WO2014183518A1 - Method and system for realizing forwarding of data packet - Google Patents

Method and system for realizing forwarding of data packet Download PDF

Info

Publication number
WO2014183518A1
WO2014183518A1 PCT/CN2014/075370 CN2014075370W WO2014183518A1 WO 2014183518 A1 WO2014183518 A1 WO 2014183518A1 CN 2014075370 W CN2014075370 W CN 2014075370W WO 2014183518 A1 WO2014183518 A1 WO 2014183518A1
Authority
WO
WIPO (PCT)
Prior art keywords
domain
flow table
value range
range check
data packet
Prior art date
Application number
PCT/CN2014/075370
Other languages
French (fr)
Chinese (zh)
Inventor
张君辉
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2014183518A1 publication Critical patent/WO2014183518A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements

Definitions

  • the present invention relates to a software-defined network (SDN, Software-Defined Network) architecture technology, and more particularly to a method and system for implementing packet forwarding.
  • SDN Software-Defined Network
  • IP Open Shortest
  • Border Gateway Protocol BGP
  • Multicast Differentiated Services
  • Traffic Engineering Network Address Exchange
  • Firewall Firewall
  • Multi-Protocol Label Switching etc. This makes switching devices such as routers more and more bloated and the space for performance improvement becomes more and more.
  • the OpenFlow protocol is used to describe the criteria used for the interaction between the controller and the switch, and Interface standard for controllers and switches.
  • the core part of the protocol is a collection of information structures for the OpenFlow protocol.
  • the flow table FlowTable is used to configure the switch forwarding path.
  • An OpenFlow switch includes one or more flow tables. FlowTableLinkedEach flow table Each flow entry in the flow table mainly includes three parts: (1) Match Fields (Use) The ingress port, the acket header, and the metadata passed by the previous flow table FlowTable; (2) counters (Counts) for counting packets that match successfully; (3) instruction set ( Instructions ) , used to modify the Action Set or pipeline processing.
  • the Match Fields field is information extracted from the header of the message and used to match a flow table.
  • the Counters field is used to manage various statistics.
  • the Instructions field is used to perform various operations on the packet. Commands, such as discarding packets, forwarding packets to designated ports, setting packet header field values, and adding encapsulation labels.
  • the Action Set is associated with each message. It is passed between multiple flow tables in the pipeline and modified by the instructions of each flow table until the pipeline processing ends, forming the final set of actions.
  • the Match Fields field includes: access interface, metadata, Ethernet source address, destination address, type, virtual local area network identifier (vlan id), vlan priority, MPLS label, MPLS traffic class (MPLS Traffic Class), IP source address , destination address, protocol, IP service type (IP ToS) bit, Transmission Control Protocol/User Data Protocol (TCP/UDP) source port number, TCP/UDP destination port number, or Control Message Protocol (ICCMP) opcode.
  • a domain consists of a certain value or all values (ANY ), and a more accurate match can be achieved by a mask.
  • FlowTable In packet forwarding, starting from the first flow table FlowTable, it may go through multiple flow tables, FlowTable. This process is called pipeline processing.
  • the benefit of pipeline processing is that packets are allowed to be sent to the next stream table for further processing or metadata information to flow through the table.
  • Pipelining ends in the instruction set without specifying the next flow table. In this case, the packet is usually forwarded by the action set it carries.
  • the commonly used openflow matching method uses domain value and mask matching to complete the data packet. Forwarding requires more flow table configuration messages and more flow table entries, which increases management complexity and wastes valuable flow table hardware resources. Moreover, the use of masks increases the complexity of SDN controllers. . It also reduces the forwarding efficiency of data packets.
  • the present invention provides a method and system for implementing data packet forwarding.
  • the computational complexity of the SDN controller can be reduced, the flow table configuration efficiency can be improved, the flow table hardware resources can be saved, and the data can be improved. Packet forwarding efficiency.
  • the present invention discloses a method for implementing data packet forwarding, which includes: generating domain value range check information according to flow table information including a range of domain values;
  • the data packet is forwarded according to the generated domain value range check information and the flow table information.
  • the method further includes: setting flow table information including a range of domain values; the flow table information is configured in the flow table.
  • the generating domain value range check information includes:
  • the domain value range checklist includes the type of domain to be checked and its corresponding range of domain values.
  • the forwarding the data packet according to the generated domain value range check information and the flow table information includes: determining a domain type in the range check table in the data packet, and the domain value of the domain is corresponding in the domain value range check table.
  • the field value range check identifier of the entry is set to valid;
  • the result of the domain value range check result in the matching metadata is matched with the key value and the mask in the flow table. If the two are consistent, the matching is successful; according to the corresponding action configured by the flow table, the data packet is forwarded.
  • the field value range check result is composed of a plurality of the field value range check identifiers, which are binary bit streams, and each bit corresponds to an index number of an entry of the field value range check table.
  • the Key value and mask are determined according to the index number of the field value range check table.
  • the action is the set of actions specified by the Openflow specification.
  • the selected domain and its range of domain values are carried by the extended OpenFlow message; or, by the extensible matching type-length-value OXM TLV, the selected domain and its range of domain values are carried.
  • the domain corresponding to the domain value range is a domain in the matching domain of the existing flow table, or any combination of the domains.
  • the present invention further provides a system for implementing data packet forwarding, comprising at least a flow table processing unit, a data packet processing unit, wherein the flow table processing unit is configured to: generate a domain value range according to the flow table information including the domain value range Check information;
  • the packet processing unit is configured to: forward the data packet according to the generated domain value range check information and the flow table information.
  • the system further includes: a flow table information sending unit, configured to: configure the flow table information including the domain value range in the flow table, and send the information to the flow table processing unit.
  • a flow table information sending unit configured to: configure the flow table information including the domain value range in the flow table, and send the information to the flow table processing unit.
  • the flow table processing unit is configured to: obtain a domain type and a range of domain values to be matched from the flow table, and set a domain value range check table; and include a domain type to be checked in the domain value range check table, and The corresponding range of domain values.
  • the data packet processing unit is configured to: determine, when the domain type in the range check table exists in the data packet, determine a corresponding index number of the domain value of the domain in the domain value range check table, and select an entry corresponding to the index number
  • the domain value range check identifier is set to be valid; the metadata carrying the domain value range check result containing the domain value range check identifier is notified to the flow table; the domain value range check result in the matching metadata, and the key in the flow table
  • the result of the Key value and the mask are the same, indicating that the domain value of the data packet is within the range; the data packet is forwarded according to the corresponding action of the flow table configuration.
  • the flow table information delivery unit is disposed in a software defined network SDN controller.
  • the flow table processing unit and the packet processing unit are disposed in an OpenFlow switch.
  • the technical solution of the present application includes: generating domain value range check information according to the flow table information including the domain value range, and forwarding the data packet according to the generated domain value range check information and the flow table information. It can be seen from the method of the present invention that traffic matching is performed on the data packet according to the range of the domain value by matching the flow table in the range of the value of the packet domain, thereby significantly reducing the flow table configuration message and the flow table entry, thereby reducing the SDN control.
  • the computational complexity of the device improves the efficiency of the flow table configuration, saves the flow table hardware resources, and improves the forwarding efficiency of the data packets.
  • FIG. 1 is a flowchart of a method for implementing data packet forwarding according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of an embodiment of an OPenFlow switch processing flow table according to the present invention.
  • FIG. 3 is a schematic structural diagram of a system for implementing data packet forwarding according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of an embodiment of implementing packet forwarding according to the present invention. Preferred embodiment of the invention
  • FIG. 1 is a flowchart of a method for implementing data packet forwarding according to the present invention.
  • the method includes the following steps: Step 100: Generate domain value range check information according to flow table information including a domain value range. Before this step, the method further includes: setting flow table information including a range of domain values, and configuring the flow table information in the flow table.
  • the method includes: expanding an existing flow table to save a range of domain values, specifically, using an extended OpenFlow message to carry a range of domain values; or extending an extended type of value by an existing OpenFlow type (OXM TLV, The OpenFlow Extensible Match type-length-value carries the selected domain and its range of domain values, etc., and the specific implementation method is not used to limit the scope of the present invention.
  • the selected domain can be any domain in the match field of the existing flow table or any combination of each domain. For example, vlan id, and / or TCP / UDP source port number, and / or TCP / UDP destination port number, etc.; and set the domain value range of the selected domain, that is, the upper limit of the domain value and the lower limit of the domain value.
  • This step generates the domain value range check information according to the flow table information including the range of the domain value.
  • the specific information includes: obtaining the domain type and domain value range to be matched from the flow table, and setting the domain value range check table RangeTable. Include the domain to be checked in the field value range checklist, and its corresponding range of domain values The upper limit of the domain value and the lower limit of the domain value.
  • the domain value range checklist can include multiple entries, each entry corresponding to a domain that needs to be checked and its range of domain values.
  • Step 101 Forward the data packet according to the generated domain value range check information and the flow table information. First, determine whether the data packet has a domain type in the range check table, and if yes, further determine the domain value of the domain in the domain value range check table, in which domain value range, and the entry The field value range check flag is set to valid as set to 1 (two mechanism bits); otherwise, the entry's field value range check flag is set to invalid if set to 0.
  • the field value range check identifier is used to identify whether the domain value of the data packet is in the indicated item.
  • the domain value range check identifier is displayed as 1, it indicates that it is within the range of the entry; if the domain value range check identifier is displayed as 0, it means that it is not within the scope of the entry; and the secondary level stream composed of multiple domain value range check identifiers is the result of the domain value range check, that is, a specific value, and the field value range check result may be a certain width ( A binary bit stream corresponding to a flow table entry, each bit corresponding to an entry in the field value range checklist. It should be noted that the data packet can be checked for multiple domain value ranges at the same time.
  • the domain value range check result is carried to the flow table by using metadata; here, when the flow table is used for packet forwarding, the flow table can only match a specific value instead of a range, and the domain value range is adopted in the present invention.
  • the result of the check informs the flow table of the domain value range of the domain value that needs to be matched by the current data packet to be forwarded, so that the flow table corresponds to the subsequent matching processing.
  • the data packet and the metadata enter the flow table, and the result of the domain value range check in the matching metadata, that is, the comparison field value range check result, and the result of the key (Key) value and the mask (Mask) in the flow table are matched. If the two match, the match is successful, indicating that the domain value is within the range; otherwise, the match fails and the domain value is not in the range.
  • the Key value and the mask are determined according to the domain value range check table index number.
  • the action can be the set of actions specified by the existing openflow specification.
  • FIG. 2 is a schematic diagram of an embodiment of an OPenFlow switch processing flow table according to the present invention.
  • an SDN controller sends an open flow table configuration message to an OpenFlow switch by using an extended openflow message, and specifies a certain range check or Multiple domains, their range of values, and the flow table FlowTable are configured.
  • the domain that requires range checking is vlan id.
  • the domain of index number 2 is vlan id, and the corresponding domain value range is 1-1000.
  • the domain of index number 3 is vlan id, and its corresponding domain value.
  • the range is 1001-2000.
  • the other entries in Table 1 are not examples, they can be other domains that need to be checked and their range of domain values. If you follow the OpenFlow matching method in the existing packet forwarding, you need to configure a flow table entry for each client vlan. In this way, 2000 flow table entries (upstream direction) will need to be set. However, by the method of the present invention, only Two flow table entries can be set in the uplink direction and the downlink direction respectively.
  • the index number is used to distinguish the domain value range check identifier of the different entries. As shown in FIG. 2, the index value of the domain value range check table corresponding to the vlan id field value range 1-1000 is 2, then the domain corresponding to the entry The value range check identifies the second bit of the field value range check result value (binary bit code).
  • the entry of the domain value range in which the domain value of the domain falls is valid, as shown in Table 1.
  • the field value range check identifier corresponding to the entry is 1, that is, the output metadata data data position is 1; in this embodiment, the data packet is checked by the traffic of the cell 1 and the vlan id range check is performed, then the metadata metadata output is output.
  • the bit stream is 00000010, and the valid bit 1 corresponds to entry 2.
  • the metadata metadata is matched, and the corresponding domain value range is specified by a mask:
  • the Key value and the mask are determined according to the range check table index number.
  • the Key value may be xxxxxxlx, where X represents 0 or 1, and the mask is 00000010 (dimension, hexadecimal is 0x02), and the Key value and the mask are combined, that is, xxxxxxlx AND 0x02
  • the phase and the resulting result are compared with the field value range check results in the metadata.
  • the flow table only focuses on bits with a vlan id ranging from 1-1000. Then, the mask (binary) is 00000010, and the corresponding Key value is calculated to be 00000010.
  • the packet When the packet vlan id is in the range of 1-1000, the packet is in the required range. Check the domain and domain value range of the packet.
  • FIG. 3 is a schematic structural diagram of a system for implementing data packet forwarding according to the present invention. As shown in FIG. 2, at least a flow table processing unit and a data packet processing unit are included.
  • the flow table processing unit is configured to generate the domain value range check information according to the flow table information including the domain value range.
  • a data packet processing unit configured to forward the data packet according to the generated domain value range check information and the flow table information.
  • the flow table processing unit and the packet processing unit may be disposed in an OpenFlow switch, such as a carrier edge router (PE), a client router (CE) device, and the like.
  • OpenFlow switch such as a carrier edge router (PE), a client router (CE) device, and the like.
  • the system of the present invention further includes: a flow table information sending unit, configured to configure the flow table information including the domain value range in the flow table, and send the information to the flow table processing unit.
  • the flow table information delivery unit can be set in the SDN controller.
  • the flow table processing unit is specifically configured to obtain a domain type and a range of domain values to be matched from the flow table, and set a domain value range check table RangeTable; include a domain type to be checked in the domain value range check table, and corresponding
  • the range of field values is the upper limit of the field value and the lower limit of the field value.
  • the data packet processing unit is specifically configured to determine a domain type in the range check table in the data packet, determine a domain index of the domain value in the domain value range check table, and set a domain of the entry corresponding to the index number
  • the value range check identifier is set to be valid; the metadata carrying the domain value range check result containing the domain value range check identifier is notified to the flow table; the domain value range check result in the matching metadata, and the key Key value in the flow table And the result of the sum of the masks, if the two are consistent, it indicates that the domain value of the data packet is within the range; the data packet is forwarded according to the corresponding action of the flow table configuration.
  • FIG. 4 is a schematic diagram of an embodiment of implementing packet forwarding according to the present invention, and combining with a specific implementation The method of the present invention is described in detail.
  • the flow table processing part is omitted in this embodiment, which mainly describes the forwarding processing of different types of data packets by the range of domain values carried in the flow table. As shown in Figure 4,
  • This example uses the networking and vlan tag processing of the carrier VLAN (SVLAN) as an example.
  • SVLAN carrier VLAN
  • the OpenFlow switch and the SDN controller have been connected, and the SDN controller has queried the basic configuration of the switch by switching to the OpenFlow switch.
  • LLDP Layer 2 Adjacent Device Probe Command message
  • vlan range of cell 1 is 1-1000
  • vlan range of cell 2 is 1001-2000.
  • PE edge router
  • the SDN controller sends a flow table to the PE device and configures the OpenFlow switch forwarding channel.
  • the upper and lower limits of the domain and domain values that require range checking are specified in the delivered flow table, such as flow table 1 and flow table 2 in Figure 4.
  • the range of the vlan id needs to be checked, and the range of the vlan id is 1-1000 and 1001-2000 respectively.
  • a flow table entry needs to be configured for each client vlan, so that 2000 flow table entries (upstream direction) need to be set on the PE device;
  • the vlan ids in the flow table are classified into two types according to the range of the field value. Only two flow table entries (upstream or downstream) need to be set on the PE device.
  • the SDN controller sends a flow table to the client router (CE7) switch, and configures OpenFlow.
  • CE7 client router
  • the forwarding process of the uplink packet includes:
  • the packets from the cell 1 and the cell 2 arrive at the CE7, they are processed according to the flow table 5 and the flow table 6, respectively, and then forwarded out from the port 3.
  • the cell user data packet arrives at the PE device, it is processed according to flow table 1 and flow table 2, and then different outer vlans are added and forwarded from port 2.
  • the forwarding process of the uplink packet includes:
  • the data packets from the BRAS server reach the PE device, and the outer vlans are 2000 and 2001 respectively; they are forwarded according to the flow table 3 and the flow table 4 respectively, wherein the traffic of the vlan2000 matches the flow table 3, and the outer vlan is stripped (pop) and Forwarded to port 1; traffic of vlan2001, after matching flow table 4, stripped outer vlan and forwarded to port 1;
  • the data packet of the BRAS server that strips the outer vlan reaches CE7 and will be forwarded according to the configured flow table 7 and flow table 8.
  • the traffic with the vlan range of 1-1000 will be sent to Port 1 (ie, cell 1 network), traffic with a vlan range of 1001-2000 will be sent to port 2 (ie, cell 2 network).
  • the present invention may have other various embodiments, such as performing matching processing based on a range of domain values of a TCP/UDP source port number and/or a destination port number, or performing matching processing based on other domain value ranges.
  • a person skilled in the art can make various changes and modifications in accordance with the present invention without departing from the spirit and scope of the invention, but the corresponding changes and modifications should be included in the appended claims. The scope of protection.
  • the technical solution of the present application includes: generating domain value range check information according to the flow table information including the domain value range, and forwarding the data packet according to the generated domain value range check information and the flow table information. It can be seen from the method of the present invention that traffic matching is performed on the data packet according to the domain value range by matching the flow table range of the packet domain value range, thereby significantly reducing the flow table configuration message and the flow table entry, thereby reducing the computational complexity of the SDN controller. Sexuality improves the efficiency of flow table configuration, saves the flow table hardware resources, and improves the forwarding efficiency of data packets.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method and system for realizing forwarding of a data packet. The method comprises: according to flow table information containing a threshold value range, generating threshold value range checking information, and in accordance with the generated threshold value range checking information and the flow table information, forwarding a data packet. It can be seen from the method in the embodiments of the present invention, by matching flow tables of threshold value ranges of data packets, flow aggregation is performed on the data packets according to the threshold value ranges, and flow table configuration information and flow table entries are obviously reduced, thereby reducing the computing complexity of an SDN controller, improving the flow table configuration efficiency, saving flow table hardware resources, and improving the forwarding efficiency of the data packets.

Description

一种实现数据包转发的方法及系统  Method and system for realizing data packet forwarding
技术领域 Technical field
本发明涉及软件定义网络( SDN , Software-Defined Network )架构技术, 尤指一种实现数据包转发的方法及系统。  The present invention relates to a software-defined network (SDN, Software-Defined Network) architecture technology, and more particularly to a method and system for implementing packet forwarding.
背景技术 Background technique
随着人们对网络性能需求的提高, 网络也暴露出了越来越多的弊病, 为 了克服这些弊端, 在路由器的体系结构当中会加入许多复杂功能, 比如开放 式最短路径优先(OSPF, Open Shortest Path First )、 边界网关协议( BGP ) 、 组播、 区分服务、 流量工程、 网络地址交换(NAT ) 、 防火墙、 多协议标签 交换(MPLS , Multi-Protocol Label Switching )等等。 这就使得路由器等交换 设备越来越臃肿而且性能提升的空间越来越 d、。  As people's demand for network performance increases, the network also exposes more and more ills. To overcome these drawbacks, many complex functions are added to the router architecture, such as open shortest path first (OSPF, Open Shortest). Path First ), Border Gateway Protocol (BGP), Multicast, Differentiated Services, Traffic Engineering, Network Address Exchange (NAT), Firewall, Multi-Protocol Label Switching, etc. This makes switching devices such as routers more and more bloated and the space for performance improvement becomes more and more.
然而, 与网络领域的困境截然不同的是, 计算机领域实现了日新月异的 发展。 由于釆用一个简单可用的硬件底层(x86 指令集) , 计算机在软件方 面, 不论是应用程序还是操作系统都取得了飞速的发展。 目前, 很多主张重 新设计计算机网络体系结构的人士认为: 网络可以复制计算机领域的成功来 解决现在网络所遇到的所有问题。 在这种思想的指导下, 将来的网络必将是 这样的: 底层的数据通路(交换机、 路由器)是"哑的、 简单的、 最小的,,, 并定义一个对外开放的关于流表(FlowTable ) 的公用的应用程序编程接口 ( API, Application Programming Interface ) , 同时釆用控制器来控制整个网 络。 这样, 研究人员就可以通过在控制器上自由的调用底层的 API来编程, 从而实现网络的创新。  However, in stark contrast to the dilemma of the network sector, the computer field has evolved with each passing day. Thanks to a simple and usable hardware underlying (x86 instruction set), computers have evolved rapidly in terms of software, both in applications and in operating systems. At present, many people who advocate redesigning the computer network architecture believe that: The network can replicate the success of the computer field to solve all the problems encountered by the current network. Under the guidance of this idea, the future network must be like this: The underlying data path (switch, router) is "dumb, simple, minimal," and defines a flow table (FlowTable) that is open to the outside world. a common application programming interface (API), which uses the controller to control the entire network. In this way, the researcher can freely call the underlying API to program on the controller, thus implementing the network. Innovation.
基于上述的理念,出现了软件定义网络( SDN, Software Defined Network ) 的概念, 其最初是由美国斯坦福大学 clean slate研究组提出的一种新型网络 创新架构。 目前, 其核心技术 OpenFlow协议, 通过将网络设备控制面与数 据面分离开来, 从而实现了网络流量的灵活控制, 为核心网络及应用的创新 提供了良好的平台。 其中, OpenFlow是一种新型网络交换模型。  Based on the above concepts, the concept of Software Defined Network (SDN) emerged, which was originally a new network innovation architecture proposed by the Stanford University clean slate research group. At present, its core technology OpenFlow protocol, by separating the control plane of the network device from the data plane, realizes flexible control of network traffic and provides a good platform for innovation of core networks and applications. Among them, OpenFlow is a new network exchange model.
OpenFlow协议用于描述控制器和交换机之间交互所用信息的标准,以及 控制器和交换机的接口标准。 协议的核心部分是用于 OpenFlow协议信息结 构的集合。 The OpenFlow protocol is used to describe the criteria used for the interaction between the controller and the switch, and Interface standard for controllers and switches. The core part of the protocol is a collection of information structures for the OpenFlow protocol.
流表 FlowTable, 用于配置交换机转发路径, 一个 OpenFlow交换机包括 一个或者多个流表 FlowTable„每个流表 FlowTable中每个流条目主要包括三 个部分: (1) 匹配域 ( Match Fields ) ,使用入端口 ( ingress port ), 包头( acket header ) 以及前一个流表 FlowTable传递过来的元数据 ( metadata ) ; (2) 计 数器( Counters ) ,用于对匹配成功的包进行计数; (3) 指令集( Instructions ) , 用于修改动作集(Action Set )或者流水线处理。  The flow table FlowTable is used to configure the switch forwarding path. An OpenFlow switch includes one or more flow tables. FlowTable „Each flow table Each flow entry in the flow table mainly includes three parts: (1) Match Fields (Use) The ingress port, the acket header, and the metadata passed by the previous flow table FlowTable; (2) counters (Counts) for counting packets that match successfully; (3) instruction set ( Instructions ) , used to modify the Action Set or pipeline processing.
其中, Match Fields字段, 是从报文的头部中取出的信息, 用于匹配一条 流表; Counters字段, 用于管理各种统计信息; Instructions字段, 用于对报 文进行操作的各种操作指令, 比如丟弃报文、 转发报文到指定端口、 设置报 文头部字段值、 增加封装标签等。 动作集(Action Set )和每个报文相关联, 它在流水线的多个流表之间传递并被各流表的指令所修改, 直到流水线处理 结束, 形成最终的动作集。 具体地, Match Fields字段包括: 进入接口、 元数 据、 以太源地址、 目标地址、 类型, 虚拟局域网标识(vlan id ) , vlan优先 级, MPLS标签、 MPLS流量类( MPLS Traffic Class ) 、 IP 源地址、 目标地 址、协议、 IP服务类型( IP ToS ) 位,传输控制协议 /用户数据协议( TCP/UDP ) 源端口号、 TCP/UDP 目的端口号或控制报文协议( ICMP )操作码等。 一个 域包括一个确定值或者所有值(ANY ) , 更准确的匹配可以通过掩码实现。  The Match Fields field is information extracted from the header of the message and used to match a flow table. The Counters field is used to manage various statistics. The Instructions field is used to perform various operations on the packet. Commands, such as discarding packets, forwarding packets to designated ports, setting packet header field values, and adding encapsulation labels. The Action Set is associated with each message. It is passed between multiple flow tables in the pipeline and modified by the instructions of each flow table until the pipeline processing ends, forming the final set of actions. Specifically, the Match Fields field includes: access interface, metadata, Ethernet source address, destination address, type, virtual local area network identifier (vlan id), vlan priority, MPLS label, MPLS traffic class (MPLS Traffic Class), IP source address , destination address, protocol, IP service type (IP ToS) bit, Transmission Control Protocol/User Data Protocol (TCP/UDP) source port number, TCP/UDP destination port number, or Control Message Protocol (ICCMP) opcode. A domain consists of a certain value or all values (ANY ), and a more accurate match can be achieved by a mask.
数据包转发中, 从第一个流表 FlowTable开始匹配, 可能会经历多个流 表 FlowTable, 这个过程称之为流水线处理( pipeline processing )。 流水线处 理的好处就是允许数据包被发送到接下来的流表中做进一步处理或者元数据 信息在表中流动。 首先, 找到流表 FlowTable中优先级最高的流条目进行匹 配, 即根据入端口, 包头, 以及有上一个流表指定的元数据三类匹配域进行 匹配。 如果某个数据包成功匹配了流表中某个流条目, 则更新这个流条目的 计数器, 同时这个流条目中的指令集操作将被应用生效。 流水线处理终结于 指令集中没有指定下一个流表, 这时数据包通常会被所带有的动作集处理后 转发。  In packet forwarding, starting from the first flow table FlowTable, it may go through multiple flow tables, FlowTable. This process is called pipeline processing. The benefit of pipeline processing is that packets are allowed to be sent to the next stream table for further processing or metadata information to flow through the table. First, find the flow entries with the highest priority in the FlowTable FlowTable to match, that is, match the incoming port, the header, and the matching fields of the metadata specified by the previous flow table. If a packet successfully matches a flow entry in the flow table, the counter for that flow entry is updated and the instruction set operation in that flow entry is validated by the application. Pipelining ends in the instruction set without specifying the next flow table. In this case, the packet is usually forwarded by the action set it carries.
目前,常用的 openflow匹配方式釆用域值及掩码匹配方式来完成数据包 的转发, 需要更多的流表配置消息和更多的流表条目, 增加了管理复杂性, 也浪费了宝贵的流表硬件资源; 而且,釆用掩码方式增加了 SDN控制器的复 杂性。 同时也降低了数据包的转发效率。 At present, the commonly used openflow matching method uses domain value and mask matching to complete the data packet. Forwarding requires more flow table configuration messages and more flow table entries, which increases management complexity and wastes valuable flow table hardware resources. Moreover, the use of masks increases the complexity of SDN controllers. . It also reduces the forwarding efficiency of data packets.
发明内容 Summary of the invention
本发明提供一种实现数据包转发的方法及系统, 通过对报文域值范围的 流表匹配, 能够降低 SDN控制器的计算复杂性,提高流表配置效率, 节省流 表硬件资源, 提高数据包的转发效率。  The present invention provides a method and system for implementing data packet forwarding. By matching a flow table with a range of message domain values, the computational complexity of the SDN controller can be reduced, the flow table configuration efficiency can be improved, the flow table hardware resources can be saved, and the data can be improved. Packet forwarding efficiency.
为了解决上述技术问题, 本发明公开了一种实现数据包转发的方法, 包 括: 根据包含有域值范围的流表信息, 生成域值范围检查信息;  In order to solve the above technical problem, the present invention discloses a method for implementing data packet forwarding, which includes: generating domain value range check information according to flow table information including a range of domain values;
按照生成的域值范围检查信息和所述流表信息转发数据包。  The data packet is forwarded according to the generated domain value range check information and the flow table information.
该方法之前还包括: 设置包含有域值范围的流表信息; 所述流表信息配 置在流表中。  The method further includes: setting flow table information including a range of domain values; the flow table information is configured in the flow table.
所述生成域值范围检查信息包括:  The generating domain value range check information includes:
从所述流表中获取需要匹配的域类型及其域值范围, 设置域值范围检查 表;  Obtaining the domain type and its range of domain values to be matched from the flow table, and setting a domain value range check table;
域值范围检查表中包括需要检查的域类型, 及其对应的域值范围。  The domain value range checklist includes the type of domain to be checked and its corresponding range of domain values.
所述按照生成的域值范围检查信息和所述流表信息转发数据包包括: 确定出数据包中存在范围检查表中的域类型, 将该域的域值在域值范围 检查表中对应的条目的域值范围检查标识设置为有效;  The forwarding the data packet according to the generated domain value range check information and the flow table information includes: determining a domain type in the range check table in the data packet, and the domain value of the domain is corresponding in the domain value range check table. The field value range check identifier of the entry is set to valid;
通过元数据将包含有域值范围检查标识的域值范围检查结果携带给流 表;  Carrying the domain value range check result containing the domain value range check identifier to the flow table by using the metadata;
匹配元数据中的域值范围检查结果,与流表中的键值及掩码相与的结果, 如果二者一致则匹配成功; 按照流表配置的对应动作, 对数据包进行转发。  The result of the domain value range check result in the matching metadata is matched with the key value and the mask in the flow table. If the two are consistent, the matching is successful; according to the corresponding action configured by the flow table, the data packet is forwarded.
所述域值范围检查结果由多个所述域值范围检查标识组成, 为二进制位 流, 每个位对应域值范围检查表的某个条目的索引号。 根据域值范围检查表的索引号确定所述 Key值和掩码。 The field value range check result is composed of a plurality of the field value range check identifiers, which are binary bit streams, and each bit corresponds to an index number of an entry of the field value range check table. The Key value and mask are determined according to the index number of the field value range check table.
所述动作是 Openflow规范规定的动作集。  The action is the set of actions specified by the Openflow specification.
所述选择的域及其域值范围釆用扩展的 OpenFlow消息携带; 或者, 通 过可扩展匹配 类型-长度-值 OXM TLV携带选择的域及其所述域值范围。  The selected domain and its range of domain values are carried by the extended OpenFlow message; or, by the extensible matching type-length-value OXM TLV, the selected domain and its range of domain values are carried.
所述域值范围对应的域为现有流表的匹配域中的某域, 或者各域的任意 组合。  The domain corresponding to the domain value range is a domain in the matching domain of the existing flow table, or any combination of the domains.
本发明还提供一种实现数据包转发的系统, 至少包括流表处理单元, 数 据包处理单元; 其中, 流表处理单元, 设置为: 根据包含有域值范围的流表 信息, 生成域值范围检查信息;  The present invention further provides a system for implementing data packet forwarding, comprising at least a flow table processing unit, a data packet processing unit, wherein the flow table processing unit is configured to: generate a domain value range according to the flow table information including the domain value range Check information;
数据包处理单元, 设置为: 按照生成的域值范围检查信息和所述流表信 息转发数据包。  The packet processing unit is configured to: forward the data packet according to the generated domain value range check information and the flow table information.
该系统还包括: 流表信息下发单元, 设置为: 将包含有域值范围的流表 信息配置在流表中, 并下发给所述流表处理单元。  The system further includes: a flow table information sending unit, configured to: configure the flow table information including the domain value range in the flow table, and send the information to the flow table processing unit.
所述流表处理单元, 设置为: 从所述流表中获取需要匹配的域类型及域 值范围,设置域值范围检查表;在域值范围检查表中包括需要检查的域类型, 及其对应的域值范围。  The flow table processing unit is configured to: obtain a domain type and a range of domain values to be matched from the flow table, and set a domain value range check table; and include a domain type to be checked in the domain value range check table, and The corresponding range of domain values.
所述数据包处理单元, 设置为: 确定数据包中存在范围检查表中的域类 型时, 确定该域的域值在域值范围检查表中对应的索引号, 并将该索引号对 应的条目的域值范围检查标识设置为有效; 将携带有包含域值范围检查标识 的域值范围检查结果的元数据通知给流表; 匹配元数据中的域值范围检查结 果, 与流表中的键 Key值及掩码相与的结果, 二者一致, 则表明该数据包的 域值在范围之内; 按照流表配置的对应动作, 对数据包进行转发。  The data packet processing unit is configured to: determine, when the domain type in the range check table exists in the data packet, determine a corresponding index number of the domain value of the domain in the domain value range check table, and select an entry corresponding to the index number The domain value range check identifier is set to be valid; the metadata carrying the domain value range check result containing the domain value range check identifier is notified to the flow table; the domain value range check result in the matching metadata, and the key in the flow table The result of the Key value and the mask are the same, indicating that the domain value of the data packet is within the range; the data packet is forwarded according to the corresponding action of the flow table configuration.
所述流表信息下发单元设置在软件定义网络 SDN控制器中。  The flow table information delivery unit is disposed in a software defined network SDN controller.
所述流表处理单元和数据包处理单元设置在 OpenFlow交换机中。  The flow table processing unit and the packet processing unit are disposed in an OpenFlow switch.
本申请技术方案包括: 根据包含有域值范围的流表信息, 生成域值范围 检查信息, 按照生成的域值范围检查信息和所述流表信息转发数据包。 从本 发明方法可见, 通过对数据包域值范围的流表匹配, 根据域值范围对数据包 进行流量聚合, 明显减少了流表配置消息和流表条目,从而降低了 SDN控制 器的计算复杂性, 提高了流表配置效率, 节省了流表硬件资源, 提高了数据 包的转发效率。 附图概述 The technical solution of the present application includes: generating domain value range check information according to the flow table information including the domain value range, and forwarding the data packet according to the generated domain value range check information and the flow table information. It can be seen from the method of the present invention that traffic matching is performed on the data packet according to the range of the domain value by matching the flow table in the range of the value of the packet domain, thereby significantly reducing the flow table configuration message and the flow table entry, thereby reducing the SDN control. The computational complexity of the device improves the efficiency of the flow table configuration, saves the flow table hardware resources, and improves the forwarding efficiency of the data packets. BRIEF abstract
此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的 不当限定。 在附图中:  The drawings are intended to provide a further understanding of the invention, and are intended to be illustrative of the invention. In the drawing:
图 1为本发明实施例实现数据包转发的方法的流程图;  1 is a flowchart of a method for implementing data packet forwarding according to an embodiment of the present invention;
图 2为本发明 OPenFlow交换机处理流表的实施例的示意图;  2 is a schematic diagram of an embodiment of an OPenFlow switch processing flow table according to the present invention;
图 3为本发明实施例实现数据包转发的系统组成结构示意图;  3 is a schematic structural diagram of a system for implementing data packet forwarding according to an embodiment of the present invention;
图 4为本发明实现数据包转发的实施例的示意图。 本发明的较佳实施方式  FIG. 4 is a schematic diagram of an embodiment of implementing packet forwarding according to the present invention. Preferred embodiment of the invention
图 1为本发明实现数据包转发的方法的流程图, 如图 1所示, 包括: 步骤 100: 根据包含有域值范围的流表信息, 生成域值范围检查信息。 本步骤之前还包括: 设置包含有域值范围的流表信息, 流表信息配置存 储在流表中。 具体包括: 对现有流表进行扩展用于保存域值范围, 具体地, 可以釆用扩展的 OpenFlow消息携带域值范围;也可以通过现有 OpenFlow可 扩展匹配 类型 國长度-值 ( OXM TLV , OpenFlow Extensible Match type-length-value )携带选择的域及其域值范围等等, 具体实现方法并不用于 限定本发明的保护范围。  FIG. 1 is a flowchart of a method for implementing data packet forwarding according to the present invention. As shown in FIG. 1, the method includes the following steps: Step 100: Generate domain value range check information according to flow table information including a domain value range. Before this step, the method further includes: setting flow table information including a range of domain values, and configuring the flow table information in the flow table. Specifically, the method includes: expanding an existing flow table to save a range of domain values, specifically, using an extended OpenFlow message to carry a range of domain values; or extending an extended type of value by an existing OpenFlow type (OXM TLV, The OpenFlow Extensible Match type-length-value carries the selected domain and its range of domain values, etc., and the specific implementation method is not used to limit the scope of the present invention.
根据实际情况,选择需要进行范围检查的某个域或某些域及其域值范围, 选择的域可以是现有流表的匹配域(match field ) 中的任何域或者各个域的 任意组合, 比如 vlan id、 和 /或 TCP/UDP源端口号、 和 /或 TCP/UDP目的端 口号等; 并设置所选择出的域的域值范围, 即域值上限和域值下限。  According to the actual situation, select a domain or some domain and its range of domain values that need to be range checked. The selected domain can be any domain in the match field of the existing flow table or any combination of each domain. For example, vlan id, and / or TCP / UDP source port number, and / or TCP / UDP destination port number, etc.; and set the domain value range of the selected domain, that is, the upper limit of the domain value and the lower limit of the domain value.
本步骤根据包含有域值范围的流表信息, 生成域值范围检查信息, 具体 包括: 从流表中获取需要匹配的域类型及域值范围, 设置域值范围检查表 RangeTable。 在域值范围检查表中包括需要检查的域, 及其对应的域值范围 即域值上限和域值下限。 域值范围检查表可以包括多个条目, 每个条目对应 某需要检查的域及其域值范围。 This step generates the domain value range check information according to the flow table information including the range of the domain value. The specific information includes: obtaining the domain type and domain value range to be matched from the flow table, and setting the domain value range check table RangeTable. Include the domain to be checked in the field value range checklist, and its corresponding range of domain values The upper limit of the domain value and the lower limit of the domain value. The domain value range checklist can include multiple entries, each entry corresponding to a domain that needs to be checked and its range of domain values.
步骤 101 : 按照生成的域值范围检查信息和所述流表信息转发数据包。 首先, 确定数据包是否存在范围检查表中的域类型, 在存在的情况下, 进一步确定该域的域值在域值范围检查表中对应的条目即在哪个域值范围 内, 并将该条目的域值范围检查标识设置为有效如设置为 1 (二机制位) ; 否则, 条目的域值范围检查标识设置为无效如设置为 0。 其中, 域值范围检 查标识用于标识数据包的域值是否在其所指示的条目, 如果域值范围检查标 识显示为 1 , 则表示在该条目的范围内; 如果域值范围检查标识显示为 0 , 则 表示不在该条目的范围内; 而多个域值范围检查标识组成的二级制位流是域 值范围检查结果, 也就是一个具体的数值, 域值范围检查结果可以是一定宽 度(与流表条目对应) 的二进制位流, 每个位对应域值范围检查表的某个条 目。 需要说明的是, 数据包可以同时进行多个域值范围的检查。  Step 101: Forward the data packet according to the generated domain value range check information and the flow table information. First, determine whether the data packet has a domain type in the range check table, and if yes, further determine the domain value of the domain in the domain value range check table, in which domain value range, and the entry The field value range check flag is set to valid as set to 1 (two mechanism bits); otherwise, the entry's field value range check flag is set to invalid if set to 0. The field value range check identifier is used to identify whether the domain value of the data packet is in the indicated item. If the domain value range check identifier is displayed as 1, it indicates that it is within the range of the entry; if the domain value range check identifier is displayed as 0, it means that it is not within the scope of the entry; and the secondary level stream composed of multiple domain value range check identifiers is the result of the domain value range check, that is, a specific value, and the field value range check result may be a certain width ( A binary bit stream corresponding to a flow table entry, each bit corresponding to an entry in the field value range checklist. It should be noted that the data packet can be checked for multiple domain value ranges at the same time.
接着, 通过元数据(metadata )将域值范围检查结果携带给流表; 这里, 在利用流表进行数据包转发时, 流表只能匹配具体的值而不是范围, 本发明 中通过域值范围检查结果将当前需要转发的数据包的需要匹配的域值所在域 值范围告知流表, 以便流表对应进行后续匹配处理。  Then, the domain value range check result is carried to the flow table by using metadata; here, when the flow table is used for packet forwarding, the flow table can only match a specific value instead of a range, and the domain value range is adopted in the present invention. The result of the check informs the flow table of the domain value range of the domain value that needs to be matched by the current data packet to be forwarded, so that the flow table corresponds to the subsequent matching processing.
然后, 数据包及元数据进入流表, 匹配元数据中的域值范围检查结果, 即比较域值范围检查结果, 与流表中的键 ( Key )值及掩码(Mask )相与的 结果, 如果二者一致则匹配成功, 表明域值在范围之内; 否则匹配失败, 域 值不在范围之内。 其中, Key值和掩码是根据域值范围检查表索引号确定。  Then, the data packet and the metadata enter the flow table, and the result of the domain value range check in the matching metadata, that is, the comparison field value range check result, and the result of the key (Key) value and the mask (Mask) in the flow table are matched. If the two match, the match is successful, indicating that the domain value is within the range; otherwise, the match fails and the domain value is not in the range. The Key value and the mask are determined according to the domain value range check table index number.
最后, 按照流表配置的对应动作对数据包进行转发。 动作可以是现有 openflow规范规定的动作集。  Finally, the data packet is forwarded according to the corresponding action of the flow table configuration. The action can be the set of actions specified by the existing openflow specification.
图 2为本发明 OPenFlow交换机处理流表的实施例的示意图, 如图 2所 示,假设 SDN控制器釆用扩展的 openflow消息向 OpenFlow交换机下发流表 配置消息, 指定需要范围检查的某个或多个域, 及其域值范围并配置流表 FlowTable, 假设, 需要范围检查的域为 vlan id, 其域值范围有两种: 1-1000 的位以及 1001 -2000的位。 当 OpenFlow交换机接收到该流表 FlowTable后, 具体的处理如下: 生成域值范围检查表, 如表 1所示: 2 is a schematic diagram of an embodiment of an OPenFlow switch processing flow table according to the present invention. As shown in FIG. 2, it is assumed that an SDN controller sends an open flow table configuration message to an OpenFlow switch by using an extended openflow message, and specifies a certain range check or Multiple domains, their range of values, and the flow table FlowTable are configured. Assume that the domain that requires range checking is vlan id. There are two types of domain values: 1-1000 bits and 1001 -2000 bits. After the OpenFlow switch receives the flow table FlowTable, the specific processing is as follows: Generate a domain value range checklist, as shown in Table 1:
Figure imgf000008_0001
Figure imgf000008_0001
表 1  Table 1
根据流表中的信息, 生成表 1中的两个条目, 索引号 2的域是 vlan id, 其对应的域值范围是 1-1000; 索引号 3的域是 vlan id, 其对应的域值范围是 1001-2000。表 1中的其它条目没有做示例, 可以是其它需要检查的域及其域 值范围。 如果按现有数据包转发中的 OpenFlow 匹配方法, 需要为每个客户 vlan配置一个流表条目, 这样, 将需要设置 2000个流表条目 (上行方向) ; 而通过本发明方法, 只需要分别在上行方向和下行方向分别设置 2个流表条 目即可。 其中, 索引号用于区别不同条目的域值范围检查标识, 如图 2所示, vlan id域值范围 1-1000对应的域值范围检查表的索引号为 2, 那么, 该条目 对应的域值范围检查标识为域值范围检查结果值(二进制位码)的第二个位。  According to the information in the flow table, two entries in Table 1 are generated. The domain of index number 2 is vlan id, and the corresponding domain value range is 1-1000. The domain of index number 3 is vlan id, and its corresponding domain value. The range is 1001-2000. The other entries in Table 1 are not examples, they can be other domains that need to be checked and their range of domain values. If you follow the OpenFlow matching method in the existing packet forwarding, you need to configure a flow table entry for each client vlan. In this way, 2000 flow table entries (upstream direction) will need to be set. However, by the method of the present invention, only Two flow table entries can be set in the uplink direction and the downlink direction respectively. The index number is used to distinguish the domain value range check identifier of the different entries. As shown in FIG. 2, the index value of the domain value range check table corresponding to the vlan id field value range 1-1000 is 2, then the domain corresponding to the entry The value range check identifies the second bit of the field value range check result value (binary bit code).
结合图 2 , 当数据包到来时, 如果数据包中的某个域在域值范围检查表 中, 则该域的域值落入的域值范围所在的条目为有效, 如表 1所示, 该条目 对应的域值范围检查标识为 1 , 即输出的元数据 metadata数据位置 1 ; 在本 实施例中, 假设数据包是加入小区 1的流量进行 vlan id范围检查, 那么, 输 出的元数据 metadata位流为 00000010, 有效位 1对应的是条目 2。  Referring to FIG. 2, when a data packet arrives, if a certain field in the data packet is in the field value range check table, the entry of the domain value range in which the domain value of the domain falls is valid, as shown in Table 1. The field value range check identifier corresponding to the entry is 1, that is, the output metadata data data position is 1; in this embodiment, the data packet is checked by the traffic of the cell 1 and the vlan id range check is performed, then the metadata metadata output is output. The bit stream is 00000010, and the valid bit 1 corresponds to entry 2.
而在流表中将匹配元数据 metadata , 并通过掩码 ( mask )指定对应的域 值范围: Key值和掩码是根据范围检查表索引号确定的。 本实施例中, Key 值可以是 xxxxxxlx, 其中 X代表 0或者 1 , 而掩码为 00000010 (二级制, 十 六进制则为 0x02 ) , 将 Key值和掩码相与 , 即 xxxxxxlx AND 0x02 , 相与得 到的结果将和元数据中的域值范围检查结果进行比较。流表只关注 vlan id范 围为 1-1000的位, 那么, 掩码(二进制)为 00000010 , 计算出对应的 Key 值为 00000010。 当数据包 vlan id在 1-1000范围内, 则该数据包为需要范围 检查的域及域值范围的数据包。 对于需要范围检查的域及域值范围的数据包 执行相应的动作, 在本实施例中, 将为 vlan id范围为 1-1000的小区 1用户 数据包添加一层外层 vlan =2000后转发。 In the flow table, the metadata metadata is matched, and the corresponding domain value range is specified by a mask: The Key value and the mask are determined according to the range check table index number. In this embodiment, the Key value may be xxxxxxlx, where X represents 0 or 1, and the mask is 00000010 (dimension, hexadecimal is 0x02), and the Key value and the mask are combined, that is, xxxxxxlx AND 0x02 The phase and the resulting result are compared with the field value range check results in the metadata. The flow table only focuses on bits with a vlan id ranging from 1-1000. Then, the mask (binary) is 00000010, and the corresponding Key value is calculated to be 00000010. When the packet vlan id is in the range of 1-1000, the packet is in the required range. Check the domain and domain value range of the packet. In the embodiment, the cell 1 user data packet with the vlan id range of 1-1000 is added with an outer layer vlan=2000 and then forwarded.
从本发明方法可见, 通过对报文域值范围的流表匹配, 根据域值范围对 数据包进行流量聚合, 明显减少了流表配置消息和流表条目, 从而降低了 SDN控制器的计算复杂性, 提高了流表配置效率, 节省了流表硬件资源, 提 高了数据包的转发效率。  It can be seen that, by matching the flow table of the range of the packet field value, traffic aggregation is performed on the data packet according to the range of the domain value, which significantly reduces the flow table configuration message and the flow table entry, thereby reducing the computational complexity of the SDN controller. Sexuality improves the efficiency of flow table configuration, saves the flow table hardware resources, and improves the forwarding efficiency of data packets.
图 3为本发明实现数据包转发的系统组成结构示意图, 如图 2所示, 至 少包括流表处理单元, 数据包处理单元, 其中,  3 is a schematic structural diagram of a system for implementing data packet forwarding according to the present invention. As shown in FIG. 2, at least a flow table processing unit and a data packet processing unit are included.
流表处理单元, 用于根据包含有域值范围的流表信息, 生成域值范围检 查信息。  The flow table processing unit is configured to generate the domain value range check information according to the flow table information including the domain value range.
数据包处理单元, 用于按照生成的域值范围检查信息和所述流表信息转 发数据包。  And a data packet processing unit, configured to forward the data packet according to the generated domain value range check information and the flow table information.
流表处理单元和数据包处理单元可以设置在 OpenFlow交换机中, 比如 运营商边沿路由器(PE ) , 客户端路由器(CE )设备等。  The flow table processing unit and the packet processing unit may be disposed in an OpenFlow switch, such as a carrier edge router (PE), a client router (CE) device, and the like.
本发明系统还包括: 流表信息下发单元, 用于将包含有域值范围的流表 信息配置在流表中, 并下发给流表处理单元。 流表信息下发单元可以设置在 SDN控制器中。  The system of the present invention further includes: a flow table information sending unit, configured to configure the flow table information including the domain value range in the flow table, and send the information to the flow table processing unit. The flow table information delivery unit can be set in the SDN controller.
其中, 流表处理单元, 具体用于从流表中获取需要匹配的域类型及域值 范围, 设置域值范围检查表 RangeTable; 在域值范围检查表中包括需要检查 的域类型, 及其对应的域值范围即域值上限和域值下限。  The flow table processing unit is specifically configured to obtain a domain type and a range of domain values to be matched from the flow table, and set a domain value range check table RangeTable; include a domain type to be checked in the domain value range check table, and corresponding The range of field values is the upper limit of the field value and the lower limit of the field value.
数据包处理单元,具体用于确定数据包中存在范围检查表中的域类型时, 确定该域的域值在域值范围检查表中对应的索引号, 并将该索引号对应的条 目的域值范围检查标识设置为有效; 将携带有包含域值范围检查标识的域值 范围检查结果的元数据通知给流表; 匹配元数据中的域值范围检查结果, 与 流表中的键 Key值及掩码相与的结果, 二者一致, 则表明该数据包的域值在 范围之内; 按照流表配置的对应动作, 对数据包进行转发。  The data packet processing unit is specifically configured to determine a domain type in the range check table in the data packet, determine a domain index of the domain value in the domain value range check table, and set a domain of the entry corresponding to the index number The value range check identifier is set to be valid; the metadata carrying the domain value range check result containing the domain value range check identifier is notified to the flow table; the domain value range check result in the matching metadata, and the key Key value in the flow table And the result of the sum of the masks, if the two are consistent, it indicates that the domain value of the data packet is within the range; the data packet is forwarded according to the corresponding action of the flow table configuration.
图 4为本发明实现数据包转发的实施例的示意图, 下面结合一具体实施 例对本发明方法进行详细描述。 图 4中, 本实施例中对于流表处理部分进行 了忽略, 主要是描述通过流表中携带的域值范围对不同类别的数据包进行转 发处理。 如图 4所示, 4 is a schematic diagram of an embodiment of implementing packet forwarding according to the present invention, and combining with a specific implementation The method of the present invention is described in detail. In Figure 4, the flow table processing part is omitted in this embodiment, which mainly describes the forwarding processing of different types of data packets by the range of domain values carried in the flow table. As shown in Figure 4,
本实施例以运营商 VLAN ( SVLAN ) 的组网和 vlan tag处理流程为例 , 假设已经完成 OpenFlow交换机和 SDN控制器建立连接, 并且 SDN控制器 已通过向 OpenFlow 交换 (Switch ) 查询交换机的基本配置信息并配置 OpenFlow交换机基本参数; 而且控制器已向 OpenFlow交换机发送二层邻接 设备探测命令消息 ( LLDP )发现 OpenFlow的网络拓朴结构。  This example uses the networking and vlan tag processing of the carrier VLAN (SVLAN) as an example. Assume that the OpenFlow switch and the SDN controller have been connected, and the SDN controller has queried the basic configuration of the switch by switching to the OpenFlow switch. Information and configure the basic parameters of the OpenFlow switch; and the controller has sent a Layer 2 Adjacent Device Probe Command message (LLDP) to the OpenFlow switch to discover the OpenFlow network topology.
假设有两个小区, 两个小区釆用不同的客户 vlan, 其中, 小区 1的 vlan 范围为 1-1000, 小区 2的 vlan范围为 1001-2000。 为了隔离不同的小区流量, 在汇聚设备运营商边沿路由器 (PE )上, 需要打上不同的运营商 vlan tag。  Suppose there are two cells, and two cells use different clients vlan, where the vlan range of cell 1 is 1-1000, and the vlan range of cell 2 is 1001-2000. In order to isolate different cell traffic, different operators vlan tags need to be placed on the edge router (PE) of the aggregation device operator.
SDN控制器向 PE设备下发流表, 配置 OpenFlow交换机转发通道。 在 下发的流表中指定了需要范围检查的域和域值的上限和下限, 如图 4中的流 表 1和流表 2。 从流表 1和流表 2可见, 本实施例中, 需要对 vlan id进行范 围检查, vlan id的范围分别为 1-1000和 1001-2000;  The SDN controller sends a flow table to the PE device and configures the OpenFlow switch forwarding channel. The upper and lower limits of the domain and domain values that require range checking are specified in the delivered flow table, such as flow table 1 and flow table 2 in Figure 4. As shown in the flow table 1 and the flow table 2, in this embodiment, the range of the vlan id needs to be checked, and the range of the vlan id is 1-1000 and 1001-2000 respectively.
在 PE设备上, 为了隔离不同小区的用户流量, 需要给每个小区添加不 同的运营商 vlan tag;如图 4中的流表 1和流表 2所示,给小区 1添加 ( ush ) 的外层 vlan为 2000, 给小区 2添加的外层 vlan为 2001。  On the PE device, to isolate user traffic of different cells, you need to add different carrier vlan tags to each cell. As shown in flow table 1 and flow table 2 in Figure 4, add ( ush ) to cell 1. The vlan of the layer is 2000, and the outer vlan added to the cell 2 is 2001.
如果按现有数据包转发中的 OpenFlow匹配方法, 需要为每个客户 vlan 配置一个流表条目, 这样, 在 PE设备上将需要设置 2000个流表条目 (上行 方向) ; 而通过本发明方法, 根据域值范围将流表中的 vlan id分成了两类, 在 PE设备上只需要设置 2个流表条目 (上行方向或下行方向) 即:  If the OpenFlow matching method in the existing packet forwarding is used, a flow table entry needs to be configured for each client vlan, so that 2000 flow table entries (upstream direction) need to be set on the PE device; The vlan ids in the flow table are classified into two types according to the range of the field value. Only two flow table entries (upstream or downstream) need to be set on the PE device.
上行方向包括: 流表 1 : 匹配域 ={入端口 1 , vlan id范围 1-1000} ; 动作 ={push vlan 2000; output端口 2; } ; 流表 2: 匹配域 ={入端口 1 , vlan id范 围 1001-2000} ; 动作 ={push vlan 2001 ; output端口 2; }。  The uplink direction includes: Flow table 1: Match field = {in port 1, vlan id range 1-1000}; action = {push vlan 2000; output port 2; }; flow table 2: matching field = {in port 1, vlan Id range 1001-2000}; action = {push vlan 2001 ; output port 2; }.
下行方向包括:流表 3:匹配域 ={入端口 2, vlan id 2000 } ;动作 ={pop vlan 2000; output端口 1 ; } ; 流表 4: 匹配域 ={入端口 2, vlan id 2001 } ; 动作 = {pop vlan 2001 ; output端口 1 ; }。  The downlink direction includes: flow table 3: matching field = {in port 2, vlan id 2000}; action = {pop vlan 2000; output port 1; }; flow table 4: matching field = {in port 2, vlan id 2001 } Action = {pop vlan 2001 ; output port 1; }.
SDN控制器向客户端路由器 (CE7 ) 交换机下发流表, 配置 OpenFlow 交换机转发通道, 在 CE7设备上, 上行方向, 需要把各个小区的流量汇聚到 上行端口 3; 配置的流表分别为: 流表 5: 匹配域 ={入端口 1 } ; 动作 ={ output 端口 3; } ; 流表 6: 匹配域 ={入端口 2} ; 动作 ={output端口 3; }。 下行方 向包括: 流表 7: 匹配域 ={入端口 3 , vlan id 范围 1-1000 } ; 动作 ={output端 口 1 ; } ; 流表 8: 匹配域 ={入端口 3 , vlan id范围 1001-2000 } ; 动作 ={output 端口 2; }。 The SDN controller sends a flow table to the client router (CE7) switch, and configures OpenFlow. On the CE7 device, in the uplink direction, traffic of each cell needs to be aggregated to uplink port 3. The configured flow table is: Flow table 5: Matching field = {in port 1 }; Action = { output port 3 ; } ; Flow Table 6: Matching Field = {In Port 2}; Action = {output Port 3; }. The downlink direction includes: Flow table 7: Match field = {in port 3, vlan id range 1-1000 }; action = {output port 1; }; flow table 8: matching field = {in port 3, vlan id range 1001- 2000 } ; Action = {output port 2; }.
那么, 上行方向数据包的转发过程包括:  Then, the forwarding process of the uplink packet includes:
来自小区 1和小区 2的数据包到达 CE7后,分别根据流表 5和流表 6进 行处理后, 从端口 3 转发出去。 假设小区 1 的用户数据包格式为: dmac=0xl l,smac=0x22,客户 vlan id=100,payload=0xl 12233; 小区 2的用户报 文格式为: dmac=0xl l,smac=0x33,客户 vlan id=l 100,payload=0x332211;  After the packets from the cell 1 and the cell 2 arrive at the CE7, they are processed according to the flow table 5 and the flow table 6, respectively, and then forwarded out from the port 3. Assume that the user data packet format of cell 1 is: dmac=0xl l, smac=0x22, client vlan id=100, payload=0xl 12233; the user packet format of cell 2 is: dmac=0xl l, smac=0x33, client vlan Id=l 100, payload=0x332211;
小区用户数据包到达 PE设备后, 分别根据流表 1和流表 2进行处理后, 添加不同的外层 vlan, 从端口 2转发出去。 经过 PE设备后, 小区 1的用户 数据包格式为: dmac=0xl l,smac=0x22,外层 vlan id=2000,payload=0xl 12233; 小区 2 的用户数据包格式为: dmac=0xl l,smac=0x33,外层 vlan id =2001, payload=0x332211;。  After the cell user data packet arrives at the PE device, it is processed according to flow table 1 and flow table 2, and then different outer vlans are added and forwarded from port 2. After the PE device, the user data packet format of the cell 1 is: dmac=0xl l, smac=0x22, outer vlan id=2000, payload=0xl 12233; the user data packet format of the cell 2 is: dmac=0xl l, smac =0x33, outer vlan id =2001, payload=0x332211;.
上行方向数据包的转发过程包括:  The forwarding process of the uplink packet includes:
来自 BRAS服务器的数据包到达 PE设备,外层 vlan分别为 2000和 2001 ; 分别根据流表 3和流表 4进行转发, 其中 vlan2000的流量, 匹配流表 3后, 剥离 (pop )外层 vlan并转发到端口 1 ; vlan2001的流量, 匹配流表 4后, 剥 离外层 vlan并转发到端口 1;  The data packets from the BRAS server reach the PE device, and the outer vlans are 2000 and 2001 respectively; they are forwarded according to the flow table 3 and the flow table 4 respectively, wherein the traffic of the vlan2000 matches the flow table 3, and the outer vlan is stripped (pop) and Forwarded to port 1; traffic of vlan2001, after matching flow table 4, stripped outer vlan and forwarded to port 1;
假设发送到小区 1 的数据包格式为: dmac=0x22,smac=0x55,外层 vlan id=2000,内层 vlan id=100,payload=0x778899; 发送到小区 2的数据包格式为: dmac=0x33 , smac=0x55 , 夕卜 层 vlan id=2001, 内 层 vlan id=l 100,payload=0x998877。 经过 PE设备处理后, 小区 1的数据包格式为: dmac=0x22,smac=0x55,内层 vlan id=100,payload=0x778899; 小区 2的数据包 格式为: dmac=0x33,smac=0x55,内层 vlan id=l 100,payload=0x998877。  Assume that the packet format sent to cell 1 is: dmac=0x22, smac=0x55, outer vlan id=2000, inner vlan id=100, payload=0x778899; The format of the packet sent to cell 2 is: dmac=0x33 , smac=0x55, eve layer vlan id=2001, inner layer vlan id=l 100, payload=0x998877. After processing by the PE device, the packet format of the cell 1 is: dmac=0x22, smac=0x55, inner layer vlan id=100, payload=0x778899; the packet format of the cell 2 is: dmac=0x33, smac=0x55, Layer vlan id=l 100, payload=0x998877.
剥离外层 vlan的 BRAS服务器的数据包达到 CE7 , 将根据配置的流表 7 和流表 8进行转发, 根据流表 7的配置, vlan范围为 1-1000的流量将发送到 端口 1 (即小区 1网络), vlan范围为 1001-2000的流量将发送到端口 2 (即 小区 2网络) 。 The data packet of the BRAS server that strips the outer vlan reaches CE7 and will be forwarded according to the configured flow table 7 and flow table 8. According to the configuration of flow table 7, the traffic with the vlan range of 1-1000 will be sent to Port 1 (ie, cell 1 network), traffic with a vlan range of 1001-2000 will be sent to port 2 (ie, cell 2 network).
当然, 本发明还可有其他多种实施例, 比如基于 TCP/UDP 源端口号和 / 或目的端口号的域值范围来进行匹配处理, 或者基于其它域值范围进行匹配 处理。 在不背离本发明精神及其实质的情况下, 熟悉本领域的技术人员当可 根据本发明作出各种相应的改变和变形, 但这些相应的改变和变形都应属于 本发明所附的权利要求的保护范围。  Of course, the present invention may have other various embodiments, such as performing matching processing based on a range of domain values of a TCP/UDP source port number and/or a destination port number, or performing matching processing based on other domain value ranges. A person skilled in the art can make various changes and modifications in accordance with the present invention without departing from the spirit and scope of the invention, but the corresponding changes and modifications should be included in the appended claims. The scope of protection.
以上所述, 仅为本发明的较佳实例而已, 并非用于限定本发明的保护范 围。 凡在本发明的精神和原则之内, 所做的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。  The above description is only a preferred embodiment of the present invention and is not intended to limit the scope of protection of the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性 Industrial applicability
本申请技术方案包括: 根据包含有域值范围的流表信息, 生成域值范围 检查信息, 按照生成的域值范围检查信息和所述流表信息转发数据包。 从本 发明方法可见, 通过对数据包域值范围的流表匹配, 根据域值范围对数据包 进行流量聚合, 明显减少了流表配置消息和流表条目,从而降低了 SDN控制 器的计算复杂性, 提高了流表配置效率, 节省了流表硬件资源, 提高了数据 包的转发效率。  The technical solution of the present application includes: generating domain value range check information according to the flow table information including the domain value range, and forwarding the data packet according to the generated domain value range check information and the flow table information. It can be seen from the method of the present invention that traffic matching is performed on the data packet according to the domain value range by matching the flow table range of the packet domain value range, thereby significantly reducing the flow table configuration message and the flow table entry, thereby reducing the computational complexity of the SDN controller. Sexuality improves the efficiency of flow table configuration, saves the flow table hardware resources, and improves the forwarding efficiency of data packets.

Claims

权 利 要 求 书 Claim
1、一种实现数据包转发的方法,包括:根据包含有域值范围的流表信息, 生成域值范围检查信息; A method for implementing data packet forwarding, comprising: generating domain value range check information according to flow table information including a range of domain values;
按照生成的域值范围检查信息和所述流表信息转发数据包。  The data packet is forwarded according to the generated domain value range check information and the flow table information.
2、 根据权利要求 1所述的方法, 其中, 该方法之前还包括: 设置包含有 域值范围的流表信息; 所述流表信息配置在流表中。  2. The method according to claim 1, wherein the method further comprises: setting flow table information including a range of domain values; the flow table information being configured in the flow table.
3、根据权利要求 2所述的方法,其中,所述生成域值范围检查信息包括: 从所述流表中获取需要匹配的域类型及其域值范围, 设置域值范围检查 表;  The method according to claim 2, wherein the generating the domain value range check information comprises: obtaining a domain type to be matched and a range of the domain value from the flow table, and setting a domain value range check table;
域值范围检查表中包括需要检查的域类型, 及其对应的域值范围。  The domain value range checklist includes the type of domain to be checked and its corresponding range of domain values.
4、根据权利要求 3所述的方法, 其中, 所述按照生成的域值范围检查信 息和所述流表信息转发数据包包括: 确定出数据包中存在范围检查表中的域类型, 将该域的域值在域值范围 检查表中对应的条目的域值范围检查标识设置为有效;  The method according to claim 3, wherein the forwarding the data packet according to the generated domain value range check information and the flow table information comprises: determining a domain type in a range check table in the data packet, The domain value of the domain is set to valid in the domain value range check identifier of the corresponding entry in the domain value range check table;
通过元数据将包含有域值范围检查标识的域值范围检查结果携带给流 表;  Carrying the domain value range check result containing the domain value range check identifier to the flow table by using the metadata;
匹配元数据中的域值范围检查结果,与流表中的键值及掩码相与的结果, 如果二者一致则匹配成功; 按照流表配置的对应动作, 对数据包进行转发。  The result of the domain value range check result in the matching metadata is matched with the key value and the mask in the flow table. If the two are consistent, the matching is successful; according to the corresponding action configured by the flow table, the data packet is forwarded.
5、根据权利要求 4所述的方法, 其中, 所述域值范围检查结果由多个所 述域值范围检查标识组成, 为二进制位流, 每个位对应域值范围检查表的某 个条目的索引号。  The method according to claim 4, wherein the field value range check result is composed of a plurality of the field value range check identifiers, which are binary bit streams, and each bit corresponds to an entry of the field value range check table. Index number.
6、根据权利要求 5所述的方法, 其中, 根据域值范围检查表的索引号确 定所述 Key值和掩码。  The method according to claim 5, wherein the Key value and the mask are determined according to an index number of the field value range check table.
7、 根据权利要求 4所述的方法, 其中, 所述动作是 Openflow规范规定 的动作集。  7. The method of claim 4, wherein the action is an action set specified by the Openflow specification.
8、 根据权利要求 2~7任一项所述的方法, 其中, 所述选择的域及其域 值范围釆用扩展的 OpenFlow消息携带; 或者, 通过可扩展匹配 类型-长度- 值 OXM TLV携带选择的域及其所述域值范围。 The method according to any one of claims 2 to 7, wherein the selected domain and its domain The range of values is carried with the extended OpenFlow message; or the selected field and its range of field values are carried by the extensible matching type-length-value OXM TLV.
9、根据权利要求 8所述的方法, 其中, 所述域值范围对应的域为现有流 表的匹配域中的某域, 或者各域的任意组合。  The method according to claim 8, wherein the domain corresponding to the domain value range is a domain in a matching domain of an existing flow table, or any combination of domains.
10、 一种实现数据包转发的系统, 至少包括流表处理单元, 数据包处理 单元; 其中,  10. A system for implementing packet forwarding, comprising at least a flow table processing unit and a data packet processing unit; wherein
流表处理单元, 设置为: 根据包含有域值范围的流表信息, 生成域值范 围检查信息;  The flow table processing unit is configured to: generate domain value range check information according to the flow table information including the domain value range;
数据包处理单元, 设置为: 按照生成的域值范围检查信息和所述流表信 息转发数据包。  The packet processing unit is configured to: forward the data packet according to the generated domain value range check information and the flow table information.
11、 根据权利要求 10所述的系统, 其中, 该系统还包括: 流表信息下发 单元, 设置为: 将包含有域值范围的流表信息配置在流表中, 并下发给所述 流表处理单元。  The system of claim 10, wherein the system further comprises: a flow table information sending unit, configured to: configure the flow table information including the domain value range in the flow table, and send the information to the Flow table processing unit.
12、 根据权利要求 11所述的系统, 其中, 所述流表处理单元, 设置为: 从所述流表中获取需要匹配的域类型及域值范围, 设置域值范围检查表; 在 域值范围检查表中包括需要检查的域类型, 及其对应的域值范围。  The system according to claim 11, wherein the flow table processing unit is configured to: obtain a domain type and a range of domain values to be matched from the flow table, and set a domain value range check table; The range check table includes the type of domain to be checked and its corresponding range of domain values.
13、根据权利要求 12所述的系统,其中,所述数据包处理单元,设置为: 确定数据包中存在范围检查表中的域类型时, 确定该域的域值在域值范围检 查表中对应的索引号, 并将该索引号对应的条目的域值范围检查标识设置为 有效; 将携带有包含域值范围检查标识的域值范围检查结果的元数据通知给 流表; 匹配元数据中的域值范围检查结果, 与流表中的键 Key值及掩码相与 的结果, 二者一致, 则表明该数据包的域值在范围之内; 按照流表配置的对 应动作, 对数据包进行转发。  The system according to claim 12, wherein the data packet processing unit is configured to: when determining a domain type in the range check table in the data packet, determining that the domain value of the domain is in the domain value range check table Corresponding index number, and setting the domain value range check identifier of the entry corresponding to the index number to be valid; notifying the flow table the metadata carrying the domain value range check result including the domain value range check identifier; matching metadata The result of the field value range check result is the same as the result of the key Key value and the mask in the flow table. If the two are consistent, the domain value of the data packet is within the range; according to the corresponding action of the flow table configuration, the data is The package is forwarded.
14、 根据权利要求 11~13任一项所述的系统, 其中, 所述流表信息下发 单元设置在软件定义网络 SDN控制器中。  The system according to any one of claims 11 to 13, wherein the flow table information delivery unit is disposed in a software defined network SDN controller.
15、 根据权利要求 10~13任一项所述的系统, 其中, 所述流表处理单元 和数据包处理单元设置在 OpenFlow交换机中。  The system according to any one of claims 10 to 13, wherein the flow table processing unit and the data packet processing unit are disposed in an OpenFlow switch.
PCT/CN2014/075370 2013-05-13 2014-04-15 Method and system for realizing forwarding of data packet WO2014183518A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310174979.X 2013-05-13
CN201310174979.XA CN104158745B (en) 2013-05-13 2013-05-13 A kind of method and system for realizing data packet forwarding

Publications (1)

Publication Number Publication Date
WO2014183518A1 true WO2014183518A1 (en) 2014-11-20

Family

ID=51884154

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/075370 WO2014183518A1 (en) 2013-05-13 2014-04-15 Method and system for realizing forwarding of data packet

Country Status (2)

Country Link
CN (1) CN104158745B (en)
WO (1) WO2014183518A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104486119A (en) * 2014-12-16 2015-04-01 盛科网络(苏州)有限公司 Method and system for achieving batch management switch through improved openflow protocol
CN105791107A (en) * 2014-12-22 2016-07-20 中兴通讯股份有限公司 ACL (Access Control List) rule configuration method, matching method and related device
CN106034133B (en) * 2015-03-19 2019-05-28 华为技术有限公司 A kind of openflow processing method, message treatment method, controller and interchanger
CN105656814B (en) * 2016-02-03 2019-01-01 浪潮(北京)电子信息产业有限公司 A kind of SDN network repeater system and method
EP3501146A1 (en) * 2016-08-26 2019-06-26 Huawei Technologies Co., Ltd. A data packet forwarding unit in a data transmission network
CN108075977B (en) * 2016-11-10 2020-10-16 英业达科技有限公司 Network system control method and network system
CN108259632B (en) 2017-05-24 2020-02-11 新华三技术有限公司 CGN implementation method and device
CN109495387A (en) * 2017-09-13 2019-03-19 中兴通讯股份有限公司 Flow table matching process, device, system and computer readable storage medium
CN110035012B (en) * 2018-12-25 2021-09-14 中国银联股份有限公司 SDN-based VPN flow scheduling method and SDN-based VPN flow scheduling system
CN110932968B (en) * 2019-11-18 2021-05-14 华南理工大学 Flow forwarding method and device
CN113347090B (en) * 2020-02-18 2023-06-20 华为技术有限公司 Message processing method, forwarding equipment and message processing system
CN114884858A (en) * 2022-01-28 2022-08-09 珠海星云智联科技有限公司 Flow table processing method and related apparatus, electronic device, medium, and program product

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1674557A (en) * 2005-04-01 2005-09-28 清华大学 Parallel IP packet sorter matched with settling range based on TCAM and method thereof
CN102685006A (en) * 2012-05-03 2012-09-19 中兴通讯股份有限公司 Method and device for forwarding data messages
WO2013052564A2 (en) * 2011-10-04 2013-04-11 Big Switch Networks, Inc. System and methods for managing network hardware address requests with a controller

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1674557A (en) * 2005-04-01 2005-09-28 清华大学 Parallel IP packet sorter matched with settling range based on TCAM and method thereof
WO2013052564A2 (en) * 2011-10-04 2013-04-11 Big Switch Networks, Inc. System and methods for managing network hardware address requests with a controller
CN102685006A (en) * 2012-05-03 2012-09-19 中兴通讯股份有限公司 Method and device for forwarding data messages

Also Published As

Publication number Publication date
CN104158745B (en) 2018-11-06
CN104158745A (en) 2014-11-19

Similar Documents

Publication Publication Date Title
WO2014183518A1 (en) Method and system for realizing forwarding of data packet
CN104283756B (en) A kind of method and apparatus for realizing distributed multi-tenant virtual network
CN107204867B (en) Information transmission method, device and system
EP2853069B1 (en) Integrated heterogeneous software-defined network
EP2740239B1 (en) Packet broadcast mechanism in a split architecture network
JP5987920B2 (en) Communication system, control apparatus, and network topology management method
US20170093690A1 (en) Delayed updating of forwarding databases for multicast transmissions over telecommunications networks
US10075371B2 (en) Communication system, control apparatus, packet handling operation setting method, and program
US9712334B2 (en) Efficient multicast topology construction in a routed network
EP2693708A1 (en) Network system and method for acquiring vlan tag information
WO2015085740A1 (en) Network path calculation method and apparatus
CN102685006A (en) Method and device for forwarding data messages
CN104821890A (en) Realization method for OpenFlow multi-level flow tables based on ordinary switch chip
WO2014153967A1 (en) Method, apparatus and system for configuring flow table in openflow network
WO2018042368A1 (en) Techniques for architecture-independent dynamic flow learning in a packet forwarder
WO2014106945A1 (en) Control device, communication system, tunnel endpoint control method and program
WO2018001242A1 (en) Data-message processing method and apparatus
KR101855742B1 (en) Method and apparatus for destination based packet forwarding control in software defined networking
JP5858141B2 (en) Control device, communication device, communication system, communication method, and program
CN105516025A (en) End-to-end path control and data transmission method, OpenFlow controller and a switch
WO2015024412A1 (en) Stream mapping processing method and apparatus
JP5935897B2 (en) COMMUNICATION NODE, COMMUNICATION SYSTEM, CONTROL DEVICE, PACKET TRANSFER METHOD, AND PROGRAM
JP6052284B2 (en) COMMUNICATION DEVICE, CONTROL DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, COMMUNICATION DEVICE CONTROL METHOD, AND PROGRAM
JP5747997B2 (en) Control device, communication system, virtual network management method and program
JP6206493B2 (en) CONTROL DEVICE, COMMUNICATION SYSTEM, RELAY DEVICE CONTROL METHOD, AND PROGRAM

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14797347

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14797347

Country of ref document: EP

Kind code of ref document: A1