CN112671667B - A forwarding rate limiting method and system for a virtual forwarding device - Google Patents

A forwarding rate limiting method and system for a virtual forwarding device Download PDF

Info

Publication number
CN112671667B
CN112671667B CN202011405147.0A CN202011405147A CN112671667B CN 112671667 B CN112671667 B CN 112671667B CN 202011405147 A CN202011405147 A CN 202011405147A CN 112671667 B CN112671667 B CN 112671667B
Authority
CN
China
Prior art keywords
forwarding
cpu
virtual
tenant
forwarding device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011405147.0A
Other languages
Chinese (zh)
Other versions
CN112671667A (en
Inventor
杨晔
姜海洋
谢高岗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Computing Technology of CAS
Original Assignee
Institute of Computing Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Computing Technology of CAS filed Critical Institute of Computing Technology of CAS
Priority to CN202011405147.0A priority Critical patent/CN112671667B/en
Publication of CN112671667A publication Critical patent/CN112671667A/en
Application granted granted Critical
Publication of CN112671667B publication Critical patent/CN112671667B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提出一种虚拟转发设备的转发限速方法及系统,包括通过测量得到服务提供商网络平均数据包大小和流数目作为流量特征,该服务提供商网络包含虚拟转发设备和多个租户,使用流量生成工具生成符合该特征的流量,通过在该虚拟转发设备中转发该流量的数据包并测量达到各个带宽所用于转发的CPU资源,构建CPU资源和带宽的对应关系;根据各租户的基础带宽需求以及该对应关系,为各租户分配基础CPU资源,并得到该服务提供商网络在满足该基础CPU资源后剩余的CPU资源,以为每一位租户按照权重再分配空闲CPU资源,每位租户用于转发的最终CPU资源为其分配的基础CPU资源和空闲CPU资源之和;该虚拟转发设备使用该最终CPU资源对其对应的租户完成数据包的转发。

Figure 202011405147

The present invention provides a forwarding rate limiting method and system for a virtual forwarding device, including obtaining the average data packet size and flow number of a service provider network through measurement as traffic characteristics. The service provider network includes a virtual forwarding device and multiple tenants, using The traffic generation tool generates traffic that conforms to this characteristic. By forwarding the data packets of the traffic in the virtual forwarding device and measuring the CPU resources used for forwarding to achieve each bandwidth, the corresponding relationship between CPU resources and bandwidth is constructed; according to the basic bandwidth of each tenant Requirements and the corresponding relationship, allocate basic CPU resources to each tenant, and obtain the remaining CPU resources of the service provider network after satisfying the basic CPU resources, so that each tenant can re-allocate idle CPU resources according to the weight. The forwarded final CPU resource is the sum of the basic CPU resource and idle CPU resource allocated to it; the virtual forwarding device uses the final CPU resource to complete the forwarding of the data packet to its corresponding tenant.

Figure 202011405147

Description

一种虚拟转发设备的转发限速方法及系统A forwarding rate limiting method and system for a virtual forwarding device

技术领域technical field

本发明涉及限速方法,提出了一种软件转发下隔离性增强的限速方法和系统。The invention relates to a speed limiting method, and proposes a speed limiting method and system with enhanced isolation under software forwarding.

背景技术Background technique

随着网络设备向通用化和高性价比方向演进,软件转发逐渐取代了传统的硬件交换机、路由器,在很多场景下如云计算,网络功能虚拟化(NFV)中被大量使用。随着网络流量的剧增、流量类型的丰富,在这些虚拟转发设备中对不同流量在性能上的隔离性提出了更高的要求。With the evolution of network equipment towards generalization and high cost performance, software forwarding has gradually replaced traditional hardware switches and routers, and is widely used in many scenarios such as cloud computing and network function virtualization (NFV). With the sharp increase of network traffic and the richness of traffic types, higher requirements are placed on the performance isolation of different traffic in these virtual forwarding devices.

软件转发设备与硬件转发设备的功能类似,为网络中数据包根据其五元组信息转发到对应的端口或链路上,典型的实现有虚拟交换机(vSwitch)、虚拟路由器(vRouter)等。软件转发设备的运行模式通常为启动若干轮询(PMD)线程来转发流量,这些PMD线程被绑定到通用服务器上若干专用的CPU核来提供能转发所需的物理计算资源。因此,软件转发设备所能提供的转发性能,即带宽上限,是由专用于转发的CPU和来提供的。The functions of software forwarding devices are similar to hardware forwarding devices. Data packets in the network are forwarded to corresponding ports or links according to their quintuple information. Typical implementations include virtual switches (vSwitch) and virtual routers (vRouter). The operating mode of a software forwarding device is usually to start several polling (PMD) threads to forward traffic, and these PMD threads are bound to several dedicated CPU cores on a general-purpose server to provide the physical computing resources required for forwarding. Therefore, the forwarding performance that the software forwarding device can provide, that is, the upper limit of the bandwidth, is provided by the CPU sum dedicated to forwarding.

但是这些CPU所能提供的转发能力是不固定的,在不同特征流量情况下,所能提供的转发速率/带宽也不同。比如说,一个CPU核能够将包大小为1518字节的数据流转发至10Gbps,但是其转发64字节包大小的数据流却只能转发到2Gbps带宽。这就给租户的带宽保障带来了挑战。However, the forwarding capabilities that these CPUs can provide are not fixed, and the forwarding rates/bandwidths they can provide are also different under different traffic characteristics. For example, a CPU core can forward a data stream with a packet size of 1518 bytes to 10Gbps, but it can forward a data stream with a packet size of 64 bytes only to 2Gbps bandwidth. This brings challenges to the bandwidth guarantee of tenants.

目前已有的限速方法都是基于端口速率的,即直接按照带宽指标来限速,高于指标的流量不放行,例如广泛使用的基于每秒比特数(BPS)或每秒数据包数(PPS)的令牌桶策略,在软件转发设备中根据令牌来转发流量,但是这种方法很容易因为流量转发任务对于CPU资源的竞争而失效。很常见的现象就是,当一个流突然改变数据包大小(比如从1518字节更改为64字节),在软件转发设备中,虽然该流的带宽/转发速率依然保持不变且没有超过限制,但是该流的CPU资源消耗会增加几倍,这就抢占了原本属于别的流的转发CPU资源,使得别的流可用的CPU资源下降,进而降低带宽。The existing rate limiting methods are all based on the port rate, that is, the rate is directly limited according to the bandwidth indicator, and the traffic higher than the indicator is not released, such as the widely used bits per second (BPS) or packets per second ( PPS) token bucket strategy, in the software forwarding device to forward traffic according to the token, but this method is easy to fail due to the competition of traffic forwarding tasks for CPU resources. It is very common that when a flow suddenly changes the packet size (such as from 1518 bytes to 64 bytes), in a software forwarding device, although the bandwidth/forwarding rate of the flow remains the same and does not exceed the limit, However, the CPU resource consumption of the flow will increase several times, which preempts the forwarding CPU resources originally belonging to other flows, reduces the CPU resources available to other flows, and reduces the bandwidth.

这种现象会造成一些流会因为别的流更改了流量特征而被干扰,带宽不稳定,网络性能的隔离性差。而已有的限速方法在实现上都没有考虑流量对CPU资源的竞争和软件转发设备不稳定的处理能力。因此一种资源隔离性好的软件转发限速方法亟待提出。This phenomenon will cause some flows to be disturbed because other flows have changed the traffic characteristics, the bandwidth will be unstable, and the isolation of network performance will be poor. However, the existing rate limiting methods do not consider the competition of traffic for CPU resources and the unstable processing capability of the software forwarding device in implementation. Therefore, a software forwarding rate limiting method with good resource isolation needs to be proposed.

发明内容SUMMARY OF THE INVENTION

针对现有技术的不足,本发明提出一种虚拟转发设备的转发限速方法,其中包括:In view of the deficiencies of the prior art, the present invention proposes a forwarding rate limiting method for a virtual forwarding device, including:

步骤1、通过测量得到服务提供商网络平均数据包大小和流数目作为流量特征,该服务提供商网络包含虚拟转发设备和多个租户,使用流量生成工具生成符合该特征的流量,通过在该虚拟转发设备中转发该流量的数据包并测量达到各个带宽所用于转发的CPU资源,构建CPU资源和带宽的对应关系;Step 1. Obtain the average data packet size and flow number of the service provider network as traffic characteristics through measurement. The service provider network includes a virtual forwarding device and multiple tenants. Use a traffic generation tool to generate traffic that meets the characteristics. The forwarding device forwards the data packets of the traffic and measures the CPU resources used for forwarding to reach each bandwidth, and constructs the corresponding relationship between CPU resources and bandwidth;

步骤2、根据各租户的基础带宽需求以及该对应关系,为各租户分配基础CPU资源,并得到该服务提供商网络在满足该基础CPU资源后剩余的CPU资源,以为每一位租户按照权重再分配空闲CPU资源,每位租户用于转发的最终CPU资源为其分配的基础CPU资源和空闲CPU资源之和;Step 2. According to the basic bandwidth requirements of each tenant and the corresponding relationship, allocate basic CPU resources to each tenant, and obtain the remaining CPU resources of the service provider network after the basic CPU resources are satisfied, so that each tenant can be regenerated according to the weight. Allocate idle CPU resources, and the final CPU resources used by each tenant for forwarding are the sum of the basic CPU resources and idle CPU resources allocated to them;

步骤3、该虚拟转发设备使用该最终CPU资源对其对应的租户完成数据包的转发。Step 3: The virtual forwarding device uses the final CPU resource to complete the forwarding of the data packet to its corresponding tenant.

所述的虚拟转发设备的转发限速方法,其中该步骤3包括:该虚拟转发设备利用该最终CPU资源对租户转发数据包进行限速,超过该最终CPU资源时的数据流量将等待或被丢弃。The forwarding rate limiting method of the virtual forwarding device, wherein step 3 includes: the virtual forwarding device utilizes the final CPU resource to limit the speed of the data packet forwarded by the tenant, and the data traffic when the final CPU resource is exceeded will wait or be discarded .

所述的虚拟转发设备的转发限速方法,其中该基础CPU资源、该空闲CPU资源和该最终CPU资源的单位均为CPUcycles/s。In the method for limiting the forwarding rate of the virtual forwarding device, the units of the basic CPU resource, the idle CPU resource and the final CPU resource are all CPUcycles/s.

所述的虚拟转发设备的转发限速方法,其中该步骤3包括:使用令牌桶或公平队列的方式对租户转发数据包进行限速。In the method for limiting the forwarding rate of the virtual forwarding device, the step 3 includes: using a token bucket or a fair queue to limit the rate of the data packets forwarded by the tenant.

所述的虚拟转发设备的转发限速方法,其中该虚拟转发设备为虚拟路由器或虚拟交换机。The forwarding rate limiting method of the virtual forwarding device, wherein the virtual forwarding device is a virtual router or a virtual switch.

本发明还提出了一种虚拟转发设备的转发限速系统,其中包括:The present invention also proposes a forwarding rate limiting system for a virtual forwarding device, which includes:

模块1,用于测量得到服务提供商网络平均数据包大小和流数目作为流量特征,该服务提供商网络包含虚拟转发设备和多个租户,使用流量生成工具生成符合该特征的流量,通过在该虚拟转发设备中转发该流量的数据包并测量达到各个带宽所用于转发的CPU资源,构建CPU资源和带宽的对应关系;Module 1 is used to measure and obtain the average data packet size and flow number of the service provider network as traffic characteristics. The service provider network includes virtual forwarding devices and multiple tenants, and the traffic generation tool is used to generate traffic that meets the characteristics. The virtual forwarding device forwards the data packets of the traffic and measures the CPU resources used for forwarding to reach each bandwidth, and constructs the corresponding relationship between CPU resources and bandwidth;

模块2,用于根据各租户的基础带宽需求以及该对应关系,为各租户分配基础CPU资源,并得到该服务提供商网络在满足该基础CPU资源后剩余的CPU资源,以为每一位租户按照权重再分配空闲CPU资源,每位租户用于转发的最终CPU资源为其分配的基础CPU资源和空闲CPU资源之和,该虚拟转发设备使用该最终CPU资源对其对应的租户完成数据包的转发。Module 2 is used to allocate basic CPU resources to each tenant according to the basic bandwidth requirements of each tenant and the corresponding relationship, and obtain the remaining CPU resources of the service provider network after meeting the basic CPU resources, so that each The weight redistributes idle CPU resources. The final CPU resource used by each tenant for forwarding is the sum of the basic CPU resources and idle CPU resources allocated to it. The virtual forwarding device uses the final CPU resource to complete the forwarding of data packets to its corresponding tenant. .

所述的虚拟转发设备的转发限速系统,其中该虚拟转发设备利用该最终CPU资源对租户转发数据包进行限速,超过该最终CPU资源时的数据流量将等待或被丢弃。The forwarding rate limiting system of the virtual forwarding device, wherein the virtual forwarding device utilizes the final CPU resource to limit the speed of the data packets forwarded by the tenant, and the data traffic exceeding the final CPU resource will wait or be discarded.

所述的虚拟转发设备的转发限速系统,其中该基础CPU资源、该空闲CPU资源和该最终CPU资源的单位均为CPUcycles/s。In the forwarding rate limiting system of the virtual forwarding device, the units of the basic CPU resource, the idle CPU resource and the final CPU resource are all CPUcycles/s.

所述的虚拟转发设备的转发限速系统,其中该步骤3包括:使用令牌桶或公平队列的方式对租户转发数据包进行限速。In the forwarding rate limiting system of the virtual forwarding device, the step 3 includes: using a token bucket or a fair queue to limit the rate of the data packets forwarded by the tenant.

所述的虚拟转发设备的转发限速系统,其中该虚拟转发设备为虚拟路由器或虚拟交换机。The forwarding rate limiting system of the virtual forwarding device, wherein the virtual forwarding device is a virtual router or a virtual switch.

由以上方案可知,本发明的优点在于:As can be seen from the above scheme, the advantages of the present invention are:

(1)隔离性。该方法从根本上消除了不同的流或租户对软件转发设备中CPU资源的竞争,通过按照带宽-CPU资源的对应关系来合理分配CPU资源,每个流或租户能够享有自己所需的CPU资源来做流量转发而不受其他用户的影响,实现了带宽隔离性。(1) Isolation. This method fundamentally eliminates the competition of different flows or tenants for CPU resources in the software forwarding device. By rationally allocating CPU resources according to the corresponding relationship between bandwidth and CPU resources, each flow or tenant can enjoy its own required CPU resources. To do traffic forwarding without being affected by other users, and achieve bandwidth isolation.

(2)鲁棒性。鲁棒性是在隔离性的前提下实现的,我们提出的基于CPU-cycle的限速方法在保障了基本的带宽以后,为了充分利用软件转发设备中的CPU资源,将CPU上尚且空闲的资源按权重分给了流或租户,能够一定程度上抵御流量突发造成的丢包。(2) Robustness. Robustness is achieved under the premise of isolation. After the CPU-cycle-based speed limit method we propose guarantees the basic bandwidth, in order to make full use of the CPU resources in the software forwarding device, the CPU resources are still idle. It is assigned to flows or tenants by weight, which can resist packet loss caused by traffic bursts to a certain extent.

(3)平台无关。我们提出是一种方法,其具有平台无关的特性,包括从建立带宽-CPU的对应关系、为不同的流或租户分配CPU资源,都是可以在任何软件实现的转发设备上实现的,例如vRouter,vSwitch等。(3) Platform independent. What we propose is a method that has platform-independent features, ranging from establishing bandwidth-CPU correspondence, allocating CPU resources to different flows or tenants, and can be implemented on any software-implemented forwarding device, such as vRouter , vSwitch, etc.

综上,本发明关注的是软件转发下的限速方法的带宽隔离性问题,提出了一种基于CPU-cycle的限速方法。限速的指标是硬件CPU资源而不是传统的BPS/PPS等带宽指标,通过构建软转发设备中的带宽-CPU对应关系,为流或租户分配它们所需的转发CPU资源,用限制CPU资源的方式来实现对这些流或租户的限速和隔离性。在CPU资源层面上的分配和隔离保证了这些流或租户之间不受干扰,同时充分分配空闲的CPU资源又能抵御突发流量的丢包影响,实现了隔离且鲁棒地限速。To sum up, the present invention focuses on the bandwidth isolation problem of the rate limiting method under software forwarding, and proposes a rate limiting method based on CPU-cycle. The rate-limiting indicator is hardware CPU resources rather than traditional bandwidth indicators such as BPS/PPS. By building the bandwidth-CPU correspondence in the soft forwarding device, allocating the required forwarding CPU resources for flows or tenants. way to achieve rate limiting and isolation for these flows or tenants. The allocation and isolation at the CPU resource level ensures that these flows or tenants are not interfered with, and at the same time fully allocates idle CPU resources and resists the impact of burst traffic packet loss, achieving isolation and robust rate limiting.

附图说明Description of drawings

图1为本发明的方法流程图;Fig. 1 is the method flow chart of the present invention;

图2为本发明实施例示意图;2 is a schematic diagram of an embodiment of the present invention;

图3为基于CPUcycle的令牌桶机制的每次批处理转发流程图。Figure 3 is a flow chart of each batch forwarding of the CPUcycle-based token bucket mechanism.

具体实施方式Detailed ways

本设计为了解决软件转发设备中现有的限速方法隔离性差的问题,为了对CPU竞争加以限制和合理分配转发CPU资源,我们提出了一种基于CPU-cycle的限速方法,用转发CPU资源的分配来实现限速的功能。In this design, in order to solve the problem of poor isolation of the existing rate limiting methods in software forwarding devices, in order to limit CPU competition and reasonably allocate forwarding CPU resources, we propose a CPU-cycle-based rate limiting method. allocation to realize the function of speed limit.

该方法与传统的限速方法最大的区别在于限速的指标。传统的方法直接按照带宽的指标(即BPS或PPS)进行限速,高于带宽指标的流量则丢弃或等待,因而CPU资源的竞争则会严重影响限速效果,损害网络性能的隔离性。而我们则从最基本转发引擎的硬件资源出发,由于软件转发设备的转发速率是由专用的CPU资源提供的,我们提出的基于CPU-cycle的限速方法则不再按照带宽指标来判断流量允不允许转发,而是通过限制租户的转发任务在转发设备中每秒消耗的CPUcycles(CPU周期,表示CPU资源的单位,如一个2.0GHz的CPU核其每秒有2.0G个CPUcycles)来为其限制转发速率。租户可为与虚拟交换机相连接的虚拟机,也可以是与虚拟路由器相连接的各种虚拟设备。The biggest difference between this method and the traditional speed limit method is the speed limit index. The traditional method directly limits the speed according to the bandwidth index (ie, BPS or PPS), and discards or waits for the traffic higher than the bandwidth index. Therefore, the competition of CPU resources will seriously affect the speed limiting effect and damage the isolation of network performance. We start from the hardware resources of the most basic forwarding engine. Since the forwarding rate of the software forwarding device is provided by dedicated CPU resources, the CPU-cycle-based rate limiting method we propose no longer judges the traffic allowable according to the bandwidth index. Forwarding is not allowed, but by limiting the number of CPU cycles (CPU cycles, a unit of CPU resources) that tenants' forwarding tasks consume per second in the forwarding device, for example, a 2.0GHz CPU core has 2.0G CPUcycles per second. Limit the forwarding rate. Tenants can be virtual machines connected to virtual switches or various virtual devices connected to virtual routers.

为了实现通过限制每个流/租户消耗的CPUcycles/s来限制其转发速率,首先需要建立转发设备内CPUcycles/s与带宽的对应关系。在不同的软件转发设备中,影响该带宽-CPU对应关系的条件大致包含两大类:In order to limit the forwarding rate by limiting the CPUcycles/s consumed by each flow/tenant, the corresponding relationship between CPUcycles/s and bandwidth in the forwarding device needs to be established first. In different software forwarding devices, the conditions that affect the bandwidth-CPU correspondence roughly include two categories:

1)流量特性。数据包大小、并发流的数目都会影响这个对应关系。比如说同样带宽下,64字节数据包消耗的CPU资源更多,而并发流数目多也会导致转发设备中查表的步骤较慢,消耗更多CPU资源。因此为了消除该类条件对带宽-CPU对应关系造成的影响,服务提供商可以在售卖带宽时约束为在特定的数据包大小和特定流数目情况下的带宽,比如在转发设备上采集一段时间(比如一小时)的流量,以获取流经转发设备的流量中平均的数据包大小和流数目。并以此来确定带宽-CPU资源的对应关系。1) Flow characteristics. The packet size and the number of concurrent streams will affect this correspondence. For example, under the same bandwidth, 64-byte data packets consume more CPU resources, and the number of concurrent streams will also lead to slower table lookup steps in the forwarding device, consuming more CPU resources. Therefore, in order to eliminate the impact of such conditions on the corresponding relationship between bandwidth and CPU, service providers can constrain the bandwidth when selling bandwidth to a specific packet size and a specific number of streams, such as collecting data on the forwarding device for a period of time ( e.g. one hour) to obtain the average packet size and number of flows in the traffic flowing through the forwarding device. And use this to determine the corresponding relationship between bandwidth and CPU resources.

2)平台特性。不同的CPU平台的硬件性能不同,能够转发的带宽也不同,因此平台也是很容易影响带宽-CPU对应关系;软件转发设备中的路由表、流表等规则数目和复杂度也会影响对应关系的构建。因此这些平台特性需要在对应平台上测量得出。2) Platform features. The hardware performance of different CPU platforms is different, and the bandwidth that can be forwarded is also different. Therefore, the platform can easily affect the corresponding relationship between bandwidth and CPU. The number and complexity of rules such as routing tables and flow tables in the software forwarding device will also affect the corresponding relationship. Construct. Therefore, these platform characteristics need to be measured on the corresponding platform.

在考虑了上述两大特性后,可以构建出基于测量的带宽-CPU对应关系,在该关系指导下,每个流或租户可以得到在实际场景中达到其购买带宽所需的基本CPU资源Cbasic(单位是CPUcycles/s),这可以保证基础的带宽。在基础带宽得到保障后,为了充分利用CPU资源,还需要根据当前CPU核上剩余的资源情况,为每条流按照权重再分配空闲的CPU资源Cidle以充分利用空闲资源实现所有用户最大带宽,这里的Cidle包含两部分的空闲CPU资源:一类是核上未分配的CPU资源,另一类是已分配但是未使用的资源。最终,每个流或租户,分得的用于转发的CPU资源为Cbasic+Cidle,这样保证了在带宽保障和限速层面上既拥有隔离性又具有鲁棒性,能够一定程度上抵御流量突发的影响。After considering the above two characteristics, a measurement-based bandwidth-CPU correspondence can be constructed. Under the guidance of this relationship, each flow or tenant can obtain the basic CPU resources C basic required to achieve its purchased bandwidth in actual scenarios. (unit is CPUcycles/s), this can guarantee the basic bandwidth. After the basic bandwidth is guaranteed, in order to make full use of CPU resources, it is also necessary to re-allocate idle CPU resources C idle for each stream according to the weight of the remaining resources on the current CPU core to make full use of idle resources to achieve the maximum bandwidth of all users. The C idle here contains two parts of idle CPU resources: one is the unallocated CPU resources on the core, and the other is the allocated but unused resources. In the end, each stream or tenant is allocated the CPU resource for forwarding as C basic + C idle , which ensures both isolation and robustness in terms of bandwidth guarantee and speed limit, and can resist to a certain extent The impact of traffic bursts.

在将CPU资源分配完毕后,下一步就是只利用这些分配的CPU资源为对应的流或租户完成流量的转发。可以使用令牌桶、公平队列等方式,利用这些分配好的有限CPU资源来限速,对一个流或租户来说,超过这些单位被分配到的CPU资源处理能力之外的流量将等待或被丢弃。这样就实现了流或租户在硬件CPU资源层面的隔离性,进而实现了带宽的良好隔离。After the CPU resources are allocated, the next step is to use only the allocated CPU resources to forward traffic for the corresponding flow or tenant. You can use token buckets, fair queues, etc. to use these allocated limited CPU resources to limit the speed. For a flow or tenant, traffic beyond the processing capacity of the CPU resources allocated by these units will wait or be blocked. throw away. In this way, the isolation of streams or tenants at the hardware CPU resource level is achieved, thereby achieving good isolation of bandwidth.

为让本发明的上述特征和效果能阐述的更明确易懂,下文特举实施例,并配合说明书附图作详细说明如下。In order to make the above-mentioned features and effects of the present invention more clearly and comprehensible, embodiments are given below, and detailed descriptions are given below in conjunction with the accompanying drawings.

下面为本发明提出的限速方法的一种实施例。The following is an embodiment of the speed limiting method proposed by the present invention.

该实施例选用的openvSwitch作为一个典型的软件转发平台,open vSwitch是业界的虚拟交换机标杆,被广泛使用。我们在其上使用基于CPU-cycle的令牌桶实现了该限速方法,令牌桶中的令牌数是剩余CPUcycles,令牌的生成速率单位是CPUcycles/s。In this embodiment, openvSwitch is selected as a typical software forwarding platform, and openvSwitch is a benchmark of virtual switches in the industry and is widely used. We implemented this rate limiting method on it using a CPU-cycle-based token bucket. The number of tokens in the token bucket is the remaining CPUcycles, and the token generation rate unit is CPUcycles/s.

限速方法的实施如图1所示,分为如下步骤:The implementation of the speed limiting method is shown in Figure 1, which is divided into the following steps:

1.在服务器平台上(包含多个虚拟机和一个openvSwitch)测量平均流量的带宽-CPU对应关系。测量该对应关系需要先测得一段时间内通过open vSwitch中的流量的平均数据包大小和流数目等特征,然后使用流量生成工具生成符合平均数据包大小和流数目特征的流量,在openvSwitch中转发该流量的数据包并测量达到各个带宽规格所需要用于转发的CPU资源,即Cbasic1. Measure the bandwidth-CPU correspondence of average traffic on a server platform (including multiple virtual machines and an openvSwitch). To measure this correspondence, you need to first measure the average packet size and flow number of the traffic passing through the open vSwitch for a period of time, and then use the traffic generation tool to generate traffic that matches the characteristics of the average packet size and flow number, and forward it in the openvSwitch packets of this traffic and measure the CPU resources required for forwarding to achieve each bandwidth specification, ie C basic .

2.为每个租户根据其购买带宽分配令牌生成速率(即CPUcycles/s)。通过上述第一步中建立的对应关系,根据购买的带宽找到对应的CPUcycles/s以及空闲CPU资源情况,设置对应令牌桶的令牌生成速率。如图2所示,4个VM在openvSwitch中使用一个2.2GHz的CPU核来做转发,假设它们按照带宽-CPU对应关系分到的Cbasic分别为0.2Gcycles/s、0.2Gcycles/s、0.4G cycles/s、0.4Gcycles/s,还剩余1Gcycles/s的空闲CPU资源,那么在保证隔离性基础上按权重分配,因此每个VM实际设置的令牌生成速率分别为0.36Gcycles/s、0.36Gcycles/s、0.72Gcycles/s、0.72Gcycles/s。2. Assign a token generation rate (i.e. CPUcycles/s) to each tenant based on their purchased bandwidth. Through the correspondence established in the first step above, find the corresponding CPU cycles/s and idle CPU resources according to the purchased bandwidth, and set the token generation rate of the corresponding token bucket. As shown in Figure 2, 4 VMs use a 2.2GHz CPU core for forwarding in openvSwitch, assuming that their C basics according to the bandwidth-CPU correspondence are 0.2Gcycles/s, 0.2Gcycles/s, 0.4G respectively cycles/s, 0.4Gcycles/s, and there are 1Gcycles/s of idle CPU resources left, then the allocation is based on weights on the basis of ensuring isolation. Therefore, the actual token generation rates set by each VM are 0.36Gcycles/s and 0.36Gcycles, respectively. /s, 0.72Gcycles/s, 0.72Gcycles/s.

3.使用基于CPU-cycle的令牌桶在转发过程中进行限速。令牌桶的机制运行流程如图3所示,每次当有流量需要转发时,先去检查对应的租户的令牌桶内是否还有CPUcycles。如果剩余的CPUcycles大于0,则为其转发一批数据包,并在转发过程结束后,将消耗的CPUcycles在令牌桶中减去;如果剩余的CPUcycles小于0,则跳过本次批转发,为下一个流或租户转发流量。3. Use CPU-cycle-based token buckets to limit the rate during forwarding. The operation process of the token bucket mechanism is shown in Figure 3. Every time there is traffic to be forwarded, first check whether there are CPUcycles in the token bucket of the corresponding tenant. If the remaining CPUcycles is greater than 0, forward a batch of data packets for it, and subtract the consumed CPUcycles from the token bucket after the forwarding process; if the remaining CPUcycles is less than 0, skip this batch forwarding, Forward traffic for the next flow or tenant.

在上述过程中,我们展示了如何用一种基于CPU-cycle的令牌桶机制来实现该限速方法,其中令牌桶内的令牌生成速率和转发过程中令牌桶的作用机制是实现该限速方法的重点。但是该限速方法不仅可以用令牌桶实现,一些其他的机制如公平队列,也能够分配并隔离CPU资源,并实现这种限速方法。In the above process, we show how to use a CPU-cycle-based token bucket mechanism to implement the rate limiting method, in which the token generation rate in the token bucket and the action mechanism of the token bucket during the forwarding process are realized The point of this rate-limiting method. However, this rate limiting method can not only be implemented with token buckets, but some other mechanisms such as fair queues can also allocate and isolate CPU resources to implement this rate limiting method.

通过该方法对软件转发设备中专用于转发的CPU资源的隔离和分配实现了限速的隔离性,使得流和租户不再会互相影响,可以灵活地应用在各种软件转发场景下,为用户提供稳定的带宽保障服务。Through this method, the isolation and allocation of CPU resources dedicated to forwarding in the software forwarding device realizes the isolation of the speed limit, so that the flow and the tenant will no longer affect each other, and can be flexibly applied in various software forwarding scenarios, providing users with Stable bandwidth guarantee service.

以下为与上述方法实施例对应的系统实施例,本实施方式可与上述实施方式互相配合实施。上述实施方式中提到的相关技术细节在本实施方式中依然有效,为了减少重复,这里不再赘述。相应地,本实施方式中提到的相关技术细节也可应用在上述实施方式中。The following are system embodiments corresponding to the foregoing method embodiments, and this implementation manner may be implemented in cooperation with the foregoing implementation manners. The related technical details mentioned in the foregoing embodiment are still valid in this embodiment, and are not repeated here in order to reduce repetition. Correspondingly, the relevant technical details mentioned in this embodiment can also be applied to the above-mentioned embodiments.

本发明还提出了一种虚拟转发设备的转发限速系统,其中包括:The present invention also proposes a forwarding rate limiting system for a virtual forwarding device, which includes:

模块1,用于测量得到服务提供商网络平均数据包大小和流数目作为流量特征,该服务提供商网络包含虚拟转发设备和多个租户,使用流量生成工具生成符合该特征的流量,通过在该虚拟转发设备中转发该流量的数据包并测量达到各个带宽所用于转发的CPU资源,构建CPU资源和带宽的对应关系;Module 1 is used to measure and obtain the average data packet size and flow number of the service provider network as traffic characteristics. The service provider network includes virtual forwarding devices and multiple tenants, and the traffic generation tool is used to generate traffic that meets the characteristics. The virtual forwarding device forwards the data packets of the traffic and measures the CPU resources used for forwarding to reach each bandwidth, and constructs the corresponding relationship between CPU resources and bandwidth;

模块2,用于根据各租户的基础带宽需求以及该对应关系,为各租户分配基础CPU资源,并得到该服务提供商网络在满足该基础CPU资源后剩余的CPU资源,以为每一位租户按照权重再分配空闲CPU资源,每位租户用于转发的最终CPU资源为其分配的基础CPU资源和空闲CPU资源之和,该虚拟转发设备使用该最终CPU资源对其对应的租户完成数据包的转发。Module 2 is used to allocate basic CPU resources to each tenant according to the basic bandwidth requirements of each tenant and the corresponding relationship, and obtain the remaining CPU resources of the service provider network after meeting the basic CPU resources, so that each The weight redistributes idle CPU resources. The final CPU resource used by each tenant for forwarding is the sum of the basic CPU resources and idle CPU resources allocated to it. The virtual forwarding device uses the final CPU resource to complete the forwarding of data packets to its corresponding tenant. .

所述的虚拟转发设备的转发限速系统,其中该虚拟转发设备利用该最终CPU资源对租户转发数据包进行限速,超过该最终CPU资源时的数据流量将等待或被丢弃。The forwarding rate limiting system of the virtual forwarding device, wherein the virtual forwarding device utilizes the final CPU resource to limit the speed of the data packets forwarded by the tenant, and the data traffic exceeding the final CPU resource will wait or be discarded.

所述的虚拟转发设备的转发限速系统,其中该基础CPU资源、该空闲CPU资源和该最终CPU资源的单位均为CPUcycles/s。In the forwarding rate limiting system of the virtual forwarding device, the units of the basic CPU resource, the idle CPU resource and the final CPU resource are all CPUcycles/s.

所述的虚拟转发设备的转发限速系统,其中该步骤3包括:使用令牌桶或公平队列的方式对租户转发数据包进行限速。In the forwarding rate limiting system of the virtual forwarding device, the step 3 includes: using a token bucket or a fair queue to limit the rate of the data packets forwarded by the tenant.

所述的虚拟转发设备的转发限速系统,其中该虚拟转发设备为虚拟路由器或虚拟交换机。The forwarding rate limiting system of the virtual forwarding device, wherein the virtual forwarding device is a virtual router or a virtual switch.

Claims (10)

1.一种虚拟转发设备的转发限速方法,其特征在于,包括:1. a forwarding rate limiting method of a virtual forwarding device, is characterized in that, comprising: 步骤1、通过测量得到服务提供商网络平均数据包大小和流数目作为流量特征,该服务提供商网络包含虚拟转发设备和多个租户,使用流量生成工具生成符合该流量特征的流量,通过在该虚拟转发设备中转发该流量的数据包并测量达到各个带宽所用于转发的CPU资源,构建CPU资源和带宽的对应关系;Step 1. Obtain the average data packet size and flow number of the service provider network as traffic characteristics through measurement. The service provider network includes virtual forwarding devices and multiple tenants. Use a traffic generation tool to generate traffic that meets the traffic characteristics. The virtual forwarding device forwards the data packets of the traffic and measures the CPU resources used for forwarding to reach each bandwidth, and constructs the corresponding relationship between CPU resources and bandwidth; 步骤2、根据各租户的基础带宽需求以及该对应关系,为各租户分配基础CPU资源,并得到该服务提供商网络在满足该基础CPU资源后剩余的CPU资源,以为每一位租户按照权重再分配空闲CPU资源,每位租户用于转发的最终CPU资源为其分配的基础CPU资源和空闲CPU资源之和;Step 2. According to the basic bandwidth requirements of each tenant and the corresponding relationship, allocate basic CPU resources to each tenant, and obtain the remaining CPU resources of the service provider network after the basic CPU resources are satisfied, so that each tenant can be regenerated according to the weight. Allocate idle CPU resources, and the final CPU resources used by each tenant for forwarding are the sum of the basic CPU resources and idle CPU resources allocated to them; 步骤3、该虚拟转发设备使用该最终CPU资源对其对应的租户完成数据包的转发。Step 3: The virtual forwarding device uses the final CPU resource to complete the forwarding of the data packet to its corresponding tenant. 2.如权利要求1所述的虚拟转发设备的转发限速方法,其特征在于,该步骤3包括:该虚拟转发设备利用该最终CPU资源对租户转发数据包进行限速,超过该最终CPU资源时的数据流量将等待或被丢弃。2 . The forwarding rate limiting method for a virtual forwarding device according to claim 1 , wherein step 3 comprises: the virtual forwarding device uses the final CPU resource to limit the speed of the data packets forwarded by the tenant, and exceeds the final CPU resource. 3 . When the data traffic will wait or be dropped. 3.如权利要求1所述的虚拟转发设备的转发限速方法,其特征在于,该基础CPU资源、该空闲CPU资源和该最终CPU资源的单位均为CPU cycles/s。3 . The forwarding rate limiting method of a virtual forwarding device according to claim 1 , wherein the units of the basic CPU resource, the idle CPU resource and the final CPU resource are all CPU cycles/s. 4 . 4.如权利要求2所述的虚拟转发设备的转发限速方法,其特征在于,该步骤3包括:使用令牌桶或公平队列的方式对租户转发数据包进行限速。4 . The forwarding rate limiting method for a virtual forwarding device according to claim 2 , wherein step 3 comprises: using a token bucket or a fair queue to limit the rate of data packets forwarded by the tenant. 5 . 5.如权利要求2所述的虚拟转发设备的转发限速方法,其特征在于,该虚拟转发设备为虚拟路由器或虚拟交换机。5 . The forwarding rate limiting method of a virtual forwarding device according to claim 2 , wherein the virtual forwarding device is a virtual router or a virtual switch. 6 . 6.一种虚拟转发设备的转发限速系统,其特征在于,包括:6. A forwarding rate limiting system of a virtual forwarding device, characterized in that, comprising: 模块1,用于测量得到服务提供商网络平均数据包大小和流数目作为流量特征,该服务提供商网络包含虚拟转发设备和多个租户,使用流量生成工具生成符合该流量特征的流量,通过在该虚拟转发设备中转发该流量的数据包并测量达到各个带宽所用于转发的CPU资源,构建CPU资源和带宽的对应关系;Module 1 is used to measure and obtain the average data packet size and flow number of the service provider network as traffic characteristics. The service provider network includes virtual forwarding equipment and multiple tenants. The traffic generation tool is used to generate traffic that meets the traffic characteristics. The virtual forwarding device forwards the data packets of the traffic and measures the CPU resources used for forwarding to reach each bandwidth, and constructs the corresponding relationship between the CPU resources and the bandwidth; 模块2,用于根据各租户的基础带宽需求以及该对应关系,为各租户分配基础CPU资源,并得到该服务提供商网络在满足该基础CPU资源后剩余的CPU资源,以为每一位租户按照权重再分配空闲CPU资源,每位租户用于转发的最终CPU资源为其分配的基础CPU资源和空闲CPU资源之和,该虚拟转发设备使用该最终CPU资源对其对应的租户完成数据包的转发。Module 2 is used to allocate basic CPU resources to each tenant according to the basic bandwidth requirements of each tenant and the corresponding relationship, and obtain the remaining CPU resources of the service provider network after meeting the basic CPU resources, so that each The weight redistributes idle CPU resources. The final CPU resource used by each tenant for forwarding is the sum of the basic CPU resources and idle CPU resources allocated to it. The virtual forwarding device uses the final CPU resource to complete the forwarding of data packets to its corresponding tenant. . 7.如权利要求6所述的虚拟转发设备的转发限速系统,其特征在于,该虚拟转发设备利用该最终CPU资源对租户转发数据包进行限速,超过该最终CPU资源时的数据流量将等待或被丢弃。7. The forwarding rate limiting system of a virtual forwarding device according to claim 6, wherein the virtual forwarding device utilizes the final CPU resource to limit the speed of the data packet forwarded by the tenant, and the data flow when exceeding the final CPU resource will be wait or be discarded. 8.如权利要求6所述的虚拟转发设备的转发限速系统,其特征在于,该基础CPU资源、该空闲CPU资源和该最终CPU资源的单位均为CPU cycles/s。8 . The forwarding rate limiting system of a virtual forwarding device according to claim 6 , wherein the units of the basic CPU resource, the idle CPU resource and the final CPU resource are all CPU cycles/s. 9 . 9.如权利要求7所述的虚拟转发设备的转发限速系统,其特征在于,该模块2包括:使用令牌桶或公平队列的方式对租户转发数据包进行限速。9 . The forwarding rate limiting system of a virtual forwarding device according to claim 7 , wherein the module 2 comprises: using a token bucket or a fair queue to limit the rate of data packets forwarded by the tenant. 10 . 10.如权利要求7所述的虚拟转发设备的转发限速系统,其特征在于,该虚拟转发设备为虚拟路由器或虚拟交换机。10 . The forwarding rate limiting system of a virtual forwarding device according to claim 7 , wherein the virtual forwarding device is a virtual router or a virtual switch. 11 .
CN202011405147.0A 2020-12-03 2020-12-03 A forwarding rate limiting method and system for a virtual forwarding device Active CN112671667B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011405147.0A CN112671667B (en) 2020-12-03 2020-12-03 A forwarding rate limiting method and system for a virtual forwarding device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011405147.0A CN112671667B (en) 2020-12-03 2020-12-03 A forwarding rate limiting method and system for a virtual forwarding device

Publications (2)

Publication Number Publication Date
CN112671667A CN112671667A (en) 2021-04-16
CN112671667B true CN112671667B (en) 2022-06-28

Family

ID=75401061

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011405147.0A Active CN112671667B (en) 2020-12-03 2020-12-03 A forwarding rate limiting method and system for a virtual forwarding device

Country Status (1)

Country Link
CN (1) CN112671667B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113572699B (en) * 2021-07-01 2024-07-19 清华大学 Cloud data center tenant egress traffic speed limiting method and system
CN117896318B (en) * 2023-12-14 2025-08-26 天翼云科技有限公司 A method and device for limiting the speed of cluster shared traffic thresholds
CN120880998A (en) * 2025-09-22 2025-10-31 中移(苏州)软件技术有限公司 Speed limiting configuration method, device, equipment, medium and product of virtual switch

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9158591B2 (en) * 2012-10-24 2015-10-13 Metric Holdings, Llc System and method for controlled sharing of consumable resources in a computer cluster
CN111158905A (en) * 2019-12-16 2020-05-15 华为技术有限公司 Method and apparatus for adjusting resources
CN111612373A (en) * 2020-05-29 2020-09-01 杭州电子科技大学 Performance consistency adjustment method of public cloud system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9158591B2 (en) * 2012-10-24 2015-10-13 Metric Holdings, Llc System and method for controlled sharing of consumable resources in a computer cluster
CN111158905A (en) * 2019-12-16 2020-05-15 华为技术有限公司 Method and apparatus for adjusting resources
CN111612373A (en) * 2020-05-29 2020-09-01 杭州电子科技大学 Performance consistency adjustment method of public cloud system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于软件定义网络架构的数据中心网络若干关键问题研究;王健;《中国博士学位论文全文数据库》;20160315;摘要及文献第37页第10行至第38页第7行 *

Also Published As

Publication number Publication date
CN112671667A (en) 2021-04-16

Similar Documents

Publication Publication Date Title
CN112671667B (en) A forwarding rate limiting method and system for a virtual forwarding device
CN101159699B (en) Method and device for dynamic bandwidth allocation of distributed equipment switching network
US8630173B2 (en) Dynamic queuing and pinning to improve quality of service on uplinks in a virtualized environment
US7680049B2 (en) Methods and apparatus for allowing promotion in color-based policers
CN101674247B (en) Method for supervising traffic flow and apparatus thereof
CN109412958B (en) Congestion control method and device for data center
CN105721577B (en) Software defined network-oriented server load balancing method
WO2008095397A1 (en) Traffic scheduling method and apparatus thereof
JP4893646B2 (en) BAND CONTROL DEVICE AND BAND CONTROL METHOD
CN1606293A (en) Line card port protection rate limiter circuitry
CN114079638B (en) Data transmission method, device and storage medium for multi-protocol hybrid network
CN111131061B (en) Data transmission method and network equipment
US9940471B2 (en) Virtual output queue authorization management method and device, and computer storage medium
FI3982600T3 (en) Method and apparatus for configuring a quality of service policy for a service
CN109802894A (en) Flow control methods and device
CN114095441A (en) Method for realizing ECMP flow load balance and electronic equipment
Jokanovic et al. Effective quality-of-service policy for capacity high-performance computing systems
WO2022089715A1 (en) Method of managing data transmission for ensuring per-flow fair bandwidth sharing
CN103685062A (en) Cache management method and device
CN103023819A (en) Coarse-grained dynamic bandwidth allocation method
CN118842753A (en) Multi-path bandwidth guarantee method and device for router equipment and electronic equipment
Petrakis et al. On-chip networks for mixed-criticality systems
Nemeth et al. The limits of architectural abstraction in network function virtualization
CN118075219B (en) P4-assisted cloud EIP gateway shared bandwidth traffic monitoring method and system
US20220141093A1 (en) Network bandwidth apportioning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant