WO2014198217A1 - Tunnel processing method and system, control plane equipment and forwarding plane equipment - Google Patents

Tunnel processing method and system, control plane equipment and forwarding plane equipment Download PDF

Info

Publication number
WO2014198217A1
WO2014198217A1 PCT/CN2014/079635 CN2014079635W WO2014198217A1 WO 2014198217 A1 WO2014198217 A1 WO 2014198217A1 CN 2014079635 W CN2014079635 W CN 2014079635W WO 2014198217 A1 WO2014198217 A1 WO 2014198217A1
Authority
WO
WIPO (PCT)
Prior art keywords
tunnel
encapsulation
header
openflow
specified
Prior art date
Application number
PCT/CN2014/079635
Other languages
French (fr)
Chinese (zh)
Inventor
梁乾灯
尤建洁
梁亮
陈勇
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2014198217A1 publication Critical patent/WO2014198217A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/64Hybrid switching systems
    • H04L12/6418Hybrid transport

Definitions

  • the present invention relates to a tunnel processing technology in the field of network communication in a software defined network (SDN) architecture, and more particularly to an open flow (OpenFlow) pipeline.
  • SDN software defined network
  • OpenFlow open flow
  • Tunnel processing method and system control plane device, and forwarding surface device.
  • OSPF open shortest path first
  • Border Gateway Protocol BGP
  • Multicast Differentiated Services
  • Traffic Engineering Network Address Translation
  • Firewall Firewall
  • MPLS Multi-Protocol Label Switching
  • the application program interface (API), while using the controller to control the entire network. Future researchers can freely call the underlying APIs on the controller to program, thus enabling network innovation.
  • the SDN architecture emerged, which was originally a new network innovation architecture proposed by the Stanford University clean slate research group.
  • the core technology is the OpenFlow protocol.
  • the SDN architecture is implemented based on OpenFlow.
  • the data forwarding plane and control plane of the switching device are separated. Therefore, the upgrade of the network protocol and the switching policy only needs to change the control plane.
  • the switch that enters the OpenFlow technology is usually called OpenFlow switch.
  • the OpenFlow switch converts the packet forwarding process that is completely controlled by the switch/router into the OpenFlow switch and the controller.
  • the controller can control the OpenFlow flow table in the OpenFlow switch by using a predetermined interface operation to achieve
  • the purpose of controlling data forwarding is that the SDN architecture based on OpenFlow implements data forwarding on the OpenFlow switch and implements data forwarding control on the controller, thereby realizing the separation of the data forwarding plane and the control layer.
  • the above OpenFlow protocol is a standard for describing information used for interaction between control plane devices (such as OF configuration points and controllers) and forwarding plane devices (such as OpenFlow switches), and interface standards for control plane devices and forwarding plane devices.
  • the core part of the OpenFlow protocol is a collection of information structures for the OpenFlow protocol.
  • the above OpenFlow flow table (also known as a tunnel information flow table) is composed of a plurality of flow entries, and each flow entry is a forwarding rule.
  • the data packet entering the OpenFlow switch is obtained by querying the OpenFlow flow table to obtain the forwarded destination port.
  • An OpenFlow flow table formed by cascading an OpenFlow flow table or multiple OpenFlow flow tables configured to configure a switch forwarding path.
  • Figure 1 is a schematic diagram of a packet flow passing through the OpenFlow pipeline in the prior art.
  • Table 1 and Table 1 to Table On are multiple OpenFlow flow tables, n is a positive integer, and multiple OpenFlow flow tables are cascaded.
  • the pipeline is called the OpenFlow pipeline.
  • Figure 2 shows the packet matching process based on each OpenFlow flow table in the prior art.
  • the process includes: 1) finding the highest priority matching flow table entry in Table O; 2) applying the instruction set The instruction: modify the message or update the matching domain; update the action set; update the metadata; 3) after the matching is successful, send the matching data and the updated action set to the next flow table Tablel.
  • Table O the process includes: 1) finding the highest priority matching flow table entry in Table O; 2) applying the instruction set The instruction: modify the message or update the matching domain; update the action set; update the metadata; 3) after the matching is successful, send the matching data and the updated action set to the next flow table Tablel.
  • the OpenFlow flow table consists of the following fields, such as the matching field, counter, and instruction set shown in Table 1:
  • the match field is the input keyword of the packet matching, which is used to match a flow entry; the priority is the priority of the matching rule in the flow entry; Counters
  • the instruction is used to manage various messages.
  • the instruction set refers to the operation instructions of the packet, including discarding and forwarding the packet to the specified port, setting the packet header field value, and adding the package label.
  • the Action Set is associated with each message. It is passed between multiple flow tables in the OpenFlow pipeline and modified by the operation instructions of each flow table instruction set until the message ends through the OpenFlow pipeline processing. Action set.
  • the current OpenFlow 1.3.2 specifies the set of actions that consist of 11 actions, namely: Copy TTL inwards: The action of copying the TTL to the inner layer is applied to the packet; pop: the operation of applying the popup label to the packet; push-vlan: the operation of pushing the vlan label to the packet; push-mpls: applying the packet to the packet Copy TTL outwards: copy TTL outwards: Apply TTL to the outer layer; decrement TTL: TTL value of the packet minus 1; set: apply set-field action to the packet; qos: match the packet Apply QoS actions, such as Set-queue; group: If a group action is specified, the actions in the related group container are applied in the order of this list; output: If no group action is specified, the message is forwarded according to the output action.
  • Copy TTL inwards The action of copying the TTL to the inner layer is applied to the packet
  • pop the operation of applying the popup label to the packet
  • push-vlan the operation
  • the OpenFlow Management and Configuration Protocol released the first version (OF-CO FIG 1.0 & 1.1), OF-Config 1.1.1
  • the protocol defines the interface of the tunnel attributes such as VxLAN, NV-GRE, and IP-in-GRE (that is, the information about the tunnel type and the tunnel encapsulation is added to the attributes of the interface), and is used to process the tunnels such as VxLAN of the OpenFlow forwarding plane device. .
  • the existing problems in the prior art are:
  • OpenFlow 1.3.2 does not define a tunnel processing action on the forwarding plane pipe of the above tunnel, that is, the tunnel processing for tunnel sealing and decapsulation is still a standard.
  • the behavior outside the definition is not conducive to the service configuration control of the unified forwarding behavior model of the multi-vendor OpenFlow forwarding plane device, so as to accurately control the behavior of the forwarding plane device.
  • the main object of the present invention is to provide a tunnel processing method and system, a control plane device, and a forwarding plane device, which can perform a unified forwarding behavior model for a forwarding plane device for tunnel processing of tunnel sealing and decapsulation.
  • the business configuration controls to precisely control the behavior of the forwarding surface device.
  • a tunnel processing method includes: configuring a set of universal tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to pressing a specified encapsulation header action and popping a specified encapsulation The action of the header; according to the tunnel encapsulation instruction and the decapsulation instruction, respectively perform the corresponding action of injecting the specified encapsulation head and ejecting the specified encapsulation header.
  • the performing the indenting of the specified encapsulation header specifically includes: pressing the encapsulation header of the length and content of the specified encapsulation header into the packet.
  • the performing the action of popping the specified encapsulation header specifically includes: ejecting the outermost encapsulation header of the specified length from the message.
  • the encapsulation head specifically includes a tunnel head, and/or an outer IP head, and/or an ether header.
  • the method further includes: configuring an OpenFlow pipeline that is cascaded by multiple OpenFlow flow tables; any one of the OpenFlow flow tables is configured by multiple flow table entries, where each flow table entry includes at least a matching domain and an instruction set;
  • the matching domain uses the tunnel ID as a matching key value, and the matching key value is filled in the appointment field of the Meta by the upper-level OpenFlow flow table entry;
  • the instruction set includes at least the tunnel encapsulation instruction and the decapsulation instruction.
  • the tunnel ID specifically includes: an interface ID that configures a tunnel attribute.
  • a tunnel processing system comprising: a control plane device, configured to configure a set of universal tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to pressing a specified encapsulation head action and popping a specified encapsulation header; forwarding surface device, setting According to the tunnel encapsulation instruction and the decapsulation instruction, the corresponding action of injecting the specified encapsulation header and ejecting the specified encapsulation header are respectively performed.
  • the forwarding plane device is configured to press the encapsulation header of the length and content of the specified encapsulation header into the packet when the operation of the specified encapsulation header is performed.
  • the forwarding plane device is configured to: when performing the action of popping the specified encapsulation header, eject the outermost encapsulation header of the specified length from the packet.
  • the control plane device is configured to configure the encapsulation head to specifically include a tunnel head, and/or an outer IP header, and/or an Ethernet header.
  • the control plane device is configured to configure multiple OpenFlow flow tables, and any one of the OpenFlow flow tables is composed of multiple flow table entries, where each flow table entry includes at least a matching domain and an instruction set; wherein the matching domain is The tunnel ID is a matching key value, and the matching key value is filled into the Meta by the upper-level OpenFlow flow table entry.
  • the instruction set includes: the tunnel encapsulation instruction and the decapsulation instruction; the forwarding plane device includes an OpenFlow pipeline that is cascaded by the multiple OpenFlow flow tables, and the packet that enters the forwarding plane device is based on The cascading OpenFlow flow tables on the OpenFlow pipeline are sequentially matched and executed.
  • the tunnel ID specifically includes: an interface ID that configures a tunnel attribute.
  • the control plane device includes: an OF configuration point, configured to: after configuring tunnel attribute information for a corresponding interface of a forwarding plane device, notify the controller of the configured tunnel attribute information; and the controller is configured to parse the tunnel attribute A flow table entry having an action of pushing a specified encapsulation header and/or popping a specified encapsulation header, and/or pre-configuring a tunnel encapsulation header is added to the OpenFlow flow table.
  • the controller is configured to pre-select a cascading process of the multiple OpenFlow flow tables of the OpenFlow pipeline on the forwarding plane device, and notify the forwarding plane device; the forwarding plane device is set to In the case of a tunneling process that requires encapsulation or decapsulation, when the packet entering the forwarding plane device is sequentially matched and executed according to the cascading OpenFlow flow table on the OpenFlow pipeline, an OpenFlow flow table in the cascading process is performed. After the matching succeeds, the Meta with the tunnel ID is forwarded to the subsequent OpenFlow flow table that is cascaded with the OpenFlow flow table to continue matching.
  • the forwarding plane device is configured to complete the encapsulation and decapsulation processing of the packet tunnel header when the packet entering the forwarding plane device is processed by the OpenFlow pipeline or the flow table instruction is the action action set Apply Actions.
  • a forwarding plane device configured to perform a corresponding action of injecting a specified encapsulation header and ejecting a specified encapsulation header according to a tunnel encapsulation instruction and a decapsulation instruction, respectively.
  • the present invention configures a set of general-purpose tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to the action of pressing the specified encapsulation header action and popping the specified encapsulation header; respectively, according to the tunnel encapsulation instruction and the decapsulation instruction, respectively performing the corresponding push-in designation of the encapsulation header action and The action of specifying the package header is popped up.
  • FIG. 1 is a schematic diagram of a packet flow passing through an OpenFlow pipeline in the prior art
  • Push-vlan and Push-MPLS Push-PBB their common semantics is to push a special encapsulated data header, but the encapsulation header is not general, or the generality is not strong, for tunnel encapsulation.
  • encapsulation tunneling process for each different packet type, a new push/pop action is required for each type of encapsulation, so the present invention abstracts a more generalized It is more versatile and suitable for tunneling and decapsulating tunnel processing actions.
  • the present invention solves the above general encapsulation problem by extending a set of Push/Pop actions by extending the existing OpenFlow protocol, so as to be able to handle tunnel encapsulation and decapsulation tunneling operations of various message types, and the method of the present invention. Easy to expand and maintain.
  • the OpenFlow pipeline refers to: the OpenFlow pipeline includes an OpenFlow pipeline formed by cascading multiple OpenFlow flow tables, and the OpenFlow pipeline is used to configure the packet forwarding path of the forwarding plane device.
  • the flow table is used to describe the tunnel attribute information.
  • the tunnel is a service attribute.
  • the tunnel attribute information can be used to execute the corresponding service.
  • the tunnel processing method of the present invention includes the following contents: As shown in FIG. 3, the method includes the following steps: Step 101: Configure a set of universal tunnel encapsulation and decapsulation instructions, respectively corresponding to pressing a specified encapsulation header action and popping a specified encapsulation header. Actions.
  • the configured set of general-purpose tunnel encapsulation and decapsulation instructions may be saved in an instruction set of the OpenFlow flow table, so that the subsequent step 102 performs corresponding operations according to corresponding instructions in the instruction set, that is, according to the tunnel
  • the instruction of the channel package corresponds to the action of pushing the specified package header
  • the instruction of the tunnel decapsulation corresponds to the action of popping up the specified package header.
  • the configuration can be implemented in the OF configuration point in the control plane device, and is added to the OpenFlow flow table by the controller in the control plane device.
  • the controller sends the OpenFlow flow table to the forwarding plane device, such as an OpenFlow switch, and is configured on the OpenFlow switch.
  • the instructions in the OpenFlow flow table perform the corresponding actions.
  • Step 102 Perform, according to the tunnel encapsulation and the decapsulation instruction, respectively, a corresponding action of pressing the specified encapsulation head and popping the specified encapsulation header.
  • the indenting specifies a encapsulation header, indicating that a package header that is preset (specifying the length and content of the encapsulation header) is pressed into the message.
  • the specified encapsulation header is displayed, indicating that the outermost encapsulation header of the specified length is ejected from the message.
  • the encapsulation header includes a tunnel head and/or an outer IP header and/or an Ethernet header of a specific tunneling protocol.
  • the controller in the control plane device performs service configuration on multiple OpenFlow flow tables according to whether the encapsulation header is encapsulated.
  • the outer IP header or Ethernet header configure other related actions to properly process the message.
  • the forwarding plane device includes an OpenFlow pipeline formed by cascading a plurality of OpenFlow flow tables, and the OpenFlow pipeline is configured to configure a packet forwarding path of the forwarding plane device, and any OpenFlow flow table uses the tunnel ID as a matching key value, and the tunnel key The value is populated by the upper-level OpenFlow flow table entry onto the contract field of the metadata (Meta). Meta is set to pass specified information directly between OpenFlow flow tables.
  • the tunnel ID can be an interface ID configured with the tunnel attribute. After the OF configuration point is configured with the tunnel attribute of the corresponding interface of the forwarding plane device, the configured tunnel attribute is notified to the controller, such as an OpenFlow controller, where the controller adds a specified encapsulation header and/or pops the specified encapsulation header.
  • the controller pre-configures the flow table process on the OpenFlow pipeline so that it can be in the process.
  • the Meta with the tunnel ID is forwarded to the subsequent OpenFlow flow table that is cascaded with the OpenFlow flow table to continue matching.
  • the tunnel encapsulation is performed according to the action in the flow table entry. Decapsulation processing.
  • the tunnel processing system of the present invention includes the following:
  • the control plane device is configured to configure a set of universal tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to the action of pressing the specified encapsulation header action and popping the specified encapsulation header;
  • the forwarding plane device is set to be according to the tunnel encapsulation instruction and the decapsulation instruction, respectively Perform the corresponding push-in to specify the package header action and pop the specified package header.
  • the forwarding plane device is configured to press the encapsulation header of the length and content of the specified encapsulation header into the packet when performing the operation of injecting the specified encapsulation header.
  • the forwarding plane device is configured to: when performing the action of popping the specified encapsulation header, eject the outermost encapsulation header of the specified length from the packet.
  • the control plane device is configured to configure the encapsulation head to specifically include a tunnel head, and/or an outer IP header, and/or an Ethernet header.
  • the control plane device is configured to configure multiple OpenFlow flow tables, and any one of the OpenFlow flow tables is composed of multiple flow table entries, where each flow table entry includes at least a matching domain and an instruction set; wherein the matching domain is matched by the tunnel ID.
  • the key value and the matching key value are filled in the contracting field of the Meta by the upper-level OpenFlow flow table entry;
  • the instruction set includes at least the tunnel encapsulation instruction and the decapsulation instruction;
  • the forwarding plane device comprises a plurality of OpenFlow flow table cascading The OpenFlow pipeline, the packets entering the forwarding plane device are sequentially matched and executed according to the cascading OpenFlow flow table on the OpenFlow pipeline.
  • the tunnel ID specifically includes: an interface ID for configuring a tunnel attribute.
  • the control plane device includes: an OF configuration point, configured to notify the controller of the configured tunnel attribute information after the tunnel attribute information is configured for the corresponding interface of the forwarding plane device; and the controller is configured to analyze the tunnel attribute information and add the The flow table entry that pushes the specified encapsulation header and/or pops up the specified encapsulation header, and/or presets the contents of the tunnel encapsulation header into the OpenFlow flow table.
  • the OF configuration point and the controller are preferably integrated in one device entity or separately, and there is an interactive interface between the OF configuration point and the controller.
  • the controller is configured to pre-select the cascading process of the multiple OpenFlow flow tables of the OpenFlow pipeline on the forwarding plane device and notify the forwarding plane device; the forwarding plane device is set to be processed in a tunnel that needs to be encapsulated or decapsulated.
  • the forwarding plane device is set to be processed in a tunnel that needs to be encapsulated or decapsulated.
  • the forwarding plane device is configured to perform packet encapsulation and decapsulation processing of the packet tunnel header when the packet entering the forwarding plane device is processed by the OpenFlow pipeline or the flow table instruction is the execution action set Apply Actions.
  • the control plane device of the present invention mainly includes the following contents: The control plane device is configured to configure a set of universal tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to the action of pressing the specified encapsulation header action and popping the specified encapsulation header.
  • the forwarding plane device of the present invention mainly includes the following content:
  • the forwarding plane device is configured to perform a corresponding action of injecting a specified encapsulation header and ejecting a specified encapsulation header according to the tunnel encapsulation instruction and the decapsulation instruction.
  • Application Example 1 This example is an example of an OpenFlow flow table entry, which is an entry of the OpenFlow flow table of the present invention as shown in Table 2 below.
  • the Match Fields entry of the OpenFlow flow table includes a tunnel identifier (ID) corresponding to the tunnel ID field in the matching Meta data;
  • the instruction set (Instructions) of the OpenFlow flow table contains the 'write action' instruction.
  • the action to be written has actions such as pushing the push tunnel header or popping the Pop tunnel header.
  • tunnel refers to the tunnel.
  • the action of pushing the specified encapsulation header or popping the specified encapsulation header can be performed when the flow table instruction ends with the Apply Actions or OpenFlow pipeline.
  • Table 3 is a detailed explanation of the two actions of pushing the specified encapsulation head and popping the specified encapsulation header according to the present invention.
  • the newly defined action for the preset nature tunnel processing is as shown in Table 3:
  • the OF configuration point is configured with the tunnel attribute information and then processed by the controller, and the controller sends the flow table.
  • the packet is forwarded to the forwarding plane device to perform the action of the flow table cascaded according to the pre-selected configuration.
  • the main function is to perform the encapsulation of the specified encapsulation header and the specified encapsulation header, that is, the encapsulation corresponding to the packet tunnel header. Reconciliation encapsulation processing.
  • OpenFlow all rules that comply with the OpenFlow protocol are organized in different OpenFlow flow tables, and are matched in the same OpenFlow flow table according to the priority of the rules.
  • a forwarding plane device may include one or more OpenFlow flow tables, multiple OpenFlow flow tables, and multiple OpenFlow flow tables, which are numbered sequentially from 0.
  • the tunnel processing of the packets entering the forwarding plane device on the OpenFlow pipeline is The pipelined cascading process, specifically, after the packets enter the forwarding plane device, they must be matched in order from the OpenFlow flow table 0.
  • the OpenFlow flow table can be jumped from small to large in order, but cannot be flowed from an OpenFlow.
  • the table forwards to the OpenFlow flow table with a smaller number.
  • the statistics corresponding to the rule are first updated (such as the total number of successfully matched packets and the total number of bytes).
  • Push GRE Ethertype Push a new GRE header header Ether type onto the packet.
  • the Package GRE header Ethertype is used as the
  • the GRE header is encapsulated to push the GRE header into the message.
  • the PEP tunnel header indicates that the outermost GRE header is popped from the packet.
  • the configuration of the GRE interface is used as an example to describe the process of configuring and controlling the forwarding of packets on the forwarding plane.
  • the user or the upper-layer service plane (APP) can dynamically specify the interface of a topology node in the SDN network (physical interface or The created logical interface is configured. If the APP can master the routing information and the corresponding Address Resolution Protocol (ARP) information, the ARP includes its association with the APP with routing/ARP function, or the static configuration, the APP can use the GRE tunnel.
  • ARP Address Resolution Protocol
  • the tunnel header encapsulation information, the outer IP header and the Ethernet header are sent to the control plane device, and are decomposed to the OF configuration point and the OpenFlow controller for processing, respectively creating/configuring the attributes of the interface and delivering the flow for the tunnel encapsulation.
  • the table (executing the tunnel encapsulation action, which can be encapsulated to the Ethernet header all the time) to the forwarding plane device. If the APP cannot grasp the routing and ARP information, in the implementation, the control plane device (mainly the controller) is required to provide the routing function and the query function of the ARP module (which is planned in the software architecture of some vendors' controllers). The control plane device performs the conversion.
  • the corresponding controller is notified, and the controller queries the routing/ARP information locally or to the APP with the routing/ARP function, and then generates a flow table.
  • the information is forwarded to the associated forwarding plane device, and is associated with the flow table and the corresponding route.
  • the route update causes the actual outbound interface to change
  • the flow table is updated, and the encapsulation information is modified (mainly, the outer layer of the encapsulation information is updated. ) and the action of the outgoing interface.
  • the OpenFlow pipeline is configured in the traditional router device forwarding manner and the OpenFlow pipeline is cascaded, the implementation may be simpler.
  • the encapsulation information of the flow table entries in the OpenFlow flow table may include only the tunnel header and/or the IP header (depending on the tunnel type)
  • the GRE tunnel type should include the IP header.
  • After Apply Actions performs the encapsulation action, it will continue to jump to the routing table with routing function or the next-level cascading pipeline to continue processing the outer IP.
  • the routing and modification of the Ethernet action since these actions are not standardized, and the extended implementation options are relatively large, the present invention only preferentially focuses on the encapsulation and decapsulation actions of the tunnel information.
  • Application Example 3 This example provides packet encapsulation when the tunnel is GRE according to the embodiment of the present invention. For details, refer to Table 5.
  • Table 5 is a basic format of a packet encapsulation header when the tunnel is GRE. When the tunnel is GRE, the format of the encapsulated packet in the GRE tunnel is:
  • the service configuration control of the forwarding forwarding model can be performed on the forwarding plane device to accurately control the behavior of the forwarding plane device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed are a tunnel processing method and system, control plane equipment and forwarding plane equipment. The method comprises: configuring a group of general tunnel encapsulation commands and decapsulation commands which correspond to the action of compressing into a specified encapsulation header and the action of popping up a specified encapsulation header respectively; then executing the corresponding actions of compressing into the specified encapsulation header and popping up the specified encapsulation header according to the tunnel encapsulation and decapsulation commands respectively. The forwarding plane equipment is configured to execute the corresponding actions of compressing into the specified encapsulation head and popping up the specified encapsulation head according to the tunnel encapsulation and decapsulation commands respectively. By using the invention with respect to tunnel encapsulation and decapsulation processing, uniform service configuration controls of forwarding behavior models can be carried out in the forwarding plane equipment to accurately control the behavior of said equipment.

Description

一种隧道处理方法及系统、 控制面设备、 转发面设备 技术领域 本发明涉及软件定义网络 (SDN, Software Defined Network) 架构网络通信领域 的隧道处理技术, 尤其涉及一种开放流 (OpenFlow) 管道上的隧道处理方法及系统、 控制面设备、 转发面设备。 背景技术 由于现在的网络暴露出了越来越多的弊病以及人们对网络性能的需求越来越高, 研究人员不得不把很多复杂功能加入到路由器的体系结构当中, 例如开放式最短路径 优先(OSPF)、边界网关协议(BGP)、组播、区分服务、流量工程、网络地址转换(NAT)、 防火墙、 多协议标签交换 (MPLS ) 功能等。 这就使得路由器等交换设备越来越臃肿 而且性能提升的空间越来越小。 然而, 与网络领域的困境截然不同的是, 计算机领域实现了日新月异的发展。 仔 细回顾计算机领域的发展, 不难发现其关键在于计算机领域找到了一个简单可用的硬 件底层 (x86指令集)。 由于有了这样一个公用的硬件底层, 所以在软件方面, 不论是 应用程序还是操作系统都取得了飞速的发展。 现在很多主张重新设计计算机网络体系 结构的人士认为:网络可以复制计算机领域的成功来解决现在网络所遇到的所有问题。 在这种思想的指导下, 将来的网络必将是这样的: 底层的数据通路(交换机、 路由器) 是" *的、 简单的、最小的", 并定义一个对外开放的关于流表的公用的应用程序接口 (API, Application Program Interface), 同时采用控制器来控制整个网络。 未来的研究 人员就可以在控制器上自由的调用底层的 API来编程, 从而实现网络的创新。 基于上述的理念出现了 SDN架构, 其最初是由美国斯坦福大学 clean slate研究组 提出的一种新型网络创新架构。 目前, 其核心技术是开放流 (OpenFlow) 协议, 基于 OpenFlow实现 SDN架构,在 SDN架构中,交换设备的数据转发面和控制面是分离的, 因此网络协议和交换策略的升级只需要改动控制面, 通过将数据转发面和控制面的分 离, 实现了对网络流量的灵活控制, 为核心网络及应用的创新提供了良好的平台。 弓 I入 OpenFlow技术后的交换机, 通常称为 OpenFlow交换机, 其区别于传统的交 换机, OpenFlow 交换机将原来完全由交换机 /路由器控制的报文转发过程转化为由 OpenFlow交换机和控制器来共同完成, 实现了数据转发和路由控制的分离。控制器可 以通过事先规定好的接口操作来控制 OpenFlow交换机中的 OpenFlow流表,从而达到 控制数据转发的目的, 也就是说, 基于 OpenFlow的 SDN架构是在 OpenFlow交换机 上实现数据转发, 而在控制器上实现数据的转发控制, 从而实现了上述数据转发面和 控制层的分离。 上述 OpenFlow协议, 是用来描述控制面设备(如 OF配置点和控制器)和转发面 设备 (如 OpenFlow交换机) 之间交互所用信息的标准, 以及控制面设备和转发面设 备的接口标准。 OpenFlow协议的核心部分是用于 OpenFlow协议信息结构的集合。 上述 OpenFlow流表 (也称为隧道信息流表) 由很多个流表项组成, 每个流表项 就是一个转发规则。进入 OpenFlow交换机的数据包通过查询 OpenFlow流表来获得转 发的目的端口。 OpenFlow流表或经过配置的多个 OpenFlow流表级联而形成的 OpenFlow管道, 用来配置交换机转发路径。 如图 1所示为现有技术的报文流通过 OpenFlow管道的示 意图, 图 1 中 Table0、 Table 1~ TableOn为多个 OpenFlow流表, n为正整数, 多个 OpenFlow流表级联所构成的管道称为所述 OpenFlow管道。 如图 2所示为现有技术基于每个 OpenFlow流表的报文匹配处理过程, 以 TableO 为例, 该过程包括: 1 ) 在 TableO找到最高优先级的匹配流表条目; 2) 应用指令集的 指令: 修改报文或更新匹配的域; 更新动作集; 更新元数据; 3 ) 匹配成功后将匹配数 据和更新的动作集发送给下一个流表 Tablel。 以下对现有的 OpenFlow流表举例描述如下: TECHNICAL FIELD The present invention relates to a tunnel processing technology in the field of network communication in a software defined network (SDN) architecture, and more particularly to an open flow (OpenFlow) pipeline. Tunnel processing method and system, control plane device, and forwarding surface device. BACKGROUND OF THE INVENTION As today's networks expose more and more ills and the need for network performance is increasing, researchers have to incorporate many complex functions into the router's architecture, such as open shortest path first ( OSPF), Border Gateway Protocol (BGP), Multicast, Differentiated Services, Traffic Engineering, Network Address Translation (NAT), Firewall, Multi-Protocol Label Switching (MPLS), etc. This makes switching devices such as routers more and more bloated and the space for performance improvement is getting smaller and smaller. However, in stark contrast to the dilemma of the network sector, the computer field has evolved with each passing day. A careful review of the development of the computer field, it is not difficult to find that the key is that the computer field has found a simple and usable hardware underlying (x86 instruction set). Thanks to such a common hardware underlying layer, in terms of software, both the application and the operating system have achieved rapid development. Many people who advocate redesigning the computer network architecture now believe that the network can replicate the success of the computer field to solve all the problems encountered by the current network. Under the guidance of this idea, the future network must be like this: The underlying data path (switch, router) is "*, simple, minimal" and defines a publicly available flow table that is open to the public. The application program interface (API), while using the controller to control the entire network. Future researchers can freely call the underlying APIs on the controller to program, thus enabling network innovation. Based on the above concept, the SDN architecture emerged, which was originally a new network innovation architecture proposed by the Stanford University clean slate research group. At present, the core technology is the OpenFlow protocol. The SDN architecture is implemented based on OpenFlow. In the SDN architecture, the data forwarding plane and control plane of the switching device are separated. Therefore, the upgrade of the network protocol and the switching policy only needs to change the control plane. By separating the data forwarding plane and the control plane, flexible control of network traffic is realized, which provides a good platform for innovation of core network and application. The switch that enters the OpenFlow technology is usually called OpenFlow switch. It is different from the traditional switch. The OpenFlow switch converts the packet forwarding process that is completely controlled by the switch/router into the OpenFlow switch and the controller. The separation of data forwarding and routing control. The controller can control the OpenFlow flow table in the OpenFlow switch by using a predetermined interface operation to achieve The purpose of controlling data forwarding is that the SDN architecture based on OpenFlow implements data forwarding on the OpenFlow switch and implements data forwarding control on the controller, thereby realizing the separation of the data forwarding plane and the control layer. The above OpenFlow protocol is a standard for describing information used for interaction between control plane devices (such as OF configuration points and controllers) and forwarding plane devices (such as OpenFlow switches), and interface standards for control plane devices and forwarding plane devices. The core part of the OpenFlow protocol is a collection of information structures for the OpenFlow protocol. The above OpenFlow flow table (also known as a tunnel information flow table) is composed of a plurality of flow entries, and each flow entry is a forwarding rule. The data packet entering the OpenFlow switch is obtained by querying the OpenFlow flow table to obtain the forwarded destination port. An OpenFlow flow table formed by cascading an OpenFlow flow table or multiple OpenFlow flow tables configured to configure a switch forwarding path. Figure 1 is a schematic diagram of a packet flow passing through the OpenFlow pipeline in the prior art. In Table 1, Table 0 and Table 1 to Table On are multiple OpenFlow flow tables, n is a positive integer, and multiple OpenFlow flow tables are cascaded. The pipeline is called the OpenFlow pipeline. Figure 2 shows the packet matching process based on each OpenFlow flow table in the prior art. Taking Table O as an example, the process includes: 1) finding the highest priority matching flow table entry in Table O; 2) applying the instruction set The instruction: modify the message or update the matching domain; update the action set; update the metadata; 3) after the matching is successful, send the matching data and the updated action set to the next flow table Tablel. The following describes the existing OpenFlow flow table as follows:
OpenFlow流表由表 1所示的匹配域、 计数器和指令集等以下几个字段构成:
Figure imgf000004_0001
The OpenFlow flow table consists of the following fields, such as the matching field, counter, and instruction set shown in Table 1:
Figure imgf000004_0001
表 1 表 1中, 匹配域(Match Fields)为报文匹配的输入关键字, 用于匹配一条流表项; 优先级 (Priority) 为流表项中先后匹配规则的优先级; 计数器 (Counters) 为用于管 理用的各种统计信息; 指令集 (Instructions) 是指对报文的操作指令, 包括丢弃、 转 发报文到指定端口、 设置报文头部字段值、 增加封装标签等。 动作集 (Action Set)和 每个报文相关联, 它在 OpenFlow管道的多个流表之间传递并被各流表指令集的操作 指令所修改, 直到报文经由 OpenFlow管道处理结束, 形成最终的动作集。 当前最新 的 OpenFlow 1.3.2规定了 11种动作构成的动作集, 分别是: copy TTL inwards: 对报文应用向内层复制 TTL的动作; pop: 对报文应用弹出标签的操作; push-vlan: 对报文应用压入 vlan标签的操作; push-mpls: 对报文应用压入 mpls标签的操作; copy TTL outwards: 对报文应用向外层复制 TTL的动作; decrement TTL: 报文的 TTL值减 1; set: 对报文应用 set-field动作; qos: 对报文应用 QoS动作, 如 Set-queue; group:如果指定了一个组动作,那么按照此列表的顺序应用相关组容器中的动作; output: 如果没有指定组动作, 那么就按照 output动作将报文转发到指定的端口; push PBB: 对报文应用 PBB标签压入动作。 为了使用 IDC场景的业务需求(例如多租户、虚拟机迁移)并兼容现有网络协议, OpenFlow管理和配置协议发布了第一个版本(OF-CO FIG 1.0 & 1.1 ), OF-Config 1.1.1 协议定义了 VxLAN、 NV-GRE, IP-in-GRE等隧道属性的接口 (即在接口的属性中增 加隧道类型和隧道封装相关的信息), 用于处理 OpenFlow转发面设备的 VxLAN等隧 道的处理。 现有技术存在的问题是: 最新的 OpenFlow协议 (OpenFlow 1.3.2) 并没有为此定 义处理上述隧道的转发面管道上的隧道处理动作, 也就是针对隧道封转和解封装的隧 道处理仍然属于标准定义之外的行为, 不利于对多厂商 OpenFlow转发面设备做统一 的转发行为模型的业务配置控制, 以精确控制转发面设备的行为。 针对这个问题, 目 前尚未存在有效的解决方案。 发明内容 有鉴于此, 本发明的主要目的在于提供一种隧道处理方法及系统、 控制面设备、 转发面设备, 针对隧道封转和解封装的隧道处理, 能对转发面设备做统一的转发行为 模型的业务配置控制, 以精确控制转发面设备的行为。 为达到上述目的, 本发明的技术方案是这样实现的: 一种隧道处理方法, 该方法 包括: 配置一组通用性的隧道封装指令和解封装指令, 分别对应压入指定封装头动作 和弹出指定封装头的动作; 根据隧道封装指令和解封装指令, 分别执行对应的压入指 定封装头动作和弹出指定封装头的动作。 其中, 执行所述压入指定封装头动作具体包括: 将指定封装头的长度和内容的封 装头压入报文中。 其中, 执行所述弹出指定封装头的动作具体包括: 将指定长度的最外层封装头从 报文中弹出。 其中, 所述封装头具体包括隧道头、 和 /或外层 IP头、 和 /或以太头。 其中, 该方法还包括: 配置由多个开放流 OpenFlow流表级联而成的 OpenFlow管 道; 任意一个 OpenFlow流表由多个流表条目构成, 每一个流表条目至少包括匹配域、 指令集; 其中, 所述匹配域以隧道 ID为匹配键值, 所述匹配键值由上一级 OpenFlow 流表条目填充到 Meta的约定字段上;所述指令集至少包括所述隧道封装指令和解封装 指令。 其中, 所述隧道 ID具体包括: 配置隧道属性的接口 ID。 一种隧道处理系统, 该系统包括: 控制面设备, 设置为配置一组通用性的隧道封 装指令和解封装指令, 分别对应压入指定封装头动作和弹出指定封装头的动作; 转发 面设备, 设置为根据隧道封装指令和解封装指令, 分别执行对应的压入指定封装头动 作和弹出指定封装头的动作。 其中, 所述转发面设备, 设置为执行所述压入指定封装头动作时, 将指定封装头 的长度和内容的封装头压入报文中。 其中, 所述转发面设备, 设置为执行所述弹出指定封装头的动作时, 将指定长度 的最外层封装头从报文中弹出。 其中, 所述控制面设备, 设置为配置所述封装头具体包括隧道头、 和 /或外层 IP 头、 和 /或以太头。 其中, 所述控制面设备, 设置为配置多个 OpenFlow流表, 任意一个 OpenFlow流 表由多个流表条目构成, 每一个流表条目至少包括匹配域、 指令集; 其中, 所述匹配 域以隧道 ID为匹配键值, 所述匹配键值由上一级 OpenFlow流表条目填充到 Meta的 约定字段上; 所述指令集至少包括所述隧道封装指令和解封装指令;所述转发面设备, 包括由所述多个 OpenFlow流表级联而成的 OpenFlow管道,进入转发面设备的报文根 据所述 OpenFlow管道上级联的 OpenFlow流表依序匹配执行。 其中, 所述隧道 ID具体包括: 配置隧道属性的接口 ID。 其中, 所述控制面设备, 包括: OF配置点, 设置为给一个转发面设备的对应接口 配置隧道属性信息后, 将配置的隧道属性信息通知控制器; 控制器, 设置为解析所述 隧道属性信息后添加具有压入指定封装头和 /或弹出指定封装头的动作、和 /或预置隧道 封装头内容的流表条目到所述 OpenFlow流表中。 其中, 所述控制器, 设置为对转发面设备上所述 OpenFlow 管道的所述多个 OpenFlow流表的级联流程进行预选配置并通知所述转发面设备; 所述转发面设备, 设 置为在需要做封装或解封装的隧道处理情况下, 所述进入转发面设备的报文根据所述 OpenFlow管道上级联的 OpenFlow流表依序匹配执行时, 在所述级联流程中的一个 OpenFlow流表匹配成功后, 携带填有隧道 ID的 Meta跳转到与该 OpenFlow流表级联 的后续一个 OpenFlow流表上继续匹配, 匹配成功后根据流表条目中的压入指定封装 头动作和弹出指定封装头的动作, 分别执行报文隧道头的封装和解封装处理。 其中, 所述转发面设备, 设置为所述进入转发面设备的报文经由 OpenFlow管道 处理结束或流表指令为执行动作集 Apply Actions时,分别完成所述报文隧道头的封装 和解封装处理。 一种控制面设备, 控制面设备, 设置为配置一组通用性的隧道封装指令和解封装 指令, 分别对应压入指定封装头动作和弹出指定封装头的动作。 一种转发面设备, 该转发面设备, 设置为根据隧道封装指令和解封装指令, 分别 执行对应的压入指定封装头动作和弹出指定封装头的动作。 本发明配置一组通用性的隧道封装指令和解封装指令, 分别对应压入指定封装头 动作和弹出指定封装头的动作; 根据隧道封装指令和解封装指令, 分别执行对应的压 入指定封装头动作和弹出指定封装头的动作。 由于本发明配置了一组通用性的隧道封装指令和解封装指令, 能对转发面设备做 统一的转发行为模型的业务配置控制, 以精确控制转发面设备的行为, 相应地, 分别 执行对应的压入指定封装头动作和弹出指定封装头的动作, 从而对现有 OpenFlow协 议进行了扩展, 能处理隧道的转发面管道上的隧道处理动作, 即针对隧道封转和解封 装的隧道处理操作。 附图说明 图 1为现有技术的报文流通过 OpenFlow管道的示意图; 图 2为现有技术中基于每个 OpenFlow流表的报文匹配处理示意图; 图 3为本发明方法原理的实现流程示意图。 具体实施方式 下面结合附图对技术方案的实施作进一步的详细描述。 现有标准动作中 Push-vlan、 Push-MPLS Push-PBB, 它们共同的语义是压入一种 特殊的封装数据头, 但是该封装头不具有一般性, 或者说通用性不强, 针对隧道封装 和解封装的隧道处理而言, 对应不同报文类型, 每增加一种封装类型, 就需要一组新 的压入 (Push) /弹出 (Pop) 动作, 由此本发明抽象出一种更一般化, 通用性更强, 适合做隧道封装和解封装的隧道处理动作, 避免每增加一种封装类型, 就需要一组新 的 Push/Pop动作。 具体的, 本发明通过扩展现有 OpenFlow协议, 新增一组 Push/Pop 动作来解决上述一般性封装问题, 从而能处理各种报文类型的隧道封装和解封装的隧 道处理操作, 本发明的方法易于扩展和维护。 就本文的 OpenFlow管道和隧道的区别而言, OpenFlow管道指: 转发面设备中包 括由多个 OpenFlow流表级联而形成的 OpenFlow管道, OpenFlow管道用来配置转发 面设备的报文转发路径, OpenFlow流表用于描述隧道属性信息, 隧道是业务属性, 有 了隧道属性信息才能执行对应的业务。 本发明的隧道处理方法包括以下内容: 如图 3所示, 该方法包括以下步骤: 步骤 101、 配置一组通用性的隧道封装和解封装指令, 分别对应压入指定封装头 动作和弹出指定封装头的动作。 这里, 可以将配置的一组通用性的隧道封装和解封装指令保存于 OpenFlow流表 的指令集中, 以便后续步骤 102按照指令集中的对应指令执行相应的操作, 即根据隧 道封装的指令对应执行压入指定封装头的动作, 及隧道解封装的指令对应执行弹出指 定封装头的动作。 该配置可以在控制面设备中的 OF配置点实现, 交由控制面设备中 的控制器添加到 OpenFlow 流表中, 控制器下发 OpenFlow流表给转发面设备, 如 OpenFlow交换机,在 OpenFlow交换机针对 OpenFlow流表中的指令执行对应的动作。 步骤 102、 根据隧道封装和解封装指令, 分别执行对应的压入指定封装头动作和 弹出指定封装头的动作。 由上述步骤 101 102组成的方案中, 其中, 该压入指定封装头, 表示将一个预置好 (指定封装头的长度和内容) 的封 装头压入报文中。 弹出指定封装头, 表示将指定长度的最外层封装头从报文中弹出。 其中, 该封装头建议包括具体隧道协议的隧道头和 /或外层 IP头和 /或以太头, 控 制面设备中的控制器对多个 OpenFlow流表进行业务配置时应根据封装头是否封装了 外层 IP头或以太头, 配置其他相关动作以便正确处理报文。 其中, 转发面设备中包括由多个 OpenFlow流表级联而形成的 OpenFlow管道, OpenFlow管道用来配置转发面设备的报文转发路径, 任意一个 OpenFlow流表以隧道 ID为匹配键值, 隧道键值由上一级 OpenFlow流表条目填充到元数据 (Meta) 的约定 字段上。 Meta设置为在 OpenFlow流表间直接传递指定信息。 其中, 隧道 ID可以是配置隧道属性的接口 ID。 其中, OF配置点给一个转发面设备的对应接口配置隧道属性后,将配置的隧道属 性通知给控制器, 如 OpenFlow控制器, 由控制器添加具有压入指定封装头和 /或弹出 指定封装头的动作、 和 /或预置隧道封装头内容的流表条目到 OpenFlow流表。 其中, 在特定流 (特定流为需执行封装或解封装的流) 需要做封装或解封装的隧 道处理时, 控制器会预先配置 OpenFlow管道上的流表流程, 使之能在该流程中的一 个 OpenFlow流表匹配成功后,携带填有隧道 ID的 Meta跳转到与该 OpenFlow流表级 联的后续一个 OpenFlow流表上继续匹配, 匹配成功后根据流表条目中的动作执行隧 道的封装或解封装处理。 其中, 报文经由 OpenFlow管道处理结束或流表指令为 "Apply Actions"时, 完成 报文隧道头的封装或解封装处理, 即报文已添加了完整的隧道头或已剥离了隧道头。 本发明的隧道处理系统包括以下内容: 控制面设备, 设置为配置一组通用性的隧道封装指令和解封装指令, 分别对应压 入指定封装头动作和弹出指定封装头的动作; 转发面设备, 设置为根据隧道封装指令和解封装指令, 分别执行对应的压入指定 封装头动作和弹出指定封装头的动作。 其中, 该转发面设备设置为执行压入指定封装头动作时, 将指定封装头的长度和 内容的封装头压入报文中。 其中, 该转发面设备设置为执行弹出指定封装头的动作时, 将指定长度的最外层 封装头从报文中弹出。 其中, 该控制面设备设置为配置封装头具体包括隧道头、 和 /或外层 IP头、 和 /或 以太头。 其中, 该控制面设备设置为配置多个 OpenFlow流表, 任意一个 OpenFlow流表由 多个流表条目构成, 每一个流表条目至少包括匹配域、 指令集; 其中, 匹配域以隧道 ID为匹配键值, 匹配键值由上一级 OpenFlow流表条目填充到 Meta的约定字段上;指 令集至少包括隧道封装指令和解封装指令; 其中, 该转发面设备包括由多个 OpenFlow流表级联而成的 OpenFlow管道, 进入 转发面设备的报文根据 OpenFlow管道上级联的 OpenFlow流表依序匹配执行。 其中, 该隧道 ID具体包括: 配置隧道属性的接口 ID。 其中, 该控制面设备包括: OF配置点, 设置为给一个转发面设备的对应接口配置 隧道属性信息后, 将配置的隧道属性信息通知控制器; 控制器, 设置为解析隧道属性 信息后添加具有压入指定封装头和 /或弹出指定封装头的动作、和 /或预置隧道封装头内 容的流表条目到 OpenFlow流表中。 这里需要指出的是: OF配置点和控制器优选地集成在一个设备实体内, 也可以分 开设置, 在 OF配置点和控制器之间有交互的接口。 其中,该控制器设置为对转发面设备上 OpenFlow管道的多个 OpenFlow流表的级 联流程进行预选配置并通知转发面设备; 该转发面设备设置为在需要做封装或解封装的隧道处理情况下, 进入转发面设备 的报文根据 OpenFlow管道上级联的 OpenFlow流表依序匹配执行时,在级联流程中的 一个 OpenFlow流表匹配成功后,携带填有隧道 ID的 Meta跳转到与该 OpenFlow流表 级联的后续一个 OpenFlow流表上继续匹配, 匹配成功后根据流表条目中的压入指定 封装头动作和弹出指定封装头的动作, 分别执行报文隧道头的封装和解封装处理。 其中, 该转发面设备设置为进入转发面设备的报文经由 OpenFlow管道处理结束 或流表指令为执行动作集 Apply Actions时,分别完成报文隧道头的封装和解封装处理。 本发明的控制面设备主要包括以下内容: 控制面设备, 设置为配置一组通用性的 隧道封装指令和解封装指令,分别对应压入指定封装头动作和弹出指定封装头的动作。 本发明的转发面设备主要包括以下内容: 该转发面设备, 设置为根据隧道封装指 令和解封装指令, 分别执行对应的压入指定封装头动作和弹出指定封装头的动作。 应用实例 1 : 本实例为 OpenFlow流表表项的示例,如以下表 2所示为本发明的 OpenFlow流表 的表项。 In Table 1, the match field (Match Fields) is the input keyword of the packet matching, which is used to match a flow entry; the priority is the priority of the matching rule in the flow entry; Counters The instruction is used to manage various messages. The instruction set refers to the operation instructions of the packet, including discarding and forwarding the packet to the specified port, setting the packet header field value, and adding the package label. The Action Set is associated with each message. It is passed between multiple flow tables in the OpenFlow pipeline and modified by the operation instructions of each flow table instruction set until the message ends through the OpenFlow pipeline processing. Action set. The current OpenFlow 1.3.2 specifies the set of actions that consist of 11 actions, namely: Copy TTL inwards: The action of copying the TTL to the inner layer is applied to the packet; pop: the operation of applying the popup label to the packet; push-vlan: the operation of pushing the vlan label to the packet; push-mpls: applying the packet to the packet Copy TTL outwards: copy TTL outwards: Apply TTL to the outer layer; decrement TTL: TTL value of the packet minus 1; set: apply set-field action to the packet; qos: match the packet Apply QoS actions, such as Set-queue; group: If a group action is specified, the actions in the related group container are applied in the order of this list; output: If no group action is specified, the message is forwarded according to the output action. The specified port; push PBB: Apply a PBB tag push action to the message. In order to use the business requirements of the IDC scenario (eg multi-tenancy, virtual machine migration) and compatibility with existing network protocols, the OpenFlow Management and Configuration Protocol released the first version (OF-CO FIG 1.0 & 1.1), OF-Config 1.1.1 The protocol defines the interface of the tunnel attributes such as VxLAN, NV-GRE, and IP-in-GRE (that is, the information about the tunnel type and the tunnel encapsulation is added to the attributes of the interface), and is used to process the tunnels such as VxLAN of the OpenFlow forwarding plane device. . The existing problems in the prior art are: The latest OpenFlow protocol (OpenFlow 1.3.2) does not define a tunnel processing action on the forwarding plane pipe of the above tunnel, that is, the tunnel processing for tunnel sealing and decapsulation is still a standard. The behavior outside the definition is not conducive to the service configuration control of the unified forwarding behavior model of the multi-vendor OpenFlow forwarding plane device, so as to accurately control the behavior of the forwarding plane device. In response to this problem, there is currently no effective solution. SUMMARY OF THE INVENTION In view of the above, the main object of the present invention is to provide a tunnel processing method and system, a control plane device, and a forwarding plane device, which can perform a unified forwarding behavior model for a forwarding plane device for tunnel processing of tunnel sealing and decapsulation. The business configuration controls to precisely control the behavior of the forwarding surface device. To achieve the above objective, the technical solution of the present invention is implemented as follows: A tunnel processing method, the method includes: configuring a set of universal tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to pressing a specified encapsulation header action and popping a specified encapsulation The action of the header; according to the tunnel encapsulation instruction and the decapsulation instruction, respectively perform the corresponding action of injecting the specified encapsulation head and ejecting the specified encapsulation header. The performing the indenting of the specified encapsulation header specifically includes: pressing the encapsulation header of the length and content of the specified encapsulation header into the packet. The performing the action of popping the specified encapsulation header specifically includes: ejecting the outermost encapsulation header of the specified length from the message. The encapsulation head specifically includes a tunnel head, and/or an outer IP head, and/or an ether header. The method further includes: configuring an OpenFlow pipeline that is cascaded by multiple OpenFlow flow tables; any one of the OpenFlow flow tables is configured by multiple flow table entries, where each flow table entry includes at least a matching domain and an instruction set; The matching domain uses the tunnel ID as a matching key value, and the matching key value is filled in the appointment field of the Meta by the upper-level OpenFlow flow table entry; the instruction set includes at least the tunnel encapsulation instruction and the decapsulation instruction. The tunnel ID specifically includes: an interface ID that configures a tunnel attribute. A tunnel processing system, the system comprising: a control plane device, configured to configure a set of universal tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to pressing a specified encapsulation head action and popping a specified encapsulation header; forwarding surface device, setting According to the tunnel encapsulation instruction and the decapsulation instruction, the corresponding action of injecting the specified encapsulation header and ejecting the specified encapsulation header are respectively performed. The forwarding plane device is configured to press the encapsulation header of the length and content of the specified encapsulation header into the packet when the operation of the specified encapsulation header is performed. The forwarding plane device is configured to: when performing the action of popping the specified encapsulation header, eject the outermost encapsulation header of the specified length from the packet. The control plane device is configured to configure the encapsulation head to specifically include a tunnel head, and/or an outer IP header, and/or an Ethernet header. The control plane device is configured to configure multiple OpenFlow flow tables, and any one of the OpenFlow flow tables is composed of multiple flow table entries, where each flow table entry includes at least a matching domain and an instruction set; wherein the matching domain is The tunnel ID is a matching key value, and the matching key value is filled into the Meta by the upper-level OpenFlow flow table entry. The instruction set includes: the tunnel encapsulation instruction and the decapsulation instruction; the forwarding plane device includes an OpenFlow pipeline that is cascaded by the multiple OpenFlow flow tables, and the packet that enters the forwarding plane device is based on The cascading OpenFlow flow tables on the OpenFlow pipeline are sequentially matched and executed. The tunnel ID specifically includes: an interface ID that configures a tunnel attribute. The control plane device includes: an OF configuration point, configured to: after configuring tunnel attribute information for a corresponding interface of a forwarding plane device, notify the controller of the configured tunnel attribute information; and the controller is configured to parse the tunnel attribute A flow table entry having an action of pushing a specified encapsulation header and/or popping a specified encapsulation header, and/or pre-configuring a tunnel encapsulation header is added to the OpenFlow flow table. The controller is configured to pre-select a cascading process of the multiple OpenFlow flow tables of the OpenFlow pipeline on the forwarding plane device, and notify the forwarding plane device; the forwarding plane device is set to In the case of a tunneling process that requires encapsulation or decapsulation, when the packet entering the forwarding plane device is sequentially matched and executed according to the cascading OpenFlow flow table on the OpenFlow pipeline, an OpenFlow flow table in the cascading process is performed. After the matching succeeds, the Meta with the tunnel ID is forwarded to the subsequent OpenFlow flow table that is cascaded with the OpenFlow flow table to continue matching. After the matching is successful, the specified encapsulation action and the pop-up specified encapsulation are performed according to the push-in in the flow table entry. The action of the header performs the encapsulation and decapsulation processing of the message tunnel header respectively. The forwarding plane device is configured to complete the encapsulation and decapsulation processing of the packet tunnel header when the packet entering the forwarding plane device is processed by the OpenFlow pipeline or the flow table instruction is the action action set Apply Actions. A control plane device, a control plane device, configured to configure a set of universal tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to the action of pressing a specified encapsulation head action and popping a specified encapsulation header. A forwarding plane device, configured to perform a corresponding action of injecting a specified encapsulation header and ejecting a specified encapsulation header according to a tunnel encapsulation instruction and a decapsulation instruction, respectively. The present invention configures a set of general-purpose tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to the action of pressing the specified encapsulation header action and popping the specified encapsulation header; respectively, according to the tunnel encapsulation instruction and the decapsulation instruction, respectively performing the corresponding push-in designation of the encapsulation header action and The action of specifying the package header is popped up. Since the present invention configures a set of general-purpose tunnel encapsulation instructions and decapsulation instructions, the service configuration control of the unified forwarding behavior model can be performed on the forwarding plane device to accurately control the behavior of the forwarding plane device, and correspondingly, the corresponding voltages are respectively executed. Into the specified package header action and pop the specified package header action, thus the existing OpenFlow protocol The extension is implemented to handle the tunnel processing actions on the forwarding plane of the tunnel, that is, the tunnel processing operations for tunnel encapsulation and decapsulation. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram of a packet flow passing through an OpenFlow pipeline in the prior art; FIG. 2 is a schematic diagram of packet matching processing based on each OpenFlow flow table in the prior art; . DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The implementation of the technical solution will be further described in detail below with reference to the accompanying drawings. In the existing standard actions, Push-vlan and Push-MPLS Push-PBB, their common semantics is to push a special encapsulated data header, but the encapsulation header is not general, or the generality is not strong, for tunnel encapsulation. For the encapsulation tunneling process, for each different packet type, a new push/pop action is required for each type of encapsulation, so the present invention abstracts a more generalized It is more versatile and suitable for tunneling and decapsulating tunnel processing actions. To avoid adding a new type of package, a new set of Push/Pop actions is required. Specifically, the present invention solves the above general encapsulation problem by extending a set of Push/Pop actions by extending the existing OpenFlow protocol, so as to be able to handle tunnel encapsulation and decapsulation tunneling operations of various message types, and the method of the present invention. Easy to expand and maintain. For the difference between the OpenFlow pipeline and the tunnel, the OpenFlow pipeline refers to: the OpenFlow pipeline includes an OpenFlow pipeline formed by cascading multiple OpenFlow flow tables, and the OpenFlow pipeline is used to configure the packet forwarding path of the forwarding plane device. The flow table is used to describe the tunnel attribute information. The tunnel is a service attribute. The tunnel attribute information can be used to execute the corresponding service. The tunnel processing method of the present invention includes the following contents: As shown in FIG. 3, the method includes the following steps: Step 101: Configure a set of universal tunnel encapsulation and decapsulation instructions, respectively corresponding to pressing a specified encapsulation header action and popping a specified encapsulation header. Actions. Here, the configured set of general-purpose tunnel encapsulation and decapsulation instructions may be saved in an instruction set of the OpenFlow flow table, so that the subsequent step 102 performs corresponding operations according to corresponding instructions in the instruction set, that is, according to the tunnel The instruction of the channel package corresponds to the action of pushing the specified package header, and the instruction of the tunnel decapsulation corresponds to the action of popping up the specified package header. The configuration can be implemented in the OF configuration point in the control plane device, and is added to the OpenFlow flow table by the controller in the control plane device. The controller sends the OpenFlow flow table to the forwarding plane device, such as an OpenFlow switch, and is configured on the OpenFlow switch. The instructions in the OpenFlow flow table perform the corresponding actions. Step 102: Perform, according to the tunnel encapsulation and the decapsulation instruction, respectively, a corresponding action of pressing the specified encapsulation head and popping the specified encapsulation header. In the solution consisting of the above step 101 102, wherein the indenting specifies a encapsulation header, indicating that a package header that is preset (specifying the length and content of the encapsulation header) is pressed into the message. The specified encapsulation header is displayed, indicating that the outermost encapsulation header of the specified length is ejected from the message. The encapsulation header includes a tunnel head and/or an outer IP header and/or an Ethernet header of a specific tunneling protocol. The controller in the control plane device performs service configuration on multiple OpenFlow flow tables according to whether the encapsulation header is encapsulated. The outer IP header or Ethernet header, configure other related actions to properly process the message. The forwarding plane device includes an OpenFlow pipeline formed by cascading a plurality of OpenFlow flow tables, and the OpenFlow pipeline is configured to configure a packet forwarding path of the forwarding plane device, and any OpenFlow flow table uses the tunnel ID as a matching key value, and the tunnel key The value is populated by the upper-level OpenFlow flow table entry onto the contract field of the metadata (Meta). Meta is set to pass specified information directly between OpenFlow flow tables. The tunnel ID can be an interface ID configured with the tunnel attribute. After the OF configuration point is configured with the tunnel attribute of the corresponding interface of the forwarding plane device, the configured tunnel attribute is notified to the controller, such as an OpenFlow controller, where the controller adds a specified encapsulation header and/or pops the specified encapsulation header. The action, and/or the flow table entry of the preset tunnel encapsulation header content to the OpenFlow flow table. Wherein, when a specific flow (a specific flow is a flow that needs to be encapsulated or decapsulated) needs to be encapsulated or decapsulated, the controller pre-configures the flow table process on the OpenFlow pipeline so that it can be in the process. After an OpenFlow flow table is successfully matched, the Meta with the tunnel ID is forwarded to the subsequent OpenFlow flow table that is cascaded with the OpenFlow flow table to continue matching. After the matching is successful, the tunnel encapsulation is performed according to the action in the flow table entry. Decapsulation processing. If the packet is processed by the OpenFlow pipeline or the flow table command is "Apply Actions", the encapsulation or decapsulation processing of the packet tunnel header is completed, that is, the packet has been added with a complete tunnel header or the tunnel header has been stripped. The tunnel processing system of the present invention includes the following: The control plane device is configured to configure a set of universal tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to the action of pressing the specified encapsulation header action and popping the specified encapsulation header; the forwarding plane device is set to be according to the tunnel encapsulation instruction and the decapsulation instruction, respectively Perform the corresponding push-in to specify the package header action and pop the specified package header. The forwarding plane device is configured to press the encapsulation header of the length and content of the specified encapsulation header into the packet when performing the operation of injecting the specified encapsulation header. The forwarding plane device is configured to: when performing the action of popping the specified encapsulation header, eject the outermost encapsulation header of the specified length from the packet. The control plane device is configured to configure the encapsulation head to specifically include a tunnel head, and/or an outer IP header, and/or an Ethernet header. The control plane device is configured to configure multiple OpenFlow flow tables, and any one of the OpenFlow flow tables is composed of multiple flow table entries, where each flow table entry includes at least a matching domain and an instruction set; wherein the matching domain is matched by the tunnel ID. The key value and the matching key value are filled in the contracting field of the Meta by the upper-level OpenFlow flow table entry; the instruction set includes at least the tunnel encapsulation instruction and the decapsulation instruction; wherein the forwarding plane device comprises a plurality of OpenFlow flow table cascading The OpenFlow pipeline, the packets entering the forwarding plane device are sequentially matched and executed according to the cascading OpenFlow flow table on the OpenFlow pipeline. The tunnel ID specifically includes: an interface ID for configuring a tunnel attribute. The control plane device includes: an OF configuration point, configured to notify the controller of the configured tunnel attribute information after the tunnel attribute information is configured for the corresponding interface of the forwarding plane device; and the controller is configured to analyze the tunnel attribute information and add the The flow table entry that pushes the specified encapsulation header and/or pops up the specified encapsulation header, and/or presets the contents of the tunnel encapsulation header into the OpenFlow flow table. It should be noted here that the OF configuration point and the controller are preferably integrated in one device entity or separately, and there is an interactive interface between the OF configuration point and the controller. The controller is configured to pre-select the cascading process of the multiple OpenFlow flow tables of the OpenFlow pipeline on the forwarding plane device and notify the forwarding plane device; the forwarding plane device is set to be processed in a tunnel that needs to be encapsulated or decapsulated. After the packets entering the forwarding plane are matched and executed according to the continuation of the OpenFlow flow table on the OpenFlow pipeline, after the OpenFlow flow table in the cascading process is successfully matched, the Meta with the tunnel ID is forwarded to OpenFlow flow table The continuation of the subsequent OpenFlow flow table continues to match. After the matching succeeds, the encapsulation header action and the pop-up specified encapsulation header are performed according to the push-in in the flow table entry, and the encapsulation and decapsulation processing of the packet tunnel header is performed respectively. The forwarding plane device is configured to perform packet encapsulation and decapsulation processing of the packet tunnel header when the packet entering the forwarding plane device is processed by the OpenFlow pipeline or the flow table instruction is the execution action set Apply Actions. The control plane device of the present invention mainly includes the following contents: The control plane device is configured to configure a set of universal tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to the action of pressing the specified encapsulation header action and popping the specified encapsulation header. The forwarding plane device of the present invention mainly includes the following content: The forwarding plane device is configured to perform a corresponding action of injecting a specified encapsulation header and ejecting a specified encapsulation header according to the tunnel encapsulation instruction and the decapsulation instruction. Application Example 1: This example is an example of an OpenFlow flow table entry, which is an entry of the OpenFlow flow table of the present invention as shown in Table 2 below.
Figure imgf000011_0001
Figure imgf000011_0001
表 2  Table 2
( 1 ) 该 OpenFlow流表的匹配域 (Match Fields) 项中包含隧道标识 (ID), 对应 匹配 Meta数据中的隧道 ID字段; (1) The Match Fields entry of the OpenFlow flow table includes a tunnel identifier (ID) corresponding to the tunnel ID field in the matching Meta data;
(2) 该 OpenFlow流表的指令集 (Instructions) 项中包含 '写动作' 指令, 要写 的动作有压入指定封装头(Push tunnel header)或弹出指定封装头(Pop tunnel header) 等动作。 其中, tunnel指隧道。 (2) The instruction set (Instructions) of the OpenFlow flow table contains the 'write action' instruction. The action to be written has actions such as pushing the push tunnel header or popping the Pop tunnel header. Among them, tunnel refers to the tunnel.
( 3 )压入指定封装头, 表示将一个预置好(指定封装头的长度和内容) 的封装头 压入报文中, 如表 3的注解所示。 (3) Pushing the specified package header, indicating that a package header with a preset (specifying the length and content of the package header) is pressed into the message, as shown in the note in Table 3.
(4)弹出指定封装头表示将指定长度的最外层封装头从报文中弹出,如表 3的注 解所示。 (4) The specified encapsulation header pops up to eject the outermost encapsulation header of the specified length from the message, as shown in the annotation in Table 3.
( 5 ) 压入指定封装头或弹出指定封装头的动作可以在流表指令为执行动作集 (Apply Actions) 或 OpenFlow管道结束时执行完毕。 表 3为本发明扩展的压入指定封装头和弹出指定封装头两个动作的具体解释, 新 定义的针对预置性质隧道处理的动作 (Action) 如表 3所示: (5) The action of pushing the specified encapsulation header or popping the specified encapsulation header can be performed when the flow table instruction ends with the Apply Actions or OpenFlow pipeline. Table 3 is a detailed explanation of the two actions of pushing the specified encapsulation head and popping the specified encapsulation header according to the present invention. The newly defined action for the preset nature tunnel processing is as shown in Table 3:
Figure imgf000012_0001
Figure imgf000012_0001
表 3 实施时, 在控制面设备配置, 如果控制面设备由集成的 OF配置点和控制器组成, 则 OF配置点配置完隧道属性信息后交由控制器处理, 且由控制器下发流表给转发面 设备, 以实现对进入转发面设备的报文按照预选配置的流表流级联程执行动作, 主要 是执行压入指定封装头和弹出指定封装头, 即对应报文隧道头的封装和解封装处理。 对于 OpenFlow 来说, 所有遵循 OpenFlow 协议的的规则都被组织在不同的 OpenFlow流表中, 在同一个 OpenFlow流表中按规则的优先级进行先后匹配。 一个转 发面设备可以包含一个或者多个 OpenFlow流表,多个 OpenFlow流表构成的 OpenFlow 管道, 多个 OpenFlow流表从 0依次编号排列, 进入转发面设备的报文在 OpenFlow管 道上的隧道处理是流水线式的级联处理流程, 具体的, 当报文进入转发面设备后, 必 须从 OpenFlow流表 0开始依次匹配, OpenFlow流表可以按次序从小到大越级跳转, 但不能从某一 OpenFlow流表向前跳转至编号更小的 OpenFlow流表,当报文成功匹配 一条流表条目规则后, 将首先更新该规则对应的统计数据 (如成功匹配数据包总数目 和总字节数等),然后根据流表条目规则中指令集的指令进行相应的操作, 比如跳转至 后续一 OpenFlow流表继续处理, 修改或者立即执行该数据包对应的动作集 (Action Set)等。当报文已经处于 OpenFlow管道上最后一个 OpenFlow流表时,其对应的 Action Set中的所有 Action将被执行, 包括转发至某一端口, 修改数据包某一字段, 丢弃数 据包, 封装或解封装等。 应用实例 2: 本实例提供了根据本发明实施例隧道为 GRE时的动作, 具体请参见表 4。 当具体隧道属性类型为 GRE时, 上述的动作可以按如下方式理解:  In the implementation of Table 3, in the control plane device configuration, if the control plane device consists of the integrated OF configuration point and the controller, the OF configuration point is configured with the tunnel attribute information and then processed by the controller, and the controller sends the flow table. The packet is forwarded to the forwarding plane device to perform the action of the flow table cascaded according to the pre-selected configuration. The main function is to perform the encapsulation of the specified encapsulation header and the specified encapsulation header, that is, the encapsulation corresponding to the packet tunnel header. Reconciliation encapsulation processing. For OpenFlow, all rules that comply with the OpenFlow protocol are organized in different OpenFlow flow tables, and are matched in the same OpenFlow flow table according to the priority of the rules. A forwarding plane device may include one or more OpenFlow flow tables, multiple OpenFlow flow tables, and multiple OpenFlow flow tables, which are numbered sequentially from 0. The tunnel processing of the packets entering the forwarding plane device on the OpenFlow pipeline is The pipelined cascading process, specifically, after the packets enter the forwarding plane device, they must be matched in order from the OpenFlow flow table 0. The OpenFlow flow table can be jumped from small to large in order, but cannot be flowed from an OpenFlow. The table forwards to the OpenFlow flow table with a smaller number. When the packet successfully matches a flow table entry rule, the statistics corresponding to the rule are first updated (such as the total number of successfully matched packets and the total number of bytes). Then, according to the instruction of the instruction set in the flow table entry rule, the corresponding operation is performed, for example, jumping to a subsequent OpenFlow flow table to continue processing, modifying or immediately executing the action set (Action Set) corresponding to the data packet. When the packet is already in the last OpenFlow flow table on the OpenFlow pipeline, all actions in its corresponding Action Set will be executed, including forwarding to a port, modifying a field of the packet, dropping the packet, encapsulating or decapsulating. Wait. Application Example 2: This example provides an action when a tunnel is a GRE according to an embodiment of the present invention. For details, refer to Table 4. When the specific tunnel attribute type is GRE, the above actions can be understood as follows:
Action Associated Data 描述  Action Associated Data Description
Push GRE Ethertype Push a new GRE header header 以太类型 onto the packet. The 封装 GRE头 Ethertype is used as the Push GRE Ethertype Push a new GRE header header Ether type onto the packet. The Package GRE header Ethertype is used as the
Ethertpye for the resulting packet (Ethertype for the  Ethertpye for the resulting packet (Ethertype for the
IP payload). Only  IP payload). Only
Ethertype 0x0800 should  Ethertype 0x0800 should
be used.  Be used.
Pop tunnel  Pop tunnel
Pop the outer-most GRE header  Pop the outer-most GRE header
header from the packet.  Header from the packet.
解封装 GRE头 表 4 当具体隧道属性是 GRE时, 相应的动作可以对应理解如下:  Decapsulating the GRE header Table 4 When the specific tunnel attribute is GRE, the corresponding action can be understood as follows:
( 1 ) 封装 GRE隧道头 (Push GRE header) 表示将 GRE头压入报文中。 (1) The GRE header is encapsulated to push the GRE header into the message.
(2) 解封装 GRE隧道头 (Pop tunnel header) 表示将最外层 GRE头从报文中弹 出。 以配置 GRE的接口属性为例,对配置和控制转发面设备进行报文转发的过程进行 描述,可以由用户或上层业务面(APP)动态指定 SDN网络中某个拓扑节点的接口(物 理接口或创建的逻辑接口)进行配置, 这时 APP如果能掌握路由信息以及对应的地址 解析协议 (ARP) 信息, ARP包括其和具备路由 /ARP功能的 APP联动, 或者使用静 态配置, APP可以将 GRE隧道的隧道头封装信息、 外层 IP头和以太头一起下发给控 制面设备, 由其分解给 OF配置点和 OpenFlow控制器进行处理, 分别创建 /配置接口 的属性和下发针对隧道封装的流表 (执行隧道封装的动作, 可以一直封装到以太头) 给转发面设备。 如果 APP不能掌握路由和 ARP信息, 在实施中, 就要求控制面设备 (主要是控 制器) 提供路由和 ARP模块 (一些厂商的控制器的软件架构中规划了这个功能模块) 的查询功能, 在控制面设备做转换, 例如 APP通过 OF配置点配置接口的 GRE隧道 属性后, 通知对应的控制器, 由控制器在本地或向具备路由 /ARP功能的 APP查询路 由 /ARP信息, 然后生成流表下发给相关的转发面设备, 并关联该流表和对应的路由, 在路由更新导致实际的出接口变化时, 更新该流表, 修改封装信息 (主要是更新封装 信息中的外层以太头) 和出接口的动作。 当然在按传统路由器设备转发方式配置 OpenFlow管道并支持 OpenFlow管道级联 时, 实施可以更简单, OpenFlow流表中的流表条目的封装信息可以只包括隧道头和 / 或 IP头 (视隧道类型而定, 例如 GRE隧道类型应该包括 IP头), Apply Actions执行 封装动作后继续跳转到具备路由功能的路由表或下一级级联管道上继续处理外层 IP 的路由和修改以太头动作, 由于这些动作并没有标准化, 而且扩展的实现方案选择比 较多, 所以本发明仅优先专注于隧道信息的封装和解封装动作。 应用实例 3 : 本实例提供了根据本发明实施例隧道为 GRE时的报文封装, 具体请参见表 5, 表 5为本发明隧道为 GRE时的报文封装头的基本格式。 当隧道是 GRE时, GRE隧道封 装后的报文格式为:
Figure imgf000014_0001
(2) The PEP tunnel header indicates that the outermost GRE header is popped from the packet. The configuration of the GRE interface is used as an example to describe the process of configuring and controlling the forwarding of packets on the forwarding plane. The user or the upper-layer service plane (APP) can dynamically specify the interface of a topology node in the SDN network (physical interface or The created logical interface is configured. If the APP can master the routing information and the corresponding Address Resolution Protocol (ARP) information, the ARP includes its association with the APP with routing/ARP function, or the static configuration, the APP can use the GRE tunnel. The tunnel header encapsulation information, the outer IP header and the Ethernet header are sent to the control plane device, and are decomposed to the OF configuration point and the OpenFlow controller for processing, respectively creating/configuring the attributes of the interface and delivering the flow for the tunnel encapsulation. The table (executing the tunnel encapsulation action, which can be encapsulated to the Ethernet header all the time) to the forwarding plane device. If the APP cannot grasp the routing and ARP information, in the implementation, the control plane device (mainly the controller) is required to provide the routing function and the query function of the ARP module (which is planned in the software architecture of some vendors' controllers). The control plane device performs the conversion. For example, after the APP configures the GRE tunnel attribute of the interface through the OF configuration point, the corresponding controller is notified, and the controller queries the routing/ARP information locally or to the APP with the routing/ARP function, and then generates a flow table. The information is forwarded to the associated forwarding plane device, and is associated with the flow table and the corresponding route. When the route update causes the actual outbound interface to change, the flow table is updated, and the encapsulation information is modified (mainly, the outer layer of the encapsulation information is updated. ) and the action of the outgoing interface. Of course, when the OpenFlow pipeline is configured in the traditional router device forwarding manner and the OpenFlow pipeline is cascaded, the implementation may be simpler. The encapsulation information of the flow table entries in the OpenFlow flow table may include only the tunnel header and/or the IP header (depending on the tunnel type) For example, the GRE tunnel type should include the IP header. After Apply Actions performs the encapsulation action, it will continue to jump to the routing table with routing function or the next-level cascading pipeline to continue processing the outer IP. The routing and modification of the Ethernet action, since these actions are not standardized, and the extended implementation options are relatively large, the present invention only preferentially focuses on the encapsulation and decapsulation actions of the tunnel information. Application Example 3: This example provides packet encapsulation when the tunnel is GRE according to the embodiment of the present invention. For details, refer to Table 5. Table 5 is a basic format of a packet encapsulation header when the tunnel is GRE. When the tunnel is GRE, the format of the encapsulated packet in the GRE tunnel is:
Figure imgf000014_0001
表 6 以上, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保护范围。 工业实用性 如上, 通过上述实施例及优选实施方式, 针对隧道封转和解封装的隧道处理, 能 对转发面设备做统一的转发行为模型的业务配置控制,以精确控制转发面设备的行为。  Table 6 above is only a preferred embodiment of the present invention and is not intended to limit the scope of the present invention. Industrial Applicability As described above, with the above embodiments and preferred embodiments, for the tunnel processing of tunnel sealing and decapsulation, the service configuration control of the forwarding forwarding model can be performed on the forwarding plane device to accurately control the behavior of the forwarding plane device.

Claims

权 利 要 求 书 Claim
1. 一种隧道处理方法, 包括: A tunnel processing method, comprising:
配置一组通用性的隧道封装指令和解封装指令, 分别对应压入指定封装头 动作和弹出指定封装头的动作;  Configuring a set of universal tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to pressing the specified encapsulation header action and popping the specified encapsulation header;
根据隧道封装指令和解封装指令, 分别执行对应的压入指定封装头动作和 弹出指定封装头的动作。  According to the tunnel encapsulation instruction and the decapsulation instruction, the corresponding action of injecting the specified encapsulation head and ejecting the specified encapsulation header are respectively performed.
2. 根据权利要求 1所述的方法, 其中, 执行所述压入指定封装头动作具体包括: 将指定封装头的长度和内容的封装头压入报文中。 The method according to claim 1, wherein performing the indenting of the specified encapsulation header comprises: pressing a encapsulation header that specifies a length and a content of the encapsulation header into the message.
3. 根据权利要求 1所述的方法,其中,执行所述弹出指定封装头的动作具体包括: 将指定长度的最外层封装头从报文中弹出。 The method of claim 1, wherein the performing the action of popping the specified encapsulation header comprises: ejecting the outermost encapsulation header of the specified length from the message.
4. 根据权利要求 2或 3所述的方法, 其中, 所述封装头具体包括隧道头、 和 /或外 层 IP头、 和 /或以太头。 The method according to claim 2 or 3, wherein the encapsulation head comprises specifically a tunnel head, and/or an outer layer IP header, and/or an Ethernet head.
5. 根据权利要求 1所述的方法,其中,该方法还包括:配置由多个开放流 OpenFlow 流表级联而成的 OpenFlow管道; 5. The method according to claim 1, wherein the method further comprises: configuring an OpenFlow pipeline that is cascaded by a plurality of OpenFlow OpenFlow flow tables;
任意一个 OpenFlow流表由多个流表条目构成, 每一个流表条目至少包括 匹配域、 指令集; 其中, 所述匹配域以隧道 ID 为匹配键值, 所述匹配键值由 上一级 OpenFlow流表条目填充到 Meta的约定字段上;所述指令集至少包括所 述隧道封装指令和解封装指令。  Any one of the OpenFlow flow tables is composed of a plurality of flow table entries, and each of the flow table entries includes at least a matching domain and an instruction set; wherein the matching domain uses the tunnel ID as a matching key value, and the matching key value is from the upper-level OpenFlow. The flow table entry is populated onto the appointment field of the Meta; the set of instructions includes at least the tunnel encapsulation instruction and the decapsulation instruction.
6. 根据权利要求 5所述的方法, 其中, 所述隧道 ID具体包括: 配置隧道属性的 接口 ID。 The method according to claim 5, wherein the tunnel ID specifically includes: an interface ID that configures a tunnel attribute.
7. 一种隧道处理系统, 包括: 7. A tunnel processing system, comprising:
控制面设备, 设置为配置一组通用性的隧道封装指令和解封装指令, 分别 对应压入指定封装头动作和弹出指定封装头的动作;  The control plane device is configured to configure a set of universal tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to the action of pressing the specified encapsulation head action and popping the specified encapsulation header;
转发面设备, 设置为根据隧道封装指令和解封装指令, 分别执行对应的压 入指定封装头动作和弹出指定封装头的动作。  The forwarding plane device is configured to perform a corresponding action of injecting the specified encapsulation header and ejecting the specified encapsulation header according to the tunnel encapsulation instruction and the decapsulation instruction.
8. 根据权利要求 7所述的系统, 其中, 所述转发面设备, 设置为执行所述压入指 定封装头动作时, 将指定封装头的长度和内容的封装头压入报文中。 The system according to claim 7, wherein the forwarding plane device is configured to press a packet header of a length and a content of the specified encapsulation header into the packet when the operation of the specified encapsulation header is performed.
9. 根据权利要求 7所述的系统, 其中, 所述转发面设备, 设置为执行所述弹出指 定封装头的动作时, 将指定长度的最外层封装头从报文中弹出。 The system according to claim 7, wherein the forwarding plane device is configured to: when performing the action of the pop-up specifying the encapsulation header, eject the outermost encapsulation header of the specified length from the message.
10. 根据权利要求 8或 9所述的系统, 其中, 所述控制面设备, 设置为配置所述封 装头具体包括隧道头、 和 /或外层 IP头、 和 /或以太头。 10. The system according to claim 8 or 9, wherein the control plane device is arranged to configure the package head to specifically comprise a tunnel head, and/or an outer IP header, and/or an Ethernet head.
11. 根据权利要求 7所述的系统,其中,所述控制面设备,设置为配置多个 OpenFlow 流表, 任意一个 OpenFlow流表由多个流表条目构成, 每一个流表条目至少包 括匹配域、 指令集; 其中, 所述匹配域以隧道 ID 为匹配键值, 所述匹配键值 由上一级 OpenFlow流表条目填充到 Meta的约定字段上;所述指令集至少包括 所述隧道封装指令和解封装指令; 11. The system according to claim 7, wherein the control plane device is configured to configure a plurality of OpenFlow flow tables, and any one of the OpenFlow flow tables is composed of a plurality of flow table entries, each of the flow table entries including at least a matching domain The instruction set; wherein the matching domain uses the tunnel ID as a matching key value, and the matching key value is filled in the appointment field of the Meta by the upper-level OpenFlow flow table entry; the instruction set includes at least the tunnel encapsulation instruction Reconciliation package instruction;
所述转发面设备,包括由所述多个 OpenFlow流表级联而成的 OpenFlow管 道,进入转发面设备的报文根据所述 OpenFlow管道上级联的 OpenFlow流表依 序匹配执行。  The forwarding plane device includes an OpenFlow channel that is cascaded by the multiple OpenFlow flow tables, and the packets that enter the forwarding plane device are matched and executed according to the cascading OpenFlow flow table on the OpenFlow pipeline.
12. 根据权利要求 11所述的系统, 其中, 所述隧道 ID具体包括: 配置隧道属性的 接口 ID。 The system of claim 11, wherein the tunnel ID specifically includes: an interface ID that configures a tunnel attribute.
13. 根据权利要求 11所述的系统, 其中, 所述控制面设备, 包括: The system according to claim 11, wherein the control plane device comprises:
OF 配置点, 设置为给一个转发面设备的对应接口配置隧道属性信息后, 将配置的隧道属性信息通知控制器;  The OF configuration point is configured to notify the controller of the configured tunnel attribute information after the tunnel attribute information is configured for the corresponding interface of the forwarding plane device.
控制器,设置为解析所述隧道属性信息后添加具有压入指定封装头和 /或弹 出指定封装头的动作、 和 /或预置隧道封装头内容的流表条目到所述 OpenFlow 流表中。  The controller, configured to parse the tunnel attribute information, add a flow table entry having an action of pushing the specified encapsulation header and/or popping the specified encapsulation header, and/or pre-configuring the encapsulation header content into the OpenFlow flow table.
14. 根据权利要求 11所述的系统, 其中, 所述控制器, 设置为对转发面设备上所述 OpenFlow管道的所述多个 OpenFlow流表的级联流程进行预选配置并通知所述 转发面设备; The system according to claim 11, wherein the controller is configured to pre-select a cascading process of the plurality of OpenFlow flow tables of the OpenFlow pipeline on the forwarding plane device and notify the forwarding plane Equipment
所述转发面设备, 设置为在需要做封装或解封装的隧道处理情况下, 所述 进入转发面设备的报文根据所述 OpenFlow管道上级联的 OpenFlow流表依序匹 配执行时, 在所述级联流程中的一个 OpenFlow流表匹配成功后, 携带填有隧 道 ID的 Meta跳转到与该 OpenFlow流表级联的后续一个 OpenFlow流表上继 续匹配, 匹配成功后根据流表条目中的压入指定封装头动作和弹出指定封装头 的动作, 分别执行报文隧道头的封装和解封装处理。 The forwarding plane device is configured to perform, in the case of a tunnel processing that needs to be encapsulated or decapsulated, when the packet entering the forwarding plane device is sequentially matched and executed according to the cascading OpenFlow flow table on the OpenFlow pipeline, After an OpenFlow flow table in the cascading process is successfully matched, the Meta with the tunnel ID is forwarded to the subsequent OpenFlow flow table that is cascaded with the OpenFlow flow table to continue matching. After the matching succeeds, according to the pressure in the flow table entry. The operation of specifying the encapsulation header and popping up the specified encapsulation header respectively perform encapsulation and decapsulation processing of the packet tunnel header.
15. 根据权利要求 14所述的系统, 其中, 所述转发面设备, 设置为所述进入转发面 设备的报文经由 OpenFlow 管道处理结束或流表指令为执行动作集 Apply Actions时, 分别完成所述报文隧道头的封装和解封装处理。 The system according to claim 14, wherein the forwarding plane device is configured to complete the message when the packet entering the forwarding plane device is processed by the OpenFlow pipeline or the flow table instruction is the action action set Apply Actions. The encapsulation and decapsulation processing of the packet tunnel header.
16. 一种控制面设备, 所述控制面设备, 设置为配置一组通用性的隧道封装指令和 解封装指令, 分别对应压入指定封装头动作和弹出指定封装头的动作。 16. A control plane device, the control plane device configured to configure a set of universal tunnel encapsulation instructions and decapsulation instructions, respectively corresponding to an action of injecting a specified encapsulation head action and popping a specified encapsulation header.
17. 一种转发面设备, 该转发面设备, 设置为根据隧道封装指令和解封装指令, 分 别执行对应的压入指定封装头动作和弹出指定封装头的动作。 A forwarding plane device, configured to perform a corresponding action of injecting a specified encapsulation header and ejecting a specified encapsulation header according to a tunnel encapsulation instruction and a decapsulation instruction.
PCT/CN2014/079635 2013-06-14 2014-06-10 Tunnel processing method and system, control plane equipment and forwarding plane equipment WO2014198217A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310236650.1A CN104243299B (en) 2013-06-14 2013-06-14 A kind of tunnel processing method and system, control plane equipment, forwarding surface equipment
CN201310236650.1 2013-06-14

Publications (1)

Publication Number Publication Date
WO2014198217A1 true WO2014198217A1 (en) 2014-12-18

Family

ID=52021661

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/079635 WO2014198217A1 (en) 2013-06-14 2014-06-10 Tunnel processing method and system, control plane equipment and forwarding plane equipment

Country Status (2)

Country Link
CN (1) CN104243299B (en)
WO (1) WO2014198217A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104702479A (en) * 2015-03-10 2015-06-10 杭州华三通信技术有限公司 Tunnel building method and device in Software Defined Network (SDN)
CN110995766A (en) * 2019-12-31 2020-04-10 联想(北京)有限公司 Network communication method and client and central site adopting network communication method

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161289A (en) * 2015-03-23 2016-11-23 中兴通讯股份有限公司 A kind of based on the processing method and the system that control message in the gateway of SDN
CN109156040B (en) * 2016-05-26 2020-04-28 华为技术有限公司 Communication control method and related network element
CN108512758B (en) 2018-03-07 2021-09-14 华为技术有限公司 Message processing method, controller and forwarding equipment
CN108600021B (en) * 2018-04-28 2021-06-18 盛科网络(苏州)有限公司 Tunnel packaging chip implementation method and device capable of being flexibly programmed and configured
CN113452551B (en) * 2021-06-11 2022-07-08 烽火通信科技股份有限公司 VXLAN tunnel topology monitoring method, device, equipment and storage medium
CN114301737B (en) * 2021-12-29 2023-10-24 迈普通信技术股份有限公司 Network configuration method, device, network equipment and computer readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102377646A (en) * 2010-08-12 2012-03-14 盛科网络(苏州)有限公司 Forwarding chip, network switching system and multicast implementation method
CN102523150A (en) * 2011-11-30 2012-06-27 华为技术有限公司 Method, device and system for tunnel message processing
WO2012130264A1 (en) * 2011-03-29 2012-10-04 Nec Europe Ltd. User traffic accountability under congestion in flow-based multi-layer switches

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8762501B2 (en) * 2011-08-29 2014-06-24 Telefonaktiebolaget L M Ericsson (Publ) Implementing a 3G packet core in a cloud computer with openflow data and control planes
CN102420772B (en) * 2011-12-31 2014-05-14 杭州华三通信技术有限公司 Tunnel message transmission and receiving methods and devices
CN102710432B (en) * 2012-04-27 2015-04-15 北京云杉世纪网络科技有限公司 System and method for managing virtual network in cloud computation data center

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102377646A (en) * 2010-08-12 2012-03-14 盛科网络(苏州)有限公司 Forwarding chip, network switching system and multicast implementation method
WO2012130264A1 (en) * 2011-03-29 2012-10-04 Nec Europe Ltd. User traffic accountability under congestion in flow-based multi-layer switches
CN102523150A (en) * 2011-11-30 2012-06-27 华为技术有限公司 Method, device and system for tunnel message processing

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104702479A (en) * 2015-03-10 2015-06-10 杭州华三通信技术有限公司 Tunnel building method and device in Software Defined Network (SDN)
CN104702479B (en) * 2015-03-10 2018-08-24 新华三技术有限公司 The method and apparatus that tunnel is established in SDN network
CN110995766A (en) * 2019-12-31 2020-04-10 联想(北京)有限公司 Network communication method and client and central site adopting network communication method

Also Published As

Publication number Publication date
CN104243299B (en) 2019-07-02
CN104243299A (en) 2014-12-24

Similar Documents

Publication Publication Date Title
WO2014198217A1 (en) Tunnel processing method and system, control plane equipment and forwarding plane equipment
US9614930B2 (en) Virtual machine mobility using OpenFlow
US9954779B2 (en) Method, apparatus, and system for supporting flexible lookup keys in software-defined networks
Li et al. Source routing with protocol-oblivious forwarding (POF) to enable efficient e-health data transfers
US9071529B2 (en) Method and apparatus for accelerating forwarding in software-defined networks
EP3014819B1 (en) Method for packet tunneling through software defined network method of intelligently controlling flow of a packet through software defined network and system
WO2017156974A1 (en) Information transmission method, apparatus and system
EP2843906B1 (en) Method, apparatus, and system for data transmission
CN103391296B (en) A kind of controller, transponder and Path Setup method and system
US10237130B2 (en) Method for processing VxLAN data units
WO2013059991A1 (en) Data message processing method and system, message forwarding device
WO2011162215A1 (en) Communication system, control apparatus, node control method and program
WO2014202030A1 (en) Network controller, switch and method for increasing openflow network capability
US10050859B2 (en) Apparatus for processing network packet using service function chaining and method for controlling the same
WO2014187369A1 (en) Method and apparatus for processing time synchronization
WO2013086897A1 (en) Entry generation method, message receiving method, and corresponding device and system
WO2018149338A1 (en) Sdn-based remote stream mirroring control method, implementation method, and related device
WO2014183518A1 (en) Method and system for realizing forwarding of data packet
WO2015024411A1 (en) Method of obtaining capacity information of serving node, and control platform
WO2014187429A1 (en) Flow table configuration realization method and device
WO2017211304A1 (en) Software defined network-based counting method, device and system
WO2015109822A1 (en) Of protocol instruction implementing method and controller
WO2016017737A1 (en) Switch, overlay network system, communication method, and program
WO2014067055A1 (en) Method and device for refreshing flow table
JP2016178530A (en) Communication system, communication terminal, communication method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14811667

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14811667

Country of ref document: EP

Kind code of ref document: A1