CN108768769B - Detection method and detection system for consistency of control plane and data plane and switch - Google Patents

Detection method and detection system for consistency of control plane and data plane and switch Download PDF

Info

Publication number
CN108768769B
CN108768769B CN201810474636.8A CN201810474636A CN108768769B CN 108768769 B CN108768769 B CN 108768769B CN 201810474636 A CN201810474636 A CN 201810474636A CN 108768769 B CN108768769 B CN 108768769B
Authority
CN
China
Prior art keywords
switch
data packet
label
update
updating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810474636.8A
Other languages
Chinese (zh)
Other versions
CN108768769A (en
Inventor
汪漪
李伟超
雷凯
金波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peking University Shenzhen Graduate School
Southern University of Science and Technology
Original Assignee
Peking University Shenzhen Graduate School
Southern University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peking University Shenzhen Graduate School, Southern University of Science and Technology filed Critical Peking University Shenzhen Graduate School
Priority to CN201810474636.8A priority Critical patent/CN108768769B/en
Publication of CN108768769A publication Critical patent/CN108768769A/en
Application granted granted Critical
Publication of CN108768769B publication Critical patent/CN108768769B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a system for detecting consistency of a control plane and a data plane and a switch. The method comprises the following steps: receiving a sampling data packet through an entrance switch, inserting a label consisting of a bloom filter and a preset vector into the sampling data packet, generating a processing data packet carrying an updating label, and initializing the updating label; updating the update label in the processing data packet through the inlet switch, at least one internal switch and the outlet switch according to the corresponding switch identity and the preset feature matrix respectively; reporting the current update label to a controller through an exit switch; and receiving the update label through the controller, and verifying whether the control plane and the data plane are consistent according to the update label and the standard label of the processing data packet determined by each switch corresponding to the planned switch path of the sampling data packet. The embodiment of the invention realizes that the consistency accuracy of the control plane and the data plane is improved on the basis of reducing the data processing amount.

Description

Detection method and detection system for consistency of control plane and data plane and switch
Technical Field
The embodiment of the invention relates to a communication technology, in particular to a method, a system and a switch for detecting consistency of a control plane and a data plane.
Background
Software Defined Networking (SDN) is an emerging Network paradigm that decouples the control plane and the data plane, centrally controls and aggregates full-Network views, establishes an open interface on the control plane and the data plane, and enables external applications to make the Network programmable, thereby making up for the deficiencies and limitations of the current Network architecture. Wherein the controller directs forwarding of the data packet by installing a rule in the switch. However, due to the inconsistency between the control plane policy and the data plane rule, the actual path that the data packet passes through may not be consistent with the expected path preset by the controller, and the inconsistency between the control plane and the data plane may cause the network to be uncontrolled, and the uncontrolled network behavior may further cause the performance of the network to be degraded, and even cause network errors, such as network loops, packet loss, and the like. Therefore, it is important to ensure the consistency of the control plane and the data plane.
In the prior art, in order to solve the problem of possible inconsistency between the control plane and the data plane, the following two methods are mainly adopted: first, probe-based solutions; second, label-based solutions. In particular, probe-based solutions examine the forwarding behavior of data packets by using customized probe packets. The label-based solution monitors the consistency of the control plane and the data plane by adding labels to normal data packets in transmission, compressing path information using the labels, recording hop-by-hop expected paths of each data flow from each ingress and egress port pair through a path table, and comparing whether the labels are consistent with corresponding entries in the path table. However, both of the above approaches have their own limitations. Probe-based solutions, which require a long time to generate probe packets; a label-based solution, which uses the packet header to match the routing table, will not find the corresponding entry from the routing table once the packet header is modified during forwarding, i.e., it cannot handle the case where the packet header is modified. In addition, the storage and construction of the path table incurs significant overhead.
Disclosure of Invention
The embodiment of the invention provides a method, a system and a switch for detecting consistency of a control plane and a data plane, which aim to improve the consistency detection accuracy of the control plane and the data plane on the basis of reducing data processing capacity.
In a first aspect, an embodiment of the present invention provides a method for detecting consistency between a control plane and a data plane, where the method is applied in a software-defined network, and the method includes:
receiving a sampling data packet through an entrance switch, inserting a label consisting of a bloom filter and a preset vector into the sampling data packet, generating a processing data packet carrying an updating label, initializing the updating label, and updating the updating label in the processing data packet according to a corresponding switch identity and a preset feature matrix;
forwarding the processing data packet in the software defined network through at least one internal switch, and updating an updating label in the processing data packet according to a corresponding switch identity and a preset feature matrix;
receiving the processing data packet through an exit switch, updating an update tag in the processing data packet according to a corresponding switch identity and a preset characteristic average value, and reporting the current update tag of the processing data packet to a controller;
and receiving the update label reported by the exit switch through a controller, and verifying whether a control plane and a data plane are consistent according to the update label and the standard label of the processing data packet determined by each switch corresponding to the planned switch path of the sampling data packet.
In a second aspect, an embodiment of the present invention further provides a system for detecting consistency between a control plane and a data plane, where the system includes: a software defined network, the software defined network comprising: an ingress switch, at least one internal switch, an egress switch, and a controller;
the inlet switch is used for receiving a sampling data packet, inserting a label consisting of a bloom filter and a preset vector into the sampling data packet, generating a processing data packet carrying an updating label, initializing the updating label, and updating the updating label in the processing data packet according to a corresponding switch identity and a preset feature matrix;
the at least one internal switch is used for forwarding the processing data packet in the software defined network and updating the updating label in the processing data packet according to the corresponding switch identity and the preset feature matrix;
the egress switch is configured to receive the processed data packet, update an update tag in the processed data packet according to a corresponding switch identity and a preset feature matrix, and report the current update tag of the processed data packet to a controller;
and the controller is used for receiving the update label reported by the outlet switch, and verifying whether a control plane and a data plane are consistent or not according to the update label and the standard label of the processing data packet determined by each switch corresponding to the planned switch path of the sampling data packet.
In a third aspect, an embodiment of the present invention further provides a switch, which is applied to the detection system according to the embodiment of the present invention, and includes: an ingress switch, an internal switch, and an egress switch.
Receiving a sampling data packet through an ingress switch, inserting a tag consisting of a bloom filter and a preset vector into the sampling data packet, generating a processing data packet carrying an update tag, initializing the update tag, updating the update tag in the processing data packet according to a corresponding switch identity and a preset feature matrix through the ingress switch, at least one internal switch and the egress switch respectively, and reporting the current update tag of the processing data packet to a controller through the egress switch; and receiving the update label reported by the outlet switch through the controller, and verifying whether the control plane and the data plane are consistent according to the update label and the standard label of the processing data packet determined by each switch corresponding to the planned switch path of the sampling data packet. The problem of inaccurate and the big data processing volume of detection control face and data face uniformity among the prior art is solved, realized on the basis of reducing data processing volume, improved the accuracy of detecting control face and data face uniformity.
Drawings
Fig. 1a is a flowchart of a method for detecting consistency between a control plane and a data plane according to a first embodiment of the present invention;
FIG. 1b is a schematic structural diagram of a software-defined network according to a first embodiment of the present invention;
fig. 2 is a flowchart of a control plane and data plane consistency detection method in the second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a system for detecting consistency between a control plane and a data plane in a third embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1a is a flowchart of a method for detecting consistency of a control plane and a data plane according to an embodiment of the present invention, which is applied to a software-defined network, where this embodiment is applicable to detecting whether the control plane and the data plane in the software-defined network are consistent, and the method may be executed by a device in the software-defined network, where the device may be implemented in a software and/or hardware manner, for example, typically, a switch and a controller in the software-defined network. As shown in fig. 1a, the method specifically includes the following steps:
and 110, receiving the sampling data packet through the entrance switch, inserting a label consisting of a bloom filter and a preset vector into the sampling data packet, generating a processing data packet carrying an updating label, initializing the updating label, and updating the updating label in the processing data packet according to the corresponding switch identity and the preset feature matrix.
In a specific embodiment of the present invention, the software-defined network includes switches and a controller, and more specifically, the switches present in the software-defined network may be divided into three types, i.e., an ingress switch, an internal switch, and an egress switch, where the number of the internal switches is at least one. The ingress switch and the egress switch are respectively edge switches for enabling the data packet to enter the software defined network and to leave the software defined network, and the switches are in communication transmission with the remote controller based on the OpenFlow protocol. Each switch has a corresponding switch identity and a preset feature matrix, that is, the switch identity and the preset feature matrix correspond to the switch one to one, and the switch identity and the preset feature matrix may be pre-assigned by the controller or automatically generated by the switch, and may be specifically set according to the actual situation, which is not specifically limited herein.
The sampling data packet may be represented as a common data packet satisfying a preset condition, and the sampling data packet determined based on the preset condition may be understood as a sampling data packet in which all data packets received by the ingress switch are regarded as the sampling data packet, or may be understood as a sampling data packet in which data packets received by the ingress switch are screened and the screened data packets are regarded as the sampling data packet. The meaning of the specific sampling data packet needs to be determined according to a preset condition, and is not particularly limited herein. The software defined network has a problem of inconsistency between the control plane policy and the data plane rule, and the problem may cause an actual switch path through which a data packet passes in the forwarding process of the switch to be inconsistent with a planned switch path, where the actual switch path corresponds to the data plane and the planned switch path corresponds to the control plane. It should be noted that the reason why the actual switch path is different from the planned switch path is that the sequence of the internal switches through which the sampled data packet passes when forwarding through the software-defined network is different, in other words, the ingress switch and the egress switch in the actual switch path and the planned switch path are the same and the sequence of the passing is also the same, and the difference is that: firstly, internal switches which pass through are the same, but the sequence of the internal switches which pass through is different; second, there is at least one difference in the internal switches that pass through. Illustratively, there are switch 1, switch 2, switch 3, switch 4, and switch 5 (hereinafter denoted as S1, S2, S3, S4, and S5, respectively) in the software defined network, where S1 is the ingress switch, S5 is the egress switch, and S2, S3, and S4 are the internal switches. For case one, the actual switch path is S1 → S2 → S3 → S4 → S5, and the planned switch path is S1 → S3 → S4 → S2 → S5; for case two, the actual switch path is S1 → S2 → S4, and the planned switch path is S1 → S3 → S4. In order to solve the above problem, the following scheme is specifically considered: after a sampling data packet enters a software defined network, inserting a label consisting of a bloom filter and a preset vector into the sampling data packet by an entrance switch, correspondingly updating the label along with the forwarding process of the data packet in an internal switch, sending the label serving as an updating label to a controller after the label leaves an exit switch, and verifying whether a control plane and a data plane are consistent by comparing the updating label with a standard label of the data packet determined by each switch corresponding to a planned switch path of the data packet by the controller. It will be appreciated that the update tag carries the actual switch path information, which is the key to the implementation of the above scheme.
The bloom filter is a random data structure, has high space efficiency, and can simply judge whether an element belongs to a specific set. The bloom filter consists of two parts, one binary vector of sufficient length (hereinafter referred to as bit array B) and k hash functions with independent output distributions. In bit array B, the bloom filter represents the presence information of an element using bits 0 and 1. In the initial state, all the positions in the bit array B need to be set to 0. The specific implementation process is as follows: assuming that the length of the bit array B is m, a total of n elements to be stored are contained in a set S, and in order to insert n elements into the bit array B, the bloom filter selects k hash functions { f) with independent output distribution1,f2,...,fk}. By k hash functions f1,f2,...,fkWill each element S in the set Sj(1. ltoreq. j. ltoreq.n) is mapped to k values { g1,g2,...,gkGet the corresponding B [ g ] in the bit array B1],B[g2],…,B[gk]Is set to 1. After all n elements are written into the set, the insert operation for set S is completed. If the query operation is to be performed on the set S, pass through k hash functions { f }1,f2,...,fkWill each element S in the set Sj(1. ltoreq. j. ltoreq.n) is mapped to k values { g1,g2,...,gkGet the corresponding B [ g ] in the bit array B1],B[g2],…,B[gk]And judging B [ g ]1],B[g2],…,B[gk]Whether both are 1.If all 1 s are confirmedj(1. ltoreq. j. ltoreq.n) is present in the set S; if not all are 1, then element s is confirmedj(1. ltoreq. j. ltoreq.n) is not present in the set S. Furthermore, bloom filters do not have a false negative probability, which means if the element s isj(1. ltoreq. j. ltoreq.n) is present in the set S, then for the element SjWhen the query operation is carried out (j is more than or equal to 1 and less than or equal to n), the error result can never be generated, namely s can never appearj(1. ltoreq. j. ltoreq.n) is absent from the set S. However, bloom filters have a probability of false positives, which means if the element s isj(1. ltoreq. j. ltoreq.n) is not present in the set S, then for the element SjWhen the query operation is carried out, j is more than or equal to 1 and less than or equal to n, abnormal conclusion appears with a certain probability, namely, the element s appearsj(1. ltoreq. j. ltoreq.n) is present in the set S. Based on the above, the identity of the switch may be stored in the bloom filter to facilitate determining the switches present in the actual switch path. The preset vector may be a two-dimensional vector, a three-dimensional vector or even a higher-dimensional vector, and may be specifically set according to an actual situation, which is not specifically limited herein. It can be understood that, considering the size of the storage space occupied by the data and the difficulty of subsequent data processing, the lower the dimension of the preset vector is, the better the preset vector is.
And receiving the sampling data packet through the inlet switch, inserting a label consisting of the bloom filter and the preset vector into the sampling data packet, and generating a processing data packet carrying an updating label, namely inserting the label consisting of the bloom filter and the preset vector into the sampling data packet to form the processing data packet carrying the updating label. Meanwhile, the portal exchange may initialize the update tag, that is, assign an initial value to the update tag, which may specifically be: setting an initial value of a bloom filter in the update tag to 0, and setting an initial value for a preset vector in the update tag based on the data flow information. The ingress switch also updates the update tag in the processed data packet according to the corresponding switch identity and the preset feature matrix, where the corresponding switch identity and the preset feature matrix refer to the switch identity and the preset feature matrix of the ingress switch. Accordingly, it can be appreciated that the ingress switch serves three roles, specifically as follows: firstly, an entrance exchanger adds a label consisting of a bloom filter and a preset vector to a sampling data packet to generate a processing data packet carrying an updating label; secondly, the entrance exchanger endows an initial value to the updated label; and thirdly, the inlet switch updates the updated label according to the switch identity and the preset characteristic matrix.
Optionally, on the basis of the above technical solution, receiving a sampling data packet through an ingress switch, inserting a tag composed of a bloom filter and a preset vector into the sampling data packet, generating a processing data packet carrying an update tag, and initializing the update tag, which may specifically include:
and receiving the original data packet through the ingress switch, and determining the data flow to which the original data packet belongs according to the quintuple.
And acquiring the time when the original data packet is received by the ingress switch as a first time and acquiring the time when the data stream is sampled for the last time as a second time by the ingress switch.
And if the time difference between the first time and the second time is greater than or equal to the sampling interval of the data flow, the inlet exchanger determines that the original data packet is a sampling data packet, inserts a label consisting of a bloom filter and a preset vector into the packet head of the sampling data packet, generates a processing data packet carrying an updating label, and initializes the updating label.
Wherein, the initial value of the update tag corresponding to the sampling data packet belonging to one data stream is the same.
In the embodiment of the present invention, in order to improve the accuracy and efficiency of data transmission, the ingress switch does not insert a tag composed of a bloom filter and a preset vector into all received data packets and perform subsequent operations, but the ingress switch filters the received data packets according to a preset condition, takes the filtered data packets as data packets requiring insertion of the tag and subsequent operations, and refers to the data packets as sampling data packets, and refers to the data packets that are not filtered as original data packets. Specifically, the method comprises the following steps:
and receiving the original data packet through the ingress switch, and determining the data flow to which the original data packet belongs according to the quintuple. The five-tuple may refer to a set of a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol. For example, the TCP 121.14.88.7680 is 192.168.1.110000 to form a quintuple, and more specifically, a TCP quintuple is formed, which means that a terminal with an IP address of 192.168.1.1 is connected to another terminal with an IP address of 121.14.88.76 and a port of 80 through a port 10000 by using a TCP protocol. The data flow is a complete link and comprises at least one original data packet, and the original data packet belonging to one data flow has the same source IP address and destination IP address. The quintuple is used to identify the data streams and simultaneously associate a sampling interval with each data stream. The method comprises the steps that the time when an original data packet is received by an entrance switch is obtained through the entrance switch and is used as a first time, the time when a data stream is sampled for the last time is obtained and is used as a second time, whether the time difference between the first time and the second time is larger than or equal to the sampling interval of the data stream or not is compared through the entrance switch, if yes, the original data packet can be determined to be the sampling data packet, a label consisting of a bloom filter and a preset vector is inserted into the packet head of the sampling data packet, a processing data packet carrying an updating label is generated, and the updating label is initialized. Conversely, if not, it may be determined that the original packet is not a sampled packet, and no tagging and subsequent operations may be performed thereon. By the method, the inlet switch can screen the original data packet according to the preset condition, and the screened original data packet is determined as the sampling data packet. Since the sampled data packets are screened from the original data packets according to the preset conditions, if the original data packets belong to a certain data stream, it can be determined that the sampled data packets also belong to the data stream. In addition, it should be noted that the initial value of the preset vector in the update tag corresponding to the sampling data packet belonging to one data stream is the same. And sending the initial value of the preset vector in the update label of each data stream to the controller through the ingress switch, and simultaneously storing the initial value of the preset vector in the update label by using the corresponding hash tables respectively through the ingress switch and the controller. The ingress switch will also use the data in the IP TOS domain to distinguish whether the original packet was sampled, and will also use the hash table to store the last time each flow was sampled, i.e., the hash table is used to store the second time of each flow, and if the original packet is determined to be a sampled packet, the second time is updated with the first time, i.e., the second time of each flow is the first time. It will be appreciated that the initial value of the last sampled time instant of each data stream is 0.
Illustratively, the number of bits of the bloom filter may be 16 bits, and the predetermined vector may be a two-dimensional vector, and more specifically, may be composed of two 32-bit random numbers. Wherein, the two-dimensional vector and the bloom filter can be respectively inserted into two 32-bit mpls _ label and 16-bit VLAN fields in the packet header of the sampling data packet.
Illustratively, let the first time be t and the second time be
Figure GDA0002599042490000071
The sampling interval of the data flow f to which the original data packet belongs is
Figure GDA0002599042490000072
If it is not
Figure GDA0002599042490000073
The original data packet can be determined to be a sampled data packet; if it is not
Figure GDA0002599042490000074
It may be determined that the original packet is not a sampled packet. At the same time, will
Figure GDA0002599042490000075
And updated to t.
And 120, forwarding the processed data packet in the software defined network through at least one internal switch, and updating the update tag in the processed data packet according to the corresponding switch identity and the preset feature matrix.
In a specific embodiment of the present invention, a processed data packet is forwarded in a software defined network through at least one internal switch, and an update tag in the processed data packet is updated according to a corresponding switch identity and a preset feature matrix, where the corresponding switch identity and the preset feature matrix are a switch identity and a preset feature matrix of each internal switch, in other words, each internal switch has a corresponding switch identity and a preset feature matrix. Accordingly, it can be appreciated that the internal switch functions to update the update tag according to the corresponding switch identity and the predetermined feature matrix. And step 130, receiving the processed data packet through the exit switch, updating the update tag in the processed data packet according to the corresponding switch identity and the preset feature matrix, and reporting the current update tag of the processed data packet to the controller.
In a specific embodiment of the present invention, the egress switch receives the processed data packet sent by the last internal switch, and updates the update tag in the processed data packet according to the corresponding switch identity and the preset feature matrix, where the corresponding switch identity and the preset feature matrix are the identity and the preset feature matrix of the egress switch. And the exit switch reports the current update label of the processed data packet to the controller. Accordingly, it can be appreciated that the egress switch serves two roles, specifically as follows: firstly, the outlet switch updates the update label according to the corresponding switch identity and a preset feature matrix; and secondly, the exit switch reports the current update label of the processed data packet to the controller.
It should be noted that, each time a switch passes through, the switch updates the update tag in the processed data packet according to the corresponding switch identity and the preset feature matrix, that is, any two switches adjacent to each other in the forwarding path, where the two switches adjacent to each other may refer to the ingress switch and the first internal switch, may refer to two internal switches, may refer to the last internal switch and the egress switch, the switch which processes the data packet in the two adjacent switches is called the previous switch, the switch which processes the data packet is called the next switch, and the next switch is used as the current switch, the current switch updates the update tag in the processing data packet, where the update tag refers to a tag obtained by updating the update tag in the processing data packet by the previous switch. It should be further noted that the update tag is formed based on each switch on the actual switch path, in other words, the update tag carries the actual switch path information through which the sampling data packet passes, and can embody a data plane. This also provides a basis for subsequent controllers to verify that the control plane and data plane are consistent.
It should be noted that the egress switch may monitor that the processed packet will leave the software defined network and send the processed packet to the destination host, so as to complete the whole packet transmission process. The update label is used for providing basis for the controller to verify whether the control plane and the data plane are consistent, and the information of the sampling data packet cannot be changed, namely the information of the sampling data packet is not influenced by the update label.
Optionally, on the basis of the above technical solution, updating the update tag in the processed data packet according to the corresponding switch identity and the preset feature matrix may specifically include: and updating the initial value of the bloom filter of the update label in the processing data packet through the target switch according to the corresponding switch identity. And updating the initial value of the preset vector of the update label in the processing data packet through the target switch according to the corresponding preset feature matrix. The target switch may specifically include: an ingress switch, an internal switch, or an egress switch.
In the embodiment of the present invention, as can be seen from the foregoing, the ingress switch, the internal switch, and the egress switch update the update tag in the same processing manner, and therefore, the ingress switch, the internal switch, or the egress switch may be collectively referred to as a target switch. It can also be understood that the above processing manners for updating the tag are all applicable to the ingress switch, the internal switch, and the egress switch, that is, the above processing manners for updating the tag are all applicable to the target switch. The update tag includes a bloom filter and a preset vector, and correspondingly, the initial value of the update tag includes an initial value of the bloom filter and an initial value of the preset vector, and as can be known from the foregoing, for the ingress switch, the initial value of the update tag received by the ingress switch is a value obtained by initializing the update tag by the ingress switch, specifically, the initial value of the bloom filter is 0, and the initial value of the preset vector is determined based on the data flow information; for the internal switches, the initial value of the update tag received by the first internal switch is a value obtained by the ingress switch updating the update tag in the processed data packet according to the switch identity and the preset feature matrix, the initial value of the update tag received by the second internal switch is a value obtained by the first internal switch updating the update tag in the processed data packet according to the switch identity and the preset feature matrix, and so on, so that the initial value of the update tag received by each internal switch can be obtained; for the egress switch, the initial value of the update tag received by the egress switch is a value obtained by updating the update tag in the processed data packet by the last internal switch according to the switch identity and the preset feature matrix. That is, except for the ingress switch, for the internal switch and the egress switch, the initial value of the update tag received by each switch is the value of the update tag in the processed data packet updated by the previous switch according to the switch identity and the preset feature matrix. In addition, it should be noted that the first internal switch described above represents a switch that receives the update label sent by the ingress switch in the actual switch path. The second internal switch represents a switch which receives the update label sent by the first switch in the actual switch path, and the first switch and the second switch are named only based on the sequence of the switches passed by the update label in the actual forwarding process.
Updating the update tag in the processed data packet according to the corresponding switch identity and the preset feature matrix, which may specifically include: and updating the initial value of the bloom filter for updating the label in the processing data packet according to the corresponding switch identity through the target switch, namely storing the corresponding switch identity into the bloom filter for updating the label in the processing data packet through the target switch, and updating the initial value of the bloom filter for updating the label in the processing data packet according to the output result of the bloom filter. And updating the initial value of the preset vector of the update label in the processing data packet through the target switch according to the corresponding preset feature matrix, namely performing mathematical operation on the preset vector and the corresponding preset feature matrix through the target switch, and updating the initial value of the bloom filter of the update label in the processing data packet according to the operation result. The data operation described herein may include matrix multiplication, and accordingly, it is also necessary to set the conditions satisfied by the predetermined vector and the predetermined feature matrix. Specifically, assuming that the preset vector is represented in a row vector form, if the preset vector is right-multiplied by the corresponding preset feature matrix, at this time, the length of the preset vector is required to be equal to the row number of the preset feature matrix; if the preset vector is multiplied by the corresponding preset feature matrix, the number of columns of the preset feature matrix is required to be equal to the length of the preset vector, and in this case, the preset vector needs to be converted into a column vector form when being multiplied. It can be understood that the form of the data operation and the conditions that need to be satisfied by the corresponding preset vector and the preset feature matrix can be determined according to the actual situation, and are not specifically limited herein.
Optionally, on the basis of the above technical solution, updating, by the target switch, the initial value of the bloom filter for processing the update tag in the data packet according to the corresponding switch identity, specifically may include: the initial value of the bloom filter that processes the update tag in the packet is taken by the target switch as the initial value of the current bloom filter. And sending the corresponding switch identity identification to the bloom filter through the target switch to obtain the output value of the corresponding bloom filter. And calculating a union set of the output value of the corresponding bloom filter and the initial value of the current bloom filter through the target switch, and updating the initial value of the current bloom filter according to the union set. And taking the updated initial value as the initial value of the current bloom filter through the target switch.
In the embodiments of the present invention, as can be seen from the foregoing, the target switch here also includes an ingress switch, an internal switch, or an egress switch. Updating, by the target switch, the initial value of the bloom filter that processes the update tag in the data packet according to the corresponding switch identity, which may specifically include: the initial value of the bloom filter for processing the update label in the data packet is used as the initial value of the current bloom filter through the target switch, and the corresponding switch identity is sent to the bloom filter through the target switch to obtain the output value of the corresponding bloom filter, namely, the switch identity corresponding to the passed switch is sent to the bloom filter in the actual forwarding process of the processing data packet. And calculating a union set of the output value of the corresponding bloom filter and the initial value of the current bloom filter through the target switch, updating the initial value of the current bloom filter according to the union set, and taking the updated initial value as the initial value of the current bloom filter through the target switch. The foregoing may be understood as that the initial value of the bloom filter of the update label received by each target switch (except for the ingress switch in the target switch) (i.e., the initial value of the current bloom filter received by each target switch) sends the switch identity to the bloom filter for its previous target switch, obtains the output value of the corresponding bloom filter, and calculates the value of the union of the output value of the corresponding bloom filter and the initial value of the current bloom filter received by the previous target switch. For the ingress switch in the target switch, the initial value of the bloom filter of the update label received by the ingress switch (i.e. the initial value of the current bloom filter received by the ingress switch) is the value of the ingress switch after initializing the bloom filter of the update label. It will be appreciated that the initial value of the current bloom filter is a value that changes continuously with the switches that are passed.
Illustratively, if two internal switches are assumed, the ingress switch, the first internal switch, the second internal switch, and the egress switch of the target switch are respectively denoted by S1, S2, S3, and S4, and the actual switch path is S1 → S2 → S3 → S4; the bloom filter is denoted by BF; respective IDs for switch identifications corresponding to the ingress switch, the first internal switch, the second internal switch, and the egress switch1、ID2、ID3And ID4And (4) showing. Correspondingly, BF (ID) is used for output values of bloom filters corresponding to the inlet switch, the first internal switch, the second internal switch and the outlet switch1)、BF(ID2)、BF(ID3) And BF (ID)4) Represents; initial value for current bloom filter BFnewAnd (4) showing. Updating the initial value of the bloom filter for processing the update label in the data packet according to the corresponding switch identity through the target switch, which specifically comprises the following steps:
the initial value of the bloom filter, BF, is set by the ingress switch S1 to be the initial value of the current bloom filter, 0new0, the corresponding switch identity ID is identified by the ingress switch S11Sending the output value to a bloom filter BF to obtain the output value BF (ID) of the corresponding bloom filter1) The output value BF (ID) of the corresponding bloom filter is calculated by the ingress switch S11) Initial value BF with current bloom FilternewBF of 0new∪BF(ID1) And according to the union BFnew∪BF(ID1) Initial value BF for current bloom FilternewUpdate is performed at 0, and the updated initial value is used as the initial value BF of the current bloom filter by the ingress switch S1new=0∪BF(ID1)。
Initial value BF of bloom Filter by first internal switch S2new=0∪BF(ID1) Initial value BF as current bloom Filternew=0∪BF(ID1) The corresponding switch identification ID is transmitted via the first internal switch S22Sending the output value to a bloom filter BF to obtain the output value BF (ID) of the corresponding bloom filter2) The output value BF (ID) of the corresponding bloom filter is calculated by the first internal switch S22) Initial value BF with current bloom Filternew=0∪BF(ID1) Combined set BF ofnew∪BF(ID2) And according to the union BFnew∪BF(ID2) Initial value BF for current bloom Filternew=0∪BF(ID1) Updating is performed by the first internal switch S2 with the updated initial value as the initial value BF of the current bloom filternew=0∪BF(ID1)∪BF(ID2)。
Initial value BF of bloom Filter by second internal switch S3new=0∪BF(ID1)∪BF(ID2) Initial value BF as current bloom Filternew=0∪BF(ID1)∪BF(ID2) The corresponding switch identification ID is transmitted via the second internal switch S33Sending the output value to a bloom filter BF to obtain the output value BF (ID) of the corresponding bloom filter3) The output value BF (ID) of the corresponding bloom filter is calculated by the second internal switch S33) Initial value BF with current bloom Filternew=0∪BF(ID1)∪BF(ID2) Combined set BF ofnew∪BF(ID3) And according to the union BFnew∪BF(ID3) Initial value BF for current bloom Filternew=0∪BF(ID1)∪BF(ID2) Updating is performed by the second internal switch S3 with the updated initial value as the initial value BF of the current bloom filternew=0∪BF(ID1)∪BF(ID2)∪BF(ID3)。
Initial value BF of bloom Filter by Outlet switch S4new=0∪BF(ID1)∪BF(ID2)∪BF(ID3) Initial value BF as current bloom Filternew=0∪BF(ID1)∪BF(ID2)∪BF(ID3) The corresponding switch identification ID is transmitted via the egress switch S44Sending the output value to a bloom filter BF to obtain the output value BF (ID) of the corresponding bloom filter4) The output value BF (ID) of the corresponding bloom filter is calculated by the egress switch S44) Initial value BF with current bloom Filternew=0∪BF(ID1)∪BF(ID2)∪BF(ID3) Combined set BF ofnew∪BF(ID4) And according to the union BFnew∪BF(ID4) Initial value BF for current bloom Filternew=0∪BF(ID1)∪BF(ID2)∪BF(ID3) Updating is performed by the egress switch S4 with the updated initial value as the initial value BF for the current bloom filternew=0∪BF(ID1)∪BF(ID2)∪BF(ID3)∪BF(ID4)。
Based on the foregoing, it can be appreciated that the initial value of each time a target switch bloom filter is passed will be updated, and the updated initial value, i.e., the initial value of the current bloom filter, is BFnew=0∪BF(ID1)∪BF(ID2)∪...∪BF(IDi-1)∪BF(IDi) Wherein IDiFor the switch identity, ID, of the current target switch1、ID2、…、IDi-1Respectively corresponding to the target switch, BF (ID)1)、BF(ID2)、…、BF(IDi-1) And BF (ID)i) Respectively updating bloom corresponding to target switch through which labels sequentially passThe output value of the filter.
Optionally, on the basis of the above technical scheme, the preset feature matrix is a two-dimensional square matrix. The predetermined vector is a two-dimensional vector. Updating the initial value of the preset vector of the update tag in the processing data packet according to the corresponding preset feature matrix through the target switch, which may specifically include: and taking the initial value of the two-dimensional vector of the update label in the processing data packet as the initial value of the current two-dimensional vector through the target switch. And calculating the product of the current two-dimensional vector and the corresponding preset feature matrix through the target switch to update the initial value of the current two-dimensional vector. And taking the updated initial value as the initial value of the current two-dimensional vector through the target switch.
In the embodiments of the present invention, as can be seen from the foregoing, the target switch here also includes an ingress switch, an internal switch, or an egress switch. Updating the initial value of the preset vector of the update tag in the processing data packet according to the corresponding preset feature matrix through the target switch, which may specifically include: and taking the initial value of the two-dimensional vector of the update label in the processing data packet as the initial value of the current two-dimensional vector through the target switch. And calculating the product of the current two-dimensional vector and the corresponding preset feature matrix through the target switch to update the initial value of the current two-dimensional vector. And taking the updated initial value as the initial value of the current two-dimensional vector through the target switch. The above may be understood as that the initial value of the two-dimensional vector of the update tag received by each target switch (except for the ingress switch in the target switch) (i.e. the initial value of the current two-dimensional vector received by each target switch) is the value of the product of the initial value of the two-dimensional vector of the update tag received by the previous target switch and the switch preset feature matrix of the previous target switch. For the ingress switch in the target switch, the initial value of the two-dimensional vector of the update tag received by the ingress switch (i.e., the initial value of the current two-dimensional vector received by the ingress switch) is the value of the two-dimensional vector of the update tag initialized by the ingress switch. It will be appreciated that the initial value of the current two-dimensional vector is also a value that changes continuously with the switches that are passed.
Illustratively, if two internal switches are assumed, the ingress switch, the first internal switch, the second internal switch, and the egress switch of the target switch are respectively denoted by S1, S2, S3, and S4, and the actual switch path is S1 → S2 → S3 → S4; the initial value of the two-dimensional vector is (v)1,v2) Represents; the preset feature matrixes of the switches corresponding to the inlet switch, the first internal switch, the second internal switch and the outlet switch are respectively M1、M2、M3And M4Represents; the initial value of the current two-dimensional vector is (v)1,v2)newAnd (4) showing. Updating the initial value of the preset vector of the update label in the processing data packet according to the corresponding preset feature matrix through the target switch, specifically as follows:
the initial value (v) of the two-dimensional vector of update tags in the processing packet is processed by the ingress switch S11,v2) As an initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2). Calculating the current two-dimensional vector (v) by the ingress switch S11,v2)newCorresponding preset feature matrix M1Product of (v)1,v2)*M1For the initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2) And (6) updating. The updated initial value (v) is passed through the ingress switch S11,v2)new=(v1,v2)*M1As an initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2)*M1
The initial value (v) of the two-dimensional vector of the update tag in the processing packet is to be processed by the first internal switch S21,v2)new=(v1,v2)*M1As an initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2)*M1. Calculating a current two-dimensional vector by the first internal switch S2 (S) ((S))v1,v2)newCorresponding preset feature matrix M2Product of (v)1,v2)new*M2For the initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2)*M1And (6) updating. The updated initial value (v) is transmitted through the first internal switch S21,v2)new=(v1,v2)*M1*M2As an initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2)*M1*M2
The initial value (v) of the two-dimensional vector of the update tag in the processing packet is to be processed by the second internal switch S31,v2)new=(v1,v2)*M1*M2As an initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2)*M1*M2. Calculating a current two-dimensional vector (v) by the second internal switch S31,v2)newCorresponding preset feature matrix M3Product of (v)1,v2)new*M3For the initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2)*M1*M2And (6) updating. The updated initial values (v1, v) are transmitted through the second internal switch S32)new=(v1,v2)*M1*M2*M3As an initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2)*M1*M2*M3
The initial value (v) of the two-dimensional vector of update tags in the processing packet is processed by the egress switch S41,v2)new=(v1,v2)*M1*M2*M3As an initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2)*M1*M2*M3. Through egress switch S4Calculating a current two-dimensional vector (v)1,v2)newCorresponding preset feature matrix M4Product of (v)1,v2)new*M4For the initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2)*M1*M2*M3And (6) updating. The updated initial value (v) is passed through the egress switch S41,v2)new=(v1,v2)*M1*M2*M3*M4As an initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2)*M1*M2*M3*M4
Based on the above, it can be understood that the initial value of the two-dimensional vector will be updated once every time a target switch passes, and the updated initial value, i.e. the initial value of the current two-dimensional vector, is (v)1,v2)new=(v1,v2)*M1*M2*...*Mi-1*MiWherein M isiPresetting a feature matrix, M, for the switch of the current target switch1、M2、…、Mi-1And respectively presetting feature matrixes for the switches corresponding to the target switches through which the updated labels sequentially pass before the current target switch.
It should be noted that the standard tag may be formed in the same processing manner as the update tag, and details are not described herein again. The standard tags differ from the update tags in that the switches through which the process packets are forwarded in the software defined network and the order of the switches through which the process packets are passed may differ.
In addition, it should be noted that the subsequent controller compares whether the standard tag is consistent with the update tag, and specifically may compare whether the value of the bloom filter in the standard tag is consistent with the value of the bloom filter in the update tag, and whether the value of the preset vector in the standard tag is the same as the value of the preset vector in the update tag. The values of the bloom filter and the preset vector in the update tag described herein refer to the values that are finally formed when the update tag is forwarded along the actual switch path along with the processed packet, and the values of the bloom filter and the preset vector in the standard tag refer to the values that are finally formed when the standard tag is forwarded along the planned switch path along with the processed packet.
And step 140, receiving, by the controller, the update label reported by the egress switch, and verifying whether the control plane and the data plane are consistent according to the update label and the standard label of the processed data packet determined by each switch corresponding to the planned switch path of the sampled data packet.
In an embodiment of the present invention, planning a switch path may be understood as the controller expecting a sampled packet to be forwarded in the software defined network according to the set switches and switch order. Based on the same manner as described in steps 110 to 130, the controller obtains the standard label of the processed data packet determined by each switch corresponding to the planned switch path of the sampled data packet, specifically: an entrance switch in a planning switch path receives a sampling data packet, inserts a label consisting of a bloom filter and a preset vector into the sampling data packet, generates a processing data packet carrying an updating label, initializes the updating label, and updates the updating label in the processing data packet according to an entrance switch identity and a preset feature matrix; at least one internal switch in the planned switch path forwards a processing data packet in the software defined network, and an updating label in the processing data packet is updated according to the corresponding switch identity and a preset characteristic matrix; and an exit switch in the path of the planning switch receives the processing data packet, updates the update tag in the processing data packet according to the switch identity of the exit switch and the preset characteristic matrix, and then takes the current update tag of the processing data packet as a standard tag. It can be understood that the standard label carries information of a planned switch path through which the sampling data packet passes, and the control plane can be embodied. This also provides a basis for subsequent controllers to verify that the control plane and data plane are consistent. It should be noted that the standard label is different from the updated label in that the standard label is formed by the controller based on each switch on the planned switch path, and the updated label is formed by each switch on the actual switch path. The standard label and the update label are the same, and the standard label and the update label are formed in the same specific mode.
The updating label carries actual switch path information through which the sampling data packet passes, and the standard label carries planned switch path information through which the sampling data packet passes, wherein the updating label can embody a data plane, the standard plane can embody a control plane, in order to verify whether the control plane and the data plane are consistent, the controller can compare whether a standard note and the updating label are consistent, if the standard label and the updating label are determined to be consistent, the planned switch path and the actual planned switch path can be indicated to be consistent, and therefore the control plane and the data plane are determined to be consistent; if the standard label is determined to be inconsistent with the updated label, it may be stated that the planned switch path is inconsistent with the actual planned switch path, and thus, it is determined that the control plane is inconsistent with the data plane. It should be noted that, since the standard tag and the updated tag each include the bloom filter and the preset vector, whether the standard tag and the updated tag are consistent can be determined by comparing the values of the bloom filter and the preset vector in the two tags. Furthermore, if the control plane and the data plane are determined to be inconsistent, the updating label carries the actual switch path information through which the sampling data packet passes, so that the actual switch path through which the sampling data packet passes can be analyzed through the controller according to the updating label, and the actual switch path is compared with the planned switch path; and then the controller determines the abnormal switch according to the comparison result.
According to the technical scheme of the embodiment, an ingress switch receives a sampling data packet, a label consisting of a bloom filter and a preset vector is inserted into the sampling data packet, a processing data packet carrying an update label is generated, the update label is initialized, the update label in the processing data packet is updated according to a corresponding switch identity and a preset feature matrix through the ingress switch, at least one internal switch and the egress switch, and the current update label of the processing data packet is reported to a controller through the egress switch; and receiving the update label reported by the outlet switch through the controller, and verifying whether the control plane and the data plane are consistent according to the update label and the standard label of the processing data packet determined by each switch corresponding to the planned switch path of the sampling data packet. The problem of inaccurate and the big data processing volume of detection control face and data face uniformity among the prior art is solved, realized on the basis of reducing data processing volume, improved the accuracy of detecting control face and data face uniformity.
Optionally, on the basis of the above technical solution, the method may further include: and if the control plane is not consistent with the data plane through verification of the controller, analyzing an actual switch path of the sampling data packet according to the updating label, and comparing the actual switch path with the planned switch path. And determining the abnormal switch according to the comparison result through the controller.
In the specific embodiment of the invention, because the update tag carries the actual switch path information through which the sampling data packet passes, the actual switch path through which the sampling data packet passes can be analyzed by the controller according to the update tag, and the actual switch path is compared with the planned switch path; and then the controller determines the abnormal switch according to the comparison result. The actual switch path represents each switch through which the sampling data packet passes and the sequence of each switch through which the sampling data packet passes under the actual condition; the planning of the switch path represents the sequence of each switch through which the sampling data packet passes and each switch through which the sampling data packet passes under the preset condition.
Illustratively, if the actual switch path traversed by a certain sampling packet is S1 → S2 → S3 → S4 → S5, the information of the switch traversed by the sampling packet is embodied in the update tag, that is, the update tag carries the information of the actual switch path traversed by the sampling packet, the controller parses the update tag, and parses the actual switch path of the sampling packet S1 → S2 → S3 → S4 → S5, meanwhile, the planned switch path of the sampling packet is S1 → S2 → S4 → S3 → S5, and the planned switch path is preset by the controller. By the controller comparing the actual switch path S1 → S2 → S3 → S4 → S5 and the planned switch path S1 → S2 → S4 → S3 → S5, it can be determined that the switch in which the abnormality occurs is S2.
It should be noted that the values of each element in the preset vector and the preset feature matrix are positive integers.
Optionally, on the basis of the above technical scheme, the preset feature matrix may satisfy the following conditions: the preset feature matrix has a corresponding inverse matrix. Analyzing the actual switch path of the sampling data packet according to the update tag may specifically include: and determining the switch to be screened according to the bloom filter in the updated label through the controller. And analyzing the actual switch path of the sampling data packet by the controller according to the inverse matrix of the preset characteristic matrix of the switch to be screened and the preset vector in the update label.
In the specific embodiment of the present invention, since the switch identification in the update label is sent to the bloom filter when the processing data packet is forwarded in the software-defined network, the switch to be screened may be determined by the controller according to the bloom filter in the update label, that is, if a certain switch identification can be queried in the bloom filter, it indicates that the switch corresponding to the switch identification is likely to be a switch appearing on the actual switch path, and the switch is taken as the switch to be screened. The reason why this is possible, not necessarily, is that the switch id of the switch may be queried in the bloom filter even though it is not the switch on the actual switch path due to the false positive probability of the bloom filter described above. In order to eliminate the influence of the false positive probability of the bloom filter on the determination of the actual switch path, the controller is further required to resolve the actual switch path of the sampling data packet according to the inverse matrix of the preset feature matrix of the switch to be screened and the preset vector in the update tag, so that the determined actual switch path is the accurate actual switch path. It should be noted that, because the inverse matrix of the preset feature matrix needs to be utilized, the preset feature matrix is required to satisfy the requirement that the corresponding inverse matrix exists in the preset feature matrix. The above process is specifically described below as an example.
Illustratively, as shown in fig. 1b, a schematic diagram of a software-defined network is provided, which includes: a source host 11, an ingress switch 12, a first internal switch 13, a second internal switch 14, an egress switch 15, and a destination host 16. And it is assumed that the ingress switch 12, the first internal switch 13, the second internal switch 14, and the egress switch 15 are denoted by S1, S2, S3, and S4, respectively. The planned switch path of a certain sample packet is S1 → S2 → S4, and the actual switch path is S1 → S3 → S4. BF for bloom Filter value in Standard LabelCIndicating, for example, the value of a two-dimensional vector in a standard label
Figure GDA0002599042490000181
Represents; updating the value of a bloom filter in a tag with BFPIndicating, for example, the value of a two-dimensional vector in a standard label
Figure GDA0002599042490000182
And (4) showing.
According to the planned switch path, the controller may calculate the standard label as: BF (BF) generatorC=0∪BF(ID1)∪BF(ID2)∪BF(ID4);
Figure GDA0002599042490000183
Wherein, ID1、ID2And ID4Switch identities corresponding to the ingress switch 12, the first internal switch 13, and the egress switch 15, respectively; BF (ID)1)、BF(ID2) And BF (ID)4) The output values of the bloom filters corresponding to the ingress switch 12, the first internal switch 13, and the egress switch 15, respectively; (v)1,v2) Initialized value of the two-dimensional vector for ingress switch 12, M1、M2And M4Presetting characteristics for switches corresponding to ingress switch 12, first internal switch 13 and egress switch 15, respectivelyAnd (4) matrix.
According to the actual switch path, the update tag reported by the egress switch 15 received by the controller is: BF (BF) generatorP=0∪BF(ID1)∪BF(ID3)∪BF(ID4);
Figure GDA0002599042490000184
Wherein, ID1、ID3And ID4Switch identities corresponding to the ingress switch 12, the second internal switch 14, and the egress switch 15, respectively; BF (ID)1)、BF(ID3) And BF (ID)4) The output values of the bloom filters corresponding to the ingress switch 12, the second internal switch 14, and the egress switch 15, respectively; (v)1,v2) Initialized value of the two-dimensional vector for ingress switch 12, M1、M3And M4The feature matrices are preset for the switches corresponding to the ingress switch 12, the second internal switch 14 and the egress switch 15, respectively.
It should be noted that the values of the elements in the two-dimensional vector and the preset feature matrix are positive integers. Since the values of the elements in the two-dimensional vector and the preset feature vector are positive integers, it can be obtained that the initial value of the two-dimensional vector is updated once every time the initial value passes through one target switch, and the updated initial value is the initial value (v) of the current two-dimensional vector1,v2)new=(v1,v2)*M1*M2*...*Mi-1*MiAlso a positive integer. Therefore, it may be considered to determine whether the target switch is a switch in the actual switch path by determining whether the initial value of the current two-dimensional vector is a positive integer.
The standard label and the updated label are compared by the controller, so that the standard label and the updated label are inconsistent, the control plane and the data plane are determined to be inconsistent, and the actual switch path through which the sampling data packet passes is analyzed according to the updated label, so that the faulty switch is determined. Since the ingress and egress switches are the same in the planned switch path and the actual switch path, the phase hereThe same includes the same order. Thus, the controller may first update the value of the two-dimensional vector in the tag based on the value of the two-dimensional vector
Figure GDA0002599042490000191
Computing
Figure GDA0002599042490000192
Wherein (M)4)-1Preset feature matrix M for egress switch4The inverse matrix of (c). Obviously, P is composed of two positive integers. And when the sampling data packet is forwarded in the software defined network, the switch identity in the update label is sent to the bloom filter, so that the switch to be screened can be determined by the controller according to the bloom filter in the update label, that is, if a certain switch identity can be inquired in the bloom filter, the switch corresponding to the switch identity is probably the switch appearing on the actual switch path, and the switch to be screened is taken as the switch to be screened. Thus, according to the above, if the bloom filter has a probability of false positive, the switch ids that may appear in the bloom filter are the switch id of the first internal switch 13 and the switch id of the second internal switch 14, and then the first internal switch 13 and the second internal switch 14 are determined as the switches to be screened, and P (M) is calculated continuously2)-1And P (M)3)-1Wherein (M)2)-1Presetting a feature matrix M for a first internal switch 132Inverse matrix of (M)3)-1Presetting a feature matrix M for the second internal switch 143Determining P (M) by inverse matrix of2)-1Whether it is two positive integers and P (M)3)-1If the number of the switches is two positive integers, if the number of the switches is two, the switch can be determined to be a switch on the actual switch path. It is clear that,
Figure GDA0002599042490000193
is two positive integers, and thus, it can be determined that the second internal switch 14 is a switch on the actual switch path.While
Figure GDA0002599042490000194
May not be two integers and therefore it may be determined that first internal switch 13 may not be a switch on the actual switch path. The calculation is continued and the calculation is continued,
Figure GDA0002599042490000195
until the product is equal to the initial value of the two-dimensional vector, the actual switch path passed by the sampling data packet is analyzed.
As can be seen from the above, in order to resolve the actual switch path through which the sampling data packet passes according to the update tag, the entire network may be searched from the egress switch first, and only when the switch identity corresponding to one switch can be queried in the bloom filter and the product of the inverse matrix of the preset feature matrix corresponding to the switch and the two-dimensional vector is composed of positive integers, it can be determined that the switch is the switch existing on the actual switch path.
It should be noted that, in order to further accurately determine what has been said above
Figure GDA0002599042490000201
The number of the preset feature matrix is not two positive integers, and correspondingly, the conditions required to be met by the preset feature matrix need to be further limited. The following is a detailed description of the conditions that need to be satisfied by the preset feature matrix.
As shown in table 1, the following symbols and meanings of the corresponding symbols are given in order to explain the constraints that need to be satisfied by the preset feature matrix.
TABLE 1
Figure GDA0002599042490000202
And the constraint condition 1 and the preset feature matrix have corresponding inverse matrixes. This is because the inverse matrix of the preset feature matrix is required to be used to resolve the actual switch path and determine the abnormal switch. The essential condition that the corresponding inverse matrix exists in the preset feature matrix is that the preset feature matrix is a full-rank matrix (or the determinant of the preset feature matrix is not zero, or the contract standard type of the preset feature matrix is a unit matrix).
Illustratively, a predetermined feature matrix is a two-dimensional square matrix
Figure GDA0002599042490000203
Whereas if M is required to have an inverse matrix, then if and only if
Figure GDA0002599042490000204
And
Figure GDA0002599042490000205
is linearly independent of
Figure GDA0002599042490000206
And
Figure GDA0002599042490000207
the linearity is not relevant if and only if the two are not multiples of each other.
Constraint 2, presetting the feature matrix allows for fast pruning. This is based on the foregoing, and when determining the abnormal switch, all possible switches need to be pruned to determine the faulty switch.
Illustratively, the switch in which the anomaly occurs is assumed to be the previous switch of the egress switch in the actual switch path. In accordance with the foregoing method of determining a faulty switch, the desired expression
Figure GDA0002599042490000208
The result of (c) is not a positive integer, and is a fraction, to achieve fast pruning. Due to the fact that
Figure GDA0002599042490000211
The result of (A) is a positive integer, and therefore, requires
Figure GDA0002599042490000212
Must be a fraction. In particular, assume now that
Figure GDA0002599042490000213
Then
Figure GDA0002599042490000214
Due to the fact that
Figure GDA0002599042490000215
Must be a fraction, and thus, ad-bc cannot be ± 1. In addition, a, b, c, and d are preferably prime numbers to ensure that the four numbers are not evenly divided by ad-bc at the same time.
Based on the above, considering that a, b, c and d are preferably prime numbers for constraint 1, the existence of the inverse matrix corresponding to the predetermined feature matrix M can be further defined as
Figure GDA0002599042490000216
And
Figure GDA0002599042490000217
are not identical.
The constraint condition 3 and the preset feature matrix of the adjacent switch are not exchangeable matrixes each other. It is considered that there may be cases, in particular: as shown in fig. 1b, it is assumed that there are two internal switches, and the ingress switch 12, the first internal switch 13, the second internal switch 14, and the egress switch 15 in the target switch are denoted by S1, S2, S3, and S4, respectively; the preset switch characteristic matrixes M corresponding to the ingress switch 12, the first internal switch 13, the second internal switch 14 and the egress switch 15 are respectively used1、M2、M3And M4Represents; the bloom filter is denoted by BF; respective IDs for switch identifications corresponding to the ingress switch 12, the first internal switch 13, the second internal switch 14, and the egress switch 151、ID2、ID3And ID4The output values of the bloom filters corresponding to the ingress switch 12, the first internal switch 13, the second internal switch 14, and the egress switch 15 are expressed as BF (ID) values, respectively1)、BF(ID2)、BF(ID3) And BF (ID)4) Represents; the planned switch path is S1 → S2 → S3 → S4, and the actual switch path is S1 → S3 → S2 → S4. BF for bloom Filter value in Standard LabelCIndicating, for example, the value of a two-dimensional vector in a standard label
Figure GDA0002599042490000218
Represents; updating the value of a bloom filter in a tag with BFPIndicating, for example, the value of a two-dimensional vector in a standard label
Figure GDA0002599042490000219
And (4) showing. The standard label is then: BF (BF) generatorC=0∪BF(ID1)∪BF(ID2)∪BF(ID3)∪BF(ID4);
Figure GDA00025990424900002110
The update tag is: BF (BF) generatorP=0∪BF(ID1)∪BF(ID3)∪BF(ID2)∪BF(ID4);
Figure GDA00025990424900002111
Because the actual switch path is the same as the switches in the planned switch path, only the sequence of the switches is different, therefore, the BFC=BFPIf M is2=M3I.e. the predetermined feature matrices of adjacent switches are exchangeable with each other, then
Figure GDA00025990424900002112
That is, the standard label is consistent with the update label, and at this time, the controller determines that the control plane is consistent with the data plane according to the consistency of the standard label and the update label. However, in reality, the actual switch path is not the same as the planned switch path, which is a controller misjudgment situation. In order to avoid the above-mentioned controller misjudgment situation, it is necessary to ensure that the preset feature matrices of the adjacent switches cannot be mutually exchangeable matrices.
Now, assume that the preset feature matrix a and the preset feature matrix B are preset feature matrices of two adjacent switches, let:
Figure GDA0002599042490000221
then:
Figure GDA0002599042490000222
Figure GDA0002599042490000223
if A B A, the following equation is true:
Figure GDA0002599042490000224
after transformation, the following equation sets are provided:
Figure GDA0002599042490000225
if one of the three equations in the above equation set (2) is not satisfied, a ≠ B ≠ a. With the third equation in equation set (2), there is the following reasoning:
Figure GDA0002599042490000226
considering that all four numbers in the preset feature matrix are prime numbers (see constraint 2), if B1 ≠ B2 or c1 ≠ c2, then a ≠ B ≠ a. This is because
Figure GDA0002599042490000227
And
Figure GDA0002599042490000228
are the simplest fractions and therefore the only way they are equal is that the numerator and denominator are respectively equal, i.e. b 1-b 2 and c 1-c 2.
And 4, the constraint condition is different from the preset characteristic matrix of the non-adjacent switch. As shown in FIG. 1b, if M2=M3And due to
Figure GDA0002599042490000231
Figure GDA0002599042490000232
Then
Figure GDA0002599042490000233
At this time, if it is to be ensured that the controller can accurately determine whether the standard tag and the updated tag are consistent, M is ensured in consideration of the probability of false positives existing in the bloom filter depending on whether the values of the bloom filter, that is, the standard tag and the updated tag are consistent2≠M3That is, the preset feature matrices of the non-adjacent switches are ensured to be different.
In the following, the method for detecting consistency of the control plane and the data plane according to the embodiment of the present invention is compared with a solution based on a label in the prior art from two aspects of verification accuracy of the control plane and the data plane and overhead of the control plane, so as to evaluate the method for detecting consistency of the control plane and the data plane according to the embodiment of the present invention. Specifically, the method comprises the following steps:
from the viewpoint of verification accuracy of the control plane and the data plane, it can be known from the foregoing that, if the sampled packet is forwarded according to the regular switch path, the standard label is consistent with the update label, so as to determine that the control plane is consistent with the data plane, and only in this case, the standard label and the update label are consistent, so that the detection method has high accuracy. Meanwhile, if the standard label is determined to be inconsistent with the updated label, the abnormal switch is accurately searched by using the bloom filter and the preset vector, the problem of misjudgment caused by searching only by using the bloom filter is solved, and the accuracy of searching the abnormal switch is further improved. However, in the prior art, the label-based solution uses information compressed in the bloom filter to resolve the actual switch path, and since the bloom filter has a false positive probability, the solution is likely to have a false judgment, so that the wrong actual switch path is resolved.
From a control plane overhead perspective, in particular, both storage overhead and computational overhead are compared to prior art tag-based solutions. First, the storage overhead: at the control plane, the prior art label-based solution needs to store an additional path table, and information of each hop on the forwarding path is stored, so that the storage cost of the path table is proportional to the hop count of the forwarding path. The detection method according to the embodiment of the present invention does not need to maintain such an additional path table, and as long as the number of data flows and the number of switches remain unchanged, the control plane storage overhead does not change. Secondly, calculating the overhead: the computational overhead of the prior art label-based solution comes mainly from three aspects, namely path table construction, consistency verification and anomaly localization. The overhead sources of the detection method according to the embodiment of the present invention mainly come from two aspects, namely consistency detection and abnormal positioning. In order to evaluate the computational overhead, the number of access operations may be used as a measure, and corresponding network parameters are defined as shown in table 2.
TABLE 2
Figure GDA0002599042490000234
Figure GDA0002599042490000241
Table 3 shows the computation overhead corresponding to the tag-based solution in the prior art (referred to as prior art for short) and the detection method mentioned in the embodiment of the present invention (referred to as present application for short) in the worst case. These will be described below.
For the prior art label-based solution, (1) the computational overhead for path table construction: since the path table stores the per-hop planned switch path for each data flow from each (inport, outport) pair, the overhead to construct the path table is 0 (nmh); (2) computational overhead for consistency verification: since the reported pair (inport, outport) and the packet header are used to match the path table, each data packet causes a calculation overhead of 0(n) +0 (m); (3) computational overhead for anomaly localization: because two steps are needed to analyze the actual switch path, specifically, one step is to construct the part which is the same as the planned switch path; and secondly, utilizing a backtracking structure and a part different from a planned switch path. Accordingly, the computational overhead resulting from the above two steps is 0(ph) × (0(n) +0(m) +0 (h)).
For the detection method mentioned in the specific embodiment of the present invention, (1) for the calculation overhead of the path table: since the detection method does not need to use a path table, the calculation overhead caused by constructing the path table is 0; (2) computational overhead for consistency verification: in the detection method, the controller only needs to compare whether the updated tag is consistent with the standard tag, so the calculation overhead caused by each data packet is 0(1), and it needs to be noted that the standard tag only needs to calculate each data stream once, so the calculation overhead caused by each data stream is 0 (h); (3) computational overhead for anomaly localization: since the detection method needs to traverse all possible switches to find the abnormal switch, the calculation overhead is 0 (ph).
As can be seen from the comparison result, compared with the prior art, the complexity of the detection method is greatly reduced.
TABLE 3
Scheme(s) Path table Consistency verification Anomaly location
Prior Art 0(nmh) 0(n)+0(m) 0(ph)*(0(n)+0(m)+0(h))
This application 0 0(1) 0(ph)
Example two
Fig. 2 is a flowchart of a method for detecting consistency between a control plane and a data plane according to an embodiment of the present invention, which is applied to a software-defined network, where this embodiment is applicable to detecting whether the control plane and the data plane in the software-defined network are consistent, and the method may be executed by a device in the software-defined network, where the device may be implemented in a software and/or hardware manner, for example, typically, a switch and a controller in the software-defined network. As shown in fig. 2, the method specifically includes the following steps:
step 201, receiving an original data packet through an ingress switch, and determining a data flow to which the original data packet belongs according to the quintuple.
Step 202, the ingress switch obtains a time when the ingress switch receives the original data packet as a first time, and obtains a time when the data stream is sampled last as a second time.
Step 203, if the time difference between the first time and the second time is greater than or equal to the sampling interval of the data stream through the ingress switch, determining that the original data packet is a sampling data packet, inserting a tag consisting of a bloom filter and a preset vector into the packet header of the sampling data packet, generating a processing data packet carrying an update tag, initializing the update tag, and updating the update tag in the processing data packet according to the corresponding switch identity and the preset feature matrix.
And 120, forwarding the processed data packet in the software defined network through at least one internal switch, and updating the update tag in the processed data packet according to the corresponding switch identity and the preset feature matrix.
And 204, receiving the processed data packet through the outlet switch, updating the update tag in the processed data packet according to the corresponding switch identity and the preset feature matrix, and reporting the current update tag of the processed data packet to the controller.
And step 205, receiving, by the controller, the update label reported by the egress switch, and verifying whether the control plane and the data plane are consistent according to the update label and the standard label of the processed data packet determined by each switch corresponding to the planned switch path of the sampled data packet.
If the update tag is not consistent with the standard tag, the control plane and the data plane are determined to be inconsistent, and the process goes to step 208.
And step 207, if the updating label is verified to be consistent with the standard label through the controller, determining that the control plane and the data plane are consistent.
And step 208, determining the switch to be screened according to the bloom filter in the updated label through the controller.
And 209, analyzing the actual switch path of the sampling data packet according to the inverse matrix of the preset feature matrix of the switch to be screened and the preset vector in the updating label by the controller, and comparing the actual switch path with the planned switch path.
And step 210, determining the abnormal switch according to the comparison result through the controller.
In a specific implementation of the present invention, a sampled packet processing algorithm is shown in FIG. 4. The ingress switch is responsible for inserting a tag consisting of a bloom filter and a preset vector into a sampling data packet, generating a processing data packet carrying an update tag, initializing the update tag (line 2 in table 4), and sending an initial value of the preset vector of each data flow to the controller (lines 3-5 in table 4). Each switch through which the packet is processed, including the ingress switch, at least one internal switch, or the egress switch, will update the update tag according to the corresponding switch identity and the predetermined feature matrix (row 7 in table 4). Before the processing packet is discarded or sent by the egress switch to the destination host, the update tag is removed from the header of the processing packet, and the egress switch reports the current update tag to the controller.
TABLE 4
Algorithm 1 sampling data packet processing Algorithm
Input:
M: and presetting a switch characteristic matrix.
ID: and (4) identifying the identity of the switch.
(v1,v2): an initial value of the two-dimensional vector.
BF: the output value of the bloom filter.
tag: and updating the label of the packet header.
If the input port is an edge port then
BF ═ 0; assigning (v) an initial value of a two-dimensional vector in an update tag based on a data stream1,v2);
If sampled data packets come from a new data stream then
4. Sending (v)1,v2) Feeding the controller;
5.end if
6.end if
7.BF=BF∪BF(ID);(v1,v2)*M
if egress port is edge port or packet loss then
9. Removing the tag of the packet header and reporting the tag to the controller;
10.end if
TABLE 5
Figure GDA0002599042490000261
Figure GDA0002599042490000271
As shown in table 5, a verification algorithm is given, and the controller receives the update label reported by the egress switch, compares the update label with the standard labels of the processed data packets determined by the switches corresponding to the planned switch path of the sampled data packet, and determines that the control plane is consistent with the data plane if the update label is consistent with the standard labels. And if the updated label is inconsistent with the standard label, determining that the control plane is inconsistent with the data plane.
TABLE 6
Figure GDA0002599042490000272
Figure GDA0002599042490000281
As shown in table 6, a positioning algorithm is given. First, the entire network is searched from the egress switch, and it can be determined that a switch exists on the actual switch path only when the switch id corresponding to the switch can be found in the bloom filter and the product of the inverse matrix of the preset feature matrix corresponding to the switch and the two-dimensional vector is composed of positive integers (row 7 in table 6). All switches that the sampled packet may pass through are stored in the stack (line 6-line 15 in table 6.) if a switch that meets the condition of line 7 in table 3 cannot be found, the actualPath and P (line 16-line 21 in table 6) need to be rolled back before continuing the search.
According to the technical scheme of the embodiment, an ingress switch receives a sampling data packet, a label consisting of a bloom filter and a preset vector is inserted into the sampling data packet, a processing data packet carrying an update label is generated, the update label is initialized, the update label in the processing data packet is updated according to a corresponding switch identity and a preset feature matrix through the ingress switch, at least one internal switch and the egress switch, and the current update label of the processing data packet is reported to a controller through the egress switch; and receiving the update label reported by the outlet switch through the controller, and verifying whether the control plane and the data plane are consistent according to the update label and the standard label of the processing data packet determined by each switch corresponding to the planned switch path of the sampling data packet. The problem of inaccurate and the big data processing volume of detection control face and data face uniformity among the prior art is solved, realized on the basis of reducing data processing volume, improved the accuracy of detecting control face and data face uniformity.
EXAMPLE III
Fig. 3 is a schematic structural diagram of a system for detecting consistency between a control plane and a data plane according to a third embodiment of the present invention, where this embodiment is applicable to detecting whether the control plane and the data plane in a software-defined network are consistent, and as shown in fig. 3, the system for detecting consistency between the control plane and the data plane may specifically include a software-defined network 3, where the software-defined network 3 includes: an ingress switch 31, at least one internal switch 32 (only one shown), an egress switch 33, and a controller 34. The structure and function of which are explained below.
The ingress switch 31 is configured to receive a sampled data packet, insert a tag composed of a bloom filter and a preset vector into the sampled data packet, generate a processed data packet carrying an update tag, initialize the update tag, and update the update tag in the processed data packet according to a corresponding switch identity and a preset feature matrix.
And the at least one internal switch 32 is used for forwarding the processing data packet in the software defined network 3 and updating the update tag in the processing data packet according to the corresponding switch identity and the preset feature matrix.
And the egress switch 34 is configured to receive the processed data packet, update the update tag in the processed data packet according to the corresponding switch identity and the preset feature matrix, and report the current update tag of the processed data packet to the controller 34.
And a controller 34, configured to receive the update label reported by the egress switch 33, and verify whether the control plane and the data plane are consistent according to the update label and a standard label of the processed data packet determined by each switch corresponding to the planned switch path of the sampled data packet.
According to the technical scheme of the embodiment, an ingress switch receives a sampling data packet, a label consisting of a bloom filter and a preset vector is inserted into the sampling data packet, a processing data packet carrying an update label is generated, the update label is initialized, the update label in the processing data packet is updated according to a corresponding switch identity and a preset feature matrix through the ingress switch, at least one internal switch and the egress switch, and the current update label of the processing data packet is reported to a controller through the egress switch; and receiving the update label reported by the outlet switch through the controller, and verifying whether the control plane and the data plane are consistent according to the update label and the standard label of the processing data packet determined by each switch corresponding to the planned switch path of the sampling data packet. The problem of inaccurate and the big data processing volume of detection control face and data face uniformity among the prior art is solved, realized on the basis of reducing data processing volume, improved the accuracy of detecting control face and data face uniformity.
Example four
The fourth embodiment of the present invention provides a switch, which is applicable to detecting whether a control plane and a data plane in a software defined network are consistent. The structure and function of which are explained below. The switch can be applied to the detection system for the consistency of the control plane and the data plane in the embodiment of the invention. The switch may specifically include: an ingress switch, an internal switch, and an egress switch.
According to the technical scheme, the switch is applied to the detection system for the consistency of the control plane and the data plane, so that the accuracy of the detection system for detecting the consistency of the control plane and the data plane is improved.
Optionally, on the basis of the above technical solution, if the switch is an ingress switch, the switch is configured to receive a sampled data packet, insert a tag composed of a bloom filter and a preset vector into the sampled data packet, generate a processed data packet carrying an update tag, initialize the update tag, and update the update tag in the processed data packet according to the corresponding switch identity and the preset feature matrix.
And if the switch is an internal switch, the switch is used for forwarding the processing data packet in the software defined network, and updating the updating label in the processing data packet according to the corresponding switch identity and the preset characteristic matrix.
And if the switch is an exit switch, the switch is used for receiving the processing data packet, updating the update label in the processing data packet according to the corresponding switch identity and the preset characteristic matrix, and reporting the current update label of the processing data packet to the controller.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. A method for detecting consistency of a control plane and a data plane is applied to a software defined network, and is characterized by comprising the following steps:
receiving a sampling data packet through an entrance switch, inserting a label consisting of a bloom filter and a preset vector into the sampling data packet, generating a processing data packet carrying an updating label, initializing the updating label, and updating the updating label in the processing data packet according to a corresponding switch identity and a preset feature matrix;
forwarding the processing data packet in the software defined network through at least one internal switch, and updating an updating label in the processing data packet according to a corresponding switch identity and a preset feature matrix;
receiving the processing data packet through an exit switch, updating an update tag in the processing data packet according to a corresponding switch identity and a preset feature matrix, and reporting the current update tag of the processing data packet to a controller;
and receiving the update label reported by the exit switch through a controller, and verifying whether a control plane and a data plane are consistent according to the update label and the standard label of the processing data packet determined by each switch corresponding to the planned switch path of the sampling data packet.
2. The method of claim 1, further comprising:
if the control plane and the data plane are verified to be inconsistent through the controller, analyzing an actual switch path of the sampling data packet according to the updating label, and comparing the actual switch path with the planned switch path;
and determining the abnormal switch according to the comparison result through the controller.
3. The method of claim 1, wherein updating the update tag in the processed data packet according to the corresponding switch identity and the preset feature matrix comprises:
updating the initial value of the bloom filter of the update label in the processing data packet through the target switch according to the corresponding switch identity;
updating the initial value of the preset vector of the update label in the processing data packet according to the corresponding preset feature matrix through the target switch;
wherein the target switch comprises: an ingress switch, an internal switch, or an egress switch.
4. The method of claim 3, wherein updating, by the target switch, the initial value of the bloom filter of the update tag in the processing packet according to the corresponding switch identity comprises:
taking the initial value of the bloom filter of the update label in the processing data packet as the initial value of the current bloom filter through the target switch;
sending the corresponding switch identity identification to the bloom filter through the target switch to obtain an output value of the corresponding bloom filter;
calculating a union set of the output value of the corresponding bloom filter and the initial value of the current bloom filter through a target switch, and updating the initial value of the current bloom filter according to the union set;
and taking the updated initial value as the initial value of the current bloom filter through the target switch.
5. The method of claim 4, wherein the predetermined feature matrix is a two-dimensional square matrix; the preset vector is a two-dimensional vector;
updating the initial value of the preset vector of the update tag in the processing data packet through the target switch according to the corresponding preset feature matrix, wherein the updating comprises the following steps:
taking the initial value of the two-dimensional vector of the update label in the processing data packet as the initial value of the current two-dimensional vector through the target switch;
calculating the product of the current two-dimensional vector and the corresponding preset feature matrix through a target switch to update the initial value of the current two-dimensional vector;
and taking the updated initial value as the initial value of the current two-dimensional vector through the target switch.
6. The method according to claim 2, wherein the preset feature matrix satisfies the following condition: presetting a corresponding inverse matrix in the feature matrix;
analyzing the actual switch path of the sampling data packet according to the update tag, wherein the actual switch path comprises the following steps:
determining the switch to be screened according to the bloom filter in the updated label through a controller;
and analyzing the actual switch path of the sampling data packet according to the inverse matrix of the preset characteristic matrix of the switch to be screened and the preset vector in the updated label by using a controller.
7. The method according to any one of claims 1 to 6, wherein receiving a sampling packet through an ingress switch, inserting a tag consisting of a bloom filter and a predetermined vector into the sampling packet, generating a processing packet carrying an update tag, and initializing the update tag comprises:
receiving an original data packet through an entrance switch, and determining a data flow to which the original data packet belongs according to a quintuple;
acquiring the time when the original data packet is received by the entrance switch as a first time and acquiring the time when the data stream is sampled for the last time as a second time by the entrance switch;
if the time difference between the first time and the second time is greater than or equal to the sampling interval of the data flow, determining that the original data packet is a sampling data packet through an entrance switch, inserting a label consisting of a bloom filter and a preset vector into the packet head of the sampling data packet, generating a processing data packet carrying an updating label, and initializing the updating label;
the initial value of the preset vector in the update tag corresponding to the sampling data packet belonging to one data stream is the same.
8. A control plane and data plane conformance detection system, comprising a software-defined network, the software-defined network comprising: an ingress switch, at least one internal switch, an egress switch, and a controller;
the inlet switch is used for receiving a sampling data packet, inserting a label consisting of a bloom filter and a preset vector into the sampling data packet, generating a processing data packet carrying an updating label, initializing the updating label, and updating the updating label in the processing data packet according to a corresponding switch identity and a preset feature matrix;
the at least one internal switch is used for forwarding the processing data packet in the software defined network and updating the updating label in the processing data packet according to the corresponding switch identity and the preset feature matrix;
the egress switch is configured to receive the processed data packet, update an update tag in the processed data packet according to a corresponding switch identity and a preset feature matrix, and report the current update tag of the processed data packet to a controller;
and the controller is used for receiving the update label reported by the outlet switch, and verifying whether a control plane and a data plane are consistent or not according to the update label and the standard label of the processing data packet determined by each switch corresponding to the planned switch path of the sampling data packet.
9. A switch applied to the detection system of claim 8, comprising: an ingress switch, an internal switch, and an egress switch.
10. The switch according to claim 9, wherein if the switch is an ingress switch, the switch is configured to receive a sampled data packet, insert a tag composed of a bloom filter and a preset vector into the sampled data packet, generate a processed data packet carrying an update tag, initialize the update tag, and update the update tag in the processed data packet according to a corresponding switch identity and a preset feature matrix;
if the switch is an internal switch, the switch is used for forwarding the processing data packet in the software defined network, and updating the updating label in the processing data packet according to the corresponding switch identity and the preset feature matrix;
and if the switch is an exit switch, the switch is used for receiving the processing data packet, updating the update label in the processing data packet according to the corresponding switch identity and the preset feature matrix, and reporting the current update label of the processing data packet to a controller.
CN201810474636.8A 2018-05-17 2018-05-17 Detection method and detection system for consistency of control plane and data plane and switch Active CN108768769B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810474636.8A CN108768769B (en) 2018-05-17 2018-05-17 Detection method and detection system for consistency of control plane and data plane and switch

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810474636.8A CN108768769B (en) 2018-05-17 2018-05-17 Detection method and detection system for consistency of control plane and data plane and switch

Publications (2)

Publication Number Publication Date
CN108768769A CN108768769A (en) 2018-11-06
CN108768769B true CN108768769B (en) 2020-12-08

Family

ID=64007095

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810474636.8A Active CN108768769B (en) 2018-05-17 2018-05-17 Detection method and detection system for consistency of control plane and data plane and switch

Country Status (1)

Country Link
CN (1) CN108768769B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110225008B (en) * 2019-05-27 2020-07-31 四川大学 SDN network state consistency verification method in cloud environment
CN110912766B (en) * 2019-10-18 2021-04-20 国家计算机网络与信息安全管理中心 Communication network multi-plane data consistency checking method
CN111464340B (en) * 2020-03-19 2022-10-18 北京大学深圳研究生院 Network control method, data forwarding method and software defined network
WO2023115373A1 (en) * 2021-12-22 2023-06-29 北京大学深圳研究生院 Heterogeneous convergence network and path consistency verification method therefor, and storage medium
CN115514644B (en) * 2022-11-15 2023-03-10 阿里云计算有限公司 Entry consistency checking method, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104702468A (en) * 2015-03-05 2015-06-10 华为技术有限公司 Transmission path determining method, device and system
WO2017118875A1 (en) * 2016-01-05 2017-07-13 Telefonaktiebolaget Lm Ericsson (Publ) Mechanism to detect control plane loops in a software defined networking (sdn) network
CN107070673A (en) * 2015-11-05 2017-08-18 中华电信股份有限公司 Path state return algorithm based on centralized control plane
CN107171883A (en) * 2016-03-08 2017-09-15 华为技术有限公司 Detect method, device and the equipment of forward table

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104702468A (en) * 2015-03-05 2015-06-10 华为技术有限公司 Transmission path determining method, device and system
CN107070673A (en) * 2015-11-05 2017-08-18 中华电信股份有限公司 Path state return algorithm based on centralized control plane
WO2017118875A1 (en) * 2016-01-05 2017-07-13 Telefonaktiebolaget Lm Ericsson (Publ) Mechanism to detect control plane loops in a software defined networking (sdn) network
CN107171883A (en) * 2016-03-08 2017-09-15 华为技术有限公司 Detect method, device and the equipment of forward table

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Mind the Gap: Monitoring the Control-Data Plane Consistency in Software Defined Networks;Peng Zhang etc;《ACM CoNEXT"16:Proceedings of the 12th International Conference on emerging Networking EXperiments and Technolegies》;20161231;page19-33 *

Also Published As

Publication number Publication date
CN108768769A (en) 2018-11-06

Similar Documents

Publication Publication Date Title
CN108768769B (en) Detection method and detection system for consistency of control plane and data plane and switch
US7941606B1 (en) Identifying a flow identification value mask based on a flow identification value of a packet
CN108270620A (en) Network anomaly detection method, device, equipment and medium based on Portrait brand technology
US9680720B1 (en) Operations, administration, and maintenance (OAM) engine
EP2658176A1 (en) Method, apparatus and system for flow measurment
AU2017345769B2 (en) Systems and methods for scalable network modeling
CN106605392A (en) Systems and methods for performing operations on networks using a controller
CN103004158A (en) Network device with a programmable core
US11729085B2 (en) Cluster wide packet tracing
EP3222003B1 (en) Inline packet tracing in data center fabric networks
CN113938407B (en) Data center network fault detection method and device based on in-band network telemetry system
CN107113282A (en) A kind of method and device for extracting data message
US20180054397A1 (en) Filtration of Network Traffic Using Virtually-Extended Ternary Content-Addressable Memory (TCAM)
US20210185153A1 (en) Hybrid Fixed/Programmable Header Parser for Network Devices
US20220294712A1 (en) Using fields in an encapsulation header to track a sampled packet as it traverses a network
EP3534577B1 (en) Forwarding multicast packets through an extended bridge
CN107547334A (en) A kind of message forwarding method and device
US10778610B2 (en) Deduplication of mirror traffic in analyzer aggregation network
CN109818804B (en) Network monitoring method and device
US9819579B2 (en) Header space analysis extension systems and methods for transport networks
RU2019142997A (en) METHOD AND DEVICE FOR DETECTING INFRASTRUCTURE ANOMALIES
CN115766252A (en) Flow abnormity detection method and device, electronic equipment and storage medium
CN113872784B (en) Network configuration verification method and device
CN114095265A (en) ICMP hidden tunnel detection method, device and computer equipment
US20080189410A1 (en) Directing a network transaction to a probe

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant