KR20140050460A - Method and apparatus for controling traffic using open flow switches and controller - Google Patents
Method and apparatus for controling traffic using open flow switches and controller Download PDFInfo
- Publication number
- KR20140050460A KR20140050460A KR1020120116907A KR20120116907A KR20140050460A KR 20140050460 A KR20140050460 A KR 20140050460A KR 1020120116907 A KR1020120116907 A KR 1020120116907A KR 20120116907 A KR20120116907 A KR 20120116907A KR 20140050460 A KR20140050460 A KR 20140050460A
- Authority
- KR
- South Korea
- Prior art keywords
- data
- transmission path
- network
- path
- traffic
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/38—Flow based routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/29—Flow control; Congestion control using a combination of thresholds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present specification discloses a network controller. The apparatus includes a delivery path request receiver for receiving a delivery path request for data entered into a network; A transmission path determining unit which determines a transmission path of the data according to the characteristic of the incoming data; And a forwarding path provider configured to forward the determined forwarding path to a switch in the network.
Description
The present disclosure relates to an open flow based network controller device, and more particularly, to a method and apparatus for dynamically determining a delivery path of a flow based on a flow characteristic based on an open flow technology.
Network technology has become part of the critical infrastructure for business, home and school. But from the developer's or researcher's perspective, this success has been a barrier to innovation in network technology.
In order to introduce new services in the current network infrastructure, there have been difficulties in network innovation, such as having to replace or upgrade different hardware individually and undergo a compatibility test. In addition, it is very difficult for a network user or a researcher to develop and apply a new network protocol because different equipment companies operate or operate the equipment differently. To overcome this problem, a switch or router technology with an open interface has been studied. However, the network technologies that provide these open interfaces have been difficult to commercialize because of the high cost for performance. Therefore, open flow technology has emerged to provide an open standard interface to users or developers while overcoming high cost problems.
OpenFlow technology separates the packet forwarding and control functions of a network switch (or router) and provides a protocol for communication between these two functions. This enabled software driven by an external controller (server) to determine packet paths within the switch regardless of the equipment vendor. This separation of packet forwarding and control zones enables more precise traffic management than ACLs or routing protocols used in existing network devices. Therefore, open flow technology has emerged as a future Internet technology that can develop new networking technology by changing existing closed networking technology into open networking technology.
On the other hand, there is a need for using such an open flow technology in a mobile communication network where data traffic of users is increasing day by day, and in particular, a method of transferring data traffic between nodes of a network is required to reflect the characteristics of the data flow.
The present specification proposes a method and apparatus for dynamically determining a delivery path of data (or flow) based on data (or flow) characteristics based on open flow technology. More specifically, the data (or flow) is classified according to the type of application and service, and the harmfulness or harmlessness of the data (or flow), the characteristics of the flow sender and receiver (e.g., age group, gender, usage plan, current status, etc.) A method and apparatus for dynamically determining a delivery path of data (or flow) according to a 'data (or flow) property' such as a property or a service provider) are proposed.
According to one embodiment of the present specification, a network controller is disclosed. The apparatus includes a delivery path request receiver for receiving a delivery path request for data entered into a network; A transmission path determining unit which determines a transmission path of the data according to the characteristic of the incoming data; And a forwarding path provider configured to forward the determined forwarding path to a switch in the network.
The transmission path determining unit may determine the transmission path via the packet inspection apparatus as the transmission path of the data when the transmission path according to the characteristics of the data is not specified in advance.
The transmission path determining unit may determine the transmission path via the intrusion detection device as the transmission path of the data when the inflow amount of the data is greater than or equal to a preset reference.
The delivery path determiner may analyze the incoming data to determine a customer type and a service type of the data, and determine a delivery path of the data to correspond to the customer type and service type.
The delivery path determining unit analyzes the incoming data to determine a user of the data and a type of plan subscribed to by the user, and when the amount of traffic used by the user exceeds a preset traffic allowance according to the plan type, The delivery path via the regulator can be determined as the delivery path of the data.
According to another embodiment of the present disclosure, a network control method is disclosed. The method includes receiving a delivery path request for data entered into the network; Determining a delivery path of the data according to the characteristics of the incoming data; And forwarding the determined forwarding path to a switch in the network.
The determining of the transmission path may include determining the transmission path via the packet inspection apparatus as the transmission path of the data when the transmission path according to the characteristics of the data is not specified in advance.
The determining of the transmission path may include determining a transmission path via the intrusion detection apparatus as the transmission path of the data when the amount of data inflow is greater than or equal to a preset reference.
The determining of the delivery path may include analyzing the incoming data to determine a user of the data and a type of plan subscribed to by the user, and the amount of traffic used by the user exceeds a traffic allowance set according to the type of plan. In one case, it may be a step of determining the transmission path through the traffic conditioner as the transmission path of the data.
Embodiments of the present disclosure have the effect of analyzing the characteristics of data (or flow) flowing into the network and dynamically controlling the data transmission path and processing method accordingly. In particular, there is an effect that can perform dynamic data (or flow) control reflecting the characteristics of the user and / or service.
1 is a diagram illustrating an example of an openflow network to which an embodiment of the present specification can be applied.
2 is a view showing a data transmission control method according to an embodiment of the present specification.
3 is a block diagram of a network controller according to an embodiment of the present specification.
It is noted that the technical terms used herein are used only to describe specific embodiments and are not intended to limit the invention. It is also to be understood that the technical terms used herein are to be interpreted in a sense generally understood by a person skilled in the art to which the present invention belongs, Should not be construed to mean, or be interpreted in an excessively reduced sense. In addition, when the technical terms used herein are incorrect technical terms that do not accurately represent the spirit of the present invention, it should be replaced with technical terms that can be understood correctly by those skilled in the art. In addition, the general terms used in the present invention should be interpreted according to a predefined or prior context, and should not be construed as being excessively reduced.
Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings, wherein like reference numerals refer to like or similar elements throughout the several views, and redundant description thereof will be omitted. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. It is to be noted that the accompanying drawings are only for the purpose of facilitating understanding of the present invention, and should not be construed as limiting the scope of the present invention with reference to the accompanying drawings. The spirit of the present invention should be construed as extending to all modifications, equivalents, and alternatives in addition to the appended drawings.
1 is a diagram illustrating an example of an openflow network to which an embodiment of the present specification can be applied.
Open flow technology provides openness to easily control heterogeneous switches and routers. In a broader category, open flow technology is called SDN (Software Defined Networking) technology, which is a technology that evolves existing H / W-oriented static / closed networking technology into software-oriented software that is easy to innovate and expand. It's a networking paradigm. In summary, SDN is a concept that separates the control function from the current switch / router method in which hardware-based data delivery function and software control function are closely connected, and then centrally controls / manages the traffic forwarding operation of the network. Open flow is a technology that implements the interface between the controller server and the switch / router in SDN, and is defined by the Open Networking Foundation (ONF). ONF has created similar functional models, such as computer systems, where networking systems consist of hardware, operating systems, and applications. In other words, the network is likened to a computer system, and open flow is defined as an interface between hardware (switch) and Network OS. To create this model, ONF introduces the concept of abstraction and strives to shift the focus of networking technology from hardware to software.
The open flow network of the present specification may be configured to include the
OpenFlow is a Software Defined Networking (SDN) technology. Instead of drastically reducing the function of network configuration nodes (switches, routers, etc.), OpenFlow implements and / or controls the main functions of the network through a centralized controller. Management, and the rapid introduction of new network technologies.
The open flow switches 10a to 10e have a flow table, and each entry of the flow table describes how the open flow switch will handle a flow that meets a specific rule. do. In addition, statistics on the flow of the condition may be stored together.
Where flow is switch port, VLAN ID, sender MAC address, receiver MAC address, Ethernet type, sender IP address, receiver IP address, IP protocol type, sender port, receiver port Can be distinguished through a delimiter including the like. The network operator may define a rule that treats specific flows as the same flow or different flows using the above identifier.
In addition, the network operator may use a separate device (eg, a controller) to determine whether the flow is data of what service (or application), what type of flow is transmitted or received by a customer, is a harmful / harmful flow, or is a flow transmitted or received by a service provider. High-level context information such as acknowledgment may also be determined.
The
Examples of the flow conditions and processing instructions (Rule / Action) are shown in Table 1 below.
Referring to Table 1 above, the first condition and processing instruction is “to transfer the flow whose MAC address is directed to A to switch a”, which is a processing instruction corresponding to layer 2 switching. The second condition and processing instruction is “to flow the IP address to B to switch b”, which is a processing instruction corresponding to layer 3 routing. On the other hand, the third condition and processing instructions are "discard without processing the flow of TCP port 80 (that is, http)," which is the processing instructions corresponding to the firewall.
2 is a view showing a data transmission control method according to an embodiment of the present specification.
Conventionally, to identify and control the types of traffic flowing through a network, or to block harmful traffic such as DDoS, deep packet instection, intrusion detection system, firewall, etc. Was operated. However, if all traffic passes through this inspection system, problems such as system capacity limit and performance degradation may occur. 2 describes a method of selectively controlling only a specific flow using an open flow structure instead of inspecting all traffic.
When new data (or flow) is introduced into the network (①), the
The
Meanwhile, when the data (or flow) is data that is first introduced into the network (that is, when a transmission path according to the characteristics of the data is not specified in advance), the
In addition, the
In another embodiment, the
In addition, the
In addition, when the network load of a specific base station is severe, the
The
The switches deliver packets of the data to the destination according to the transmission path of the data (or flow). At this time, each switch collects statistics (Rules / Action) (packet number, traffic volume) can be reported to the network control device (100). At this time, when the number of packets / traffic amount for a specific data (or flow) is rapidly increased, the
When it is determined that harmful traffic is introduced as a result of the harmfulness test, the
Data (or flow) conditions and processing instructions (Rule / Action) input to the
3 is a block diagram of a network controller according to an embodiment of the present specification.
The
The
The delivery
The transmission
On the other hand, the transmission
In addition, the delivery
When the number of packets / traffic amount for the specific data is rapidly increased, the transmission
When it is determined that harmful traffic is introduced as a result of the harmfulness test, the delivery
The delivery
The
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
10a to 10e: open flow switch
100: network controller
200: packet inspection device / intrusion detection device
Claims (9)
A transmission path determining unit which determines a transmission path of the data according to the characteristic of the incoming data;
And a forwarding path providing unit configured to forward the determined forwarding path to a switch in the network.
The transmission path determining unit determines that the transmission path via the packet inspection device as the transmission path of the data when the transmission path according to the characteristics of the data is not specified in advance.
The transmission path determining unit determines that the transmission path via the intrusion detection device as the transmission path of the data when the inflow of the data is more than a predetermined reference.
The transmission path determining unit analyzes the incoming data to grasp the customer type and service type of the data, and determines the delivery path of the data to correspond to the customer type and service type.
The delivery path determining unit analyzes the incoming data to determine a user of the data and a type of plan subscribed to by the user, and when the amount of traffic used by the user exceeds a preset traffic allowance according to the plan type, And a transmission path via the control device as the transmission path of the data.
Determining a delivery path of the data according to the characteristics of the incoming data;
Delivering the determined forwarding path to a switch in the network.
The determining of the transmission path may include determining a transmission path via a packet inspection apparatus as the transmission path of the data when the transmission path according to the characteristic of the data is not specified in advance.
The determining of the transmission path may include determining a transmission path via the intrusion detection apparatus as the transmission path of the data when the amount of data inflow is greater than or equal to a preset reference.
The determining of the delivery path may include analyzing the incoming data to determine a user of the data and a type of plan subscribed to by the user, and the amount of traffic used by the user exceeds a traffic allowance set according to the type of plan. In one case, the network control method characterized in that the step of determining the transmission path via the traffic control device as the transmission path of the data.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120116907A KR102027315B1 (en) | 2012-10-19 | 2012-10-19 | Method and apparatus for controling traffic using open flow switches and controller |
KR1020190115675A KR102343418B1 (en) | 2012-10-19 | 2019-09-19 | Method and apparatus for controling traffic using open flow switches and controller |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120116907A KR102027315B1 (en) | 2012-10-19 | 2012-10-19 | Method and apparatus for controling traffic using open flow switches and controller |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020190115675A Division KR102343418B1 (en) | 2012-10-19 | 2019-09-19 | Method and apparatus for controling traffic using open flow switches and controller |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20140050460A true KR20140050460A (en) | 2014-04-29 |
KR102027315B1 KR102027315B1 (en) | 2019-10-01 |
Family
ID=50655630
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020120116907A KR102027315B1 (en) | 2012-10-19 | 2012-10-19 | Method and apparatus for controling traffic using open flow switches and controller |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR102027315B1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20160029445A (en) | 2014-09-05 | 2016-03-15 | 주식회사 케이티 | Method and system for information synchronization between the switch |
KR101661743B1 (en) * | 2015-04-07 | 2016-10-11 | 경기대학교 산학협력단 | Network system and method for defensing high volume attack traffic |
WO2016164061A1 (en) * | 2015-04-08 | 2016-10-13 | Hewlett Packard Enterprise Development Lp | Big data transfer |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20030061151A (en) * | 2002-01-11 | 2003-07-18 | 삼성전자주식회사 | method and recorded media for setting the subscriber routing using traffic information |
KR200427500Y1 (en) * | 2006-06-23 | 2006-09-27 | 주식회사 인프니스 | Network switch having an intrusion preventing system |
KR20110107108A (en) * | 2010-03-24 | 2011-09-30 | 에스케이 텔레콤주식회사 | System and method for traffic control based on tethering service |
KR101072461B1 (en) * | 2010-09-17 | 2011-10-11 | 충북대학교 산학협력단 | Data transmission system and method using switching information |
KR20120010936A (en) * | 2010-07-27 | 2012-02-06 | 아주대학교산학협력단 | Apparatus and method to control session connection in a communication system |
KR101147467B1 (en) * | 2010-04-29 | 2012-05-21 | 경기대학교 산학협력단 | Device and method for setting path |
-
2012
- 2012-10-19 KR KR1020120116907A patent/KR102027315B1/en active IP Right Grant
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20030061151A (en) * | 2002-01-11 | 2003-07-18 | 삼성전자주식회사 | method and recorded media for setting the subscriber routing using traffic information |
KR200427500Y1 (en) * | 2006-06-23 | 2006-09-27 | 주식회사 인프니스 | Network switch having an intrusion preventing system |
KR20110107108A (en) * | 2010-03-24 | 2011-09-30 | 에스케이 텔레콤주식회사 | System and method for traffic control based on tethering service |
KR101147467B1 (en) * | 2010-04-29 | 2012-05-21 | 경기대학교 산학협력단 | Device and method for setting path |
KR20120010936A (en) * | 2010-07-27 | 2012-02-06 | 아주대학교산학협력단 | Apparatus and method to control session connection in a communication system |
KR101072461B1 (en) * | 2010-09-17 | 2011-10-11 | 충북대학교 산학협력단 | Data transmission system and method using switching information |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20160029445A (en) | 2014-09-05 | 2016-03-15 | 주식회사 케이티 | Method and system for information synchronization between the switch |
KR101661743B1 (en) * | 2015-04-07 | 2016-10-11 | 경기대학교 산학협력단 | Network system and method for defensing high volume attack traffic |
WO2016164061A1 (en) * | 2015-04-08 | 2016-10-13 | Hewlett Packard Enterprise Development Lp | Big data transfer |
Also Published As
Publication number | Publication date |
---|---|
KR102027315B1 (en) | 2019-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11552841B2 (en) | Method and apparatus for configuring service | |
US9276852B2 (en) | Communication system, forwarding node, received packet process method, and program | |
US20160080263A1 (en) | Sdn-based service chaining system | |
RU2571377C2 (en) | System and method of control of services, advanced nodeb and data packet network gateway | |
US9848355B2 (en) | Centralized data plane flow control | |
WO2009146621A1 (en) | Data processing method, broadband network gateway, policy controller and access device | |
KR20170023179A (en) | Policy and charging control method and apparatus for an application service chain based on an sdn network | |
KR101460048B1 (en) | Method and apparatus for control of dynamic service chaining by using tagging | |
US10411742B2 (en) | Link aggregation configuration for a node in a software-defined network | |
US10819583B2 (en) | Network device management method and apparatus | |
KR101855742B1 (en) | Method and apparatus for destination based packet forwarding control in software defined networking | |
US20200252334A1 (en) | Methods and Apparatuses for Flexible Mobile Steering in Cellular Networks | |
US9800508B2 (en) | System and method of flow shaping to reduce impact of incast communications | |
KR102055686B1 (en) | Method and apparatus to implement virtual networks using open flow switches and controller | |
US20130275620A1 (en) | Communication system, control apparatus, communication method, and program | |
RU2616880C1 (en) | Method and device for switching interface | |
KR20150090212A (en) | Switch device, vlan setting management method and program | |
KR102027315B1 (en) | Method and apparatus for controling traffic using open flow switches and controller | |
KR101746105B1 (en) | Openflow switch capable of service chaining | |
Wang et al. | Software defined autonomic QoS model for future Internet | |
WO2012020564A1 (en) | Communication system, control device, computer, node control method, and program | |
KR101629089B1 (en) | Hybrid openFlow method for combining legacy switch protocol function and SDN function | |
KR102343418B1 (en) | Method and apparatus for controling traffic using open flow switches and controller | |
KR102029707B1 (en) | Method and apparatus to implement differential networks based on virtual network | |
WO2007031178A1 (en) | Method for load balancing in a network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
A107 | Divisional application of patent | ||
GRNT | Written decision to grant |