CN115933978A - OpenFlow flow table deep aggregation method and rapid search system - Google Patents

OpenFlow flow table deep aggregation method and rapid search system Download PDF

Info

Publication number
CN115933978A
CN115933978A CN202211554501.5A CN202211554501A CN115933978A CN 115933978 A CN115933978 A CN 115933978A CN 202211554501 A CN202211554501 A CN 202211554501A CN 115933978 A CN115933978 A CN 115933978A
Authority
CN
China
Prior art keywords
flow table
aggregation
entry
content
flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211554501.5A
Other languages
Chinese (zh)
Inventor
熊兵
袁月
胡广龙
廖卓凡
胡晋彬
何施茗
夏卓群
张锦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changsha University of Science and Technology
Original Assignee
Changsha University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changsha University of Science and Technology filed Critical Changsha University of Science and Technology
Priority to CN202211554501.5A priority Critical patent/CN115933978A/en
Publication of CN115933978A publication Critical patent/CN115933978A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention designs an OpenFlow flow table deep aggregation method, which divides an original flow table in OpenFlow into a plurality of tuples according to masks, then performs double bit merging on flow table items in each tuple, constructs content fields (containing action sets) of aggregated table items into a content table item tree according to merging bit positions, and further puts the aggregated table items into corresponding tuples according to the masks for further aggregation until the aggregation is impossible or the height of the content table item tree reaches an upper limit value. Further, the invention provides an OpenFlow flow table deep aggregation storage system. The system compresses the OpenFlow flow table by adopting the flow table deep aggregation method, and strips the content fields of all the flow table entries to construct a content table entry tree which is independently stored by adopting the SRAM, so that the TCAM can accommodate the whole flow table. Meanwhile, the system limits the height of the content table entry tree, thereby ensuring the access and search speed. In addition, the aggregation acceleration subflow table is designed to specially execute the table entry aggregation operation, so that the flow table aggregation speed is accelerated.

Description

OpenFlow flow table deep aggregation method and rapid search system
Technical Field
The invention relates to the field of flow table aggregation in a software defined network, in particular to an OpenFlow flow table deep aggregation method and a rapid search system.
Background
Software Defined Networking (SDN) is a new network architecture with data control separation and software programming, which separates the control plane and the data plane by OpenFlow technology. The control plane is responsible for central management and forwarding policy distribution, and the network devices in the data plane can only forward data packets. The SDN adopts a southbound interface for communication between data planes of the SDN, so that the flexibility, the development and the expandability of network management are improved, a new network management and control strategy can be simply and efficiently installed, and the SDN is easy to deploy. In an SDN data plane, an OpenFlow protocol is mainly used as a southbound interface protocol of the SDN data plane, the OpenFlow is a flow-based concept to match a forwarding rule, important fields of headers of network protocols of all layers are used as matching fields of flow entries, and the combination of any fields is realized through wildcards, so that fine-grained flexible management of network flows is realized. Because the TCAM memory supports three data lookup of "0, 1, and intermediate state", and all entries in the TCAM table can be accessed in parallel, and all results can be output in a single cycle, the OpenFlow switch usually uses the TCAM to store the flow table, so as to implement fast forwarding of a packet in a network.
Fig. 1 shows a lookup process of an OpenFlow flow table, which operates according to the following principle:
(1) When the OpenFlow switch receives a certain data packet p i Firstly, analyzing the packet header, extracting important fields (such as source/destination IP addresses, source/destination ports, protocol types and the like) in the header, and calculating a corresponding flow identifier fid; (2) Look up the OpenFlow flow table using the flow identifier fid,namely, all the flow table entries in the TCAM memory are matched in parallel; (3) If the flow table is searched successfully, returning the matching table entry with the highest priority, and then executing the corresponding action set. (4) If the flow table is failed to be searched, the data packet header information is encapsulated into packet-in information and sent to the SDN controller, the controller generates a new flow rule according to the global network view, sends the new flow rule to the OpenFlow switch, and adds the new flow rule to the corresponding flow table for forwarding and processing the data packets with the same flow identifier.
Packet classification is the core mechanism for implementing many network services on the internet, and Ternary Content Addressable Memory (TCAM) has become a practical standard for fast packet classification in the industry. To enable fast lookup in the flow table, openFlow switches use TCAMs to design the flow table. However, TCAM memories have high cost, limited capacity, low integration and high power consumption. When the SDN is deployed in large-scale networks such as data centers and air-space-ground integrated information networks, the number of concurrent flows in the network is large, and the number of flow entries is increased rapidly. Meanwhile, as the number of services deployed on the internet is increasing, the number of rules is also increasing rapidly. Therefore, it is difficult for TCAM to satisfy the storage requirement of the OpenFlow large-scale flow table. For the problem of shortage of flow table storage resources, the current mainstream scheme is to put TCAM and SRAM together to store the flow table entry. However, the SRAM uses an address addressing method, and can only implement wildcard search by a tuple space search method, and the search speed is significantly slower than the TCAM. In addition, the most promising method is to merge multiple similar flow entries into one flow entry by using flow table aggregation, so that the TCAM can store the whole flow table, as follows:
as shown in fig. 2, a scheme one is an aggregation method bitviewing of non-prefix multi-field table entries. The method firstly carries out an orthogonal grouping (division into minimum non-crossed partitions) on all the non-prefix table entries, then adopts the techniques of bit exchange and bit combination in a single grouping, arranges the non-prefix table entries into a prefix rule by adjusting a bit sequence, and then carries out aggregation by utilizing a prefix table entry aggregation algorithm. Finally, all flow entries are restored to the original sequence by bit recovery.
The polymerization process of scheme one is as follows: (1) Firstly, sorting the flow table items in an ascending order according to the quantity of the star contained in the matching field of the flow table items, and performing AND operation on masks of two adjacent flow table items in sequence to perform minimum non-cross partition so as to realize orthogonal grouping; (2) Changing the flow table items in a non-prefix form into a prefix form through column-to-column exchange in each group, and aggregating the flow table items with a matching field Hamming distance of 1 and the same action set into an aggregation table item by adopting a weighted one-dimensional prefix list minimization algorithm; (3) And reducing the flow table item in the prefix form into an original bit sequence through bit reduction, and finishing the aggregation process.
Scheme two as shown in fig. 3 is an efficient flow rule reduction algorithm EFRR. The method first represents the matching fields of all flow table entries in a binary tree. Then, the flow entries in the form of prefixes are compressed by using the ORTC algorithm, and the rules are compressed again by using a Modified QM (MQM) algorithm, so that the number of flow rules in the OpenFlow switch is reduced, and the performance of the SDN is improved.
The polymerization process of scheme two is as follows: (1) Firstly, constructing a binary tree according to a matching field (a destination IP address is used as the matching field) of a flow table item, wherein each continuous bit in the matching field corresponds to a link of one child node in the tree, 0 corresponds to a left child node, and 1 corresponds to a right child node; (2) reducing the binary tree using the ORTC algorithm; (3) The MQM algorithm is used to compress the stream rules, which is substantially the same as the bit merging principle in bit weaving, i.e., two stream rules with matching field hamming distance of 1 are merged, and finally a smaller-scale stream table is obtained.
However, the above-mentioned conventional methods for polymerizing flow tables have the following disadvantages:
two new technologies of bit exchange and bit merging are adopted, and a weighted one-dimensional prefix list minimization algorithm is adopted for aggregation. However, when performing entry aggregation, the method is complex in operation, high in aggregation overhead, and the aggregation speed is slowed down as the number of flow entries increases. In the large-scale OpenFlow flow table, the flow table aggregation time is long. In addition, when the flow table is updated, the table entry is difficult to update, and even the BitWewing algorithm may need to be re-executed in the packet, so that the updating overhead is very large.
According to the binary tree constructed by all the flow table entries, the flow table entries are compressed by using the ORTC algorithm, and the rules are compressed again by using the improved QM algorithm. However, although this method considers a priority level, that is, the aggregation entry is forwarded according to the action with the high priority level of the original flow entry before aggregation, this method is prone to cause forwarding semantic errors. Meanwhile, the aggregation of the method needs the consistency of the flow entry action sets, and the aggregation is only limited to the flow entries with the aggregation matching field Hamming distance of 1, so that the aggregation chance is less.
Based on the above, the invention provides an OpenFlow flow table deep aggregation method and an OpenFlow table deep aggregation storage system.
Disclosure of Invention
The invention aims to solve the technical problem of designing an OpenFlow flow table aggregation method, and then providing an OpenFlow flow table deep aggregation storage system based on the flow table aggregation method provided by the invention so as to realize the rapid searching of the flow table.
In order to solve the technical problems, the invention adopts the technical scheme that: a deep aggregation method and a rapid search system for OpenFlow flow tables mainly comprise the deep aggregation method for the OpenFlow flow tables and a deep aggregation storage system for the OpenFlow flow tables.
The OpenFlow flow table deep aggregation storage system is designed according to the following concept:
the system consists of a matching sub-stream table, an aggregation acceleration backup table and a content sub-stream table. And matching the sub-flow tables by adopting a TCAM to store the matching fields of all the entries after the OpenFlow flow tables are aggregated so as to realize the quick search of the number groups. Wherein, the matching field of each flow entry is used for identifying the flow, the mask field is used for marking the position of the wildcard in the matching field, and the index field indicates the corresponding flow entry in the aggregation accelerated backup table. And the aggregation accelerated backup table divides all flow table entries in the matched sub-flow table into a plurality of tuples according to a mask to be stored so as to quickly aggregate the entries. The content sub-flow table stores content table entry trees of all table entries after the OpenFlow flow table aggregation, corresponds to all table entries of the matching sub-flow table one to one, and usually adopts SRAM storage to realize quick access and search. Each content entry tree stores the content fields (containing the action set) of the aggregated entries to ensure correctness of the packet forwarding semantics.
The OpenFlow flow table deep aggregation method is as follows:
(1) Firstly, dividing an original OpenFlow flow table into a plurality of tuples according to masks, and further selecting a table entry aggregation sequence with a larger aggregation degree for each tuple;
(2) If the aggregation degrees of the two aggregation orders are the same, preferentially aggregating the stream table entries with the matching field Hamming distance of 1 to reduce the height of the content table entry tree, thereby reducing the searching expense of the content table entry tree;
(3) And aggregating the table entries in the tuple according to the selected sequence, and placing the aggregated table entries into the corresponding tuple according to the mask of the aggregated table entries for further aggregation until the number of layers of the content table entry tree reaches a preset threshold value.
In the merging process, the content fields (including action sets) of all the flow table entries are generated into corresponding content table entry trees for guiding the forwarding processing operation of the data packets.
For the flow table entry to be inserted, the flow table entry is added into the corresponding tuple according to the mask of the flow table entry, and then the flow table entry capable of being aggregated with the flow table entry is searched in the tuple. If the flow table entries only having the Hamming distance of 1 or 2 are found, and the height of the content table entry tree does not exceed a preset threshold, directly merging; if a flow table entry with the Hamming distance of 1 or 2 is found and the tree height of the content table entry does not exceed a preset threshold, selecting a mode with higher aggregation degree to aggregate according to a pre-judgment result, and putting the aggregated table entry into a corresponding tuple according to a mask to continue aggregation. The above operations are repeated until the height of the content entry tree reaches the threshold. For the flow table entry to be deleted, the aggregated flow table is searched first. If the matching table entry is a non-aggregation table entry, namely the content table entry tree has only one node, the matching table entry can be deleted directly. Otherwise, searching the corresponding content table entry tree according to the matching field, and deleting the leaf node corresponding to the table entry to be deleted.
The flow table aggregation process described above supports aggregating different sets of entries to improve the degree of aggregation. In order to ensure the correctness of the packet forwarding semantics, the patent adopts a binary tree structure to construct a corresponding content table item tree for each aggregation table item. In the content entry tree, non-leaf nodes record the merge bit positions at entry aggregation, while leaf nodes store the content fields (containing the action set) of the original entries. For the arriving packet, if an aggregation table entry is successfully matched, the corresponding content table entry tree is firstly positioned, and then the corresponding leaf node is found in the content table entry tree according to the matching field of the packet, and the corresponding action set is obtained, so as to realize correct packet forwarding. And if the plurality of flow table entries are successfully matched, performing packet forwarding according to the action set with high priority.
When the flow table is updated, the corresponding content entry tree needs to be updated. And for the flow table entry to be inserted, if the flow table entry is contained by the existing flow table entry, directly merging the flow table entry, and setting the action set of the flow table entry as a leaf node of the corresponding content entry tree, otherwise, trying to perform entry aggregation. If the table entry is aggregated, the content table entry trees of the aggregated table entries are merged into a new content table entry tree according to the above process during each table entry aggregation. For the flow table entry to be deleted, if the flow table entry is an aggregation entry, the corresponding content table entry tree is positioned, and then the corresponding leaf node is searched in the content table entry tree according to the matching field of the entry to be deleted. If the search is successful, deleting the leaf node, and reversely deleting all nodes without child nodes.
The OpenFlow flow table deep aggregation method and the rapid searching system provided by the invention at least have the following gain effects:
1. the invention provides a flow table deep aggregation method based on a content table entry tree, which is characterized in that an original OpenFlow flow table is divided into a plurality of tuples according to masks, then the requirement of table entry aggregation is relaxed from Hamming distance of only 1 to 2, further, table entry merging is carried out in each tuple according to an aggregation sequence selected by optimization, a content table entry tree is constructed, different flow table entries of content fields (including action sets) are aggregated, and meanwhile, the correctness of packet forwarding semantics is ensured. After each table entry aggregation, the aggregated table entries are put into corresponding tuples for further aggregation according to the masks, and meanwhile, the corresponding content table entry tree is updated until the layer number of the content table entry tree reaches an upper limit value. When the flow table is inserted or deleted, only the relevant flow table entry is updated, and the flow table updating speed is high.
2. The list item aggregation optimization strategy oriented to the double-bit merging, provided by the invention, firstly carries out aggregation according to different list item aggregation sequences, namely preferentially aggregating the list items with the Hamming distance of 1 or 2, and further selects the sequence with higher aggregation degree, namely aggregating more list items. If the aggregation degrees of the two sequences are the same, the flow table entries with matching field Hamming distance of 1 are preferentially selected for aggregation, so that the height of the content entry tree is reduced, and the searching expense of the content entry tree is reduced.
3. The OpenFlow flow table deep aggregation storage system provided by the invention compresses OpenFlow flow tables by adopting the flow table deep aggregation method, and strips content fields (containing action sets) of all flow table entries to construct a content table entry tree which is independently stored by adopting an SRAM (static random access memory), so that the TCAM can accommodate the whole flow table. Meanwhile, the system limits the height of the content table entry tree, so that the access and searching speed of the OpenFlow flow table is ensured. In addition, the aggregation acceleration sub-flow table is designed to be specially used for executing the table entry aggregation operation, so that the flow table aggregation speed is accelerated.
4. Compared with the first scheme in the prior art, the method and the device have the advantages that the defects existing in the first scheme are overcome, the situation that the Hamming distance is 2 is expanded on the basis of the flow table entry with the Hamming distance of the aggregation matching field being 1, bit sequences in the matching field of the flow table entry do not need to be exchanged, the aggregation opportunity is increased, the aggregation times are reduced, and the aggregation cost of the flow table is reduced. Meanwhile, when the flow table is updated, only the related flow table entries need to be aggregated or deleted, so that the flow table is quickly updated.
5. Compared with the second scheme in the prior art, the method and the device have the advantages that the flow table entries with different action sets are aggregated by constructing the content entry tree, the aggregated table entries can be relocated to other tuples for further aggregation according to the mask, and aggregation opportunities are increased while correct forwarding is guaranteed. Meanwhile, when the flow table is updated, namely when the flow table is inserted or deleted, only the related content table entry tree is aggregated or deleted, the content table entry tree does not need to be reconstructed, the flow table updating overhead is reduced, and the flow table is rapidly updated.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of a mainstream search process of an OpenFlow flow table;
FIG. 2 is a schematic diagram of a prior art BitWewing flow table aggregation method;
FIG. 3 is a diagram illustrating an example of an EFRR flow table compression method in the prior art;
fig. 4 is a diagram of an OpenFlow flow table deep aggregation storage architecture according to an embodiment of the present invention;
fig. 5 is a flow table entry aggregation process diagram in a flow table aggregation method provided in the implementation of the present invention;
FIG. 6 is a diagram of a binary tree structure-based tree of content entries according to an embodiment of the present invention;
fig. 7 is a schematic diagram of an OpenFlow packet forwarding flow provided in the embodiment of the present invention;
fig. 8 is a schematic diagram illustrating an OpenFlow flow table insertion flow chart according to an embodiment of the present invention;
FIG. 9 is a schematic diagram illustrating a process for constructing a content entry tree according to an embodiment of the present invention;
fig. 10 is a schematic diagram of an OpenFlow flow table deletion process according to an embodiment of the present invention;
fig. 11 is a diagram illustrating an example of a deep aggregation method for a flow table based on a content entry tree according to an embodiment of the present invention.
Detailed Description
The present invention will be further described with reference to the following examples and drawings, but the scope of the present invention is not limited thereto.
As shown in fig. 4, an embodiment of the present invention provides an OpenFlow flow table deep aggregation storage system, where a specific packet flow table lookup process is as follows:
when the OpenFlow switch receives a data packet, the matching field of the data packet is extracted first, and then the matching sub-flow table is searched. If one flow table entry is found successfully, the corresponding content table entry tree in the content sub-flow table is positioned according to the index in the flow table entry, and then corresponding forwarding processing operation is executed according to the action set (tree) of the content sub-flow table. Otherwise, the data packet information is packaged into a flow installation request and sent to the controller so as to request to send the corresponding flow rule.
As shown in fig. 5, an embodiment of the present invention provides an OpenFlow flow table deep aggregation method, where a specific aggregation process is as follows:
for a newly added flow table entry, the corresponding tuple is located according to the mask, and then the flow table entry capable of being aggregated with the tuple is searched in the tuple. If only the flow table entry with the Hamming distance of 1 or 2 is found and the height of the content table entry tree does not exceed a preset threshold value, directly merging; if a flow table entry with the Hamming distance of 1 or 2 is found and the height of the content table entry tree does not exceed a preset threshold, a mode with higher aggregation degree is selected for aggregation according to a pre-judgment result, and the aggregated table entry is placed into a corresponding tuple according to the mask to continue aggregation. The above operations are repeated until the height of the content entry tree reaches the threshold.
As shown in fig. 6, an embodiment of the present invention provides a content table entry tree based on a binary tree structure, which is specifically constructed and used as follows:
for two flow entries to be merged, if the hamming distance between matching fields is 2, a root node is created first, and a position with different bit positions between the matching fields of the two flow entries is recorded. Then, another position with different bit positions is respectively recorded into the left child node and the right child node of the root node, and simultaneously, the content table entry trees of the two to-be-merged flow table entries are respectively set as the corresponding grandchild nodes, so that a new content table entry tree is formed. In addition, if the flow table entry is contained in the aggregation table entry, the content table entry tree is set as the corresponding leaf node. If the Hamming distance between the matching fields of the two entries to be merged is 1, the newly-built root node records the positions with different bit positions, and the content entry trees of the two flow entries are respectively set as corresponding child nodes. In the flow table aggregation process, the above operations are continuously repeated until the flow table entry cannot be merged, and finally a content table entry tree of the aggregation table entry is constructed.
Referring to fig. 7-10, the above-described embodiment specifically includes the following operations:
a. OpenFlow packet forwarding operations
Figure 7 depicts an OpenFlow packet forwarding flow of the present patent. When the OpenFlow switch receives a data packet in a network, the head information of the data packet is firstly analyzed, and a flow key field is extracted. And then searching in the matching sub-flow table according to the key field, and if the searching is successful, positioning a corresponding content table entry tree in the content sub-flow table according to the index value of the matching table entry, and searching for a corresponding leaf node. If the search is successful, a correct action set is obtained, the data packet is forwarded, and content fields such as a counter and a time stamp of a corresponding entry in the content entry tree are updated. If the lookup in the matching sub-flow table fails, the data packet belongs to a new flow, and the OpenFlow switch packs the header information of the data packet into a packet-in message and sends the packet-in message to the controller to request the controller to issue a new flow rule.
b. Openflow flow table insert operation
Fig. 8 depicts an OpenFlow flow table insertion flow of the present patent. When the OpenFlow switch receives a flow-mod message with an ADD command issued by an SDN controller, flow rule information (such as a matching field, a mask, an action set and the like) is extracted at first, and a new flow entry is created to execute flow entry aggregation operation. First, the flow table entry containing the matching sub-flow table is searched. If the search is successful, the content table item tree corresponding to the flow table item is positioned, the corresponding content table item tree is obtained, the corresponding position in the content table item tree is searched, and the flow table item is inserted as the corresponding leaf node. Otherwise, positioning the corresponding tuple in the aggregation accelerated backup table according to the mask, and then searching the flow table entry which can be aggregated with the flow table entry to be aggregated. If the search is successful, executing the operation of the content table item tree construction process, generating a new flow table item, and deleting the combined flow table item in the matching sub-flow table and the aggregation accelerated backup table. If the search fails, the matching fields of the aggregation table entry are respectively stored into the matching sub-flow table and the aggregation acceleration backup table. If the searching fails, namely the aggregation fails, the matching field of the flow table entry is stored in the matching sub-flow table and the aggregation acceleration backup table, and the content field is stored in the content sub-flow table.
c. Content entry tree building operations
Fig. 9 shows a process of constructing a content entry tree. When two flow entries to be merged meet the aggregation condition, an upper limit value threshold of the number of levels of the content entry tree and the number of levels tier of the highest content entry tree corresponding to the two flow entries are obtained first (if only one action set is included, the default tree height is 1). And if the Hamming distance between the two matching fields is 1 and the tier +1 is less than the set upper limit value of the number of the tree layers of the content table entries, merging the two flow table entries. Otherwise, judging whether tier +2 is smaller than the upper limit value of the set tree layer number of the content table entries, and if so, merging the two flow table entries. The specific construction process comprises the following steps: if the Hamming distance of the matching field is 2, a root node is newly established, and the first different bit position bp1 in the matching fields of the two flow table entries is stored in the root node. Then, the second different bit position bp2 in the matching fields of the two flow table entries is used as the left child and the right child of the root node. And finally, taking the content table item tree corresponding to the two flow table items as child nodes corresponding to left and right children. Then, other entries in the tuple that may be included in the new aggregation entry are looked up. If the search is successful, the contained flow entry action set is stored into the leaf node corresponding to the aggregation entry content entry tree, and meanwhile, a new content entry tree is further generated. If the Hamming distance of the matching field is not 2, a root node is newly established, different bit positions bp in the matching fields of the two flow table entries are recorded, and content table entry trees corresponding to the two flow table entries are used as left and right child nodes of the root node.
d. OpenFlow flow table delete operation
Fig. 10 depicts an OpenFlow flow table deletion flow of the present patent. When the OpenFlow switch receives a flow-mod message with a DELETE command issued by the SDN controller, the flow rule is extracted firstly to obtain an entry to be deleted, and the entry to be deleted is searched in the main matching flow table. If the search is successful and the matched table entry is the aggregation table entry, the content table entry tree corresponding to the aggregation table entry is firstly positioned. Then, searching the content table entry tree according to the matching field of the table entry to be deleted, if the leaf node corresponding to the table entry to be deleted is successfully found, deleting the leaf node and positioning the father node of the leaf node. If the father node has child nodes, the father node needs to delete the child nodes, and meanwhile, corresponding matching table entries in the matching sub-flow table and the aggregation acceleration backup table are updated. And continuously backtracking the father node of the deleted node, and repeating the operation until the father node does not have child nodes.
If the table entry to be deleted is searched successfully in the matching sub-flow table and the matching table entry is not the aggregation table entry, deleting the corresponding content table entry in the content sub-flow table according to the index value of the table entry to be deleted, and deleting the matching table entry in the matching sub-flow table and the aggregation accelerated backup table. And if the table entry to be deleted is searched in the matched sub-flow table unsuccessfully, sending error information to the controller, and reporting the result of the deletion failure of the flow rule.
Fig. 11 shows an aggregation example of the flow table aggregation method proposed by the present invention, which includes the following specific contents:
in the figure, the large solid box on the left represents a tuple, the small solid box inside represents a flow entry, and the representation form of the flow entry is < match field → action set >. The process (1) represents an aggregation process of flow entries, that is, flow entries with hamming distance of 2 or 1 in the matching field may be aggregated into one aggregation entry. Process (2) represents the construction or composition of a content entry tree during aggregation, where the non-leaf nodes in the content entry tree are used to represent the aggregation bit positions, the leaf nodes represent the content fields (containing the action sets), and only the action sets are shown in the figure. Process (3) indicates that some entries in the tuple are included in the aggregation entry, and at this time, the included entries can be directly located to the leaf nodes of the content entry tree of the aggregation entry for further aggregation. The process (4) indicates that the aggregation table entry can be relocated through the mask, positioned in the corresponding tuple, and further aggregated.
Compared with the prior art, the invention designs an OpenFlow flow table deep aggregation method, which divides an original flow table in OpenFlow into a plurality of tuples according to masks, then performs double bit merging on flow table items in each tuple, constructs content fields (containing action sets) of aggregated table items into a content table item tree according to merging bit positions, and further puts the aggregated table items into corresponding tuples according to the masks for further aggregation until the aggregation is impossible or the height of the content table item tree reaches an upper limit value. Further, the invention provides an OpenFlow flow table deep aggregation storage system. The system adopts the flow table deep aggregation method to compress the OpenFlow flow table, and strips the content fields of all the flow table entries to construct a content table entry tree, and the content table entry tree is independently stored by adopting the SRAM, so that the TCAM can hold the whole flow table. Meanwhile, the system limits the height of the content table item tree, thereby ensuring the access and search speed. In addition, the aggregation acceleration subflow table is designed to specially perform table entry aggregation operation, so that the flow table aggregation speed is accelerated.
The foregoing shows and describes the general principles, essential features, and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are given by way of illustration of the principles of the present invention, and that various changes and modifications may be made without departing from the spirit and scope of the invention as defined by the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (7)

1. A deep aggregation method for OpenFlow flow tables is characterized in that different flow table items of a content table item tree aggregation action set are built, and correctness of packet forwarding semantics is guaranteed. Meanwhile, the table entry aggregation not only aims at the situation that the Hamming distance between the matching fields is 1, but also extends to the situation that the Hamming distance is 2, so that double bit combination is realized, and the aggregation degree is obviously improved. Considering that different table entry aggregation sequences may generate different numbers of aggregation table entries, the method first pre-determines the aggregation degree to determine the table entry aggregation sequence, i.e. preferentially aggregating flow table entries with matching field hamming distance of 1 or 2, and then performs double bit merging to further optimize the aggregation effect.
2. The OpenFlow flow table deep aggregation method according to claim 1, wherein the action set tree based on the binary tree structure is designed as follows: the non-leaf nodes record the merge bit positions when the entries are aggregated, and the leaf nodes store the content fields (containing action sets) of the original entries for determining the corresponding action sets after the data packets successfully match the aggregated entries.
3. The OpenFlow flow table deep aggregation method and the rapid lookup system according to claims 1 and 2, specifically comprising the operations of:
a. OpenFlow packet forwarding operations
And each data packet arriving at the OpenFlow switch is forwarded according to the corresponding action set in the matched flow table item by searching the corresponding flow table item in the matched flow table.
b. OpenFlow flow table insert operation
When the OpenFlow switch receives a Flow _ Mod message with an ADD command issued by the SDN controller, a Flow table entry needs to be newly established according to the message content and put into a matching sub-Flow table for aggregation, and if the aggregation is successful, a content table entry tree of a corresponding table entry in a content sub-Flow table is directly updated. If the aggregation fails, the flow table entry is put into an aggregation acceleration backup table for further aggregation, and a corresponding content entry tree (containing an action set) is constructed.
c. OpenFlow flow table delete operation
After the OpenFlow switch receives a Flow _ Mod message with a DELETE command issued by the SDN controller, the corresponding Flow table item needs to be deleted; if the entry to be deleted is an aggregated entry, the corresponding content entry tree needs to be searched according to the matching field of the entry until the leaf node corresponding to the entry to be deleted is successfully found, and finally the entry to be deleted is deleted.
4. The OpenFlow flow table deep aggregation method and the fast lookup system according to claim 3, wherein the OpenFlow packet forwarding operation specifically includes the following steps:
firstly, analyzing a header field of the matching sub-flow table, extracting a matching field of the matching sub-flow table, and searching the matching sub-flow table;
if the searching is successful, the corresponding content table entry tree in the content sub-flow table is positioned according to the index value of the matched table entry and the corresponding leaf node is searched;
if the search is successful, acquiring a correct action set, forwarding the data packet, and updating content fields such as a counter and a time stamp of a corresponding table item in the content table item tree;
if the lookup in the matching sub-flow table fails, the data packet belongs to a new flow, and the OpenFlow switch packs the header information of the data packet into a packet-in message and sends the packet-in message to the controller to request the controller to issue a new flow rule.
5. The OpenFlow flow table deep aggregation method and fast lookup system according to claim 3, wherein the OpenFlow flow table insertion operation specifically includes the following steps:
firstly, a new flow table entry is newly established according to the content of the message, and then flow table entry aggregation operation is executed;
firstly, searching a flow table item containing the matching sub-flow table, if the searching is successful, positioning a content table item tree containing the flow table item corresponding to the matching sub-flow table, acquiring the corresponding content table item tree, searching the corresponding position in the content table item tree, and inserting the flow table item serving as a corresponding leaf node;
otherwise, positioning the corresponding tuple in the aggregation accelerated backup table according to the mask, and then searching the flow table entry which can be aggregated with the flow table entry to be aggregated;
if the search is successful, executing the operation of the content table entry tree construction process to generate a new flow table entry, and deleting the combined flow table entry in the matching sub-flow table and the aggregation accelerated backup table;
if the search fails, the matching fields of the aggregation table items are respectively stored into the matching sub-flow table and the aggregation acceleration backup table;
if the searching fails, namely the aggregation fails, the matching field of the flow table entry is stored into the matching sub-flow table and the aggregation acceleration backup table, and the content field is stored into the content sub-flow table.
6. The OpenFlow flow table inserting operation according to claim 5, wherein the content entry tree constructing operation specifically includes the steps of:
firstly, acquiring an upper limit value threshold of the number of layers of a content table entry tree and the number of layers tier of the highest content table entry tree corresponding to the two flow table entries (the default tree height is 1 if only one action set is included);
if the Hamming distance between the two matching fields is 1 and the tier +1 is less than the set upper limit value of the number of the tree layers of the content table entries, merging the two flow table entries;
otherwise, judging whether tier +2 is smaller than the upper limit value of the set tree layer number of the content table entries, and if so, merging the two flow table entries;
if the Hamming distance of the matching field is 2, a root node is newly established, and the first different bit positions bp in the matching fields of the two flow table items are matched 1 Stored in it. Then, the two flow table entries are matched with the second different bit position bp in the field 2 As the left and right children of the root node. Finally, taking the content table item trees corresponding to the two flow table items as child nodes corresponding to left and right children;
then, other entries in the tuple that may be included in the new aggregation entry are looked up. If the search is successful, storing the contained flow table entry action set into a leaf node corresponding to the aggregation table entry content entry tree, and further generating a new content entry tree;
if the Hamming distance of the matching field is not 2, a root node is newly established, different bit positions bp in the matching fields of the two flow table entries are recorded, and content table entry trees corresponding to the two flow table entries are used as left and right child nodes of the root node.
7. The OpenFlow flow table deep aggregation method and the fast lookup system according to claim 3, wherein the OpenFlow flow table deletion operation specifically includes the following steps:
firstly, extracting a matching field of a flow in a flow rule, and then searching a table entry to be deleted in a main matching flow table;
if the searching is successful and the matched table entry is the aggregation table entry, firstly positioning a content table entry tree corresponding to the aggregation table entry;
then, searching a content table entry tree according to the matching field of the table entry to be deleted, if the leaf node corresponding to the table entry to be deleted is successfully found, deleting the leaf node and positioning the father node of the leaf node;
if the father node has child nodes, deleting the node, and updating corresponding matching list items in the matching sub-flow table and the aggregation accelerated backup table;
continuously backtracking and deleting the father node of the node, and repeating the operation until the father node does not have child nodes;
if the item to be deleted is searched successfully in the matching sub-stream table and the matching item is not the aggregation item, deleting the corresponding content item in the content sub-stream table according to the index value of the item to be deleted, and deleting the matching item in the matching sub-stream table and the aggregation acceleration backup table;
and if the table entry to be deleted is found in the matched sub-flow table unsuccessfully, sending error information to the controller, and reporting the result of the flow rule deletion unsuccessfully.
CN202211554501.5A 2022-12-06 2022-12-06 OpenFlow flow table deep aggregation method and rapid search system Pending CN115933978A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211554501.5A CN115933978A (en) 2022-12-06 2022-12-06 OpenFlow flow table deep aggregation method and rapid search system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211554501.5A CN115933978A (en) 2022-12-06 2022-12-06 OpenFlow flow table deep aggregation method and rapid search system

Publications (1)

Publication Number Publication Date
CN115933978A true CN115933978A (en) 2023-04-07

Family

ID=86697277

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211554501.5A Pending CN115933978A (en) 2022-12-06 2022-12-06 OpenFlow flow table deep aggregation method and rapid search system

Country Status (1)

Country Link
CN (1) CN115933978A (en)

Similar Documents

Publication Publication Date Title
Eatherton et al. Tree bitmap: hardware/software IP lookups with incremental updates
CN111966284B (en) OpenFlow large-scale flow table elastic energy-saving and efficient searching system and method
Basu et al. Fast incremental updates for pipelined forwarding engines
EP1623347B1 (en) Comparison tree data structures and lookup operations
AU2003214223B2 (en) Longest prefix matching using tree bitmap data structures
US8284787B2 (en) Dynamic tree bitmap for IP lookup and update
US7827182B1 (en) Searching for a path to identify where to move entries among hash tables with storage for multiple entries per bucket during insert operations
US8179898B2 (en) Packet processing using braided tries
JP2000115243A (en) Packet repeater and multi-cast speedup system
CN108134739B (en) Route searching method and device based on index trie
CN102484610A (en) Routing table construction method and device and routing table lookup method and device
CN102307149A (en) IP (internet protocol) lookup method and device and route updating method and device
Mishra et al. Duos-simple dual tcam architecture for routing tables with incremental update
CN113139100B (en) Network flow real-time indexing method and system
US11652744B1 (en) Multi-stage prefix matching enhancements
Le et al. Memory-efficient and scalable virtual routers using FPGA
US6970971B1 (en) Method and apparatus for mapping prefixes and values of a hierarchical space to other representations
US7558775B1 (en) Methods and apparatus for maintaining sets of ranges typically using an associative memory and for using these ranges to identify a matching range based on a query point or query range and to maintain sorted elements for use such as in providing priority queue operations
Hsieh et al. Multiprefix trie: A new data structure for designing dynamic router-tables
US7299317B1 (en) Assigning prefixes to associative memory classes based on a value of a last bit of each prefix and their use including but not limited to locating a prefix and for maintaining a Patricia tree data structure
Chang Efficient multidimensional packet classification with fast updates
CN115933978A (en) OpenFlow flow table deep aggregation method and rapid search system
CN110851658B (en) Tree index data structure, content storage pool, router and tree index method
Erdem Pipelined hierarchical architecture for high performance packet classification
CN115510287A (en) OpenFlow large-scale flow table aggregation and accelerated search method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination