CN104426768B - A kind of data message forwarding method and device - Google Patents
A kind of data message forwarding method and device Download PDFInfo
- Publication number
- CN104426768B CN104426768B CN201310400616.3A CN201310400616A CN104426768B CN 104426768 B CN104426768 B CN 104426768B CN 201310400616 A CN201310400616 A CN 201310400616A CN 104426768 B CN104426768 B CN 104426768B
- Authority
- CN
- China
- Prior art keywords
- flow
- flow entry
- flow table
- entry
- data packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/38—Flow based routing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明实施例公开了数据报文转发方法及装置,用于提高数据报文在进行流表匹配时的匹配效率。本发明实施例方法包括:获取数据报文的属性标识;根据所述属性标识在第一流表中查找第一流表项,所述第一流表项包括:动作集合,所述动作集合为一种数据报文的各个属性标识在多级流表中分别对应的指定操作;若所述第一流表项查找成功,则根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发。
The embodiment of the invention discloses a data message forwarding method and device, which are used to improve the matching efficiency of the data message when performing flow table matching. The method in the embodiment of the present invention includes: acquiring the attribute identifier of the data message; searching for the first flow entry in the first flow table according to the attribute identifier, the first flow entry includes: an action set, and the action set is a kind of data Each attribute identifier of the message corresponds to the specified operation in the multi-level flow table; if the first flow entry is found successfully, the datagram is processed according to the action set corresponding to the first flow entry matching the attribute identifier The text is forwarded.
Description
技术领域technical field
本发明涉及通信领域,尤其涉及一种数据报文转发方法及装置。The invention relates to the communication field, in particular to a data message forwarding method and device.
背景技术Background technique
OpenFlow和软件定义网络(SDN,Software Defined Network)允许对一个网络进行编程,好像这个网络就是一台计算机一样。它可将物理网络的抽象层直接提供给控制元件,允许通过软件设置和操作网络。这将为进一步的创新敞开大门。OpenFlow and Software Defined Networking (SDN, Software Defined Network) allow a network to be programmed as if it were a computer. It provides the abstraction layer of the physical network directly to the control element, allowing the network to be set up and operated through software. This will open the door for further innovation.
OpenFlow技术最早由斯坦福大学提出,旨在基于现有传输控制协议/因特网互联协议(TCP/IP,Transmission Control Protocol/Internet Protocol)技术条件,以创新的网络互联理念解决当前网络面对新业务产生的种种瓶颈,已被享有声望的《麻省理工科技评论》杂志评为十大未来技术。它的核心思想很简单,就是将原本完全由交换机/路由器控制的数据报文转发过程,转化为由OpenFlow交换机(OpenFlow交换机)和控制服务器(Controller)分别完成的独立过程。转变背后进行的实际上是控制权的更迭:传统网络中数据报文的流向是人为指定的,虽然交换机、路由器拥有控制权,却没有数据报文的概念,只进行数据报文级别的交换;而在OpenFlow网络中,统一的控制服务器取代路由,决定了所有数据报文在网络中传输路径。OpenFlow交换机会在本地维护一个与流表不同的流表(Flow Table),如果要转发的数据报文在流表中有对应项,则直接进行快速转发;若流表中没有此项,数据报文就会被发送到控制服务器进行传输路径的确认,再根据下发结果进行转发。The OpenFlow technology was first proposed by Stanford University, aiming to solve the current problems of the current network in the face of new services based on the technical conditions of the existing Transmission Control Protocol/Internet Protocol (TCP/IP, Transmission Control Protocol/Internet Protocol) with innovative network interconnection concepts. Various bottlenecks have been rated as one of the top ten future technologies by the prestigious "MIT Technology Review" magazine. Its core idea is very simple, which is to transform the data packet forwarding process that was originally completely controlled by the switch/router into an independent process completed by the OpenFlow switch (OpenFlow switch) and the control server (Controller). Behind the transformation is actually the change of control rights: the flow direction of data packets in traditional networks is artificially designated. Although switches and routers have control rights, they do not have the concept of data packets, and only exchange at the level of data packets; In the OpenFlow network, the unified control server replaces the router and determines the transmission path of all data packets in the network. The OpenFlow switch will maintain a flow table (Flow Table) that is different from the flow table locally. If the data packet to be forwarded has a corresponding item in the flow table, it will directly perform fast forwarding; if there is no item in the flow table, the data packet The text will be sent to the control server to confirm the transmission path, and then forwarded according to the sending result.
OpenFlow版本从OFP1.0发展到OFP1.2。主要扩展了多控制器、多流表、组表等几个重要特性。多流表的使得controller可以将不同的业务划分到不同的表来处理。同时多流表的特性也增加了硬件实现快速转发的难度,以及转发延时。主要原因是:1、多个流表间有先后顺序的要求;2、每个数据报文在标间流转的时候,匹配域会发生变化。(applyinstruction+set field、write metadata);3、以上关系导致多个表无法解耦然后并发查找。The OpenFlow version has evolved from OFP1.0 to OFP1.2. It mainly expands several important features such as multi-controller, multi-flow table, and group table. The multi-flow table allows the controller to divide different services into different tables for processing. At the same time, the feature of multiple flow tables also increases the difficulty of hardware to implement fast forwarding, as well as the forwarding delay. The main reasons are: 1. There is a sequence requirement among multiple flow tables; 2. When each data packet is transferred between standards, the matching field will change. (applyinstruction+set field, write metadata); 3. The above relationship makes it impossible for multiple tables to be decoupled and searched concurrently.
在主机中运行一个OpenFlow的交换机软件,支持和Controller之间的信息交互,流表管理。同时,数据面的部分数据查表转发功能下放到一个现场可编程门阵列(FPGA,Field-Programmable Gate Array)板卡中。利用到硬件的三态内容寻址存储器(TCAM,ternary content addressable memory)查找功能以及硬件的并发处理能力,有效的提高了系统的能力。该方案虽然将交换机流表的一个子集放在硬件板卡中工作。但是由于TCAM资源的限制,它支持的流表项数量有限。同时,直接使用方法来多流表的硬件加速需要的增加多个查表和执行引擎,成本比较高。Run an OpenFlow switch software on the host to support information exchange with the Controller and flow table management. At the same time, part of the data table lookup and forwarding function of the data plane is transferred to a field-programmable gate array (FPGA, Field-Programmable Gate Array) board. The capability of the system is effectively improved by utilizing the tri-state content addressable memory (TCAM, ternary content addressable memory) search function of the hardware and the concurrent processing capability of the hardware. Although this solution puts a subset of the flow table of the switch in the hardware board to work. However, due to the limitation of TCAM resources, the number of flow entries it supports is limited. At the same time, directly using the method to accelerate the hardware of multiple flow tables needs to add multiple lookup tables and execution engines, which is relatively expensive.
发明内容Contents of the invention
本发明实施例提供了一种数据报文转发方法及装置,用于提高数据报文在进行流表匹配时的匹配效率。The embodiment of the present invention provides a data message forwarding method and device, which are used to improve the matching efficiency of the data message when performing flow table matching.
本发明实施例第一方面提供的数据报文转发方法,包括:The data packet forwarding method provided in the first aspect of the embodiments of the present invention includes:
获取数据报文的属性标识;根据所述属性标识在第一流表中查找第一流表项,所述第一流表项包括:动作集合,所述动作集合为一种数据报文的各个属性标识在多级流表中对应的指定操作的集合;若所述第一流表项查找成功,则根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发。Obtain the attribute identification of the data message; search the first flow entry in the first flow table according to the attribute identification, the first flow entry includes: an action set, and the action set is that each attribute identification of a data message is in the A set of corresponding specified operations in the multi-level flow table; if the first flow entry is successfully searched, the data packet is forwarded according to the action set corresponding to the first flow entry matching the attribute identifier.
在第一方面的第一种可能的实现方式中,所述第一流表项还包括:精确匹配域;In a first possible implementation manner of the first aspect, the first flow entry further includes: an exact match domain;
所述根据属性标识在第一流表中查找第一流表项,包括:The searching for the first flow entry in the first flow table according to the attribute identification includes:
在第一流表中查找与所述数据报文的各个属性标识都匹配的精确匹配域,所述精确匹配域对应的第一流表项为所要查找的第一流表项。Find an exact matching field that matches each attribute identifier of the data packet in the first flow table, and the first flow entry corresponding to the exact matching field is the first flow entry to be searched.
在第一方面的第二种可能的实现方式中,所述根据属性标识在第一流表中查找第一流表项之后,包括:In a second possible implementation manner of the first aspect, after searching the first flow entry in the first flow table according to the attribute identifier, it includes:
若所述第一流表项查找失败,则根据所述属性标识依次在多级第二流表中查找第二流表项,依次根据各个所述第二流表项中的指定操作对所述数据报文进行转发,并根据查找到的各个所述第二流表项生成所述第一流表项,将所述第一流表项记录在所述第一流表中。If the lookup of the first flow entry fails, search for the second flow entry in the multi-level second flow table sequentially according to the attribute identifier, and sequentially perform operations on the data according to the specified operations in each of the second flow entries. The packet is forwarded, and the first flow entry is generated according to each of the found second flow entries, and the first flow entry is recorded in the first flow table.
结合第一方面的第二种可能实现方式,在第一方面的第三种可能的实现方式中,所述第二流表项包括:通配匹配域和指定操作;With reference to the second possible implementation of the first aspect, in a third possible implementation of the first aspect, the second flow entry includes: a wildcard matching domain and a specified operation;
所述根据查找到的各个第二流表项生成第一流表项,包括:The generating the first flow entry according to each found second flow entry includes:
在依次根据各个所述第二流表项中的指定操作对所述数据报文进行转发之后,记录执行过的所述指定操作,得到所述数据报文的动作集合;After sequentially forwarding the data packet according to the specified operations in each of the second flow entries, record the executed specified operations to obtain an action set of the data packet;
分析所述数据报文,获得所述数据报文的精确匹配域;Analyzing the data message to obtain the exact matching field of the data message;
根据所述数据报文的动作集合和所述精确匹配域生成所述数据报文对应的第一流表项。Generate a first flow entry corresponding to the data packet according to the action set of the data packet and the exact matching field.
结合第一方面的第二种可能实现方式,在第一方面的第四种可能的实现方式中,所述根据查找到的各个所述第二流表项生成所述第一流表项之后,包括:With reference to the second possible implementation of the first aspect, in a fourth possible implementation of the first aspect, after generating the first flow entry according to each of the found second flow entries, include :
当第二流表中的第二流表项被老化时,删除第一流表中与所述第二流表项相关联的第一流表项;When the second flow entry in the second flow table is aged, delete the first flow entry associated with the second flow entry in the first flow table;
或,or,
当第二流表中的第二流表项被修改时,删除第一流表中与所述第二流表项相关联的第一流表项;When the second flow entry in the second flow table is modified, delete the first flow entry associated with the second flow entry in the first flow table;
或,or,
当第二流表中的第二流表项被删除时,删除第一流表中与所述第二流表项相关联的第一流表项;When the second flow entry in the second flow table is deleted, delete the first flow entry associated with the second flow entry in the first flow table;
或,or,
当第二流表中添加新的第二流表项时,检测第一流表中与所述第二流表相关联的第一流表项的优先级是否比新增第二流表项低,若是,则删除第一流表中与所述第二流表相关联的第一流表项。When adding a new second flow entry in the second flow table, detecting whether the priority of the first flow entry associated with the second flow table in the first flow table is lower than that of the newly added second flow entry, if , then delete the first flow entry associated with the second flow table in the first flow table.
结合第一方面的第二种可能实现方式,在第一方面的第五种可能的实现方式中,所述根据查找到的各个所述第二流表项生成所述第一流表项之后,包括:With reference to the second possible implementation of the first aspect, in a fifth possible implementation of the first aspect, after generating the first flow entry according to each of the found second flow entries, include :
实时或定时向所述第二流表发送所述第一流表的流量统计消息,使得所述第二流表根据所述流量统计消息来记录所述数据报文的流量,并更新相应的第二流表项的空闲时间idle time。Sending the traffic statistics message of the first flow table to the second flow table in real time or regularly, so that the second flow table records the traffic of the data packet according to the traffic statistics message, and updates the corresponding second flow table The idle time of the flow entry.
本发明实施例第二方面提供的交换机,包括:The switch provided by the second aspect of the embodiment of the present invention includes:
数据获取单元,用于获取数据报文的属性标识;A data acquisition unit, configured to acquire the attribute identification of the data message;
匹配查找单元,用于根据所述属性标识在第一流表中查找第一流表项,所述第一流表项包括:动作集合,所述动作集合为一种数据报文的各个属性标识在多级流表中对应的指定操作的集合;A matching search unit, configured to search for a first flow entry in the first flow table according to the attribute identification, the first flow entry includes: an action set, the action set is a multi-level identification of each attribute of a data packet A set of corresponding specified operations in the flow table;
转发单元,用于若所述第一流表项查找成功,则根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发。A forwarding unit, configured to forward the data message according to the action set corresponding to the first flow entry matching the attribute identifier if the first flow entry is searched successfully.
在第二方面的第一种可能的实现方式中,所述匹配查找单元具体用于:In a first possible implementation manner of the second aspect, the matching search unit is specifically configured to:
在第一流表中查找与所述数据报文的各个属性标识都匹配的精确匹配域,所述精确匹配域对应的第一流表项为所要查找的第一流表项。Find an exact matching field that matches each attribute identifier of the data packet in the first flow table, and the first flow entry corresponding to the exact matching field is the first flow entry to be searched.
在第二方面的第二种可能的实现方式中,所述交换机还包括:In a second possible implementation manner of the second aspect, the switch further includes:
流表生成单元,用于若所述第一流表项查找失败,则在根据所述属性标识依次在多级第二流表中查找第二流表项,依次根据各个所述第二流表项中的指定操作对所述数据报文进行转发之后,根据查找到的各个所述第二流表项生成所述第一流表项,将所述第一流表项记录在所述第一流表中。A flow table generation unit, configured to search for second flow entries in the multi-level second flow table sequentially according to the attribute identification if the search for the first flow entry fails, and sequentially according to each of the second flow entries After the specified operation in the method forwards the data packet, the first flow entry is generated according to each of the found second flow entries, and the first flow entry is recorded in the first flow table.
结合第二方面的第二种可能实现方式,在第二方面的第三种可能的实现方式中,所述流表生成单元包括:With reference to the second possible implementation of the second aspect, in a third possible implementation of the second aspect, the flow table generation unit includes:
操作记录模块,用于在依次根据各个所述第二流表项中的指定操作对所述数据报文进行转发之后,记录执行过的所述指定操作,得到所述数据报文的动作集合;An operation recording module, configured to, after sequentially forwarding the data message according to the specified operation in each of the second flow entries, record the specified operation performed to obtain an action set of the data message;
报文分析模块,用于分析所述数据报文,获得所述数据报文的精确匹配域;A message analysis module, configured to analyze the data message to obtain an exact matching domain of the data message;
流表生成模块,用于根据所述数据报文的动作集合和所述精确匹配域生成所述数据报文对应的第一流表项。A flow table generating module, configured to generate a first flow entry corresponding to the data message according to the action set of the data message and the exact matching field.
结合第二方面的第二种可能实现方式,在第二方面的第四种可能的实现方式中,所述交换机还包括:With reference to the second possible implementation manner of the second aspect, in a fourth possible implementation manner of the second aspect, the switch further includes:
流表项删除单元,用于当第二流表中的第二流表项被老化时,删除第一流表中与所述第二流表项相关联的第一流表项;或,当第二流表中的第二流表项被修改时,删除第一流表中与所述第二流表项相关联的第一流表项;或,当第二流表中的第二流表项被删除时,删除第一流表中与所述第二流表项相关联的第一流表项;或,当第二流表中添加新的第二流表项时,检测第一流表中与所述第二流表相关联的第一流表项的优先级是否比新增第二流表项低,若是,则删除第一流表中与所述第二流表相关联的第一流表项。A flow entry deletion unit, configured to delete the first flow entry associated with the second flow entry in the first flow table when the second flow entry in the second flow table is aged; or, when the second When the second flow entry in the flow table is modified, delete the first flow entry associated with the second flow entry in the first flow table; or, when the second flow entry in the second flow table is deleted , deleting the first flow entry associated with the second flow entry in the first flow table; or, when adding a new second flow entry in the second flow table, detecting the first flow entry in the first flow table associated with the second flow entry Whether the priority of the first flow entry associated with the second flow table is lower than that of the newly added second flow entry, and if so, delete the first flow entry associated with the second flow table in the first flow table.
结合第二方面的第二种可能实现方式,在第二方面的第五种可能的实现方式中,所述交换机还包括:同步单元,用于实时或定时向所述第二流表发送所述第一流表的流量统计消息,使得所述第二流表根据所述流量统计消息来记录所述数据报文的流量,并更新相应的第二流表项的空闲时间idle time。With reference to the second possible implementation of the second aspect, in a fifth possible implementation of the second aspect, the switch further includes: a synchronization unit, configured to send the The traffic statistics message of the first flow table enables the second flow table to record the traffic of the data packet according to the traffic statistics message, and update the idle time of the corresponding second flow entry.
从以上技术方案可以看出,本发明实施例具有以下优点:It can be seen from the above technical solutions that the embodiments of the present invention have the following advantages:
在本发明实施例中,将一种数据报文的各个属性标识在多级流表中分别对应的指定操作组合成动作集合,并在第一流表中存储各种数据报文对应的动作集合,在进行流表匹配的过程中,优先在第一流表中查找流表项,若所述第一流表项查找成功,则根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发,使得数据报文的流表匹配查找过程可以一次性完成,无需逐级地对各个流表进行匹配,提高了数据报文转发的效率。In the embodiment of the present invention, the specified operations corresponding to each attribute identifier of a data message in the multi-level flow table are combined into an action set, and the action sets corresponding to various data messages are stored in the first flow table, In the process of flow table matching, the first flow table is preferentially searched for a flow entry, and if the first flow entry is found successfully, the action set corresponding to the first flow entry matched with the attribute identifier is executed The data message is forwarded, so that the flow table matching search process of the data message can be completed at one time, without matching each flow table level by level, and the efficiency of data message forwarding is improved.
附图说明Description of drawings
图1是本发明实施例数据报文转发方法的一个流程示意图;FIG. 1 is a schematic flow diagram of a data packet forwarding method according to an embodiment of the present invention;
图2是本发明实施例数据报文转发方法的另一个流程示意图;FIG. 2 is another schematic flowchart of a data packet forwarding method according to an embodiment of the present invention;
图3是本发明实施例数据报文转发方法的另一个流程示意图;FIG. 3 is another schematic flowchart of a data packet forwarding method according to an embodiment of the present invention;
图4是本发明实施例交换机的逻辑结构示意图;FIG. 4 is a schematic diagram of a logical structure of a switch according to an embodiment of the present invention;
图5为本发明实施例中计算机设备的一结构示意图。FIG. 5 is a schematic structural diagram of a computer device in an embodiment of the present invention.
具体实施方式Detailed ways
本发明实施例提供了一种数据报文转发方法及装置,用于提高数据报文在进行流表匹配时的匹配效率。The embodiment of the present invention provides a data message forwarding method and device, which are used to improve the matching efficiency of the data message when performing flow table matching.
请参阅图1,本发明实施例中数据报文转发方法的一个实施例包括:Referring to Fig. 1, an embodiment of the data packet forwarding method in the embodiment of the present invention includes:
101、获取数据报文的属性标识;101. Obtain the attribute identifier of the data message;
交换机获取数据报文的属性标识;所述属性标识具体可以包括:源MAC地址、目的MAC地址,以太网类型,源IP地址和目的IP地址等。The switch obtains the attribute identifier of the data message; the attribute identifier may specifically include: source MAC address, destination MAC address, Ethernet type, source IP address, destination IP address, and the like.
102、根据所述属性标识在第一流表中查找第一流表项;102. Search for a first flow entry in the first flow table according to the attribute identifier;
交换机根据所述属性标识在第一流表中查找第一流表项,所述第一流表项包括:动作集合,所述动作集合为一种数据报文的各个属性标识在多级流表中分别对应的指定操作;若所述第一流表项查找成功,则执行步骤103。The switch searches for the first flow entry in the first flow table according to the attribute identifier, and the first flow entry includes: an action set, and the action set is that each attribute identifier of a data packet corresponds to each in the multi-level flow table The specified operation; if the first flow entry is found successfully, step 103 is executed.
在实际应用中,所述指定操作可以为:从一个端口转发数据,或修改特定的字段(如:目的IP地址)等。In practical applications, the specified operation may be: forwarding data from a port, or modifying a specific field (such as: destination IP address), etc.
在现有的多级流表匹配的过程中,每成功查到一个流表项,交换机就会对数据报文执行该流表项对应的指定操作;在实际应用中,一个数据报文进入了交换机之后,无论该数据报文在交换机中查了几次表,进行了什么变化,同一个流每次执行结果都是一样的;因此,在本发明实施例中,将一种数据报文的各个属性标识在多级流表中分别对应的指定操作组合成动作集合,并在第一流表中存储各种数据报文对应的动作集合,在进行流表匹配的过程中,优先在第一流表中查找流表项。In the existing multi-level flow table matching process, each time a flow table entry is successfully found, the switch will perform the specified operation corresponding to the flow table entry on the data packet; in practical applications, a data packet enters the After the switch, no matter how many times the data message has been checked in the switch and what changes have been made, the execution result of the same flow is the same every time; therefore, in the embodiment of the present invention, the The specified operations corresponding to each attribute identifier in the multi-level flow table are combined into an action set, and the action sets corresponding to various data packets are stored in the first flow table. During the flow table matching process, priority is given to the first flow table Find flow entries in .
103、根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发。103. Forward the data packet according to the action set corresponding to the first flow entry matching the attribute identifier.
当在第一流表中查找到与所述数据报文对应的第一流表项时,交换机根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发。When the first flow entry corresponding to the data packet is found in the first flow table, the switch forwards the data packet according to an action set corresponding to the first flow entry matching the attribute identifier.
在本发明实施例中,将一种数据报文的各个属性标识在多级流表中分别对应的指定操作组合成动作集合,并在第一流表中存储各种数据报文对应的动作集合,在进行流表匹配的过程中,优先在第一流表中查找流表项,若所述第一流表项查找成功,则根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发,使得数据报文的流表匹配查找过程可以一次性完成,无需逐级地对各个流表进行匹配,提高了数据报文转发的效率。In the embodiment of the present invention, the specified operations corresponding to each attribute identifier of a data message in the multi-level flow table are combined into an action set, and the action sets corresponding to various data messages are stored in the first flow table, In the process of flow table matching, the first flow table is preferentially searched for a flow entry, and if the first flow entry is found successfully, the action set corresponding to the first flow entry matched with the attribute identifier is executed The data message is forwarded, so that the flow table matching search process of the data message can be completed at one time, without matching each flow table level by level, and the efficiency of data message forwarding is improved.
在实际应用中,可能存在未被交换机识别的数据报文,这类数据报文在交换机中没有存储有相应的动作集合,本发明实施例提出了相应的解决方案,具体请参阅图2,本发明实施例中数据报文转发方法的另一个实施例包括:In practical applications, there may be data packets that are not recognized by the switch. Such data packets do not have corresponding action sets stored in the switch. The embodiment of the present invention proposes a corresponding solution. Please refer to Figure 2 for details. Another embodiment of the data packet forwarding method in the embodiment of the invention includes:
201、获取数据报文的属性标识;201. Obtain the attribute identifier of the data message;
交换机获取数据报文的属性标识;所述属性标识具体可以包括:源MAC地址、目的MAC地址,以太网类型,源IP地址和目的IP地址等。The switch obtains the attribute identifier of the data message; the attribute identifier may specifically include: source MAC address, destination MAC address, Ethernet type, source IP address, destination IP address, and the like.
202、根据所述属性标识在第一流表中查找第一流表项;202. Search for a first flow entry in the first flow table according to the attribute identifier;
交换机根据所述属性标识在第一流表中查找第一流表项,所述第一流表项包括:动作集合,所述动作集合为一种数据报文的各个属性标识在多级流表中分别对应的指定操作。The switch searches for the first flow entry in the first flow table according to the attribute identifier, and the first flow entry includes: an action set, and the action set is that each attribute identifier of a data packet corresponds to each in the multi-level flow table specified operation.
若所述第一流表项查找成功,则执行步骤203;If the search for the first flow entry is successful, execute step 203;
若所述第一流表项查找失败,则执行步骤204。If the lookup of the first flow entry fails, step 204 is performed.
在实际应用中,第一流表项中包含有精确匹配域,该精确匹配域由多个通配匹配域组合而成,该多个通配匹配域分别对应一种数据报文的各个属性标识。示例性的,第一流表项的查找过程具体可以为:在第一流表中查找与所述数据报文的各个属性标识都匹配的精确匹配域,所述精确匹配域对应的第一流表项为所要查找的第一流表项。In practical applications, the first flow entry includes an exact match field, and the exact match field is composed of multiple wildcard match fields, and the multiple wildcard match fields respectively correspond to attribute identifiers of a type of data packet. Exemplarily, the search process of the first flow entry may specifically be: searching the first flow table for an exact matching field that matches each attribute identifier of the data packet, and the first flow entry corresponding to the exact matching field is The first flow entry to look up.
203、根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发;203. Forward the data packet according to an action set corresponding to the first flow entry matching the attribute identifier;
当在第一流表中查找到与所述数据报文对应的第一流表项时,交换机根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发。When the first flow entry corresponding to the data packet is found in the first flow table, the switch forwards the data packet according to an action set corresponding to the first flow entry matching the attribute identifier.
204、根据所述属性标识依次在多级第二流表中查找第二流表项;204. Search for the second flow entry in the multi-level second flow table sequentially according to the attribute identifier;
当第一流表中查找不到与该数据报文对应的第一流表项时,交换机根据所述属性标识依次在多级第二流表中查找第二流表项,依次根据各个所述第二流表项中的指定操作对所述数据报文进行转发,并执行步骤205。When the first flow table entry corresponding to the data packet cannot be found in the first flow table, the switch sequentially searches the second flow table item in the multi-level second flow table according to the attribute identifier, and sequentially according to each of the second flow table entries The specified operation in the flow entry forwards the data packet, and step 205 is executed.
所述第二流表项包括:通配匹配域,及该通配匹配域对应的指定操作。The second flow entry includes: a wildcard matching field, and a specified operation corresponding to the wildcard matching field.
205、根据查找到的各个所述第二流表项生成所述第一流表项。205. Generate the first flow entry according to each of the found second flow entries.
在交换机根据各个所述第二流表项中的指定操作对所述数据报文进行转发操作的同时,交换机根据查找到的各个所述第二流表项生成所述第一流表项,并将所述第一流表项记录在所述第一流表中。在所述数据报文对应的第一流表项生成之后,交换机下一次再接收到同一类的数据报文时,可以直接在第一流表中完成查找流表项和转发的流程。When the switch forwards the data packet according to the specified operation in each of the second flow entries, the switch generates the first flow entry according to each of the found second flow entries, and sends The first flow entry is recorded in the first flow table. After the first flow entry corresponding to the data packet is generated, when the switch receives the same type of data packet next time, it can directly complete the process of searching the flow entry and forwarding in the first flow table.
示例性的,第一流表项的生成过程具体可以为:在查找到目标的第二流表项之后,记录所述第二流表项对应的通配匹配域和指定操作;将各个所述第二流表项对应的通配匹配域合并为精确匹配域,将各个所述第二流表项对应的指定操作合并为动作集合,生成所述数据报文对应的第一流表项。Exemplarily, the generation process of the first flow entry may specifically be: after the second flow entry of the target is found, record the wildcard matching domain and the specified operation corresponding to the second flow entry; The wildcard matching fields corresponding to the second flow entries are merged into an exact matching field, and the specified operations corresponding to each of the second flow entries are combined into an action set to generate the first flow entry corresponding to the data packet.
可以理解的是,在本发明实施例中的第一流程是相对于第二流程而言的,即相对于第二流程而言的,第一流程为快速转发表(即数据报文转发的速度比第二流表快);即相对于第一流程而言的,第二流程为慢速转发表。而第一流表项则为第一流程对应的流表项,第二流表项为第二流程对应的流表项。It can be understood that the first process in the embodiment of the present invention is relative to the second process, that is, relative to the second process, the first process is a fast forwarding table (that is, the speed at which data packets are forwarded) faster than the second flow table); that is, relative to the first flow, the second flow is a slow forwarding table. The first flow entry is a flow entry corresponding to the first flow, and the second flow entry is a flow entry corresponding to the second flow.
在本发明实施例中,经过一次查找的数据报文,后续可以用第一流表的查找来代替多级第二流表的查找,提高了数据报文转发的效率。In the embodiment of the present invention, after a data message has been searched once, the search of the first flow table can be used to replace the search of the multi-level second flow table, which improves the efficiency of data message forwarding.
为了便于理解,下面对本发明实施例中的数据报文转发方法进行详细的描述,请参阅图3,本发明实施例中数据报文转发方法的另一个实施例包括:For ease of understanding, the data packet forwarding method in the embodiment of the present invention is described in detail below, please refer to FIG. 3, another embodiment of the data packet forwarding method in the embodiment of the present invention includes:
301、获取数据报文的属性标识;301. Obtain the attribute identifier of the data message;
交换机获取数据报文的属性标识;所述属性标识具体可以包括:源MAC地址、目的MAC地址,以太网类型,源IP地址和目的IP地址等。The switch obtains the attribute identifier of the data message; the attribute identifier may specifically include: source MAC address, destination MAC address, Ethernet type, source IP address, destination IP address, and the like.
在本发明实施例中,将交换机中的流表划分为第一流表和第二流表,其中,交换机的慢转发面(第二流表对应的转发面)实现OpenFlow的流表结构,与Controller之间的交互,以及流表的管理。In the embodiment of the present invention, the flow table in the switch is divided into a first flow table and a second flow table, wherein, the slow forwarding surface of the switch (the forwarding surface corresponding to the second flow table) realizes the flow table structure of OpenFlow, and the Controller The interaction between and the management of the flow table.
302、根据所述属性标识在第一流表中查找第一流表项;302. Search for a first flow entry in the first flow table according to the attribute identifier;
交换机根据所述属性标识在第一流表中查找第一流表项,所述第一流表项包括:动作集合,所述动作集合为一种数据报文的各个属性标识在多级流表中分别对应的指定操作。在实际应用中,所述指定操作可以为:从一个端口转发数据,或修改特定的字段(如:目的IP地址)等。The switch searches for the first flow entry in the first flow table according to the attribute identifier, and the first flow entry includes: an action set, and the action set is that each attribute identifier of a data packet corresponds to each in the multi-level flow table specified operation. In practical applications, the specified operation may be: forwarding data from a port, or modifying a specific field (such as: destination IP address), etc.
若所述第一流表项查找成功,则执行步骤303;If the search for the first flow entry is successful, execute step 303;
若所述第一流表项查找失败,则执行步骤304。If the lookup of the first flow entry fails, step 304 is performed.
在实际应用中,第一流表项中包含有精确匹配域,该精确匹配域由多个通配匹配域组合而成,该多个通配匹配域分别对应一种数据报文的各个属性标识。示例性的,第一流表项的查找过程具体可以为:在第一流表中查找与所述数据报文的各个属性标识都匹配的精确匹配域,所述精确匹配域对应的第一流表项为所要查找的第一流表项。In practical applications, the first flow entry includes an exact match field, and the exact match field is composed of multiple wildcard match fields, and the multiple wildcard match fields respectively correspond to attribute identifiers of a type of data packet. Exemplarily, the search process of the first flow entry may specifically be: searching the first flow table for an exact matching field that matches each attribute identifier of the data packet, and the first flow entry corresponding to the exact matching field is The first flow entry to look up.
303、根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发;303. Forward the data packet according to an action set corresponding to the first flow entry matching the attribute identifier;
当在第一流表中查找到与所述数据报文对应的第一流表项时,交换机根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发。When the first flow entry corresponding to the data packet is found in the first flow table, the switch forwards the data packet according to an action set corresponding to the first flow entry matching the attribute identifier.
304、根据所述属性标识依次在多级第二流表中查找第二流表项;304. Search for the second flow entry in the multi-level second flow table sequentially according to the attribute identifier;
当第一流表中查找不到与该数据报文对应的第一流表项时,交换机根据所述属性标识依次在多级第二流表中查找第二流表项,依次根据各个所述第二流表项中的指定操作对所述数据报文进行转发,并执行步骤205。When the first flow table entry corresponding to the data packet cannot be found in the first flow table, the switch sequentially searches the second flow table item in the multi-level second flow table according to the attribute identifier, and sequentially according to each of the second flow table entries The specified operation in the flow entry forwards the data packet, and step 205 is executed.
所述第二流表项包括:通配匹配域,及该通配匹配域对应的指定操作。The second flow entry includes: a wildcard matching field, and a specified operation corresponding to the wildcard matching field.
305、根据查找到的各个所述第二流表项生成所述第一流表项;305. Generate the first flow entry according to each of the found second flow entries;
在交换机根据各个所述第二流表项中的指定操作对所述数据报文进行转发操作的同时,交换机根据查找到的各个所述第二流表项生成所述第一流表项,并将所述第一流表项记录在所述第一流表中。在所述数据报文对应的第一流表项生成之后,交换机下一次再接收到同一类的数据报文时,可以直接在第一流表中完成查找流表项和转发的流程。When the switch forwards the data packet according to the specified operation in each of the second flow entries, the switch generates the first flow entry according to each of the found second flow entries, and sends The first flow entry is recorded in the first flow table. After the first flow entry corresponding to the data packet is generated, when the switch receives the same type of data packet next time, it can directly complete the process of searching the flow entry and forwarding in the first flow table.
示例性的,当数据报文进入慢转发面后,在做第一次转发的过程中,慢转发平面记录下交换机对数据报文做的动作。将这些动作转换为动作集合(action list group),action list group随着精确匹配域一同下载到快速转发平面(第一流表对应的转发平面)。Exemplarily, after the data message enters the slow forwarding plane, during the first forwarding process, the slow forwarding plane records the actions performed by the switch on the data message. These actions are converted into an action set (action list group), and the action list group is downloaded to the fast forwarding plane (the forwarding plane corresponding to the first flow table) together with the exact match field.
由于控制器只能获知慢转发面的信息,对快速转发平面是不知情的,所以要将快速转发平面和慢转发平面的两种表关联起来。具体的,每条第一流表中的第一流表项和面表中的N条第二流表项关联(N是第二流表的数量),第一流表中第一流表项不主动老化,当第二流表中的第二流表项被老化时,同时删除关联第二流表项的第一流表项。第二流表中的同一个第二流表项可以被多个第一流表中的第一流表项引用,所以在每条慢转发平面的第二流表项中建立一个被引用的链表结构。第一流表中的第一流表项最多引用N个第二流表的第二流表项,所述在满表中表示N个引用标记。在实际应用中,每条流表都有生命周期,在一段时间内没有起作用,或者强制多少时间后不起作用;所述老化指的是,减少交换机中的没用流表长期占用空间,可以认为是垃圾清理。Since the controller can only know the information of the slow forwarding plane but not the fast forwarding plane, it is necessary to associate the two tables of the fast forwarding plane and the slow forwarding plane. Specifically, the first flow entry in each first flow table is associated with N second flow entries in the surface table (N is the number of the second flow table), and the first flow entry in the first flow table is not actively aged. When the second flow entry in the second flow table is aged out, the first flow entry associated with the second flow entry is deleted at the same time. The same second flow entry in the second flow table may be referenced by multiple first flow entries in the first flow table, so a referenced link list structure is established in the second flow entry of each slow forwarding plane. The first flow entry in the first flow table references at most N second flow entries in the second flow table, and the full table represents N reference marks. In practical applications, each flow table has a life cycle, and it does not work for a period of time, or it does not work after a certain amount of time; the aging refers to reducing the long-term occupied space of useless flow tables in the switch, Think of it as garbage removal.
306、实时或定时向所述第二流表发送所述第一流表的流量统计消息;306. Send the traffic statistics message of the first flow table to the second flow table in real time or periodically;
交换机实时或定时向所述第二流表发送所述第一流表的流量统计消息,使得所述第二流表根据所述流量统计消息来记录所述数据报文的流量,并更新相应的第二流表项的idle time。The switch sends the traffic statistics message of the first flow table to the second flow table in real time or regularly, so that the second flow table records the traffic of the data packet according to the traffic statistics message, and updates the corresponding first flow table The idle time of the second-stream entry.
在实际应用中,由于数据报文直接经过第一流表而不经过第二流表,第二流表无法获知数据报文的流量;因此,交换机会实时或定时向所述第二流表发送所述第一流表的流量统计消息,使得所述第二流表根据所述流量统计消息来记录所述数据报文的流量,而发送之后第一流表可以将本地流量统计清零。In practical applications, since the data packets directly pass through the first flow table without passing through the second flow table, the second flow table cannot know the traffic of the data packets; The traffic statistics message of the first flow table, so that the second flow table records the traffic of the data packet according to the traffic statistics message, and the first flow table can clear the local traffic statistics after sending.
在实际应用中,由于数据报文直接经过第一流表而不经过第二流表,导致第二流表中的idle time老化;因此,交换机会实时或定时向所述第二流表发送所述第一流表的流量统计消息,使得所述第二流表根据所述流量统计消息来更新相应的第二流表项的idletime。In practical applications, since data packets directly pass through the first flow table without passing through the second flow table, the idle time in the second flow table is aged; therefore, the switch will send the second flow table to the second flow table in real time or at regular intervals. The traffic statistics message of the first flow table enables the second flow table to update the idle time of the corresponding second flow entry according to the traffic statistics message.
307、对所述第一流表和所述第二流表的操作管理。307. Operate and manage the first flow table and the second flow table.
当第二流表中的第二流表项被老化时,删除第一流表中与所述第二流表项相关联的第一流表项;When the second flow entry in the second flow table is aged, delete the first flow entry associated with the second flow entry in the first flow table;
或,or,
当第二流表中的第二流表项被修改时,删除第一流表中与所述第二流表项相关联的第一流表项;When the second flow entry in the second flow table is modified, delete the first flow entry associated with the second flow entry in the first flow table;
或,or,
当第二流表中的第二流表项被删除时,删除第一流表中与所述第二流表项相关联的第一流表项;When the second flow entry in the second flow table is deleted, delete the first flow entry associated with the second flow entry in the first flow table;
或,or,
当第二流表中添加新的第二流表项时,由于新添加第二流表项可能导致流规则的改变,因此,交换机会检测第一流表中与所述第二流表相关联的第一流表项的优先级是否比新增第二流表项低,若是,则删除第一流表中与所述第二流表相关联的第一流表项。When a new second flow entry is added to the second flow table, since the newly added second flow entry may cause a change in the flow rule, the switch will detect the flow associated with the second flow table in the first flow table Whether the priority of the first flow entry is lower than that of the newly added second flow entry, and if so, delete the first flow entry associated with the second flow table in the first flow table.
上面仅以一些例子对本发明实施例中的应用场景进行了说明,可以理解的是,在实际应用中,还可以有更多的应用场景,具体此处不作限定。The application scenarios in the embodiments of the present invention are described above using only some examples, and it can be understood that in actual applications, there may be more application scenarios, which are not specifically limited here.
下面对用于执行上述数据报文转发方法的本发明交换机的实施例进行说明,其逻辑结构请参考图4,本发明实施例中的交换机一个实施例包括:An embodiment of the switch of the present invention for performing the above-mentioned data message forwarding method is described below. Please refer to FIG. 4 for its logical structure. An embodiment of the switch in the embodiment of the present invention includes:
数据获取单元401,用于获取数据报文的属性标识;A data acquisition unit 401, configured to acquire an attribute identifier of a data message;
匹配查找单元402,用于根据所述属性标识在第一流表中查找第一流表项,所述第一流表项包括:动作集合,所述动作集合为一种数据报文的各个属性标识在多级流表中分别对应的指定操作;A matching search unit 402, configured to search for a first flow entry in the first flow table according to the attribute identifier, the first flow entry includes: an action set, the action set is that each attribute identifier of a data packet is in multiple The corresponding specified operations in the level flow table;
转发单元403,用于若所述第一流表项查找成功,则根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发。The forwarding unit 403 is configured to forward the data packet according to the action set corresponding to the first flow entry matching the attribute identifier if the first flow entry is searched successfully.
进一步的,本发明实施例中,所述匹配查找单元402具体用于在第一流表中查找与所述数据报文的各个属性标识都匹配的精确匹配域,所述精确匹配域对应的第一流表项为所要查找的第一流表项。Further, in the embodiment of the present invention, the matching search unit 402 is specifically configured to search the first flow table for an exact matching field that matches each attribute identifier of the data packet, and the first flow corresponding to the exact matching field The entry is the first flow entry to be searched.
进一步的,本发明实施例中,所述交换机还包括:Further, in the embodiment of the present invention, the switch further includes:
流表生成单元404,用于若所述第一流表项查找失败,则在根据所述属性标识依次在多级第二流表中查找第二流表项,依次根据各个所述第二流表项中的指定操作对所述数据报文进行转发之后,根据查找到的各个所述第二流表项生成所述第一流表项,将所述第一流表项记录在所述第一流表中。The flow table generation unit 404 is configured to search for the second flow table item in the multi-level second flow table sequentially according to the attribute identification if the search of the first flow table item fails, and sequentially according to each of the second flow table items After the specified operation in the item forwards the data packet, generate the first flow entry according to each of the found second flow entries, and record the first flow entry in the first flow table .
进一步的,本发明实施例中,所述流表生成单元404包括:Further, in the embodiment of the present invention, the flow table generation unit 404 includes:
操作记录模块4041,用于在依次根据各个所述第二流表项中的指定操作对所述数据报文进行转发之后,记录执行过的所述指定操作,得到所述数据报文的动作集合;An operation recording module 4041, configured to record the specified operations performed after sequentially forwarding the data packets according to the specified operations in each of the second flow entries, and obtain an action set of the data packets ;
报文分析模块4042,用于分析所述数据报文,获得所述数据报文的精确匹配域;A message analysis module 4042, configured to analyze the data message to obtain the exact matching field of the data message;
流表生成模块4043,用于根据所述数据报文的动作集合和所述精确匹配域生成所述数据报文对应的第一流表项。A flow table generation module 4043, configured to generate a first flow entry corresponding to the data packet according to the action set of the data packet and the exact matching field.
进一步的,本发明实施例中,所述交换机还包括:Further, in the embodiment of the present invention, the switch further includes:
流表项删除单元405,用于当第二流表中的第二流表项被老化时,删除第一流表中与所述第二流表项相关联的第一流表项;或,当第二流表中的第二流表项被修改时,删除第一流表中与所述第二流表项相关联的第一流表项;或,当第二流表中的第二流表项被删除时,删除第一流表中与所述第二流表项相关联的第一流表项;或,当第二流表中添加新的第二流表项时,检测第一流表中与所述第二流表相关联的第一流表项的优先级是否比新增第二流表项低,若是,则删除第一流表中与所述第二流表相关联的第一流表项。The flow entry deletion unit 405 is configured to delete the first flow entry associated with the second flow entry in the first flow table when the second flow entry in the second flow table is aged; or, when the second flow entry is aged When the second flow entry in the second flow table is modified, delete the first flow entry associated with the second flow entry in the first flow table; or, when the second flow entry in the second flow table is modified When deleting, delete the first flow entry associated with the second flow entry in the first flow table; or, when adding a new second flow entry in the second flow table, detect the connection between the first flow table and the second flow entry Whether the priority of the first flow entry associated with the second flow table is lower than that of the newly added second flow entry, and if so, delete the first flow entry associated with the second flow table in the first flow table.
进一步的,本发明实施例中,所述交换机还包括:Further, in the embodiment of the present invention, the switch further includes:
同步单元406,用于实时或定时向所述第二流表发送所述第一流表的流量统计消息,使得所述第二流表根据所述流量统计消息来记录所述数据报文的流量,并更新相应的第二流表项的空闲时间idle time。a synchronizing unit 406, configured to send the traffic statistics message of the first flow table to the second flow table in real time or periodically, so that the second flow table records the traffic of the data packet according to the traffic statistics message, And update the idle time of the corresponding second flow entry.
下面对上述各个单元模块的交互进行详细的描述:The following is a detailed description of the interaction of the above-mentioned unit modules:
数据获取单元401获取数据报文的属性标识;所述属性标识具体可以包括:源MAC地址、目的MAC地址,以太网类型,源IP地址和目的IP地址等。The data acquiring unit 401 acquires the attribute identifier of the data message; the attribute identifier may specifically include: source MAC address, destination MAC address, Ethernet type, source IP address, destination IP address, and the like.
匹配查找单元402根据所述属性标识在第一流表中查找第一流表项,所述第一流表项包括:动作集合,所述动作集合为一种数据报文的各个属性标识在多级流表中分别对应的指定操作;若所述第一流表项查找成功,则执行转发单元403。若所述第一流表项查找失败,则执行流表生成单元404。The matching search unit 402 searches for a first flow entry in the first flow table according to the attribute identification, the first flow entry includes: an action set, and the action set is each attribute identification of a data packet in the multi-level flow table specified operations respectively corresponding to the above; if the first flow entry is searched successfully, the forwarding unit 403 is executed. If the lookup of the first flow entry fails, the flow table generation unit 404 is executed.
在实际应用中,所述指定操作可以为:从一个端口转发数据,或修改特定的字段(如:目的IP地址)等。In practical applications, the specified operation may be: forwarding data from a port, or modifying a specific field (such as: destination IP address), etc.
在实际应用中,第一流表项中包含有精确匹配域,该精确匹配域由多个通配匹配域组合而成,该多个通配匹配域分别对应一种数据报文的各个属性标识。示例性的,第一流表项的查找过程具体可以为:在第一流表中查找与所述数据报文的各个属性标识都匹配的精确匹配域,所述精确匹配域对应的第一流表项为所要查找的第一流表项。In practical applications, the first flow entry includes an exact match field, and the exact match field is composed of multiple wildcard match fields, and the multiple wildcard match fields respectively correspond to attribute identifiers of a type of data packet. Exemplarily, the search process of the first flow entry may specifically be: searching the first flow table for an exact matching field that matches each attribute identifier of the data packet, and the first flow entry corresponding to the exact matching field is The first flow entry to look up.
在现有的多级流表匹配的过程中,每成功查到一个流表项,交换机就会对数据报文执行该流表项对应的指定操作;在实际应用中,一个数据报文进入了交换机之后,无论该数据报文在交换机中查了几次表,进行了什么变化,同一个流每次执行结果都是一样的;因此,在本发明实施例中,将一种数据报文的各个属性标识在多级流表中分别对应的指定操作组合成动作集合,并在第一流表中存储各种数据报文对应的动作集合,在进行流表匹配的过程中,优先在第一流表中查找流表项。In the existing multi-level flow table matching process, each time a flow table entry is successfully found, the switch will perform the specified operation corresponding to the flow table entry on the data packet; in practical applications, a data packet enters the After the switch, no matter how many times the data message has been checked in the switch and what changes have been made, the execution result of the same flow is the same every time; therefore, in the embodiment of the present invention, the The specified operations corresponding to each attribute identifier in the multi-level flow table are combined into an action set, and the action sets corresponding to various data packets are stored in the first flow table. During the flow table matching process, priority is given to the first flow table Find flow entries in .
当在第一流表中查找到与所述数据报文对应的第一流表项时,转发单元403根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发。When the first flow entry corresponding to the data packet is found in the first flow table, the forwarding unit 403 forwards the data packet according to an action set corresponding to the first flow entry matching the attribute identifier.
当第一流表中查找不到与该数据报文对应的第一流表项时,流表生成单元404根据所述属性标识依次在多级第二流表中查找第二流表项,依次根据各个所述第二流表项中的指定操作对所述数据报文进行转发,并根据各个所述第二流表项中的指定操作对所述数据报文进行转发操作的同时,交换机根据查找到的各个所述第二流表项生成所述第一流表项,并将所述第一流表项记录在所述第一流表中。在所述数据报文对应的第一流表项生成之后,交换机下一次再接收到同一类的数据报文时,可以直接在第一流表中完成查找流表项和转发的流程。When the first flow entry corresponding to the data message cannot be found in the first flow table, the flow table generating unit 404 sequentially searches for the second flow entry in the multi-level second flow table according to the attribute identifier, and sequentially according to each The specified operation in the second flow table entry forwards the data message, and while performing the forwarding operation on the data message according to the specified operation in each of the second flow table items, the switch according to the found Each of the second flow entries generates the first flow entry, and records the first flow entry in the first flow table. After the first flow entry corresponding to the data packet is generated, when the switch receives the same type of data packet next time, it can directly complete the process of searching the flow entry and forwarding in the first flow table.
示例性的,第一流表项的生成过程具体可以为:在查找到目标的第二流表项之后,记录所述第二流表项对应的通配匹配域和指定操作;将各个所述第二流表项对应的通配匹配域合并为精确匹配域,将各个所述第二流表项对应的指定操作合并为动作集合,生成所述数据报文对应的第一流表项。Exemplarily, the generation process of the first flow entry may specifically be: after the second flow entry of the target is found, record the wildcard matching domain and the specified operation corresponding to the second flow entry; The wildcard matching fields corresponding to the second flow entries are merged into an exact matching field, and the specified operations corresponding to each of the second flow entries are combined into an action set to generate the first flow entry corresponding to the data packet.
可以理解的是,在本发明实施例中的第一流程是相对于第二流程而言的,即相对于第二流程而言的,第一流程为快速转发表(即数据报文转发的速度比第二流表快);即相对于第一流程而言的,第二流程为慢速转发表。而第一流表项则为第一流程对应的流表项,第二流表项为第二流程对应的流表项。It can be understood that the first process in the embodiment of the present invention is relative to the second process, that is, relative to the second process, the first process is a fast forwarding table (that is, the speed at which data packets are forwarded) faster than the second flow table); that is, relative to the first flow, the second flow is a slow forwarding table. The first flow entry is a flow entry corresponding to the first flow, and the second flow entry is a flow entry corresponding to the second flow.
在本发明实施例中,经过一次查找的数据报文,后续可以用第一流表的查找来代替多级第二流表的查找,提高了数据报文转发的效率。In the embodiment of the present invention, after a data message has been searched once, the search of the first flow table can be used to replace the search of the multi-level second flow table, which improves the efficiency of data message forwarding.
进一步的,流表生成的过程可以由操作记录模块4041在依次根据各个所述第二流表项中的指定操作对所述数据报文进行转发之后,记录执行过的所述指定操作,得到所述数据报文的动作集合;再由报文分析模块4042分析所述数据报文,获得所述数据报文的精确匹配域;最后,由流表生成模块4043根据所述数据报文的动作集合和所述精确匹配域生成所述数据报文对应的第一流表项。Further, in the process of generating the flow table, the operation recording module 4041 may record the specified operations performed after sequentially forwarding the data packets according to the specified operations in each of the second flow entries, and obtain the The action set of the data message; then analyze the data message by the message analysis module 4042 to obtain the exact matching domain of the data message; finally, the flow table generation module 4043 according to the action set of the data message Generate a first flow entry corresponding to the data packet with the exact match field.
示例性的,当数据报文进入慢转发面后,在做第一次转发的过程中,慢转发平面记录下交换机对数据报文做的动作。将这些动作转换为动作集合(action list group),action list group随着精确匹配域一同下载到快速转发平面(第一流表对应的转发平面)。Exemplarily, after the data message enters the slow forwarding plane, during the first forwarding process, the slow forwarding plane records the actions performed by the switch on the data message. These actions are converted into an action set (action list group), and the action list group is downloaded to the fast forwarding plane (the forwarding plane corresponding to the first flow table) together with the exact match field.
由于控制器只能获知慢转发面的信息,对快速转发平面是不知情的,所以要将快速转发平面和慢转发平面的两种表关联起来。具体的,每条第一流表中的第一流表项和面表中的N条第二流表项关联(N是第二流表的数量),第一流表中第一流表项不主动老化,当第二流表中的第二流表项被老化时,同时删除关联第二流表项的第一流表项。第二流表中的同一个第二流表项可以被多个第一流表中的第一流表项引用,所以在每条慢转发平面的第二流表项中建立一个被引用的链表结构。第一流表中的第一流表项最多引用N个第二流表的第二流表项,所述在满表中表示N个引用标记。在实际应用中,每条流表都有生命周期,在一段时间内没有起作用,或者强制多少时间后不起作用;所述老化指的是,减少交换机中的没用流表长期占用空间,可以认为是垃圾清理。Since the controller can only know the information of the slow forwarding plane but not the fast forwarding plane, it is necessary to associate the two tables of the fast forwarding plane and the slow forwarding plane. Specifically, the first flow entry in each first flow table is associated with N second flow entries in the surface table (N is the number of the second flow table), and the first flow entry in the first flow table is not actively aged. When the second flow entry in the second flow table is aged out, the first flow entry associated with the second flow entry is deleted at the same time. The same second flow entry in the second flow table may be referenced by multiple first flow entries in the first flow table, so a referenced link list structure is established in the second flow entry of each slow forwarding plane. The first flow entry in the first flow table references at most N second flow entries in the second flow table, and the full table represents N reference marks. In practical applications, each flow table has a life cycle, and it does not work for a period of time, or it does not work after a certain amount of time; the aging refers to reducing the long-term occupied space of useless flow tables in the switch, Think of it as garbage removal.
同步单元406实时或定时向所述第二流表发送所述第一流表的流量统计消息,使得所述第二流表根据所述流量统计消息来记录所述数据报文的流量,并更新相应的第二流表项的idle time。The synchronization unit 406 sends the traffic statistics message of the first flow table to the second flow table in real time or regularly, so that the second flow table records the traffic of the data packet according to the traffic statistics message, and updates the corresponding The idle time of the second flow entry.
在实际应用中,由于数据报文直接经过第一流表而不经过第二流表,第二流表无法获知数据报文的流量;因此,交换机会实时或定时向所述第二流表发送所述第一流表的流量统计消息,使得所述第二流表根据所述流量统计消息来记录所述数据报文的流量,而发送之后第一流表可以将本地流量统计清零。In practical applications, since the data packets directly pass through the first flow table without passing through the second flow table, the second flow table cannot know the traffic of the data packets; The traffic statistics message of the first flow table, so that the second flow table records the traffic of the data packet according to the traffic statistics message, and the first flow table can clear the local traffic statistics after sending.
在实际应用中,由于数据报文直接经过第一流表而不经过第二流表,导致第二流表中的idle time老化;因此,交换机会实时或定时向所述第二流表发送所述第一流表的流量统计消息,使得所述第二流表根据所述流量统计消息来更新相应的第二流表项的idletime。In practical applications, since data packets directly pass through the first flow table without passing through the second flow table, the idle time in the second flow table is aged; therefore, the switch will send the second flow table to the second flow table in real time or at regular intervals. The traffic statistics message of the first flow table enables the second flow table to update the idle time of the corresponding second flow entry according to the traffic statistics message.
进一步的,本发明实施例中的交换机还可以通过流表项删除单元405对流表项进行删除操作,具体的,当第二流表中的第二流表项被老化时,删除第一流表中与所述第二流表项相关联的第一流表项;或,当第二流表中的第二流表项被修改时,删除第一流表中与所述第二流表项相关联的第一流表项;或,当第二流表中的第二流表项被删除时,删除第一流表中与所述第二流表项相关联的第一流表项;或,当第二流表中添加新的第二流表项时,检测第一流表中与所述第二流表相关联的第一流表项的优先级是否比新增第二流表项低,若是,则删除第一流表中与所述第二流表相关联的第一流表项。Further, the switch in the embodiment of the present invention can also delete the flow entry through the flow entry deletion unit 405. Specifically, when the second flow entry in the second flow table is aged out, delete the flow entry in the first flow table. the first flow entry associated with the second flow entry; or, when the second flow entry in the second flow table is modified, delete the first flow entry associated with the second flow entry in the first flow table the first flow entry; or, when the second flow entry in the second flow table is deleted, delete the first flow entry associated with the second flow entry in the first flow table; or, when the second flow When adding a new second flow table entry in the table, detect whether the priority of the first flow table entry associated with the second flow table in the first flow table is lower than that of the newly added second flow table entry, and if so, delete the first flow table entry A first flow entry associated with the second flow table in the flow table.
请参见图5,本发明实施例还提供了一种交换机,可包括:Referring to Fig. 5, an embodiment of the present invention also provides a switch, which may include:
输入装置501,输出装置502,存储器503和处理器504(交换机中的处理器的数量可以为一个或多个,图5中以一个处理器为例)在本发明的一些实施例中,输入装置501,输出装置502,存储器503和处理器504可通过总线或其它方式连接,其中,图5中通过总线连接为例。Input device 501, output device 502, memory 503 and processor 504 (the number of processors in the switch can be one or more, one processor is taken as an example in Fig. 5) In some embodiments of the present invention, the input device 501, an output device 502, a memory 503, and a processor 504 may be connected through a bus or in other ways, where connection through a bus is used as an example in FIG. 5 .
其中,所述处理器504执行如下步骤:Wherein, the processor 504 performs the following steps:
在输入装置501获取数据报文的属性标识之后,根据所述属性标识在第一流表中查找第一流表项,所述第一流表项包括:动作集合,所述动作集合为一种数据报文的各个属性标识在多级流表中分别对应的指定操作。在实际应用中,所述指定操作可以为:从一个端口转发数据,或修改特定的字段(如:目的IP地址)等。After the input device 501 obtains the attribute identifier of the data packet, it searches the first flow table for the first flow entry according to the attribute identifier, and the first flow entry includes: an action set, the action set is a data packet Each attribute of identifies the corresponding specified operation in the multi-level flow table. In practical applications, the specified operation may be: forwarding data from a port, or modifying a specific field (such as: destination IP address), etc.
若所述第一流表项查找成功,则触发输出装置502根据与所述属性标识匹配的第一流表项对应的动作集合对所述数据报文进行转发;If the first flow entry is searched successfully, the trigger output device 502 forwards the data packet according to the action set corresponding to the first flow entry matching the attribute identifier;
若所述第一流表项查找失败,则根据所述属性标识依次在多级第二流表中查找第二流表项,触发输出装置502依次根据各个所述第二流表项中的指定操作对所述数据报文进行转发。If the lookup of the first flow entry fails, the second flow entry is sequentially searched in the multi-level second flow table according to the attribute identifier, and the trigger output device 502 sequentially performs operations according to the specified operation in each of the second flow entries Forward the data packet.
在交换机根据各个所述第二流表项中的指定操作对所述数据报文进行转发操作的同时,交换机根据查找到的各个所述第二流表项生成所述第一流表项,并将所述第一流表项记录在所述第一流表中。在所述数据报文对应的第一流表项生成之后,交换机下一次再接收到同一类的数据报文时,可以直接在第一流表中完成查找流表项和转发的流程。When the switch forwards the data packet according to the specified operation in each of the second flow entries, the switch generates the first flow entry according to each of the found second flow entries, and sends The first flow entry is recorded in the first flow table. After the first flow entry corresponding to the data packet is generated, when the switch receives the same type of data packet next time, it can directly complete the process of searching the flow entry and forwarding in the first flow table.
在实际应用中,第一流表项中包含有精确匹配域,该精确匹配域由多个通配匹配域组合而成,该多个通配匹配域分别对应一种数据报文的各个属性标识。示例性的,第一流表项的查找过程具体可以为:在第一流表中查找与所述数据报文的各个属性标识都匹配的精确匹配域,所述精确匹配域对应的第一流表项为所要查找的第一流表项。In practical applications, the first flow entry includes an exact match field, and the exact match field is composed of multiple wildcard match fields, and the multiple wildcard match fields respectively correspond to attribute identifiers of a type of data packet. Exemplarily, the search process of the first flow entry may specifically be: searching the first flow table for an exact matching field that matches each attribute identifier of the data packet, and the first flow entry corresponding to the exact matching field is The first flow entry to look up.
由于控制器只能获知慢转发面的信息,对快速转发平面是不知情的,所以要将快速转发平面和慢转发平面的两种表关联起来。具体的,每条第一流表中的第一流表项和面表中的N条第二流表项关联(N是第二流表的数量),第一流表中第一流表项不主动老化,当第二流表中的第二流表项被老化时,同时删除关联第二流表项的第一流表项。第二流表中的同一个第二流表项可以被多个第一流表中的第一流表项引用,所以在每条慢转发平面的第二流表项中建立一个被引用的链表结构。第一流表中的第一流表项最多引用N个第二流表的第二流表项,所述在满表中表示N个引用标记。在实际应用中,每条流表都有生命周期,在一段时间内没有起作用,或者强制多少时间后不起作用;所述老化指的是,减少交换机中的没用流表长期占用空间,可以认为是垃圾清理。Since the controller can only know the information of the slow forwarding plane but not the fast forwarding plane, it is necessary to associate the two tables of the fast forwarding plane and the slow forwarding plane. Specifically, the first flow entry in each first flow table is associated with N second flow entries in the surface table (N is the number of the second flow table), and the first flow entry in the first flow table is not actively aged. When the second flow entry in the second flow table is aged out, the first flow entry associated with the second flow entry is deleted at the same time. The same second flow entry in the second flow table may be referenced by multiple first flow entries in the first flow table, so a referenced link list structure is established in the second flow entry of each slow forwarding plane. The first flow entry in the first flow table references at most N second flow entries in the second flow table, and the full table represents N reference marks. In practical applications, each flow table has a life cycle, and it does not work for a period of time, or it does not work after a certain amount of time; the aging refers to reducing the long-term occupied space of useless flow tables in the switch, Think of it as garbage removal.
进一步的,交换机实时或定时向所述第二流表发送所述第一流表的流量统计消息,使得所述第二流表根据所述流量统计消息来记录所述数据报文的流量,并更新相应的第二流表项的idle time。Further, the switch sends the traffic statistics message of the first flow table to the second flow table in real time or regularly, so that the second flow table records the traffic of the data packet according to the traffic statistics message, and updates The idle time of the corresponding second flow entry.
在实际应用中,由于数据报文直接经过第一流表而不经过第二流表,第二流表无法获知数据报文的流量;因此,交换机会实时或定时向所述第二流表发送所述第一流表的流量统计消息,使得所述第二流表根据所述流量统计消息来记录所述数据报文的流量,而发送之后第一流表可以将本地流量统计清零。In practical applications, since the data packets directly pass through the first flow table without passing through the second flow table, the second flow table cannot know the traffic of the data packets; The traffic statistics message of the first flow table, so that the second flow table records the traffic of the data packet according to the traffic statistics message, and the first flow table can clear the local traffic statistics after sending.
在实际应用中,由于数据报文直接经过第一流表而不经过第二流表,导致第二流表中的idle time老化;因此,交换机会实时或定时向所述第二流表发送所述第一流表的流量统计消息,使得所述第二流表根据所述流量统计消息来更新相应的第二流表项的idletime。In practical applications, since data packets directly pass through the first flow table without passing through the second flow table, the idle time in the second flow table is aged; therefore, the switch will send the second flow table to the second flow table in real time or at regular intervals. The traffic statistics message of the first flow table enables the second flow table to update the idle time of the corresponding second flow entry according to the traffic statistics message.
当第二流表中的第二流表项被老化时,删除第一流表中与所述第二流表项相关联的第一流表项;或,当第二流表中的第二流表项被修改时,删除第一流表中与所述第二流表项相关联的第一流表项;或,当第二流表中的第二流表项被删除时,删除第一流表中与所述第二流表项相关联的第一流表项或,当第二流表中添加新的第二流表项时,由于新添加第二流表项可能导致流规则的改变,因此,交换机会检测第一流表中与所述第二流表相关联的第一流表项的优先级是否比新增第二流表项低,若是,则删除第一流表中与所述第二流表相关联的第一流表项。When the second flow entry in the second flow table is aged, delete the first flow entry associated with the second flow entry in the first flow table; or, when the second flow table in the second flow table When the item is modified, delete the first flow entry associated with the second flow entry in the first flow table; or, when the second flow entry in the second flow table is deleted, delete the first flow table associated with the The first flow entry associated with the second flow entry or, when a new second flow entry is added to the second flow table, since the newly added second flow entry may cause a change in the flow rule, the switch It will detect whether the priority of the first flow entry associated with the second flow table in the first flow table is lower than that of the newly added second flow table entry, and if so, delete the first flow table related to the second flow table The first flow entry of the association.
其中,存储器503存储的内容包括:所述属性标识具体可以包括:源MAC地址、目的MAC地址,以太网类型,源IP地址和目的IP地址等。所述指定操作可以为:从一个端口转发数据,或修改特定的字段(如:目的IP地址)等。所述第二流表项包括:通配匹配域,及该通配匹配域对应的指定操作。Wherein, the content stored in the memory 503 includes: the attribute identifier may specifically include: source MAC address, destination MAC address, Ethernet type, source IP address, destination IP address, and the like. The specified operation may be: forwarding data from a port, or modifying a specific field (such as: destination IP address), etc. The second flow entry includes: a wildcard matching field, and a specified operation corresponding to the wildcard matching field.
在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-OnlyMemory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk, and other media that can store program codes.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应所述以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present invention. Should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.
Claims (10)
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310400616.3A CN104426768B (en) | 2013-09-05 | 2013-09-05 | A kind of data message forwarding method and device |
| PCT/CN2014/085891 WO2015032333A1 (en) | 2013-09-05 | 2014-09-04 | Data packet forwarding method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310400616.3A CN104426768B (en) | 2013-09-05 | 2013-09-05 | A kind of data message forwarding method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104426768A CN104426768A (en) | 2015-03-18 |
| CN104426768B true CN104426768B (en) | 2018-06-15 |
Family
ID=52627816
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310400616.3A Active CN104426768B (en) | 2013-09-05 | 2013-09-05 | A kind of data message forwarding method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104426768B (en) |
| WO (1) | WO2015032333A1 (en) |
Families Citing this family (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104717683B (en) * | 2015-03-26 | 2018-05-29 | 清华大学 | A kind of user's request processing method based on software defined network southbound interface agreement |
| CN104836731B (en) * | 2015-05-14 | 2017-12-08 | 新华三技术有限公司 | A kind of Group list processing method and apparatus of Open Flow agreements |
| CN105591909A (en) * | 2015-10-21 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and device for improvement of message forwarding performance |
| CN105681223B (en) * | 2015-12-31 | 2019-05-14 | 清华大学 | A kind of data packet forwarding method and device of SDN |
| CN105871602B (en) | 2016-03-29 | 2019-10-18 | 华为技术有限公司 | A control method, device and system for statistical flow |
| CN106161251B (en) * | 2016-06-14 | 2019-06-07 | 国家计算机网络与信息安全管理中心 | Message safety analytical method and device |
| CN107528794B (en) * | 2016-06-19 | 2021-01-15 | 华为技术有限公司 | Data processing method and device |
| CN114205312A (en) * | 2016-06-30 | 2022-03-18 | 华为技术有限公司 | Method and equipment for generating table entry |
| CN106059964B (en) * | 2016-07-28 | 2020-01-21 | 锐捷网络股份有限公司 | Message forwarding method and device |
| CN107147578B (en) * | 2017-03-27 | 2021-01-15 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN107547432B (en) * | 2017-08-28 | 2019-09-06 | 新华三信息安全技术有限公司 | A kind of flow control methods and device |
| CN115037575A (en) | 2017-12-26 | 2022-09-09 | 华为技术有限公司 | Method and device for message processing |
| CN113542125B (en) | 2018-03-31 | 2022-11-25 | 华为技术有限公司 | Method and device for forwarding message based on integrated flow table |
| CN108989313B (en) * | 2018-07-19 | 2021-07-27 | 深圳市泰信通信息技术有限公司 | Message processing method and device and computer readable storage medium |
| CN110768911B (en) * | 2018-07-27 | 2023-05-12 | 深信服科技股份有限公司 | Method, device, equipment, system and storage medium for efficient flow drainage |
| CN111510329B (en) * | 2020-04-10 | 2023-07-07 | 全球能源互联网研究院有限公司 | A method for processing messages in an electric power SDN controller and a flow table matching module |
| CN112019458A (en) * | 2020-09-11 | 2020-12-01 | 邦彦技术股份有限公司 | Data message forwarding method and device |
| CN112491710B (en) * | 2020-11-09 | 2023-06-23 | 锐捷网络股份有限公司 | Message forwarding method and device based on Openflow |
| CN113326228B (en) * | 2021-07-30 | 2022-01-11 | 阿里云计算有限公司 | Message forwarding method, device and equipment based on remote direct data storage |
| CN113645137B (en) * | 2021-08-02 | 2022-05-31 | 清华大学 | A software-defined network multi-level flow table compression method and system |
| CN114520790B (en) * | 2021-12-20 | 2024-03-22 | 杭州迪普信息技术有限公司 | Message filtering method and device |
| CN115174462B (en) * | 2022-06-28 | 2024-02-06 | 北京东土军悦科技有限公司 | Method and device for acquiring data forwarding table, forwarding equipment, controller and medium |
| CN117424862A (en) * | 2022-07-18 | 2024-01-19 | 华为技术有限公司 | Message forwarding method, device, equipment and chip system |
| CN115484322A (en) * | 2022-07-29 | 2022-12-16 | 天翼云科技有限公司 | Data packet decapsulation and uninstallation method and device, electronic device and storage medium |
| CN116016313B (en) * | 2022-12-29 | 2025-07-15 | 山东云海国创云计算装备产业创新中心有限公司 | A flow table aging control method, system, device and readable storage medium |
| CN116506355B (en) * | 2023-06-27 | 2023-09-05 | 珠海星云智联科技有限公司 | Processing method for unloading flow chart storage and related device |
| CN116915703B (en) * | 2023-09-13 | 2023-12-08 | 中移(苏州)软件技术有限公司 | Table entry expulsion method, device and electronic equipment |
| CN116996438B (en) * | 2023-09-22 | 2023-12-22 | 新华三技术有限公司 | Flow table management method and device |
| CN119854212A (en) * | 2024-12-06 | 2025-04-18 | 天翼云科技有限公司 | Data processing system, method, device and storage medium |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7784094B2 (en) * | 2005-06-30 | 2010-08-24 | Intel Corporation | Stateful packet content matching mechanisms |
| US9479323B2 (en) * | 2011-01-28 | 2016-10-25 | Nec Corporation | Communication system, forwarding node, control device, communication control method, and program |
| CN103166866B (en) * | 2011-12-12 | 2016-08-03 | 华为技术有限公司 | Generate the method for list item, the method receiving message and related device and system |
| US8971338B2 (en) * | 2012-01-09 | 2015-03-03 | Telefonaktiebolaget L M Ericsson (Publ) | Expanding network functionalities for openflow based split-architecture networks |
| CN102843299A (en) * | 2012-09-12 | 2012-12-26 | 盛科网络(苏州)有限公司 | Method and system for realizing Openflow multi-stage flow tables on basis of ternary content addressable memory (TCAM) |
| CN102868578A (en) * | 2012-10-11 | 2013-01-09 | 盛科网络(苏州)有限公司 | Test method and test system of openflow switch table body capacity |
| CN103281246A (en) * | 2013-05-20 | 2013-09-04 | 华为技术有限公司 | Message processing method and network equipment |
| CN103401783A (en) * | 2013-07-26 | 2013-11-20 | 盛科网络(苏州)有限公司 | Method and device for realizing Openflow multistage flow table |
-
2013
- 2013-09-05 CN CN201310400616.3A patent/CN104426768B/en active Active
-
2014
- 2014-09-04 WO PCT/CN2014/085891 patent/WO2015032333A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015032333A1 (en) | 2015-03-12 |
| CN104426768A (en) | 2015-03-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104426768B (en) | A kind of data message forwarding method and device | |
| CN109962832B (en) | Message processing method and device | |
| CN103905311A (en) | Flow table matching method and device and switch | |
| CN105591914B (en) | A kind of openflow flow table look-up method and device | |
| CN111478820A (en) | Network equipment configuration system and method for large-scale network environment of network shooting range | |
| CN110912826B (en) | Method and device for expanding IPFIX table items by using ACL | |
| US20140289193A1 (en) | Synchronizing forwarding databases in a network device background | |
| CN108512763A (en) | A kind of tracking of flow table rule generating process | |
| CN104025520B (en) | Method for creating lookup table, query method, controller, forwarding device and system | |
| US11652744B1 (en) | Multi-stage prefix matching enhancements | |
| CN103873464B (en) | Message processing method and forwarding equipment | |
| WO2020088465A1 (en) | Port configuration method and device, storage medium, and electronic device | |
| CN103560957A (en) | Table look-up key value construction method and microcode issuing method, device and system | |
| CN102308296A (en) | Hash calculating and processing method and device | |
| CN114244752A (en) | Flow statistical method, device and equipment | |
| CN103856407B (en) | A kind of packet based on NetFPGA programmable virtual router accelerates retransmission method and device | |
| Ha et al. | Efficient Flow Table Management Scheme in SDN-Based Cloud Computing Networks. | |
| US11012542B2 (en) | Data processing method and apparatus | |
| CN111143427A (en) | Distributed information retrieval method, system and device based on-line computing | |
| CN102195868B (en) | Method and device for dynamically classifying network messages at high efficiency | |
| CN115129779A (en) | Database synchronization method, device and readable medium | |
| CN111819552B (en) | Access control list management method and device | |
| CN114697160A (en) | Method and device for processing tunnel message | |
| CN106789525B (en) | Message forwarding method and device in a kind of VPLS network | |
| CN112714017A (en) | Configuration issuing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210420 Address after: Unit 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong 518040 Patentee after: Honor Device Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: Unit 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong 518040 Patentee after: Honor Terminal Co.,Ltd. Country or region after: China Address before: 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong Patentee before: Honor Device Co.,Ltd. Country or region before: China |