CN109995606A - Virtualize deep-packet detection vDPI flow control methods and network element device - Google Patents
Virtualize deep-packet detection vDPI flow control methods and network element device Download PDFInfo
- Publication number
- CN109995606A CN109995606A CN201810000838.9A CN201810000838A CN109995606A CN 109995606 A CN109995606 A CN 109995606A CN 201810000838 A CN201810000838 A CN 201810000838A CN 109995606 A CN109995606 A CN 109995606A
- Authority
- CN
- China
- Prior art keywords
- target
- vdpi
- information
- equipment
- tor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/38—Flow based routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of virtualization deep-packet detection vDPI flow control methods and network element device, method includes: to obtain the five-tuple information of the target service flow occurred on SDN gateway entity;According to five-tuple information and default mapping table, the first instruction information of the target ToR equipment identity information of instruction SDN gateway entity lower layer, and the second indication information of the corresponding target vDPI equipment identity information of instruction target ToR equipment are determined;First instruction information and second indication information are sent to SDN gateway entity.The present invention determines the ToR equipment and vDPI equipment of SDN gateway entity according to the five-tuple information of target service flow, since the uplink traffic of same service traffics five-tuple information corresponding with downlink traffic is identical, determining ToR equipment and vDPI equipment is also identical, this it is avoided that asymmetric flow generation, guarantee XDR integrality and accuracy.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of virtualization deep-packet detection vDPI flow control methods and
Network element device.
Background technique
Uniform depth packet detection (DPI, Deep Packet Inspection) equipment is used to enhance the place of 4 to 7 layer protocols
Reason ability can be parsed and be identified to high layer information according to means predetermined, and be intervened on demand data stream.System
Mainly there are five logic functions for one DPI equipment: business identification, filtering distribution, log, statistics and flow control, wherein business identification are
Functional realization basis.But in practical applications, frequent occurrence the uplink traffic of flow and downlink traffic by not
The case where with DPI equipment, i.e., asymmetric flow, this will lead to asymmetric flow business can not identify, data record (XDR, X
Data Recording) integrality and accuracy reduce, the statistical analysis inaccuracy based on XDR, so as to cause can not accurately flow
The problems such as control.Wherein, XDR refers to the key message record to data traffic in mobile network and bearer network, i.e. traffic log,
The business recognition result of flow will record in XDR, and five-tuple information is source IP, destination IP, source port, destination in XDR
Mouth, agreement.
Further, deep-packet detection (vDPI, Virtual Deep Packet Inspection) is virtualized, i.e. DPI
Network function virtualize (NFV, Network Function Virtualization), the network architecture as shown in Figure 1, should
Framework includes: application layer, control layer (Controller) and forwarding, wherein forwarding include: software defined network (SDN,
Software Defined Network) gateway, onion routing (ToR, The Onion Router) and vDPI cluster.At this
Under structure, one of problem is uplink traffic and downlink traffic without same vDPI equipment, in particular to without same
Platform ToR, or by the same ToR without same vDPI.As shown in Fig. 2, the route of terminal access content, i.e. upstream
Amount, by reaching the vDPI4 in vDPI cluster 2 through ToR2 after SDN gateway, and downlink traffic by after SDN gateway after ToR2
The vDPI2 or downlink traffic in vDPI cluster 2 are reached by reaching the vDPI4 in vDPI cluster 3 through ToR3 after SDN gateway,
At this moment asymmetric flow will be generated, this will lead to, and asymmetric flow business can not identify, XDR integrality and accuracy reduce,
Based on XDR statistical analysis inaccuracy, so as to cause can not accurate flow control the problems such as.
Summary of the invention
The present invention provides a kind of virtualization deep-packet detection vDPI flow control methods and network element device, solves existing skill
In art because caused by generating the asymmetric flow of vDPI XDR integrality and accuracy reduce, can not accurate flow control the problem of.
The embodiment of the present invention provides a kind of virtualization deep-packet detection vDPI flow control methods, is applied to control layer net
First entity, method include:
Obtain the five-tuple information of the target service flow occurred on software defined network SDN gateway entity;Wherein, same
The corresponding five-tuple information of the uplink traffic of service traffics and downlink traffic is identical;
According to five-tuple information and default mapping table, determine that the target routing ToR of instruction SDN gateway entity lower layer is set
First instruction information of standby identity information, and the corresponding target virtualization deep-packet detection vDPI of instruction target ToR equipment are set
The second indication information of standby identity information;Wherein, default mapping table is used to indicate reflecting between ToR equipment and vDPI equipment
Penetrate relationship;
First instruction information and second indication information are sent to SDN gateway entity.
Wherein, according to five-tuple information and default mapping table, the target routing of instruction SDN gateway entity lower layer is determined
First instruction information of ToR equipment identity information, and the corresponding target virtualization deep-packet detection of instruction target ToR equipment
The step of second indication information of vDPI equipment identity information, comprising:
According to five-tuple information, the cryptographic Hash of target service flow is determined;
According to cryptographic Hash and default mapping table, the target ToR equipment identities letter of instruction SDN gateway entity lower layer is determined
First instruction information of breath;
According to cryptographic Hash and default mapping table, the corresponding target vDPI equipment identities of instruction target ToR equipment are determined
The second indication information of information.
Wherein, according to cryptographic Hash and default mapping table, the target ToR equipment of instruction SDN gateway entity lower layer is determined
The step of first instruction information of identity information, comprising:
According to the ToR number of devices of SDN gateway entity lower layer indicated by cryptographic Hash and default mapping table, determine
Indicate the first instruction information of target ToR equipment identity information.
Wherein, according to cryptographic Hash and default mapping table, the corresponding target vDPI equipment of instruction target ToR equipment is determined
The step of second indication information of identity information, comprising:
According to the number of the corresponding vDPI of target ToR equipment indicated by cryptographic Hash and default mapping table, determine
Indicate the second indication information of target vDPI equipment identity information.
Wherein, the step of the five-tuple information of the target service flow occurred on software defined network SDN gateway entity is obtained
Suddenly, comprising:
Receive the package request that SDN gateway entity is sent after receiving target service flow;Package request is for requesting
The empty encapsulation like extension local area network VXLAN message of target service flow;
According to package request, the five-tuple information of target service flow is determined.
Wherein, default mapping table includes: the number of the ToR equipment of SDN gateway entity lower layer, the number of ToR equipment
Or the corresponding vDPI cluster of call number, ToR equipment IP address and/or the vDPI equipment in MAC Address, vDPI cluster number
Mesh.
Wherein, five-tuple information includes: source IP address, purpose IP address, source port, destination port and agreement.
The embodiment of the present invention also provides a kind of network element device, is applied to control layer network element entity, comprising:
First obtains module, for obtaining the five of the target service flow occurred on software defined network SDN gateway entity
Tuple information;Wherein, the corresponding five-tuple information of the uplink traffic of same service traffics and downlink traffic is identical;
First processing module, for determining under instruction SDN gateway entity according to five-tuple information and default mapping table
First instruction information of the target routing ToR equipment identity information of layer, and the corresponding target virtualization of instruction target ToR equipment
The second indication information of deep-packet detection vDPI equipment identity information;Wherein, default mapping table be used to indicate ToR equipment and
Mapping relations between vDPI equipment;
First sending module, for the first instruction information and second indication information to be sent to SDN gateway entity.
Wherein, first processing module includes:
First computational submodule, for determining the cryptographic Hash of target service flow according to five-tuple information;
First processing submodule, for determining instruction SDN gateway entity lower layer according to cryptographic Hash and default mapping table
Target ToR equipment identity information first instruction information;
Second processing submodule, for determining that instruction target ToR equipment is corresponding according to cryptographic Hash and default mapping table
Target vDPI equipment identity information second indication information.
Wherein, the first processing submodule includes:
First computing unit, for the SDN gateway entity lower layer according to indicated by cryptographic Hash and default mapping table
ToR number of devices, determine instruction target ToR equipment identity information first instruction information.
Wherein, second processing submodule includes:
Second computing unit, it is corresponding for the target ToR equipment according to indicated by cryptographic Hash and default mapping table
VDPI number, determine instruction target vDPI equipment identity information second indication information.
Wherein, the first acquisition module includes:
First receiving submodule is asked for receiving the encapsulation that SDN gateway entity is sent after receiving target service flow
It asks;Package request is for the empty like the encapsulation for extending local area network VXLAN message of request target service traffics;
First acquisition submodule, for determining the five-tuple information of target service flow according to package request.
Wherein, default mapping table includes: the number of the ToR equipment of SDN gateway entity lower layer, the number of ToR equipment
Or the corresponding vDPI cluster of call number, ToR equipment IP address and/or the vDPI equipment in MAC Address, vDPI cluster number
Mesh.
Wherein, five-tuple information includes: source IP address, purpose IP address, source port, destination port and agreement.
The embodiment of the present invention provides a kind of network element device, is applied to control layer network element entity, comprising: processor;With place
The memory that reason device is connected, and the transceiver being connected with processor;Wherein, processor is for calling and executing memory
Middle stored program and data, the step of realizing above-mentioned virtualization deep-packet detection vDPI flow control methods.
The embodiment of the present invention provides a kind of virtualization deep-packet detection vDPI flow control methods, is applied to software definition
Network SDN gateway entity, method include:
Obtain target service flow;
Receive the first instruction information and second indication information that control layer network element entity is sent according to target service flow;Its
In, the first instruction information is used to indicate the target routing ToR equipment identity information of lower layer, and second indication information is used to indicate target
The corresponding virtualization deep-packet detection vDPI equipment identity information of ToR equipment;
According to the first instruction information and second indication information, the forward-path of target service flow is determined.
Wherein, after the step of obtaining target service flow, further includes:
It sends to control layer network element entity for the empty like extension local area network VXLAN message encapsulation of request target service traffics
Package request;
After the step of receiving the second indication information that control layer network element entity is sent according to target service flow, also wrap
It includes:
Second indication information is packaged in the reserved field of the heading of VXLAN message, obtains target VXLAN message.
Wherein, the step of indicating information and second indication information according to first, determining the forward-path of target service flow,
Include:
According to the first instruction information, target VXLAN message is forwarded in target ToR equipment by determination;So that target ToR is set
Standby decapsulation target VXLAN message obtains second indication information, and according to second indication information, determines and turn target service flow
It is sent in the target vDPI equipment in vDPI cluster corresponding with target ToR equipment.
The embodiment of the present invention provides a kind of network element device, is applied to software defined network SDN gateway entity, comprising:
Second obtains module, for obtaining target service flow;
First receiving module, the first instruction information sent for receiving control layer network element entity according to target service flow
And second indication information;Wherein, the first instruction information is used to indicate the target routing ToR equipment identity information of lower layer, and second refers to
Show that information is used to indicate the corresponding virtualization deep-packet detection vDPI equipment identity information of target ToR equipment;
Second processing module, for determining turning for target service flow according to the first instruction information and second indication information
Send out path.
Wherein, network element device further include:
Second sending module, for sending the void for request target service traffics like extension office to control layer network element entity
Net the package request of VXLAN message encapsulation in domain;
Package module in the reserved field of the heading for second indication information to be packaged in VXLAN message, obtains mesh
Mark VXLAN message.
Wherein, Second processing module includes:
Third handles submodule, for determining target VXLAN message being forwarded to target ToR according to the first instruction information
In equipment;So that target ToR equipment decapsulation target VXLAN message obtains second indication information, and according to second indication information,
Target service flow is forwarded in the target vDPI equipment in vDPI cluster corresponding with target ToR equipment by determination.
The embodiment of the present invention provides a kind of network element device, is applied to software defined network SDN gateway entity, comprising: place
Manage device;The memory being connected with processor, and the transceiver being connected with processor;Wherein, processor is for calling simultaneously
The program and data stored in memory is executed, realizes the step of above-mentioned virtualization deep-packet detection vDPI flow control methods
Suddenly.
The beneficial effect of above-mentioned technical proposal of the invention is: control layer network element entity is according to five yuan of target service flow
Group information determines the ToR equipment and vDPI equipment of SDN gateway entity, due to the uplink traffic and downstream of same service traffics
Measure that corresponding five-tuple information is identical, therefore the uplink traffic of target service flow is identical with the five-tuple information of downlink traffic,
Determining ToR equipment and vDPI equipment is also identical, and this guarantees uplink and downlink flows by same ToR equipment and same
VDPI equipment avoids the generation of asymmetric flow, guarantees XDR integrality and accuracy, thus what raising was statisticallyd analyze based on XDR
Accuracy realizes accurate flow control.
Detailed description of the invention
Fig. 1 shows the network architecture schematic diagrams of vDPI in the prior art;
Fig. 2 indicates the path schematic diagram of asymmetric flow in the prior art;
Fig. 3 indicates the flow diagram of the vDPI flow control methods of control layer network element entity in the embodiment of the present invention;
Fig. 4 indicates the path schematic diagram of target service flow in the embodiment of the present invention;
Fig. 5 indicates the modular structure schematic diagram of control layer network element entity in the embodiment of the present invention;
Fig. 6 indicates the flow diagram of the vDPI flow control methods of SDN gateway entity side in the embodiment of the present invention;
Fig. 7 indicates the schematic diagram of the encapsulated message format of VXLAN message in the embodiment of the present invention;
Fig. 8 shows the flow diagrams of vDPI flow control methods in the embodiment of the present invention;
Fig. 9 indicates the modular structure schematic diagram of SDN gateway entity in the embodiment of the present invention;
Figure 10 indicates the structural block diagram of the network element device of the embodiment of the present invention.
Specific embodiment
To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool
Body embodiment is described in detail.In the following description, such as specific configuration is provided and the specific detail of component is only
In order to help comprehensive understanding the embodiment of the present invention.It therefore, it will be apparent to those skilled in the art that can be to reality described herein
Example is applied to make various changes and modifications without departing from scope and spirit of the present invention.In addition, for clarity and brevity, it is omitted pair
The description of known function and construction.
It should be understood that " one embodiment " or " embodiment " that specification is mentioned in the whole text mean it is related with embodiment
A particular feature, structure, or characteristic is included at least one embodiment of the present invention.Therefore, occur everywhere in the whole instruction
" in one embodiment " or " in one embodiment " not necessarily refer to identical embodiment.In addition, these specific features, knot
Structure or characteristic can combine in any suitable manner in one or more embodiments.
In various embodiments of the present invention, it should be appreciated that the size of the serial number of following each processes is not meant to execute suitable
Sequence it is successive, the execution of each process sequence should be determined by its function and internal logic, the implementation without coping with the embodiment of the present invention
Process constitutes any restriction.
In addition, the terms " system " and " network " are often used interchangeably herein.
In embodiment provided herein, it should be appreciated that " B corresponding with A " indicates that B is associated with A, can be with according to A
Determine B.It is also to be understood that determine that B is not meant to determine B only according to A according to A, it can also be according to A and/or other information
Determine B.
As shown in figure 3, being answered the embodiment provides a kind of virtualization deep-packet detection vDPI flow control methods
For control layer network element entity, specifically includes the following steps:
Step 31: obtaining the five-tuple information of the target service flow occurred on software defined network SDN gateway entity.
Wherein, the corresponding five-tuple information of the uplink traffic of same service traffics and downlink traffic is identical, target service stream
The corresponding five-tuple information of the uplink traffic of amount and downlink traffic is identical, and five-tuple information includes: source IP address, destination IP
Location, source port, destination port and agreement.Wherein, the uplink traffic of same service traffics and the source IP address of downlink traffic and mesh
It is opposite for marking IP address, but numerical value is identical, the uplink traffic of same service traffics and the source port of downlink traffic and target side
Mouth is opposite, but numerical value is identical.That is, the source IP address of uplink traffic is the target ip address of downlink traffic, uplink
The source port of flow is the target port of downlink traffic.
Step 32: according to five-tuple information and default mapping table, determining the target road of instruction SDN gateway entity lower layer
Information, and the corresponding target virtualization deep-packet detection of instruction target ToR equipment are indicated by the first of ToR equipment identity information
The second indication information of vDPI equipment identity information.
Wherein, default mapping table is used to indicate the mapping relations between ToR equipment and vDPI equipment.Specifically, such as
Shown in Fig. 1, the corresponding SDN gateway entity of control layer network element entity corresponds to multiple ToR equipment under one SDN gateway entity, and one
A ToR equipment corresponds to a vDPI cluster, includes multiple vDPI equipment in a vDPI cluster.To under a SDN gateway entity
Multiple ToR equipment be numbered: 1 to M, and multiple vDPI equipment in a vDPI cluster are numbered: 1-N.Further
Ground creates the default mapping table between ToR equipment and vDPI equipment.
Specifically, default mapping table can be hash HASH table, and be stored in control layer network element entity.This is default
Mapping table includes: the number of the ToR equipment of SDN gateway entity lower layer, the number of ToR equipment or call number, ToR equipment pair
The IP address and/or MAC Address of the vDPI cluster answered, the number of vDPI equipment in vDPI cluster.It is as shown in the table:
Wherein, upper table indicates that SDN gateway entity is arranged with ToR1, ToR2, ToR3 and ToR4 totally 4 ToR equipment,
In, the IP address of the corresponding vDPI cluster of ToR1 are as follows: " 10.1.1.1 " has 10 vDPI equipment in the vDPI cluster, and number is
0-10;The IP address of the corresponding vDPI cluster of ToR2 are as follows: " 10.1.1.2 " has 10 vDPI equipment in the vDPI cluster, number
For 0-10;The IP address of the corresponding vDPI cluster of ToR3 are as follows: " 10.1.1.3 " has 8 vDPI equipment in the vDPI cluster, number
For 0-8;The IP address of the corresponding vDPI cluster of ToR4 are as follows: " 10.1.1.4 " has 6 vDPI equipment in the vDPI cluster, number
For 0-6.
Step 33: the first instruction information and second indication information are sent to SDN gateway entity.
Control layer network element entity refers to the first of the target routing ToR equipment identity information for indicating SDN gateway entity lower layer
Show information, and the second finger of the corresponding target virtualization deep-packet detection vDPI equipment identity information of instruction target ToR equipment
Show that information is sent to SDN gateway entity.SDN gateway entity determines next layer of target ToR equipment according to the first instruction information, and
Second indication information is sent to target ToR equipment, it is made to determine the target vDPI in vDPI cluster according to second indication information
Equipment.
Wherein, step 32 includes: to determine the cryptographic Hash of target service flow according to five-tuple information;According to cryptographic Hash and
Default mapping table determines the first instruction information of the target ToR equipment identity information of instruction SDN gateway entity lower layer;Root
According to cryptographic Hash and default mapping table, the second of the corresponding target vDPI equipment identity information of instruction target ToR equipment is determined
Indicate information.Specifically, HASH algoritic module built in control layer network element entity, to the uplink and downlink stream of each target service flow
It measures link and HASH value is calculated according to five-tuple information, and the first finger is further determined according to HASH value and default mapping table
Show information and second indication information.
Wherein, control layer network element entity carries out HASH twice and calculates, finally obtain instruction according to the cryptographic Hash being calculated
The first instruction information m mesh corresponding with instruction target ToR equipment of the target ToR equipment identity information of SDN gateway entity lower layer
Mark the second indication information n of vDPI equipment identity information.Wherein, m is same ToR for guaranteeing uplink and downlink flow process
Equipment, value n guarantee that uplink and downlink flow passes through same vDPI equipment in the same vDPI cluster.Specifically, according to cryptographic Hash
With default mapping table, the first instruction information of the target ToR equipment identity information of instruction SDN gateway entity lower layer is determined
Step includes: the ToR number of devices of the SDN gateway entity lower layer according to indicated by cryptographic Hash and default mapping table, really
Surely the first instruction information of target ToR equipment identity information is indicated.Assuming that cryptographic Hash H=is calculated according to five-tuple information
54, look into ToR number of devices M=4, m=MOD (H, M)=2 that default mapping table determines SDN gateway entity lower layer, it is determined that
Uplink and downlink flow all passes through ToR2, and the path schematic diagram of specific uplink and downlink traffic is as shown in Figure 4.
Specifically, according to cryptographic Hash and default mapping table, determine that the corresponding target vDPI of instruction target ToR equipment is set
The step of second indication information of standby identity information includes: the target according to indicated by cryptographic Hash and default mapping table
The number of the corresponding vDPI of ToR equipment determines the second indication information of instruction target vDPI equipment identity information.Assuming that according to five
Cryptographic Hash H=54 is calculated in tuple information, looks into default mapping table and determines vDPI's in the corresponding vDPI cluster of ToR2
Number N=10, n=MOD (H, N)=4, it is determined that uplink and downlink flow all passes through the vDPI4 in the vDPI cluster under ToR2,
The path schematic diagram of specific uplink and downlink traffic is as shown in Figure 4.
Further, step 31 includes: and receives the encapsulation that SDN gateway entity is sent after receiving target service flow to ask
It asks;According to package request, the five-tuple information of target service flow is determined.Wherein, package request is used for request target Business Stream
The empty encapsulation like extension local area network (VXLAN, Virtual Extensible Local Area Network) message of amount.Tool
Body, SDN gateway entity sends package request after receiving target service flow, to control layer network element entity, which asks
Seek the five-tuple information that can carry target service request.Control layer network element entity is in the five-tuple letter for determining target service request
The first instruction information of the target routing ToR equipment identity information of instruction SDN gateway entity lower layer, and instruction mesh are determined after breath
The second indication information of the corresponding target virtualization deep-packet detection vDPI equipment identity information of ToR equipment is marked, and will be determining
First instruction information and second indication information are sent to SDN gateway entity.Under SDN gateway entity is determined according to the first instruction information
One layer of target ToR equipment, and second indication information is sent to target ToR equipment, determine it according to second indication information
Target vDPI equipment in vDPI cluster.
In the virtualization deep-packet detection vDPI flow control methods of the embodiment of the present invention, control layer network element entity is according to mesh
The five-tuple information of mark service traffics determines the ToR equipment and vDPI equipment of SDN gateway entity, due to same service traffics
The corresponding five-tuple information of uplink traffic and downlink traffic is identical, therefore the uplink traffic of target service flow and downlink traffic
Five-tuple information is identical, and determining ToR equipment and vDPI equipment are also identical, and this guarantees uplink and downlink flows by same
ToR equipment and same vDPI equipment avoid the generation of asymmetric flow, guarantee XDR integrality and accuracy, to improve base
In the accuracy of XDR statistical analysis, accurate flow control is realized.
Above embodiments make Jie with regard to the virtualization deep-packet detection vDPI flow control methods of control layer network element entity side
Continue, below the present embodiment its corresponding network element device will be described further in conjunction with attached drawing.
Specifically, as shown in figure 5, the network element device of the embodiment of the present invention, is applied to control layer network element entity 500, comprising:
First obtains module 510, for obtaining the target service flow occurred on software defined network SDN gateway entity
Five-tuple information;Wherein, the corresponding five-tuple information of the uplink traffic of same service traffics and downlink traffic is identical;
First processing module 520, for determining that instruction SDN gateway is real according to five-tuple information and default mapping table
First instruction information of the target routing ToR equipment identity information of body lower layer, and the corresponding target of instruction target ToR equipment are empty
The second indication information of quasi-ization deep-packet detection vDPI equipment identity information;Wherein, default mapping table is used to indicate ToR and sets
The standby mapping relations between vDPI equipment;
First sending module 530, for the first instruction information and second indication information to be sent to SDN gateway entity.
Wherein, first processing module 520 includes:
First computational submodule, for determining the cryptographic Hash of target service flow according to five-tuple information;
First processing submodule, for determining instruction SDN gateway entity lower layer according to cryptographic Hash and default mapping table
Target ToR equipment identity information first instruction information;
Second processing submodule, for determining that instruction target ToR equipment is corresponding according to cryptographic Hash and default mapping table
Target vDPI equipment identity information second indication information.
Wherein, the first processing submodule includes:
First computing unit, for the SDN gateway entity lower layer according to indicated by cryptographic Hash and default mapping table
ToR number of devices, determine instruction target ToR equipment identity information first instruction information.
Wherein, second processing submodule includes:
Second computing unit, it is corresponding for the target ToR equipment according to indicated by cryptographic Hash and default mapping table
VDPI number, determine instruction target vDPI equipment identity information second indication information.
Wherein, the first acquisition module 510 includes:
First receiving submodule is asked for receiving the encapsulation that SDN gateway entity is sent after receiving target service flow
It asks;Package request is for the empty like the encapsulation for extending local area network VXLAN message of request target service traffics;
First acquisition submodule, for determining the five-tuple information of target service flow according to package request.
Wherein, default mapping table includes: the number of the ToR equipment of SDN gateway entity lower layer, the number of ToR equipment
Or the corresponding vDPI cluster of call number, ToR equipment IP address and/or the vDPI equipment in MAC Address, vDPI cluster number
Mesh.
Wherein, five-tuple information includes: source IP address, purpose IP address, source port, destination port and agreement.
Network element device embodiment of the invention is the implementation with above-mentioned virtualization deep-packet detection vDPI flow control methods
Example is corresponding, and all realization rates in above method embodiment can also reach suitable for the embodiment of the network element device
Identical technical effect.The control layer network element entity determines SDN gateway entity according to the five-tuple information of target service flow
ToR equipment and vDPI equipment, since the corresponding five-tuple information of uplink traffic and the downlink traffic of same service traffics is identical,
Therefore the uplink traffic of target service flow is identical with the five-tuple information of downlink traffic, and determining ToR equipment and vDPI are set
Standby also identical, this guarantees uplink and downlink flows to pass through same ToR equipment and same vDPI equipment, avoids asymmetric flow
It generates, guarantees XDR integrality and accuracy, to improve the accuracy statisticallyd analyze based on XDR, realize accurate flow control.
Control layer network element entity side is described above to the virtualization deep-packet detection vDPI flow control of the embodiment of the present invention
Method processed and network element device, below the embodiment of the present invention will be further combined with attached drawing and concrete application scene to software defined network
The virtualization deep-packet detection vDPI flow control methods of SDN gateway entity side are described further.
As shown in fig. 6, being applied to the embodiment of the invention also provides virtualization deep-packet detection vDPI flow control methods
Software defined network SDN gateway entity, specifically includes the following steps:
Step 61: obtaining target service flow.
Wherein, the corresponding five-tuple information of the uplink traffic of same service traffics and downlink traffic is identical, target service stream
The corresponding five-tuple information of the uplink traffic of amount and downlink traffic is identical.
Step 62: receiving the first instruction information and the second instruction that control layer network element entity is sent according to target service flow
Information.
Wherein, the first instruction information is used to indicate the target routing ToR equipment identity information of lower layer, can be ToR equipment
Number m or index value, second indication information is used to indicate the corresponding virtualization deep-packet detection vDPI equipment of target ToR equipment
Identity information, can vDPI equipment always number n or index value, the present embodiment is only illustrated by taking number as an example.
Step 63: according to the first instruction information and second indication information, determining the forward-path of target service flow.
SDN gateway entity determines next layer of target ToR equipment according to the first instruction information, and second indication information is sent out
Target ToR equipment is given, it is made to determine the target vDPI equipment in vDPI cluster according to second indication information.
Wherein after step 61 further include: be used for the void of request target service traffics seemingly to the transmission of control layer network element entity
Extend the package request of local area network VXLAN message encapsulation.Step 62 includes: that second indication information is packaged in VXLAN message
In the reserved field of heading, target VXLAN message is obtained.Assuming that the first instruction information m=2, second indication information n=4, that
According to the corresponding IP address of default mapping table ToR2 and/or MAC Address, in the encapsulation of VXLAN message, such as Fig. 7
It is shown, it, will be by the reserved field of the heading of VXLA message by the corresponding IP address of ToR2 " 10.1.1.2 " address as a purpose
It is extended, is encapsulated into second indication information n=4.Wherein, as shown in fig. 7, having 24+ in heading in VXLAN message
8bits is reserved field, be it is not used, expandable length be 8bits reserved field, so that it is encapsulated into the n being calculated.
Wherein, step 63 includes: and determines target VXLAN message being forwarded to target ToR equipment according to the first instruction information
On;So that target ToR equipment decapsulation target VXLAN message obtains second indication information, and according to second indication information, determine
Target service flow is forwarded in the target vDPI equipment in vDPI cluster corresponding with target ToR equipment.That is,
After ToR2 decapsulation, flow is issued in the vDPI equipment that number is 4 in vDPI cluster according to value n=4.
As shown in figure 8, SDN entity is sent to control layer network element entity after target service flow enters SDN gateway entity
The package request of VXLAN message encapsulation is requested, control layer network element entity calculates mesh according to the five-tuple information of target service flow
Mark (m, n) of service traffics, wherein the target routing ToR device numbering or call number, n of m instruction SDN gateway entity lower layer refer to
Show the corresponding target virtualization deep-packet detection vDPI device numbering of target ToR equipment or call number.Control layer network element entity will
(m, n) feeds back to SDN gateway entity as VXLAN message encapsulation of data.SDN gateway entity carries out VXLAN message according to (m, n)
Encapsulation, and the VXLAN message after encapsulation is sent to the ToR equipment numbered as m.ToR equipment carries out the decapsulation of VXLAN message,
According to the value of the n parsed, the vDPI device forwards target service flow for being n to number makes vDPI equipment to target service
Flow carries out the processing of vDPI flow, and processing result is returned to SDN gateway.
In vDPI flow control methods in the embodiment of the present invention, SDN gateway entity have target service flow generation after,
The the first instruction information and instruction target vDPI for receiving the instruction target ToR equipment identity information that control layer network element entity is sent are set
The second indication information of standby identity information, due to the uplink traffic of target service flow and the five-tuple information phase of downlink traffic
Together, therefore the ToR equipment of control layer network element entity determination and vDPI equipment are also identical, and this guarantees uplink and downlink flow processes
Same ToR equipment and same vDPI equipment avoid the generation of asymmetric flow, guarantee XDR integrality and accuracy, to mention
The accuracy that height is statisticallyd analyze based on XDR realizes accurate flow control.
Above embodiments make introduction with regard to the virtualization deep-packet detection vDPI flow control methods of SDN gateway entity side,
The present embodiment will be described further its corresponding network element device in conjunction with attached drawing below.
Specifically, as shown in figure 9, the network element device of the embodiment of the present invention, is applied to software defined network SDN gateway entity
900, comprising:
Second obtains module 910, for obtaining target service flow;
First receiving module 920, the first instruction sent for receiving control layer network element entity according to target service flow
Information and second indication information;Wherein, the first instruction information is used to indicate the target routing ToR equipment identity information of lower layer, the
Two instruction information are used to indicate the corresponding virtualization deep-packet detection vDPI equipment identity information of target ToR equipment;
Second processing module 930, for determining target service flow according to the first instruction information and second indication information
Forward-path.
Wherein, network element device 900 further include:
Second sending module, for sending the void for request target service traffics like extension office to control layer network element entity
Net the package request of VXLAN message encapsulation in domain;
Package module in the reserved field of the heading for second indication information to be packaged in VXLAN message, obtains mesh
Mark VXLAN message.
Wherein, Second processing module 930 includes:
Third handles submodule, for determining target VXLAN message being forwarded to target ToR according to the first instruction information
In equipment;So that target ToR equipment decapsulation target VXLAN message obtains second indication information, and according to second indication information,
Target service flow is forwarded in the target vDPI equipment in vDPI cluster corresponding with target ToR equipment by determination.
Network element device embodiment of the invention is the implementation with above-mentioned virtualization deep-packet detection vDPI flow control methods
Example is corresponding, and all realization rates in above method embodiment can also reach suitable for the embodiment of the network element device
Identical technical effect.The SDN gateway entity receives the finger that control layer network element entity is sent after having the generation of target service flow
The the first instruction information for showing target ToR equipment identity information and the second indication information for indicating target vDPI equipment identity information,
Since the uplink traffic of target service flow and the five-tuple information of downlink traffic are identical, what control layer network element entity determined
ToR equipment and vDPI equipment are also identical, and this guarantees uplink and downlink flows to set by same ToR equipment and same vDPI
It is standby, avoid the generation of asymmetric flow, guarantee XDR integrality and accuracy, thus improve statisticallyd analyze based on XDR it is accurate
Property, realize accurate flow control.
In order to preferably realize above-mentioned purpose, as shown in Figure 10, the embodiments of the present invention also provide a kind of network element device,
The network element device includes: processor 1000;The memory 1020 being connected by bus interface with the processor 1000, and
The transceiver 1010 being connected by bus interface with processor 1000;The memory 1020 exists for storing the processor
Execute used program and data when operation;Data information or pilot tone are sent by the transceiver 1010, also passes through institute
It states transceiver 1010 and receives uplink control channel;When processor 1000 calls and executes the journey stored in the memory 1020
When sequence and data, following function is realized.
Specifically, when network element device is applied to control layer network element physically.Processor 1000 is for reading memory
Program in 1020 executes following process: obtaining the five of the target service flow occurred on software defined network SDN gateway entity
Tuple information;Wherein, the corresponding five-tuple information of the uplink traffic of same service traffics and downlink traffic is identical;
According to five-tuple information and default mapping table, determine that the target routing ToR of instruction SDN gateway entity lower layer is set
First instruction information of standby identity information, and the corresponding target virtualization deep-packet detection vDPI of instruction target ToR equipment are set
The second indication information of standby identity information;Wherein, default mapping table is used to indicate reflecting between ToR equipment and vDPI equipment
Penetrate relationship.
Transceiver 1010 is specifically used for for sending and receiving data under the control of processor 1000 by the first instruction
Information and second indication information are sent to SDN gateway entity.
Specifically, processor 1000 is used for: according to five-tuple information, determining the cryptographic Hash of target service flow;
According to cryptographic Hash and default mapping table, the target ToR equipment identities letter of instruction SDN gateway entity lower layer is determined
First instruction information of breath;
According to cryptographic Hash and default mapping table, the corresponding target vDPI equipment identities of instruction target ToR equipment are determined
The second indication information of information.
Specifically, processor 1000 is used for: according to SDN gateway entity indicated by cryptographic Hash and default mapping table
The ToR number of devices of lower layer determines the first instruction information of instruction target ToR equipment identity information.
Specifically, processor 1000 is used for: according to target ToR equipment indicated by cryptographic Hash and default mapping table
The number of corresponding vDPI determines the second indication information of instruction target vDPI equipment identity information.
Specifically, processor 1000 is used for: receiving the encapsulation that SDN gateway entity is sent after receiving target service flow
Request;Package request is for the empty like the encapsulation for extending local area network VXLAN message of request target service traffics;
According to package request, the five-tuple information of target service flow is determined.
Wherein, default mapping table includes: the number of the ToR equipment of SDN gateway entity lower layer, the number of ToR equipment
Or the corresponding vDPI cluster of call number, ToR equipment IP address and/or the vDPI equipment in MAC Address, vDPI cluster number
Mesh.
Wherein, five-tuple information includes: source IP address, purpose IP address, source port, destination port and agreement.
On the other hand, when network element device is applied on SDN gateway entity.Processor 1000 is for reading memory 1020
In program, execute following process:
Transceiver 1010 is specifically used for obtaining target industry for sending and receiving data under the control of processor 1000
Business flow;
Receive the first instruction information and second indication information that control layer network element entity is sent according to target service flow;Its
In, the first instruction information is used to indicate the target routing ToR equipment identity information of lower layer, and second indication information is used to indicate target
The corresponding virtualization deep-packet detection vDPI equipment identity information of ToR equipment;
Specifically, processor 1000 is used for: according to the first instruction information and second indication information, determining target service flow
Forward-path.
Specifically, transceiver 1010 is used for: being used for the void of request target service traffics seemingly to the transmission of control layer network element entity
Extend the package request of local area network VXLAN message encapsulation.
Specifically, processor 1000 is used for: second indication information is packaged in the reserved field of the heading of VXLAN message
In, obtain target VXLAN message.
Specifically, processor 1000 is used for: according to the first instruction information, determining target VXLAN message being forwarded to target
In ToR equipment;So that target ToR equipment decapsulation target VXLAN message obtains second indication information, and believed according to the second instruction
Target service flow is forwarded in the target vDPI equipment in vDPI cluster corresponding with target ToR equipment by breath, determination.
In the network element device of the embodiment of the present invention, control layer network element entity is true according to the five-tuple information of target service flow
The ToR equipment and vDPI equipment for determining SDN gateway entity, since the uplink traffic and downlink traffic of same service traffics are corresponding
Five-tuple information is identical, therefore the ToR that the uplink traffic of target service flow is identical, determining with the five-tuple information of downlink traffic
Equipment and vDPI equipment are also identical, and this guarantees uplink and downlink flows to pass through same ToR equipment and same vDPI equipment, keep away
Exempt from the generation of asymmetric flow, guarantee XDR integrality and accuracy, to improve the accuracy statisticallyd analyze based on XDR, realizes
Accurate flow control.
Wherein, in Figure 10, bus architecture may include the bus and bridge of any number of interconnection, specifically by processor
The various circuits for the memory that 1000 one or more processors represented and memory 1020 represent link together.Total coil holder
Structure can also link together various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like, this
It is all a bit it is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver
1010 can be multiple element, that is, include transmitter and transceiver, provide for logical with various other devices over a transmission medium
The unit of letter.Processor 1000 is responsible for management bus architecture and common processing, memory 1020 can store processor 1000
The used data when executing operation.
It will be understood by those skilled in the art that realize above-described embodiment all or part of step can by hardware come
It completes, relevant hardware can also be indicated by computer program to complete, the computer program includes executing above-mentioned side
The instruction of some or all of step of method;And the computer program can store in a readable storage medium storing program for executing, storage medium
It may be any type of storage medium.
It will be understood by those skilled in the art that realize above-described embodiment all or part of step can by hardware come
It completes, relevant hardware can also be indicated by computer program to complete, the computer program includes executing above-mentioned side
The instruction of some or all of step of method;And the computer program can store in a readable storage medium storing program for executing, storage medium
It may be any type of storage medium.
In addition it should be pointed out that in the apparatus and method of the present invention, it is clear that each component or each step are can to divide
It solves and/or reconfigures.These, which decompose and/or reconfigure, should be regarded as equivalent scheme of the invention.Also, execute above-mentioned system
The step of column processing, can execute according to the sequence of explanation in chronological order naturally, but not need centainly suitable according to the time
Sequence executes, and certain steps can execute parallel or independently of one another.For those of ordinary skill in the art, it is to be understood that this
The whole or any steps or component of the method and apparatus of invention, can any computing device (including processor, storage
Medium etc.) perhaps to be realized with hardware, firmware, software or their combination in the network of computing device, this is this field
Basic programming skill of the those of ordinary skill in the case where having read explanation of the invention with them can be achieved with.
Therefore, the purpose of the present invention can also by run on any computing device a program or batch processing come
It realizes.The computing device can be well known fexible unit.Therefore, the purpose of the present invention can also include only by offer
The program product of the program code of the method or device is realized to realize.That is, such program product is also constituted
The present invention, and the storage medium for being stored with such program product also constitutes the present invention.Obviously, the storage medium can be
Any well known storage medium or any storage medium that developed in the future.It may also be noted that of the invention
In device and method, it is clear that each component or each step can be decomposed and/or be reconfigured.These decomposition and/or again group
Conjunction should be regarded as equivalent scheme of the invention.Also, the step of executing above-mentioned series of processes can be naturally according to the sequence of explanation
It executes in chronological order, but does not need centainly to execute sequentially in time.Certain steps can parallel or independently of one another
It executes.
The above is a preferred embodiment of the present invention, it is noted that for those skilled in the art
For, without departing from the principles of the present invention, it can also make several improvements and retouch, these improvements and modifications
It should be regarded as protection scope of the present invention.
Claims (22)
1. a kind of virtualization deep-packet detection vDPI flow control methods are applied to control layer network element entity, which is characterized in that institute
The method of stating includes:
Obtain the five-tuple information of the target service flow occurred on software defined network SDN gateway entity;Wherein, same business
The corresponding five-tuple information of the uplink traffic of flow and downlink traffic is identical;
According to the five-tuple information and default mapping table, the target routing of instruction SDN gateway entity lower layer is determined
First instruction information of ToR equipment identity information, and the corresponding target virtualization deep packet inspection of the instruction target ToR equipment
Survey the second indication information of vDPI equipment identity information;Wherein, the default mapping table is used to indicate ToR equipment and vDPI
Mapping relations between equipment;
The first instruction information and second indication information are sent to the SDN gateway entity.
2. virtualization deep-packet detection vDPI flow control methods according to claim 1, which is characterized in that the basis
The five-tuple information and default mapping table determine that the target of instruction SDN gateway entity lower layer routes ToR equipment body
First instruction information of part information, and the corresponding target virtualization deep-packet detection vDPI of the instruction target ToR equipment are set
The step of second indication information of standby identity information, comprising:
According to the five-tuple information, the cryptographic Hash of the target service flow is determined;
According to the cryptographic Hash and default mapping table, the target ToR equipment body of instruction SDN gateway entity lower layer is determined
First instruction information of part information;
According to the cryptographic Hash and default mapping table, determines and indicate the corresponding target vDPI equipment of the target ToR equipment
The second indication information of identity information.
3. virtualization deep-packet detection vDPI flow control methods according to claim 2, which is characterized in that the basis
The cryptographic Hash and default mapping table determine the target ToR equipment identity information of instruction SDN gateway entity lower layer
The step of first instruction information, comprising:
According to the ToR number of devices of SDN gateway entity lower layer indicated by the cryptographic Hash and default mapping table,
Determine the first instruction information of instruction target ToR equipment identity information.
4. virtualization deep-packet detection vDPI flow control methods according to claim 2, which is characterized in that the basis
The cryptographic Hash and default mapping table determine and indicate the corresponding target vDPI equipment identity information of the target ToR equipment
Second indication information the step of, comprising:
According to the number of the corresponding vDPI of target ToR equipment indicated by the cryptographic Hash and default mapping table, determine
Indicate the second indication information of target vDPI equipment identity information.
5. virtualization deep-packet detection vDPI flow control methods according to claim 1, which is characterized in that the acquisition
The step of five-tuple information of the target service flow occurred on software defined network SDN gateway entity, comprising:
Receive the package request that SDN gateway entity is sent after receiving target service flow;The package request is for requesting
The empty encapsulation like extension local area network VXLAN message of target service flow;
According to the package request, the five-tuple information of the target service flow is determined.
6. virtualization deep-packet detection vDPI flow control methods according to claim 1, which is characterized in that described default
Mapping table include: the number of the ToR equipment of SDN gateway entity lower layer, the number of the ToR equipment or call number,
The IP address and/or MAC Address of the corresponding vDPI cluster of the ToR equipment, the number of vDPI equipment in the vDPI cluster.
7. virtualization deep-packet detection vDPI flow control methods according to claim 1, which is characterized in that described five yuan
Group information includes: source IP address, purpose IP address, source port, destination port and agreement.
8. a kind of network element device is applied to control layer network element entity characterized by comprising
First obtains module, for obtaining the five-tuple of the target service flow occurred on software defined network SDN gateway entity
Information;Wherein, the corresponding five-tuple information of the uplink traffic of same service traffics and downlink traffic is identical;
First processing module, for determining and indicating that the SDN gateway is real according to the five-tuple information and default mapping table
First instruction information of the target routing ToR equipment identity information of body lower layer, and the corresponding mesh of the instruction target ToR equipment
The second indication information of mark virtualization deep-packet detection vDPI equipment identity information;Wherein, the default mapping table is used for
Indicate the mapping relations between ToR equipment and vDPI equipment;
First sending module, for the first instruction information and second indication information to be sent to the SDN gateway entity.
9. network element device according to claim 8, which is characterized in that the first processing module includes:
First computational submodule, for determining the cryptographic Hash of the target service flow according to the five-tuple information;
First processing submodule, for determining and indicating the SDN gateway entity according to the cryptographic Hash and default mapping table
First instruction information of the target ToR equipment identity information of lower layer;
Second processing submodule, for determining and indicating the target ToR equipment according to the cryptographic Hash and default mapping table
The second indication information of corresponding target vDPI equipment identity information.
10. network element device according to claim 9, which is characterized in that described first, which handles submodule, includes:
First computing unit, for the SDN gateway entity according to indicated by the cryptographic Hash and default mapping table
The ToR number of devices of lower layer determines the first instruction information of instruction target ToR equipment identity information.
11. network element device according to claim 9, which is characterized in that the second processing submodule includes:
Second computing unit, it is corresponding for the target ToR equipment according to indicated by the cryptographic Hash and default mapping table
VDPI number, determine instruction target vDPI equipment identity information second indication information.
12. network element device according to claim 8, which is characterized in that described first, which obtains module, includes:
First receiving submodule, the package request sent after receiving target service flow for receiving SDN gateway entity;Institute
Package request is stated for the empty like the encapsulation for extending local area network VXLAN message of request target service traffics;
First acquisition submodule, for determining the five-tuple information of the target service flow according to the package request.
13. network element device according to claim 8, which is characterized in that the default mapping table includes: the SDN
The number of the ToR equipment of gateway entity lower layer, the number of the ToR equipment or call number, the corresponding vDPI collection of the ToR equipment
IP address and/or MAC Address, the number of vDPI equipment in the vDPI cluster of group.
14. network element device according to claim 8, which is characterized in that the five-tuple information includes: source IP address, mesh
IP address, source port, destination port and agreement.
15. a kind of network element device is applied to control layer network element entity characterized by comprising processor;With the processor
The memory being connected, and the transceiver being connected with processor;Wherein, the processor is for calling and executing described deposit
The program and data stored in reservoir realizes virtualization deep-packet detection vDPI stream as described in any one of claim 1 to 7
The step of amount control method.
16. a kind of virtualization deep-packet detection vDPI flow control methods are applied to software defined network SDN gateway entity,
It is characterized in that, which comprises
Obtain target service flow;
Receive the first instruction information and second indication information that control layer network element entity is sent according to the target service flow;Its
In, the first instruction information is used to indicate the target routing ToR equipment identity information of lower layer, and the second indication information is used for
Indicate the corresponding virtualization deep-packet detection vDPI equipment identity information of target ToR equipment;
According to the first instruction information and second indication information, the forward-path of the target service flow is determined.
17. virtualization deep-packet detection vDPI flow control methods according to claim 16, which is characterized in that described
After the step of obtaining target service flow, further includes:
The empty envelope encapsulated like extension local area network VXLAN message for request target service traffics is sent to control layer network element entity
Dress request;
After the step of receiving the second indication information that control layer network element entity is sent according to the target service flow, also wrap
It includes:
The second indication information is packaged in the reserved field of the heading of VXLAN message, obtains target VXLAN message.
18. virtualization deep-packet detection vDPI flow control methods according to claim 17, which is characterized in that described
The step of indicating information and second indication information according to described first, determine the forward-path of the target service flow, comprising:
According to the first instruction information, the target VXLAN message is forwarded in target ToR equipment by determination;So that target
ToR equipment decapsulates the target VXLAN message and obtains second indication information, and according to the second indication information, and determining will
The target service flow is forwarded in the target vDPI equipment in vDPI cluster corresponding with the target ToR equipment.
19. a kind of network element device is applied to software defined network SDN gateway entity characterized by comprising
Second obtains module, for obtaining target service flow;
First receiving module, the first instruction information sent for receiving control layer network element entity according to the target service flow
And second indication information;Wherein, the first instruction information is used to indicate the target routing ToR equipment identity information of lower layer, institute
It states second indication information and is used to indicate the corresponding virtualization deep-packet detection vDPI equipment identity information of target ToR equipment;
Second processing module, for determining the target service flow according to the first instruction information and second indication information
Forward-path.
20. network element device according to claim 19, which is characterized in that the network element device further include:
Second sending module, for sending to control layer network element entity for the empty like extension local area network of request target service traffics
The package request of VXLAN message encapsulation;
Package module in the reserved field of the heading for the second indication information to be packaged in VXLAN message, obtains mesh
Mark VXLAN message.
21. network element device according to claim 20, which is characterized in that the Second processing module includes:
Third handles submodule, for determining the target VXLAN message being forwarded to target according to the first instruction information
In ToR equipment;So that target ToR equipment decapsulates the target VXLAN message and obtains second indication information, and according to described the
Two instruction information, determine the mesh being forwarded to the target service flow in vDPI cluster corresponding with the target ToR equipment
It marks in vDPI equipment.
22. a kind of network element device is applied to software defined network SDN gateway entity characterized by comprising processor;With institute
State the memory that processor is connected, and the transceiver being connected with processor;Wherein, the processor is for calling and holding
The program and data stored in the row memory, realizes such as the described in any item virtualization deep packets of claim 16 to 18
The step of detecting vDPI flow control methods.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810000838.9A CN109995606B (en) | 2018-01-02 | 2018-01-02 | Virtualization deep packet inspection vDPI flow control method and network element equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810000838.9A CN109995606B (en) | 2018-01-02 | 2018-01-02 | Virtualization deep packet inspection vDPI flow control method and network element equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109995606A true CN109995606A (en) | 2019-07-09 |
| CN109995606B CN109995606B (en) | 2021-09-14 |
Family
ID=67128335
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810000838.9A Active CN109995606B (en) | 2018-01-02 | 2018-01-02 | Virtualization deep packet inspection vDPI flow control method and network element equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109995606B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111611051A (en) * | 2020-04-28 | 2020-09-01 | 上海交通大学 | Method for accelerating first distribution of data packets on NFV platform |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101605018A (en) * | 2009-06-17 | 2009-12-16 | 中兴通讯股份有限公司 | A kind of decoding depth message detection protocol method, equipment and system based on stream |
| CN103650436A (en) * | 2013-07-25 | 2014-03-19 | 华为技术有限公司 | Service path distribution method, router and service execution entity |
| CN104639451A (en) * | 2013-11-14 | 2015-05-20 | 中兴通讯股份有限公司 | Data flow distribution method and controller |
| WO2016041606A1 (en) * | 2014-09-19 | 2016-03-24 | Nokia Solutions And Networks Oy | Chaining of network service functions in a communication network |
| CN105763391A (en) * | 2014-12-17 | 2016-07-13 | ***通信集团公司 | Conversation data flow processing system and method, and related equipment |
-
2018
- 2018-01-02 CN CN201810000838.9A patent/CN109995606B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101605018A (en) * | 2009-06-17 | 2009-12-16 | 中兴通讯股份有限公司 | A kind of decoding depth message detection protocol method, equipment and system based on stream |
| CN103650436A (en) * | 2013-07-25 | 2014-03-19 | 华为技术有限公司 | Service path distribution method, router and service execution entity |
| CN104639451A (en) * | 2013-11-14 | 2015-05-20 | 中兴通讯股份有限公司 | Data flow distribution method and controller |
| WO2016041606A1 (en) * | 2014-09-19 | 2016-03-24 | Nokia Solutions And Networks Oy | Chaining of network service functions in a communication network |
| CN105763391A (en) * | 2014-12-17 | 2016-07-13 | ***通信集团公司 | Conversation data flow processing system and method, and related equipment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111611051A (en) * | 2020-04-28 | 2020-09-01 | 上海交通大学 | Method for accelerating first distribution of data packets on NFV platform |
| CN111611051B (en) * | 2020-04-28 | 2022-05-31 | 上海交通大学 | Method for accelerating first distribution of data packets on NFV platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109995606B (en) | 2021-09-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11876883B2 (en) | Packet processing method, network node, and system | |
| CN112422498B (en) | In-band network remote measuring method, system and computer readable storage medium | |
| CN106664261B (en) | A kind of methods, devices and systems configuring flow entry | |
| CN109743340B (en) | The method and network equipment of Message processing | |
| CN104954247B (en) | Mainframe network accelerator for data center's overlay network | |
| CN104954253B (en) | For the mainframe network accelerator (HNA) based on PCIe of data center's overlay network | |
| CN105706044B (en) | Work based on ranking keeps scheduler | |
| CN116057900A (en) | System and method for determining network path tracking | |
| CN104717081B (en) | The implementation method and device of a kind of gateway function | |
| CN102857414B (en) | A kind of forwarding table write-in, message forwarding method and device | |
| CN107181663A (en) | A kind of message processing method, relevant device and computer-readable recording medium | |
| CN109391560A (en) | Notifying method, agent node and the computer equipment of network congestion | |
| CN104954252B (en) | Flow control in high-performance, expansible and data center's switching fabric without call drop | |
| CN104852828B (en) | A kind of network delay detection method, apparatus and system | |
| WO2020073685A1 (en) | Forwarding path determining method, apparatus and system, computer device, and storage medium | |
| CN102656850A (en) | Method for processing a plurality of data and switching device for switching communication packets | |
| CN107979506A (en) | Flow obtains and high in the clouds display systems, method, apparatus and equipment | |
| CN106487613A (en) | A kind of bandwidth test methods, devices and systems | |
| CN109905321A (en) | A kind of route control system interacted for customized high-speed interface with Ethernet | |
| CN107318132A (en) | Data distributing method, data distribution method and device in a kind of acquisition system | |
| CN104954165A (en) | Link analysis method, device and system | |
| CN109995606A (en) | Virtualize deep-packet detection vDPI flow control methods and network element device | |
| CN107086960B (en) | Message transmission method and device | |
| CN109842503A (en) | Link-quality test method and system | |
| CN107809387A (en) | A kind of method of message transmissions, equipment and network system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |