CN114124785B - Flow table processing method and device and electronic equipment - Google Patents
Flow table processing method and device and electronic equipment Download PDFInfo
- Publication number
- CN114124785B CN114124785B CN202210104145.0A CN202210104145A CN114124785B CN 114124785 B CN114124785 B CN 114124785B CN 202210104145 A CN202210104145 A CN 202210104145A CN 114124785 B CN114124785 B CN 114124785B
- Authority
- CN
- China
- Prior art keywords
- flow table
- flow
- merged
- tables
- processed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a flow table processing method and device and electronic equipment. The method may comprise the steps of: receiving a flow table, wherein the flow table comprises a plurality of flow table entries; judging whether the flow table is a flow table to be merged or not according to the plurality of flow table entries; under the condition that the flow tables are to-be-merged flow tables, one or more superior flow tables of the to-be-merged flow tables are inquired and stored in a to-be-processed list, and the to-be-merged flow tables comprise received flow tables which are not processed; and merging preset flow table entries of each flow table in the list to be processed to obtain a merged flow table. By implementing the method and the device, resources occupied by the flow table can be reduced, and the efficiency of flow table query can be improved.
Description
Technical Field
The present application relates to the field of electrical digital data processing in a new generation of information technology industry, and in particular, to a method and an apparatus for processing a flow table, and an electronic device.
Background
The virtual switch OpenVSwitch (OVS for short) is a high-quality virtual switch supporting multi-layer data forwarding, is mainly deployed on a server, has better programming expansibility compared with a traditional switch, has network isolation and data forwarding functions realized by the traditional switch, runs on each physical machine realizing virtualization, and provides remote management. The OVS provides two protocols for remote management in a virtualized environment: one is a network communication Protocol (OpenFlow Protocol) that manages the behavior of the switch through the flow table, and the other is an Open virtual switch Database Management Protocol (OVSDB Management Protocol) that exposes the port status of the switch. But because the design of the OVS itself needs to complete the transmission of network data through soft interrupt, hard interrupt, kernel space and user space switching; on the other hand, the data forwarding of the OVS is implemented in the kernel space of the system, and occupies a time slice of a Central Processing Unit (CPU for short) as other tasks, instead of the whole CPU resource, so that there is a possibility of resource preemption, and it cannot be guaranteed that the resource is occupied when the network data needs to be forwarded. In order to improve the forwarding performance, the network forwarding needs to be offloaded to a special forwarding chip for implementation.
Connection trace Conntrack is a mechanism provided under the subsystem Netfilter framework of Linux operating systems to discover and trace the state of connections for stream forwarding. What connection tracking does is to discover and track the status of these connections, including: (1) extracting tuple (tuple) information from the data packet, and distinguishing data flow (flow) and corresponding connection (connection); (2) maintaining a state database (conntrack table) for all connections, such as the creation time of the connection, the number of packets sent, the number of bytes sent, and so on; (3) reclaiming expired connections (GC); (4) serving higher level functions such as NAT.
The OVS provides support for application based on bidirectional flow state forwarding control in the cloud computing network by combining with Conntrack, and establishes service applications such as state security group, External Internet protocol (External IP), distributed four-layer load balancing, Network Address Translation (NAT) and the like through flow table arrangement and bidirectional connection. However, the flow table of the connrack connection state of the OVS generally has a plurality of flow table entries. Since hardware resources are precious and high in cost, if all flow entries of the flow table are issued to hardware, a large amount of resources are occupied. Therefore, how to reduce the resource occupation of the flow table is a problem to be solved.
Disclosure of Invention
The embodiment of the application provides a method and a device for processing a flow table and electronic equipment, which can reduce resources occupied by the flow table under the condition that multiple stages of flow tables exist.
In a first aspect, an embodiment of the present application provides a method for flow table processing, including:
receiving a flow table, the flow table containing a plurality of flow table entries;
judging whether the flow table is a flow table to be merged or not according to the flow table entry;
under the condition that the flow tables are to-be-merged flow tables, inquiring and storing one or more upper-level flow tables of the to-be-merged flow tables to a to-be-processed list, wherein the received flow tables which are not processed are included in the total flow tables;
and merging preset flow table entries of each flow table in the list to be processed to obtain a merged flow table.
In a second aspect, an embodiment of the present application provides an apparatus for flow table processing, including:
a receiving module, configured to receive a flow table, where the flow table includes a plurality of flow table entries;
the processing module is used for judging whether the flow table is a flow table to be merged or not according to the flow table entry; the flow table merging method comprises the steps that one or more upper-level flow tables of the flow tables to be merged are inquired and stored in a total flow table to a list to be processed under the condition that the flow tables are flow tables to be merged, wherein the total flow table comprises the received flow tables which are not processed; and the table merging unit is used for merging preset flow table entries of all the flow tables in the list to be processed to obtain a merged flow table.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor and a memory, where the processor and the memory are connected to each other, where the memory is used to store a computer program, and the computer program includes program instructions, and the processor is configured to call the program instructions to execute the method according to the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and the computer program includes program instructions, which, when executed by a processor, cause the processor to execute the method according to the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program product comprising a non-transitory computer-readable storage medium storing a computer program, the computer being operable to cause a computer to perform the method according to the first aspect.
By implementing the embodiment of the application, whether the flow table is the flow table to be merged can be judged according to the flow table items under the condition that the multiple stages of flow tables exist, and the merged flow table is obtained by merging the flow tables to be merged, so that the resources occupied by the flow tables can be reduced, and the efficiency of flow table query can be improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a flow table processing method according to an embodiment of the present application;
fig. 2 is a schematic composition diagram of a flow table processing apparatus according to an embodiment of the present application;
fig. 3 is a schematic composition diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application are described below clearly and completely with reference to the accompanying drawings, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments.
The terms "first" and "second" and the like in the description and drawings of the present application are used for distinguishing different objects or for distinguishing different processes for the same object, and are not used for describing a specific order of the objects. Furthermore, the terms "including" and "having," and any variations thereof, as referred to in the description of the present application, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may alternatively include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that in the embodiments of the present application, words such as "exemplary" or "for example" are used to mean serving as examples, illustrations or descriptions. Any embodiment or design method described herein as "exemplary" or "e.g.," should not be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion. In the examples of the present application, "A and/or B" means both A and B, and A or B. "A, and/or B, and/or C" means either A, B, C, or means either two of A, B, C, or means A and B and C.
Next, a method of flow table processing provided in the embodiment of the present application will be described in detail with reference to fig. 1.
Referring to fig. 1, a flow chart of a method for processing a flow table according to an embodiment of the present application is schematically illustrated, where the method includes the following steps S101 to S104:
step S101: a flow table is received, the flow table containing a plurality of flow table entries.
The flow table is a forwarding table (forwarding table) for forwarding flows, each flow table is composed of a plurality of flow entries (FlowEntry), and each flow table corresponds to one flow transmitted by the network. A flow refers to a set of sequentially transmitted messages (packets) that travel through the same network over a period of time with the same attributes. The flow table entry is a minimum unit of the flow table, and the flow table entry is used to indicate various information of the flow corresponding to the flow table, such as an input port number, a source address, a destination address, a packet type, an executable action, and the like. The flow table is unloaded from a traffic control tool (traffic control, abbreviated as TC) in the Linux operating system.
Step S102: and judging whether the flow table is a flow table to be merged or not according to the flow table entry.
In a possible implementation manner, the method for determining whether the flow table is the flow table to be merged may include the following steps a 1-A3:
step A1: and judging whether the flow table is a flow table with established tracking or not according to a first flow table entry in the flow table entries.
The first flow table entry may be a ct _ state field of the flow table. ct _ state is used to indicate the connection status, and possible values (flag) include new, est, rel, rpl, inv, trk, etc. new indicates that the packet is from a new connection. est indicates that the packet is from an established connection. rel indicates that the packet is associated with an already existing connection. rpl indicates the direction of reply of a packet from a connection. inv indicates that the status of the packet is invalid and the conntrack module does not correctly recognize the packet. trk indicates that the packet has been processed by the conntrack module. These flags need to be used in conjunction with either "+" indicating a must match or "-" indicating a must not match. A plurality of flags, for example, ct _ state = + new + trk, may be specified at the same time. The method for judging whether the flow table is the flow table with established tracking according to the ct _ state is to judge whether the flag of the ct _ state contains "+ new". If the flag of the ct _ state contains + new', judging that the flow table is not the flow table which is established to be tracked; and if the flag of the ct _ state does not contain + new', judging the flow table to be the flow table which is established to track.
In one possible implementation, in a case that the flow table is a flow table with established tracking, a fourth flow table entry in the flow table is extracted, and a callback function is registered with the kernel.
Wherein the fourth flow table entry may be a ct _ zone field of the flow table. The ct _ zone is used to isolate the connection tracking table entry and can be set by the parameter zone of the ct action (action). action is used to indicate the action that the packet needs to perform. The kernel refers to a Linux kernel without specific description in the embodiments of the present application. The operating system is a low-level supporting software that is used to interface with the hardware and provide a limited set of services for user programs. A computer system is a co-organism of hardware and software that are interdependent, not separable. The hardware of the computer comprises peripheral equipment, a processor, a memory, a hard disk and other electronic equipment which form a motor of the computer. But has no software to operate and control it and is not functional by itself. The software that performs this control task is called the operating system, which in Linux terminology is called the "kernel" and may also be called the "kernel". The main modules (or components) of the Linux kernel are divided into the following parts: storage management, CPU and process management, file systems, device management and drivers, network communications, and initialization (boot) of the system, system calls, and the like.
A callback function refers to a function passed as a parameter. That is, a callback function is a function called by another function. Callback functions registered with the kernel include, but are not limited to, callback functions for setup events, update events, and delete events of connection tracking. Therefore, when a data packet triggers events such as creation and deletion of the flow table, the changed flow table can be synchronously updated to the flow table stored in the total flow table in time. So as to inquire the connection information in the flow table and extract the action in the flow table when the flow table is unloaded subsequently. The received flow table unloaded from the TC and not yet processed is included in the total flow table.
Step A2: and under the condition that the flow table is a tracked flow table, judging whether the flow table is a header flow table according to a second flow table entry in the flow table entries, and judging whether a lower-level flow table exists in the flow table according to a third flow table entry in the flow table entries.
Wherein, the second flow table entry may be a field recirc _ id of the flow table. recirc _ id is a flow identifier, and when recirc _ id =0, it indicates that this flow table is the first-stage flow table of the packet corresponding to this flow table. Followed by a second level flow table, a third level flow table, etc. The recirc _ id of the second-stage flow table and the third-stage flow table is not 0. Thus, whether the flow table is a header flow table (first-stage flow table) can be determined by whether the value of recirc _ id is 0.
The third flow table entry may be an action field of the flow table. If the action field includes an action (e.g., action of gotorecirc _ id) to be committed to the next flow table, that is, the flow table is connected to another flow table through the action of gotorecirc _ id, and the other flow table connected to the flow table is the next flow table of the flow table. Therefore, it can be understood that, when the action field includes the action of the motorecrc _ id, it is possible to determine that the flow table is not a tail flow table (the last flow table of the lower flow table is not present), and that the lower flow table is present in the flow table.
Step A3: and if the flow table is not a header flow table and a lower-level flow table does not exist, the flow table is a flow table to be merged.
If recirc _ id of the flow table is not equal to 0 and there is no recirc Action in the Action of the flow table, the flow table is the flow table to be merged. It is to be understood that the flow table to be merged is a tail flow table in the multistage flow table corresponding to the flow.
The flow tables to be merged meeting the conditions can be found by judging the first flow table item, the second flow table item and the third flow table item. So as to find other flow tables which are the same as the flow represented by the flow table to be merged for integration according to the flow table to be merged.
In a possible implementation manner, in a case that a lower-level flow table exists in the flow table, a flag to be processed is marked on the flow table; recording a second flow table entry of a lower level flow table of the flow table on the flow table for finding the lower level flow table of the flow table; saving the flow table to the master flow table.
When a lower-level flow table exists in the flow table, that is, the action of the gotorecirc _ id is included in the action field of the flow table. In this case, a pending flag (pending flag) is marked on the flow table to indicate that the flow table is not the flow table to be merged which is currently required, but the flow table may need to be processed in the subsequent processing procedure. The value of recirc _ id of a lower stream table of the stream table is recorded in the stream table, so that the lower stream table can be found by the action of the motorecrc _ id in the stream table. Because the lower-level flow table exists in the flow table, the flow table does not belong to the flow table to be merged which needs to be found currently and needs to be processed, but the flow table may need to be processed subsequently, so that the flow table is saved into the total flow table for subsequent lookup and processing.
In one possible implementation, in a case where the flow table is a header flow table and a lower-level flow table does not exist, determining whether the flow table exists in a lower issue table including the flow table sent to a forwarding chip; sending the flow table to the forwarding chip when the flow table does not exist in the downloading table; saving the flow table to the lower publication table and the total flow table.
When the flow table is not the lower-level flow table, it is determined that the flow table is an independent flow table, that is, the flow table includes all the flow table information of the corresponding flow, and it is not necessary to perform operations such as integration or connection with another flow table. In this case, whether the table exists is looked up in the lower publication table. The issuing table comprises a flow table which is already sent to the forwarding chip. Therefore, if the flow table can be found in the next publication, which indicates that the flow table has already been sent to the forwarding chip, the flow table does not need to be processed, and the execution of the flow can be directly finished. If the flow table cannot be found in the forwarding table, which indicates that the flow table is not sent to the forwarding chip, the flow table may be sent to the forwarding chip at this time, and the flow table is saved in the forwarding table and the total flow table.
Step S103: and under the condition that the flow tables are to-be-merged flow tables, inquiring and storing one or more superior flow tables of the to-be-merged flow tables to a to-be-processed list in a total flow table, wherein the total flow table comprises the received flow tables which are not processed yet.
The method for inquiring one or more upper-level flow tables of the flow tables to be merged in the total flow table comprises the following steps: and searching a flow table with the value of the gateecrc _ id as the value of the recirc _ id of the flow table to be merged in the total flow table, wherein the flow table found in the total flow table is the upper-level flow table of the flow table to be merged. After the previous flow table of the flow table to be merged is added into the list to be processed, if the value of recirc _ id of the previous flow table of the flow table to be merged is not 0, continuously searching the flow table of which the value of the gotorerc _ id is the value of recirc _ id of the previous flow table of the flow table to be merged in the total flow table, wherein the flow table found in the total flow table at this time is the previous flow table of the flow table to be merged (also belongs to the previous flow table of the flow table to be merged), and similarly, storing the flow table into the list to be processed. And judging whether the recirc _ id of the flow table is 0 again, if not, continuing to repeat the operation until the found recirc _ id value of a certain upper-level flow table of the flow tables to be merged is equal to 0 and storing the upper-level flow table into a list to be processed, and then, indicating that all flow tables of the flow corresponding to the flow tables to be merged are found at the moment.
For example, if the value of recirc _ id of the flow table to be merged (flow table a) is 3, the flow table with the value of motorecric _ id of 3 is found in the total flow table, and if the found flow table is flow table B, the value of recirc _ id of flow table B is 2. It is to be noted that since the value of the gatecirc _ id of flow table B is 3 and the action of the gatecirc _ id is directed to the next-stage flow table, the next-stage flow table of flow table B is flow table a, that is, flow table B is the previous-stage flow table of flow table a. And saving the found flow table B into a to-be-processed list, wherein the recirc _ id of the flow table B is not 0 because of 2. Then, the flow table with the value of 2 of the gateecrc _ id is continuously searched in the total flow table, and if the found flow table is the flow table C, the value of 1 of the gateecrc _ id of the flow table C. It is known that flow table C is the upper stage flow table of flow table B, and thus belongs to the upper stage flow table of flow table a. After the flow table C is stored in the to-be-processed list, because the recirc _ id of the flow table C is still not 0, the flow table with the value of the gotorecrc _ id being 1 is continuously searched in the total flow table, and if the found flow table is the flow table D, the recirc _ id of the flow table D is 0. The flow table D is also saved to the to-be-processed list. Since recirc _ id of the flow table D is 0, it means that the flow table D is a header flow table, and all the flow tables in the multi-stage flow tables of a certain flow have been found at this time. Note that the flow table to be processed (flow table a) is also saved in the list to be processed.
In a possible implementation manner, the pending flag of each flow table in the to-be-processed list is deleted, which indicates that the flow tables have been processed.
Step S104: and merging preset flow table entries of each flow table in the list to be processed to obtain a merged flow table.
And traversing each flow table in the list to be processed, and merging preset flow table entries in each flow table to obtain a merged flow table containing the preset flow table entries of each flow table in the list to be processed.
In one possible implementation, the preset flow table entry includes a Key value and an Action.
Key values are some characteristic values extracted from messages and used for uniquely determining a flow table. The characteristic values comprise information such as source MAC addresses, destination MAC addresses, VLAN information, protocol types, source IP addresses, destination IP addresses, port numbers and the like. The MAC Address is a Media Access Control Address, which is translated into a MAC Address, also called a lan Address, a MAC Address, an ethernet Address or a physical Address, which is an Address used to identify the location of the network device. The source MAC address represents the MAC address of the sender, and the destination MAC address refers to the MAC address of the receiver. VLAN (virtual Local Area network) is named "virtual Local Area network" in Chinese. A Virtual Local Area Network (VLAN) is a group of logical devices and users that are not limited by physical location and may be organized according to function, department, and application. The protocols include network layer protocols and transport layer protocols, among others. The network layer protocols mainly include Internet Protocol (IP), network control message protocol (ICMP) and Address Resolution Protocol (ARP). The IP protocol is designed to interconnect packet-switched communication networks to form an internet communication environment. It is responsible for transporting data blocks, called data packets, between a source host and a destination host from its higher level software, and it provides a non-connection type delivery service between the source and destination. ICMP is used to report certain error conditions on the network. ARP is used to perform translation between IP addresses and physical addresses. Transport layer protocols mainly include the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). TCP is used to establish a direct session for a user process on a network, which ensures reliable communication directly by the process. UDP is used to provide unreliable connectionless transport layer services that allow data to be transmitted directly at the source and destination without having to establish a session before transmitting the data. The IP address is a uniform address format provided by the IP protocol, and it allocates a logical address to each network and each host on the internet, so as to mask the difference of physical addresses. Similarly, the source IP address refers to the IP address of the sender, and the destination IP address refers to the IP address of the recipient. The primary purpose of a port number is to represent the service provided by a particular process in a computer. Likewise, a source port number and a destination port number may be included.
The Action refers to an Action performed on a flow represented by a flow table indicated by a flow table entry in the flow table.
In a possible implementation manner, if an action in a flow table in a to-be-processed list includes an nat action, nat information is placed in the action, a message corresponding to the flow table is placed in a key, and an nat flag is marked on the message in the key to indicate that the nat action needs to be performed on the message subsequently.
Where the nat action is used to specify the ip and port of the tracked connection.
In a possible implementation manner, after the merged flow table is obtained, the merged flow table is sent to a forwarding chip; saving the merged flow table to an issuing table, wherein the issuing table comprises the flow table sent to the forwarding chip; and saving the flow table to be merged to the total flow table.
The purpose of merging the multi-stage flow tables is to reduce the amount of data sent to the forwarding chip, thereby reducing the resource overhead of the forwarding chip (hardware) and saving resources. Moreover, because the multi-stage flow tables are combined into an independent flow table, the table look-up efficiency is improved (multiple times of inquiry in the multi-stage flow tables are not needed), and the complexity of chip design and processing can be reduced.
For example, if there is one piece of information of each flow entry of the flow table a, the information includes: recirc _ id (0), ct _ state (-new-est-trk), in _ port (1), eth (src = fa:16:3e:89: b6, dst =00:00:01:01:02:03), eth _ type (0x0800), ipv4(src =192.168.0.141, dst =30.30.30.10, proto =6, ttl =64, frag = no), tcp (src =22), actions: set (eth (src =00: 02:01:02:03, dst =5e: da:0c:1f:01:4d)), set (ipv4(ttl =63)), ct (zone =6, nat), recirc (0x4a), and the information of each flow entry of the other flow table B includes: recirc _ id (0x4a), ct _ state (+ est + trk), in _ port (1), eth (src =00:00:02:01:02:03, dst =5e: da:0c:1f:01:4d), eth _ type (0x0800), ipv4(src = 0.0.0/224.0.0, dst =30.30.30.8/255.255.255.248, frag = no), tcp (src =22), actions: 2.
As can be seen, the information contained in the flow table a includes: "recirc _ id (0)" indicates that recirc _ id of flow table a is 0, and ct _ state (-new-est-trk) indicates that the packet corresponding to flow table a has established a trace connection but not from an established connection, and has not been processed by the conntrack module. "in _ port (1), eth (src = fa:16:3e:89: b6, dst =00: 01:01:02:03), eth _ type (0x0800), ipv4(src =192.168.0.141, dst =30.30.30.10, proto =6, ttl =64, frag = no), tcp (src = 22)" all belong to the key and key values of flow table a. Wherein in _ port represents the port from which the data packet comes, eth represents the information of the ethernet (including the source Mac address and the destination Mac address), eth _ type represents the ethernet type, ipv4 represents the IP address (including the source IP address, the destination IP address, the protocol type, etc.), and tcp represents which port is used to open the listening service. "actions: set (eth (src =00: 02:01:02:03, dst =5e: da:0c:1f:01:4d)), set (ipv4(ttl =63)), ct (zone =6, nat), recirc (0x4a) "all belong to the action of flow table a, and it can be seen that the action of flow table a includes a recirc action, and the recirc _ id of the next-stage flow table to which the recirc action is directed is 0x4a, that is, flow table B. In flow table B, "recirc _ id (0x4 a)" indicates that recirc _ id of flow table B is 0x4a, and "ct _ state (+ est + trk)" indicates that the packet corresponding to flow table B comes from an already established connection and is processed by the conntrack module. "in _ port (1)," eth (src =00:00:02:01:02:03, dst =5e: da:0c:1f:01:4d), "eth _ type (0x0800), ipv4(src =0.0.0.0/224.0.0.0, dst =30.30.30.8/255.255.255.248, frag = no)," tcp (src =22) "all belong to the key and key values of flow table B, and" actions:2 "is action of flow table B.
After the steps related by the embodiment of the application are processed, by integrating the flow table and the connection tracking information, the nat action of the original key and the connection tracking and the forwarding action of the flow table B are integrated, a merged flow table matched with the original message key is finally formed, and the obtained information of the merged flow table comprises: recirc _ id (0), in _ port (1), eth (src = fa:16:3e:89: b6, dst =00: 01:01:02:03), eth _ type (0x0800), ipv4(src =192.168.0.141, dst =30.30.30.10, proto =6, tt =64, frag = no), tcp (src =22), actions: set (eth (src =00:00:02:01:02:03, dst =5e: da:0c:1f:01:4d)), set (ipv4(src =30.30.30.100, dst = tt =63)), 2. Wherein the key and key values include: recirc _ id (0), in _ port (1), eth (src = fa:16:3e:89: b6, dst =00: 01:01:02:03), eth _ type (0x0800), ipv4(src =192.168.0.141, dst =30.30.30.10, proto =6, tt =64, frag = no), tcp (src =22), action includes set (eth (src =00:00:02:01:02:03, dst =5e: da:0c:1f:01:4d)), set (ipv4(src =30.30.30.100, dst = tt =63)), 2.
Fig. 2 is a schematic diagram illustrating a flow table processing apparatus according to an embodiment of the present disclosure. The apparatus 200 of flow table processing may include:
the receiving module 201: for receiving a flow table, the flow table containing a plurality of flow table entries;
the processing module 202: the flow table is used for judging whether the flow table is a flow table to be merged or not according to the flow table entry; the flow table merging method comprises the steps that one or more upper-level flow tables of the flow tables to be merged are inquired and stored in a total flow table to a list to be processed under the condition that the flow tables are flow tables to be merged, wherein the total flow table comprises the received flow tables which are not processed; and the table merging unit is used for merging preset flow table entries of all the flow tables in the list to be processed to obtain a merged flow table.
Optionally, the processing module 202 is further configured to determine, according to a first flow table entry in the flow table entries, whether the flow table is a flow table with established tracking; the flow table is used for judging whether the flow table is a header flow table according to a second flow table entry in the flow table entries and judging whether a lower-level flow table exists in the flow table according to a third flow table entry in the flow table entries under the condition that the flow table is a flow table with established tracking; and the flow table is judged to be a flow table to be merged if the flow table is not a header flow table and a lower-level flow table does not exist.
Optionally, the preset flow entry includes a Key value and an Action.
Optionally, the apparatus 200 for processing a flow table further includes an extracting module 203, configured to extract a fourth flow table entry in the flow table and register a callback function with the kernel if the flow table is a tracked flow table that is already established.
Optionally, the processing module 202 is further configured to, when a lower-level flow table exists in the flow table, mark a to-be-processed flag on the flow table; a second flow table entry for recording a lower level flow table of the flow table on the flow table for finding the lower level flow table of the flow table; and for saving the flow table into the global flow table.
Optionally, the processing module 202 is further configured to, when the flow table is a header flow table and a lower-level flow table does not exist, determine whether the flow table exists in a lower issue table, where the lower issue table includes the flow table sent to the forwarding chip; the apparatus 200 for flow table processing further includes a sending module 204, configured to send the flow table to the forwarding chip if the flow table does not exist in the downward publication; the processing module 202 is further configured to save the flow table to the lower publication table and the total flow table.
Optionally, the sending module 204 is further configured to send the merged flow table to a forwarding chip; the processing module 202 is further configured to store the merged flow table to an issue table, where the issue table includes the flow table sent to the forwarding chip; and saving the flow table to be merged to the total flow table.
For specific function implementation of the apparatus 200 for flow table processing, reference may be made to the method steps corresponding to fig. 1, which is not described herein again.
Please refer to fig. 3, which is a schematic composition diagram of an electronic device according to an embodiment of the present disclosure. Can include the following steps: a processor 110, a memory 120; wherein, the processor 110, the memory 120 and the communication interface 130 are connected by a bus 140, the memory 120 is used for storing instructions, and the processor 110 is used for executing the instructions stored by the memory 120 to implement the corresponding method steps as described above in fig. 1.
The processor 110 is configured to execute the instructions stored in the memory 120 to control the communication interface 130 to receive and transmit signals, thereby implementing the steps of the above-described method. The memory 120 may be integrated in the processor 110, or may be provided separately from the processor 110.
As an implementation manner, the function of the communication interface 130 may be realized by a transceiver circuit or a dedicated chip for transceiving. The processor 110 may be considered to be implemented by a dedicated processing chip, processing circuit, processor, or a general-purpose chip.
As another implementation manner, the electronic device provided in the embodiment of the present application may be implemented by using a general-purpose computer. Program code that will implement the functions of the processor 110 and the communication interface 130 is stored in the memory 120, and a general-purpose processor implements the functions of the processor 110 and the communication interface 130 by executing the code in the memory 120.
For the concepts, explanations, details and other steps related to the technical solutions provided in the embodiments of the present application related to the electronic device, reference is made to the description of the method or the contents of the method steps executed by the apparatus in the other embodiments, which is not described herein again.
As another implementation of the present embodiment, a computer-readable storage medium is provided, on which instructions are stored, which when executed perform the method in the above-described method embodiment.
As another implementation of the present embodiment, a computer program product is provided that contains instructions that, when executed, perform the method in the above-described method embodiments.
Those skilled in the art will appreciate that only one memory and processor are shown in fig. 3 for ease of illustration. In an actual electronic device or server, there may be multiple processors and memories. The memory may also be referred to as a storage medium or a storage device, and the like, which is not limited in this application.
It should be understood that, in the embodiment of the present Application, the processor may be a Central Processing Unit (CPU), and the processor may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field-Programmable Gate arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like.
It will also be appreciated that the memory referred to in the embodiments of the application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. The volatile Memory may be a Random Access Memory (RAM) which serves as an external cache. By way of example and not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDR SDRAM), Enhanced SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), and Direct bus RAM (DR RAM).
It should be noted that when the processor is a general-purpose processor, a DSP, an ASIC, an FPGA or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component, the memory (memory module) is integrated in the processor.
It should be noted that the memory described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
The bus may include a power bus, a control bus, a status signal bus, and the like, in addition to the data bus. But for clarity of illustration the various buses are labeled as buses in the figures.
It should also be understood that reference herein to first, second, third, fourth, and various numerical designations is made only for ease of description and should not be used to limit the scope of the present application.
It should be understood that the term "and/or" herein is merely one type of association relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor. To avoid repetition, it is not described in detail here.
In the embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various Illustrative Logical Blocks (ILBs) and steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, digital subscriber line) or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), among others.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (8)
1. A method of flow table processing, the method comprising:
receiving a flow table, the flow table containing a plurality of flow table entries;
judging whether the flow table is a flow table with established tracking or not according to a first flow table item in the flow table items;
under the condition that the flow table is a flow table with established tracking, judging whether the flow table is a header flow table according to a second flow table item in the flow table items, and judging whether a lower-level flow table exists in the flow table according to a third flow table item in the flow table items;
when a lower-level flow table exists in the flow table, marking a mark to be processed on the flow table;
recording a second flow table entry of a lower level flow table of the flow table on the flow table for finding the lower level flow table of the flow table;
saving the flow table into a total flow table;
if the flow table is not a header flow table and a lower-level flow table does not exist, the flow table is a flow table to be merged;
under the condition that the flow tables are to-be-merged flow tables, inquiring and storing one or more upper-level flow tables of the to-be-merged flow tables to a to-be-processed list, wherein the received flow tables which are not processed are included in the total flow tables;
and merging preset flow table entries of each flow table in the list to be processed to obtain a merged flow table.
2. The method according to claim 1, wherein the preset flow table entry includes a Key value for determining a flow table and an Action for representing an Action performed on the flow table.
3. The method of claim 2, further comprising:
and under the condition that the flow table is a flow table with established tracking, extracting a fourth flow table entry in the flow table, and registering a callback function to a kernel.
4. The method of claim 3, further comprising:
judging whether the flow table exists in a lower publication table under the condition that the flow table is a header flow table and a lower-level flow table does not exist, wherein the lower publication table comprises the flow table sent to a forwarding chip;
sending the flow table to the forwarding chip when the flow table does not exist in the downloading table;
saving the flow table to the lower publication table and the total flow table.
5. The method of claim 1, further comprising:
sending the merged flow table to a forwarding chip;
saving the merged flow table to an issuing table, wherein the issuing table comprises the flow table sent to the forwarding chip;
and saving the flow table to be merged to the total flow table.
6. An apparatus of flow table processing, characterized in that the apparatus comprises:
a receiving module, configured to receive a flow table, where the flow table includes a plurality of flow table entries;
the processing module is used for judging whether the flow table is a flow table with established tracking or not according to a first flow table item in the flow table items; the flow table is used for judging whether the flow table is a header flow table according to a second flow table entry in the flow table entries and judging whether a lower-level flow table exists in the flow table according to a third flow table entry in the flow table entries under the condition that the flow table is a flow table with established tracking; the flow table is used for marking a to-be-processed mark on the flow table under the condition that a lower-level flow table exists in the flow table; a second flow table entry for recording a lower level flow table of the flow table on the flow table for finding the lower level flow table of the flow table; for saving the flow table into an overall flow table; the flow table is a flow table to be merged if the flow table is not a header flow table and a lower-level flow table does not exist; the flow table merging method comprises the steps that one or more upper-level flow tables of the flow tables to be merged are inquired and stored in a total flow table to a list to be processed under the condition that the flow tables are flow tables to be merged, wherein the total flow table comprises the received flow tables which are not processed; and the table merging unit is used for merging preset flow table entries of all the flow tables in the list to be processed to obtain a merged flow table.
7. An electronic device, comprising a processor and a memory, the processor and the memory being interconnected, wherein the memory is configured to store a computer program comprising program instructions, the processor being configured to invoke the program instructions to perform the method of any one of claims 1-5.
8. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to carry out the method according to any one of claims 1-5.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210104145.0A CN114124785B (en) | 2022-01-28 | 2022-01-28 | Flow table processing method and device and electronic equipment |
| CN202210646690.2A CN114884858A (en) | 2022-01-28 | 2022-01-28 | Flow table processing method and related apparatus, electronic device, medium, and program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210104145.0A CN114124785B (en) | 2022-01-28 | 2022-01-28 | Flow table processing method and device and electronic equipment |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210646690.2A Division CN114884858A (en) | 2022-01-28 | 2022-01-28 | Flow table processing method and related apparatus, electronic device, medium, and program product |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114124785A CN114124785A (en) | 2022-03-01 |
| CN114124785B true CN114124785B (en) | 2022-04-26 |
Family
ID=80361801
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210646690.2A Pending CN114884858A (en) | 2022-01-28 | 2022-01-28 | Flow table processing method and related apparatus, electronic device, medium, and program product |
| CN202210104145.0A Active CN114124785B (en) | 2022-01-28 | 2022-01-28 | Flow table processing method and device and electronic equipment |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210646690.2A Pending CN114884858A (en) | 2022-01-28 | 2022-01-28 | Flow table processing method and related apparatus, electronic device, medium, and program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN114884858A (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115134315B (en) * | 2022-09-01 | 2022-12-02 | 珠海星云智联科技有限公司 | Message forwarding method and related device |
| CN116962321B (en) * | 2023-09-18 | 2024-01-09 | 鹏城实验室 | Data packet transmission method, transmission configuration method, device, equipment and medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112511438A (en) * | 2020-11-19 | 2021-03-16 | 锐捷网络股份有限公司 | Method and device for forwarding message by using flow table and computer equipment |
| CN112737957A (en) * | 2020-12-30 | 2021-04-30 | 锐捷网络股份有限公司 | Flow table aging method and device |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103259718B (en) * | 2013-04-18 | 2016-12-28 | 华为技术有限公司 | A kind of stream table conversion method and device |
| CN104158745B (en) * | 2013-05-13 | 2018-11-06 | 南京中兴新软件有限责任公司 | A kind of method and system for realizing data packet forwarding |
| EP3142305A4 (en) * | 2014-05-27 | 2017-06-07 | Huawei Technologies Co. Ltd. | Flow table management method and relevant device and system |
| CN105591909A (en) * | 2015-10-21 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and device for improvement of message forwarding performance |
| CN107800630A (en) * | 2016-09-02 | 2018-03-13 | 南京中兴软件有限责任公司 | Message processing method and device |
| CN115037575A (en) * | 2017-12-26 | 2022-09-09 | 华为技术有限公司 | Message processing method and device |
| CN113645137B (en) * | 2021-08-02 | 2022-05-31 | 清华大学 | Software defined network multi-level flow table compression method and system |
-
2022
- 2022-01-28 CN CN202210646690.2A patent/CN114884858A/en active Pending
- 2022-01-28 CN CN202210104145.0A patent/CN114124785B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112511438A (en) * | 2020-11-19 | 2021-03-16 | 锐捷网络股份有限公司 | Method and device for forwarding message by using flow table and computer equipment |
| CN112737957A (en) * | 2020-12-30 | 2021-04-30 | 锐捷网络股份有限公司 | Flow table aging method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114124785A (en) | 2022-03-01 |
| CN114884858A (en) | 2022-08-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111885075B (en) | Container communication method, device, network equipment and storage medium | |
| CN114124785B (en) | Flow table processing method and device and electronic equipment | |
| US10225188B2 (en) | Routing messages between virtual networks | |
| US9602307B2 (en) | Tagging virtual overlay packets in a virtual networking system | |
| TWI744359B (en) | Method for data transmission and network equipment | |
| US8284785B2 (en) | System and method for direct communications between FCoE devices | |
| WO2021013046A1 (en) | Communication method and network card | |
| CN107786669B (en) | Load balancing processing method, server, device and storage medium | |
| CN109936641B (en) | Domain name resolution method, virtual switch and distributed DNS system | |
| CN109547350B (en) | Route learning method and gateway equipment | |
| CN100377550C (en) | Routing table next-hop IP address to MAC address analytic method | |
| WO2021012601A1 (en) | Message processing method and device, apparatus, and readable storage medium | |
| CN103888508B (en) | Method and system for data connection diversification and storage medium thereof | |
| CN109698845B (en) | Data transmission method, server, unloading card and storage medium | |
| CN117395195A (en) | Communication method, device, equipment and storage medium | |
| CN115834472A (en) | Message processing method, forwarding strategy obtaining method and device | |
| CN112511440B (en) | Message forwarding method, system, storage medium and electronic equipment | |
| CN112787932B (en) | Method, device and system for generating forwarding information | |
| CN114679370A (en) | Server hosting method, device, system and storage medium | |
| CN114531320A (en) | Communication method, device, equipment, system and computer readable storage medium | |
| CN114928589B (en) | Data transmission method, data transmission device, computer readable medium and apparatus | |
| CN113489848B (en) | Terminal equipment testing method and device, electronic equipment and storage medium | |
| CN111050339B (en) | High-speed data updating system and method based on protocol non-perception forwarding | |
| CN113765794B (en) | Data transmission method and device, electronic equipment and medium | |
| WO2022089645A1 (en) | Communication method, apparatus, device, system, and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |