CN105610614B - High Availabitity accesses system and High Availabitity failure switching method - Google Patents
High Availabitity accesses system and High Availabitity failure switching method Download PDFInfo
- Publication number
- CN105610614B CN105610614B CN201510997234.2A CN201510997234A CN105610614B CN 105610614 B CN105610614 B CN 105610614B CN 201510997234 A CN201510997234 A CN 201510997234A CN 105610614 B CN105610614 B CN 105610614B
- Authority
- CN
- China
- Prior art keywords
- node
- sdn
- high availabitity
- heartbeat
- access request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0668—Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This application discloses a kind of High Availabitities to access system, and the system comprises access resource pool, the access resource pool is made of multiple nodes to be visited;Heartbeat inspecting module, for monitoring the node state in the access resource pool by periodically sending heartbeat packet;And SDN module, for directly receiving access request from outer net, and a suitable node in multiple nodes to be visited is handled the access request and is forwarded directly to according to the node state that the heartbeat inspecting module provides, without passing through other proxies.Present invention also provides a kind of High Availabitity failure switching methods.
Description
Technical field
The present invention relates to High Availabitity access system and High Availabitity failure switching methods.
Background technique
" high availability " (High Availability) refers to a system by special design, when reaching reduction shut-down
Between, keep servicing continual effect.The High Availabitity of service system usually carries out active-standby switch reality by multiple redundant nodes
Existing, the abstract model of system is as shown in Figure 1.
As shown in Figure 1, server-side is made of a resource pool multiple accessed nodes.High-availability system by external access into
Row is converted and is oriented to the available resource node of some in resource pool.High-availability system externally issues a unified " virtual external
Address " accesses in order to client.When client accesses to service system by virtual address, before High Availabitity
End agency will convert the destination address of the access request, be converted into internal active node address, and will access conductance
To actual active node.
High-availability system can carry out status monitoring for movable service node by certain mechanism, when detecting activity
When node delay machine, high-availability system will choose standby node from access resource pool, and access stream is switched to new active section
Point, to achieve the effect that continual service.
Existing High Availabitity access scheme be mostly Intrusion Detection based on host realize solution, such as Heartbeat,
Corosync, Keepalived etc..Its common implementation is as shown in Figure 2.The agency that High Availabitity core function passes through front end
Host is realized.When the access message of client reaches, front-end proxy agent machine turns the virtual external access address in message
It is changed to the actual address of internal activity host, and access message is packaged again, is then E-Packeted by the network equipment;
When internal node returned packet, proxy machine carries out reversed address conversion again and operates with decapsulation is added, and message is transferred to
Client.
At the same time, front-end proxy agent machine also needs timing to carry out heartbeat health monitoring to the node in resource pool, works as discovery
When host node delay machine, proxy machine needs to select remaining guest machine as new active node, and updates forwarding-table item, so as to it
The message reached afterwards can switch in time.
Such implementation can achieve the effect that High Availabitity accesses, but there are following deficiencies:
Firstly, functional module mixes, implementation complexity is high.High Availabitity proxy realize simultaneously heartbeat health monitoring with
The function of network message address conversion.And the latter belongs to the operation of pure network level, should be realized by the network equipment of profession
It is more particularly suitable.
Secondly, there are the risks of single point failure for front-end proxy agent host.All outside access messages reach forwarded
Front-end proxy agent host must be first passed around before equipment carries out address conversion, once front-end proxy agent host delay machine, then whole system
It will all stop working.
Finally, the disengaging of each primary traffic will carry out network message address by proxy in such scheme
Conversion plus decapsulation and the operation of the network levels such as reverse proxy.The network equipment compared to directly application profession carries out
This generic operation, stability are lacking with throughput performance.
Summary of the invention
To solve the above problems, according to an aspect of the invention, there is provided a kind of High Availabitity accesses system, the system
It include: access resource pool, the access resource pool is made of multiple nodes to be visited;Heartbeat inspecting module, for by regular
Heartbeat packet is sent to monitor the node state in the access resource pool;And SDN module, it is accessed for directly being received from outer net
Request, and the access request is handled according to the node state that the heartbeat inspecting module provides and is directly forwarded
To a suitable node in multiple nodes to be visited, without passing through other proxies.
In above-mentioned High Availabitity access system, the SDN module includes: SDN controller, is used for from the heartbeat inspecting mould
Block receives heartbeat inspecting exception information, and SDN switch is notified to carry out stream switching;And the SDN switch, for directly from
Outer net receives access request, and is handled according to the notice of the SDN controller the access request and directly forwarded
To a suitable node in the multiple node to be visited.
In above-mentioned High Availabitity access system, the SDN switch directly receives access request from outer net and carries out message
Processing and forwarding, the heartbeat inspecting module and the SDN controller are accessed as management node from bypass, and for forwarding plan
Slightly formulation with issue, the forward-path without directly affecting service traffics.
In above-mentioned High Availabitity access system, the first node in the multiple node to be visited is service section based on setting
Point, and the heartbeat inspecting module monitors the first node by periodically sending heartbeat packet via the SDN switch
State.
In above-mentioned High Availabitity access system, when the heartbeat inspecting module monitors are to the first node delay machine, it
It is configured to: selecting the second node in the multiple node to be visited as mobile host computers, and SDN described in the message informing is controlled
Device processed.
In above-mentioned High Availabitity access system, the SDN controller is further configured to issue to the SDN switch
The instruction of flow table change, notice network flow are forwarded via second node.
According to further aspect of the application, a kind of High Availabitity failure switching method is provided, which comprises pass through
Heartbeat packet is periodically sent, first node of the heartbeat inspecting module monitors into access resource pool as active node exists abnormal;
The second node that heartbeat inspecting module is chosen in the access resource pool is controlled as New activity node, and by message informing SDN
Device;SDN controller is modified flow table, and the flow table of change is issued to SDN switch;SDN switch is according to the stream of change
Table and the second node will be forwarded to from the received access request of outer net, without pass through other proxies.
In above-mentioned High Availabitity failure switching method, the flow table that the SDN switch is issued according to the controller, logarithm
It is forwarded according to the message that level flows through.
Compared to the High Availabitity implementation of existing Intrusion Detection based on host, the technical solution of the application at least has following excellent
Gesture:
First, the technical solution of the application makes full use of the advantage of SDN framework, the open network interface provided by SDN,
Network function module is separated from host, the network equipment of profession is transferred to handle, thus by heartbeat inspecting module
Decoupling to the greatest extent, simplified system design is carried out with network module, while enhancing reliability.
Second, all outside access messages directly pass through the network equipment and are forwarded to final service node, in passing through
Between host, thus overcome the front-end proxy agent single point failure problem in Intrusion Detection based on host implementation.
Third, in aspect of performance, the network equipment that the technical solution of the application directly passes through profession carries out message address
Conversion plus decapsulation and the operation such as reverse proxy, forwarding can reduce the drop probabilities during failover and raising
Throughput performance, the connection for preferably reaching high-availability system keep, smoothly switch effect.
Detailed description of the invention
After having read a specific embodiment of the invention referring to attached drawing, those skilled in the art will be more clearly
Solve various aspects of the invention.Skilled person would appreciate that: these attached drawings are used only for cooperation specific embodiment party
Formula illustrates technical solution of the present invention, and is not intended to limit the scope of protection of the present invention.
Fig. 1 is the schematic diagram of existing High Availabitity access system;
Fig. 2 is the High Availabitity implementation schematic diagram of existing Intrusion Detection based on host;
Fig. 3 is SDN model support composition;
Fig. 4 is the decomposition module figure of the front-end proxy agent machine in Fig. 2;
Fig. 5 is one embodiment according to the application, the decomposition module figure based on the realization of SDN framework High Availabitity;
Fig. 6 is the frame diagram according to one embodiment of the application, high-availability system based on SDN framework;And
Fig. 7 is one embodiment according to the application, the High Availabitity failover schematic diagram based on SDN framework.
Specific embodiment
What is be described below is some in multiple possible embodiments of the invention, it is desirable to provide to of the invention basic
Solution, it is no intended to confirm crucial or conclusive element of the invention or limit scope of the claimed.It is readily appreciated that, according to this
The technical solution of invention, in the case where not changing connotation of the invention, those of ordinary skill in the art can propose can be mutual
Other implementations of replacement.Therefore, following specific embodiments and attached drawing are only the examples to technical solution of the present invention
Property explanation, and be not to be construed as whole of the invention or be considered as to define or limit technical solution of the present invention.
Network technology has greatly pushed the fast development of internet.But, traditional network technology is more closed always,
Core technology is monopolized with equipment Market by several manufacturers, and the application on upper layer can not directly operate network layer or less
Equipment.2009, Stamford team formally propose software defined network (Software Defined Networking,
SDN concept), it is intended to the closed situation for breaking network layer, by externally providing the programmable network interface of standard, so that using
It can preferably be interacted with network, thus the global optimization performance of lifting system.
Typical SDN model is as shown in figure 3, it is made of SDN switch and SDN controller two parts.SDN controller is
The center control nodes of whole network, are responsible for the forwarding strategy of maintenance whole network, and pass through the pipe of direct-connected each SDN switch
Reason port issues flow table instruction.Each SDN switch then stores one and throws the net network flow table (Flow Table), to receive controller
The flow table strategy issued, and the message that data plane flows through is forwarded by the list item in matching flow table.
Communication protocol between SDN controller and interchanger is referred to as south orientation agreement, and the south orientation agreement proposed earliest is
OpenFlow has been developed to 1.5 versions at present.In OpenFlow agreement, each flow entry (Flow Entry) is by classifying
The part such as matching domain (Match Field) and operation rules (Instruction) forms.The instruction of classification and matching word domain flows into message
Matching rule, once successful match, then carry out operation indicated by the part Instruction.For example, the flow table in Fig. 3
In, rule 1 indicates that all messages entered from port 1 are all forwarded from port 2;Flow table rule 2 then indicate by actively
Location is that the message of 0.0.0.0 is abandoned.SDN switch operates all messages that flows through according to these rules.
With continued reference to Fig. 2, existing front-end proxy agent system can be divided into following two main functional modules, such as Fig. 4 institute
Show:
1) heartbeat inspecting module: by periodically sending the Host Status in heartbeat packet monitoring resource pond;
2) network function module: address conversion is carried out to the access message of client, and is guided to real work node.
It is in loose coupling relation between two modules, only when heartbeat monitoring modular finds primary node status exception, Cai Huiyu
Network function module interacts, it is notified to carry out stream switching.
It is different from existing technical solution, according to one embodiment of the application, realized in the High Availabitity based on SDN framework
Module in still retain heartbeat inspecting module, while network function module being isolated from the proxy of front end, then passed through
The network equipment of SDN architecture combined profession is realized.The system module block diagram of new departure is as shown in Figure 5.
As shown in figure 5, in one embodiment, SDN module is network controlled device and SDN switch two parts form.It is right
In the access request of outer net, data message directly will carry out Message processing and forwarding by SDN switch, without passing through other
Proxy.Heartbeat inspecting module and SDN controller are accessed only as management node from bypass, are mainly responsible for forwarding strategy
It formulates and issues, do not directly influence the forward-path of service traffics.
System module exploded view based on Fig. 5, will be after wherein SDN module be instantiated, the real system portion of this programme
Administration can be as shown in Figure 6.In one embodiment, SDN module is network controlled device and SDN switch two parts form.In system
Initial stage, it is main service node that system, which chooses the node 1 in resource pool, and network controller is first by following two flow table rules
SDN switch is written:
Table 1: the flow table of system initial stage SDN switch
The meaning of stream rule 1 is handled for the message of extranet access is forwarded to node 1, while to the purpose of message
Converted (address for being converted to node 1) in address.Stream rule 2 is then the B-rule of stream rule 1.
It will be appreciated from fig. 6 that the access message of client will be transmitted directly onto SDN switch, before needing not move through proxy machine etc.
It installs standby.According to stream rule 1, SDN switch matches all messages entered from port 0, if destination address is
The destination address of message is then converted to the address ip-1 of node 1, and produces message from the port of interchanger 1 by vip.
Stream rule 2 is then passed through for the message returned from node 1 and carries out reversed operation.
At the same time, heartbeat inspecting module by periodically send heartbeat message monitoring node 1 state, the process with it is above-mentioned
External message browsing process be completely independent.
Fig. 7 shows one embodiment according to the application, the High Availabitity failover schematic diagram based on SDN framework.
In conjunction with Fig. 7, according to one embodiment of the application, when heartbeat monitoring modular detects 1 delay machine of node, system will
Carry out following process flow:
(1) heartbeat inspecting module detects 1 delay machine of node, chooses standby node 2 and is used as mobile host computers, and the message is led to
Know in network controller;
(2) SDN network controller issues flow table change directive to SDN exchanger, and updated flow table is as shown in the table:
Table 2: the flow table of SDN switch after active-standby switch
(3) network flow hereafter is all forwarded via port 2 after flowing through SDN exchanger, and active-standby switch is completed.
The technical solution of the application can by the height that the framework of software defined network (SDN) realizes connected reference as a result,
With, and can obtain than the high availability scheme more preferably system performance of original Intrusion Detection based on host and more easy system is real
It is existing.
In conclusion present applicant proposes a kind of High Availabitity implementations for being based on software defined network (SDN) framework.This
The technical solution of application makes full use of the advantage of SDN framework, by open network interface provided by SDN, by network function mould
Block is separated from host transfers to the network equipment of profession to be handled, and thus carries out each module in high-availability system most
The decoupling of big degree simplifies system design, while enhancing reliability.
Above, a specific embodiment of the invention is described with reference to the accompanying drawings.But those skilled in the art
It is understood that without departing from the spirit and scope of the present invention, can also make to a specific embodiment of the invention each
Kind change and replacement.These changes and replacement are all fallen within the scope of the invention as defined in the claims.
Claims (6)
1. a kind of High Availabitity accesses system, the system comprises:
Resource pool is accessed, the access resource pool is made of multiple nodes to be visited;
Heartbeat inspecting module, for monitoring the node state in the access resource pool by periodically sending heartbeat packet;And
SDN module, for directly receiving access request, and the node state provided according to the heartbeat inspecting module from outer net
And a suitable node in multiple nodes to be visited is handled the access request and is forwarded directly to, without passing through
Other proxies,
Wherein, the SDN module includes:
SDN controller for receiving heartbeat inspecting exception information from the heartbeat inspecting module, and notifies SDN switch to carry out
Stream switching;And
The SDN switch, for directly receiving access request from outer net, and according to the notice of the SDN controller and to institute
It states access request and is handled and be forwarded directly to a suitable node in the multiple node to be visited,
Wherein, the SDN switch directly receives access request from outer net and carries out Message processing and forwarding, the heartbeat inspecting
Module and the SDN controller are accessed as management node from bypass, and for the formulation of forwarding strategy with issue, without direct
Influence the forward-path of service traffics.
2. High Availabitity as described in claim 1 accesses system, wherein the first node setting in the multiple node to be visited
For main service node, and the heartbeat inspecting module is by sending heartbeat packet periodically via the SDN switch to monitor
State the state of first node.
3. High Availabitity as claimed in claim 2 accesses system, wherein when the heartbeat inspecting module monitors to the first segment
When point delay machine, select the second node in the multiple node to be visited as mobile host computers, and SDN described in message informing is controlled
Device processed.
4. High Availabitity as claimed in claim 3 accesses system, wherein the SDN controller is further configured to
The instruction that flow table is changed is issued to the SDN switch, notice network flow is forwarded via second node.
5. a kind of High Availabitity failure switching method, which comprises
By periodically sending heartbeat packet, heartbeat inspecting module monitors are deposited into access resource pool as the first node of active node
In exception;
Heartbeat inspecting module chooses the second node in the access resource pool as New activity node, and by message informing SDN
Controller;
SDN controller is modified flow table, and the flow table of change is issued to SDN switch;
SDN switch will be forwarded to the second node from the received access request of outer net according to the flow table of change, without
By other proxies,
Wherein, the SDN controller receives heartbeat inspecting exception information from the heartbeat inspecting module, and notifies SDN switch
Stream switching is carried out,
The SDN switch directly receives access request from outer net, and according to the notice of the SDN controller and to the access
Request is handled and is forwarded directly to a suitable node in multiple nodes to be visited,
Wherein, the SDN switch directly receives access request from outer net and carries out Message processing and forwarding, the heartbeat inspecting
Module and the SDN controller are accessed as management node from bypass, and for the formulation of forwarding strategy with issue, without direct
Influence the forward-path of service traffics.
6. High Availabitity failure switching method as claimed in claim 5, wherein the SDN switch is according to the SDN controller
The flow table issued is forwarded the message that data plane flows through.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510997234.2A CN105610614B (en) | 2015-12-28 | 2015-12-28 | High Availabitity accesses system and High Availabitity failure switching method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510997234.2A CN105610614B (en) | 2015-12-28 | 2015-12-28 | High Availabitity accesses system and High Availabitity failure switching method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105610614A CN105610614A (en) | 2016-05-25 |
CN105610614B true CN105610614B (en) | 2019-06-18 |
Family
ID=55990160
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510997234.2A Active CN105610614B (en) | 2015-12-28 | 2015-12-28 | High Availabitity accesses system and High Availabitity failure switching method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105610614B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107086963B (en) * | 2017-03-10 | 2018-10-09 | 中国传媒大学 | A kind of accurate video switching method of destination based on SDN |
CN116915837B (en) * | 2023-09-12 | 2024-01-26 | 苏州浪潮智能科技有限公司 | Communication method and communication system based on software defined network |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1725702A (en) * | 2004-07-20 | 2006-01-25 | 联想网御科技(北京)有限公司 | Network safety equipment and assemblied system and method for implementing high availability |
CN103795805A (en) * | 2014-02-27 | 2014-05-14 | 中国科学技术大学苏州研究院 | Distributed server load balancing method based on SDN |
CN103929333A (en) * | 2014-05-08 | 2014-07-16 | 陈桂芳 | Implementation method for SDN controller pool |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8949258B2 (en) * | 2011-03-28 | 2015-02-03 | Microsoft Corporation | Techniques to manage file conversions |
-
2015
- 2015-12-28 CN CN201510997234.2A patent/CN105610614B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1725702A (en) * | 2004-07-20 | 2006-01-25 | 联想网御科技(北京)有限公司 | Network safety equipment and assemblied system and method for implementing high availability |
CN103795805A (en) * | 2014-02-27 | 2014-05-14 | 中国科学技术大学苏州研究院 | Distributed server load balancing method based on SDN |
CN103929333A (en) * | 2014-05-08 | 2014-07-16 | 陈桂芳 | Implementation method for SDN controller pool |
Also Published As
Publication number | Publication date |
---|---|
CN105610614A (en) | 2016-05-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102577277B (en) | Providing a logical aggregated point-to-point data link incorporating a multi-point link | |
US20180316607A1 (en) | Providing non-interrupt failover using a link aggregation mechanism | |
US8976652B2 (en) | Relay device, method of controlling relay device, and relay system | |
CN103236949B (en) | Monitoring method, device and the system of a kind of server cluster | |
US11290367B2 (en) | Hierarchical network configuration | |
CN103125102B (en) | For providing the system and method for the Ethernet virtual concentrator scalability based on infinite bandwidth in middleware machine environment | |
CN104639464A (en) | System and method for realizing cross-interchanger link aggregation on OpenFlow interchanger | |
US9703747B2 (en) | Remote console access of port extenders using protocol extension | |
EP2533475A1 (en) | Method and system for host route reachability in packet transport network access ring | |
US9800521B2 (en) | Network switching systems and methods | |
CN1826769A (en) | Virtual network device | |
CN102197627A (en) | Improved convergence of multicast traffic | |
CN107078974A (en) | Multicast advertisements message for the network switch in storage area network | |
KR20150007623A (en) | Method and appratus for protection switching in packet transport system | |
US20190372870A1 (en) | Network device snapshots | |
CN103067291A (en) | Method and device of up-down link correlation | |
CN108616376A (en) | A kind of FC network system failures dynamic reconfiguration method | |
CN104731727A (en) | Double control monitoring and management system and method for storage system | |
CN104219115B (en) | It is a kind of to enable the method and system of Ethernet ring agreement and Spanning-Tree Protocol isomery mixed networking | |
CN105610614B (en) | High Availabitity accesses system and High Availabitity failure switching method | |
JP5785608B2 (en) | Communication node device system, device, and method | |
CN101340445B (en) | Method and apparatus for providing service to MAC address duplicate customer | |
JP2014036333A (en) | Network management system, network management computer and network management method | |
JP5929720B2 (en) | Communication system and network relay device | |
CN102857435B (en) | Method and device for forwarding three-layer data flow in data center site |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |