WO2017067178A1 - VxLAN中的路径探测方法,控制器和网络设备 - Google Patents
VxLAN中的路径探测方法,控制器和网络设备 Download PDFInfo
- Publication number
- WO2017067178A1 WO2017067178A1 PCT/CN2016/084748 CN2016084748W WO2017067178A1 WO 2017067178 A1 WO2017067178 A1 WO 2017067178A1 CN 2016084748 W CN2016084748 W CN 2016084748W WO 2017067178 A1 WO2017067178 A1 WO 2017067178A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- network device
- controller
- probe
- vtep
- address
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
- H04L12/4675—Dynamic sharing of VLAN information amongst network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0811—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
- H04L45/036—Updating the topology between route computation elements, e.g. between OpenFlow controllers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/26—Route discovery packet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/38—Flow based routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
- H04L49/253—Routing or path finding in a switch fabric using establishment or release of connections between ports
- H04L49/254—Centralised controller, i.e. arbitration or scheduling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/35—Switches specially adapted for specific applications
- H04L49/354—Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
- H04L2012/4629—LAN interconnection over a backbone network, e.g. Internet, Frame Relay using multilayer switching, e.g. layer 3 switching
Definitions
- the present invention relates to the field of communications technologies, and in particular, to a path detection method, a controller, and a network device in a Virtual Extensible Local Area Network (VxLAN).
- VxLAN Virtual Extensible Local Area Network
- SDN Software Defined Network
- OpenFlow OpenFlow forwarding protocol
- Control making the network more intelligent as a pipeline.
- VxLAN is an overlay network technology or tunneling technology.
- the data packets sent by the virtual machine are encapsulated in the User Datagram Protocol (UDP), and the Internet Protocol/Media Access Control Layer of the physical network is used.
- UDP User Datagram Protocol
- IP/MAC Internet Protocol/Media Access Contol
- IP/MAC Internet Protocol/Media Access Contol
- VTEP virtual scalable local area network tunnel endpoint
- the path detection based on the traditional network can detect the path of the virtual local area network (VLAN), but the virtualization of the VxLAN network. The network cannot accurately detect the exact network path.
- VLAN virtual local area network
- the embodiment of the invention provides a path detection method in a VxLAN, a controller and a network device, which can solve the problem that the actual service path cannot be detected in the existing VxLAN.
- a path detection method in a VxLAN including:
- the controller constructs a probe packet according to the probe request input by the user, where the probe packet includes: An identifier for indicating the path detection service, an endpoint identifier of the source virtual scalable LAN tunnel endpoint VTEP, an endpoint identifier of the destination VTEP, a source port value, a path detection type, and a first network device corresponding to the endpoint identifier of the source VTEP Internet Protocol IP address;
- the controller sends the probe message to the first network device, so that the first network device copies the probe packet, generates a first report message, and sends the first report message to the And the controller, and forwarding, according to the source port value, the probe packet to the second network device corresponding to the endpoint identifier of the destination VTEP;
- the first report message includes the probe packet, the first network The IP address of the device and the outbound interface number and the inbound interface number of the first network device;
- the controller receives the report message sent by the network device of each level, where the first report message and the second report message sent by the second network device are included;
- the controller obtains a network path between the first network device and the second network device according to an IP address, an outbound interface number, and an inbound interface number in the report message sent by each level of the network device.
- the controller can detect the real service path by constructing the probe packet according to the probe request and forwarding it through the network device step by step, and reporting the IP address, the outgoing interface number, and the inbound interface number to the controller.
- the probe request includes an IP address of the source virtual machine, an IP address of the destination virtual machine, and a protocol type identifier.
- the controller constructs a probe packet according to the probe request input by the user, including:
- the controller captures the target packet according to the IP address of the source virtual machine, the IP address of the destination virtual machine, and the protocol type identifier in the probe request.
- the controller obtains the port number of the source virtual machine of the target packet and the port number of the destination virtual machine, to obtain quintuple information, where the quintuple information includes an IP address of the source virtual machine, and the destination An IP address of the virtual machine, the protocol type identifier, a port number of the source virtual machine, and a port number of the destination virtual machine;
- the controller determines, according to the probe request, that the path detection type is inter-virtual machine path detection.
- the controller fetches the packet according to the probe request input by the user, obtains the quintuple information of the packet, and constructs a probe packet consistent with the real service according to the quintuple information, and simulates the real service to be forwarded step by step, step by step.
- the controller reports the IP address, the outgoing interface number, and the inbound interface number to detect the real service path between the source VM and the destination VM.
- the probe request includes an endpoint identifier of the source VTEP and an endpoint identifier of the destination VTEP; and the controller is configured according to a user input Request, construct a probe message, including:
- the source port value is incremented according to a sum of an expected path number between the source VTEP and the destination VTEP and a set margin; the expected number of paths For the number of paths known to the user, the set margin is the number of the expected number of paths set in the path detection, and the set margin is a positive integer;
- the controller determines, according to the probe request, that the path detection type is inter-VTEP path detection.
- the controller constructs the probe packet according to the endpoint identifier of the source VTEP and the endpoint identifier of the destination VTEP, and forwards the IP address, the egress interface number, and the inbound interface number to the controller. A number of real service paths between the source VTEP and the destination VTEP are detected.
- the reporting message is further Including the hop count
- the controller obtains the network path of the first network device to the second network device according to the IP address, the outbound interface number, and the inbound interface number in the report message sent by each level network device, including :
- the controller is based on the reported message sent by each level of the network device, and the slave IP address is the same and the hop count is The outbound interface number and the inbound interface number are filtered out in the same multiple report messages; wherein the hop count in the report message sent by each level network device is in accordance with the first identifier corresponding to the endpoint identifier from the source VTEP The order of the second network device corresponding to the endpoint identifier of the destination VTEP of the network device is decremented;
- the controller sorts all the filtered IP addresses, the outbound interface number, and the inbound interface number group according to the hop count in the report message sent by each level network device;
- the controller obtains the network path according to the filtered, sorted IP address, the outbound interface number, and the inbound interface number.
- Filtering the outbound interface number and the inbound interface number of the reported network device based on the IP address of the network device can prevent the outbound interface number and the inbound interface number of duplicate network devices in the network path, and the number of hops for each level of network.
- the outbound interface number and the inbound interface number of the device are sorted. You can accurately obtain the sequence relationship of each level of network devices through which the probe packets pass, and restore the real network path.
- the detection packet further includes a detection instance identifier, where the detection instance identifier is used to identify a different path detection;
- the method further includes:
- the controller records, according to the detection instance identifier, an IP address, an outbound interface number, and an inbound interface number of each of the received network paths.
- the method further includes:
- the method further includes:
- the controller obtains a state of the network path according to the detected network path, and the status of the network path includes: a path, an open circuit, and a loop.
- Directly obtaining the state of the network path can give the user a conclusion of the direct network path state without requiring the user to view the on/off or loop between each level of the network device through which the probe packet passes.
- a path detection method in VxLAN including:
- the network device receives the probe packet, and the probe packet is configured by the controller according to the probe request input by the user, where the probe packet includes: an identifier for indicating the path detection service, an endpoint identifier of the source VTEP, and a destination VTEP. Endpoint identifier, source port value, path probe type, and IP address of the source network device corresponding to the endpoint identifier of the source VTEP;
- the network device If the network device is the destination network device corresponding to the endpoint identifier of the target VTEP, the network device generates a report message according to the probe packet, and sends the report message to the controller;
- the network device copies the probe packet to generate a report message, sends the report message to the controller, and forwards the Detecting the message until the destination network device;
- the report message includes the probe packet, an IP address of the network device, and an outbound interface number and an inbound interface number of the network device.
- the network device forward-receives the controller to report the IP address, the egress interface number, and the inbound interface number to the controller through the probe packet constructed according to the probe request, so that the controller can detect the real service path.
- the method further includes:
- the performing action includes copying and/or forwarding the probe message, and sending the report message to the controller.
- the execution action after receiving the probe packet can be directly executed. This execution action simplifies the process.
- a controller having a function of implementing controller behavior in the above method.
- the functions may be implemented by hardware or by corresponding software implemented by hardware.
- the hardware or software includes one or more modules corresponding to the functions described above.
- the controller includes: a processor, a receiver, and a transmitter; wherein
- the processor is configured to construct a probe packet according to the probe request input by the user, where the probe packet includes: an identifier for indicating a path detection service, and an endpoint identifier of the source virtual scalable LAN tunnel endpoint VTEP, and the destination VTEP Endpoint identifier, source port value, path probe type, and an internet protocol IP address of the first network device corresponding to the endpoint identifier of the source VTEP;
- the transmitter is configured to send the probe packet to the first network device, so that the first network device copies the probe packet, generates a first report message, and sends the first report message.
- the first report message includes the probe packet, An IP address of the first network device and an outbound interface number and an inbound interface number of the first network device;
- the receiver is configured to receive a report message sent by each level of the network device, where the first report message and the second report message sent by the second network device are included;
- the processor is further configured to obtain a network path between the first network device and the second network device according to an IP address, an outbound interface number, and an inbound interface number in the report message sent by each level of the network device.
- the controller includes:
- the constructing module is configured to construct a probe packet according to the probe request input by the user, where the probe packet includes: an identifier for indicating a path detection service, an endpoint identifier of a source virtual extended LAN tunnel endpoint VTEP, and an endpoint of the destination VTEP An identifier, a source port value, a path detection type, and an internet protocol IP address of the first network device corresponding to the endpoint identifier of the source VTEP;
- a sending module configured to send the probe message to the first network device, to enable the first network device to copy the probe packet, generate a first report message, and send the first report message to the Determining, according to the source port value, the probe packet to the second network device corresponding to the endpoint identifier of the destination VTEP;
- the first report message includes the probe packet, the first An IP address of the network device and an outbound interface number and an inbound interface number of the first network device;
- a receiving module configured to receive a report message sent by each level of the network device, where the first report message and the second report message sent by the second network device are included;
- the obtaining module is configured to obtain a network path between the first network device and the second network device according to an IP address, an outbound interface number, and an inbound interface number in the report message sent by each level of the network device.
- a network device having a function of implementing network device behavior in the foregoing method.
- the functions may be implemented by hardware or by corresponding software implemented by hardware.
- the hardware or software includes one or more modules corresponding to the functions described above.
- the network device includes: a processor, a receiver, and a transmitter; wherein
- the receiver is configured to receive a probe packet, where the probe packet is configured by the controller according to the probe request input by the user, where the probe packet includes: an identifier for indicating a path detection service, and a source VTEP The endpoint identifier, the endpoint identifier of the destination VTEP, the source port value, the path probe type, and the IP address of the source network device corresponding to the endpoint identifier of the source VTEP;
- the processor is configured to determine, according to the endpoint identifier of the destination VTEP, whether the network device is a destination network device corresponding to an endpoint identifier of the target VTEP;
- the processor is further configured to: if the network device is a destination network device corresponding to the endpoint identifier of the target VTEP, generate a report message according to the probe packet, and send the report message to the Controller
- the processor is further configured to: if the network device is not the destination network device corresponding to the endpoint identifier of the target VTEP, copy the probe packet to generate a report message;
- the transmitter is configured to send the report message to the controller, and forward the probe message to the destination network device;
- the report message includes the probe packet, an IP address of the network device, and an outbound interface number and an inbound interface number of the network device.
- the network device includes:
- the receiving module is configured to receive the probe packet, where the probe packet is configured by the controller according to the probe request input by the user, where the probe packet includes: an identifier for indicating the path detection service, and an endpoint identifier of the source VTEP.
- a determining module configured to determine, according to the endpoint identifier of the destination VTEP, whether the network device is a destination network device corresponding to the endpoint identifier of the target VTEP;
- a generating module configured to generate a report message according to the probe packet if the network device is a destination network device corresponding to the endpoint identifier of the target VTEP;
- a sending module configured to send the report message to the controller
- the generating module is further configured to: if the network device is not the destination network device corresponding to the endpoint identifier of the target VTEP, the network device copies the probe packet to generate a report message;
- the sending module is further configured to send the report message to the controller, and forward the probe message to the destination network device;
- the report message includes the probe packet, an IP address of the network device, and an outbound interface number and an inbound interface number of the network device.
- a network path detection method constructs a probe message according to the probe request, and forwards the data step by step through the network device, and controls the control step by step.
- the device can report the real service path by reporting the IP address, the outgoing interface number, and the inbound interface number.
- FIG. 1 is a schematic flowchart of a path detection method in a VxLAN according to an embodiment of the present invention
- FIG. 2 is a schematic diagram of path detection provided by an embodiment of the present invention.
- FIG. 3 is a schematic flowchart diagram of a path detection method between VMs according to an embodiment of the present disclosure
- FIG. 4 is a schematic diagram of a format of a probe packet according to an embodiment of the present invention.
- FIG. 5 is a schematic flowchart of a path detection method between VTEPs according to an embodiment of the present disclosure
- FIG. 6 is a schematic flowchart of another path detection method in a VxLAN according to an embodiment of the present disclosure
- FIG. 7 is a schematic structural diagram of a controller according to an embodiment of the present disclosure.
- FIG. 8 is a schematic structural diagram of a network device according to an embodiment of the present disclosure.
- FIG. 9 is a schematic structural diagram of another controller according to an embodiment of the present disclosure.
- FIG. 10 is a schematic structural diagram of still another controller according to an embodiment of the present disclosure.
- FIG. 11 is a schematic structural diagram of another network device according to an embodiment of the present invention.
- the data packets sent by the VM are encapsulated in UDP, and the IP/MAC of the physical network is encapsulated as an outer-header, and then transmitted on the physical IP network to reach the destination. It is decapsulated by VTEP and sent to the target virtual machine. Multiple VMs can be attached under one VTEP.
- the controller may detect a single network path between two VMs, and may also detect all network paths between two VTEPs, that is, the controller constructs a probe packet according to the probe request, and is opened.
- the packet forwarding protocol (Packet-Out) sends the probe packet to the network device corresponding to the source VTEP.
- the network device copies the probe packet to the next-level network device, and the network device at each level performs the probe report. Copy and forward the file, and send the report message to the controller through the open stream forwarding protocol.
- the IP address of the probe packet, the IP address of the probe device, and the inbound interface number are reported.
- the controller records each packet according to the record.
- the outbound and inbound interface numbers of the network devices are obtained, and the detected network path is obtained, so that the simulated path of the probe is consistent with the actual service path.
- Embodiments of the invention are based on an Openflow network.
- the OpenFlow network consists of an OpenFlow switch, a network virtualization layer FlowVisor, and a controller Controller.
- the OpenFlow switch is the core component of the entire OpenFlow network. It implements the separation of the data layer and the control layer, and mainly manages the forwarding of the data layer. After receiving the data packet, the OpenFlow switch first searches for the destination forwarding port on the local flow table. If there is no match, the data packet is forwarded to the controller, and the control layer determines the forwarding port.
- FlowVisor is the network virtual layer between hardware components and software; FlowVisor allows multiple controllers to simultaneously control one OpenFlow switch, but each controller can only control one virtual through this OpenFlow switch The internet.
- the Controller implements the function of the control layer; controls the flow table in the OpenFlow switch through the OpenFlow protocol, thereby implementing centralized control of the entire network.
- FIG. 1 is a schematic flowchart of a path detection method in a VxLAN according to an embodiment of the present disclosure, where the method includes the following steps:
- the controller constructs a probe packet according to the probe request input by the user.
- the controller is independent of VM, VTEP, and network devices.
- the controller can be an Agile Controller (AC).
- the controller can be a cluster that can handle the sending and receiving of data by any controller in the cluster.
- the controller has a human-machine interface, and can acquire a probe request input by a user, and the probe request can be obtained by the user in the human-machine world. On the interface, you need to capture the packets that need to be detected by the network path, or by using the input source VTEP and destination VTEP.
- the path detection in the present application may be a detection between two VMs, that is, single path detection; or a detection between two VTEPs, that is, multipath radar detection. That is, to detect all possible paths between all VMs under two VTEPs.
- the probe packet When the controller performs the network path detection, the probe packet needs to be configured to send the probe packet to the network device to detect whether the probe packet is consistent with the path that the actual packet passes.
- the detection packet includes: an identifier for indicating the path detection service, an endpoint identifier of the source VTEP, an endpoint identifier of the destination VTEP, a source port value, a path detection type, and an IP address of the first network device corresponding to the source VTEP.
- the path detection type includes path detection between VMs and path detection between VTEPs.
- the controller sends the probe packet to the first network device, so that the first network device copies the probe packet, generates a first report message, and sends the first report message to The controller forwards the probe packet according to the source port value until the second network device corresponding to the endpoint identifier of the destination VTEP.
- the first report message includes the probe packet, an IP address of the first network device, and an outbound interface number and an inbound interface number of the first network device.
- the embodiment of the present invention is based on the OpenFlow network sending the packet and the sending packet, and specifically, the OpenFlow sending interface Packet-Out and the Openflow sending interface Packet-In.
- the controller sends the probe packet to the first network device corresponding to the source VTEP through the Packet-Out interface.
- the network device automatically forwards the packet according to the calculated source port value.
- the network device here refers to a Layer 2 device or a Layer 3 device that supports VxLAN, and may be a switch or a router.
- the network device needs to perform the replication of the detection packet when the packet is forwarded. This is because the network device in the embodiment of the present invention not only needs to forward the detection packet, but also needs to encapsulate the detection packet in the report.
- the message is sent to the controller.
- the first network device copies the probe packet, generates a first report message, sends a first report message to the controller, and forwards the probe message to the next-level network device of the first network device according to the source port value.
- the second network device receives the detection packet, and the second network device receives the detection packet, and the second network device receives the detection packet, and the second network device receives the detection packet, and the second network device receives the detection packet. Send only the second report message to the controller, No need to copy and forward probe packets.
- the content of the message included in the “first report message” and the “second report message” are: the probe message, the IP address of the network device that sends the report message, and the receive and forward probe messages respectively.
- the "first reported message” and the "second reported message” are defined.
- the controller receives the report message sent by the network device of each level, where the first report message and the second report message sent by the second network device are included.
- the network device automatically forwards the packet according to the calculated source port value. Therefore, in the prior art, the path between the network devices is forwarded by the network device. To solve this problem, the probe packet passes through each level of the network device, and each level of the network device sends a report message to the controller through the Packet-In interface.
- the controller may receive the first report message sent by the network device of each level, and the second report message sent by the second network device corresponding to the endpoint identifier of the destination VTEP, and therefore, the report message includes the first report message, and The second reported message sent by the second network device.
- a network device has multiple interface numbers, and it is necessary to explicitly detect which interface of the network device is to be accessed and sent.
- the controller obtains a network path between the first network device and the second network device according to an IP address, an outbound interface number, and an inbound interface number in the report message sent by each level of the network device.
- the controller After receiving the IP address, the outbound interface number, and the inbound interface number of each network device, the controller can obtain the detected network path according to the interface number, that is, which network devices the constructed probe packets pass through in sequence.
- the AC controller cluster sends the probe packet to the node X corresponding to the source VTEP through the OpenFlow architecture.
- the node X copies the probe packet to generate a report message, and forwards the probe packet to node A.
- the AC controller cluster sends a report message; then, the nodes A, C, and Y repeatedly perform the steps of copying the probe packet, forwarding the probe packet, and sending the report message, so that after the probe packet is forwarded, the AC controller cluster receives the packet.
- the reported message can know the path through which the probe packet passes, for example X-A-C-Y, where the nodes are network devices.
- the controller constructs the probe packet according to the probe request, and forwards the packet through the network device, and reports the IP address and the egress interface number to the controller step by step.
- the inbound interface number can detect the real service path.
- FIG. 3 is a schematic flowchart of a method for detecting a path between VMs according to an embodiment of the present disclosure, where the method includes the following steps:
- the controller captures the target packet according to the IP address of the source virtual machine in the probe request input by the user, the IP address of the destination virtual machine, and the protocol type identifier.
- This embodiment relates to network path detection between VMs.
- the user can enter the IP address of the source VM to be detected, the IP address of the destination VM, and the protocol type identifier to instruct the controller to capture the target packet.
- the source VM and destination VM of the packet are a VM mounted under the source VTEP and the destination VTEP, respectively.
- the controller acquires a port number of the source virtual machine of the target packet and a port number of the destination virtual machine, to obtain quintuple information of the target packet.
- the port number of the source virtual machine of the packet and the port number of the destination virtual machine are obtained, thereby obtaining quintuple information of the target packet, where the quintuple information includes The IP address of the source virtual machine, the IP address of the destination virtual machine, the protocol type identifier, the port number of the source virtual machine, and the port number of the destination virtual machine.
- the controller obtains the quintuple information of the packet, that is, triggers the detection of the packet.
- the controller determines a source port value according to the quintuple information.
- the controller can hash out a source port value according to the quintuple data, fill the value into the probe packet, and then forward the path to detect the path. Then, on the network device that arrives on each hop, the controller will The source port value is used for routing.
- the source port value of a network path is only one. For single-path probing, only one source port value can be calculated based on a quintuple data.
- the controller determines an endpoint identifier of the source VTEP according to the IP address of the source virtual machine, and determines an endpoint identifier of the destination VTEP according to the IP address of the destination virtual machine.
- each VM Since each VM is mounted by the controller to a certain VTEP, the controller stores the correspondence between the VTEP and the VM to which it is mounted. Therefore, the controller according to the source VM's IP address and destination VM.
- the IP address can be determined by the endpoint identifier of the corresponding source VTEP and the endpoint identifier of the destination VTEP.
- the source and destination VTEPs are used to determine the first and last network devices of the probe packet.
- the controller acquires an IP address of the first network device corresponding to the endpoint identifier of the source VTEP.
- the controller also pre-stores the correspondence between the VTEP and the connected network device. Therefore, the IP address of the first network device can also be obtained according to the endpoint identifier of the source VTEP.
- the controller determines, according to the probe request, that the path detection type is inter-virtual machine path detection.
- the probe request includes the quintuple information of the packet captured by the user, so that the path probe is configured to perform the simulation detection on the packet, that is, the detection of a single packet or a single path, which is also referred to as inter-virtual path detection.
- the controller is configured to indicate an identifier of the path detection service, an endpoint identifier of the source VTEP, an endpoint identifier of the destination VTEP, a source port value, a path detection type, and a first network corresponding to the endpoint identifier of the source VTEP.
- the IP address of the device is encapsulated to construct a probe packet.
- the controller can construct a probe packet, which encapsulates the above information and transmits it through the Openflow network.
- the path between VMs is probed to diagnose the path of the specified traffic flow.
- the probe packet is encapsulated in a VxLAN format, and the format thereof is as shown in FIG. 4, including an outer MAC header, an IP header, a UDP header, and a VxLAN.
- the header (VxLAN Header) field, and the remaining fields are the contents of the message.
- one of the reserved fields in the VxLAN header for example, the last bit of the reserved field, is used as an identifier indicating the path detection service;
- the content of the message includes a pseudo-header (Pseudo-Header) and operation management. Operation Administration and Maintenance (OAM) header (OAM PDU).
- OAM Operation Administration and Maintenance
- the pseudo-header (Pseudo-Header) is used to ensure that the traffic is forwarded by the forwarding pipe.
- the pseudo-header is followed by the OAM header, including the identifier (OAM FLAG), the OAM type (OAM TYPE), the reserved field, and the expandable type length value. (Type-length-value, referred to as TLV).
- the OAM flag (FLAG) is used to identify that the OAM header is 32 bits and has a value of 0xFFFFFFFF.
- the OAM type (TYPE) is used to identify the path detection type, which is 1 byte. In the embodiment of the present invention, 0x1 indicates full path detection between VTEPs, and 0x2 indicates single path detection between VMs, and other reservations.
- the Scalable TLV is configured to carry an IP address, an inbound interface number, an outgoing interface number, and the like of the first network device.
- other fields may also be included in the scalable TLV, for example, the probe instance identifier.
- the probe instance identifier is used to identify different network path probes.
- the controller sends the probe packet to the first network device, so that the first network device copies the probe packet, generates a first report message, and sends the first report message to The controller forwards the probe packet according to the source port value until the second network device corresponding to the endpoint identifier of the destination VTEP.
- the network device automatically forwards the packet according to the calculated source port value. Therefore, in the prior art, the path between the network devices is forwarded by the network device. To solve this problem, the probe packet passes through each level of the network device, and each level of the network device sends a report message to the controller through the Packet-In interface.
- the first network device copies the probe packet, generates a first report message, sends a first report message to the controller, and forwards the probe message to the next-level network device of the first network device according to the source port value.
- the second network device receives the detection packet, and the second network device receives the detection packet, and the second network device receives the detection packet, and the second network device receives the detection packet, and the second network device receives the detection packet. Only the second report message is sent to the controller, and there is no need to copy and forward the probe message.
- the controller receives the report message sent by the network device of each level, where the first report message and the second report message sent by the second network device are included.
- the controller may receive the first report message sent by the network device of each level, and the second report message sent by the second network device corresponding to the endpoint identifier of the destination VTEP, and therefore, the report message includes the first report message, and The second reported message sent by the second network device.
- the report message includes the copied probe packet, the IP address of the network device that sends the report message, the inbound interface number of the network device that receives the probe packet, and the outbound network packet that forwards the probe packet and/or sends the report message. Interface number. It should be noted that a network device has multiple interface numbers, and the probe packet needs to be explicitly detected. Which interface of the network device is specifically connected and sent from.
- the path detection time may be set. If the set time is reached, the path detection may be completed; and the report message sent by the second network device corresponding to the destination VTEP and the path detection may be detected. The number of hops is determined. If the report message sent by the second network device corresponding to the destination VTEP is received, and the hop count is continuous, the path detection may be completed. Otherwise, even if the report message sent by the network device corresponding to the destination VTEP is received, If the hop count is not continuous or incomplete, the path probe is considered to have not ended or failed.
- the controller separately records an IP address, an outbound interface number, and an inbound interface number of each of the received network paths according to the detection instance identifier.
- the controller can perform detection of multiple network paths at the same time, there are multiple detection instances. For each network path detection, a detection instance identifier needs to be set, and the detection instance identifier is included in the Extendable TLV field, and the detection instance identifier is Network path probe for identifying different messages.
- the controller records the outbound interface number and the inbound interface number of each received network device according to the detected instance identifiers included in the received probe packets.
- the controller identifies a corresponding path probe for each probe instance, and selects a group of outbound interface numbers from multiple report messages with the same IP address and the same number of hops according to the report message sent by each level network device. Enter the interface number.
- a network device When a network device reports a message, it may be repeatedly reported. Therefore, you need to filter the outbound interface and the inbound interface that have received the same network device and the same number of hops. Only the outbound interface number of the network device corresponding to the IP address is reserved. And the inbound interface number. The hop count in the report message sent by each level of the network device is decremented in the order of the second network device corresponding to the endpoint identifier corresponding to the endpoint identifier of the source VTEP to the destination VTEP. .
- the controller sorts all the filtered IP addresses, the outbound interface number, and the inbound interface number group according to the hop count in the report message sent by each level network device.
- the report message may also include the hop count, for example, Time To Live (TTL).
- TTL Time To Live
- the hop count is decremented by one for each network device. Therefore, the outbound interface number and the inbound interface number of each received network device after filtering can be sorted according to the hop count.
- the controller obtains the network path according to the filtered, sorted IP address, the outbound interface number, and the inbound interface number.
- the obtained network path is a network path with a clear and unique topological relationship.
- the outbound interface number and the inbound interface number of the primary network device are sorted, and the sequence relationship of each level of the network device through which the probe packet passes can be accurately obtained, and the real network path is restored.
- the controller outputs the network path.
- the detector Since the detector has a human-machine interface or a user interface, the detected network path can also be output to the user interface, which allows the user to intuitively understand each level of the network device through which the probe message passes.
- the controller obtains a state of the network path according to the network path.
- the states of the network path include: paths, open circuits, and loops.
- the path refers to that the network path is unobstructed and is a normal network path.
- the open circuit refers to the message that the controller cannot receive certain hop counts, and the loop refers to the hop ratio of the network path in the loop state.
- the normal network path passes through more hops. Understand the status of the network path, and be able to find out the open circuit and loop network failure in time.
- Directly obtaining the state of the network path can give the user a conclusion of the direct network path state without requiring the user to view the on/off or loop between each level of the network device through which the probe packet passes.
- the controller fetches the packet according to the probe request input by the user, obtains the quintuple information of the packet, and constructs the quintuple information according to the quintuple information. Detecting packets, simulating the real-time service forwarding, and reporting the IP address, egress interface number, and inbound interface number to the controller.
- the real service path between the source VM and the destination VM can be detected to confirm the network.
- the state of the path output the detected network path in the user interface of the controller
- the path allows the user to intuitively understand each level of the network device through which the probe packet passes.
- the status of the network path can be directly obtained, and the user can be given a direct network path status without requiring the user to view each level of the probe packet. On/off or loop between network devices.
- FIG. 5 is a schematic flowchart of a path detection method between VTEPs according to an embodiment of the present invention, where the method includes the following steps:
- the controller sets a source port value, where the source port value is incremented according to a sum of an expected path number and a set margin amount between the source VTEP and the destination VTEP.
- This embodiment relates to path detection between VTEPs, that is, multipath radar detection, and it is necessary to detect all possible paths between two VTEPs.
- Multipath is to detect whether the number of paths between two VTEPs meets expectations, which is an attempt.
- Sexual detection The user can directly input the endpoint identifier of the source VTEP to be probed and the endpoint identifier of the destination VTEP.
- the path detection between the VM and the VM is different.
- the controller needs to set a source port value.
- the source port value is incremented. Therefore, the set source port value is also called the source port initial value, and the value ranges from 4096 to 65535.
- the incremented source port value is used as the source port value of each probe packet until the source port is configured to be the largest. The value of the probe message.
- the number of increments of the source port value is based on The number of expected paths and the set margin between the source VTEP and the destination VTEP are determined, for example, the number of expected paths is 200, and the number of increments can be set to 220. Since multipath detection itself is a kind of tentative detection, multiple detections can be performed. For example, it is expected that there are 100 paths, 110 packets are specified for the first time, and 120 packets are specified for the second time. The maximum number of paths. The number of the expected paths is set when the path detection is performed, and the set margin is a positive integer.
- the controller determines, according to the endpoint identifier of the source VTEP and the endpoint identifier of the destination VTEP, that the detection type of the probe packet is a path probe between VTEPs.
- the controller constructs a probe packet according to the source and destination VTEP input by the user, and detects the packet detection packet.
- the type is the path detection between the VTEPs, and the other content is the same as the detection packet of the path detection between the VMs, and will not be described here.
- the controller is configured to indicate an identifier of the path detection service, an endpoint identifier of the source VTEP, an endpoint identifier of the destination VTEP, a source port value, a path detection type, and a first network corresponding to the endpoint identifier of the source VTEP.
- the IP address of the device is encapsulated to construct a probe packet.
- the controller can construct a probe packet, which encapsulates the above information and transmits it through the Openflow network.
- the probe packet is encapsulated in a VxLAN format, and the package format is as shown in FIG. 4 .
- the controller sends the probe packet to the first network device, so that the first network device copies the probe packet, generates a first report message, and sends the first report message to The controller forwards the probe packet according to the source port value until the second network device corresponding to the endpoint identifier of the destination VTEP.
- the controller receives the report message sent by the network device of each level, where the first report message and the second report message sent by the second network device are included.
- the controller For the path detection between the VTEPs, including multiple source port values, the controller detects the report message reported by the network device corresponding to the endpoint identifier of the destination VTEP, and the network path containing the maximum value of the source port is reported in the report message. .
- the controller separately records the received outbound interface number and the inbound interface number of each level network device according to the detection instance identifier.
- the controller identifies a corresponding path probe for each probe instance, and selects a set of outbound interface numbers from multiple report messages with the same IP address and the same number of hops according to the report message sent by each level network device. Enter the interface number.
- the hop count in the report message sent by each level of the network device is decremented in the order of the second network device corresponding to the endpoint identifier corresponding to the endpoint identifier of the source VTEP to the destination VTEP. .
- the controller sorts all the filtered IP addresses, the outbound interface number, and the inbound interface number group according to the hop count in the report message sent by each level network device.
- the hop count is decremented each time it is forwarded to the next-level network device.
- the controller obtains the network path according to the filtered, sorted IP address, the outbound interface number, and the inbound interface number.
- the controller outputs the network path.
- the controller obtains a state of the network path according to the network path.
- the screening and sorting of the outbound interface number and the inbound interface number of the network device are the same as in the foregoing embodiment. , will not repeat them here.
- the controller constructs a probe packet according to the endpoint identifier of the source VTEP and the endpoint identifier of the destination VTEP, and forwards the packet to the controller step by step through the network device.
- the IP address, the outgoing interface number, and the inbound interface number can detect multiple real service paths between the source VTEP and the destination VTEP.
- the detected user network interface outputs the detected network path, which allows the user to intuitively understand Detecting the network device of each level through which the packet passes; directly obtaining the state of the network path, which can give the user a direct network path state conclusion without requiring the user to check the continuity between each level of the network device through which the probe packet passes or Loop.
- FIG. 6 is a schematic flowchart of another path detection method in a VxLAN according to an embodiment of the present disclosure, where the method includes the following steps:
- the network device receives the probe packet.
- the network device of the destination VTEP may be the network device corresponding to the endpoint identifier of the source VTEP, or may be the network device corresponding to the endpoint identifier of the destination VTEP. . If it is the network device corresponding to the endpoint identifier of the source VTEP, the probe packet is received from the controller. If it is any other network device, the probe packet is received from the upper-layer network device.
- the network device here refers to a Layer 2 device or a Layer 3 device that supports VxLAN, and may be a switch or a router.
- the probe packet is constructed by the controller emulating the actual message according to the probe request.
- the detection packet includes: an identifier for indicating a path detection service, an endpoint identifier of the source VTEP, and a destination VTEP.
- Path detection types include: path detection between VMs and path detection between VTEPs. Path detection between VMs is also called single path detection. Path detection between VTEPs is also called multipath radar detection.
- the detection packet is encapsulated in a VxLAN format, and the format is as shown in FIG. 4 .
- the format is as shown in FIG. 4 .
- step S206 refer to step S206 .
- the packet is sent by the OpenFlow network and the packet is sent by the OpenFlow network. Specifically, the packet is sent through the OpenFlow interface Packet-Out and the Openflow uplink interface Packet-In.
- the method may further include:
- the performing action includes copying and/or forwarding the probe message, and sending the report message to the controller.
- the network device After the network device recognizes that the probe packet is received, according to the corresponding relationship between the probe packet and the execution action stored in the access control list or the flow table, the network device can learn the execution action after receiving the probe message, and directly execute the execution. Actions are available, simplifying the process.
- the network device determines, according to the endpoint identifier of the destination VTEP, whether the network device is a destination network device corresponding to the endpoint identifier of the target VTEP, and if the result of the determination is yes, proceed to S403; otherwise, proceed to S404.
- the network device If the network device is the destination network device corresponding to the endpoint identifier of the target VTEP, the network device generates a report message according to the probe packet, and sends the report message to the controller.
- the network device of the embodiment may be a network device of any level.
- the network device corresponding to the endpoint identifier of the target VTEP is different from the network device of the other VTEP.
- the message is reported to the controller without copying and forwarding the probe packet. Therefore, it is necessary to determine whether the network device is a network device corresponding to the endpoint identifier of the target VTEP.
- the network device copies the probe packet to generate a report message, sends the report message to the controller, and forwards the message.
- the probe message is up to the destination network device.
- the network devices automatically forward packets according to the calculated source port values. However, in the embodiment of the present invention, the network device needs to perform the replication of the probe packet when the packet is forwarded. This is because the network device not only needs to forward the probe packet but also encapsulates the probe packet. Send to the controller in the escalation message.
- the embodiment of the present invention solves the problem, that is, the probe packet passes through each level of the network device, and each level of the network device. Both send a report message to the controller through the Packet-In interface.
- the report message includes the copied probe packet, the IP address of the network device that sent the report message, the inbound interface number of the network device that receives the probe packet, and the outbound network packet that forwards the probe packet and/or sends the report message. Interface number.
- a network device has multiple interface numbers, and it is necessary to explicitly detect which interface of the network device is sent and accessed.
- the controller After receiving the outbound interface number and the inbound interface number of each network device, the controller can obtain the detected network path according to the interface number, that is, which network devices the simulated probe packet passes through.
- the network device progressively forwards the controller to the controller to report the IP address, the egress interface number, and the inbound interface to the controller through the probe packet constructed according to the probe request. Number so that the controller can detect the real business path.
- an embodiment of the present invention provides a controller 1000 for implementing the foregoing VxLAN.
- the function of path detection in, as shown in FIG. 7, the controller 1000 includes a processor 11, a transmitter 12 and a receiver 13, wherein the processor 11, the transmitter 12 and the receiver 13 are mutually connected by a bus 14. connection.
- the processor 11 is configured to construct a probe packet according to the probe request input by the user, where the probe packet includes: an identifier for indicating a path detection service, and an endpoint identifier of the source virtual scalable LAN tunnel endpoint VTEP, and the purpose An endpoint identifier of the VTEP, a source port value, a path probe type, and an internet protocol IP address of the first network device corresponding to the endpoint identifier of the source VTEP;
- the transmitter 12 is configured to send the probe packet to the first network device, so that the first network device copies the probe packet, generates a first report message, and sends the first report. Transmitting the message to the controller, and forwarding the probe packet to the second network device corresponding to the endpoint identifier of the destination VTEP according to the source port value; the first report message includes the probe packet, where An IP address of the first network device, and an outbound interface number and an inbound interface number of the first network device;
- the receiver 13 is configured to receive a report message sent by each level of the network device, where the first report message and the second report message sent by the second network device are included.
- the processor 11 is further configured to obtain a network path between the first network device and the second network device according to an IP address, an outbound interface number, and an inbound interface number in a report message sent by each level network device. .
- transmitter 12 and the receiver 13 may be separate devices or components, or may be integrated transceivers.
- the processor 11 may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP), etc.; or may be a digital signal processor (DSP), an application specific integrated circuit (ASIC) ), field programmable gate array (FPGA) or other programmable logic devices.
- CPU central processing unit
- NP network processor
- DSP digital signal processor
- ASIC application specific integrated circuit
- FPGA field programmable gate array
- the controller 1000 may further include: a memory for storing a program.
- the program can include program code, the program code including computer operating instructions.
- the memory may include random access memory (RAM), and may also include non-volatile memory, such as at least one disk storage. Said The processor 11 executes the program code stored in the memory to implement the above functions.
- the probe request includes an IP address of the source virtual machine, an IP address of the destination virtual machine, and a protocol type identifier.
- the processor 11 is specifically configured to: according to the IP address of the source virtual machine in the probe request, the IP address of the destination virtual machine and the protocol type identifier, and capture the target packet;
- the processor 11 is further configured to obtain a port number of the source virtual machine of the target packet and a port number of the destination virtual machine, to obtain quintuple information, where the quintuple information includes an IP of the source virtual machine.
- the processor 11 is further configured to determine the source port value according to the quintuple information
- the processor 11 is further configured to determine the source VTEP according to the IP address of the source virtual machine, and determine the destination VTEP according to the IP address of the destination virtual machine;
- the processor 11 is further configured to acquire an IP address of the first network device corresponding to an endpoint identifier of the source VTEP;
- the processor 11 is further configured to determine, according to the probe request, that the path detection type is inter-virtual machine path detection.
- the probe request includes an endpoint identifier of the source VTEP and an endpoint identifier of the destination VTEP;
- the processor 11 is specifically configured to set the source port value, where the source port value is incremented according to a sum of an expected path number and a set margin amount between the source VTEP and the destination VTEP;
- the number of expected paths is the number of paths known to the user, and the number of set margins is the number of the number of expected paths that are set when performing path detection, and the number of the set margins is a positive integer. ;
- the processor 11 is further configured to determine, according to the probe request, that the path detection type is VTEP path detection.
- the report message further includes a hop count
- the processor 11 is configured to: according to the report message sent by the network device of each level, filter out a set of outbound interface numbers and inbound interface numbers from multiple report messages with the same IP address and the same number of hops;
- the hop count in the report message sent by the level network device is decremented in the order of the second network device corresponding to the endpoint identifier corresponding to the endpoint identifier of the source VTEP to the destination VTEP;
- the processor 11 is further configured to sort all the filtered IP addresses, the outbound interface number, and the inbound interface number group according to the hop count in the report message sent by each level network device.
- the processor 11 is further configured to obtain the network path according to the filtered, sorted IP address, the outbound interface number, and the inbound interface number.
- the probe packet further includes a probe instance identifier, where the probe instance identifier is used to identify a different path probe.
- the processor 11 is specifically configured to separately record an IP address, an outbound interface number, and an inbound interface number of each received network path according to the detection instance identifier.
- the processor 11 is further configured to obtain, according to the detected network path, a status of the network path, where the status of the network path includes: a path, an open circuit, and a loop.
- the controller constructs a probe packet according to the probe request, and forwards the IP address, the egress interface number, and the inbound interface number to the controller step by step through the network device.
- a real business path can be detected.
- the embodiment of the present invention provides a network device 2000 for implementing the path detection function in the VxLAN.
- the network device 2000 includes a receiver 21, a processor 22, and a transmitter 23.
- the receiver 21, the processor 22 and the transmitter 23 are connected to each other by a bus 24.
- the receiver 21 is configured to receive a probe packet, where the probe packet is configured by the controller according to the probe request input by the user, where the probe packet includes: an identifier for indicating a path detection service, and the source VTEP The endpoint identifier, the endpoint identifier of the destination VTEP, the source port value, the path probe type, and the IP address of the source network device corresponding to the endpoint identifier of the source VTEP;
- the processor 22 is configured to determine, according to the endpoint identifier of the destination VTEP, whether the network device is a destination network device corresponding to the endpoint identifier of the target VTEP;
- the processor 22 is further configured to: if the network device is a destination network device corresponding to the endpoint identifier of the target VTEP, generate a report message according to the probe packet, and send the report message to the controller;
- the processor 22 is further configured to: if the network device is not the destination network device corresponding to the endpoint identifier of the target VTEP, copy the probe packet to generate a report message;
- the transmitter 23 is configured to send the report message to the controller, and forward the probe message to the destination network device;
- the report message includes the probe packet, an IP address of the network device, and an outbound interface number and an inbound interface number of the network device.
- the processor 22 may be a general purpose processor, including a CPU, a network processor (NP), etc.; or may be a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), or the like. Programmable logic devices, etc.
- the network device 2000 may further include: a memory for storing a program.
- the program can include program code, the program code including computer operating instructions.
- the memory may include random access memory and may also include non-volatile memory, such as at least one disk storage.
- the processor 22 executes the program code stored in the memory to implement the above functions.
- the processor 22 is further configured to identify the received probe packet according to the identifier used to indicate a path detection service.
- the processor 22 is further configured to acquire, according to the preset or the access control list ACL sent by the controller or the corresponding relationship between the detection packet and the execution action stored in the flow table, to obtain the corresponding to the detection packet. Perform an action;
- the performing action includes copying and/or forwarding the probe message, and sending the report message to the controller.
- the network device forward-by-stage forwarding controller reports the IP address, the egress interface number, and the inbound interface number to the controller through the probe packet constructed according to the probe request, thereby controlling
- the device can detect the real business path.
- FIG. 9 is a schematic structural diagram of a controller according to an embodiment of the present invention.
- the controller 3000 includes: a structure module 31, a sending module 32, a receiving module 33, and an obtaining module 34.
- the constructing module 31 is configured to construct a probe message according to the probe request input by the user.
- the controller is independent of VM, VTEP, and network devices.
- the controller can be an Agile Controller (AC).
- the controller can be a cluster that can handle the sending and receiving of data by any controller in the cluster.
- the controller has a human-machine interface, and can obtain a probe request input by the user.
- the probe request can be initiated by the user on the human-machine interface to specify a packet that needs to be detected by the network path, or by the input source VTEP and the destination VTEP.
- the path detection in the present application may be a detection between two VMs, that is, single path detection; or a detection between two VTEPs, that is, multipath radar detection. That is, to detect all possible paths between all VMs under two VTEPs.
- the probe packet When the controller performs the network path detection, the probe packet needs to be configured to send the probe packet to the network device to detect whether the probe packet is consistent with the path that the actual packet passes.
- the detection packet includes: an identifier for indicating the path detection service, an endpoint identifier of the source VTEP, an endpoint identifier of the destination VTEP, a source port value, a path detection type, and an IP address of the first network device corresponding to the source VTEP.
- the path detection type includes path detection between VMs and path detection between VTEPs.
- the sending module 32 is configured to send the probe message to the first network device, so that the first network device copies the probe packet, generates a first report message, and sends the first report message to The controller forwards the probe packet according to the source port value until the second network device corresponding to the endpoint identifier of the destination VTEP.
- the first report message includes the probe packet, an IP address of the first network device, and an outbound interface number and an inbound interface number of the first network device.
- the embodiment of the present invention is based on the OpenFlow network sending the packet and the sending packet, and specifically, the OpenFlow sending interface Packet-Out and the Openflow sending interface Packet-In.
- the controller sends the probe packet to the first network device corresponding to the source VTEP through the Packet-Out interface.
- the network device automatically forwards the packet according to the calculated source port value.
- the network device here means A Layer 2 device or a Layer 3 device that supports VxLAN, which can be a switch or a router.
- the network device needs to perform the replication of the detection packet when the packet is forwarded. This is because the network device in the embodiment of the present invention not only needs to forward the detection packet, but also needs to encapsulate the detection packet in the report.
- the message is sent to the controller.
- the first network device copies the probe packet, generates a first report message, sends a first report message to the controller, and forwards the probe message to the next-level network device of the first network device according to the source port value.
- the second network device receives the detection packet, and the second network device receives the detection packet, and the second network device receives the detection packet, and the second network device receives the detection packet, and the second network device receives the detection packet. Only the second report message is sent to the controller, and there is no need to copy and forward the probe message.
- the content of the message included in the “first report message” and the “second report message” are: the probe message, the IP address of the network device that sends the report message, and the receive and forward probe messages respectively.
- the "first reported message” and the "second reported message” are defined.
- the receiving module 33 is configured to receive a report message sent by each level of the network device, where the first report message and the second report message sent by the second network device are included.
- the network device automatically forwards the packet according to the calculated source port value. Therefore, in the prior art, the path between the network devices is forwarded by the network device. To solve this problem, the probe packet passes through each level of the network device, and each level of the network device sends a report message to the controller through the Packet-In interface.
- the controller may receive the first report message sent by the network device of each level, and the second report message sent by the second network device corresponding to the endpoint identifier of the destination VTEP, and therefore, the report message includes the first report message, and The second reported message sent by the second network device.
- a network device has multiple interface numbers, and it is necessary to explicitly detect which interface of the network device is to be accessed and sent.
- the obtaining module 34 is configured to obtain, according to the IP address, the outbound interface number, and the inbound interface number in the report message sent by the network device of each level, the network path between the first network device and the second network device.
- the controller After receiving the IP address, the outbound interface number, and the inbound interface number of each network device, the controller can obtain the detected network path according to the interface number, that is, which network devices the constructed probe packets pass through in sequence.
- the AC controller cluster sends the probe packet to the node X corresponding to the source VTEP through the OpenFlow architecture.
- the node X copies the probe packet to generate a report message, and forwards the probe packet to node A.
- the AC controller cluster sends a report message; then, the nodes A, C, and Y repeatedly perform the steps of copying the probe packet, forwarding the probe packet, and sending the report message, so that after the probe packet is forwarded, the AC controller cluster receives the packet.
- the reported message can be used to know the path through which the probe packet passes, such as XACY, where the node is a network device.
- the controller constructs a probe packet according to the probe request, and forwards the IP address, the egress interface number, and the inbound interface number to the controller step by step through the network device.
- a real business path can be detected.
- FIG. 10 is a schematic structural diagram of still another controller according to an embodiment of the present invention.
- the controller 4000 includes a construction module 41, a transmission module 42, a receiving module 43, an obtaining module 44, and an output module 45.
- the constructing module 41 is configured to capture the target packet according to the IP address of the source virtual machine, the IP address of the destination virtual machine, and the protocol type identifier in the probe request input by the user.
- This embodiment relates to network path detection between VMs.
- the user can enter the IP address of the source VM to be detected, the IP address of the destination VM, and the protocol type identifier to instruct the controller to capture the target packet.
- the source VM and destination VM of the packet are a VM mounted under the source VTEP and the destination VTEP, respectively.
- the constructing module 41 is further configured to obtain a port number of the source virtual machine of the target packet and a port number of the destination virtual machine, to obtain quintuple information of the target packet.
- the port number of the source virtual machine of the packet and the port number of the destination virtual machine are obtained, thereby obtaining quintuple information of the target packet, where the quintuple information includes An IP address of the source virtual machine, an IP address of the destination virtual machine, the protocol type identifier, and the source virtual The port number of the machine and the port number of the destination virtual machine.
- the controller obtains the quintuple information of the packet, that is, triggers the detection of the packet.
- the constructing module 41 is further configured to determine a source port value according to the quintuple information.
- the controller can hash out a source port value according to the quintuple data, fill the value into the probe packet, and then forward the path to detect the path. Then, on the network device that arrives on each hop, the controller will The source port value is used for routing.
- the source port value of a network path is only one. For single-path probing, only one source port value can be calculated based on a quintuple data.
- the constructing module 41 is further configured to determine an endpoint identifier of the source VTEP according to the IP address of the source virtual machine, and determine an endpoint identifier of the destination VTEP according to the IP address of the destination virtual machine.
- each VM Since each VM is mounted by the controller to a certain VTEP, the controller stores the correspondence between the VTEP and the VM to which it is mounted. Therefore, the controller according to the source VM's IP address and destination VM.
- the IP address can be determined by the endpoint identifier of the corresponding source VTEP and the endpoint identifier of the destination VTEP.
- the source and destination VTEPs are used to determine the first and last network devices of the probe packet.
- the constructing module 41 is further configured to acquire an IP address of the first network device corresponding to the endpoint identifier of the source VTEP.
- the controller also pre-stores the correspondence between the VTEP and the connected network device. Therefore, the IP address of the first network device can also be obtained according to the endpoint identifier of the source VTEP.
- the constructing module 41 is further configured to determine, according to the probe request, that the path detection type is inter-virtual machine path detection.
- the probe request includes the quintuple information of the packet captured by the user, so that the path probe is configured to perform the simulation detection on the packet, that is, the detection of a single packet or a single path, which is also referred to as inter-virtual path detection.
- the constructing module 41 is further configured to: use an identifier for indicating a path detection service, an endpoint identifier of the source VTEP, an endpoint identifier of the destination VTEP, a source port value, a path detection type, and a corresponding to the endpoint identifier of the source VTEP.
- the IP address of a network device is encapsulated to construct a probe packet.
- the controller can construct a probe packet, which encapsulates the above information and transmits it through the Openflow network.
- Path detection between VMs is to diagnose the path of the specified traffic flow path.
- the probe packet is encapsulated in a VxLAN format, and the format thereof is as shown in FIG. 4, including an outer MAC header, an IP header, a UDP header, and a VxLAN.
- the header (VxLAN Header) field, and the remaining fields are the contents of the message.
- one of the reserved fields in the VxLAN header for example, the last bit of the reserved field, is used as an identifier indicating the path detection service;
- the content of the message includes a pseudo-header (Pseudo-Header) and operation management. Operation Administration and Maintenance (OAM) header (OAM PDU).
- OAM Operation Administration and Maintenance
- the pseudo-header (Pseudo-Header) is used to ensure that the traffic is forwarded to the forwarding pipe.
- the pseudo-header is followed by the OAM header, including the identifier (OAM FLAG), the OAM type (OAM TYPE), the reserved field, and the extensible type length value.
- Type-length-value (TLV).
- the OAM flag (FLAG) is used to identify that the OAM header is 32 bits and has a value of 0xFFFFFFFF.
- the OAM type (TYPE) is used to identify the path detection type, which is 1 byte. In the embodiment of the present invention, 0x1 indicates full path detection between VTEPs, and 0x2 indicates single path detection between VMs, and other reservations.
- the Scalable TLV is configured to carry an IP address, an inbound interface number, an outgoing interface number, and the like of the first network device.
- other fields may also be included in the scalable TLV, for example, the probe instance identifier.
- the probe instance identifier is used to identify different network path probes.
- the sending module 42 is configured to send the probe message to the first network device, so that the first network device copies the probe packet, generates a first report message, and sends the first report message to The controller forwards the probe packet according to the source port value until the second network device corresponding to the endpoint identifier of the destination VTEP.
- the network device automatically forwards the packet according to the calculated source port value. Therefore, in the prior art, the path between the network devices is forwarded by the network device. To solve this problem, the probe packet passes through each level of the network device, and each level of the network device sends a report message to the controller through the Packet-In interface.
- the controller determines whether the path detection is completed according to whether the report message sent by the second network device corresponding to the endpoint identifier of the destination VTEP is received and the set number of network paths are detected.
- the number of the network path is determined by the source port value.
- the receiving module 43 is configured to receive a report message sent by each level network device, where the a report message, and a second report message sent by the second network device.
- the controller may receive the first report message sent by the network device of each level, and the second report message sent by the second network device corresponding to the endpoint identifier of the destination VTEP, and therefore, the report message includes the first report message, and The second reported message sent by the second network device.
- the report message includes the copied probe packet, the IP address of the network device that sends the report message, the inbound interface number of the network device that receives the probe packet, and the outbound network packet that forwards the probe packet and/or sends the report message. Interface number. It should be noted that a network device has multiple interface numbers, and it is necessary to explicitly detect which interface of the network device is to be accessed and sent.
- the path detection time may be set. If the set time is reached, the path detection may be completed; and the report message sent by the second network device corresponding to the destination VTEP and the path detection may be detected. The number of hops is determined. If the report message sent by the second network device corresponding to the destination VTEP is received, and the hop count is continuous, the path detection may be completed. Otherwise, even if the report message sent by the network device corresponding to the destination VTEP is received, If the hop count is not continuous or incomplete, the path probe is considered to have not ended or failed.
- the obtaining module 44 is configured to separately record an IP address, an outbound interface number, and an inbound interface number of each of the received network paths according to the detection instance identifier.
- the controller can perform detection of multiple network paths at the same time, there are multiple detection instances. For each network path detection, a detection instance identifier needs to be set, and the detection instance identifier is included in the Extendable TLV field, and the detection instance identifier is Network path probe for identifying different messages.
- the controller records the outbound interface number and the inbound interface number of each received network device according to the detected instance identifiers included in the received probe packets.
- the obtaining module 44 is further configured to, according to the report message sent by each level of the network device, select a set of outbound interfaces from multiple report messages with the same IP address and the same hop count according to the report message sent by each level network device. Number and entry interface number.
- a network device When a network device reports a message, it may be repeatedly reported. Therefore, you need to filter the outbound interface and the inbound interface that have received the same network device and the same number of hops. Only the outbound interface number of the network device corresponding to the IP address is reserved. And the inbound interface number. The hop count in the report message sent by each level of the network device is decremented in the order of the second network device corresponding to the endpoint identifier corresponding to the endpoint identifier of the source VTEP to the destination VTEP. .
- the obtaining module 44 is further configured to sort all the filtered IP addresses, the outbound interface number, and the inbound interface number group according to the hop count in the report message sent by each level network device.
- the report message may also include the hop count, for example, Time To Live (TTL).
- TTL Time To Live
- the hop count is decremented by one for each network device. Therefore, the outbound interface number and the inbound interface number of each received network device after filtering can be sorted according to the hop count.
- the obtaining module 44 is further configured to obtain the network path according to the filtered, sorted IP address, the outbound interface number, and the inbound interface number.
- the obtained network path is a network path with a clear and unique topological relationship.
- the outbound interface number and the inbound interface number of the primary network device are sorted, and the sequence relationship of each level of the network device through which the probe packet passes can be accurately obtained, and the real network path is restored.
- the output module 45 is configured to output the network path.
- the detector Since the detector has a human-machine interface or a user interface, the detected network path can also be output to the user interface, which allows the user to intuitively understand each level of the network device through which the probe message passes.
- the obtaining module 44 is further configured to obtain a state of the network path according to the network path.
- the states of the network path include: paths, open circuits, and loops.
- the path refers to that the network path is unobstructed and is a normal network path.
- the open circuit refers to the message that the controller cannot receive certain hop counts, and the loop refers to the hop ratio of the network path in the loop state.
- the normal network path passes through more hops. Understand the status of the network path, and be able to find out the open circuit and loop network failure in time. Directly get the status of the network path, The user can be given a direct network path state conclusion without requiring the user to view the on/off or loop between each level of network equipment through which the probe message passes.
- the controller captures the packet according to the probe request input by the user, obtains the quintuple information of the packet, and constructs a probe packet consistent with the real service according to the quintuple information. Simulate the real-time service forwarding, and report the IP address, egress interface number, and inbound interface number to the controller. The real service path between the source VM and the destination VM can be detected to confirm the status of the network path.
- FIG. 10 is another implementation of the controller shown in FIG. 10, which is used for multipath detection.
- the difference from the single path detection described in the previous implementation is:
- the constructing module 41 is configured to set a source port value, where the source port value is incremented according to a sum of an expected path number and a set margin amount between the source VTEP and the destination VTEP.
- This embodiment relates to path detection between VTEPs, that is, multipath radar detection, and it is necessary to detect all possible paths between two VTEPs.
- Multipath is to detect whether the number of paths between two VTEPs meets expectations, which is an attempt.
- Sexual detection The user can directly input the endpoint identifier of the source VTEP to be probed and the endpoint identifier of the destination VTEP.
- the path detection between the VM and the VM is different.
- the controller needs to set a source port value.
- the source port value is incremented. Therefore, the set source port value is also called the source port initial value, and the value ranges from 4096 to 65535.
- the incremented source port value is used as the source port value of each probe packet until the source port is configured to be the largest. The value of the probe message.
- the number of increments of the source port value is based on Between the source VTEP and the destination VTEP The number of expected paths and the number of set margins are determined. For example, the number of expected paths is 200, and the number of increments can be set to 220. Since multipath detection itself is a kind of tentative detection, multiple detections can be performed. For example, it is expected that there are 100 paths, 110 packets are specified for the first time, and 120 packets are specified for the second time. The maximum number of paths. The number of the expected paths is set when the path detection is performed, and the set margin is a positive integer.
- the constructing module 41 is further configured to determine, according to the endpoint identifier of the source VTEP and the endpoint identifier of the destination VTEP, that the probe type of the probe packet is a path probe between VTEPs.
- the controller constructs a probe packet according to the source and destination VTEP input by the user.
- the detection type of the probe packet is the path detection between the VTEPs.
- the other content is the same as the probe packet of the path detection between the VMs, and is not described here.
- the controller receives the report message sent by the network device corresponding to the destination VTEP and detects the network path corresponding to the set number of packets, the path detection is completed.
- the number of the settings is determined by the number of source port values.
- the controller detects the report message reported by the network device corresponding to the endpoint identifier of the destination VTEP, and the network path containing the maximum value of the source port is reported in the report message. .
- the controller constructs a probe packet according to the endpoint identifier of the source VTEP and the endpoint identifier of the destination VTEP, and forwards the packet to the controller through the network device.
- the egress interface number and the inbound interface number can detect multiple real service paths between the source VTEP and the destination VTEP.
- the detected user network interface outputs the detected network path, which allows the user to intuitively understand the probe report.
- Each level of network equipment passing through the text; directly obtaining the state of the network path can give the user a direct network path state conclusion without requiring the user to view the on/off or loop between each level of network equipment through which the probe packet passes. .
- FIG. 11 is a schematic structural diagram of another network device according to an embodiment of the present invention.
- the network device 5000 includes: a receiving module 51, a determining module 52, a generating module 53, and a sending module 54 that are sequentially connected. among them:
- the receiving module 51 is configured to receive the probe packet.
- the network device of the destination VTEP may be the network device corresponding to the endpoint identifier of the source VTEP, or may be the network device corresponding to the endpoint identifier of the destination VTEP. . If it is the network device corresponding to the endpoint identifier of the source VTEP, the probe packet is received from the controller. If it is any other network device, the probe packet is received from the upper-layer network device.
- the network device here refers to a Layer 2 device or a Layer 3 device that supports VxLAN, and may be a switch or a router.
- the probe packet is constructed by the controller emulating the actual message according to the probe request.
- the detection packet includes: an identifier for indicating the path detection service, an endpoint identifier of the source VTEP, an endpoint identifier of the destination VTEP, a source port value, a path detection type, and an IP address of the network device corresponding to the endpoint identifier of the source VTEP.
- Path detection types include: path detection between VMs and path detection between VTEPs. Path detection between VMs is also called single path detection. Path detection between VTEPs is also called multipath radar detection.
- the detection packet is encapsulated in a VxLAN format, and the format is as shown in FIG. 4 .
- the format is as shown in FIG. 4 .
- step S206 refer to step S206 .
- the packet is sent by the OpenFlow network and the packet is sent by the OpenFlow network. Specifically, the packet is sent through the OpenFlow interface Packet-Out and the Openflow uplink interface Packet-In.
- the receiving module 51 is specifically configured to:
- the performing action includes copying and/or forwarding the probe message, and sending the report message to the controller.
- the network device After the network device recognizes that the probe packet is received, according to the corresponding relationship between the probe packet and the execution action stored in the access control list or the flow table, the network device can learn the execution action after receiving the probe message, and directly execute the execution. Actions are available, simplifying the process.
- the determining module 52 is configured to determine, according to the endpoint identifier of the destination VTEP, whether the network device is a destination network device corresponding to the endpoint identifier of the target VTEP.
- a generating module 53 configured to: if the network device is corresponding to an endpoint identifier of the target VTEP The destination network device generates a report message according to the probe packet.
- the sending module 54 is configured to send the report message to the controller.
- the network device of the embodiment may be a network device of any level.
- the network device corresponding to the endpoint identifier of the target VTEP is different from the network device of the other VTEP.
- the message is reported to the controller without copying and forwarding the probe packet. Therefore, it is necessary to determine whether the network device is a network device corresponding to the endpoint identifier of the target VTEP.
- the generating module 53 is further configured to: if the network device is not the destination network device corresponding to the endpoint identifier of the target VTEP, the network device copies the probe packet to generate a report message.
- the sending module 54 is further configured to send the report message to the controller, and forward the probe message to the destination network device.
- the network devices automatically forward packets according to the calculated source port values. However, in the embodiment of the present invention, the network device needs to perform the replication of the probe packet when the packet is forwarded. This is because the network device not only needs to forward the probe packet but also encapsulates the probe packet. Send to the controller in the escalation message.
- the embodiment of the present invention solves the problem, that is, the probe packet passes through each level of the network device, and each level of the network device. Both send a report message to the controller through the Packet-In interface.
- the report message includes the copied probe packet, the IP address of the network device that sent the report message, the inbound interface number of the network device that receives the probe packet, and the outbound network packet that forwards the probe packet and/or sends the report message. Interface number.
- a network device has multiple interface numbers, and it is necessary to explicitly detect which interface of the network device is sent and accessed.
- the controller After receiving the outbound interface number and the inbound interface number of each network device, the controller can obtain the detected network path according to the interface number, that is, which network devices the simulated probe packet passes through.
- the network device forward-by-stage forwarding controller reports the IP address, the egress interface number, and the inbound interface number to the controller through the probe packet constructed according to the probe request, thereby controlling
- the device can detect the real business path.
- Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
- a storage medium may be any available media that can be accessed by a computer.
- the computer readable medium may include a random access memory (RAM), a read-only memory (ROM), and an electrically erasable programmable read-only memory (Electrically Erasable Programmable).
- EEPROM Electrically Error Read-Only Memory
- CD-ROM Compact Disc Read-Only Memory
- Any connection may suitably be a computer readable medium.
- the software is transmitted from a website, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, Then coaxial cable, fiber optic cable, twisted pair, DSL or wireless technologies such as infrared, wireless and microwave are included in the fixing of the associated medium. Combinations of the above should also be included within the scope of the computer readable media.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本申请提供了VxLAN中的路径探测方法,控制器和网络设备。控制器根据探测请求构造探测报文发送给源VxLAN隧道端点(VTEP)对应的源网络设备,通过源网络设备逐级向目的VTEP对应的目的网络设备转发,并逐级向控制器上报IP地址、出接口号和入接口号等信息,可以探测到真实的业务路径。
Description
本发明涉及通信技术领域,尤其涉及虚拟可扩展局域网(Virtual Extensible Local Area Network,简称VxLAN)中的路径探测方法,控制器和网络设备。
软件定义网络(Software Defined Network,简称SDN),是网络虚拟化的一种实现方式,可以通过开放流转发协议(OpenFlow)将网络设备控制面与数据面分离开来,从而实现了网络流量的灵活控制,使网络作为管道变得更加智能。
VxLAN是一种覆盖网络技术或隧道技术。在VxLAN组网架构下,将虚拟机(Virtual Machine,简称VM)发出的数据包封装在用户数据报协议(User Datagram Protocol,简称UDP)中,并使用物理网络的互联网络协议/介质访问控制层(Internet Protocol/Media Access Contol,简称IP/MAC)作为外层头(outer-header)进行封装,然后在IP网络上传输,到达目的地后由虚拟可扩展局域网(VxLAN)隧道端点(VxLAN Tunnel Endpoints,简称VTEP)解封装并将数据发送给目标虚拟机。
探测IP业务流在网络中的真实业务路径是有需求的,目前基于传统网络的路径探测可以探测虚拟局域网(Virtual Local Area Network,简称VLAN)的路径通断,但对于采用VxLAN组网的虚拟化网络,却无法准确探测出准确的网络路径。
发明内容
本发明实施例提供一种VxLAN中的路径探测方法,控制器和网络设备,可以解决现有VxLAN中无法探测实际业务路径的问题。
第一方面,提供了一种VxLAN中的路径探测方法,包括:
控制器根据用户输入的探测请求,构造探测报文,所述探测报文中包括:
用于指示路径探测业务的标识,源虚拟可扩展局域网隧道端点VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的第一网络设备的互联网络协议IP地址;
所述控制器将所述探测报文发送至所述第一网络设备,以使所述第一网络设备复制所述探测报文,生成第一上报消息,发送所述第一上报消息给所述控制器,并根据所述源端口值转发所述探测报文直至所述目的VTEP的端点标识对应的第二网络设备;所述第一上报消息中包括所述探测报文,所述第一网络设备的IP地址以及所述第一网络设备的出接口号和入接口号;
所述控制器接收每一级网络设备发送的上报消息,其中包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息;
所述控制器根据每一级网络设备发送的上报消息中的IP地址,出接口号和入接口号,获得所述第一网络设备到所述第二网络设备之间的网络路径。
这样,控制器通过根据探测请求构造探测报文,并通过网络设备逐级转发,逐级向控制器上报IP地址、经过的出接口号和入接口号,可以探测到真实的业务路径。
结合第一方面,在该第一方面的第一种可能实现方式中,所述探测请求中包括源虚拟机的IP地址,目的虚拟机的IP地址和协议类型标识;
所述控制器根据用户输入的探测请求,构造探测报文,包括:
所述控制器根据所述探测请求中的所述源虚拟机的IP地址,所述目的虚拟机的IP地址和所述协议类型标识,抓取目标报文;
所述控制器获取所述目标报文的源虚拟机的端口号和目的虚拟机的端口号,得到五元组信息,所述五元组信息包括所述源虚拟机的IP地址,所述目的虚拟机的IP地址,所述协议类型标识,所述源虚拟机的端口号和所述目的虚拟机的端口号;
所述控制器根据所述五元组信息,确定所述源端口值;
所述控制器根据所述源虚拟机的IP地址确定所述源VTEP的端点标识,根据所述目的虚拟机的IP地址,确定所述目的VTEP的端点标识;
所述控制器获取所述源VTEP的端点标识对应的所述第一网络设备的IP地址;
所述控制器根据所述探测请求,确定所述路径探测类型为虚拟机间路径探测。
这样,控制器根据用户输入的探测请求,抓取报文,获得报文的五元组信息,根据五元组信息构造与真实业务一致的探测报文,模拟真实业务逐级转发,逐级向控制器上报IP地址、经过的出接口号和入接口号,可以探测到源虚拟机和目的虚拟机之间真实的业务路径。
结合第一方面,在该第一方面的第二种可能实现方式中,所述探测请求中包括所述源VTEP的端点标识和所述目的VTEP的端点标识;所述控制器根据用户输入的探测请求,构造探测报文,包括:
所述控制器设置所述源端口值,所述源端口值根据所述源VTEP和所述目的VTEP之间的预期路径个数和设定余量个数之和递增;所述预期路径个数为用户已知的路径个数,所述设定余量个数为进行路径探测时设置的大于所述预期路径个数的个数,所述设定余量个数为正整数;
所述控制器根据所述探测请求,确定所述路径探测类型为VTEP间路径探测。
控制器根据用户输入的源VTEP的端点标识和目的VTEP的端点标识构造探测报文,并通过网络设备逐级转发,逐级向控制器上报IP地址、经过的出接口号和入接口号,可以探测到该源VTEP和目的VTEP之间多条真实的业务路径。
结合第一方面或第一方面的第一种可能的实现方式或第一方面的第二种可能的实现方式,在该第一方面的第三种可能的实现方式中,所述上报消息中还包括跳数,所述控制器根据每一级网络设备发送的上报消息中的IP地址,出接口号和入接口号,获得所述第一网络设备到所述第二网络设备的网络路径,包括:
所述控制器根据每一级网络设备发送的上报消息,从IP地址相同且跳数相
同的多个上报消息中筛选出一组出接口号和入接口号;其中,每一级网络设备发送的上报消息中的跳数,按照从所述源VTEP的端点标识对应的所述第一网络设备到所述目的VTEP的端点标识对应的所述第二网络设备的顺序递减;
所述控制器根据每一级网络设备发送的上报消息中的跳数,对筛选后的所有IP地址,出接口号和入接口号组进行排序;
所述控制器根据筛选、排序后的每组IP地址、出接口号和入接口号,获得所述网络路径。
根据网络设备的IP地址对上报的网络设备的出接口号和入接口号进行筛选,可以避免网络路径中存在重复的网络设备的出接口号和入接口号,并根据跳数对每一级网络设备的出接口号和入接口号进行排序,可以准确的得到探测报文经过的每一级网络设备的先后关系,还原真实的网络路径。
结合第一方面的第三种可能的实现方式,在第四种可能的实现方式中,所述探测报文还包括探测实例标识,所述探测实例标识用于标识不同的路径探测;
所述方法还包括:
所述控制器根据所述探测实例标识,分别记录接收到的每一个所述网络路径的IP地址,出接口号和入接口号。
在探测报文中设置探测实例标识,可以同时进行多条或多类型网络路径的探测。
结合第一方面或第一方面的第一种可能的实现方式或第一方面的第二种可能的实现方式或第一方面的第三种可能的实现方式或第一方面的第四种可能的实现方式,在该第一方面的第五种可能的实现方式中,所述方法还包括:
输出探测到的网络路径。
在控制器的用户界面输出探测到的网络路径,可以让用户直观地了解探测报文经过的每一级网络设备。
结合第一方面或第一方面的第一种可能的实现方式或第一方面的第二种可能的实现方式或第一方面的第三种可能的实现方式或第一方面的第四种可能的实现方式或第一方面的第五种可能的实现方式,在该第一方面的第六种可能的
实现方式中,所述方法还包括:
所述控制器根据探测到的网络路径,获得所述网络路径的状态,所述网络路径的状态包括:通路、断路、和环路。
直接得到网络路径的状态,可以给用户一个直接的网络路径状态的结论,而无需用户查看探测报文经过的每一级网络设备之间的通断或环路。
第二方面,提供了一种VxLAN中的路径探测方法,包括:
网络设备接收探测报文,所述探测报文是由控制器根据用户输入的探测请求构造的,所述探测报文中包括:用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的源网络设备的IP地址;
所述网络设备根据所述目的VTEP的端点标识,判断所述网络设备是否为与所述目标VTEP的端点标识对应的目的网络设备;
若所述网络设备是与所述目标VTEP的端点标识对应的目的网络设备,则所述网络设备根据所述探测报文生成上报消息,发送所述上报消息给所述控制器;
若所述网络设备不是与所述目标VTEP的端点标识对应的目的网络设备,则所述网络设备复制所述探测报文生成上报消息,发送所述上报消息给所述控制器,并转发所述探测报文直至所述目的网络设备;
其中,所述上报消息中包括所述探测报文,所述网络设备的IP地址,以及所述探测报文经过所述网络设备的出接口号和入接口号。
网络设备逐级转发控制器通过根据探测请求构造的探测报文,逐级向控制器上报IP地址、经过的出接口号和入接口号,从而控制器可以探测到真实的业务路径。
结合第二方面,在该第二方面的第一种可能的实现方式中,所述网络设备接收探测报文之后,所述方法还包括:
根据所述用于指示路径探测业务的标识,识别接收到的所述探测报文;
根据预置的或所述控制器发送的访问控制列表ACL或流表中存储的所述探测报文与执行动作的对应关系,获取与所述探测报文对应的执行动作;
其中,所述执行动作包括复制和/或转发所述探测报文,向所述控制器发送所述上报消息。
网络设备一旦识别出接收到的是探测报文,根据访问控制列表或流表中存储的探测报文的标识与执行动作的对应关系,可以获知接收到该探测报文之后的执行动作,直接执行该执行动作即可,简化了处理过程。
第三方面,提供了一种控制器,该控制器具有实现上述方法中控制器行为的功能。所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块。
一种可能的实现方式中,所述控制器包括:处理器,接收器和发送器;其中,
所述处理器,用于根据用户输入的探测请求,构造探测报文,所述探测报文中包括:用于指示路径探测业务的标识,源虚拟可扩展局域网隧道端点VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的第一网络设备的互联网络协议IP地址;
所述发送器,用于将所述探测报文发送至所述第一网络设备,以使所述第一网络设备复制所述探测报文,生成第一上报消息,发送所述第一上报消息给所述控制器,并根据所述源端口值转发所述探测报文直至所述目的VTEP的端点标识对应的第二网络设备;所述第一上报消息中包括所述探测报文,所述第一网络设备的IP地址以及所述第一网络设备的出接口号和入接口号;
所述接收器,用于接收每一级网络设备发送的上报消息,其中包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息;
所述处理器还用于根据每一级网络设备发送的上报消息中的IP地址,出接口号和入接口号,获得所述第一网络设备到所述第二网络设备之间的网络路径。
另一种可能的实现方式中,所述控制器包括:
构造模块,用于根据用户输入的探测请求,构造探测报文,所述探测报文中包括:用于指示路径探测业务的标识,源虚拟可扩展局域网隧道端点VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的第一网络设备的互联网络协议IP地址;
发送模块,用于将所述探测报文发送至所述第一网络设备,以使所述第一网络设备复制所述探测报文,生成第一上报消息,发送所述第一上报消息给所述控制器,并根据所述源端口值转发所述探测报文直至所述目的VTEP的端点标识对应的第二网络设备;所述第一上报消息中包括所述探测报文,所述第一网络设备的IP地址以及所述第一网络设备的出接口号和入接口号;
接收模块,用于接收每一级网络设备发送的上报消息,其中包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息;
获取模块,用于根据每一级网络设备发送的上报消息中的IP地址,出接口号和入接口号,获得所述第一网络设备到所述第二网络设备之间的网络路径。
第四方面,提供了一种网络设备,该网络设备具有实现上述方法中网络设备行为的功能。所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块。
一种可能的实现方式中,所述网络设备包括:处理器,接收器和发送器;其中,
所述接收器,用于接收探测报文,所述探测报文是由控制器根据用户输入的探测请求构造的,所述探测报文中包括:用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的源网络设备的IP地址;
所述处理器,用于根据所述目的VTEP的端点标识,判断所述网络设备是否为与所述目标VTEP的端点标识对应的目的网络设备;
所述处理器还用于若所述网络设备是与所述目标VTEP的端点标识对应的目的网络设备,则根据所述探测报文生成上报消息,发送所述上报消息给所述
控制器;
所述处理器还用于若所述网络设备不是与所述目标VTEP的端点标识对应的目的网络设备,则复制所述探测报文生成上报消息;
所述发送器,用于发送所述上报消息给所述控制器,并转发所述探测报文直至所述目的网络设备;
其中,所述上报消息中包括所述探测报文,所述网络设备的IP地址,以及所述探测报文经过所述网络设备的出接口号和入接口号。
另一种可能的实现方式中,所述网络设备包括:
接收模块,用于接收探测报文,所述探测报文是由控制器根据用户输入的探测请求构造的,所述探测报文中包括:用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的源网络设备的IP地址;
判断模块,用于根据所述目的VTEP的端点标识,判断所述网络设备是否为与所述目标VTEP的端点标识对应的目的网络设备;
生成模块,用于若所述网络设备是与所述目标VTEP的端点标识对应的目的网络设备,则根据所述探测报文生成上报消息;
发送模块,用于发送所述上报消息给所述控制器;
所述生成模块还用于若所述网络设备不是与所述目标VTEP的端点标识对应的目的网络设备,则所述网络设备复制所述探测报文生成上报消息;
所述发送模块还用于发送所述上报消息给所述控制器,并转发所述探测报文直至所述目的网络设备;
其中,所述上报消息中包括所述探测报文,所述网络设备的IP地址,以及所述探测报文经过所述网络设备的出接口号和入接口号。
根据本发明实施例提供的一种网络路径探测方法,控制器和网络设备,控制器通过根据探测请求构造探测报文,并通过网络设备逐级转发,逐级向控制
器上报IP地址、经过的出接口号和入接口号,可以探测到真实的业务路径。
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1为本发明实施例提供的一种VxLAN中的路径探测方法的流程示意图;
图2本发明实施例提供的路径探测示意图;
图3为本发明实施例提供的一种VM间的路径探测方法的流程示意图;
图4为本发明实施例提供的探测报文的格式示意图;
图5为本发明实施例提供的一种VTEP间的路径探测方法的流程示意图;
图6为本发明实施例提供的另一种VxLAN中的路径探测方法的流程示意图;
图7为本发明实施例提供的一种控制器的结构示意图;
图8为本发明实施例提供的一种网络设备的结构示意图;
图9为本发明实施例提供的另一种控制器的结构示意图;
图10为本发明实施例提供的又一种控制器的结构示意图;
图11为本发明实施例提供的另一种网络设备的结构示意图。
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。
在VxLAN组网架构下,将VM发出的数据包封装在UDP中,并使用物理网络的IP/MAC作为outer-header进行封装,然后在物理IP网上传输,到达目的
地后由VTEP解封装并将数据发送给目标虚拟机。一个VTEP下可挂接多个VMs。本发明实施例中,控制器可对两个VMs之间的单个网络路径进行探测,也可以对两个VTEPs之间的所有网络路径进行探测,即控制器根据探测请求构造探测报文,通过开放的流转发协议下发接口(Packet-Out)将探测报文发送至源VTEP对应的网络设备,网络设备将探测报文进行复制并转发给下一级网络设备,每一级网络设备进行探测报文的复制、转发,并通过开放的流转发协议上送接口发送上报消息至控制器,上报探测报文、网络设备的IP地址、探测报文出、入接口号,控制器根据记录的每一级网络设备的出、入接口号,获得探测到的网络路径,从而可以保证探测的仿真路径和实际业务路径一致。
本发明实施例基于Openflow网络。OpenFlow网络由OpenFlow交换机、网络虚拟化层FlowVisor和控制器Controller三部分组成。OpenFlow交换机是整个OpenFlow网络的核心部件,实现了数据层和控制层的分离,主要管理数据层的转发。OpenFlow交换机接收到数据包后,首先在本地的流表上查找目标转发端口,如果没有匹配,则把数据包转发给Controller,由控制层决定转发端口。类比计算机的虚拟化,FlowVisor就是位于硬件结构元件和软件之间的网络虚拟层;FlowVisor允许多个控制器同时控制一台OpenFlow交换机,但是每个控制器仅仅可以控制经过这个OpenFlow交换机的某一个虚拟网络。Controller实现控制层的功能;通过OpenFlow协议对OpenFlow交换机中的流表进行控制,从而实现对整个网络进行集中控制。
图1为本发明实施例提供的一种VxLAN中的路径探测方法的流程示意图,该方法包括以下步骤:
S101、控制器根据用户输入的探测请求,构造探测报文。
控制器独立于VM、VTEP、网络设备。例如如图2所示的路径探测,该控制器可以为敏捷网络控制器(Agile Controller,简称AC)。控制器可以是一个集群,可以由这个集群里的任意一个控制器处理数据的发送和接收。该控制器具有人机界面,可以获取用户输入的探测请求,该探测请求可以是通过用户在人机界
面上指定抓取需要进行网络路径探测的报文,或者通过输入源VTEP、目的VTEP发起。由于一个VTEP下可以挂载一个或多个VM,因此,本申请中的路径探测可以是两个VM间的探测,即单路径探测;也可以是两个VTEPs间的探测,即多路径雷达探测,即,探测两个VTEPs下所有VMs间的所有可能的路径。
控制器进行网络路径探测时,需要构造探测报文,将探测报文发送到网络设备,以探测该探测报文与实际报文所经过的路径是否一致。该探测报文中包括:用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型、以及与源VTEP对应的第一网络设备的IP地址。这里,路径探测类型即包括:VM间的路径探测和VTEP间的路径探测。
S102、所述控制器将所述探测报文发送至所述第一网络设备,以使所述第一网络设备复制所述探测报文,生成第一上报消息,发送所述第一上报消息给所述控制器,并根据所述源端口值转发所述探测报文直至所述目的VTEP的端点标识对应的第二网络设备。
所述第一上报消息中包括所述探测报文,所述第一网络设备的IP地址以及所述第一网络设备的出接口号和入接口号。
本发明实施例基于Openflow网络下发报文和上送报文,具体地,通过Openflow下发接口Packet-Out和Openflow上送接口Packet-In进行。控制器将构造的探测报文通过Packet-Out接口发给源VTEP对应的第一网络设备,网络设备之间是根据计算出的源端口值自动进行报文的转发。这里的网络设备是指支持VxLAN的二层设备或三层设备,可以是交换机或路由器。
本发明实施例网络设备在进行报文的转发时,还需进行探测报文的复制,这是因为本发明实施例网络设备不仅要进行探测报文的转发,还需将探测报文封装在上报消息中发送给控制器。第一网络设备复制探测报文,生成第一上报消息,发送第一上报消息至控制器,并根据源端口值转发探测报文至所述第一网络设备的下一级网络设备。每一级网络设备重复进行复制探测报文、上报第一上报消息、转发探测报文的步骤,直至目的VTEP的端点标识对应的第二网络设备接收到所述探测报文,该第二网络设备只发送第二上报消息给控制器,
无需再复制、转发探测报文。
需要说明的是,这里“第一上报消息”和“第二上报消息”所包含的消息内容都是:探测报文,发送该上报消息的网络设备的IP地址,以及接收和转发探测报文分别经过的该网络设备的出接口号和入接口号。只是不过为了区分是否由目的VTEP的端点标识对应的网络设备发送该上报消息,而定义“第一上报消息”和“第二上报消息”。
S103、所述控制器接收每一级网络设备发送的上报消息,其中包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息。
网络设备之间是根据计算出的源端口值自动进行报文的转发的,因此,现有技术中是不知道网络设备之间是通过哪条路径进行报文的转发的,本发明实施例则是要解决这个问题,即探测报文经过每一级网络设备,每一级网络设备都通过Packet-In接口发送上报消息给控制器。
控制器可接收到每一级网络设备发送的第一上报消息,以及目的VTEP的端点标识对应的第二网络设备发送的第二上报消息,因此,该上报消息包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息。需要说明的是,一个网络设备具有多个接口号,这里需要明确探测报文是具体从哪个网络设备的哪个接口接入和发出。
S104、所述控制器根据每一级网络设备发送的上报消息中的IP地址,出接口号和入接口号,获得所述第一网络设备到所述第二网络设备之间的网络路径。
控制器接收到每一级网络设备的IP地址,出接口号和入接口号后,可以根据该接口号,获得探测到的网络路径,即构造的探测报文依次经过哪些网络设备。
如图2所示,AC控制器集群通过OpenFlow架构将探测报文发送至源VTEP对应的节点X,节点X将探测报文进行复制,生成上报消息,将探测报文转发至节点A,并向AC控制器集群发送上报消息;然后节点A、C、Y重复执行复制探测报文、转发探测报文和发送上报消息的步骤,这样,当探测报文转发完毕后,AC控制器集群根据收到的上报消息可以获知探测报文经过的路径,例如
X-A-C-Y,这里的节点为网络设备。
根据本发明实施例提供的一种VxLAN中的路径探测方法,控制器通过根据探测请求构造探测报文,并通过网络设备逐级转发,逐级向控制器上报IP地址、经过的出接口号和入接口号,可以探测到真实的业务路径。
图3为本发明实施例提供的一种VM间的路径探测方法的流程示意图,该方法包括以下步骤:
S201、控制器根据用户输入的探测请求中的源虚拟机的IP地址,目的虚拟机的IP地址和协议类型标识,抓取目标报文。
本实施例涉及VM间的网络路径探测。用户可以通过输入待探测报文的源虚拟机的IP地址,目的虚拟机的IP地址,以及协议类型标识,指示控制器对目标报文进行抓包。报文的源VM和目的VM分别为源VTEP和目的VTEP下挂载的一个VM。
S202、所述控制器获取所述目标报文的源虚拟机的端口号和目的虚拟机的端口号,得到所述目标报文的五元组信息。
控制器抓取了该报文后,可以获得该报文的源虚拟机的端口号和目的虚拟机的端口号,从而获得该目标报文的五元组信息,所述五元组信息包括所述源虚拟机的IP地址,所述目的虚拟机的IP地址,所述协议类型标识,所述源虚拟机的端口号和所述目的虚拟机的端口号。控制器获得该报文的五元组信息,即触发该报文的探测。
S203、所述控制器根据所述五元组信息,确定源端口值。
控制器可以根据五元组数据来哈希计算出一个源端口值,将该值填写到探测报文中,然后再转发,进行路径探测,后续在每一跳抵达的网络设备上,会根据该源端口值来选路,一条网络路径的源端口值只有唯一一个。对于单路径探测来说,则根据一个五元组数据只能计算出一个源端口值。
S204、所述控制器根据所述源虚拟机的IP地址确定源VTEP的端点标识,根据所述目的虚拟机的IP地址,确定目的VTEP的端点标识。
由于每个VM都是用户通过控制器挂载到某个VTEP下的,因此,控制器存储了VTEP与其挂载的VM之间的对应关系,因此,控制器根据源VM的IP地址和目的VM的IP地址,可以分别确定其对应的源VTEP的端点标识和目的VTEP的端点标识。该源、目的VTEP用于确定探测报文的首、尾网络设备。
S205、所述控制器获取所述源VTEP的端点标识对应的第一网络设备的IP地址。
控制器也预先存储了VTEP与连接的网络设备的对应关系,因此,根据源VTEP的端点标识,也能获取第一网络设备的IP地址。
S206、所述控制器根据所述探测请求,确定所述路径探测类型为虚拟机间路径探测。
该探测请求包括用户抓取的报文的五元组信息,从而可以确定该路径探测是对该报文进行仿真探测,即单个报文或单条路径的探测,也称为虚拟机间路径探测。
S207、所述控制器将用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的第一网络设备的IP地址进行封装,构造探测报文。
控制器获取了以上信息后,可以构造探测报文,即将以上信息进行封装,通过Openflow网络进行传输。VM之间的路经探测是为了诊断指定业务流的路径。
在本实施例中,采用VxLAN格式对探测报文进行封装,其格式如图4所示,包括外层MAC头(Outer MAC Header)、IP头(IP Header)、UDP头(UDP Header)和VxLAN头(VxLAN Header)字段,其余字段为报文内容。其中,用VxLAN头中保留字段中的一位,例如,保留字段的最后一位,作为指示路径探测业务的标识;报文内容(二层帧)中包括伪头(Pseudo-Header)和操作管理运维(Operation Administration and Maintenance,简称OAM)头(OAM PDU)。伪头(Pseudo-Header)用于保证流量走转发管道选路结果,伪头后面便是OAM头,包括标识(OAM FLAG)、OAM类型(OAM TYPE)、预留字段和可扩展类型长度值
(Type-length-value,简称TLV)。所述OAM标志(FLAG)用于标识是OAM头,为32比特,取值为0xFFFFFFFF。所述OAM类型(TYPE)用于标识路径探测类型,为1字节,本发明实施例中用0x1表示VTEP间全路径探测,0x2表示VM间单路径探测,其他预留。所述可扩展TLV用于携带第一网络设备的IP地址,入接口号和出接口号等。当然,可扩展TLV中还可以包括其它字段,例如,探测实例标识。所述探测实例标识用于标识不同的网络路径探测。
S208、所述控制器将所述探测报文发送至所述第一网络设备,以使所述第一网络设备复制所述探测报文,生成第一上报消息,发送所述第一上报消息给所述控制器,并根据所述源端口值转发所述探测报文直至所述目的VTEP的端点标识对应的第二网络设备。
网络设备之间是根据计算出的源端口值自动进行报文的转发的,因此,现有技术中是不知道网络设备之间是通过哪条路径进行报文的转发的,本发明实施例则是要解决这个问题,即探测报文经过每一级网络设备,每一级网络设备都通过Packet-In接口发送上报消息给控制器。
第一网络设备复制探测报文,生成第一上报消息,发送第一上报消息至控制器,并根据源端口值转发探测报文至所述第一网络设备的下一级网络设备。每一级网络设备重复进行复制探测报文、上报第一上报消息、转发探测报文的步骤,直至目的VTEP的端点标识对应的第二网络设备接收到所述探测报文,该第二网络设备只发送第二上报消息给控制器,无需再复制、转发探测报文。
S209、所述控制器接收每一级网络设备发送的上报消息,其中包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息。
控制器可接收到每一级网络设备发送的第一上报消息,以及目的VTEP的端点标识对应的第二网络设备发送的第二上报消息,因此,该上报消息包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息。该上报消息包括复制的探测报文,发送该上报消息的网络设备的IP地址,接收探测报文的网络设备的入接口号,以及转发探测报文和/或发送上报消息的网络设备中的出接口号。需要说明的是,一个网络设备具有多个接口号,这里需要明确探测报文
是具体从哪个网络设备的哪个接口接入和发出。
对于本实施例的单路径探测来说,由于仅计算出一个源端口值,因此,当控制器接收到目的VTEP的端点标识对应的第二网络设备发送的上报消息,可以确定该路径已经探测完毕。
对于路径探测是否完毕,还可以通过设定路径探测的时间,如果达到设定时间,则可认为路径探测完毕;还可以根据接收到目的VTEP对应的第二网络设备发送的上报消息以及该路径探测的跳数确定,如果接收到目的VTEP对应的第二网络设备发送的上报消息,且跳数连续,则可认为路径探测完毕,否则,即便接收到目的VTEP对应的网络设备发送的上报消息,但跳数不连续或不完整,则可认为路径探测没有结束或失败。
S210、所述控制器根据探测实例标识,分别记录接收到的每一个所述网络路径的IP地址,出接口号和入接口号。
由于控制器可同时进行多个网络路径的探测,因此具有多个探测实例,对于每个网络路径探测,需要设置一个探测实例标识,该探测实例标识包含在Extendable TLV字段中,所述探测实例标识用于标识不同的报文的网络路径探测。控制器根据接收到的探测报文中包含的探测实例标识,分别记录接收到的每一级网络设备的出接口号和入接口号。
S211、所述控制器针对每一个探测实例标识对应的路径探测,根据每一级网络设备发送的上报消息,从IP地址相同且跳数相同的多个上报消息中筛选出一组出接口号和入接口号。
网络设备在上报消息时,可能会重复上报,因此,需要对接收到相同网络设备且跳数相同的出接口和入接口进行筛选,仅保留一组所述IP地址对应的网络设备的出接口号和入接口号。每一级网络设备发送的上报消息中的跳数,按照从所述源VTEP的端点标识对应的所述第一网络设备到所述目的VTEP的端点标识对应的所述第二网络设备的顺序递减。
S212、所述控制器根据每一级网络设备发送的上报消息中的跳数,对筛选后的所有IP地址,出接口号和入接口号组进行排序。
上报消息还可包括跳数,例如,存活时间(Time To Live,简称TTL),报文转发时,每经过一个网络设备,跳数就减一。因此,可根据跳数,对接收到的经筛选后的每一级网络设备的出接口号和入接口号进行排序。
S213、所述控制器根据筛选、排序后的每组IP地址、出接口号和入接口号,获得所述网络路径。
进行筛选、排序后,得到的网络路径,是一个具有清晰的、唯一的拓扑关系的网络路径。
根据网络设备的IP地址和跳数对上报的网络设备的出接口号和入接口号进行筛选,可以避免网络路径中存在重复的网络设备的出接口号和入接口号,并根据跳数对每一级网络设备的出接口号和入接口号进行排序,可以准确的得到探测报文经过的每一级网络设备的先后关系,还原真实的网络路径。
S214、所述控制器输出所述网络路径。
由于探测器具有人机界面或用户界面,因此,还可将探测到的网络路径输出至用户界面,可以让用户直观地了解探测报文经过的每一级网络设备。
S215、所述控制器根据所述网络路径,获得所述网络路径的状态。
根据获得的探测到的网络路径,还可获得网络路径的状态。该网络路径的状态包括:通路、断路、和环路。通路是指该网络路径是通畅的,是正常的网络路径,断路是指控制器不能接收到某些跳数的网络设备上报的消息,环路是指处于环路状态的网络路径的跳数比正常网络路径经过的跳数多。了解了网络路径的状态,能够及时发现断路、环路网络故障。直接得到网络路径的状态,可以给用户一个直接的网络路径状态的结论,而无需用户查看探测报文经过的每一级网络设备之间的通断或环路。
根据本发明实施例提供的一种VxLAN中的路径探测方法,控制器根据用户输入的探测请求,抓取报文,获得报文的五元组信息,根据五元组信息构造与真实业务一致的探测报文,模拟真实业务逐级转发,逐级向控制器上报IP地址、经过的出接口号和入接口号,可以探测到源虚拟机和目的虚拟机之间真实的业务路径,以便确认网络路径的状态;在控制器的用户界面输出探测到的网络路
径,可以让用户直观地了解探测报文经过的每一级网络设备;直接得到网络路径的状态,可以给用户一个直接的网络路径状态的结论,而无需用户查看探测报文经过的每一级网络设备之间的通断或环路。
图5为本发明实施例提供的一种VTEP间的路径探测方法的流程示意图,该方法包括以下步骤:
S301、控制器设置源端口值,所述源端口值根据所述源VTEP和所述目的VTEP之间的预期路径个数和设定余量个数之和递增。
本实施例涉及VTEP间的路径探测,即多路径雷达探测,需要探测两个VTEP间的所有可能存在的路径,多路径是为了检测两个VTEP间的路径个数是否符合预期,是一种尝试性探测。用户可以直接输入需要探测的源VTEP的端点标识和目的VTEP的端点标识。
本实施例与VM间的路径探测不同的是,对于VTEP间的探测,由于用户没有传递五元组数据,所以需要控制器设置一个源端口值,每发出一个探测报文,该源端口值递增,因此,设置的该源端口值也称为源端口初始值,其取值范围为4096~65535,递增后的源端口值作为每一个探测报文的源端口值,直至构造出包含源端口最大值的探测报文。由于多路径探测的时候,是根据用户已知的路径个数来输入的探测报文个数的,个数要大于已知路径个数才能够覆盖探测的,因此源端口值的递增的次数根据所述源VTEP和所述目的VTEP之间的预期的路径个数和设定余量个数确定,例如预期的路径个数为200个,可设置递增次数为220次。由于多路径探测本身是一种尝试性探测,可进行多次探测,例如预期有100个路径,第一次指定110个包探测,第二次指定120个包探测,得到的路径最大值就是存在的最大路径个数。进行路径探测时设置的大于所述预期路径个数的个数,所述设定余量个数为正整数。
S302、所述控制器根据用户输入的源VTEP的端点标识和目的VTEP的端点标识,确定所述探测报文的探测类型为VTEP间路径探测。
控制器根据用户输入的源、目的VTEP,构造探测报文,探测报文的探测类
型为VTEP间路径探测,其它内容与VM间的路径探测的探测报文相同,在此不再赘述。
S303、所述控制器将用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的第一网络设备的IP地址进行封装,构造探测报文。
控制器获取了以上信息后,可以构造探测报文,即将以上信息进行封装,通过Openflow网络进行传输。在本实施例中,采用VxLAN格式对探测报文进行封装,其封装格式如图4所示。
S304、所述控制器将所述探测报文发送至所述第一网络设备,以使所述第一网络设备复制所述探测报文,生成第一上报消息,发送所述第一上报消息给所述控制器,并根据所述源端口值转发所述探测报文直至所述目的VTEP的端点标识对应的第二网络设备。
S305、所述控制器接收每一级网络设备发送的上报消息,其中包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息。
对于VTEP间的路径探测,包括多个源端口值,控制器直至探测到目的VTEP的端点标识对应的网络设备上报的上报消息,且上报消息中包含源端口最大值的的网络路径,则探测完毕。
S306、所述控制器根据探测实例标识,分别记录接收到的所述每一级网络设备的出接口号和入接口号。
S307、所述控制器针对每一个探测实例标识对应的路径探测,根据每一级网络设备发送的上报消息,从IP地址相同且跳数相同的多个上报消息中筛选出一组出接口号和入接口号。
每一级网络设备发送的上报消息中的跳数,按照从所述源VTEP的端点标识对应的所述第一网络设备到所述目的VTEP的端点标识对应的所述第二网络设备的顺序递减。
S308、所述控制器根据每一级网络设备发送的上报消息中的跳数,对筛选后的所有IP地址,出接口号和入接口号组进行排序。
其中,每转发至下一级网络设备,所述跳数递减。
S309、所述控制器根据筛选、排序后的每组IP地址、出接口号和入接口号,获得所述网络路径。
S310、所述控制器输出所述网络路径。
S311、所述控制器根据所述网络路径,获得所述网络路径的状态。
关于网络设备的出接口号和入接口号的记录,网络设备的出接口号和入接口号的筛选、排序,网络路径的获取,输出网络路径,以及获得网络路径的状态,与前述实施例相同,在此不再赘述。
根据本发明实施例提供的一种网络路径探测方法,控制器根据用户输入的源VTEP的端点标识和目的VTEP的端点标识构造探测报文,并通过网络设备逐级转发,逐级向控制器上报IP地址、经过的出接口号和入接口号,可以探测到该源VTEP和目的VTEP之间多条真实的业务路径;在控制器的用户界面输出探测到的网络路径,可以让用户直观地了解探测报文经过的每一级网络设备;直接得到网络路径的状态,可以给用户一个直接的网络路径状态的结论,而无需用户查看探测报文经过的每一级网络设备之间的通断或环路。
图6为本发明实施例提供的另一种VxLAN中的路径探测方法的流程示意图,该方法包括以下步骤:
S401、网络设备接收探测报文。
对于任一级网络设备,接收探测报文,该任一级网络设备可以是源VTEP的端点标识对应的网络设备,也可以是中间的网络设备,也可以是目的VTEP的端点标识对应的网络设备。如果是源VTEP的端点标识对应的网络设备,则是从控制器接收到探测报文,如果是其它任意一级的网络设备,则是从其上一级网络设备接收到探测报文。这里的网络设备是指支持VxLAN的二层设备或三层设备,可以是交换机或路由器。
该探测报文是由控制器根据探测请求,仿真实际报文构造得到的。该探测报文中包括:用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP
的端点标识,源端口值,路径探测类型,以及源VTEP的端点标识对应的网络设备的IP地址。路径探测类型包括:VM间的路径探测和VTEP间的路径探测,VM间的路径探测也称单路径探测,VTEP间的路径探测也称多路径雷达探测。
在本实施例中,采用VxLAN格式对探测报文进行封装,其格式如图4所示,具体可参考步骤S206中所述。
基于Openflow网络下发报文和上送报文,具体地,通过Openflow下发接口Packet-Out和Openflow上送接口Packet-In进行。
可选地,该方法还可以包括:
根据用于指示路径探测业务的标识,识别接收到的所述探测报文;
根据预置的或所述控制器发送的访问控制列表ACL或流表中存储的所述探测报文与执行动作的对应关系,获取与所述探测报文对应的执行动作;
其中,所述执行动作包括复制和/或转发所述探测报文,向所述控制器发送所述上报消息。
网络设备一旦识别出接收到的是探测报文,根据访问控制列表或流表中存储的探测报文与执行动作的对应关系,可以获知接收到该探测报文之后的执行动作,直接执行该执行动作即可,简化了处理过程。
S402、所述网络设备根据目的VTEP的端点标识,判断所述网络设备是否为与所述目标VTEP的端点标识对应的目的网络设备,若判断的结果为是,则进行到S403;否则,进行到S404。
S403、若所述网络设备是与所述目标VTEP的端点标识对应的目的网络设备,则所述网络设备根据所述探测报文生成上报消息,发送所述上报消息给所述控制器。
由于本实施例的网络设备可以是任一级网络设备,由于目标VTEP的端点标识对应的网络设备与其它任一级的网络设备的操作步骤不同,目标VTEP的端点标识对应的网络设备只需发送上报消息给控制器,而无需复制和转发探测报文,因此,这里需要判断网络设备是否为与目标VTEP的端点标识对应的网络设备。
S404、若所述网络设备不是与所述目标VTEP的端点标识对应的目的网络设备,则所述网络设备复制所述探测报文生成上报消息,发送所述上报消息给所述控制器,并转发所述探测报文直至所述目的网络设备。
网络设备之间是根据计算出的源端口值自动进行报文的转发。然而,本发明实施例网络设备在进行报文的转发时,还需进行探测报文的复制,这是因为本发明实施例网络设备不仅要进行探测报文的转发,还需将探测报文封装在上报消息中发送给控制器。
现有技术中是不知道网络设备之间是通过哪条路径进行报文的转发的,本发明实施例则是要解决这个问题,即探测报文经过每一级网络设备,每一级网络设备都通过Packet-In接口发送上报消息给控制器。上报消息中包括复制的探测报文,发送该上报消息的网络设备的IP地址,接收探测报文的网络设备的入接口号,以及转发探测报文和/或发送上报消息的网络设备中的出接口号。
需要说明的是,一个网络设备具有多个接口号,这里需要明确探测报文是具体从哪个网络设备的哪个接口发出和接入。
控制器接收到每一级网络设备的出接口号和入接口号后,可以根据该接口号,获得探测到的网络路径,即仿真的探测报文依次经过哪些网络设备。
根据本发明实施例提供的一种VxLAN中的路径探测方法,网络设备逐级转发控制器通过根据探测请求构造的探测报文,逐级向控制器上报IP地址、经过的出接口号和入接口号,从而控制器可以探测到真实的业务路径。
需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为根据本发明,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本发明所必须的。
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。
如图7所示,本发明实施例提供一种控制器1000,用于实现上述VxLAN
中的路径探测的功能,如图7所示,控制器1000包括处理器11,发送器12和接收器13,其中,所述处理器11,发送器12和接收器13之间通过总线14相互连接。
所述处理器11,用于根据用户输入的探测请求,构造探测报文,所述探测报文中包括:用于指示路径探测业务的标识,源虚拟可扩展局域网隧道端点VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的第一网络设备的互联网络协议IP地址;
所述发送器12,用于将所述探测报文发送至所述第一网络设备,以使所述第一网络设备复制所述探测报文,生成第一上报消息,发送所述第一上报消息给所述控制器,并根据所述源端口值转发所述探测报文直至所述目的VTEP的端点标识对应的第二网络设备;所述第一上报消息中包括所述探测报文,所述第一网络设备的IP地址以及所述第一网络设备的出接口号和入接口号;
所述接收器13,用于接收每一级网络设备发送的上报消息,其中包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息;
所述处理器11还用于根据每一级网络设备发送的上报消息中的IP地址,出接口号和入接口号,获得所述第一网络设备到所述第二网络设备之间的网络路径。
需要说明的是,该发送器12和接收器13可以是单独的器件或元件,也可以是合为一体的收发器。
所述处理器11可以是通用处理器,包括中央处理器(Central Processing Unit,CPU)、网络处理器(Network Processor,NP)等;还可以是数字信号处理器(DSP)、专用集成电路(ASIC)、现场可编程门阵列(FPGA)或者其他可编程逻辑器件等。
所述处理器11为CPU时,所述控制器1000还可以包括:存储器,用于存储程序。具体地,程序可以包括程序代码,所述程序代码包括计算机操作指令。存储器可能包含随机存取存储器(random access memory,RAM),也可能还包括非易失性存储器(non-volatile memory),例如至少一个磁盘存储器。所述
处理器11执行所述存储器中存储的程序代码,实现上述功能。
可选地,所述探测请求中包括源虚拟机的IP地址,目的虚拟机的IP地址和协议类型标识;
所述处理器11具体用于根据所述探测请求中的所述源虚拟机的IP地址,所述目的虚拟机的IP地址和所述协议类型标识,抓取目标报文;
所述处理器11还具体用于获取所述目标报文的源虚拟机的端口号和目的虚拟机的端口号,得到五元组信息,所述五元组信息包括所述源虚拟机的IP地址,所述目的虚拟机的IP地址,所述协议类型标识,所述源虚拟机的端口号和所述目的虚拟机的端口号;
所述处理器11还具体用于根据所述五元组信息,确定所述源端口值;
所述处理器11还具体用于根据所述源虚拟机的IP地址确定所述源VTEP,根据所述目的虚拟机的IP地址,确定所述目的VTEP;
所述处理器11还具体用于获取所述源VTEP的端点标识对应的所述第一网络设备的IP地址;
所述处理器11还具体用于根据所述探测请求,确定所述路径探测类型为虚拟机间路径探测。
可选地,所述探测请求中包括所述源VTEP的端点标识和所述目的VTEP的端点标识;
所述处理器11具体用于设置所述源端口值,所述源端口值根据所述源VTEP和所述目的VTEP之间的预期路径个数和设定余量个数之和递增;所述预期路径个数为用户已知的路径个数,所述设定余量个数为进行路径探测时设置的大于所述预期路径个数的个数,所述设定余量个数为正整数;
所述处理器11还具体用于根据所述探测请求,确定所述路径探测类型为VTEP间路径探测。
可选地,所述上报消息中还包括跳数;
所述处理器11具体用于根据每一级网络设备发送的上报消息,从IP地址相同且跳数相同的多个上报消息中筛选出一组出接口号和入接口号;其中,每一
级网络设备发送的上报消息中的跳数,按照从所述源VTEP的端点标识对应的所述第一网络设备到所述目的VTEP的端点标识对应的所述第二网络设备的顺序递减;
所述处理器11还具体用于根据每一级网络设备发送的上报消息中的跳数,对筛选后的所有IP地址,出接口号和入接口号组进行排序;
所述处理器11还具体用于根据筛选、排序后的每组IP地址、出接口号和入接口号,获得所述网络路径。
可选地,所述探测报文还包括探测实例标识,所述探测实例标识用于标识不同的路径探测;
所述处理器11具体用于根据根据所述探测实例标识,分别记录接收到的每一个网络路径的IP地址,出接口号和入接口号。
可选地,所述处理器11还具体用于根据探测到的网络路径,获得所述网络路径的状态,所述网络路径的状态包括:通路、断路、和环路。
根据本发明实施例提供的一种控制器,控制器通过根据探测请求构造探测报文,并通过网络设备逐级转发,逐级向控制器上报IP地址、经过的出接口号和入接口号,可以探测到真实的业务路径。
如图8所示,本发明实施例提供一种网络设备2000,用于实现上述VxLAN中的路径探测的功能,如图8所示,网络设备2000包括接收器21,处理器22和发送器23,其中,所述接收器21,处理器22和发送器23之间通过总线24相互连接。
所述接收器21,用于接收探测报文,所述探测报文是由控制器根据用户输入的探测请求构造的,所述探测报文中包括:用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的源网络设备的IP地址;
所述处理器22,用于根据所述目的VTEP的端点标识,判断所述网络设备是否为与所述目标VTEP的端点标识对应的目的网络设备;
所述处理器22还用于若所述网络设备是与所述目标VTEP的端点标识对应的目的网络设备,则根据所述探测报文生成上报消息,发送所述上报消息给所述控制器;
所述处理器22还用于若所述网络设备不是与所述目标VTEP的端点标识对应的目的网络设备,则复制所述探测报文生成上报消息;
所述发送器23,用于发送所述上报消息给所述控制器,并转发所述探测报文直至所述目的网络设备;
其中,所述上报消息中包括所述探测报文,所述网络设备的IP地址,以及所述探测报文经过所述网络设备的出接口号和入接口号。
所述处理器22可以是通用处理器,包括CPU、网络处理器(NP)等;还可以是数字信号处理器(DSP)、专用集成电路(ASIC)、现场可编程门阵列(FPGA)或者其他可编程逻辑器件等。
所述处理器22为CPU时,所述网络设备2000还可以包括:存储器,用于存储程序。具体地,程序可以包括程序代码,所述程序代码包括计算机操作指令。存储器可能包含随机存取存储器,也可能还包括非易失性存储器,例如至少一个磁盘存储器。所述处理器22执行所述存储器中存储的程序代码,实现上述功能。
可选地,所述处理器22还用于根据所述用于指示路径探测业务的标识,识别接收到的所述探测报文
所述处理器22还用于根据预置的或所述控制器发送的访问控制列表ACL或流表中存储的所述探测报文与执行动作的对应关系,获取与所述探测报文对应的执行动作;
其中,所述执行动作包括复制和/或转发所述探测报文,向所述控制器发送所述上报消息。
根据本发明实施例提供的一种网络设备,网络设备逐级转发控制器通过根据探测请求构造的探测报文,逐级向控制器上报IP地址、经过的出接口号和入接口号,从而控制器可以探测到真实的业务路径。
图9为本发明实施例提供的一种控制器的结构示意图,该控制器3000包括:依次连接的构造模块31,发送模块32,接收模块33和获取模块34;其中,
构造模块31,用于根据用户输入的探测请求,构造探测报文。
控制器独立于VM、VTEP、网络设备。例如如图2所示的路径探测,该控制器可以为敏捷网络控制器(Agile Controller,简称AC)。控制器可以是一个集群,可以由这个集群里的任意一个控制器处理数据的发送和接收。该控制器具有人机界面,可以获取用户输入的探测请求,该探测请求可以是通过用户在人机界面上指定抓取需要进行网络路径探测的报文,或者通过输入源VTEP、目的VTEP发起。由于一个VTEP下可以挂载一个或多个VM,因此,本申请中的路径探测可以是两个VM间的探测,即单路径探测;也可以是两个VTEPs间的探测,即多路径雷达探测,即,探测两个VTEPs下所有VMs间的所有可能的路径。
控制器进行网络路径探测时,需要构造探测报文,将探测报文发送到网络设备,以探测该探测报文与实际报文所经过的路径是否一致。该探测报文中包括:用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型、以及与源VTEP对应的第一网络设备的IP地址。这里,路径探测类型即包括:VM间的路径探测和VTEP间的路径探测。
发送模块32,用于将所述探测报文发送至所述第一网络设备,以使所述第一网络设备复制所述探测报文,生成第一上报消息,发送所述第一上报消息给所述控制器,并根据所述源端口值转发所述探测报文直至所述目的VTEP的端点标识对应的第二网络设备。
所述第一上报消息中包括所述探测报文,所述第一网络设备的IP地址以及所述第一网络设备的出接口号和入接口号。
本发明实施例基于Openflow网络下发报文和上送报文,具体地,通过Openflow下发接口Packet-Out和Openflow上送接口Packet-In进行。控制器将构造的探测报文通过Packet-Out接口发给源VTEP对应的第一网络设备,网络设备之间是根据计算出的源端口值自动进行报文的转发。这里的网络设备是指
支持VxLAN的二层设备或三层设备,可以是交换机或路由器。
本发明实施例网络设备在进行报文的转发时,还需进行探测报文的复制,这是因为本发明实施例网络设备不仅要进行探测报文的转发,还需将探测报文封装在上报消息中发送给控制器。第一网络设备复制探测报文,生成第一上报消息,发送第一上报消息至控制器,并根据源端口值转发探测报文至所述第一网络设备的下一级网络设备。每一级网络设备重复进行复制探测报文、上报第一上报消息、转发探测报文的步骤,直至目的VTEP的端点标识对应的第二网络设备接收到所述探测报文,该第二网络设备只发送第二上报消息给控制器,无需再复制、转发探测报文。
需要说明的是,这里“第一上报消息”和“第二上报消息”所包含的消息内容都是:探测报文,发送该上报消息的网络设备的IP地址,以及接收和转发探测报文分别经过的该网络设备的出接口号和入接口号。只是不过为了区分是否由目的VTEP的端点标识对应的网络设备发送该上报消息,而定义“第一上报消息”和“第二上报消息”。
接收模块33,用于接收每一级网络设备发送的上报消息,其中包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息。
网络设备之间是根据计算出的源端口值自动进行报文的转发的,因此,现有技术中是不知道网络设备之间是通过哪条路径进行报文的转发的,本发明实施例则是要解决这个问题,即探测报文经过每一级网络设备,每一级网络设备都通过Packet-In接口发送上报消息给控制器。
控制器可接收到每一级网络设备发送的第一上报消息,以及目的VTEP的端点标识对应的第二网络设备发送的第二上报消息,因此,该上报消息包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息。需要说明的是,一个网络设备具有多个接口号,这里需要明确探测报文是具体从哪个网络设备的哪个接口接入和发出。
获取模块34,用于根据每一级网络设备发送的上报消息中的IP地址,出接口号和入接口号,获得所述第一网络设备到所述第二网络设备之间的网络路径。
控制器接收到每一级网络设备的IP地址,出接口号和入接口号后,可以根据该接口号,获得探测到的网络路径,即构造的探测报文依次经过哪些网络设备。
如图2所示,AC控制器集群通过OpenFlow架构将探测报文发送至源VTEP对应的节点X,节点X将探测报文进行复制,生成上报消息,将探测报文转发至节点A,并向AC控制器集群发送上报消息;然后节点A、C、Y重复执行复制探测报文、转发探测报文和发送上报消息的步骤,这样,当探测报文转发完毕后,AC控制器集群根据收到的上报消息可以获知探测报文经过的路径,例如X-A-C-Y,这里的节点为网络设备。
根据本发明实施例提供的一种控制器,控制器通过根据探测请求构造探测报文,并通过网络设备逐级转发,逐级向控制器上报IP地址、经过的出接口号和入接口号,可以探测到真实的业务路径。
图10为本发明实施例提供的又一种控制器的结构示意图,该控制器4000包括依次连接的构造模块41,发送模块42,接收模块43,获取模块44和输出模块45。
构造模块41,用于根据用户输入的探测请求中的源虚拟机的IP地址,目的虚拟机的IP地址和协议类型标识,抓取目标报文。
本实施例涉及VM间的网络路径探测。用户可以通过输入待探测报文的源虚拟机的IP地址,目的虚拟机的IP地址,以及协议类型标识,指示控制器对目标报文进行抓包。报文的源VM和目的VM分别为源VTEP和目的VTEP下挂载的一个VM。
所述构造模块41还用于获取所述目标报文的源虚拟机的端口号和目的虚拟机的端口号,得到所述目标报文的五元组信息。
控制器抓取了该报文后,可以获得该报文的源虚拟机的端口号和目的虚拟机的端口号,从而获得该目标报文的五元组信息,所述五元组信息包括所述源虚拟机的IP地址,所述目的虚拟机的IP地址,所述协议类型标识,所述源虚拟
机的端口号和所述目的虚拟机的端口号。控制器获得该报文的五元组信息,即触发该报文的探测。
所述构造模块41还用于根据所述五元组信息,确定源端口值。
控制器可以根据五元组数据来哈希计算出一个源端口值,将该值填写到探测报文中,然后再转发,进行路径探测,后续在每一跳抵达的网络设备上,会根据该源端口值来选路,一条网络路径的源端口值只有唯一一个。对于单路径探测来说,则根据一个五元组数据只能计算出一个源端口值。
所述构造模块41还用于根据所述源虚拟机的IP地址确定源VTEP的端点标识,根据所述目的虚拟机的IP地址,确定目的VTEP的端点标识。
由于每个VM都是用户通过控制器挂载到某个VTEP下的,因此,控制器存储了VTEP与其挂载的VM之间的对应关系,因此,控制器根据源VM的IP地址和目的VM的IP地址,可以分别确定其对应的源VTEP的端点标识和目的VTEP的端点标识。该源、目的VTEP用于确定探测报文的首、尾网络设备。
所述构造模块41还用于获取所述源VTEP的端点标识对应的第一网络设备的IP地址。
控制器也预先存储了VTEP与连接的网络设备的对应关系,因此,根据源VTEP的端点标识,也能获取第一网络设备的IP地址。
所述构造模块41还用于根据所述探测请求,确定所述路径探测类型为虚拟机间路径探测。
该探测请求包括用户抓取的报文的五元组信息,从而可以确定该路径探测是对该报文进行仿真探测,即单个报文或单条路径的探测,也称为虚拟机间路径探测。
所述构造模块41还用于将用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的第一网络设备的IP地址进行封装,构造探测报文。
控制器获取了以上信息后,可以构造探测报文,即将以上信息进行封装,通过Openflow网络进行传输。VM之间的路经探测是为了诊断指定业务流的路
径。
在本实施例中,采用VxLAN格式对探测报文进行封装,其格式如图4所示,包括外层MAC头(Outer MAC Header)、IP头(IP Header)、UDP头(UDP Header)和VxLAN头(VxLAN Header)字段,其余字段为报文内容。其中,用VxLAN头中保留字段中的一位,例如,保留字段的最后一位,作为指示路径探测业务的标识;报文内容(二层帧)中包括伪头(Pseudo-Header)和操作管理运维(Operation Administration and Maintenance,简称OAM)头(OAM PDU)。伪头(Pseudo-Header)用于保证流量走转发管道选路结果,伪头后面便是OAM头,包括标识(OAM FLAG)、OAM类型(OAM TYPE)、预留字段和可扩展类型长度值(Type-length-value,简称TLV)。所述OAM标志(FLAG)用于标识是OAM头,为32比特,取值为0xFFFFFFFF。所述OAM类型(TYPE)用于标识路径探测类型,为1字节,本发明实施例中用0x1表示VTEP间全路径探测,0x2表示VM间单路径探测,其他预留。所述可扩展TLV用于携带第一网络设备的IP地址,入接口号和出接口号等。当然,可扩展TLV中还可以包括其它字段,例如,探测实例标识。所述探测实例标识用于标识不同的网络路径探测。
发送模块42,用于将所述探测报文发送至所述第一网络设备,以使所述第一网络设备复制所述探测报文,生成第一上报消息,发送所述第一上报消息给所述控制器,并根据所述源端口值转发所述探测报文直至所述目的VTEP的端点标识对应的第二网络设备。
网络设备之间是根据计算出的源端口值自动进行报文的转发的,因此,现有技术中是不知道网络设备之间是通过哪条路径进行报文的转发的,本发明实施例则是要解决这个问题,即探测报文经过每一级网络设备,每一级网络设备都通过Packet-In接口发送上报消息给控制器。
控制器根据是否接收到目的VTEP的端点标识对应的第二网络设备发送的上报消息且探测到设定个数的网络路径,判断路径探测是否完毕。其中,该网络路径的设定个数由源端口值确定。
接收模块43,用于接收每一级网络设备发送的上报消息,其中包括所述第
一上报消息,以及所述第二网络设备发送的第二上报消息。
控制器可接收到每一级网络设备发送的第一上报消息,以及目的VTEP的端点标识对应的第二网络设备发送的第二上报消息,因此,该上报消息包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息。该上报消息包括复制的探测报文,发送该上报消息的网络设备的IP地址,接收探测报文的网络设备的入接口号,以及转发探测报文和/或发送上报消息的网络设备中的出接口号。需要说明的是,一个网络设备具有多个接口号,这里需要明确探测报文是具体从哪个网络设备的哪个接口接入和发出。
对于本实施例的单路径探测来说,由于仅计算出一个源端口值,因此,当控制器接收到目的VTEP的端点标识对应的第二网络设备发送的上报消息,可以确定该路径已经探测完毕。
对于路径探测是否完毕,还可以通过设定路径探测的时间,如果达到设定时间,则可认为路径探测完毕;还可以根据接收到目的VTEP对应的第二网络设备发送的上报消息以及该路径探测的跳数确定,如果接收到目的VTEP对应的第二网络设备发送的上报消息,且跳数连续,则可认为路径探测完毕,否则,即便接收到目的VTEP对应的网络设备发送的上报消息,但跳数不连续或不完整,则可认为路径探测没有结束或失败。
获取模块44,用于根据探测实例标识,分别记录接收到的每一个所述网络路径的IP地址,出接口号和入接口号。
由于控制器可同时进行多个网络路径的探测,因此具有多个探测实例,对于每个网络路径探测,需要设置一个探测实例标识,该探测实例标识包含在Extendable TLV字段中,所述探测实例标识用于标识不同的报文的网络路径探测。控制器根据接收到的探测报文中包含的探测实例标识,分别记录接收到的每一级网络设备的出接口号和入接口号。
所述获取模块44还用于针对每一个探测实例标识对应的路径探测,根据每一级网络设备发送的上报消息,从IP地址相同且跳数相同的多个上报消息中筛选出一组出接口号和入接口号。
网络设备在上报消息时,可能会重复上报,因此,需要对接收到相同网络设备且跳数相同的出接口和入接口进行筛选,仅保留一组所述IP地址对应的网络设备的出接口号和入接口号。每一级网络设备发送的上报消息中的跳数,按照从所述源VTEP的端点标识对应的所述第一网络设备到所述目的VTEP的端点标识对应的所述第二网络设备的顺序递减。
所述获取模块44还用于根据每一级网络设备发送的上报消息中的跳数,对筛选后的所有IP地址,出接口号和入接口号组进行排序。
上报消息还可包括跳数,例如,存活时间(Time To Live,简称TTL),报文转发时,每经过一个网络设备,跳数就减一。因此,可根据跳数,对接收到的经筛选后的每一级网络设备的出接口号和入接口号进行排序。
所述获取模块44还用于根据筛选、排序后的每组IP地址、出接口号和入接口号,获得所述网络路径。
进行筛选、排序后,得到的网络路径,是一个具有清晰的、唯一的拓扑关系的网络路径。
根据网络设备的IP地址和跳数对上报的网络设备的出接口号和入接口号进行筛选,可以避免网络路径中存在重复的网络设备的出接口号和入接口号,并根据跳数对每一级网络设备的出接口号和入接口号进行排序,可以准确的得到探测报文经过的每一级网络设备的先后关系,还原真实的网络路径。
输出模块45,用于输出所述网络路径。
由于探测器具有人机界面或用户界面,因此,还可将探测到的网络路径输出至用户界面,可以让用户直观地了解探测报文经过的每一级网络设备。
所述获取模块44还用于根据所述网络路径,获得所述网络路径的状态。
根据获得的探测到的网络路径,还可获得网络路径的状态。该网络路径的状态包括:通路、断路、和环路。通路是指该网络路径是通畅的,是正常的网络路径,断路是指控制器不能接收到某些跳数的网络设备上报的消息,环路是指处于环路状态的网络路径的跳数比正常网络路径经过的跳数多。了解了网络路径的状态,能够及时发现断路、环路网络故障。直接得到网络路径的状态,
可以给用户一个直接的网络路径状态的结论,而无需用户查看探测报文经过的每一级网络设备之间的通断或环路。
根据本发明实施例提供的一种控制器,控制器根据用户输入的探测请求,抓取报文,获得报文的五元组信息,根据五元组信息构造与真实业务一致的探测报文,模拟真实业务逐级转发,逐级向控制器上报IP地址、经过的出接口号和入接口号,可以探测到源虚拟机和目的虚拟机之间真实的业务路径,以便确认网络路径的状态;在控制器的用户界面输出探测到的网络路径,可以让用户直观地了解探测报文经过的每一级网络设备;直接得到网络路径的状态,可以给用户一个直接的网络路径状态的结论,而无需用户查看探测报文经过的每一级网络设备之间的通断或环路。
请继续参阅图10,为图10所示的控制器的另一种实现方式,该控制器用于进行多路径探测。在本实现方式中,与前一个实现方式描述的单路径探测的区别在于:
构造模块41,用于设置源端口值,所述源端口值根据所述源VTEP和所述目的VTEP之间的预期路径个数和设定余量个数之和递增。
本实施例涉及VTEP间的路径探测,即多路径雷达探测,需要探测两个VTEP间的所有可能存在的路径,多路径是为了检测两个VTEP间的路径个数是否符合预期,是一种尝试性探测。用户可以直接输入需要探测的源VTEP的端点标识和目的VTEP的端点标识。
本实施例与VM间的路径探测不同的是,对于VTEP间的探测,由于用户没有传递五元组数据,所以需要控制器设置一个源端口值,每发出一个探测报文,该源端口值递增,因此,设置的该源端口值也称为源端口初始值,其取值范围为4096~65535,递增后的源端口值作为每一个探测报文的源端口值,直至构造出包含源端口最大值的探测报文。由于多路径探测的时候,是根据用户已知的路径个数来输入的探测报文个数的,个数要大于已知路径个数才能够覆盖探测的,因此源端口值的递增的次数根据所述源VTEP和所述目的VTEP之间
的预期的路径个数和设定余量个数确定,例如预期的路径个数为200个,可设置递增次数为220次。由于多路径探测本身是一种尝试性探测,可进行多次探测,例如预期有100个路径,第一次指定110个包探测,第二次指定120个包探测,得到的路径最大值就是存在的最大路径个数。进行路径探测时设置的大于所述预期路径个数的个数,所述设定余量个数为正整数。
构造模块41还用于根据用户输入的源VTEP的端点标识和目的VTEP的端点标识,确定所述探测报文的探测类型为VTEP间路径探测。
控制器根据用户输入的源、目的VTEP,构造探测报文,探测报文的探测类型为VTEP间路径探测,其它内容与VM间的路径探测的探测报文相同,在此不再赘述。
如果控制器接收到目的VTEP对应的网络设备发送的上报消息且探测到设定个数的报文对应的网络路径,则路径探测完毕。其中,该设定个数由源端口值的个数确定。对于VTEP间的路径探测,包括多个源端口值,控制器直至探测到目的VTEP的端点标识对应的网络设备上报的上报消息,且上报消息中包含源端口最大值的的网络路径,则探测完毕。
根据本发明实施例提供的一种控制器,控制器根据用户输入的源VTEP的端点标识和目的VTEP的端点标识构造探测报文,并通过网络设备逐级转发,逐级向控制器上报IP地址、经过的出接口号和入接口号,可以探测到该源VTEP和目的VTEP之间多条真实的业务路径;在控制器的用户界面输出探测到的网络路径,可以让用户直观地了解探测报文经过的每一级网络设备;直接得到网络路径的状态,可以给用户一个直接的网络路径状态的结论,而无需用户查看探测报文经过的每一级网络设备之间的通断或环路。
图11为本发明实施例提供的另一种网络设备的结构示意图,该网络设备5000包括:依次连接的接收模块51、判断模块52、生成模块53和发送模块54。其中:
接收模块51,用于接收探测报文。
对于任一级网络设备,接收探测报文,该任一级网络设备可以是源VTEP的端点标识对应的网络设备,也可以是中间的网络设备,也可以是目的VTEP的端点标识对应的网络设备。如果是源VTEP的端点标识对应的网络设备,则是从控制器接收到探测报文,如果是其它任意一级的网络设备,则是从其上一级网络设备接收到探测报文。这里的网络设备是指支持VxLAN的二层设备或三层设备,可以是交换机或路由器。
该探测报文是由控制器根据探测请求,仿真实际报文构造得到的。该探测报文中包括:用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及源VTEP的端点标识对应的网络设备的IP地址。路径探测类型包括:VM间的路径探测和VTEP间的路径探测,VM间的路径探测也称单路径探测,VTEP间的路径探测也称多路径雷达探测。
在本实施例中,采用VxLAN格式对探测报文进行封装,其格式如图4所示,具体可参考步骤S206中所述。
基于Openflow网络下发报文和上送报文,具体地,通过Openflow下发接口Packet-Out和Openflow上送接口Packet-In进行。
作为一种实现方式,所述接收模块51具体用于:
根据用于指示路径探测业务的标识,识别接收到的所述探测报文;
根据预置的或所述控制器发送的访问控制列表ACL或流表中存储的所述探测报文与执行动作的对应关系,获取与所述探测报文对应的执行动作;
其中,所述执行动作包括复制和/或转发所述探测报文,向所述控制器发送所述上报消息。
网络设备一旦识别出接收到的是探测报文,根据访问控制列表或流表中存储的探测报文与执行动作的对应关系,可以获知接收到该探测报文之后的执行动作,直接执行该执行动作即可,简化了处理过程。
判断模块52,用于根据目的VTEP的端点标识,判断所述网络设备是否为与所述目标VTEP的端点标识对应的目的网络设备。
生成模块53,用于若所述网络设备是与所述目标VTEP的端点标识对应的
目的网络设备,则根据所述探测报文生成上报消息。
发送模块54,用于发送所述上报消息给所述控制器。
由于本实施例的网络设备可以是任一级网络设备,由于目标VTEP的端点标识对应的网络设备与其它任一级的网络设备的操作步骤不同,目标VTEP的端点标识对应的网络设备只需发送上报消息给控制器,而无需复制和转发探测报文,因此,这里需要判断网络设备是否为与目标VTEP的端点标识对应的网络设备。
生成模块53还用于若所述网络设备不是与所述目标VTEP的端点标识对应的目的网络设备,则所述网络设备复制所述探测报文生成上报消息。
所述发送模块54还用于发送所述上报消息给所述控制器,并转发所述探测报文直至所述目的网络设备。
网络设备之间是根据计算出的源端口值自动进行报文的转发。然而,本发明实施例网络设备在进行报文的转发时,还需进行探测报文的复制,这是因为本发明实施例网络设备不仅要进行探测报文的转发,还需将探测报文封装在上报消息中发送给控制器。
现有技术中是不知道网络设备之间是通过哪条路径进行报文的转发的,本发明实施例则是要解决这个问题,即探测报文经过每一级网络设备,每一级网络设备都通过Packet-In接口发送上报消息给控制器。上报消息中包括复制的探测报文,发送该上报消息的网络设备的IP地址,接收探测报文的网络设备的入接口号,以及转发探测报文和/或发送上报消息的网络设备中的出接口号。
需要说明的是,一个网络设备具有多个接口号,这里需要明确探测报文是具体从哪个网络设备的哪个接口发出和接入。
控制器接收到每一级网络设备的出接口号和入接口号后,可以根据该接口号,获得探测到的网络路径,即仿真的探测报文依次经过哪些网络设备。
根据本发明实施例提供的一种网络设备,网络设备逐级转发控制器通过根据探测请求构造的探测报文,逐级向控制器上报IP地址、经过的出接口号和入接口号,从而控制器可以探测到真实的业务路径。
通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到本发明可以用硬件实现,或固件实现,或它们的组合方式来实现。当使用软件实现时,可以将上述功能存储在计算机可读介质中或作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是计算机能够存取的任何可用介质。以此为例但不限于:计算机可读介质可以包括随机存取存储器(Random Access Memory,RAM)、只读存储器(Read-Only Memory,ROM)、电可擦可编程只读存储器(Electrically Erasable Programmable Read-Only Memory,EEPROM)、只读光盘(Compact Disc Read-Only Memory,CD-ROM)或其他光盘存储、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质。此外。任何连接可以适当的成为计算机可读介质。例如,如果软件是使用同轴电缆、光纤光缆、双绞线、数字用户线(Digital Subscriber Line,DSL)或者诸如红外线、无线电和微波之类的无线技术从网站、服务器或者其他远程源传输的,那么同轴电缆、光纤光缆、双绞线、DSL或者诸如红外线、无线和微波之类的无线技术包括在所属介质的定影中。上面的组合也应当包括在计算机可读介质的保护范围之内。
总之,以上所述仅为本发明技术方案的较佳实施例而已,并非用于限定本发明的保护范围。凡在本发明原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。
Claims (14)
- 一种虚拟可扩展局域网VxLAN中的路径探测方法,其特征在于,包括:控制器根据用户输入的探测请求,构造探测报文,所述探测报文中包括:用于指示路径探测业务的标识,源虚拟可扩展局域网隧道端点VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的第一网络设备的互联网络协议IP地址;所述控制器将所述探测报文发送至所述第一网络设备,以使所述第一网络设备复制所述探测报文,生成第一上报消息,发送所述第一上报消息给所述控制器,并根据所述源端口值转发所述探测报文直至所述目的VTEP的端点标识对应的第二网络设备;所述第一上报消息中包括所述探测报文,所述第一网络设备的IP地址以及所述第一网络设备的出接口号和入接口号;所述控制器接收每一级网络设备发送的上报消息,其中包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息;所述控制器根据每一级网络设备发送的上报消息中的IP地址,出接口号和入接口号,获得所述第一网络设备到所述第二网络设备之间的网络路径。
- 如权利要求1所述的方法,其特征在于,所述探测请求中包括源虚拟机的IP地址,目的虚拟机的IP地址和协议类型标识;所述控制器根据用户输入的探测请求,构造探测报文,包括:所述控制器根据所述探测请求中的所述源虚拟机的IP地址,所述目的虚拟机的IP地址和所述协议类型标识,抓取目标报文;所述控制器获取所述目标报文的源虚拟机的端口号和目的虚拟机的端口号,得到五元组信息,所述五元组信息包括所述源虚拟机的IP地址,所述目的虚拟机的IP地址,所述协议类型标识,所述源虚拟机的端口号和所述目的虚拟机的端口号;所述控制器根据所述五元组信息,确定所述源端口值;所述控制器根据所述源虚拟机的IP地址确定所述源VTEP的端点标识,根据所述目的虚拟机的IP地址,确定所述目的VTEP的端点标识;所述控制器获取所述源VTEP的端点标识对应的所述第一网络设备的IP地 址;所述控制器根据所述探测请求,确定所述路径探测类型为虚拟机间路径探测。
- 如权利要求1所述的方法,其特征在于,所述探测请求中包括所述源VTEP的端点标识和所述目的VTEP的端点标识;所述控制器根据用户输入的探测请求,构造探测报文,包括:所述控制器设置所述源端口值,所述源端口值根据所述源VTEP和所述目的VTEP之间的预期路径个数和设定余量个数之和递增;所述预期路径个数为用户已知的路径个数,所述设定余量个数为进行路径探测时设置的大于所述预期路径个数的个数,所述设定余量个数为正整数;所述控制器根据所述探测请求,确定所述路径探测类型为VTEP间路径探测。
- 如权利要求1-3任意一项所述的方法,其特征在于,所述上报消息中还包括跳数;所述控制器根据每一级网络设备发送的上报消息中的IP地址,出接口号和入接口号,获得所述第一网络设备到所述第二网络设备的网络路径,包括:所述控制器根据每一级网络设备发送的上报消息,从IP地址相同且跳数相同的多个上报消息中筛选出一组出接口号和入接口号;其中,每一级网络设备发送的上报消息中的跳数,按照从所述源VTEP的端点标识对应的所述第一网络设备到所述目的VTEP的端点标识对应的所述第二网络设备的顺序递减;所述控制器根据每一级网络设备发送的上报消息中的跳数,对筛选后的所有IP地址,出接口号和入接口号组进行排序;所述控制器根据筛选、排序后的每组IP地址、出接口号和入接口号,获得所述网络路径。
- 如权利要求4所述的方法,其特征在于,所述探测报文还包括探测实例标识,所述探测实例标识用于标识不同的路径探测;所述方法还包括:所述控制器根据所述探测实例标识,分别记录接收到的每一个所述网络路径的IP地址,出接口号和入接口号。
- 一种VxLAN中的路径探测方法,其特征在于,包括:网络设备接收探测报文,所述探测报文是由控制器根据用户输入的探测请求构造的,所述探测报文中包括:用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的源网络设备的IP地址;所述网络设备根据所述目的VTEP的端点标识,判断所述网络设备是否为与所述目标VTEP的端点标识对应的目的网络设备;若所述网络设备是与所述目标VTEP的端点标识对应的目的网络设备,则所述网络设备根据所述探测报文生成上报消息,发送所述上报消息给所述控制器;若所述网络设备不是与所述目标VTEP的端点标识对应的目的网络设备,则所述网络设备复制所述探测报文生成上报消息,发送所述上报消息给所述控制器,并转发所述探测报文直至所述目的网络设备;其中,所述上报消息中包括所述探测报文,所述网络设备的IP地址,以及所述探测报文经过所述网络设备的出接口号和入接口号。
- 如权利要求6所述的方法,其特征在于,所述网络设备接收探测报文之后,还包括:根据所述用于指示路径探测业务的标识,识别接收到的所述探测报文;根据预置的或所述控制器发送的访问控制列表ACL或流表中存储的所述探测报文与执行动作的对应关系,获取与所述探测报文对应的执行动作;其中,所述执行动作包括复制和/或转发所述探测报文,向所述控制器发送所述上报消息。
- 一种控制器,其特征在于,包括:处理器、发送器和接收器;其中,所述处理器,用于根据用户输入的探测请求,构造探测报文,所述探测报文中包括:用于指示路径探测业务的标识,源虚拟可扩展局域网隧道端点VTEP 的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的第一网络设备的互联网络协议IP地址;所述发送器,用于将所述探测报文发送至所述第一网络设备,以使所述第一网络设备复制所述探测报文,生成第一上报消息,发送所述第一上报消息给所述控制器,并根据所述源端口值转发所述探测报文直至所述目的VTEP的端点标识对应的第二网络设备;所述第一上报消息中包括所述探测报文,所述第一网络设备的IP地址以及所述第一网络设备的出接口号和入接口号;所述接收器,用于接收每一级网络设备发送的上报消息,其中包括所述第一上报消息,以及所述第二网络设备发送的第二上报消息;所述处理器还用于根据每一级网络设备发送的上报消息中的IP地址,出接口号和入接口号,获得所述第一网络设备到所述第二网络设备之间的网络路径。
- 如权利要求8所述的控制器,其特征在于,所述探测请求中包括源虚拟机的IP地址,目的虚拟机的IP地址和协议类型标识;所述处理器具体用于根据所述探测请求中的所述源虚拟机的IP地址,所述目的虚拟机的IP地址和所述协议类型标识,抓取目标报文;所述处理器还具体用于获取所述目标报文的源虚拟机的端口号和目的虚拟机的端口号,得到五元组信息,所述五元组信息包括所述源虚拟机的IP地址,所述目的虚拟机的IP地址,所述协议类型标识,所述源虚拟机的端口号和所述目的虚拟机的端口号;所述处理器还具体用于根据所述五元组信息,确定所述源端口值;所述处理器还具体用于根据所述源虚拟机的IP地址确定所述源VTEP的端点标识,根据所述目的虚拟机的IP地址,确定所述目的VTEP的端点标识;所述处理器还具体用于获取所述源VTEP的端点标识对应的所述第一网络设备的IP地址;所述处理器还具体用于根据所述探测请求,确定所述路径探测类型为虚拟机间路径探测。
- 如权利要求8所述的控制器,其特征在于,所述探测请求中包括所述源VTEP的端点标识和所述目的VTEP的端点标识;所述处理器具体用于设置所述源端口值,所述源端口值根据所述源VTEP和所述目的VTEP之间的预期路径个数和设定余量个数之和递增;所述预期路径个数为用户已知的路径个数,所述设定余量个数为进行路径探测时设置的大于所述预期路径个数的个数,所述设定余量个数为正整数;所述处理器还具体用于根据所述探测请求,确定所述路径探测类型为VTEP间路径探测。
- 如权利要求8-10任意一项所述的控制器,其特征在于,所述上报消息中还包括跳数;所述处理器具体用于根据每一级网络设备发送的上报消息,从IP地址相同且跳数相同的多个上报消息中筛选出一组出接口号和入接口号;其中,每一级网络设备发送的上报消息中的跳数,按照从所述源VTEP的端点标识对应的所述第一网络设备到所述目的VTEP的端点标识对应的所述第二网络设备的顺序递减;所述处理器还具体用于根据每一级网络设备发送的上报消息中的跳数,对筛选后的所有IP地址,出接口号和入接口号组进行排序;所述处理器还具体用于根据筛选、排序后的每组IP地址、出接口号和入接口号,获得所述网络路径。
- 如权利要求11所述的控制器,其特征在于,所述探测报文还包括探测实例标识,所述探测实例标识用于标识不同的路径探测;所述处理器具体用于根据所述探测实例标识,分别记录接收到的每一个网络路径的IP地址,出接口号和入接口号。
- 一种网络设备,其特征在于,包括:接收器、处理器和发送器;其中,所述接收器,用于接收探测报文,所述探测报文是由控制器根据用户输入的探测请求构造的,所述探测报文中包括:用于指示路径探测业务的标识,源VTEP的端点标识,目的VTEP的端点标识,源端口值,路径探测类型,以及与所述源VTEP的端点标识对应的源网络设备的IP地址;所述处理器,用于根据所述目的VTEP的端点标识,判断所述网络设备是 否为与所述目标VTEP的端点标识对应的目的网络设备;所述处理器还用于若所述网络设备是与所述目标VTEP的端点标识对应的目的网络设备,则根据所述探测报文生成上报消息,发送所述上报消息给所述控制器;所述处理器还用于若所述网络设备不是与所述目标VTEP的端点标识对应的目的网络设备,则复制所述探测报文生成上报消息;所述发送器,用于发送所述上报消息给所述控制器,并转发所述探测报文直至所述目的网络设备;其中,所述上报消息中包括所述探测报文,所述网络设备的IP地址,以及所述探测报文经过所述网络设备的出接口号和入接口号。
- 如权利要求13所述的网络设备,其特征在于:所述处理器还用于根据所述用于指示路径探测业务的标识,识别接收到的所述探测报文;所述处理器还用于根据预置的或所述控制器发送的访问控制列表ACL或流表中存储的所述探测报文与执行动作的对应关系,获取与所述探测报文对应的执行动作;其中,所述执行动作包括复制和/或转发所述探测报文,向所述控制器发送所述上报消息。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP16856619.8A EP3355532B1 (en) | 2015-10-23 | 2016-06-03 | Method for path detection in vxlan, and controller and network device |
US15/958,818 US10484206B2 (en) | 2015-10-23 | 2018-04-20 | Path detection method in VxLAN, controller, and network device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510697504.8A CN106612211B (zh) | 2015-10-23 | 2015-10-23 | VxLAN中的路径探测方法,控制器和网络设备 |
CN201510697504.8 | 2015-10-23 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/958,818 Continuation US10484206B2 (en) | 2015-10-23 | 2018-04-20 | Path detection method in VxLAN, controller, and network device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017067178A1 true WO2017067178A1 (zh) | 2017-04-27 |
Family
ID=58556565
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/084748 WO2017067178A1 (zh) | 2015-10-23 | 2016-06-03 | VxLAN中的路径探测方法,控制器和网络设备 |
Country Status (4)
Country | Link |
---|---|
US (1) | US10484206B2 (zh) |
EP (1) | EP3355532B1 (zh) |
CN (1) | CN106612211B (zh) |
WO (1) | WO2017067178A1 (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3300322A1 (en) * | 2016-09-23 | 2018-03-28 | Huawei Technologies Co., Ltd. | Method and related apparatus for probing packet forwarding path |
CN109412859A (zh) * | 2018-11-15 | 2019-03-01 | 盛科网络(苏州)有限公司 | 一种vxlan隧道的oam方法及系统 |
CN115277419A (zh) * | 2022-08-09 | 2022-11-01 | 湖南大学 | 一种无服务计算中加速网络启动方法 |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106936655A (zh) | 2015-12-30 | 2017-07-07 | 阿里巴巴集团控股有限公司 | 链路检测方法、装置及网络设备、控制器 |
CN107547293B (zh) * | 2016-06-29 | 2020-09-08 | 新华三技术有限公司 | 一种流路径探测方法和装置 |
US10404548B2 (en) * | 2016-08-29 | 2019-09-03 | Cisco Technology, Inc. | Control of network nodes in computer network systems |
CN108075936A (zh) * | 2016-11-16 | 2018-05-25 | 中国移动通信有限公司研究院 | VxLAN探测方法及装置 |
CN109005116B (zh) * | 2017-06-07 | 2020-07-24 | 华为技术有限公司 | 一种报文转发方法及装置 |
US10700933B2 (en) | 2017-06-19 | 2020-06-30 | Cisco Technology, Inc. | Validating tunnel endpoint addresses in a network fabric |
CN108111432B (zh) * | 2017-12-27 | 2021-07-02 | 新华三技术有限公司 | 报文转发方法及装置 |
WO2019196062A1 (zh) | 2018-04-12 | 2019-10-17 | 华为技术有限公司 | 探测虚拟机状态的方法和设备 |
CN110391961B (zh) * | 2018-04-18 | 2021-03-23 | 华为技术有限公司 | 一种隧道绑定方法、设备及系统 |
CN108881064B (zh) * | 2018-06-26 | 2022-07-22 | 新华三技术有限公司 | 报文信息获取方法和发送方法 |
CN108566336A (zh) * | 2018-07-24 | 2018-09-21 | 迈普通信技术股份有限公司 | 一种网络路径获取方法和设备 |
CN109274571B (zh) * | 2018-10-09 | 2021-08-20 | 杭州安恒信息技术股份有限公司 | 一种追溯虚拟局域组网中设备的方法、装置以及设备 |
CN112311580B (zh) * | 2019-08-01 | 2022-03-11 | 华为技术有限公司 | 报文传输路径确定方法、装置及系统、计算机存储介质 |
CN112436951B (zh) * | 2019-08-26 | 2024-05-24 | 北京京东尚科信息技术有限公司 | 一种预知流量路径的方法和装置 |
CN112714006B (zh) * | 2019-10-24 | 2024-05-17 | 中兴通讯股份有限公司 | 链路故障状态通告方法、装置、设备及介质 |
CN113014441B (zh) * | 2019-12-19 | 2023-07-14 | 西安诺瓦星云科技股份有限公司 | 网口环路检测方法和系统 |
CN112422713B (zh) * | 2020-11-18 | 2022-08-26 | 中国联合网络通信集团有限公司 | 一种ip地址获取方法及vtep节点 |
US11805103B2 (en) * | 2020-12-08 | 2023-10-31 | Hewlett Packard Enterprise Development Lp | Dynamic selection of tunnel endpoints |
CN113630312B (zh) * | 2021-08-17 | 2023-12-22 | 迈普通信技术股份有限公司 | 路径探测方法、装置、网络设备及计算机可读存储介质 |
CN113708995B (zh) * | 2021-08-20 | 2023-04-07 | 深圳市风云实业有限公司 | 一种网络故障诊断方法、系统、电子设备及存储介质 |
CN116016200A (zh) * | 2021-10-22 | 2023-04-25 | 中兴通讯股份有限公司 | 网络环路分析方法、电子设备和计算机可读存储介质 |
CN114465931B (zh) * | 2021-12-30 | 2023-12-29 | 深信服科技股份有限公司 | 网络探测方法、装置、电子设备及存储介质 |
CN115277510B (zh) * | 2022-07-28 | 2023-12-01 | 科来网络技术股份有限公司 | 自动识别网络会话中设备、设备接口、设备路径的方法 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103401726A (zh) * | 2013-07-19 | 2013-11-20 | 华为技术有限公司 | 网络路径探测方法及装置、系统 |
CN104883303A (zh) * | 2015-05-26 | 2015-09-02 | 国网智能电网研究院 | 一种sdn架构中多流表网络路由追踪的方法 |
Family Cites Families (71)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6426945B1 (en) * | 1998-10-06 | 2002-07-30 | Nokia Telecommunications, Oy | Method and apparatus for providing resource discovery using multicast scope |
JP4006169B2 (ja) * | 2000-05-30 | 2007-11-14 | 株式会社日立製作所 | ラベルスイッチング型パケット転送装置 |
US7246173B2 (en) * | 2001-04-16 | 2007-07-17 | Nokia Corporation | Method and apparatus for classifying IP data |
US7355981B2 (en) * | 2001-11-23 | 2008-04-08 | Apparent Networks, Inc. | Signature matching methods and apparatus for performing network diagnostics |
US6973313B1 (en) * | 2002-03-29 | 2005-12-06 | Openwave Systems Inc. | Heuristic algorithm/protocol to determine the nearest available gateway for a mobile client |
AU2003291502A1 (en) * | 2002-11-08 | 2004-06-03 | Lyndale Trading Company Limited | Adaptive broadband platforms and methods of operation |
KR20050114654A (ko) * | 2003-03-13 | 2005-12-06 | 소니 가부시끼 가이샤 | 무선 애드 혹 통신 시스템, 단말기, 그 단말기에 있어서의처리 방법 및 그 방법을 단말기에 실행하도록 하기 위한프로그램 |
KR101001622B1 (ko) * | 2003-11-05 | 2010-12-17 | 삼성전자주식회사 | 최적화된 라우팅이 수행가능한 무선통신 시스템 및네트워크의 크기 측정방법 |
US7292591B2 (en) * | 2004-03-30 | 2007-11-06 | Extreme Networks, Inc. | Packet processing system architecture and method |
JP4605365B2 (ja) * | 2004-12-06 | 2011-01-05 | 日本電気株式会社 | アクセスネットワークシステム及び内部ネットワーク中継装置の移動方法 |
US7647643B2 (en) * | 2004-12-30 | 2010-01-12 | Cisco Technology, Inc. | Template access control lists |
US7400596B1 (en) * | 2005-08-17 | 2008-07-15 | Rockwell Collins, Inc. | Dynamic, multicast routing using a quality of service manager |
US8151339B2 (en) * | 2005-12-23 | 2012-04-03 | Avaya, Inc. | Method and apparatus for implementing filter rules in a network element |
US7660296B2 (en) * | 2005-12-30 | 2010-02-09 | Akamai Technologies, Inc. | Reliable, high-throughput, high-performance transport and routing mechanism for arbitrary data flows |
US7894451B2 (en) * | 2005-12-30 | 2011-02-22 | Extreme Networks, Inc. | Method of providing virtual router functionality |
US20070183416A1 (en) * | 2006-02-07 | 2007-08-09 | Mark Gooch | Per-port penalty queue system for re-prioritization of network traffic sent to a processor |
KR101255857B1 (ko) * | 2006-03-16 | 2013-04-17 | 리서치 파운데이션 오브 더 시티 유니버시티 오브 뉴욕 | 트리-안내 분산 링크 스테이트 라우팅 방법 |
US8284776B2 (en) * | 2009-06-10 | 2012-10-09 | Broadcom Corporation | Recursive packet header processing |
US8484331B2 (en) * | 2010-11-01 | 2013-07-09 | Cisco Technology, Inc. | Real time protocol packet tunneling |
US8863256B1 (en) * | 2011-01-14 | 2014-10-14 | Cisco Technology, Inc. | System and method for enabling secure transactions using flexible identity management in a vehicular environment |
CN102577257B (zh) * | 2011-04-27 | 2014-02-19 | 华为技术有限公司 | 一种实现虚拟局域网标识转换的方法及装置 |
US8516607B2 (en) * | 2011-05-23 | 2013-08-20 | Qualcomm Incorporated | Facilitating data access control in peer-to-peer overlay networks |
US9112708B1 (en) * | 2012-01-27 | 2015-08-18 | Marvell Israel (M.I.S.L) Ltd. | Processing multicast packets in a network device |
US8923149B2 (en) * | 2012-04-09 | 2014-12-30 | Futurewei Technologies, Inc. | L3 gateway for VXLAN |
EP2843887A4 (en) * | 2012-04-27 | 2015-12-23 | Nec Corp | COMMUNICATION SYSTEM AND METHOD FOR CONTROLLING TRANSMISSION PATH |
US9710762B2 (en) * | 2012-06-06 | 2017-07-18 | Juniper Networks, Inc. | Dynamic logging |
US9571502B2 (en) * | 2012-09-14 | 2017-02-14 | International Business Machines Corporation | Priority resolution for access control list policies in a networking device |
US9276838B2 (en) * | 2012-10-05 | 2016-03-01 | Futurewei Technologies, Inc. | Software defined network virtualization utilizing service specific topology abstraction and interface |
US9253140B2 (en) * | 2012-11-20 | 2016-02-02 | Cisco Technology, Inc. | System and method for optimizing within subnet communication in a network environment |
US9036639B2 (en) * | 2012-11-29 | 2015-05-19 | Futurewei Technologies, Inc. | System and method for VXLAN inter-domain communications |
US10212076B1 (en) * | 2012-12-27 | 2019-02-19 | Sitting Man, Llc | Routing methods, systems, and computer program products for mapping a node-scope specific identifier |
US9946885B2 (en) * | 2013-01-11 | 2018-04-17 | Sap Se | Process-oriented modeling and flow to restrict access to objects |
US9571362B2 (en) * | 2013-05-24 | 2017-02-14 | Alcatel Lucent | System and method for detecting a virtual extensible local area network (VXLAN) segment data path failure |
US9374323B2 (en) * | 2013-07-08 | 2016-06-21 | Futurewei Technologies, Inc. | Communication between endpoints in different VXLAN networks |
US9344349B2 (en) * | 2013-07-12 | 2016-05-17 | Nicira, Inc. | Tracing network packets by a cluster of network controllers |
JP6221501B2 (ja) * | 2013-08-19 | 2017-11-01 | 富士通株式会社 | ネットワークシステム、その制御方法、ネットワーク制御装置及びその制御プログラム |
US9432204B2 (en) * | 2013-08-24 | 2016-08-30 | Nicira, Inc. | Distributed multicast by endpoints |
US9374294B1 (en) * | 2013-11-05 | 2016-06-21 | Cisco Technology, Inc. | On-demand learning in overlay networks |
EP2882148A1 (en) * | 2013-12-09 | 2015-06-10 | Université Catholique De Louvain | Establishing a data transfer connection |
WO2015085523A1 (zh) * | 2013-12-11 | 2015-06-18 | 华为技术有限公司 | 一种虚拟可扩展局域网的通信方法、装置和系统 |
WO2015100558A1 (zh) * | 2013-12-30 | 2015-07-09 | 华为技术有限公司 | 管理网络设备的物理位置的方法和装置 |
US9729578B2 (en) * | 2014-01-10 | 2017-08-08 | Arista Networks, Inc. | Method and system for implementing a network policy using a VXLAN network identifier |
US9548873B2 (en) * | 2014-02-10 | 2017-01-17 | Brocade Communications Systems, Inc. | Virtual extensible LAN tunnel keepalives |
US9929966B2 (en) * | 2014-03-21 | 2018-03-27 | Fujitsu Limited | Preservation of a TTL parameter in a network element |
US20150278543A1 (en) * | 2014-03-25 | 2015-10-01 | Futurewei Technologies, Inc. | System and Method for Optimizing Storage of File System Access Control Lists |
US9419874B2 (en) * | 2014-03-27 | 2016-08-16 | Nicira, Inc. | Packet tracing in a software-defined networking environment |
US9794079B2 (en) * | 2014-03-31 | 2017-10-17 | Nicira, Inc. | Replicating broadcast, unknown-unicast, and multicast traffic in overlay logical networks bridged with physical networks |
EP2928123B1 (en) * | 2014-04-02 | 2019-11-06 | 6Wind | Method for processing VXLAN data units |
US9936009B2 (en) * | 2014-05-22 | 2018-04-03 | Qualcomm Incorporated | Systems and methods of operating a device of a data path group network |
US9699030B1 (en) * | 2014-06-26 | 2017-07-04 | Juniper Networks, Inc. | Overlay tunnel and underlay path correlation |
JP6369175B2 (ja) * | 2014-07-04 | 2018-08-08 | 富士通株式会社 | パケット処理装置、制御プログラム、及びパケット処理装置の制御方法 |
US9503277B2 (en) * | 2014-07-24 | 2016-11-22 | Cisco Technology, Inc. | Dynamic instantiation of remote virtual extensible local area network tunnel end points acquired through a control protocol |
US20160081005A1 (en) * | 2014-09-17 | 2016-03-17 | Qualcomm Incorporated | Route formation and message transmission in a data link group over multiple channels |
US20160088083A1 (en) * | 2014-09-21 | 2016-03-24 | Cisco Technology, Inc. | Performance monitoring and troubleshooting in a storage area network environment |
US10389655B2 (en) * | 2014-09-22 | 2019-08-20 | Dell Products L.P. | Event-based packet mirroring |
US9894122B2 (en) * | 2014-10-16 | 2018-02-13 | Cisco Technology, Inc. | Traceroute in virtual extenisble local area networks |
US9876714B2 (en) * | 2014-11-14 | 2018-01-23 | Nicira, Inc. | Stateful services on stateless clustered edge |
US10116493B2 (en) * | 2014-11-21 | 2018-10-30 | Cisco Technology, Inc. | Recovering from virtual port channel peer failure |
US10103902B1 (en) * | 2015-03-05 | 2018-10-16 | Juniper Networks, Inc. | Auto-discovery of replication node and remote VTEPs in VXLANs |
US9733968B2 (en) * | 2015-03-16 | 2017-08-15 | Oracle International Corporation | Virtual machine (VM) migration from switched fabric based computing system to external systems |
US9900250B2 (en) * | 2015-03-26 | 2018-02-20 | Cisco Technology, Inc. | Scalable handling of BGP route information in VXLAN with EVPN control plane |
US10063467B2 (en) * | 2015-05-18 | 2018-08-28 | Cisco Technology, Inc. | Virtual extensible local area network performance routing |
US9800497B2 (en) * | 2015-05-27 | 2017-10-24 | Cisco Technology, Inc. | Operations, administration and management (OAM) in overlay data center environments |
US10536357B2 (en) * | 2015-06-05 | 2020-01-14 | Cisco Technology, Inc. | Late data detection in data center |
US10009229B2 (en) * | 2015-06-11 | 2018-06-26 | Cisco Technology, Inc. | Policy verification in a network |
US9979711B2 (en) * | 2015-06-26 | 2018-05-22 | Cisco Technology, Inc. | Authentication for VLAN tunnel endpoint (VTEP) |
US10637889B2 (en) * | 2015-07-23 | 2020-04-28 | Cisco Technology, Inc. | Systems, methods, and devices for smart mapping and VPN policy enforcement |
US9985837B2 (en) * | 2015-07-23 | 2018-05-29 | Cisco Technology, Inc. | Refresh of the binding tables between data-link-layer and network-layer addresses on mobility in a data center environment |
US10044502B2 (en) * | 2015-07-31 | 2018-08-07 | Nicira, Inc. | Distributed VPN service |
US9692690B2 (en) * | 2015-08-03 | 2017-06-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and system for path monitoring in a software-defined networking (SDN) system |
US10361972B2 (en) * | 2015-09-23 | 2019-07-23 | Citrix Systems, Inc. | Systems and methods to support VXLAN in partition environment where a single system acts as multiple logical systems to support multitenancy |
-
2015
- 2015-10-23 CN CN201510697504.8A patent/CN106612211B/zh not_active Expired - Fee Related
-
2016
- 2016-06-03 WO PCT/CN2016/084748 patent/WO2017067178A1/zh active Application Filing
- 2016-06-03 EP EP16856619.8A patent/EP3355532B1/en active Active
-
2018
- 2018-04-20 US US15/958,818 patent/US10484206B2/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103401726A (zh) * | 2013-07-19 | 2013-11-20 | 华为技术有限公司 | 网络路径探测方法及装置、系统 |
CN104883303A (zh) * | 2015-05-26 | 2015-09-02 | 国网智能电网研究院 | 一种sdn架构中多流表网络路由追踪的方法 |
Non-Patent Citations (2)
Title |
---|
MAHALINGAM, M. ET AL.: "Virtual Extensible Local Area Network (VXLAN):A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks", IETF RFC7348, 31 August 2014 (2014-08-31), XP055376588, ISSN: 2070-1721 * |
See also references of EP3355532A4 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3300322A1 (en) * | 2016-09-23 | 2018-03-28 | Huawei Technologies Co., Ltd. | Method and related apparatus for probing packet forwarding path |
US10284461B2 (en) | 2016-09-23 | 2019-05-07 | Huawei Technologies Co., Ltd. | Method and related apparatus for probing packet forwarding path |
CN109412859A (zh) * | 2018-11-15 | 2019-03-01 | 盛科网络(苏州)有限公司 | 一种vxlan隧道的oam方法及系统 |
CN115277419A (zh) * | 2022-08-09 | 2022-11-01 | 湖南大学 | 一种无服务计算中加速网络启动方法 |
CN115277419B (zh) * | 2022-08-09 | 2024-01-26 | 湖南大学 | 一种无服务计算中加速网络启动方法 |
Also Published As
Publication number | Publication date |
---|---|
US20180241586A1 (en) | 2018-08-23 |
EP3355532A1 (en) | 2018-08-01 |
US10484206B2 (en) | 2019-11-19 |
EP3355532B1 (en) | 2020-01-01 |
EP3355532A4 (en) | 2018-10-03 |
CN106612211B (zh) | 2020-02-21 |
CN106612211A (zh) | 2017-05-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017067178A1 (zh) | VxLAN中的路径探测方法,控制器和网络设备 | |
US11876883B2 (en) | Packet processing method, network node, and system | |
CN106452857B (zh) | 生成配置信息的方法和网络控制单元 | |
EP2843906B1 (en) | Method, apparatus, and system for data transmission | |
US10263808B2 (en) | Deployment of virtual extensible local area network | |
CN107078963B (zh) | 虚拟可扩展局域网中的路由追踪 | |
JP5652565B2 (ja) | 情報システム、制御装置、通信方法およびプログラム | |
US8274911B2 (en) | Network monitoring system and path extracting method | |
WO2019165775A1 (zh) | 一种局域网设备的搜索方法及搜索系统 | |
WO2020207051A1 (zh) | 网络验证的方法和装置 | |
CN111614505B (zh) | 报文处理的方法和网关设备 | |
CN105530115B (zh) | 一种实现操作管理维护功能的方法及装置 | |
CN104852840A (zh) | 一种控制虚拟机之间互访的方法及装置 | |
US20190215191A1 (en) | Deployment Of Virtual Extensible Local Area Network | |
EP3586482A1 (en) | Mechanism to detect data plane loops in an openflow network | |
CN105516025A (zh) | 端到端的路径控制和数据传输方法、OpenFlow控制器和交换机 | |
US20140092725A1 (en) | Method and first network node for managing an ethernet network | |
CN105681223A (zh) | 一种sdn的数据包转发方法及装置 | |
CN108111423A (zh) | 流量传输管理方法、装置及网络分路设备 | |
US20160344591A1 (en) | Determining Connections of Non-External Network Facing Ports | |
JP5333793B2 (ja) | トポロジ特定方法、及びトポロジ特定装置 | |
US11438237B1 (en) | Systems and methods for determining physical links between network devices | |
JP5190717B2 (ja) | トポロジ特定方法、及びトポロジ特定装置 | |
KR20160063155A (ko) | Sdn 기반의 에러 탐색 네트워크 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16856619 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2016856619 Country of ref document: EP |