KR102001487B1 - Method for controlling software defined networking and computing device performing the same - Google Patents

Abstract

The present invention relates to a software defined networking control method and a computing device for performing the same. A method for controlling software defined networking comprising a computing node and a physical switch comprising a virtual switch and a virtual machine, the method comprising: assigning at least one virtual identifier to the computing node or the virtual switch; Generating a flow rule having a first field value assigned to a destination virtual machine as a matching condition and transmitting the flow rule to the physical switch; setting a first field value of a packet transmitted to the destination virtual machine as actual first field information of the destination virtual machine And setting a first field value of the packet to a virtual identifier of a computing node including the first virtual switch or the first virtual switch And generating a flow rule including an action Sending a second virtual switch that is not connected to, the first field of the software defined network control method for a field that does not affect the packet transmission. According to the present invention, it is possible to provide a software-defined networking control method with improved scalability by increasing utilization of a virtual switch having no limitation on a flow rule storage capacity.

Description

[0001] METHOD FOR CONTROLLING SOFTWARE DEFINED NETWORKING AND COMPUTING DEVICE PERFORMING THE SAME [0002]

The present invention relates to a software defined networking control method and a computing device for performing the same, and more particularly, to a method, a controller, and a computer program for optimizing control of software defined networking in a cloud environment through software switch and physical switch layering.

Software Defined Networking (SDN) is a technology that manages all the network devices in the network by an intelligent central management system. In the SDN technology, a controller provided in a form of software can perform processing instead of a control operation related to the packet processing performed by itself in a conventional hardware type network device, so that various functions can be developed and given over the existing network structure. The SDN system generally comprises a controller server for controlling the entire network, a plurality of open flow switches controlled by the controller server for processing packets, and a host corresponding to a lower layer of the open flow switch. Here, the open flow switch is only responsible for transmitting and receiving packets, and routing, management, and control of the packets are all performed in the controller server. In other words, separating the data planes and control planes that form the network equipment is the basic structure of the SDN system.

In the software defined networking environment of FIG. 1, each of the computing nodes 1000 connected to the physical switch 100 may be configured with a virtual switch 200 and one or more virtual machines (hosts) 300. Here, a flow rule proportional to the number of virtual machines 300 existing in the system is stored in the physical switch. If the flow rule is a combination of a source IP and a destination IP, the number of flow rules will be proportional to the square of the number of virtual machines 300.

In general, the physical switch 100 uses a TCAM (Ternary Content Addressable Memory). TCAM is a type of content addressable memory (CAM) used in very high-speed searching applications such as routing table processing. It does not accept search words consisting of binary data but allows X (do not care) Thus providing high flexibility. TCAM has a very high cost compared to conventional memory, which makes it difficult to increase capacity. Therefore, the number of flow rules that can be stored in the commercialized TCAM is limited from about 900 to about 4000, which limits the number of available flow rules.

SUMMARY OF THE INVENTION It is an object of the present invention to provide a software-defined networking control method with improved scalability by increasing the utilization of a virtual switch without limitation in a flow rule storage capacity.

Another object of the present invention is to improve the trouble shooting speed and accuracy in network operation by optimizing the number of flow rules.

Another object of the present invention is to improve overall network performance by simplifying operations (link, switch, host addition and deletion) of reflecting the network topology in each flow table when the network topology is changed.

According to an aspect of the present invention, there is provided a method for controlling a software defined networking configured by a controller including a computing node including a virtual switch and a virtual machine and a physical switch, the method comprising: assigning a plurality of virtual identifiers to the computing node or the virtual switch Generating a first path tree having a first virtual identifier as a vertex and a second path tree having a second virtual identifier as a vertex different from the first path tree having a vertex as one of the plurality of virtual identifiers, Generating a corresponding first flow rule, setting a matching condition of the first flow rule using the first virtual identifier, generating a second flow rule corresponding to the second path tree, Setting a matching condition of the flow rule using the second virtual identifier, and setting the matching condition of the first flow rule and the second A flow rule transmitting step of transmitting a flow rule to the physical switch, wherein the virtual identifier is a virtual identifier assigned to a field value that does not affect packet transmission, and the first path tree and the second path tree have different paths .

The present invention also provides a controller for controlling software defined networking comprising a computing node including a virtual switch and a virtual machine and a physical switch, the controller comprising: an application unit for generating a flow rule; a processor for transmitting the flow rule to the virtual switch and the physical switch And a storage unit for storing information of the computing node and the physical switch, wherein the application unit comprises: a virtual identifier generating unit for giving a plurality of virtual identifiers to the computing node or the virtual switch; And a flow rule generation unit for setting a matching condition of a first flow rule to be transmitted to the physical switch, wherein the flow rule generation unit is configured to generate a flow rule including a first path tree having a first virtual identifier, which is one of the plurality of virtual identifiers, Apexes the second virtual identifier And generates a first flow rule corresponding to the first path tree, sets a matching condition of the first flow rule using the first virtual identifier, And sets a matching condition of the second flow rule using the second virtual identifier, and the communication unit transmits the first flow rule and the second flow rule to the physical switch Wherein the virtual identifier is a virtual identifier assigned to a field value that does not affect packet transmission, and the first path tree and the second path tree represent different paths.

According to the present invention as described above, it is possible to provide a software-defined networking control method with improved scalability by increasing utilization of a virtual switch having no limitation on a flow rule storage capacity.

In addition, the present invention can improve trouble shooting speed and accuracy in network operation by optimizing the number of flow rules.

Another object of the present invention is to improve overall network performance by simplifying operations (link, switch, host addition and deletion) of reflecting the network topology in each flow table when the network topology is changed. .

1 is a diagram for explaining a software defined networking environment of the present invention and a conventional software defined networking control method,
Figure 2 illustrates a software defined networking control method in accordance with an embodiment of the present invention;
FIG. 3 illustrates a method for providing network identifiers by assigning a plurality of identifiers according to an exemplary embodiment of the present invention.
4 is a diagram for explaining a multipath setting method according to an embodiment of the present invention;
5 is a block diagram for explaining a controller configuration according to an embodiment of the present invention;
6 is a flowchart illustrating a software defined networking control method according to an embodiment of the present invention.

The above and other objects, features, and advantages of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings, which are not intended to limit the scope of the present invention. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the drawings, the same reference numerals are used to designate the same or similar components, and all combinations described in the specification and claims can be combined in any manner. It is to be understood that, unless the context requires otherwise, references to singular forms may include more than one, and references to singular forms may also include plural forms.

The term 'flow rule' in the description of the present invention should be understood to mean a network policy applied by a controller server in a software defined network in the ordinary artisan's field. Further, the term " flow rule " can be interpreted to mean a flow entry according to the network policy for an open flow switch. Further, updating of a flow rule in this specification should be understood as a concept involving addition of a new flow rule, deletion of a previous flow rule, or modification.

The 'identification address' described in the present specification is for identifying a host, a device or a process, and includes a logical address such as an IP address as a host address in a network layer, a port address as a process address in the host, It can be understood to include the same physical address.

1 is a diagram for explaining a software defined networking environment of the present invention and a conventional software defined networking control method (hereinafter referred to as an 'SDN control method').

First, a software defined networking environment of the present invention may include a controller (not shown), a network appliance 100, a server (or computing node 1000), and the server 1000 may include one or more virtual switches (200) and one or more virtual machines (300). The virtual switch 200 and the virtual machine 300 can operate as a virtual switch or a virtual terminal using resources possessed by the high performance server 1000. [

The network device 100 includes all the network devices such as a mobile communication base station, a base station controller, a gateway device, a router, and a switch for packet processing. Hereinafter, for convenience of explanation, (100) will be mainly described.

Both the physical switch 100 and the virtual switch 200 function to process packets under the control of the controller. That is, the virtual switch 200 functions as a switch in the copper networking environment, and thus can view the virtual machine 300 connected to the virtual switch 200 as one host, respectively. In addition, each virtual machine 300 may have a unique identification address.

The physical switch 100, the virtual switch 200 and the virtual machine 300 may be referred to as a node, and a link may denote a connection between two nodes.

The controller manages the network devices 100 and 200, and centrally manages and controls the plurality of network devices 100 and 200. Specifically, the controller includes an application (software) having functions such as topology management, path management related to packet processing, link discovery, packet flow in flow management, and the like . ≪ / RTI >

In the software defined networking, the controller and the switches (100, 200) must exchange information with each other, and the widely used protocol for this is the OpenFlow protocol. That is, the open flow protocol is a standard specification for communication between the controller and the open flow switches 100 and 200.

More specifically, the switches 100 and 200 are largely divided into a software layer and a hardware layer. The software layer exchanges information with the controller 100 through a secure channel. The secure channel is a communication channel between the switches 100 and 200 and a controller located at a remote location, and information exchanged between the controller and the switches 100 and 200 is encrypted.

The hardware layer has a flow table that defines and processes packets and includes statistical information related to the packets. The flow table includes a flow rule that defines packet processing. The flow rule is generated by a flow mode message (Flow-Mode Message) generated by the controller 100 and transmitted to the switches 100 and 200 Added, modified or deleted. The switches 100 and 200 process the packet with reference to the flow table.

The flow table can largely include three pieces of information: packet header information (Rule) defining a flow, operation information (Action) defining processing of a packet, and stat information (Stats) per flow. Each row constituting the flow table is referred to as a flow entry.

A host is a terminal or the like corresponding to a lower layer of a switch, and can be used to mean a client and a server. In the software defined networking environment of this specification, although the server 1000 is a lower terminal connected to the physical switch 100, since the virtual switch 200 included in the server 1000 functions as a switch in the entire network, , The terminal corresponding to the lowest layer is the virtual machine 300. [ Therefore, in this specification, the virtual machine 300 is referred to as a host 300, and the host 300 in this specification can be understood as a concept different from the server 1000. [

The host 300 may generate a packet for sending to another host via a software defined network and transmit the packet to the physical switch 100 through a port of a network interface connected to the virtual switch 200. [

The conventional SDN control method will be described with reference to FIG.

As described above, the flow table stored in each switch 100, 200 includes a flow entry, and the flow entry includes match fields, counters, and one or more instructions applied to the matched packet Consists of. When the packet is input to the port, the switches 100 and 200 search for a flow entry matching the packet using the destination address of the packet.

For example, suppose that each switch 100, 200 receives a flow rule from a controller and has a flow table as shown in the table shown in Fig. Let's consider a case where a host 300A having an address of 10.0.0.1 transmits a packet to a host 300B having a destination address of 10.0.0.3.

According to the conventional method, a packet is transmitted to the virtual switch 200A, and a packet with a destination address of 10.0.0.3 is output to the port 1 by the flow entry of the virtual switch 200 and is transmitted to the physical switch 100B . The physical switch 100B outputs the packet to the port 1 according to the action of the flow entry matched with the packet, and the packet is transmitted to the physical switch 100A connected to the port 1 of the physical switch 100B. The physical switch 100A receiving the packet refers to the flow entry of itself and outputs the packet to the port 2 according to the action of the matched flow entry. The output packet is transmitted to the physical switch 100C and the virtual switch 100C And reaches the destination host 300B via the network 200B.

This approach limits the number of hosts 300 that can be managed as described above. Since each physical switch 100 can store only as many flow entries as can be supported by the memory, if the number of hosts 300 constituting the network exceeds 4,000, the network will not operate properly.

FIG. 2 is a diagram illustrating a software defined networking control method according to an embodiment of the present invention. According to one embodiment of the present invention, the computing node is each assigned one or more virtual identifiers.

A: a: a: a: a: a: a: b: a: a: a: a: a: A virtual physical address such as a, a: a: a: a: a: a: a: a: a: a: a: a: a: . The controller 50 can set the matching condition of the flow rule transmitted to the physical switch by using the virtual identifier.

For example, as shown in FIG. 2, a matching condition for identifying a destination physical address of a packet may be set in a match field of a flow rule transmitted to the physical switch 100A. If a VLAN tag is used as a virtual identifier, a matching condition for identifying the VLAN tag of the packet will be set. A virtual identifier is a virtual identifier assigned to a field value that does not affect packet transmission. Different values are assigned to each of the computing nodes 1000 to have unique values. If not a field identifier, a virtual identifier can be set and used. That is, a value corresponding to all the fields (MPLS, VLAN, DST_MAC) except for the destination IP address or the source IP address can be given as the virtual identifier.

The controller 50 transmits the flow rule generated using the virtual identifier to the physical switch, so that the physical switch determines the transmission path between the computing nodes 1000. In the example of FIG. 2 where a virtual identifier is assigned to the destination physical address of the computing node 1000, assume that the destination logical address is 10.0.0.3 and the source logical address is 10.0.0.1.

 The flow rule transmitted to the virtual switch (other than the virtual switch 200B) connected to the virtual machine other than the destination (the remaining virtual machines except for the virtual machine 300B) is a virtual identifier assigned to the computing node including the destination virtual machine 300B a: a: a: a: c ", which sets a: a: a: a: a: c as the destination physical address of a packet to be transmitted to the destination.

Therefore, since the destination address of the packet originated from the virtual machine 300A is 10.0.0.3, the destination physical address is changed to a: a: a: a: a: c according to the flow entry of the virtual switch 200A, 100B. Since the matching condition of the flow entry stored in the physical switch 200B is set to the destination physical address, the physical switch 200B transmits the packet whose destination physical address is a: a: a: a: a: c to the port 2 Can be output.

In this way, the packet is transmitted to the computing node 1000B whose physical address is a: a: a: a: a: c via the physical switch 100C, and is transmitted to the virtual switch 200B of the computing node 1000B The transmitted packet can identify the destination logical address of the packet by referring to the flow table stored in the virtual switch 200B. In this example, the destination logical address is 10.0.0.3. Accordingly, in accordance with the flow rule shown in FIG. 2, the virtual switch 200B transmits the virtual identifier assigned to the destination physical address field of the packet to the physical address of the destination virtual machine 300B 10.0.0.3's MAC). This is to prevent the virtual machine 300B from dropping the packet if the destination physical address of the packet is different from its physical address after the packet is received.

As described above, the flow rules transmitted to the physical switch 100 and the flow rules transmitted to the virtual switch 200 are different from each other in matching conditions and actions. Accordingly, the physical switch 100 determines the transmission path between the computing nodes, and the virtual switch determines the transmission path between the virtual machine (host 300) included in the computing node. As a result, the complexity of the SDN control is significantly lowered, and the number of flow entries stored in the physical switch 100 is proportional to the number of computing nodes, so that the limitation of the physical switch 100 having a low capacity can be overcome.

Network functionality Virtualization is creating an increasing number of virtual machines that utilize the resources of high-performance computing nodes. In the case of the virtual switch, since there is no limit on the number of storable flow rules, even if the number of virtual machines increases greatly, the management can be sufficiently performed. Therefore, according to the present invention, since the increase of virtual machines of individual computing nodes does not affect the entire network, .

Hereinafter, an embodiment in which a plurality of virtual identifiers are assigned to a computing node will be described with reference to FIG. 3 to FIG.

One or more virtual identifiers may be assigned to the computing node, and a plurality of virtual identifiers may be assigned as shown in FIG. When a plurality of identifiers are used, even a packet transmitted to the same computing node can be implemented as a multi-path by setting different paths for each identifier.

An example of setting a multi-path will be described with reference to FIG. In the example of FIG. 4, the virtual identifier of the computing node 1001 is given in the form of a physical address, and two virtual identifiers a: a: a: a: a: c and a: a: a: a: a: Respectively. When a plurality of virtual identifiers are used, one identifier may be set to correspond to one directed tree that has a computing node (or virtual switch) as a vertex.

That is, the controller can generate a first path tree having a first virtual identifier as a vertex and a second path tree having the second virtual identifier as a vertex, and the first path tree and the second path tree can generate different paths .

In generating the flow rule, the controller may generate a fourth flow rule corresponding to the first path tree, and set the matching condition of the fourth flow rule using the first virtual identifier. Further, the controller can generate a fifth flow rule corresponding to the second path tree, and can set the matching condition of the fifth flow rule using the second virtual identifier, and the generated fourth flow rule and the fifth Flow rule to the physical switch.

In the above embodiment, each switch may include a plurality of flow entries in the flow table that transmit packets to any computing node A, so that even if a plurality of packet destination hosts are identical to computing node A, May be transmitted to computing node A using a different path.

Therefore, assigning multiple identifiers with one computing node (or virtual switch) as a vertex means that multiple paths can be set. The multipath setting using the plurality of virtual identifiers of the present invention can be used for load balancing or traffic steering, and the multipath can efficiently use the link.

A more specific embodiment will be described with reference to FIG. For example, when the virtual switch 200C receives a packet A having a destination of 10.0.0.3 from the virtual machine, it can set the destination physical address of the packet to the computing node a: a: a: a: a: c . The virtual switch 200A can set the destination physical address of the packet to the computing node a: a: a: a: b: c when the packet B having the destination of 10.0.0.3 is received from the virtual machine. Here, a: a: a: a: a: c and a: a: a: a: b: c are virtual identifiers of the computing node 1000B.

The physical switch 100B receiving the packet A confirms the destination physical address in accordance with the matching condition. Since the physical address of the packet A is a: a: a: a: a: c, the packet can be output to the port 1. The physical switch 100B receiving the packet B can output the packet to the port 4 since the physical address of the packet B is a: a: a: a: b: c.

In other words, in the example of FIG. 3, the packet A is transmitted on the path corresponding to the solid line, and reaches the computing node 1000B having the physical address a: a: a: a: a: c via the physical switch 100C .

And the packet B is transmitted to the computing node 1000B along the path corresponding to the dotted line through the port 4. Since the packet A and the packet B arriving at the virtual switch 200B of the computing node 1000B both have the destination logical address of 10.0.0.3, the virtual switch 200B transfers the destination physical address of the packet A and the packet B to the destination virtual machine To the physical address of the destination virtual machine 300B, and then output the packet to the port 2 connected to the destination virtual machine 300B.

5 is a block diagram for explaining a controller 50 according to an embodiment of the present invention. 5, a controller 50 according to an embodiment of the present invention may include an application unit 53, a communication unit 55, and a storage unit 57. The application unit 53 may generate a virtual identifier A routing unit 53-1, a route setting unit 53-2, and a flow rule generating unit 53-3.

The application unit 53 is an area in which various functions performed by the controller 50 are implemented, and may include an application for performing the network topology management, the path management, and the like described above.

The virtual identifier generating unit 53-1 may assign one or more virtual identifiers to the computing node or the virtual switch. The virtual identifier generating unit 53-1 may adjust the number of virtual identifiers assigned to the computing node or the virtual switch according to the SDN control setting.

When a plurality of virtual identifiers are assigned to the computing node or the virtual switch, the path setting unit 53-2 may generate a plurality of path trees each having a virtual identifier as a vertex.

The flow rule generation unit 53-3 sets the matching condition of the first flow rule transmitted to the physical switch using the virtual identifier, and when a plurality of virtual identifiers are assigned to the computing node or the virtual switch, It is possible to generate a flow rule corresponding to each of the path trees generated in the path tree 53-2. The flow rule generation unit 53-3 uses a virtual identifier for the matching condition of the flow rule transmitted to the physical switch 100 and uses the virtual machine as the matching condition of the flow rule transmitted to the virtual switch 200. [ Can be used. In addition, the flow rule transmitted to the virtual switch 200 may include an action for changing the physical address of the packet, and the description thereof has been described above, so the description is omitted.

The communication unit 55 can communicate with the switches 100 and 200. [ The communication unit 55 transmits the flow rules corresponding to the physical switch 100 and the virtual switch 200, respectively, so that the switches transmit packets according to the flow rules. The communication unit 55 can exchange information with the switches 100 and 200 through a secure channel and the information exchanged with the switches 100 and 200 can be encrypted.

 The storage unit 57 stores various information such as a state of the controller application and information necessary for operating the application, a flow rule transmitted by the controller 50 to the switches 100 and 200, a state of the switches 100 and 200, Can be stored. In particular, the storage unit 57 may store an algorithm for generating a path tree of the path setting unit 53-2.

6, the controller assigns a virtual identifier to the computing node or virtual switch (S100), and uses the virtual identifier to determine a first flow rule to be transmitted to the physical switch (S200), and generate a second flow rule to be transmitted to the virtual switch using the same virtual machine identifier as the logical address of the virtual machine. The controller may layer the virtual switch and the physical switch by transmitting the first flow rule to the physical switch and transmitting the second flow rule to the virtual switch in step 400. [

The software defined networking control method of the controller described above may be implemented in the controller 50 via a controller application program stored in a computer readable medium for executing any of the embodiments.

Some embodiments omitted in this specification are equally applicable if their implementation subject is the same. It is to be understood that both the foregoing general description and the following detailed description of the present invention are exemplary and explanatory and are intended to be exemplary and explanatory only and are not restrictive of the invention, The present invention is not limited to the drawings.

50: Controller
100: physical switch
200: Virtual switch (software switch)
300: Virtual machine (host)
1000: Computing node (server)

Claims (5)

A method for controlling software defined networking comprising a computing node and a physical switch, the controller including a virtual switch and a virtual machine,
Assigning at least one virtual identifier to the computing node or the virtual switch;
Generating a flow rule having the first field value to which the virtual identifier is assigned as a matching condition, and transmitting the flow rule to the physical switch;
Generating a flow rule for setting a first field value of a packet to be transmitted to a destination virtual machine as actual first field information of the destination virtual machine and transmitting the flow rule to a first virtual switch connected to the destination virtual machine;
Generating a flow rule including an action of setting a first field value of the packet to a virtual identifier of the computing node including the first virtual switch or the first virtual switch, Transmitting to the switch;
Wherein the first field is a field that does not affect packet transmission.

The method according to claim 1,
Wherein when a plurality of virtual identifiers are assigned to the computing node or the virtual switch, a first path tree having a first virtual identifier, which is one of the plurality of virtual identifiers, as a vertex, and a second virtual identifier, 2 < / RTI > path tree,
Wherein the step of generating and transmitting the flow rule to the physical switch comprises:
Generating a first flow rule corresponding to the first path tree and setting a matching condition of the first flow rule using the first virtual identifier;
Generating a second flow rule corresponding to the second path tree and setting a matching condition of the second flow rule using the second virtual identifier;
And transmitting the first flow rule and the second flow rule to the physical switch,
Wherein the first path tree and the second path tree represent different paths.
The method according to claim 1,
If the virtual identifier is assigned to the physical address of the computing node,
Wherein the flow rule transmitted to the first virtual switch includes an action of setting a destination physical address field value of a packet transmitted to the destination virtual machine to an actual physical address of the destination virtual machine,
Wherein the flow rule transmitted to the second virtual switch includes an action to set the destination physical address field value of the packet to the virtual identifier.
1. A controller for controlling software defined networking comprising a computing node and a physical switch comprising a virtual switch and a virtual machine,
An application unit for generating a flow rule;
Sending a first flow rule to the physical switch, sending a third flow rule to a first virtual switch connected to the destination virtual machine, sending a fourth flow rule to a second virtual switch not connected to the destination virtual machine, To the communication unit;
And a storage unit for storing information of the computing node and the physical switch,
The application unit
A virtual identifier generating unit for assigning one or more virtual identifiers to the computing node or the virtual switch;
And a flow rule generation unit for generating a flow rule using the virtual identifier,
The flow rule generation unit
When the virtual identifier generating unit assigns a plurality of virtual identifiers to the computing node or the virtual switch,
Generating a first path tree having a first virtual identifier as a vertex and a second path tree having a second virtual identifier as a vertex among the plurality of virtual identifiers,
Generating the first and second flow rules respectively corresponding to the first and second path trees,
The matching conditions of the first and second flow rules are set using the first and second virtual identifiers, respectively,
Generating a third flow rule for setting a first field value of a packet transmitted to a destination virtual machine to actual first field information of the destination virtual machine,
Generating a fourth flow rule including an action of setting a first field value of the packet to a virtual identifier of the computing node including the first virtual switch or the first virtual switch,
Wherein the first field is a field that does not affect packet transmission, and wherein the first path tree and the second path tree represent different paths.
13. A controller application program stored in a computer-readable medium for executing any one of the methods of claims 1 to 3 in combination with hardware.

Images