CN111431763B - Connectivity detection method for SDN controller - Google Patents
Connectivity detection method for SDN controller Download PDFInfo
- Publication number
- CN111431763B CN111431763B CN202010192891.0A CN202010192891A CN111431763B CN 111431763 B CN111431763 B CN 111431763B CN 202010192891 A CN202010192891 A CN 202010192891A CN 111431763 B CN111431763 B CN 111431763B
- Authority
- CN
- China
- Prior art keywords
- detection
- flow
- sdn controller
- connectivity
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0811—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
Abstract
The invention provides a connectivity detection method of an SDN controller, which comprises the following steps: collecting virtual hosts under the same VPC as the current SDN controller, and detecting whether east-west flow and south-north flow of the virtual hosts under the same VPC can be reached or not; performing ARP detection for detecting whether ARP of the other party can be learned between the virtual hosts; detecting whether the devices are communicated or not, and detecting whether the devices are communicated or not through a link layer discovery protocol; checking whether the flow is reachable or not by using a network diagnosis mode; and displaying the detection result. The invention provides a three-stage detection scheme, a problem point is quickly positioned, the SDN main controller processes connectivity detection, resources are fully utilized, when a virtual machine is abnormal, a problem key point can be quickly positioned and timely processed, and whether the virtual machine is connected or not can be obtained under the condition that a user does not use the virtual machine, so that the user experience is improved.
Description
Technical Field
The invention belongs to the field of SDN controllers, and particularly relates to a connectivity detection method of an SDN controller.
Background
The SDN is a novel network architecture, and the core idea is to separate a control layer and a forwarding layer of network equipment. However, the control plane cannot sense whether the virtual hosts are connected or not, and whether the virtual hosts can be connected with the external network or not. When a link between devices is not reachable, the location of the occurrence of the failure cannot be detected.
Disclosure of Invention
In view of this, the present invention provides a connectivity detection method for an SDN controller, so as to solve the defects that a connectivity state cannot be displayed and a fault occurrence position cannot be detected, and provides a three-stage detection scheme, which can locate a stage at which traffic is not communicated, quickly help to locate a problem, and solve the problem.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a method for detecting the connectivity of an SDN controller is characterized by comprising the following steps:
s1, collecting virtual hosts under the same VPC as the current SDN controller, detecting whether east-west flow and south-north flow of the virtual hosts under the same VPC can be reached, and if yes, displaying normal;
s2, if the east-west flow and the south-north flow of the virtual host under the same VPC in the step S1 are not reachable, ARP detection is carried out, whether the ARP of the other party can be learned between the virtual hosts is detected, and if the ARP of the other party cannot be learned, the step is abnormal;
s3, if ARP of the virtual hosts can be learned between the virtual hosts in the step S2, whether the virtual hosts are communicated or not is detected through a link layer, and if the virtual hosts are not communicated, the step is displayed to be abnormal;
s4, if the communication between the protocol detection devices is found through the link layer in the step S3, checking whether the flow can be reached or not through a network diagnosis mode, and if the flow can not be reached, displaying that the step is abnormal;
and S5, if the flow can reach the step S4, displaying a normal state.
Further, step S4 includes performing network diagnosis on the north-south traffic and performing network diagnosis on the east-west traffic;
the method for diagnosing the north-south traffic network comprises the following steps: diagnosing the gateway address of the external network on the firewall, and detecting whether the gateway address can be reached;
the method for diagnosing the east-west flow network comprises the following steps: and diagnosing whether the gateway of the opposite virtual host is reachable on the equipment.
Further, Ping is used for the diagnosis of the north-south and east-west traffic networks.
Further, the detecting step includes:
a1, collecting VPC information in the SDN controller through a collection module, and classifying the VPC information according to VPC dimension;
a2, performing preliminary verification of connectivity through Ping;
a3, if the Ping detection is not reached, detecting the connectivity of each stage by the detection modes of the step S2, the step S3 and the step S4;
and A4, displaying the detection result.
Compared with the prior art, the connectivity detection method of the SDN controller provided by the invention has the following advantages:
the invention provides a three-stage detection scheme, a problem point is quickly positioned, the SDN main controller processes connectivity detection, resources are fully utilized, when a virtual machine is abnormal, a problem key point can be quickly positioned and timely processed, and whether the virtual machine is connected or not can be obtained under the condition that a user does not use the virtual machine, so that the user experience is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the invention without limitation. In the drawings:
fig. 1 is a schematic diagram illustrating a flow of a comparison module according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments of the present invention may be combined with each other without conflict.
In the description of the present invention, it is to be understood that the terms "central," "longitudinal," "lateral," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like are used in the orientation or positional relationship indicated in the drawings, which are merely for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and are therefore not to be construed as limiting the invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the invention, the meaning of "a plurality" is two or more unless otherwise specified.
In the description of the invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "mounted", "connected" and "connected" are to be construed broadly, e.g. as being fixed or detachable or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the creation of the present invention can be understood by those of ordinary skill in the art through specific situations.
The invention will be described in detail with reference to the following embodiments with reference to the attached drawings.
As shown in fig. 1, a connectivity detection method for an SDN controller includes the following steps:
s1, collecting virtual hosts under the same VPC as the current SDN controller, detecting whether east-west flow and south-north flow of the virtual hosts under the same VPC can be reached, and if yes, displaying normal;
s2, if the east-west flow and the south-north flow of the virtual host under the same VPC in the step S1 are not reachable, ARP detection is carried out, whether the ARP of the other party can be learned between the virtual hosts is detected, and if the ARP of the other party cannot be learned, the step is abnormal;
s3, if ARP of the virtual hosts can be learned between the virtual hosts in the step S2, whether the virtual hosts are communicated or not is detected through a link layer, and if the virtual hosts are not communicated, the step is displayed to be abnormal;
s4, if the communication between the protocol detection devices is found through the link layer in the step S3, checking whether the flow can be reached or not through a network diagnosis mode, and if the flow can not be reached, displaying that the step is abnormal;
and S5, if the flow can reach the step S4, displaying a normal state.
The SDN controller is an application program in a Software Defined Network (SDN) and is responsible for flow control to ensure an intelligent network, and the SDN controller is based on a protocol such as OpenFlow and allows a server to tell a switch where to send a data packet; the VPC is a virtual private cloud, is a dynamic configuration pool of public cloud computing resources, and needs to use an encryption protocol, a tunnel protocol and other security programs to transmit data between a private enterprise and a cloud service provider; north-south traffic and east-west traffic are network traffic patterns in a data center environment;
a comparison module: the detection of connectivity is divided into three stages for obtaining the following comparison results of the same VPC:
the first stage is used for ARP detection and is used for detecting whether the ARP of the other party can be learned between the virtual hosts; the ARP is an Address Resolution Protocol (ARP), which is a TCP/IP protocol for acquiring a physical address according to an IP address.
The second stage is used for detecting whether the devices are communicated or not and detecting whether the devices are communicated or not through a link layer discovery protocol;
the third stage is to check whether the flow can be reached by using a network diagnosis mode.
A display module: for displaying the result of the comparison module.
In the third stage, the network diagnosis modes of the north-south traffic and the east-west traffic are different;
the method for diagnosing the north-south traffic network comprises the following steps: diagnosing the gateway address of the external network on the firewall, and detecting whether the gateway address can be reached;
the east-west flow network diagnosis method comprises the following steps: and diagnosing whether the gateway of the opposite virtual host is reachable on the equipment. The comparison module can know at which stage the blind traffic occurs.
The diagnosis of the north-south flow and east-west flow network uses Ping, wherein Ping is an Internet packet explorer and is used for testing the program of the network connection amount, Ping is a service command working in an application layer of a TCP/IP network system structure, and is mainly used for sending an ICMP echo request message to a specific destination host to test whether a destination station can reach and know the related state of the destination station.
In the specific implementation process, the detection step comprises the following steps:
a1, collecting VPC information in the SDN controller through a collection module, and classifying the VPC information according to VPC dimension;
a2, performing preliminary verification of connectivity through Ping;
a3, if the Ping detection is not reached, detecting the connectivity of each stage by a three-stage detection mode of a comparison module;
and A4, displaying the detection result.
In the specific implementation process, the SDN main controller processes a connectivity detection function, and the SDN controller is added with three modules, a collection module, a comparison module and a display module.
A collection module:
and collecting virtual machines under the same VPC of the current SDN controller, wherein the flows under different VPCs are isolated, so that the VPC is taken as a dimension to carry out connectivity detection on the virtual machines under the VPC. And detecting whether the east-west flow and the north-south flow of the virtual machine under the same VPC can be reached.
A comparison module:
and obtaining a comparison result under the same VPC through the proposed three-stage detection scheme. The principle of the three-stage detection scheme is to divide the connectivity detection into three stages, wherein the first stage is ARP detection, and whether the virtual machines can learn the ARP of the opposite side or not is judged. The second stage is whether the devices are connected or not. And detecting whether the devices are connected or not through an lldp discovery protocol. And the third stage uses a Ping mode to check whether the flow can be reached. The third stage differs in the manner of north-south traffic and east-west traffic Ping. The south-north flow is the gateway address of Ping external network on the firewall, and can be reached or not. East-west traffic is whether the Ping opposite end virtual machine gateway on the device is reachable. The comparison module can know at which stage the blind traffic occurs.
A display module:
and displaying the result of the comparison module.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and should not be taken as limiting the invention, so that any modifications, equivalents, improvements and the like, which are within the spirit and principle of the present invention, should be included in the scope of the present invention.
Claims (4)
- A method for detecting connectivity of an SDN controller, comprising the steps of:s1, collecting virtual hosts under the same VPC as the current SDN controller, detecting whether east-west flow and south-north flow of the virtual hosts under the same VPC can be reached, and if yes, displaying normal;s2, if the east-west flow and the south-north flow of the virtual host under the same VPC in the step S1 are not reachable, ARP detection is carried out, whether the ARP of the other party can be learned between the virtual hosts is detected, and if the ARP of the other party cannot be learned, the step is abnormal;s3, if ARP of the virtual hosts can be learned between the virtual hosts in the step S2, whether the virtual hosts are communicated or not is detected through a link layer, and if the virtual hosts are not communicated, the step is displayed to be abnormal;s4, if the communication between the protocol detection devices is found through the link layer in the step S3, checking whether the flow can be reached or not through a network diagnosis mode, and if the flow can not be reached, displaying that the step is abnormal;and S5, if the flow can reach the step S4, displaying a normal state.
- 2. A method of connectivity detection for an SDN controller according to claim 1, wherein: step S4 includes network diagnosis for north-south traffic and for east-west traffic;the method for diagnosing the north-south traffic network comprises the following steps: diagnosing the gateway address of the external network on the firewall, and detecting whether the gateway address can be reached;the method for diagnosing the east-west flow network comprises the following steps: and diagnosing whether the gateway of the opposite virtual host is reachable on the equipment.
- 3. A method of connectivity detection for an SDN controller according to claim 2, wherein: ping is used for the diagnosis of the north-south traffic and east-west traffic networks.
- 4. A method of connectivity detection for an SDN controller according to claim 1, wherein: the detection step in step S1 includes:a1, collecting VPC information in the SDN controller through a collection module, and classifying the VPC information according to VPC dimension;a2, performing preliminary verification of connectivity through Ping;a3, if the Ping detection is not reached, detecting the connectivity of each stage by the detection modes of the step S2, the step S3 and the step S4;and A4, displaying the detection result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010192891.0A CN111431763B (en) | 2020-03-18 | 2020-03-18 | Connectivity detection method for SDN controller |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010192891.0A CN111431763B (en) | 2020-03-18 | 2020-03-18 | Connectivity detection method for SDN controller |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111431763A CN111431763A (en) | 2020-07-17 |
CN111431763B true CN111431763B (en) | 2021-07-27 |
Family
ID=71548061
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010192891.0A Active CN111431763B (en) | 2020-03-18 | 2020-03-18 | Connectivity detection method for SDN controller |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111431763B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112636965B (en) * | 2020-12-17 | 2023-03-28 | 浪潮云信息技术股份公司 | Virtual machine network connectivity monitoring method in cloud environment |
CN116232770B (en) * | 2023-05-08 | 2023-07-21 | 中国石油大学(华东) | Enterprise network safety protection system and method based on SDN controller |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571998A (en) * | 2010-12-15 | 2012-07-11 | 财团法人工业技术研究院 | Network system and method of address resolution |
JP2012142710A (en) * | 2010-12-28 | 2012-07-26 | Hitachi Systems Ltd | System and method of lan i/f switchover control, and program |
CN102761493A (en) * | 2012-07-26 | 2012-10-31 | 杭州华三通信技术有限公司 | Multicast routing item updating method and device of multilink transparent internet |
CN107544835A (en) * | 2017-08-21 | 2018-01-05 | 新华三云计算技术有限公司 | A kind of detection method and device of virtual machine service network port |
CN108023814A (en) * | 2017-11-30 | 2018-05-11 | 北京邮电大学 | SDN control plane failure emergency systems and method |
CN108156079A (en) * | 2017-12-29 | 2018-06-12 | 深信服网络科技(深圳)有限公司 | A kind of data packet forwarding system and method based on cloud service platform |
CN109587010A (en) * | 2018-12-28 | 2019-04-05 | 迈普通信技术股份有限公司 | A kind of method for detecting connectivity, stream forwarding device and network controller |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10230609B2 (en) * | 2016-04-18 | 2019-03-12 | Nyansa, Inc. | System and method for using real-time packet data to detect and manage network issues |
-
2020
- 2020-03-18 CN CN202010192891.0A patent/CN111431763B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571998A (en) * | 2010-12-15 | 2012-07-11 | 财团法人工业技术研究院 | Network system and method of address resolution |
JP2012142710A (en) * | 2010-12-28 | 2012-07-26 | Hitachi Systems Ltd | System and method of lan i/f switchover control, and program |
CN102761493A (en) * | 2012-07-26 | 2012-10-31 | 杭州华三通信技术有限公司 | Multicast routing item updating method and device of multilink transparent internet |
CN107544835A (en) * | 2017-08-21 | 2018-01-05 | 新华三云计算技术有限公司 | A kind of detection method and device of virtual machine service network port |
CN108023814A (en) * | 2017-11-30 | 2018-05-11 | 北京邮电大学 | SDN control plane failure emergency systems and method |
CN108156079A (en) * | 2017-12-29 | 2018-06-12 | 深信服网络科技(深圳)有限公司 | A kind of data packet forwarding system and method based on cloud service platform |
CN109587010A (en) * | 2018-12-28 | 2019-04-05 | 迈普通信技术股份有限公司 | A kind of method for detecting connectivity, stream forwarding device and network controller |
Non-Patent Citations (2)
Title |
---|
Network Connectivity Proxy: Architecture,Implementation, and Performance Analysis;Raffaele Bolla,Rafiullah Khan,Matteo Repetto;《IEEE Systems Journal》;20170602;全文 * |
基于软件定义网络的DDOS攻击检测方法和缓解机制的研究;李鹤飞;《中国优秀硕士学位论文全文数据库 信息科技辑》;20151215;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN111431763A (en) | 2020-07-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108429637B (en) | System and method for dynamically detecting process layer network topology of intelligent substation | |
US6205122B1 (en) | Automatic network topology analysis | |
CN101448277B (en) | Method, system and device for processing wireless access network faults | |
CN111431763B (en) | Connectivity detection method for SDN controller | |
CN108134684B (en) | BMCIP address management system, management terminal and management method | |
CN101427596A (en) | Troubleshooting link and protocol in a wireless network | |
WO2005079008A1 (en) | Radio network monitor device and monitor system | |
CN104243239B (en) | The condition detection method and device of controller in a kind of SDN clusters | |
CN111660956A (en) | Network management state monitoring method and device and automobile | |
CN101267363A (en) | Loop testing method, system and device | |
CN111989898B (en) | Vehicle-mounted communication system, switch device, communication control method, and computer-readable storage medium | |
CN106850317A (en) | The detection method and system of a kind of router | |
CN109104335A (en) | A kind of industrial control equipment network attack test method and system | |
WO2015143810A1 (en) | Node fault detection method and apparatus | |
CN111934936A (en) | Network state detection method and device, electronic equipment and storage medium | |
CN107872368A (en) | Detection method, device and the terminal of gateway accessibility in a kind of network node cluster | |
CN104076808A (en) | Fault diagnosis system and method for industrial control equipment | |
CN111988170A (en) | Terminal fault positioning method and device | |
CN103957138A (en) | Network monitoring method, device and system | |
CN105812198A (en) | Method and device for bridged network end-to-end monitoring | |
CN109688603B (en) | Network diagnosis method, device and machine readable storage medium | |
CN102833122B (en) | Loopback detection method and system | |
CN110048909B (en) | Network operation and maintenance method and device | |
CN107509214A (en) | A kind of more radio frequency link wireless routers and method for diagnosing faults | |
CN109787865B (en) | Method, system, switch and storage medium for verifying upgrading condition |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |