CN110365590B

CN110365590B - Two-stage caching method and two-stage timeout flow table structure

Info

Publication number: CN110365590B
Application number: CN201910630425.3A
Authority: CN
Inventors: 李险峰; 黄妍
Original assignee: Peking University Shenzhen Graduate School
Current assignee: Peking University Shenzhen Graduate School
Priority date: 2019-07-12
Filing date: 2019-07-12
Publication date: 2021-06-04
Anticipated expiration: 2039-07-12
Also published as: CN110365590A

Abstract

The invention provides a two-stage caching method and a two-stage overtime flow table structure, and belongs to the field of information storage and network structures. The second-level cache method comprises the following steps: after the controller receives the data packet cache miss message, the controller allocates a timeout to the corresponding flow rule of the data packet, updates the relevant information of the rule in the information base, then installs the flow rule into the main storage module of the switch, processes the data packet according to the action domain information of the rule, if the rule hits the data packet again before the timeout expires, the rule still remains in the main storage module, and the cycle is repeated until the rule is shelved to the auxiliary storage module and the timeout value is recorded, if the flow rule hits the data packet in the auxiliary storage module, the flow rule is moved to the main storage module, and the timeout value is not changed, otherwise, the flow rule is expelled from the switch. The invention has the beneficial effects that: the cache hit rate is greatly improved, the rule installation times are obviously reduced, and the energy consumption of TCAM query is reduced.

Description

Two-stage caching method and two-stage timeout flow table structure

Technical Field

The invention relates to a caching method, in particular to a second-level caching method based on software and hardware collaborative design, and further relates to a two-stage overtime flow table structure for realizing the second-level caching method.

Background

Software-Defined networking (SDN) enables more centralized and flexible Network management by decoupling the control plane and data plane, the currently popular control plane and data plane communication interface being OpenFlow [1 ]. The control plane is responsible for formulating packet forwarding policies, which are implemented as flow rules. The control plane installs the partial rules on the flow table of the data plane when needed. In practice, the flow table on the data plane corresponds to one buffer of flow rules generated by the control plane. Unlike a traditional network, a network policy in OpenFlow is generally finer-grained and more dynamic, which puts high requirements on efficient rule caching on a data plane and requires maintenance of a large flow table. However, switches of high performance networks typically implement flow tables using Ternary Content Addressable Memories (TCAMs), which have limited capacity due to their high cost and high power consumption. TCAMs in current commercial switches typically can only accommodate thousands of flow rules, e.g., the TCAM for programmable switches provided by Broadcom for data centers can only accommodate 2000 OpenFlow rules [2], much smaller than the number of network flows within a very short time window.

The limited capacity of the flow table is becoming a major performance bottleneck of the SDN switch, causing great attention in the SDN community. Effective utilization of limited flow table capacity is one of the research directions to alleviate this problem, and related work can be divided into three categories. The first category relies on compression of flow rules to reduce storage requirements. For example, the Tag-In-Tag In work [3] uses fewer bits (bits) to uniquely identify the flow, carries routing information In the packet header, and replaces the flow entry with two simpler, shorter labels, so that deleting redundant information reduces the size of the flow entry. The second category attempts to give higher priority to the elephant stream when processing space requirements. This type of work is based on the Zipf's law of network flow distribution, i.e., a very small portion of the flow contributes a large portion of the packet or byte [4 ]. [5] Work in (a) suggests a differential flow cache framework to take advantage of this traffic characteristic. The basic idea is to store the elephant flow (elephant flow) and the mouse flow (mouse flow) into different buckets (buckets), and to a certain extent, the elephant flow is protected from the influence of the mouse flow. However, these methods also have some disadvantages themselves, including the error rate and overhead of elephant flow detection.

The third category of work attempts to identify useless or less useful streams and evict them in time, thereby making room for other streams. FlowMaster [6] manages flow table space by predicting when a flow entry fails and deleting it in advance to avoid wasting flow table space. But the significant cost and difficulty of prediction error limits its effectiveness. [7] The work in (1) analyzes and observes that many invaluable flow rules are unnecessarily installed wasting a large amount of flow table space. Based on this observation, they propose delayed installation and early eviction mechanisms for flow rules. Some work tried to propose a better time-out mechanism to manage the flow table [8] [9 ]. Their basic idea is to adaptively assign an appropriate timeout to each flow rule based on its own characteristics and the current TCAM occupancy. Some work attempts to solve this problem from a global perspective of SDN and propose proactive mitigation mechanisms to avoid flow table overflow. For example, the CPD in [13] predicts the number of new flows that will enter the network for the next sampling period based on the history information and actively clears the flow rules in conjunction with the current flow table occupancy to avoid flow table overflow.

According to the applicant's understanding, the timeout mechanism plays a crucial role for utilization of the flow table and proper flow handling and has great potential for improvement. Therefore, the present invention starts with the study of the timeout mechanism in the current OpenFlow protocol. OpenFlow currently uses two fixed timeout mechanisms to manage flow tables, including hard timeouts and idle timeouts. A hard timeout mechanism evicts a flow rule after the rule is installed for a certain period of time; if no packet matches the rule within a certain time, the idle timeout will evict the flow rule. The timeout in OpenFlow is in seconds, for example, a hard timeout is usually set to 60 s. This conservative timeout setting is to minimize evictions of streams that are still in use. However, studies have shown that in data centers, the duration of network flows vary widely, with a significant fraction of the flows having a duration of less than a few hundred milliseconds [10 ]. Conservative timeout settings will result in delayed eviction of invalid flow entries, thereby severely wasting flow table space. On the other hand, setting a small fixed timeout may prematurely evict a flow entry, resulting in the same flow rule being installed multiple times. In both cases, additional flow rule installations due to improper timeouts will result in significant performance loss, and therefore a better timeout mechanism is needed to address this problem.

Disclosure of Invention

In order to solve the problems in the prior art, the invention provides a second-level cache method based on software and hardware collaborative design, and also provides a two-stage overtime flow table structure for realizing the second-level cache method.

The second-level cache method comprises the following steps:

s1: the controller receives a data packet cache missing message sent by the switch;

s2: the controller allocates an overtime to the flow rule corresponding to the data packet according to the flow rule information in the flow rule historical information base, and updates the related information of the flow rule in the flow rule historical information base;

s3: the controller installs the flow rule to a main storage module in the switch and processes the data packet according to the action domain information of the flow rule;

s4: judging whether the flow rule hits the data packet before the timeout expires, if so, continuing to keep the rule in the main storage module, and circularly executing the step S4, otherwise, executing the next step;

s5: putting the flow rule in an auxiliary storage module in the switch, and recording a timeout value;

s6: and judging whether the flow rule hits the data packet in the auxiliary storage module, if so, moving the flow rule to the main storage module, keeping the timeout value unchanged, and if not, ejecting the flow rule from the switch, and ending.

The invention further improves, after the step S4 is executed and before the step S5 is executed, the method further includes a step a of determining the number of packets: and judging whether the number of the flow rule hit data packets is larger than 0, if so, executing the step S5, otherwise, directly ejecting the flow rule from the switch, and ending.

The invention is further improved, the main storage module and the auxiliary storage module in the switch are two flow table structures or are realized through a memory partition, when the flow table structures are adopted, the main storage module is a main flow table, and the auxiliary storage module is an auxiliary storage queue.

In a further development of the invention, the flow rules of the auxiliary store queue are stored or removed according to a first-in first-out strategy.

The invention is further improved, when the occupancy rate of the main table reaches a set threshold value, the cache management module uses a random strategy to put the flow rule from the main flow table to the auxiliary storage queue.

In a further refinement of the present invention, in step S2, a flow rule history information base is maintained by a database in the controller, and each piece of flow rule information includes a matching field of a flow rule, an action field of the flow rule, a timeout value at the last installation, a timestamp indicating that the last timeout expires, and a number of times the flow rule has been installed.

The invention is further improved, and the overtime distribution method comprises the following steps: if the flow rule is a new flow rule, an initial timeout is allocated to the flow rule based on the overall characteristics of the real network flow; if the corresponding flow rule has been previously installed, then an appropriate timeout is assigned to the flow rule based on the history information of the flow rule recorded in the flow rule history information base and the timestamp of step S1, said timeout being close to the packet arrival interval of the flow rule.

The invention is further improved, the controller sets an arrival interval threshold and a maximum timeout, when the arrival interval of the data packet corresponding to the flow rule is smaller than the arrival interval threshold, the timeout of the flow rule is the timeout value in the last installation plus the time interval between the timestamp of the step S1 and the timestamp of the rule which expires after the last timeout, until the maximum timeout is reached, the timeout is not increased any more; otherwise, the timeout value is set to the initial timeout value.

The invention is further improved, and the processing method of the data packet comprises the following steps:

c1: firstly, inquiring a main flow table in the switch, judging whether a flow rule corresponding to the data packet is hit, if so, executing the step C4, otherwise, inquiring an auxiliary storage queue, and then executing the step C2;

c2: judging whether hit occurs, if yes, processing the data packet according to the action domain of the flow rule, moving the flow rule to a main flow table, ending, and if not, sending a data packet cache missing message to the controller;

c3: the controller allocates a timeout for the flow rule corresponding to the data packet and installs the flow rule to a main flow table of the switch;

c4: and the switch processes the data packet according to the action domain of the flow rule, and the process is finished.

The invention also provides a two-stage overtime flow table structure for realizing the two-stage cache method, which comprises a controller and a switch which are connected with each other,

the controller is internally provided with a flow rule historical information base and an overtime distribution module, the flow rule historical information base is used for storing flow rule information, and the overtime distribution module is used for distributing overtime to a flow rule corresponding to a currently processed data packet according to the flow rule information in the flow rule historical information base;

the switch comprises a secondary storage module and a two-stage overtime cache management module, wherein the secondary storage module comprises a main storage module and an auxiliary storage module, and the two-stage overtime cache management module is used for managing flow rules in the main storage module and the auxiliary storage module according to overtime distributed by the controller and whether a data packet is hit.

Compared with the prior art, the invention has the beneficial effects that: the cache hit rate is greatly improved, and the rule installation times are obviously reduced, so that the workload of the controller and the communication overhead between the controller and the switch are reduced; the two-stage timeout mechanism can also obviously reduce the energy consumption of TCAM query, and when the size of the TCAM is 2000, the two-stage timeout mechanism reduces the energy consumption of TCAM query by about 47%, and can well identify and keep useful flow rules in the flow table.

Drawings

FIG. 1 is a block diagram of the frame of the present invention;

FIG. 2 is a flow rule information structure diagram of the present invention;

FIG. 3 is a flow chart of the method of the present invention;

FIG. 4 is a packet processing flow diagram;

FIGS. 5-6 are schematic diagrams comparing the cache hit rate and the packet discard rate of the present invention with those of the prior art when there is no active eviction mechanism;

FIG. 7 is a schematic diagram of TCAM query energy saving rate without an active eviction mechanism;

8-10 are schematic diagrams comparing cache hit rate and rule installation times of the present invention with those of the prior art after the active eviction mechanism is adopted;

FIG. 10 is a diagram illustrating the TCAM query energy saving rate after an active eviction mechanism is employed;

fig. 11 is a diagram of distribution characteristic analysis of real network stream data packets.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples.

The invention first explains the applied technology:

network flow characteristic analysis

This example uses the real network packet trace from the application internet data analysis Center (CAIDA) to analyze the characteristics of the network traffic. The overall distribution characteristics of different trace are similar, so the analysis result of only one of the trace files is shown here, and the trace [15] is obtained from the real network by CAIDA in 2018.

1.1 distribution of data packets over a flow

This example counts the distribution of flows with different numbers of packets as shown in fig. 11. Elephant streams (each containing more than 100 packets) account for only 1.9% of all streams, but they contain 78.2% of all packets. Mouse streams (with less than 10 packets per stream), on the other hand, account for 89.9% of all streams, but they contain only 12% of packets. Thus, the trace follows the Zipf's distribution law. Another notable observation is that a stream with only one packet occupies approximately half of all streams. Obviously, these flows waste valuable resources of the flow table and should be purged as soon as possible to make room for more useful flows.

1.2 average interarrival distribution of packets over a flow

One important factor affecting proper time-out is the packet inter-arrival pattern of the flow. For this reason, the example performs simulation-based statistics on two metrics: 1) average inter arrival time of packets from the same stream, 2) average number of other packets spaced between two adjacent packets in the same stream. Note that for these metrics, a stream with one packet is meaningless, so they are excluded from statistics.

The following observations were made in this example. First, the inter-packet arrival times for most elephant flows are short, meaning that a small timeout is sufficient to prevent them from being prematurely evicted in most cases. Secondly, the large number of mouse flows also have short inter-arrival times (10ms-50ms), and these mouse flows also require only a small timeout. But there are also a considerable number of mouse flows with relatively long inter-arrival times (varying from 500ms to a few seconds), which put stress on the flow table and have less value on cache hit rates if they have a large timeout in the flow table. Third, from statistics on the average number of spaced packets, we observe that most flows are rat flows and have large spacing, which means that there is little value if such flows are kept in the flow table and flow table space is wasted severely because the spacing is large enough to handle packets of many other flows. Overall, the timeout setting requires a complex trade-off.

Two-stage overtime flow table structure based on two-stage overtime mechanism

2.1 idealized model

In a real network, it is very difficult to know the type of stream and its inter-arrival pattern in real time. Current flow table designs install a flow rule when it arrives, and delete it when a timeout expires, regardless of whether the corresponding flow has ended. To evaluate the potential of flow table performance and to evaluate the effectiveness of a particular flow table design, this example presents an idealized model that maximizes flow table space performance. However, such an idealized flow table can never be implemented in practice, as it relies on knowledge of future information of the flow. Its sole purpose is as a comparison with real-life designs.

Idealized Model (Idealized Model): assuming that we know the information of all the flows in the network, including the arrival time of each flow, the controller can install the corresponding flow rules before the arrival of the flows according to the arrival order of the flows until the flow table is filled. After respective data packets are processed, the controller timely evicts the rules to avoid flow table overflow and provide space for new flows to arrive. In this case, the cache hit rate is 100%, and since the flow table is occupied for a long time without an invalid flow entry, the flow table space is effectively used. However, this mechanism may result in a dramatic increase in the number of flow rule installations, thereby increasing the workload of the controller. The ideal model is similar to the knapsack model built in [7], but differs in that our granularity is flow, while their granularity is packet.

2.2 two-stage timeout flow table structure and method design

On the basis of the first point of analyzing the characteristics of the real network traffic, the invention provides a new Two-Stage Timeout (TST) flow table structure, as shown in fig. 1. The system consists of two parts: 1) a timeout assignment module located in the controller; 2) and the two-stage overtime cache management module is positioned in the switch.

The controller is internally provided with a flow rule historical information base which is used for storing flow rule information, and the overtime distribution module is used for distributing overtime to the flow rule corresponding to the currently processed data packet according to the flow rule information in the flow rule historical information base.

The switch is provided with a secondary storage module, the secondary storage module comprises a main storage module and an auxiliary storage module, and the two-stage overtime cache management module is used for managing flow rules in the main storage module and the auxiliary storage module according to overtime distributed by the controller and whether a data packet is hit.

The main storage module and the auxiliary storage module in the switch of the embodiment are two flow table structures, the main storage module is a main flow table, and the auxiliary storage module is an auxiliary storage queue. Of course, two levels of storage may also be implemented by memory (TCAM) partitioning.

After receiving the packet-in message, if the corresponding flow rule has been installed, the controller will assign a specific idle timeout to the flow rule according to the history information, otherwise it will use the overall network flow statistical characteristic information to set a small initial idle timeout for the first installed flow rule.

After the rule is installed in a Primary flow Table (Primary Table), the timeout expiration triggers a management module in the switch to put the rule in an auxiliary storage Queue named Inactive Flow Queue (IFQ), and records the timeout. The IFQ provides a second opportunity for those flow rules that the controller is given that a timeout is expected to be violated. Thus, if a rule is still active and the expected degree of violation of a timeout is not severe, i.e., the corresponding packet arrives before the rule is deleted from the IFQ header, the cache management module promotes the rule back to the main table and uses the saved timeout. According to a First-in-First-Out (FIFO) policy, a rule at the head of an IFQ is eventually removed from the switch only when another rule is about to be put on hold on to a full IFQ. Obviously, the rule being evicted violates the expectation of a timeout most severely, so it is reasonable to be the best candidate for eviction. Besides the timeout triggered putting, the active eviction mechanism of the cache management module randomly puts rules when the main table is about to be full, so as to avoid overflow of the flow table and make room for the flow about to arrive.

The flow rule history information base is maintained by a database in the controller, and the content of each rule information is shown in fig. 2. Wherein, Match _ field is the matching field of the rule, Action _ field is the Action field of the rule, and field T_oldIndicating the timeout value at its last installation, Evict _ time is the timestamp at which its last timeout expires, and Install _ times stores the number of times this rule has been installed.

The method of operation of each assembly is described in detail below, within the framework described above, as shown in figure 3.

When a packet encounters a cache miss, the switch will send a packet-in message to the controller, which will attempt to assign the appropriate idle timeout for the corresponding flow rule. Under the two-phase timeout cache management mechanism of TST, the complete implementation flow of each flow rule from being installed to the switch to being evicted is shown in fig. 3:

s1: the controller receives a packet-in message of a data packet cache missing message sent by the switch;

s2: the controller allocates an overtime for the flow rule corresponding to the data packet according to the flow rule information in the flow rule historical information base, and updates the related information of the flow rule in the flow rule historical information base, wherein the overtime is idle overtime;

s3: the controller installs the rule into a primary flow table (primary table) of the switch and processes the data packet according to the action domain information of the rule, such as forwarding or discarding;

s4: judging whether the flow rule hits the data packet before the timeout expires, if the flow rule hits the data packet again before the timeout expires, continuing to keep the flow rule in the main flow table, and if not, executing the step S4 in a circulating manner;

s5: putting the flow rule in an auxiliary storage IFQ in a switch, and recording a timeout value;

s6: and judging whether the flow rule hits the data packet in the auxiliary storage module, if so, moving the flow rule to the main flow table, keeping the timeout value unchanged, if not, expelling the flow rule from the switch, and ending.

After the step S4 is executed and before the step S5 is executed, the method further includes a step a of determining the number of packets: and judging whether the number of the flow rule hit data packets is larger than 0, if so, executing the step S5, otherwise, directly ejecting the flow rule from the switch, and ending.

In the embodiment, in order to avoid the impact of the flow of only one data packet on the auxiliary storage IFQ, the step A is adopted to simply judge the number of the data packets matched with the rule, and only the expiration rule of the data packet is hit, the data packet is qualified to be temporarily placed in the auxiliary storage and the timeout value of the data packet is recorded, so that the rule can be rapidly utilized again; rules that are pending in the IFQ are managed in a FIFO policy, and if their corresponding packet arrives before being evicted, the rule is moved to the main flow table and the timeout time remains unchanged, otherwise the rule that is pending the longest in the IFQ is evicted when the IFQ overflows, which is also the rule that is most likely to be worthless in the future. Through the two-phase timeout mechanism, the TST can evict short-life-cycle streams as soon as possible, and effectively identify active streams and keep the active streams in the cache as much as possible, thereby efficiently utilizing the stream table space.

In step (b)In step S2, the embodiment adopts the timeout calculation based on the history information of the flow rule, the specific processing algorithm is shown in table 1, if it is a new flow, it is assigned an initial idle timeout (T) based on the overall characteristics of the real network traffic_init). Based on the first analysis of the network traffic characteristics, about half of the flows have only one packet, and in order to exclude these flow rules as soon as possible, the invention sets a small initial idle timeout, e.g. 1 ms. If the corresponding flow rule has been previously installed, then based on its historical information recorded in the database and the timestamp of the packet-in event (PacketInTime), an appropriate idle timeout is set for the flow rule, which should be close to its packet arrival interval. From the analysis at the first point, it can be seen that the packet arrival intervals for some mouse streams are particularly large, with the intervals being sufficient to handle packets for many other streams. Therefore, to avoid wasting flow table space, it is not appropriate to increase the timeout for such flows. To identify such flows, the present invention sets an inter-arrival threshold (Interval _ threshold). This threshold may be set to 3000ms for trace with features in the first point. When the packet interval of a flow is less than the threshold, the regular timeout will increase according to the interval to increase its chance of remaining in the buffer. Essentially, the calculated idle timeout can be viewed as an expectation of packet arrival interval on the flow. Otherwise, the timeout value will be set to the minimum initial timeout value to avoid wasting of the flow table. To avoid an infinite increase in timeout, the present invention sets a maximum timeout (T)_max). For trace in the first point, the analysis shows that most of the packets arrive less than 3000ms apart, so this example will T_maxSet to 3000 ms.

TABLE 1 time-out assignment algorithm

The two-phase timeout cache management method of this example is detailed as follows:

a) two-stage cache management:

the two-stage timeout caching architecture can be implemented in a two-stage flow table, and also can be implemented by a TCAM partition. A two-stage timeout cache management module (management module for short) in the switch can effectively manage the two-stage flow table architecture. When a rule timeout expires in the main flow table, the management module places the rule in the IFQ instead of deleting it directly and records its timeout value. Essentially, the IFQ provides a second opportunity for an active flow rule to violate an expected timeout given by the controller. If the violation is not as severe, i.e., the packet for this flow arrives before the rule is evicted from the IFQ header, then the rule will be promoted back to the master table, with the same timeout as before. The analysis at the first point shows that the packet arrival interval of the elephant flow is relatively small, so the rules of the elephant flow can be kept in the cache as much as possible with the help of the IFQ. When the IFQ is filled, the FIFO policy will evict the header rule that violates its expected most severe, which is also the most likely useless rule in the future.

The analysis of the network traffic at the first point shows that only one packet of traffic in the network is about half of all traffic. To reduce their pollution of the IFQ, rules that do not have any hits in the main cache will not be put on hold in the IFQ, instead they will be evicted directly from the switch. This filtering has a very positive impact on the utilization of the limited capacity IFQ.

b) Active eviction mechanism to prevent flow table overflow:

flow table overflow can have serious consequences resulting in serious packet delays or drops. To avoid the overflow problem, the present invention implements an active flow rule eviction mechanism. When the occupancy of the primary table reaches a set threshold (95% in our setting), the cache management mechanism uses a random policy to put the rule from the primary table to the IFQ. The random strategy is more effective because of the higher mouse flow rate in the network.

As shown in fig. 4, the processing flow of each up to one packet in this example is:

Third, evaluation of experiment

As shown in FIGS. 5-10, this example compares the inventive TST with the hard Timeout (hard Timeout), Idealized Model (Idealized Model) and both the Intelligent Timeout Master [9] and SmartTime [12] of OpenFlow for Timeout-related work. For comparison, the present example rewrites the codes of the comparison works and sets the same parameters as those in the corresponding work papers to perform experiments. This example was simulated using the actual network packet trace [15] from CAIDA. This trace contains approximately 110 million streams, and a total of approximately 2200 million packets. In the experiment, the rules were cached in a responsive exact match.

The following criteria were used for performance comparisons:

cache hit ratio (Cache hit ratio) the ratio of packets in a TCAM that have matching rules. Cache misses increase packet latency, and therefore it is critical to improve cache hit rates in high performance networks.

Packet discard rate (Discarded packet rate) the rate of packets Discarded due to a cache miss and a full flow table. It reflects the overflow rate of the flow table.

Rule installation times the number of times a controller installs a Rule after receiving a packet-in message reflects the workload of the controller and the communication overhead between the controller and the switch.

TCAM query Energy saving (Energy saving on TCAM query) we use it to show the Energy savings of our method when accessing a TCAM based flow table. The query energy savings rate is calculated based on the TCAM entries being activated in the master table and the IFQ.

Since only SmartTime proposed the active eviction mechanism in all the comparison works, the example performed two separate sets of experiments, with no active eviction mechanism and with an active eviction mechanism.

In the following experiments, the example tested different size caches (1000, 1500, 2000, 2500, 3000 flow entries respectively), with 500 flow entries for the main table of our TST scheme. The OpenFlow hard timeout is set to 10 seconds (i.e., hard _ timeout (10s) in the following figures). In addition, the present example also counts the ratio of the data packets hit in the primary table (primary table) in the TST method to evaluate the energy consumption saving of the TCAM query.

3.1 there is no active eviction mechanism

1) Cache hit rate: the idealized model can always achieve 100% cache hit (by looking into the future), so its results are not shown. As the cache size increases, the cache hit rate for each method gradually increases. The TST has the highest cache hit rate, which is about 20% higher than SmartTime, about 30% higher than Intelligent Timeout Master, and about 30% -40% higher than OpenFlow hard Timeout mechanism. As shown in fig. 5.

2) Packet discard rate: although the main table in TST is small, the packet loss rate of TST is significantly lower than other works. Under the condition that the buffer size is 2000, the packet loss rate of the TST is about 39% lower than that of an OpenFlow hard Timeout mechanism, about 31% lower than that of an Intelligent Timeout Master, and about 22% lower than that of SmartTime. This indicates that a small initial timeout plus the auxiliary cache IFQ may evict invalid flow rules in time, thereby reducing flow table overflow. As shown in fig. 6.

3) Energy saving for TCAM query: as the cache size increases, the power saving rate of TCAM queries gradually increases in TST. With a cache size of 2000, the main table hit rate is about 43%, which means that a considerable number of packets can be hit in the smaller TCAM of the main table. Considering the access to the two TCAMs (main table and IFQ), the energy consumption of the TCAM query is reduced by about 32%. As shown in fig. 7.

3.2 there is an active eviction mechanism

1) Cache hit rate: under the active eviction mechanism, when the cache size is 2000, the cache hit rate of the TST increases by about 23%, and the SmartTime increases by about 39%. TST is still 4% higher than SmartTime. Without an active eviction mechanism, the greater advantage of TST over SmartTime indirectly reflects the advantage of the TST timeout mechanism itself over SmartTime. As shown in fig. 8.

The margin of TST is significantly enlarged compared to schemes without active eviction. The cache hit rate of the TST is about 74%, which is about 60% higher than the OpenFlow hard Timeout and about 52% higher than the intelligenttimeout Master. Of these cache hit packets, approximately 63% hit the main table in the TST, which saves the TCAM's query power significantly.

2) The number of times of rule installation: with the active eviction mechanism, the rate of dropped packets is reduced to zero, but the rule installation may increase significantly. Comparing TST with SmartTime and the idealized model, the idealized model has the largest number of stream rule installs, and when the buffer size is 2000, the number of rule installs of TST is about 80 ten thousand less than SmartTime and about 128 ten thousand less than the idealized model, as shown in fig. 9. TST reduces rule installation compared to SmartTime, while improving cache hit rate, which demonstrates the effectiveness of a two-phase timeout cache architecture.

3) Energy saving for TCAM query: under the active eviction mechanism, the TST achieves a higher cache hit rate, and the proportion of packets hitting the main table is increased, so the power saving rate of TCAM lookup is increased. When the cache size is 2000, the main table hit rate is about 63%, so the TST reduces the TCAM query energy consumption by about 47%. As shown in fig. 10.

The above experimental results demonstrate the effectiveness of TSTs in efficiently utilizing flow table space, and the small main flow table in TSTs also indicate that inefficient utilization and management of flow tables, rather than limited flow table capacity, is a major cause of the prior art facing flow table scalability problems.

Fourth, conclusion

Aiming at the problem of flow table expandability of an SDN switch, the invention provides a two-stage timeout flow table structure based on a two-stage timeout (TST) mechanism. The TST comprises two core modules, an SDN controller end timeout calculation module and an exchanger end two-stage timeout cache management module. The mechanism sets an adaptive timeout for each flow based on the flow's history information when installing the rules and provides a second opportunity to keep the flow rules in the cache still active using the auxiliary cache IFQ. This mechanism enables short-lived flows to be evicted as soon as possible and enables active flows to be better retained with the help of IFQ.

The experiment using the real network trace from CAIDA in this example shows that, in the case of the active eviction mechanism, when the total flow table size is 2000 entries, the cache hit rate of the TST is about 60% higher than the hard over mechanism of the OpenFlow. Furthermore, TST can significantly reduce the number of rule installations, thereby reducing the workload of the controller and the communication overhead between the controller and the switch. The two-phase architecture also enables TST to significantly reduce the energy consumption of TCAM queries. When the size of the TCAM is 2000, the TST reduces the energy consumption of the TCAM query by about 47%. Experimental results show that TST is able to identify and maintain useful flow rules well in the flow table.

The above-described embodiments are intended to be illustrative, and not restrictive, of the invention, and all changes that come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.

Attached: reference to the literature

[1]N.McKeown et al,Openflow:enabling innovation in campus networks.ACM SIGCOMM Computer Communication Review,38(2),2008:69-74

[2]G.Lu et al,Serverswitch:A programmable and high performance platform for data center networks.NSDI,2011.

[3]Banerjee S and Kannan K,Tag-In-Tag:Efficient flow table management in SDN switches.International Conference on Network and Service Management.IEEE,2014:109-117.

[4]Sarrar N et al,Leveraging Zipf’s law for traffic offloading.ACM SIGCOMM Computer Communication Review,2012,42(1):16-22.

[5]B.-S.Lee,R.Kanagavelu,and K.Aung,An efficient flow cache algorithm with improved fairness in software-defined data center networks.Proc.CloudNet,Nov.2013:18-24.

[6]K.Kannan and S.Banerjee,Flowmaster:Early eviction of dead flow on sdn switches.Distributed Computing and Networking.Springer,2014:484-498.

[7]Shirali-Shahreza S,Ganjali Y,Delayed Installation and Expedited Eviction:An Alternative Approach to Reduce Flow Table Occupancy in SDN Switches.IEEE/ACM Transactions on Networking,26(4),2018:1547-1561.

[8]Zhang L,Wang S,Xu S,et al,TimeoutX:An Adaptive Flow Table Management Method in Software Defined Networks.Global Communications Conference.IEEE,2016.

[9]Zhu H,et al,Intelligent timeout master:Dynamic timeout for SDN-based data centers.IFIP/IEEE International Symposium on Integrated Network Management,2015.

[10]T.Benson,A.Akella,and D.Maltz,Network Traffic Characteristics of Data Centers in the Wild.IMC,2010.

[11]Zhang L et al,AHTM:Achieving efficient flow table utilization in Software Defined Networks.Global Communications Conference.IEEE,2014:1897-1902.

[12]Vishnoi A et al,Effective switch memory management in OpenFlow networks.ACM,2014:177-188.

[13]Jianfeng Xu,Liming Wang,Chen Song and Zhen Xu,Proactive Mitigation to Table-Overflow in Software-Defined Networking.IEEE Symposium on Computers and Communications(ISCC),2018.

[14]CAIDA:Center for Applied Internet Data Analysis.

http://www.caida.org/home.

[15]The CAIDA UCSD Anonymized Internet Traces-[20180315].

http://www.caida.org/data/passive/passive_2018.xml.

Claims

1. A second-level caching method is characterized by comprising the following steps:

s4: judging whether the flow rule hits the data packet before the timeout expires, if so, keeping the rule in the main storage module, and executing the step S4 circularly, otherwise, executing the next step;

2. The level two caching method of claim 1, wherein: after the step S4 is executed and before the step S5 is executed, the method further includes a step a of determining the number of packets hit by the rule: and judging whether the number of the flow rule hit data packets is larger than 0, if so, executing the step S5, otherwise, directly ejecting the flow rule from the switch, and ending.

3. The secondary caching method according to claim 1 or 2, wherein: the main storage module and the auxiliary storage module in the switch are two flow table structures or are realized through a memory partition, when the main storage module and the auxiliary storage module are flow table structures, the main storage module is a main flow table, and the auxiliary storage module is an auxiliary storage queue.

4. The level two caching method of claim 3, wherein: and the flow rules of the auxiliary storage queue are stored or removed according to a first-in first-out strategy.

5. The level two caching method of claim 4, wherein: when the occupancy rate of the main table reaches a set threshold value, the cache management module puts the flow rule from the main flow table to the auxiliary storage queue by using a random strategy.

6. The secondary caching method according to claim 1 or 2, wherein: in step S2, a flow rule history information base is maintained by a database in the controller, and each piece of flow rule information includes a matching field of the flow rule, an action field of the flow rule, a timeout value at the last installation, a timestamp of the expiration of the last timeout, and the number of times the flow rule has been installed.

7. The level two caching method of claim 6, wherein: the distribution method of the overtime comprises the following steps: if the flow rule is a new flow rule, an initial timeout is allocated to the flow rule based on the overall characteristics of the real network flow; if the corresponding flow rule has been previously installed, then an appropriate timeout is assigned to the flow rule based on the history information of the flow rule recorded in the flow rule history information base and the timestamp of step S1, said timeout being close to the packet arrival interval of the flow rule.

8. The level two caching method of claim 7, wherein: the controller sets an arrival interval threshold and a maximum timeout, when the arrival interval of the data packet corresponding to the flow rule is smaller than the arrival interval threshold, the timeout of the flow rule is the timeout value at the last installation plus the time interval between the timestamp of the step S1 and the timestamp of the rule which expires after the last timeout, and the timeout is not increased until the maximum timeout is reached; otherwise, the timeout value is set to the initial timeout value.

9. The level two caching method of claim 8, wherein: the processing method of the data packet comprises the following steps:

10. The two-stage timeout flow table system implementing the second level caching method of any one of claims 1 to 9, wherein: comprising a controller and a switch connected to each other, wherein,