CN108650154B - Flow control method and device - Google Patents

Flow control method and device Download PDF

Info

Publication number
CN108650154B
CN108650154B CN201810700031.6A CN201810700031A CN108650154B CN 108650154 B CN108650154 B CN 108650154B CN 201810700031 A CN201810700031 A CN 201810700031A CN 108650154 B CN108650154 B CN 108650154B
Authority
CN
China
Prior art keywords
flow table
data message
address
vpn
network element
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810700031.6A
Other languages
Chinese (zh)
Other versions
CN108650154A (en
Inventor
宋小恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201810700031.6A priority Critical patent/CN108650154B/en
Publication of CN108650154A publication Critical patent/CN108650154A/en
Application granted granted Critical
Publication of CN108650154B publication Critical patent/CN108650154B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a flow control method and a device, wherein the method comprises the following steps: receiving a first-level flow table and a second-level flow table sent by an SDN controller; when a data message is received, according to an incoming interface of the data message and a hit first-level flow table, corresponding Metadata is appointed so that the Metadata indicates the incoming direction of the data message; and according to the hit second-stage flow table and the output interface appointed by the second-stage flow table, appointing a corresponding speed-counting Meter table so that the Meter table records the statistical information of the data messages from different input directions in the output direction corresponding to the output interface. This enables accurate statistics of the flow rate based on the direction.

Description

Flow control method and device
Technical Field
The present invention relates to the field of network communications, and in particular, to a flow control method and apparatus.
Background
Software Defined Networking (SDN) is a new Network innovation architecture that implements flexible control of Network traffic by separating the control plane and forwarding plane of Network devices.
The SDN controller sets a maximum allowed bandwidth for each type of flow according to a pre-customized bandwidth allocation principle, and issues a speed-metering Meter table for monitoring the flow to the switch equipment, wherein the maximum allowed bandwidth corresponding to the flow is limited in the Meter table. The switch device counts the total amount of all traffic bandwidths passing through the switch device in the incoming direction according to a Meter table issued by the SDN controller, and when the counted value exceeds the maximum allowed bandwidth limited by the Meter table, the switch device discards the traffic exceeding the maximum allowed bandwidth.
Therefore, the switch device cannot count the total bandwidth of all traffic passing through the switch device, and thus cannot accurately count the traffic.
Disclosure of Invention
In view of this, the present invention provides a flow control method and device, so as to solve the problem in the prior art that the flow cannot be accurately counted.
According to an aspect of the present invention, there is provided a traffic control method, which is applied to a Software Defined Network (SDN) network element device, and the method includes:
receiving a first-level flow table and a second-level flow table sent by an SDN controller;
when a data message is received, according to an incoming interface of the data message and a hit first-level flow table, corresponding Metadata is appointed so that the Metadata indicates the incoming direction of the data message;
and according to the hit second-stage flow table and the output interface appointed by the second-stage flow table, appointing a corresponding speed-counting Meter table so that the Meter table records the statistical information of the data messages from different input directions in the output direction corresponding to the output interface.
According to another aspect of the present invention, there is provided a flow control device including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
the above-described flow control method is performed.
The technical scheme provided by the embodiment of the invention can have the following beneficial effects: the method comprises the steps of determining the incoming direction of a data message according to the incoming interface of the data message and a hit first-stage flow table, determining the outgoing direction of the data message according to a hit second-stage flow table and an outgoing interface designated by the second-stage flow table, and recording the total amount of all traffic bandwidths passing through SDN network element equipment in the incoming direction and the outgoing direction through a Meter table, so that the traffic can be accurately counted.
Other features and aspects of the present invention will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features, and aspects of the invention and, together with the description, serve to explain the principles of the invention.
Fig. 1 is a flow chart illustrating a method of flow control according to an example embodiment.
Fig. 2 is a schematic diagram of an SDN network according to an embodiment of the present invention.
Fig. 3 is a block diagram illustrating a hardware configuration of a flow control device according to an exemplary embodiment.
Detailed Description
Various exemplary embodiments, features and aspects of the present invention will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present invention. It will be understood by those skilled in the art that the present invention may be practiced without some of these specific details. In some instances, methods, procedures, components, and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present invention.
In the related art, the switch device counts the total amount of all traffic bandwidths passing through the switch device in the incoming direction according to a Meter table issued by an SDN controller, however, when the counted value exceeds the maximum allowed bandwidth defined by the Meter table, the switch device discards the traffic exceeding the maximum allowed bandwidth, so that the switch device cannot count the total amount of all traffic bandwidths passing through the switch device in the incoming direction, and thus cannot accurately count the traffic.
According to the technical scheme of the embodiment of the invention, the incoming direction of a data message is determined according to the incoming interface of the data message and a hit first-level flow table, the outgoing direction of the data message is determined according to a hit second-level flow table and an outgoing interface specified by the second-level flow table, and the total number of all flow bandwidths passing through SDN network element equipment in the incoming direction and the outgoing direction is recorded through a Meter table. Therefore, the method and the device expand the actual message output counting function of the Meter, wherein the actual message output counting function means counting the total amount of all the flow bandwidths passing through the SDN network element equipment in the direction, so that the Meter not only counts the total amount of all the flow bandwidths passing through the SDN network element equipment in the direction, but also counts the total amount of all the flow bandwidths passing through the SDN network element equipment in the direction, and the flow can be accurately counted.
The embodiments of the present invention will be explained below with reference to the drawings attached to the specification.
Fig. 1 is a flow chart illustrating a method of flow control according to an example embodiment. The flow control method may be applied to a network element device in an SDN network (i.e., an SDN network element device, such as a switch device). As shown in fig. 1, the flow control method may include the following steps.
In step S110, a first-level flow table and a second-level flow table sent by the SDN controller are received.
In this embodiment, the SDN controller may send, to the SDN network element device, a multi-stage flow table, where the multi-stage flow table includes a first-stage flow table and a second-stage flow table, and the SDN network element device may locally store the received first-stage flow table and the received second-stage flow table.
In step S130, when the data packet is received, the corresponding Metadata is specified according to the incoming interface of the data packet and the hit first-level flow table, so that the Metadata indicates the incoming direction of the data packet.
In this embodiment, when the SDN network element device receives a data packet, the SDN network element device records an interface for receiving the data packet, where the interface may be referred to as an input interface of the data packet. It can be understood that the SDN network element device may receive a data packet sent by the user side device or another SDN network element device, and a tunnel is not established between the user side device and the SDN network element device, but a tunnel is established between the SDN network element device and another SDN network element device. Therefore, when the SDN network element device receives a data packet sent by the user side device, an input interface of the data packet is not a tunnel interface. When the SDN network element equipment receives data messages sent by other SDN network element equipment, an input interface of the data messages is a tunnel interface. The user side device is, for example, a virtual machine or a service server.
The first-level flow table includes a matching entry and an action entry, wherein the action entry is to specify a corresponding Metadata and jump to the second-level flow table. After the SDN network element device receives the data packet, the SDN network element device may match the data packet with a matching entry of the first-stage flow table, if the data packet matches with the matching entry of the first-stage flow table, the data packet hits the first-stage flow table, and the SDN network element device specifies Metadata of the first-stage flow table according to an ingress interface of the data packet. Otherwise, if the data message is not matched with the matching item of the first-level flow table, the data message does not hit the first-level flow table, and the SDN network element device forwards the data message according to the destination address carried by the data message.
Metadata has bits representing the tunnel termination identity of the data message, which bits characterize the source of the data message. In one implementation, in the case of hitting the first-stage flow table, if an incoming interface of the data packet is a tunnel portal, the SDN network element device may determine that the data packet is from a tunnel side, that is, an incoming direction of the data packet is the tunnel side, and the SDN network element device uses a position bit indicating a tunnel termination identifier of the data packet. On the contrary, if the ingress interface of the data packet is a common non-tunnel interface, the SDN network element device may determine that the data packet is from the user side, that is, the ingress direction of the data packet is the user side, and the SDN network element device does not use the position bit of the tunnel termination identifier indicating the data packet.
In step S150, according to the hit second-level flow table and the exit interface specified by the second-level flow table, a corresponding speed-counting Meter table is specified, so that the Meter table records statistical information of data packets from different entry directions in the exit direction corresponding to the exit interface.
In this embodiment, the second-stage flow table includes a matching entry and an action entry, where the action entry specifies a corresponding Meter table. And the SDN network element equipment matches the data message with the matching item of the second-level flow table, if the data message is matched with the matching item of the second-level flow table, the data message hits the second-level flow table, and the SDN network element equipment specifies a Meter table according to an outlet interface specified by the second-level flow table. Otherwise, if the data message is not matched with the matching item of the second-level flow table, the data message does not hit the second-level flow table, and the SDN network element device forwards the data message according to the destination address carried by the data message.
The egress interface specified by the second stage flow table may be a tunnel or a normal non-tunnel. If the output interface specified by the second-level flow table is a tunnel interface, the SDN network element device forwards the data packet to other SDN network element devices, and if the output interface specified by the second-level flow table is a common non-tunnel interface, the SDN network element device forwards the data packet to the user side device. Thus, the egress interface characterizes the destination of the data packet.
In this embodiment, the Meter table records the statistical information of the outgoing direction corresponding to the outgoing interface of the data packet from different incoming directions, so that the embodiment of the present invention extends the function of the Meter table, which enables the SDN network element device to count not only the total amount of traffic bandwidths passing through the SDN network element device in all incoming directions but also the total amount of traffic bandwidths passing through the SDN network element device in all outgoing directions according to the Meter table.
Therefore, in the embodiment of the present invention, the ingress direction of the data packet is determined according to the ingress interface of the data packet and the hit first-stage flow table, the egress direction of the data packet is determined according to the hit second-stage flow table and the egress interface specified by the second-stage flow table, and the total amount of all traffic bandwidths passing through the SDN network element device in the ingress direction and the egress direction is recorded by the Meter table, so that the traffic can be accurately counted.
In one implementation, the information recorded by the Meter table specified by the SDN network element device includes ingress direction traffic and egress direction traffic information, where the ingress direction traffic represents a total amount of traffic bandwidth that all ingress directions pass through the SDN network element device, the egress direction traffic represents a total amount of traffic bandwidth that all ingress directions pass through the SDN network element device,
the flow control method may further include:
and calculating the distribution of each type of flow according to the flow in the direction and the flow out of the direction recorded by the Meter table.
The incoming direction refers to that a message is sent to SDN network element equipment, and the outgoing direction refers to that the message is sent by the SDN network element equipment.
In this embodiment, the SDN network element device determines the type of the traffic according to the hit first-level flow table and second-level flow table, and the ingress interface and egress interface of the data packet, and counts the total bandwidth of the traffic of the type passing through the SDN network element device in the ingress direction and the egress direction according to the Meter table, so that accurate statistics based on the traffic type can be performed.
Specifically, the traffic types may include, but are not limited to:
(1) the flow of the same link layer network in different directions;
(2) the flows of different link layer networks in different directions of the same Virtual Private cloud (VPC for short);
(3) different directions of flow for different VPCs; and
(4) traffic in different directions for the inner and outer networks.
Wherein, the traffic in different directions includes but is not limited to tenant traffic, and local traffic.
Figure 2 is a schematic diagram of an SDN network. As shown in fig. 2, the SDN network includes: SDN controller, GW, extranet client, SW1, SW2, VM100, VM101, VM110, VM120, VM200, VM210, and VM 220. Wherein, GW is a gateway device, a Media Access Control (MAC) address of GW is GW _ MAC, SW1 and SW2 are Access devices, SW1, SW2 and GW establish a tunnel, for example, a Virtual Extensible local area network (VXLAN) tunnel.
VM100, VM101, VM110, VM120, VM200, VM210, and VM220 are Virtual Machines (VM), which may access extranet clients through access devices and gateways, or may access other Virtual machines through access devices. SW1 is accessible to VM100, VM101, VM110, and VM120, and SW2 is accessible to VM200, VM210, and VM 220.
The SDN network comprises a subnet 1, a subnet 2 and a subnet 3, wherein the subnet 1 comprises VM100, VM101 and VM200, the subnet 2 comprises VM110 and VM210, the subnet 3 comprises VM120 and VM220, the subnet 1 and the subnet 2 belong to VPC1, a virtual private network Identifier (VPN ID for short) corresponding to the subnet 1 and the subnet 2 is VPN1, the subnet 3 belongs to VPC2, and a VPN ID corresponding to the subnet 3 is VPN 2. Thus, the identification of the VPNs to which VM100, VM101, VM110, VM200, and VM210 belong is VPN1, and the identification of the VPNs to which VM120 and VM220 belong is VPN 2.
The MAC address of VM100 is MAC100 and the IP address is IP100, the MAC address of VM101 is MAC101 and the IP address is IP101, the MAC address of VM200 is MAC200 and the IP address is IP200, the MAC address of VM110 is MAC110 and the IP address is IP110, the MAC address of VM210 is MAC210 and the IP address is IP210, the MAC address of VM120 is MAC120 and the IP address is IP120, the MAC address of VM220 is MAC220 and the IP address is IP 220. The IP address of the external network Client is Client _ IP, and the external network IP address distributed by the data center is EX _ IP.
For convenience of description, the following specifically describes the above embodiments by taking SW1 and SW2 in the SDN network shown in fig. 2 as SDN network element devices and VM100, VM101, VM110, VM120, VM200, VM210, and VM220 as user-side devices.
For the above (1), a source address included in a matching entry of the first-stage flow table is an MAC address of a first user-side device accessing the SDN network element device, a VPN ID included in a matching entry of the first-stage flow table is an identifier of a VPN to which the first user-side device belongs, the matching entry of the second-stage flow table further includes an identifier of a VPN to which the first user-side device belongs, and a destination address is an MAC address of a second user-side device to be accessed by the first user-side device.
In this embodiment, the matching entry of the first-stage flow table includes an identifier of a VPN to which the first user-side device belongs and a MAC address of the first user-side device, and the action entry of the first-stage flow table is to specify Metadata and to jump to the second-stage flow table. The matching item of the second-level flow table comprises Metadata, the identifier of the VPN to which the first user side equipment belongs and the MAC address of the second user side equipment.
When the received data message hits the first-stage flow table and the second-stage flow table, the SDN network element device determines whether an output interface specified by the second-stage flow table is a tunnel interface. And if the output interface specified by the second-level flow table is a tunnel port, the SDN network element equipment specifies a Meter table for counting the flow information of the tenant-entering flow of the same link layer network for the data message. Illustratively, the identification of this Meter table is Meter 11.
And if the output interface specified by the second-stage flow table is a common non-tunnel interface, the SDN network element device further determines whether a bit of Metadata representing a tunnel termination identifier of the data message is set. And if the position of the Metadata, which represents the tunnel termination identifier of the data message, is set, the SDN network element equipment designates a Meter table for counting the flow information of the tenant flow of the same link layer network for the data message. Illustratively, the identification of this Meter table is Meter 12. And if the bit of the Metadata, which represents the tunnel termination identifier of the data message, is not set, the SDN network element equipment specifies a Meter table for counting the flow information of the local flow of the same link layer network for the data message. Illustratively, the identification of this Meter table is Meter 13.
For example, for the SDN network shown in fig. 2, when VM100 accesses VM101, SW1 receives a data packet sent by VM100, SW1 may determine that the data packet is received from a normal non-tunnel port, and therefore, at this time, a bit of Metadata representing a tunnel termination identifier of the data packet is not set, SW1 determines that VPN1 and MAC100 carried by the data packet hit a first-stage flow table, SW1 determines that VPN1 and MAC101 hit a second-stage flow table, and an egress interface specified by the second-stage flow table is a normal non-tunnel port, and therefore SW1 specifies a Meter table identified as Meter13 for the data packet. Similarly, when VM101 responds to VM100, SW1 specifies a Meter table for the data message identified as Meter 13.
When the VM100 accesses the VM200, the SW1 receives a data packet sent by the VM200, the SW1 can determine that the data packet is received from a normal non-tunnel port, and therefore, the bit of Metadata representing the tunnel termination identifier of the data packet is not set at this time, the SW1 determines that the VPN1 and the MAC100 carried by the data packet hit the first-level flow table, the SW1 determines that the VPN1 and the MAC200 hit the second-level flow table, and the egress interface specified by the second-level flow table is a tunnel port, and therefore, the SW1 specifies a Meter table identified as the Meter11 for the data packet.
When the VM200 answers the VM100, the SW1 receives the data packet forwarded by the SW2, the SW1 can determine that the data packet is received from the tunnel port, and therefore, at this time, the bit of Metadata representing the tunnel termination identifier of the data packet is set, the SW1 determines that the VPN1 and the MAC200 hit the first-stage flow table, the SW1 determines that the VPN1 and the MAC100 carried by the data packet hit the second-stage flow table, and the egress interface specified by the second-stage flow table is a normal non-tunnel port, and therefore, the SW1 specifies a Meter table identified as Meter12 for the data packet.
For the above (2), the source address included in the matching entry of the first-stage flow table is the MAC address of the gateway connected to the SDN network element device and the IP address of the first user-side device, the VPN ID included in the matching entry of the first-stage flow table is the identifier of the VPN to which the first user-side device belongs, the matching entry of the second-stage flow table further includes the identifier of the VPN to which the first user-side device belongs, and the destination address is the MAC address of the second user-side device.
In this embodiment, the matching item of the first-stage flow table includes an identifier of a VPN to which the first user-side device belongs, a MAC address of a gateway, and an IP address of the first user-side device, and the action item of the first-stage flow table is to specify Metadata and to jump to the second-stage flow table. The matching item of the second-level flow table comprises Metadata, the identifier of the VPN to which the first user side equipment belongs and the MAC address of the second user side equipment.
When the received data message hits the first-stage flow table and the second-stage flow table, the SDN network element device determines whether an output interface specified by the second-stage flow table is a tunnel interface. And if the output interface specified by the second-level flow table is a tunnel port, the SDN network element equipment specifies a Meter table for counting flow information of the tenant-in flow of different link layer networks and the same VPC for the data message. Illustratively, the identification of this Meter table is Meter 21. And if the output interface specified by the second-stage flow table is a common non-tunnel interface, the SDN network element device further determines whether a bit of Metadata representing a tunnel termination identifier of the data message is set. If the position of the Metadata, which represents the tunnel termination identifier of the data message, is set, the SDN network element equipment specifies a Meter table for counting the flow information of the lessor flows of different link layer networks and the same VPC for the data message. Illustratively, the identification of this Meter table is Meter 22. And if the bit of the Metadata, which represents the tunnel termination identifier of the data message, is not set, the SDN network element equipment specifies a Meter table for counting the flow information of the local flow of different link layer networks and the same VPC for the data message. Illustratively, the identification of this Meter table is Meter 23.
Optionally, as for the above (2), a source address included in the matching entry of the first-stage flow table is an MAC address of the first user-side device, a VPN ID included in the matching entry of the first-stage flow table is an identifier of a VPN to which the first user-side device belongs, then the matching entry of the second-stage flow table further includes an identifier of a VPN to which the first user-side device belongs, and a destination address is an MAC address of a gateway connected to the SDN network element device and an IP address of the second user-side device.
In this embodiment, the matching entry of the first-stage flow table includes an identifier of a VPN to which the first user-side device belongs and a MAC address of the first user-side device, and the action entry of the first-stage flow table is a specified Metadata and is jumped to the second-stage flow table. The matching item of the second-level flow table comprises Metadata, the identifier of the VPN to which the first user side equipment belongs, the MAC address of the gateway and the IP address of the second user side equipment.
When the received data message hits the first-stage flow table and the second-stage flow table, the SDN network element device determines whether an output interface specified by the second-stage flow table is a tunnel interface. And if the output interface specified by the second-level flow table is a tunnel port, the SDN network element equipment specifies a Meter table for counting flow information of the tenant-in flow of different link layer networks and the same VPC for the data message. Illustratively, the identification of this Meter table is Meter 21. And if the output interface specified by the second-stage flow table is a common non-tunnel interface, the SDN network element device further determines whether a bit of Metadata representing a tunnel termination identifier of the data message is set. If the position of the Metadata, which represents the tunnel termination identifier of the data message, is set, the SDN network element equipment specifies a Meter table for counting the flow information of the lessor flows of different link layer networks and the same VPC for the data message. Illustratively, the identification of this Meter table is Meter 22. And if the bit of the Metadata, which represents the tunnel termination identifier of the data message, is not set, the SDN network element equipment specifies a Meter table for counting the flow information of the local flow of different link layer networks and the same VPC for the data message. Illustratively, the identification of this Meter table is Meter 23.
For example, for the SDN network shown in fig. 2, when VM100 accesses VM210, SW1 receives a data packet sent by VM100, SW1 may determine that the data packet is received from a normal non-tunnel port, and therefore, at this time, a bit of Metadata representing a tunnel termination identifier of the data packet is not set, SW1 determines that VPN1 and MAC100 carried by the data packet hit a first-stage flow table, SW1 determines that VPN1, GW _ MAC, and IP210 hit a second-stage flow table, and an egress interface specified by the second-stage flow table is a tunnel port, and therefore SW1 specifies a Meter table identified as Meter21 for the data packet.
When the VM210 answers the VM100, the SW1 receives the data packet forwarded by the SW2, the SW1 can determine that the data packet is received from the tunnel port, and therefore, at this time, the bit of Metadata representing the tunnel termination identifier of the data packet is set, the SW1 determines that the VPN1 and the MAC200 carried by the data packet hit the first-stage flow table, the SW1 determines that the VPN1, the GW _ MAC, and the IP100 hit the second-stage flow table, and the egress interface specified by the second-stage flow table is a normal non-tunnel port, and therefore, the SW1 specifies a Meter table identified as the Meter22 for the data packet.
For the above (3), the source address included in the matching entry of the first-stage flow table is the MAC address of the gateway connected to the SDN network element device and the external network IP address allocated to the data center, the VPN ID included in the matching entry of the first-stage flow table is the identifier of the VPN to which the first user-side device belongs, the matching entry of the second-stage flow table further includes the identifier of the VPN to which the first user-side device belongs, and the destination address is the MAC address of the second user-side device.
In this embodiment, the matching entry of the first-stage flow table includes an identifier of a VPN to which the first user-side device belongs, a MAC address of a gateway, and an external network IP address allocated by the data center, and the action entry of the first-stage flow table is to specify Metadata and to jump to the second-stage flow table. The matching item of the second-level flow table comprises Metadata, the identifier of the VPN to which the first user side equipment belongs and the MAC address of the second user side equipment.
When the received data message hits the first-stage flow table and the second-stage flow table, the SDN network element device determines whether an output interface specified by the second-stage flow table is a tunnel interface. And if the output interface specified by the second-stage flow table is a tunnel interface, the SDN network element equipment specifies a Meter table for counting flow information of the tenant-in flow of different VPCs for the data message. Illustratively, the identification of this Meter table is Meter 31. And if the output interface specified by the second-stage flow table is a common non-tunnel interface and the bit of the Metadata, which represents the tunnel termination identifier of the data message, is set, the SDN network element equipment specifies a Meter table for counting the flow information of the tenant flows of different VPCs for the data message. Illustratively, the identification of this Meter table is Meter 32.
Optionally, as for the above (3), a source address included in the matching entry of the first-stage flow table is an MAC address of the first user-side device, a VPN ID included in the matching entry of the first-stage flow table is an identifier of a VPN to which the first user-side device belongs, and then the matching entry of the second-stage flow table further includes an identifier of a VPN to which the first user-side device belongs, and a destination address is an MAC address of a gateway connected to the SDN network element device and an external network IP address allocated by the data center.
In this embodiment, the matching entry of the first-stage flow table includes an identifier of a VPN to which the first user-side device belongs and a MAC address of the first user-side device, and the action entry of the first-stage flow table is a specified Metadata and is jumped to the second-stage flow table. The matching item of the second-level flow table comprises Metadata, the identifier of the VPN to which the first user side device belongs, the MAC address of the gateway and the external network IP address allocated by the data center.
When the received data message hits the first-stage flow table and the second-stage flow table, the SDN network element device determines whether an output interface specified by the second-stage flow table is a tunnel interface. And if the output interface specified by the second-stage flow table is a tunnel interface, the SDN network element equipment specifies a Meter table for counting flow information of the tenant-in flow of different VPCs for the data message. Illustratively, the identification of this Meter table is Meter 31. And if the output interface specified by the second-stage flow table is a common non-tunnel interface and the bit of the Metadata, which represents the tunnel termination identifier of the data message, is set, the SDN network element equipment specifies a Meter table for counting the flow information of the tenant flows of different VPCs for the data message. Illustratively, the identification of this Meter table is Meter 32.
For example, for the SDN network shown in fig. 2, when VM100 accesses VM220, SW1 receives a data packet sent by VM100, SW1 may determine that the data packet is received from a normal non-tunnel port, and therefore, at this time, a bit of Metadata representing a tunnel termination identifier of the data packet is not set, SW1 determines that VPN1 and MAC100 carried by the data packet hit a first-stage flow table, SW1 determines that VPN1, GW _ MAC, and EX _ IP hit a second-stage flow table, and an egress interface specified by the second-stage flow table is a tunnel port, and therefore SW1 specifies a Meter table identified as Meter31 for the data packet.
When VM220 answers VM100, SW1 receives the data packet forwarded by SW2, SW1 can determine that the data packet is received from the tunnel port, and therefore, at this time, the bit of Metadata representing the tunnel termination identifier of the data packet is set, SW1 determines that VPN1 and MAC220 hit the first-stage flow table, SW1 determines that VPN1, GW _ MAC, and EX _ IP carried by the data packet hit the second-stage flow table, and the egress interface specified by the second-stage flow table is a normal non-tunnel port, and therefore SW1 specifies the Meter table identified as Meter32 for the data packet.
For the above (4), the source address included in the matching entry of the first-stage flow table is the MAC address and the default routing address (e.g., 0.0.0.0) of the gateway connected to the SDN network element device, the VPN ID included in the matching entry of the first-stage flow table is the identifier of the VPN to which the first user-side device belongs, the matching entry of the second-stage flow table further includes the identifier of the VPN to which the first user-side device belongs, and the destination address is the MAC address of the first user-side device.
In this embodiment, the matching item of the first-stage flow table includes an identifier of a VPN to which the first user-side device belongs, a MAC address of a gateway, and a default routing address, and the action item of the first-stage flow table is a specified Metadata and is jumped to the second-stage flow table. The matching item of the second-stage flow table comprises Metadata, the identifier of the VPN to which the first user side equipment belongs and the MAC address of the first user side equipment.
When the received data message hits the first-stage flow table and the second-stage flow table, the SDN network element device determines whether an output interface specified by the second-stage flow table is a tunnel interface. And if the output interface specified by the second-stage flow table is a tunnel port, the SDN network element equipment specifies a Meter table for counting the flow information of the tenant-in flow of the internal network and the external network for the data message. Illustratively, the identification of this Meter table is Meter 41. And if the output interface specified by the second-stage flow table is a common non-tunnel interface and the bit of the Metadata representing the tunnel termination identifier of the data message is set, the SDN network element equipment specifies a Meter table for counting the flow information of the taxi flow of the internal and external networks for the data message. Illustratively, the identification of this Meter table is Meter 42.
Optionally, as for the above (4), a source address included in the matching entry of the first-stage flow table is an MAC address of the first user-side device, a VPN ID included in the matching entry of the first-stage flow table is an identifier of a VPN to which the first user-side device belongs, then the matching entry of the second-stage flow table further includes an identifier of a VPN to which the first user-side device belongs, a destination address is an MAC address and a default routing address of a gateway connected to the SDN network element device, when the received data packet hits the first-stage flow table and the second-stage flow table, a corresponding Meter table is specified for the data packet according to whether an outgoing interface specified by the second-stage flow table is a tunnel port and whether a bit of the Meter, which represents a tunnel termination identifier of the data packet, is set, and the Meter table is used for counting traffic information of the internal and external networks in different directions.
In this embodiment, the matching entry of the first-stage flow table includes an identifier of a VPN to which the first user-side device belongs and a MAC address of the first user-side device, and the action entry of the first-stage flow table is a specified Metadata and is jumped to the second-stage flow table. The matching item of the second-level flow table comprises Metadata, the identification of the VPN to which the first user side device belongs, the MAC address of the gateway and a default routing address.
When the received data message hits the first-stage flow table and the second-stage flow table, the SDN network element device determines whether an output interface specified by the second-stage flow table is a tunnel interface. And if the output interface specified by the second-stage flow table is a tunnel port, the SDN network element equipment specifies a Meter table for counting the flow information of the tenant-in flow of the internal network and the external network for the data message. Illustratively, the identification of this Meter table is Meter 41. And if the output interface specified by the second-stage flow table is a common non-tunnel interface and the bit of the Metadata representing the tunnel termination identifier of the data message is set, the SDN network element equipment specifies a Meter table for counting the flow information of the taxi flow of the internal and external networks for the data message. Illustratively, the identification of this Meter table is Meter 42.
For example, for the SDN network shown in fig. 2, when VM100 accesses an extranet client, SW1 receives a data packet sent by VM100, SW1 may determine that the data packet is received from a normal non-tunnel port, and therefore, at this time, a bit of Metadata representing a tunnel termination identifier of the data packet is not set, SW1 determines that VPN1 and MAC100 hit a first-stage flow table, SW1 determines that VPN1, GW _ MAC and a default routing address carried by the data packet hit a second-stage flow table, and an egress interface specified by the second-stage flow table is a tunnel port, and therefore SW1 specifies a Meter table identified as Meter41 for the data packet.
When the extranet client answers the VM100, SW1 receives a data packet forwarded by the GW, SW1 can determine that the data packet is received by a tunnel port, and therefore, at this time, a bit of Metadata indicating a tunnel termination identifier of the data packet is set, SW1 determines that the VPN1, the GW _ MAC, and the default routing address hit a first-level flow table, SW1 determines that the VPN1 and the MAC100 carried by the data packet hit a second-level flow table, and an egress interface specified by the second-level flow table is a normal non-tunnel port, and therefore SW1 specifies a Meter table identified as Meter42 for the data packet.
It is understood that Metadata includes a Bit (hereinafter referred to as Bit 0) indicating a destination MAC address of a data packet, a Bit (hereinafter referred to as Bit 1) indicating a source MAC address of the data packet, and a Bit (hereinafter referred to as Bit 2) indicating a destination IP address of the data packet. Wherein a value of "1" for Bit0 indicates that Bit0 is set, which indicates that the destination MAC address carried in the data packet is matched, and a value of "0" for Bit0 indicates that Bit0 is not set, which indicates that the destination MAC address carried in the data packet is not matched. The value of Bit 1 is '1' to indicate that Bit 1 is set and indicates that the source MAC address carried by the data message is matched, and the value of Bit 1 is '0' to indicate that Bit 1 is not set and indicates that the source MAC address carried by the data message is not matched. A value of "1" for Bit 2 indicates that Bit 2 is set, which indicates that it matches the destination IP address carried in the datagram, and a value of "0" for Bit 2 indicates that Bit 2 is not set, which indicates that it does not match the destination IP address carried in the datagram.
In contrast to the prior art, Metadata in the present embodiment also extends the Bit representing the tunnel termination identifier of the data packet (hereinafter referred to as Bit 3), the Bit representing the link layer network of the data packet (hereinafter referred to as Bit 4), the Bit representing the VPC of the data packet (hereinafter referred to as Bit 5), and the Bit representing the intra-and extra-networks of the data packet (hereinafter referred to as Bit 6) described above. Wherein, the value of Bit 3 is "1" to indicate that Bit 3 is set, which indicates that the data packet is from the tunnel side, and the value of Bit 3 is "0" to indicate that Bit 3 is not set, which indicates that the data packet is from the user side. A value of "1" for Bit 4 indicates that Bit 4 is set, which indicates that the data packet is from another link layer network, and a value of "0" for Bit 4 indicates that Bit 4 is not set, which indicates that the data packet is from the link layer network. A value of "1" for Bit 5 indicates that Bit 5 is set, which indicates that the datagram is from another VPC, and a value of "0" for Bit 5 indicates that Bit 5 is not set, which indicates that the datagram is from the present VPC. A value of "1" for Bit 6 indicates that Bit 6 is set, which indicates that the datagram is from the external network, and a value of "0" for Bit 6 indicates that Bit 6 is not set, which indicates that the datagram is from the tenant.
In one implementation, the SDN network element device may send the specified Meter table to the SDN controller every predetermined time, or upon receiving a command from the SDN controller, send the specified Meter table to the SDN controller.
Therefore, the SDN controller determines the flow type and the direction of the data message to which the data message belongs according to the identifier of the Meter table, supervises the number of the data messages in the incoming direction forwarded by the SDN network element device according to the specified flow in the incoming direction of the Meter table, and supervises the number of the data messages in the outgoing direction forwarded by the SDN network element device according to the specified flow in the outgoing direction of the Meter table, so that the flow in the data center network can be accurately counted according to the flow type, the direction and the number of the data messages in the incoming/outgoing direction to which the data message belongs.
Fig. 3 is a block diagram illustrating a hardware configuration of a flow control device according to an exemplary embodiment. Referring to fig. 3, the apparatus 900 may include a processor 901, a machine-readable storage medium 902 having stored thereon machine-executable instructions. The processor 901 and the machine-readable storage medium 902 may communicate via a system bus 903. Also, the processor 901 performs the above-described flow control method by reading machine-executable instructions corresponding to the flow control logic in the machine-readable storage medium 902.
The machine-readable storage medium 902 referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: a RAM (random Access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terms used herein were chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the techniques in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (11)

1. A flow control method is applied to a Software Defined Network (SDN) network element device, and comprises the following steps:
receiving a first-level flow table and a second-level flow table sent by an SDN controller;
when a data message is received, according to an incoming interface of the data message and a hit first-level flow table, corresponding Metadata is appointed so that the Metadata indicates the incoming direction of the data message;
and according to the hit second-stage flow table and the output interface appointed by the second-stage flow table, appointing a corresponding speed-counting Meter table so that the Meter table records the statistical information of the data messages from different input directions in the output direction corresponding to the output interface.
2. The method of claim 1,
the information recorded by the Meter table specified by the SDN network element device comprises incoming flow and outgoing flow information, wherein the incoming flow represents the total amount of all traffic bandwidths passing through the SDN network element device in the incoming direction, and the outgoing flow represents the total amount of all traffic bandwidths passing through the SDN network element device in the incoming direction,
the method further comprises the following steps:
and calculating the distribution of each type of flow according to the flow in the direction and the flow out of the direction recorded by the Meter table.
3. The method according to claim 1 or 2,
the matching items of the first-stage flow table comprise a virtual private network identifier (VPN ID) and a source address, the action items of the first-stage flow table are designated Metadata and jump to the second-stage flow table, the matching items of the second-stage flow table comprise the Metadata and the destination address, and the action items of the second-stage flow table are designated metal tables.
4. The method of claim 3,
the source address is a Media Access Control (MAC) address of a first user side device accessing the SDN network element device, a Virtual Private Network (VPN) identity included in a matching item of the first-level flow table is an identifier of a VPN to which the first user side device belongs,
the matching entry of the second-stage flow table further includes the VPN ID, and the destination address is a MAC address of a second user-side device to be accessed by the first user-side device,
when the received data message hits the first-level flow table and the second-level flow table, according to whether an output interface specified by the second-level flow table is a tunnel port or not and whether a bit of Metadata representing a tunnel termination identifier of the data message is set or not, a corresponding Meter table is specified for the data message, and the Meter table is used for counting flow information of the same link layer network in different directions.
5. The method of claim 3,
the source address is a Media Access Control (MAC) address of a gateway connected with the SDN network element device and an IP address of a first user side device accessed into the SDN network element device, a Virtual Private Network (VPN) Identity (ID) included in a matching item of the first-level flow table is an identifier of a VPN to which the first user side device belongs,
the matching entry of the second-stage flow table further includes the VPN ID, and the destination address is a MAC address of a second user-side device to be accessed by the first user-side device,
when a received data message hits the first-level flow table and the second-level flow table, according to whether an output interface specified by the second-level flow table is a tunnel port or not and whether a bit of Metadata, which represents a tunnel termination identifier of the data message, is set or not, a corresponding Meter table is specified for the data message, and the Meter table is used for counting flow information of different link layer networks and different directions of the same virtual private cloud VPC.
6. The method of claim 3,
the source address is a Media Access Control (MAC) address of a first user side device accessing the SDN network element device, a Virtual Private Network (VPN) identity included in a matching item of the first-level flow table is an identifier of a VPN to which the first user side device belongs,
the matching entry of the second-stage flow table further includes the VPN ID, and the destination address is a MAC address of a gateway connected to an SDN network element device and an IP address of a second user-side device to be accessed by the first user-side device,
when a received data message hits the first-level flow table and the second-level flow table, according to whether an output interface specified by the second-level flow table is a tunnel port or not and whether a bit of Metadata, which represents a tunnel termination identifier of the data message, is set or not, a corresponding Meter table is specified for the data message, and the Meter table is used for counting flow information of different link layer networks and different directions of the same virtual private cloud VPC.
7. The method of claim 3,
the source address is a Media Access Control (MAC) address of a gateway connected with the SDN network element device and an external network IP address allocated by the data center, a Virtual Private Network (VPN) identity included in a matching item of the first-level flow table is an identifier of a VPN to which a first user side device accessed to the SDN network element device belongs,
the matching entry of the second-stage flow table further includes the VPN ID, and the destination address is a MAC address of a second user-side device to be accessed by the first user-side device,
when a received data message hits the first-stage flow table and the second-stage flow table, according to whether an output interface specified by the second-stage flow table is a tunnel port or not and whether a bit of Metadata representing a tunnel termination identifier of the data message is set or not, a corresponding Meter table is specified for the data message, and the Meter table is used for counting flow information of different virtual private cloud VPCs in different directions.
8. The method of claim 3,
the source address is a Media Access Control (MAC) address of a first user side device accessing the SDN network element device, a Virtual Private Network (VPN) identity included in a matching item of the first-level flow table is an identifier of a VPN to which the first user side device belongs,
the matching entry of the second-stage flow table further includes the VPN ID, the destination address is a media access control MAC address of a gateway connected to the SDN network element device and an external network IP address allocated by the data center,
when a received data message hits the first-stage flow table and the second-stage flow table, according to whether an output interface specified by the second-stage flow table is a tunnel port or not and whether a bit of Metadata representing a tunnel termination identifier of the data message is set or not, a corresponding Meter table is specified for the data message, and the Meter table is used for counting flow information of different virtual private cloud VPCs in different directions.
9. The method of claim 3,
the source address is a Media Access Control (MAC) address and a default routing address of a gateway connected with the SDN network element device, a Virtual Private Network (VPN) identification included in a matching item of the first-level flow table is an identification of a VPN to which a first user side device accessed to the SDN network element device belongs,
the matching entry of the second-stage flow table further includes the VPN ID, the destination address is the MAC address of the first user-side device,
when the received data message hits the first-stage flow table and the second-stage flow table, according to whether an output interface specified by the second-stage flow table is a tunnel port or not and whether a bit of Metadata representing a tunnel termination identifier of the data message is set or not, a corresponding Meter table is specified for the data message, and the Meter table is used for counting flow information of the internal network and the external network in different directions.
10. The method of claim 3,
the source address is a Media Access Control (MAC) address of a first user side device accessing the SDN network element device, a Virtual Private Network (VPN) identity included in a matching item of the first-level flow table is an identifier of a VPN to which the first user side device belongs,
the matching entry of the second-level flow table further includes the VPN ID, the destination address is a media access control, MAC, address and a default routing address of a gateway connected to the SDN network element device,
when the received data message hits the first-stage flow table and the second-stage flow table, according to whether an output interface specified by the second-stage flow table is a tunnel port or not and whether a bit of Metadata representing a tunnel termination identifier of the data message is set or not, a corresponding Meter table is specified for the data message, and the Meter table is used for counting flow information of the internal network and the external network in different directions.
11. A flow control device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
performing the flow control method according to any one of claims 1 to 10.
CN201810700031.6A 2018-06-29 2018-06-29 Flow control method and device Active CN108650154B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810700031.6A CN108650154B (en) 2018-06-29 2018-06-29 Flow control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810700031.6A CN108650154B (en) 2018-06-29 2018-06-29 Flow control method and device

Publications (2)

Publication Number Publication Date
CN108650154A CN108650154A (en) 2018-10-12
CN108650154B true CN108650154B (en) 2020-11-27

Family

ID=63750418

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810700031.6A Active CN108650154B (en) 2018-06-29 2018-06-29 Flow control method and device

Country Status (1)

Country Link
CN (1) CN108650154B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111786843B (en) * 2019-04-04 2023-07-04 中兴通讯股份有限公司 Traffic acquisition method and device, network equipment and storage medium
CN110071853B (en) * 2019-04-30 2021-01-01 新华三技术有限公司 Message statistical method and network equipment
CN111901317B (en) * 2020-07-15 2022-05-17 中盈优创资讯科技有限公司 Access control policy processing method, system and equipment
CN113595936B (en) * 2021-08-03 2022-09-20 中国电信股份有限公司 Flow monitoring method, gateway equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103609070A (en) * 2012-10-29 2014-02-26 华为技术有限公司 Network traffic detection method, system, equipment and controller
CN103916314A (en) * 2013-12-26 2014-07-09 杭州华为数字技术有限公司 Message transmitting control method, related device and physical host
CN104702502A (en) * 2013-12-09 2015-06-10 中兴通讯股份有限公司 Network path calculation method and device
CN104767685A (en) * 2015-04-17 2015-07-08 杭州华三通信技术有限公司 Flow forwarding method and device
CN104994065A (en) * 2015-05-20 2015-10-21 上海斐讯数据通信技术有限公司 Access control list operation system and method based on software-defined network
CN105763465A (en) * 2016-01-29 2016-07-13 杭州华三通信技术有限公司 Distributed combination flow control method and device
CN106105098A (en) * 2014-09-25 2016-11-09 华为技术有限公司 Switch and the processing method of service request message
US10009270B1 (en) * 2015-03-01 2018-06-26 Netronome Systems, Inc. Modular and partitioned SDN switch

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9633041B2 (en) * 2013-09-26 2017-04-25 Taiwan Semiconductor Manufacturing Co., Ltd. File block placement in a distributed file system network

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103609070A (en) * 2012-10-29 2014-02-26 华为技术有限公司 Network traffic detection method, system, equipment and controller
CN104702502A (en) * 2013-12-09 2015-06-10 中兴通讯股份有限公司 Network path calculation method and device
CN103916314A (en) * 2013-12-26 2014-07-09 杭州华为数字技术有限公司 Message transmitting control method, related device and physical host
CN106105098A (en) * 2014-09-25 2016-11-09 华为技术有限公司 Switch and the processing method of service request message
US10009270B1 (en) * 2015-03-01 2018-06-26 Netronome Systems, Inc. Modular and partitioned SDN switch
CN104767685A (en) * 2015-04-17 2015-07-08 杭州华三通信技术有限公司 Flow forwarding method and device
CN104994065A (en) * 2015-05-20 2015-10-21 上海斐讯数据通信技术有限公司 Access control list operation system and method based on software-defined network
CN105763465A (en) * 2016-01-29 2016-07-13 杭州华三通信技术有限公司 Distributed combination flow control method and device

Also Published As

Publication number Publication date
CN108650154A (en) 2018-10-12

Similar Documents

Publication Publication Date Title
CN108650154B (en) Flow control method and device
EP3461082B1 (en) Network congestion control method and device
US10498612B2 (en) Multi-stage selective mirroring
CN108011837B (en) Message processing method and device
CN110703817B (en) Control method, device and system for statistical flow
US9838278B2 (en) Self-learning device classifier
US10917341B2 (en) Forwarding path selection method and device
EP2036260A2 (en) Communicating packets between forwarding contexts using virtual interfaces
CN111953552B (en) Data flow classification method and message forwarding equipment
US11405319B2 (en) Tool port throttling at a network visibility node
CN106302179B (en) Method and device for managing index table
US20180006842A1 (en) Access Layer-2 Virtual Private Network From Layer-3 Virtual Private Network
US20030223366A1 (en) Flow control in computer networks
US20090158006A1 (en) Facilitating management of layer 2 hardware address table based on packet priority information
EP3310093B1 (en) Traffic control method and apparatus
US20230006937A1 (en) Packet flow identification with reduced decode operations
US10291518B2 (en) Managing flow table entries for express packet processing based on packet priority or quality of service
US10594631B1 (en) Methods and apparatus for memory resource management in a network device
US7551558B2 (en) Method and system for controlling bandwidth allocation
US8660001B2 (en) Method and apparatus for providing per-subscriber-aware-flow QoS
US10764177B2 (en) Efficient implementation of complex network segmentation
US8005106B2 (en) Apparatus and methods for hybrid fair bandwidth allocation and drop precedence
US10256992B2 (en) Tunnel encapsulation
JP2009296158A (en) Communication data statistical apparatus and communication data statistical method
CN116915709B (en) Load balancing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant