WO2017113929A1 - Method and controller for controlling forwarding device cluster in software-defined networking - Google Patents

Method and controller for controlling forwarding device cluster in software-defined networking Download PDF

Info

Publication number
WO2017113929A1
WO2017113929A1 PCT/CN2016/101780 CN2016101780W WO2017113929A1 WO 2017113929 A1 WO2017113929 A1 WO 2017113929A1 CN 2016101780 W CN2016101780 W CN 2016101780W WO 2017113929 A1 WO2017113929 A1 WO 2017113929A1
Authority
WO
WIPO (PCT)
Prior art keywords
member device
port
flow table
forwarding
virtual
Prior art date
Application number
PCT/CN2016/101780
Other languages
French (fr)
Chinese (zh)
Inventor
许欣
李响
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017113929A1 publication Critical patent/WO2017113929A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering

Definitions

  • the present invention relates to a software defined network, and more particularly to a method and a corresponding controller for controlling a forwarding device cluster in a software defined network.
  • SDN Software Defined Networking
  • the control layer in SDN is extracted by the control functions in the original network devices such as switches and routers, and is implemented by independent control software.
  • the control functions in the original switches and routers are stripped from the infrastructure layer, and the control plane uniformly implements the forwarding management.
  • OpenFlow is a protocol running between the controller and the forwarding device in the SDN network. The controller writes forwarding entries such as flow tables and group tables to the switch through the OpenFlow protocol to complete control of the entire network.
  • the SDN network Similar to the traditional network, in the SDN network, in order to achieve load balancing and high reliability, it is also necessary to deploy multiple forwarding devices in a specific location of the network to form a cluster, which operates in active/standby mode or load sharing mode. To meet this requirement, you can deploy a device that uses the traditional cluster technology.
  • the forwarding device cluster implements load balancing forwarding or active/standby switchover when the fault occurs.
  • the SDN controller is presented as a single device.
  • the present invention provides the following technical solutions.
  • a method for controlling a cluster of forwarding devices in a software-defined network comprising:
  • the software-defined network SDN controller treats the forwarding device cluster as a single virtual forwarding device for path decision, wherein the forwarding device cluster includes multiple independently running member devices;
  • the SDN controller obtains the flow table of the member device according to the result of the path decision, and sends the flow table to the member device, and controls the outgoing traffic of the member device and the member device by using the flow table.
  • a controller in a software-defined network comprising: a cluster control device, the cluster control device comprising:
  • the path decision module is configured to perform the path decision by using the forwarding device cluster as a single virtual forwarding device, where the forwarding device cluster includes multiple independent running member devices;
  • the flow table generating module is configured to obtain a flow table of the member device according to the result of the path decision, and control, by using the flow table, the outward flow of traffic between the member devices and the member device;
  • the flow table sending module is configured to send the flow table of the member device to the member device.
  • the above schemes fully utilize the characteristics of the network-defined network to perform centralized control on the network devices.
  • the multiple forwarding devices that operate independently are used as a cluster to control the outbound traffic forwarding between the member devices of the cluster and the member devices. There is no need to run a proprietary protocol between the member devices, and the inter-communication between the member devices and the controller is not required.
  • Embodiment 1 is a flow chart of a control method according to Embodiment 1 of the present invention.
  • FIG. 2 is a block diagram of an SDN controller according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of an example of a forwarding device cluster of the present invention.
  • the embodiment of the present invention provides a method for controlling a forwarding device cluster in a software-defined network.
  • the SDN controller controls the independently-operated forwarding device through the OpenFlow protocol (or other flow control protocol) to form a forwarding device cluster.
  • the OpenFlow protocol or other flow control protocol
  • the method for controlling the forwarding device cluster in the software definition network in this embodiment is as shown in FIG. 1 and includes:
  • Step 110 The SDN controller considers the forwarding device cluster as a single virtual forwarding device to perform path decision, where the forwarding device cluster includes multiple independent running member devices.
  • the path decision includes: determining that the virtual forwarding device forwards the traffic (that is, forwards the packet) as a virtual port of the egress port, and the virtual port can be classified into two types: an unbundled port and/or Or a bundled port, where each unbundled port corresponds to a physical port on a member device; each bundle port corresponds to multiple external physical ports on one or more member devices.
  • Step 120 The SDN controller obtains a flow table of the member device according to the result of the path decision, and sends the flow table to the member device, and controls the outgoing traffic of the member device and the member device by using the flow table. .
  • outgoing traffic forwarding of member devices refers to traffic forwarding outside the forwarding device cluster.
  • the SDN controller controls the outgoing traffic forwarding between the member devices and the member device by using a flow table, including:
  • the first member device forwards the traffic directly from the device, and controls the second member device to forward the traffic from the device to the at least one first member device; wherein the first member device refers to A member device of the physical port corresponding to the virtual port, where the second member device refers to a member device that does not have a physical port corresponding to the virtual port.
  • the SDN controller obtains the flow table of the member device according to the result of the path decision, and may adopt the following manner: generating a unicast flow table of the virtual forwarding device according to the result of the path decision
  • the unicast flow table includes the virtual port as an egress port; and the unicast flow table is modified for each member device to obtain a flow table of the member device;
  • the modification includes: replacing the egress port with the physical port corresponding to the virtual port on the first member device;
  • the modifying includes: The physical port for the first bypass link is replaced by the second member device, and the first bypass link is the link of the second member device to the first member device.
  • the member device When the unicast traffic is forwarded, the member device includes a physical port as an egress port, and the traffic is forwarded from the physical port; and the delivered flow table includes multiple physical ports as egress ports. At time, one physical port may be selected to forward traffic from the plurality of physical ports. The specific selection may be performed according to one or more of the following (two or more, any combination) strategies: a load balancing strategy; a priority policy; and a random selection strategy. In the port list delivered by the controller to the member device, you can also set the weight for each port for the member device to select when the port is selected.
  • the SDN controller controls the outbound traffic forwarding between the member devices and the member device by using a flow table, including:
  • the first member device For each first member device, the first member device is controlled to directly forward the traffic from the first member device by using a flow table, and for the traffic from outside the cluster of the forwarding device, the first member device is also controlled.
  • the traffic is forwarded from the first member device to the other first member device that meets the following conditions: at least one of the virtual ports corresponding to the physical port is different from the virtual port corresponding to the physical port on the first member device;
  • the second member device is controlled by the flow table to forward traffic from the second member device to the first member device in the forwarding device cluster to switch traffic back to each of the virtual ports. Forward again;
  • the first member device refers to a member device that has a physical port corresponding to the virtual port
  • the second member device refers to a member device that does not have a physical port corresponding to the virtual port.
  • the first modification includes: replacing the flag indicating that the packet is from the inside of the cluster as a new matching entry, and replacing the egress port with the physical port corresponding to the virtual port on the member device;
  • the second modification includes Replacing the egress port with the physical port corresponding to the virtual port and the physical port set as the second bypass link on the member device, where the second bypass link is the first member device to the other first a link of the member device;
  • the third modification includes: replacing the egress port with the physical port set as the third bypass link on the second member device, and adding a command or an action to indicate that the packet is from the packet a flag inside the cluster;
  • the third bypass link is a link of the second member device to the first member device.
  • the third bypass link may include a link of the second member device to the first member device that satisfies the following condition 1 and condition 2, in addition to the link that receives the traffic, and selects in the following manner.
  • the virtual port corresponding to the physical port on the member device includes an unbundled port
  • the virtual port corresponding to the physical port on the member device includes a first bundle port, and the first bundle port refers to a bundle port corresponding to multiple physical ports on one member device;
  • the first member device is selected from the first member devices in which the virtual port corresponding to the physical port is the second bundle port and the corresponding second bundle port is the same, and the second bundle port is selected.
  • a bundle port corresponding to multiple physical ports on multiple member devices, the selection is performed according to one or more of the following strategies: a load balancing policy; a priority policy; and a random selection policy.
  • This embodiment is directed to the offline, fault, and new equipment that may occur in the forwarding device cluster.
  • the corresponding flow table control method is also proposed, as follows:
  • the SDN controller determines that a member device in the forwarding device cluster is offline, the offline member device and its port are deleted from the member device surviving the forwarding device cluster; each of the forwarding device clusters survives If the member device's flow table has an outbound port connected to the offline member device, the member device's flow table is deleted from the outbound port of the offline member device, and the updated flow table is resent to the member device.
  • the member device After the SDN controller determines that a member device in the forwarding device cluster is offline, the offline member device and its port are deleted from the member device surviving the forwarding device cluster; each of the forwarding device clusters survives If the member device's flow table has an outbound port connected to the offline member device, the member device's flow table is deleted from the outbound port of the offline member device, and the updated flow table is resent to the member device. The member device.
  • the SDN controller determines that the status of a virtual port as the egress port becomes inactive (ie, fails)
  • the physical port corresponding to the virtual port is deleted from the egress port of the corresponding flow table;
  • the updated flow table is re-delivered to the corresponding member device;
  • the member device corresponding to the flow table is connected to the entity of the first member device.
  • the port is added to the egress port of the flow table, and the updated flow table is re-delivered to the corresponding member device.
  • the SDN controller determines that a member device is connected to the physical port of the first member device or the link corresponding to the physical port is invalid, the physical port of the member device is updated as the physical port of the egress port.
  • the updated flow table is resent to the member device for connecting to the physical port of the other first member device.
  • the SDN controller After the SDN controller determines that the forwarding device cluster is in a split state (ie, the clusters become two or more parts that are not connected to each other), record an interconnection port between the inactive virtual port and the member device. And the link between the member devices that are invalidated, and the linkage port on the member device is disabled; and the path determination is performed on the virtual forwarding device, and the flow table of the member device is obtained according to the result of the path decision. And sent to the member device.
  • the flow table of the member device is obtained according to the result of the path decision, and is sent to the member device, and the member device has the virtual port.
  • the corresponding physical port (for example, if the newly added member device has a physical port added to the existing bundle port), the flow table of the original member device is updated and delivered to the corresponding member device according to the new topology of the forwarding device cluster. .
  • the embodiment also provides a controller in a software-defined network, including a cluster control device.
  • the cluster control device includes:
  • the path decision module 10 is configured to perform the path decision by using the forwarding device cluster as a single virtual forwarding device, where the forwarding device cluster includes multiple independent running member devices;
  • the flow table generating module 20 is configured to obtain a flow table of the member device according to the result of the path decision, and control, by using the flow table, the outward flow forwarding between the member devices and the member device;
  • the flow table issuing module 30 is configured to send the flow table of the member device to the member device.
  • the path decision module 10 performs a path decision, including: determining a virtual port that is an outbound port that forwards the traffic to the virtual forwarding device, where the virtual port includes an unbundled port and/or a bundle port, where: each unbundled A port corresponds to a physical port on a member device. Each bundle port corresponds to multiple external physical ports on one or more member devices.
  • the flow table generating module 20 controls the outbound traffic forwarding between the member devices and the member device by using the flow table, including: when the traffic forwarding is unicast traffic forwarding, the first member device is controlled by the flow table.
  • the traffic is directly forwarded from the device, and the second member device is configured to forward the traffic from the device to the at least one first member device.
  • the first member device refers to the physical port corresponding to the virtual port.
  • Member set refers to a member device that does not have a physical port corresponding to the virtual port.
  • the flow table generating module 20 obtains the flow table of the member device according to the result of the path decision, and includes: when the traffic is forwarded to the unicast traffic, the unicast flow table of the virtual forwarding device is generated according to the result of the path decision.
  • the unicast flow table includes the virtual port as an egress port; and the unicast flow table is modified for each member device to obtain a flow table of the member device;
  • the modification includes: replacing the egress port with a physical port corresponding to the virtual port on the first member device;
  • the modification includes: replacing the egress port with the physical port set as the first bypass link on the second member device, where the first bypass link is the link of the second member device to the first member device.
  • the flow table generating module 20 controls the outbound traffic forwarding between the member devices and the member device by using the flow table, including: when the traffic forwarding is broadcast or multicast traffic forwarding, for each first member device And controlling, by the flow table, the first member device to directly forward the traffic from the first member device, and controlling, by the first member device, the traffic from the first member device for the traffic from the outside of the forwarding device cluster Forwarding to the other first member device that meets the following conditions: at least one of the virtual ports corresponding to the physical port is different from the virtual port corresponding to the physical port on the first member device; and, for each second member device, the flow table is Controlling, by the second member device, the traffic from the second member device to the first member device in the forwarding device cluster, to forward the traffic back to each of the virtual ports, and then forward the traffic; wherein, the first A member device refers to a member device having a physical port corresponding to the virtual port, and the second member device refers to having no pair with the virtual port. Members device entity port.
  • the flow table generating module 20 obtains the flow table of the member device according to the result of the path decision, including: when the traffic forwarding is broadcast or multicast traffic forwarding, generating a broadcast of the virtual forwarding device according to the result of the path decision a multicast flow table, the broadcast or multicast flow table including the virtual port as an egress port; and for each of the first member devices, performing a first modification and a second modification on the broadcast or multicast flow table Obtaining a first flow table and a second flow table of the first member device respectively;
  • the first modification includes: replacing the flag indicating that the packet is from the inside of the cluster as a new matching entry, and replacing the egress port with the physical port corresponding to the virtual port on the member device; the second modification includes Replacing the egress port with the physical port corresponding to the virtual port and the physical port set as the second bypass link on the member device, where the second bypass link is the first member device to the other first The link of the member device.
  • the flow table generating module 20 obtains the flow table of the member device according to the result of the path decision, and includes: when the traffic forwarding is broadcast or multicast traffic forwarding, generating the virtual forwarding device according to the result of the path decision. a broadcast or multicast flow table, the broadcast or multicast flow table including the virtual port as an egress port; for each of the second member devices, performing a third modification on the broadcast or multicast flow table to obtain a flow table of the second member device;
  • the third modification includes: replacing the egress port with the physical port for the third bypass link on the second member device, and adding a command or an action to mark the packet with a flag indicating that the packet is from the inside of the cluster;
  • the third bypass link is a link of the second member device to the first member device.
  • the third bypass link includes a link of the second member device to the first member device that satisfies the following condition 1 and condition 2, in addition to the link that receives the traffic, and the first member selected in the following manner Device link:
  • the virtual port corresponding to the physical port on the member device includes an unbundled port
  • the virtual port corresponding to the physical port on the member device includes a first bundle port, and the first bundle port refers to a bundle port corresponding to multiple physical ports on one member device;
  • the first member device is selected from the first member devices in which the virtual port corresponding to the physical port is the second bundle port and the corresponding second bundle port is the same, and the second bundle port is selected.
  • the selection is performed according to one or more of the following strategies: a load balancing policy; a priority policy; and a random selection policy.
  • the cluster control device further includes one or more of the following modules:
  • the offline processing module is configured to: after determining that a member device in the forwarding device cluster is offline, deleting the offline member device and its port from the member device surviving the forwarding device cluster; and surviving the forwarding device cluster If the member device's flow table has an egress port connected to the offline member device, the egress port of the member device's flow table connected to the offline member device is deleted, and the updated flow table is re-updated. Issued to the member device;
  • the port failure processing module is configured to delete the physical port corresponding to the virtual port from the egress port of the corresponding flow table after determining that the status of the virtual port as the egress port becomes inactive; and For each flow table, the updated flow table is re-sent to the corresponding member device; for each flow table that has no outgoing port after the deletion, the member device corresponding to the flow table is connected to the first member device.
  • the physical port is added to the egress port of the flow table, and the updated flow table is re-delivered to the corresponding member device.
  • the communication fault processing module is configured to: after determining that the physical port of the member device is connected to the first member device or the link corresponding to the physical port is invalid, the flow table of the member device is used as the out port The physical port is updated to be connected to the physical port of the other first member device, and the updated flow table is resent to the member device;
  • the cluster split processing module is configured to: after determining that the forwarding device cluster is in a split state, the record is in An interconnection port between the inactive virtual port and the member device, and a link between the failed member devices, and disabling the linkage port on the member device; and restarting the virtual forwarding device Performing a path decision, and obtaining a flow table of the member device according to the result of the path decision and delivering the flow table to the member device;
  • the member joins the processing module, and the SDN controller determines that a member device joins the forwarding device cluster, obtains a flow table of the member device according to the result of the path decision, and sends the flow table to the member device, and has the member device
  • the flow table of the original member device is updated and sent to the corresponding member device according to the new topology of the forwarding device cluster.
  • This example involves the formation and configuration of a cluster.
  • the SDN controller controls multiple independent forwarding devices through the OpenFlow protocol to form a forwarding device cluster, which is presented as an integrated logical device.
  • the cluster consists of two OpenFlow forwarding devices, identified as DPID 1 and DPID 2.
  • the two forwarding devices have ports numbered 1, 2, 3, 4, 5, and 6, respectively.
  • the link between the member devices of the forwarding device cluster is, the link between port 3 of DPID 1 and port 3 of DPID 2, port 4 of DPID 1 and port 4 of DPID 2 in FIG. Not visible outside the cluster.
  • the link between the member devices can be configured by the administrator.
  • the SDN controller maintains the status of the internal link through link detection or path detection.
  • the virtual forwarding device presented by the forwarding device cluster exposes six ports (1, 2, 3, 4, 5, and 6 in Figure 1) and is divided into two categories:
  • Unbundled ports (1, 2, 3, 4) An unbundled port directly corresponds to a physical port on a member device that constitutes the cluster (that is, outside the cluster), such as port 1, 2, and DPID2 on DPID1. Port 1, 2. An unbundled port is interconnected with a neighbor device through an unbundled link. The port status directly corresponds to the state of the physical port.
  • Bundle port corresponds to one or more members of the cluster to forward multiple physical ports on the device. For example, port 5 on DPID 1 and port 5 on DPID 2 are bundled to form port 5, DPID. Port 6 on 1 and port 6 on DPID 2 are bundled to form port 6. When any of the physical port states is active, the bundled port status is active. When all port states are inactive, the bundled port status is inactive. . The bundled port is connected to the neighbor through the bundled link. The corresponding port of the neighboring device must also be bundled. It can be statically configured or negotiated through the aggregation protocol.
  • This example relates to the control of unicast traffic forwarding for a forwarding device cluster.
  • the SDN controller of this example delivers forwarding entries through the OpenFlow protocol to control and forward the device cluster.
  • Off unicast traffic forwarding including:
  • Step 1 The SDN controller regards the forwarding device cluster as a virtual forwarding device, and performs a path decision according to the network topology, and obtains a unicast flow table for controlling the virtual forwarding device to forward the unicast traffic.
  • Step 2 The SDN controller modifies the unicast flow table according to the physical port on the member device corresponding to the virtual port of the outbound port in the unicast flow table, and obtains the flow table of each member device and sends the flow table to each member device.
  • the following traffic forwarding control can be implemented through a flow table:
  • the device has a physical port corresponding to the virtual port (corresponding to the first member device in the above, the physical port on the device may correspond to the unbundled port, and may also correspond to If the physical port is one of the plurality of physical ports corresponding to the bundled port, the physical port is controlled by the flow table to control the member device to forward the traffic directly from the device. Go out.
  • the member device If the traffic needs to be sent back through the other member devices of the cluster, that is, if the device does not have a physical port corresponding to the virtual port (corresponding to the second member device in the above), the member device is controlled to flow back through the flow table. Forward to other member devices.
  • the member device can select one of the outbound port groups in the flow table as the actual forwarding port.
  • Example 1 The virtual outgoing port is 1, 5.
  • Both the DPID 1 and the DPID 2 can forward the traffic directly, and the following ports are selected as the egress port in the flow table delivered to the DPID 1 and the DPID 2: the egress port of the flow table delivered to the DPID 1 is 1, 5, and the DPID 2 The outgoing port of the delivered flow table is 5.
  • Example 2 The virtual outgoing port is 1, 2.
  • the DPID 1 can directly forward the traffic.
  • the port is determined by the method in the example 1.
  • the outgoing port of the forwarding table sent to DPID 1 is 1, 2.
  • the DPID 2 needs to forward the traffic to the DPID 1 and the port corresponding to the bypass link of the member device with the available egress port as the egress port.
  • the egress port of the flow table delivered to DPID 2 is 3 or 4.
  • This example relates to the control of forwarding device cluster broadcast or multicast traffic forwarding.
  • the SDN controller of this example delivers forwarding entries through the OpenFlow protocol to control traffic broadcast or multicast forwarding related to the forwarding device cluster, including:
  • Step 1 The SDN controller regards the forwarding device cluster as a virtual forwarding device, performs path decision according to the network topology, and obtains a broadcast or multicast flow table for controlling the virtual forwarding device to forward broadcast or multicast traffic; broadcast or multicast Packets need to be forwarded from multiple ports on the virtual forwarding device.
  • Step 2 The SDN controller modifies the broadcast or multicast flow table according to the physical port on the member device corresponding to the virtual port of the outbound port in the broadcast or multicast flow table, and obtains the flow table of each member device and delivers the flow table to each member device. Member equipment.
  • the following traffic forwarding control can be implemented through a flow table:
  • the packets received from the cluster member devices are controlled by the flow table to forward the traffic directly from the device.
  • the packets received by the device other than the cluster are forwarded through the flow table to control the member device to forward traffic from the device.
  • the device also controls the member device to forward the device from the device to other first member devices. At least one of the virtual ports corresponding to the physical port on the first member device is different from the virtual port corresponding to the physical port on the device. That is, if another first member device has the same bundle port as the own device, it may not be forwarded to the other first member device.
  • the member device is controlled by the flow table to forward the traffic from the device to the first member device, so that the traffic is returned to each device.
  • the virtual port is forwarded again.
  • a member port of a bundled port is distributed among multiple forwarding devices, and multiple internal links are available between a pair of devices.
  • the controller needs to select which ports to join the outbound port list to prevent multiple packets from being sent back. Port output. See the detailed description above for how to specifically select the link when detouring.
  • a command or an action is added to the forwarding table that is sent to the second member device, and the flag indicating that the packet is from the cluster is added to the forwarded packet, for example, by adding a VLAN tag or a tunnel identifier. Mark the flag for subsequent device identification and determine subsequent forwarding actions.
  • a flow table is sent to the DPID 1 (also referred to as a forwarding entry).
  • a flow table adds a matching item for identifying the packet received from the DPID 2 on the basis of the original matching item, and the egress port is 1, and the other port is 1.
  • the outbound port of a flow table is 1, 5.
  • One forwarding entry is sent to and from the DPID 2, and the egress port is 5, 3. However, the packet sent from the DPID 1 is directly discarded, that is, the link that receives the packet is not used as the bypass link.
  • a flow table that restores traffic to normal forwarding including:
  • Step 1 The SDN controller detects that a member device in the forwarding device cluster is offline.
  • Step 2 The SDN controller maintains the state of the forwarding device cluster, and removes the offline device and related ports from the cluster;
  • Step 3 If the traffic received by other surviving member devices in the cluster is originally forwarded by the offline device, you need to select other available bypass paths. Therefore, the SDN controller updates the flow table of these devices, that is, the original outgoing port connected to the offline device should be deleted, and only the outgoing port to other retractable devices is reserved.
  • the SDN controller restores the normal forwarding of the traffic by updating the entries on the surviving device, including:
  • Step 1 The forwarding device reports, or the SDN controller detects that the status of a port on the cluster member is changed to inactive.
  • Step 2 The SDN controller deletes the port from the affected flow table, that is, updates the flow table:
  • the device If the member device of the port is removed from the egress port of the member device, the device does not have any member ports of the port. If the device needs to be bypassed by other devices, the device is added to the port of the device. Out port
  • the original forwarding path is forwarded through the port.
  • the bypass path is modified, and the port is removed from the outbound port of the flow table, and the outgoing port of the other switchable device is reserved.
  • the SDN controller restores the normal forwarding of the traffic by updating the entries on the surviving device, including:
  • Step 1 The forwarding device reports or the controller detects that a port connected to other members on the cluster member is changed to inactive, or the controller detects that the internal path of the cluster is invalid.
  • Step 2 For the member devices that need to be forwarded through the port or link, modify the egress port in the flow table and switch back from other links.
  • the SDN controller disables the port on the device by performing the port linkage policy, triggers the path recalculation and resumes normal forwarding, including:
  • Step one the SDN controller determines that the cluster is in a split state
  • the forwarding device reports or the controller detects the inter-cluster port connectivity.
  • the state changes to inactive, etc., and the SDN controller can determine whether the cluster is in a split state, that is, become multiple parts that are not connected to each other.
  • Step 2 The SDN controller disables the linkage port on the device according to the linkage policy; if the linkage port includes a port that should be closed after a port fails.
  • Step 3 The SDN controller recalculates the path according to the current cluster topology, and delivers the forwarding table, so that the traffic is forwarded through other member devices of the cluster and other member ports of the bundled port.
  • This example involves a method in which a member of the cluster is in a normal working state, a faulty member is restored, or a new member device is added, and the SDN controller joins the device to the cluster to enable traffic to be forwarded by the device, including:
  • Step 1 The cluster member device establishes a connection with the controller and completes initialization, and the SDN controller joins the device to the cluster to maintain the related state.
  • Step 2 The SDN controller generates a delivered entry for the newly added device, and updates the flow table of the other device according to the new cluster topology.
  • Step 3 The flow meter is sent, and the newly added device can be used normally.
  • serial numbers of the embodiments of the present invention are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
  • the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better.
  • Implementation. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic).
  • the disc, the optical disc includes a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to execute the controllers described in various embodiments of the present invention.
  • the modules such as the path decision module, the flow table generation module, and the flow table delivery module may include software loaded on a server or related device and/or combined or interacted with related hardware.
  • the path decision module may include a corresponding logic circuit.
  • the corresponding program in the server system may be each functional module in the same software system, or may belong to different software/operating systems.
  • the invention is applicable to the field of the software-defined network, and is used for inter-communication between the member devices without running a proprietary protocol, and the link maintenance of the member device and the controller does not need special processing, and is relatively simple.

Abstract

A method and controller for controlling a forwarding device cluster in software-defined networking (SDN). The SDN controller performs a path selection by regarding the forwarding device cluster as a single, virtual forwarding device, wherein the forwarding device cluster comprises a plurality of independently-running member devices; and the SDN controller obtains a flow table of the member devices according to a path selection result, sending the flow table to the member devices so as to control traffic forwarding among the member devices and outbound traffic forwarding of the member devices. Software-defined networking is characterized by centralized control of network devices and the present application takes advantage of this characteristic to control traffic forwarding among member devices and outbound traffic forwarding of member devices via a flow table. Interoperability of different manufacturers can be achieved without requiring private protocols to be run among member devices; in addition, link maintenance of member devices and the controller requires no special processing and is simplified.

Description

一种软件定义网络中控制转发设备集群的方法及控制器Method and controller for controlling forwarding device cluster in software defined network 技术领域Technical field
本发明涉及软件定义网络,更具体地,涉及一种软件定义网络中控制转发设备集群的方法及相应的控制器。The present invention relates to a software defined network, and more particularly to a method and a corresponding controller for controlling a forwarding device cluster in a software defined network.
背景技术Background technique
软件定义网络(Software Defined Networking,SDN)是一种新型网络创新架构,其核心思想是将网络的控制和转发平面分离,增加网络管理的灵活性和可扩展性。SDN中的控制层由原有的交换机、路由器等网络设备中的控制功能抽取出来,采用独立的控制软件来实现。原有的交换机、路由器中的控制功能都从基础设施层剥离,由控制面统一实施转发管理。OpenFlow是SDN网络中运行在控制器与转发设备间的一种协议,控制器通过OpenFlow协议向交换机写入流表和组表等转发表项,完成对整个网络的控制。Software Defined Networking (SDN) is a new type of network innovation architecture. Its core idea is to separate the control and forwarding planes of the network and increase the flexibility and scalability of network management. The control layer in SDN is extracted by the control functions in the original network devices such as switches and routers, and is implemented by independent control software. The control functions in the original switches and routers are stripped from the infrastructure layer, and the control plane uniformly implements the forwarding management. OpenFlow is a protocol running between the controller and the forwarding device in the SDN network. The controller writes forwarding entries such as flow tables and group tables to the switch through the OpenFlow protocol to complete control of the entire network.
类似于传统网络,在SDN网络中,为实现负载均衡和高可靠性,也需要在网络的特定位置部署多台转发设备组成集群,以主备或负载分担方式运行。为满足此要求,可以部署采用传统集群技术的设备,转发设备集群自行实现负载均衡转发或故障时的主备倒换,对SDN控制器呈现为单一的设备。Similar to the traditional network, in the SDN network, in order to achieve load balancing and high reliability, it is also necessary to deploy multiple forwarding devices in a specific location of the network to form a cluster, which operates in active/standby mode or load sharing mode. To meet this requirement, you can deploy a device that uses the traditional cluster technology. The forwarding device cluster implements load balancing forwarding or active/standby switchover when the fault occurs. The SDN controller is presented as a single device.
但是,采用传统集群技术的转发设备集群,集群的成员设备之间需要运行私有协议,无法实现异厂家互通。呈现为整体的多个集群设备成员与SDN控制器维护单一链接的机制也较复杂。However, in the case of a forwarding device cluster that uses the traditional clustering technology, the member switches of the cluster need to run a proprietary protocol. The mechanism by which multiple cluster device members presented as a whole maintain a single link with the SDN controller is also more complicated.
发明内容Summary of the invention
有鉴于此,本发明提供了以下技术方案。In view of this, the present invention provides the following technical solutions.
一种软件定义网络中控制转发设备集群的方法,包括:A method for controlling a cluster of forwarding devices in a software-defined network, comprising:
软件定义网络SDN控制器将转发设备集群视为单一的虚拟转发设备进行路径决策,其中,所述转发设备集群包括多台独立运行的成员设备;The software-defined network SDN controller treats the forwarding device cluster as a single virtual forwarding device for path decision, wherein the forwarding device cluster includes multiple independently running member devices;
所述SDN控制器根据路径决策的结果得到所述成员设备的流表并下发给所述成员设备,通过流表控制所述成员设备之间及所述成员设备向外的流量转发。And the SDN controller obtains the flow table of the member device according to the result of the path decision, and sends the flow table to the member device, and controls the outgoing traffic of the member device and the member device by using the flow table.
一种软件定义网络中的控制器,其特征在于,包括集群控制装置,所述集群控制装置包括:A controller in a software-defined network, comprising: a cluster control device, the cluster control device comprising:
路径决策模块,设置为将转发设备集群视为单一的虚拟转发设备进行路径决策,其中,所述转发设备集群包括多台独立运行的成员设备;The path decision module is configured to perform the path decision by using the forwarding device cluster as a single virtual forwarding device, where the forwarding device cluster includes multiple independent running member devices;
流表生成模块,设置为根据路径决策的结果得到所述成员设备的流表,通过流表控制所述成员设备之间及所述成员设备向外的流量转发; The flow table generating module is configured to obtain a flow table of the member device according to the result of the path decision, and control, by using the flow table, the outward flow of traffic between the member devices and the member device;
流表下发模块,设置为将所述成员设备的流表下发给所述成员设备。The flow table sending module is configured to send the flow table of the member device to the member device.
上述方案明充分利用软件定义网络对网络设备进行集中控制的特点,将独立运行的多台转发设备作为集群,通过流表控制集群成员设备之间及成员设备向外的流量转发。成员设备之间无需运行私有协议,可以实现异厂家互通,且成员设备与控制器的链路维护无需特别处理,比较简单。The above schemes fully utilize the characteristics of the network-defined network to perform centralized control on the network devices. The multiple forwarding devices that operate independently are used as a cluster to control the outbound traffic forwarding between the member devices of the cluster and the member devices. There is no need to run a proprietary protocol between the member devices, and the inter-communication between the member devices and the controller is not required.
附图说明DRAWINGS
图1是本发明实施例一控制方法的流程图;1 is a flow chart of a control method according to Embodiment 1 of the present invention;
图2是本发明实施例一SDN控制器的模块图;2 is a block diagram of an SDN controller according to an embodiment of the present invention;
图3是本发明示例一转发设备集群的示意图。3 is a schematic diagram of an example of a forwarding device cluster of the present invention.
具体实施方式detailed description
为使本发明的目的、技术方案和优点更加清楚明白,下文中将结合附图对本发明的实施例进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。The embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.
实施例一 Embodiment 1
本实施例提出一种软件定义网络中控制转发设备集群的方法,根据管理员的配置,SDN控制器通过OpenFlow协议(或其他流控制协议)对独立运行的转发设备进行控制,组成转发设备集群,对外呈现为单一的虚拟转发设备。The embodiment of the present invention provides a method for controlling a forwarding device cluster in a software-defined network. According to the configuration of the administrator, the SDN controller controls the independently-operated forwarding device through the OpenFlow protocol (or other flow control protocol) to form a forwarding device cluster. Externally presented as a single virtual forwarding device.
本实施例软件定义网络中控制转发设备集群的方法如图1所示,包括:The method for controlling the forwarding device cluster in the software definition network in this embodiment is as shown in FIG. 1 and includes:
步骤110,SDN控制器将转发设备集群视为单一的虚拟转发设备进行路径决策,其中,所述转发设备集群包括多台独立运行的成员设备;Step 110: The SDN controller considers the forwarding device cluster as a single virtual forwarding device to perform path decision, where the forwarding device cluster includes multiple independent running member devices.
本步骤中,所述路径决策包括:确定所述虚拟转发设备向外转发流量(也即转发报文)的作为出端口的虚拟端口,所述虚拟端口可以分为两类:非捆绑端口和/或捆绑端口,其中:每一非捆绑端口对应于一个成员设备上对外的一实体端口;每一捆绑端口对应于一个或多个成员设备上对外的多个实体端口。In this step, the path decision includes: determining that the virtual forwarding device forwards the traffic (that is, forwards the packet) as a virtual port of the egress port, and the virtual port can be classified into two types: an unbundled port and/or Or a bundled port, where each unbundled port corresponds to a physical port on a member device; each bundle port corresponds to multiple external physical ports on one or more member devices.
步骤120,所述SDN控制器根据路径决策的结果得到所述成员设备的流表并下发给所述成员设备,通过流表控制所述成员设备之间及所述成员设备向外的流量转发。Step 120: The SDN controller obtains a flow table of the member device according to the result of the path decision, and sends the flow table to the member device, and controls the outgoing traffic of the member device and the member device by using the flow table. .
文中,成员设备向外的流量转发是指向转发设备集群外的流量转发。In this document, outgoing traffic forwarding of member devices refers to traffic forwarding outside the forwarding device cluster.
所述流量转发为单播流量转发时,所述SDN控制器通过流表控制所述成员设备之间及所述成员设备向外的流量转发,包括:When the traffic forwarding is unicast traffic forwarding, the SDN controller controls the outgoing traffic forwarding between the member devices and the member device by using a flow table, including:
通过流表控制第一成员设备将流量从本设备直接向外转发,控制第二成员设备将流量从本设备向至少一个所述第一成员设备转发;其中,所述第一成员设备指具有与 所述虚拟端口对应的实体端口的成员设备,所述第二成员设备指不具有与所述虚拟端口对应的实体端口的成员设备。Controlling, by the flow meter, the first member device forwards the traffic directly from the device, and controls the second member device to forward the traffic from the device to the at least one first member device; wherein the first member device refers to A member device of the physical port corresponding to the virtual port, where the second member device refers to a member device that does not have a physical port corresponding to the virtual port.
为了实现上述单播流量转发的控制,所述SDN控制器根据路径决策的结果得到所述成员设备的流表,可以采用以下方式:根据路径决策的结果生成所述虚拟转发设备的单播流表,所述单播流表包含作为出端口的所述虚拟端口;再针对每一所述成员设备,对所述单播流表进行修改,得到该成员设备的流表;其中,针对每一所述第一成员设备,所述修改包括:将出端口替换为该第一成员设备上与所述虚拟端口对应的实体端口;针对每一所述第二成员设备,所述修改包括:将出端口替换为该第二成员设备上用于第一迂回链路的实体端口,所述第一迂回链路是该第二成员设备到所述第一成员设备的链路。In order to implement the control of the unicast traffic forwarding, the SDN controller obtains the flow table of the member device according to the result of the path decision, and may adopt the following manner: generating a unicast flow table of the virtual forwarding device according to the result of the path decision The unicast flow table includes the virtual port as an egress port; and the unicast flow table is modified for each member device to obtain a flow table of the member device; For the first member device, the modification includes: replacing the egress port with the physical port corresponding to the virtual port on the first member device; for each of the second member devices, the modifying includes: The physical port for the first bypass link is replaced by the second member device, and the first bypass link is the link of the second member device to the first member device.
在单播流量转发时,所述成员设备在下发的流表中包括一个作为出端口的实体端口时,从该实体端口转发流量;而在下发的流表中包括多个作为出端口的实体端口时,可以从所述多个实体端口中选择一个实体端口转发流量。具体选择可以根据以下一种或多种(两种以上,任意组合)策略进行:负载均衡策略;优先级策略;及随机选择策略。控制器给成员设备下发的端口列表中,还可以为各端口设置权重,供成员设备选择出端口时使用。When the unicast traffic is forwarded, the member device includes a physical port as an egress port, and the traffic is forwarded from the physical port; and the delivered flow table includes multiple physical ports as egress ports. At time, one physical port may be selected to forward traffic from the plurality of physical ports. The specific selection may be performed according to one or more of the following (two or more, any combination) strategies: a load balancing strategy; a priority policy; and a random selection strategy. In the port list delivered by the controller to the member device, you can also set the weight for each port for the member device to select when the port is selected.
所述流量转发为广播或组播流量转发时,所述SDN控制器通过流表控制所述成员设备之间及所述成员设备向外的流量转发,包括:When the traffic forwarding is broadcast or multicast traffic forwarding, the SDN controller controls the outbound traffic forwarding between the member devices and the member device by using a flow table, including:
对每一个第一成员设备,通过流表控制该第一成员设备将流量从该第一成员设备直接向外转发,且对于来自所述转发设备集群外部的流量,还控制该第一成员设备将流量从该第一成员设备向满足以下条件的其他第一成员设备转发:实体端口对应的虚拟端口中至少有一个不同于该第一成员设备上实体端口对应的虚拟端口;For each first member device, the first member device is controlled to directly forward the traffic from the first member device by using a flow table, and for the traffic from outside the cluster of the forwarding device, the first member device is also controlled. The traffic is forwarded from the first member device to the other first member device that meets the following conditions: at least one of the virtual ports corresponding to the physical port is different from the virtual port corresponding to the physical port on the first member device;
对每一个第二成员设备,通过流表控制该第二成员设备将流量从该第二成员设备向所述转发设备集群中的第一成员设备转发,以将流量迂回到每一个所述虚拟端口再向外转发;For each second member device, the second member device is controlled by the flow table to forward traffic from the second member device to the first member device in the forwarding device cluster to switch traffic back to each of the virtual ports. Forward again;
其中,所述第一成员设备指具有与所述虚拟端口对应的实体端口的成员设备,所述第二成员设备指不具有与所述虚拟端口对应的实体端口的成员设备。The first member device refers to a member device that has a physical port corresponding to the virtual port, and the second member device refers to a member device that does not have a physical port corresponding to the virtual port.
为了实现上述广播或组播流量转发的控制,所述SDN控制器根据路径决策的结果得到所述成员设备的流表时,可以采用以下方式:In order to implement the above-mentioned broadcast or multicast traffic forwarding control, when the SDN controller obtains the flow table of the member device according to the result of the path decision, the following manner may be adopted:
根据路径决策的结果生成所述虚拟转发设备的广播或组播流表,所述广播或组播流表包含作为出端口的所述虚拟端口;Generating, according to a result of the path decision, a broadcast or multicast flow table of the virtual forwarding device, where the broadcast or multicast flow table includes the virtual port as an egress port;
针对每一所述第一成员设备,对所述广播或组播流表进行第一修改和第二修改,分别得到该第一成员设备的第一流表和第二流表;And performing, by the first member device, a first modification and a second modification on the broadcast or multicast flow table, respectively, to obtain a first flow table and a second flow table of the first member device;
针对每一个所述第二成员设备,对所述广播或组播流表进行第三修改,得到该第 二成员设备的流表;Performing a third modification to the broadcast or multicast flow table for each of the second member devices to obtain the first a flow table of two member devices;
其中,所述第一修改包括:将表示报文来自集群内部的标志作为新增的匹配项,将出端口替换为该成员设备上与所述虚拟端口对应的实体端口;所述第二修改包括:将出端口替换为该成员设备上与所述虚拟端口对应的实体端口及设置为第二迂回链路的实体端口,所述第二迂回链路是该第一成员设备到所述其他第一成员设备的链路;所述第三修改包括:将出端口替换为该第二成员设备上设置为第三迂回链路的实体端口,及增加命令或动作以在报文中打上表示报文来自集群内部的标志;所述第三迂回链路是该第二成员设备到所述第一成员设备的链路。The first modification includes: replacing the flag indicating that the packet is from the inside of the cluster as a new matching entry, and replacing the egress port with the physical port corresponding to the virtual port on the member device; the second modification includes Replacing the egress port with the physical port corresponding to the virtual port and the physical port set as the second bypass link on the member device, where the second bypass link is the first member device to the other first a link of the member device; the third modification includes: replacing the egress port with the physical port set as the third bypass link on the second member device, and adding a command or an action to indicate that the packet is from the packet a flag inside the cluster; the third bypass link is a link of the second member device to the first member device.
特别地,所述第三迂回链路可以包括除接收流量的链路之外的,该第二成员设备到满足以下条件一和条件二的第一成员设备的链路,以及按以下方式一选择的第一成员设备的链路:In particular, the third bypass link may include a link of the second member device to the first member device that satisfies the following condition 1 and condition 2, in addition to the link that receives the traffic, and selects in the following manner. The link of the first member device:
条件一,该成员设备上实体端口对应的虚拟端口包括非捆绑端口; Condition 1, the virtual port corresponding to the physical port on the member device includes an unbundled port;
条件二,该成员设备上实体端口对应的虚拟端口包括第一捆绑端口,所述第一捆绑端口指对应于一个成员设备上多个实体端口的捆绑端口;Condition 2: the virtual port corresponding to the physical port on the member device includes a first bundle port, and the first bundle port refers to a bundle port corresponding to multiple physical ports on one member device;
方式一,从实体端口对应的虚拟端口均为第二捆绑端口且对应的所述第二捆绑端口相同的多个第一成员设备中,选择一个第一成员设备,其中,所述第二捆绑端口指对应于多个成员设备上多个实体端口的捆绑端口,所述选择依据以下一种或多种策略进行:负载均衡策略;优先级策略;及随机选择策略。In a first mode, the first member device is selected from the first member devices in which the virtual port corresponding to the physical port is the second bundle port and the corresponding second bundle port is the same, and the second bundle port is selected. A bundle port corresponding to multiple physical ports on multiple member devices, the selection is performed according to one or more of the following strategies: a load balancing policy; a priority policy; and a random selection policy.
本实施例针对转发设备集群可能出现的离线、故障、加入新设备等情况,还提出了相应的流表控制方法,如下:This embodiment is directed to the offline, fault, and new equipment that may occur in the forwarding device cluster. The corresponding flow table control method is also proposed, as follows:
针对离线的情况:For offline situations:
所述SDN控制器确定所述转发设备集群中的一成员设备离线后,将该离线成员设备及其端口从所述转发设备集群存活的成员设备中删除;对所述转发设备集群存活的每一成员设备,如果该成员设备的流表有出端口连接到该离线成员设备,将该成员设备的流表中连接到该离线成员设备的出端口删除,将更新后的该流表重新下发给该成员设备。After the SDN controller determines that a member device in the forwarding device cluster is offline, the offline member device and its port are deleted from the member device surviving the forwarding device cluster; each of the forwarding device clusters survives If the member device's flow table has an outbound port connected to the offline member device, the member device's flow table is deleted from the outbound port of the offline member device, and the updated flow table is resent to the member device. The member device.
针对端口失效的情况:For port failures:
所述SDN控制器确定作为出端口的一虚拟端口的状态变为非活动(即失效)后,将该虚拟端口对应的实体端口从相应流表的出端口中删除;对删除后有出端口的每一流表,将更新后的该流表重新下发给对应的成员设备;对删除后无出端口的每一流表,将该流表对应的成员设备上连接到所述第一成员设备的实体端口新增为该流表的出端口,将更新后的该流表重新下发给对应的成员设备。其中,对于一个非捆绑端口,其对应的一个实体端口变为非活动后,则确定该非捆绑端口变为非活动。对于一个捆绑端口,在其对应的多个实体端口均变为非活动后,再确定该捆绑端口变为非活动。 After the SDN controller determines that the status of a virtual port as the egress port becomes inactive (ie, fails), the physical port corresponding to the virtual port is deleted from the egress port of the corresponding flow table; For each of the first-class tables, the updated flow table is re-delivered to the corresponding member device; for each flow table that has no outgoing port after the deletion, the member device corresponding to the flow table is connected to the entity of the first member device. The port is added to the egress port of the flow table, and the updated flow table is re-delivered to the corresponding member device. After an unbundled port becomes inactive for one unbound port, it is determined that the unbundled port becomes inactive. For a bundled port, after the corresponding multiple physical ports become inactive, it is determined that the bundled port becomes inactive.
针对成员设备间通信故障的情况:For communication failures between member devices:
所述SDN控制器确定一成员设备连接到一所述第一成员设备的实体端口或所述实体端口对应的链路失效后,将该成员设备的流表中作为出端口的所述实体端口更新为连接到另一所述第一成员设备的实体端口,将更新后的该流表重新下发给该成员设备。After the SDN controller determines that a member device is connected to the physical port of the first member device or the link corresponding to the physical port is invalid, the physical port of the member device is updated as the physical port of the egress port. The updated flow table is resent to the member device for connecting to the physical port of the other first member device.
针对集群分裂的情况:For the case of cluster splitting:
所述SDN控制器确定所述转发设备集群处于分裂状态(即集群变为互不相通的两个或更多部分)后,记录处于非活动状态的虚拟端口和所述成员设备之间的互联端口,以及失效的所述成员设备之间的链路,并禁用所述成员设备上的联动端口;及对所述虚拟转发设备重新进行路径决策,根据路径决策的结果得到所述成员设备的流表并下发给所述成员设备。After the SDN controller determines that the forwarding device cluster is in a split state (ie, the clusters become two or more parts that are not connected to each other), record an interconnection port between the inactive virtual port and the member device. And the link between the member devices that are invalidated, and the linkage port on the member device is disabled; and the path determination is performed on the virtual forwarding device, and the flow table of the member device is obtained according to the result of the path decision. And sent to the member device.
针对加入新成员设备的情况:For the case of joining a new member device:
所述SDN控制器确定有一成员设备加入所述转发设备集群后,根据所述路径决策的结果得到该成员设备的流表并下发给该成员设备,并在该成员设备具有与所述虚拟端口对应的实体端口(如新加入的成员设备有实体端口加入现有的捆绑端口)时,按照所述转发设备集群新的拓扑对原有成员设备的流表进行更新并下发给相应的成员设备。After the SDN controller determines that a member device joins the forwarding device cluster, the flow table of the member device is obtained according to the result of the path decision, and is sent to the member device, and the member device has the virtual port. The corresponding physical port (for example, if the newly added member device has a physical port added to the existing bundle port), the flow table of the original member device is updated and delivered to the corresponding member device according to the new topology of the forwarding device cluster. .
本实施例还提供了一种软件定义网络中的控制器,包括集群控制装置,如图2所示,所述集群控制装置包括:The embodiment also provides a controller in a software-defined network, including a cluster control device. As shown in FIG. 2, the cluster control device includes:
路径决策模块10,设置为将转发设备集群视为单一的虚拟转发设备进行路径决策,其中,所述转发设备集群包括多台独立运行的成员设备;The path decision module 10 is configured to perform the path decision by using the forwarding device cluster as a single virtual forwarding device, where the forwarding device cluster includes multiple independent running member devices;
流表生成模块20,设置为根据路径决策的结果得到所述成员设备的流表,通过流表控制所述成员设备之间及所述成员设备向外的流量转发;The flow table generating module 20 is configured to obtain a flow table of the member device according to the result of the path decision, and control, by using the flow table, the outward flow forwarding between the member devices and the member device;
流表下发模块30,设置为将所述成员设备的流表下发给所述成员设备。The flow table issuing module 30 is configured to send the flow table of the member device to the member device.
可选地,Optionally,
所述路径决策模块10进行路径决策,包括:确定所述虚拟转发设备向外转发流量的作为出端口的虚拟端口,所述虚拟端口包括非捆绑端口和/或捆绑端口,其中:每一非捆绑端口对应于一个成员设备上对外的一实体端口;每一捆绑端口对应于一个或多个成员设备上对外的多个实体端口。The path decision module 10 performs a path decision, including: determining a virtual port that is an outbound port that forwards the traffic to the virtual forwarding device, where the virtual port includes an unbundled port and/or a bundle port, where: each unbundled A port corresponds to a physical port on a member device. Each bundle port corresponds to multiple external physical ports on one or more member devices.
可选地,Optionally,
所述流表生成模块20通过流表控制所述成员设备之间及所述成员设备向外的流量转发,包括:所述流量转发为单播流量转发时,通过流表控制第一成员设备将流量从本设备直接向外转发,控制第二成员设备将流量从本设备向至少一个所述第一成员设备转发;其中,所述第一成员设备指具有与所述虚拟端口对应的实体端口的成员设 备,所述第二成员设备指不具有与所述虚拟端口对应的实体端口的成员设备。The flow table generating module 20 controls the outbound traffic forwarding between the member devices and the member device by using the flow table, including: when the traffic forwarding is unicast traffic forwarding, the first member device is controlled by the flow table. The traffic is directly forwarded from the device, and the second member device is configured to forward the traffic from the device to the at least one first member device. The first member device refers to the physical port corresponding to the virtual port. Member set The second member device refers to a member device that does not have a physical port corresponding to the virtual port.
可选地,Optionally,
所述流表生成模块20根据路径决策的结果得到所述成员设备的流表,包括:所述流量转发为单播流量转发时,根据路径决策的结果生成所述虚拟转发设备的单播流表,所述单播流表包含作为出端口的所述虚拟端口;再针对每一所述成员设备,对所述单播流表进行修改,得到该成员设备的流表;The flow table generating module 20 obtains the flow table of the member device according to the result of the path decision, and includes: when the traffic is forwarded to the unicast traffic, the unicast flow table of the virtual forwarding device is generated according to the result of the path decision. The unicast flow table includes the virtual port as an egress port; and the unicast flow table is modified for each member device to obtain a flow table of the member device;
其中,针对每一所述第一成员设备,所述修改包括:将出端口替换为该第一成员设备上与所述虚拟端口对应的实体端口;针对每一所述第二成员设备,所述修改包括:将出端口替换为该第二成员设备上设置为第一迂回链路的实体端口,所述第一迂回链路是该第二成员设备到所述第一成员设备的链路。For each of the first member devices, the modification includes: replacing the egress port with a physical port corresponding to the virtual port on the first member device; The modification includes: replacing the egress port with the physical port set as the first bypass link on the second member device, where the first bypass link is the link of the second member device to the first member device.
可选地,Optionally,
所述流表生成模块20通过流表控制所述成员设备之间及所述成员设备向外的流量转发,包括:所述流量转发为广播或组播流量转发时,对每一个第一成员设备,通过流表控制该第一成员设备将流量从该第一成员设备直接向外转发,且对于来自所述转发设备集群外部的流量,还控制该第一成员设备将流量从该第一成员设备向满足以下条件的其他第一成员设备转发:实体端口对应的虚拟端口中至少有一个不同于该第一成员设备上实体端口对应的虚拟端口;及,对每一个第二成员设备,通过流表控制该第二成员设备将流量从该第二成员设备向所述转发设备集群中的第一成员设备转发,以将流量迂回到每一个所述虚拟端口再向外转发;其中,所述第一成员设备指具有与所述虚拟端口对应的实体端口的成员设备,所述第二成员设备指不具有与所述虚拟端口对应的实体端口的成员设备。The flow table generating module 20 controls the outbound traffic forwarding between the member devices and the member device by using the flow table, including: when the traffic forwarding is broadcast or multicast traffic forwarding, for each first member device And controlling, by the flow table, the first member device to directly forward the traffic from the first member device, and controlling, by the first member device, the traffic from the first member device for the traffic from the outside of the forwarding device cluster Forwarding to the other first member device that meets the following conditions: at least one of the virtual ports corresponding to the physical port is different from the virtual port corresponding to the physical port on the first member device; and, for each second member device, the flow table is Controlling, by the second member device, the traffic from the second member device to the first member device in the forwarding device cluster, to forward the traffic back to each of the virtual ports, and then forward the traffic; wherein, the first A member device refers to a member device having a physical port corresponding to the virtual port, and the second member device refers to having no pair with the virtual port. Members device entity port.
可选地,Optionally,
所述流表生成模块20根据路径决策的结果得到所述成员设备的流表,包括:所述流量转发为广播或组播流量转发时,根据路径决策的结果生成所述虚拟转发设备的广播或组播流表,所述广播或组播流表包含作为出端口的所述虚拟端口;针对每一所述第一成员设备,对所述广播或组播流表进行第一修改和第二修改,分别得到该第一成员设备的第一流表和第二流表;The flow table generating module 20 obtains the flow table of the member device according to the result of the path decision, including: when the traffic forwarding is broadcast or multicast traffic forwarding, generating a broadcast of the virtual forwarding device according to the result of the path decision a multicast flow table, the broadcast or multicast flow table including the virtual port as an egress port; and for each of the first member devices, performing a first modification and a second modification on the broadcast or multicast flow table Obtaining a first flow table and a second flow table of the first member device respectively;
其中,所述第一修改包括:将表示报文来自集群内部的标志作为新增的匹配项,将出端口替换为该成员设备上与所述虚拟端口对应的实体端口;所述第二修改包括:将出端口替换为该成员设备上与所述虚拟端口对应的实体端口及设置为第二迂回链路的实体端口,所述第二迂回链路是该第一成员设备到所述其他第一成员设备的链路。The first modification includes: replacing the flag indicating that the packet is from the inside of the cluster as a new matching entry, and replacing the egress port with the physical port corresponding to the virtual port on the member device; the second modification includes Replacing the egress port with the physical port corresponding to the virtual port and the physical port set as the second bypass link on the member device, where the second bypass link is the first member device to the other first The link of the member device.
可选地,Optionally,
所述流表生成模块20根据路径决策的结果得到所述成员设备的流表,包括:所述流量转发为广播或组播流量转发时,根据路径决策的结果生成所述虚拟转发设备的 广播或组播流表,所述广播或组播流表包含作为出端口的所述虚拟端口;针对每一个所述第二成员设备,对所述广播或组播流表进行第三修改,得到该第二成员设备的流表;The flow table generating module 20 obtains the flow table of the member device according to the result of the path decision, and includes: when the traffic forwarding is broadcast or multicast traffic forwarding, generating the virtual forwarding device according to the result of the path decision. a broadcast or multicast flow table, the broadcast or multicast flow table including the virtual port as an egress port; for each of the second member devices, performing a third modification on the broadcast or multicast flow table to obtain a flow table of the second member device;
其中所述第三修改包括:将出端口替换为该第二成员设备上用于第三迂回链路的实体端口,及增加命令或动作以在报文中打上表示报文来自集群内部的标志;所述第三迂回链路是该第二成员设备到所述第一成员设备的链路。The third modification includes: replacing the egress port with the physical port for the third bypass link on the second member device, and adding a command or an action to mark the packet with a flag indicating that the packet is from the inside of the cluster; The third bypass link is a link of the second member device to the first member device.
可选地,Optionally,
所述第三迂回链路包括除接收流量的链路之外的,该第二成员设备到满足以下条件一和条件二的第一成员设备的链路,以及按以下方式一选择的第一成员设备的链路:The third bypass link includes a link of the second member device to the first member device that satisfies the following condition 1 and condition 2, in addition to the link that receives the traffic, and the first member selected in the following manner Device link:
条件一,该成员设备上实体端口对应的虚拟端口包括非捆绑端口; Condition 1, the virtual port corresponding to the physical port on the member device includes an unbundled port;
条件二,该成员设备上实体端口对应的虚拟端口包括第一捆绑端口,所述第一捆绑端口指对应于一个成员设备上多个实体端口的捆绑端口;Condition 2: the virtual port corresponding to the physical port on the member device includes a first bundle port, and the first bundle port refers to a bundle port corresponding to multiple physical ports on one member device;
方式一,从实体端口对应的虚拟端口均为第二捆绑端口且对应的所述第二捆绑端口相同的多个第一成员设备中,选择一个第一成员设备,其中,所述第二捆绑端口指对应于多个成员设备上多个实体端口的捆绑端口;In a first mode, the first member device is selected from the first member devices in which the virtual port corresponding to the physical port is the second bundle port and the corresponding second bundle port is the same, and the second bundle port is selected. a bundle port corresponding to multiple physical ports on multiple member devices;
其中所述选择依据以下一种或多种策略进行:负载均衡策略;优先级策略;及随机选择策略。The selection is performed according to one or more of the following strategies: a load balancing policy; a priority policy; and a random selection policy.
可选地,Optionally,
所述集群控制装置还包括以下模块中的一种或多种:The cluster control device further includes one or more of the following modules:
离线处理模块,设置为在确定所述转发设备集群中的一成员设备离线后,将该离线成员设备及其端口从所述转发设备集群存活的成员设备中删除;及对所述转发设备集群存活的每一成员设备,如果该成员设备的流表有出端口连接到该离线成员设备,将该成员设备的流表中连接到该离线成员设备的出端口删除,将更新后的该流表重新下发给该成员设备;The offline processing module is configured to: after determining that a member device in the forwarding device cluster is offline, deleting the offline member device and its port from the member device surviving the forwarding device cluster; and surviving the forwarding device cluster If the member device's flow table has an egress port connected to the offline member device, the egress port of the member device's flow table connected to the offline member device is deleted, and the updated flow table is re-updated. Issued to the member device;
端口失效处理模块,设置为在确定作为出端口的一虚拟端口的状态变为非活动后,将该虚拟端口对应的实体端口从相应流表的出端口中删除;及,对删除后有出端口的每一流表,将更新后的该流表重新下发给对应的成员设备;对删除后无出端口的每一流表,将该流表对应的成员设备上连接到所述第一成员设备的实体端口新增为该流表的出端口,将更新后的该流表重新下发给对应的成员设备;The port failure processing module is configured to delete the physical port corresponding to the virtual port from the egress port of the corresponding flow table after determining that the status of the virtual port as the egress port becomes inactive; and For each flow table, the updated flow table is re-sent to the corresponding member device; for each flow table that has no outgoing port after the deletion, the member device corresponding to the flow table is connected to the first member device. The physical port is added to the egress port of the flow table, and the updated flow table is re-delivered to the corresponding member device.
通信故障处理模块,设置为在确定一成员设备连接到一所述第一成员设备的实体端口或所述实体端口对应的链路失效后,将该成员设备的流表中作为出端口的所述实体端口更新为连接到另一所述第一成员设备的实体端口,将更新后的该流表重新下发给该成员设备;The communication fault processing module is configured to: after determining that the physical port of the member device is connected to the first member device or the link corresponding to the physical port is invalid, the flow table of the member device is used as the out port The physical port is updated to be connected to the physical port of the other first member device, and the updated flow table is resent to the member device;
集群分裂处理模块,设置为在确定所述转发设备集群处于分裂状态后,记录处于 非活动状态的虚拟端口和所述成员设备之间的互联端口,以及失效的所述成员设备之间的链路,并禁用所述成员设备上的联动端口;及,对所述虚拟转发设备重新进行路径决策,根据路径决策的结果得到所述成员设备的流表并下发给所述成员设备;The cluster split processing module is configured to: after determining that the forwarding device cluster is in a split state, the record is in An interconnection port between the inactive virtual port and the member device, and a link between the failed member devices, and disabling the linkage port on the member device; and restarting the virtual forwarding device Performing a path decision, and obtaining a flow table of the member device according to the result of the path decision and delivering the flow table to the member device;
成员加入处理模块,所述SDN控制器确定有一成员设备加入所述转发设备集群后,根据所述路径决策的结果得到该成员设备的流表并下发给该成员设备,并在该成员设备具有与所述虚拟端口对应的实体端口时,按照所述转发设备集群新的拓扑对原有成员设备的流表进行更新并下发给相应的成员设备。The member joins the processing module, and the SDN controller determines that a member device joins the forwarding device cluster, obtains a flow table of the member device according to the result of the path decision, and sends the flow table to the member device, and has the member device The flow table of the original member device is updated and sent to the corresponding member device according to the new topology of the forwarding device cluster.
下面再用几个应用中的示例进行说明。The following is an example of several applications.
示例一Example one
本示例涉及集群的组建和配置。This example involves the formation and configuration of a cluster.
SDN控制器通过OpenFlow协议控制多台独立运行的转发设备,组成转发设备集群,对外呈现为一体化的逻辑设备。如图3所示,本示例中,集群由2台OpenFlow转发设备组成,标识为DPID 1和DPID 2,2台转发设备分别有编号为1、2、3、4、5、6的端口。The SDN controller controls multiple independent forwarding devices through the OpenFlow protocol to form a forwarding device cluster, which is presented as an integrated logical device. As shown in Figure 3, in this example, the cluster consists of two OpenFlow forwarding devices, identified as DPID 1 and DPID 2. The two forwarding devices have ports numbered 1, 2, 3, 4, 5, and 6, respectively.
转发设备集群的各个成员设备之间有互联的链路,即图1中DPID 1的端口3和DPID 2的端口3之间、DPID 1的端口4和DPID 2的端口4之间的链路,对集群外不可见。成员设备之间的链路可由管理员配置,不限制是否是直连的,SDN控制器通过链路探测或路径检测机制维护内部链路的状态。There are interconnected links between the member devices of the forwarding device cluster, that is, the link between port 3 of DPID 1 and port 3 of DPID 2, port 4 of DPID 1 and port 4 of DPID 2 in FIG. Not visible outside the cluster. The link between the member devices can be configured by the administrator. The SDN controller maintains the status of the internal link through link detection or path detection.
如图所示,转发设备集群呈现的虚拟转发设备对外暴露6个端口(图1中①、②、③、④、⑤、⑥),分为两类:As shown in the figure, the virtual forwarding device presented by the forwarding device cluster exposes six ports (1, 2, 3, 4, 5, and 6 in Figure 1) and is divided into two categories:
非捆绑端口(①、②、③、④):一个非捆绑端口直接对应组成集群的一个成员设备上对外(即面向集群外)的一个实体端口,如DPID1上的端口1、2,DPID2上的端口1、2。非捆绑端口通过非捆绑链路与邻居设备互联,端口状态直接对应实体端口的状态。Unbundled ports (1, 2, 3, 4): An unbundled port directly corresponds to a physical port on a member device that constitutes the cluster (that is, outside the cluster), such as port 1, 2, and DPID2 on DPID1. Port 1, 2. An unbundled port is interconnected with a neighbor device through an unbundled link. The port status directly corresponds to the state of the physical port.
捆绑端口(⑤、⑥):一个捆绑端口对应组成集群的一个或多个成员转发设备上对外的多个实体端口,如DPID 1上的端口5和DPID 2上的端口5捆绑组成端口⑤,DPID 1上的端口6和DPID 2上的端口6捆绑组成端口⑥;当其中任一实体端口状态为活动时,捆绑端口状态即为活动,所有端口状态均为非活动时,捆绑端口状态为非活动。捆绑端口过捆绑链路与邻居互联。邻居设备相应的端口也需捆绑,可静态配置或通过聚合协议协商产生。Bundle port (5, 6): A bundle port corresponds to one or more members of the cluster to forward multiple physical ports on the device. For example, port 5 on DPID 1 and port 5 on DPID 2 are bundled to form port 5, DPID. Port 6 on 1 and port 6 on DPID 2 are bundled to form port 6. When any of the physical port states is active, the bundled port status is active. When all port states are inactive, the bundled port status is inactive. . The bundled port is connected to the neighbor through the bundled link. The corresponding port of the neighboring device must also be bundled. It can be statically configured or negotiated through the aggregation protocol.
示例二:Example two:
本示例涉及对转发设备集群单播流量转发的控制。This example relates to the control of unicast traffic forwarding for a forwarding device cluster.
本示例SDN控制器通过OpenFlow协议下发转发表项,控制与转发设备集群相 关单播流量转发,包括:The SDN controller of this example delivers forwarding entries through the OpenFlow protocol to control and forward the device cluster. Off unicast traffic forwarding, including:
步骤一,SDN控制器将转发设备集群视为一个虚拟转发设备,根据网络拓扑情况进行路径决策,得到用于控制虚拟转发设备转发单播流量的单播流表;Step 1: The SDN controller regards the forwarding device cluster as a virtual forwarding device, and performs a path decision according to the network topology, and obtains a unicast flow table for controlling the virtual forwarding device to forward the unicast traffic.
步骤二,SDN控制器根据单播流表中作为出端口的虚拟端口对应的成员设备上的实体端口,对单播流表进行修改,得到各成员设备的流表并下发给各成员设备。Step 2: The SDN controller modifies the unicast flow table according to the physical port on the member device corresponding to the virtual port of the outbound port in the unicast flow table, and obtains the flow table of each member device and sends the flow table to each member device.
具体地,对一成员设备,可通过流表实现以下流量转发的控制:Specifically, for a member device, the following traffic forwarding control can be implemented through a flow table:
如流量可经本设备直接转发出去,即本设备具有与所述虚拟端口对应的实体端口(对应于上文中的第一成员设备,本设备上的实体端口可以对应于非捆绑端口,也可以对应于捆绑端口,如果一实体端口是一捆绑端口对应的多个实体端口中的一个,即可认为该实体端口对应于该捆绑端口)时,通过流表控制该成员设备将流量从本设备直接转发出去。If the traffic is forwarded directly through the device, the device has a physical port corresponding to the virtual port (corresponding to the first member device in the above, the physical port on the device may correspond to the unbundled port, and may also correspond to If the physical port is one of the plurality of physical ports corresponding to the bundled port, the physical port is controlled by the flow table to control the member device to forward the traffic directly from the device. Go out.
如流量需经集群其他成员设备迂回转发出去,即本设备不具有与所述虚拟端口对应的实体端口(对应于上文中的第二成员设备)时,通过流表控制该成员设备将流量先迂回到其它成员设备再转发出去。If the traffic needs to be sent back through the other member devices of the cluster, that is, if the device does not have a physical port corresponding to the virtual port (corresponding to the second member device in the above), the member device is controlled to flow back through the flow table. Forward to other member devices.
对于从虚拟转发设备的单播流表如何得到各成员设备的流表,上文中已有详细描述,这里不再赘述。成员设备收到流表后,可以从流表中的出端口组中选择一个作为实际的转发端口。For the unicast flow table of the virtual forwarding device, how to obtain the flow table of each member device is described in detail above, and details are not described herein again. After receiving the flow table, the member device can select one of the outbound port groups in the flow table as the actual forwarding port.
根据上述规则,按图3所示的集群拓扑进一步举例:According to the above rules, further examples are given according to the cluster topology shown in FIG. 3:
例1:虚拟出端口为①、⑤。Example 1: The virtual outgoing port is 1, 5.
DPID 1和DPID 2均可以直接转发流量,筛选以下端口作为向DPID 1和DPID 2下发的流表中的出端口:向DPID 1下发的流表的出端口为1、5,向DPID 2下发的流表的出端口为5。Both the DPID 1 and the DPID 2 can forward the traffic directly, and the following ports are selected as the egress port in the flow table delivered to the DPID 1 and the DPID 2: the egress port of the flow table delivered to the DPID 1 is 1, 5, and the DPID 2 The outgoing port of the delivered flow table is 5.
例2:虚拟出端口为①、②。Example 2: The virtual outgoing port is 1, 2.
DPID 1可以直接转发流量,按例1中方法确定出端口,向DPID 1下发的转发表的出端口为1、2。The DPID 1 can directly forward the traffic. The port is determined by the method in the example 1. The outgoing port of the forwarding table sent to DPID 1 is 1, 2.
DPID 2需要将流量转发给DPID 1迂回,可以本设备前往有可用出端口的成员设备的迂回链路所对应端口作为出端口,向DPID 2下发的流表的出端口为3、4。The DPID 2 needs to forward the traffic to the DPID 1 and the port corresponding to the bypass link of the member device with the available egress port as the egress port. The egress port of the flow table delivered to DPID 2 is 3 or 4.
示例三Example three
本示例涉及对转发设备集群广播或组播流量转发的控制。This example relates to the control of forwarding device cluster broadcast or multicast traffic forwarding.
本示例SDN控制器通过OpenFlow协议下发转发表项,控制与转发设备集群相关流量广播或组播转发,包括:The SDN controller of this example delivers forwarding entries through the OpenFlow protocol to control traffic broadcast or multicast forwarding related to the forwarding device cluster, including:
步骤一,SDN控制器将转发设备集群视为一个虚拟转发设备,根据网络拓扑情况进行路径决策,得到用于控制虚拟转发设备转发广播或组播流量的广播或组播流表;广播或组播时,需要从虚拟转发设备上的多个端口将报文转发出去。 Step 1: The SDN controller regards the forwarding device cluster as a virtual forwarding device, performs path decision according to the network topology, and obtains a broadcast or multicast flow table for controlling the virtual forwarding device to forward broadcast or multicast traffic; broadcast or multicast Packets need to be forwarded from multiple ports on the virtual forwarding device.
步骤二,SDN控制器根据广播或组播流表中作为出端口的虚拟端口对应的成员设备上的实体端口,对广播或组播流表进行修改,得到各成员设备的流表并下发给各成员设备。Step 2: The SDN controller modifies the broadcast or multicast flow table according to the physical port on the member device corresponding to the virtual port of the outbound port in the broadcast or multicast flow table, and obtains the flow table of each member device and delivers the flow table to each member device. Member equipment.
具体地,对一成员设备,可通过流表实现以下流量转发的控制:Specifically, for a member device, the following traffic forwarding control can be implemented through a flow table:
如流量可经本设备直接转发出去(即本设备为第一成员设备)时,对于从集群成员设备收到的报文,通过流表控制该成员设备将流量从本设备直接转发出去;对于从集群以外设备收到的报文,除了通过流表控制该成员设备将流量从本设备直接转发出去外,还通过流表控制该成员设备从本设备向其他第一成员设备转发,此处的其他第一成员设备上实体端口对应的虚拟端口中至少有一个不同于本设备上实体端口对应的虚拟端口。也就是说,如果另一个第一成员设备具有与本设备完全相同的捆绑端口,则可以不向该另一个第一成员设备转发。为了识别报文是从集群成员设备收到的,还是从集群以外设备收到的,可以在第二成员设备的流表中增加命令或动作,即在其转发的报文中打上表示报文来自集群内部的标志。同时给第一成员设备下发两个流表,在一个流表中增加该标记作为匹配项,如果匹配成功,即意味着是从成员设备收到的报文,没有匹配成功,再按另一个流表进行匹配处理。If the traffic is forwarded directly through the device (that is, the device is the first member device), the packets received from the cluster member devices are controlled by the flow table to forward the traffic directly from the device. The packets received by the device other than the cluster are forwarded through the flow table to control the member device to forward traffic from the device. The device also controls the member device to forward the device from the device to other first member devices. At least one of the virtual ports corresponding to the physical port on the first member device is different from the virtual port corresponding to the physical port on the device. That is, if another first member device has the same bundle port as the own device, it may not be forwarded to the other first member device. To identify whether the packet is received from the cluster member device or received from the device outside the cluster, you can add a command or action to the flow table of the second member device. The logo inside the cluster. At the same time, two flow tables are sent to the first member device, and the tag is added to the flow table as a match. If the match is successful, it means that the packet is received from the member device, and the match is successful. The flow table is matched.
如流量需经集群其他成员设备迂回转发出去(即本设备为第二成员设备)时,通过流表控制该成员设备将流量从本设备向第一成员设备转发,以将流量迂回到每一个所述虚拟端口再向外转发。捆绑端口的成员端口分布在多个转发设备的,以及一对设备间存在多条可用的内部链路的,控制器需要统一选取将哪些端口加入出端口列表,避免报文迂回后在多个成员端口输出。迂回时如何具体选择链路见上文的详细描述。并且,对于需要迂回的流量,在下发给第二成员设备的转发表中增加命令或动作以在转发的报文中打上表示报文来自集群内部的标志,如通过添加VLAN标签、隧道标识等方式打上标志,用于后续设备识别,确定后续的转发动作。If the traffic needs to be sent out by other member devices of the cluster (that is, the device is the second member device), the member device is controlled by the flow table to forward the traffic from the device to the first member device, so that the traffic is returned to each device. The virtual port is forwarded again. A member port of a bundled port is distributed among multiple forwarding devices, and multiple internal links are available between a pair of devices. The controller needs to select which ports to join the outbound port list to prevent multiple packets from being sent back. Port output. See the detailed description above for how to specifically select the link when detouring. In addition, for the traffic that needs to be bypassed, a command or an action is added to the forwarding table that is sent to the second member device, and the flag indicating that the packet is from the cluster is added to the forwarded packet, for example, by adding a VLAN tag or a tunnel identifier. Mark the flag for subsequent device identification and determine subsequent forwarding actions.
对于从虚拟转发设备的广播或组播流表如何得到各成员设备的流表,上文中已有详细描述,这里不再赘述。For the flow table of each member device obtained from the broadcast or multicast flow table of the virtual forwarding device, it has been described in detail above, and details are not described herein again.
根据上述规则,按图3中的所示的集群拓扑进一步举例:According to the above rules, further examples are given according to the cluster topology shown in FIG. 3:
例:虚拟出端口为①、⑤;Example: The virtual outgoing port is 1, 5;
向DPID 1下发2个流表(也可称为转发表项),一个流表在原有匹配项的基础增加用于识别从DPID 2收到的报文的匹配项,出端口为1,另一个流表的出端口为1、5。A flow table is sent to the DPID 1 (also referred to as a forwarding entry). A flow table adds a matching item for identifying the packet received from the DPID 2 on the basis of the original matching item, and the egress port is 1, and the other port is 1. The outbound port of a flow table is 1, 5.
在DPID 2上下发1个转发表项,出端口为5,3。但对于从DPID 1发来的报文,直接丢弃,即不将接收报文的链路作为迂回链路。One forwarding entry is sent to and from the DPID 2, and the egress port is 5, 3. However, the packet sent from the DPID 1 is directly discarded, that is, the link that receives the packet is not used as the bypass link.
示例四Example four
本示例涉及集群成员设备发生故障离线时,SDN控制器通过更新存活设备上的 流表,使流量恢复正常转发的方法,包括:This example involves the SDN controller updating the surviving device when the cluster member device fails offline. A flow table that restores traffic to normal forwarding, including:
步骤一,SDN控制器检测到转发设备集群中的某个成员设备已离线;Step 1: The SDN controller detects that a member device in the forwarding device cluster is offline.
步骤二,SDN控制器维护转发设备集群的状态,将离线设备及相关的端口从集群中剔除;Step 2: The SDN controller maintains the state of the forwarding device cluster, and removes the offline device and related ports from the cluster;
步骤三,集群其他存活成员设备收到的流量原来经该离线设备迂回转发的,需要选取其他可用迂回路径。因此,SDN控制器更新这些设备的流表,即原有出端口连接所述离线设备的应予以删除,仅保留前往其他可迂回设备的出端口。Step 3: If the traffic received by other surviving member devices in the cluster is originally forwarded by the offline device, you need to select other available bypass paths. Therefore, the SDN controller updates the flow table of these devices, that is, the original outgoing port connected to the offline device should be deleted, and only the outgoing port to other retractable devices is reserved.
示例五Example five
本示例涉及集群成员设备上对外端口的状态变更为非活动时,SDN控制器通过更新存活设备上的表项,使流量恢复正常转发的方法,包括:In this example, when the status of the external port on the member device of the cluster is changed to inactive, the SDN controller restores the normal forwarding of the traffic by updating the entries on the surviving device, including:
步骤一,转发设备上报,或者SDN控制器检测到集群成员上某一端口状态变更为非活动;Step 1: The forwarding device reports, or the SDN controller detects that the status of a port on the cluster member is changed to inactive.
步骤二,SDN控制器将该端口从受影响的流表中删除,即更新流表:Step 2: The SDN controller deletes the port from the affected flow table, that is, updates the flow table:
对于该端口所在成员设备,将该端口从该成员设备的流表的出端口中删除,删除后无可用端口的成员设备,流量需经其他设备迂回,则增加本设备前往可迂回设备的端口作为出端口;If the member device of the port is removed from the egress port of the member device, the device does not have any member ports of the port. If the device needs to be bypassed by other devices, the device is added to the port of the device. Out port
对于其他成员设备,原来迂回后经该端口转发的,修改迂回路径,将该端口从其流表的出端口中剔除,保留前往其他可迂回设备的出端口。For other member devices, the original forwarding path is forwarded through the port. The bypass path is modified, and the port is removed from the outbound port of the flow table, and the outgoing port of the other switchable device is reserved.
示例六Example six
本示例涉及集群内部链路发生中断时,SDN控制器通过更新存活设备上的表项,使流量恢复正常转发的方法,包括:In this example, when the internal link of the cluster is interrupted, the SDN controller restores the normal forwarding of the traffic by updating the entries on the surviving device, including:
步骤一,转发设备上报或者控制器检测到集群成员上连接其他成员的某端口变更为非活动,或者控制器检测到集群内部路径失效;Step 1: The forwarding device reports or the controller detects that a port connected to other members on the cluster member is changed to inactive, or the controller detects that the internal path of the cluster is invalid.
步骤二,对于需要经过该端口或链路迂回转发的成员设备,修改其流表中的出端口,改从其他链路迂回。Step 2: For the member devices that need to be forwarded through the port or link, modify the egress port in the flow table and switch back from other links.
示例七Example seven
本示例涉及集群内部链路故障和捆绑端口成员状态变更为非活动的叠加故障场景,SDN控制器通过执行端口联动策略,禁用设备上部分端口,触发路径重计算并恢复正常转发,包括:This example involves the internal link failure of the cluster and the change of the status of the bundled port member to the inactive superimposed fault scenario. The SDN controller disables the port on the device by performing the port linkage policy, triggers the path recalculation and resumes normal forwarding, including:
步骤一,SDN控制器判断集群已处于分裂状态;Step one, the SDN controller determines that the cluster is in a split state;
根据转发设备上报或者控制器检测到捆绑端口成员状态变更为非活动;或者捆绑端口成员已处于非活动状态,转发设备上报或者控制器检测到集群设备间互联端口状 态变更为非活动等,SDN控制器可以判断集群是否处于分裂状态,即变为互不相联的多个部分。If the status of the bundled port member is changed to inactive, or the member of the bundled port is inactive, the forwarding device reports or the controller detects the inter-cluster port connectivity. The state changes to inactive, etc., and the SDN controller can determine whether the cluster is in a split state, that is, become multiple parts that are not connected to each other.
步骤二,SDN控制器根据联动策略禁用设备上的联动端口;联动端口如包括在某一端口失效后,也应关闭的端口。Step 2: The SDN controller disables the linkage port on the device according to the linkage policy; if the linkage port includes a port that should be closed after a port fails.
步骤三,SDN控制器根据当前的集群拓扑重新计算路径,下发转发表,使流量经集群其他成员设备和捆绑端口其他成员端口转发。Step 3: The SDN controller recalculates the path according to the current cluster topology, and delivers the forwarding table, so that the traffic is forwarded through other member devices of the cluster and other member ports of the bundled port.
示例八:Example eight:
本示例涉及集群部分成员已处于正常工作状态,故障成员恢复或者新成员设备加入,SDN控制器将设备加入集群,使流量可经该设备转发的方法,包括:This example involves a method in which a member of the cluster is in a normal working state, a faulty member is restored, or a new member device is added, and the SDN controller joins the device to the cluster to enable traffic to be forwarded by the device, including:
步骤一,集群成员设备与控制器建立连接,完成初始化,SDN控制器将设备加入集群,维护相关状态;Step 1: The cluster member device establishes a connection with the controller and completes initialization, and the SDN controller joins the device to the cluster to maintain the related state.
步骤二,SDN控制器为新加入设备生成下发的表项,并根据新的集群拓扑更新其他设备的流表;Step 2: The SDN controller generates a delivered entry for the newly added device, and updates the flow table of the other device according to the new cluster topology.
步骤三,下发流表,可以正常使用该新加入的设备。Step 3: The flow meter is sent, and the newly added device can be used normally.
上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明实施例的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的控制器。The serial numbers of the embodiments of the present invention are merely for the description, and do not represent the advantages and disadvantages of the embodiments. Through the description of the above embodiments, those skilled in the art can clearly understand that the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better. Implementation. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic). The disc, the optical disc, includes a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to execute the controllers described in various embodiments of the present invention.
上述路径决策模块、流表生成模块、流表下发模块等模块可包括加载到服务器或相关设备上的软件及/或与相关硬件的结合或交互,例如,路径决策模块可包括对应的逻辑电路,或包括服务器系统中相应的程序。上述各模块可以是同一软件系统中的各功能模块,也可能分属不同的软件/操作系统。The modules such as the path decision module, the flow table generation module, and the flow table delivery module may include software loaded on a server or related device and/or combined or interacted with related hardware. For example, the path decision module may include a corresponding logic circuit. Or include the corresponding program in the server system. Each of the above modules may be each functional module in the same software system, or may belong to different software/operating systems.
以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above are only the preferred embodiments of the present invention, and are not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformations made by the description of the present invention and the drawings are directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of the present invention.
工作实用性Practicality of work
本发明适用于软件定义网络领域,用以在成员设备之间无需运行私有协议的情况下实现异厂家互通,且成员设备与控制器的链路维护无需特别处理,比较简单。 The invention is applicable to the field of the software-defined network, and is used for inter-communication between the member devices without running a proprietary protocol, and the link maintenance of the member device and the controller does not need special processing, and is relatively simple.

Claims (24)

  1. 一种软件定义网络中控制转发设备集群的方法,包括:A method for controlling a cluster of forwarding devices in a software-defined network, comprising:
    软件定义网络SDN控制器将转发设备集群视为单一的虚拟转发设备进行路径决策,其中,所述转发设备集群包括多台独立运行的成员设备;The software-defined network SDN controller treats the forwarding device cluster as a single virtual forwarding device for path decision, wherein the forwarding device cluster includes multiple independently running member devices;
    所述SDN控制器根据路径决策的结果得到所述成员设备的流表并下发给所述成员设备,通过流表控制所述成员设备之间及所述成员设备向外的流量转发。And the SDN controller obtains the flow table of the member device according to the result of the path decision, and sends the flow table to the member device, and controls the outgoing traffic of the member device and the member device by using the flow table.
  2. 如权利要求1所述的方法,其中:The method of claim 1 wherein:
    所述路径决策包括:确定所述虚拟转发设备向外转发流量的作为出端口的虚拟端口,所述虚拟端口包括非捆绑端口和/或捆绑端口,其中:The path decision includes: determining a virtual port that is an outbound port that forwards the traffic to the virtual forwarding device, where the virtual port includes an unbundled port and/or a bundle port, where:
    每一非捆绑端口对应于一个成员设备上对外的一实体端口;Each unbundled port corresponds to a physical port on a member device;
    每一捆绑端口对应于一个或多个成员设备上对外的多个实体端口。Each bundle port corresponds to multiple external physical ports on one or more member devices.
  3. 如权利要求2所述的方法,其中:The method of claim 2 wherein:
    所述流量转发为单播流量转发时,所述SDN控制器通过流表控制所述成员设备之间及所述成员设备向外的流量转发,包括:When the traffic forwarding is unicast traffic forwarding, the SDN controller controls the outgoing traffic forwarding between the member devices and the member device by using a flow table, including:
    通过流表控制第一成员设备将流量从本设备直接向外转发,控制第二成员设备将流量从本设备向至少一个所述第一成员设备转发;其中,所述第一成员设备指具有与所述虚拟端口对应的实体端口的成员设备,所述第二成员设备指不具有与所述虚拟端口对应的实体端口的成员设备。Controlling, by the flow meter, the first member device forwards the traffic directly from the device, and controls the second member device to forward the traffic from the device to the at least one first member device; wherein the first member device refers to A member device of the physical port corresponding to the virtual port, where the second member device refers to a member device that does not have a physical port corresponding to the virtual port.
  4. 如权利要求3所述的方法,其中:The method of claim 3 wherein:
    所述流量转发为单播流量转发时,所述SDN控制器根据路径决策的结果得到所述成员设备的流表,包括:When the traffic is forwarded to the unicast traffic, the SDN controller obtains the flow table of the member device according to the result of the path decision, including:
    根据路径决策的结果生成所述虚拟转发设备的单播流表,所述单播流表包含作为出端口的所述虚拟端口;再针对每一所述成员设备,对所述单播流表进行修改,得到该成员设备的流表;Generating, according to the result of the path decision, the unicast flow table of the virtual forwarding device, where the unicast flow table includes the virtual port as an egress port; and for each of the member devices, performing the unicast flow table Modify to get the flow table of the member device;
    其中,针对每一所述第一成员设备,所述修改包括:将出端口替换为该第一成员设备上与所述虚拟端口对应的实体端口;针对每一所述第二成员设备,所述修改包括:将出端口替换为该第二成员设备上设置为第一迂回链路的实体端口,所述第一迂回链路是该第二成员设备到所述第一成员设备的链路。For each of the first member devices, the modification includes: replacing the egress port with a physical port corresponding to the virtual port on the first member device; The modification includes: replacing the egress port with the physical port set as the first bypass link on the second member device, where the first bypass link is the link of the second member device to the first member device.
  5. 如权利要求3所述的方法,其中:The method of claim 3 wherein:
    所述流量转发为单播流量转发时,所述SDN控制器根据路径决策的结果得到所述成员设备的流表并下发给所述成员设备之后,还包括:The SDN controller obtains the flow table of the member device according to the result of the path decision and sends the flow table to the member device according to the result of the path decision, and further includes:
    在下发的流表中包括一个作为出端口的实体端口时,所述成员设备从该实体端口转发流量;When the delivered flow table includes a physical port as an egress port, the member device forwards traffic from the physical port;
    在下发的流表中包括多个作为出端口的实体端口时,所述成员设备从所述多个实体端口中选择一个实体端口转发流量。 When a plurality of physical ports that are outbound ports are included in the delivered flow table, the member device selects one of the multiple physical ports to forward traffic.
  6. 如权利要求2所述的方法,其中:The method of claim 2 wherein:
    所述流量转发为广播或组播流量转发时,所述SDN控制器通过流表控制所述成员设备之间及所述成员设备向外的流量转发,包括:When the traffic forwarding is broadcast or multicast traffic forwarding, the SDN controller controls the outbound traffic forwarding between the member devices and the member device by using a flow table, including:
    对每一个第一成员设备,通过流表控制该第一成员设备将流量从该第一成员设备直接向外转发,且对于来自所述转发设备集群外部的流量,还控制该第一成员设备将流量从该第一成员设备向满足以下条件的其他第一成员设备转发:实体端口对应的虚拟端口中至少有一个不同于该第一成员设备上实体端口对应的虚拟端口;For each first member device, the first member device is controlled to directly forward the traffic from the first member device by using a flow table, and for the traffic from outside the cluster of the forwarding device, the first member device is also controlled. The traffic is forwarded from the first member device to the other first member device that meets the following conditions: at least one of the virtual ports corresponding to the physical port is different from the virtual port corresponding to the physical port on the first member device;
    对每一个第二成员设备,通过流表控制该第二成员设备将流量从该第二成员设备向所述转发设备集群中的第一成员设备转发,以将流量迂回到每一个所述虚拟端口再向外转发;For each second member device, the second member device is controlled by the flow table to forward traffic from the second member device to the first member device in the forwarding device cluster to switch traffic back to each of the virtual ports. Forward again;
    其中,所述第一成员设备指具有与所述虚拟端口对应的实体端口的成员设备,所述第二成员设备指不具有与所述虚拟端口对应的实体端口的成员设备。The first member device refers to a member device that has a physical port corresponding to the virtual port, and the second member device refers to a member device that does not have a physical port corresponding to the virtual port.
  7. 如权利要求6所述的方法,其中:The method of claim 6 wherein:
    所述流量转发为广播或组播流量转发时,所述SDN控制器根据路径决策的结果得到所述成员设备的流表,包括:When the traffic forwarding is broadcast or multicast traffic forwarding, the SDN controller obtains a flow table of the member device according to the result of the path decision, including:
    根据路径决策的结果生成所述虚拟转发设备的广播或组播流表,所述广播或组播流表包含作为出端口的所述虚拟端口;针对每一所述第一成员设备,对所述广播或组播流表进行第一修改和第二修改,分别得到该第一成员设备的第一流表和第二流表;Generating, according to the result of the path decision, a broadcast or multicast flow table of the virtual forwarding device, where the broadcast or multicast flow table includes the virtual port as an egress port; for each of the first member devices, The first modification and the second modification are performed on the broadcast or multicast flow table, and the first flow table and the second flow table of the first member device are respectively obtained;
    其中,所述第一修改包括:将表示报文来自集群内部的标志作为新增的匹配项,将出端口替换为该成员设备上与所述虚拟端口对应的实体端口;所述第二修改包括:将出端口替换为该成员设备上与所述虚拟端口对应的实体端口及设置为第二迂回链路的实体端口,所述第二迂回链路是该第一成员设备到所述其他第一成员设备的链路。The first modification includes: replacing the flag indicating that the packet is from the inside of the cluster as a new matching entry, and replacing the egress port with the physical port corresponding to the virtual port on the member device; the second modification includes Replacing the egress port with the physical port corresponding to the virtual port and the physical port set as the second bypass link on the member device, where the second bypass link is the first member device to the other first The link of the member device.
  8. 如权利要求6或7所述的方法,其中:The method of claim 6 or 7, wherein:
    所述流量转发为广播或组播流量转发时,所述SDN控制器根据路径决策的结果得到所述成员设备的流表,包括:When the traffic forwarding is broadcast or multicast traffic forwarding, the SDN controller obtains a flow table of the member device according to the result of the path decision, including:
    根据路径决策的结果生成所述虚拟转发设备的广播或组播流表,所述广播或组播流表包含作为出端口的所述虚拟端口;针对每一个所述第二成员设备,对所述广播或组播流表进行第三修改,得到该第二成员设备的流表;Generating, according to the result of the path decision, a broadcast or multicast flow table of the virtual forwarding device, where the broadcast or multicast flow table includes the virtual port as an egress port; for each of the second member devices, Performing a third modification to the broadcast or multicast flow table to obtain a flow table of the second member device;
    其中所述第三修改包括:将出端口替换为该第二成员设备上设置为第三迂回链路的实体端口,及增加命令或动作以在报文中打上表示报文来自集群内部的标志;所述第三迂回链路是该第二成员设备到所述第一成员设备的链路。The third modification includes: replacing the egress port with the physical port set as the third bypass link on the second member device, and adding a command or an action to mark the packet with a flag indicating that the packet is from the inside of the cluster; The third bypass link is a link of the second member device to the first member device.
  9. 如权利要求8所述的方法,其中:The method of claim 8 wherein:
    所述第三迂回链路包括除接收流量的链路之外的,该第二成员设备到满足以下 条件一和条件二的第一成员设备的链路,以及按以下方式一选择的第一成员设备的链路:The third bypass link includes, in addition to the link receiving the traffic, the second member device meets the following The link of the first member device of condition one and condition two, and the link of the first member device selected in the following manner:
    条件一,该成员设备上实体端口对应的虚拟端口包括非捆绑端口;Condition 1, the virtual port corresponding to the physical port on the member device includes an unbundled port;
    条件二,该成员设备上实体端口对应的虚拟端口包括第一捆绑端口,所述第一捆绑端口指对应于一个成员设备上多个实体端口的捆绑端口;Condition 2: the virtual port corresponding to the physical port on the member device includes a first bundle port, and the first bundle port refers to a bundle port corresponding to multiple physical ports on one member device;
    方式一,从实体端口对应的虚拟端口均为第二捆绑端口且对应的所述第二捆绑端口相同的多个第一成员设备中,选择一个第一成员设备,其中,所述第二捆绑端口指对应于多个成员设备上多个实体端口的捆绑端口。In a first mode, the first member device is selected from the first member devices in which the virtual port corresponding to the physical port is the second bundle port and the corresponding second bundle port is the same, and the second bundle port is selected. A bundle port that corresponds to multiple physical ports on multiple member devices.
  10. 如权利要求5或9所述的方法,其中:A method as claimed in claim 5 or claim 9, wherein:
    所述选择依据以下一种或多种策略进行:The selection is based on one or more of the following strategies:
    负载均衡策略;Load balancing strategy;
    优先级策略;Priority strategy
    随机选择策略。Randomly choose a strategy.
  11. 如权利要求3-7、9中任一所述的方法,其中:A method as claimed in any one of claims 3-7, wherein:
    所述SDN控制器将流表下发给所述成员设备后,还包括:After the SDN controller sends the flow table to the member device, the SDN controller further includes:
    所述SDN控制器确定所述转发设备集群中的一成员设备离线后,将该离线成员设备及其端口从所述转发设备集群存活的成员设备中删除;After the SDN controller determines that a member device in the forwarding device cluster is offline, the offline member device and its port are deleted from the member device in which the forwarding device cluster survives;
    对所述转发设备集群存活的每一成员设备,如果该成员设备的流表有出端口连接到该离线成员设备,将该成员设备的流表中连接到该离线成员设备的出端口删除,将更新后的该流表重新下发给该成员设备。If the member device of the forwarding device has an outgoing port connected to the offline member device, the member device's flow table is deleted from the outbound port of the offline member device. The updated flow table is delivered to the member device.
  12. 如权利要求3-7、9中任一所述的方法,其中:A method as claimed in any one of claims 3-7, wherein:
    所述SDN控制器将流表下发给所述成员设备后,还包括:After the SDN controller sends the flow table to the member device, the SDN controller further includes:
    所述SDN控制器确定作为出端口的一虚拟端口的状态变为非活动后,将该虚拟端口对应的实体端口从相应流表的出端口中删除;After the SDN controller determines that the status of a virtual port as the egress port becomes inactive, the physical port corresponding to the virtual port is deleted from the egress port of the corresponding flow table;
    对删除后有出端口的每一流表,将更新后的该流表重新下发给对应的成员设备;After the flow table is deleted, the updated flow table is sent to the corresponding member device.
    对删除后无出端口的每一流表,将该流表对应的成员设备上连接到所述第一成员设备的实体端口新增为该流表的出端口,将更新后的该流表重新下发给对应的成员设备。For each flow table that has no outgoing port after the deletion, the physical port connected to the first member device of the member device corresponding to the flow table is added as the egress port of the flow table, and the updated flow table is re-opened. Send to the corresponding member device.
  13. 如权利要求3-7、9中任一所述的方法,其中:A method as claimed in any one of claims 3-7, wherein:
    所述SDN控制器将流表下发给所述成员设备后,还包括:After the SDN controller sends the flow table to the member device, the SDN controller further includes:
    所述SDN控制器确定一成员设备连接到一所述第一成员设备的实体端口或所述实体端口对应的链路失效后,将该成员设备的流表中作为出端口的所述实体端口更新为连接到另一所述第一成员设备的实体端口,将更新后的该流表重新下发给该成员设备。After the SDN controller determines that a member device is connected to the physical port of the first member device or the link corresponding to the physical port is invalid, the physical port of the member device is updated as the physical port of the egress port. The updated flow table is resent to the member device for connecting to the physical port of the other first member device.
  14. 如权利要求3-7、9中任一所述的方法,其中: A method as claimed in any one of claims 3-7, wherein:
    所述SDN控制器确定所述转发设备集群处于分裂状态后,记录处于非活动状态的虚拟端口和所述成员设备之间的互联端口,以及失效的所述成员设备之间的链路,并禁用所述成员设备上的联动端口;After the SDN controller determines that the forwarding device cluster is in a split state, records an interconnection port between the inactive virtual port and the member device, and a link between the failed member devices, and disables a linkage port on the member device;
    所述SDN控制器对所述虚拟转发设备重新进行路径决策,根据路径决策的结果得到所述成员设备的流表并下发给所述成员设备。The SDN controller re-routes the virtual forwarding device, and obtains a flow table of the member device according to the result of the path decision, and sends the flow table to the member device.
  15. 如权利要求3-7、9中任一所述的方法,其中:A method as claimed in any one of claims 3-7, wherein:
    所述SDN控制器将流表下发给所述成员设备后,还包括:After the SDN controller sends the flow table to the member device, the SDN controller further includes:
    所述SDN控制器确定有一成员设备加入所述转发设备集群后,根据所述路径决策的结果得到该成员设备的流表并下发给该成员设备,并在该成员设备具有与所述虚拟端口对应的实体端口时,按照所述转发设备集群新的拓扑对原有成员设备的流表进行更新并下发给相应的成员设备。After the SDN controller determines that a member device joins the forwarding device cluster, the flow table of the member device is obtained according to the result of the path decision, and is sent to the member device, and the member device has the virtual port. The flow table of the original member device is updated and sent to the corresponding member device according to the new topology of the forwarding device cluster.
  16. 一种软件定义网络中的控制器,其中,包括集群控制装置,所述集群控制装置包括:A controller in a software-defined network, comprising a cluster control device, the cluster control device comprising:
    路径决策模块,设置为将转发设备集群视为单一的虚拟转发设备进行路径决策,其中,所述转发设备集群包括多台独立运行的成员设备;The path decision module is configured to perform the path decision by using the forwarding device cluster as a single virtual forwarding device, where the forwarding device cluster includes multiple independent running member devices;
    流表生成模块,设置为根据路径决策的结果得到所述成员设备的流表,通过流表控制所述成员设备之间及所述成员设备向外的流量转发;The flow table generating module is configured to obtain a flow table of the member device according to the result of the path decision, and control, by using the flow table, the outward flow of traffic between the member devices and the member device;
    流表下发模块,设置为将所述成员设备的流表下发给所述成员设备。The flow table sending module is configured to send the flow table of the member device to the member device.
  17. 如权利要求16所述的控制器,其中:The controller of claim 16 wherein:
    所述路径决策模块进行路径决策,包括:确定所述虚拟转发设备向外转发流量的作为出端口的虚拟端口,所述虚拟端口包括非捆绑端口和/或捆绑端口,其中:每一非捆绑端口对应于一个成员设备上对外的一实体端口;每一捆绑端口对应于一个或多个成员设备上对外的多个实体端口。The path decision module performs path decision, including: determining a virtual port that is an outbound port that forwards the traffic to the virtual forwarding device, where the virtual port includes an unbundled port and/or a bundle port, where: each unbundled port Corresponding to a physical port on a member device; each bundle port corresponds to multiple external physical ports on one or more member devices.
  18. 如权利要求17所述的控制器,其中:The controller of claim 17 wherein:
    所述流表生成模块通过流表控制所述成员设备之间及所述成员设备向外的流量转发,包括:所述流量转发为单播流量转发时,通过流表控制第一成员设备将流量从本设备直接向外转发,控制第二成员设备将流量从本设备向至少一个所述第一成员设备转发;其中,所述第一成员设备指具有与所述虚拟端口对应的实体端口的成员设备,所述第二成员设备指不具有与所述虚拟端口对应的实体端口的成员设备。The flow table generating module controls, by the flow table, the traffic forwarding between the member devices and the member device, including: when the traffic forwarding is unicast traffic forwarding, the first member device controls the traffic through the flow table. Forwarding directly from the device to control the second member device to forward traffic from the device to the at least one first member device; wherein the first member device refers to a member that has a physical port corresponding to the virtual port The device, the second member device refers to a member device that does not have a physical port corresponding to the virtual port.
  19. 如权利要求18所述的控制器,其中:The controller of claim 18 wherein:
    所述流表生成模块根据路径决策的结果得到所述成员设备的流表,包括:所述流量转发为单播流量转发时,根据路径决策的结果生成所述虚拟转发设备的单播流表,所述单播流表包含作为出端口的所述虚拟端口;再针对每一所述成员设备,对所述单播流表进行修改,得到该成员设备的流表;The flow table generating module obtains the flow table of the member device according to the result of the path decision, and includes: when the traffic forwarding is unicast traffic forwarding, generating a unicast flow table of the virtual forwarding device according to the result of the path decision, The unicast flow table includes the virtual port as an egress port; and the unicast flow table is modified for each member device to obtain a flow table of the member device;
    其中,针对每一所述第一成员设备,所述修改包括:将出端口替换为该第一成 员设备上与所述虚拟端口对应的实体端口;针对每一所述第二成员设备,所述修改包括:将出端口替换为该第二成员设备上设置为第一迂回链路的实体端口,所述第一迂回链路是该第二成员设备到所述第一成员设备的链路。The modification includes: replacing the egress port with the first component for each of the first member devices The physical port corresponding to the virtual port on the member device; the modification includes: replacing the egress port with the physical port set as the first bypass link on the second member device, The first bypass link is a link of the second member device to the first member device.
  20. 如权利要求17所述的控制器,其中:The controller of claim 17 wherein:
    所述流表生成模块通过流表控制所述成员设备之间及所述成员设备向外的流量转发,包括:所述流量转发为广播或组播流量转发时,对每一个第一成员设备,通过流表控制该第一成员设备将流量从该第一成员设备直接向外转发,且对于来自所述转发设备集群外部的流量,还控制该第一成员设备将流量从该第一成员设备向满足以下条件的其他第一成员设备转发:实体端口对应的虚拟端口中至少有一个不同于该第一成员设备上实体端口对应的虚拟端口;及,对每一个第二成员设备,通过流表控制该第二成员设备将流量从该第二成员设备向所述转发设备集群中的第一成员设备转发,以将流量迂回到每一个所述虚拟端口再向外转发;其中,所述第一成员设备指具有与所述虚拟端口对应的实体端口的成员设备,所述第二成员设备指不具有与所述虚拟端口对应的实体端口的成员设备。The flow table generating module controls the outbound traffic forwarding between the member devices and the member device by using the flow table, including: when the traffic forwarding is broadcast or multicast traffic forwarding, for each first member device, And controlling, by the flow table, the first member device to directly forward the traffic from the first member device, and controlling, by the first member device, the traffic from the first member device to the traffic from the outside of the forwarding device cluster The first member device that meets the following conditions is forwarded: at least one of the virtual ports corresponding to the physical port is different from the virtual port corresponding to the physical port on the first member device; and, for each second member device, is controlled by the flow table. The second member device forwards traffic from the second member device to the first member device in the forwarding device cluster to forward the traffic back to each of the virtual ports and forwards the traffic to the virtual port; wherein the first member The device refers to a member device that has a physical port corresponding to the virtual port, and the second member device does not have a corresponding device corresponding to the virtual port. Member entity device port.
  21. 如权利要求20所述的控制器,其中:The controller of claim 20 wherein:
    所述流表生成模块根据路径决策的结果得到所述成员设备的流表,包括:所述流量转发为广播或组播流量转发时,根据路径决策的结果生成所述虚拟转发设备的广播或组播流表,所述广播或组播流表包含作为出端口的所述虚拟端口;针对每一所述第一成员设备,对所述广播或组播流表进行第一修改和第二修改,分别得到该第一成员设备的第一流表和第二流表;The flow table generating module obtains the flow table of the member device according to the result of the path decision, and includes: when the traffic forwarding is broadcast or multicast traffic forwarding, generating a broadcast or group of the virtual forwarding device according to the result of the path decision a broadcast flow table, where the broadcast or multicast flow table includes the virtual port as an egress port; and for each of the first member devices, perform a first modification and a second modification on the broadcast or multicast flow table, Obtaining a first flow table and a second flow table of the first member device respectively;
    其中,所述第一修改包括:将表示报文来自集群内部的标志作为新增的匹配项,将出端口替换为该成员设备上与所述虚拟端口对应的实体端口;所述第二修改包括:将出端口替换为该成员设备上与所述虚拟端口对应的实体端口及设置为第二迂回链路的实体端口,所述第二迂回链路是该第一成员设备到所述其他第一成员设备的链路。The first modification includes: replacing the flag indicating that the packet is from the inside of the cluster as a new matching entry, and replacing the egress port with the physical port corresponding to the virtual port on the member device; the second modification includes Replacing the egress port with the physical port corresponding to the virtual port and the physical port set as the second bypass link on the member device, where the second bypass link is the first member device to the other first The link of the member device.
  22. 如权利要求20或21所述的控制器,其中:A controller according to claim 20 or 21 wherein:
    所述流表生成模块根据路径决策的结果得到所述成员设备的流表,包括:所述流量转发为广播或组播流量转发时,根据路径决策的结果生成所述虚拟转发设备的广播或组播流表,所述广播或组播流表包含作为出端口的所述虚拟端口;针对每一个所述第二成员设备,对所述广播或组播流表进行第三修改,得到该第二成员设备的流表;The flow table generating module obtains the flow table of the member device according to the result of the path decision, and includes: when the traffic forwarding is broadcast or multicast traffic forwarding, generating a broadcast or group of the virtual forwarding device according to the result of the path decision a broadcast flow table, the broadcast or multicast flow table includes the virtual port as an egress port; for each of the second member devices, performing a third modification on the broadcast or multicast flow table to obtain the second a flow table of member devices;
    其中所述第三修改包括:将出端口替换为该第二成员设备上设置为第三迂回链路的实体端口,及增加命令或动作以在报文中打上表示报文来自集群内部的标志;所述第三迂回链路是该第二成员设备到所述第一成员设备的链路。The third modification includes: replacing the egress port with the physical port set as the third bypass link on the second member device, and adding a command or an action to mark the packet with a flag indicating that the packet is from the inside of the cluster; The third bypass link is a link of the second member device to the first member device.
  23. 如权利要求22所述的控制器,其中: The controller of claim 22 wherein:
    所述第三迂回链路包括除接收流量的链路之外的,该第二成员设备到满足以下条件一和条件二的第一成员设备的链路,以及按以下方式一选择的第一成员设备的链路:The third bypass link includes a link of the second member device to the first member device that satisfies the following condition 1 and condition 2, in addition to the link that receives the traffic, and the first member selected in the following manner Device link:
    条件一,该成员设备上实体端口对应的虚拟端口包括非捆绑端口;Condition 1, the virtual port corresponding to the physical port on the member device includes an unbundled port;
    条件二,该成员设备上实体端口对应的虚拟端口包括第一捆绑端口,所述第一捆绑端口指对应于一个成员设备上多个实体端口的捆绑端口;Condition 2: the virtual port corresponding to the physical port on the member device includes a first bundle port, and the first bundle port refers to a bundle port corresponding to multiple physical ports on one member device;
    方式一,从实体端口对应的虚拟端口均为第二捆绑端口且对应的所述第二捆绑端口相同的多个第一成员设备中,选择一个第一成员设备,其中,所述第二捆绑端口指对应于多个成员设备上多个实体端口的捆绑端口;In a first mode, the first member device is selected from the first member devices in which the virtual port corresponding to the physical port is the second bundle port and the corresponding second bundle port is the same, and the second bundle port is selected. a bundle port corresponding to multiple physical ports on multiple member devices;
    其中所述选择依据以下一种或多种策略进行:负载均衡策略;优先级策略;及随机选择策略。The selection is performed according to one or more of the following strategies: a load balancing policy; a priority policy; and a random selection policy.
  24. 如权利要求17-21、23中任一所述的控制器,其中:A controller as claimed in any one of claims 17 to 21, wherein:
    所述集群控制装置还包括以下模块中的一种或多种:The cluster control device further includes one or more of the following modules:
    离线处理模块,设置为在确定所述转发设备集群中的一成员设备离线后,将该离线成员设备及其端口从所述转发设备集群存活的成员设备中删除;及对所述转发设备集群存活的每一成员设备,如果该成员设备的流表有出端口连接到该离线成员设备,将该成员设备的流表中连接到该离线成员设备的出端口删除,将更新后的该流表重新下发给该成员设备;The offline processing module is configured to: after determining that a member device in the forwarding device cluster is offline, deleting the offline member device and its port from the member device surviving the forwarding device cluster; and surviving the forwarding device cluster If the member device's flow table has an egress port connected to the offline member device, the egress port of the member device's flow table connected to the offline member device is deleted, and the updated flow table is re-updated. Issued to the member device;
    端口失效处理模块,设置为在确定作为出端口的一虚拟端口的状态变为非活动后,将该虚拟端口对应的实体端口从相应流表的出端口中删除;及,对删除后有出端口的每一流表,将更新后的该流表重新下发给对应的成员设备;对删除后无出端口的每一流表,将该流表对应的成员设备上连接到所述第一成员设备的实体端口新增为该流表的出端口,将更新后的该流表重新下发给对应的成员设备;The port failure processing module is configured to delete the physical port corresponding to the virtual port from the egress port of the corresponding flow table after determining that the status of the virtual port as the egress port becomes inactive; and For each flow table, the updated flow table is re-sent to the corresponding member device; for each flow table that has no outgoing port after the deletion, the member device corresponding to the flow table is connected to the first member device. The physical port is added to the egress port of the flow table, and the updated flow table is re-delivered to the corresponding member device.
    通信故障处理模块,设置为在确定一成员设备连接到一所述第一成员设备的实体端口或所述实体端口对应的链路失效后,将该成员设备的流表中作为出端口的所述实体端口更新为连接到另一所述第一成员设备的实体端口,将更新后的该流表重新下发给该成员设备;The communication fault processing module is configured to: after determining that the physical port of the member device is connected to the first member device or the link corresponding to the physical port is invalid, the flow table of the member device is used as the out port The physical port is updated to be connected to the physical port of the other first member device, and the updated flow table is resent to the member device;
    集群分裂处理模块,设置为在确定所述转发设备集群处于分裂状态后,记录处于非活动状态的虚拟端口和所述成员设备之间的互联端口,以及失效的所述成员设备之间的链路,并禁用所述成员设备上的联动端口;及,对所述虚拟转发设备重新进行路径决策,根据路径决策的结果得到所述成员设备的流表并下发给所述成员设备;The cluster split processing module is configured to: after determining that the forwarding device cluster is in a split state, record an interconnect port between the inactive virtual port and the member device, and a link between the failed member devices And disabling the linkage port on the member device; and performing a path decision on the virtual forwarding device, and obtaining a flow table of the member device according to the result of the path decision, and sending the flow table to the member device;
    成员加入处理模块,所述SDN控制器确定有一成员设备加入所述转发设备集群后,根据所述路径决策的结果得到该成员设备的流表并下发给该成员设备,在该成员设备具有与所述虚拟端口对应的实体端口时,按照转发设备集群新的拓扑对原有 成员设备的流表进行更新并下发给相应的成员设备。 The member joins the processing module, and the SDN controller determines that a member device joins the forwarding device cluster, and obtains a flow table of the member device according to the result of the path decision, and sends the flow table to the member device, where the member device has When the physical port corresponding to the virtual port is used, the new topology of the forwarding device cluster is used. The flow table of the member device is updated and delivered to the corresponding member device.
PCT/CN2016/101780 2015-12-29 2016-10-11 Method and controller for controlling forwarding device cluster in software-defined networking WO2017113929A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201511020591.X 2015-12-29
CN201511020591.XA CN106936609B (en) 2015-12-29 2015-12-29 Method for controlling forwarding equipment cluster in software defined network and controller

Publications (1)

Publication Number Publication Date
WO2017113929A1 true WO2017113929A1 (en) 2017-07-06

Family

ID=59224569

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/101780 WO2017113929A1 (en) 2015-12-29 2016-10-11 Method and controller for controlling forwarding device cluster in software-defined networking

Country Status (2)

Country Link
CN (1) CN106936609B (en)
WO (1) WO2017113929A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112272105A (en) * 2020-09-16 2021-01-26 浪潮思科网络科技有限公司 SDN controller cluster member control method, system and medium
CN112491744A (en) * 2020-11-13 2021-03-12 浪潮思科网络科技有限公司 Port flow mirroring method, device and medium
CN113746730A (en) * 2021-08-25 2021-12-03 新华三大数据技术有限公司 Routing information processing method and device
CN114070889A (en) * 2021-11-10 2022-02-18 北京百度网讯科技有限公司 Configuration method, traffic forwarding method, device, storage medium, and program product

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109412943B (en) * 2017-08-18 2022-04-05 中兴通讯股份有限公司 SDN controller cluster flow processing method, device, equipment and storage medium
CN108011825B (en) * 2017-11-10 2020-07-28 深圳市泰信通信息技术有限公司 Multi-network equipment interconnection reality method and system based on software defined network
CN108494700B (en) * 2018-02-02 2022-11-01 百度在线网络技术(北京)有限公司 Cross-link data transmission method and device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101931587A (en) * 2009-06-19 2010-12-29 华为技术有限公司 Method and system of virtue cluster route
CN104426792A (en) * 2013-09-05 2015-03-18 中兴通讯股份有限公司 Scheduler support ability query method, scheduler support ability notification method and scheduler support ability query device
CN104426731A (en) * 2013-08-23 2015-03-18 杭州华三通信技术有限公司 A method and device for computing a spanning tree
CN104767778A (en) * 2014-01-07 2015-07-08 中兴通讯股份有限公司 Task processing method and device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581058B (en) * 2012-07-31 2017-02-15 杭州华三通信技术有限公司 Message forwarding method and device in data central network
CN103973676B (en) * 2014-04-21 2017-05-24 蓝盾信息安全技术股份有限公司 Cloud computing safety protection system and method based on SDN
CN103986651B (en) * 2014-05-30 2018-03-06 新华三技术有限公司 A kind of software defined network controller and its control method
CN104407911B (en) * 2014-10-31 2018-03-20 新华三技术有限公司 Virtual machine migration method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101931587A (en) * 2009-06-19 2010-12-29 华为技术有限公司 Method and system of virtue cluster route
CN104426731A (en) * 2013-08-23 2015-03-18 杭州华三通信技术有限公司 A method and device for computing a spanning tree
CN104426792A (en) * 2013-09-05 2015-03-18 中兴通讯股份有限公司 Scheduler support ability query method, scheduler support ability notification method and scheduler support ability query device
CN104767778A (en) * 2014-01-07 2015-07-08 中兴通讯股份有限公司 Task processing method and device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112272105A (en) * 2020-09-16 2021-01-26 浪潮思科网络科技有限公司 SDN controller cluster member control method, system and medium
CN112272105B (en) * 2020-09-16 2023-04-18 浪潮思科网络科技有限公司 SDN controller cluster member control method, system and medium
CN112491744A (en) * 2020-11-13 2021-03-12 浪潮思科网络科技有限公司 Port flow mirroring method, device and medium
CN113746730A (en) * 2021-08-25 2021-12-03 新华三大数据技术有限公司 Routing information processing method and device
CN114070889A (en) * 2021-11-10 2022-02-18 北京百度网讯科技有限公司 Configuration method, traffic forwarding method, device, storage medium, and program product
CN114070889B (en) * 2021-11-10 2023-11-14 北京百度网讯科技有限公司 Configuration method, traffic forwarding device, storage medium, and program product

Also Published As

Publication number Publication date
CN106936609A (en) 2017-07-07
CN106936609B (en) 2020-10-16

Similar Documents

Publication Publication Date Title
WO2017113929A1 (en) Method and controller for controlling forwarding device cluster in software-defined networking
US9628375B2 (en) N-node link aggregation group (LAG) systems that can support various topologies
CN110166356B (en) Method and network equipment for sending message
US9614727B2 (en) N-node systems and methods for link aggregation groups (LAG)
US8730963B1 (en) Methods, systems, and computer readable media for improved multi-switch link aggregation group (MLAG) convergence
US8619605B2 (en) Method and apparatus for maintaining port state tables in a forwarding plane of a network element
US8654630B2 (en) Techniques for link redundancy in layer 2 networks
CN101155109B (en) Ethernet switching system and equipment
US20150172098A1 (en) Link aggregation in software-defined networks
US20140301401A1 (en) Providing aggregation link groups in logical network device
JP5488979B2 (en) Computer system, controller, switch, and communication method
EP3213441B1 (en) Redundancy for port extender chains
CN104639464A (en) System and method for realizing cross-interchanger link aggregation on OpenFlow interchanger
US20140369184A1 (en) General User Network Interface (UNI) Multi-homing Techniques For Shortest Path Bridging (SPB) Networks
CN105162704A (en) Multicast replication method and device in Overlay network
WO2021082812A1 (en) Message sending method and first network device
WO2020114017A1 (en) Data center traffic exchange method and apparatus, device and storage medium
CN111901133B (en) Multicast switching method, device, network equipment and storage medium
CN110011912A (en) Case type switching equipment uplink switching method and device
JP6109954B2 (en) System and method for pass-through mode in a virtual chassis system
WO2020156355A1 (en) Load sharing method, device, system, single board and storage medium
WO2023065750A1 (en) State synchronization method and apparatus, and device
CN116614436A (en) Traffic forwarding method, device and system and main/standby switch
KR101260646B1 (en) Method for transferring data and network system using the same

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16880721

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16880721

Country of ref document: EP

Kind code of ref document: A1