CN113630323A - Software definition-based distributed flow table matching method in multi-identification network system - Google Patents

Abstract

The invention provides a distributed flow table matching method based on software definition in a multi-identification network system, which comprises the following steps: step S1, separating the control and forwarding of the multi-label router to form a three-layer multi-label router structure including an application layer, a control layer and a forwarding layer; step S2, unifying the network packet format by the multi-identification network packet coding mode; step S3, setting a distributed flow table structure, and controlling the flow table jumping direction through table-id allocation and the next table-id field of the table entry; step S4, matching the distribution type flow table in the multi-identification router; step S5, when the forwarding layer receives the network packet that can not be processed, the forwarding layer sends the network packet content through packet-in information. The invention can meet the requirement of cross-identification-domain routing addressing in a multi-identification network, is convenient to support automatic deployment and maintenance of complex topology, and has higher routing convergence speed and lower router load.

Description

Software definition-based distributed flow table matching method in multi-identification network system

Technical Field

The invention relates to a flow table matching method, in particular to a software definition-based distributed flow table matching method in a multi-identification network system.

Background

The multi-identification router is used as a forwarding entity of a data plane of a multi-identification network system architecture and is an actual execution entity of a multi-identification routing strategy. The multi-identification router is different from the traditional router in the biggest characteristic that besides the traditional IP identification, the multi-identification router also supports various network identifications, and various identification transmission modes are allowed to coexist in parallel in a network topology formed by the multi-identification router so as to meet different demand scenes.

The existing multi-identifier router implementation scheme firstly provides a unified hierarchical identifier naming rule, and then introduces a multi-Identifier Translation Base (ITB) to the router for artificial division of the identifier domain, thereby realizing the function of Inter-Translation and Inter-access between different identifier domains in a network with multiple identifiers coexisting. Technically, the multi-identification router designs a data structure and an algorithm for multi-identification storage and inter-translation, realizes an efficient extensible routing addressing forwarding algorithm and a data forwarding engine for further improving performance, and ensures the information traceability security of the multi-identification router through a data packet signature mechanism.

The multi-identification inter-translation table (ITB) stores identification inter-translation information, the key of which is the original identifier and the value of which is the destination identifier. The matching process of the internal network packet of the multi-identification router is realized by the tables including the ITB table together: after receiving a multi-identification network packet, the multi-identification router judges whether the packet is a wide area network IP address or not, and directly performs DNS query; otherwise, the network packet sequentially enters a Content cache Table (CS), an Interest packet Pending request Table (PIT) and a routing Information Table (FIB) for matching, and if matching is successful, processing or forwarding is performed according to the Table Information; if the identifier is not hit in the FIB table, the network packet identifier possibly belongs to other identification spaces, an ITB table is tried to be inquired, and if the inter-translation is successful, a forwarding port for inquiring the inter-translated identifier in the FIB table is returned; if the failure occurs, an error log is generated and the network packet is discarded.

The current multi-identification router design is based on an inter-translation technology, a basic routing forwarding table used for forwarding is statically configured, the basic routing forwarding table needs to be reconfigured once the network topology is changed to a certain extent, and the workload is huge if the topology is changed to a large extent, and an automatic deployment scheme and a programmable management mode are not available.

Disclosure of Invention

The technical problem to be solved by the present invention is to provide a distributed flow table matching method suitable for a multi-identifier network system, which meets the requirement of routing addressing across identifier domains in a multi-identifier network, and is convenient for supporting automatic deployment and maintenance of complex topology, so as to realize faster routing convergence speed and lower router load.

In contrast, the present invention provides a software definition-based distributed flow table matching method in a multi-identifier network system, which includes:

step S1, separating the control and forwarding of the multi-label router to form a three-layer multi-label router structure including an application layer, a control layer and a forwarding layer;

step S2, unifying the network packet format by the multi-identification network packet coding mode;

step S3, setting a distributed flow table structure, and controlling the flow table jumping direction through table-id allocation and the next table-id field of the table entry;

step S4, matching the distribution type flow table in the multi-identification router;

step S5, when the forwarding layer receives the network packet that can not be processed, the forwarding layer sends the network packet content through packet-in information.

In step S1, the application layer and the control layer communicate with each other through a northbound interface, the forwarding layer and the control layer communicate with each other through a southbound interface, the control layer includes a hyperbolic id controller, a content id controller, a topology controller, and an IP id controller, and the hyperbolic id controller, the content id controller, and the IP id controller communicate with the topology controller through an east-west interface.

The invention has the further improvement that the multi-identification network grouping coding mode adopts a TLV format which comprises 5 fields including a source identifier, a destination identifier, an identification type, a transit identifier and network packet original data; before sending out the network packet, the source router packages the network packet according to the TLV format, indicates the identification type in the network packet, and sets the value of the transit identifier as the destination identifier; after the router on the packet forwarding path analyzes each field of the network packet, the type of the network packet is identified through the field of the identification type, flow table matching is carried out by taking the transit identifier as a matching field, and custom operation and addressing forwarding are carried out according to a matching result; and when the destination router receives the network packet, extracting the original content and processing the original content.

The present invention is further improved in that the distributed flow table structure in step S3 includes a recognizable identification type table, an unrecognizable identification forwarding table, a multiple identification flow table, and a recognizable identification forwarding table; the identifiable type table is a first-level flow table of a distributed flow table structure and is used for recording all identification types supported by a current router and selecting a next-level flow table by using a next table-id field; the unrecognized identification forwarding table is used for recording a forwarding port of an identifier which cannot be identified by the current router; the multi-identification flow table provides processing and forwarding instructions for each identification type of network packets, and replaces the flow table for forwarding with the identifiable identification forwarding table; the identifiable forwarding table is used to record forwarding ports that record identifiers that can be identified by routers.

The invention has the further improvement that table item scales are preset in all flow tables in the distributed flow table structure, and when the number of the table items of the flow table exceeds the set number of the table item scales, old table items are sequentially updated and replaced through a cache elimination strategy; meanwhile, a first lifetime attribute and a second lifetime attribute are preset in all entries of all the flow tables, the first lifetime attribute is used for calculating time inserted into the table, and the first lifetime attribute continuously increases according to the time after the entries are generated; the second survival time attribute is used for calculating the time without flow matching, and the second survival time attribute automatically detects the time without flow matching after the table entry is generated and starts to increase; and if any one of the first lifetime attribute and the second lifetime attribute in the flow table exceeds a preset lifetime threshold value of the flow table, automatically deleting the entry.

The invention is further improved in that the flow table is divided into a cluster inner table and a cluster outer table according to whether the identifier of the table entry of the flow table is in the same cluster with the identifier mapped by the router on the identification plane; and setting the scale of the preset table items of the cluster outer surface to be larger than that of the preset table items of the cluster inner surface, and setting the preset survival time threshold of the cluster inner surface to be larger than that of the cluster outer surface.

A further improvement of the present invention is that the step S4 of matching the distributed flow table in the multi-identity router includes the following steps:

step S401, a network packet flows into a recognizable identifier type table, the identifier type is used as a matching field, the network packet flows into a next-stage flow table according to a next table-id field after matching, when the network packet is matched with the recognizable identifier type table, the next-stage flow table is a multi-stage flow table inlet of the identifier type, and step S402 is executed; otherwise, judging that the next-level flow table is the default unidentifiable identification forwarding table with the lowest priority, and executing the step S403;

step S402, the network packet flows into a multi-identification flow table corresponding to the hit identification type, the flow table used for forwarding is replaced and called as an identifiable identification forwarding table, and when the network packet is matched, the network packet flows into a cluster inner table and a cluster outer table in sequence;

step S403, the network packet flows into an unidentifiable identifier forwarding table, the matched field is a transit identifier, and the network packet is directly forwarded after being matched; if the table entry of the flow table is not hit, the router jumps to step S5 to send a packet-in message through the southbound interface, where the packet-in message type is defined as an unrecognizable forwarding table miss, and the number is 1;

step S404, the network packet hits in any flow table, the matching process is left, the forwarding module of the router takes over the network packet, and the action in the network packet execution action set is sent to a designated port for forwarding;

step S405, in the running process of the router, when the port link is disconnected or the abnormal condition causes the port of the router to fail, the operation of updating the flow table is triggered, and the disconnection or abnormal condition of the port link is reported to the control layer, wherein the type of the packet-in message is defined as the port failure, and the serial number is 0.

In a further improvement of the present invention, in step S402, the process of sequentially flowing network packets into the cluster internal table and the cluster external table is as follows:

step S4021, the table entries of all table entries except the identifier of the router in the cluster are empty in the custom operation field; the network packet flows into the cluster inner table, the self-defined operation is executed, whether the destination identifier of the network packet is the same as the identifier of the router is detected, and if the destination identifier of the network packet is the same as the identifier of the router, the network packet reaches the destination router; otherwise, replacing the transit identifier field of the network packet with the destination identifier, and continuing to realize matching with other flow tables in the cluster inner table;

step S4022, the network packet flows into the cluster exterior, the transit identifier field of the network packet is replaced by the effective self-defined operation field in the table entry of the cluster exterior, if the cluster exterior is not hit, the type of the packet-in message sent by the router is defined as the forwarding table which can be identified to miss, and the serial number is 2.

A further improvement of the present invention is that, in step S5, when the forwarding layer receives a network packet that cannot be processed, the method implements corresponding processing and flow table updating according to the packet-in message type, and includes the following steps:

step S501, if the packet-in message type is port failure and the serial number is 0, the router sends the message to all connected controllers, and the controllers update internal topology information or identification information;

step S502, if the packet-in message type is the unrecognizable identification forwarding table, the number is 1, the topology controller firstly sends a request to the corresponding identification controller, checks whether the transit identifier field is an edge identification, if so, performs the optimal path planning from a single point to a single point from the current position to the transit identifier position to form a table entry which takes the transit identifier as a matching field and takes the next hop originating port in the optimal path as a forwarding port field, and finally encapsulates the table entry through a table entry southward interface module and issues the table entry to the unrecognizable identification forwarding table of the router; if not, forming an error log;

step S503, if the packet-in message type is identifiable to identify the forwarding table as missing, the number is 2, the identification controller firstly judges whether the identifier of the current router and the transit identifier of the network packet are in the same cluster, and then the table entry is issued according to the judgment result.

A further refinement of the invention is that said step S503 comprises the following sub-steps:

step S5031, if the router identifier is clustered, the optimal path planning is realized from the current router identifier to the network packet transit identifier from single point to single point, the transit identifier is formed as a matching field, the next hop originating port in the optimal path is used as an entry of a forwarding port field, and the entry is issued to a cluster inner table of a router capable of identifying a forwarding table;

step S5032, if the cluster is different, firstly judging whether the transit identifier or the router identifier has an edge identifier, if not, executing a cross-cluster routing strategy to plan an optimal path, and finally forming a path with the transit identifier as a matching field, and a next hop originating port in the optimal path as an entry of a forwarding port field; if the router identifier is an edge identifier, the transit identifier is replaced by a destination cluster edge identifier on the optimal path, and the table entry is issued to a cluster exterior of the router identifiable forwarding table; if the transit identifier is an edge identifier, the edge identifier is replaced by a source cluster edge identifier on the optimal path, and the table entry is issued to a cluster exterior of the router capable of identifying the forwarding table.

Compared with the prior art, the invention has the beneficial effects that: based on a multi-stage flow table of a software defined network, a distributed flow table structure suitable for a multi-identification network system and a matching method thereof are designed, routes of all identification types in a forwarding layer of the multi-identification network can be managed in a coordinated mode, a router can be guided to forward an identification type network packet which is not supported by the router correctly, and the requirement of addressing across identification domain routes in the multi-identification network is met; on the basis, the separation of control and forwarding is realized by introducing the controller, so that the multi-identification network can support automatic deployment and maintenance of complex topology, and the invention has higher routing convergence speed and lower router load.

Drawings

FIG. 1 is a schematic workflow diagram of one embodiment of the present invention;

FIG. 2 is a diagram of an example of a topology of a multiple identity network;

FIG. 3 is an identification plane schematic diagram of a multiple identification network;

FIG. 4 is a schematic diagram of the identification topology on the content identification plane;

FIG. 5 is a diagram of a multi-identity network architecture incorporating a controller according to an embodiment of the present invention;

fig. 6 is a schematic diagram of a distributed flow table matching process in the multi-identity router according to an embodiment of the present invention.

Detailed Description

Preferred embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.

At present, under the huge change of the internet service form, the traditional network taking the IP as the core gradually becomes fatigued. In order to better meet the requirement of the interconnection of everything, the basic architecture of the internet needs to be considered, and an innovative internet architecture is adopted to get rid of the existing limitation of the internet. Software Defined Network (SDN) born to the clearslave project of stanford university, which is intended to support new applications and provide an innovative service platform for future networks, was produced. Now, the software defined networking architecture has gone from laboratory to industrial, and hardware vendors and software companies are actively involved in the industrial evolution of the standardization process and project of the related art, and a fierce and benign competition and mutual cooperation are developed under the new architecture.

The software defined network is not a specific technology, a specific protocol, but a new design idea and a future network framework which are almost reversed compared with the traditional network architecture. As a research hotspot in the field of future networks, software-defined networks are like waves turned over by the new era, which revolutionizes academic research and commercial products and creates a plurality of popular projects.

The novel network architecture constructed by the software defined network idea is fundamentally different from the traditional network. Network equipment in a traditional network is in distributed control, the equipment-by-equipment independent deployment and configuration are needed, control and forwarding functions are tightly coupled in the same equipment, an administrator can only influence forwarding behaviors in a mode of configuring a network protocol, and the network protocol has a specific mode and cannot be freely changed. The control and forwarding of the software defined network are separated, the software defined network has an open programmable interface and a centralized network control function, network services running on the software defined network can be controlled by an automatic application program, an administrator can directly control the forwarding behavior of the equipment, and any forwarding behavior between network nodes is planned through application layer software as desired, so that the control is not influenced by any protocol.

The OpenFlow standard solves the problems of how to issue a table entry required by forwarding layer equipment and used for matching with a data stream to a forwarding layer from a control layer, how to realize a forwarding strategy intention, how to feed back in an actual scene and the like, and mainly contributes to two aspects, namely the standard formulation of a communication channel interface between a southward interface module of a switch and a controller, and the realization of a multi-stage stream table structure for really executing a controller issuing strategy in the switch equipment.

Due to the problems of insufficient performance, potential safety hazard, exhaustion of domain name resources, unilateral meaning of network space and the like of the traditional IP network, the traditional IP network cannot meet various requirements of the future Internet. Therefore, the call for constructing the future network architecture is quite high, various future network architectures and new network identifiers are produced, the new identifiers respectively overcome the defects of the traditional IP identifiers in different aspects, and the design and implementation differences enable the new identifiers to have different application scenes. Under the differentiation and customization requirements of network scenes, how these new identifiers and traditional IP identifiers coexist in parallel in the same network and receive unified management becomes a current research hotspot in the future network field.

A multi-identification network system born under a multi-identification scene in a future network supports the parallel coexistence of various novel identifications such as identities, services, contents, hyperbolic characteristics and the like and traditional IP identifications, provides unified generation, management and analysis services for the various identifications, and provides a data transmission mode completely different from the traditional IP, solves the problems of semantic overload and IP identification centralized management of the IP network, and is more suitable for the requirements of high reliability and low time delay of the future network and the scene of internet of everything.

The multi-identification network system architecture is divided into a multi-identification system of a management surface and a multi-identification router of a data surface, wherein the former is responsible for the unified management and registration of all identifications of the whole network, and the latter is responsible for the analysis, processing and forwarding of multi-identification network packets. The multi-identification network system aims to construct a future network space with multiple edges, multiple identification addressing, endogenous safety and high-efficiency availability, shares the network space with countries, realizes the common management and control of public network space and the high autonomy and mutual noninterference of private space, and ensures the network space ownership of each country, particularly developing countries.

The data plane topology of a typical multiple identity network architecture is shown in fig. 2, and the multiple identity network architecture has the following characteristics: (1) the network topology has connectivity, meaning that any two routers have at least one link-layer reachable path; (2) each router has an identity as a unique identifier of the router, the multi-identification network adopts the hash of the public key of the equipment as the identity, and the global uniqueness of the equipment can be verified during registration; (3) in the data plane, due to the characteristics of the multi-identification network, the identification types to which the source identifiers and the destination identifiers of the network packets forwarded in the data plane belong are the same, and the identification type is set as the identification type of the network packet in the embodiment; besides the identity, if a router supports an identification type, it will possess at least one identifier belonging to the type, and can send out the network packet belonging to the identification type, and when receiving the network packets sent by other routers, it can parse, process and address the network packet belonging to the identification type. In the example multi-identity network in fig. 2, there are 3 identification types in addition to the identity, and the identification type supported by each router is marked after the router number, where H denotes a hyperbolic identifier, IP denotes an IP identifier, and C denotes a CCN content identifier; (5) if the router does not support a certain identification type, when the router encounters a network packet of the identification type, the network packet cannot be analyzed, and because a corresponding routing table is not available, the router cannot perform addressing routing on the network packet.

All identifiers supported by any router may be divided into different sets according to the type of identification. As shown in fig. 3, this example defines a set of all identifiers belonging to the same identification type as an Identification Plane (IP). For example, a set of all content identifiers may be defined as a content identification plane.

For a concrete identification plane, the identification topology can be abstracted according to the mapping relationship of the identifiers to the router topology, as shown in fig. 4. Since some routers do not support this type of identification, the identification topology in the identification plane may not have connectivity. The present invention defines an Identifier Cluster (IC) as a subset of the Identifier space, and any two identifiers have at least one reachable path in the identification topology of the identification plane. Because the router which does not support the identification type can not analyze and forward the network packet of the type, in the identification plane, if two identifiers are in the same identification cluster, the two represented routers can reach the network layer of the identification type; otherwise, if the cluster is different, the route between the two represented routers needs to cross the cluster.

In the identification cluster, the identifiers may be divided into Edge Identifiers (EI) and Inner Identifiers (II) according to the positions of the identifiers. Wherein, the router represented by the edge identifier is not supported by at least one router in a plurality of routers adjacent to the router topology. For example, in FIG. 4, C2 in identification cluster 0 is an edge identifier and C1 is an internal identifier. It can be deduced that in a multi-identity network, a unique or any identity cluster of the identity plane will contain at least one edge identifier as long as there are one or more routers that do not support an identity type.

In the embodiment, the intra-cluster routing and the cross-cluster routing are distinguished by judging whether the source identifier and the destination identifier of the network packet are in the same identification cluster, so that the intra-cluster routing and the cross-cluster routing correspond to the intra-cluster table and the outer cluster table respectively. If the source identifier and the destination identifier of the network packet are in the same cluster, the forwarding of the network packet only needs to pass through routers represented by other identifiers in the same cluster; otherwise, if the cluster is different, the forwarding process of the cluster must cross the router which does not support the identification type. The cross-cluster routing process is complex, and takes a network packet with a source identifier of C19 and a destination identifier of C5 in fig. 3 as an example, the cross-cluster routing process has the following 3 steps: step (1), the network packet is sent from a source identifier C19 and forwarded to an edge identifier C16 of the source cluster through a identifier C20 of the same cluster; step (2), forwarding the network packet from the source cluster edge identifier C16 to an edge identifier C9 of the destination cluster through a Router12 which does not support the identification type; and (4) forwarding the packet in the step (3) from the destination cluster edge identifier C9 to the destination identifier C5 to complete the whole routing process. And (3) the routers passed by the step (2) do not support the current identification type, do not have corresponding routing tables, and cannot perform addressing routing on the routers. This example has fully considered and solved this problem in the design of a multi-identity routing policy.

Based on the research on the topology in the multi-identifier network and the analysis of the routing process, the multi-identifier routing strategy has the following difficulties to be solved: (1) in a network with multiple identifiers coexisting, different identifier types have routing tables with different forms and analysis processing procedures, and because of the rich and various identifier types in the network with multiple identifiers, the difference among the identifier types needs to be fully considered, and a routing strategy is designed and realized to manage the analysis and forwarding procedures of all network packets in the whole network; (2) the multi-identifier routing has the requirement of crossing identifier domains, namely in a multi-identifier network with an accessible two-node link, a network packet may pass through a router which does not support the identifier type in the forwarding process from a source identifier to a destination identifier, and a routing strategy needs to design a processing and forwarding scheme after the router encounters an unknown identifier type; (3) the deployment and management of routing strategies need to be adapted to large-scale networks, and an automatic and programmable mode is considered.

As a novel future network optional scheme, the multi-identification network system architecture takes the identity identification as a center and supports parallel coexistence of various identifications including a traditional IP identification, a novel content identification, a hyperbolic identification and the like on a data plane and unified management on a management plane. However, in the scenario of coexistence of multiple identifiers, the data plane has complex and diverse routing modes, and has the requirements of routing strategy collaborative management, cross-identifier domain routing, automatic deployment, programmable maintenance and the like.

Therefore, the present example innovatively designs a novel distributed flow table structure and a matching method thereof suitable for a multi-identifier network system based on a multi-level flow table in a software defined network, and a routing method for cooperatively managing all identifier types of a forwarding layer. The forwarding table of the unidentifiable identifier can guide the router to correctly forward the network packet of the identifier type which is not supported by the router, thereby realizing the requirement of routing addressing across the identifier domain. On the basis, the controller is introduced into the multi-identification network system, so that the separation of control and forwarding is realized, and the automatic deployment and the maintenance of complex topology can be supported.

The software defined network is a new network architecture, and the basic idea is to separate and migrate the control function originally bound with the underlying network router to the upper controller, and abstract the underlying network into a logically programmable whole. Most of the policy and management services run in the controller, and the flow table is issued through the southbound interface, so as to be implemented in the actual topology of the forwarding layer. The device of the forwarding layer only needs to analyze the received network packet and process and forward the network packet according to the matching result of the multilevel flow tables in the forwarding layer, thereby effectively simplifying the design and management of the network. The embodiment innovatively provides a distributed flow table matching method based on software definition, and aims to utilize the advantages of a multi-identification network system and overcome the defects of the multi-identification network system.

More specifically, as shown in fig. 1, this example provides a distributed flow table matching method based on software definition in a multi-identity network architecture, including:

step S1, separating the control and forwarding of the multi-label router to form a three-layer multi-label router structure including an application layer, a control layer and a forwarding layer;

step S2, unifying the network packet format by the multi-identification network packet coding mode;

step S3, setting a distributed flow table structure, and controlling the flow table jumping direction through table-id allocation and the next table-id field of the table entry;

step S4, matching the distribution type flow table in the multi-identification router;

step S5, when the forwarding layer receives the network packet that can not be processed, the forwarding layer sends the network packet content through packet-in information.

Because the distribution of the identification clusters of different identification planes in the multi-identification network is different, the positions of the edge identifiers are different, and the information on which the routing strategy is based is various and complex, the controller is introduced in the invention, as shown in fig. 5, in the step S1, the control and the forwarding of the multi-identification router are separated to form a three-layer multi-identification routing framework formed by an application layer, a control layer and a forwarding layer, the application layer and the control layer realize communication through a northbound interface, the forwarding layer and the control layer realize communication through a southward interface, the control layer comprises a hyperbolic identification controller, a content identification controller, a topology controller and an IP identification controller, and the hyperbolic identification controller, the content identification controller and the IP identification controller realize communication with the topology controller through east-west interfaces respectively.

The network packet formats for different identification types are different, so the present example first unifies the follow-up group formats. In step S2 of this example, the multi-Identifier network packet coding method adopts a TLV (Type-Length-Value) format including 5 fields including a Source Identifier (Source Identifier), a Destination Identifier (Destination Identifier), an Identifier Type (Identifier Type), a Transit Identifier (Transit Identifier), and network packet raw Data (Data). The network packet proposed in this example carries an identification Type (Identifier Type) and a Transit Identifier (Transit Identifier) as additional fields with respect to the original format of the network packet.

Before sending out the network packet, the source router packages the network packet according to the TLV format, indicates the identification type in the network packet, and sets the value of the transit identifier as the destination identifier; after the router on the packet forwarding path analyzes each field of the network packet, the type of the network packet is identified through the field of the identification type, flow table matching is carried out by taking the transit identifier as a matching field, and custom operation and addressing forwarding are carried out according to a matching result; and when the destination router receives the network packet, extracting the original content and processing the original content.

In this embodiment, the forwarding flow table structure specified by the openflow protocol is not changed, but the flow table hopping direction is controlled by the reasonable allocation of table-id and the next table-id field of the table entry, so as to form an expandable distributed flow table structure. In this example, the distributed Flow Table structure in step S3 includes a Recognizable-identifiable Type Table (RTT), an Unrecognizable-identifiable Forwarding Table (UFT), a Multi-identifiable Flow Table (MFT), and a Recognizable-identifiable Forwarding Table (RFT).

The identifiable type table (RTT) is a first-stage flow table of a distributed flow table structure, and is used to record all identifier types supported by a current router, where a table-id of the identifiable type table (RTT) is 0, that is, an entry of the whole flow table structure, and the table is used as a first-stage table, and the identifiable type table (RTT) is used as a distributor, and a next-stage flow table is selected using a next table-id field; table-ID is used to indicate the ID number of the current flow table, also called flow table number, and indicates the stage number of the flow table; the next table-id field indicates the sequence number of the next-stage flow table. The unidentifiable identification forwarding table (UFT) is used for recording a forwarding port of an identifier which cannot be identified by the current router, and the table-id of the forwarding port is 1. The multi-identification flow table (MFT) provides processing and forwarding instructions for each identification type of network packets, and replaces the flow table for forwarding with the identifiable forwarding table, and the table-ids of the multi-identification flow table are uniformly distributed by the controller from 2, wherein the flow table dedicated for forwarding is replaced with the following identifiable forwarding table (RFT), for example, the CCN-MFT used by the content identifier is a three-level flow table, and each level of flow table respectively replaces the functions of a CS table, a PIT table and a FIB table, wherein the flow table of the replacement routing information table FIB used for addressing and forwarding of the interest packet is replaced, and the flow table replacing the PIT of the pending request table of the interest packet is automatically generated in a router on the forwarding path of the interest packet under the mechanism of CCN pull communication without excessive intervention of the controller, so that replacement is not needed. The identifiable identification forwarding table (RFT) is used for recording a forwarding port of an identifier which can be identified by the router, and is divided into an intra-cluster table and an outer-cluster table according to whether the identifier of the table entry is clustered with the identifier mapped by the router on the identification plane.

If the port link is disconnected or other abnormal conditions cause the port of the router to fail, the flow table updating operation is triggered, and the condition is reported to the control layer through packet-in information, so that the accuracy of the table entry is ensured. On the basis, the embodiment also effectively improves the real-time performance and the accuracy of the table entry by setting the flow table scale/the table entry scale and the table entry survival time, and further improves the hit rate and the matching rate of the flow table.

Specifically, table item scales are preset in all flow tables in the distributed flow table structure in this example, the preset table item scales refer to table item scales of preset flow tables, and can be set and adjusted in a user-defined manner according to actual needs, and are also called as flow table scales/table item scales, and when the number of table items of the flow tables exceeds the set number of the table item scales, old table items are sequentially updated and replaced through a cache elimination strategy; meanwhile, a first lifetime attribute and a second lifetime attribute are preset in all entries of all the flow tables, the first lifetime attribute is used for calculating time inserted into the table, and the first lifetime attribute continuously increases according to the time after the entries are generated; the second survival time attribute is used for calculating the time without flow matching, and the second survival time attribute automatically detects the time without flow matching after the table entry is generated and starts to increase; and if any one of the first lifetime attribute and the second lifetime attribute in the flow table exceeds a preset lifetime threshold value of the flow table, automatically deleting the table entry, wherein the preset lifetime threshold value of the flow table refers to a preset threshold value of the lifetime of the flow table, and the threshold value can be customized and adjusted for the first lifetime attribute and the second lifetime attribute.

It should be noted that, in this example, the flow table is divided into a cluster inner table and a cluster outer table according to whether the identifier of the flow table entry and the identifier mapped by the router on the identification plane are in the same cluster; the method is characterized in that the preset table item scale of the cluster outer surface is set to be larger than that of the cluster inner surface, and the preset survival time threshold of the cluster inner surface is larger than that of the cluster outer surface.

When the router encounters a network packet that does not support the identifier type, the router also forwards the packet according to a matching result of the Unidentifiable Forwarding Table (UFT). The unidentifiable identification forwarding table (UFT) can guide the router to correctly forward an identification type network packet which is not supported by the router, and the cluster-crossing routing in a multi-identification network is realized. Meanwhile, the matching process of the four types of flow tables which are designed specifically in the embodiment is used as a forwarding layer cooperative management and routing strategy, and the diversity of the identification types is fully considered.

The matching sequence of the distributed flow tables in the multi-identity router of this example is shown in fig. 6, and the process of matching the distributed flow tables in the multi-identity router in step S4 includes the following steps:

step S401, a network packet flows into a recognizable identifier type table (RTT), the identifier type is used as a matching field, the network packet is not forwarded after matching, the network packet flows into a next-stage flow table according to a next table-id field, when the network packet is matched with one recognizable identifier type table (RTT), the next-stage flow table is a multi-stage flow table inlet of the identifier type, and step S402 is executed; otherwise, the next-level flow table is judged to be the default unidentifiable identification forwarding table (UFT) with the lowest priority, and step S403 is executed;

step S402, the network packet flows into a multiple identification flow table (MFT) corresponding to the hit identification type, the flow table used for forwarding is replaced and called as an identifiable identification forwarding table (RFT), and when the network packet is matched, the network packet flows into a cluster inner table and a cluster outer table in sequence;

step S403, the network packet flows into an unidentifiable identification forwarding table (UFT), the matching field is a transit identifier, and the network packet is directly forwarded after being matched; if the table entry of the flow table is not hit, the router jumps to step S5 to send a packet-in message through the southbound interface, where the packet-in message type is defined as Unidentifiable Forwarding Table (UFT) miss, and the number is 1;

step S404, the network packet hits in any flow table, the matching process is left, the forwarding module of the router takes over the network packet, and the action in the network packet execution action set is sent to a designated port for forwarding;

step S405, in the running process of the router, when the port link is disconnected or the abnormal condition causes the port of the router to fail, the operation of updating the flow table is triggered, and the disconnection or abnormal condition of the port link is reported to the control layer, wherein the type of the packet-in message is defined as the port failure, and the serial number is 0.

In this example, steps S401 to S405 are not sequential steps, for example, steps S404 and S405 belong to steps that can implement off-matching or exception triggering update in the matching process.

In step S402 in this example, the process of sequentially flowing network packets into the cluster internal table and the cluster external table is as follows:

step S4021, in the cluster internal table, the identifier field is the highest priority of the table entry of the identifier of the router itself, and the self-defined operation fields of all the table entries are empty except the table entries of the identifier of the router itself; the network packet flows into the cluster inner table, self-defined operation is immediately executed after matching, whether the destination identifier of the network packet is the same as the identifier of the router is detected, if so, the packet is received, namely the network packet reaches the destination router; otherwise, replacing the transit identifier field of the network packet with the destination identifier, and continuing to realize matching with other flow tables in the cluster inner table;

step S4022, the network packet flows into the cluster exterior, the transit identifier field of the network packet is replaced by an effective self-defined operation field in the table entry of the cluster exterior, if the cluster exterior is not hit, the type of the packet-in message sent by the router is defined as that the identifiable forwarding table (RFT) is not hit, and the serial number is 2.

In the OpenFlow protocol standard, when a forwarding layer device encounters a network packet which cannot be processed, packet-in information can be used for forwarding the network packet content, a controller reads the network packet information including a source identifier, a destination identifier and a transit identifier and acquires a router identity identifier of the forwarded information, the identifier controller also acquires an identifier of a router in an identifier plane, a flow table item is generated after strategy formulation and issued, and a corresponding flow table in the router is updated

In step S5 in this example, when the forwarding layer receives a network packet that cannot be processed, implementing corresponding processing and flow table updating according to the packet-in message type includes the following steps:

step S501, if the packet-in message type is port failure (port failure), the number is 0, which is usually caused by network information update delay, in this example, the message is sent to all connected controllers through a router, and the controllers update internal topology information or identification information, so as to provide a real-time routing decision for a forwarding layer;

step S502, if the packet-in message type is unidentifiable forwarding table miss (unidentifiable UFT), and the number is 1, a router that does not support the identification type of the network packet may have unidentifiable forwarding table miss, and sends the packet-in message to the topology controller for processing. The field value of the transit identifier of the network packet with the error is usually the edge identifier of the destination cluster of the network packet, in this example, a request is sent to a corresponding identifier controller through a topology controller, whether the field of the transit identifier is the edge identifier is checked, if so, the optimal path planning from a single point to the single point is carried out from the current position to the position of the transit identifier, the transit identifier is used as a matching field, a next hop originating port in the optimal path is used as an entry of a forwarding port field, and the entry is finally encapsulated through an entry southbound interface module and is issued to an unidentifiable identifier forwarding table of a router; if not, forming an error log;

step S503, if the packet-in message type is identifiable forwarding table miss (unidentifying RFT) and the number is 2, a router supporting the identification type of the network packet may have such a situation, and the packet-in message is sent to a corresponding identification controller for processing, where the field value of the transit identifier of the network packet in which such an error occurs may be an edge identifier or a destination identifier of a source cluster, and the identification controller needs to execute a multi-identification routing policy based on a clustering result, therefore, the identification controller of this embodiment first determines whether the identifier of the current router and the transit identifier of the network packet are in the same cluster, and then sends the entry according to the determination result.

Likewise, steps S501 to S503 are not sequential steps, but are parallel selection steps for performing different processes according to different packet-in message types.

More specifically, step S503 in this embodiment includes the following sub-steps:

step S5031, if the router identifier is clustered, the optimal path planning is realized from the current router identifier to the network packet transit identifier from single point to single point, the transit identifier is formed as a matching field, the next hop originating port in the optimal path is used as an entry of a forwarding port field, and the entry is issued to a cluster inner table of a router capable of identifying a forwarding table;

step S5032, if the cluster is different, firstly judging whether the transit identifier or the router identifier has an edge identifier, if not, executing a cross-cluster routing strategy to plan an optimal path, and finally forming a path with the transit identifier as a matching field, and a next hop originating port in the optimal path as an entry of a forwarding port field; if the router identifier is an edge identifier, the transit identifier is replaced by a destination cluster edge identifier on the optimal path, and the table entry is issued to a cluster exterior of the router identifiable forwarding table; if the transit identifier is an edge identifier, the edge identifier is replaced by a source cluster edge identifier on the optimal path, and the table entry is issued to a cluster exterior of the router capable of identifying the forwarding table.

In summary, in this example, based on a multi-stage flow table of a software-defined network, a distributed flow table structure and a matching method thereof are designed for a multi-identifier network system, which can cooperatively manage all identifier-type routes in a forwarding layer of the multi-identifier network, and can also guide a router to correctly forward an identifier-type network packet that is not supported by the router through an unidentifiable identifier forwarding table, thereby meeting the requirement of routing addressing across identifier domains in the multi-identifier network; on the basis, the separation of control and forwarding is realized by introducing the controller, so that the multi-identification network can support automatic deployment and maintenance of complex topology, and the embodiment has higher routing convergence speed and lower router load.

The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (10)

1. A distributed flow table matching method based on software definition in a multi-identification network system is characterized by comprising the following steps:

step S1, separating the control and forwarding of the multi-label router to form a three-layer multi-label router structure including an application layer, a control layer and a forwarding layer;

step S2, unifying the network packet format by the multi-identification network packet coding mode;

step S3, setting a distributed flow table structure, and controlling the flow table jumping direction through table-id allocation and the next table-id field of the table entry;

step S4, matching the distribution type flow table in the multi-identification router;

step S5, when the forwarding layer receives the network packet that can not be processed, the forwarding layer sends the network packet content through packet-in information.

2. The method according to claim 1, wherein in step S1, the application layer and the control layer communicate with each other through a northbound interface, the forwarding layer and the control layer communicate with each other through a southbound interface, the control layer includes a hyperbolic id controller, a content id controller, a topology controller, and an IP id controller, and the hyperbolic id controller, the content id controller, and the IP id controller communicate with the topology controller through an east-west interface.

3. The distributed flow table matching method based on software definition in the multi-identification network architecture according to claim 1 or 2, wherein the multi-identification network packet coding mode adopts a TLV format including 5 fields including a source identifier, a destination identifier, an identification type, a transit identifier and network packet raw data; before sending out the network packet, the source router packages the network packet according to the TLV format, indicates the identification type in the network packet, and sets the value of the transit identifier as the destination identifier; after the router on the packet forwarding path analyzes each field of the network packet, the type of the network packet is identified through the field of the identification type, flow table matching is carried out by taking the transit identifier as a matching field, and custom operation and addressing forwarding are carried out according to a matching result; and when the destination router receives the network packet, extracting the original content and processing the original content.

4. The distributed flow table matching method based on software definition in multi-identity network architecture according to claim 1 or 2, wherein said distributed flow table structure in step S3 includes a recognizable identity type table, an unrecognizable identity forwarding table, a multi-identity flow table and a recognizable identity forwarding table; the identifiable type table is a first-level flow table of a distributed flow table structure and is used for recording all identification types supported by a current router and selecting a next-level flow table by using a next table-id field; the unrecognized identification forwarding table is used for recording a forwarding port of an identifier which cannot be identified by the current router; the multi-identification flow table provides processing and forwarding instructions for each identification type of network packets, and replaces the flow table for forwarding with the identifiable identification forwarding table; the identifiable forwarding table is used to record forwarding ports that record identifiers that can be identified by routers.

5. The distributed flow table matching method based on software definition in the multi-identification network system according to claim 4, wherein table entry scales are preset for all flow tables in the distributed flow table structure, and when the number of table entries of a flow table exceeds the set number of the table entry scales, old table entries are sequentially updated and replaced through a cache elimination strategy; meanwhile, a first lifetime attribute and a second lifetime attribute are preset in all entries of all the flow tables, the first lifetime attribute is used for calculating time inserted into the table, and the first lifetime attribute continuously increases according to the time after the entries are generated; the second survival time attribute is used for calculating the time without flow matching, and the second survival time attribute automatically detects the time without flow matching after the table entry is generated and starts to increase; and if any one of the first lifetime attribute and the second lifetime attribute in the flow table exceeds a preset lifetime threshold value of the flow table, automatically deleting the entry.

6. The distributed flow table matching method based on software definition in the multi-identification network architecture according to claim 5, wherein the flow table is divided into a cluster inner table and a cluster outer table according to whether the identifier of the flow table entry is in the same cluster as the identifier mapped by the router on the identification plane; and setting the scale of the preset table items of the cluster outer surface to be larger than that of the preset table items of the cluster inner surface, and setting the preset survival time threshold of the cluster inner surface to be larger than that of the cluster outer surface.

7. The distributed flow table matching method based on software definition in the multi-identity network architecture according to claim 1 or 2, wherein the step S4 is to match the distributed flow tables in the multi-identity router, and comprises the following steps:

step S401, a network packet flows into a recognizable identifier type table, the identifier type is used as a matching field, the network packet flows into a next-stage flow table according to a next table-id field after matching, when the network packet is matched with the recognizable identifier type table, the next-stage flow table is a multi-stage flow table inlet of the identifier type, and step S402 is executed; otherwise, judging that the next-level flow table is the default unidentifiable identification forwarding table with the lowest priority, and executing the step S403;

step S402, the network packet flows into a multi-identification flow table corresponding to the hit identification type, the flow table used for forwarding is replaced and called as an identifiable identification forwarding table, and when the network packet is matched, the network packet flows into a cluster inner table and a cluster outer table in sequence;

step S403, the network packet flows into an unidentifiable identifier forwarding table, the matched field is a transit identifier, and the network packet is directly forwarded after being matched; if the table entry of the flow table is not hit, the router jumps to step S5 to send a packet-in message through the southbound interface, where the packet-in message type is defined as an unrecognizable forwarding table miss, and the number is 1;

step S404, the network packet hits in any flow table, the matching process is left, the forwarding module of the router takes over the network packet, and the action in the network packet execution action set is sent to a designated port for forwarding;

step S405, in the running process of the router, when the port link is disconnected or the abnormal condition causes the port of the router to fail, the operation of updating the flow table is triggered, and the disconnection or abnormal condition of the port link is reported to the control layer, wherein the type of the packet-in message is defined as the port failure, and the serial number is 0.

8. The method according to claim 7, wherein in step S402, the process of sequentially flowing network packets into the cluster internal table and the cluster external table is as follows:

step S4021, the table entries of all table entries except the identifier of the router in the cluster are empty in the custom operation field; the network packet flows into the cluster inner table, the self-defined operation is executed, whether the destination identifier of the network packet is the same as the identifier of the router is detected, and if the destination identifier of the network packet is the same as the identifier of the router, the network packet reaches the destination router; otherwise, replacing the transit identifier field of the network packet with the destination identifier, and continuing to realize matching with other flow tables in the cluster inner table;

step S4022, the network packet flows into the cluster exterior, the transit identifier field of the network packet is replaced by the effective self-defined operation field in the table entry of the cluster exterior, if the cluster exterior is not hit, the type of the packet-in message sent by the router is defined as the forwarding table which can be identified to miss, and the serial number is 2.

9. The distributed flow table matching method based on software definition in the multi-identity network architecture according to claim 8, wherein in step S5, when the forwarding layer receives a network packet that cannot be processed, corresponding processing and flow table updating are implemented according to a packet-in message type, including the following steps:

step S501, if the packet-in message type is port failure and the serial number is 0, the router sends the message to all connected controllers, and the controllers update internal topology information or identification information;

step S502, if the packet-in message type is the unrecognizable identification forwarding table, the number is 1, the topology controller firstly sends a request to the corresponding identification controller, checks whether the transit identifier field is an edge identification, if so, performs the optimal path planning from a single point to a single point from the current position to the transit identifier position to form a table entry which takes the transit identifier as a matching field and takes the next hop originating port in the optimal path as a forwarding port field, and finally encapsulates the table entry through a table entry southward interface module and issues the table entry to the unrecognizable identification forwarding table of the router; if not, forming an error log;

step S503, if the packet-in message type is identifiable to identify the forwarding table as missing, the number is 2, the identification controller firstly judges whether the identifier of the current router and the transit identifier of the network packet are in the same cluster, and then the table entry is issued according to the judgment result.

10. The method for matching a software-defined-based distributed flow table in a multi-identity network architecture according to claim 9, wherein the step S503 comprises the following sub-steps:

step S5031, if the router identifier is clustered, the optimal path planning is realized from the current router identifier to the network packet transit identifier from single point to single point, the transit identifier is formed as a matching field, the next hop originating port in the optimal path is used as an entry of a forwarding port field, and the entry is issued to a cluster inner table of a router capable of identifying a forwarding table;

step S5032, if the cluster is different, firstly judging whether the transit identifier or the router identifier has an edge identifier, if not, executing a cross-cluster routing strategy to plan an optimal path, and finally forming a path with the transit identifier as a matching field, and a next hop originating port in the optimal path as an entry of a forwarding port field; if the router identifier is an edge identifier, the transit identifier is replaced by a destination cluster edge identifier on the optimal path, and the table entry is issued to a cluster exterior of the router identifiable forwarding table; if the transit identifier is an edge identifier, the edge identifier is replaced by a source cluster edge identifier on the optimal path, and the table entry is issued to a cluster exterior of the router capable of identifying the forwarding table.

Images