TW201832519A - Flow entry management system applied to SDN network based upon user grouping and method thereof prevent virtual machine from generating network delay and packet loss due to overloading through grouping distributed mechanism having load balancing - Google Patents

Abstract

The invention provides a flow entry management system applied to SDN network based upon user grouping and comprises a database, a service chain mapping module and a flow entry management module. The service chain mapping module distributes user devices to the service chain group according to the mobile service chain type and the required resources quantity. In addition, the service chain mapping module is further configured with group ID information. The database transmits group ID information corresponding to the user devices to a packet data gateway. Group ID information is labeled on the mobile service packets by providing the packet data gateway. The flow entry management module transmits user information and group ID information to the SDN controller in the SDN network. Flow entries corresponding to the user devices are generated on an OpenFlow network switch via the SDN controller. Therefore, the OpenFlow network switch processes the mobile service packets based on the flow entries items.

Description

 User group-based process item management system and method thereof for SDN network  

The invention relates to a process item management system and a method thereof applied to an SDN network, in particular to a user group-based process item management system and a method thereof applied to an SDN network.

In terms of mobile network operators, in order to implement customized mobile services, Software Defined Networking (SDN) and Network Function Virtualization (NFV) technologies are commonly used to enable mobile networks. The road operator can extract the functions that are originally required to rely on the core network equipment, extract it from the core network equipment, and display it in the form of a software SDN APP, and place it in the cloud computing center for processing.

This technology, in addition to allowing mobile network operators to upgrade without the additional computing power of core network equipment, to save the cost of equipment updates, can also dynamically increase or decrease the number of mobile service APPs and APP Servers to increase The scalability of mobile services provides consumers with more convenient and diverse customized mobile services for different network resource needs (such as high quality, high security, IoT devices or general use).

In the implementation of SDN network technology, the current mainstream is to use the OpenFlow protocol, packet routing in the OpenFlow network switch flow meter (Flow Table) technology, and an SDN controller to the Flow in the OpenFlow network switch Table for control and management.

In the SDN network environment, there are two ways to set up a Flow Table: reactive, and active.

In the case of active mode, the SDN controller generates the Flow Table according to the policy set by the administrator in advance. If the control is proper, the flow table will not be lost, and the network switch does not need to frequently ask SDN. How the controller should bypass the packet can reduce the network delay caused by the SDN controller, but the Flow that can be managed in this way will be affected by the Flow Table space provided by the network switch.

In the case of the reactive mode, the controller does not actively update the Flow Table on the switch, but waits until the network switch has a table miss, and then the network switch asks the SDN controller for the packet routing mode. Then, the SDN controller calculates and updates the Flow Table, so there is a long network delay.

In addition, in the network switch, the Ternary Content Addressable Memory (TCAM) is usually used to implement the Flow Table for fast packet forwarding, but because the TCAM is expensive and consumes a large amount of power, the network The TCAM is not used extensively on the switch. As a result, when the traffic volume is large, the limited TCAM causes the table overflow to occur easily, and when the Table Overflow occurs, it will generate additional network. delay.

When the size of the TCAM is not enough to manage all mobile users, there must be a problem of constantly updating the Flow Table. In this case, a new rule will cause network delay, and the more users, the more serious the delay will be.

In summary, in order to improve the efficiency of managing a large number of users using a limited TCAM-based Flow Table on a network switch, and preventing Routing Re-Calculation caused by Table Overflow The problem that causes delay to improve the user experience is obviously an urgent problem to be solved in the field.

In order to solve the problems disclosed above, the object of the present invention is to provide a process entry management method and system for the SDN network, so that in the SDN network, the service can be improved without adding more network switches. Many users.

To achieve the above objective, the present invention provides a user group-based process entry management method for an SDN network, which is operated on an computing device, the method comprising receiving a user information from a user device and at least one Action service type information, the type of action service type includes the type of action service required by the user device, sorting the aforementioned action service type information to generate an action service chain type, and calculating the amount of resources required to operate the aforementioned action service To generate a demand resource, assign the user device to a service chain group according to the action service chain type and the required resource amount, and configure a group ID information, and transmit the group ID information to a packet data gateway. Providing a packet data gateway to mark the group ID information on the mobile service packet, wherein the mobile service packet refers to a packet transmitted by the user device to an SDN network, and transmitting user information and group ID information to one An SDN controller in the SDN network generates a flow bar corresponding to the user device on the OpenFlow network switch via the SDN controller The flow entry causes the OpenFlow network switch to process the action service packet based on the process entry.

To achieve the above objective, the present invention provides a user-based group-based process item management system for an SDN network, which includes a database, a service chain mapping module, and a process entry management module, wherein the database For receiving and storing a user information and at least one mobile service type information from a user device, the mobile service type information includes a type of mobile service required by the user device, and transmits a group corresponding to the user device. The group ID information is sent to a packet data gateway device, and the packet data gateway device is provided with the group ID information on the mobile service packet, wherein the mobile service packet refers to a packet transmitted by the user device to an SDN network, and the service is provided. The chain mapping module is connected to the database, and the service chain mapping module is used for sorting the action service type information to generate an action service chain type and calculating the amount of resources required for computing the action service to generate A demand resource, the service chain mapping module transmits the mobile service chain type and demand resources to a data center, providing data center management actions Service API, service chain mapping module and assigning user devices to a service chain group according to the type of mobile service chain and required resources, and configuring group ID information, and the process item management module is mapped to the service chain. The module connection, the process item management module transmits the user information and the group ID information to an SDN controller in the SDN network, and generates a process entry corresponding to the user device on the OpenFlow network switch via the SDN controller (flow Entry), which causes the OpenFlow network switch to process the action service packet based on the process entry.

In summary, the method and system for managing process entries based on user grouping have the following characteristics:

1. Group balancing mechanism with load balancing prevents network delays and packet loss caused by overloading of virtual machines (VMs).

2. Adopting a user-based group-based active flow entry management policy to avoid the network delay caused by the network switch inquiring the SDN controller for the path.

3. By means of the user group management method and the packet tagging technique, the packet gateway (Pet Gateway) affixes the tag (Tag (Group ID)) to the user's packet, and the network switch can be used. Group ID is used to bypass traffic (User IP) or media access control address (MAC address), thereby increasing the number of management users and slowing down the situation of Table overflow.

4. The active Flow Entry management policy sets a routing path for the newly created/deleted group. When the user joins or leaves the group, it does not affect the group's routing path. Avoid unnecessary network delays caused by frequent user changes.

5. Effectively increase the maximum number of users supported by the system. The effect is generally N-1 times that of the user-based routing method. N is the number of user devices that can be served by a single group.

1‧‧‧Process entry management system based on user grouping

11‧‧‧Database

12‧‧‧Service Chain Mapping Module

121‧‧‧Configuration unit

122‧‧‧Organization unit

30‧‧‧SDN network

31‧‧‧SDN Controller

32‧‧‧Openflow Network Switch

4‧‧‧Data Center

123‧‧‧Delete unit

13‧‧‧Process Item Management Module

20‧‧‧Mobile Network

21‧‧‧ Packet Information Gateway

50‧‧‧User device

60‧‧‧Internet

APP1-APP5‧‧‧App

S31-S36‧‧‧Steps

FIG. 1 is a schematic diagram of an application network architecture of a process group management system based on user grouping applied to an SDN network according to the present invention.

2 is a system architecture diagram of a user-based process entry management system applied to an SDN network according to the present invention.

3 is a flow chart of a method for managing a process entry based on user grouping of the SDN network according to the present invention.

FIG. 4 is a diagram showing a test network architecture of a user-based process entry management system applied to an SDN network according to the present invention.

Figure 5 is a result of the use of a conventional SDN network routing method.

6 is a diagram showing the result of the round-trip of the user-based process entry management system applied to the SDN network using the present invention at APP=5.

FIG. 7 is a diagram showing the result of the round-off of APP=9 when the user-based process entry management system applied to the SDN network using the present invention.

The specific embodiments are described below to illustrate the embodiments of the invention, but are not intended to limit the scope of the invention.

Referring to FIG. 1, the present invention is applied to a User-Grouped Based Flow Management System (UGFM) of an SDN network 30, specifically, it runs on an computing device and participates. A mobile network 20, an SDN network 30, and a data center 4, the mobile network 20 includes a user equipment (UE) and a packet data gateway 21 (Packet Data Gateway). The SDN network 30 adopts the Openflow protocol, and the SDN network 30 includes an SDN controller 31 (Central) having centralized control and at least one Openflow network switch 32 (Switch). The user device 50 specifically refers to a mobile phone, a smart phone, a tablet computer, or other device having communication capabilities held by the user.

Referring to FIG. 2, the present invention is applied to a user group-based process item management system 1 for an SDN network, which includes a database 11 (Database), a service chain mapping module 12 (Chain mapping module), and a process. Entry management module 13 (Flow entry management module).

The data library 11 is composed of a storage device, such as a hard disk, a solid state hard disk, or a memory. The service chain mapping module 12 and the process item management module 13 can be implemented by using a software module. Groups can be implemented by ASP, C/C++/C#, JAVA, Python, PHP, Perl, etc., but the category of the programming language is not limited to this. The aforementioned software module is loaded and executed by the processor of the computing device, and the computing device is a device having computing power such as a computer, a workstation computer, or a server computer.

The database 11 receives and stores user information from the user device 50 and at least one mobile service type information, and the mobile service type information includes the type of mobile service required by the user device 50.

a service chain mapping module 12, which is coupled to a database 11 for sorting the aforementioned types of mobile service types to generate an action service chain type, and calculating the operations described above The amount of resources required by the service is used to generate a demand resource, and the user device 50 is assigned to a service chain group according to the type of the action service chain and the required resource amount, and the group ID information is configured.

The database 11 then transmits a group ID information corresponding to the user device 50 to the packet data gateway 21 in the mobile network 20 where the user device 50 is located, and provides the packet data gateway 21 to mark the group ID information. On the action service packet. The mobile service packet refers to a packet that is transmitted by the user device 50 to the SDN network 30 to request the data center 4 to provide the mobile service.

The process item management module 13 is connected to the service chain mapping module 12, and the process item management module 13 transmits user information and group ID information to the SDN controller 31 in the SDN network 30 via the SDN controller. 31 generates a flow entry corresponding to the user device 50 on the OpenFlow network switch 32, such that the OpenFlow network switch 32 processes the mobile service packet based on the process entry.

In addition, the service chain mapping module 12 transmits the mobile service chain type and the required resource amount to the data center 4, and provides the data center service application (APP) in which the data center 4 manages, wherein the mobile network service refers to the operator. Network services provided to users, such as software-type firewall (Firewall), intrusion detection/defense system (IDS/IPS), streaming video cache, anti-virus, etc.

After the user registers the mobile network service with the operator, the database 11 can obtain user information through the NNI (Network-Network Interface) interface, such as user registration information, and configure the user device 50 to use the data center 4 The mobile web service application (APP) then passes the packet of the user device 50 around the selected APP to complete the mobile service chain specified by the user.

Specifically, since the data center 4 provides services in the form of a virtual machine (VM), its computing power is limited. In other words, it has a processing upper limit for processing each mobile service chain, so when a user device transmits a message, When the number of services that a group of mobile service chains can serve exceeds, a new set of mobile Internet service applications can be created on the Action Center to meet the service needs of the mobile service chain.

For example, each service chain group can set the number of user devices or users of the service according to the requirements and resources of the data center 4, for example, 10, 20, 30, etc., or 10, 20, 30 After a service chain group is full, another service chain group corresponding to the same mobile service chain type is generated. The number of users and the number of user devices mentioned above are for illustrative purposes only, and the actual number still needs to be configured according to actual conditions.

Referring to FIG. 2, in the present invention, the foregoing service chain mapping module 12 includes a configuration unit 121, a sorting unit 122, and a deleting unit 123 to implement different functions. The foregoing units can all be implemented in a software module manner, and can be implemented by a programming language such as ASP, C/C++/C#, JAVA, Python, PHP, Perl, etc., but the category of the programming language is not limited thereto.

The configuration unit 121 is configured to implement the foregoing function of assigning the user device 50 to a service chain group in the service chain mapping module 12.

The configuration unit 121 assigns the user device 50 to a service chain group, specifically, the following calculation method:

When an existing service chain group already exists, and the existing service chain group has sufficient resources to accommodate the required resource amount ( D _u ) of the user device 50, the user device 50( u ) is configured to the existing service chain. a group; when there is no existing service chain group having sufficient resources to accommodate the required resources of the user device 50, a new service chain group is added and the user device 50 is configured to the new service chain group. Group; however, when the computing device is unable to create a new service chain group, the user device 50 is randomly configured to any of the service chain groups that already exist and conform to the mobile service chain type ( SCID _u ) of the user device 50.

The code of the implementation configuration unit 121 can be referred to Table 1:

Among them, Utlz _{ij in} Table 1 refers to the current resource usage of the jth group providing the i-th service chain. The third line means that the jth group of the i-th service chain is provided. The current resource usage status plus the user u's demand must be smaller than the resource cap of the service chain group to enable the user. The traffic of u is assigned to the service chain group of Gij for service.

The finishing unit 122 and the deleting unit 123 are used to provide the number of maintenance service chain groups, so as to avoid the number of service chain groups in the UGFM system increasing continuously after long-term use, resulting in excessive flow entries in the performance Openflow network switch 32. And the problem of declining performance.

Specifically, the collating unit 122 provides an action service chain type for checking different user devices. When the action service chain types of any two different user devices are the same, one of the user devices is configured to belong to another user device. Service chain group. The code for its implementation can be found in Table 2:

The deleting unit 123 provides a function of deleting one of the user devices 50 from the original service chain group. When there is no other user device in the original service chain group, the service chain group is deleted. The code for its implementation can be found in Table 3:

In addition, in the system of the present invention, when the deleting unit 123 deletes the service chain group, the database 11 is also notified to delete the user information to save space.

Please refer to FIG. 3 , which is a user group-based process item management method applied to an SDN network according to the present invention, which is a user-based group-based process item management system 1 corresponding to the foregoing invention applied to an SDN network. .

The user group-based process item management method applied to the SDN network of the present invention comprises the following steps:

S41: Receive a user information and at least one mobile service type information from a user device, where the mobile service type information includes a type of mobile service required by the user device. Specifically, the user information may include at least the identification number of the user device, and may include user registration information of the user. The mobile service type information, in particular, is a type of mobile service that the user device wants to request from the SDN network 30, for example, a mobile network service that the user applies to the network operator, such as a firewall (Firewall) ), intrusion detection/defense system (IDS/IPS), streaming video cache, antivirus and other types of mobile network services.

S42: Sort the foregoing action service type information to generate an action service chain type. For example, the user device A has an application 3, an application 1, and an application 2 that need to request a mobile network service, and the table can be {3, 1, 2}, and the application is sorted into an application according to a preset rule. 1, the application 2, the order of the application 3, that is, {1, 2, 3}, or according to the type of mobile network service application or the amount of computing requirements, etc., for example, can be user devices The bandwidth applied by the holder, or the number of connections of the user device. In this example, the mobile service chain type is the mobile service chain type including the mobile network service applications 1, 2, and 3. If another mobile device service requested by the user device B is the application 1, 2, 3, 4 (ie {}), which belong to different types of mobile service chains. Specifically, if the mobile network service installed by the user device A is a firewall, an IDS, and a porn gatekeeper, the mobile network service installed by the user device B is a firewall, an IDS, a porn gatekeeper, and a streaming video cache. , are divided into different action service chains.

S43: Calculate the amount of resources required to operate the foregoing mobile service to generate a required resource amount. The amount of demand resources, that is, the amount of computing resources required to request the data center to operate or occupy the data center, specifically, the value of the demand resource (Du) can be defined by the operator according to different systems, for example, according to the user. The bandwidth, or the number of connections the user has.

S44: Assign the user device to a service chain group according to the action service chain type and the required resource quantity, and configure a group ID information. For example, the user device A has applications 1, 2, and 3 that need to request an action service, that is, a service chain group G123 that is assigned to the applications 1, 2, and 3, and G123 is configured to configure group ID information, but Other arrangements may be used for its implementation, and this is only an example.

S45: transmitting the group ID information to a packet data gateway 21, and providing the packet data gateway 21 to mark the group ID information on the mobile service packet, wherein the mobile service packet is transmitted by the user device to a SDN network. The packet of the road.

S46: transmitting user information and group ID information to an SDN controller in an SDN network, and generating a flow entry corresponding to the user device on the OpenFlow network switch via the SDN controller, so that the OpenFlow network The switch processes the action service packets based on the process entries.

In the method for managing the user group based on the IMS network, the method further includes the step S47: transmitting the mobile service chain type and the required resource amount to a data center, and providing the data center management mobile network service application ( APP).

In the process of the user group-based process item management method applied to the SDN network, the step S44, the step of assigning the user device to a service chain group, includes:

S441: Configure the user device to the existing service chain group when an existing service chain group has sufficient resources to accommodate the required resource.

S442: When there is no existing service chain group having sufficient resources to accommodate the required resources of the user equipment, a new service chain group is added and the user equipment is configured to the new service chain group.

S443: When the computing device cannot add a new service chain group, the user device is randomly configured to any service chain group that exists and conforms to the mobile device chain type of the user device.

The user group-based process item management method applied to the SDN network of the present invention further includes the following steps to manage the service chain group:

S445: The computing device checks the mobile service chain type of different user devices. When the mobile service chain types of the two different user devices are the same, one of the user devices is configured to the service chain group to which the other user device belongs. .

S446: The computing device deletes one of the user devices from the original service chain group; and when there is no other user device in the original service chain group, the computing device deletes the service chain group.

In summary, the user group-based process item management system and method proposed by the present invention divides the user equipment using the same mobile service chain into several according to the processing capability limitation of the data center 4 to the mobile service chain. The service chain group, and each service chain group has its own unique ID, so that the packet sent by the user device is encapsulated by the data gateway 21 before entering the SDN network 30 by the mobile network 20. The ID of the group to which the user device belongs is marked on the packet as a tag, and the controller then sets the ID information on the network switch, and the network switch only needs to check the label on the packet to perform the routing, and Multiple user devices with the same mobile service chain are assigned to the same service chain group, so the network switch can use only one process entry, that is, the packets of multiple user devices in the same service chain group. Bypassing, reduces the consumption of Flow Entry in the network switch.

In order to illustrate the comparison of the user group-based process item management system and method applied to the SDN network to the SDN network and the effects of the prior art, the present case was tested in accordance with the architecture in FIG.

The architecture of the test is shown in FIG. 4, and includes a mobile network 20, an SDN network 30, a data center 4, and a user-grouped based flow entry management system (UGFM) proposed by the present invention. The SDN network 30 includes an SDN controller with centralized control and two OpenFlow network switches 32. The SDN controller in this example is a RYU for handling packet-circulated OpenFlow network switches 32. For Pica8 3297, Data Center 4 is used to provide various mobile Internet service applications (APP), and Data Center 4 is composed of multiple physical machines. Each physical machine will provide corresponding services. In addition, as before In the above, the service chain group can be added or removed according to the use of the mobile service chain to save resources. Two traditional routers are also used to handle packet transmission between legacy networks and SDN.

(1) Using traditional SDN network routing

In this test, we first tested the upper limit of the number of user devices that the entire environment can serve when providing different mobile network service applications (APPs) under the traditional SDN routing mechanism. The upper limit is based on: The maximum number of user devices that can be served without exceeding the maximum number of flow entries that the network switch can provide.

The so-called traditional SDN network routing mode, as shown in Figure 1, does not include the architecture of the UGFM proposed by the present invention.

In this test, the user base X is defined to indicate that the number of flow entries required in the case where the number of APPs is X is provided under the method of using conventional SDN routing.

Figure 5 shows the results of the test. The number of user devices that the network switch can serve is between 1300 and 2000 when the number of APPs is 5 to 9. It can be found that the more the number of APPs provided, the smaller the number of user devices that can be served, because the more the number of APPs, the more types of mobile service chains (the number of types of mobile service chains is the combination of APP numbers). The number of mobile service chains that are combined by more APPs will require more flow entries to wrap the packets, so the number of user devices that can be served when the user base is 9 is the least.

From the results shown in FIG. 5, equation (1) can be derived, that is, the total number of flow entries is approximately equal to the number of user devices requesting the mobile service multiplied by the average number of flow entries required for an action service chain. So by formula (1), you can estimate the maximum number of user devices that can be served under different APP numbers:

(2) Using the UGFM of the present invention for routing

In this test, the UGFM system proposed by the present invention is used for testing, and compared with the results of the conventional winding mode of (a), the test result is shown in FIG. 6.

In this test, the number of APPs is fixed at 5 and 9, and the number of user devices that the service chain group can provide services is from 10 to 50. The purpose is to test the service chain group to provide services to different numbers of uses. The number of flow entries required when the device is installed. The group Y base X in the figure indicates that when the UGFM method is used, each service chain group can serve Y user devices, and only X types of APPs are provided, which is required. The number of flow entries.

Figure 6 shows the results of providing 5 APPs and the service chain group with different number of service user devices (10 to 50). As can be seen in Figure 6, the number of service user devices in the service chain group does affect the number of flow entries, and the more user devices the service chain group can serve, the required flow entries will also Follow it down.

Table 4 shows that the proportion of user device growth is about the upper limit of the number of user devices that can be served by a service chain group, and the number of user devices that can be served by the traditional SDN under the same APP number. . In addition, from the result, formula (2) can be obtained, and the total number of flow entries is approximately equal to the number of user devices multiplied by the average number of flow entries required for an action service chain, and divided by the average number of users that can be served by a service chain group. Number of devices. Therefore, by formula (2), it is possible to estimate the maximum number of user devices that UGFM can serve under different APP numbers and service chain group service user devices.

Please refer to FIG. 7 , which provides 9 APPs and the service chain group is the result of the number of different service user devices. The results show that the number of service user devices in the service chain group also affects the number of flow entries. The more user devices the service chain group can serve, the fewer the flow entries required, and The growth trend of the flow entry is similar to that of the five APPs, but the number of initial flow entries is much higher than that of the five APPs.

The reason is that the 9 kinds of APPs have more combined service chain (SC) for users to choose, and the more the action service chain composed of APP, the more flow entries are needed, so the initial flow The more entries there will be.

Table 5 shows that the proportion of user device growth is also the upper limit of the number of user devices that can be served by a service chain group, and multiplied by the same number of APPs. The number of devices, and the number of user devices is similar to the number of user devices estimated by equation (2).

(3) Number of user devices that UGFM can serve

In this test, the number of set APPs is from 5 to 9, and the number of service user devices in the service chain group is 10, 30, and 50. Under this condition, the upper limit of the number of user devices that can be served by the UGFM and the traditional SDN routing mechanism is tested (the upper limit is not more than the number of flow entries on the network switch, and the number of user devices that can be served).

The base X indicates that X types of APPs are provided for the user to select, and the traditional mode (A) indicates the upper limit of the number of user devices that can be served by the conventional SDN routing mechanism, and the service chain group Y indicates that a service chain group can The number of user devices for the service is Y.

Table 6 shows the comparison of the number of user devices that UGFM can serve with the traditional SDN routing mechanism. The results show that the number of elevated user devices is also affected by the number of APPs, for the same reasons as above. The number of user devices that grow up will vary according to the number of user devices that a service chain group can serve. The number of multipliers can be derived from equations (1) and (2), which is a service chain. The number of user devices for the group average service is doubled.

The detailed description of the preferred embodiments of the present invention is intended to be limited to the scope of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.

Claims (10)

 A user-based group-based flow entry management method for an SDN network, running on an computing device, the method comprising: receiving a user information from a user device and at least one type of mobile service Information, the type of action service information includes types of action services required by the user device; sorting the types of action service types to generate an action service chain type; calculating a resource amount required to operate the action service, Generating a demand resource amount; assigning the user device to a service chain group according to the action service chain type and the demand resource amount, and configuring a group ID information; transmitting the group ID information to a package data a gateway device that provides the packet data gateway to mark the group ID information on the mobile service packet, wherein the mobile service packet refers to a packet transmitted by the user device to an SDN network; and transmits the user Information and the group ID information to an SDN controller in an SDN network, the user device pair is generated on the OpenFlow network switch via the SDN controller The flow entry is such that the OpenFlow network switch processes the mobile service packet according to the process entry.    The user group-based process item management method applied to the SDN network, as described in claim 1, further comprising: transmitting the action service chain type and the required resource amount to a data center, and providing the data center management action network Road service application.    The user group-based process item management method applied to an SDN network according to claim 1, wherein the step of allocating the user device to a service chain group includes: when an existing service chain group exists When the group has sufficient resources to accommodate the required resource, the user device is configured to the existing service chain group; when there is no existing service chain group having sufficient resources to accommodate the demanded resources of the user device, Adding a new service chain group and configuring the user device to the new service chain group; and when the computing device cannot add the new service chain group, the user device is randomly configured to Any service chain group that already exists and conforms to the mobile service chain type of the user device.    The user group-based process item management method applied to the SDN network according to claim 1, further comprising: the computing device checking the action service chain type of the different user device, when the action of the different user device When the service chain type is the same, one of the user devices is configured to the service chain group to which the other user device belongs.    The user group-based process item management method applied to the SDN network according to claim 4, further comprising: the computing device deleting one of the user devices from the original service chain group; and when the original The computing device deletes the service chain group when there are no other user devices in the service chain group.    A user-based flow entry management system for an SDN network, comprising: a database for receiving and storing a user information from a user device and at least one type of mobile service Information, the action service type information includes a type of action service required by the user device, and transmitting a group ID information corresponding to the user device to a packet data gateway, and providing the packet data gateway device The group ID information is marked on the mobile service packet, where the mobile service packet refers to a packet transmitted by the user device to an SDN network; a service chain mapping module is linked to the database, The service chain mapping module is configured to sort the information of the types of action services to generate an action service chain type, and calculate the amount of resources required to operate the action services to generate a demand resource, and according to the The action service chain type and the required resource amount, the user device is assigned to a service chain group, and the group ID information is configured; a process item management module, Connected to the service chain mapping module, the process entry management module transmits the user information and the group ID information to an SDN controller in the SDN network, via the SDN controller in an OpenFlow network switch A flow entry corresponding to the user device is generated, so that the OpenFlow network switch processes the mobile service packet according to the process entry.    The user group-based process item management system applied to the SDN network according to claim 6, wherein the service chain mapping module transmits the action service chain type and the required resource amount to a data center, and provides the data. The Center manages mobile web service applications.    The user group-based process item management system applied to an SDN network according to claim 6, wherein the configuration unit includes a configuration unit, the configuration unit uses the action service chain type according to the action service chain type and the required resource amount. The device is assigned to a service chain group and configured with the group ID information, and the user device is configured to the existing service when an existing service chain group has sufficient resources to accommodate the required resource amount. a chain group, when there is no existing service chain group having sufficient resources to accommodate the demanded resources of the user device, adding a new service chain group and configuring the user device to the new service chain group The group, and when the computing device is unable to add the new service chain group, randomly configure the user device to any service chain group that already exists and conforms to the action service chain type of the user device.    The user group-based process item management system applied to the SDN network according to claim 8, wherein the service chain mapping module further comprises a sorting unit, wherein the sorting unit provides an action service for checking different user devices. The chain type, when any two different user devices have the same type of mobile service chain, configure one of the user devices to the service chain group to which the other user device belongs.    The user group-based process item management system applied to the SDN network according to claim 9, wherein the service chain mapping module further comprises a deleting unit, the deleting unit providing one of the user devices from the original The service chain group is deleted, and when there is no other user device in the original service chain group, the service chain group is deleted.