CN111431763B - Connectivity detection method for SDN controller - Google Patents

Connectivity detection method for SDN controller Download PDF

Info

Publication number
CN111431763B
CN111431763B CN202010192891.0A CN202010192891A CN111431763B CN 111431763 B CN111431763 B CN 111431763B CN 202010192891 A CN202010192891 A CN 202010192891A CN 111431763 B CN111431763 B CN 111431763B
Authority
CN
China
Prior art keywords
detection
flow
sdn controller
connectivity
virtual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010192891.0A
Other languages
Chinese (zh)
Other versions
CN111431763A (en
Inventor
刘立京
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Unicloud Technology Co Ltd
Original Assignee
Unicloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Unicloud Technology Co Ltd filed Critical Unicloud Technology Co Ltd
Priority to CN202010192891.0A priority Critical patent/CN111431763B/en
Publication of CN111431763A publication Critical patent/CN111431763A/en
Application granted granted Critical
Publication of CN111431763B publication Critical patent/CN111431763B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0811Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks

Abstract

The invention provides a connectivity detection method of an SDN controller, which comprises the following steps: collecting virtual hosts under the same VPC as the current SDN controller, and detecting whether east-west flow and south-north flow of the virtual hosts under the same VPC can be reached or not; performing ARP detection for detecting whether ARP of the other party can be learned between the virtual hosts; detecting whether the devices are communicated or not, and detecting whether the devices are communicated or not through a link layer discovery protocol; checking whether the flow is reachable or not by using a network diagnosis mode; and displaying the detection result. The invention provides a three-stage detection scheme, a problem point is quickly positioned, the SDN main controller processes connectivity detection, resources are fully utilized, when a virtual machine is abnormal, a problem key point can be quickly positioned and timely processed, and whether the virtual machine is connected or not can be obtained under the condition that a user does not use the virtual machine, so that the user experience is improved.

Description

Connectivity detection method for SDN controller
Technical Field
The invention belongs to the field of SDN controllers, and particularly relates to a connectivity detection method of an SDN controller.
Background
The SDN is a novel network architecture, and the core idea is to separate a control layer and a forwarding layer of network equipment. However, the control plane cannot sense whether the virtual hosts are connected or not, and whether the virtual hosts can be connected with the external network or not. When a link between devices is not reachable, the location of the occurrence of the failure cannot be detected.
Disclosure of Invention
In view of this, the present invention provides a connectivity detection method for an SDN controller, so as to solve the defects that a connectivity state cannot be displayed and a fault occurrence position cannot be detected, and provides a three-stage detection scheme, which can locate a stage at which traffic is not communicated, quickly help to locate a problem, and solve the problem.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a method for detecting the connectivity of an SDN controller is characterized by comprising the following steps:
s1, collecting virtual hosts under the same VPC as the current SDN controller, detecting whether east-west flow and south-north flow of the virtual hosts under the same VPC can be reached, and if yes, displaying normal;
s2, if the east-west flow and the south-north flow of the virtual host under the same VPC in the step S1 are not reachable, ARP detection is carried out, whether the ARP of the other party can be learned between the virtual hosts is detected, and if the ARP of the other party cannot be learned, the step is abnormal;
s3, if ARP of the virtual hosts can be learned between the virtual hosts in the step S2, whether the virtual hosts are communicated or not is detected through a link layer, and if the virtual hosts are not communicated, the step is displayed to be abnormal;
s4, if the communication between the protocol detection devices is found through the link layer in the step S3, checking whether the flow can be reached or not through a network diagnosis mode, and if the flow can not be reached, displaying that the step is abnormal;
and S5, if the flow can reach the step S4, displaying a normal state.
Further, step S4 includes performing network diagnosis on the north-south traffic and performing network diagnosis on the east-west traffic;
the method for diagnosing the north-south traffic network comprises the following steps: diagnosing the gateway address of the external network on the firewall, and detecting whether the gateway address can be reached;
the method for diagnosing the east-west flow network comprises the following steps: and diagnosing whether the gateway of the opposite virtual host is reachable on the equipment.
Further, Ping is used for the diagnosis of the north-south and east-west traffic networks.
Further, the detecting step includes:
a1, collecting VPC information in the SDN controller through a collection module, and classifying the VPC information according to VPC dimension;
a2, performing preliminary verification of connectivity through Ping;
a3, if the Ping detection is not reached, detecting the connectivity of each stage by the detection modes of the step S2, the step S3 and the step S4;
and A4, displaying the detection result.
Compared with the prior art, the connectivity detection method of the SDN controller provided by the invention has the following advantages:
the invention provides a three-stage detection scheme, a problem point is quickly positioned, the SDN main controller processes connectivity detection, resources are fully utilized, when a virtual machine is abnormal, a problem key point can be quickly positioned and timely processed, and whether the virtual machine is connected or not can be obtained under the condition that a user does not use the virtual machine, so that the user experience is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the invention without limitation. In the drawings:
fig. 1 is a schematic diagram illustrating a flow of a comparison module according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments of the present invention may be combined with each other without conflict.
In the description of the present invention, it is to be understood that the terms "central," "longitudinal," "lateral," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like are used in the orientation or positional relationship indicated in the drawings, which are merely for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and are therefore not to be construed as limiting the invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the invention, the meaning of "a plurality" is two or more unless otherwise specified.
In the description of the invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "mounted", "connected" and "connected" are to be construed broadly, e.g. as being fixed or detachable or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the creation of the present invention can be understood by those of ordinary skill in the art through specific situations.
The invention will be described in detail with reference to the following embodiments with reference to the attached drawings.
As shown in fig. 1, a connectivity detection method for an SDN controller includes the following steps:
s1, collecting virtual hosts under the same VPC as the current SDN controller, detecting whether east-west flow and south-north flow of the virtual hosts under the same VPC can be reached, and if yes, displaying normal;
s2, if the east-west flow and the south-north flow of the virtual host under the same VPC in the step S1 are not reachable, ARP detection is carried out, whether the ARP of the other party can be learned between the virtual hosts is detected, and if the ARP of the other party cannot be learned, the step is abnormal;
s3, if ARP of the virtual hosts can be learned between the virtual hosts in the step S2, whether the virtual hosts are communicated or not is detected through a link layer, and if the virtual hosts are not communicated, the step is displayed to be abnormal;
s4, if the communication between the protocol detection devices is found through the link layer in the step S3, checking whether the flow can be reached or not through a network diagnosis mode, and if the flow can not be reached, displaying that the step is abnormal;
and S5, if the flow can reach the step S4, displaying a normal state.
The SDN controller is an application program in a Software Defined Network (SDN) and is responsible for flow control to ensure an intelligent network, and the SDN controller is based on a protocol such as OpenFlow and allows a server to tell a switch where to send a data packet; the VPC is a virtual private cloud, is a dynamic configuration pool of public cloud computing resources, and needs to use an encryption protocol, a tunnel protocol and other security programs to transmit data between a private enterprise and a cloud service provider; north-south traffic and east-west traffic are network traffic patterns in a data center environment;
a comparison module: the detection of connectivity is divided into three stages for obtaining the following comparison results of the same VPC:
the first stage is used for ARP detection and is used for detecting whether the ARP of the other party can be learned between the virtual hosts; the ARP is an Address Resolution Protocol (ARP), which is a TCP/IP protocol for acquiring a physical address according to an IP address.
The second stage is used for detecting whether the devices are communicated or not and detecting whether the devices are communicated or not through a link layer discovery protocol;
the third stage is to check whether the flow can be reached by using a network diagnosis mode.
A display module: for displaying the result of the comparison module.
In the third stage, the network diagnosis modes of the north-south traffic and the east-west traffic are different;
the method for diagnosing the north-south traffic network comprises the following steps: diagnosing the gateway address of the external network on the firewall, and detecting whether the gateway address can be reached;
the east-west flow network diagnosis method comprises the following steps: and diagnosing whether the gateway of the opposite virtual host is reachable on the equipment. The comparison module can know at which stage the blind traffic occurs.
The diagnosis of the north-south flow and east-west flow network uses Ping, wherein Ping is an Internet packet explorer and is used for testing the program of the network connection amount, Ping is a service command working in an application layer of a TCP/IP network system structure, and is mainly used for sending an ICMP echo request message to a specific destination host to test whether a destination station can reach and know the related state of the destination station.
In the specific implementation process, the detection step comprises the following steps:
a1, collecting VPC information in the SDN controller through a collection module, and classifying the VPC information according to VPC dimension;
a2, performing preliminary verification of connectivity through Ping;
a3, if the Ping detection is not reached, detecting the connectivity of each stage by a three-stage detection mode of a comparison module;
and A4, displaying the detection result.
In the specific implementation process, the SDN main controller processes a connectivity detection function, and the SDN controller is added with three modules, a collection module, a comparison module and a display module.
A collection module:
and collecting virtual machines under the same VPC of the current SDN controller, wherein the flows under different VPCs are isolated, so that the VPC is taken as a dimension to carry out connectivity detection on the virtual machines under the VPC. And detecting whether the east-west flow and the north-south flow of the virtual machine under the same VPC can be reached.
A comparison module:
and obtaining a comparison result under the same VPC through the proposed three-stage detection scheme. The principle of the three-stage detection scheme is to divide the connectivity detection into three stages, wherein the first stage is ARP detection, and whether the virtual machines can learn the ARP of the opposite side or not is judged. The second stage is whether the devices are connected or not. And detecting whether the devices are connected or not through an lldp discovery protocol. And the third stage uses a Ping mode to check whether the flow can be reached. The third stage differs in the manner of north-south traffic and east-west traffic Ping. The south-north flow is the gateway address of Ping external network on the firewall, and can be reached or not. East-west traffic is whether the Ping opposite end virtual machine gateway on the device is reachable. The comparison module can know at which stage the blind traffic occurs.
A display module:
and displaying the result of the comparison module.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and should not be taken as limiting the invention, so that any modifications, equivalents, improvements and the like, which are within the spirit and principle of the present invention, should be included in the scope of the present invention.

Claims (4)

  1. A method for detecting connectivity of an SDN controller, comprising the steps of:
    s1, collecting virtual hosts under the same VPC as the current SDN controller, detecting whether east-west flow and south-north flow of the virtual hosts under the same VPC can be reached, and if yes, displaying normal;
    s2, if the east-west flow and the south-north flow of the virtual host under the same VPC in the step S1 are not reachable, ARP detection is carried out, whether the ARP of the other party can be learned between the virtual hosts is detected, and if the ARP of the other party cannot be learned, the step is abnormal;
    s3, if ARP of the virtual hosts can be learned between the virtual hosts in the step S2, whether the virtual hosts are communicated or not is detected through a link layer, and if the virtual hosts are not communicated, the step is displayed to be abnormal;
    s4, if the communication between the protocol detection devices is found through the link layer in the step S3, checking whether the flow can be reached or not through a network diagnosis mode, and if the flow can not be reached, displaying that the step is abnormal;
    and S5, if the flow can reach the step S4, displaying a normal state.
  2. 2. A method of connectivity detection for an SDN controller according to claim 1, wherein: step S4 includes network diagnosis for north-south traffic and for east-west traffic;
    the method for diagnosing the north-south traffic network comprises the following steps: diagnosing the gateway address of the external network on the firewall, and detecting whether the gateway address can be reached;
    the method for diagnosing the east-west flow network comprises the following steps: and diagnosing whether the gateway of the opposite virtual host is reachable on the equipment.
  3. 3. A method of connectivity detection for an SDN controller according to claim 2, wherein: ping is used for the diagnosis of the north-south traffic and east-west traffic networks.
  4. 4. A method of connectivity detection for an SDN controller according to claim 1, wherein: the detection step in step S1 includes:
    a1, collecting VPC information in the SDN controller through a collection module, and classifying the VPC information according to VPC dimension;
    a2, performing preliminary verification of connectivity through Ping;
    a3, if the Ping detection is not reached, detecting the connectivity of each stage by the detection modes of the step S2, the step S3 and the step S4;
    and A4, displaying the detection result.
CN202010192891.0A 2020-03-18 2020-03-18 Connectivity detection method for SDN controller Active CN111431763B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010192891.0A CN111431763B (en) 2020-03-18 2020-03-18 Connectivity detection method for SDN controller

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010192891.0A CN111431763B (en) 2020-03-18 2020-03-18 Connectivity detection method for SDN controller

Publications (2)

Publication Number Publication Date
CN111431763A CN111431763A (en) 2020-07-17
CN111431763B true CN111431763B (en) 2021-07-27

Family

ID=71548061

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010192891.0A Active CN111431763B (en) 2020-03-18 2020-03-18 Connectivity detection method for SDN controller

Country Status (1)

Country Link
CN (1) CN111431763B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112636965B (en) * 2020-12-17 2023-03-28 浪潮云信息技术股份公司 Virtual machine network connectivity monitoring method in cloud environment
CN116232770B (en) * 2023-05-08 2023-07-21 中国石油大学(华东) Enterprise network safety protection system and method based on SDN controller

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571998A (en) * 2010-12-15 2012-07-11 财团法人工业技术研究院 Network system and method of address resolution
JP2012142710A (en) * 2010-12-28 2012-07-26 Hitachi Systems Ltd System and method of lan i/f switchover control, and program
CN102761493A (en) * 2012-07-26 2012-10-31 杭州华三通信技术有限公司 Multicast routing item updating method and device of multilink transparent internet
CN107544835A (en) * 2017-08-21 2018-01-05 新华三云计算技术有限公司 A kind of detection method and device of virtual machine service network port
CN108023814A (en) * 2017-11-30 2018-05-11 北京邮电大学 SDN control plane failure emergency systems and method
CN108156079A (en) * 2017-12-29 2018-06-12 深信服网络科技(深圳)有限公司 A kind of data packet forwarding system and method based on cloud service platform
CN109587010A (en) * 2018-12-28 2019-04-05 迈普通信技术股份有限公司 A kind of method for detecting connectivity, stream forwarding device and network controller

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10230609B2 (en) * 2016-04-18 2019-03-12 Nyansa, Inc. System and method for using real-time packet data to detect and manage network issues

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571998A (en) * 2010-12-15 2012-07-11 财团法人工业技术研究院 Network system and method of address resolution
JP2012142710A (en) * 2010-12-28 2012-07-26 Hitachi Systems Ltd System and method of lan i/f switchover control, and program
CN102761493A (en) * 2012-07-26 2012-10-31 杭州华三通信技术有限公司 Multicast routing item updating method and device of multilink transparent internet
CN107544835A (en) * 2017-08-21 2018-01-05 新华三云计算技术有限公司 A kind of detection method and device of virtual machine service network port
CN108023814A (en) * 2017-11-30 2018-05-11 北京邮电大学 SDN control plane failure emergency systems and method
CN108156079A (en) * 2017-12-29 2018-06-12 深信服网络科技(深圳)有限公司 A kind of data packet forwarding system and method based on cloud service platform
CN109587010A (en) * 2018-12-28 2019-04-05 迈普通信技术股份有限公司 A kind of method for detecting connectivity, stream forwarding device and network controller

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Network Connectivity Proxy: Architecture,Implementation, and Performance Analysis;Raffaele Bolla,Rafiullah Khan,Matteo Repetto;《IEEE Systems Journal》;20170602;全文 *
基于软件定义网络的DDOS攻击检测方法和缓解机制的研究;李鹤飞;《中国优秀硕士学位论文全文数据库 信息科技辑》;20151215;全文 *

Also Published As

Publication number Publication date
CN111431763A (en) 2020-07-17

Similar Documents

Publication Publication Date Title
CN108429637B (en) System and method for dynamically detecting process layer network topology of intelligent substation
US6205122B1 (en) Automatic network topology analysis
CN101448277B (en) Method, system and device for processing wireless access network faults
CN111431763B (en) Connectivity detection method for SDN controller
CN108134684B (en) BMCIP address management system, management terminal and management method
CN101427596A (en) Troubleshooting link and protocol in a wireless network
WO2005079008A1 (en) Radio network monitor device and monitor system
CN104243239B (en) The condition detection method and device of controller in a kind of SDN clusters
CN111660956A (en) Network management state monitoring method and device and automobile
CN101267363A (en) Loop testing method, system and device
CN111989898B (en) Vehicle-mounted communication system, switch device, communication control method, and computer-readable storage medium
CN106850317A (en) The detection method and system of a kind of router
CN109104335A (en) A kind of industrial control equipment network attack test method and system
WO2015143810A1 (en) Node fault detection method and apparatus
CN111934936A (en) Network state detection method and device, electronic equipment and storage medium
CN107872368A (en) Detection method, device and the terminal of gateway accessibility in a kind of network node cluster
CN104076808A (en) Fault diagnosis system and method for industrial control equipment
CN111988170A (en) Terminal fault positioning method and device
CN103957138A (en) Network monitoring method, device and system
CN105812198A (en) Method and device for bridged network end-to-end monitoring
CN109688603B (en) Network diagnosis method, device and machine readable storage medium
CN102833122B (en) Loopback detection method and system
CN110048909B (en) Network operation and maintenance method and device
CN107509214A (en) A kind of more radio frequency link wireless routers and method for diagnosing faults
CN109787865B (en) Method, system, switch and storage medium for verifying upgrading condition

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant