[go: up one dir, main page]

CN105391635A - Network virtualization method based on software defined network (SDN) - Google Patents

Network virtualization method based on software defined network (SDN) Download PDF

Info

Publication number
CN105391635A
CN105391635A CN201510667519.XA CN201510667519A CN105391635A CN 105391635 A CN105391635 A CN 105391635A CN 201510667519 A CN201510667519 A CN 201510667519A CN 105391635 A CN105391635 A CN 105391635A
Authority
CN
China
Prior art keywords
virtual network
network
module
bandwidth
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510667519.XA
Other languages
Chinese (zh)
Other versions
CN105391635B (en
Inventor
唐勇
栾谋升
汪文勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201510667519.XA priority Critical patent/CN105391635B/en
Publication of CN105391635A publication Critical patent/CN105391635A/en
Application granted granted Critical
Publication of CN105391635B publication Critical patent/CN105391635B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network virtualization method based on a software defined network (SDN). The network virtualization method comprises the steps of obtaining SDN topology information by a controller through detection in network initialization; creating a virtual network sheet, calling a virtual network generation module by the created virtual network sheet, adding host computers into the virtual network after network creation is finished, adding the host computers into the virtual network sheet, and communication between a certain host computer and another host computer is required, if a switch has a matched flow item, directly forwarding a data package, and if the switch has no matched flow item, transmitting the data package to the controller, calling an information interception module by the controller for intercepting the data package, calling an information analyzing module by the information interception module, waiting for a result which is returned from the information analyzing module, and determining whether to discard the data package. The network virtualization method can be used for flexibly creating a virtual network and is totally driven according to a user requirement and has relatively high expandability. Furthermore the invention provides a relatively good solution for improving network throughput and preventing competition of busy links.

Description

一种基于SDN的网络虚拟化方法A method of network virtualization based on SDN

技术领域 technical field

本发明涉及计算机网络虚拟化领域,确切地说涉及一种基于SDN的网络虚拟化方法。 The invention relates to the field of computer network virtualization, in particular to an SDN-based network virtualization method.

背景技术 Background technique

虚拟化技术一直与网络的发展密不可分,为了解决当前互联网“僵化”的问题并刺激对未来网络研究的创新,网络虚拟化的概念被提出,网络虚拟化技术指的是使用抽象、分配和隔离机制实现节点和链路虚拟化,通过共享底层的物理资源构建共存但相互隔离的多样化虚拟网络,物理网络能够根据动态变化的虚拟资源请求实现对物理资源的合理配置和管理。研究学者利用虚拟化技术在已有的网络架构基础上构建出逻辑网络以满足特定的业务需求。如实现用户隔离的虚拟局域网,连接异地用户的虚拟专用网等。 Virtualization technology has always been inseparable from the development of the network. In order to solve the current Internet "ossified" problem and stimulate innovation in future network research, the concept of network virtualization was proposed. Network virtualization technology refers to the use of abstraction, distribution and isolation The mechanism realizes the virtualization of nodes and links, and builds a diversified virtual network that coexists but is isolated from each other by sharing the underlying physical resources. The physical network can realize the reasonable allocation and management of physical resources according to the dynamically changing virtual resource requests. Researchers use virtualization technology to build logical networks based on existing network architectures to meet specific business needs. Such as virtual local area network for user isolation, virtual private network for connecting remote users, etc.

现在,国内外很多团体和学术机构提出利用网络虚拟化构建网络实验平台,将网络虚拟化技术作为构建下一代互联网的基础架构。包括GENI(GlobalEnvironmentforNetworkInnovations),其旨在构建一个通用开放的大规模实验平台,解决传统互联网在安全性、可靠性和管理性等方面的不足,它的设计目标是构建一个可编程的、虚拟化的、满足不同种类网络互联的、具备安全性的全球网络。GENI能够实现用户对底层资源的访问和控制;PlantLab项目,起始于2003年,最初的体系结构由普林斯顿大学的LarryPeterson、华盛顿大学的TomAnderson、加州大学伯克利分校的DavidCuller共同设计,它是一个开放的、针对下一代网络互联网及服务的全球性实验平台。节点的计算资源、内存资源、网络资源等被多台虚拟机所共享。由多台虚拟机组成的虚拟机被称为PlantLab的一份资源片。多个资源片同时运行于PlantLab之上,逻辑上相互不影响;VegaNet(VirtualGigabitNetwork)项目,起始于2009年,由北京科技大学、清华大学、北京邮电大学发起。VegaNet的主要特征包括引入真实的用户流量,支持节点和链路故障注入,同步底层网络故障,虚拟路由器基于真实的商业路由器平台实现,支持高带宽的虚拟网络流量,虚拟网络中运行的协议族独立于底层物理网,虚拟网络对底层物理网络透明;4WARD项目是欧盟第七科技框架计划EP7在网络技术研究领域的子项目,于2008年1月启动。其目标是通过创新克服现有的通信网络的缺点,构建可以同时共存多个网络的架构。4WARD虚拟化框架允许多个网络运行在一个通用的平台上,通过网络资源运营级的虚拟化实现多个网络架构的共存,与现有Internet仅允许在链路层和应用层同时共存多个网络不同的是,4WARD还应该能够在网络层和传输层共存多个网络。4WARD可以同时支持异构网络的虚拟化、异构的终端用户和新型网络协议等。其主要的研究内容包括网络虚拟化技术、新型架构的原理和内容等。 Now, many groups and academic institutions at home and abroad propose to use network virtualization to build a network experiment platform, and use network virtualization technology as the infrastructure for building the next generation Internet. Including GENI (Global Environment for Network Innovations), which aims to build a general and open large-scale experimental platform to solve the shortcomings of the traditional Internet in terms of security, reliability and management. Its design goal is to build a programmable, virtualized , A secure global network that satisfies different types of network interconnections. GENI can enable users to access and control the underlying resources; the PlantLab project, started in 2003, the initial architecture was jointly designed by Larry Peterson of Princeton University, Tom Anderson of the University of Washington, and David Culler of the University of California, Berkeley. It is an open , A global experimental platform for next-generation Internet and services. Computing resources, memory resources, and network resources of nodes are shared by multiple virtual machines. A virtual machine composed of multiple virtual machines is called a resource slice of PlantLab. Multiple resource slices run on PlantLab at the same time, and logically do not affect each other; the VegaNet (VirtualGigabitNetwork) project, started in 2009, was initiated by Beijing University of Science and Technology, Tsinghua University, and Beijing University of Posts and Telecommunications. The main features of VegaNet include the introduction of real user traffic, support for node and link fault injection, and synchronization of underlying network faults. The virtual router is implemented based on a real commercial router platform, supports high-bandwidth virtual network traffic, and the protocol suites running in the virtual network are independent. Based on the underlying physical network, the virtual network is transparent to the underlying physical network; the 4WARD project is a sub-project of the European Union's Seventh Science and Technology Framework Program EP7 in the field of network technology research, which was launched in January 2008. Its goal is to overcome the shortcomings of existing communication networks through innovation and build an architecture that can coexist with multiple networks at the same time. The 4WARD virtualization framework allows multiple networks to run on a common platform, realizes the coexistence of multiple network architectures through the virtualization of network resources at the operator level, and only allows multiple networks to coexist at the link layer and the application layer at the same time as the existing Internet The difference is that 4WARD should also be able to coexist multiple networks at the network layer and transport layer. 4WARD can support heterogeneous network virtualization, heterogeneous end users and new network protocols at the same time. Its main research content includes network virtualization technology, the principle and content of new architecture, etc.

SDN最早起源于斯坦福大学的cleanstate项目,它是一种创新的网络体系架构,其核心思想是把转发平面和控制平面解耦,通过集中式的控制器并使用标准的接口对各种不同的网络设备进行管理。目前,OpenFlow作为标准的接口已经得到广泛使用,中心控制器通过OpenFlow协议实现对物理交换机的精细化监测和管理。同时,SDN具有天然的网络虚拟化的优势,特别是对于数据中心的网络虚拟化应用。出于部署的要求,虚拟化要求具有集中式控制的网络架构,而SDN网络恰恰就是一种集中式管理的网络架构。 SDN first originated from the cleanstate project of Stanford University. It is an innovative network architecture. Its core idea is to decouple the forwarding plane and the control plane. Devices are managed. At present, OpenFlow has been widely used as a standard interface, and the central controller implements refined monitoring and management of physical switches through the OpenFlow protocol. At the same time, SDN has the advantages of natural network virtualization, especially for network virtualization applications in data centers. Due to deployment requirements, virtualization requires a centralized control network architecture, and the SDN network is precisely a centralized management network architecture.

经检索,在国家专利局网站和国外专利局网站上没有与本申请技术方案较为接近的技术方案申请过专利,也没有与本申请技术方案较接近的期刊文件,没有实现基于SDN创建虚拟网络的现有技术。 After searching, there is no patent application for a technical solution closer to the technical solution of this application on the website of the National Patent Office and the website of foreign patent offices, and there is no journal document that is closer to the technical solution of this application, and there is no realization of creating a virtual network based on SDN. current technology.

发明内容 Contents of the invention

本发明旨在针对上述现有技术所存在的缺陷和不足,提供一种基于SDN的网络虚拟化方法,本方法不仅可以基于MAC地址创建虚拟网络,还可以基于IP地址创建虚拟网络,虚拟网络可以承载特定的应用层能量或者某些来自或到达主机的流量。 The purpose of the present invention is to provide a network virtualization method based on SDN to address the defects and deficiencies in the above-mentioned prior art. This method can not only create a virtual network based on a MAC address, but also create a virtual network based on an IP address. The virtual network can be Carries specific application layer energy or certain traffic from or to the host.

本发明是通过采用下述技术方案实现的: The present invention is achieved by adopting the following technical solutions:

一种基于SDN的网络虚拟化方法,其特征在于: A method for network virtualization based on SDN, characterized in that:

步骤1,网络初始化时,控制器通过探测获得SDN网络拓扑信息,包括交换机信息和链路信息; Step 1, when the network is initialized, the controller obtains the SDN network topology information through detection, including switch information and link information;

步骤2,网络初始化时没有任何虚拟网络存在,所有底层网络资源暂不可用; Step 2, when the network is initialized, no virtual network exists, and all underlying network resources are temporarily unavailable;

步骤3,使用网络资源的前提是得到一个虚拟网络片,否则无法使用任何网络资源,创建一个虚拟网络片,转步骤4; Step 3, the prerequisite for using network resources is to obtain a virtual network slice, otherwise no network resources can be used, create a virtual network slice, and go to step 4;

步骤4,创建虚拟网络片调用虚拟网络生成模块,虚拟网络生成模块收集用户各种请求参数的信息,根据请求参数创建虚拟网络片,请求参数包括虚拟网络的ID、名字、流量隔离类型和带宽需求,创建完成后向虚拟网络中添加主机,转步骤5; Step 4: Create a virtual network slice and call the virtual network generation module. The virtual network generation module collects information on various request parameters from users, and creates a virtual network slice according to the request parameters. The request parameters include the virtual network ID, name, traffic isolation type, and bandwidth requirements. , after the creation is complete, add a host to the virtual network and go to step 5;

步骤5,添加主机到虚拟网络片,虚拟网络是一系列主机的集合,这些主机集合共享虚拟网络内的资源,添加到虚拟网络片的主机基于主机的MAC地址或IP地址,但同一个虚拟网络只能基于一种添加方式,如只添加主机MAC地址或只添加主机IP地址,主机添加完成后,转步骤6; Step 5. Add hosts to the virtual network slice. A virtual network is a collection of hosts that share resources in the virtual network. The hosts added to the virtual network slice are based on the host's MAC address or IP address, but the same virtual network It can only be added based on one method, such as adding only the host MAC address or only adding the host IP address. After the host is added, go to step 6;

步骤6,当某个主机需要和另一个主机通信时,若交换机有匹配的流表项,则直接转发数据包,若交换机没有匹配的流表项,该数据包会发往控制器,转步骤7; Step 6. When a host needs to communicate with another host, if the switch has a matching flow entry, it will directly forward the data packet. If the switch does not have a matching flow entry, the data packet will be sent to the controller, and go to step 6. 7;

步骤7,控制器调用消息拦截模块拦截该数据包,消息拦截模块调用消息解析模块,转步骤8,等待消息解析模块返回的结果,决定是否需要丢弃该数据包; Step 7, the controller calls the message interception module to intercept the data packet, the message interception module calls the message analysis module, turns to step 8, waits for the result returned by the message analysis module, and decides whether to discard the data packet;

步骤8,消息解析模块解析该数据包,查询数据包是否来自于某个虚拟网络,若查询结果属于某一个虚拟网络并且符合虚拟网络相关参数,通知消息拦截模块允许该数据包通过并下发流表,否则通知消息拦截模块丢弃该数据包; Step 8: The message parsing module parses the data packet, and queries whether the data packet comes from a certain virtual network. If the query result belongs to a certain virtual network and meets the relevant parameters of the virtual network, the message interception module is notified to allow the data packet to pass and deliver the flow Table, otherwise the notification message interception module discards the packet;

查询数据包是否来自于某一个虚拟网络需要调用虚拟网络映射模块,转步骤9; To check whether the data packet comes from a certain virtual network, you need to call the virtual network mapping module, and go to step 9;

步骤9,虚拟网络映射模块查询映射关系,确定数据包是否属于某一个虚拟网络,同时确定虚拟网络的相关参数,根据相关参数确定数据包的处理流程,如调用流量隔离模块、带宽虚拟化路由生成模块,如果需要调用流量隔离模块,转步骤10,如果需要调用带宽虚拟化路由生成模块转步骤11; Step 9, the virtual network mapping module queries the mapping relationship, determines whether the data packet belongs to a certain virtual network, and at the same time determines the relevant parameters of the virtual network, and determines the processing flow of the data packet according to the relevant parameters, such as calling the traffic isolation module and generating bandwidth virtualization routes module, if you need to call the traffic isolation module, go to step 10, if you need to call the bandwidth virtualization routing generation module, go to step 11;

步骤10,若在虚拟网络创建的初始阶段指定了所承载的流量,流量隔离模块隔离所有非虚拟网络所承载的流量,否则不会隔离任何类型流量; Step 10, if the carried traffic is specified in the initial stage of virtual network creation, the traffic isolation module isolates the traffic carried by all non-virtual networks, otherwise it will not isolate any type of traffic;

步骤11,若在虚拟网络创建的初始阶段指定了带宽需求,带宽虚拟化路由生成模块首先调用MM_ATT算法计算出一条路由,在路径上安装流表,然后在所有虚拟网络内的主机相连的边缘交换机出端口设置限速队列。 Step 11, if the bandwidth requirement is specified in the initial stage of virtual network creation, the bandwidth virtualization route generation module first calls the MM_ATT algorithm to calculate a route, installs a flow table on the path, and then connects the edge switches connected to all hosts in the virtual network Set the rate-limited queue on the outbound port.

所述虚拟网络生成模块,用来把用户虚拟网络请求生成逻辑虚拟网络片slice,虚拟网络的生成源自于用户的请求,由用户决定请求参数,由控制器生成虚拟网络片数据结构,并维护所有虚拟网络相关参数的映射。 The virtual network generating module is used to generate a logical virtual network slice from a user virtual network request, the generation of the virtual network originates from the user's request, the user determines the request parameters, and the controller generates the virtual network slice data structure, and maintains A map of all virtual network related parameters.

所述消息拦截模块,用来拦截所有来自底层物理网络的packet_in消息,网络初始化时,无法使用任何物理网络资源,所有未匹配的包都将通过packet_in消息转发给控制器;只有之前已经建立了虚拟网络,并且该packet_in消息属于某一个虚拟网络所在的流,通过消息解析模块后,允许消息通过,否则丢弃该消息。 The message interception module is used to intercept all packet_in messages from the underlying physical network. When the network is initialized, any physical network resources cannot be used, and all unmatched packets will be forwarded to the controller through the packet_in message; only virtual network, and the packet_in message belongs to the flow of a certain virtual network, after passing through the message parsing module, the message is allowed to pass, otherwise the message is discarded.

所述消息解析模块,对于消息拦截模块所拦截的数据包,消息解析模块解析出相关信息,如源IP地址、目的IP地址、源TCP/UDP端口号、目的TCP/UDP端口号、源MAC地址、目的MAC地址和入交换机端口号;同时,确定消息是否是广播消息、DHCP消息,对于这类消息拦截模块不予拦截。 Described message parsing module, for the packet intercepted by message intercepting module, message parsing module parses out relevant information, as source IP address, purpose IP address, source TCP/UDP port number, purpose TCP/UDP port number, source MAC address , the destination MAC address and the port number of the incoming switch; at the same time, it is determined whether the message is a broadcast message or a DHCP message, and the intercepting module does not intercept such messages.

所述虚拟网络映射模块,用来管理所有虚拟网络映射关系数据结构,包括虚拟网络ID到虚拟网络的映射、虚拟网络ID到虚拟网络名字的映射、虚拟网络ID到虚拟网络主机集的映射、IP地址到MAC地址的映射以及主机到交换机端口的映射。这些映射数据结构是虚拟网络映射模块的核心数据结构。 The virtual network mapping module is used to manage all virtual network mapping relationship data structures, including mapping from virtual network ID to virtual network, mapping from virtual network ID to virtual network name, mapping from virtual network ID to virtual network host set, IP Address-to-MAC address mapping and host-to-switch port mapping. These mapping data structures are the core data structures of the virtual network mapping module.

所述流量隔离模块,用来隔离应用层的特定流量,如HTTP、FTP和P2P流量;虚拟网络创建时如果指定了所需隔离的流量,流量隔离模块处理请求,并在路径上所有交换机安装流表,这些流表只匹配特定的包,实现精确匹配。如精确匹配如下字段:入交换机端口、源MAC地址、目的MAC地址、源IP地址、目的IP地址、源运输层端口、目的运输层端口。 The traffic isolation module is used to isolate the specific traffic of the application layer, such as HTTP, FTP and P2P traffic; if the traffic to be isolated is specified when the virtual network is created, the traffic isolation module processes the request and installs a traffic flow on all switches on the path Tables, these flow tables only match specific packets to achieve exact matching. For example, the following fields are exactly matched: inbound switch port, source MAC address, destination MAC address, source IP address, destination IP address, source transport layer port, and destination transport layer port.

所述带宽虚拟化路由生成模块,用来完成带宽虚拟化路由的生成,带宽虚拟化意即对于虚拟网络的带宽限定和隔离,一般设置虚拟网络所需占用带宽的最小值或最大值,利用MM_ATT算法为流找到路由,在所有虚拟网络主机所连接的边缘交换机出端口设置若干限速队列,实现流的限速和路由的生成。 The bandwidth virtualization routing generation module is used to complete the generation of bandwidth virtualization routing. Bandwidth virtualization means bandwidth limitation and isolation for virtual networks. Generally, the minimum or maximum bandwidth required for virtual networks is set, and MM_ATT is used to The algorithm finds a route for the flow, and sets a number of rate-limiting queues on the outbound ports of the edge switches connected to all virtual network hosts to realize the rate limit of the flow and the generation of routes.

所述的MM_ATT算法的形式化描述为:给定一个网络G(V,E),源节点s∈V,目的节点d∈V,带宽需求b∈R。对于?(i,j)∈E,链路容量Cij∈R,剩余容量Lij∈R,要求找到源节点为s,目的节点为d的路径p,使得路径p的可用带宽available≥b,available为路径p上所有链路的最小剩余容量,同时要求p的带宽利用率U(p)最小,即U(p)=minU(pi);其中V代表节点集合,E代表链路集合,R代表正实数集,pi∈P,P代表所有从s到d的路径集合; The formal description of the MM_ATT algorithm is as follows: Given a network G(V, E), source node s∈V, destination node d∈V, bandwidth requirement b∈R. For ?(i, j)∈E, link capacity Cij∈R, remaining capacity Lij∈R, it is required to find a path p with source node s and destination node d, so that the available bandwidth of path p is available≥b, and available is The minimum remaining capacity of all links on the path p requires the minimum bandwidth utilization rate U(p) of p, that is, U(p)=minU(pi); where V represents the node set, E represents the link set, and R represents the positive A set of real numbers, pi∈P, P represents the set of all paths from s to d;

算法步骤: Algorithm steps:

(1)删除图G中链路不满足带宽要求的链路,得到新图G2=(V,E2)。 (1) Delete the links in graph G that do not meet the bandwidth requirements, and get a new graph G2=(V, E2).

(2)对图G2中的每条链路计算带宽利用率Uij。 (2) Calculate bandwidth utilization Uij for each link in Figure G2.

(3)搜索所有从源节点s到目的节点d的所有路径P,同时限制跳数不大于max_hop。 (3) Search all paths P from the source node s to the destination node d, while limiting the number of hops to be no greater than max_hop.

(4)从步骤(3)中找到的路径中找出一条路径带宽利用率最小的路径。 (4) Find a path with the minimum bandwidth utilization rate from the paths found in step (3).

所述步骤1进一步包括: Said step 1 further includes:

控制器周期性地发送LLDP探测数据包来探测SDN网络中交换机的连接状态,维护SDN网络的拓扑关系。 The controller periodically sends LLDP detection packets to detect the connection status of switches in the SDN network and maintain the topological relationship of the SDN network.

所述步骤5进一步包括: Said step 5 further comprises:

添加主机所属的虚拟网络由虚拟网络的ID标识,同时指定主机和交换机连接的端口。所添加的主机地址以标准的地址格式标识; The virtual network to which the added host belongs is identified by the ID of the virtual network, and the port to which the host is connected to the switch is specified. The added host address is identified in a standard address format;

所述步骤8进一步包括: Said step 8 further includes:

查询数据包是否来自于某一个虚拟网络是由数据包的源地址和目的地址所决定的,若这些地址所代表的主机全部在虚拟网络的主机集合中,则该数据包属于该虚拟网络,否则直接丢弃该数据包; Whether the query data packet comes from a certain virtual network is determined by the source address and destination address of the data packet. If the hosts represented by these addresses are all in the host collection of the virtual network, the data packet belongs to the virtual network, otherwise discard the packet directly;

所述步骤9进一步包括: Said step 9 further includes:

虚拟网络映射模块首先查询数据包是否属于某一个虚拟网络,进一步查询虚拟网络的参数属性。具体包括:虚拟网络只承载指定的源和目的地址、应用层流量的隔离、带宽需求。其中“虚拟网络只承载指定的源和目的地址”的流量,只需简单的在网络映射模块判断数据包的源和目的地址是否匹配即可。 The virtual network mapping module first inquires whether the data packet belongs to a certain virtual network, and further inquires the parameter attributes of the virtual network. Specifically include: the virtual network only bears the specified source and destination addresses, isolation of application layer traffic, and bandwidth requirements. Among them, the "virtual network only bears the specified source and destination addresses" traffic, it is only necessary to simply judge whether the source and destination addresses of the data packets match in the network mapping module.

所述步骤10进一步包括: Described step 10 further comprises:

流量隔离模块隔离指定的应用层流量,包括HTTP、FTP、P2P等流量,这些标准应用层流量所使用的传输层端口已经标准化,流量隔离模块通过数据包的源运输层端口和目的运输层端口确定上层的应用层流量,实现流量隔离的目的。 The traffic isolation module isolates the specified application layer traffic, including HTTP, FTP, P2P and other traffic. The transport layer ports used by these standard application layer traffic have been standardized. The traffic isolation module determines the source transport layer port and the destination transport layer port of the data packet. The application layer traffic of the upper layer realizes the purpose of traffic isolation.

所述步骤11进一步包括: Said step 11 further comprises:

带宽虚拟化路由生成模块生成路由并下发流表后需要设置边缘交换机的端口速率,可以在交换机端口配置若干限速队列,队列指定队列id、队列最小发送速率、队列最大发送速率,然后在边缘交换机添加特殊流表项,该流表项指示从某个端口到达的流导向到之前已经配置好的端口特定队列,达到了流量精确限速的目的。 After the bandwidth virtualization route generation module generates the route and delivers the flow table, the port rate of the edge switch needs to be set. Several rate-limited queues can be configured on the switch port. The queue specifies the queue id, the minimum sending rate of the queue, and the maximum sending rate of the queue, and then The switch adds a special flow entry, which indicates that the flow arriving from a certain port is directed to the previously configured port-specific queue, achieving the purpose of accurate flow rate limitation.

与现有技术相比,本发明所达到的有益效果如下: Compared with the prior art, the beneficial effects achieved by the present invention are as follows:

1、将本方法所形成的系统,可作为控制器上的一个应用模块,以一种可插拔的组件形式,实现了灵活的添加和删除,当不需要虚拟网络功能时,在配置文件中删除该项即可。该方法能够灵活创建虚拟网络,完全由用户需求驱动,具有较好的扩展性。同时对于提升网络的吞吐量和避免热点链路的竞争也提出了较好地解决方案。 1. The system formed by this method can be used as an application module on the controller. It can be added and deleted flexibly in the form of a pluggable component. When the virtual network function is not needed, it can be added in the configuration file Just delete this item. This method can create a virtual network flexibly, is completely driven by user needs, and has good scalability. At the same time, it also proposes a better solution to improve the throughput of the network and avoid the competition of hot links.

2、本技术方案通过划分虚拟网络的方式,灵活地创建虚拟网络并设置虚拟网络参数,多个虚拟网络共存共享网络资源。本方案不仅可以基于MAC地址创建虚拟网络,还可以基于IP地址创建虚拟网络。虚拟网络可以承载特定的应用层能量或者某些来自/到达主机的流量。 2. This technical solution flexibly creates virtual networks and sets virtual network parameters by dividing virtual networks, and multiple virtual networks coexist and share network resources. This solution can not only create virtual networks based on MAC addresses, but also create virtual networks based on IP addresses. Virtual networks can carry specific application-layer energy or certain traffic from/to hosts.

3、本技术方案采用MM_ATT算法,为有带宽需求的虚拟网络选择一条相对空闲的链路,该算法的选路原则是要找到一条路径带宽利用率最小的路径,从而在保证虚拟网络带宽需求的前提下,使得路径剩余带宽最大,从而网络整体的吞吐量得到有效提升。同时找到路由后在所有虚拟网络主机边缘交换机出端口设置限速队列,注入虚拟网络的流量将不可能大于其所要求的带宽需求,从而很好的控制了突发流量。 3. This technical solution uses the MM_ATT algorithm to select a relatively idle link for a virtual network with bandwidth requirements. The routing principle of this algorithm is to find a path with the smallest path bandwidth utilization, so as to ensure the virtual network bandwidth requirements. Under the premise, the remaining bandwidth of the path is maximized, so that the overall throughput of the network is effectively improved. At the same time, after finding the route, set a rate-limiting queue on the outbound ports of all virtual network host edge switches, so that the traffic injected into the virtual network will not be greater than the required bandwidth requirements, thus well controlling the burst traffic.

附图说明 Description of drawings

下面将结合说明书附图和具体实施方式对本发明作进一步的详细说明,其中: The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments of the description, wherein:

图1为本发明一种基于SDN的网络虚拟化方法的模块图。 FIG. 1 is a block diagram of an SDN-based network virtualization method according to the present invention.

图2为本发明实施例基于MAC地址的虚拟网络内主机互相通信流程图。 FIG. 2 is a flow chart of communication between hosts in a virtual network based on MAC addresses according to an embodiment of the present invention.

图3为本发明实施例基于IP地址的虚拟网络内主机互相通信流程图。 FIG. 3 is a flow chart of communication between hosts in a virtual network based on IP addresses according to an embodiment of the present invention.

图4为本发明实施例基于MM_ATT算法寻路拓扑示意图。 FIG. 4 is a schematic diagram of a pathfinding topology based on the MM_ATT algorithm according to an embodiment of the present invention.

具体实施方式 detailed description

实施例1 Example 1

作为本技术方案的最佳实施方式,参照图1的网络拓扑和图2的处理流程,本实例首先基于MAC地址建立虚拟网络,设置虚拟网络相关参数并添加若干主机,简要描述虚拟网络内主机相互通信过程,具体步骤如下: As the best implementation of this technical solution, referring to the network topology in Figure 1 and the processing flow in Figure 2, this example first establishes a virtual network based on the MAC address, sets the relevant parameters of the virtual network and adds several hosts, and briefly describes the interaction between hosts in the virtual network The communication process, the specific steps are as follows:

步骤1,新建虚拟网络slice1,指定虚拟网络name和id,指定基于MAC地址建立虚拟网络,指定流量隔离参数为http流量,指定虚拟网络的带宽要求为bandwidth; Step 1, create a new virtual network slice1, specify the virtual network name and id, specify the establishment of a virtual network based on the MAC address, specify the traffic isolation parameter as http traffic, and specify the bandwidth requirement of the virtual network as bandwidth;

步骤2,向虚拟网络slice1添加主机h1、h3、h4,其mac地址分别为mac1、mac3、mac4。此时虚拟网络slice1内的主机地址集合为{mac1,mac3,mac4}; Step 2: Add hosts h1, h3, and h4 to the virtual network slice1, and their mac addresses are mac1, mac3, and mac4 respectively. At this time, the set of host addresses in the virtual network slice1 is {mac1, mac3, mac4};

步骤3,主机h1往h4发送http数据包,该数据包首先到达交换机s1,若交换机s1没有可以匹配的流表项,该数据包将转发到控制器,由控制器处理。若交换机s1有匹配的流表项,则直接转发该数据包; Step 3, the host h1 sends an http data packet to h4, and the data packet first reaches the switch s1. If the switch s1 has no matching flow entry, the data packet will be forwarded to the controller for processing. If switch s1 has a matching flow entry, it forwards the data packet directly;

步骤4,控制器的消息拦截模块拦截该数据包,交给消息解析模块处理,转步骤5; Step 4, the message interception module of the controller intercepts the data packet, and hands it over to the message parsing module for processing, and turns to step 5;

步骤5,消息解析模块得到该数据包,开始解析该数据包,若由于任何原因导致解析失败,丢弃该数据包,转步骤9。否则交给虚拟网络映射模块,转步骤6; In step 5, the message parsing module obtains the data packet and begins to parse the data packet. If the parsing fails for any reason, the data packet is discarded, and the procedure goes to step 9. Otherwise, hand it over to the virtual network mapping module and go to step 6;

步骤6,虚拟网络映射模块根据已经存储的相关映射数据结构,查找数据包的源mac地址和目的mac地址是否在同一个虚拟网络内,若在一个虚拟网络内,交给流量隔离模块,转步骤7。否则丢弃数据包,转步骤9。这里mac1和mac4属于虚拟网络slice1的主机集合,因此将会转步骤7; Step 6, the virtual network mapping module searches whether the source mac address and the destination mac address of the data packet are in the same virtual network according to the stored relevant mapping data structure, and if they are in the same virtual network, hand it over to the traffic isolation module and go to step 7. Otherwise, discard the data packet and go to step 9. Here mac1 and mac4 belong to the host set of virtual network slice1, so it will go to step 7;

步骤7,流量隔离模块通过查找虚拟网络的参数确定该流量是否是虚拟网络需要隔离的流量,若不是则交给带宽虚拟化路由生成模块处理,转步骤8。否则模块需要隔离该流量,丢弃数据包,转步骤9。这里流量隔离模块不需要隔离http流量,因此转步骤8处理; Step 7, the traffic isolation module determines whether the traffic is the traffic that needs to be isolated in the virtual network by searching the parameters of the virtual network, if not, it will be handed over to the bandwidth virtualization route generation module for processing, and then go to step 8. Otherwise, the module needs to isolate the traffic, discard the data packet, and go to step 9. Here, the traffic isolation module does not need to isolate http traffic, so go to step 8 for processing;

步骤8,带宽虚拟化路由生成模块查找该虚拟网络是否有带宽要求,若没有带宽要求,直接下发流表,转发即可。否则由带宽虚拟化路由生成模块生成路由,在路径上所有交换机安装流表,并在虚拟网络所在主机所连接的边缘交换机出端口设置限速队列。假设生成的路由为:s1-s6-s5-s4,则会在s1的端口s1-s6和s4的端口s4-s5设置限速队列,从h1到h4的数据包会导向到端口s1-s6已经设置好的限速队列,从h4到h1的数据包会导向到端口s4-s5已经设置好的限速队列; Step 8: The bandwidth virtualization routing generation module searches whether the virtual network has a bandwidth requirement, and if there is no bandwidth requirement, directly sends the flow table and forwards it. Otherwise, routes are generated by the bandwidth virtualization routing generation module, flow tables are installed on all switches on the path, and rate-limiting queues are set on the outbound port of the edge switch connected to the host where the virtual network is located. Assuming that the generated route is: s1-s6-s5-s4, the rate limit queue will be set on the port s1-s6 of s1 and the port s4-s5 of s4, and the data packets from h1 to h4 will be directed to the port s1-s6 already The set speed limit queue, the data packets from h4 to h1 will be directed to the set speed limit queue of port s4-s5;

步骤9,处理结束; Step 9, the processing ends;

实施例2 Example 2

作为本技术方案的最佳实施方式,参照图4,示例说明如何利用MM_ATT算法找出一条使得网络吞吐量得到提升、避免竞争热点链路的选路算法,具体步骤如下: As the best implementation of this technical solution, with reference to Figure 4, an example is given to illustrate how to use the MM_ATT algorithm to find a routing algorithm that improves network throughput and avoids competing hotspot links. The specific steps are as follows:

步骤1,初始化过程中需要计算每条链路的带宽利用率。 In step 1, the bandwidth utilization of each link needs to be calculated during the initialization process.

步骤2,删除所有剩余带宽不满足虚拟网络带宽要求的链路,删除后的拓扑如图4所示,链路旁的数字代表该链路的带宽利用率(单位:%)。 Step 2. Delete all links whose remaining bandwidth does not meet the bandwidth requirements of the virtual network. The deleted topology is shown in Figure 4. The number next to the link represents the bandwidth utilization rate of the link (unit: %).

步骤3,假设需要计算s1到s11的路由,首先我们设置max_hop=6,算法将深度优先搜索s1到s11的路由,该算法找到的路由为:s1-s0-s3-s8-s10-s11,该路径上的带宽利用率为4,6,6,6,4,可以发现该路径上的最大带宽利用率为6,该带宽利用率是所有从s1到s11所有路径带宽利用率的最小值。若设置max_hop=5,算法找到的路由为s1-s0-s3-s8-s11,该路径上的带宽利用率为4,6,6,8,可以发现该路径上最大带宽利用率为8,虽然该数字比设置max_hop=6找到的数字大,但是该路径更短,使得搜索复杂度进一步降低,实际使用时可以通过调节max_hop参数的大小来减少搜索时间。 Step 3, assuming that the route from s1 to s11 needs to be calculated, first we set max_hop=6, the algorithm will search the route from s1 to s11 in depth first, and the route found by the algorithm is: s1-s0-s3-s8-s10-s11, the The bandwidth utilization ratios on the path are 4, 6, 6, 6, 4, and it can be found that the maximum bandwidth utilization ratio on the path is 6, which is the minimum value of the bandwidth utilization ratios of all the paths from s1 to s11. If max_hop=5 is set, the route found by the algorithm is s1-s0-s3-s8-s11, and the bandwidth utilization rate on this path is 4, 6, 6, 8. It can be found that the maximum bandwidth utilization rate on this path is 8, although This number is larger than the number found by setting max_hop=6, but the path is shorter, which further reduces the search complexity. In actual use, you can reduce the search time by adjusting the size of the max_hop parameter.

总的来说,算法选路原则是尽量找到一条路径,使得该路径剩余带宽较充足,避免热点链路,从而一定程度上增加了网络的吞吐量,达到了网络带宽资源有效利用的目的。 In general, the algorithmic routing principle is to find a path as far as possible, so that the remaining bandwidth of the path is relatively sufficient, avoiding hot links, thereby increasing the throughput of the network to a certain extent, and achieving the purpose of effective utilization of network bandwidth resources.

实施例3 Example 3

作为本方法的另一较佳实施方式,其包括: As another preferred embodiment of this method, it includes:

步骤1,网络初始化时,控制器通过探测获得SDN网络拓扑信息,包括交换机信息和链路信息; Step 1, when the network is initialized, the controller obtains the SDN network topology information through detection, including switch information and link information;

步骤2,网络初始化时没有任何虚拟网络存在,所有底层网络资源暂不可用; Step 2, when the network is initialized, no virtual network exists, and all underlying network resources are temporarily unavailable;

步骤3,使用网络资源的前提是得到一个虚拟网络片,否则无法使用任何网络资源,创建一个虚拟网络片,转步骤4; Step 3, the prerequisite for using network resources is to obtain a virtual network slice, otherwise no network resources can be used, create a virtual network slice, and go to step 4;

步骤4,创建虚拟网络片调用虚拟网络生成模块,虚拟网络生成模块收集用户各种请求参数的信息,根据请求参数创建虚拟网络片,请求参数包括虚拟网络的ID、名字、流量隔离类型和带宽需求,创建完成后向虚拟网络中添加主机,转步骤5; Step 4: Create a virtual network slice and call the virtual network generation module. The virtual network generation module collects information on various request parameters from users, and creates a virtual network slice according to the request parameters. The request parameters include the virtual network ID, name, traffic isolation type, and bandwidth requirements. , after the creation is complete, add a host to the virtual network and go to step 5;

步骤5,添加主机到虚拟网络片,虚拟网络是一系列主机的集合,这些主机集合共享虚拟网络内的资源,添加到虚拟网络片的主机基于主机的MAC地址或IP地址,但同一个虚拟网络只能基于一种添加方式,如只添加主机MAC地址或只添加主机IP地址,主机添加完成后,转步骤6; Step 5. Add hosts to the virtual network slice. A virtual network is a collection of hosts that share resources in the virtual network. The hosts added to the virtual network slice are based on the host's MAC address or IP address, but the same virtual network It can only be added based on one method, such as adding only the host MAC address or only adding the host IP address. After the host is added, go to step 6;

步骤6,当某个主机需要和另一个主机通信时,若交换机有匹配的流表项,则直接转发数据包,若交换机没有匹配的流表项,该数据包会发往控制器,转步骤7; Step 6. When a host needs to communicate with another host, if the switch has a matching flow entry, it will directly forward the data packet. If the switch does not have a matching flow entry, the data packet will be sent to the controller, and go to step 6. 7;

步骤7,控制器调用消息拦截模块拦截该数据包,消息拦截模块调用消息解析模块,转步骤8,等待消息解析模块返回的结果,决定是否需要丢弃该数据包; Step 7, the controller calls the message interception module to intercept the data packet, the message interception module calls the message analysis module, turns to step 8, waits for the result returned by the message analysis module, and decides whether to discard the data packet;

步骤8,消息解析模块解析该数据包,查询数据包是否来自于某个虚拟网络,若查询结果属于某一个虚拟网络并且符合虚拟网络相关参数,通知消息拦截模块允许该数据包通过并下发流表,否则通知消息拦截模块丢弃该数据包; Step 8: The message parsing module parses the data packet, and queries whether the data packet comes from a certain virtual network. If the query result belongs to a certain virtual network and meets the relevant parameters of the virtual network, the message interception module is notified to allow the data packet to pass and deliver the flow Table, otherwise the notification message interception module discards the packet;

查询数据包是否来自于某一个虚拟网络需要调用虚拟网络映射模块,转步骤9; To check whether the data packet comes from a certain virtual network, you need to call the virtual network mapping module, and go to step 9;

步骤9,虚拟网络映射模块查询映射关系,确定数据包是否属于某一个虚拟网络,同时确定虚拟网络的相关参数,根据相关参数确定数据包的处理流程,如调用流量隔离模块、带宽虚拟化路由生成模块,如果需要调用流量隔离模块,转步骤10,如果需要调用带宽虚拟化路由生成模块转步骤11; Step 9, the virtual network mapping module queries the mapping relationship, determines whether the data packet belongs to a certain virtual network, and at the same time determines the relevant parameters of the virtual network, and determines the processing flow of the data packet according to the relevant parameters, such as calling the traffic isolation module and generating bandwidth virtualization routes module, if you need to call the traffic isolation module, go to step 10, if you need to call the bandwidth virtualization routing generation module, go to step 11;

步骤10,若在虚拟网络创建的初始阶段指定了所承载的流量,流量隔离模块隔离所有非虚拟网络所承载的流量,否则不会隔离任何类型流量; Step 10, if the carried traffic is specified in the initial stage of virtual network creation, the traffic isolation module isolates the traffic carried by all non-virtual networks, otherwise it will not isolate any type of traffic;

步骤11,若在虚拟网络创建的初始阶段指定了带宽需求,带宽虚拟化路由生成模块首先调用MM_ATT算法计算出一条路由,在路径上安装流表,然后在所有虚拟网络内的主机相连的边缘交换机出端口设置限速队列。 Step 11, if the bandwidth requirement is specified in the initial stage of virtual network creation, the bandwidth virtualization route generation module first calls the MM_ATT algorithm to calculate a route, installs a flow table on the path, and then connects the edge switches connected to all hosts in the virtual network Set the rate-limited queue on the outbound port.

实施例4 Example 4

采用本方法形成的系统,其其主要包含:虚拟网络生成模块、消息拦截模块、消息解析模块、虚拟网络映射模块、流量隔离模块、带宽虚拟化路由生成模块。 The system formed by this method mainly includes: a virtual network generation module, a message interception module, a message analysis module, a virtual network mapping module, a traffic isolation module, and a bandwidth virtualization routing generation module.

所述虚拟网络生成模块,用来把用户虚拟网络请求生成逻辑虚拟网络片slice,虚拟网络的生成源自于用户的请求,由用户决定请求参数,由控制器生成虚拟网络片数据结构,并维护所有虚拟网络相关参数的映射。 The virtual network generating module is used to generate a logical virtual network slice from a user virtual network request, the generation of the virtual network originates from the user's request, the user determines the request parameters, and the controller generates the virtual network slice data structure, and maintains A map of all virtual network related parameters.

所述消息拦截模块,用来拦截所有来自底层物理网络的packet_in消息,网络初始化时,无法使用任何物理网络资源,所有未匹配的包都将通过packet_in消息转发给控制器。只有之前已经建立了虚拟网络,并且该packet_in消息属于某一个虚拟网络所在的流,通过消息解析模块后,允许消息通过,否则丢弃该消息。 The message interception module is used to intercept all packet_in messages from the underlying physical network. When the network is initialized, any physical network resources cannot be used, and all unmatched packets will be forwarded to the controller through the packet_in message. Only if a virtual network has been established before, and the packet_in message belongs to the flow of a certain virtual network, the message is allowed to pass through the message parsing module, otherwise, the message is discarded.

所述消息解析模块,对于消息拦截模块所拦截的数据包,消息解析模块解析出相关信息,如源IP地址、目的IP地址、源TCP/UDP端口号、目的TCP/UDP端口号、源MAC地址、目的MAC地址、入交换机端口号。同时,确定消息是否是广播消息、DHCP消息,对于这类消息拦截模块不予拦截。 Described message parsing module, for the packet intercepted by message intercepting module, message parsing module parses out relevant information, as source IP address, purpose IP address, source TCP/UDP port number, purpose TCP/UDP port number, source MAC address , the destination MAC address, and the port number of the incoming switch. At the same time, it is determined whether the message is a broadcast message or a DHCP message, and the intercepting module does not intercept such messages.

所述虚拟网络映射模块,用来管理所有虚拟网络映射关系数据结构,包括虚拟网络ID到虚拟网络的映射、虚拟网络ID到虚拟网络名字的映射、虚拟网络ID到虚拟网络主机集的映射、IP地址到MAC地址的映射以及主机到交换机端口的映射。这些映射数据结构是虚拟网络映射模块的核心数据结构。 The virtual network mapping module is used to manage all virtual network mapping relationship data structures, including mapping from virtual network ID to virtual network, mapping from virtual network ID to virtual network name, mapping from virtual network ID to virtual network host set, IP Address-to-MAC address mapping and host-to-switch port mapping. These mapping data structures are the core data structures of the virtual network mapping module.

所述流量隔离模块,用来隔离应用层的特定流量,如HTTP、FTP、P2P流量等。虚拟网络创建时如果指定了所需隔离的流量,流量隔离模块处理请求,并在路径上所有交换机安装流表,这些流表只匹配特定的包,实现精确匹配,如精确匹配如下字段:入交换机端口、源MAC地址、目的MAC地址、源IP地址、目的IP地址、源运输层端口、目的运输层端口。 The traffic isolation module is used to isolate specific traffic of the application layer, such as HTTP, FTP, P2P traffic and the like. If the traffic to be isolated is specified when the virtual network is created, the traffic isolation module processes the request and installs flow tables on all switches on the path. These flow tables only match specific packets to achieve exact matching. For example, the following fields are exactly matched: Incoming switch Port, source MAC address, destination MAC address, source IP address, destination IP address, source transport layer port, destination transport layer port.

所述带宽虚拟化路由生成模块,用来完成带宽虚拟化路由的生成,带宽虚拟化意即对于虚拟网络的带宽限定和隔离,一般设置虚拟网络所需占用带宽的最小值或最大值,利用MM_ATT算法为流找到路由,在所有虚拟网络主机所连接的边缘交换机出端口设置若干限速队列,实现流的限速和路由的生成。下面详述MM_ATT算法: The bandwidth virtualization routing generation module is used to complete the generation of bandwidth virtualization routing. Bandwidth virtualization means bandwidth limitation and isolation for virtual networks. Generally, the minimum or maximum bandwidth required for virtual networks is set, and MM_ATT is used to The algorithm finds a route for the flow, and sets a number of rate-limiting queues on the outbound ports of the edge switches connected to all virtual network hosts to realize the rate limit of the flow and the generation of routes. The MM_ATT algorithm is detailed below:

MM-ATT是一种包含两种需求的算法,(1)首先,创建虚拟网络时指定了带宽需求,则利用Min-MaxBandwidthUtilization算法找到一条路径,为路径上的交换机下发流表,同时,在所有边缘交换机的流量出端口配置限速队列,这些队列指定了出口的最大带宽,对应了创建虚拟网络时指定的带宽需求,因此这些流永远不可能以大于指定的带宽速率向外注入流量;(2)其次,创建虚拟网络时没有指定带宽需求,运行在该虚拟网络中的流随意性比较大,带宽波动不确定性比较大。按照控制器常规的选路算法,为该流选择路由,下发流表。控制器监测链路的带宽利用率,若链路带宽利用率大于指定触发条件时,使用Min-MaxBandwidthUtilization算法为该链路的非带宽需求的流选择另外一条相对空闲的路径,将该流转移到该路径。 MM-ATT is an algorithm that includes two requirements. (1) First, the bandwidth requirement is specified when creating a virtual network, then a path is found by using the Min-MaxBandwidthUtilization algorithm, and a flow table is delivered to the switch on the path. At the same time, the The traffic outbound ports of all edge switches are configured with rate-limited queues. These queues specify the maximum bandwidth of the exit, corresponding to the bandwidth requirements specified when creating a virtual network, so these flows can never inject traffic at a rate greater than the specified bandwidth; ( 2) Secondly, there is no specified bandwidth requirement when creating a virtual network, the flow running in the virtual network is relatively random, and the uncertainty of bandwidth fluctuation is relatively large. According to the conventional routing algorithm of the controller, a route is selected for the flow, and the flow table is issued. The controller monitors the bandwidth utilization rate of the link. If the link bandwidth utilization rate is greater than the specified trigger condition, it uses the Min-MaxBandwidthUtilization algorithm to select another relatively idle path for the non-bandwidth-demanding flow of the link, and transfers the flow to the path.

因此,当某条链路的带宽利用率大于触发条件时,会将该链路未指定带宽需求的流转移到其他链路,该链路原来存在的有带宽需求的流不会被转移,被转移的流都是那些未指定带宽需求的流。 Therefore, when the bandwidth utilization rate of a certain link is greater than the trigger condition, the flow that does not specify the bandwidth requirement of the link will be transferred to other links, and the flow that originally existed on the link with the bandwidth requirement will not be transferred. The diverted flows are those for which bandwidth requirements are not specified.

Min-MaxBandwidthUtilization,最小化最大带宽利用率:使得所选取的路径带宽利用率最小,路径带宽利用率是路径上所有链路带宽利用率最大值。该算法目标是尽量使得路径带宽利用率最小,避开拥挤的链路,使用那些相对空闲的链路。同时,该算法使得链路上的剩余带宽较多,可以尽可能满足以后到达流的需求。 Min-MaxBandwidthUtilization, to minimize the maximum bandwidth utilization: to minimize the bandwidth utilization of the selected path, and the path bandwidth utilization is the maximum bandwidth utilization of all links on the path. The goal of this algorithm is to minimize the bandwidth utilization of the path, avoid congested links, and use those relatively idle links. At the same time, this algorithm makes the remaining bandwidth on the link more, which can meet the demand of the incoming flow as much as possible.

形式化描述:给定一个网络G(V,E),源节点s∈V,目的节点d∈V,带宽需求b∈R。对于?(i,j)∈E,链路容量Cij∈R,剩余容量Lij∈R,要求找到源节点为s,目的节点为d的路径p,使得路径p的可用带宽available≥b,available为路径p上所有链路的最小剩余容量,同时要求p的带宽利用率U(p)最小,即U(p)=minU(pi)。其中V代表节点集合,E代表链路集合,R代表正实数集,pi∈P,P代表所有从s到d的路径集合。 Formal description: Given a network G(V, E), source node s∈V, destination node d∈V, bandwidth requirement b∈R. For ?(i, j)∈E, link capacity C ij ∈R, remaining capacity L ij ∈R, it is required to find the path p with source node s and destination node d, so that the available bandwidth of path p is available≥b, available is the minimum remaining capacity of all links on the path p, and requires the minimum bandwidth utilization rate U(p) of p, that is, U(p)=minU(pi). Among them, V represents the set of nodes, E represents the set of links, R represents the set of positive real numbers, pi∈P, and P represents the set of all paths from s to d.

算法步骤: Algorithm steps:

(1)删除图G中链路不满足带宽要求的链路,得到新图G2=(V,E2)。 (1) Delete links in graph G that do not meet the bandwidth requirements, and get a new graph G 2 =(V, E 2 ).

(2)对图G2中的每条链路计算带宽利用率Uij( 2 ) Calculate bandwidth utilization U ij for each link in Figure G2.

(3)深度优先搜索所有从源节点s到目的节点d的所有路径P,同时限制跳数不大于max_hop。 (3) Depth-first search all paths P from the source node s to the destination node d, while limiting the number of hops to be no greater than max_hop.

(4)从步骤(3)中找到的路径中找出一条路径带宽利用率最小的路径。 (4) Find a path with the minimum bandwidth utilization rate from the paths found in step (3).

对于该算法的寻路参见实施例2所示。 For the path finding of this algorithm, refer to Embodiment 2.

Claims (10)

1., based on a network virtualization method of SDN, it is characterized in that:
Step 1, during netinit, controller obtains SDN topology information by detection, comprises exchanger information and link information;
Step 2, exists without any virtual network during netinit, and all bottom-layer network resources wouldn't be used;
Step 3, creates a virtual network sheet, goes to step 4;
Step 4, create virtual network sheet and call virtual network generation module, virtual network generation module collects the information of the various required parameter of user, virtual network sheet is created according to required parameter, required parameter comprises the ID of virtual network, name, flow type of isolation and bandwidth demand, establishment completes in backward virtual network adds main frame, goes to step 5;
Step 5, adds main frame to virtual network sheet, adds the Host Based MAC Address of main frame or the IP address of virtual network sheet to, same virtual network can only based on a kind of addition manner, as only added host MAC address or only adding host IP address, after main frame has added, go to step 6;
Step 6, when certain main frame needs with another main-machine communication, if switch has the stream list item of coupling, then direct forwarding data bag, if the stream list item that switch does not mate, this packet can mail to controller, goes to step 7;
Step 7, controller message call blocking module tackles this packet, and message block module message call parsing module, goes to step 8, the result that the parsing module that waits for the arrival of news returns, and determines the need of abandoning this packet;
Step 8, message resolution module resolves this packet, whether data query bag comes from certain virtual network, if Query Result belongs to some virtual networks and meet virtual network relevant parameter, notification message blocking module allows this packet to pass through and issues stream table, otherwise notification message blocking module abandons this packet.
2. a kind of network virtualization method based on SDN according to claim 1, is characterized in that: whether data query bag comes from some virtual networks needs to call virtual network mapping block, goes to step 9;
Step 9, virtual network mapping block query mappings relation, determine whether packet belongs to some virtual networks, determine the relevant parameter of virtual network simultaneously, according to the handling process of relevant parameter determination packet, as called flow isolation module, bandwidth virtualization route generation module, if need to call flow isolation module, go to step 10, if need to call bandwidth virtualization route generation module to go to step 11;
Step 10, if specify carried flow in the starting stage that virtual network creates, flow isolation module isolates the flow that all non-virtual networks carry, otherwise can not isolate any type flow;
Step 11, if specify bandwidth demand in the starting stage that virtual network creates, first bandwidth virtualization route generation module calls MM_ATT algorithm and calculates a route, path is installed stream table, and the edge switch outbound port that the main frame then in all virtual networks is connected arranges speed limit queue.
3. a kind of network virtualization method based on SDN according to claim 1 and 2, it is characterized in that: described virtual network generation module, be used for user's virtual network requests formation logic virtual network sheet slice, the generation of virtual network stems from the request of user, required parameter is determined by user, by controller generating virtual network sheet data structure, and safeguard the mapping of all virtual network relevant parameters.
4. a kind of network virtualization method based on SDN according to claim 1 and 2, it is characterized in that: described message block module, be used for tackling all packet_in message from bottom physical network, during netinit, cannot use any physical network resource, all bags do not mated all will be transmitted to controller by packet_in message; Establish virtual network before only having, and this packet_in message belongs to the stream at some virtual network places, after message resolution module, allow message to pass through, otherwise abandon this message.
5. a kind of network virtualization method based on SDN according to claim 1 and 2, it is characterized in that: described message resolution module, for the packet that message block module is tackled, message resolution module parses relevant information, as source IP address, object IP address, source TCP/UDP port numbers, object TCP/UDP port numbers, source MAC, target MAC (Media Access Control) address with enter switch ports themselves number; Meanwhile, determine whether message is broadcast, dhcp message, will not tackle for this kind of message block module.
6. a kind of network virtualization method based on SDN according to claim 1 and 2, it is characterized in that: described virtual network mapping block, be used for managing all virtual network mapping relations data structures, comprise virtual network ID to the mapping of virtual network, virtual network ID to the mapping of virtual network name, virtual network ID to the mapping of the mapping of virtual network main frame collection, IP address to MAC address and main frame to the mapping of switch ports themselves.
7. a kind of network virtualization method based on SDN according to claim 1 and 2, is characterized in that: described flow isolation module, is used for the particular flow rate of isolation applications layer, as HTTP, FTP and P2P flow; If virtual network specifies the flow of required isolation when creating, flow isolation module process request, and all switches install stream table on path, and these stream tables are the specific bag of coupling only, realizes exact matching.
8. a kind of network virtualization method based on SDN according to claim 1 and 2, it is characterized in that: described bandwidth virtualization route generation module, be used for the generation of bandwidth virtualization route, bandwidth virtualization meaning is namely for limited bandwidth and the isolation of virtual network, minimum value or the maximum of occupied bandwidth needed for virtual network are generally set, MM_ATT algorithm is utilized to find route for stream, the edge switch outbound port connected at all virtual network main frames arranges some speed limit queues, realizes the speed limit of stream and the generation of route.
9. a kind of network virtualization method based on SDN according to claim 1 and 2, it is characterized in that: the formalized description of described MM_ATT algorithm is: a given network G (V, E), source node s ∈ V, destination node d ∈ V, bandwidth demand b ∈ R.
10. for (i, j) ∈ E, link capacity Cij ∈ R, residual capacity Lij ∈ R, require to find source node to be s, destination node is the path p of d, make the available bandwidth available >=b of path p, available is the least residue capacity of all links on the p of path, requires that bandwidth availability ratio U (p) of p is minimum simultaneously, i.e. U (p)=minU (pi); Wherein V representation node set, E represents link set, and R represents arithmetic number collection, and pi ∈ P, P represent all set of paths from s to d;
Algorithm steps:
(1) deletion figure G link is discontented with the link of sufficient bandwidth requirement, is newly schemed G2=(V, E2);
(2) to the every bar link calculation bandwidth availability ratio Uij in figure G2;
(3) search for all path P from source node s to destination node d, be not more than max_hop with limit jumping figure;
(4) path that a paths bandwidth availability ratio is minimum is found out in the path found from step (3).
CN201510667519.XA 2015-10-16 2015-10-16 A kind of network virtualization method based on SDN Expired - Fee Related CN105391635B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510667519.XA CN105391635B (en) 2015-10-16 2015-10-16 A kind of network virtualization method based on SDN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510667519.XA CN105391635B (en) 2015-10-16 2015-10-16 A kind of network virtualization method based on SDN

Publications (2)

Publication Number Publication Date
CN105391635A true CN105391635A (en) 2016-03-09
CN105391635B CN105391635B (en) 2018-10-16

Family

ID=55423483

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510667519.XA Expired - Fee Related CN105391635B (en) 2015-10-16 2015-10-16 A kind of network virtualization method based on SDN

Country Status (1)

Country Link
CN (1) CN105391635B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105763438A (en) * 2016-04-29 2016-07-13 清华大学 Content delivery method based on software defined network and name routing technology
CN107070766A (en) * 2017-04-25 2017-08-18 福州大学 The virtual network construction method of language is may be programmed based on software definition datum plane
WO2017167151A1 (en) * 2016-03-30 2017-10-05 Huawei Technologies Co., Ltd. Multiple provider framework for virtual switch data planes and data plane migration
CN107682258A (en) * 2017-09-27 2018-02-09 北京邮电大学 A kind of multi-path network transmission method and device based on virtualization
CN107786458A (en) * 2017-11-02 2018-03-09 下代互联网重大应用技术(北京)工程研究中心有限公司 The method that multiport access standard based on DPDK goes out
CN108650112A (en) * 2018-04-02 2018-10-12 郑州云海信息技术有限公司 A kind of the network virtualization design system and method for data center's total management system
CN110300139A (en) * 2018-03-23 2019-10-01 北方工业大学 Point-to-point content distribution method
CN110753054A (en) * 2019-10-25 2020-02-04 电子科技大学 An anonymous communication method based on SDN
CN111049747A (en) * 2019-12-18 2020-04-21 北京计算机技术及应用研究所 Intelligent virtual network path planning method for large-scale container cluster
CN116938811A (en) * 2023-09-18 2023-10-24 北京慧嘉科技有限公司 SDN routing method and routing system based on virtual network mapping

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013139298A1 (en) * 2012-03-22 2013-09-26 Huawei Technologies Co., Ltd. Supporting software defined networking with application layer traffic optimization
CN103905523A (en) * 2013-12-23 2014-07-02 浪潮(北京)电子信息产业有限公司 Cloud computing network virtualization method and system based on SDN
CN104717683A (en) * 2015-03-26 2015-06-17 清华大学 User request processing method based on software-defined network southing interface protocol
CN104767676A (en) * 2014-01-03 2015-07-08 华为技术有限公司 Data message forwarding method and data message forwarding system in software defined network (SDN)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013139298A1 (en) * 2012-03-22 2013-09-26 Huawei Technologies Co., Ltd. Supporting software defined networking with application layer traffic optimization
CN103905523A (en) * 2013-12-23 2014-07-02 浪潮(北京)电子信息产业有限公司 Cloud computing network virtualization method and system based on SDN
CN104767676A (en) * 2014-01-03 2015-07-08 华为技术有限公司 Data message forwarding method and data message forwarding system in software defined network (SDN)
CN104717683A (en) * 2015-03-26 2015-06-17 清华大学 User request processing method based on software-defined network southing interface protocol

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017167151A1 (en) * 2016-03-30 2017-10-05 Huawei Technologies Co., Ltd. Multiple provider framework for virtual switch data planes and data plane migration
US10469374B2 (en) 2016-03-30 2019-11-05 Futurewei Technologies, Inc. Multiple provider framework for virtual switch data planes and data plane migration
CN105763438A (en) * 2016-04-29 2016-07-13 清华大学 Content delivery method based on software defined network and name routing technology
CN105763438B (en) * 2016-04-29 2018-08-28 清华大学 A kind of content distribution method based on software defined network Yu name route technology
CN107070766B (en) * 2017-04-25 2019-11-05 福州大学 It may be programmed the virtual network construction method of language based on software definition data plane
CN107070766A (en) * 2017-04-25 2017-08-18 福州大学 The virtual network construction method of language is may be programmed based on software definition datum plane
CN107682258A (en) * 2017-09-27 2018-02-09 北京邮电大学 A kind of multi-path network transmission method and device based on virtualization
CN107786458A (en) * 2017-11-02 2018-03-09 下代互联网重大应用技术(北京)工程研究中心有限公司 The method that multiport access standard based on DPDK goes out
CN107786458B (en) * 2017-11-02 2021-06-25 下一代互联网重大应用技术(北京)工程研究中心有限公司 DPDK-based multi-port access and egress method
CN110300139A (en) * 2018-03-23 2019-10-01 北方工业大学 Point-to-point content distribution method
CN110300139B (en) * 2018-03-23 2021-11-23 北方工业大学 Point-to-point content distribution method
CN108650112A (en) * 2018-04-02 2018-10-12 郑州云海信息技术有限公司 A kind of the network virtualization design system and method for data center's total management system
CN110753054A (en) * 2019-10-25 2020-02-04 电子科技大学 An anonymous communication method based on SDN
CN111049747A (en) * 2019-12-18 2020-04-21 北京计算机技术及应用研究所 Intelligent virtual network path planning method for large-scale container cluster
CN116938811A (en) * 2023-09-18 2023-10-24 北京慧嘉科技有限公司 SDN routing method and routing system based on virtual network mapping
CN116938811B (en) * 2023-09-18 2024-05-07 厦门市佐云佑网科技有限公司 SDN routing method and routing system based on virtual network mapping

Also Published As

Publication number Publication date
CN105391635B (en) 2018-10-16

Similar Documents

Publication Publication Date Title
CN105391635B (en) A kind of network virtualization method based on SDN
CN102546351B (en) System and method for interconnecting openflow network and conventional Internet protocol (IP) network
US10009267B2 (en) Method and system for controlling an underlying physical network by a software defined network
US5946308A (en) Method for establishing restricted broadcast groups in a switched network
US9979605B2 (en) Virtualization mapping
CN104335537B (en) Systems and methods for layer 2 multicast multipath delivery
CN104283756B (en) A kind of method and apparatus for realizing distributed multi-tenant virtual network
CN104104614B (en) Name the software defined network controller system and its method in data network
US8953599B1 (en) Traffic cut-through within network device having multiple virtual network devices
JP5429179B2 (en) Network node and load balancing method thereof
CN101436995B (en) A Method of Fast IP Address Blocking Based on BGP Virtual Next Hop
CN104980355B (en) A kind of source controllable multicast data transmission system under SDN environment
WO2021007963A1 (en) Route distribution method and controller, information routing method and network node device
WO2019184752A1 (en) Network device management method, apparatus and system
EP3186933A1 (en) Methods, systems, and computer readable media for virtual fabric routing
JP6544401B2 (en) PACKET TRANSFER DEVICE, CONTROL DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND PROGRAM
CN111901244A (en) Network message forwarding architecture
CN107395532A (en) A kind of multi-tenant virtual network partition method based on SDN
CN103746911A (en) SDN (software defined networking) structure and communication method thereof
WO2006005260A1 (en) A virtual private network and the method for the control and transmit of the route
WO2013026384A1 (en) Service data transmission method, network node and system
JP2020537439A (en) Direct interconnect gateway
CN108352997B (en) Extending cloud aggregation points in a hierarchical distributed manner
CN116436729B (en) Message transmission method, networking system and access cloud gateway
CN108833284A (en) A kind of communication means and device of cloud platform and IDC network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20181016

CF01 Termination of patent right due to non-payment of annual fee