CN110430138B - Data flow forwarding state recording method and network equipment - Google Patents

Data flow forwarding state recording method and network equipment Download PDF

Info

Publication number
CN110430138B
CN110430138B CN201910682733.0A CN201910682733A CN110430138B CN 110430138 B CN110430138 B CN 110430138B CN 201910682733 A CN201910682733 A CN 201910682733A CN 110430138 B CN110430138 B CN 110430138B
Authority
CN
China
Prior art keywords
forwarding
hardware
flow table
forwarding action
flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910682733.0A
Other languages
Chinese (zh)
Other versions
CN110430138A (en
Inventor
赵海峰
项学锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd Hefei Branch
Original Assignee
New H3C Technologies Co Ltd Hefei Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd Hefei Branch filed Critical New H3C Technologies Co Ltd Hefei Branch
Priority to CN201910682733.0A priority Critical patent/CN110430138B/en
Publication of CN110430138A publication Critical patent/CN110430138A/en
Application granted granted Critical
Publication of CN110430138B publication Critical patent/CN110430138B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The network device executes parallel forwarding processing and hardware flow table item searching processing on a received message, searches a hardware check table according to a forwarding action output by the forwarding processing in metadata of the message and a forwarding action type identifier recorded in a hardware flow table item of a data flow to which the message belongs, searched by the hardware flow table item searching processing in the hardware flow table, and determines that a counted forwarding action of the data flow to which the message belongs, indicated by the forwarding action type identifier recorded in a first hardware flow table item, is consistent with the forwarding action output by the forwarding processing if a matched consistency check table item is found. Therefore, the accuracy of the forwarding state recorded in the hardware flow table entry can be ensured.

Description

Data flow forwarding state recording method and network equipment
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method for recording a forwarding state of a data stream and a network device.
Background
The data center and the network equipment in the park are multiple and complex in application, and when the forwarding failure of the network equipment occurs, the failed equipment and the reason for the forwarding failure of the failed equipment need to be quickly found in the network.
When the forwarding processing of the forwarding chip and the flow table item searching processing are executed in series, after the forwarding processing is completed, the flow table item searching processing acquires the forwarding action output by the forwarding processing from the metadata of the message, searches the flow table item matched with the message after the forwarding processing is completed, compares whether the searched flow table item is consistent with the forwarding action output by the forwarding processing, and if not, updates the forwarding action recorded in the flow table item so as to perform fault positioning on the network equipment according to the data in the flow table item.
However, in order to increase the processing speed, the forwarding processing and the flow table entry lookup processing of the packet by part of the forwarding chips are usually performed in parallel, which results in that the forwarding chip cannot obtain the current forwarding action of the data packet when finding the flow table entry matched with the data packet, and cannot compare whether the current forwarding action of the packet is consistent with the forwarding action obtained by the parallel flow table lookup. Although the forwarding action of the output of the forwarding process and the lookup result of the flow entry output by the flow entry lookup process can be recorded in the metadata of the packet, the metadata is released when the packet completing the forwarding process leaves the forwarding chip.
Disclosure of Invention
In view of the above, an object of the present disclosure is to provide a method for recording a forwarding state of a data flow and a network device, which can accurately record the forwarding state of the data flow in a statistical flow entry.
In order to achieve the purpose, the technical scheme is as follows:
in a first aspect, the present disclosure provides a method for recording a forwarding state of a data stream, where the method includes:
executing parallel first forwarding processing and first hardware flow table item searching processing on a first message;
acquiring a forwarding action output by first forwarding processing and a forwarding action type identifier of a first hardware flow table item record of a first data flow to which a first message searched in a hardware flow table belongs by searching and processing a first hardware flow table item from metadata of the first message;
searching a hardware checking table according to the first forwarding action and the forwarding action type identifier recorded by the first hardware flow table item;
when the matched consistency check table entry is found, the forwarding action of the first data flow message counted by the first hardware flow table entry and indicated by the forwarding action type identifier recorded in the first hardware flow table entry is determined to be consistent with the first forwarding action.
In a second aspect, the present disclosure provides a network device, including a checking unit and a forwarding unit and a flow entry unit in parallel;
a forwarding unit, configured to perform a first forwarding process on the first packet;
the flow table entry unit is used for executing first hardware flow table entry searching processing on the first message;
the checking unit is used for acquiring a first forwarding action output by the first forwarding processing and a forwarding action type identifier of a first hardware flow entry record of a first data flow to which the first message searched in the hardware flow table belongs from the metadata of the first message, searching a hardware checking table according to the first forwarding action and the forwarding action type identifier of the first hardware flow entry record, and when a matched consistency checking table entry is searched, determining that the forwarding action of the first data flow message counted by the first hardware flow entry indicated by the forwarding action type identifier of the first hardware flow entry is consistent with the first forwarding action.
In summary, according to the data flow forwarding state recording method and the network device provided by the present disclosure, a received packet is subjected to parallel forwarding processing and hardware flow table entry lookup processing, a forwarding action output by the forwarding processing in metadata of the packet and a forwarding action type identifier recorded in a hardware flow table entry of a data flow to which the packet belongs are found in the hardware flow table are searched according to the hardware flow table entry lookup processing, a hardware check table is searched, and if a matching consistency check table entry is found, it is determined that a counted forwarding action of the data flow to which the packet belongs, which is indicated by the forwarding action type identifier recorded in the first hardware flow table entry, is consistent with the forwarding action output by the forwarding processing. Therefore, whether the forwarding action of the message in the data stream is consistent with the forwarding action obtained by parallel table look-up processing can be judged, and the accuracy of the forwarding action recorded in the flow table entry is ensured.
Drawings
To more clearly illustrate the technical solutions of the present disclosure, the drawings needed for the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present disclosure, and therefore should not be considered as limiting the scope, and those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic processing flow diagram of a method for recording a forwarding state of a data stream according to an embodiment of the present disclosure;
fig. 2 is a schematic view of a combing flow of a method for recording a forwarding state of a data stream according to another embodiment of the present disclosure;
FIG. 3 is a data flow diagram of the process flow of FIG. 2;
FIG. 4 is another data flow diagram of the process flow of FIG. 2;
fig. 5 is a schematic processing flow diagram of a method for recording a forwarding state of a data stream according to another embodiment of the present disclosure;
FIG. 6 is a data flow diagram of the process flow of FIG. 5;
fig. 7 is a schematic architecture diagram of a network device provided in the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the present disclosure clearer, the technical solutions of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the present disclosure, and it is apparent that the described embodiments are some, but not all embodiments of the present disclosure. The components of the present disclosure, as generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present disclosure, presented in the figures, is not intended to limit the scope of the claimed disclosure, but is merely representative of selected embodiments of the disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for recording a forwarding state of a data stream according to an embodiment of the present disclosure, where the method includes the following processes.
The processing 101 performs a parallel first forwarding process and a first hardware flow table entry lookup process on the first packet.
And processing 102, obtaining a first forwarding action output by the first forwarding processing and a forwarding action type identifier of a first hardware flow entry record of a first data flow to which the first packet found in the hardware flow table belongs, which is searched by the first hardware flow entry, from metadata (metadata) of the first packet.
The process 103 searches the hardware check table according to the first forwarding action and the forwarding action type identifier recorded in the first hardware flow entry.
And processing 104, when the matched consistency check table entry is found, determining that the forwarding action of the first data flow packet counted by the first hardware flow table entry indicated by the forwarding action type identifier recorded in the first hardware flow table entry is consistent with the first forwarding action.
With the data flow forwarding state recording method shown in fig. 1, the present disclosure can check whether or not the forwarding action output by the forwarding process is consistent with the forwarding action output by the parallel-executed flow table entry lookup process.
Fig. 2 illustrates a flow of a data stream forwarding state recording method 200 according to another embodiment of the present disclosure; the process can be used for network equipment such as a switch or a router and the like which performs message forwarding.
A forwarding chip of the network equipment stores a hardware forwarding table, a hardware flow table and a hardware checking table; a software flow table is stored in a memory of the network device. In this embodiment, forwarding action type identifiers (class IDs) are recorded in each hardware flow entry of the hardware flow table to record a forwarding action that is counted by a data packet of a service flow matched with each hardware flow entry. For example, class1 corresponds to normal forwarding actions; class2 searches packet loss action corresponding to the route; class3 corresponds to URPF (Unicast Reverse Path Forwarding, Unicast Reverse route search) packet loss action; class4 corresponds To TTL (Time To Live) packet loss action; class5 filters packet loss action corresponding to VLAN (Virtual Local Area Network); class6 corresponds to STP (Spanning Tree Protocol) packet loss action. The class ID is for illustration only and is not limited to the class IDs and forwarding actions described above.
A hardware check table of a network device stores a plurality of high priority consistency check entries and a low priority forwarding action metadata mapping entry.
In this embodiment, each consistency check forwarding entry is shown in table 1:
Figure BDA0002145237150000051
TABLE 1
In this embodiment, each forwarding action metadata mapping table entry is shown in table 2:
Figure BDA0002145237150000052
Figure BDA0002145237150000061
TABLE 2
The method shown in fig. 2 includes the following processes:
the processing 201 performs parallel forwarding processing and hardware flow table entry lookup processing on the packet.
As shown in fig. 3, the forwarding engine and the flow entry engine in the forwarding chip of the network device perform parallel processing on the received packet 211. The forwarding engine finds the matched MAC address entry according to the destination MAC address of the packet 211. The flow entry engine does not find a matching flow entry in the hardware flow table according to the quintuple information of the packet 211. The metadata 220 of packet 211 carries the normal forwarding actions output by the forwarding engine and an identification class0 for identifying an unmatched flow table entry.
And processing 202, acquiring the forwarding action output by the forwarding processing and the identification of the unmatched hardware flow table item output by the hardware flow table item lookup processing from the metadata of the message.
The inspection engine of the network device obtains the normal forwarding action and class0 from the metadata 220 of the packet 211.
And processing 203, finding out no matched consistency check table entry in the hardware check table according to the forwarding action and the unmatched hardware flow table entry identifier.
The inspection engine of the network device matches the "normal forwarding action + class 0" of the metadata 220 of the packet 211 with the high-priority consistency inspection table entries shown in table 1 one by one in the hardware inspection table, and does not find out the matched consistency row inspection table entry.
And processing 204, copying the message and adding the mapping metadata of the forwarding action to the copied message.
The inspection engine of the network device finds the matching forwarding action metadata mapping table entry shown in row 1 of table 2 according to the matching between the "normal forwarding action" of the metadata 220 of the packet 211 and the low-priority metadata mapping table entry shown in table 2. The checking engine maps the table entry according to the matched metadata, copies the message 211 to obtain a copy message 212, and adds metadata A221 indicating normal forwarding. The inspection engine of the forwarding chip sends the copy message 212 with metadata a221 to a processing unit (CPU) of the network device, the forwarding chip strips the metadata 220 of the message 211, and the forwarding chip processes the message 211 according to a normal forwarding process, which is not described in detail in this embodiment.
And processing 205, searching a software flow table according to the data flow parameter of the copied message.
The processing unit searches a software flow table entry matched with the service flow to which the message 211 belongs in a software flow table stored in the memory according to the quintuple information of the copy message 212.
And processing 206, determining that the software flow table entry matched with the data flow to which the message belongs is not found, and creating a software flow table entry matched with the data flow in the software flow table according to the data flow parameters of the message.
The processing unit does not find the software flow table entry matched with the data flow to which the replication message 212 belongs in the software flow table, which indicates that the hardware flow table entry of the data flow to which the replication message 212 belongs is not stored in the forwarding chip, and establishes the software flow table entry according to the quintuple of the message.
And processing 207, recording the forwarding action in the newly-built software flow table entry.
The processing unit records the forwarding in the newly-built software flow table entry as 'normal forwarding'.
Processing 208, recording a hardware flow table entry of the data flow in the hardware flow table according to the data flow parameter, and recording a forwarding action type identifier corresponding to the forwarding action in the hardware flow table entry; and setting a counter of the hardware flow table entry as an initial value.
The processing unit establishes a hardware flow table entry in the hardware flow table according to the quintuple information of the replication message 211, and records class1 corresponding to the 'normal forwarding action' in the newly established hardware flow table entry; the counter of the hardware flow table entry (hardware counter) is set to an initial value to indicate an initial count value, e.g., 1.
The method shown in fig. 2 has the beneficial effects that the output of the forwarding processing and the output of the flow table item lookup processing which are executed in parallel are checked through the hardware check table, and the forwarding chip is triggered to send the copied first message carrying the forwarding action mapping metadata of the first message to the processing unit, so that the processing unit dynamically generates the software flow table item and the hardware flow table item of the service flow to which the first message belongs.
In addition to the method for generating the dynamic software flow table entry and the hardware flow table entry shown in fig. 2, the method may further include setting the software flow table entry and the hardware flow table entry according to the service flow to be counted, and setting the forwarding action of the software flow table entry and the class ID of the hardware flow table entry according to the forwarding action set by the service requirement.
When the network device has stored the dynamically generated soft flow table entry and the hardware flow table entry or stored the statically configured software flow table entry and the hardware flow table entry, as shown in fig. 4, when the forwarding chip of the network device processes the received message 213, the forwarding engine and the flow table entry engine in the forwarding chip perform parallel processing on the received message 213. The forwarding engine finds the matched MAC address entry according to the destination MAC address of the message 213. The flow table entry engine finds a matching hardware flow table entry in the hardware flow table according to the quintuple information of the message 213. The metadata 240 of the packet 211 carries the normal forwarding action output by the forwarding engine and class1 in the found hardware flow entry output by the flow entry engine.
The inspection engine of the network device obtains "normal forwarding action and class 1" from the metadata 240 of the message 213, and in the hardware inspection table, matches the "normal forwarding action + class 1" of the metadata 240 of the message 213 with the high-priority consistency inspection table entry shown in table 1 one by one, and finds out the matched consistency inspection table entry. The forwarding chip strips off the metadata 240 of the message 213, and the forwarding chip processes the message 213 according to the normal forwarding process, which is not described in this embodiment again.
The inspection engine of the network equipment can accurately judge that the parallel output forwarding action is consistent with the found class ID representation forwarding action, and accurately judge that the forwarding action of the hardware flow table entry accurately recording the data flow message is correct, so that a user can perform fault positioning based on data in the flow table entry.
Fig. 5 shows a flow of a data stream forwarding state recording method 500 according to yet another embodiment of the present disclosure; the process can be used for network equipment such as a switch or a router and the like which performs message forwarding.
And the processing 501 is to perform parallel forwarding processing and hardware flow table item lookup processing on the packet.
As shown in fig. 6, the forwarding engine and the flow entry engine within the forwarding chip of the network device perform parallel processing on the received packet 215. The forwarding engine finds the matching MAC address entry based on the destination MAC address of the message 215. The flow entry engine finds a matching flow entry in the hardware flow table based on the five tuple information of the packet 215. The metadata 250 of the packet 215 carries the "VLAN filtering packet loss" output by the forwarding engine and class1 in the found flow entry output by the flow entry engine.
And processing 502, acquiring a forwarding action output by forwarding processing and a forwarding action type identifier recorded in a hardware flow table item of a data flow to which the message output by the forwarding processing belongs from the metadata of the message.
The inspection engine of the network device obtains VLAN filter packet loss and class1 from the metadata 250 of the packet 215.
Processing 503, according to the forwarding action and the forwarding action type identifier recorded in the hardware flow entry, finds no matching consistency check entry.
The inspection engine of the network device matches the "VLAN filtering packet loss + class 1" of the metadata 250 of the packet 215 with the high-priority consistency inspection table entries shown in table 1 one by one in the hardware inspection table, and does not find out the matched consistency inspection table entries.
Process 504 copies the message and adds mapping metadata for the forwarding action to the copied message.
The inspection engine of the network device finds the forwarding action metadata mapping table entry shown in row 5 of table 2 according to the matching between the "VLAN filtering packet loss" of the metadata 250 of the packet 215 and the low-priority metadata mapping table entry shown in table 2. The checking engine maps the table entry according to the matched metadata, copies the packet 215 to obtain a copy packet 216, and adds metadata E260 indicating VLAN filtering packet loss, as shown in fig. 6. The check engine sends the duplicated message 216 with metadata E260 to the processing unit, the forwarding chip strips the metadata 250 of the message 215, and the forwarding chip processes the message 215 according to the normal VLAN packet loss filtering process, which is not described in detail in this embodiment.
And processing 505, finding a software flow table entry matched with the data flow to which the copied message belongs in the software flow table according to the data flow parameter of the copied message.
The processing unit searches a software flow table entry matched with the service flow to which the message 215 belongs in a software flow table stored in the memory according to the five-tuple information of the copy message 216.
Processing 506, comparing whether the forwarding action indicated by the mapping metadata is consistent with the executed forwarding action of the software flow table entry; if not, go to step 507; if yes, go to step 510.
The processing unit compares the VLAN filtering packet loss action indicated by the metadata 260 with the "normal forwarding" action already performed in the software flow entry matched with the data flow, and confirms that the two actions are inconsistent.
Processing 507, updating the executed forwarding action of the software flow table entry matched with the data flow to a forwarding action.
The processing unit updates the executed forwarding action in the software flow table entry from 'normal forwarding' to 'VLAN filtering packet loss'.
Processing 508, updating the forwarding action type identifier recorded in the hardware flow entry of the data flow to the forwarding action type identifier corresponding to the forwarding action.
The processing unit replaces the hardware flow table entry record "normal forwarding" of the data flow to which the packet 215 belongs with "VLAN filtering packet loss".
The process 509 sets the counter of the hardware flow entry of the data flow to an initial value.
The processing unit sets the value of a hardware counter of a hardware flow table entry of a service flow to which the message 215 in the forwarding chip belongs as an initial value, and performs statistics on data messages of 'VLAN filtering packet loss' executed by the service flow.
Processing 510 discards the replicated message.
The processing unit discards the buffered duplicate packets 216.
It should be noted that, when the processing unit updates the software flow table entry, the forwarding chip may continue to process the data packet of the data flow to which the packet 215 belongs. After the processing unit updates the software flow table entry but before the hardware flow table entry and the hardware counter thereof are reset, the check engine copies the data messages because the metadata of the data messages carry the VLAN filtering packet loss action output by the forwarding engine and the class1 output by the flow table entry engine are inconsistent, adds metadata indicating VLAN filtering packet loss to the copied messages, and sends the metadata to the processing unit. The processing unit will find the matched flow table entry according to these copied packets, and confirm that the forwarding action in the software flow table entry is consistent with the forwarding action indicated by metadata of the copied packet, so execute processing 510 and discard these copied packets.
However, the time for the processing unit to complete the update of the hardware flow entry is not long, so that the data messages sent to the processing unit by the forwarded chip are few, the bandwidth of a chip channel between the forwarded chip and the processing unit is not excessively occupied, and packet loss of the messages or other messages needing to be sent to the processing unit is avoided.
In addition, it should be noted that before the data packet hardware flow entry of the data flow to which the packet 215 belongs and the counter thereof are updated, the hardware counter of the hardware flow entry of the data flow still accumulates the count value because the data packet of the same data flow matches the hardware flow entry, for example, the forwarding action recorded by the software flow entry is VLAN filtering packet loss, and class1 recorded by the hardware flow entry indicates normal forwarding, which may cause a slight error in the number of packets in the normal forwarding action in the hardware flow entry counted by the counter. However, the count value of the counter in the hardware flow entry does not affect the location of the faulty device and the location of the fault cause, and the accuracy requirement of the count value of the counter in the hardware flow entry is not high, so that a tiny error of the count value has no effect on the location of the faulty network device and the cause of the device fault.
In the embodiments shown in fig. 5 and fig. 6, the inspection engine of the network device can not only accurately determine that the parallel output forwarding action is inconsistent with the found forwarding action represented by the classID, but also send the copy packet of the data packet and the mapping metadata of the forwarding action to the processing unit, thereby triggering the processing unit to update the software flow entry, the hardware flow entry and the counter thereof, thereby accurately recording the forwarding action of the data packet in the hardware flow entry, and thus enabling the user to perform fault location based on the data in the hardware flow entry.
The method aims to overcome the problem that the original data message forwarding action cannot be obtained because the metadata of the original message is stripped after the original data message is forwarded and processed and leaves a forwarding chip; in the above example of the present application, the forwarding chip sends the duplicated data packet with the forwarding action mapping metadata to the CPU, so that the CPU obtains the forwarding action of the original data packet to create and update the software flow table entry, thereby triggering the creation and update of the hardware flow table entry.
In the embodiments shown in fig. 2 to fig. 6, the processing unit of the network device may periodically read the data flow parameters, the forwarding action type identifier, and the current count value of the counter in each hardware flow entry in the hardware flow table, and send the read parameters to the network management device through a message.
Referring to fig. 7, fig. 7 is a schematic diagram illustrating an architecture of a network device 700 according to the present embodiment. Network device 700 may be, but is not limited to, a switch or router that includes forwarding chip 710, processor (CPU) 720, and memory 730.
The forwarding chip 710 may be implemented based on an ASIC (Application Specific Integrated Circuit) or FPGA (Field-Programmable Gate Array), for example, the forwarding unit and its module may be hardware logic devices, a processor executing machine-readable instructions, or a combination of hardware logic devices and processors executing and readable instructions.
Memory 730 contains a number of encoding (coding) modules that can be executed by processor 720. The memory 730 stores a flow entry management module 731 and a software flow table, and the processor 720 implements corresponding processing by calling the flow entry management module 731 in the memory 730. The forwarding chip 710 is connected to the interface 7010 of the network device 700, and a hardware forwarding table, a hardware flow table, and a hardware check table are disposed in the forwarding chip 710. Forwarding chip 710 includes a checking unit (e.g., checking engine 713) and a parallel forwarding unit (e.g., forwarding engine 711) and a flow entry unit (e.g., flow entry engine 712).
In this embodiment, the forwarding engine 711 is configured to execute a first forwarding process on the first packet.
The flow table entry engine 712 is configured to perform a first hardware flow table entry lookup process on the first packet.
The check engine 713 is configured to obtain, from the metadata of the first packet, a forwarding action output by the first forwarding processing and a forwarding action type identifier of a first hardware flow entry of a first data stream to which the first packet found in the hardware flow table belongs through the first hardware flow table entry lookup processing, find a hardware check table according to the first forwarding action and the forwarding action type identifier of the first hardware flow entry, and when a matching consistency check entry is found, determine that a forwarding action of the first data stream packet counted by the first hardware flow entry indicated by the forwarding action type identifier of the first hardware flow entry is consistent with the first forwarding action.
The hardware checking table comprises a plurality of consistency checking table entries, and each consistency checking table entry comprises a forwarding action and a forwarding action type identifier corresponding to the forwarding action.
Optionally, the forwarding engine 711 may also be configured to perform a second forwarding process on the second packet.
Flow entry engine 712 may also be used to perform a second hardware flow entry lookup process on the second packet.
The check engine 713 may further be configured to obtain, from the metadata of the second packet, a forwarding action output by the second forwarding processing and a forwarding action type identifier recorded in a second hardware flow entry of a second data flow to which the second packet output by the second hardware flow entry lookup processing belongs, find, according to the second forwarding action and the forwarding action type identifier recorded in the second hardware flow entry, a matching consistency check entry in the hardware check table, copy the second packet, and add mapping metadata of the second forwarding action to the copied second packet.
The flow table entry management module 731 is configured to search a software flow table according to the data flow parameter of the second packet; when the software flow table entry matched with the second data flow to which the second message belongs is found, comparing the second forwarding action indicated by the mapping metadata with the executed forwarding action of the software flow table entry; if not, updating the forwarding action executed by the software flow table entry matched with the second data flow into a second forwarding action; and updating the forwarding action type identifier recorded in the hardware flow table entry of the second data flow to the forwarding action type identifier corresponding to the second forwarding action, and setting a counter of the hardware flow table entry of the second data flow as an initial value.
Optionally, the flow entry management module 731 may be further configured to send the data flow parameter of the second data flow, the current value of the counter in the hardware flow entry of the second data flow, and the recorded forwarding action type identifier to the network management device through a packet before updating the forwarding action type identifier recorded in the hardware flow entry of the second data flow to the forwarding action type identifier corresponding to the second forwarding action.
Optionally, the forwarding engine 711 may also be configured to perform a third forwarding process on the third packet.
Flow entry engine 712 may also be used to perform a third hardware flow entry lookup process on the third packet.
The check engine 713 may further be configured to obtain, from the metadata of the third packet, a forwarding action output by the third forwarding processing and a hardware flow table entry identifier output by the third hardware flow table entry lookup processing, where the matching hardware flow table entry identifier is not found in the hardware flow table; and copying the third message and adding mapping metadata of the third forwarding action to the copied third message according to the third forwarding action and the consistency check table entry which is not searched for and matched with the identifier of the hardware flow table entry.
The flow table entry management module 731 may be further configured to search a software flow table according to the data flow parameter of the copied third packet; determining a software flow table entry matched with a third data flow to which the copied third message belongs, and establishing a third software flow table entry matched with the third data flow in the software flow table according to the data flow parameters of the copied third message; recording a third forwarding action in the newly-built third software flow table entry; recording a third hardware flow table entry of a third data flow in the hardware flow table according to the data flow parameters, and recording a forwarding action type identifier corresponding to a third forwarding action in the third hardware flow table entry; and setting a counter of the third hardware flow table entry as an initial value.
The flow table entry management module 731 may also be configured to periodically read the data flow parameter, the forwarding action type identifier, and the current count value of the counter in each hardware flow table entry in the hardware flow table, and send the current count value to the network management device through a message.
In summary, according to the data flow forwarding state recording method and the network device provided by the present disclosure, the network device performs parallel forwarding processing and hardware flow table entry lookup processing on a received packet, searches a hardware check table according to a forwarding action output by the forwarding processing in metadata of the packet and a forwarding action type identifier recorded in a hardware flow table entry of a data flow to which the packet belongs, which is searched in the hardware flow table by the hardware flow table entry lookup processing, and determines that a counted forwarding action of the data flow to which the packet belongs, which is indicated by the forwarding action type identifier recorded in the first hardware flow table entry, is consistent with the forwarding action output by the forwarding processing if a matched consistency check table entry is found. Therefore, whether the forwarding action of the message in the data stream changes can be judged, so that the forwarding state of the data stream message can be accurately recorded in the hardware stream table entry, and the fault can be accurately positioned based on the data in the hardware stream table entry.
The above description is only for the specific embodiments of the present disclosure, but the scope of the present disclosure is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present disclosure, and all the changes or substitutions should be covered within the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (10)

1. A method for recording a forwarding state of a data stream, the method comprising:
executing parallel first forwarding processing and first hardware flow table item searching processing on a first message;
acquiring a first forwarding action output by the first forwarding process and a forwarding action type identifier of a first hardware flow entry record of a first data flow to which the first message searched in a hardware flow table is attached, wherein the forwarding action type identifier is searched by the first hardware flow entry from metadata of the first message;
searching a hardware check table according to the first forwarding action and the forwarding action type identifier recorded by the first hardware flow table entry, wherein the hardware check table stores a plurality of high-priority consistency check table entries and low-priority forwarding action metadata mapping table entries;
when the matched consistency check table entry is found, determining that the forwarding action of the first data flow packet counted by the first hardware flow table entry indicated by the forwarding action type identifier recorded in the first hardware flow table entry is consistent with the first forwarding action.
2. The method of claim 1, further comprising:
executing parallel second forwarding processing and second hardware flow table item searching processing on the second message;
obtaining a second forwarding action output by the second forwarding processing from the metadata of the second message and a forwarding action type identifier recorded in a second hardware flow table item of a second data flow to which the second message output by the second forwarding processing belongs from the second hardware flow table item searching processing;
according to the second forwarding action and the forwarding action type identification recorded by the second hardware flow table entry, not finding the matched consistency check table entry;
copying the second message and adding mapping metadata of the second forwarding action to the copied second message;
searching a software flow table item matched with the second data flow in a software flow table according to the copied data flow parameter of the second message;
comparing the second forwarding action indicated by the mapping metadata of the copied second packet with the executed forwarding action of the software flow table entry;
if not, updating the executed forwarding action of the software flow table entry matched with the second data flow to the second forwarding action;
updating the forwarding action type identifier recorded in the hardware flow table entry of the second data flow to a forwarding action type identifier corresponding to the second forwarding action;
and setting a counter of a hardware flow table entry of the second data flow as an initial value.
3. The method of claim 2, further comprising: before updating the forwarding action type identifier recorded in the hardware flow entry of the second data flow to the forwarding action type identifier corresponding to the second forwarding action, sending the data flow parameter of the second data flow, the current count value of the counter in the hardware flow entry of the second data flow, and the recorded forwarding action type identifier to network management equipment through a message.
4. The method of claim 1, further comprising:
executing parallel third forwarding processing and third hardware flow table item searching processing on the third message;
acquiring a third forwarding action output by the third forwarding processing and a hardware flow table entry identifier which is output by the third hardware flow table entry searching processing and is not searched for matching in the hardware flow table from metadata of the third packet;
according to the third forwarding action and the identifier of the hardware flow table item which is not searched for and matched, a consistency check table item which is not searched for and matched is found in the hardware check table;
copying the third message and adding mapping metadata of the third forwarding action to the copied third message;
searching a software flow table according to the data flow parameter of the copied third message;
determining a software flow table entry which is not found and matched with a third data flow to which the copied third message belongs, and creating a third software flow table entry matched with the third data flow in the software flow table according to data flow parameters of the copied third message;
recording the third forwarding action in the newly-built third software flow table entry;
recording a third hardware flow table entry of the third data flow in the hardware flow table according to the data flow parameter, and recording a forwarding action type identifier corresponding to the third forwarding action in the third hardware flow table entry; setting a counter of the third hardware flow table entry to an initial value.
5. The method according to any one of claims 1-4, further comprising:
periodically reading the data flow parameter, the forwarding action type identifier and the current count value of the counter in each hardware flow table entry in the hardware flow table, and sending the data flow parameter, the forwarding action type identifier and the current count value of the counter to the network management equipment through the message.
6. A network device comprising a checking unit and a forwarding unit and a flow entry unit in parallel;
the forwarding unit is configured to perform a first forwarding process on the first packet;
the flow table entry unit is used for executing first hardware flow table entry searching processing on the first message;
the checking unit is configured to obtain, from the metadata of the first packet, a first forwarding action output by the first forwarding processing and a forwarding action type identifier of a first hardware flow entry record of a first data flow to which the first packet found in a hardware flow table belongs by the first hardware flow table entry lookup processing, searching a hardware checking table according to the first forwarding action and the forwarding action type identifier recorded in the first hardware flow table entry, when the matching consistency check table entry is found, determining that the forwarding action of the first data flow packet counted by the first hardware flow table entry and indicated by the forwarding action type identifier recorded in the first hardware flow table entry are consistent with the first forwarding action, the hardware checking table stores a plurality of consistency checking table entries with high priority and forwarding action metadata mapping table entries with low priority.
7. The network device of claim 6, wherein the network device further comprises a flow table entry management module;
the forwarding unit is further configured to perform a second forwarding process on the second packet;
the flow table entry unit is further configured to perform a second hardware flow table entry lookup process on the second packet;
the checking unit is further configured to obtain, from the metadata of the second packet, a second forwarding action output by the second forwarding processing and a forwarding action type identifier recorded in a second hardware flow entry of a second data flow to which the second packet belongs, the forwarding action type identifier being searched and processed from the second hardware flow entry, copy the second packet and add mapping metadata of the second forwarding action to the copied second packet according to the consistency check entry that is not found and matched by the second forwarding action and the forwarding action type identifier recorded in the second hardware flow entry;
the flow table entry management module is configured to find, in a software flow table, a software flow table entry matching the second data flow to which the copied second packet belongs according to the data flow parameter of the copied second packet, and compare the second forwarding action indicated by the mapping metadata with the executed forwarding action of the software flow table entry; if not, updating the executed forwarding action of the software flow table entry matched with the second data flow to the second forwarding action; updating the forwarding action type identifier recorded in the hardware flow table entry of the second data flow to the forwarding action type identifier corresponding to the second forwarding action, and setting a counter of the hardware flow table entry of the second data flow as an initial value.
8. The network device of claim 7,
the flow table entry management module is further configured to send the data flow parameter of the second data flow, the current count value of the counter in the hardware flow table entry of the second data flow, and the recorded forwarding action type identifier to a network management device through a packet before updating the forwarding action type identifier recorded in the hardware flow table entry of the second data flow to the forwarding action type identifier corresponding to the second forwarding action.
9. The network device of claim 6,
the forwarding unit is further configured to perform a third forwarding process on the third packet;
the flow table entry unit is further configured to perform a third hardware flow table entry lookup process on the third packet;
the checking unit is further configured to obtain, from the metadata of the third packet, a third forwarding action output by the third forwarding processing and a hardware flow table entry identifier output by the third hardware flow table entry lookup processing and not found in the hardware flow table and matched with the third forwarding action, copy the third packet and add mapping metadata of the third forwarding action to the copied third packet according to the third forwarding action and the consistency check table entry not found in the hardware check table and not found in the matched hardware flow table entry identifier;
the flow table item management module is used for searching a software flow table according to the data flow parameters of the copied third message; determining a software flow table which is not found and matched with a third data flow to which the copied third message belongs, and creating a third software flow table item matched with the third data flow in the software flow table according to the data flow parameters of the copied third message; recording the third forwarding action in the newly-built third software flow table entry; recording a third hardware flow table entry of the third data flow in the hardware flow table according to the data flow parameter, and recording a forwarding action type identifier corresponding to the third forwarding action in the third hardware flow table entry; setting a counter of the third hardware flow table entry to an initial value.
10. The network device according to any one of claims 6 to 9, wherein the flow entry management module is further configured to periodically read the data flow parameter, the forwarding action type identifier, and the current count value of the counter in each hardware flow entry in the hardware flow table, and send the data flow parameter, the forwarding action type identifier, and the current count value of the counter to the network management device through a message.
CN201910682733.0A 2019-07-26 2019-07-26 Data flow forwarding state recording method and network equipment Active CN110430138B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910682733.0A CN110430138B (en) 2019-07-26 2019-07-26 Data flow forwarding state recording method and network equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910682733.0A CN110430138B (en) 2019-07-26 2019-07-26 Data flow forwarding state recording method and network equipment

Publications (2)

Publication Number Publication Date
CN110430138A CN110430138A (en) 2019-11-08
CN110430138B true CN110430138B (en) 2022-02-22

Family

ID=68412715

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910682733.0A Active CN110430138B (en) 2019-07-26 2019-07-26 Data flow forwarding state recording method and network equipment

Country Status (1)

Country Link
CN (1) CN110430138B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150328B (en) * 2022-09-07 2022-11-15 珠海星云智联科技有限公司 Flow table hardware unloading method, device and medium
CN116996438B (en) * 2023-09-22 2023-12-22 新华三技术有限公司 Flow table management method and device

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2391106A1 (en) * 2010-05-28 2011-11-30 Funai Electric Co., Ltd. Private branch exchange with hunt group
CN104796336A (en) * 2014-01-20 2015-07-22 华为技术有限公司 Methods and devices for configuring and issuing Open Flow items
US9240975B2 (en) * 2013-01-30 2016-01-19 Palo Alto Networks, Inc. Security device implementing network flow prediction
CN105339934A (en) * 2014-05-22 2016-02-17 华为技术有限公司 Packet processing method and apparatus
CN105765922A (en) * 2014-11-04 2016-07-13 华为技术有限公司 Flow entry processing method and apparatus
CN109347745A (en) * 2018-09-20 2019-02-15 郑州云海信息技术有限公司 A kind of flow table matching process and device based on OpenFlow interchanger
CN109688148A (en) * 2018-12-29 2019-04-26 苏州睿安芯微电子有限公司 A kind of system and method for making retransmission protocol secure network by oneself based on software configuration
CN109962832A (en) * 2017-12-26 2019-07-02 华为技术有限公司 The method and apparatus of Message processing
CN109981409A (en) * 2019-03-26 2019-07-05 新华三技术有限公司 Message forwarding method, device and forwarding device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014166073A1 (en) * 2013-04-09 2014-10-16 华为技术有限公司 Packet forwarding method and network device
ES2707746T3 (en) * 2014-04-04 2019-04-04 Huawei Tech Co Ltd Method of message processing in a network, message forwarding equipment in a network and message processing system in a network

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2391106A1 (en) * 2010-05-28 2011-11-30 Funai Electric Co., Ltd. Private branch exchange with hunt group
US9240975B2 (en) * 2013-01-30 2016-01-19 Palo Alto Networks, Inc. Security device implementing network flow prediction
CN104796336A (en) * 2014-01-20 2015-07-22 华为技术有限公司 Methods and devices for configuring and issuing Open Flow items
CN105339934A (en) * 2014-05-22 2016-02-17 华为技术有限公司 Packet processing method and apparatus
CN105765922A (en) * 2014-11-04 2016-07-13 华为技术有限公司 Flow entry processing method and apparatus
CN109962832A (en) * 2017-12-26 2019-07-02 华为技术有限公司 The method and apparatus of Message processing
CN109347745A (en) * 2018-09-20 2019-02-15 郑州云海信息技术有限公司 A kind of flow table matching process and device based on OpenFlow interchanger
CN109688148A (en) * 2018-12-29 2019-04-26 苏州睿安芯微电子有限公司 A kind of system and method for making retransmission protocol secure network by oneself based on software configuration
CN109981409A (en) * 2019-03-26 2019-07-05 新华三技术有限公司 Message forwarding method, device and forwarding device

Also Published As

Publication number Publication date
CN110430138A (en) 2019-11-08

Similar Documents

Publication Publication Date Title
Li et al. Lossradar: Fast detection of lost packets in data center networks
Oran OSI IS-IS intra-domain routing protocol
US7411957B2 (en) Hardware filtering support for denial-of-service attacks
CN108123824B (en) Network fault detection method and device
US9680720B1 (en) Operations, administration, and maintenance (OAM) engine
CN110830371B (en) Message redirection method and device, electronic equipment and readable storage medium
US9363234B2 (en) Fast update filter
CN108768866B (en) Cross-card forwarding method and device for multicast message, network equipment and readable storage medium
US11652735B2 (en) Multicast data packet processing method, and apparatus
CN110430138B (en) Data flow forwarding state recording method and network equipment
CN110708250A (en) Method for improving data forwarding performance, electronic equipment and storage medium
CN110113230B (en) Message statistical method and network equipment
US11838318B2 (en) Data plane with connection validation circuits
US11323381B2 (en) Dropped packet detection and classification for networked devices
CN105743687B (en) Method and device for judging node fault
US20080130503A1 (en) Method and system for forwarding ethernet frames over redundant networks with all links enabled
EP3355520B1 (en) System and method for traffic steering and analysis
WO2021027420A1 (en) Method and device used for transmitting data
CN102763376B (en) Method and system for common group action filtering in telecom network environments
WO2022100108A1 (en) Method, apparatus and system for processing fault
CN108183851B (en) Message forwarding method and forwarding equipment
US11546260B1 (en) Network device and media access control address learning method therefor
CN114615200A (en) Elephant flow detection method and device based on ACL
CN111262713B (en) Message multicast processing method, processing device, readable medium and system
CN108632115B (en) System and method for testing timing of idle of POF (Point-of-Care) switch

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant