CN110138690A - Switching equipment method for developing functions and device, switching equipment and storage medium - Google Patents

Switching equipment method for developing functions and device, switching equipment and storage medium Download PDF

Info

Publication number
CN110138690A
CN110138690A CN201810127447.3A CN201810127447A CN110138690A CN 110138690 A CN110138690 A CN 110138690A CN 201810127447 A CN201810127447 A CN 201810127447A CN 110138690 A CN110138690 A CN 110138690A
Authority
CN
China
Prior art keywords
information
switching equipment
message
instruction
con
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810127447.3A
Other languages
Chinese (zh)
Other versions
CN110138690B (en
Inventor
杨智奇
吴学德
王忠波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201810127447.3A priority Critical patent/CN110138690B/en
Priority to PCT/CN2019/074643 priority patent/WO2019154381A1/en
Publication of CN110138690A publication Critical patent/CN110138690A/en
Application granted granted Critical
Publication of CN110138690B publication Critical patent/CN110138690B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/10Packet switching elements characterised by the switching fabric construction
    • H04L49/109Integrated on microchip, e.g. switch-on-chip
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/45Arrangements for providing or supporting expansion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A kind of switching equipment method for developing functions and device, switching equipment and storage medium, the switching equipment method for developing functions include: to obtain P4 code;The P4 code is parsed, when including meeting preset first operation to explain the note of specification in the P4 code, generates the first con-figuration information that instruction carries out the first operation to message;Switching equipment is written into first con-figuration information.In technical solution provided by the present application, the support for realizing switching equipment to the first operation is explained using P4, extends the function of switching equipment.

Description

Switching equipment method for developing functions and device, switching equipment and storage medium
Technical field
The present invention relates to the communication technology, espespecially a kind of switching equipment method for developing functions and device, switching equipment and calculating Machine readable storage medium storing program for executing.
Background technique
SDN (Software Defined Network, software defined network) enables network owner and operator because of it It is enough that network behavior is programmed and achieves huge success.It is put down however, its programmability is limited only to network-control at present Face, data plane are largely limited by the fixed packet processing hardware of function.Under normal circumstances, the data of switching equipment Packet analyzing, forwarding process is cured by the exchange chip of equipment, so equipment does not have extension in terms of the support of agreement Ability.Also, manufacturer develops new forwarding chip to support the cost of new agreement or Extended Protocol characteristic also very high, needs By pervious hardware re-design, certainly will cause to update it is at high cost, a series of problems, such as long period.So in certain journey It is this to support to limit the fast development of network with the mode of hardware binding by functions of the equipments and agreement on degree.From Pu Linsi Jennifer Rexford and Stamford Nick professor Mckeown delivered jointly data surface may be programmed paper " P4: Programming Protocol-Independent Packet Processors ", it is programmable that paper proposes data surface Thought, the paper cause great repercussion and attention rate in SDN circle, and then, Nick professor et al. has issued " The P4 again Language Specification ", that is, P4 linguistic norm.The appearance of P4 is just pushing the reconstruct of exchange chip hardware to set Meter has had the exchange chip for supporting P4 language at present, the P4 exchange chip released such as barefoot.User can support P4 Data surface forwarding process needed for customized user on the exchange chip of language does not have to again by hardware constraints.The target of P4 language is For the forwarding behavior in guide data face, but since P4 language design is simple, the data surface function of some complexity can not be supported.
Summary of the invention
A present invention at least embodiment provides a kind of switching equipment method for developing functions, switching equipment and computer-readable Storage medium realizes that switching equipment is to more multi-functional support in SDN network.
In order to reach the object of the invention, a present invention at least embodiment provides a kind of switching equipment method for developing functions, Include:
Obtain P4 code;
The P4 code is parsed, when including meeting preset first operation to explain the note of specification in the P4 code, Generate the first con-figuration information that instruction carries out the first operation to message;
Switching equipment is written into first con-figuration information.
One embodiment of the invention provides a kind of switching equipment function expanding device, comprising:
Compiler is set as, and is obtained P4 code, is parsed the P4 code, when preset including meeting in the P4 code When the note of specification is explained in first operation, the first con-figuration information that instruction carries out the first operation to message is generated;
Configuration module is set as, and switching equipment is written in first con-figuration information.
One of present invention embodiment provides a kind of switching equipment function expanding device, including memory and processor, described Memory is stored with program, and described program realizes friendship described in any of the above-described embodiment when reading execution by the processor Exchange device method for developing functions.
A present invention at least embodiment provides a kind of computer readable storage medium, and the computer readable storage medium is deposited One or more program is contained, one or more of programs can be executed by one or more processor, on realizing State switching equipment method for developing functions described in any embodiment.
One embodiment of the invention provides a kind of switching equipment method for developing functions, comprising:
The first con-figuration information that instruction carries out the first operation to message is received, first con-figuration information is based on Meet the note that specification is explained in preset first operation in P4 code to generate;
After receiving message, first is executed to the message for needing to carry out the first operation according to first con-figuration information Operation.
One embodiment of the invention provides a kind of switching equipment, comprising: Switching Module and the first operated device, in which:
The Switching Module is set as, and receives the first con-figuration information that instruction carries out the first operation to message, described First con-figuration information is generated based on the note that specification is explained in preset first operation is met in P4 code;After receiving message, The message for carrying out the first operation will be needed to be sent to first operated device according to first con-figuration information;
First operated device is set as, and executes the first operation to message.
One embodiment of the invention provides a kind of switching equipment, including memory and processor, and the memory is stored with journey Sequence, described program realize switching equipment Function Extension described in any of the above-described embodiment when reading execution by the processor Method.
One embodiment of the invention provides a kind of computer readable storage medium, and the computer-readable recording medium storage has One or more program, one or more of programs can be executed by one or more processor, to realize above-mentioned Switching equipment method for developing functions described in one embodiment.
Compared with the relevant technologies, in one embodiment of the invention, by the note using P4 code, realize switching equipment to the The support of one operation, to realize the Function Extension to switching equipment.And first operation specially which kind of function can be according to need It is arranged, in one embodiment, the first operation is that IPSEC is operated, and realizes the support to IPSEC function.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by specification, right Specifically noted structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
Attached drawing is used to provide to further understand technical solution of the present invention, and constitutes part of specification, with this The embodiment of application technical solution for explaining the present invention together, does not constitute the limitation to technical solution of the present invention.
Fig. 1 is a kind of switching equipment method for developing functions flow chart that one embodiment of the invention provides;
Fig. 2 is a kind of switching equipment function expanding device block diagram that one embodiment of the invention provides;
Fig. 3 be another embodiment of the present invention provides a kind of switching equipment method for developing functions flow chart;
Fig. 4 is a kind of switching equipment block diagram that one embodiment of the invention provides;
Fig. 5 is the Message processing schematic diagram that one embodiment of the invention provides;
Fig. 6 be another embodiment of the present invention provides Message processing schematic diagram;
Fig. 7 be another embodiment of the present invention provides a kind of switching equipment block diagram.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application Feature can mutual any combination.
Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable Sequence executes shown or described step.
P4 language is supported to explain (Annotation), after joined related explain in P4 program, if compiler cannot Identify this note, compiler can ignore this information, and can identify this compiler explained, then can be according to note Instruction complete relevant operation, so, have Annotation property, then can be on the basis of not changing P4 grammer, to the function of P4 Expanded.Therefore, the application realizes the support to multiple functions using the note in P4 language, i.e., using the note in P4 language Solution realizes the support to the data surface function of some complexity.P4 compiler is divided into front-end compiler and back-end compiler, and front end is compiled It is unrelated with target device to translate device, back-end compiler is related to target device, and back-end compiler (supports P4 to program by P4 switching equipment Switching equipment) manufacturer provide.So switching equipment function can be expanded by the note in P4 when designing P4 exchange chip Energy.The application realizes the support to multiple functions, than strictly according to the facts by increasing the parsing to note in extension P4 note and compiler Now to the support of IPSEC (Internet Protocol Security, Internet Protocol Security) operation.
As shown in Figure 1, one embodiment of the invention provides a kind of switching equipment method for developing functions, comprising:
Step 101, P4 code is obtained;
Step 102, the P4 code is parsed, when what is standardized in the P4 code including meeting preset first operation note When note, the first con-figuration information that instruction carries out the first operation to message is generated;
Wherein, it is pre-defined to explain specification for the first operation.In the note for meeting preset first operation note specification Description information including carrying out the first operation to message, the description information include whether to need to carry out the first operation, if first Operation includes multiple types, and further instruction executes which type of first operation.For example, when the first operation is IPSEC operation, The description information for carrying out the first operation to message includes: whether message needs to do IPSEC operation, needs to do cryptographic operation also It is the information such as decryption oprerations.First operation is explained the syntax format that specification is explained and can be preset, can be in the soft of chip It provides, can also otherwise provide in part development kit (Software Development Kit, SDK), such as It is provided in server, user is checked by way of accessing server.
In the related technology, according to P4-16 standardize describe, P4 explain with '@' character beginning, usually with the subsequent word of@symbol Mother is represented to some table with the reserved keyword such as name (" xxxx ") that lowercase beginning is note and takes individual entitled xxxx, And using this alias as externally exposed table name.When suggesting the customized note of user in P4-16 specification, with capitalization after@ Beginning of letter.In one embodiment of the application, when explaining extension function by P4, it then follows P4 specification, i.e., with capitalization after@ Beginning of letter, such as@VENDOR_ipsec (" xxxx ") indicate to execute ipsec operation.It is of course also possible to use customized rule Model is appointed and the compiler of P4 code is identified.
Step 103, switching equipment is written into first con-figuration information.
The switching equipment is such as an exchange chip.
Wherein, the mode of configuration information write-in switching equipment please refers to the relevant technologies, such as the driving for passing through switching equipment Write-in.
Wherein, the first operation can according to need the function setting of extension, for example, the first operation is that IPSEC is operated, IP points Piece reorganization operation, etc..
In an embodiment of the present invention, needing to design one can store the first operation strategy information or the first operation strategy Indicate that the container of information, this container can be the intrinsic metadata structure of switching equipment (the device-dependent knot of one of P4 Structure body information) certain field, be also possible to the certain field of customized metadata structure.Specifically, first operation In configuration information further include: indicate that the first operation strategy is written in the preset field of the default metadata structure of the switching equipment The configuration information of information, alternatively, preset field write-in first operation of the instruction in the default metadata structure of the switching equipment Matching for the first operation strategy information is written in the storage region of first operation strategy instruction information instruction in strategy instruction information Confidence breath.After switching equipment receives first con-figuration information, the switching equipment default metadata structure it is default The first operation strategy information is written in field, alternatively, the preset field write-in the of the default metadata structure in the switching equipment One operation strategy indicates information, and the first operation strategy is written in the storage region of first operation strategy instruction information instruction Information.The default metadata structure is the intrinsic metadata structure of switching equipment, or is self-defining metadata structure, that is, is used The metadata structure that family newly defines.
Wherein, the first operation strategy information includes executing some specific strategies of the first operation.With the first operation for IPSEC For operation, the first operation strategy information may include at least one of: encryption/decryption algorithm, identifying algorithm, key, encapsulation The information such as message trend after mode and IPSEC operation.Specific first operation strategy is determined when can be programmed by user using P4 Information is written in P4 code.
Wherein, the first operation strategy instruction information includes: the ground for storing the memory space of the first operation strategy information The allocation index information of the memory space of location information or storage the first operation strategy information (for example is offset address letter Breath, actual storage address are codetermined by base address and offset address, and base address can inform the first operator by Switching Module Part).The memory space for storing the first operation strategy information can be preset.It the definition of the preset field of metadata structure and deposits Storage space is set, and can be provided, can also otherwise be provided in the SDK of switching equipment.
In the present embodiment, by extending the note of P4 code, the support to the first operation is realized.
As shown in Fig. 2, one embodiment of the invention provides a kind of switching equipment function expanding device, comprising:
Compiler 201, is set as, and obtains P4 code, parses the P4 code, when default including meeting in the P4 code First operation explain specification note when, generate instruction to message carry out first operation the first con-figuration information;
Configuration module 202, is set as, and switching equipment is written in first con-figuration information.
Wherein, compiler 201 is the compiler that can identify P4 code.Compiling in the present embodiment, to existing P4 code Device is extended, and enables it to parse the note of the first newly-increased operation, and then realize the support to the first operation.
Wherein, in first con-figuration information further include: indicate the default metadata structure in the switching equipment Preset field be written the first operation strategy information configuration information, or instruction the switching equipment default metadata knot The preset field of structure is written the first operation strategy and indicates information, and indicates depositing in first operation strategy instruction information instruction The configuration information of the first operation strategy information is written in storage area domain.
One embodiment of the invention provides a kind of switching equipment function expanding device, including memory and processor, described to deposit Reservoir is stored with program, and described program realizes above-mentioned switching equipment method for developing functions when reading execution by the processor.
As shown in figure 3, one embodiment of the invention provides a kind of switching equipment method for developing functions, comprising:
Step 301, switching equipment, which receives, indicates to carry out message the first the first con-figuration information operated, and described first Con-figuration information is generated based on the note that specification is explained in preset first operation is met in P4 code;
Step 302, after switching equipment receives message, according to first con-figuration information to needing to carry out the first behaviour The message of work executes the first operation.
Wherein, described that first operation is executed to the message for needing to carry out the first operation according to first con-figuration information Include:
The storage region that the message for carrying out the first operation will be needed to be sent to the first con-figuration information instruction, from institute It states and reads the first operation of message execution in storage region.
In one embodiment, in first con-figuration information further include: indicate the default member in the switching equipment The configuration information of the first operation strategy information is written in the preset field of data structure;Alternatively, instruction is in the pre- of the switching equipment If the first operation strategy and depositing in first operation strategy instruction information instruction is written in the preset field of metadata structure The configuration information of the first operation strategy information is written in storage area domain;
The method also includes: according to first con-figuration information the switching equipment default metadata structure Preset field be written the first operation strategy information;Alternatively, the preset field of the default metadata structure in the switching equipment The first operation strategy instruction information and the storage region write-in first in first operation strategy instruction information instruction is written Operation strategy information;
It is described according to first con-figuration information to need the message for carrying out the first operation execute first operation include: The preset field of the default metadata structure indicated from first con-figuration information obtains the first operation strategy information, or Person obtains the first operation strategy from the preset field of default metadata structure and indicates information, indicates from first operation strategy The storage region of information instruction obtains the first operation strategy information;
The first operation is executed according to the first operation strategy information.
In one embodiment, the first operation strategy instruction information includes: storage the first operation strategy information The allocation index information of the memory space of the address information or storage the first operation strategy information of memory space.When first When operation strategy indicates that information is an address information, the first operation strategy information directly is obtained from the address, when the first operation plan When slightly instruction information is an allocation index information, such as when for an offset address, the storage that is indicated from base address plus offset address Region obtains the first operation strategy information.Base address can be the configured address of switching equipment, can also match in the first operation It is specified in confidence breath.
Wherein, the first operation can according to need the function setting of extension, for example, the first operation is that IPSEC is operated, IP points Piece reorganization operation, etc..
As shown in figure 4, one embodiment of the invention provides a kind of switching equipment, including Switching Module 401 and the first operator Part 402, in which:
The Switching Module 401 is set as, and receives the first con-figuration information that instruction carries out the first operation to message, institute It states the first con-figuration information and is generated based on the note that specification is explained in preset first operation is met in P4 code;Receive message Afterwards, the message for carrying out the first operation will be needed to be sent to first operated device according to first con-figuration information;
First operated device 402 is set as, and executes the first operation to message.
In one embodiment, the Switching Module 401 will need to carry out the first behaviour according to first con-figuration information It includes: that the message for carrying out the first operation will be needed to be sent to first operation that the message of work, which is sent to first operated device, The storage region of configuration information instruction;The storage region is the buffer area of first operated device;Alternatively, being the exchange Region in the buffer area of module for the first operation private queue.
It includes: first operated device from the storage that first operated device 402, which executes the first operation to message, Message is read in region, and the first operation is executed to the message read.
Message transmitting can be carried out by queue i.e. between Switching Module 401 and the first operated device 402, it can also be by handing over Mold changing block 401 directly sends message in the included buffer area of the first operated device 402.Message transmission is carried out by queue When, Switching Module 401 divides a part of space in the message buffer (packet databuffer) of itself and is used as the first behaviour The storage region for making private queue will need the message for carrying out the first operation to be sent to the first operation private queue, then refer to Show that the first operated device reads message from the first operation private queue.If there are many types for the first operation, can also divide Multiple storage regions, for example, Switching Module 401 is in the message buffer of itself by taking IPSEC encryption and IPSEC decryption as an example Storage region of a part of space as IPSEC encryption private queue is divided, it is special that subdivided a part of space is used as IPSEC decryption The buffer area that the message for carrying out IPSEC encryption will be needed to be sent to Switching Module 401 with the storage region of queue, Switching Module 401 In for IPSEC encryption private queue storage region, the message for carrying out IPSEC decryption will be needed to be sent to Switching Module 401 Storage region in buffer area for IPSEC decryption private queue.Similar, the buffer area of the first operated device 402 can also be with Multiple storage regions are divided into, for example, by taking IPSEC encryption and IPSEC decryption as an example, in the buffer area of the first operated device 402 The middle storage region for dividing a part of space and being used as IPSEC encryption private queue, subdivided a part of space is decrypted as IPSEC The storage region of private queue.Switching Module 401 will need the message for carrying out IPSEC encryption to be sent to the first operated device 402 Storage region in buffer area for IPSEC encryption private queue, will need the message for carrying out IPSEC decryption to be sent to the first operation Storage region in the buffer area of device 402 for IPSEC decryption private queue.
In one embodiment, the Switching Module 401 is also configured to, according to first con-figuration information in the friendship The first operation strategy information is written in the preset field of the default metadata structure of exchange device;Alternatively, in the pre- of the switching equipment If the preset field of metadata structure is written the first operation strategy instruction information and indicates information in first operation strategy The first operation strategy information is written in the storage region of instruction, and configures first operated device from the default metadata structure Preset field obtain the first operation strategy information, or configuration first operated device is from the default metadata structure Preset field obtains the first operation strategy and indicates information, writes and obtains in the storage region of first operation strategy instruction information instruction Take the first operation strategy information;
It includes: to be preset according to the configuration of the Switching Module from described that first operated device 402, which executes the first operation, The preset field of metadata structure obtains the first operation strategy information, alternatively, from the preset field of the default metadata structure The first operation strategy instruction information is obtained, the storage region indicated from first operation strategy instruction information obtains the first operation Policy information;The first operation is executed according to the first operation strategy information.Wherein, the default metadata structure is intrinsic Metadata structure, or be self-defining metadata structure.
In one embodiment, the first operation strategy instruction information includes: storage the first operation strategy information The allocation index information of the memory space of the address information or storage the first operation strategy information of memory space.
Wherein, the first operation can according to need the function setting of extension, for example, the first operation is that IPSEC is operated, IP points Piece reorganization operation, etc..
Wherein, the first operated device 402 is the function element for executing the first operation, for example, the first operation is that IPSEC is operated When, the first operated device 402 is IPSEC device.IPSEC device be refer to message carry out IPSEC operation (such as encryption or Decryption) device, inside may include the processing units such as microprocessor, SEC (Security, safety) engine.
It should be noted that in an alternative embodiment of the invention, switching equipment can only include above-mentioned Switching Module 401, And the first operated device 402 is independently arranged.
The application is further illustrated below by specific embodiment.It should be noted that with the first behaviour in following embodiment As being illustrated for IPSEC operation, however, the present invention is not limited thereto, other kinds of function extends and IPSEC operation It realizes similar.
Embodiment one
In the present embodiment, IPSEC context is carried using the field in the intrinsic metadata structure of switching equipment, wherein IPSEC context can be IPSEC strategy, be also possible to IPSEC strategy instruction information.In addition, being set in the present embodiment from exchange The memory space that a part of space is used as IPSEC private queue is divided in standby message buffer, it should be noted that be used as The memory space of IPSEC private queue can be with further division two parts, and message of a part for being encrypted adds The memory space of close queue, the memory space of the decryption queue for the message that another part is used to need to be decrypted.
In the present embodiment, it is as follows that design IPSEC explains specification:
@VENDOR_ipsec (" encrypt:1 ") expression needs to encrypt message;
@VENDOR_ipsec (" encrypt:0 ") expression needs that message is decrypted.
It should be noted that above-mentioned note specification is merely illustrative, it can according to need and be set as extended formatting.
In addition, increasing a field sa_index:16 in intrinsic metadata structure, 16 represent the size of the field, this It is 16 bits in embodiment, certainly, this field size is merely illustrative, can according to need the field using other sizes.This reality It applies in example, a memory space address index information is carried in the field, the storage of memory space address index information instruction is empty Between storage for IPSEC operation IPSEC strategy, i.e., message need using sa_index indicate memory space storage IPSEC SA (i.e. IPSEC strategy) carries out IPSEC operation.
In the present embodiment, the note of IPSEC operation is increased in P4 code, and IPSEC operation is generated after parsing to it Configuration information, specifically, being configured as follows: if carried out in P4 code using@VENDOR_ipsec (" encrypt:1 ") Description, then be configured to corresponding Match-Action (matching executes) unit for IPSEC private queue, i.e. Match-Action is mono- Member by need the message for carrying out cryptographic operation be sent to IPSCE private queue where storage region;If using@in P4 code VENDOR_ipsec (" encrypt:0 ") is described, then IPSEC private queue is configured to Match-Action unit, I.e. the message for needing to be decrypted operation is sent to the storage region where IPSCE private queue by Match-Action unit;Such as Fruit is explained without correlation IPSEC, then generic queue (Common Queue) is configured to Match-Action unit, i.e. Match- Action unit is by the storage region where being sent to generic queue without the message for carrying out encryption and decryption operation.Match-Action is mono- Member will be sent to message configured destination after finishing relevant operation (such as matching operation), i.e., will need to carry out The message of IPSEC operation (encryption or decryption) is sent to IPSEC private queue, sends generic queue for other messages.Wherein, Generic queue is the existing queue of switching equipment, wherein may also include a plurality of types of queues, the application repeat this.
Rx Mac is to receive network interface in Fig. 5, and Tx Mac is to send network interface, as shown in figure 5, Switching Module receives message Afterwards, Match-Action unit (entrance in Fig. 5, which matches, to be executed) is matched, and after matching, will need to carry out at IPSEC The message (such as message of the first data format) of reason is sent in IPSEC queue, does not need the message for carrying out IPSEC processing (such as message of the second data format) is sent in generic queue, and Switching Module configuring IPSEC device is read from which queue Message, and indicate that IPSEC device reads IPSEC or more inside the preset field of the preset metadata structure of Switching Module Text, specifically, to read the memory space index information that sa_index field carries in the present embodiment, IPSEC device is according to matching The memory space index information of the base address set and sa_index instruction determines the memory space of storage IPSEC SA information, from After middle reading IPSEC SA information, IPSEC processing is carried out to message according to the IPSEC SA information.IPSEC device to message at It can be sent to ingress (entrance) queue after having managed, egress (outlet) queue can also be sent to, it specifically can be in IPSEC It is described in SA.
Embodiment two
In the present embodiment, IPSEC context is carried using the preset field in the intrinsic metadata structure of switching equipment.Its In, IPSEC context can be IPSEC strategy, be also possible to IPSEC strategy instruction information.In addition, in the present embodiment, IPSEC Device carries buffer area, and the message for needing to do IPSEC processing is routed directly to the buffer area of IPSEC device.
In the present embodiment, it is as follows that design IPSEC explains specification:
@VENDOR_ipsec (" encrypt:1 ") expression needs to encrypt message;
@VENDOR_ipsec (" encrypt:0 ") expression needs that message is decrypted.
Increase a field sa_index:16 in intrinsic metadata structure, 16 represent the size of the field, the present embodiment In be 16 bits, in the present embodiment, a memory space address index information is carried in the field, which refers to The memory space that IPSEC strategy of the memory space storage shown for IPSEC operation, i.e. message need to indicate using sa_index The IPSEC SA (i.e. IPSEC strategy) of storage carries out IPSEC operation.
In the present embodiment, the note to IPSEC operation is increased in P4 code, and IPSEC behaviour is generated after parsing to it Make configuration information, configured as follows according to IPSEC con-figuration information: if using@VENDOR_ipsec in P4 code (" encrypt:1 ") is described, then by the buffer configuration of IPSEC device to corresponding Match-Action unit;Such as It is described in fruit P4 code using@VENDOR_ipsec (" encrypt:0 "), then by the buffer configuration of IPSEC device To Match-Action unit;If explained without related IPSEC, the generic queue that chip carries is configured to Match- Action unit.Match-Action unit is finished to be sent to message after relevant operation (such as matching operation) and be configured Destination.
As shown in fig. 6, after receiving message, message (such as the report of the first data format of IPSEC processing is not needed to carry out Text) it is sent in generic queue, the message (such as message of the second data format) for needing to carry out IPSEC processing is sent to The included buffer area of IPSEC device, Switching Module configuring IPSEC device reads message from which queue, and indicates IPSEC device Part reads IPSEC context inside the intrinsic metadata information of switching equipment, specifically, reading what sa_index field carried Memory space index information, what the base address and sa_index that IPSEC device is configured according to the switching equipment of configuration indicated deposits The memory space that spatial index information determines storage IPSEC SA information is stored up, after reading IPSEC SA information, according to the IPSEC SA information carries out IPSEC processing to message.It can be sent to ingress (entrance) queue after IPSEC device is complete to Message processing, It can also be sent to egress (outlet) queue, be specifically described in IPSEC strategy.
Embodiment three
In the present embodiment, IPSEC context is carried using field in self-defining metadata structure.Wherein, IPSEC context It can be IPSEC strategy, be also possible to IPSEC strategy instruction information.Select metadata (metadata) structural body (non-to set Standby included intrinsic metadata structure body, can have many metadata structure bodies, institute in the switch program of P4 description Can choose one of metadata, if ingress_metadata_t is that message enters to metadata structure body), wherein Increase by one for carrying the field of IPSEC context.In addition, being drawn from the message buffer of Switching Module in the present embodiment The memory space for dividing a part of space to be used as IPSEC private queue, it should be noted that the storage as IPSEC private queue Space can be with further division two parts space, and the storage of the crypto queue of message of a part for being encrypted is empty Between, the memory space of the decryption queue for the message that another part is used to need to be decrypted.
In the present embodiment, it is as follows that design IPSEC explains specification:
@VENDOR_ipsec (" encrypt:1 ") expression needs to encrypt message;
@VENDOR_ipsec (" encrypt:0 ") expression needs that message is decrypted.
In addition, defining a field sa_index:16 in customized metadata structure, 16 represent the big of the field It is small, it is 16 bits in the present embodiment, certainly, this field size is merely illustrative, can according to need the field using other sizes. In the present embodiment, a memory space address index information is carried in the field, the storage of memory space index information instruction is empty Between storage for IPSEC operation IPSEC strategy, i.e., message need using sa_index indicate memory space storage IPSEC SA (i.e. IPSEC strategy) carries out IPSEC operation.
In the present embodiment, the note of IPSEC operation is increased in P4 code, and IPSEC operation is generated after parsing to it Configuration information, specifically, if be described in P4 code using@VENDOR_ipsec (" encrypt:1 "), it will IPSEC private queue is configured to corresponding Match-Action unit (if IPSEC private queue is divided into two parts, at this time IPSEC crypto queue can be configured to corresponding Match-Action unit).If using@VENDOR_ in P4 code Ipsec (" encrypt:0 ") is described, then by IPSEC private queue be configured to Match-Action unit (if IPSEC private queue is divided into two parts, and it is mono- IPSEC decryption queue can be configured to corresponding Match-Action at this time Member).If explained without related IPSEC, generic queue is configured to Match-Action unit.Match-Action unit Finishing relevant operation (such as matching operation) later will be sent to message configured destination.
It after Switching Module receives message, is matched, the message for carrying out IPSEC processing will be needed to be sent to IPSEC team In column (such as message of the first data format), message (such as the report of the second data format for carrying out IPSEC processing is not needed Text) it is sent in generic queue, Switching Module configuring IPSEC device reads message from which queue, and indicates IPSEC device IPSEC context is read inside the preset field of the specified metadata structure of switching equipment, specifically, reading sa_index The memory space index information that field carries, the base address and sa_index that IPSEC device is configured according to Switching Module indicate Memory space index information determine storage IPSEC SA information memory space, read IPSEC SA information after, according to this IPSEC SA information carries out IPSEC processing to message.
Example IV
In the present embodiment, IPSEC context is carried using the preset field in self-defining metadata structure.Select a member Data (metadata) structural body (included intrinsic metadata structure body of non-equipment, in the switch program of P4 description There can be many metadata structure bodies, it is possible to one of metadata is selected, if ingress_metadata_t is report Text enters to metadata structure body), wherein increasing by one for carrying the field of IPSEC context.In the present embodiment, IPSEC Device carries buffer area, and the message for needing to do IPSEC processing is routed directly to the buffer area of IPSEC device.
In the present embodiment, it is as follows that design IPSEC explains specification:
@VENDOR_ipsec (" encrypt:1 ") expression needs to encrypt message;
@VENDOR_ipsec (" encrypt:0 ") expression needs that message is decrypted.
In addition, defining a field sa_index:16 in customized metadata structure, 16 represent the big of the field It is small, it is 16 bits in the present embodiment, certainly, this field size is merely illustrative, can according to need and is set as other values.This implementation In example, a memory space address index information is carried in the field, the memory space storage of memory space index information instruction For IPSEC operation IPSEC strategy, i.e., message need using sa_index indicate memory space storage IPSEC SA (i.e. IPSEC strategy) carries out IPSEC operation.
In the present embodiment, the note to IPSEC operation is increased in P4 code, and IPSEC behaviour is generated after parsing to it Make configuration information, specifically, if be described in P4 code using@VENDOR_ipsec (" encrypt:1 "), it will The buffer configuration of IPSEC device is to corresponding Match-Action unit.If using@VENDOR_ipsec in P4 code (" encrypt:0 ") is described, then by the buffer configuration of IPSEC device to Match-Action unit.If no Related IPSEC is explained, then generic queue is configured to Match-Action unit.Match-Action unit finishes relevant operation Message will be sent to configured destination after (such as matching operation).Will need to carry out IPSEC operation (encryption or Decryption) message be sent to the buffer area of IPSEC device, send generic queue for other messages.
It after Switching Module receives message, is matched, the message for carrying out IPSEC processing will be needed to be sent to IPSEC certainly In the buffer area of band (such as message of the first data format), message (such as the second data lattice for carrying out IPSEC processing are not needed The message of formula) it is sent in generic queue, Switching Module configuring IPSEC device reads message from which queue, and indicates IPSEC device reads IPSEC context inside the preset field of the specified metadata structure of Switching Module, specifically, reading Take sa_index field carry memory space address index information, IPSEC device according to the base address that Switching Module configures with And the memory space index information of sa_index instruction determines the memory space of storage IPSEC SA information, reads IPSEC SA letter After breath, IPSEC processing is carried out to message according to the IPSEC SA information.
It should be noted that is carried in the preset field of default metadata structure is that storage is empty in above-described embodiment Between allocation index information it is empty storage can directly to be carried in the preset field of default metadata structure in other embodiments Between address, alternatively, directly carry IPSEC strategy.
As shown in fig. 7, one embodiment of the invention provides a kind of switching equipment 70, including memory 710 and processor 720, The memory 710 is stored with program, and described program realizes any of the above-described implementation when reading execution by the processor 720 Switching equipment method for developing functions described in example.
One embodiment of the invention provides a kind of computer readable storage medium, and the computer-readable recording medium storage has One or more program, one or more of programs can be executed by one or more processor, to realize above-mentioned Switching equipment method for developing functions described in one embodiment.
The computer readable storage medium includes: USB flash disk, read-only memory (ROM, Read-Only Memory), random Access memory (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. are various to can store program The medium of code.
Although disclosed herein embodiment it is as above, the content only for ease of understanding the present invention and use Embodiment is not intended to limit the invention.Technical staff in any fields of the present invention is taken off not departing from the present invention Under the premise of the spirit and scope of dew, any modification and variation, but the present invention can be carried out in the form and details of implementation Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.

Claims (21)

1. a kind of switching equipment method for developing functions, comprising:
Obtain P4 code;
The P4 code is parsed, when including meeting preset first operation to explain the note of specification in the P4 code, is generated Indicate the first con-figuration information that the first operation is carried out to message;
Switching equipment is written into first con-figuration information.
2. switching equipment method for developing functions as described in claim 1, which is characterized in that in first con-figuration information Further include: indicate that the configuration of the first operation strategy information is written in the preset field in the default metadata structure of the switching equipment Information;Or the first operation strategy instruction letter is written in the preset field of the default metadata structure of the switching equipment in instruction Breath, and indicate first operation strategy instruction information instruction storage region be written the first operation strategy information match confidence Breath.
3. switching equipment method for developing functions as claimed in claim 2, which is characterized in that the default metadata structure is institute The existing metadata structure of switching equipment is stated, or is self-defining metadata structure.
4. switching equipment method for developing functions as claimed in claim 2 or claim 3, which is characterized in that first operation strategy refers to Show that information includes: to store the address information or storage the first operation plan of the memory space of the first operation strategy information The slightly allocation index information of the memory space of information.
5. a kind of switching equipment function expanding device, comprising:
Compiler is set as, obtain P4 code, parse the P4 code, when in the P4 code include meet preset first When the note of specification is explained in operation, the first con-figuration information that instruction carries out the first operation to message is generated;
Configuration module is set as, and switching equipment is written in first con-figuration information.
6. switching equipment function expanding device as claimed in claim 5, which is characterized in that in first con-figuration information Further include: indicate that the configuration of the first operation strategy information is written in the preset field in the default metadata structure of the switching equipment The first operation strategy is written in the preset field of the default metadata structure of the switching equipment in information, or instruction, and indicates The configuration information of the first operation strategy information is written in the storage region of first operation strategy instruction information instruction.
7. switching equipment function expanding device as claimed in claim 6, which is characterized in that the default metadata structure is institute The existing metadata structure of switching equipment is stated, or is self-defining metadata structure.
8. switching equipment function expanding device as claimed in claims 6 or 7, which is characterized in that first operation strategy refers to Show that information includes: to store the address information or storage the first operation plan of the memory space of the first operation strategy information The slightly allocation index information of the memory space of information.
9. a kind of switching equipment function expanding device, which is characterized in that including memory and processor, the memory is stored with Program, described program realize the switching equipment function as described in Claims 1-4 is any when reading execution by the processor It can extended method.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage have one or Multiple programs, one or more of programs can be executed by one or more processor, to realize such as Claims 1-4 Any switching equipment method for developing functions.
11. a kind of switching equipment method for developing functions, comprising:
The first con-figuration information that instruction carries out the first operation to message is received, first con-figuration information is based on P4 generation Meet the note that specification is explained in preset first operation in code to generate;
After receiving message, the first behaviour is executed to the message for needing to carry out the first operation according to first con-figuration information Make.
12. switching equipment method for developing functions as claimed in claim 11, which is characterized in that described according to first operation Configuration information to need the message for carrying out the first operation execute first operation include:
The storage region that the message for carrying out the first operation will be needed to be sent to the first con-figuration information instruction, is deposited from described Message is read in storage area domain executes the first operation.
13. switching equipment method for developing functions as claimed in claim 11, which is characterized in that
In first con-figuration information further include: indicate the preset field in the default metadata structure of the switching equipment The configuration information of the first operation strategy information is written;Alternatively, instruction the switching equipment default metadata structure it is default The first operation strategy and the first operation of storage region write-in in first operation strategy instruction information instruction is written in field The configuration information of policy information;
The method also includes: according to first con-figuration information the switching equipment default metadata structure it is pre- If the first operation strategy information is written in field;Alternatively, the preset field write-in of the default metadata structure in the switching equipment First operation strategy indicates information and the first operation of storage region write-in in first operation strategy instruction information instruction Policy information;
It is described according to first con-figuration information to need the message for carrying out the first operation execute first operation include:
The preset field of the default metadata structure indicated from first con-figuration information obtains the first operation strategy information, Alternatively, the preset field of the default metadata structure indicated from first con-figuration information obtains the instruction of the first operation strategy Information, the storage region indicated from first operation strategy instruction information obtain the first operation strategy information;
The first operation is executed according to the first operation strategy information.
14. the switching equipment method for developing functions as described in claim 11 to 13 is any, which is characterized in that first operation It is operated including Internet Protocol Security.
15. a kind of switching equipment characterized by comprising Switching Module and the first operated device, in which:
The Switching Module is set as, and is received and is indicated to carry out message the first the first con-figuration information operated, and described first Con-figuration information is generated based on the note that specification is explained in preset first operation is met in P4 code;After receiving message, according to First con-figuration information will need the message for carrying out the first operation to be sent to first operated device;
First operated device is set as, and executes the first operation to message.
16. switching equipment as claimed in claim 15, which is characterized in that
The Switching Module will need the message for carrying out the first operation to be sent to described according to first con-figuration information One operated device includes: the memory block that the message for carrying out the first operation will be needed to be sent to the first con-figuration information instruction Domain;
It includes: that first operated device is read from the storage region that first operated device, which executes the first operation to message, Message is taken, the first operation is executed to the message read.
17. switching equipment as claimed in claim 16, which is characterized in that the storage region is first operated device Buffer area;Alternatively, for the region in the buffer area of the Switching Module for the first operation private queue.
18. switching equipment as claimed in claim 15, which is characterized in that
The Switching Module is also configured to, according to first con-figuration information the switching equipment default metadata knot The first operation strategy information is written in the preset field of structure;Alternatively, the predetermined word of the default metadata structure in the switching equipment Section the first operation strategy of write-in instruction information and storage region write-in the in first operation strategy instruction information instruction One operation strategy information, and configure first operated device and obtain the first behaviour from the preset field of the default metadata structure Make policy information, or configuration first operated device obtains the first operation from the preset field of the default metadata structure Strategy instruction information is write in the storage region of first operation strategy instruction information instruction and obtains the first operation strategy information;
It includes: according to the configuration of the Switching Module, from the default metadata that first operated device, which executes the first operation, The preset field of structure obtains the first operation strategy information, alternatively, obtaining the from the preset field of the default metadata structure One operation strategy indicates information, and the storage region indicated from first operation strategy instruction information obtains the first operation strategy letter Breath;The first operation is executed according to the first operation strategy information.
19. the switching equipment as described in claim 15 to 18 is any, which is characterized in that first operation includes internet protocol Discuss safety operation.
20. a kind of switching equipment, which is characterized in that including memory and processor, the memory is stored with program, the journey Sequence realizes the switching equipment Function Extension side as described in claim 11 to 14 is any when reading execution by the processor Method.
21. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage have one or Multiple programs, one or more of programs can be executed by one or more processor, with realize as claim 11 to 14 any switching equipment method for developing functions.
CN201810127447.3A 2018-02-08 2018-02-08 Switching device function expansion method and device, switching device and storage medium Active CN110138690B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810127447.3A CN110138690B (en) 2018-02-08 2018-02-08 Switching device function expansion method and device, switching device and storage medium
PCT/CN2019/074643 WO2019154381A1 (en) 2018-02-08 2019-02-02 Function extension method and apparatus for switching device, switching device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810127447.3A CN110138690B (en) 2018-02-08 2018-02-08 Switching device function expansion method and device, switching device and storage medium

Publications (2)

Publication Number Publication Date
CN110138690A true CN110138690A (en) 2019-08-16
CN110138690B CN110138690B (en) 2021-10-26

Family

ID=67548643

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810127447.3A Active CN110138690B (en) 2018-02-08 2018-02-08 Switching device function expansion method and device, switching device and storage medium

Country Status (2)

Country Link
CN (1) CN110138690B (en)
WO (1) WO2019154381A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113157254A (en) * 2021-02-20 2021-07-23 井芯微电子技术(天津)有限公司 Programmable hardware logic architecture realized based on P4 language and logic realization method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9229692B2 (en) * 2013-01-03 2016-01-05 International Business Machines Corporation Processing proposed program code libraries in a networked computing environment
CN105635086A (en) * 2014-11-19 2016-06-01 中国科学院声学研究所 Method for accessing external storage of switch from control plane and data plane
US20170102943A1 (en) * 2015-10-07 2017-04-13 Andreas Voellmy Compilation and runtime methods for executing algorithmic packet processing programs on multi-table packet forwarding elements
CN107070766A (en) * 2017-04-25 2017-08-18 福州大学 The virtual network construction method of language is may be programmed based on software definition datum plane
CN107391218A (en) * 2017-07-07 2017-11-24 北京小米移动软件有限公司 Compilation Method and device, electronic equipment and computer-readable recording medium
CN107566316A (en) * 2016-06-30 2018-01-09 中兴通讯股份有限公司 A kind of message parsing method, device and network processing unit

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015170974A (en) * 2014-03-06 2015-09-28 日立金属株式会社 relay device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9229692B2 (en) * 2013-01-03 2016-01-05 International Business Machines Corporation Processing proposed program code libraries in a networked computing environment
CN105635086A (en) * 2014-11-19 2016-06-01 中国科学院声学研究所 Method for accessing external storage of switch from control plane and data plane
US20170102943A1 (en) * 2015-10-07 2017-04-13 Andreas Voellmy Compilation and runtime methods for executing algorithmic packet processing programs on multi-table packet forwarding elements
CN107566316A (en) * 2016-06-30 2018-01-09 中兴通讯股份有限公司 A kind of message parsing method, device and network processing unit
CN107070766A (en) * 2017-04-25 2017-08-18 福州大学 The virtual network construction method of language is may be programmed based on software definition datum plane
CN107391218A (en) * 2017-07-07 2017-11-24 北京小米移动软件有限公司 Compilation Method and device, electronic equipment and computer-readable recording medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
何璐蓓等: "RESSP:基于FPGA的可重构SDN交换结构", 《计算机科学》 *
赵敏等: "P4与POF协议无关可编程网络技术比较研究", 《网络新媒体技术》 *

Also Published As

Publication number Publication date
CN110138690B (en) 2021-10-26
WO2019154381A1 (en) 2019-08-15

Similar Documents

Publication Publication Date Title
JP6568355B2 (en) Method and apparatus for mutual communication of accounts between apps
CN108632074A (en) A kind of business configuration file delivery method and device
CN105871811B (en) Control the method and controller of application program permission
US10951656B2 (en) Methods, apparatus and systems to use artificial intelligence to define encryption and security policies in a software defined data center
CN110650037B (en) Heterogeneous network device configuration method and device
Jost et al. A unified and composable take on ratcheting
SE0202730L (en) Node and mobile device for a mobile telecommunications network providing intrusion detection
US11184149B2 (en) Computing range queries over encrypted data
CN103200059B (en) Secure network access processing method and device
CN106034046A (en) Method and device for sending access control list (ACL)
CN111753324B (en) Private data processing method, private data computing method and applicable equipment
CN102724079A (en) Method and system for auxiliary configuration of Ethernet equipment
CN104025544A (en) Sensitive information leakage prevention system, sensitive information leakage prevention method, and computer-readable recording medium
Tehrani et al. RISC-V extension for lightweight cryptography
CN105939378A (en) Configuration file exporting method and device, and configuration file importing method and device
CN110602212A (en) Application service management method, device and storage medium
Barbosa et al. Efficient function-hiding functional encryption: From inner-products to orthogonality
WO2017054439A1 (en) Message processing method and device
Badertscher et al. A constructive perspective on signcryption security
CN109857571A (en) Clipbook control method and device
CN102096654B (en) Data communication method, system and processor among CPUs
CN110138690A (en) Switching equipment method for developing functions and device, switching equipment and storage medium
CN109598137B (en) Method and system for safely processing data
CN109995526A (en) A kind of storage method of key and the call method and device of device, key
Küsters et al. Computational soundness for key exchange protocols with symmetric encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant