CN115776441B - SDN-based virtual private line service issuing method and device, medium and electronic equipment - Google Patents

SDN-based virtual private line service issuing method and device, medium and electronic equipment Download PDF

Info

Publication number
CN115776441B
CN115776441B CN202310106489.XA CN202310106489A CN115776441B CN 115776441 B CN115776441 B CN 115776441B CN 202310106489 A CN202310106489 A CN 202310106489A CN 115776441 B CN115776441 B CN 115776441B
Authority
CN
China
Prior art keywords
virtual private
private line
end node
sdn switch
line service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310106489.XA
Other languages
Chinese (zh)
Other versions
CN115776441A (en
Inventor
胡雅晴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Tianchi Network Co ltd
Original Assignee
Beijing Tianchi Network Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Tianchi Network Co ltd filed Critical Beijing Tianchi Network Co ltd
Priority to CN202310106489.XA priority Critical patent/CN115776441B/en
Publication of CN115776441A publication Critical patent/CN115776441A/en
Application granted granted Critical
Publication of CN115776441B publication Critical patent/CN115776441B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The application relates to a virtual private line service issuing method, device, medium and electronic equipment based on SDN, wherein the method comprises the following steps: based on SDN switch backbone network, obtaining user-defined virtual private line service configuration information; according to the virtual private line service configuration information, a configuration command is issued to an SDN switch corresponding to an A end node of the virtual private line to complete virtual private line service configuration; and according to the virtual private line service configuration information, issuing a configuration command to an SDN switch corresponding to the Z-end node of the virtual private line to complete virtual private line service configuration so as to establish a virtual private line service tunnel of the A-end node and the Z-end node VXLAN. Based on SDN switch backbone network, according to virtual private line service configuration information, accurately and rapidly issuing configuration commands to SDN switches respectively corresponding to an A end node and a Z end node, so that configuration of SDN switches corresponding to two ends of virtual private line service is completed, VXLAN virtual private line service tunnels are rapidly established between SDN switches, and time and labor cost are saved.

Description

SDN-based virtual private line service issuing method and device, medium and electronic equipment
Technical Field
The application relates to the technical field of network communication, in particular to a virtual private line service issuing method, device, medium and electronic equipment based on SDN.
Background
The virtual private line service is a service created based on a virtual extensible local area network (Virtual EXtensible LAN, VXLAN) protocol, which is an overlay network technology, and is encapsulated by using a method of MAC in UDP (User Datagram Protocol). VXLAN supports up to 16777216 (24 bits) networks, using 4789 as the destination UDP port for VXLAN. In the conventional mode, a point-to-point virtual private line service is configured based on a switch network, and the switches in a switch backbone network (backbone network architecture) are configured one by a network engineer in a manner, but a lot of time and labor cost are consumed when the configuration is performed manually.
Disclosure of Invention
In order to save time and labor cost, the application provides a virtual private line service issuing method, device, medium and electronic equipment based on SDN.
In a first aspect of the present application, a method for delivering virtual private line service based on SDN is provided, which specifically includes:
Based on SDN switch backbone network, obtaining user-defined virtual private line service configuration information;
according to the virtual private line service configuration information, a configuration command is issued to an SDN switch corresponding to an A end node of the virtual private line to complete virtual private line service configuration;
and according to the virtual private line service configuration information, issuing a configuration command to an SDN switch corresponding to a Z-end node of a virtual private line to complete virtual private line service configuration so as to establish a virtual private line service tunnel between the A-end node and the Z-end node VXLAN.
By adopting the technical scheme, after the backbone network of the SDN switch is built, each SDN switch in the backbone network of the SDN switch can be communicated, and the server is accessed into the backbone network of the SDN switch, so that the server can communicate with any switch in the backbone network, and the SDN switch comprises SDN switches respectively corresponding to the A end and the Z end of a virtual private line service. After the user-defined virtual private line service configuration information is obtained, based on the SDN switch backbone network, a configuration command can be accurately and rapidly issued to SDN switches respectively corresponding to the A end node and the Z end node according to the virtual private line service configuration information, so that configuration of SDN switches corresponding to the two ends of the virtual private line service is rapidly completed, and a VXLAN virtual private line service tunnel is rapidly established between the SDN switches, and compared with manual configuration issuing, time and labor cost are saved.
Optionally, the virtual private line service configuration information includes a management IP address of an a-end node of a virtual private line, and the issuing, according to the virtual private line service configuration information, a configuration command to an SDN switch corresponding to the a-end node of the virtual private line to complete virtual private line service configuration includes:
extracting a management IP address of the A-end node in the virtual private line service configuration information through an SDN controller;
and according to the management IP address of the A-end node, issuing a configuration command to the SDN switch corresponding to the A-end node through the RPC interface opened by the A-end node to complete virtual private line service configuration.
After the technical scheme is adopted to obtain the virtual private line service configuration information, an SDN controller preset in a server acquires the virtual private line service configuration information, then a management IP address of an A end node is extracted from the virtual private line service configuration information, the SDN controller establishes remote connection with an SDN switch corresponding to the A end node through the management IP address so as to manage the corresponding SDN switch, and finally a related command of virtual private line service configuration is issued to the SDN switch through an RPC interface of the SDN switch corresponding to the A end node so as to complete virtual private line service configuration of the A end. Therefore, the protocol type of the south interface is not required to be limited, and the RPC interface is flexibly adopted to rapidly realize the virtual private line service configuration.
Optionally, the configuration information of the virtual private line service includes a port mode of an a-end node of the virtual private line, a physical port number on the a-end node of the virtual private line for connecting a client and a speed-limiting bandwidth of the virtual private line service, and the issuing a configuration command to an SDN switch corresponding to the a-end node to complete the configuration of the virtual private line service includes:
taking an unoccupied VLAN value on the SDN switch corresponding to the A end node as an SVLAN of the SDN switch corresponding to the A end node;
establishing mapping from an SVLAN (secure virtual LAN) of the SDN switch corresponding to the A end node to a CVLAN, wherein the CVLAN is a port mode of the A end node of a virtual private line;
allowing the SDN switch SVLAN corresponding to the A-end node to pass through a designated physical port of the SDN switch corresponding to the A-end node, wherein the designated physical port is a physical port number used for connecting a client on the A-end node of a virtual private line;
taking unoccupied VNI values in the SDN switch backbone network as service VNIs, and establishing mapping from the SDN switch SVLAN corresponding to the A-end node to the service VNIs;
newly creating a first service ACL, and according to the service VNI, incorporating the traffic conforming to the first service ACL into a preset first class-map set;
And moving the first class-map set into a preset first policy-map set, and designating a speed limit bandwidth for the first class-map set in the first policy-map set to complete virtual private line service configuration, wherein the speed limit bandwidth is the speed limit bandwidth of the virtual private line service.
By adopting the above technical solution, the value of the VLAN which is not occupied is selected from the SDN switch (device) corresponding to the a-end node as the SVLAN (i.e. the VLAN of the device), because each VLAN value is unique. And then, the CVLAN (VLAN at the user end) under the port mode (TRUNK mode or ACCESS mode) of the A end node of the virtual private line is acquired, and a mapping relation is established between the SVLAN and the CVLAN so as to avoid the repetition of the CVLAN. And the physical port corresponding to the physical port number of the user connection client on the a-end node allows the SVLAN to pass through. Then selecting unoccupied VNI value in SDN switch backbone network as service VNI, and establishing mapping relation between SVLAN and service VNI. Thus, when the VNI of the user end traffic is a service VNI, the service is allowed to pass through the SDN switch corresponding to the a-end node, that is, the newly-built first service ACL. Traffic meeting the first traffic ACL is included in a first class-map set (white list set) to classify different data flows (traffic). And finally, the rule setting is carried out on the classified data streams by the first policy-map set, and the bandwidth speed limiting processing is carried out on the data streams in the first class-map set mainly according to the speed limiting bandwidth customized by the user in the virtual private line service configuration information, so that the virtual private line service configuration of the SDN switch corresponding to the A end node is completed.
Optionally, the creating the first service ACL includes, according to the service VNI, including:
creating a first service ACL, and determining the service VNI as a passing threshold of the first service ACL;
and determining the traffic of which the VNI is the passing threshold as the traffic conforming to the first service ACL, and incorporating the traffic into a preset first class-map set.
By adopting the above technical solution, if the VNI of the passing traffic reaches the passing preset, which indicates that the traffic is traffic conforming to the first service ACL, the traffic is allowed to pass through the SDN switch device. Meanwhile, the traffic conforming to the first service ACL is incorporated into the first class-map set to carry out packet classification, so that the subsequent processing strategy that the first class-map set specifies the speed-limiting bandwidth for the traffic in the first class-map set is facilitated.
Optionally, the virtual private line service configuration information includes a management IP address of a Z end node of a virtual private line, and the issuing, according to the virtual private line service configuration information, a configuration command to an SDN switch corresponding to the Z end node of the virtual private line to complete virtual private line service configuration includes:
Extracting a management IP address of the Z-end node in the virtual private line service configuration information through an SDN controller;
and according to the management IP address of the Z-end node, issuing a configuration command to the SDN switch corresponding to the Z-end node through the RPC interface opened by the Z-end node to complete virtual private line service configuration.
By adopting the technical scheme, after the virtual private line service configuration information is obtained, an SDN controller preset in a server acquires the virtual private line service configuration information, then a management IP address of a Z-end node is extracted from the virtual private line service configuration information, the SDN controller establishes remote connection with an SDN switch corresponding to the Z-end node through the management IP address so as to manage the corresponding SDN switch, and finally, related commands of virtual private line service configuration are issued to the SDN switch through an RPC interface of the SDN switch corresponding to the Z-end node so as to complete virtual private line service configuration of the Z-end. Therefore, the protocol type of the south interface is not required to be limited, and the RPC interface is flexibly adopted to rapidly realize the virtual private line service configuration.
Optionally, the configuration information of the virtual private line service includes a port mode of a Z end node of the virtual private line, a physical port number on the Z end node of the virtual private line for connecting a client and a speed-limiting bandwidth of the virtual private line service, and the issuing a configuration command to an SDN switch corresponding to the Z end node to complete the configuration of the virtual private line service includes:
Taking an unoccupied VLAN value on the SDN switch corresponding to the Z-end node as an SVLAN of the SDN switch corresponding to the Z-end node;
establishing mapping from an SVLAN (secure virtual LAN) of the SDN switch corresponding to the Z-end node to a CVLAN, wherein the CVLAN is a port mode of the Z-end node of a virtual private line;
allowing the SDN switch SVLAN corresponding to the A end node to pass through a designated physical port of the SDN switch corresponding to the Z end node, wherein the designated physical port is a physical port number used for connecting a client on the Z end node of a virtual private line;
taking unoccupied VNI values in the SDN switch backbone network as service VNIs, and establishing mapping from the SVLAN of the SDN switch corresponding to the Z-end node to the service VNIs;
newly creating a second service ACL, and according to the service VNI, incorporating the flow conforming to the second service ACL into a preset second class-map set;
and moving the second class-map set into a preset second class-map set, and designating a speed limit bandwidth for the second class-map set in the second class-map set to complete virtual private line service configuration, wherein the speed limit bandwidth is the speed limit bandwidth of the virtual private line service.
By adopting the technical scheme, the value of the VLAN which is not occupied is selected from the SDN switch (equipment) corresponding to the Z-end node to be used as the SVLAN (namely the VLAN of the equipment). And then, the CVLAN (VLAN at the user end) under the port mode (TRUNK mode or ACCESS mode) of the A end node of the virtual private line is acquired, and a mapping relation is established between the SVLAN and the CVLAN so as to avoid the repetition of the CVLAN. And the physical port corresponding to the physical port number of the user connection client on the Z-port node allows the SVLAN to pass through. Then selecting unoccupied VNI value in SDN switch backbone network as service VNI, and establishing mapping relation between SVLAN and service VNI. Thus, when the VNI of the user side traffic is the service VNI, the SDN switch corresponding to the Z side node is allowed to pass, i.e. the second service ACL is met. Traffic meeting the second traffic ACL is included in a second class-map set (white list set) to classify different data flows (traffic). And finally, the second policy-map set is used for setting rules of the classified data flows, and the data flows in the second class-map set are subjected to bandwidth speed limiting processing mainly according to the speed limiting bandwidth customized by the user in the virtual private line service configuration information, so that the virtual private line service configuration of the SDN switch corresponding to the Z-end node is completed.
Optionally, before the backbone network of the SDN-based switch obtains the user-defined virtual private line service configuration information, the method further includes:
based on an external border gateway protocol, each SDN switch in the SDN switch backbone network is respectively provided with a corresponding autonomous domain;
respectively distributing management addresses for the SDN switches, and respectively configuring the management addresses at the corresponding loopback interfaces of the SDN switches to build a backbone network of the SDN switches;
by adopting the technical scheme, independent autonomous domains are respectively arranged for each switch in the SDN switch backbone network to form an autonomous domain system (i.e. independent network complex). Based on an external border gateway protocol, the routing strategy is deployed to realize the routing intercommunication of SDN switches corresponding to each autonomous domain, so that the guidance and the orientation of the cross-domain data traffic are realized. And then, distributing a corresponding management address for each SDN switch, and configuring the management address to a loopback interface of the corresponding SDN switch, so that a backbone network of the SDN switch is quickly built. The server where the SDN controller is located can be accessed into the SDN switch backbone network through the physical interfaces of all SDN switches, and can communicate with each SDN switch in the SDN switch backbone network, so that a configuration instruction can be issued to the SDN switches corresponding to the A end node and the Z end node through the SDN controller.
In a second aspect of the present application, a virtual private line service issuing device based on SDN specifically includes:
the configuration information collection module is used for acquiring user-defined virtual private line service configuration information based on the SDN switch backbone network;
the A-terminal configuration issuing module is used for issuing a configuration command to an SDN switch corresponding to an A-terminal node of the virtual private line according to the virtual private line service configuration information so as to complete virtual private line service configuration;
and the Z-end configuration issuing module is used for issuing a configuration command to an SDN switch corresponding to a Z-end node of the virtual private line according to the virtual private line service configuration information so as to complete virtual private line service configuration, so that a virtual private line service tunnel between the A-end node and the Z-end node VXLAN is established.
By adopting the technical scheme, the configuration information collection module obtains the user-defined virtual private line service configuration information, the A-end configuration issuing module issues the configuration command to the SDN switch corresponding to the A-end node of the virtual private line according to the obtained virtual private line service configuration information, and the Z-end configuration issuing module issues the configuration command to the SDN switch corresponding to the Z-end node of the virtual private line, so that the virtual private line service configuration of the SDN switch corresponding to the A-end node and the Z-end node respectively is rapidly and accurately completed, a VXLAN virtual private line service tunnel between the A-end node and the Z-end node is established, and time and labor cost are saved better.
In summary, the present application includes at least one of the following beneficial technical effects:
after the backbone network of the SDN switch is built, each SDN switch in the backbone network of the SDN switch can be communicated, and the server is accessed into the backbone network of the SDN switch, so that the server and any switch in the backbone network can communicate with each other, and the SDN switch comprises SDN switches respectively corresponding to A ends and Z ends of a virtual private line service. After the user-defined virtual private line service configuration information is obtained, based on the SDN switch backbone network, a configuration command can be accurately and rapidly issued to SDN switches respectively corresponding to the A end node and the Z end node according to the virtual private line service configuration information, so that configuration of SDN switches corresponding to the two ends of the virtual private line service is rapidly completed, and a VXLAN virtual private line service tunnel is rapidly established between the SDN switches, and compared with manual configuration issuing, time and labor cost are saved.
Drawings
Fig. 1 is a schematic flow chart of a virtual private line service issuing method based on SDN provided in an embodiment of the present application;
fig. 2 is a flow chart of another method for delivering virtual private line service based on SDN provided in an embodiment of the present application;
Fig. 3 is a schematic structural diagram of an SDN-based virtual private line service delivery device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of another virtual private line service issuing device based on SDN according to an embodiment of the present application.
Reference numerals illustrate: 11. a configuration information collection module; 12. the A end is configured with a issuing module; 13. and the Z end is provided with a issuing module.
Detailed Description
In order to make the technical solutions in the present specification better understood by those skilled in the art, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present application, but not all embodiments.
In the description of embodiments of the present application, words such as "exemplary," "such as" or "for example" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "illustrative," "such as" or "for example" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "illustratively," "such as" or "for example," etc., is intended to present related concepts in a concrete fashion.
In the description of the embodiments of the present application, the term "and/or" is merely an association relationship describing an association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a alone, B alone, and both A and B. In addition, unless otherwise indicated, the term "plurality" means two or more. For example, a plurality of systems means two or more systems, and a plurality of screen terminals means two or more screen terminals. Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating an indicated technical feature. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.
Referring to fig. 1, an embodiment of the present application discloses a flow diagram of an SDN-based virtual private line service delivery method, which may be implemented by a computer program, or may be run on an SDN-based virtual private line service delivery device based on von neumann system. The computer program can be integrated in an application or can be run as a stand-alone tool class application, and specifically comprises:
S101: based on SDN switch backbone network, obtaining user-defined virtual private line service configuration information.
Specifically, the (Software Defined Network, SDN) switch backbone network is a backbone network formed by at least two SDN switches that are in route interworking. The SDN switch is positioned on a data plane of the SDN network, the data plane is an entity for executing network data packet processing, and switching equipment of the data plane focuses on and forwards data packets at a high speed. Wherein the backbone network is a packet-switched network having a distributed mesh topology, and the information is transmitted in the form of packets through a network consisting of a plurality of paths to the same destination. The networks are connected through routers. SDN network is a software defined network, is a novel network innovation architecture proposed by the Clean-Slate subject research group of the university of Steady, and is an implementation mode of network virtualization. The core technology OpenFlow separates the control surface from the data surface of the network equipment, so that flexible control of network flow is realized, and the network becomes more intelligent.
According to the southbound protocol supported by an SDN switch, an SDN switch may be classified into a pure SDN switch (only supporting the OpenFlow protocol), a hybrid switch (supporting the OpenFlow protocol and traditional network protocols), a self-contained SDN switch, a bare switch.
The virtual private line service is a service created based on a virtual extensible local area network (Virtual Extensible LAN, VXLAN), and the virtual private line adopts an advanced SDN (software defined network) technology, uses a specific transmission path optimization and acceleration technology, and provides an end-to-end traffic acceleration service to an enterprise through the internet. In the embodiment of the application, one end to the other end in the virtual private line service is an A end node to a Z end node.
The virtual private line service configuration information comprises the speed-limiting bandwidth of the virtual private line service, wherein the unit is Kbps, namely the rate of the flow which can pass through the switch per second;
the management IP address of the A end node of the virtual private line, namely the management IP address of the SDN switch corresponding to the A end node;
the port mode of the a-end node of the virtual private line may be a certain VLAN in TRUNK mode or a certain VLAN in ACCESS mode. The TRUNK mode can allow a plurality of VLANs to pass through, can receive and send a plurality of VLAN messages and is generally used for an interface of a switch and the related switch; the ACCESS mode may allow multiple VLANs to pass through, may receive and send multiple VLAN messages, and may be used for connections between switches or between a switch and a user computer.
And the physical port number on the A-end node of the virtual private line, which is used for connecting the client, namely the physical port number on SDN switch equipment corresponding to the A-end node. A physical port is an interface on a switch that is used to connect other network devices. Specifically, the physical ports on the switch may be RJ-45 ports, serial ports, and the like.
The management IP address of the Z-end node of the virtual private line, namely the management IP address of the SDN switch corresponding to the Z-end node;
the management IP address of the Z-end node of the virtual private line, namely the management IP address of the SDN switch corresponding to the Z-end node;
and the Z-end node of the virtual private line is used for connecting the physical port number of the client, namely the physical port number on SDN switch equipment corresponding to the Z-end node. It should be noted that, the seven parameters included in the virtual private line service configuration information are all user-defined and are input to the server through the terminal device, and the terminal device may be a mobile terminal or a computer device.
In addition, it should be noted that any two SDN switches in the SDN switch backbone network may be used as SDN switches corresponding to the a-end node and the Z-end node of the virtual private line respectively. In other words, the switch devices to which the a-end node and the Z-end node respectively correspond are not fixed.
S102: and according to the virtual private line service configuration information, issuing a configuration command to the SDN switch corresponding to the A end node of the virtual private line to complete the virtual private line service configuration.
In one implementation manner, extracting, by the SDN controller, a management IP address of an a-end node in the virtual private line service configuration information;
and according to the management IP address of the A-end node, issuing a configuration command to the SDN switch corresponding to the A-end node through the RPC interface opened by the A-end node to complete the configuration of the virtual private line service.
Specifically, the SDN controller is an application program in the software defined network SDN and runs in a server at the same time, and is responsible for issuing configuration commands to SDN switches corresponding to the a-end node and the Z-end node respectively, so that execution commands of the SDN switches corresponding to the a-end node and the Z-end node respectively quickly complete virtual private line service configuration, and finally, the creation of the VXLAN virtual tunnel between the two nodes is completed.
The remote procedure call (Remote Procedure Call, RPC) interface is equivalent to an interface that calls a remote service as a local interface. An RPC is a protocol that a program can use to request services from a program on another computer in the network.
After the SDN controller stores the virtual private line service configuration information obtained by the server into a database of the server, and extracts the management IP address of the A-end node in the virtual private line service configuration information, namely the management IP address of the SDN switch corresponding to the A-end node, according to the management IP address, the SDN controller can establish connection with the SDN switch corresponding to the A-end node, and then a configuration command is issued to the SDN switch corresponding to the A-end node through an RPC interface on the SDN switch corresponding to the A-end node, so that the SDN switch corresponding to the A-end node receives the configuration command issued by the SDN controller, and executes the corresponding command to rapidly and accurately complete virtual private line service configuration of the A-end node.
S103: and according to the virtual private line service configuration information, issuing a configuration command to an SDN switch corresponding to the Z-end node of the virtual private line to complete virtual private line service configuration so as to establish a virtual private line service tunnel of the A-end node and the Z-end node VXLAN.
In one implementation manner, extracting, by the SDN controller, a management IP address of a Z-end node in the virtual private line service configuration information;
and according to the management IP address of the Z-end node, issuing a configuration command to the SDN switch corresponding to the Z-end node through an RPC interface opened by the Z-end node to complete virtual private line service configuration.
Specifically, after the SDN controller stores the virtual private line service configuration information obtained by the server into a database of the server, and extracts a management IP address of a Z end node in the virtual private line service configuration information, that is, a management IP address of an SDN switch corresponding to the Z end node, according to the management IP address, the SDN controller can establish connection with the SDN switch corresponding to the Z end node, and then, through an RPC interface on the SDN switch corresponding to the Z end node, a configuration command is issued to the SDN switch corresponding to the Z end node, so that the SDN switch corresponding to the Z end node receives the configuration command issued by the SDN controller, and executes the corresponding command, thereby quickly and accurately completing virtual private line service configuration of the Z end node, and quickly establishing a VXLAN virtual tunnel between the a end node and the Z end node.
It should be noted that, the server where the SDN controller is located may be directly connected to the SDN switch corresponding to the a-end node and/or the Z-end node through a physical interface, and the server where the SDN controller is located may also be remotely connected to the SDN switch corresponding to the a-end node and/or the Z-end node through a virtual interface. The server where the SDN controller is located, the SDN switch corresponding to the a-end node, and the SDN switch corresponding to the Z-end node may be in the same area, or may not be in the same area. For example, the three may be in Beijing at the same time. For another example, a server where an SDN controller is located may be set in beijing, an SDN switch corresponding to an a-end node may be set in the open sea, and an SDN switch corresponding to a Z-end node may be set in guangzhou.
Referring to fig. 2, another flow diagram of an SDN-based virtual private line service delivery method is disclosed in the embodiments of the present application, which may be implemented by a computer program, or may be run on an SDN-based virtual private line service delivery device based on von neumann system. The computer program can be integrated in an application or can be run as a stand-alone tool class application, and specifically comprises:
s201: based on SDN switch backbone network, obtaining user-defined virtual private line service configuration information.
In an implementation, S201 further includes, before: based on an external border gateway protocol, each SDN switch in the SDN switch backbone network is respectively provided with a corresponding autonomous domain;
and respectively distributing management addresses to the SDN switches, and respectively configuring the management addresses at the loopback interfaces of the corresponding SDN switches to build a backbone network of the SDN switches.
In particular, an external border gateway protocol (External Border Gateway Protocol, EBGP) is used to exchange routing information between different autonomous systems. An autonomous domain (Autonomous System, AS), an autonomous system, is a collection of routers that have the same routing policies and are managed by the same technology authority, so that the autonomous system can be said to work together to provide a collection of internal gateway protocols for internal routing. Setting corresponding autonomous domains for each SDN switch in the SDN switch backbone network, namely dividing autonomous domains independent of each other, wherein the overseas SDN switch and the Wuhan SDN switch exist in the SDN switch backbone network, and the autonomous domains of the overseas SDN switch are different from and independent of the autonomous domains of the Wuhan SDN switch because of different areas. But based on the external border gateway protocol, these SDN switches located in different areas can in turn implement routing interworking.
The loopback interface is a virtual interface with pure software property, the loopback interface can configure an ip address, and in order to save the ip address, the system can automatically configure a 32-bit subnet mask for the ip address of the loopback interface. In order to facilitate management of each SDN switch, a management address is designated for each SDN switch, and meanwhile, the management address is also used as a VXLAN tunnel endpoint (VXLAN tunnelend point, VTEP) address, and then the management address is configured on a loopback interface corresponding to each SDN switch. It should be noted that, the VXLAN virtual private line service tunnel is a point-to-point logical tunnel between two VTEPs, where the VTEPs are a VXLAN header, a UDP header and an IP header encapsulated by a data frame, and the encapsulated packet is transferred to a remote VTEP through the VXLAN tunnel, and the remote VTEP device decapsulates the encapsulated packet.
S202: and extracting the management IP address of the A-end node in the virtual private line service configuration information through the SDN controller.
Specifically, reference may be made to steps S101-S102, which are not described herein.
S203: and according to the management IP address of the A-end node, using the unoccupied VLAN value on the SDN switch corresponding to the A-end node as the SVLAN of the SDN switch corresponding to the A-end node through the RPC interface opened by the A-end node.
S204: and establishing a mapping from the SVLAN of the SDN switch corresponding to the A end node to the CVLAN, wherein the CVLAN is a port mode of the A end node of the virtual private line.
Specifically, chinese names (Virtual Local Area Network, VLAN) are virtual local area networks, which are a group of logical devices and users that are not limited by physical location, and may be organized according to factors such as functions, departments, and applications to communicate with each other as if they were in the same network segment. In addition, there are two attributes for the switch port, one is VLANID and the other is VLANTAG. The VLAN id is actually a VLAN value, where the VLAN value is a positive integer ranging from 2 to 4094, the VLAN that can be allocated to the user is limited, the VLAN value that is not occupied is taken as SVLAN (Service VlAN), i.e. a switch device VLAN, and the SVLAN is newly created on the SDN switch corresponding to the a-end node.
The SVLAN is used to better isolate users (clients), because in practical application, especially in metropolitan area networks, a large number of VLANs are needed to isolate clients, but the limited number of VLANs is difficult to satisfy, so that VLAN repetition of two users is easy to occur, and conflicts occur. Therefore, SVLANs are newly built on the equipment, and each CVLAN (Custom VlAN), namely, the mapping from the VlAN of the user side to the SVLANs is respectively built, so that each CVLAN has low probability of repeated collision, and each user is better isolated. The CVLAN is a VLAN of a user terminal in a TRUNK mode or an ACCESS mode.
For example, when the VlAN is mapped to the VlAN of the user a, the result of mapping is 1001, and the VlAN is mapped to the VlAN of the user a, the result of mapping is 1002, so that the VlAN of the two users cannot collide with each other, and no collision occurs in the transmission in the operator network.
S205: and allowing the SVLAN of the SDN switch corresponding to the A-end node to pass through the designated physical port of the SDN switch corresponding to the A-end node, wherein the designated physical port is a physical port number used for connecting a client on the A-end node of the virtual private line.
S206: and taking the unoccupied VNI value in the backbone network of the SDN switch as a service VNI, and establishing the mapping from the SVLAN of the SDN switch corresponding to the A-end node to the service VNI.
Specifically, the physical port is designated as a physical port (on an a-end node) corresponding to a physical port number for connecting a client in user-defined virtual private line service configuration information, and because a mapping relation is established between an SVLAN and a CSVLAN, the physical port on an SDN switch corresponding to the a-end node is allowed to pass through the SVLAN of the SDN switch corresponding to the a-end node, then VNI (VXLAN Network Identifier) values occupied by each SDN switch in a backbone network of the whole SDN switch are shaved, the value range of the VNI values is 1-16000000, unoccupied VNI values in the backbone network of the SDN switch are taken as service VNIs, and finally mapping from the SVLAN to the service VNIs established, so that the SVLAN corresponds to the service VNIs one-to-one.
S207: and newly creating a first service ACL, and incorporating the traffic conforming to the first service ACL into a preset first class-map set according to the service VNI.
In one implementation, a first service ACL is newly created, and the service VNI is determined as a passing threshold of the first service ACL;
and determining the traffic of which the VNI passes the threshold as traffic conforming to the first service ACL, and incorporating the traffic into a preset first class-map set.
Specifically, a first service ACL, i.e., an access control list ACL (Access Control List), is newly created, which is a set of one or more rules. The rule refers to a judgment statement describing the matching conditions of the message, and the conditions can be the source address, the destination address, the port number and the like of the message.
ACL is essentially a message filter, with rules being the filter element of the filter. The device performs packet matching based on these rules, and may filter out a specific packet, and allow or prevent the packet from passing through according to the processing policy of the service module to which the ACL is applied.
In colloquial terms, the ACL acts as a filter, and devices prevent and allow the ingress and egress of specific traffic by applying the ACL, and without it, any traffic is free to flow in and out, making the network vulnerable to attacks.
And a first service ACL is newly built in the SDN switch corresponding to the A end node, so that the inflow and outflow of the flow passing through the SDN switch can be controlled. The specific control mode is as follows: and determining the determined VNI value corresponding to the service VNI as a passing threshold passing through the SDN switch, wherein the VNI value corresponding to the service VNI can be 1000 bytes. When the VNI of the traffic is a passing threshold, that is, 1000 bytes, the traffic is determined to be traffic conforming to the service ACL, and the traffic is allowed to pass through the SDN switch corresponding to the a-end node. For example, if the traffic is 900 bytes, the first traffic ACL is not met and the corresponding SDN switch of the a-end node is not allowed to pass.
After determining traffic conforming to the first traffic ACL, these traffic are integrated into a first class-map set, i.e. a whitelist set. It can be understood that after the first service ACL classifies the traffic, the first class-map set associates the first service ACL to group different types of traffic (data flows). In other embodiments, by defining policy mapping, associating a first class-map set, marking different types of traffic in the first class-map set, and even setting priority to complete subsequent limitation on network data packets and protocols, thereby achieving the purpose of optimizing network transmission. class map sets are definitions of class maps that are used to classify traffic according to IP protocols and other standards, and each class map may then be associated with a policy map that is used to define how traffic is handled.
For example, the marking may take the form of:
1. giving IP priority 5 to VOIP traffic;
2. for telnet traffic, IP priority 4 is given;
3. for traffic from 172.16.1.0, IP priority 2 is given.
S208: and moving the first class-map set into a preset first policy-map set, and designating a speed-limiting bandwidth for the first class-map set in the first policy-map set to complete virtual private line service configuration, wherein the speed-limiting bandwidth is the speed-limiting bandwidth of the virtual private line service.
Specifically, the first policy-map set is a definition of policy maps that are used to handle different traffic. It may match the class map (i.e., the first class-map set) and call the first class-map set to policy rule set the traffic in the first class-map set that has classified the packet. In this embodiment of the present application, a speed limit policy is specified for the traffic of the classified packet in the first class-map set, that is, the speed limit bandwidth of the traffic passing through this SDN switch is set according to the speed limit bandwidth in the virtual private line service configuration information, and CBS and EBS are set at the same time, CBS (Committed Burst Size): burst size is committed, the capacity of the token bucket, i.e., the maximum traffic size allowed per burst. The burst size set must be greater than the maximum message length. The unit of measure is byte. EBS (Excess Burst Size) exceeds the burst size, i.e. the excess burst traffic that can pass instantaneously. When the passing traffic exceeds the speed limit bandwidth or CBS, the packet loss mode, namely the exceeded-action drop, is usually adopted.
It should be noted that the first class-map set may include a single first class-map set, or may include a plurality of different first class-map sets.
S209: and extracting the management IP address of the Z-end node in the virtual private line service configuration information through the SDN controller.
S210: and according to the management IP address of the Z-end node, using the unoccupied VLAN value on the SDN switch corresponding to the Z-end node as the SVLAN of the SDN switch corresponding to the Z-end node through an RPC interface opened by the Z-end node.
S211: and establishing a mapping from the SVLAN of the SDN switch corresponding to the Z-end node to the CVLAN, wherein the CVLAN is a port mode of the Z-end node of the virtual private line.
S212: and allowing the SVLAN of the SDN switch corresponding to the Z-end node to pass through the designated physical port of the SDN switch corresponding to the Z-end node, wherein the designated physical port is a physical port number used for connecting a client on the Z-end node of the virtual private line.
S213: and taking the unoccupied VNI value in the SDN switch backbone network as a service VNI, and establishing the mapping from the SVLAN of the SDN switch corresponding to the Z-end node to the service VNI.
S214: and newly creating a second service ACL, and incorporating the flow conforming to the second service ACL into a preset second class-map set according to the service VNI.
S215: and moving the second class-map set into a preset second class-map set, and designating a speed-limiting bandwidth for the second class-map set in the second class-map set to complete virtual private line service configuration so as to establish a virtual private line service tunnel of the A end node and the Z end node VXLAN, wherein the speed-limiting bandwidth is the speed-limiting bandwidth of the virtual private line service.
Specifically, because of the limited VLAN available to the user, the VLAN value that is not occupied therein is taken as SVLAN (Service VlAN), i.e., the switch device VLAN, and the SVLAN is newly created on the SDN switch corresponding to the Z-end node. After the SVLAN is newly built, each CVLAN (Custom VlAN), that is, mapping from the VlAN of the user side to the SVLAN, is respectively built, so that the probability of repeated collision of each CVLAN is low, and each user is better isolated. The CVLAN is a VLAN of a user in a TRUNK mode or an ACCESS mode of the Z-end node.
The physical port is designated as a physical port (on a Z-end node) corresponding to a physical port number for connecting a client in user-defined virtual private line service configuration information, and because a mapping relation between SVLANs and CSVLANs is established, the physical port for connecting the client on an SDN switch corresponding to the Z-end node can pass through the SVLANs of the SDN switch corresponding to the Z-end node, then the VNI value occupied in each SDN switch in the backbone network of the whole SDN switch is shaved, the unoccupied VNI value in the backbone network of the SDN switch is taken as a service VNI, and finally mapping from the SVLAN to the service VNI is established, so that the SVLAN and the service VNI are in one-to-one correspondence.
And newly building a second service ACL at the SDN switch corresponding to the Z-end node, and controlling the inflow and outflow of the flow passing through the SDN switch. The specific control mode is as follows: and determining the determined VNI value corresponding to the service VNI as a passing threshold passing through the SDN switch, wherein the VNI value corresponding to the service VNI can be 1000 bytes. When the VNI of the traffic is a passing threshold, that is, 1000 bytes, the traffic is determined to be the traffic conforming to the second service ACL, and the traffic is allowed to pass through the SDN switch corresponding to the Z-end node.
After determining the traffic conforming to the second service ACL, integrating the traffic into a second class-map set, newly building a second policy-map set, and setting policy rules for the traffic of classified packets in the second class-map set. In this embodiment of the present application, a speed limiting policy is specified for the flow of the classified packet in the second class-map set, that is, the speed limiting bandwidth of the flow passing through the SDN switch is set according to the speed limiting bandwidth in the virtual private line service configuration information, and CBS and EBS are set at the same time, and when the passing flow exceeds the speed limiting bandwidth or CBS, a packet loss mode, that is, an exceeded-action drop, is generally adopted. And completing virtual private line service configuration by the SDN switch corresponding to the Z end node, wherein a VXLAN virtual private line service tunnel is arranged between the A end node and the Z end node in the backbone network of the SDN switch.
It should be noted that, the detailed process of issuing the configuration command to the SDN switch corresponding to the Z end node may refer to the process of issuing the configuration command to the SDN switch corresponding to the a end node in S202-S208, which is not described herein. In addition, the second class-map set may include a single second class-map set or may include a plurality of different second class-map sets.
The implementation principle of the virtual private line service issuing method based on SDN in the embodiment of the application is as follows: after the backbone network of the SDN switch is built based on an external border gateway protocol, user-defined virtual private line service configuration information is received, the virtual private line service configuration information is stored in a database of the server through an SDN controller running in the server, and configuration commands are sequentially issued to SDN switches corresponding to an A end node and a Z end node according to the virtual private line service configuration information, so that the SDN switches corresponding to the A end node and the Z end node sequentially execute the configuration commands after receiving the configuration commands of the SDN controller, virtual private line service configuration of the SDN switch is completed, and a VXLAN virtual tunnel between the A end node and the Z end node is established, thereby saving labor and time cost.
The following are device embodiments of the present application, which may be used to perform method embodiments of the present application. For details not disclosed in the device embodiments of the present application, please refer to the method embodiments of the present application.
Fig. 3 is a schematic structural diagram of an SDN-based virtual private line service delivery device according to an embodiment of the present application. The virtual private line service issuing device applied to SDN can be realized into all or part of the device through software, hardware or a combination of the software and the hardware. The device 1 comprises a configuration information collection module 11, an A-end configuration issuing module 12 and a Z-end configuration issuing module 13.
The configuration information collection module 11 is configured to obtain user-defined virtual private line service configuration information based on an SDN switch backbone network;
the a-end configuration issuing module 12 is configured to issue a configuration command to an SDN switch corresponding to an a-end node of the virtual private line according to the virtual private line service configuration information so as to complete virtual private line service configuration;
the Z-end configuration issuing module 13 is configured to issue a configuration command to an SDN switch corresponding to a Z-end node of the virtual private line according to the virtual private line service configuration information, so as to complete virtual private line service configuration, so as to establish a virtual private line service tunnel between the a-end node and the Z-end node VXLAN.
Optionally, the a-side configuration issuing module 12 is specifically configured to:
extracting a management IP address of an A-end node in the virtual private line service configuration information through an SDN controller;
and according to the management IP address of the A-end node, issuing a configuration command to the SDN switch corresponding to the A-end node through the RPC interface opened by the A-end node to complete the configuration of the virtual private line service.
Optionally, the a-side configuration issuing module 12 is specifically further configured to:
taking an unoccupied VLAN value on the SDN switch corresponding to the A end node as an SVLAN of the SDN switch corresponding to the A end node;
establishing mapping from an SDN switch SVLAN corresponding to the A end node to a CVLAN, wherein the CVLAN is a port mode of the A end node of the virtual private line;
allowing the SVLAN of the SDN switch corresponding to the A-end node to pass through the designated physical port of the SDN switch corresponding to the A-end node, wherein the designated physical port is a physical port number used for connecting a client on the A-end node of a virtual private line;
taking unoccupied VNI values in the backbone network of the SDN switch as service VNIs, and establishing mapping from the SVLAN of the SDN switch corresponding to the A-end node to the service VNIs;
creating a first service ACL, and according to the service VNI, incorporating the traffic conforming to the first service ACL into a preset first class-map set;
And moving the first class-map set into a preset first policy-map set, and designating a speed-limiting bandwidth for the first class-map set in the first policy-map set to complete virtual private line service configuration, wherein the speed-limiting bandwidth is the speed-limiting bandwidth of the virtual private line service.
Optionally, the a-side configuration issuing module 12 is specifically further configured to:
newly creating a first service ACL, and determining the service VNI as a passing threshold of the first service ACL;
and determining the traffic of which the VNI passes the threshold as traffic conforming to the first service ACL, and incorporating the traffic into a preset first class-map set.
Optionally, the Z-end configuration issuing module 13 is specifically configured to:
extracting a management IP address of a Z-end node in the virtual private line service configuration information through an SDN controller;
and according to the management IP address of the Z-end node, issuing a configuration command to the SDN switch corresponding to the Z-end node through an RPC interface opened by the Z-end node to complete virtual private line service configuration.
Optionally, the Z-end configuration issuing module 13 is specifically further configured to:
taking an unoccupied VLAN value on an SDN switch corresponding to the Z-end node as an SVLAN of the SDN switch corresponding to the Z-end node;
establishing mapping from an SVLAN (secure virtual LAN) of an SDN switch corresponding to a Z-end node to a CVLAN, wherein the CVLAN is a port mode of the Z-end node of a virtual private line;
Allowing the SVLAN of the SDN switch corresponding to the Z-end node to pass through a designated physical port of the SDN switch corresponding to the Z-end node, wherein the designated physical port is a physical port number used for connecting a client on the Z-end node of a virtual private line;
taking unoccupied VNI values in a backbone network of the SDN switch as service VNIs, and establishing mapping from the SVLAN of the SDN switch corresponding to the Z-end node to the service VNIs;
newly creating a second service ACL, and incorporating the flow conforming to the second service ACL into a preset second class-map set according to the service VNI;
and moving the second class-map set into a preset second class-map set, and designating a speed-limiting bandwidth for the second class-map set in the second class-map set to complete virtual private line service configuration, wherein the speed-limiting bandwidth is the speed-limiting bandwidth of the virtual private line service.
Optionally, as shown in fig. 4, the apparatus 1 further includes a backbone network building module 14, specifically configured to:
based on an external border gateway protocol, each SDN switch in the SDN switch backbone network is respectively provided with a corresponding autonomous domain;
and respectively distributing management addresses to the SDN switches, and respectively configuring the management addresses at the loopback interfaces of the corresponding SDN switches to build a backbone network of the SDN switches.
It should be noted that, when executing the virtual private line service issuing method based on the SDN, the virtual private line service issuing device based on the SDN provided by the foregoing embodiment is only exemplified by the division of the foregoing functional modules, in practical application, the foregoing functional allocation may be completed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the embodiment of the present invention provides a device for delivering a virtual private line service based on SDN and an embodiment of a method for delivering a virtual private line service based on SDN, which embody detailed implementation procedures and are not described herein.
The embodiment of the application also discloses a computer readable storage medium, and the computer readable storage medium stores a computer program, wherein when the computer program is executed by a processor, the virtual private line service issuing method based on SDN of the embodiment is adopted.
The computer program may be stored in a computer readable medium, where the computer program includes computer program code, where the computer program code may be in a source code form, an object code form, an executable file form, or some middleware form, etc., and the computer readable medium includes any entity or device capable of carrying the computer program code, a recording medium, a usb disk, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory (ROM), a Random Access Memory (RAM), an electrical carrier signal, a telecommunication signal, a software distribution medium, etc., where the computer readable medium includes, but is not limited to, the above components.
The virtual private line service issuing method based on SDN of the embodiment is stored in the computer readable storage medium and is loaded and executed on a processor so as to facilitate the storage and application of the method.
The embodiment of the application also discloses an electronic device, wherein a computer program is stored in a computer readable storage medium, and when the computer program is loaded and executed by a processor, the virtual private line service issuing method based on SDN is adopted.
The electronic device may be an electronic device such as a desktop computer, a notebook computer, or a cloud server, and the electronic device includes, but is not limited to, a processor and a memory, for example, the electronic device may further include an input/output device, a network access device, a bus, and the like.
The processor may be a Central Processing Unit (CPU), or of course, according to actual use, other general purpose processors, digital Signal Processors (DSP), application Specific Integrated Circuits (ASIC), ready-made programmable gate arrays (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc., and the general purpose processor may be a microprocessor or any conventional processor, etc., which is not limited in this application.
The memory may be an internal storage unit of the electronic device, for example, a hard disk or a memory of the electronic device, or may be an external storage device of the electronic device, for example, a plug-in hard disk, a Smart Memory Card (SMC), a secure digital card (SD), or a flash memory card (FC) provided on the electronic device, or the like, and may be a combination of the internal storage unit of the electronic device and the external storage device, where the memory is used to store a computer program and other programs and data required by the electronic device, and the memory may be used to temporarily store data that has been output or is to be output, which is not limited in this application.
The virtual private line service issuing method based on SDN in the embodiment is stored in a memory of the electronic device and is loaded and executed on a processor of the electronic device, so that the virtual private line service issuing method based on SDN is convenient to use.
The foregoing is merely exemplary embodiments of the present disclosure and is not intended to limit the scope of the present disclosure. That is, equivalent changes and modifications are contemplated by the teachings of this disclosure, which fall within the scope of the present disclosure. Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a scope and spirit of the disclosure being indicated by the claims.

Claims (7)

1. The utility model provides a virtual private line service issuing method based on SDN, which is characterized in that the method is applied to a server and comprises the following steps:
based on SDN switch backbone network, obtaining user-defined virtual private line service configuration information;
according to the virtual private line service configuration information, issuing a configuration command to an SDN switch corresponding to an A end node of a virtual private line to complete virtual private line service configuration, wherein the virtual private line service configuration information comprises a management IP address of the A end node of the virtual private line, and according to the virtual private line service configuration information, issuing the configuration command to the SDN switch corresponding to the A end node of the virtual private line to complete virtual private line service configuration comprises the following steps:
extracting a management IP address of the A-end node in the virtual private line service configuration information through an SDN controller;
according to the management IP address of the A-end node, a configuration command is issued to an SDN switch corresponding to the A-end node through an RPC interface opened by the A-end node so as to complete virtual private line service configuration;
the virtual private line service configuration information includes a port mode of an a-end node of a virtual private line, a physical port number on the a-end node of the virtual private line for connecting a client and a speed-limiting bandwidth of the virtual private line service, and the issuing of a configuration command to an SDN switch corresponding to the a-end node to complete virtual private line service configuration includes:
Taking an unoccupied VLAN value on the SDN switch corresponding to the A end node as an SVLAN of the SDN switch corresponding to the A end node;
establishing mapping from an SVLAN (secure virtual LAN) of the SDN switch corresponding to the A end node to a CVLAN, wherein the CVLAN is a port mode of the A end node of a virtual private line;
allowing the SDN switch SVLAN corresponding to the A-end node to pass through a designated physical port of the SDN switch corresponding to the A-end node, wherein the designated physical port is a physical port number used for connecting a client on the A-end node of a virtual private line;
taking unoccupied VNI values in the SDN switch backbone network as service VNIs, and establishing mapping from the SDN switch SVLAN corresponding to the A-end node to the service VNIs;
newly creating a first service ACL, according to the service VNI, including the traffic conforming to the first service ACL into a preset first class-map set, and according to the service VNI, including:
creating a first service ACL, and determining the service VNI as a passing threshold of the first service ACL;
determining the flow with the VNI as the passing threshold as the flow conforming to the first service ACL, and incorporating the flow into a preset first class-map set;
The first class-map set is moved to a preset first poll-map set, speed limit bandwidth is appointed for the first class-map set in the first poll-map set to complete virtual private line service configuration, and the speed limit bandwidth is the speed limit bandwidth of the virtual private line service;
and according to the virtual private line service configuration information, issuing a configuration command to an SDN switch corresponding to a Z-end node of a virtual private line to complete virtual private line service configuration so as to establish a virtual private line service tunnel between the A-end node and the Z-end node VXLAN.
2. The SDN-based virtual private line service delivery method of claim 1, wherein the virtual private line service configuration information includes a management IP address of a Z end node of a virtual private line, and the delivering a configuration command to an SDN switch corresponding to the Z end node of the virtual private line according to the virtual private line service configuration information to complete the virtual private line service configuration includes:
extracting a management IP address of the Z-end node in the virtual private line service configuration information through an SDN controller;
and according to the management IP address of the Z-end node, issuing a configuration command to the SDN switch corresponding to the Z-end node through the RPC interface opened by the Z-end node to complete virtual private line service configuration.
3. The SDN-based virtual private line service issuing method of claim 2, wherein the virtual private line service configuration information includes a port mode of a Z end node of a virtual private line, a physical port number on the Z end node of the virtual private line for connecting a client, and a speed limit bandwidth of the virtual private line service, and the issuing a configuration command to an SDN switch corresponding to the Z end node to complete virtual private line service configuration includes:
taking an unoccupied VLAN value on the SDN switch corresponding to the Z-end node as an SVLAN of the SDN switch corresponding to the Z-end node;
establishing mapping from an SVLAN (secure virtual LAN) of the SDN switch corresponding to the Z-end node to a CVLAN, wherein the CVLAN is a port mode of the Z-end node of a virtual private line;
allowing the SDN switch SVLAN corresponding to the Z end node to pass through a designated physical port of the SDN switch corresponding to the Z end node, wherein the designated physical port is a physical port number used for connecting a client on the Z end node of a virtual private line;
taking unoccupied VNI values in the SDN switch backbone network as service VNIs, and establishing mapping from the SVLAN of the SDN switch corresponding to the Z-end node to the service VNIs;
newly creating a second service ACL, and according to the service VNI, incorporating the flow conforming to the second service ACL into a preset second class-map set;
And moving the second class-map set into a preset second class-map set, and designating a speed limit bandwidth for the second class-map set in the second class-map set to complete virtual private line service configuration, wherein the speed limit bandwidth is the speed limit bandwidth of the virtual private line service.
4. The method for delivering a virtual private line service based on SDN of claim 1, wherein before obtaining the user-defined virtual private line service configuration information based on the SDN switch backbone network, the method further comprises:
based on an external border gateway protocol, each SDN switch in the SDN switch backbone network is respectively provided with a corresponding autonomous domain;
and respectively distributing management addresses to the SDN switches, and respectively configuring the management addresses at the corresponding loopback interfaces of the SDN switches to build a backbone network of the SDN switches.
5. An SDN-based virtual private line service issuing device is characterized by comprising:
the configuration information collection module (11) is used for acquiring user-defined virtual private line service configuration information based on the SDN switch backbone network;
an a-end configuration issuing module (12) configured to issue a configuration command to an SDN switch corresponding to an a-end node of a virtual private line according to the virtual private line service configuration information to complete virtual private line service configuration, where the virtual private line service configuration information includes a management IP address of the a-end node of the virtual private line, and issue the configuration command to the SDN switch corresponding to the a-end node of the virtual private line according to the virtual private line service configuration information to complete virtual private line service configuration, where the issuing module includes:
Extracting a management IP address of the A-end node in the virtual private line service configuration information through an SDN controller;
according to the management IP address of the A-end node, a configuration command is issued to an SDN switch corresponding to the A-end node through an RPC interface opened by the A-end node so as to complete virtual private line service configuration;
the virtual private line service configuration information includes a port mode of an a-end node of a virtual private line, a physical port number on the a-end node of the virtual private line for connecting a client and a speed-limiting bandwidth of the virtual private line service, and the issuing of a configuration command to an SDN switch corresponding to the a-end node to complete virtual private line service configuration includes:
taking an unoccupied VLAN value on the SDN switch corresponding to the A end node as an SVLAN of the SDN switch corresponding to the A end node;
establishing mapping from an SVLAN (secure virtual LAN) of the SDN switch corresponding to the A end node to a CVLAN, wherein the CVLAN is a port mode of the A end node of a virtual private line;
allowing the SDN switch SVLAN corresponding to the A-end node to pass through a designated physical port of the SDN switch corresponding to the A-end node, wherein the designated physical port is a physical port number used for connecting a client on the A-end node of a virtual private line;
Taking unoccupied VNI values in the SDN switch backbone network as service VNIs, and establishing mapping from the SDN switch SVLAN corresponding to the A-end node to the service VNIs;
newly creating a first service ACL, according to the service VNI, including the traffic conforming to the first service ACL into a preset first class-map set, and according to the service VNI, including:
creating a first service ACL, and determining the service VNI as a passing threshold of the first service ACL;
determining the flow with the VNI as the passing threshold as the flow conforming to the first service ACL, and incorporating the flow into a preset first class-map set;
the first class-map set is moved to a preset first poll-map set, speed limit bandwidth is appointed for the first class-map set in the first poll-map set to complete virtual private line service configuration, and the speed limit bandwidth is the speed limit bandwidth of the virtual private line service;
and the Z-end configuration issuing module (13) is used for issuing a configuration command to an SDN switch corresponding to a Z-end node of the virtual private line according to the virtual private line service configuration information so as to complete virtual private line service configuration, so as to establish the virtual private line service tunnel of the A-end node and the Z-end node VXLAN.
6. A computer readable storage medium having a computer program stored therein, characterized in that the method according to any of claims 1-4 is employed when the computer program is loaded and executed by a processor.
7. An electronic device comprising a memory, a processor and a computer program stored in the memory and capable of running on the processor, characterized in that the method according to any of claims 1-4 is used when the computer program is loaded and executed by the processor.
CN202310106489.XA 2023-02-13 2023-02-13 SDN-based virtual private line service issuing method and device, medium and electronic equipment Active CN115776441B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310106489.XA CN115776441B (en) 2023-02-13 2023-02-13 SDN-based virtual private line service issuing method and device, medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310106489.XA CN115776441B (en) 2023-02-13 2023-02-13 SDN-based virtual private line service issuing method and device, medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN115776441A CN115776441A (en) 2023-03-10
CN115776441B true CN115776441B (en) 2023-04-28

Family

ID=85393656

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310106489.XA Active CN115776441B (en) 2023-02-13 2023-02-13 SDN-based virtual private line service issuing method and device, medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN115776441B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105915427A (en) * 2016-03-31 2016-08-31 华为技术有限公司 Message sending and receiving method and message sending and receiving equipment
WO2018196349A1 (en) * 2017-04-28 2018-11-01 烽火通信科技股份有限公司 Sdn-based system and method for realizing static routing tunnel
CN109039703A (en) * 2018-06-27 2018-12-18 中国科学院信息工程研究所 The method and system of business scenario network rapid build under a kind of complex network simulated environment
CN109327318A (en) * 2017-07-31 2019-02-12 杭州达乎科技有限公司 The SDN management network architecture establishes SDN management network and management method for switching network
CN112217555A (en) * 2020-08-24 2021-01-12 成都天奥集团有限公司 Formation satellite routing method based on SDN architecture and adopting SR routing protocol
WO2021120899A1 (en) * 2019-12-16 2021-06-24 中兴通讯股份有限公司 Sd-wan service orchestration method, system and device, and storage medium
CN113141266A (en) * 2020-01-17 2021-07-20 中国移动通信集团浙江有限公司 Network management system and method based on software defined network
CN113709194A (en) * 2020-05-20 2021-11-26 中国移动通信集团浙江有限公司 Cloud resource access method, device and system and computing equipment
CN114531320A (en) * 2020-11-02 2022-05-24 华为技术有限公司 Communication method, device, equipment, system and computer readable storage medium
CN115576289A (en) * 2022-10-28 2023-01-06 江苏金陵科技集团有限公司 Reconfigurable high-fidelity large-scale industrial internet simulation platform based on virtualization technology

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105915427A (en) * 2016-03-31 2016-08-31 华为技术有限公司 Message sending and receiving method and message sending and receiving equipment
WO2018196349A1 (en) * 2017-04-28 2018-11-01 烽火通信科技股份有限公司 Sdn-based system and method for realizing static routing tunnel
CN109327318A (en) * 2017-07-31 2019-02-12 杭州达乎科技有限公司 The SDN management network architecture establishes SDN management network and management method for switching network
CN109039703A (en) * 2018-06-27 2018-12-18 中国科学院信息工程研究所 The method and system of business scenario network rapid build under a kind of complex network simulated environment
WO2021120899A1 (en) * 2019-12-16 2021-06-24 中兴通讯股份有限公司 Sd-wan service orchestration method, system and device, and storage medium
CN113141266A (en) * 2020-01-17 2021-07-20 中国移动通信集团浙江有限公司 Network management system and method based on software defined network
CN113709194A (en) * 2020-05-20 2021-11-26 中国移动通信集团浙江有限公司 Cloud resource access method, device and system and computing equipment
CN112217555A (en) * 2020-08-24 2021-01-12 成都天奥集团有限公司 Formation satellite routing method based on SDN architecture and adopting SR routing protocol
CN114531320A (en) * 2020-11-02 2022-05-24 华为技术有限公司 Communication method, device, equipment, system and computer readable storage medium
CN115576289A (en) * 2022-10-28 2023-01-06 江苏金陵科技集团有限公司 Reconfigurable high-fidelity large-scale industrial internet simulation platform based on virtualization technology

Also Published As

Publication number Publication date
CN115776441A (en) 2023-03-10

Similar Documents

Publication Publication Date Title
US11563602B2 (en) Method and apparatus for providing a point-to-point connection over a network
CN106936777B (en) Cloud computing distributed network implementation method and system based on OpenFlow
US20160301603A1 (en) Integrated routing method based on software-defined network and system thereof
EP3764594A1 (en) Network device management method, apparatus and system
US11870641B2 (en) Enabling enterprise segmentation with 5G slices in a service provider network
EP2989749A1 (en) Network resource monitoring
CN107592270B (en) FlowSpec message processing method, device and system
CN106302320B (en) The method, apparatus and system authorized for the business to user
CN106789637B (en) Cross-domain service intercommunication path establishment method, controller and system
JP2017522800A (en) Active panel classification
CN108429680B (en) Route configuration method, system, medium and equipment based on virtual private cloud
CN107733795B (en) Ethernet virtual private network EVPN and public network intercommunication method and device
CN109729019B (en) Speed limiting method and device for special line service in EVPN (Ethernet virtual private network) networking
CN108289061B (en) Service chain topology system based on SDN
CN110351135B (en) Network equipment configuration method and device in multiple DCs
CN113746658A (en) Method, device and system for determining network slice topology
US20220070091A1 (en) Open fronthaul network system
KR101794719B1 (en) Method and system for ip address virtualization in sdn-based network virthalization platform
CN112671650A (en) End-to-end SR control method, system and readable storage medium under SD-WAN scene
CN115776441B (en) SDN-based virtual private line service issuing method and device, medium and electronic equipment
CN107508730B (en) SDN network-based data center interconnection method and device
EP4075739B1 (en) Service chain forwarding control methods and devices
CN115002029A (en) Traffic forwarding method, device, equipment and storage medium
CN107911313A (en) A kind of method that virtual machine port flow moves outside in private clound
CN116016034B (en) SDN-based service path scheduling method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: SDN based virtual private line service distribution method, device, medium, and electronic equipment

Effective date of registration: 20231011

Granted publication date: 20230428

Pledgee: Zhongguancun Branch of Bank of Beijing Co.,Ltd.

Pledgor: Beijing Tianchi Network Co.,Ltd.

Registration number: Y2023980060927