preset first operation note
When note, the first con-figuration information that instruction carries out the first operation to message is generated;
Wherein, it is pre-defined to explain specification for the first operation.In the note for meeting preset first operation note specification
Description information including carrying out the first operation to message, the description information include whether to need to carry out the first operation, if first
Operation includes multiple types, and further instruction executes which type of first operation.For example, when the first operation is IPSEC operation,
The description information for carrying out the first operation to message includes: whether message needs to do IPSEC operation, needs to do cryptographic operation also
It is the information such as decryption oprerations.First operation is explained the syntax format that specification is explained and can be preset, can be in the soft of chip
It provides, can also otherwise provide in part development kit (Software Development Kit, SDK), such as
It is provided in server, user is checked by way of accessing server.
In the related technology, according to P4-16 standardize describe, P4 explain with '@' character beginning, usually with the subsequent word of@symbol
Mother is represented to some table with the reserved keyword such as name (" xxxx ") that lowercase beginning is note and takes individual entitled xxxx,
And using this alias as externally exposed table name.When suggesting the customized note of user in P4-16 specification, with capitalization after@
Beginning of letter.In one embodiment of the application, when explaining extension function by P4, it then follows P4 specification, i.e., with capitalization after@
Beginning of letter, such as@VENDOR_ipsec (" xxxx ") indicate to execute ipsec operation.It is of course also possible to use customized rule
Model is appointed and the compiler of P4 code is identified.
Step 103, switching equipment is written into first con-figuration information.
The switching equipment is such as an exchange chip.
Wherein, the mode of configuration information write-in switching equipment please refers to the relevant technologies, such as the driving for passing through switching equipment
Write-in.
Wherein, the first operation can according to need the function setting of extension, for example, the first operation is that IPSEC is operated, IP points
Piece reorganization operation, etc..
In an embodiment of the present invention, needing to design one can store the first operation strategy information or the first operation strategy
Indicate that the container of information, this container can be the intrinsic metadata structure of switching equipment (the device-dependent knot of one of P4
Structure body information) certain field, be also possible to the certain field of customized metadata structure.Specifically, first operation
In configuration information further include: indicate that the first operation strategy is written in the preset field of the default metadata structure of the switching equipment
The configuration information of information, alternatively, preset field write-in first operation of the instruction in the default metadata structure of the switching equipment
Matching for the first operation strategy information is written in the storage region of first operation strategy instruction information instruction in strategy instruction information
Confidence breath.After switching equipment receives first con-figuration information, the switching equipment default metadata structure it is default
The first operation strategy information is written in field, alternatively, the preset field write-in the of the default metadata structure in the switching equipment
One operation strategy indicates information, and the first operation strategy is written in the storage region of first operation strategy instruction information instruction
Information.The default metadata structure is the intrinsic metadata structure of switching equipment, or is self-defining metadata structure, that is, is used
The metadata structure that family newly defines.
Wherein, the first operation strategy information includes executing some specific strategies of the first operation.With the first operation for IPSEC
For operation, the first operation strategy information may include at least one of: encryption/decryption algorithm, identifying algorithm, key, encapsulation
The information such as message trend after mode and IPSEC operation.Specific first operation strategy is determined when can be programmed by user using P4
Information is written in P4 code.
Wherein, the first operation strategy instruction information includes: the ground for storing the memory space of the first operation strategy information
The allocation index information of the memory space of location information or storage the first operation strategy information (for example is offset address letter
Breath, actual storage address are codetermined by base address and offset address, and base address can inform the first operator by Switching Module
Part).The memory space for storing the first operation strategy information can be preset.It the definition of the preset field of metadata structure and deposits
Storage space is set, and can be provided, can also otherwise be provided in the SDK of switching equipment.
In the present embodiment, by extending the note of P4 code, the support to the first operation is realized.
As shown in Fig. 2, one embodiment of the invention provides a kind of switching equipment function expanding device, comprising:
Compiler 201, is set as, and obtains P4 code, parses the P4 code, when default including meeting in the P4 code
First operation explain specification note when, generate instruction to message carry out first operation the first con-figuration information;
Configuration module 202, is set as, and switching equipment is written in first con-figuration information.
Wherein, compiler 201 is the compiler that can identify P4 code.Compiling in the present embodiment, to existing P4 code
Device is extended, and enables it to parse the note of the first newly-increased operation, and then realize the support to the first operation.
Wherein, in first con-figuration information further include: indicate the default metadata structure in the switching equipment
Preset field be written the first operation strategy information configuration information, or instruction the switching equipment default metadata knot
The preset field of structure is written the first operation strategy and indicates information, and indicates depositing in first operation strategy instruction information instruction
The configuration information of the first operation strategy information is written in storage area domain.
One embodiment of the invention provides a kind of switching equipment function expanding device, including memory and processor, described to deposit
Reservoir is stored with program, and described program realizes above-mentioned switching equipment method for developing functions when reading execution by the processor.
As shown in figure 3, one embodiment of the invention provides a kind of switching equipment method for developing functions, comprising:
Step 301, switching equipment, which receives, indicates to carry out message the first the first con-figuration information operated, and described first
Con-figuration information is generated based on the note that specification is explained in preset first operation is met in P4 code;
Step 302, after switching equipment receives message, according to first con-figuration information to needing to carry out the first behaviour
The message of work executes the first operation.
Wherein, described that first operation is executed to the message for needing to carry out the first operation according to first con-figuration information
Include:
The storage region that the message for carrying out the first operation will be needed to be sent to the first con-figuration information instruction, from institute
It states and reads the first operation of message execution in storage region.
In one embodiment, in first con-figuration information further include: indicate the default member in the switching equipment
The configuration information of the first operation strategy information is written in the preset field of data structure;Alternatively, instruction is in the pre- of the switching equipment
If the first operation strategy and depositing in first operation strategy instruction information instruction is written in the preset field of metadata structure
The configuration information of the first operation strategy information is written in storage area domain;
The method also includes: according to first con-figuration information the switching equipment default metadata structure
Preset field be written the first operation strategy information;Alternatively, the preset field of the default metadata structure in the switching equipment
The first operation strategy instruction information and the storage region write-in first in first operation strategy instruction information instruction is written
Operation strategy information;
It is described according to first con-figuration information to need the message for carrying out the first operation execute first operation include:
The preset field of the default metadata structure indicated from first con-figuration information obtains the first operation strategy information, or
Person obtains the first operation strategy from the preset field of default metadata structure and indicates information, indicates from first operation strategy
The storage region of information instruction obtains the first operation strategy information;
The first operation is executed according to the first operation strategy information.
In one embodiment, the first operation strategy instruction information includes: storage the first operation strategy information
The allocation index information of the memory space of the address information or storage the first operation strategy information of memory space.When first
When operation strategy indicates that information is an address information, the first operation strategy information directly is obtained from the address, when the first operation plan
When slightly instruction information is an allocation index information, such as when for an offset address, the storage that is indicated from base address plus offset address
Region obtains the first operation strategy information.Base address can be the configured address of switching equipment, can also match in the first operation
It is specified in confidence breath.
Wherein, the first operation can according to need the function setting of extension, for example, the first operation is that IPSEC is operated, IP points
Piece reorganization operation, etc..
As shown in figure 4, one embodiment of the invention provides a kind of switching equipment, including Switching Module 401 and the first operator
Part 402, in which:
The Switching Module 401 is set as, and receives the first con-figuration information that instruction carries out the first operation to message, institute
It states the first con-figuration information and is generated based on the note that specification is explained in preset first operation is met in P4 code;Receive message
Afterwards, the message for carrying out the first operation will be needed to be sent to first operated device according to first con-figuration information;
First operated device 402 is set as, and executes the first operation to message.
In one embodiment, the Switching Module 401 will need to carry out the first behaviour according to first con-figuration information
It includes: that the message for carrying out the first operation will be needed to be sent to first operation that the message of work, which is sent to first operated device,
The storage region of configuration information instruction;The storage region is the buffer area of first operated device;Alternatively, being the exchange
Region in the buffer area of module for the first operation private queue.
It includes: first operated device from the storage that first operated device 402, which executes the first operation to message,
Message is read in region, and the first operation is executed to the message read.
Message transmitting can be carried out by queue i.e. between Switching Module 401 and the first operated device 402, it can also be by handing over
Mold changing block 401 directly sends message in the included buffer area of the first operated device 402.Message transmission is carried out by queue
When, Switching Module 401 divides a part of space in the message buffer (packet databuffer) of itself and is used as the first behaviour
The storage region for making private queue will need the message for carrying out the first operation to be sent to the first operation private queue, then refer to
Show that the first operated device reads message from the first operation private queue.If there are many types for the first operation, can also divide
Multiple storage regions, for example, Switching Module 401 is in the message buffer of itself by taking IPSEC encryption and IPSEC decryption as an example
Storage region of a part of space as IPSEC encryption private queue is divided, it is special that subdivided a part of space is used as IPSEC decryption
The buffer area that the message for carrying out IPSEC encryption will be needed to be sent to Switching Module 401 with the storage region of queue, Switching Module 401
In for IPSEC encryption private queue storage region, the message for carrying out IPSEC decryption will be needed to be sent to Switching Module 401
Storage region in buffer area for IPSEC decryption private queue.Similar, the buffer area of the first operated device 402 can also be with
Multiple storage regions are divided into, for example, by taking IPSEC encryption and IPSEC decryption as an example, in the buffer area of the first operated device 402
The middle storage region for dividing a part of space and being used as IPSEC encryption private queue, subdivided a part of space is decrypted as IPSEC
The storage region of private queue.Switching Module 401 will need the message for carrying out IPSEC encryption to be sent to the first operated device 402
Storage region in buffer area for IPSEC encryption private queue, will need the message for carrying out IPSEC decryption to be sent to the first operation
Storage region in the buffer area of device 402 for IPSEC decryption private queue.
In one embodiment, the Switching Module 401 is also configured to, according to first con-figuration information in the friendship
The first operation strategy information is written in the preset field of the default metadata structure of exchange device;Alternatively, in the pre- of the switching equipment
If the preset field of metadata structure is written the first operation strategy instruction information and indicates information in first operation strategy
The first operation strategy information is written in the storage region of instruction, and configures first operated device from the default metadata structure
Preset field obtain the first operation strategy information, or configuration first operated device is from the default metadata structure
Preset field obtains the first operation strategy and indicates information, writes and obtains in the storage region of first operation strategy instruction information instruction
Take the first operation strategy information;
It includes: to be preset according to the configuration of the Switching Module from described that first operated device 402, which executes the first operation,
The preset field of metadata structure obtains the first operation strategy information, alternatively, from the preset field of the default metadata structure
The first operation strategy instruction information is obtained, the storage region indicated from first operation strategy instruction information obtains the first operation
Policy information;The first operation is executed according to the first operation strategy information.Wherein, the default metadata structure is intrinsic
Metadata structure, or be self-defining metadata structure.
In one embodiment, the first operation strategy instruction information includes: storage the first operation strategy information
The allocation index information of the memory space of the address information or storage the first operation strategy information of memory space.
Wherein, the first operation can according to need the function setting of extension, for example, the first operation is that IPSEC is operated, IP points
Piece reorganization operation, etc..
Wherein, the first operated device 402 is the function element for executing the first operation, for example, the first operation is that IPSEC is operated
When, the first operated device 402 is IPSEC device.IPSEC device be refer to message carry out IPSEC operation (such as encryption or
Decryption) device, inside may include the processing units such as microprocessor, SEC (Security, safety) engine.
It should be noted that in an alternative embodiment of the invention, switching equipment can only include above-mentioned Switching Module 401,
And the first operated device 402 is independently arranged.
The application is further illustrated below by specific embodiment.It should be noted that with the first behaviour in following embodiment
As being illustrated for IPSEC operation, however, the present invention is not limited thereto, other kinds of function extends and IPSEC operation
It realizes similar.
Embodiment one
In the present embodiment, IPSEC context is carried using the field in the intrinsic metadata structure of switching equipment, wherein
IPSEC context can be IPSEC strategy, be also possible to IPSEC strategy instruction information.In addition, being set in the present embodiment from exchange
The memory space that a part of space is used as IPSEC private queue is divided in standby message buffer, it should be noted that be used as
The memory space of IPSEC private queue can be with further division two parts, and message of a part for being encrypted adds
The memory space of close queue, the memory space of the decryption queue for the message that another part is used to need to be decrypted.
In the present embodiment, it is as follows that design IPSEC explains specification:
@VENDOR_ipsec (" encrypt:1 ") expression needs to encrypt message;
@VENDOR_ipsec (" encrypt:0 ") expression needs that message is decrypted.
It should be noted that above-mentioned note specification is merely illustrative, it can according to need and be set as extended formatting.
In addition, increasing a field sa_index:16 in intrinsic metadata structure, 16 represent the size of the field, this
It is 16 bits in embodiment, certainly, this field size is merely illustrative, can according to need the field using other sizes.This reality
It applies in example, a memory space address index information is carried in the field, the storage of memory space address index information instruction is empty
Between storage for IPSEC operation IPSEC strategy, i.e., message need using sa_index indicate memory space storage
IPSEC SA (i.e. IPSEC strategy) carries out IPSEC operation.
In the present embodiment, the note of IPSEC operation is increased in P4 code, and IPSEC operation is generated after parsing to it
Configuration information, specifically, being configured as follows: if carried out in P4 code using@VENDOR_ipsec (" encrypt:1 ")
Description, then be configured to corresponding Match-Action (matching executes) unit for IPSEC private queue, i.e. Match-Action is mono-
Member by need the message for carrying out cryptographic operation be sent to IPSCE private queue where storage region;If using@in P4 code
VENDOR_ipsec (" encrypt:0 ") is described, then IPSEC private queue is configured to Match-Action unit,
I.e. the message for needing to be decrypted operation is sent to the storage region where IPSCE private queue by Match-Action unit;Such as
Fruit is explained without correlation IPSEC, then generic queue (Common Queue) is configured to Match-Action unit, i.e. Match-
Action unit is by the storage region where being sent to generic queue without the message for carrying out encryption and decryption operation.Match-Action is mono-
Member will be sent to message configured destination after finishing relevant operation (such as matching operation), i.e., will need to carry out
The message of IPSEC operation (encryption or decryption) is sent to IPSEC private queue, sends generic queue for other messages.Wherein,
Generic queue is the existing queue of switching equipment, wherein may also include a plurality of types of queues, the application repeat this.
Rx Mac is to receive network interface in Fig. 5, and Tx Mac is to send network interface, as shown in figure 5, Switching Module receives message
Afterwards, Match-Action unit (entrance in Fig. 5, which matches, to be executed) is matched, and after matching, will need to carry out at IPSEC
The message (such as message of the first data format) of reason is sent in IPSEC queue, does not need the message for carrying out IPSEC processing
(such as message of the second data format) is sent in generic queue, and Switching Module configuring IPSEC device is read from which queue
Message, and indicate that IPSEC device reads IPSEC or more inside the preset field of the preset metadata structure of Switching Module
Text, specifically, to read the memory space index information that sa_index field carries in the present embodiment, IPSEC device is according to matching
The memory space index information of the base address set and sa_index instruction determines the memory space of storage IPSEC SA information, from
After middle reading IPSEC SA information, IPSEC processing is carried out to message according to the IPSEC SA information.IPSEC device to message at
It can be sent to ingress (entrance) queue after having managed, egress (outlet) queue can also be sent to, it specifically can be in IPSEC
It is described in SA.
Embodiment two
In the present embodiment, IPSEC context is carried using the preset field in the intrinsic metadata structure of switching equipment.Its
In, IPSEC context can be IPSEC strategy, be also possible to IPSEC strategy instruction information.In addition, in the present embodiment, IPSEC
Device carries buffer area, and the message for needing to do IPSEC processing is routed directly to the buffer area of IPSEC device.
In the present embodiment, it is as follows that design IPSEC explains specification:
@VENDOR_ipsec (" encrypt:1 ") expression needs to encrypt message;
@VENDOR_ipsec (" encrypt:0 ") expression needs that message is decrypted.
Increase a field sa_index:16 in intrinsic metadata structure, 16 represent the size of the field, the present embodiment
In be 16 bits, in the present embodiment, a memory space address index information is carried in the field, which refers to
The memory space that IPSEC strategy of the memory space storage shown for IPSEC operation, i.e. message need to indicate using sa_index
The IPSEC SA (i.e. IPSEC strategy) of storage carries out IPSEC operation.
In the present embodiment, the note to IPSEC operation is increased in P4 code, and IPSEC behaviour is generated after parsing to it
Make configuration information, configured as follows according to IPSEC con-figuration information: if using@VENDOR_ipsec in P4 code
(" encrypt:1 ") is described, then by the buffer configuration of IPSEC device to corresponding Match-Action unit;Such as
It is described in fruit P4 code using@VENDOR_ipsec (" encrypt:0 "), then by the buffer configuration of IPSEC device
To Match-Action unit;If explained without related IPSEC, the generic queue that chip carries is configured to Match-
Action unit.Match-Action unit is finished to be sent to message after relevant operation (such as matching operation) and be configured
Destination.
As shown in fig. 6, after receiving message, message (such as the report of the first data format of IPSEC processing is not needed to carry out
Text) it is sent in generic queue, the message (such as message of the second data format) for needing to carry out IPSEC processing is sent to
The included buffer area of IPSEC device, Switching Module configuring IPSEC device reads message from which queue, and indicates IPSEC device
Part reads IPSEC context inside the intrinsic metadata information of switching equipment, specifically, reading what sa_index field carried
Memory space index information, what the base address and sa_index that IPSEC device is configured according to the switching equipment of configuration indicated deposits
The memory space that spatial index information determines storage IPSEC SA information is stored up, after reading IPSEC SA information, according to the IPSEC
SA information carries out IPSEC processing to message.It can be sent to ingress (entrance) queue after IPSEC device is complete to Message processing,
It can also be sent to egress (outlet) queue, be specifically described in IPSEC strategy.
Embodiment three
In the present embodiment, IPSEC context is carried using field in self-defining metadata structure.Wherein, IPSEC context
It can be IPSEC strategy, be also possible to IPSEC strategy instruction information.Select metadata (metadata) structural body (non-to set
Standby included intrinsic metadata structure body, can have many metadata structure bodies, institute in the switch program of P4 description
Can choose one of metadata, if ingress_metadata_t is that message enters to metadata structure body), wherein
Increase by one for carrying the field of IPSEC context.In addition, being drawn from the message buffer of Switching Module in the present embodiment
The memory space for dividing a part of space to be used as IPSEC private queue, it should be noted that the storage as IPSEC private queue
Space can be with further division two parts space, and the storage of the crypto queue of message of a part for being encrypted is empty
Between, the memory space of the decryption queue for the message that another part is used to need to be decrypted.
In the present embodiment, it is as follows that design IPSEC explains specification:
@VENDOR_ipsec (" encrypt:1 ") expression needs to encrypt message;
@VENDOR_ipsec (" encrypt:0 ") expression needs that message is decrypted.
In addition, defining a field sa_index:16 in customized metadata structure, 16 represent the big of the field
It is small, it is 16 bits in the present embodiment, certainly, this field size is merely illustrative, can according to need the field using other sizes.
In the present embodiment, a memory space address index information is carried in the field, the storage of memory space index information instruction is empty
Between storage for IPSEC operation IPSEC strategy, i.e., message need using sa_index indicate memory space storage
IPSEC SA (i.e. IPSEC strategy) carries out IPSEC operation.
In the present embodiment, the note of IPSEC operation is increased in P4 code, and IPSEC operation is generated after parsing to it
Configuration information, specifically, if be described in P4 code using@VENDOR_ipsec (" encrypt:1 "), it will
IPSEC private queue is configured to corresponding Match-Action unit (if IPSEC private queue is divided into two parts, at this time
IPSEC crypto queue can be configured to corresponding Match-Action unit).If using@VENDOR_ in P4 code
Ipsec (" encrypt:0 ") is described, then by IPSEC private queue be configured to Match-Action unit (if
IPSEC private queue is divided into two parts, and it is mono- IPSEC decryption queue can be configured to corresponding Match-Action at this time
Member).If explained without related IPSEC, generic queue is configured to Match-Action unit.Match-Action unit
Finishing relevant operation (such as matching operation) later will be sent to message configured destination.
It after Switching Module receives message, is matched, the message for carrying out IPSEC processing will be needed to be sent to IPSEC team
In column (such as message of the first data format), message (such as the report of the second data format for carrying out IPSEC processing is not needed
Text) it is sent in generic queue, Switching Module configuring IPSEC device reads message from which queue, and indicates IPSEC device
IPSEC context is read inside the preset field of the specified metadata structure of switching equipment, specifically, reading sa_index
The memory space index information that field carries, the base address and sa_index that IPSEC device is configured according to Switching Module indicate
Memory space index information determine storage IPSEC SA information memory space, read IPSEC SA information after, according to this
IPSEC SA information carries out IPSEC processing to message.
Example IV
In the present embodiment, IPSEC context is carried using the preset field in self-defining metadata structure.Select a member
Data (metadata) structural body (included intrinsic metadata structure body of non-equipment, in the switch program of P4 description
There can be many metadata structure bodies, it is possible to one of metadata is selected, if ingress_metadata_t is report
Text enters to metadata structure body), wherein increasing by one for carrying the field of IPSEC context.In the present embodiment, IPSEC
Device carries buffer area, and the message for needing to do IPSEC processing is routed directly to the buffer area of IPSEC device.
In the present embodiment, it is as follows that design IPSEC explains specification:
@VENDOR_ipsec (" encrypt:1 ") expression needs to encrypt message;
@VENDOR_ipsec (" encrypt:0 ") expression needs that message is decrypted.
In addition, defining a field sa_index:16 in customized metadata structure, 16 represent the big of the field
It is small, it is 16 bits in the present embodiment, certainly, this field size is merely illustrative, can according to need and is set as other values.This implementation
In example, a memory space address index information is carried in the field, the memory space storage of memory space index information instruction
For IPSEC operation IPSEC strategy, i.e., message need using sa_index indicate memory space storage IPSEC SA
(i.e. IPSEC strategy) carries out IPSEC operation.
In the present embodiment, the note to IPSEC operation is increased in P4 code, and IPSEC behaviour is generated after parsing to it
Make configuration information, specifically, if be described in P4 code using@VENDOR_ipsec (" encrypt:1 "), it will
The buffer configuration of IPSEC device is to corresponding Match-Action unit.If using@VENDOR_ipsec in P4 code
(" encrypt:0 ") is described, then by the buffer configuration of IPSEC device to Match-Action unit.If no
Related IPSEC is explained, then generic queue is configured to Match-Action unit.Match-Action unit finishes relevant operation
Message will be sent to configured destination after (such as matching operation).Will need to carry out IPSEC operation (encryption or
Decryption) message be sent to the buffer area of IPSEC device, send generic queue for other messages.
It after Switching Module receives message, is matched, the message for carrying out IPSEC processing will be needed to be sent to IPSEC certainly
In the buffer area of band (such as message of the first data format), message (such as the second data lattice for carrying out IPSEC processing are not needed
The message of formula) it is sent in generic queue, Switching Module configuring IPSEC device reads message from which queue, and indicates
IPSEC device reads IPSEC context inside the preset field of the specified metadata structure of Switching Module, specifically, reading
Take sa_index field carry memory space address index information, IPSEC device according to the base address that Switching Module configures with
And the memory space index information of sa_index instruction determines the memory space of storage IPSEC SA information, reads IPSEC SA letter
After breath, IPSEC processing is carried out to message according to the IPSEC SA information.
It should be noted that is carried in the preset field of default metadata structure is that storage is empty in above-described embodiment
Between allocation index information it is empty storage can directly to be carried in the preset field of default metadata structure in other embodiments
Between address, alternatively, directly carry IPSEC strategy.
As shown in fig. 7, one embodiment of the invention provides a kind of switching equipment 70, including memory 710 and processor 720,
The memory 710 is stored with program, and described program realizes any of the above-described implementation when reading execution by the processor 720
Switching equipment method for developing functions described in example.
One embodiment of the invention provides a kind of computer readable storage medium, and the computer-readable recording medium storage has
One or more program, one or more of programs can be executed by one or more processor, to realize above-mentioned
Switching equipment method for developing functions described in one embodiment.
The computer readable storage medium includes: USB flash disk, read-only memory (ROM, Read-Only Memory), random
Access memory (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. are various to can store program
The medium of code.
Although disclosed herein embodiment it is as above, the content only for ease of understanding the present invention and use
Embodiment is not intended to limit the invention.Technical staff in any fields of the present invention is taken off not departing from the present invention
Under the premise of the spirit and scope of dew, any modification and variation, but the present invention can be carried out in the form and details of implementation
Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.
Claims (21)
1. a kind of switching equipment method for developing functions, comprising:
Obtain P4 code;
The P4 code is parsed, when including meeting preset first operation to explain the note of specification in the P4 code, is generated
Indicate the first con-figuration information that the first operation is carried out to message;
Switching equipment is written into first con-figuration information.
2. switching equipment method for developing functions as described in claim 1, which is characterized in that in first con-figuration information
Further include: indicate that the configuration of the first operation strategy information is written in the preset field in the default metadata structure of the switching equipment
Information;Or the first operation strategy instruction letter is written in the preset field of the default metadata structure of the switching equipment in instruction
Breath, and indicate first operation strategy instruction information instruction storage region be written the first operation strategy information match confidence
Breath.
3. switching equipment method for developing functions as claimed in claim 2, which is characterized in that the default metadata structure is institute
The existing metadata structure of switching equipment is stated, or is self-defining metadata structure.
4. switching equipment method for developing functions as claimed in claim 2 or claim 3, which is characterized in that first operation strategy refers to
Show that information includes: to store the address information or storage the first operation plan of the memory space of the first operation strategy information
The slightly allocation index information of the memory space of information.
5. a kind of switching equipment function expanding device, comprising:
Compiler is set as, obtain P4 code, parse the P4 code, when in the P4 code include meet preset first
When the note of specification is explained in operation, the first con-figuration information that instruction carries out the first operation to message is generated;
Configuration module is set as, and switching equipment is written in first con-figuration information.
6. switching equipment function expanding device as claimed in claim 5, which is characterized in that in first con-figuration information
Further include: indicate that the configuration of the first operation strategy information is written in the preset field in the default metadata structure of the switching equipment
The first operation strategy is written in the preset field of the default metadata structure of the switching equipment in information, or instruction, and indicates
The configuration information of the first operation strategy information is written in the storage region of first operation strategy instruction information instruction.
7. switching equipment function expanding device as claimed in claim 6, which is characterized in that the default metadata structure is institute
The existing metadata structure of switching equipment is stated, or is self-defining metadata structure.
8. switching equipment function expanding device as claimed in claims 6 or 7, which is characterized in that first operation strategy refers to
Show that information includes: to store the address information or storage the first operation plan of the memory space of the first operation strategy information
The slightly allocation index information of the memory space of information.
9. a kind of switching equipment function expanding device, which is characterized in that including memory and processor, the memory is stored with
Program, described program realize the switching equipment function as described in Claims 1-4 is any when reading execution by the processor
It can extended method.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage have one or
Multiple programs, one or more of programs can be executed by one or more processor, to realize such as Claims 1-4
Any switching equipment method for developing functions.
11. a kind of switching equipment method for developing functions, comprising:
The first con-figuration information that instruction carries out the first operation to message is received, first con-figuration information is based on P4 generation
Meet the note that specification is explained in preset first operation in code to generate;
After receiving message, the first behaviour is executed to the message for needing to carry out the first operation according to first con-figuration information
Make.
12. switching equipment method for developing functions as claimed in claim 11, which is characterized in that described according to first operation
Configuration information to need the message for carrying out the first operation execute first operation include:
The storage region that the message for carrying out the first operation will be needed to be sent to the first con-figuration information instruction, is deposited from described
Message is read in storage area domain executes the first operation.
13. switching equipment method for developing functions as claimed in claim 11, which is characterized in that
In first con-figuration information further include: indicate the preset field in the default metadata structure of the switching equipment
The configuration information of the first operation strategy information is written;Alternatively, instruction the switching equipment default metadata structure it is default
The first operation strategy and the first operation of storage region write-in in first operation strategy instruction information instruction is written in field
The configuration information of policy information;
The method also includes: according to first con-figuration information the switching equipment default metadata structure it is pre-
If the first operation strategy information is written in field;Alternatively, the preset field write-in of the default metadata structure in the switching equipment
First operation strategy indicates information and the first operation of storage region write-in in first operation strategy instruction information instruction
Policy information;
It is described according to first con-figuration information to need the message for carrying out the first operation execute first operation include:
The preset field of the default metadata structure indicated from first con-figuration information obtains the first operation strategy information,
Alternatively, the preset field of the default metadata structure indicated from first con-figuration information obtains the instruction of the first operation strategy
Information, the storage region indicated from first operation strategy instruction information obtain the first operation strategy information;
The first operation is executed according to the first operation strategy information.
14. the switching equipment method for developing functions as described in claim 11 to 13 is any, which is characterized in that first operation
It is operated including Internet Protocol Security.
15. a kind of switching equipment characterized by comprising Switching Module and the first operated device, in which:
The Switching Module is set as, and is received and is indicated to carry out message the first the first con-figuration information operated, and described first
Con-figuration information is generated based on the note that specification is explained in preset first operation is met in P4 code;After receiving message, according to
First con-figuration information will need the message for carrying out the first operation to be sent to first operated device;
First operated device is set as, and executes the first operation to message.
16. switching equipment as claimed in claim 15, which is characterized in that
The Switching Module will need the message for carrying out the first operation to be sent to described according to first con-figuration information
One operated device includes: the memory block that the message for carrying out the first operation will be needed to be sent to the first con-figuration information instruction
Domain;
It includes: that first operated device is read from the storage region that first operated device, which executes the first operation to message,
Message is taken, the first operation is executed to the message read.
17. switching equipment as claimed in claim 16, which is characterized in that the storage region is first operated device
Buffer area;Alternatively, for the region in the buffer area of the Switching Module for the first operation private queue.
18. switching equipment as claimed in claim 15, which is characterized in that
The Switching Module is also configured to, according to first con-figuration information the switching equipment default metadata knot
The first operation strategy information is written in the preset field of structure;Alternatively, the predetermined word of the default metadata structure in the switching equipment
Section the first operation strategy of write-in instruction information and storage region write-in the in first operation strategy instruction information instruction
One operation strategy information, and configure first operated device and obtain the first behaviour from the preset field of the default metadata structure
Make policy information, or configuration first operated device obtains the first operation from the preset field of the default metadata structure
Strategy instruction information is write in the storage region of first operation strategy instruction information instruction and obtains the first operation strategy information;
It includes: according to the configuration of the Switching Module, from the default metadata that first operated device, which executes the first operation,
The preset field of structure obtains the first operation strategy information, alternatively, obtaining the from the preset field of the default metadata structure
One operation strategy indicates information, and the storage region indicated from first operation strategy instruction information obtains the first operation strategy letter
Breath;The first operation is executed according to the first operation strategy information.
19. the switching equipment as described in claim 15 to 18 is any, which is characterized in that first operation includes internet protocol
Discuss safety operation.
20. a kind of switching equipment, which is characterized in that including memory and processor, the memory is stored with program, the journey
Sequence realizes the switching equipment Function Extension side as described in claim 11 to 14 is any when reading execution by the processor
Method.
21. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage have one or
Multiple programs, one or more of programs can be executed by one or more processor, with realize as claim 11 to
14 any switching equipment method for developing functions.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810127447.3A CN110138690B (en) | 2018-02-08 | 2018-02-08 | Switching device function expansion method and device, switching device and storage medium |
PCT/CN2019/074643 WO2019154381A1 (en) | 2018-02-08 | 2019-02-02 | Function extension method and apparatus for switching device, switching device, and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810127447.3A CN110138690B (en) | 2018-02-08 | 2018-02-08 | Switching device function expansion method and device, switching device and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110138690A true CN110138690A (en) | 2019-08-16 |
CN110138690B CN110138690B (en) | 2021-10-26 |
Family
ID=67548643
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810127447.3A Active CN110138690B (en) | 2018-02-08 | 2018-02-08 | Switching device function expansion method and device, switching device and storage medium |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110138690B (en) |
WO (1) | WO2019154381A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113157254A (en) * | 2021-02-20 | 2021-07-23 | 井芯微电子技术(天津)有限公司 | Programmable hardware logic architecture realized based on P4 language and logic realization method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9229692B2 (en) * | 2013-01-03 | 2016-01-05 | International Business Machines Corporation | Processing proposed program code libraries in a networked computing environment |
CN105635086A (en) * | 2014-11-19 | 2016-06-01 | 中国科学院声学研究所 | Method for accessing external storage of switch from control plane and data plane |
US20170102943A1 (en) * | 2015-10-07 | 2017-04-13 | Andreas Voellmy | Compilation and runtime methods for executing algorithmic packet processing programs on multi-table packet forwarding elements |
CN107070766A (en) * | 2017-04-25 | 2017-08-18 | 福州大学 | The virtual network construction method of language is may be programmed based on software definition datum plane |
CN107391218A (en) * | 2017-07-07 | 2017-11-24 | 北京小米移动软件有限公司 | Compilation Method and device, electronic equipment and computer-readable recording medium |
CN107566316A (en) * | 2016-06-30 | 2018-01-09 | 中兴通讯股份有限公司 | A kind of message parsing method, device and network processing unit |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2015170974A (en) * | 2014-03-06 | 2015-09-28 | 日立金属株式会社 | relay device |
-
2018
- 2018-02-08 CN CN201810127447.3A patent/CN110138690B/en active Active
-
2019
- 2019-02-02 WO PCT/CN2019/074643 patent/WO2019154381A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9229692B2 (en) * | 2013-01-03 | 2016-01-05 | International Business Machines Corporation | Processing proposed program code libraries in a networked computing environment |
CN105635086A (en) * | 2014-11-19 | 2016-06-01 | 中国科学院声学研究所 | Method for accessing external storage of switch from control plane and data plane |
US20170102943A1 (en) * | 2015-10-07 | 2017-04-13 | Andreas Voellmy | Compilation and runtime methods for executing algorithmic packet processing programs on multi-table packet forwarding elements |
CN107566316A (en) * | 2016-06-30 | 2018-01-09 | 中兴通讯股份有限公司 | A kind of message parsing method, device and network processing unit |
CN107070766A (en) * | 2017-04-25 | 2017-08-18 | 福州大学 | The virtual network construction method of language is may be programmed based on software definition datum plane |
CN107391218A (en) * | 2017-07-07 | 2017-11-24 | 北京小米移动软件有限公司 | Compilation Method and device, electronic equipment and computer-readable recording medium |
Non-Patent Citations (2)
Title |
---|
何璐蓓等: "RESSP:基于FPGA的可重构SDN交换结构", 《计算机科学》 * |
赵敏等: "P4与POF协议无关可编程网络技术比较研究", 《网络新媒体技术》 * |
Also Published As
Publication number | Publication date |
---|---|
CN110138690B (en) | 2021-10-26 |
WO2019154381A1 (en) | 2019-08-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6568355B2 (en) | Method and apparatus for mutual communication of accounts between apps | |
CN108632074A (en) | A kind of business configuration file delivery method and device | |
CN105871811B (en) | Control the method and controller of application program permission | |
US10951656B2 (en) | Methods, apparatus and systems to use artificial intelligence to define encryption and security policies in a software defined data center | |
CN110650037B (en) | Heterogeneous network device configuration method and device | |
Jost et al. | A unified and composable take on ratcheting | |
SE0202730L (en) | Node and mobile device for a mobile telecommunications network providing intrusion detection | |
US11184149B2 (en) | Computing range queries over encrypted data | |
CN103200059B (en) | Secure network access processing method and device | |
CN106034046A (en) | Method and device for sending access control list (ACL) | |
CN111753324B (en) | Private data processing method, private data computing method and applicable equipment | |
CN102724079A (en) | Method and system for auxiliary configuration of Ethernet equipment | |
CN104025544A (en) | Sensitive information leakage prevention system, sensitive information leakage prevention method, and computer-readable recording medium | |
Tehrani et al. | RISC-V extension for lightweight cryptography | |
CN105939378A (en) | Configuration file exporting method and device, and configuration file importing method and device | |
CN110602212A (en) | Application service management method, device and storage medium | |
Barbosa et al. | Efficient function-hiding functional encryption: From inner-products to orthogonality | |
WO2017054439A1 (en) | Message processing method and device | |
Badertscher et al. | A constructive perspective on signcryption security | |
CN109857571A (en) | Clipbook control method and device | |
CN102096654B (en) | Data communication method, system and processor among CPUs | |
CN110138690A (en) | Switching equipment method for developing functions and device, switching equipment and storage medium | |
CN109598137B (en) | Method and system for safely processing data | |
CN109995526A (en) | A kind of storage method of key and the call method and device of device, key | |
Küsters et al. | Computational soundness for key exchange protocols with symmetric encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |