WO2017122848A1 - Sdn-based network system for supporting multi-tenants and method for supporting multi-tenants - Google Patents

Sdn-based network system for supporting multi-tenants and method for supporting multi-tenants Download PDF

Info

Publication number
WO2017122848A1
WO2017122848A1 PCT/KR2016/000437 KR2016000437W WO2017122848A1 WO 2017122848 A1 WO2017122848 A1 WO 2017122848A1 KR 2016000437 W KR2016000437 W KR 2016000437W WO 2017122848 A1 WO2017122848 A1 WO 2017122848A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
legacy
container
plurality
network
switch
Prior art date
Application number
PCT/KR2016/000437
Other languages
French (fr)
Korean (ko)
Inventor
박성용
공석환
딥죠이티사이키아
Original Assignee
쿨클라우드(주)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/02Communication control; Communication processing contains provisionally no documents
    • H04L29/06Communication control; Communication processing contains provisionally no documents characterised by a protocol
    • H04L29/08Transmission control procedure, e.g. data link level control procedure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents

Abstract

The present invention relates to a method for an SDN-based network system supporting multi-tenants providing an IP address, and a system for same, the method and system allowing flexible network operation using a plurality of virtual routers, support of multi-tenancy through the plurality of routers, and support of multi-tenants. The method comprises the steps of: a legacy container receiving, through a controller and an app, an ingress packet ingressed through one of a plurality of switches; generating an IP address from a virtual dynamic host configuration protocol (DHCP) server generated in the legacy container, when the ingress packet is a DHCP; and transmitting the generated IP address to a switch to which the ingress packet has been transmitted through the app and the controller.

Description

SDN-based, multi-tenant and multi-tenant support network system supports methods

The present invention (Software Defined Network) SDN service IP address of the base of the multi-tenant support network system method and relates to the system, the resilient network operable with a plurality of virtual router, multi-tenancy via a plurality of routers support poetry, and relates to a method of providing IP addresses to network devices that belong to a particular tenant in a network that supports multi-tenant and the system.

With the advent of mobile devices and explosive growth in server virtualization and cloud services, increased network demand. SDN (Software-Defined Network) is an approach to computer networking that enables you to manage network services through abstraction of low-level functionality, network administrators. This fundamental system for forwarding the traffic to the selected destination can be achieved by separating;; (control plane a control plane) system for a decision on whether the traffic from the (data plane data plane) to be transmitted where.

Open flow is one of the mechanisms that separate the function of high-speed data plane routing decisions and high level. Packet forwarding plane is still involved in the switching stage, while the high-level routing decisions are involved in a separate controller, which communicates over an open-flow protocols.

However, as the conversion of the transition from the existing network to the SDN, it is necessary to define an interface for constant connection without an existing legacy protocols and devices for SDN. Equipment to configure these hybrid SDN network computing resources and networking resources were exhausted enemy, there is a need for a simple structure and operations.

For an existing virtual router coexistence of the control plane and data plane, and, in many cases, to move the existing router as a virtual machine type. This not only be dependent on the virtualization technology, inevitably, compared to traditional hardware router low performance. In addition, the need to manage each individual case of an existing router, router, and did not actively respond to the changing needs of the network.

Network management through DHCP handling in existing cloud environments is done in the cloud, the control node. If you operate a cloud environment based on the SDN network, the dispersion of the DHCP information that manages information and internal cloud network of SDN controller to manage the existing SDN network yireona difficult to manage.

<Prior Art Documents>

Non-Patent Document 1. OpenFlow Switch Specification version 1.4.0 (Wire Protocol 0x05), October 14, 2013 [https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow -spec-v1.4.0.pdf]

Non-Patent Document 2. Software-Defined Networking: The New Norm for Netwrks, ONF White Paper, April 13, 2012 [https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/wp -sdn-newnorm.pdf]

Non-Patent Document 3. ETSI GS NFV 002 v1.1.1 (2013-10)

[Http://www.etsi.org/deliver/etsi_gs/NFV/001_099/002/01.01.01_60/gs_NFV002v010101p.pdf]

An object of the present invention is to support the legacy network from SDN network service to various users, such as data center cloud environment, and to the billing according to the user's usage, and a resilient network management to enable the user while ensuring the quality of service to provide an easy network management of the available SDN network-based multi-tenant support system.

There is also another object of the present invention, the DHCP server was managed in the cloud control node to provide the IP address of the SDN controller provides methods for direct management.

An IP address provided a method of providing (Software Defined Network) based multi-tenant support SDN network system according to an embodiment of the present invention, the system controller for controlling the plurality of switches in the (Software Defined Network) SDN-based; Legacy container to treat a switch group including at least a portion of the switch of the plurality of switches to a virtual router, generates the routing information for the packet flowing to any one switch of the switch group; And the virtual router generated upon receiving the request message, as a network system that includes a legacy container app generated using the legacy container virtualization technology to allocate computing resources, the legacy container app the packet incoming to the plurality of switches specific information is based on a sliced ​​identifier and generate a plurality of legacy container, the slicing identifier based at as the system corresponding to any of the tenants of a plurality of tenants (tenant) coupled to the plurality of switches, the legacy container, said plurality the step of receiving via the controller and the app, the incoming packet incoming to any one switch of the switch; That the incoming dynamic host configuration protocol packet; if (DHCP Dynamic Host Configuration Protocol), comprising: generating an IP address from the DHCP server generates a virtual container in the legacy; And the generated IP address may include the step is sent to a switch transmitting the incoming packet through the app and the controller.

IP address providing method of a multi-tenant network system according to another embodiment of the present invention, (Software Defined Network) SDN controller for controlling the plurality of switches in the base; Legacy container that provides a virtual routing capabilities; And an IP address provided by way of a multi-tenant network system comprising a container legacy app generating the legacy container, the method comprising: in the legacy app container, receiving a route request message; Generating the legacy container in the app, the allocation of computing resources; The method comprising in the app, specify the network information including a namespace identifier to the container; And in said container, wherein using the network information includes a step of preparing a virtual routing function, the namespace identifier corresponding to any of the tenants of a plurality of tenants (tenant) coupled to the plurality of switches, and the app generating a plurality of legacy container, and the namespace identifier management information of the incoming packet to any one switch of the plurality of switches in said controller corresponding to the slicing identifier specifying information based on the packets incoming on the plurality of switches, and the If no, the method comprising forwarding the incoming packet to the app; The method comprising in the app, extract slicing identifier from the incoming packet; Transferring the incoming packet in the app, as a container comprising a namespace identifier corresponding to the extracted identifier of the plurality of slicing legacy container; It may further include the step of generating an IP address by using the case of; (Dynamic Host Configuration Protocol DHCP), a virtual DHCP server function and the incoming packet is a Dynamic Host Configuration Protocol in the container.

SDN of base to provide the IP address according to an embodiment of the present invention supports multi-tenant network system, the controller for controlling the (Software Defined Network) SDN plurality of switches in the base; Legacy container to treat a switch group including at least a portion of the switch of the plurality of switches to a virtual router, generates the routing information for the packet flowing to any one switch of the switch group; And the virtual router generated upon receiving the request message, allocate the computing resource contains a legacy container app for generating the legacy container by using a virtualization technology, the legacy container app specific information based on the packets incoming to the plurality of switches wherein the legacy container generates a plurality of legacy container, and on the basis of the slicing identifier provides the ability to comes in the IP address request based on the network environment of the switch generates an IP address of the IP address requested by the network device via the switch can do.

According to the invention, it can support a legacy network in the SDN network, can provide multiple virtual router, and may be a plurality of virtual router to collectively managed by the controller SDN. Accordingly, to provide a routing function by different users, and may provide a multi-tenancy function. It can also reduce the complexity of management.

1 is a structure of the SDN network system according to an embodiment of the present invention,

Figure 2 is a block diagram of a controller of the network system of Figure 1 (block diagram),

Figure 3 is a block diagram of the switch of the network system of Figure 1,

4 is a table showing the operation according to the operation type field of the table and the flow entry flow entry,

5 is a table field in the group table, and the meter,

Figure 6 is a structure for a multi-tenant network support system according to an embodiment of the present invention,

Figure 7 is a block diagram of the components of the network system of Figure 6,

Figure 8 is a block diagram of a legacy container according to another embodiment of the present invention,

9 is a flow chart for the legacy container forming process,

FIG. 10 is a flow chart embodying the routing method of preparation 9,

11 is a structure showing the various interfaces of a virtual router,

12 is a network configuration in accordance with another embodiment of the invention,

13 is a structure of a virtual router in accordance with Figure 12,

14 is a flowchart for a method determining whether a legacy routing for the flow of the controller of Figure 6,

Figure 15 is a flow chart of a processing method for an incoming packet from a legacy container, and

16 is a flowchart of an example non-routing process in Fig.

With reference to the drawings will be described the present invention in more detail.

First, the term of the second, etc., can be used in describing various elements, but the above elements shall not be restricted to the above terms. These terms are only used to distinguish one element from the other. For example, without departing from the scope of the present invention, the first component may be referred to as a second configuration can be named as an element, similar to the first component is also a second component. And / or the term includes any item of the items described concerning the combination or plurality of the plurality of related items disclosed.

It understood that when one element is described as being "connected" or "coupled" to another element, but may be directly connected or coupled to the other components, may be other element in between It should be. In contrast, when an element is referred to there being "directly connected" to another element or "directly connected", it should be understood that other components in the middle that does not exist Also it means that the fact that between the first or the first component and the second component are connected on the network connection, a wired or wireless first component and the second component can exchange data.

In addition, the suffix of the components used in the following description, "module" and "unit" are given merely as being taken into consideration only the easiness of writing this specification, it does not give a particularly important meaning or role by themselves. Accordingly, the "module" and "unit" may be used interchangeably with each other.

These components are combined or require two or more components, one of the components based on, when implemented in a real application, or one component may be configured is subdivided into two or more components. For the same or similar elements throughout the drawings they were given the same reference numerals, and detailed description of the components having the same reference numeral can be omitted and replaced with a description of the foregoing components.

SDN is a separate concept peulreeul control for controlling the flow of data plane packet and to forward packets. When a packet generated from SDN, network equipment forwards the packet to see where you want to ask the SDN control software (control) to determine the path and method for transmitting a packet to reflect the results. SDN is an open flow (Openflow) emerged to actually apply the theoretical concepts. That is an open flow is a standard interface established to implement SDN. Open flow is configured as an open flow controller and the open flow switch, controls the flow information to determine the delivery route and manner of the packet. Throughout the present specification, the open flow and SDN can also be used or mixed with each other in the same sense.

Flow (flow) it may indicate a number of flow entry packet flow of a specific path according to a combination of (flow entry) of the series of packets or multiple switches that share a value of at least one header field in perspective a single switch. Open flow network may perform the routing control, fault recovery, load balancing and optimizing to the flow unit. Herein it means the flow can be a particular packet may also be meant to include other metadata, such as a particular packet and the incoming port.

1 is a block diagram of a switch of a network system in a block configuration, and Fig. 3 of the controller of the SDN network system block diagram illustrating network system of (block diagram), 1, 2 is also in accordance with one embodiment of the present invention; configuration, and Fig. 4 is an operation table showing operation type field of the table and the flow entry of flow entry, and Fig. 5 is a table field in the group table, and the meter.

Referring to Figure 1 (a), SDN network system according to an embodiment of the present invention may include a controller (contoller) (10), a plurality of switch 20 and a plurality of network devices (30).

Network device 30 may include a physical device or a virtual device that performs the user terminal device, or a particular function to receive exchange data or information. From a hardware point of view, the network device 30 may be a PC, a client terminal, a server, a workstation, a supercomputer, a mobile communication terminal, a smart phone, such as a smart pad. In addition, network device 30 may be a virtual machine (VM) generated on the physical device.

The network device 30 may be referred to as a network function (network function) to perform various functions in the network. Network features anti (anti) DDoS, intrusion detection / blocking (IDS / IPS), integrated security services, virtual private network services, anti-virus, anti-spam, security services, access management services, firewalls, load balancing, QoS, video optimization, etc. the can be included. These network features can be virtualized.

A; (NFV Network Function Virtualiztion) ETSI as a virtualized network functions of the related NFV white paper published by the (European Telecommunications Standards Institute) (refer to Non-Patent Document 3), the network definition function by the virtualization. In this specification the network function (NF) can be used interchangeably with the network virtualization function (NFV). NFV is the tenant (tenant) required by providing the necessary network capabilities to dynamically generate the L4-7 service connection or, in the case of DDoS attacks is provided quickly and require policy-based firewall, IPS, and DPI functions such as a set of services used Chaining It can be. Also NFV can easily come off the firewall or IDS / IPS, you can automatically provisioning (provisioning). NFV can also reduce the need for over-provisioning.

A controller (controller) (10) may be a type of command to control the computer system SDN, various complex functions, for example, routing, policy declaration, and security checks, etc. The controller 10 may define a flow of packets generated by a plurality of switches 20 in the lower layer. The controller 10 may be such that the entry of the flow setting the switches in the network calculates a policy with reference to the network topology, such as for the acceptable flow to the flow through path (data path), a path. The controller 10 may communicate with a particular protocol, for example, a switch 20 using an open-flow protocols. The communication channel of the controller 10 and the switch 20 may be encrypted by SSL.

2, the controller 10 may include a switch 20 and a communication switch unit 110, a controller 100, and a storage unit 190 for.

Storage unit 190 may store a program for processing and controlling of the controller 100. Storage unit 190 may perform a function for temporary storage of the data to be input or output (packet, message, etc.). Storage unit 190 may include an entry database (DB) (191) for storing the flow entry.

The controller 100 may control an operation of the conventional and of the parts to control the overall operation of the controller 10. The controller 100 may include a topology management module 120, the route calculation module 125, an entry management module 135, and message management modules 130. Each module may be configured in hardware within the controller 100, it may be configured as a separate software, the control unit 100.

Topology management module 120 may build and manage a network topology information based on the connection relationship of the switch 20 is collected through the switch unit 110. A network topology information may include the topology of the network device that is connected to the topology, and the switches between the switch. The topology information may be stored in the storage section 190.

Route calculation module 125 can obtain an action column run on the switches in the data path and the data path of the packet received through the switch unit 110 based on the network topology information built in the topology management module 120.

Entry management module 135 is to be registered in the entry DB (191) as an entry, such as a result, the flow table based on the policy, user instructions, etc., such as QoS, group table, and the meter table calculated by the route calculation module 125 can. Entry management module 135 may respond (reactive) to add or update request entry from or to the entry of each table in advance switch 20 is registered (proactive), switch 20. Entry management module 135 can change or delete an entry in the entry DB (191) by the entry of the message disappears, as needed or switch 10.

Message management module 130 includes a controller to be described later is transmitted to the switch through the switch unit 110 interprets the message, the switch unit 110 received via the - may generate a message switch. Controller-in state change message one of the switch message may be generated based on the entries stored in the entry or entries DB (191) produced by the entry management module 135.

Switch 20 may be a physical switch or a virtual switch that supports open-flow protocols. Switch 20 may be relayed to the flow between the processing the received packet, the network device 30. To this end, switch 20 may be provided with a multi-flow table to a flow table or the above-mentioned non-patent document 1 that a pipeline (pipeline) processing.

Flow table may include a flow entry which defines the fingers rules to do with the flow of the network device (30).

Switch 20 may be divided into between the flow according to the combination of a multi-switch input-output-side edge switch (edge ​​switch) (ingress switch and egress switch) and the switch core edge switch (switch core).

3, the switch 20 includes a controller unit 210 in communication with the port unit 205, the controller 10 for communicating with other switches and / or network device, the switch controller 200, and a storage unit ( 290) may include.

Port portion 205 may be provided with a plurality of a pair of ports connected to a switch or a network device. A pair of ports can be implemented in a single port.

Storage unit 290 may store a program for processing and control of the switch controller 200. Storage unit 290 may perform a function for temporary storage of the data to be input or output (packet, message, etc.). Storage unit 290 may include a table 291, such as a flow table, group table, and the table m. Table 230 or the entry in the table may be added, modified, deleted on the basis of the messages of the controller 10. Table entry may be itself destroyed by the switch 20.

Flow table may be configured as a multi-flow table to process the pipeline (pipeline) of the open flow. 4, the flow entry of a flow table is a match field (match fields) describe the conditions (control rule) that matches the packet, the priority (priority), if there is a packet that matches the counters (counters) is updated, a time-out (timeouts), opa queue (opaque) to the type of the controller which is selected by the controller to describe time to be discarded from the set of instructions (instruction), the switch of the various actions that occur if the packet that matches the flow entry by flow statistics, it can be used to filter a flow change, deletion, and the flow, may include a tuple (tuple), such as cookies (cookie) that is not used for packet processing.

Instruction (instruction) can change the pipeline processing such as passing the packet to another flow table. In addition, an instruction may include a list of actions to take effect immediately in the set, or a set of packets of action action (action) adding the action to the (action set). Action (action) may indicate the task to modify the packet such as to transmit a packet to a specific port or decreasing the TTL field. Actions can be attributed to the action buckets associated with a part or group of entries in the instruction set associated with a flow entry. Three action (action set) refers to the set of the action indicated in the tables stacked. Three actions can be performed when there is no table match. Figure 5 illustrates a number of packets processed by the flow entry.

The pipeline (pipleline) refers to a set of packet processing between the packet and the flow table. If the packet is flowing into the switch 20, switch 20 searches for a flow entry packet and the matching as the priority of the first table the high order flow. If the matching carried out the instruction of the relevant entry. Instruction when the command (apply-action), instruction (clear-action; write-action) to delete or add / modify the contents of the actions set to perform without matching, metadata (metadata) to modify the command (write-metadata), designated there is such high wootu instruction (goto-table) which moves the packet with the metadata in a table. If there is no flow entry that matches the packet, discarding the packet in accordance with the setting table (drop) the packet or the packet to the controller 10 - it can be sent in placing the message (packet-in message).

Group table may include a group entry. Group table is indicated by the flow entry may present additional forwarding method. Referring to Figure 5 (a), a group entry in the group table may be provided with the following fields: Group identifier to distinguish the group entries (group identifier), a group that the actions bucket defines the entry to perform some (select) or the whole (all) that specifies the rules for whether to group type (group type), the counter of the flow entry counters (counters), and the group of actions bucket set of actions associated with the parameters defined in order for the statistics, such as may include (action buckets).

M table (meter table) is composed of meter entry (entries meter), a flow meter - defines the per (per-flow meters). Flow meter-sugar can be opened so that the flow can be applied to various QoS operation. M (meter) is a kind of switch elements that can measure and control the rate (rate of packets) of the packet. Referring to Figure 5 (b), two meters table (meter table) is to identify the meters meter identifier (meter identifier), the band m band (meter bands) that represents the specified speed and the packet method of operation for (band), and the packet when operating in the meter is made up of counters (counters) field that is updated. M band (meter bands) is a band type indicating how the packet processed (band type), the rate (rate) is used to select the Meter band by the meter, when the packets are processed by the meters band update counter, (counters ), and bad, which are specific types of the argument type having an optional arguments (argument) (can be composed of fields, such as type specific argument).

Switch controller 200 may be a conventional control operation of the respective parts to control the overall operation of the switch 20. Switch controller 200 may include a table management module 240, a flow search module 220, the flow processing module 230, and a packet processing module 235 that manages the table (291). Each module may be configured in hardware within the controller 200 may be configured as a separate software and controller 200.

Table management module 240 may be added or removed periodically to the entry time-out (time out), the entry received from the controller 10 to the appropriate tables via the controller communication unit 210.

Flow search module 220 may extract flow information from the packet received as the user traffic. Flow information, identification information, IP address, MAC address, the port identification information, the packet header information (transmission source and destination of the packet inlet port (incoming port) of the switch of the inlet port packet inlet port of an edge switch (ingress port), and it may include VLAN information, etc.), and metadata. Metadata may be selectively added to or from the previous table, the data added at the other switch. Flow search module 220 can detect that the flow entry for the packet received on the table 291 with reference to the flow information is extracted. When the flow search module 220 flow entry is detected, it may request to process the received packet in accordance with the retrieved flow entry to the flow processing module 260. Ten thousand and one flow entry when the search fails, the flow search module 220 may transmit the minimum amount of data of the received packet and a received packet to the controller 10 via the controller communication unit 210.

Flow processing module 230 may process an action, such as to output a packet to a specific port or multi-port, drop to or modify a specific header field according to the procedure described in the entry found in the flow search module 220 have.

Flow processing module 230 may perform the action set when it can not go further in the following table executing instructions or multiple flows table for processing or to change the action of the pipeline process of the flow entry.

Packet processing module 235 can be actually output to the one or two or more ports of the port unit 205 specified by the packet processed by the flow processing module 230 in a flow processing module 230. The

Referring to Figure 1 (b), SDN network system may further include a orchestrator (1). Orchestrator 1 may generate, modify, and delete the virtual network device, such as a virtual switch. Okay when generating the virtual network device in the Orchestrator (1), the orchestrator (1) identifies the port identification information, MAC address, IP address, emitter nenteu (tenant), which is connected to the identification information, the switches of the switch, the virtual network connection the information and the information of the network device such as network identification information can be provided to the controller 10.

The controller 10 and the switch 20 is orchestrator 1 and Orchestrator (communication to a separate interface, or via the controller communication unit 210 of the switch unit 110 and the switch 20 of the controller 10 1 ) and it may communicate. Switch 20 may receive the orchestrator 1 and the message through the controller 10.

The controller 10 and the switch 20 will receive a variety of information exchange, it is referred to as open-flow protocol message (openflow protocol message). These open flow control messages - there is a type of switch, such as a message (controller-to-switch message), the asynchronous message (asynchronous message), and the symmetric message (symmetric message). Each message transaction identifier that identifies the entry; may be provided with a (transaction id xid) in the header.

The controller-switch messages are primarily used to control or check the status of the switch 20 as a message to the controller 10 is generated by passing the switch 20. The controller-switch messages can be generated by a controller 100, a particular message management module 130 of the controller 10.

The controller-switch message functions (features), set to query the settings and settings, such as configuration parameters of the switch (20) (configuration), a flow / group / meter of open flow table to contact the capabilities (capabilities) of the switch entry of the state change to correct add / delete / message (modify state message), the packet-in message packet to transmit a packet received from the switch to a particular port on the switch through-out the message (packet-out message), etc. there is. State change message is a flow table change message (modify flow table message), flow entry change message (modify flow entry message), a group entry change message (modify group entry message), the port change message (prot modification message), and the meter entry change and the like message (message modification meter).

An asynchronous message is a message generated by the switch 20, it is used to eopteyiteu a change in the switch status, and network events, such as in the controller 10. Asynchronous messages may be generated by the controller 200, in particular the flow search module 220 of the switch 20.

In asynchronous message packets, and the like of the message (packet-in message), flow-message deletion message (flow-removed), the error message. Packet-in message is a switch 20 is used to receive the control packet to transmit a packet to the controller 10. Packet-in message switch 20 that includes all or part of the received packet or a copy thereof to be transmitted when it receives a packet of the image, in open flow switch 20 to request a data path to the controller 10 a message. The message is used - the packet even when the action of the associated entry in the incoming packet determined as directed to the controller. Deleted flow (flow-removed) messages are used to convey the flow to delete the entry information to the controller 10 from the flow Tave. This message is generated in hayeotgeona the controller 10 requests the corresponding flow entry to delete switch 20 flows due to the flow process by a timeout (timeout) (process flow expiry).

Symmetrical message is created in both the controller 10 and switch 20, it is characterized to be transmitted without the request of the other party. Hello (hello), the controller and the echo (echo) to ensure or more there is no connection between the switch, and is used by the controller or switch, the error message for notifying the issue on the opposite side that is used to initiate a connection between the controller and the switch and the like (error message). Error messages are used in the switch in order to appear to fail according to the request initiated by the controller, most.

Figure 6 is a block diagram of the components of the multi-tenant support structure for the network system, and FIG. 7, the network system of Figure 6 according to one embodiment of the present invention. The detailed description of the same or similar components, see Fig. 1 to Fig.

6, the network system may include a plurality of switches (SW1 ~ 5), the controller 10, the legacy app container 300, and a plurality of legacy container 400.

At least some of the plurality of switches (SW1-SW5) may be a physical switch or a virtual switch that supports the protocol to open a flow-based switch (Software Defined Network) SDN. A plurality of switches (SW1-SW5) is may be of a mixed flow of the open switch and the existing legacy switch, in which case the edge switch is preferably an open flow switch.

A plurality of switches (SW1-SW5) may be connected to each other. Edge switch of the plurality of switches (SW1-SW5) can be connected to each port (p21, p22, p31, p32, p41, p42) linked to the network device, or through, the foreign network (the legacy routers, gateways, etc.) .

The controller 10 may control the plurality of switches in the (Software Defined Network) based SDN. 7, the controller control unit 100 of the controller 10 topology management module 120, the route calculation module 125, an entry management module 135, message management module 130, a legacy interface module (145 ) can include. Each module may be configured in hardware within the controller 100, it may be configured as a separate software, the control unit 100. The description of the components of the same reference numerals, see FIG.

When configured switch group is only open flow switch, it functions the same as those described in FIG. 1 to 5 of the topology management module 120 and the route calculation module 125. When the switch group of the switch and the open flow existing legacy switch, topology management module 120 can obtain the connection information of a legacy switch, through the open flow switch.

Legacy interface module 145 may communicate with the legacy app container 300. Legacy interface module 145 may transmit the topology information of the group switch built in the topology management module 120, a legacy routing container 300. Topology information, the first to the fifth switch (such as a legacy switch, the legacy routers) (SW1-SW5) of the connection relation information and the first to fifth switches of the network device that is connected to the (SW1-SW5), and network devices, respectively or it may comprise a connection or contact information of each other.

If the analysis is not possible for the incoming packet received legacy interface module 145 through any one switch of the plurality of switches (SW1-SW5), in one of which the case if a specified phase, and policies when the routing can not be It can pass the incoming packets to the legacy app container (300).

Examples of possible analysis impossible or routed in the packet, or to the incoming packet analysis is configured as a legacy protocol, and the like when the legacy network is associated with a route calculation module 125 is not able to assign the path to the received packet.

If you need to send the policy incoming packet in Application 300, if the need to configure the plurality of switch network connected to the (SW1-SW5) to a multi-tenant, or configure the network into a plurality of virtual routers to flexibly operate If there is such a need. This may be triggered by the generated virtual router request message generated by the administrator or the user's control or request. Legacy app container 300 may receive the virtual router request message generated through the open flow switch or Orchestrator (1). As for the multi-tenant and a plurality of virtual router it will be described later.

If the legacy interface module 145 can not generate the processing rules for the flow having the flow inquiry message is received from the open switch the flow, the flow can be transmitted to the legacy app container 300. The flow is preferred to include the port information of the received packet and a packet received from the open switch the flow switch.

Legacy interface module 145 can convert the routing path information generated by the legacy container 400 to be described later to open the flow (OpenFlow) protocol.

7, the legacy app container 300 may include a packet processing unit 310, the topology module (320), SDN interface module 340, and a container generator 350. Legacy app container 300 or in a separate driving device, can be driven by the controller 10.

SDN interface module 340 may communicate with controller control section 100. SDN controller control interface module 340, a legacy interface module 140 and the legacy app container 300 (100) each of which may be an interface to the controller control unit 100 and the legacy routing container 300. Legacy interface module 140 and SDN interface module 340 may communicate with a particular protocol or a particular language.

Legacy interface module 140 and SDN interface module 340 with all or any one may be able to translate and interpret the messages received by the controller 10 and the legacy routing container 300 exchange. For example, it is possible to convert the legacy protocol messages to open flow protocol message.

Topology module 320 may store the network topology information of the information related to the controller control unit 100, a plurality of switches (SW1-SW5) received from. Topology module 320 may generate a network topology for a plurality of virtual router or a multi-tenant to create a policy. Topology, a plurality of virtual router or a multi-tenant in the module 320 (hereinafter referred to as "multi-tenant, such as" as referred to) a user's request, as well as be produced by the generated information policy for such multi-tenant, network topology for the administrator or of it can be generated by a control.

A plurality of virtual routers can be adjusted flexibly to the capacity of the network. If you need to provide a cloud, for example, a data center can control the network capacity can be facilitated. If a different user must provide a cloud environment, multiple virtual routers can support the virtual router based on the user and can be easily accounting policies in accordance with the user's usage. When a plurality of virtual router network environment, each controlled independently of each other, each resource having a tenant may support multi-tenancy to not be guaranteed independent shared with other tenants.

Generating information for such as a multi-tenant (hereinafter referred to as "generated information") is a network topology other than the number and type of network devices connected to a virtual router location and network information, the group policy of the user, network resources and computing to be given to the virtual router is created resource allocation policies, which could include virtual router loopback (loopback) IP address and port information (link address, MAC address, etc.). Network or the allocation policy of the computing resources in addition to the default policy, can be determined by a specified user or a request for the administrator. Some of the information generated can be included in the virtual router generate messages mentioned above.

Container generating unit 350 may generate and / or manage the legacy container 400 having a routing function based on the generated information in the topology module 320. Container generating unit 350 receives the virtual router generates a message from the controller control unit 100, and prepares to generate a legacy container 400.

First, the container may be generating unit 350 assigns the computing resources in the legacy container 400 be generated based on a network or computing resource allocation policy of the generated information, and generate a legacy container 400. Technique for generating the legacy container 400 may be used in a variety of virtualization.

Container generation unit 350 may specify, or delivered to the legacy container 400, legacy container 400, the network information via a packet processing unit 310 required for. Required network information may be extracted from the information generated.

Container generation unit 350 may specify a namespace identifier that can be identified as such or distinguished from other legacy container in legacy container 400.

Container generating unit 350 may generate a plurality of legacy container (401, 402, 403). Container generating unit 350 may generate a plurality of legacy container on the basis of the specific information of slicing identifier based on the packet incoming to a plurality of switches (SW1-SW5).

Specific information based on the incoming packet is a tag information, such as vLAN or vxLAN the incoming port information, an incoming packet flow edge of the open switch the incoming packet is incoming. That is, the slicing identifiers may include inlet port of the incoming packet, vLAN, vxLAN information. Tag information of an incoming packet is either specified by the source device of the packet, it can be specified on the open switch or a flow controller 10. If the packet is connected via a mobile communication network, slicing identifier may include the tag information, such as that the tunnel (tunnel) in addition to the packet ID.

Slicing identifier may be associated with a namespace identifier. As a result, the slicing identifier namespace identifier may be associated with each other.

A plurality of legacy container (401, 402, 403) may form a network isolated from each other. This network system according to the present invention can support the multi-tenant.

When a network device connected to a plurality of switches (SW1-SW5) to configure the multi-tenant, each tenant may be respectively corresponding to the slicing identifier or namespace identifier.

Namespace identifier can be specified to be the same as the tag information, such as the loopback address, or vLAN, vxLAN of the virtual router functionality in the legacy container. Namespace identifier can use the loopback address of any value or virtual routers.

Packet processing unit 310 is an interface with legacy container 400. For routing control for the incoming packet incoming to the open flow switch controller control unit 100 is by passing the incoming packet to the legacy container app 300, a packet processing unit 310 by the incoming packet a plurality of legacy container (401 receiving , one can determine what passed to any of the legacy container 402, 403). To this end, the packet processor 310 may extract the identifier from the incoming packet slicing, and forward the incoming packet to the legacy container with a namespace identifier associated with the identifiers of the plurality of slicing legacy container (401, 402, 403). Packet processing unit 310 to associate the single values ​​or in combination with one namespace identifiers of the multiple values ​​of the slicing identifier as a pair can be stored in association list.

Packet processing unit 310 receives the routing information, which will be described later from the Legacy container 400, it can be transmitted to the SDN interface module 340.

7, the legacy container 400 may include a namespace 440, routing processor 430, and a route information storage unit 450. The

Namespace 440, when the legacy container is generated by the controller generating unit 350 sets a network environment for legacy container. The network environment of the legacy container has a port such as interface of the virtual router to the network interface or functionality to legacy container functions as a virtual router. I.e., namespace 440 may establish a network interface, the environment with the outside.

Namespace 440 can be used in the Linux namespace technology. In this case, it is, namespace 440 by an instruction of the controller generating unit 350 can generate a legacy container.

Namespace 440 is an interface with legacy app container (300). Namespace 440 may establish a network environment of the container by using the legacy network information received from the legacy app container 300. Namespace 440 can be configured as a separate network of independent network environments and other legacy container.

Namespace 440 may have legacy container using the network information received from the legacy app container 300 is to function as a virtual router. Namespace 440, that is, a virtual router network environment, require the routing function receives the topology information of the of the network node information and the node from the legacy container app 300, can be stored in the routing information storing unit 450 have. The network node may include a network device or an external network connected to the information, the switches of the switch to engage the virtual routing function among a plurality of switches (SW1-SW5).

Routing processor 430 may generate a routing table (RIB, FIB, ARP table), using the network topology information and the network information stored in the route information storage unit 450. The The routing table may be updated, such as to be modified or deleted by a routing processor (430).

To this end, the routing processor 430 may be using a legacy protocol, and giving an external message. The resulting table may be stored in the route information storage unit 450. The

Routing information storing unit 450 may store a namespace identifier. Namespace 440 may determine whether to drop by using the namespace identifier for the incoming packet received by the legacy app container 300.

Routing information storing unit 450 simulates the switch group including a portion of the switch of the by storing the interface of a virtual router which provides a legacy container, routing information storing unit 450 includes a plurality of switches (SW1-SW5) externally It may be visible to the router.

Interface of the virtual router that is stored in the routing information storing portion 450 may vary.

Figure 8 is a block diagram illustrating a legacy container according to another embodiment of the present invention. Figure 1 through 5.

8, the legacy container may include a namespace 440, routing processor 430, a routing information storing section 450, and DHCP virtual server 460. The description of the same components, see Fig.

A virtual DHCP server 460 may have one incoming packets received from the namespace 440 can be if (Dynamic Host Configuration Protocol) DHCP protocol, requesting generate an IP address for use on a network device. In other words, if a network device that has an IP address request, DHCP virtual server 460 may send the IP addresses to the requested network device. A virtual DHCP server 460 may be a legacy container to enable the DHCP server function.

9 is a flow chart for the legacy container forming process. Figure 1 to refer to Fig.

Referring to Figure 9, upon receipt of the virtual router generation request message from the legacy container app 300 (S540), the legacy container app 300 can be allocated to the legacy container is created for networking resources and / or computing resources (S520).

Legacy app container 300 may generate a legacy container using the allocated resources (S530). Then, the legacy app container 300 may namespace identifier and the virtual routing network interface, the network topology information including network information is passed on and / or be assigned to the legacy container 400 to generate the necessary (S540).

As previously described, it generated the legacy container creates a remaining general portion of the legacy container from the generator generates a namespace 440 at 350, and namespace 440 of the legacy container app 300 You may.

Namespace unit 440 using the network information received from the legacy container app 300, by establishing a Virtual Router legacy container to function as a virtual router, routing or the like interface, and network topology information of the virtual router information storage unit It can be stored in 450.

Routing processor 430 may use information stored in the routing information storing unit 450, a virtual router to create a routing table and a forwarding table to the routing function. The legacy container 400 by is ready to provide a routing function (S550).

10 is a flow chart embodying the routing preparation method of Figure 9, Figure 11 is a structural diagram showing the various interfaces of a virtual router. The 1 through 9.

10, the namespace 440 may specify that specifies the interface of the virtual router, connected to the interface of the network node comprising a network device for each interface (S560).

Of namespace 440 is a plurality of switches (SW1-SW5) specifies the switch group to be used for the virtual routing, and the interfaces of the interface and the virtual routers of the switches belonging to the switch group can be mapped (S570).

11, you can see the virtual router that has a variety of interfaces.

Referring to FIG. 11 (a), an interface of the virtual router can be constructed with a plurality of ports of the switch (SW1-SW5) part of the first virtual router (v-R1) of the port of an edge switch of that response. In this case, the slicing identifier can be a port p21, p31, p41, and p51. Namespace identifier may be assigned to port p21, p31, p41, and p51 in combination with the corresponding values ​​of, for example, v-R3. I.e. namespace identifier may correspond to a list of slicing identifier value.

Referring to Figure 11 (b), an interface of the virtual router can be constructed so that a plurality of switch ports of the edge portion of the switches (SW1-SW5) to correspond to the port of the second virtual router (v-R2).

Figure 11 (c) when to refer to (f), the interface of the virtual router may be set so as to correspond with or vLAN vxLAN value of the packet. When generating the virtual router only physical ports (physical ports) of the edge switches, and is subject to a limit on the number of physical ports. However, associating the packet identification information (or vLAN vxLAN), it eliminates these constraints. In addition, it is possible to ensure that similarly to the flow of the legacy networks of the existing packets. You can also drive a person or of a legacy virtual router groups of users. Users or groups of users can be divided into a packet identifying information, such as vLAN, vxLAN or tunnel ID.

Figure 12 is a network configuration diagram in accordance with another embodiment of the present invention, Figure 13 is a structural diagram of a virtual router in accordance with Fig. Figure 1 through Figure 11.

12, and the network supports multi-tenancy, the network device (VM) are parts of respective multi-tenant. A first tenant is assumed that there is connected through the first 21 and second 22 of the switch (SW21, SW22) port p21n (p21_1, p21_2, ..., p12_n) and port p22n, the remaining devices through the port p23n, and p24n 23 and it is assumed that the policy has been established to be connected with the switch 24 (SW23, SW24).

In order to support two-tenant, the first and second legacy container can be produced that provides two independent virtual router function as shown in Figure 13.

Slicing identifiers are preferably assigned by vLAN value. A first tenant is the vLAN the value 101, the second tenant may be that the value 102 is vLAN. Namespace identifier (nsID) may be designated in the same manner as vLAN value respectively.

Interface port of an edge switch port interface and the virtual router is 1, or so as to correspond to the first, may be associated in various combinations.

14 is a flowchart for a method determining whether a legacy routing for the flow of the controller of FIG. Refer to FIGS. 6 to 11.

Determining whether a legacy routing method for a flow, means whether the controller 10 is to contact the flow control on whether the common control SDN or legacy routing containers 300 for receiving a flow from the open flow switch.

14, when the virtual routing function is ready in the legacy container 400, the controller 10 may receive a flow of packets of a network device through the open flow switch (S610).

The controller 10 determines whether the analysis is of the incoming packet flow (S620). If you are not able to interpret the incoming packet, controller 10 may convey the flow to a legacy routing app container (300) (S650). If the protocol message packet is used only in legacy networks, common control of the SDN-based because it can not interpret the packet.

If the incoming packet is the legacy packet as it is transmitted from the outside of the first legacy network to an external second legacy network, the controller 10 of the SDN-based can not calculate a routing path for the incoming legacy packet. If we can not compute a route from the controller 10, such as the legacy packets, the controller 10 can transmit a legacy routing packet to the legacy app container 300. Legacy routing path to the legacy packet may be computed by the routing processing unit 430 of the legacy container 400. However, it is possible to know the end-processing method of the legacy packet outlet port edge and legacy packets to be of a legacy packet processing by the controller 10 through the flow modification.

If this can not interpret the packet, the controller 10 retrieves the flow path such that the entry or entries in that table to calculate the path of the flow (S630). If you can not retrieve the path, the controller 10 passes the flow to a legacy routing app container (300) (S650). If visible for all the paths, the controller 10 outputs the packet to specify the packet - may send an open flow switch which generates a message packet out inquiry (S640).

15 is a flowchart of a processing method for an incoming packet from a legacy container, Figure 16 is a flow chart of an example non-routing process in Fig.

15, the legacy app container 300 may analyze an incoming packet of a flow is received through the controller 10 and extracts the identifier of sliced ​​incoming packet (S810).

Legacy apps container 300 may determine whether the association list of the namespace (ns) set identifier associated with the identifier extracted slicing identifier (S820).

If the slicing identifier and a namespace identifier set is not in the association list, the legacy app container 300 may drop so that the incoming packet (S900).

If the identifier set in the association list, the legacy app container 300 may deliver the flow to the legacy container 400 associated with the given namespace identifier slicing identifier (S830).

Routing processing unit 430 of the legacy container 400 may be interpreted by the incoming packet of the received flow to determine whether the packet is routed request message (S840).

If the incoming packet routing requests, the legacy container 400 may determine whether the routing information for the destination IP address of the incoming packet (S850).

If the routing information for the destination IP address, the routing processor 430 may drop so that the incoming packet (S890).

If the routing information for the destination IP address, the routing processor 430 may be transmitted to the legacy app container (300) to generate a routing path (S860). Routing path may be converted in any one of the SDN interface module 340, a legacy interface module 140 or the legacy app container 300 of the controller control unit 100, an open-flow protocol (S870). For example, it may be such that the legacy interface module 140 generates a flow entry so that the flow is taking place in the open flow switch based on the routing path, modify, or delete, and updates the entry table of a relevant open flow switch.

If it is not determined (S830) route request processing result of whether the routing request, legacy container 400 may process the request (S880). This is for details, refer to FIG.

16, the incoming packet is started, the network device other than the route request processing is assumed to be the case of DHCP protocol to request the IP address.

The routing processing unit 430 of the legacy container 400 analyzes the contents of the incoming packet, the incoming packet can be seen that the IP address request message (S910). Routing processor 430 passes the incoming packet to the DHCP virtual server (460) (S820). A virtual DHCP server (460) for the one send an incoming packet network device, network environment, for example, it may consider whether certain groups of users, or any tenant, create an IP address and subnet mask information information (S930). The generated IP address information and the subnet mask information is transferred, the sending network device via the legacy app container 300 and the controller 10, the open flow switch (S940). Messages sent to the network device with a virtual DHCP server 460 may be a typical DHCP protocol messages (DHCP Discover, DHCP offer, DHCP request, DHCP ack).

The present invention may be implemented in hardware or software. Implementation of the present invention can also be embodied as computer readable code on a computer-readable recording medium. The computer-readable recording medium includes all kinds of recording devices in which data that can be read by a computer system. Examples of the computer-readable recording medium include ROM, RAM, CD-ROM, magnetic tape, and a floppy disk, optical data storage devices, and it is implemented in the form of carrier waves (such as data transmission through the Internet) It includes. The computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion. And functional (functional) programs, codes, and code segments for accomplishing the present invention can be easily construed by programmers skilled in the art to which the invention pertains.

Embodiments of the invention may include a carrier wave having electronically readable control signals, which can be operated by a programmable computer system in which one of the methods described herein are executed. Embodiments of the invention may be implemented as a computer program product having a program code, the program code is run to perform one of the methods when the computer program is run on the computer. The program code can be, for example, stored on a machine readable carrier. One embodiment of the present invention may be a computer program having a program when the computer is driven onto the computer, where the program code for performing one of the methods described. The invention may include a computer, or a programmable logic device for executing one of the methods described above. A programmable logic device to implement the method some or all of the functions of the above may be used (for example, a field programmable gate array, a complementary metal oxide semiconductor based logic circuitry).

In addition, more than the been shown and described a preferred embodiment of the invention, the invention is not limited to the embodiment of the above-described particular, technology pertaining the art without departing from the subject matter of the present invention invention claimed in the claims field in the embodiment and various modifications are possible as well as by those of ordinary skill, such modifications will be performed should not be understood individually from the technical spirit or prospect of the present invention.

<Explanation of symbols>

10: controller 20: SDN switch

30: The network device 100: control unit

120: topology management module 125: route calculation module

130: message management module 135: an entry management module,

190: storage unit 200: switch controller

205, port unit 210; Communication Controller

220: flow search module 230: flow processing module

235: a packet processing module 240: a table management module

300: legacy apps container 400: Container legacy

Claims (12)

  1. SDN as a method of providing IP address (Software Defined Network) based multi-tenant support network systems,
    The system comprising:
    A controller for controlling the plurality of switches of the SDN-based;
    Legacy container to treat a switch group including at least a portion of the switch of the plurality of switches to a virtual router, generates the routing information for the packet flowing to any one switch of the switch group; And
    When receiving the virtual router generates the request message, the assigned computing resources and including a container legacy apps that generated using the legacy container virtualization technology,
    The legacy app container is configured to generate a plurality of legacy container on the basis of the specific information of slicing identifier based on the packet incoming to the plurality of switches,
    Slicing the identifier is used as the system corresponding to any of the tenants of a plurality of tenants (tenant) coupled to the plurality of switches,
    , At the legacy container, receiving an incoming packet incoming to any one of the switch and the controller and the app of the plurality of switches;
    That the incoming dynamic host configuration protocol packet; if (DHCP Dynamic Host Configuration Protocol), comprising: generating an IP address from the DHCP server generates a virtual container in the legacy; And
    The generated IP address, IP address, service comprises the step is sent to a switch transmitting the incoming packet through the app and the controller.
  2. According to claim 1,
    The plurality of legacy container, IP address provided a method of forming one another isolated network.
  3. According to claim 1,
    The legacy app container, IP address provided to specify how the network information including a namespace identifier associated with the slicing identifier of the packet to the legacy container.
  4. 4. The method of claim 3,
    In the controller, the case can not be interpreted for the incoming packets incoming on the plurality of switches, if the routing of the incoming packet is not possible, and at least one when one of cases that is specified in the policy, the legacy container for the incoming packet , IP address, it provides further comprising the step of delivering to the app.
  5. 5. The method of claim 4,
    The legacy container app, IP address to the legacy container including a namespace identifier corresponding to the extracted slicing identifier extracts slicing identifier from the incoming packets received from the controller further includes the step of transferring the incoming packet how to offer.
  6. SDN (Software Defined Network) controller for controlling the plurality of switches in the base;
    Legacy container that provides a virtual routing capabilities; And
    An IP address provided a method of providing multi-tenant network system that includes a legacy app container for generating the legacy container,
    , At the legacy app container, receiving a route request message;
    Generating the legacy container in the app, the allocation of computing resources;
    The method comprising in the app, specify the network information including a namespace identifier to the container; And
    In the container, comprising: a step of preparing a virtual routing function using the network information,
    The namespace identifier corresponding to any of the tenants of a plurality of tenants (tenant) coupled to the plurality of switches, and
    The apps and legacy generating a plurality of containers,
    The namespace identifier corresponds to the specific information of slicing identifier based on the packet incoming to the plurality of switches,
    If the controller, there is no process information of the incoming packet to any one switch of the plurality of switches, the method comprising: forwarding the incoming packet to the app;
    The method comprising in the app, extract slicing identifier from the incoming packet;
    Transferring the incoming packet in the app, as a container comprising a namespace identifier corresponding to the extracted identifier of the plurality of slicing legacy container; And
    Wherein the incoming packet Dynamic Host Configuration Protocol in the container;, IP address if the service method (DHCP Dynamic Host Configuration Protocol), using a virtual DHCP server further comprising: generating the IP address.
  7. 7. The method of claim 6,
    The plurality of legacy container, IP address provided a method of forming one another isolated network.
  8. SDN (Software Defined Network) controller for controlling the plurality of switches in the base;
    Legacy container to treat a switch group including at least a portion of the switch of the plurality of switches to a virtual router, generates the routing information for the packet flowing to any one switch of the switch group; And
    When receiving the virtual router generates the request message, the assigned computing resources and including a container legacy apps that generated using the legacy container virtualization technology,
    The legacy app container is configured to generate a plurality of legacy container on the basis of the specific information of slicing identifier based on the packet incoming to the plurality of switches,
    The legacy container IP address a request comes in, based on the network environment of the switch and the IP address provided the IP address, IP address, which provides the ability to generate the requested network device, multi-tenant's SDN-based supporting network via the switch system.
  9. The method of claim 8,
    The legacy app container is configured to generate a plurality of the legacy container,
    The plurality of legacy container produced is a network system that forms a mutually isolated network.
  10. The method of claim 8,
    The legacy app container, network system specified in the legacy network information container that includes a namespace identifier associated with the slicing of the packet identifier.
  11. 11. The method of claim 10,
    Wherein the controller, if not possible interpretations of an incoming packet incoming on the plurality of switches, if the routing of the incoming packet is not possible, and at least one when one of cases that is specified in the policy, the legacy container for the incoming packet and network systems to deliver apps.
  12. 12. The method of claim 11,
    The legacy app container, the network system for transmitting the incoming packet to the legacy container including a namespace identifier corresponding to the extracted identifier slicing extracts slicing identifier from the incoming packets received from the controller.
PCT/KR2016/000437 2016-01-12 2016-01-15 Sdn-based network system for supporting multi-tenants and method for supporting multi-tenants WO2017122848A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
KR20160003891A KR101806376B1 (en) 2016-01-12 2016-01-12 Multi tunant network system based on sdn capable of supplying ip address
KR10-2016-0003891 2016-01-12
KR10-2016-0003809 2016-01-12
KR20160003809A KR101729944B1 (en) 2016-01-12 2016-01-12 Method for supplying ip address by multi tunant network system based on sdn

Publications (1)

Publication Number Publication Date
WO2017122848A1 true true WO2017122848A1 (en) 2017-07-20

Family

ID=59311043

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2016/000437 WO2017122848A1 (en) 2016-01-12 2016-01-15 Sdn-based network system for supporting multi-tenants and method for supporting multi-tenants

Country Status (1)

Country Link
WO (1) WO2017122848A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130058215A1 (en) * 2010-07-06 2013-03-07 Teemu Koponen Network virtualization apparatus and method with a table mapping engine
KR20140102398A (en) * 2013-02-14 2014-08-22 삼성전자주식회사 Method for sharing network based on software defined network to support multiple operator
CN104158916A (en) * 2013-05-13 2014-11-19 中兴通讯股份有限公司 Method and device for device accessing to network
KR20150013977A (en) * 2013-07-24 2015-02-06 주식회사 케이티 Sdn programable gateway device and method thereof
KR101527786B1 (en) * 2013-12-31 2015-06-09 쿨클라우드(주) Method for managing hybrid sdn network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130058215A1 (en) * 2010-07-06 2013-03-07 Teemu Koponen Network virtualization apparatus and method with a table mapping engine
KR20140102398A (en) * 2013-02-14 2014-08-22 삼성전자주식회사 Method for sharing network based on software defined network to support multiple operator
CN104158916A (en) * 2013-05-13 2014-11-19 中兴通讯股份有限公司 Method and device for device accessing to network
KR20150013977A (en) * 2013-07-24 2015-02-06 주식회사 케이티 Sdn programable gateway device and method thereof
KR101527786B1 (en) * 2013-12-31 2015-06-09 쿨클라우드(주) Method for managing hybrid sdn network

Similar Documents

Publication Publication Date Title
US7099912B2 (en) Integrated service management system
US6807172B1 (en) Method and apparatus for learning and switching frames in a distributed network switch
US8296459B1 (en) Custom routing decisions
US8146148B2 (en) Tunneled security groups
US20090327392A1 (en) Method and system for creating a virtual router in a blade chassis to maintain connectivity
US6147995A (en) Method for establishing restricted broadcast groups in a switched network
US20130136123A1 (en) Method and apparatus for implementing a flexible virtual local area network
US20040039847A1 (en) Computer system, method and network
US20030056063A1 (en) System and method for providing secure access to network logical storage partitions
US20150244617A1 (en) Physical path determination for virtual network packet flows
US20050246450A1 (en) Network protocol processing device
US20030188003A1 (en) Method and apparatus for the provision of unified systems and network management of aggregates of separate systems
US20100165877A1 (en) Methods and apparatus for distributed dynamic network provisioning
US8565118B2 (en) Methods and apparatus for distributed dynamic network provisioning
US20100169880A1 (en) Virtual input-output connections for machine virtualization
US6327621B1 (en) Method for shared multicast interface in a multi-partition environment
US8370834B2 (en) Routing across a virtual network
US8121126B1 (en) Layer two (L2) network access node having data plane MPLS
US20040078772A1 (en) Dynamic route exchange
US20130332602A1 (en) Physical path determination for virtual network packet flows
US8619771B2 (en) Private allocated networks over shared communications infrastructure
US20130332983A1 (en) Elastic Enforcement Layer for Cloud Security Using SDN
US20130266007A1 (en) Switch routing table utilizing software defined network (sdn) controller programmed route segregation and prioritization
Keller et al. Live migration of an entire network (and its hosts)
US20140115578A1 (en) Providing a virtual security appliance architecture to a virtual cloud infrastructure

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16885160

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE