CN106341335A - Traffic control method and traffic control system based on SDN - Google Patents
Traffic control method and traffic control system based on SDN Download PDFInfo
- Publication number
- CN106341335A CN106341335A CN201610710701.3A CN201610710701A CN106341335A CN 106341335 A CN106341335 A CN 106341335A CN 201610710701 A CN201610710701 A CN 201610710701A CN 106341335 A CN106341335 A CN 106341335A
- Authority
- CN
- China
- Prior art keywords
- threshold value
- message
- flow
- switch
- peak
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/29—Flow control; Congestion control using a combination of thresholds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a traffic control method based on SDN, comprising the following steps: S10, acquiring the reference information of a switch used for forwarding a message and the attribute information of the message; S20, querying whether a dynamic traffic threshold table is hit currently; S30, if no dynamic traffic threshold table is hit currently, generating a dynamic traffic threshold table according to a configured traffic threshold default table, or, going directly to S40; and S40, sending the dynamic traffic threshold table down to the switch according to the dynamic traffic threshold table. According to the invention, all dynamic traffic threshold tables are configured in a controller, and configuration is convenient and simple. The traffic control strategy is end-to-end, and traffic is controlled by the controller in a unified way. The user experience is improved, and the user experience is satisfied greatly.
Description
Technical field
The present invention relates to networking technology area, the more particularly to flow control methods based on sdn and flow control system.
Background technology
With the fast development of network technology, network application gets more and more, becomes increasingly complex.Network is as one kind
New medium carrier, also frequently suffers from bandwidth and attacks.The common form that bandwidth is attacked is that exhibiting high surface is seemed legal a large amount of
Tcp, udp or icmp packet is sent to destination.This bandwidth is attacked primarily to consumption network bandwidth, or, flood
One or more routers, server and fire wall.In order that detection is more difficult, this bandwidth is attacked and is also frequently used source ground
Location is cheated, and ceaselessly changes.
However, in prior art, flow control algorithm is based on single forwarding unit, its flow threshold immobilizes.And it is each
On individual forwarding unit, the configuration of flow threshold is distributed, and its configuration process is complicated and easily malfunctions.
Content of the invention
The technical scheme that the present invention provides is as follows:
A kind of flow control methods based on sdn that the present invention provides, comprise the following steps: s10, obtain and E-Packet institute
Using to the reference information of switch and the attribute information of message;Whether s20, inquiry currently hit dynamic flow threshold value table;
S30, when miss dynamic flow threshold value table, according to the configured default table of flow threshold, generate dynamic flow threshold value table;No
Then, directly go to step s40;S40, according to described dynamic flow threshold value table, issue described dynamic flow threshold to described switch
Value table.
Further, this flow control methods based on sdn, also include: s50, described switch receive message, judge this friendship
Change planes and whether mate described dynamic flow threshold value table;S60, mate described dynamic flow threshold value table when this switch, then institute
State switch and forward, according to described dynamic flow threshold value table, the message receiving;S70, do not mate described dynamic stream when this switch
Measure threshold value table, then described switch abandons forwarding the message receiving, and/or the message receiving is sent to controller.
Further, described step s60 further includes: s61, the message flow according to described message, and described dynamic
Guarantee threshold value in flow threshold table, guarantee time, peak threshold and time to peak, judge in described dynamic flow threshold value table
Whether present flow rate threshold value meets replacing condition;S62, meet replacing condition when described present flow rate threshold value, then change described working as
After front flow threshold is described guarantee threshold value or peak threshold, described guarantee threshold value is less than described peak threshold, jumps to step
s63;Otherwise, jump directly to step s63;S63, judge whether described message flow exceedes described present flow rate threshold value;s64、
When described message flow exceedes described present flow rate threshold value, then described switch speed limit is described to described present flow rate threshold value forwarding
Message;S65, when described message flow is not less than described present flow rate threshold value, then described switchboard direct switches through and sends out message described.
Further, described step s61 further includes: s611, when described present flow rate threshold value be equal to described peak threshold
When, judge that described message flow reaches the duration of peak value of described present flow rate threshold value and whether exceedes described time to peak;Institute
State step s62 to further include: s621, exceed described time to peak when described duration of peak value, then described present flow rate threshold
Value is replaced by described guarantee threshold value;Described step s63 further includes: s631, when described duration of peak value is not less than described
Time to peak, then described present flow rate threshold duration is described peak threshold.
Further, described step s61 further includes: s612, when described present flow rate threshold value be equal to described guarantee threshold value
When, determine whether that described message flow is not up to whether the described guarantee persistent period ensureing threshold value exceeds the guarantee time;Institute
State step s62 to further include: s622, when described guarantee the persistent period exceed the described guarantee time, then described present flow rate threshold
Value reverts to described peak threshold;Described step s63 further includes: s632, when described guarantee the persistent period without departing from described
The guarantee time, described present flow rate threshold duration is described guarantee threshold value.
Further, described step s30 further includes: s31, the reference information according to described switch and described message
Attribute information, configure the default table of described flow threshold;S32, basis have reported the report not mating described dynamic flow threshold value table
Literary composition and the default table of described flow threshold, generate described dynamic flow threshold value table.
Further, described reference information includes: switch id, port number and port type, and described attribute information includes: solution
Analysis purpose ip, source ip and type of message.
The present invention also provides a kind of flow control system applied in the flow control methods based on sdn, comprising: obtain mould
Block, for obtaining the attribute information of the E-Packet reference information being used switch and message;Enquiry module, described looks into
Ask module to electrically connect with described acquisition module, currently whether hit dynamic flow threshold value table for inquiring about;Generation module, described life
Module is become to electrically connect with described enquiry module, for when miss dynamic flow threshold value table, according to configured flow threshold
Default table, generates dynamic flow threshold value table;Sending module, described sending module is electrically connected with described generation module, for basis
Described dynamic flow threshold value table, issues described dynamic flow threshold value table to described switch.
Further, this flow control system based on sdn, also includes: receiving submodule and judge module, described reception
Module is electrically connected with described judge module with the communication connection of described sending module, described receiving submodule, the connecing of described switch
Receive submodule to be used for receiving message, described judge module is used for judging whether this switch has mated described dynamic flow threshold value
Table;Sending submodule, described sending submodule is electrically connected with described judge module, when this switch has mated described dynamic flow
Threshold value table, then the described sending submodule of described switch is for forwarding, according to described dynamic flow threshold value table, the report receiving
Literary composition;When this switch does not mate described dynamic flow threshold value table, then the described sending submodule of described switch is used for abandoning turning
Send out the message receiving, and/or the message receiving is sent to controller.
Further, this flow control system based on sdn, also includes: described judge module, is additionally operable to according to described message
Message flow, and the guarantee threshold value in described dynamic flow threshold value table, ensure time, peak threshold and time to peak, sentence
Whether the present flow rate threshold value broken in described dynamic flow threshold value table meets replacing condition;Change module, for when described current
Flow threshold meets replacing condition, then change described present flow rate threshold value and ensure after threshold value or peak threshold for described, described guarantor
Card threshold value is less than described peak threshold;Described judge module, is additionally operable to judge whether described message flow exceedes described current stream
Amount threshold value;When described message flow is not less than described present flow rate threshold value, then the described sending submodule of described switch is used for
Directly forward described message;When described message flow exceedes described present flow rate threshold value, then described transmission of described switch
Module is used for speed limit and forwards described message to described present flow rate threshold value.
Compared with prior art, the present invention provides a kind of flow control methods based on sdn and flow control system, base
In sdn framework, the controller analysis reference information of switch and the attribute information feature of message, whether inquiry hits dynamic flow
Threshold value table, when miss dynamic flow threshold value table, generates dynamic flow threshold value table according to the default table of flow threshold, and will be dynamic
Flow threshold table issues on respective switch.The configuration of all dynamic flow threshold value tables all concentrates on controller, configuration convenient and
Simply.The strategy of flow-control is end-to-end, is uniformly controlled by controller.The present invention improves the Experience Degree of user, flow
Threshold value is dynamically to adjust, and greatly meets the Experience Degree of user.The flow exceeding threshold value is controlled.
Brief description
Below by the way of clearly understandable, preferred implementation is described with reference to the drawings, to a kind of flow control based on sdn
The above-mentioned characteristic of method processed and flow control system, technical characteristic, advantage and its implementation are further described.
Fig. 1 is a kind of schematic flow sheet of the flow control methods based on sdn of the present invention;
Fig. 2 is the schematic flow sheet of another kind of flow control methods based on sdn of the present invention;
Fig. 3 is a kind of schematic flow sheet of step s30 in the present invention;
Fig. 4 is the schematic flow sheet of step s60 in the present invention;
Fig. 5 is a kind of schematic flow sheet of step s61, s62 in the present invention, s63;
Fig. 6 is another kind of schematic flow sheet of step s61, s62 in the present invention, s63;
Fig. 7 is a kind of structural representation of the flow control system based on sdn of the present invention;
Fig. 8 is a kind of part-structure schematic diagram of the flow control system based on sdn of the present invention;
Fig. 9 is the schematic flow sheet of another flow control methods based on sdn again in the present invention;
Figure 10 is a part of schematic flow sheet of the present invention and another flow control methods based on sdn;
Figure 11 is another part schematic flow sheet of the present invention and another flow control methods based on sdn.
Drawing reference numeral illustrates:
11st, acquisition module, 12, enquiry module, 13, configuration module, 14, generation module, 15, sending module,
21st, receiving submodule, 22, judge module, 23, sending submodule, 24, change module.
Specific embodiment
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, brief description will be compareed below
The specific embodiment of the present invention.It should be evident that drawings in the following description are only some embodiments of the present invention, for
For those of ordinary skill in the art, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings
Accompanying drawing, and obtain other embodiments.
For making simplified form, each in figure only schematically show part related to the present invention, and they do not represent
It is as the practical structures of product.In addition, so that simplified form readily appreciates, there is identical structure or function in some in figures
Part, only symbolically depicts one of, or has only marked one of.Herein, " one " not only represents
" only this " is it is also possible to represent the situation of " more than one ".
As shown in figure 1, according to one embodiment of present invention, a kind of flow control methods based on sdn, walk including following
Rapid: s10, the acquisition reference information of switch and the attribute information of message, described switch refers to: when E-Packeting, institute
Using all switches arriving;Or, all switches when E-Packeting, on message forwarding path;Preferably, described ginseng
The information of examining includes: switch id, port number and port type, and wherein, described switch mac address can be used as switch
Id, port number not can exceed that 128;Described attribute information includes: parsing purpose ip, source ip and type of message, type of message bag
Include arp, dhcp, http, ftp, tftp.
Whether s20, inquiry currently hit dynamic flow threshold value table.
S30, when miss dynamic flow threshold value table, then according to the configured default table of flow threshold, generate dynamic stream
Amount threshold value table;Otherwise, directly go to step s40.
S40, according to described dynamic flow threshold value table, issue described dynamic flow threshold value table to described switch.
Specifically, obtain in sdn controller and obtain experimenter message at switch, obtain switch id, end
Mouth number and port type;And parse purpose ip, source ip and type of message from the message that switch forwards;Inquiry switch
Place currently whether there is dynamic flow threshold value table, if there is not dynamic flow threshold value table, according to flow threshold default table (flow
Thresholding system default table), after generating dynamic flow threshold value table;According to the parameter in dynamic flow threshold value table, to purpose ip, source ip
Between message forwarding path on all switches issue dynamic flow threshold value table;Sdn controller is thus complete message is forwarded
On path, all switches configure dynamic flow threshold value table, and the configuration of all dynamic flow threshold value tables all concentrates on sdn controller,
By sdn controller configuration management, configuration is conveniently simple.The default table of its flow threshold is the reference information according to switch for the user
Type of message configuration in the attribute information of message of middle port number sum.
As shown in Figure 2 and Figure 3, according to another embodiment of the invention, a kind of flow control methods based on sdn, including
Following steps: s10, the acquisition reference information of switch and the attribute information of message, described switch refers to: is E-Packeting
When, all switches being used;Or, all switches when E-Packeting, on message forwarding path;Preferably,
Described reference information includes: switch id, port number and port type, and wherein, described switch mac address can be used as exchange
The id of machine, port number not can exceed that 128;Described attribute information includes: parsing purpose ip, source ip and type of message, message class
Type includes arp, dhcp, http, ftp, tftp.
Whether s20, inquiry currently hit dynamic flow threshold value table.
Preferably, also include s31, when miss dynamic flow threshold value table, then the reference information according to described switch
And the attribute information of described message, configure the default table of described flow threshold.
Preferably, also include s32, basis reports and do not mate the message of described dynamic flow threshold value table and described stream
The amount default table of threshold value, generates described dynamic flow threshold value table.
S40, according to described dynamic flow threshold value table, issue described dynamic flow threshold value table to described switch.
S50, described switch receive message, judge whether this switch has mated described dynamic flow threshold value table.
S60, when this switch has mated described dynamic flow threshold value table, then described switch is according to described dynamic flow threshold
The message that the forwarding of value table receives.
S70, when this switch does not mate described dynamic flow threshold value table, then described switch is abandoned forwarding the report receiving
Literary composition, and/or the message receiving is sent to controller.
Specifically, on sdn controller, configure sdn dynamic flow control algolithm;Switch is to sdn controller report not
The message of coupling dynamic flow threshold value table and experimenter message;Sdn controller is not according to mating dynamic flow threshold value table
Message, experimenter message, and the default table of flow threshold, generate dynamic flow threshold value table.Switch is receiving report
Wen Shi, first determines whether whether have been received by dynamic flow threshold value table on this switch, if having been received by dynamic flow threshold value table,
According to restriction on the parameters in dynamic flow threshold value table, E-Packet;If not receiving dynamic flow threshold value table, message is sent to
Sdn controller, prevents bandwidth and attacks.
As shown in Figure 2, Figure 3, Figure 4, according to still a further embodiment, a kind of flow control methods based on sdn,
Comprise the following steps: s10, the acquisition reference information of switch and the attribute information of message, described switch refers to: is forwarding
During message, all switches of being used;Or, all switches when E-Packeting, on message forwarding path;Preferably
, described reference information includes: switch id, port number and port type, and wherein, described switch mac address can conduct
The id of switch, port number not can exceed that 128;Described attribute information includes: parsing purpose ip, source ip and type of message, report
Civilian type includes arp, dhcp, http, ftp, tftp.
Whether s20, inquiry currently hit dynamic flow threshold value table.
S31, when miss dynamic flow threshold value table, then the reference information according to described switch, configure described flow
The default table of threshold value.
S32, basis report message and the default table of described flow threshold not mating described dynamic flow threshold value table,
Generate described dynamic flow threshold value table.
S40, according to described dynamic flow threshold value table, issue described dynamic flow threshold value table to described switch.
S50, described switch receive message, judge whether this switch has mated described dynamic flow threshold value table.
When the guarantee threshold value in s61, the message flow according to described message, and described dynamic flow threshold value table, guarantee
Between, peak threshold and time to peak, judge whether the present flow rate threshold value in described dynamic flow threshold value table meets replacing condition.
S62, when described present flow rate threshold value meets replacing condition, then change described present flow rate threshold value be described guarantee threshold
After value or peak threshold, described guarantee threshold value is less than described peak threshold, jumps to step s63;Otherwise, jump directly to step
s63.
S63, judge whether described message flow exceedes described present flow rate threshold value.
S64, exceed described present flow rate threshold value when described message flow, then described switch speed limit is to described present flow rate
Threshold value forwards described message.
S65, when described message flow is not less than described present flow rate threshold value, then described switchboard direct switches through and sends out report described
Literary composition.
S70, when this switch does not mate described dynamic flow threshold value table, then described switch is abandoned forwarding the report receiving
Literary composition, and/or the message receiving is sent to controller.
Specifically, after switch receives message, and switch has mated dynamic flow threshold value table;Report according to message
Peak threshold in civilian flow, and dynamic flow threshold value table, time to peak, guarantee threshold value and guarantee time, judge dynamic stream
Whether the present flow rate threshold value in amount threshold value table reaches replacing condition, if present flow rate threshold value not up to changes condition, currently
Flow threshold keeps current value;If present flow rate threshold value reaches replacing condition, change present flow rate threshold value be ensure threshold value/
Peak threshold.Determine whether whether message flow exceedes present flow rate threshold value, when message flow exceedes present flow rate threshold value, then
Switch speed limit E-Packets to present flow rate threshold value;When message flow is not less than present flow rate threshold value, then switchboard direct switches through
Transmit messages literary composition.
As shown in Fig. 2, Fig. 3, Fig. 5, Fig. 6, Fig. 7, according to still another embodiment of the invention, a kind of flow based on sdn
Control method, comprises the following steps: s10, the acquisition reference information of switch and the attribute information of message, and described switch is
Refer to: when E-Packeting, all switches of being used;Or, all friendships when E-Packeting, on message forwarding path
Change planes;Preferably, described reference information includes: switch id, port number and port type, wherein, described switch mac address
Can be used as the id of switch, port number not can exceed that 128;Described attribute information includes: parsing purpose ip, source ip and message
Type, type of message includes arp, dhcp, http, ftp, tftp.
Whether s20, inquiry currently hit dynamic flow threshold value table.
S31, when miss dynamic flow threshold value table, then the reference information according to described switch, configure described flow
The default table of threshold value.
S32, basis report message and the default table of described flow threshold not mating described dynamic flow threshold value table,
Generate described dynamic flow threshold value table.
S40, according to described dynamic flow threshold value table, issue described dynamic flow threshold value table to described switch.
S50, described switch receive message, judge whether this switch has mated described dynamic flow threshold value table.
S611, when the present flow rate threshold value in described dynamic flow threshold value table be equal to described peak threshold when, described peak value
Threshold value can be 500mbps, determines whether that the duration of peak value that described message flow reaches described present flow rate threshold value is
No exceed time to peak;Described time to peak is default can be 30 seconds, and user can change.
S621, exceed described time to peak (30 seconds) when described duration of peak value, then described present flow rate threshold value is changed
For described guarantee threshold value.
S631, when described duration of peak value is not less than described time to peak (30 seconds), then described present flow rate threshold value is held
Continue for described peak threshold.
S612, when described present flow rate threshold value be equal to described guarantee threshold value when, described guarantee threshold value can be 200mbps,
Determine whether that described message flow is not up to whether the described guarantee persistent period ensureing threshold value exceeds the guarantee time;Described guarantor
The card time is default can be 30 seconds, and user can change.
S622, when described guarantee the persistent period without departing from described guarantee time (30 seconds), then described present flow rate threshold value is extensive
It is described peak threshold again.
S632, exceed the described guarantee time (30 seconds) when the described guarantee persistent period, described present flow rate threshold duration is
Described guarantee threshold value.
S64, judge whether described message flow exceedes described present flow rate threshold value.
S65, when described message flow is not less than described present flow rate threshold value, then described switchboard direct switches through and sends out report described
Literary composition.
S66, exceed described present flow rate threshold value when described message flow, then described switch speed limit is to described present flow rate
Threshold value forwards described message.
S70, when this switch does not mate described dynamic flow threshold value table, then described switch is abandoned forwarding the report receiving
Literary composition, and/or the message receiving is sent to controller.
Specifically, when switch E-Packets, present flow rate threshold value defaults to peak threshold, at utmost to ensure width
The unimpeded transmission speed of band, and the experience of user;When message flow reaches present flow rate threshold value (peak threshold), message can
Can there is the danger attacking bandwidth;Determine whether that message flow reaches the duration of peak value of peak threshold and whether exceedes peak value
Time;When duration of peak value exceedes time to peak, then there is the danger attacking bandwidth in message, and present flow rate threshold value is replaced by guarantor
Card threshold value, thus carry out speed limit;Otherwise, there is not the danger attacking bandwidth in message, is changed without present flow rate threshold value;Work as message flow
When amount is not up to present flow rate threshold value (guarantee threshold value), there is not the danger attacking bandwidth in message, determine whether message flow
Not up to ensure whether the guarantee persistent period of threshold value exceedes preset hold time;When the guarantee persistent period is not less than default holding
Time, then present flow rate threshold value revert to peak threshold, at utmost to ensure the unimpeded transmission speed in broadband;Otherwise, not more
Change present flow rate threshold value it is ensured that threshold value ensure that normal or basic transmission to ensure message.
As shown in Figure 7, Figure 8, according to one embodiment of present invention, a kind of apply in the flow control methods based on sdn
Flow control system, comprising: acquisition module 10, E-Packet and used reference information and the report of switch for obtaining
The attribute information of literary composition;Described switch refers to: all switches when E-Packeting, on message forwarding path;Preferably, institute
State reference information to include: switch id, port number and port type, wherein, described switch mac address can be used as switch
Id, port number not can exceed that 128;Described attribute information includes: parsing purpose ip, source ip and type of message, type of message
Including arp, dhcp, http, ftp, tftp.
Enquiry module 12, whether described enquiry module 12 is electrically connected with described acquisition module 10, currently hit for inquiring about
Dynamic flow threshold value table.
Generation module 14, described generation module 14 is electrically connected with described enquiry module 12, for when miss dynamic flow
During threshold value table, according to the configured default table of flow threshold, generate dynamic flow threshold value table.
Sending module 15, described sending module 15 is electrically connected with described generation module 14, for according to described dynamic flow
Threshold value table, issues described dynamic flow threshold value table to described switch.
Preferably, also include: receiving submodule 21 and judge module 22, described receiving submodule 21 and described sending module
15 communication connections, described receiving submodule 21 is electrically connected with described judge module 22, and the receiving submodule 21 of described switch is used
In receiving message, described judge module 22 is used for judging whether this switch has mated described dynamic flow threshold value table;
Sending submodule 23, described sending submodule 23 is electrically connected with described judge module 22, when this switch mates
Described dynamic flow threshold value table, then the described sending submodule 23 of described switch is for turning according to described dynamic flow threshold value table
Send out the message receiving;
When this switch does not mate described dynamic flow threshold value table, then the described sending submodule 23 of described switch is used for
Abandon forwarding the message receiving, and/or the message receiving is sent to controller.
As shown in Figure 7, Figure 8, according to another embodiment of the invention, a kind of flow control system based on sdn, bag
Include: acquisition module 10, for the reference information obtaining switch and the attribute information E-Packeting, described switch refers to:
When E-Packeting, all switches of being used;Or, all exchanges when E-Packeting, on message forwarding path
Machine;Preferably, described reference information includes: switch id, port number and port type, and wherein, described switch mac address can
Using the id as switch, port number not can exceed that 128;Described attribute information includes: parsing purpose ip, source ip and message class
Type, type of message includes arp, dhcp, http, ftp, tftp.
Enquiry module 12, whether described enquiry module 12 is electrically connected with described acquisition module 10, currently hit for inquiring about
Dynamic flow threshold value table.
Configuration module 13, described configuration module 13 is electrically connected with described enquiry module 12, for when miss dynamic flow
During threshold value table, then the reference information according to described switch, configure the default table of described flow threshold.
Generation module 14, described generation module 14 is electrically connected with described configuration module 13, according to report and do not mate
The message of dynamic flow threshold value table and the default table of described flow threshold, generate described dynamic flow threshold value table.
Sending module 15, described sending module 15 is electrically connected with described generation module 14, according to described dynamic flow threshold value
Table, issues described dynamic flow threshold value table to described switch.
Receiving submodule 21 and judge module 22, described receiving submodule 21 is electrically connected with described judge module 22, described
Receiving submodule 21 is communicated to connect with described sending module 15, and described receiving submodule 21 is used for described switch and receives message,
Described judge module 22 judges whether this switch has mated described dynamic flow threshold value table.
Judge module 22, is additionally operable to be equal to described peak threshold when the present flow rate threshold value in described dynamic flow threshold value table
When, described peak threshold can be 500mbps, determines whether that described message flow reaches the peak value of described present flow rate threshold value
Whether the persistent period exceedes time to peak;Described time to peak is default can be 30 seconds, and user can change.
Change module 24, for exceeding described time to peak (30 seconds) when described duration of peak value, then described current stream
Amount threshold value is replaced by described guarantee threshold value.When described duration of peak value is not less than described time to peak (30 seconds), then described work as
Front flow threshold is continuously described peak threshold.
Judge module 22, for when described present flow rate threshold value is equal to described guarantee threshold value, described guarantee threshold value is permissible
For 200mbps, determine whether that whether described message flow is not up to the described guarantee persistent period ensureing threshold value beyond guarantee
Time;The described guarantee time is default can be 30 seconds, and user can change.
Change module 24, described replacing module 24 is electrically connected with described judge module 22, for when described guarantee continues
Between without departing from described guarantee time (30 seconds), then described present flow rate threshold value reverts to described peak threshold.When described guarantee is held
The continuous time exceeds the described guarantee time (30 seconds), and described present flow rate threshold duration is described guarantee threshold value.
Judge module 22, is additionally operable to judge whether described message flow exceedes described present flow rate threshold value.
Sending submodule 23, described sending submodule 23 is electrically connected with described judge module 22, for when described message flow
Not less than described present flow rate threshold value, then described switchboard direct switches through and sends out message described amount.
Sending submodule 23, for exceeding described present flow rate threshold value when described message flow, then described switch speed limit
Forward described message to described present flow rate threshold value.
Sending submodule 23, when this switch does not mate described dynamic flow threshold value table, then described switch is abandoned forwarding
The message receiving, and/or the message receiving is sent to controller.
As shown in Fig. 9, Figure 10, Figure 11, according to another embodiment again of the present invention, a kind of flow-control based on sdn
Method, comprises the following steps:
S000, system initialization, start.S100, on the controller, configures sdn dynamic flow control algolithm.S200, friendship
Change planes and report the message not mating dynamic flow threshold value table and experimenter message.S300, controller are based on the report reporting
Literary composition and the default table of flow threshold generate dynamic flow threshold value table.S500, controller are based on dynamic flow threshold value table, purpose ip, source
Ip and forward-path issue flow table.S600, last switch carry out flow-control to flow.S700, end.
Controller should support the dynamic flow control algolithm configuration task sequence based on sdn, should include: dynamic flow threshold value
The default table of table, flow threshold and being opened or closed based on the dynamic flow control algolithm function of sdn.
S001, beginning.S310, sdn controller obtains experimenter message from switch, obtains switch id, end
Mouth number and port type.S320, sdn controller receives message from switch, parsing purpose ip, source ip and type of message, s400,
Then inquire about dynamic flow threshold value table.S410, judge whether switch hits dynamic flow threshold value table;S420, without life
In, according to the default table of flow threshold, after generating new dynamic flow threshold value table clause, go to step s510;Otherwise, directly go to
Step s510.S510 then according to corresponding entry obtain peak value hold time it is ensured that speed is held time, peak threshold and
Ensure threshold value.S520, finally acquisition message forwarding path, issue stream according to coupling entry to switches all on forward-path
Table.S710, end.
Privately owned dynamic flow threshold value table can the dynamic creation moment of experimenter message (switch report), user
Only can make an amendment:
S002, beginning.S610, sdn switch receives message, s620, judges whether to mate flow table, if s630 is not
Coupling, message is sent to controller.S640 is if it does, judge whether message flow exceedes threshold value.S650, without super
Cross threshold value, message normally forwards, if now threshold value is equal to guarantee threshold value, and within a certain period of time (when guaranteed rate maintains
Between, defaulting to 30 seconds) message rate never reaches guarantee threshold value, and threshold value will revert to peak threshold.S660 if it exceeds
Threshold value, speed limit, if now threshold value is equal to peak threshold, and within a certain period of time (peak value is held time, and defaults to 30 seconds)
Message rate particular up to peak threshold, go bail for card threshold value by threshold value.S720, end.
The default table of flow threshold is by user configuring:
The form of the privately owned extension experimenter message from sdn switch to controller is as shown below.
Experimenter value needs to organize application to onf for 255.Experimenter type value is shown to be from sdn switch for 1
Direction is to controller.Privately owned extension experimenter message reports controller by the sdn switch on forward-path.Exchange
Machine id is switch mac address, and port number (n) is the actual exchange port number of switch.Port type includes: 10m, 100m,
The port of 1g.
Sdn switch and controller need to support to expand flow table, and it is defined as follows shown in table:
It should be noted that above-described embodiment all can independent assortment as needed.The above is only the preferred of the present invention
Embodiment it is noted that for those skilled in the art, in the premise without departing from the principle of the invention
Under, some improvements and modifications can also be made, these improvements and modifications also should be regarded as protection scope of the present invention.
Claims (10)
1. a kind of flow control methods based on sdn are it is characterised in that comprise the following steps:
S10, obtain the attribute information of the reference information being used switch and message of E-Packeting;
Whether s20, inquiry currently hit dynamic flow threshold value table;
S30, when miss dynamic flow threshold value table, according to the configured default table of flow threshold, generate dynamic flow threshold value
Table;Otherwise, directly go to step s40;
S40, according to described dynamic flow threshold value table, issue described dynamic flow threshold value table to described switch.
2. the flow control methods based on sdn as claimed in claim 1 are it is characterised in that further comprising the steps of:
S50, described switch receive message, judge whether this switch has mated described dynamic flow threshold value table;
S60, when this switch has mated described dynamic flow threshold value table, then described switch is according to described dynamic flow threshold value table
Forward the message receiving;
S70, when this switch does not mate described dynamic flow threshold value table, then described switch is abandoned forwarding the message receiving,
And/or the message receiving is sent to controller.
3. the flow control methods based on sdn as claimed in claim 2 are it is characterised in that described step s60 is wrapped further
Include:
Guarantee threshold value in s61, the message flow according to described message, and described dynamic flow threshold value table, guarantee time, peak
Value threshold value and time to peak, judge whether the present flow rate threshold value in described dynamic flow threshold value table meets replacing condition;
S62, when described present flow rate threshold value meets replacing condition, then change described present flow rate threshold value be described guarantee threshold value or
After peak threshold, described guarantee threshold value is less than described peak threshold, jumps to step s63;Otherwise, jump directly to step s63;
S63, judge whether described message flow exceedes described present flow rate threshold value;
S64, exceed described present flow rate threshold value when described message flow, then described switch speed limit is to described present flow rate threshold value
Forward described message;
S65, when described message flow is not less than described present flow rate threshold value, then described switchboard direct switches through and sends out message described.
4. the flow control methods based on sdn as claimed in claim 3 are it is characterised in that described step s61 is wrapped further
Include:
S611, when described present flow rate threshold value be equal to described peak threshold when, judge that described message flow reaches described current stream
Whether the duration of peak value of amount threshold value exceedes described time to peak;
Described step s62 further includes:
S621, when described duration of peak value exceedes described time to peak, then described present flow rate threshold value is replaced by described guarantee
Threshold value;
Described step s63 further includes:
S631, when described duration of peak value is not less than described time to peak, then described present flow rate threshold duration is described peak
Value threshold value.
5. the flow control methods based on sdn as claimed in claim 3 are it is characterised in that described step s61 is wrapped further
Include:
S612, when described present flow rate threshold value be equal to described guarantee threshold value when, determine whether that described message flow is not up to institute
State and ensure whether the guarantee persistent period of threshold value exceeds the guarantee time;
Described step s62 further includes:
S622, when described guarantee the persistent period exceed the described guarantee time, then described present flow rate threshold value revert to described peak value
Threshold value;
Described step s63 further includes:
S632, when the described guarantee persistent period is without departing from the described guarantee time, described present flow rate threshold duration is described guarantee
Threshold value.
6. the flow control methods based on sdn as described in any one in Claims 1 to 5 are it is characterised in that described step
S30 further includes:
The attribute information of s31, the reference information according to described switch and described message, configures described flow threshold default
Table;
S32, basis report message and the default table of described flow threshold not mating described dynamic flow threshold value table, generate
Described dynamic flow threshold value table.
7. the flow control methods based on sdn as described in any one in Claims 1 to 5 it is characterised in that:
Described reference information includes: switch id, port number and port type, and described attribute information includes: parsing purpose ip, source
Ip and type of message.
8. a kind of flow-control applied in the flow control methods based on sdn as described in any one in claim 1~7
System is it is characterised in that include:
Acquisition module, for obtaining the attribute information of the E-Packet reference information being used switch and message;
Enquiry module, described enquiry module is electrically connected with described acquisition module, currently whether hits dynamic flow threshold for inquiring about
Value table;
Generation module, described generation module is electrically connected with described enquiry module, for when miss dynamic flow threshold value table, root
According to the configured default table of flow threshold, generate dynamic flow threshold value table;
Sending module, described sending module is electrically connected with described generation module, for according to described dynamic flow threshold value table, to institute
State switch and issue described dynamic flow threshold value table.
9. the flow control system based on sdn as claimed in claim 8 is it is characterised in that also include:
Receiving submodule and judge module, described receiving submodule and described sending module communication connection, described receiving submodule
Electrically connect with described judge module, the receiving submodule of described switch is used for receiving message, described judge module is used for judging
Whether this switch has mated described dynamic flow threshold value table;
Sending submodule, described sending submodule is electrically connected with described judge module, when this switch has mated described dynamic stream
Amount threshold value table, then the described sending submodule of described switch is for forwarding, according to described dynamic flow threshold value table, the report receiving
Literary composition;
When this switch does not mate described dynamic flow threshold value table, then the described sending submodule of described switch is used for abandoning turning
Send out the message receiving, and/or the message receiving is sent to controller.
10. the flow control system based on sdn as claimed in claim 9 is it is characterised in that also include:
Described judge module, is additionally operable to the guarantee in the message flow according to described message, and described dynamic flow threshold value table
Threshold value, guarantee time, peak threshold and time to peak, judge whether the present flow rate threshold value in described dynamic flow threshold value table is full
Foot changes condition;
Change module, for meeting replacing condition when described present flow rate threshold value, then it is described for changing described present flow rate threshold value
After ensureing threshold value or peak threshold, described guarantee threshold value is less than described peak threshold;
Described judge module, is additionally operable to judge whether described message flow exceedes described present flow rate threshold value;
When described message flow is not less than described present flow rate threshold value, then the described sending submodule of described switch is for directly
Forward described message;
When described message flow exceedes described present flow rate threshold value, then the described sending submodule of described switch is used for speed limit extremely
Described present flow rate threshold value forwards described message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610710701.3A CN106341335A (en) | 2016-08-23 | 2016-08-23 | Traffic control method and traffic control system based on SDN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610710701.3A CN106341335A (en) | 2016-08-23 | 2016-08-23 | Traffic control method and traffic control system based on SDN |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106341335A true CN106341335A (en) | 2017-01-18 |
Family
ID=57825689
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610710701.3A Pending CN106341335A (en) | 2016-08-23 | 2016-08-23 | Traffic control method and traffic control system based on SDN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106341335A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108235804A (en) * | 2017-12-27 | 2018-06-29 | 深圳前海达闼云端智能科技有限公司 | A kind of network speed limit method, device and server |
| CN109587167A (en) * | 2018-12-28 | 2019-04-05 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of Message processing |
| CN111092750A (en) * | 2019-11-22 | 2020-05-01 | 苏州浪潮智能科技有限公司 | Switch management network system and white box switch based on intelligent monitoring |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103873381A (en) * | 2014-03-25 | 2014-06-18 | 安一恒通(北京)科技有限公司 | Network flow rate limiting method and device |
| CN103973599A (en) * | 2014-04-25 | 2014-08-06 | 中国科学院计算技术研究所 | Channel allocation method and device based on OpenFlow |
| CN104158800A (en) * | 2014-07-21 | 2014-11-19 | 南京邮电大学 | Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN) |
| CN104301248A (en) * | 2014-10-31 | 2015-01-21 | 杭州华三通信技术有限公司 | Message rate limiting method and device |
| CN104506531A (en) * | 2014-12-19 | 2015-04-08 | 上海斐讯数据通信技术有限公司 | Security defending system and security defending method aiming at flow attack |
| CN105357146A (en) * | 2015-10-21 | 2016-02-24 | 北京交通大学 | Saturation attack defending method, device and system of buffer queue in outlet gateway |
-
2016
- 2016-08-23 CN CN201610710701.3A patent/CN106341335A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103873381A (en) * | 2014-03-25 | 2014-06-18 | 安一恒通(北京)科技有限公司 | Network flow rate limiting method and device |
| CN103973599A (en) * | 2014-04-25 | 2014-08-06 | 中国科学院计算技术研究所 | Channel allocation method and device based on OpenFlow |
| CN104158800A (en) * | 2014-07-21 | 2014-11-19 | 南京邮电大学 | Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN) |
| CN104301248A (en) * | 2014-10-31 | 2015-01-21 | 杭州华三通信技术有限公司 | Message rate limiting method and device |
| CN104506531A (en) * | 2014-12-19 | 2015-04-08 | 上海斐讯数据通信技术有限公司 | Security defending system and security defending method aiming at flow attack |
| CN105357146A (en) * | 2015-10-21 | 2016-02-24 | 北京交通大学 | Saturation attack defending method, device and system of buffer queue in outlet gateway |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108235804A (en) * | 2017-12-27 | 2018-06-29 | 深圳前海达闼云端智能科技有限公司 | A kind of network speed limit method, device and server |
| CN108235804B (en) * | 2017-12-27 | 2021-12-31 | 达闼机器人有限公司 | Network speed limiting method and device and server |
| CN109587167A (en) * | 2018-12-28 | 2019-04-05 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of Message processing |
| CN111092750A (en) * | 2019-11-22 | 2020-05-01 | 苏州浪潮智能科技有限公司 | Switch management network system and white box switch based on intelligent monitoring |
| CN111092750B (en) * | 2019-11-22 | 2022-12-27 | 苏州浪潮智能科技有限公司 | Switch management network system and white box switch based on intelligent monitoring |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105337857B (en) | A kind of multi-path transmission method based on software defined network | |
| CN105100142B (en) | The transfer control method and device of software defined network protocol massages | |
| EP2974133B1 (en) | Method and system for controlling an underlying physical network by a software defined network | |
| CN103001887B (en) | A kind of link keep-alive method, controller and interchanger | |
| CN105357046A (en) | Network information detection method for software defined networking (SDN) | |
| EP3253025A1 (en) | Sdn-based ddos attack prevention method, device and system | |
| CN106789637B (en) | Cross-domain service intercommunication path establishment method, controller and system | |
| US11489836B2 (en) | Method, apparatus, and system for collecting access control list | |
| CN108123873A (en) | Data forwarding paths selection method and device, storage medium, server-side | |
| CN104202314B (en) | A kind of method and device for preventing DDOS attack | |
| CN104980368A (en) | Bandwidth guarantee method and apparatus in software defined network (SDN) | |
| CN106341335A (en) | Traffic control method and traffic control system based on SDN | |
| US10805169B2 (en) | Topology determining method, message response method, controller, and switch | |
| WO2015081551A1 (en) | Method, device and system for implementing packet routing in network | |
| CN105227393A (en) | A kind of bidirectional forwarding detection (BFD) method | |
| CN102164083B (en) | The method for refreshing of token bucket and device | |
| EP3025459B1 (en) | Probe routing in a network | |
| CN102761451A (en) | Improved single loop redundancy backup implementation based on rapid spanning tree protocol (RSTP) | |
| EP2824875B1 (en) | Information receiving and sending methods and apparatuses | |
| US10305811B2 (en) | Control apparatus, communication system, communication node control method, and program | |
| CN107484227A (en) | A kind of more focus control communication means of wifi networkings | |
| WO2014019196A1 (en) | Topology information processing method and device | |
| Yau et al. | Comparative performance evaluation of RIP with OSPF routing protocol | |
| CN106330706A (en) | Method and device for acquiring device interface MRU (Maximum Receive Unit) value | |
| KR101589553B1 (en) | Method and apparatus for controlling bandwidth for quality of service in software defined network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170118 |
|
| WD01 | Invention patent application deemed withdrawn after publication |