WO2023236858A1

WO2023236858A1 - Flow table rule management method, traffic management method and system, and storage medium

Info

Publication number: WO2023236858A1
Application number: PCT/CN2023/097966
Authority: WO
Inventors: 徐新海; 唐新晨; 谢红; 王军; 李春辉; 王志达; 曾德勋
Original assignee: 华为技术有限公司
Priority date: 2022-06-06
Filing date: 2023-06-02
Publication date: 2023-12-14
Also published as: CN117240790A

Abstract

The present application relates to the technical field of communications, and provides a flow table rule management method, a traffic management method and system, and a storage medium. The method comprises: a VS acquires an access control list (ACL) flow matching rule; the VS instructs an intelligent network card to manage the ACL flow matching rule; and the intelligent network card manages the ACL flow matching rule, the ACL flow matching rule being used by the intelligent network card to perform operation and maintenance function management on a packets. The ACL flow matching rule is managed by means of the intelligent network card, so that during enabling of an operation and maintenance capability, existing flow table entries on the intelligent network card do not need to be cleared, the first packet does not need to be sent to the VS for re-learning, and there is only a need to subject the received packet to the ACL flow matching rule, so as to enable the intelligent network card to have a highly maintainable and reliable operation and maintenance capability. Furthermore, an operation and maintenance function is implemented by means of the intelligent network card, so that counting statistics and the like can be implemented by hardware, and compared with software implementation, the statistical result is more accurate.

Description

Flow table rule management method, traffic management method, system and storage medium

This application claims priority to the Chinese patent application with application number 202210632725.7 and the invention title "A method, system and device for data forwarding" submitted on June 6, 2022. This application claims priority on June 21, 2022 The submitted application number is 202210709643.8 and the invention title is "Flow table rule management method, traffic management method, system and storage medium", the priority of the Chinese patent application, the entire content of which is incorporated into this application by reference.

Technical field

This application relates to the field of communication technology, and in particular to a flow table rule management method, a traffic management method, a system and a storage medium.

Background technique

With the continuous development of software defined network (SDN) and network functions virtualization (NFV) technologies, various data plane open source solutions have emerged, and virtual switch (VS) is one of them. kind of. VS manages the switch flow table through the open source flow (OpenFlow) protocol, which enables the controller software to access the data path of a switch through the network, thereby realizing management operations such as operation and maintenance functions, control and forwarding of traffic.

Due to the increase in network bandwidth, some traffic management operations of VS can be implemented by smart network cards. Therefore, it is necessary to manage the flow table rules on the smart network card so that the smart network card can manage traffic based on the flow table rules.

Contents of the invention

This application provides a flow table rule management method, a traffic management method, a system and a storage medium, which can realize the management of flow table rules and traffic on a smart network card.

The first aspect provides a management method for flow table rules. The management method is executed by an intelligent network card. The intelligent network card is used to connect to a VS. The method includes: the intelligent network card manages access control list ACL flow matching rules, and ACL flow matching rules. Used for smart network cards to perform operation and maintenance function management on packets.

The AC flow matching rules are managed through the smart network card. When the operation and maintenance capability is enabled, there is no need to clear the existing flow table entries on the smart network card, and the first packet does not need to be sent to the VS for re-learning. The received packets are matched through ACL flows. Just set the rules, so that the smart network card has highly maintainable and reliable operation and maintenance capabilities. Furthermore, by implementing operation and maintenance functions through smart network cards, hardware can be used to perform counting and statistics. Compared with software implementation, the statistical results are more accurate.

In a possible implementation manner, the ACL flow matching rules include at least one of an inbound ACL flow matching rule and an outbound ACL flow matching rule. The inbound ACL flow matching rules can be used to manage the operation and maintenance functions of the smart network card in the inbound direction. The outbound ACL flow matching rules can be used to manage the operation and maintenance functions of the smart network card in the outbound direction. Through the ACL flow matching rules in different directions, intelligent network cards can be made intelligent. Network card management is more accurate and comprehensive.

In a possible implementation, the smart network card manages access control list ACL flow matching rules, including: the smart network card receives the first message sent by VS by calling the first application programming interface API, and the first message includes the first message of the smart network card. The port identification of the port; the smart network card creates the first port on the first port of the smart network card based on the first message. ACL flow matching rules. By carrying the port identifier in the first message, the smart network card can create an ACL flow matching rule on the corresponding port, thereby improving the accuracy of creating an ACL flow matching rule.

In a possible implementation, the first message further includes at least one of a flow table rule attribute, a flow table rule matching item, and a flow table rule action item; wherein the flow table rule attribute is used to indicate that the packet needs At least one of the matching group, the direction information of the first ACL flow matching rule, and the flow table type; the flow table rule matching items include matching Ethernet layer information, matching virtual LAN VLAN information, and matching Internet Protocol version 4 At least one of IPv4 information or matching Internet Protocol version 6 IPv6 information, matching virtual extended LAN VXLAN information, matching item end, and message tag; the flow table rule action items include flow table statistics, sampling forwarding and flow mirroring, At least one of the operations of setting internal tags, modifying specified fields, and refnum operations for the message. By carrying in the first message at least one type of information among flow table rule attributes, flow table rule matching items and flow table rule action items, the ACL flow matching rules created by the intelligent network card are made more accurate and comprehensive.

In a possible implementation, the method further includes: the smart network card sends a second message to the VS, the second message indicating creating the first ACL flow on the first port of the smart network card. The result of matching rules. Increases reliability by returning results to VS indicating the creation of ACL flow matching rules.

In a possible implementation, the smart network card manages access control list ACL flow matching rules. The method includes: the smart network card receives the third message sent by the VS calling the second API, and based on the third The message deletes the second ACL flow matching rule on the smart network card. When the operation and maintenance capability is turned off or the ACL flow matching rules change, the delivered ACL flow matching rules will be deleted, and subsequent received packets will not be matched by the ACL flow matching rules, making the smart network card highly maintainable and reliable. operation and maintenance capabilities and greater flexibility.

In a possible implementation, the smart network card manages access control list ACL flow matching rules. The method includes: the smart network card receives a fourth message sent by the VS calling a third API, and queries based on the fourth message. And return the statistical information of the smart network card. The query of statistical information is implemented through the fourth message, making the management of flow table rules more flexible.

In a possible implementation, the method further includes: the smart network card manages a hardware matching flow table, the hardware matching flow table is used by the smart network card to manage traffic, and the hardware matching flow table includes At least one of a hardware exact matching flow table and a hardware fuzzy matching flow table. In addition to managing ACL flow matching rules, it can also manage hardware matching flow tables, making the management of flow table rules more comprehensive and more flexible.

In a possible implementation, the hardware fuzzy matching flow table is used to match a first message, and the first message is a message generated by a network element whose flow table entry satisfies the first threshold condition. ; The hardware exact matching flow table is used to match the second message, and the second message is a message generated by a network element that meets the second threshold condition. For the case where the hardware matching flow table managed by the smart network card includes the hardware fuzzy matching flow table and the hardware exact matching flow table, after the smart network card receives the packet, there is no need to compare the packet with the hardware fuzzy matching flow table and the hardware exact matching flow table respectively. Instead of matching, it first determines whether the packet is the first packet or the second packet, and then matches it with the hardware fuzzy matching flow table or the hardware exact matching flow table. In this way, traffic management is performed according to the type of packets, which improves management efficiency.

In a possible implementation manner, the method further includes: the smart network card manages a data plane hash table, and the data plane hash table is used by the smart network card to perform multi-path forwarding of multi-path forwarding messages. Multipath forwarding is implemented through the data plane hash table. For equal-cost multi-path (ECMP) scenarios, the number of entries in the hardware matching flow table can be saved. When the OpenFlow configuration changes, the performance is significantly improved. Stability and reliability of traffic management.

In a possible implementation, the hardware matching flow table includes a hash matching action item, a redirection identifier matching action item, and a hash matching action item. Work items and messages are uploaded to at least one of the VS software control plane matching action items; wherein the hash matching action item is used to instruct the execution of the query action of the data plane hash table, and the turn identification is used To indicate the data plane hash table, the data plane hash table includes a hash value, a mask and the redirection identifier, and the mask corresponds to next hop information.

In the second aspect, a flow table rule management method is provided. The management method is executed by VS, which is used to connect to the smart network card. The method includes: VS obtains the access control list ACL flow matching rule, and the ACL flow matching rule It is used for the smart network card to perform operation and maintenance function management on the packets; the VS instructs the smart network card to manage the ACL flow matching rules.

In a possible implementation manner, the ACL flow matching rules include at least one of inbound ACL flow matching rules and outbound ACL flow matching rules.

In a possible implementation, the VS instructs the smart network card to manage the ACL flow matching rules, and the method includes: the VS calls a first application programming interface API to send a first message to the smart network card. , the first message includes a port identifier of the first port of the smart network card, and the first message is used by the smart network card to create a first ACL flow matching rule on the first port of the smart network card.

In a possible implementation, the first message further includes at least one of a flow table rule attribute, a flow table rule matching item, and a flow table rule action item; wherein the flow table rule attribute is used to indicate the report At least one of the group to be matched, whether the first ACL flow matching rule is an inbound ACL flow matching rule or an outgoing ACL flow matching rule, and a flow table type; the flow table rule matching items include matching Ethernet layers information, matching virtual LAN VLAN information, matching Internet Protocol version 4 IPv4 information or matching Internet Protocol version 6 IPv6 information, matching virtual extended LAN VXLAN information, matching item end, and at least one of message tags; the flow table Rule action items include at least one of flow table statistics, sampling forwarding and flow mirroring, setting internal tags for packets, modifying specified fields, and refnum operations.

In a possible implementation, the method further includes: the VS receiving a second message sent by the smart network card, the second message being used to indicate that the VS is created on the first port of the smart network card. The result of the first ACL flow matching rule.

In a possible implementation, the VS instructs the smart network card to manage the ACL flow matching rules. The method includes: the VS calls a second API to send a third message to the smart network card. The third message is used by the smart network card to delete the second ACL flow matching rule on the smart network card.

In a possible implementation, the VS instructs the smart network card to manage the ACL flow matching rules, and the method includes: the VS calls a third API to send a fourth message to the smart network card, and the third Four messages are used for the smart network card to query and return the statistical information of the smart network card.

In a possible implementation, the method further includes: the VS obtains a hardware matching flow table. The hardware matching flow table is used by the smart network card to manage traffic. The hardware matching flow table includes hardware matching flow table. At least one of an exact matching flow table and a hardware fuzzy matching flow table; the VS instructs the smart network card to manage the hardware matching flow table.

In a possible implementation, the hardware fuzzy matching flow table is used to match a first message, and the first message is a message generated by a network element whose flow table entry satisfies the first threshold condition. ; The hardware exact matching flow table is used to match the second message, and the second message is a message generated by a network element that meets the second threshold condition.

In a possible implementation, the method further includes: the VS obtains a data plane hash table, and the data plane hash table is used by the smart network card to perform multi-path forwarding of multi-path forwarding messages; The VS instructs the smart network card to manage the data plane hash table.

In a possible implementation, the hardware matching flow table includes at least one of a hash matching action item, a redirection identifier matching action item, and a message uploading matching action item to the VS software control plane; wherein, The hash matching action item is used to indicate the execution of the query action of the data plane hash table, and the redirection identity document (ID) is used to indicate the data plane hash table. The data plane hash table The table includes a hash value, a mask and the redirection identifier, and the mask corresponds to next hop information.

In a third aspect, a traffic management method is provided, which method includes: a smart network card receives a message, and matches the message with an access control list ACL flow matching rule created on the smart network card; based on the message Successfully matches the ACL flow matching rule, and the smart network card performs operation and maintenance function management on the packet according to the ACL flow matching rule. When the operation and maintenance capability is enabled, the smart network card implements the management of the operation and maintenance function. There is no need to clear the existing forwarding flow table entries, and the received packets do not need to be sent to the VS for re-learning, and they can no longer be triggered by traffic. The received packets only need to be matched with ACL flow rules through the smart network card. Therefore, the smart network card has highly maintainable and reliable operation and maintenance capabilities. Furthermore, operation and maintenance functions such as counting and statistics are implemented through smart network cards, that is, counting and statistics are implemented by hardware. Compared with software implementation, the statistical results are more accurate.

In a possible implementation, the ACL flow matching rules include inbound ACL flow matching rules and outgoing ACL flow matching rules; based on the successful matching of the packet and the ACL flow matching rule, the The intelligent network card performs operation and maintenance function management on the packet according to the ACL flow matching rule, including: based on the successful matching of the packet with the incoming ACL flow matching rule, the intelligent network card performs operation and maintenance function management on the incoming ACL flow matching rule based on the incoming ACL flow matching rule. The ACL flow matching rules perform inbound operation and maintenance function management on the packets; the smart network card forwards the packets on Layer 2 and Layer 3 networks; the packets are successfully matched with the outbound ACL flow matching rules. , the smart network card performs outbound operation and maintenance function management on the packet according to the outbound ACL flow matching rules.

In a possible implementation, the method further includes: the smart network card matches the message with a hardware matching flow table, where the hardware matching flow table includes a hardware exact matching flow table and a hardware fuzzy matching flow table. At least one of: the smart network card performs traffic management on the packet according to the matching result between the packet and the hardware matching flow table.

In a possible implementation, the smart network card matches the message with a hardware matching flow table, including: based on the message being the first message, the smart network card matches the message with the The hardware fuzzy matching flow table is used for matching, and the first message is a message generated by a network element that generates a flow table entry that satisfies the first threshold condition; or based on the message being a second message, the intelligent The network card matches the packet with the hardware exact matching flow table, and the second packet is a packet generated by a network element that meets the second threshold condition.

In a possible implementation, the smart network card performs traffic management on the packet according to the matching result between the packet and the hardware matching flow table, including: based on the matching flow between the packet and the hardware. The matching result of the table is that the packet successfully matches the hardware matching flow table, and the hardware matching flow table includes a upload action item, and the packet is uploaded to the VS; or, based on the report If the matching result between the packet and the hardware matching flow table is that the packet fails to match the hardware matching flow table, the packet is sent to the VS.

In a possible implementation, the message is a multi-path forwarding message, and the method further includes: the smart network card matches the message with a data plane hash table; based on the message and The data plane hash table matches successfully, and the smart network card performs multi-path forwarding of the message.

In a possible implementation, the hardware matching flow table includes hash matching action items and turn identification matching Action item; wherein, the hash matching action item is used to indicate the execution of the query action of the data plane hash table, and the turn identification is used to indicate the data plane hash table, and the data plane hash table includes Hash value, mask and the redirection identifier, the mask corresponding to the next hop information;

The smart network card matches the message with the data plane hash table, including: the smart network card calculates a hash value corresponding to the message based on the hash matching action item, and calculates a hash value based on the hash value. Obtain the mask corresponding to the message; search the data plane hash table based on the steering identifier matching action item; based on the mask corresponding to the message is consistent with the mask in the data plane hash table , confirming that the message matches the data plane hash table successfully;

The intelligent network card performs multi-path forwarding of the message, including: the intelligent network card performs multi-path forwarding of the message according to the next hop information corresponding to the mask in the data plane hash table.

In a possible implementation, the hardware matching flow table includes a hash matching action item, a redirection identification matching action item, and a packet uploading matching action item to the VS software control plane; wherein, the hash matching action item The item is used to indicate the execution of the query action of the data plane hash table, and the turn identification is used to indicate the data side hash table. The data side hash table includes a hash value, a mask and the turn identification , the mask corresponds to the next hop information;

The smart network card matches the message with the data plane hash table, including: the smart network card calculates a hash value corresponding to the message based on the hash matching action item, and calculates a hash value based on the hash value. Obtain the mask corresponding to the message; search the data plane hash table based on the steering identifier matching action item; based on the hash value corresponding to the message and the mask in the data plane hash table Inconsistent, it is determined that the message and the data plane hash table fail to match;

The method further includes: the smart network card sending the message to the virtual switch VS.

In a fourth aspect, a traffic management method is provided. The method includes: the virtual switch VS receives a message sent by the smart network card, and the message is matched by the smart network card with the hardware on the smart network card. The flow table is successfully matched and the hardware matching flow table includes an upload action item, or the message is sent by the smart network card when the message matches the hardware flow on the smart network card. The message is sent when the matching table fails, or the message is sent by the smart network card after the message fails to match the data plane hash table on the smart network card; the VS sends the message Match with the open source flow table on the VS, and perform traffic management on the packets based on the matching results.

In a fifth aspect, a method for managing flow table rules is provided. The method is executed by a smart network card. The method includes: the smart network card manages a hardware matching flow table, and the hardware matching flow table is used by the smart network card to perform traffic management on traffic. , the hardware matching flow table includes at least one of a hardware exact matching flow table and a hardware fuzzy matching flow table.

In a possible implementation manner, the method further includes: the smart network card manages a data plane hash table, and the data plane hash table is used by the smart network card to perform multi-path forwarding of multi-path forwarding messages.

In a possible implementation, the hardware matching flow table includes at least one of a hash matching action item, a redirection identifier matching action item, and a message uploading matching action item to the VS software control plane; wherein, The hash matching action item is used to indicate the execution of the query action of the data plane hash table, and the redirection flag is used to indicate the data plane hash table. The data plane hash table includes a hash value, a mask and the redirection identifier, and the mask corresponds to next hop information.

In the sixth aspect, a flow table rule management method is provided. The method is executed by VS, which is used to connect to a smart network card. The method includes: VS obtains a hardware matching flow table, and the hardware matching flow table is used for the smart network card. The network card performs traffic management on traffic, and the hardware matching flow table includes at least one of a hardware exact matching flow table and a hardware fuzzy matching flow table; the VS instructs the smart network card to manage the hardware matching flow table.

In a possible implementation, the hardware matching flow table includes at least one of a hash matching action item, a redirection identifier matching action item, and a message uploading matching action item to the VS software control plane; wherein, The hash matching action item is used to indicate the execution of the query action of the data plane hash table, and the steering ID is used to indicate the data plane hash table. The data plane hash table includes a hash value, a mask and the redirection identifier, and the mask corresponds to next hop information.

In a seventh aspect, a traffic management method is provided. The method includes: a smart network card obtains a message, and matches the message with a hardware matching flow table. The hardware matching flow table includes a hardware exact matching flow table and a hardware fuzzy flow table. Match at least one of the flow tables; the smart network card performs traffic management on the packet according to the matching result between the packet and the hardware matching flow table.

In a possible implementation, the hardware matching flow table includes a hash matching action item and a turn identification matching action item; wherein the hash matching action item is used to indicate execution of a query of the data plane hash table Action, the redirection identifier is used to indicate the data plane hash table, the data plane hash table includes a hash value, a mask and the redirection identifier, and the mask corresponds to next hop information;

In an eighth aspect, a traffic management method is provided. The method includes: VS receives a message sent by a smart network card, and the message is matched by the smart network card between the message and a hardware matching flow table on the smart network card. is sent when the matching is successful and the hardware matching flow table includes an upload action item, or the message is sent by the smart network card when the message matches the hardware matching flow table on the smart network card. Sent when the match fails, or the message is sent by the smart network card after the message fails to match the data plane hash table on the smart network card;

The VS matches the packet with the open source flow table on the VS, and performs traffic management on the packet according to the matching result.

In a ninth aspect, a management device is provided, which device includes: a processor configured to implement management of flow table rules as in any one of the above-mentioned first aspect, second aspect, fifth aspect, or sixth aspect. The method, or, is used to implement the traffic management method as described in any one of the third aspect, the fourth aspect, the seventh aspect, or the eighth aspect.

In a possible implementation, the device is a chip.

In a possible implementation, the device is a network device, and the type of the network device includes at least one of the following: a router, a switch, or a server.

In a tenth aspect, a management system is provided. The management system includes a VS and a smart network card. The smart network card is used to execute the management method of the flow table rules in any one of the above first and fifth aspects. The VS is used to execute the above mentioned flow table rules. The management method of flow table rules in either aspect 2 or aspect 6.

In an eleventh aspect, a management system is provided. The management system includes a VS and a smart network card. The smart network card is used to perform the traffic management method in any one of the above third and seventh aspects. The VS is used to perform the above fourth aspect. Or any traffic management method in the eighth aspect.

In a twelfth aspect, a network device is provided. The network device includes a processor. The processor is coupled to a memory. At least one program instruction or code is stored in the memory. The at least one program instruction or code is loaded and executed by the processor. The network device is allowed to implement the flow table rule management method in any one of the above-mentioned first aspect, second aspect, fifth aspect or sixth aspect, or to implement the above-mentioned third aspect, fourth aspect or seventh aspect or The traffic management method described in any one of the eighth aspects.

In a thirteenth aspect, a computer-readable storage medium is provided. At least one instruction is stored in the storage medium, and the instruction is loaded and executed by a processor, so that the computer implements the above-mentioned first or second aspect or The management method of flow table rules in any one of the fifth or sixth aspects, or the traffic management method described in any one of the third or fourth aspect, the seventh or the eighth aspect, is implemented.

In a fourteenth aspect, a computer program (product) is provided. The computer program (product) includes a computer program. When the computer program is run by a computer, it causes the computer to execute the above-mentioned first aspect or the second aspect or the fifth aspect. The method for managing flow table rules in any one of the aspects or the sixth aspect, or executing the traffic management method as described in any one of the above-mentioned third aspect, fourth aspect, seventh aspect or eighth aspect.

In a fifteenth aspect, a communication device is provided, which includes: a transceiver, a memory, and a processor. Wherein, the transceiver, the memory and the processor communicate with each other through an internal connection path, the memory is used to store instructions, and the processor is used to execute the instructions stored in the memory to control the transceiver to receive signals and control the transceiver to send signals. , and when the processor executes the instructions stored in the memory, the processor is caused to execute the flow table rule management method as in any one of the above-mentioned first aspect, second aspect, fifth aspect or sixth aspect, or, execute The traffic management method as described in any one of the above third aspect, fourth aspect, seventh aspect or eighth aspect.

In a possible implementation, there are one or more processors and one or more memories.

In a possible implementation, the memory may be integrated with the processor, or the memory may be provided separately from the processor.

In the specific implementation process, the memory can be a non-transitory memory, such as a read-only memory (ROM), which can be integrated on the same chip as the processor, or can be set on different On the chip, this application does not limit the type of memory and the arrangement of the memory and the processor.

In a sixteenth aspect, a chip is provided, including a processor for calling and running instructions stored in the memory, so that the communication device installed with the chip executes the above-mentioned first aspect, second aspect, or fifth aspect. Or the management method of flow table rules in any one of the sixth aspect, or, perform the traffic management method as described in any one of the third or fourth aspect, the seventh aspect or the eighth aspect.

In a seventeenth aspect, another chip is provided, including: an input interface, an output interface, a processor, and a memory. The input interface, the output interface, the processor, and the memory are connected through an internal connection path. The processor is used to execute tasks in the memory. Code, when the code is executed, the processor is configured to execute the management method of the flow table rules in any one of the above-mentioned first aspect or the second aspect or the fifth aspect or the sixth aspect, or to execute the above-mentioned third aspect or the third aspect. The traffic management method described in any one of the fourth aspect, the seventh aspect, or the eighth aspect.

It should be understood that the beneficial effects achieved by the technical solutions of the second to seventeenth aspects of the present application and the corresponding possible implementations can be referred to the above-mentioned technical effects of the first aspect and the corresponding possible implementations. No further details will be given.

Description of the drawings

Figure 1 is a schematic diagram of an implementation environment provided by an embodiment of the present application;

Figure 2 is a schematic diagram of another implementation environment provided by the embodiment of the present application;

Figure 3 is a schematic diagram of another implementation environment provided by the embodiment of the present application;

Figure 4 is an interactive schematic diagram of a flow table rule management method provided by an embodiment of the present application;

Figure 5 is a flow chart of a traffic management method provided by an embodiment of the present application;

Figure 6 is a schematic diagram of a flow table rule management and traffic management process provided by an embodiment of the present application;

Figure 7 is an interactive schematic diagram of another flow table rule management method provided by an embodiment of the present application;

Figure 8 is an interactive schematic diagram of another flow table rule management method provided by an embodiment of the present application;

Figure 9 is a flow chart of another traffic management method provided by an embodiment of the present application;

Figure 10 is a schematic diagram of another flow table rule management and traffic management process provided by the embodiment of the present application;

Figure 11 is a schematic diagram of another flow table rule management and traffic management process provided by the embodiment of the present application;

Figure 12 is an interactive schematic diagram of another flow table rule management method provided by an embodiment of the present application;

Figure 13 is an interactive schematic diagram of another traffic management method provided by an embodiment of the present application;

Figure 14 is a schematic diagram of another flow table rule management and traffic management process provided by the embodiment of the present application;

Figure 15 is an interactive schematic diagram of another flow table rule management method provided by an embodiment of the present application;

Figure 16 is a schematic structural diagram of a flow table rule management device provided by an embodiment of the present application;

Figure 17 is a schematic structural diagram of another flow table rule management device provided by an embodiment of the present application;

Figure 18 is a schematic structural diagram of a traffic management device provided by an embodiment of the present application;

Figure 19 is a schematic structural diagram of another traffic management device provided by an embodiment of the present application;

Figure 20 is a schematic structural diagram of a network device provided by an embodiment of the present application;

Figure 21 is a schematic structural diagram of another network device provided by an embodiment of the present application.

Detailed ways

In order to make the purpose, technical solutions and advantages of the present application clearer, the embodiments of the present application will be further described in detail below with reference to the accompanying drawings.

With the development of network interface card (NIC), smart network card (smart NIC) emerged as the times require. Smart network cards are also called smart network adapters. In addition to completing the network transmission functions of standard network cards, smart network cards also provide built-in programmable and configurable hardware acceleration engines. Smart network cards can not only improve the performance of applications, but also significantly reduce the consumption of the central processing unit (CPU) in communication, thus providing more CPU resources for applications. Because of this, as network bandwidth increases, some traffic management operations of VS can be implemented by smart network cards. The embodiment of this application provides a flow table rule management method and a traffic management method, so that after the VS delivers the flow table rules to the smart network card, it can manage the flow table rules on the smart network card, and further based on the flow table rules Carry out traffic management.

Illustratively, the method provided by the embodiment of the present application can be applied in the implementation environment shown in Figure 1. In Figure 1, the implementation environment includes SDN controller, VS and intelligent network card. The SDN controller is connected to the VS, and at least one smart network card is plugged into the VS (only one is used as an example in Figure 1 for illustration). Among them, VS is a virtual switch that supports the OpenFlow protocol. The OpenFlow protocol is a set of SDN control protocols. Different manufacturers use this standard to make switches and controllers compatible with each other, thereby facilitating the implementation of SDN. Optionally, VS can be an open source virtual switch (OVS).

In a possible implementation, the SDN controller manages all flow tables, and the flow tables include one or more flow matching rules. The SDN controller delivers an OpenFlow table to the VS, which contains at least one OpenFlow matching rule. The VS can generate an ACL based on the OpenFlow table, that is, generate one or more ACL flow matching rules. Taking the implementation environment shown in Figure 2 as an example, after VS generates an ACL, the OpenFlow table and ACL can be managed on VS, that is, OpenFlow matching rules and ACL flow matching rules can be managed. The ACL includes but is not limited to at least one of an ingress ACL and an egress ACL. That is, the ACL flow matching rules generated by the VS include but are not limited to ingress ACL flow matching rules and egress ACL. ACL flow matches at least one of the rules. Inbound ACL flow matching rules are used to control access to packets in the inbound direction, and outbound ACL flow matching rules are used to control access to packets in the outbound direction.

Optionally, in addition to generating an ACL based on the OpenFlow table, VS can also generate at least one of a fuzzy match flow (MegaFlow) table and an exact match flow (extract match cache, EMC) table based on the OpenFlow table. Taking the implementation environment shown in Figure 3 as an example, VS can manage OpenFlow tables, ACLs, fuzzy matching flow tables and exact matching flow tables on VS. The fuzzy matching flow table includes at least one fuzzy flow matching rule, the exact matching flow table includes at least one precise flow matching rule, the ACL includes at least one ACL flow matching rule, and the at least one ACL flow matching rule includes incoming At least one of ACL flow matching rules and outbound ACL flow matching rules.

No matter what kind of flow table is managed on the VS, as the network bandwidth increases, the VS can deliver the flow table on the VS to the smart network card and instruct the smart network card to manage the flow table rules and traffic management. In a possible implementation, VS runs a data plane development kit (DPDK). DPDK is a simple and complete open source framework that provides fast packet processing in data plane applications. VS Connect with smart network cards through this open source framework. Different smart network cards can be registered to the open source framework through the driver on the smart network card, thereby binding the VS to the smart network card. From this, VS can obtain relevant information about the smart network card, such as port information. Among them, the open source framework includes multiple open source interfaces, namely application programming interface (API). When VS instructs the smart network card to manage flow table rules, it can do so by calling the corresponding API on the open source framework. Next, the following management methods of flow table rules will be explained as examples.

The embodiment of the present application provides a method for managing flow table rules. Figure 4 is an interaction diagram of the method for managing flow table rules. The management method is implemented by the interaction between the VS and the smart network card. As shown in Figure 4, the method includes but is not limited to the following steps 401 to 403.

Step 401: VS obtains ACL flow matching rules, which are used by the smart network card to perform operation and maintenance function management on packets.

As described in the implementation environment of Figure 2 or Figure 3, the SDN controller can deliver an OpenFlow table to the VS, and the VS can generate an ACL based on the OpenFlow table, that is, generate one or more ACL flow matching rules. Afterwards, VS can deliver the generated ACL flow matching rules to the smart network card. Exemplarily, the ACL flow matching rules include at least one of inbound ACL flow matching rules and outbound ACL flow matching rules. Any ACL flow matching rule is used by the smart network card to perform operation and maintenance function management of packets. If the ACL flow matching rule only includes inbound ACL flow matching rules, the incoming ACL flow matching rule can be used by the smart network card in the inbound direction. Operation and maintenance function management. If the ACL flow matching rules only include outbound ACL flow matching rules, the outgoing ACL flow matching rules can be used for outbound O&M function management of the intelligent NIC. If the ACL flow matching rules include both inbound and outbound ACL flow matching rules, the smart NIC can be used to manage both the inbound and outbound O&M functions.

Step 402: VS instructs the intelligent network card to manage ACL flow matching rules.

After VS delivers the ACL flow matching rules to the smart network card, it can instruct the smart network card to manage the ACL flow matching rules, thereby delivering the ACL flow matching rules to the smart network card, so that the smart network card has operation and maintenance functions. Among them, the VS instructs the smart network card to manage ACL flow matching rules, including but not limited to creating ACL flow matching rules, deleting ACL flow matching rules, and querying statistical information based on ACL flow matching rules and other operation and maintenance functions.

Step 403: The intelligent network card manages ACL flow matching rules.

The smart network card receives the ACL flow matching rules issued by the VS and manages the ACL flow matching rules according to the instructions of the VS. In a possible implementation, the VS instructs the intelligent network card to manage ACL flow matching rules and the intelligent network card to manage ACL flow matching rules, including but not limited to the following situations.

In case 1, VS instructs the smart network card to create an ACL flow matching rule.

In this case, since the VS and the smart network card are connected through an open source framework, which includes multiple open source interfaces, that is, APIs, the VS can obtain the port information of the smart network card. Therefore, when VS instructs the smart network card to manage the ACL flow matching rules, VS can call the first API to send the first message to the smart network card. The first message includes the port identifier of the first port of the smart network card. The first message is used by the smart network card to Create the first ACL flow matching rule on the first port of the smart NIC. By carrying the port identifier in the first message, the smart network card can create an ACL flow matching rule on the corresponding port, thereby improving the accuracy of creating an ACL flow matching rule.

The embodiment of the present application does not limit the first API. For example, the first API corresponds to the flow table entry creation function. VS calls the first API, that is, it implements the call to the flow table entry creation function, and then uses the first API to encapsulate the first API. message and sends the first message to the smart network card. Since the first message includes the port identifier of the first port of the smart network card, the smart network card can determine on which port to create the first ACL flow matching rule after receiving the first message.

In a possible implementation, in addition to the port identifier of the first port of the smart network card, the first message also includes at least one of flow table rule attributes, flow table rule matching items, and flow table rule action items. One; wherein the flow table rule attribute is used to indicate at least one of the group to which the packet needs to match, the direction information of the first ACL flow matching rule, and the flow table type; the flow table rule matching items include matching Ethernet layer information, matching Virtual local area network (VLAN) information, matching Internet protocol version 4 (IPv4) information or matching Internet protocol version 6 (IPv6) information, matching virtual extensible local area network, VXLAN) information, end of matching items, and at least one of packet tags; flow table rule action items include flow table statistics, sampling forwarding and flow mirroring, setting internal tags for packets, modifying specified fields, and refnum operations at least one of them. By carrying in the first message at least one type of information among flow table rule attributes, flow table rule matching items and flow table rule action items, the ACL flow matching rules created by the intelligent network card are made more accurate and comprehensive.

For example, the flow table entry creation function and the content and description of the first message may be as shown in Table 1 below. In Table 1, the reserved field corresponds to the high two bits of the reserved bits, and the flow table rule type is represented by the high two bits of the reserved bits. For ACL flow matching rules, the high two digits of the reserved parameter are 3, indicating that the flow table rule type created is an ACL flow matching rule.

Table 1

For example, the flow table rule matching items in the above Table 1 include but are not limited to the content shown in the following Table 2.

Table 2

For example, the flow table rule action items in Table 1 include but are not limited to the content shown in Table 3 below.

table 3

Based on the above Table 1-Table 3, in order to meet the operation and maintenance statistical requirements, the ACL flow matching rules are delivered to the smart network card through the flow interface (reserved=3). When creating an ACL flow matching rule, the smart NIC can specify the ACL flow matching rule. direction, such as ingress ACL flow matching rules or egress ACL flow matching rules. For the case where inbound ACL flow matching rules and outbound ACL flow matching rules are created on the smart network card, the smart network card performs inbound ACL flow matching rules on the received packets, and then forwards them on the Layer 2 and Layer 3 networks, and then The process of executing outbound ACL flow matching rules.

Optionally, as shown in Table 1 above, the smart network card also supports grouping ACL flow matching rules. ACL flow matching rules in the same port and the same direction can be matched and queried for each group. For example, different rule group numbers can be identified through the group parameter in Table 1.

In a possible implementation, the ACL flow matching rules in the method provided by the embodiments of this application can set a TAG mark for the packets when inbound, and the statistics of the packets can be realized by matching the TAG mark when going outbound.

It should be noted that in the method provided by the embodiment of the present application, the ACL flow matching rules support any combination of flow table rule matching items. During the implementation process, the method provided by the embodiments of the present application may not perform mask matching on certain bits of a certain flow table rule matching item, but each flow table rule matching item may be determined by masking whether it is a The flow table rule matches shown in Table 2 above. In addition, ACL flow matching rules support any combination of the flow table rule action items in Table 3 above. For example, based on Table 3, you can use the reference 1 handle operation.

In a possible implementation, after the smart network card creates the ACL rule, the method further includes: the smart network card sends a second message to the VS, and the second message indicates to create the first ACL flow matching rule on the first port of the smart network card. result. Exemplarily, the second message includes the port identification of the first port and the result of creating the first ACL flow matching rule. For example, when the smart network card creates the first ACL flow matching rule and the result is successful, the corresponding return value is returned; otherwise, an error message is returned. For example, when the result of creating the first ACL flow matching rule is success, the return value is 0. Alternatively, the return value is a flow table entry object pointer. If the result of creating the first ACL flow matching rule is failure, the return value is a null pointer.

Correspondingly, VS receives the second message sent by the smart network card. Since the second message is used to indicate the result of creating the first ACL flow matching rule on the first port of the smart network card, the VS can obtain the result of creating the first ACL flow matching rule on the first port of the smart network card based on the second message. . For example, if the second message includes the corresponding return value when the result of creating the first ACL flow matching rule is successful, then VS can determine that the smart network card successfully created the first ACL flow matching rule. If the second message includes error information, then VS It can be determined that the smart network card failed to create the first ACL flow matching rule. Increases reliability by returning results to VS indicating the creation of ACL flow matching rules.

In case 2, VS instructs the smart network card to delete the ACL flow matching rule.

In this second situation, VS instructs the smart network card to manage the ACL flow matching rules, including: VS calls the second API to send a third message to the smart network card. The third message is used by the smart network card to delete the second ACL flow matching rule on the smart network card.

The embodiment of this application does not limit the second API. When the created ACL flow matching rule changes, VS can call the second API, and then encapsulate the third message through the second API, and send the third message to the smart network card. The third message may include a port identifier of the second port of the smart network card to instruct the smart network card to delete the second ACL flow matching rule created on the second port. Optionally, in addition to the port identification, the third message may also include flow information. For example, the flow information includes information such as ACL matching rule direction and ACL matching rule items, thereby instructing the smart network card to delete the data corresponding to the port identification through the third message. ACL flow matching rules corresponding to the flow information on the port.

It should be noted that the first port in the embodiment of the present application can be the same as the second port, then the first ACL flow matching rule is the same as the second ACL flow matching rule. After the first ACL flow matching rule is created, the matching rule can be supported. First ACL Deletion of flow matching rules. Optionally, the first port may be different from the second port, and the second ACL flow matching rule is different from the second ACL flow matching rule. This embodiment of the application does not determine whether the created and deleted ACL flow matching rules match the same ACL flow. The rules are limited. For example, the second API corresponds to the flow table entry deletion function. The content of the flow table entry deletion function can be shown in Table 4 below.

Table 4

Correspondingly, the smart network card manages the ACL flow matching rules, including: the smart network card receives the third message sent by VS by calling the second API, and deletes the second ACL flow matching rule on the smart network card based on the third message.

In a possible implementation, the smart network card can also return the result of deleting the second ACL flow matching rule to VS. For example, if the deletion is successful, a message with a value of 0 is returned to VS, so that VS determines the smart network card based on the return value. The second ACL flow matching rule is successfully deleted. For another example, if the smart network card fails to delete the second ACL flow matching rule, an error message is returned. For example, the parameter of the error message defaults to a null value (null), so that VS determines that the smart network card has not successfully deleted the second ACL based on the returned error message. Stream matching rules. Or, if the deletion is successful, the return value is a flow table entry object pointer. If the result of deleting the first ACL flow matching rule is failure, the return value is a null pointer.

In case three, VS instructs the smart network card to query statistical information.

In case three, VS instructs the smart network card to manage ACL flow matching rules, including: VS calls a third API to send a fourth message to the smart network card. Among them, the fourth message is used to query the smart network card and return the statistical information of the smart network card.

This application does not limit the third API. When VS needs to query the statistical information on the smart network card, it sends a fourth message to the smart network card by calling the third API. Exemplarily, the VS encapsulates the fourth message by calling the third API. The fourth message includes the port identifier of the port on the smart network card, which is used for the smart network card to query and return statistical information on the port corresponding to the port identifier. For example, if the ACL flow matching rule includes a flow table statistics action item, then after the smart network card performs the flow table statistics action, the VS can query the statistical information on the smart network card through the fourth message. Optionally, when the ACL flow matching rule does not include the flow table statistics action item, the VS can also call the third API to send the fourth message to the smart network card to query the statistical information on the smart network card. For example, the query VS sends to ACL rule entries on the smart NIC.

Taking the open source query function corresponding to the third API as an example, VS calls the third API, that is, calls the open source query function. The content of the query function can be as shown in Table 5 below.

table 5

Correspondingly, the smart network card manages ACL flow matching rules, including: the smart network card receives the fourth message sent by VS by calling the third API, and queries and returns the statistical information of the smart network card based on the fourth message. Realizing statistical information through the fourth message Information query makes the management of flow table rules more flexible.

In a possible implementation, the smart network card can also return query results to VS. For example, if the query is successful, a message with a value of 0 is returned to VS, so that VS determines that the smart network card has successfully queried the flow table rule based on the return value. entry. For another example, if the smart network card query fails, error information is returned. For example, the parameter of the error message defaults to null, so that VS determines that the smart network card has not queried the entry of the flow table rule based on the returned error information. Or, if the query is successful, the return value is a flow table entry object pointer. If the query fails, the return value is a null pointer.

The method provided by the embodiment of this application does not require traffic triggering by issuing operation and maintenance rules to the smart network card. When the operation and maintenance capability is enabled, there is no need to clear the existing forwarding flow table entries on the smart network card, and the first packet does not need to be uploaded. Send the VS to re-learn; when the operation and maintenance capability is turned off or the ACL flow matching rules change, the VS will delete the ACL flow matching rules issued, and subsequent received packets will not be matched by the ACL flow matching rules, so that Smart network cards have highly maintainable and reliable operation and maintenance capabilities and are more flexible. Furthermore, operation and maintenance functions such as counting and statistics are implemented through smart network cards, that is, counting and statistics are implemented by hardware. Compared with software implementation, the statistical results are more accurate.

Based on the above management method of flow table rules, an embodiment of the present application provides a traffic management method. Referring to Figure 5, the traffic management method provided by the embodiment of the present application includes the following steps 501 and 502.

Step 501: The smart network card receives the message and matches the message with the ACL flow matching rule created on the smart network card.

The embodiments of this application do not limit the type of packets received by the smart network card. For example, the packets may be packets from audio and video applications, or may be packets from game applications, or may also be packets from instant messaging applications. Messages etc. The embodiment of the present application does not limit the number of packets received by the smart network card. Each packet can be managed according to the traffic management method provided by the embodiment of the present application.

Regardless of the type of packet, after the smart NIC receives the packet, it will match the packet with the ACL flow matching rules created on the smart NIC. Among them, the ACL flow matching rules created on the smart network card include at least one of inbound ACL flow matching rules and outgoing ACL flow matching rules. Any ACL flow matching rule is used by the smart network card to perform operation and maintenance function management of packets. . For example, if the ACL flow matching rule only includes the incoming ACL flow matching rule, the smart NIC will match the packet with the incoming ACL flow matching rule. If the ACL flow matching rule only includes the outbound ACL flow matching rule, the smart NIC matches the packet with the outgoing ACL flow matching rule. If the ACL flow matching rule includes both inbound and outbound ACL flow matching rules, the smart NIC will match the packet with the inbound ACL flow matching rule and the outbound ACL flow matching rule respectively.

For example, whether it is an inbound ACL flow matching rule or an outgoing ACL flow matching rule, the flow table rule matching items in the ACL flow matching rule may be as shown in Table 2 above. The smart network card matches the packet with each flow table rule matching item in the ACL flow matching rule. If the packet matches any flow table rule matching item, the packet is considered to successfully match the ACL flow matching rule.

For example, take the ACL flow matching rule including the flow table rule matching item ETH in Table 2 for matching Ethernet layer information. The flow table rule matching item ETH includes matching item parameters such as source MAC address, destination MAC address, and protocol type. . After receiving the message, the smart network card obtains the source MAC address, destination MAC address and protocol type of the message. If the source MAC address, destination MAC address and protocol type of the message match the flow table rule ETH in the ACL flow matching rule If the included source MAC address, destination MAC address, and protocol type match, it is determined that the packet successfully matches the ACL flow matching rules.

Optionally, if the packet does not match any flow table rule matching item in the ACL flow matching rule, the report is determined to be The file failed to match the ACL flow matching rule.

Step 502: Based on the successful match between the packet and the ACL flow matching rule, the smart network card performs operation and maintenance function management on the packet according to the ACL flow matching rule.

In a possible implementation, the ACL flow matching rules include inbound ACL flow matching rules and outgoing ACL flow matching rules; based on the successful matching of the packet and the ACL flow matching rule, the smart network card processes the packet according to the ACL flow matching rule. Carry out operation and maintenance function management, including: based on successful matching between packets and inbound ACL flow matching rules, the smart network card performs inbound operation and maintenance function management on the packets based on the incoming ACL flow matching rules; the smart network card processes the packets Layer 2 and Layer 3 network forwarding; based on successful matching between the packet and the outbound ACL flow matching rules, the smart network card performs outbound operation and maintenance function management on the packets based on the outbound ACL flow matching rules.

For ease of explanation, the method provided by the embodiment of the present application is illustrated by taking the management of flow table rules and the traffic management process shown in Figure 6 as an example. In Figure 6, after VS generates inbound ACL flow matching rules and outbound ACL flow matching rules based on the OpenFlow table issued by the SDN controller, as shown by the dotted arrow in Figure 6, the inbound ACL flow matching rules and The outbound ACL flow matching rules are delivered to the smart network card, and the flow table rules are managed on the smart network card. For the management process of the flow table rules, please refer to the management method of the flow table rules shown in Figure 4 above, and will not be described again here.

As shown by the solid arrow in Figure 6, after receiving the message, the smart network card first matches the message with the incoming ACL flow matching rules. If the match is successful, the smart network card processes the message according to the incoming ACL flow matching rules. Carry out inbound operation and maintenance function management, that is, execute the actions corresponding to the flow table rule action items, such as performing inbound flow table statistics, setting TAG marks for packets, etc. After executing the action corresponding to the action item of the flow table rule, the smart network card forwards the packet on the Layer 2 and Layer 3 network.

Before the packet leaves the smart network card, the packet is matched based on the outbound ACL flow matching rules. If the match is successful, the smart network card performs outbound operation and maintenance function management on the packet based on the outbound ACL flow matching rules. For example, perform outbound flow table statistics on packets, and perform packet statistics based on the TAG set in the inbound direction.

Optionally, the method provided by the embodiment of this application also includes: based on the failure of matching the packet with the inbound ACL flow matching rule or the outgoing ACL flow matching rule, there is no need to execute the flow table rule action item in the ACL flow matching rule, intelligent The network card forwards the packets directly to the second and third layer networks.

It should be noted that the above description only takes the ACL flow matching rules managed by the smart network card, including the inbound ACL flow matching rules and the outgoing ACL flow matching rules, as an example. In the method provided by the embodiments of this application, the ACL flow matching rules managed by the smart network card may also include only inbound ACL flow matching rules, or only outbound ACL flow matching rules. The smart NIC only includes inbound ACL flow matching rules, or only outbound ACL flow matching rules. The VS can deliver only incoming ACL flow matching rules to the smart NIC or only outbound ACL flow matching rules. Smart NIC, or the VS delivers the incoming ACL flow matching rules and outgoing ACL flow matching rules to the smart NIC, and then instructs the incoming ACL flow matching rules or the outgoing ACL flow matching rules to be deleted. Condition. Regarding the process of deleting ACL flow matching rules, please refer to the relevant instructions in the management method of flow table rules shown in Figure 4 above, and will not be described again here.

For the case where the ACL flow matching rules managed by the smart NIC only include incoming ACL flow matching rules, after receiving the packet, the smart NIC first matches the packet with the incoming ACL flow matching rules. If the match is successful, the smart network card performs inbound operation and maintenance function management on the packets based on the inbound ACL flow matching rules, that is, performs the actions corresponding to the action items of the flow table rules, such as performing inbound flow table statistics and updating packets. Set TAG tags, etc. After executing the action corresponding to the action item of the flow table rule, the smart network card forwards the packet on the Layer 2 and Layer 3 network.

For the case where the ACL flow matching rules managed by the smart NIC only include outbound ACL flow matching rules, after receiving the packet, the smart NIC first forwards the packet for reasons. Before the packet leaves the smart network card, the packet is matched with the outbound ACL flow matching rules. If the match is successful, the smart network card performs outbound operation and maintenance function management on the packet based on the outgoing ACL flow matching rules, that is, executes the flow table The action corresponding to the rule action item, such as performing outbound flow table statistics, etc. After executing the action corresponding to the action item of the flow table rule, the smart network card forwards the packet on the Layer 2 and Layer 3 network.

According to the method provided by the embodiment of this application, when the operation and maintenance capability is enabled, the intelligent network card implements the management of the operation and maintenance function. There is no need to clear the existing flow table entries on the intelligent network card, and the received messages do not need to be sent to the VS for processing. Re-learning does not require traffic triggering. You only need to deliver the ACL flow matching rules to the smart network card, and let the received packets pass through the smart network card for ACL flow rule matching. Therefore, the smart network card has highly maintainable and reliable operation. Dimensional ability. Furthermore, operation and maintenance functions such as counting and statistics are implemented through smart network cards, that is, counting and statistics are implemented by hardware. Compared with software implementation, the statistical results are more accurate.

The embodiment of the present application provides a method for managing flow table rules. Figure 7 is an interaction diagram of the method for managing flow table rules. The management method is implemented by the interaction between the VS and the smart network card. As shown in Figure 7, the method includes but is not limited to the following steps 701 to 703.

Step 701: VS obtains a hardware matching flow table, which is used by the smart network card to manage traffic. The hardware matching flow table includes at least one of a hardware exact matching flow table and a hardware fuzzy matching flow table.

As described in the implementation environment of Figure 2 or Figure 3, the SDN controller can deliver an OpenFlow table to the VS, and the VS can generate a hardware (hardware, hw) matching flow table based on the OpenFlow table. The hardware matching flow table includes one or more pieces of hardware. Match flow rules. Afterwards, VS can deliver the generated hardware matching flow table to the smart network card. Among them, the hardware matching flow table includes at least one of a hardware exact matching flow table (hw EMC) and a hardware fuzzy matching flow table (hw MegaFlow). The table capacity of the hardware exact matching flow table is larger than that of the hardware fuzzy matching flow table, but the table lookup efficiency of the hardware fuzzy matching flow table is higher than the table lookup efficiency of the hardware exact matching flow table.

In a possible implementation, the hardware fuzzy matching flow table includes entries for sending and processing specified types of packets. For example, the specified type of packets includes Internet Control Message Protocol (ICMP). /Dynamic Host Configuration Protocol (DHCP)/Address Resolution Protocol (ARP) messages, etc. This entry can be hit preferentially compared to other aggregate entries in the hardware fuzzy matching flow table.

In addition, when the OpenFlow flow table configuration changes, all flow tables sent to the smart network card are invalid, and all need to be sent to the VS to generate updated flow table entries. The bandwidth between the VS and the smart network card is limited, so it is necessary Reduce the number of flow table entries delivered to the smart network card. For example, the hardware fuzzy matching flow table in the embodiment of the present application is used to match the first packet, which is a packet generated by a network element whose flow table entry satisfies the first threshold condition; the hardware precise matching flow The table is used to match the second message, and the second message is a message generated by a network element that meets the second threshold condition. By using the hardware fuzzy matching flow table and the hardware exact matching flow table to match different packets respectively, the number of flow table entries in the hardware fuzzy matching flow table and the hardware exact matching flow table is reduced.

The embodiments of the present application do not limit the first threshold condition and the second threshold condition. The first threshold condition and the second threshold condition can be set based on experience or based on application scenarios. Optionally, in the method provided by the embodiment of this application, the VS combines the flow table rule settings of the controller to generate oversized flow table entries, that is, the traffic generated by network elements that meet the first threshold condition is set as fuzzy matching. The flow table is sent to the smart network card, and other scenarios are used to meet the second For network elements with threshold conditions, use the exact matching flow table and deliver it to the smart network card. That is to say, the second threshold condition may refer to a condition other than the first threshold condition, that is, the second message is any message other than the first message.

Step 702: VS instructs the intelligent network card to manage the hardware matching flow table.

After VS delivers the hardware matching flow table to the smart network card, it can instruct the smart network card to manage the hardware matching flow table, thereby delivering the hardware matching flow table to the smart network card, so that the smart network card has traffic management functions. Wherein, the VS instructs the smart network card to manage hardware matching flow tables including but not limited to managing at least one of a hardware exact matching flow table and a hardware fuzzy matching flow table.

Step 703: The smart network card manages the hardware matching flow table.

The smart network card receives the hardware matching flow table issued by VS and manages the hardware matching flow table according to the instructions of VS. In a possible implementation, the VS instructs the intelligent network card to manage the hardware matching flow table and the intelligent network card to manage the hardware matching flow table, including but not limited to the following interactive process.

Since VS and the smart network card are connected through an open source framework, which includes multiple open source interfaces, that is, APIs, VS can obtain the port information of the smart network card. Therefore, when VS instructs the smart network card to manage the hardware matching flow table, VS can call the corresponding first API to send the fifth message to the smart network card. The fifth message includes the port identification of the target port of the smart network card. The fifth message is used for the smart network card. Create a hardware matching flow table on the target port of the smart NIC.

The embodiment of the present application does not limit the first API. In the flow table rule management method shown in Figure 4, the first API corresponds to the flow table entry creation function, and VS calls the first API, that is, to implement the flow table entry creation function. Call, and then encapsulate the fifth message through the first API, and send the fifth message to the smart network card. Since the fifth message includes the port identification of the target port of the smart network card, the smart network card can determine on which port to create the hardware matching flow table after receiving the fifth message.

For example, the flow table entry creation function and the content and description of the fifth message may be as shown in Table 6 below. In Table 6, the reserved parameter corresponds to the high two bits of the reserved bits, and the flow table rule type is represented by the high two bits of the reserved bits. For hardware matching flow tables, the high two bits of the reserved parameter are at least one of 0 and 1. Among them, 0 means that the flow table rule type created is an exact routing and forwarding rule, that is, the hardware accurately matches the flow table. 1 means that the created flow table rule type is a destination IP fuzzy matching rule, that is, a hardware fuzzy matching flow table.

Table 6

In a possible implementation, in addition to the port identification of the target port of the smart network card, the fifth message also includes at least one of a flow table rule attribute, a flow table rule matching item, and a flow table rule action item. Among them, the flow table rule attribute is used to indicate at least one of the group and flow table type that the packet needs to match; the flow table rule matching items include but are not limited to the rule matching items shown in Table 2 and the ones shown in Table 7. Rule matches. As shown in Table 2, the rule matching items include matching Ethernet layer information, matching virtual local area network (VLAN) information, matching Internet Protocol version 4 (IPv4) information, or matching Internet Protocol version 6 ( At least one of internet protocol version 6 (IPv6) information, matching virtual extensible local area network (VXLAN) information, end of matching items, and packet tags; as shown in Table 7, the rule matching items include matching data surfaces. Hash (datapath_hash, dp_hash) value, matching redirection ID (recirc_id). The flow table rule action items include but are not limited to the rule action items shown in Table 8 and the rule action items shown in Table 9; the rule action items shown in Table 8 include flow table statistics, forward to port, and pop-up (POP) VLAN , push (PUSH) VLAN, set VLAN ID, set VLAN priority, decapsulate vxlan header, encapsulate vxlan header, Vxlan header key value, time to live value (time to live, TTL) minus one, modify the source mac address , at least one of modifying the destination mac address, sampling forwarding and flow mirroring, ending the action (ACTION), setting an internal mark for the packet, modifying the specified field, refnum operation, and discarding the packet. The rule action items shown in Table 9 include executing dp-hash actions, matching dp-hash secondary table recirc_id, and sending packets to the VS software control plane.

Table 7

Table 8

Table 9

For the action of modifying the specified fields in Table 8 above, the following fields shown in Table 10 need to be supported.

Table 10

Referring to Figure 8, the method provided by the embodiment of the present application also includes steps 704 to 706.

Step 704: VS obtains the data plane hash table. The data plane hash table is used by the intelligent network card to perform multi-path forwarding of multi-path forwarding packets.

As described in the implementation environment of Figure 2 or Figure 3, the SDN controller can deliver an OpenFlow table to the VS, and the VS can generate a hardware matching flow table based on the OpenFlow table. The hardware matching flow table includes one or more hardware matching flow rules. Afterwards, VS can deliver the generated hardware matching flow table to the smart network card. Among them, the hardware matching flow table includes at least one of a hardware exact matching flow table (hardware EMC, hw EMC) and a hardware fuzzy matching flow table (hw MegaFlow).

In a possible implementation manner, the hardware matching flow table includes at least one of a hash matching action item, a redirection identifier matching action item, and a packet uploading VS software control plane matching action item. In addition to delivering the hardware matching flow table to the smart network card, VS also delivers the data plane hash table (Datapath-Hash). Among them, the hash matching action item is used to indicate the query action of the data plane hash table, and the redirection ID is used to indicate the data plane hash table. The data plane hash table includes a hash value, a mask, and a redirection identifier. The mask corresponds to Next hop information.

Step 705: VS manages the data plane hash table on the smart network card.

After VS delivers the hardware matching flow table to the smart network card, it can also deliver the data plane hash table to the smart network card and instruct the smart network card to manage the data plane hash table, thereby realizing the delivery of the hardware matching flow table to the smart network card. to save hardware Configure the entries in the flow table and offload the traffic to the smart network card, so that the smart network card has the traffic management function.

Step 706: The smart network card manages the data plane hash table. The data plane hash table is used by the smart network card to perform multi-path forwarding of multi-path forwarding messages.

The smart network card receives the data plane hash table issued by VS and manages the data plane hash table according to the instructions of VS. In a possible implementation, the VS instructs the smart network card to manage the data plane hash table and the smart network card to manage the data plane hash table, including but not limited to the following interaction process.

Since VS and the smart network card are connected through an open source framework, which includes multiple open source interfaces, that is, APIs, VS can obtain the port information of the smart network card. Therefore, when VS instructs the smart network card to manage the data plane hash table, VS can call the corresponding first API to send the sixth message to the smart network card. The sixth message is used by the smart network card to create the data plane hash table on the target port of the smart network card. .

The embodiment of the present application does not limit the first API. In the flow table rule management method shown in Figure 4, the first API corresponds to the flow table entry creation function, and VS calls the first API, that is, to implement the flow table entry creation function. Call, and then encapsulate the sixth message through the first API, and send the sixth message to the smart network card. Since the data plane hash table reuses the first API, the smart network card can determine on which port the data plane hash table is to be created after receiving the sixth message.

For example, the flow table entry creation function and the content and description of the sixth message may be as shown in Table 11 below. In Table 11, the reserved parameter corresponds to the high two bits of the reserved bits, and the flow table rule type is represented by the high two bits of the reserved bits. For data plane hash tables, the high two bits of the reserved parameter are 2. Among them, 2 means that the flow table rule type created is a data plane hash table, that is, DP-HASH.

Table 11

When DP-HASH related flow table entries are configured in OpenFlow, the next hop information is delivered to the DP-HASH table. This means that the DP-HASH function is enabled. The hardware matches the entries in the flow table. If the action is DP_HASH, then It will be queried through the DP-HASH table, otherwise it will not be queried.

Among them, the entries in the hardware matching flow table need to support the two action fields DP HASH and RECIRC_ID, which include two rule action items: executing the dp-hash action and matching the dp-hash secondary table recirc_id, as shown in Table 12 below. . The data plane hash table can be shown in Table 13.

Table 12

Table 13

It should be noted that Figure 8 only takes the example of VS first delivering the hardware matching flow table, instructing the smart network card to manage the hardware matching flow table, and then delivering the data plane hash table, instructing the smart network card to manage the data plane hash table. . In one possible implementation, the VS can deliver a hardware matching flow table and a data plane hash table at the same time, instructing the smart network card to manage the hardware matching flow table and data plane hash table. Alternatively, the data plane hash table is delivered first, and then the hardware matching flow table is delivered. The embodiment of this application does not Limit the delivery and management order of the file matching flow table and data plane hash table. The hardware matching flow table includes at least one of a hardware exact matching flow table and a hardware fuzzy matching flow table.

With the method provided by the embodiments of this application, the forwarding performance of the hardware exact matching flow table is lower than that of the hardware fuzzy matching flow table. In scenarios with large traffic from network elements, choosing hardware fuzzy matching flow tables to deliver them to smart network cards can ensure the highest forwarding performance in major scenarios. The network element delivers the hardware fuzzy matching flow table to the smart network card in a large traffic scenario, which reduces the number of flow tables generated by the hardware exact matching flow table. However, the hardware fuzzy matching flow table itself does not have many entries. Therefore, when the OpenFlow configuration changes, significant Improved traffic stability and reduced traffic oscillation.

When the smart network card supports DP-HASH table processing, for ECMP scenarios, source IP, Layer 4 source port, and Layer 4 destination port information are not required in the hardware matching flow table, thus further reducing the number of entries in the hardware matching flow table. Significantly improves traffic stability when OpenFlow configuration changes.

Based on the management method of flow table rules shown in Figure 7 and Figure 8, embodiments of the present application provide a traffic management method. Referring to Figure 9, the method includes step 901 and step 902.

Step 901: The smart network card receives the packet and matches the packet with the hardware matching flow table.

No matter what type of message it is, after the smart network card receives the message, it will match the message with the hardware matching flow table created on the smart network card. The hardware matching flow table created on the smart network card includes at least one of a hardware exact matching flow table and a hardware fuzzy matching flow table. For example, if the hardware matching flow table includes a hardware exact matching flow table, the smart NIC matches the packet with the flow matching rules in the hardware exact matching flow table. If the hardware matching flow table includes a hardware fuzzy matching flow table, the smart network card matches the packet with the flow matching rules in the hardware fuzzy matching flow table. If the hardware matching flow table includes a hardware exact matching flow table and a hardware fuzzy matching flow table, the smart network card will match the packet with the flow matching rules in the hardware exact matching flow table and the hardware fuzzy matching flow table respectively.

For example, whether it is a hardware exact matching flow table or a hardware fuzzy matching flow table, the flow table rule matching items in the hardware exact matching flow table and the hardware fuzzy matching flow table may be as shown in Table 2 and Table 7 above. The smart network card matches the packet with each flow table rule match. If the packet matches any flow table rule match, the packet is considered to be successfully matched with the hardware matching flow table.

For example, the hardware matching flow table includes the flow table rule matching items used to match VLAN information in Table 2 as an example for explanation. As shown in Table 2, the flow table rule matching items include parameter name, vlan tci value and inner protocol type. After receiving the message, the smart network card obtains the parameter name, vlan tci value and inner protocol type of the message. If the parameter name, vlan tci value and inner protocol type of the message match the hardware, the flow matching rules in the flow table include If the flow table rule matching items include the parameter name, vlan tci value, and inner protocol type, it is determined that the packet matches the hardware matching flow table successfully.

Optionally, if the packet does not match any flow table rule matching item in the hardware matching flow table, it is determined that the packet fails to match the hardware matching flow table.

Step 902: The smart network card performs traffic management on the packet based on the matching result between the packet and the hardware matching flow table.

For ease of explanation, the method provided by the embodiment of the present application is illustrated by taking the management of flow table rules and the traffic management process shown in Figure 10 as an example. In Figure 10, VS generates hardware precision based on the OpenFlow table issued by the SDN controller. After confirming the matching flow (hw EMC) table and hardware fuzzy matching flow (hw MegaFlow) table, as shown by the dotted arrow in Figure 10, deliver the hardware exact matching flow table and hardware fuzzy matching flow table configuration to the smart network card. Flow table rules are managed on the smart network card. For the management process of the flow table rules, please refer to the management method of the flow table rules shown in Figure 7 above, and will not be described again here.

As shown by the solid arrow in Figure 10, after receiving the message, the smart network card first matches the message with the hardware fuzzy matching flow table. If the match is successful, the smart network card performs traffic management on the message based on the hardware fuzzy matching flow table. That is, the action corresponding to the flow table rule action item included in the flow matching rule in the hardware fuzzy matching flow table is executed. After executing the action corresponding to the action item of the flow table rule, the smart network card continues to transmit the packet. Optionally, after the smart network card matches the packet with the hardware fuzzy matching flow table, if the packet does not match the hardware fuzzy matching flow table, the smart network card matches the packet with the hardware exact matching flow table. If the match is successful, the smart network card The network card performs traffic management on packets based on the hardware exact matching flow table, that is, it performs actions corresponding to the flow table rule action items included in the flow matching rules in the hardware exact matching flow table.

In one possible implementation, the smart network card performs traffic management on packets based on the matching results between the packets and the hardware matching flow table, including: based on the matching results between the packets and the hardware matching flow table, the smart network card If the match is successful, and the hardware matching flow table includes a upload action item, the packet will be uploaded to the VS; or, based on the matching result between the packet and the hardware matching flow table, the packet fails to match the hardware matching flow table, and the packet will be uploaded to the VS. Send VS. As shown in Figure 10, the solid arrow pointing to VS from the hardware fuzzy matching flow table, if the packet fails to match the hardware fuzzy matching flow table, or the packet hits the flow matching rule in the hardware fuzzy matching flow table, and the hit flow matching rule is Send action item, the smart network card sends the packet to VS. As shown in Figure 10, the solid arrow pointing to VS from the hardware exact matching flow table, if the packet fails to match the hardware exact matching flow table, or the packet hits the flow matching rule in the hardware exact matching flow table, and the hit flow matching rule is Send action item, the smart network card sends the packet to VS.

It should be noted that for the situation where the hardware matching flow table includes a hardware fuzzy matching flow table and a hardware exact matching flow table, the failure of the above packet to match the hardware matching flow table means that the packet matches the hardware fuzzy matching flow table and the hardware exact matching flow table. All flow tables failed to match, that is, the packet neither hit the hardware fuzzy matching flow table nor the hardware exact matching flow table.

It should be noted that the above description only takes the hardware matching flow table managed by the smart network card, including the hardware fuzzy matching flow table and the hardware exact matching flow table, as an example. In the method provided by the embodiment of the present application, the hardware matching flow table managed by the smart network card may also include only a hardware exact matching flow table, or only a hardware fuzzy matching flow table. Regarding the process of hardware matching flow tables, please refer to the relevant description in the management method of flow table rules shown in Figure 7 above, and will not be described again here.

In a possible implementation, the smart network card matches the message with the hardware matching flow table, including: based on the message being the first message, the smart network card matches the message with the hardware fuzzy matching flow table, and the first message The message is a message generated by a network element whose flow table entry satisfies the first threshold condition; or, based on the message being the second message, the smart network card matches the message with the hardware exact matching flow table, and the second message is Packets generated by network elements that meet the second threshold condition.

For this implementation method, when the hardware matching flow table managed by the smart network card includes the hardware fuzzy matching flow table and the hardware exact matching flow table, after the smart network card receives the message, there is no need to compare the message with the hardware fuzzy matching flow table and the hardware exact matching flow table respectively. The hardware exact matching flow table is used for matching, but it is first determined whether the packet is the first packet or the second packet, and then matched with the hardware fuzzy matching flow table or the hardware exact matching flow table. For example, if the packet received by the smart network card is the first packet, the packet can be matched with the hardware fuzzy matching flow table instead of matching with the hardware exact matching flow table. If the packet received by the smart network card is the second packet, the packet can be matched with the hardware exact matching flow table without matching with the hardware fuzzy matching flow table. In this way, traffic management is performed according to the type of packets, which improves management efficiency.

In a possible implementation, the message is a multi-path forwarded message. The method also includes: the intelligent network card matches the message with the data plane hash table; based on the successful matching between the message and the data plane hash table, the intelligent network card The network card performs multi-path forwarding of packets.

Exemplarily, the hardware matching flow table includes a hash matching action item and a turn identification matching action item; where the hash matching action item is used to indicate the query action of executing the data plane hash table, and the turn identification is used to indicate the data side hash table. Table, the data plane hash table includes hash value, mask and redirection identifier, and the mask corresponds to the next hop information;

The smart network card matches the message with the data plane hash table, including: the smart network card matches the action item based on the hash, calculates the hash value corresponding to the message, obtains the mask corresponding to the message based on the hash value, and matches based on the redirection identifier The action item is to search the data plane hash table; based on the mask corresponding to the message being consistent with the mask in the data plane hash table, it is determined that the message and the data plane hash table are successfully matched;

The intelligent network card performs multi-path forwarding of packets, including: the intelligent network card performs multi-path forwarding of packets according to the next hop information corresponding to the mask in the data plane hash table.

For ease of understanding, the method provided by the embodiment of the present application is illustrated by taking the management of flow table rules and the traffic management process shown in Figure 11 as an example. In Figure 11, after VS generates the hardware exact matching flow (hw EMC) table, hardware fuzzy matching flow (hw MegaFlow) table and data plane hash table (DP Hash) based on the OpenFlow table issued by the SDN controller, as shown in Figure 11 As shown by the dotted arrow, the configuration of the hardware exact matching flow table, hardware fuzzy matching flow table and data plane hash table is delivered to the smart network card, and the flow table rules are managed on the smart network card. For the management process of the flow table rules, please refer to the management method of the flow table rules shown in Figure 8 above, and will not be described again here.

As shown by the solid arrow in Figure 11, after receiving the message, the smart network card first matches the message with the hardware fuzzy matching flow table. If the match is successful, the smart network card performs traffic management on the message based on the hardware fuzzy matching flow table. That is, the action corresponding to the flow table rule action item included in the flow matching rule in the hardware fuzzy matching flow table is executed. After executing the action corresponding to the flow table rule action item, the intelligent network card matches the packet with the hardware exact matching flow table. If the match is successful, the intelligent network card performs traffic management on the packet according to the hardware exact matching flow table, that is, performs hardware exact matching. The action corresponding to the flow table rule action item included in the flow matching rule in the flow table. After that, the smart network card calculates the hash value corresponding to the message based on the hash matching action item, and obtains the mask corresponding to the message based on the hash value; matches the action item based on the redirection identifier, and searches the data plane hash table; based on the message corresponding The mask is consistent with the mask in the data plane hash table, confirming that the packet matches the data plane hash table successfully. Therefore, the smart network card multipath forwards the packet according to the next hop information corresponding to the mask in the data plane hash table.

For example, the flow matching rules included in the hardware matching flow table include the following two entries:

dmac＝FF:AB:EE:CB:DE,Ip,dip＝63.63.63.63/<maskLen>

actions=hash(l4(0)),recirc(0x1111)

dmac＝FF:AB:EE:CB:DE,Ip,dip＝62.62.62.62/<maskLen>

actions=hash(l4(0)),recirc(0x2222)

The smart network card calculates the hash value HASH of the message as: 01011101011. The hash value is ANDed with the mask 0x11, and the result is 0x11. The data plane hash table includes the following entries:

The first entry: recirc_id(0x1111),dp_hash(0x00/0x11),

actions=mod_dl_dst:<vmport1-mac>,mod_dl_src:<vmport1-gw-mac>,

load:0x5e->NXM_NX_TUN_ID[],output:<vm1-ofport>;

Second entry: recirc_id(0x1111),dp_hash(0x01/0x11),

actions=mod_dl_dst:<vmport2-mac>,mod_dl_src:<vmport2-gw-mac>,

load:0x5F->NXM_NX_TUN_ID[],output:<vm2-ofport>,

The third entry: recirc_id(0x1111),dp_hash(0x10/0x11),

actions=mod_dl_dst:<vmport3-mac>,mod_dl_src:<vmport3-gw-mac>,

load:0x60->NXM_NX_TUN_ID[], load:0x1020303->NXM_NX_TUN_IPV4_SRC[],

load:0x1020304->NXM_NX_TUN_IPV4_DST[],output:<vtep-ofport>

The fourth entry: recirc_id(0x1111),dp_hash(0x11/0x11),

actions=mod_dl_dst:<vmport4-mac>,mod_dl_src:<vmport4-gw-mac>,

load:0x60->NXM_NX_TUN_ID[], load:0x1020303->NXM_NX_TUN_IPV4_SRC[],

load:0x1020305->NXM_NX_TUN_IPV4_DST[],output:<vtep-ofport>

The fifth entry: recirc_id(0x2222),dp_hash(0x00/0x11),

actions=mod_dl_dst:<vmport3-mac>,mod_dl_src:<vmport3-gw-mac>,

load:0x5e->NXM_NX_TUN_ID[],output:<vm3-ofport>.

Based on the contents of the above data plane hash table, since the result of calculating the message is 0x11, this result matches the fourth entry in the data plane hash table, so the next hop corresponding to the fourth entry can be Information performs multi-path forwarding of packets.

The above description is only based on the situation where the packet successfully matches the data plane hash table. In another possible implementation, the hardware matching flow table includes a hash matching action item (that is, the dp-hash action is performed in Table 9 ), the steering ID matching action item (that is, the matching dp-hash secondary table recirc_id in Table 9) and the message uploading VS software control plane matching action item; among them, the hash matching action item is used to instruct the execution of data plane hashing In the query action of the table, the redirection flag is used to indicate the data plane hash table. The data side hash table includes the hash value, mask and redirection flag. The mask corresponds to the next hop information;

The smart network card matches the message with the data plane hash table, including: the smart network card matches the action item based on the hash, calculates the hash value corresponding to the message, obtains the mask corresponding to the message based on the hash value, and matches based on the redirection identifier Action item: Search the data plane hash table; based on the inconsistency between the hash value corresponding to the message and the mask in the data plane hash table, it is determined that the message fails to match the data plane hash table. In the case of matching failure, the method also includes: the smart network card sends the packet to the VS.

Correspondingly, the virtual switch VS receives the packet sent by the intelligent network card. The packet is successfully matched by the intelligent network card with the hardware matching flow table on the intelligent network card, and the hardware matching flow table includes the upload action item. Sent, either by the smart NIC after the packet fails to match the hardware matching flow table on the smart NIC, or by the smart NIC after the packet matches the data plane hash table on the smart NIC. Sent after failure.

After receiving the packet sent by the smart network card, the VS matches the packet with the open source flow table on the VS, and performs traffic management on the packet based on the matching results.

The method provided by the embodiments of this application delivers the hardware matching flow table to the smart network card, which can be applied when the bandwidth increases, making traffic management more efficient. In addition, according to the packet type, the packet is selected to be matched with the corresponding hardware matching flow table to implement traffic management. In scenarios with large traffic from network elements, choosing hardware fuzzy matching flow tables to deliver them to smart network cards can ensure the highest forwarding performance in major scenarios. In high-traffic scenarios, the network element delivers the hardware fuzzy matching flow table to the smart network card, which reduces the number of flow tables generated by the hardware exact matching flow table and further improves the efficiency of traffic management. Since there are not many entries in the hardware fuzzy matching flow table itself, , when the OpenFlow configuration changes, it significantly improves the stability of the traffic and reduces the traffic oscillation.

When the smart network card supports DP-HASH table processing, it can save the number of entries in the hardware matching flow table for ECMP scenarios. When the OpenFlow configuration changes, the stability and reliability of traffic management are significantly improved.

This embodiment of the present application provides a method for managing flow table rules. Refer to Figure 12. The method includes the following steps 1201 to 1203.

Step 1201, VS obtains ACL flow matching rules, hardware matching flow table and data plane hash table.

The embodiment of this application does not limit the order in which VS obtains the ACL flow matching rules, the hardware matching flow table and the data plane hash table. The process of obtaining the ACL flow matching rules can refer to the relevant description of step 401 shown in Figure 4 to obtain the hardware matching. For the flow table process, please refer to the relevant description of step 701 shown in Figure 7. For the process of obtaining the data plane hash table, please refer to the relevant description of step 704 shown in Figure 8, which will not be described again here. In addition to managing ACL flow matching rules, it can also manage hardware matching flow tables, making the management of flow table rules more comprehensive and more flexible.

Step 1202: VS instructs the smart network card to manage ACL flow matching rules, hardware matching flow tables, and data plane hash tables.

Step 1203: The smart network card manages ACL flow matching rules, hardware matching flow tables and data plane hash tables.

The embodiment of this application does not limit the order in which VS instructs the intelligent network card to manage ACL flow matching rules, the hardware matching flow table and the data plane hash table. The VS instructs the intelligent network card to manage ACL flow matching rules and the intelligent network card manages ACL flow matching rules. The process can refer to the relevant description of steps 402 and 403 shown in Figure 4. The process of VS instructing the smart network card to manage the hardware matching flow table and the process of the smart network card managing the hardware matching flow table can refer to steps 702 and 703 shown in Figure 7. For related descriptions, the process of VS instructing the smart network card to manage the data plane hash table and the smart network card managing the data plane hash table can refer to the related descriptions of steps 705 and 706 shown in Figure 8, which will not be described again here.

The embodiment of the present application provides a traffic management method. See Figure 13. The method includes the following steps 1301 to 1307.

Step 1301: The smart network card receives the packet and matches the packet with the inbound ACL flow matching rule created on the smart network card.

For the implementation process of step 1301, reference can be made to step 501 shown in Figure 5 and the related description of Figure 6, which will not be described again here.

Step 1302: Based on the successful match between the packet and the ACL flow matching rule, the smart network card performs operation and maintenance function management on the packet according to the incoming ACL flow matching rule.

For the implementation process of step 1302, reference can be made to step 502 shown in Figure 5 and the related description of Figure 6, which will not be described again here.

Step 1303: The smart network card matches the packet with a hardware matching flow table. The hardware matching flow table includes at least one of a hardware exact matching flow table and a hardware fuzzy matching flow table.

For the implementation process of step 1302, reference can be made to step 901 shown in Figure 9 and the related description of Figure 10, which will not be described again here.

Step 1304: The smart network card performs traffic management on the packet based on the matching result between the packet and the hardware matching flow table.

For the implementation process of step 1304, reference can be made to step 902 shown in Figure 9 and the related description of Figure 10, which will not be described again here.

In a possible implementation manner, the message is a multi-path forwarding message, and the method further includes the following step 1305.

Step 1305: The smart network card matches the message with the data plane hash table; based on the successful match between the message and the data plane hash table, the smart network card performs multi-path forwarding of the message.

For the implementation process of step 1305, reference can be made to the relevant description of the data plane hash table below step 902 shown in Figure 9 and the relevant description of Figure 11, which will not be described again here.

Step 1306: The smart network card matches the packet with the outbound ACL flow matching rule created on the smart network card.

For the implementation process of step 1306, reference can be made to step 501 shown in Figure 5 and the related description of Figure 6, which will not be described again here.

Step 1307: Based on the successful match between the packet and the ACL flow matching rule, the smart network card performs operation and maintenance function management on the packet according to the outbound ACL flow matching rule.

For the implementation process of step 1307, reference can be made to step 502 shown in Figure 5 and the related description of Figure 6, which will not be described again here.

In order to facilitate understanding, the management process of flow table rules and the traffic management process shown in Figure 14 are taken as an example to illustrate the management method of flow table rules provided in Figure 12 and the traffic management method shown in Figure 13 in the embodiment of the present application. illustrate. In Figure 14, after VS generates the inbound ACL, that is, the inbound ACL flow matching rule, and the outbound ACL, that is, the outbound ACL flow matching rule, based on the OpenFlow table issued by the SDN controller, as indicated by the dotted arrows in Figure 14 Display, deliver the inbound ACL flow matching rules and outbound ACL flow matching rules to the smart NIC, and manage the flow table rules on the smart NIC. For the management process of the flow table rules, please refer to the management method of the flow table rules shown in Figure 4 above, and will not be described again here. In addition, after VS generates the hardware exact matching flow (hw EMC) table, hardware fuzzy matching flow (hw MegaFlow) table and data plane hash table (DP Hash) based on the OpenFlow table issued by the SDN controller, as shown by the dotted line in Figure 14 As shown by the arrows, the hardware exact matching flow table, hardware fuzzy matching flow table and data plane hash table configurations are delivered to the smart network card, and the flow table rules are managed on the smart network card. For the management process of the flow table rules, please refer to the management method of the flow table rules shown in Figure 8 above, and will not be described again here.

After the smart network card receives the message, as shown by the solid arrow in Figure 14, it first matches the message with the incoming ACL flow matching rules. If the match is successful, the smart network card processes the message according to the incoming ACL flow matching rules. Carry out inbound operation and maintenance function management, that is, execute the actions corresponding to the flow table rule action items, such as performing inbound flow table statistics, setting TAG marks for packets, etc. After executing the action corresponding to the flow table rule action item, the intelligent network card matches the packet with the hardware fuzzy matching flow table. If the match is successful, the intelligent network card performs traffic management on the packet according to the hardware fuzzy matching flow table, that is, performs hardware fuzzy matching. The action corresponding to the flow table rule action item included in the flow matching rule in the flow table. After executing the action corresponding to the flow table rule action item, the intelligent network card matches the packet with the hardware exact matching flow table. If the match is successful, the intelligent network card performs traffic management on the packet according to the hardware exact matching flow table, that is, performs hardware exact matching. The action corresponding to the flow table rule action item included in the flow matching rule in the flow table. After that, the smart network card calculates the hash value corresponding to the message based on the hash matching action item, and obtains the mask corresponding to the message based on the hash value; matches the action item based on the redirection identifier, and searches the data plane hash table; based on the message corresponding The mask is consistent with the mask in the data plane hash table, confirming that the packet matches the data plane hash table successfully. Therefore, the smart network card multipath forwards the packet according to the next hop information corresponding to the mask in the data plane hash table.

Optionally, the method provided by the embodiment of this application also includes: based on the failure of the packet to match the incoming ACL flow matching rule, there is no need to execute the flow table rule action item in the incoming ACL flow matching rule, and the smart network card will Match with hardware fuzzy matching flow table. The matching result based on the packet and the hardware fuzzy matching flow table is that the packet matches the hardware fuzzy matching flow table successfully, and the hardware fuzzy matching flow table includes a upload action item, and the packet is sent to the VS; or, based on the packet and the hardware fuzzy matching flow table, the packet is sent to the VS. The matching result of the hardware fuzzy matching flow table is that the packet fails to match the hardware fuzzy matching flow table, and the packet is sent to the VS.

In addition to the above situation of sending to VS, if the packet successfully matches the hardware fuzzy matching flow table, and the hardware fuzzy matching flow table does not include the sending action item, after traffic management is performed on the packet according to the hardware fuzzy matching flow table, the packet will be message and Hardware exact match flow table for matching. The matching result based on the packet and the hardware exact matching flow table is that the packet and the hardware exact matching flow table are successfully matched, and the hardware exact matching flow table includes a upload action item, and the packet is sent to the VS; or, based on the packet and the hardware exact matching flow table, the packet is sent to the VS. The matching result of the hardware exact matching flow table is that the packet fails to match the hardware exact matching flow table, and the packet is sent to the VS.

If the matching result based on the packet and hardware exact matching flow table is that the packet successfully matches the hardware exact matching flow table, and the hardware exact matching flow table does not include an upload action item, the packet will be flown according to the hardware exact matching flow table. After management, the smart network card calculates the hash value corresponding to the message based on the hash matching action item, and obtains the mask corresponding to the message based on the hash value; matches the action item based on the redirection identifier, and searches the data plane hash table; based on the message The corresponding mask is consistent with the mask in the data plane hash table, confirming that the packet matches the data plane hash table successfully. Therefore, the smart network card multipath forwards the packet according to the next hop information corresponding to the mask in the data plane hash table. Finally, the packet is matched against the outbound ACL flow matching rules. If the match is successful, the smart network card performs outbound operation and maintenance function management on the packet based on the outbound ACL flow matching rules.

The embodiment of the present application also provides a method for managing flow table rules. Taking this method as an example of the interaction between the SDN controller and the VS, as shown in Figure 15, the method includes steps 1501 to 1503.

Step 1501: The SDN controller obtains policy routing based on the flow table aggregation mark.

In one possible implementation, the network element adds whether the virtual router (virtual router) where the port connected to the terminal side is located is north-south in the network element network sharing disk (NSD) description file. (Inbound and outbound data center (DC)) identifier. This identifier is used to indicate whether the port flow table is used in aggregation. When the network element sends out Layer 3 service packets from this port, they can be uniformly sent to the external gateway (gateway, GW). In the processing process of the OpenFlow table, the SDN controller adds policy routing for the north-south identifier in the virtual router to instruct Layer 3 packets to be forwarded to the GW by default.

Exemplarily, the policy routing matching field includes a port identifier (port). Optionally, the policy routing matching field also includes at least one of vlan, source MAC (smac), destination MAC (dmac), and Ethertype (ethtype). . The policy routing matching field also includes an action. For example, the action is forwarding to the GW, for example, forwarding to the GW in a VXLAN encapsulation manner.

Step 1502: The SDN controller delivers the policy route to the VS and instructs the VS to manage the hardware fuzzy matching flow table based on the policy route.

By delivering the policy route to VS, instructing VS to manage the hardware fuzzy matching table based on the policy route, it will be used for aggregation and use of the port flow table to further reduce the flow table entries in the exact matching table and fuzzy matching table.

Step 1503: VS receives the policy routing and generates a hardware fuzzy matching flow table based on the policy routing and the OpenFlow table.

Optionally, after VS generates a hardware fuzzy matching flow table based on policy routing and the OpenFlow table, VS can perform traffic management based on the hardware fuzzy matching flow table. In a possible implementation, the VS can also deliver the generated hardware fuzzy matching flow table to the smart network card, instructing the smart network card to manage the hardware fuzzy matching flow table. That is to say, the management method of flow table rules shown in Figure 15 provided by the embodiment of the present application can be applied to the process of obtaining the hardware fuzzy matching flow table in step 701 shown in Figures 7, 8 and 13. After VS generates the hardware fuzzy matching flow table, it can also deliver the generated hardware fuzzy matching flow table to the smart network card. The process of instructing the smart network card to manage the hardware fuzzy matching flow table can be referred to Figure 7, Figure 8 and Figure 13. Step 702 and subsequent processes will not be described again here.

Figure 16 is a schematic structural diagram of a flow table rule management device provided by an embodiment of the present application. The device is applied to a smart network card. The smart network card is used to connect to the VS. The smart network card is the smart network card shown in Figure 4 above. Based on the following modules shown in Figure 16, the flow table rule management device shown in Figure 16 can perform all or part of the operations performed by the smart network card. It should be understood that the device may include more additional modules than the modules shown or omit some of the modules shown therein, and the embodiments of the present application are not limited to this. As shown in Figure 16, the device includes:

The management module 1601 is used to manage the access control list ACL flow matching rules. The ACL flow matching rules are used for the operation and maintenance function management of the packets by the smart network card.

In a possible implementation manner, the ACL flow matching rules include at least one of an inbound ACL flow matching rule and an outbound ACL flow matching rule.

In a possible implementation, the management module 1601 is configured to receive the first message sent by the VS by calling the first application programming interface API. The first message includes the port identification of the first port of the smart network card; based on the first message Create the first ACL flow matching rule on the first port of the smart NIC.

In a possible implementation, the first message also includes at least one of a flow table rule attribute, a flow table rule matching item, and a flow table rule action item; wherein the flow table rule attribute is used to indicate that the packet needs to match At least one of the group, the direction information of the first ACL flow matching rule, and the flow table type; the flow table rule matching items include matching Ethernet layer information, matching virtual LAN VLAN information, matching Internet Protocol version 4 IPv4 information, or matching Internet Protocol At least one of the sixth version of IPv6 information, matching virtual extended LAN VXLAN information, matching item end, and packet marking; flow table rule action items include flow table statistics, sampling forwarding and flow mirroring, setting internal tags for packets, and modifying Specifies at least one of field and refnum operations.

In a possible implementation, the device further includes: a sending module, configured to send a second message to the VS, where the second message indicates the result of creating the first ACL flow matching rule on the first port of the smart network card.

In a possible implementation, the management module 1601 is configured to receive the third message sent by the VS by calling the second API, and delete the second ACL flow matching rule on the smart network card based on the third message.

In a possible implementation, the management module 1601 is configured to receive a fourth message sent by the VS by calling a third API, and query and return statistical information of the smart network card based on the fourth message.

In a possible implementation, the management module 1601 is also used to manage the hardware matching flow table. The hardware matching flow table is used by the smart network card to manage traffic. The hardware matching flow table includes a hardware exact matching flow table and a hardware fuzzy matching. At least one of the flow tables.

In one possible implementation, the hardware fuzzy matching flow table is used to match the first packet, which is a packet generated by a network element whose flow table entry satisfies the first threshold condition; hardware exact matching The flow table is used to match the second packet, and the second packet is a packet generated by a network element that meets the second threshold condition.

In one possible implementation, the management module 1601 is also used to manage the data plane hash table. The data plane hash table is used by the intelligent network card to perform multi-path forwarding of multi-path forwarding messages.

In a possible implementation, the hardware matching flow table includes at least one of a hash matching action item, a redirection identifier matching action item, and a packet upload VS software control plane matching action item; wherein, the hash matching action item It is used to instruct the execution of the query action of the data plane hash table. The redirection flag is used to indicate the data side hash table. The data plane hash table includes the hash value, mask and redirection flag. The mask corresponds to the next hop information.

Figure 17 is a schematic structural diagram of a flow table rule management device provided by an embodiment of the present application. The device is applied to a VS. The VS is used to connect to a smart network card. The VS is as shown in Figure 4 or Figure 7 or Figure 8. VS. Based on the following multiple as shown in Figure 17 Module, the flow table rule management device shown in Figure 17 can perform all or part of the operations performed by the VS. It should be understood that the device may include more additional modules than the modules shown or omit some of the modules shown therein, and the embodiments of the present application are not limited to this. As shown in Figure 17, the device includes:

The acquisition module 1701 is used to obtain the access control list ACL flow matching rules. The ACL flow matching rules are used by the smart network card to perform operation and maintenance function management of the packets;

Instruction module 1702 is used to instruct the intelligent network card to manage ACL flow matching rules.

In a possible implementation, the instruction module 1702 is configured to call the first application programming interface API to send a first message to the smart network card. The first message includes the port identification of the first port of the smart network card. The first message is used to The smart NIC creates the first ACL flow matching rule on the first port of the smart NIC.

In a possible implementation, the first message also includes at least one of a flow table rule attribute, a flow table rule matching item, and a flow table rule action item; wherein the flow table rule attribute is used to indicate that the packet needs to match The group, the first ACL flow matching rule is at least one of the incoming ACL flow matching rule or the outgoing ACL flow matching rule, and the flow table type; the flow table rule matching items include matching Ethernet layer information, matching virtual LAN VLAN information, Matching Internet Protocol version 4 IPv4 information or matching Internet Protocol version 6 IPv6 information, matching virtual extended LAN VXLAN information, matching item end, and packet marking; the flow table rule action items include flow table statistics and sampling forwarding At least one of flow mirroring, setting internal tags for packets, modifying specified fields, and refnum operations.

In a possible implementation, the device further includes: a receiving module, configured to receive a second message sent by the smart network card, where the second message is used to instruct the creation of the first ACL flow matching rule on the first port of the smart network card. result.

In a possible implementation, the instruction module 1702 is configured to call a second API to send a third message to the smart network card, where the third message is used by the smart network card to delete the second ACL flow matching rule on the smart network card.

In a possible implementation manner, the instruction module 1702 is configured to call a third API to send a fourth message to the smart network card. The fourth message is used for the smart network card to query and return statistical information of the smart network card.

In a possible implementation, the acquisition module 1701 is also used to obtain a hardware matching flow table. The hardware matching flow table is used by the smart network card to manage traffic. The hardware matching flow table includes a hardware exact matching flow table and a hardware fuzzy matching. At least one of the flow tables;

The instruction module 1702 is also used to instruct the smart network card to manage the hardware matching flow table.

In a possible implementation, the acquisition module 1701 is also used to obtain the data plane hash table, which is used by the smart network card to perform multi-path forwarding of multi-path forwarding messages; the instruction module 1702 is also used to obtain Instructs the smart NIC to manage the data plane hash table.

In a possible implementation, the hardware matching flow table includes at least one of a hash matching action item, a redirection identifier matching action item, and a packet upload VS software control plane matching action item; wherein, the hash matching action item It is used to indicate the query action of the data plane hash table. The redirection ID is used to indicate the data plane hash table. The data plane hash table includes the hash value, mask and redirection identifier. The mask corresponds to the next hop information.

Figure 18 is a schematic structural diagram of a traffic management device provided by an embodiment of the present application. The device is applied to a smart network card. The smart network card is used to connect to the VS. The smart network card is the smart network card shown in Figure 5 or Figure 9 above. Based on the following modules shown in Figure 18, the traffic management device shown in Figure 18 can perform all or part of the operations performed by the smart network card. It should be understood that the device may include more additional modules than the modules shown or omit some of the modules shown therein, and the embodiments of the present application are not limited to this. As shown in Figure 18, the device includes:

The receiving module 1801 is used to receive the message and match the message with the access control list ACL flow matching rule created on the smart network card;

The management module 1802 is configured to perform operation and maintenance function management on the packets according to the ACL flow matching rules based on successful matching between the packets and the ACL flow matching rules.

In a possible implementation, the ACL flow matching rules include incoming ACL flow matching rules and outgoing ACL flow matching rules; the management module 1802 is configured to, based on successful matching of the packet with the incoming ACL flow matching rule, according to The inbound ACL flow matching rules perform inbound operation and maintenance function management on the packets; the packets are forwarded on Layer 2 and Layer 3 networks; based on successful matching between the packets and the outbound ACL flow matching rules, the packets are processed based on the outbound ACL flow matching rules. The outbound operation and maintenance functions manage the packets.

In a possible implementation, the management module 1802 is also used to match the packet with a hardware matching flow table. The hardware matching flow table includes at least one of a hardware exact matching flow table and a hardware fuzzy matching flow table; according to The matching results between the packets and the hardware matching flow table are used to perform traffic management on the packets.

In a possible implementation, the management module 1802 is configured to match the message with the hardware fuzzy matching flow table based on the message being the first message, and the first message being the generated flow table entry that satisfies the first threshold condition. A packet generated by a network element; or, based on the fact that the packet is a second packet, the packet is matched with the hardware exact matching flow table, and the second packet is a packet generated by a network element that meets the second threshold condition. .

In a possible implementation, the management module 1802 is configured to, based on the matching result between the packet and the hardware matching flow table, that the packet matches the hardware matching flow table successfully, and the hardware matching flow table includes an upload action item, The packet is sent to the VS; or, based on the matching result between the packet and the hardware matching flow table, the packet fails to match the hardware matching flow table, and the packet is sent to the VS.

In a possible implementation, the message is a multi-path forwarding message, and the management module 1802 is also used to match the message with the data plane hash table; based on the successful matching of the message with the data plane hash table, the Messages are forwarded through multipath.

In a possible implementation, the hardware matching flow table includes a hash matching action item and a turn identification matching action item; where the hash matching action item is used to indicate the query action of executing the data plane hash table, and the turn identification is used to Indicates the data plane hash table. The data plane hash table includes hash value, mask and redirection identifier. The mask corresponds to the next hop information;

The management module 1802 is used to calculate the hash value corresponding to the message based on the hash matching action item, and obtain the mask corresponding to the message based on the hash value; match the action item based on the redirection identifier, and search the data plane hash table; based on the report The mask corresponding to the message is consistent with the mask in the data plane hash table, confirming that the message and the data plane hash table are matched successfully;

The management module 1802 is used to multi-path forward packets according to the next hop information corresponding to the mask in the data plane hash table.

In one possible implementation, the hardware matching flow table includes a hash matching action item, a redirection identifier matching action item, and a message upload VS software control plane matching action item; where the hash matching action item is used to indicate execution data In the query action of the surface hash table, the redirection identifier is used to indicate the data-plane hash table. The data-plane hash table includes the hash value, mask and redirection identifier. The mask corresponds to the next hop information;

The management module 1802 is used to match action items based on hash, calculate the hash value corresponding to the message, and obtain the hash value based on the hash value. Get the mask corresponding to the message; search the data-side hash table based on the steering identifier matching action item; determine the message and data-side hash based on the inconsistency between the hash value corresponding to the message and the mask in the data-side hash table Table matching failed;

The management module 1802 is also used to send packets to the virtual switch VS.

Figure 19 is a schematic structural diagram of a traffic management device provided by an embodiment of the present application. The device is applied to a VS. The VS is used to connect to a smart network card. The VS is the VS shown in Figure 9 above. Based on the following modules shown in Figure 19, the traffic management device shown in Figure 19 can perform all or part of the operations performed by the VS. It should be understood that the device may include more additional modules than the modules shown or omit some of the modules shown therein, and the embodiments of the present application are not limited to this. As shown in Figure 19, the device includes:

The receiving module 1901 is used to receive the message sent by the smart network card. The message is sent by the smart network card when the message successfully matches the hardware matching flow table on the smart network card, and the hardware matching flow table includes an upload action item. , or the message is sent by the intelligent network card when the message fails to match the hardware matching flow table on the intelligent network card, or the message is sent by the intelligent network card when the message fails to match the data plane hash table on the intelligent network card. sent later;

The management module 1902 is used to match the packets with the open source flow table on the VS, and perform traffic management on the packets based on the matching results.

An embodiment of the present application provides a management device. The management device may be a smart network card or a VS, and is used to execute the steps shown in Figures 4, 5, 7, 8, 9, 12, 13 and 15. The operations involved in the smart network card or VS in the method shown below. Exemplarily, the management device includes: a processor, which is used to implement operations related to the smart network card or VS.

In a possible implementation, the device is a chip.

Illustratively, the processor is a general central processing unit (CPU), a digital signal processor (DSP), a network processor (NP), a graphics processing unit (GPU) ), neural-network processing units (NPU), data processing unit (DPU), microprocessor or one or more integrated circuits used to implement the solution of the present application. For example, the processor 1001 includes an application-specific integrated circuit (ASIC), a programmable logic device (PLD) or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. PLD is, for example, a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a general array logic (GAL), or any combination thereof. It may implement or execute various logical blocks, modules and circuits described in connection with the disclosure of the embodiments of this application. The processor may also be a combination that implements computing functions, such as one or more microprocessor combinations, a DSP and a microprocessor combination, and so on.

Referring to Figure 20, Figure 20 shows a schematic structural diagram of a network device 2000 provided by an exemplary embodiment of the present application. The network device 2000 shown in Figure 20 can be a smart network card or a VS, used to perform the methods shown in Figure 4, Figure 5, Figure 7, Figure 8, Figure 9, Figure 12, Figure 13 and Figure 15. operate. The network device 2000 is, for example, a switch, a router, etc., and the network device 2000 can be implemented by a general bus architecture. As shown in Figure 20, the network device 2000 includes at least one processor 2001, a memory 2003, and at least one communication interface 2004.

The processor 2001 is, for example, a CPU, DSP, NP, GPU, NPU, DPU, microprocessor, or one or more integrated circuits used to implement the solution of the present application. For example, processor 2001 includes an ASIC, PLD or other programmable logic components, transistor logic devices, hardware components, or any combination thereof. The PLD is, for example, CPLD, FPGA, GAL or any combination thereof. It may implement or execute various logical blocks, modules and circuits described in connection with the disclosure of the embodiments of this application. The processor may also be a combination that implements computing functions, such as one or more microprocessor combinations, a DSP and a microprocessor combination, and so on.

Optionally, the network device 2000 also includes a bus. Buses are used to transfer information between components of network device 2000. The bus can be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus, etc. The bus can be divided into address bus, data bus, control bus, etc. For ease of presentation, only one thick line is used in Figure 20, but it does not mean that there is only one bus or one type of bus.

The memory 2003 is, for example, a read-only memory (ROM) or other type of static storage device that can store static information and instructions, or a random access memory (random access memory, RAM) or a device that can store information and instructions. Other types of dynamic storage devices, such as electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disk storage, optical discs Storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or can be used to carry or store desired program instructions in the form of instructions or data structures and can Any other media accessed by a computer, without limitation. The memory 2003 exists independently, for example, and is connected to the processor 2001 through a bus. The memory 2003 may also be integrated with the processor 2001.

The communication interface 2004 uses any device such as a transceiver to communicate with other devices or a communication network. The communication network can be Ethernet, a radio access network (RAN) or a wireless local area network (WLAN), etc. The communication interface 2004 may include a wired communication interface and may also include a wireless communication interface. Specifically, the communication interface 2004 may be an Ethernet (ethernet) interface, a fast ethernet (FE) interface, a gigabit ethernet (GE) interface, an asynchronous transfer mode (ATM) interface, a wireless LAN ( wireless local area networks, WLAN) interface, cellular network communication interface or a combination thereof. The Ethernet interface can be an optical interface, an electrical interface, or a combination thereof. In this embodiment of the present application, the communication interface 2004 can be used for the network device 2000 to communicate with other devices.

In specific implementation, as an embodiment, the processor 2001 may include one or more CPUs, such as CPU0 and CPU1 as shown in FIG. 20 . Each of these processors may be a single-CPU processor or a multi-CPU processor. A processor here may refer to one or more devices, circuits, and/or processing cores for processing data (eg, computer program instructions).

In specific implementation, as an embodiment, the network device 2000 may include multiple processors, such as the processor 2001 and the processor 2005 shown in FIG. 20 . Each of these processors can be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor here may refer to one or more devices, circuits, and/or processing cores for processing data (such as computer program instructions).

In specific implementation, as an embodiment, the network device 2000 may also include an output device and an input device. Output devices communicate with processor 2001 and can display information in a variety of ways. For example, the output device may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, a projector, etc. Input devices communicate with processor 2001 and can receive user input in a variety of ways. For example, the input device may be a mouse, keyboard, touch screen device, or Sensing equipment, etc.

In some embodiments, the memory 2003 is used to store program instructions 2010 for executing the solution of the present application, and the processor 2001 can execute the program instructions 2010 stored in the memory 2003. That is, the network device 2000 can implement the flow table rule management method or the traffic management method provided by the method embodiment through the processor 2001 and the program instructions 2010 in the memory 2003. Program instructions 2010 may include one or more software modules. Optionally, the processor 2001 itself can also store program codes or instructions for executing the solution of the present application.

In specific embodiments, the network device 2000 in the embodiment of the present application may correspond to the VS in the method embodiments in Figure 4, Figure 5, Figure 7, Figure 8, Figure 9, Figure 12, Figure 13 and Figure 15. The network The processor 2001 in the device 2000 reads the instructions in the memory 2003, so that the network device 2000 shown in Figure 21 can perform all or part of the operations performed by the VS.

In specific embodiments, the network device 2000 in the embodiment of the present application may correspond to the smart network card in the method embodiments in Figure 4, Figure 5, Figure 7, Figure 8, Figure 9, Figure 12, Figure 13 and Figure 15, The processor 2001 in the network device 2000 reads the instructions in the memory 2003, so that the network device 2000 shown in Figure 21 can perform all or part of the operations performed by the smart network card.

The network device 2000 may also correspond to the device shown in FIGS. 16-19, and each functional module in the device is implemented using the software of the network device 2000. In other words, the functional modules included in the device are generated by the processor 2001 of the network device 2000 after reading the program instructions 2010 stored in the memory 2003.

Wherein, each step of the method shown in Figure 4, Figure 5, Figure 7, Figure 8, Figure 9, Figure 12, Figure 13 and Figure 15 is implemented in the form of integrated logic circuits or software of hardware in the processor of the network device 2000 The instruction is completed. The steps of the methods disclosed in conjunction with the embodiments of the present application can be directly implemented by a hardware processor for execution, or can be executed by a combination of hardware and software modules in the processor. The software module can be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other mature storage media in this field. The storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware. To avoid repetition, the details will not be described here.

Referring to Figure 21, Figure 21 shows a schematic structural diagram of a network device 2100 provided by another exemplary embodiment of the present application. The network device 2100 shown in Figure 21 can be a smart network card or a VS, used to perform the methods shown in Figure 4, Figure 5, Figure 7, Figure 8, Figure 9, Figure 12, Figure 13 and Figure 15. operate. The network device 2100 is, for example, a switch, a router, etc., and the network device 2100 can be implemented by a general bus architecture. As shown in Figure 21, the network device 2100 includes: a main control board 2110 and an interface board 2130.

The main control board is also called the main processing unit (MPU) or route processor card. The main control board 2110 is used to control and manage various components in the network device 2100, including route calculation and device management. , equipment maintenance, protocol processing functions. The main control board 2110 includes: a central processing unit 2111 and a memory 2112.

The interface board 2130 is also called a line processing unit (LPU), line card or service board. The interface board 2130 is used to provide various service interfaces and implement data packet forwarding. Business interfaces include but are not limited to Ethernet interfaces, POS (packet over SONET/SDH) interfaces, etc. Ethernet interfaces are, for example, flexible Ethernet business interfaces (flexible ethernet clients, FlexE Clients). The interface board 2130 includes: a central processor 2131, a network processor 2132, a forwarding entry memory 2134, and a physical interface card (physical interface card, PIC) 2133.

The central processor 2131 on the interface board 2130 is used to control and manage the interface board 2130 and communicate with the central processor 2111 on the main control board 2110 .

The network processor 2132 is used to implement packet forwarding processing. The network processor 2132 may be in the form of a forwarding chip. The forwarding chip may be a network processor (NP). In some embodiments, the forwarding chip may be implemented by an application-specific integrated circuit (ASIC) or a field programmable gate array (FPGA). Specifically, the network processor 2132 is configured to forward the received message based on the forwarding table stored in the forwarding table memory 2134, and if the destination address of the message is the address of the message processing device 2100, then upload the message to CPU (such as central processing unit 2131) processes; if the destination address of the message is not the address of the message processing device 2100, the next hop and outgoing interface corresponding to the destination address are found from the forwarding table according to the destination address, and the destination address is The packet is forwarded to the outbound interface corresponding to the destination address. Among them, the processing of uplink packets may include: processing of the packet incoming interface, forwarding table search; and the processing of downlink packets may include: forwarding table search, etc. In some embodiments, the central processing unit can also perform the function of the forwarding chip, such as implementing software forwarding based on a general-purpose CPU, so that there is no need for a forwarding chip in the interface board.

The physical interface card 2133 is used to implement the docking function of the physical layer. The original traffic enters the interface board 2130 through this, and the processed packets are sent out from the physical interface card 2133. The physical interface card 2133 is also called a daughter card and can be installed on the interface board 2130. It is responsible for converting photoelectric signals into messages and checking the validity of the messages before forwarding them to the network processor 2132 for processing. In some embodiments, the central processor 2131 can also perform the functions of the network processor 2132, such as implementing software forwarding based on a general-purpose CPU, so that the network processor 2132 is not required in the physical interface card 2133.

Exemplarily, the network device 2100 includes multiple interface boards. For example, the network device 2100 also includes an interface board 2140. The interface board 2140 includes: a central processor 2141, a network processor 2142, a forwarding entry memory 2144, and a physical interface card 2143. The functions and implementation methods of each component in the interface board 2140 are the same as or similar to those of the interface board 2130 and will not be described again here.

Exemplarily, the network device 2100 also includes a switching fabric board 2120. The switching fabric unit 2120 may also be called a switching fabric unit (switch fabric unit, SFU). When the network device has multiple interface boards, the switching network board 2120 is used to complete data exchange between the interface boards. For example, the interface board 2130 and the interface board 2140 can communicate through the switching network board 2120.

The main control board 2110 is coupled with the interface board. For example. The main control board 2110, the interface board 2130, the interface board 2140, and the switching network board 2120 are connected to the system backplane through a system bus to achieve intercommunication. In a possible implementation, an inter-process communication protocol (IPC) channel is established between the main control board 2110 and the interface board 2130 and the interface board 2140. The main control board 2110 and the interface board 2130 and the interface board 2140 communicate through IPC channels.

Logically, network device 2100 includes a control plane and a forwarding plane. The control plane includes a main control board 2110 and a central processor 2111. The forwarding plane includes various components that perform forwarding, such as forwarding entry memory 2134, physical interface card 2133, and network processing. Device 2132. The control plane executes functions such as router, generates forwarding tables, processes signaling and protocol messages, configures and maintains the status of network devices. The control plane sends the generated forwarding tables to the forwarding plane. On the forwarding plane, the network processor 2132 is based on the control The forwarding table delivered above looks up the table and forwards the packets received by the physical interface card 2133. The forwarding table delivered by the control plane may be stored in the forwarding table item storage 2134. In some embodiments, the control plane and forwarding plane may be completely separated and not on the same network device.

It is worth mentioning that there may be one or more main control boards, and when there are multiple main control boards, they can include the main main control board and the backup main control board. There may be one or more interface boards. The stronger the data processing capability of the network device, the more interface boards are provided. There can also be one or more physical interface cards on the interface board. There may be no switching network board, or there may be one or more switching network boards. When there are multiple switching network boards, load sharing and redundant backup can be realized together. Under the centralized forwarding architecture, network equipment does not need switching network boards, and the interface boards are responsible for processing the business data of the entire system. Under the distributed forwarding architecture, network equipment can have at least one switching network board, which enables data exchange between multiple interface boards through the switching network board, providing large-capacity data exchange and processing capabilities. Therefore, the data access and processing capabilities of the distributed architecture message processing equipment are greater than those of the centralized architecture. Document processing equipment. For example, the network device can also be in the form of only one board, that is, there is no switching network board. The functions of the interface board and the main control board are integrated on this board. In this case, the central processor and the main control board on the interface board The central processor on the board can be combined into one central processor on this board to perform the superimposed functions of the two. This form of network equipment has low data exchange and processing capabilities (for example, low-end switches or routers) and other network equipment). The specific architecture used depends on the specific networking deployment scenario and is not limited here.

In a possible implementation manner, this embodiment of the present application also provides a management system, which includes: a VS and a smart network card. For example, both VS and smart network cards are suitable for the above management device. Illustratively, the management system is obtained based on the network devices shown in Figures 20 and 21. For example, the VS is the network device 2000 shown in Figure 20 or the network device 2100 shown in Figure 21, and the smart network card is the network device 2000 shown in Figure 20 or the network device 2100 shown in Figure 21. For the methods performed by the VS and the smart network card, please refer to the relevant descriptions of the embodiments shown in the methods shown in the above-mentioned Figures 4, 5, 7, 8, 9, 12, 13 and 15, which are not included here. Let’s elaborate further.

An embodiment of the present application also provides a communication device, which includes: a transceiver, a memory, and a processor. Wherein, the transceiver, the memory and the processor communicate with each other through an internal connection path, the memory is used to store instructions, and the processor is used to execute the instructions stored in the memory to control the transceiver to receive signals and control the transceiver to send signals. , and when the processor executes the instructions stored in the memory, the processor is caused to execute the required execution of the smart network card or VS in Figure 4, Figure 5, Figure 7, Figure 8, Figure 9, Figure 12, Figure 13 and Figure 15 Methods.

It should be understood that the above-mentioned processor may be a CPU, or other general-purpose processor, DSP, ASIC, FPGA or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor can be a microprocessor or any conventional processor, etc. It is worth noting that the processor may be a processor that supports advanced RISC machines (ARM) architecture.

Further, in an optional embodiment, the above-mentioned memory may include a read-only memory and a random access memory, and provide instructions and data to the processor. Memory may also include non-volatile random access memory. For example, the memory may also store device type information.

The memory may be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory. Among them, non-volatile memory can be read-only memory (ROM), programmable ROM (PROM), erasable programmable read-only memory (erasable PROM, EPROM), electrically removable memory. Erase electrically programmable read-only memory (EPROM, EEPROM) or flash memory. Volatile memory can be random access memory (RAM), which is used as an external cache. By way of illustration, but not limitation, many forms of RAM are available. For example, static random access memory (static RAM, SRAM), dynamic random access memory (dynamic random access memory, DRAM), synchronous dynamic random access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access Memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous link dynamic random access memory (synchlink DRAM, SLDRAM) and direct memory bus random access memory (direct rambus RAM, DR RAM).

Embodiments of the present application also provide a computer-readable storage medium. At least one instruction is stored in the storage medium. The instruction is loaded and executed by the processor to implement the above Figures 4, 5, 7, 8, 9, and 12. The method described in any one of Figure 13 and Figure 15.

Embodiments of the present application also provide a computer program (product). When the computer program is executed by a computer, it can cause the processor or computer to execute each step and/or process of the corresponding method in the above method embodiment.

Embodiments of the present application also provide a chip, including a processor, configured to call from a memory and run instructions stored in the memory, so that the communication device installed with the chip executes as shown in Figures 4, 5, and 7 above. , the method described in any one of Figure 8, Figure 9, Figure 12, Figure 13 and Figure 15.

An embodiment of the present application also provides another chip, including: an input interface, an output interface, a processor, and a memory. The input interface, the output interface, the processor, and the memory are connected through an internal connection path, and the The processor is used to execute the code in the memory. When the code is executed, the processor is used to execute the steps shown in Figure 4, Figure 5, Figure 7, Figure 8, Figure 9, Figure 12, Figure 13 and Figure 15. any of the methods described.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in this application are generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, e.g., the computer instructions may be transferred from a website, computer, server, or data center Transmission to another website, computer, server or data center through wired (such as coaxial cable, optical fiber, digital subscriber line) or wireless (such as infrared, wireless, microwave, etc.) means. The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more available media integrated. The available media may be magnetic media (such as floppy disks, hard disks, magnetic tapes), optical media (such as DVDs), or semiconductor media (such as solid state disks), etc.

Those of ordinary skill in the art will appreciate that the method steps and modules described in conjunction with the embodiments disclosed herein can be implemented in software, hardware, firmware, or any combination thereof. In order to clearly illustrate the interoperability of hardware and software, Alternatively, the steps and compositions of each embodiment have been generally described in terms of functions in the above description. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. One of ordinary skill in the art may implement the described functionality using different methods for each specific application, but such implementations should not be considered beyond the scope of this application.

Those of ordinary skill in the art can understand that all or part of the steps to implement the above embodiments can be completed by hardware, or can be completed by instructing the relevant hardware through a program. The program can be stored in a computer-readable storage medium. As mentioned above, The storage medium can be read-only memory, magnetic disk or optical disk, etc.

When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer program instructions. By way of example, methods of embodiments of the present application may be described in the context of machine-executable instructions, such as included in a program module executing in a device on a target's real or virtual processor. Generally speaking, program modules include routines, programs, libraries, objects, classes, components, data structures, etc., which perform specific tasks or implement specific abstract data structures. In various embodiments, the functionality of program modules may be combined or split between the described program modules. Machine-executable instructions for program modules can execute locally or on a distributed device. In a distributed device, program modules can be located in both local and remote storage media.

Computer program codes for implementing the methods of embodiments of the present application may be written in one or more programming languages. These computer program codes may be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device, so that when executed by the computer or other programmable data processing device, the program code causes the flowcharts and/or block diagrams to be displayed. The functions/operations specified in are implemented. The program code may execute entirely on the computer, partly on the computer, as a stand-alone software package, partly on the computer and partly on a remote computer or entirely on the remote computer or server.

In the context of the embodiments of the present application, the computer program code or related data may be carried by any appropriate carrier, so that the device, device or processor can perform the various processes and operations described above. Examples of carriers include signals, computer-readable media, and the like.

Examples of signals may include electrical, optical, radio, acoustic, or other forms of propagated signals, such as carrier waves, infrared signals, and the like.

Those skilled in the art can clearly understand that for the convenience and simplicity of description, the specific working processes of the systems, devices and modules described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be described again here.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the modules is only a logical function division. In actual implementation, there may be other division methods. For example, multiple modules or components may be combined or may be Integrated into another system, or some features can be ignored, or not implemented. In addition, the coupling or direct coupling or communication connection between each other shown or discussed may be indirect coupling or communication connection through some interfaces, devices or modules, or may be electrical, mechanical or other forms of connection.

The modules described as separate components may or may not be physically separated. The components shown as modules may or may not be physical modules, that is, they may be located in one place, or they may be distributed to multiple network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the embodiments of the present application.

In addition, each functional module in each embodiment of the present application can be integrated into one processing module, or each module can exist physically alone, or two or more modules can be integrated into one module. The above integrated modules can be implemented in the form of hardware or software function modules.

If the integrated module is implemented in the form of a software function module and sold or used as an independent product, it can be stored in a computer-readable storage medium. A computer-readable storage medium may be any tangible medium that contains or stores a program for or in connection with an instruction execution system, apparatus, or device. Computer-readable storage media may be machine-readable signal media or machine-readable storage media. Computer-readable storage media may include, but are not limited to, electronic, magnetic, optical, electromagnetic, infrared or semiconductor systems, devices or devices, or any suitable combination thereof. More detailed examples of computer readable storage media include an electrical connection with one or more wires, portable computer disks, hard drives, random access memory (RAM), read only memory (ROM), erasable programmable read only memory Memory (EPROM or flash memory), optical storage device, magnetic storage device, or any suitable combination thereof.

It should also be understood that in each embodiment of the present application, the size of the sequence number of each process does not mean the order of execution. The execution order of each process should be determined by its function and internal logic, and should not be determined by the execution order of the embodiments of the present application. The implementation process constitutes no limitation.

The term "at least one" in this application means one or more, and the term "multiple" in this application means two or more. For example, multiple target objects means two or more target audience.

It is to be understood that the terminology used in the description of the various examples herein is for the purpose of describing the particular example only and is not intended to be limiting. As used in the description of various described examples and the appended claims, the singular forms "a," "an" and "the" are intended to include the plural forms as well, unless the context dictates otherwise. Instruct clearly.

It will also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. The term "and/or" is an association relationship that describes related objects, indicating that there can be three relationships. For example, A and/or B can mean: A alone exists, A and B exist simultaneously, and B alone exists. situation. In addition, the character "/" in this application generally indicates that the related objects are an "or" relationship.

It will also be understood that the term "includes" (also "includes," "including," "comprises," and/or "comprising") when used in this specification specifies the presence of stated features, integers, steps, operations, elements , and/or components, but does not exclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groupings thereof.

It should also be understood that the terms "if" and "if" may be interpreted to mean "when" or "upon" or "in response to determining" or "in response to detecting." Similarly, depending on the context, the phrase "if it is determined..." or "if [stated condition or event] is detected" may be interpreted to mean "when it is determined..." or "in response to the determination... ” or “on detection of [stated condition or event]” or “in response to detection of [stated condition or event].”

It should be understood that determining B based on A does not mean determining B only based on A, and B can also be determined based on A and/or other information.

It should also be understood that references throughout this specification to "one embodiment," "an embodiment," and "a possible implementation" mean that specific features, structures, or characteristics related to the embodiment or implementation are included herein. In at least one embodiment of the application. Therefore, “in one embodiment” or “in an embodiment” or “a possible implementation” appearing in various places throughout this specification do not necessarily refer to the same embodiment. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner in one or more embodiments.

It should be noted that the information (including but not limited to user equipment information, user personal information, etc.), data (including but not limited to data used for analysis, stored data, displayed data, etc.) and signals involved in this application, All are authorized by the user or fully authorized by all parties, and the collection, use and processing of relevant data need to comply with relevant laws, regulations and standards of relevant countries and regions. For example, the location information of each of the multiple target objects involved in this application is obtained with full authorization.

The above descriptions are only optional embodiments of this application and are not intended to limit this application. Any modifications, equivalent substitutions, improvements, etc. made within the principles of this application shall be included in the protection scope of this application. .

Claims

A management method for flow table rules, characterized in that the management method is executed by an intelligent network card, and the intelligent network card is used to connect to a virtual switch VS. The method includes:

The smart network card manages access control list ACL flow matching rules, and the ACL flow matching rules are used for the smart network card to perform operation and maintenance function management on messages.
The method according to claim 1, wherein the ACL flow matching rules include at least one of inbound ACL flow matching rules and outbound ACL flow matching rules.
The method according to claim 1 or 2, characterized in that the smart network card manages access control list ACL flow matching rules, and the method includes:

The smart network card receives the first message sent by the VS by calling a first application programming interface API, where the first message includes the port identifier of the first port of the smart network card;

The smart network card creates a first ACL flow matching rule on the first port of the smart network card based on the first message.
The method of claim 3, wherein the first message further includes at least one of flow table rule attributes, flow table rule matching items, and flow table rule action items;

Wherein, the flow table rule attribute is used to indicate at least one of the group that the packet needs to match, the direction information of the first ACL flow matching rule, and the flow table type;

The flow table rule matching items include matching Ethernet layer information, matching virtual LAN VLAN information, matching Internet Protocol version 4 IPv4 information or matching Internet Protocol version 6 IPv6 information, matching virtual extended LAN VXLAN information, matching item end, message at least one of the markers;

The flow table rule action items include at least one of flow table statistics, sampling forwarding and flow mirroring, setting internal tags for packets, modifying specified fields, and refnum operations.
The method according to claim 3 or 4, characterized in that, the method further includes:

The smart network card sends a second message to the VS, where the second message indicates the result of creating the first ACL flow matching rule on the first port of the smart network card.
The method according to any one of claims 1 to 5, characterized in that the smart network card manages access control list ACL flow matching rules, and the method includes:

The smart network card receives the third message sent by the VS by calling the second API, and deletes the second ACL flow matching rule on the smart network card based on the third message.
The method according to any one of claims 1 to 6, characterized in that the smart network card manages access control list ACL flow matching rules, and the method includes:

The smart network card receives a fourth message sent by the VS by calling a third API, and queries and returns statistical information of the smart network card based on the fourth message.
The method according to any one of claims 1-7, characterized in that the method further includes:

The smart network card manages a hardware matching flow table. The hardware matching flow table is used by the smart network card to manage traffic. The hardware matching flow table includes at least one of a hardware exact matching flow table and a hardware fuzzy matching flow table. kind.
The method according to claim 8, characterized in that the hardware fuzzy matching flow table is used to match a first message, and the first message is generated by a network element whose flow table entry satisfies a first threshold condition. generated messages;

The hardware exact matching flow table is used to match the second message, and the second message is a message generated by a network element that meets the second threshold condition.
The method according to claim 8 or 9, characterized in that, the method further includes:

The smart network card manages a data plane hash table, and the data plane hash table is used by the smart network card to perform multi-path forwarding of multi-path forwarding messages.
The method according to claim 10, characterized in that the hardware matching flow table includes at least one of a hash matching action item, a redirection identification matching action item and a message uploading matching action item to the VS software control plane. ;

Wherein, the hash matching action item is used to indicate execution of the query action of the data plane hash table, and the redirection flag is used to indicate the data plane hash table, and the data plane hash table includes a hash value. , a mask and the redirection identifier, where the mask corresponds to next hop information.
A management method for flow table rules, characterized in that the management method is executed by a virtual switch VS, and the VS is used to connect to an intelligent network card. The method includes:

The VS obtains the access control list ACL flow matching rules, and the ACL flow matching rules are used by the smart network card to perform operation and maintenance function management of messages;

The VS instructs the smart network card to manage the ACL flow matching rules.
The method according to claim 12, wherein the ACL flow matching rules include at least one of inbound ACL flow matching rules and outbound ACL flow matching rules.
The method according to claim 12 or 13, characterized in that the VS instructs the smart network card to manage the ACL flow matching rules, and the method includes:

The VS calls a first application programming interface API to send a first message to the smart network card. The first message includes the port identification of the first port of the smart network card. The first message is used for the smart network card. Create a first ACL flow matching rule on the first port of the smart network card.
The method of claim 14, wherein the first message further includes at least one of flow table rule attributes, flow table rule matching items, and flow table rule action items;

Wherein, the flow table rule attribute is used to indicate at least one of the group that the packet needs to match, whether the first ACL flow matching rule is an inbound ACL flow matching rule or an outgoing ACL flow matching rule, and a flow table type. ;

The flow table rule matching items include matching Ethernet layer information, matching virtual LAN VLAN information, matching Internet Protocol version 4 IPv4 information or matching Internet Protocol version 6 IPv6 information, matching virtual extended LAN VXLAN information, matching item end, message at least one of the markers;

The flow table rule action items include at least one of flow table statistics, sampling forwarding and flow mirroring, setting internal tags for packets, modifying specified fields, and refnum operations.
The method according to claim 14 or 15, characterized in that the method further includes:

The VS receives a second message sent by the smart network card, where the second message is used to indicate the result of creating the first ACL flow matching rule on the first port of the smart network card.
The method according to any one of claims 12-16, characterized in that the VS instructs the smart network card to manage the ACL flow matching rules, and the method includes:

The VS calls a second API to send a third message to the smart network card, where the third message is used by the smart network card to delete the second ACL flow matching rule on the smart network card.
The method according to any one of claims 12 to 17, characterized in that the VS instructs the smart network card to manage the ACL flow matching rules, and the method includes:

The VS calls a third API to send a fourth message to the smart network card. The fourth message is used for the smart network card to query and return statistical information of the smart network card.
The method according to any one of claims 12-18, characterized in that the method further includes:

The VS obtains a hardware matching flow table. The hardware matching flow table is used by the smart network card to manage traffic. The hardware matching flow table includes at least one of a hardware exact matching flow table and a hardware fuzzy matching flow table. ;

The VS instructs the smart network card to manage the hardware matching flow table.
The method according to claim 19, characterized in that the hardware fuzzy matching flow table is used to match a first message, and the first message is generated by a network element whose flow table entry satisfies a first threshold condition. generated messages;

The hardware exact matching flow table is used to match the second message, and the second message is a message generated by a network element that meets the second threshold condition.
The method according to claim 19 or 20, characterized in that the method further includes:

The VS obtains a data plane hash table, and the data plane hash table is used by the smart network card to perform multi-path forwarding of multi-path forwarding messages;

The VS instructs the smart network card to manage the data plane hash table.
The method according to claim 21, characterized in that the hardware matching flow table includes at least one of a hash matching action item, a redirection identification matching action item and a message uploading matching action item to the VS software control plane. ;

Wherein, the hash matching action item is used to indicate the execution of the query action of the data plane hash table, the steering ID is used to indicate the data plane hash table, and the data plane hash table includes a hash value , a mask and the redirection identifier, where the mask corresponds to next hop information.
A traffic management method, characterized in that the method includes:

The smart network card receives the message and matches the message with the access control list ACL flow matching rule created on the smart network card;

Based on the successful match between the packet and the ACL flow matching rule, the smart network card performs operation and maintenance function management on the packet according to the ACL flow matching rule.
The method according to claim 23, characterized in that the ACL flow matching rules include inbound ACL flow matching rules and outgoing ACL flow matching rules;

Based on the successful match between the packet and the ACL flow matching rule, the smart network card performs operation and maintenance function management on the packet according to the ACL flow matching rule, including:

Based on the successful match between the packet and the inbound ACL flow matching rule, the smart network card performs inbound operation and maintenance function management on the packet according to the inbound ACL flow matching rule;

The smart network card forwards the message on the second and third layer networks;

Based on the successful match between the packet and the outbound ACL flow matching rule, the smart network card performs outbound operation and maintenance function management on the packet according to the outbound ACL flow matching rule.
The method according to claim 23 or 24, characterized in that, the method further includes:

The smart network card matches the message with a hardware matching flow table, where the hardware matching flow table includes at least one of a hardware exact matching flow table and a hardware fuzzy matching flow table;

The smart network card performs traffic management on the packet according to the matching result between the packet and the hardware matching flow table.
The method according to claim 25, characterized in that the smart network card matches the message with a hardware matching flow table, including:

Based on the fact that the message is the first message, the smart network card matches the message with the hardware fuzzy matching flow table, and the first message is a network element that generates a flow table entry that satisfies the first threshold condition. the message generated; or

Based on the fact that the message is a second message, the smart network card matches the message with the hardware accurate matching flow table, and the second message is a message generated by a network element that meets the second threshold condition. arts.
The method according to claim 25 or 26, characterized in that the smart network card performs traffic management on the packet according to the matching result between the packet and the hardware matching flow table, including:

Based on the matching result between the packet and the hardware matching flow table, the packet matches the hardware matching flow table successfully, and the hardware matching flow table includes an upload action item, upload the packet Send the VS;

Alternatively, based on the matching result between the packet and the hardware matching flow table being that the packet fails to match the hardware matching flow table, the packet is sent to the VS.
The method according to any one of claims 25-27, characterized in that the message is a multi-path forwarding message, and the method further includes:

The smart network card matches the message with a data plane hash table;

Based on the successful matching between the message and the data plane hash table, the smart network card performs multi-path forwarding on the message.
The method according to claim 28, characterized in that the hardware matching flow table includes a hash matching action item and a turn identification matching action item; wherein the hash matching action item is used to indicate execution of the data plane hashing Hash table query action, the redirection identifier is used to indicate the data plane hash table, the data plane hash table includes a hash value, a mask and the redirection identifier, the mask corresponds to the next hop information ;

The smart network card matches the message with the data plane hash table, including:

The smart network card calculates a hash value corresponding to the message based on the hash matching action item, and obtains a mask corresponding to the message based on the hash value;

Based on the steering identifier matching action item, search the data plane hash table;

Based on the mask corresponding to the message being consistent with the mask in the data plane hash table, it is determined that the message and the data plane hash table are successfully matched;

The smart network card performs multi-path forwarding of the message, including:

The smart network card performs multi-path forwarding of the message according to the next hop information corresponding to the mask in the data plane hash table.
The method according to claim 28, characterized in that the hardware matching flow table includes a hash matching action item, a steering identification matching action item and a message uploading matching action item to the VS software control plane; wherein, the The hash matching action item is used to indicate the execution of the query action of the data plane hash table, and the turn flag is used to indicate the data plane hash table. The data plane hash table includes a hash value, a mask, and a The redirection identifier and the mask correspond to next hop information;

The smart network card matches the message with the data plane hash table, including:

The smart network card calculates a hash value corresponding to the message based on the hash matching action item, and obtains a mask corresponding to the message based on the hash value;

Based on the steering identifier matching action item, search the data plane hash table;

Based on the hash value corresponding to the message being inconsistent with the mask in the data plane hash table, it is determined that the message fails to match the data plane hash table;

The method also includes:

The smart network card sends the message to the virtual switch VS.
A traffic management method, characterized in that the method includes:

The virtual switch VS receives the message sent by the smart network card. The message is successfully matched by the smart network card with the hardware matching flow table on the smart network card, and the hardware matching flow table includes the uploaded message. action item is sent, or the message is sent by the intelligent network card when the message matches the flow table of the hardware on the intelligent network card. Sent when the match fails, or the message is sent by the smart network card after the message fails to match the data plane hash table on the smart network card;

The VS matches the packet with the open source flow table on the VS, and performs traffic management on the packet according to the matching result.
A management device, characterized by comprising a processor, the processor being configured to implement the flow table rule management method as claimed in any one of claims 1-11, or the processor being configured to implement the flow table rule management method as claimed in claim 12 The management method of flow table rules according to any one of -22, or the processor is used to implement the traffic management method according to any one of claims 23-30, or the processor is used to implement the traffic management method as claimed in any one of claims 23-30. The traffic management method described in 31.
The device according to claim 32, wherein the management device is a chip.
The device according to claim 32, characterized in that the management device is a network device, and the type of the network device includes at least one of the following: a router, a switch or a server.
A management system, characterized in that the management system includes a virtual switch VS and an intelligent network card;

Wherein, the smart network card is used to execute the management method of flow table rules as described in any one of claims 1-11, and the VS is used to execute the flow table rules as described in any one of claims 12-22. management methods;

Alternatively, the smart network card is used to implement the traffic management method as claimed in any one of claims 23-30, and the VS is used to implement the traffic management method as claimed in claim 31.
A computer-readable storage medium, characterized in that at least one instruction is stored in the computer storage medium, and the at least one instruction is loaded and executed by a processor, so that the computer implements any one of claims 1-11 The management method of flow table rules described above, or the management method of flow table rules described in any one of claims 12-22, or the traffic management method described in any one of claims 23-30, Or, implement the traffic management method as claimed in claim 31.
A computer program product, characterized in that the computer program product includes a computer program, and the computer program is loaded and executed by a computer, so that the computer implements the flow table rule as described in any one of claims 1-11 The management method, or the management method of flow table rules as described in any one of claims 12-22, or the traffic management method as described in any one of claims 23-30, or the management method of the flow table rules as described in any one of claims 23-30, or the management method of The traffic management method described in claim 31.