CN113746802A - Method in network function virtualization and VNF device with full storage of local state and remote state - Google Patents

Method in network function virtualization and VNF device with full storage of local state and remote state Download PDF

Info

Publication number
CN113746802A
CN113746802A CN202110881946.3A CN202110881946A CN113746802A CN 113746802 A CN113746802 A CN 113746802A CN 202110881946 A CN202110881946 A CN 202110881946A CN 113746802 A CN113746802 A CN 113746802A
Authority
CN
China
Prior art keywords
state
network function
remote
local
remote data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110881946.3A
Other languages
Chinese (zh)
Other versions
CN113746802B (en
Inventor
张娇
罗惠民
潘恬
黄韬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN202110881946.3A priority Critical patent/CN113746802B/en
Publication of CN113746802A publication Critical patent/CN113746802A/en
Application granted granted Critical
Publication of CN113746802B publication Critical patent/CN113746802B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2517Translation of Internet protocol [IP] addresses using port numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application provides a method in network function virtualization and a VNF device with fully stored local state and remote state, wherein the method comprises the following steps: generating a state of a virtualized network function; and storing the state into a local memory and a remote data repository respectively, wherein the state in the local memory is used for accessing and reading the virtualized network function VNF, and the state in the remote data repository is used for confirming the state. The method and the device can improve the fault recovery capability and the capacity reduction and expansion capability of the VNF, ensure that time delay is not influenced, and realize state synchronization.

Description

Method in network function virtualization and VNF device with full storage of local state and remote state
Technical Field
The present application relates to the field of virtualized network functions, and in particular, to a method in network function virtualization and a VNF device with full storage of local state and remote state.
Background
Network Function Virtualization (NFV) is proposed by the European Telecommunications Standards Institute (ETSI), and a NFV system architecture is constructed by three layers of hardware resources, Virtualization and VNF, and a Management and organization (MANO) domain, which are used as computing, storage and network resources. With the advent of NFV, Virtualized Network Functions (VNFs), such as transcoders, firewalls, etc., are implemented by specialized hardware devices that convert all of them to completion on software-based devices.
The storage mode of the VNF model in the related art can be roughly classified into a mode of only local state storage, only remote state storage, and local + remote partial state storage. However, each mode has different drawbacks.
For the problem that operations for realizing VNF cluster scaling and fault recovery are complex due to tight coupling between the state of the virtualized network function and the processing in the related art, no effective solution is proposed at present.
Disclosure of Invention
For the problems in the prior art, the present application provides a method in network function virtualization and a VNF device with fully stored local state and remote state, which can solve the problem in the related art that operations for implementing VNF cluster scaling and fault recovery are complex due to tight coupling between the state and processing of a virtualized network function.
In order to solve at least one of the above problems, the present application provides the following technical solutions:
in a first aspect, the present application provides a method in network function virtualization, comprising:
generating a state of a virtualized network function;
and storing the state into a local memory and a remote data repository respectively, wherein the state in the local memory is used for accessing and reading the virtualized network function VNF, and the state in the remote data repository is used for confirming the state.
Further, the method further comprises: implementing remote state access in the VNF based on a preset virtualization network function, wherein the preset virtualization network function includes at least one of: firewall, network address translation NAT.
Further, under the condition that the preset virtualization network function comprises the firewall, comparing the state in the local memory with the state in the firewall according to the received TCP or UDP connection request; responding to the TCP or UDP connection request if the state comparison results in the local memory are matched; if there is no rule corresponding to the connection request in the state in the local memory, the firewall sends a confirmation instruction to the remote data repository for querying to inquire whether the state update occurs in the remote data repository: if the state is updated, the data storage library is used for sending the updated state to the firewall for storage and responding to the connection request; responding to the TCP or UDP connection request if there is no update of the state.
Further, under the condition that the preset virtualization network function comprises the NAT, according to a received TCP or UDP connection request, matching the extracted IP address and port number with the state in the local memory; if the matching is successful, converting the IP address and the network address of the port number into a public network address and then forwarding; if the matching fails, the NAT sends a confirmation instruction to the remote data repository for inquiring to inquire whether the state updating occurs in the remote data repository: if the state is updated, the data storage library is used for sending the updated state to the firewall for storage and responding to the connection request; responding to the TCP or UDP connection request if there is no update of the state.
Further, still include: through a network function host, a DPDK library is adopted for building a virtual network function instance in the network function host.
Further, the local memory includes: a local data store, wherein a hash table-based number data structure is employed in the hash table local data store; under the condition of hash collision, after a new space is reconstructed according to the position of the current hash value, the new space is inserted into the position of the current hash value in a linked list mode.
Further, a Redis network database is employed in the remote data repository.
In a second aspect, the present application provides a VNF device with full storage of local state and remote state, including: a processor; and a memory coupled to the processor, the memory for storing computer instructions that, when executed by the processor, cause the processor to: generating a state of a virtualized network function; and storing the state into a local memory and a remote data repository respectively, wherein the state in the local memory is used for accessing and reading the virtualized network function VNF, and the state in the remote data repository is used for confirming the state.
Further, the apparatus further comprises: the method comprises the following steps that a control center is used for carrying out preset operation on a local memory and a remote data storage library, wherein the preset operation at least comprises one of the following operations: adding a state, deleting the state, modifying the state and synchronizing the state; the control center is used for simultaneously sending the instances of the preset virtualized network function and the remote data storage libraries when sending the adding, modifying or deleting instructions of the state so as to synchronize the state; the control center is used for simultaneously sending the virtualized network function instance and the remote data repository when a synchronization instruction of the state is sent so as to synchronize the state; the control center is further configured to establish a new instance based on network function virtualization when a virtual network function fails, relocate a stream to the new instance, and send all stored states to the new instance in the remote data repository.
Further, the apparatus further comprises: implementing a remote state access function in the VNF based on a preset virtualization network function, wherein the preset virtualization network function at least includes one of: firewall, network address translation NAT.
In a third aspect, the present application provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method in the network function virtualization when executing the program.
In a fourth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method in network function virtualization.
As can be seen from the foregoing technical solutions, the present application provides a method in network function virtualization and a VNF device with fully stored local state and remote state, by generating a state of a virtualized network function; and storing the states to a local memory and a remote data repository respectively, wherein the state in the local memory is used for accessing and reading the VNF, and the state in the remote data repository is used for confirming the state, so that the purpose of decoupling the VNF from the state is achieved, the fault recovery capability and the capacity reduction capability of the VNF are improved, meanwhile, the delay is not affected, the technical effect of state synchronization is achieved, and the technical problem that the operation of VNF cluster capacity reduction and fault recovery is complex due to tight coupling between the state and the processing of the VNF is solved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a VNF device for storing local state and remote state fully in an embodiment of the present application;
fig. 2 is a schematic diagram illustrating an implementation principle of a VNF device with fully stored local state and remote state in an embodiment of the present application;
FIG. 3 is a flow chart illustrating a method for network function virtualization according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a VNF in a virtual machine in the embodiment of the present application;
FIG. 5 is a schematic diagram of a storage structure of a data storage library according to an embodiment of the present application;
fig. 6 is a schematic processing flow diagram of the control center in the embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The inventor finds that the storage modes of the existing VNF model can be roughly divided into the following three types:
local state only storage: early work in NFV management typically assumed that Network Function (NF) states were partitionable, so they did not address the problem of shared states. Some address elastic only NFs in the per-flow state. In this case, state transitions are avoided by only directing new flows to new NF instances. Thus, earlier systems did not accommodate NFs having a shared or more general state.
The following drawbacks are stored for the local-only state: only VNFs of local state storage, when failing, virtualization technology supports fast start-up of new instances and Software Defined Networking (SDN) allows traffic redirection to new instances. But the new VNF instance does not contain the original mapping inside, so that the state matching fails. And asymmetric and multi-path routing may pose further difficulties for VNFs that only store local state, in that asymmetric and multi-path routing involves that traffic in a given flow may traverse different paths and thus be handled by different instances. Since the states are stored locally, the internal states of different instances are different, which causes an exception to the processing result.
Remote state storage only: murad Kablan proposes a remote-only approach, namely a new network function virtualization architecture, called stateless network function SNF, which separates the state of the network and the components performing network processing according to the characteristics of the existing network functions, and in the data layer, designs a data storage layer for locally stateless virtualized network functions and centralized storage states. A more flexible network functional infrastructure is achieved while breaking this tight coupling. The processing example of the stateless network function is based on an efficient pipeline architecture, and uses the DPDK library to perform packet processing to achieve the input and output of a high performance network, and encapsulates it into a container for easy deployment.
The following drawbacks exist for remote state storage only: this method of remote storage only comes at the cost of performance. In statelessNF, all state accesses are remote, which not only adds packet latency, but also consumes additional CPU cycles and network bandwidth for remotely stored I/O. Final evaluation showed that the remote-only approach resulted in a 2-3 fold decrease in throughput and a 100 fold increase in packet delay relative to NF using local state.
Local + remote part state storage: in this model, the states are distributed and open to NF developers in a local or remote manner. All NF states are defined by the developer as local or remote and accessed accordingly. Both OpenNF and SplitMerge use this model. For high performance, partitionable state is typically defined as local state (similar to local-only NFs), while non-partitionable state requires explicit push/pull function calls to synchronize with remote state.
The following drawbacks exist for local + remote part state storage: because only a part of the states are stored locally, the time delay is far longer than that of the network functions with the states, and long-time downtime is caused by re-partitioning the whole states when the companding event is carried out.
In view of the problems of fast failure handling, scaling and state synchronization in the virtualized network function, the present application provides a VNF device with full storage of local state and remote state, as shown in fig. 1, which specifically includes:
a processor 1; and
a memory 2 coupled to the processor, the memory for storing computer instructions that, when executed by the processor, cause the processor to:
generating a state of a virtualized network function;
and storing the state into a local memory and a remote data repository respectively, wherein the state in the local memory is used for accessing and reading the virtualized network function VNF, and the state in the remote data repository is used for confirming the state.
As can be seen from the foregoing description, the VNF device with fully stored local state and remote state provided in the embodiment of the present application generates a state of a virtualized network function; and storing the states to a local memory and a remote data repository respectively, wherein the state in the local memory is used for accessing and reading the VNF, and the state in the remote data repository is used for confirming the state, so that the purpose of decoupling the VNF from the state is achieved, the fault recovery capability and the capacity reduction capability of the VNF are improved, meanwhile, the delay is not affected, the technical effect of state synchronization is achieved, and the technical problem that the operation of VNF cluster capacity reduction and fault recovery is complex due to tight coupling between the state and the processing of the VNF is solved.
Based on the above operation of storing the states into the local memory and the remote data repository, the states are stored into the remote data repository and the local memory. Further, the state in the local is used for fast access and reading of virtual network functions and the state in the remote data repository is used for confirmation of state. Therefore, the fault processing can be carried out quickly, the scaling and the expansion become simple, and the state synchronization is realized.
As a preference in this embodiment, as shown in fig. 1, the VNF device further includes:
implementing a remote state access function in the VNF based on a preset virtualization network function, wherein the preset virtualization network function at least includes one of: firewall 3, network address translation NAT 4.
As a preferred preference in this embodiment, when the preset virtualized network function includes the firewall, comparing the state in the local memory with the state in the firewall according to the received TCP or UDP connection request;
responding to the TCP or UDP connection request if the state comparison results in the local memory are matched;
if there is no rule corresponding to the connection request in the state in the local memory, the firewall sends a confirmation instruction to the remote data repository for querying to inquire whether the state update occurs in the remote data repository:
if the state is updated, the data storage library is used for sending the updated state to the firewall for storage and responding to the connection request;
responding to the TCP or UDP connection request if there is no update of the state.
As a preferred preference in this embodiment, when the preset virtualized network function includes the NAT, matching an IP address and a port number obtained by extraction with a state in the local memory according to a received TCP or UDP connection request;
if the matching is successful, converting the IP address and the network address of the port number into a public network address and then forwarding;
if the matching fails, the NAT sends a confirmation instruction to the remote data repository for inquiring to inquire whether the state updating occurs in the remote data repository:
if the state is updated, the data storage library is used for sending the updated state to the firewall for storage and responding to the connection request;
responding to the TCP or UDP connection request if there is no update of the state.
As shown in fig. 2, the system mainly includes a data storage library 300, a host 100 carrying virtual network function instances, and a control center 200, wherein,
the host 100 refers to a network function host which is a virtual machine built on a laboratory server. In specific implementation, the model of the host end connected with the virtual machine is Inspiron5577, the CPU is Intel (R) core (TM) i7-7700HQ CPU (2.80GHz), and the memory is 16 GB. The system of the virtual machine is Ubuntu-16.04.3(64 bits), the total number of processor cores is 4, the memory size is 4GB, and the hard disk capacity is 16 GB.
As a preference in the present embodiment, the apparatus further includes: the network function host builds a virtual network function example in the network function host by adopting a DPDK library.
The DPDK library is used when a virtual network function instance is built, and particularly, the DPDK library can provide library functions and drivers for a user under an IA processor architecture, so that the user can have higher efficiency when processing data packets, namely, a data plane development tool set. The DPDK library is a library provided by intel corporation and is dedicated to accelerated processing of packets and some algorithms for table lookup. The design goal of DPDK is to make a generic design and it focuses on achieving higher efficiency when handling data packets. In particular, DPDK application successfully avoids the Linux kernel protocol stack when receiving or sending data packets because it runs in user space and uses its own provisioned data plane library when sending and receiving data packets. The user cannot directly use it to directly build the entire product of the application, so it does not have to contain a function tool that interacts with the control layer. The data plane development kit saves a lot of time for the application of the data plane because the data processing performance and throughput are greatly improved after the DPDK library is used. The efficiency of reading the data packet can be improved to ten times at most by using the data plane development toolset.
As shown in fig. 4, it is a schematic diagram of a design structure of a VNF instance in a virtual machine, and the process shown in the diagram is as follows:
first, when a data packet is sent to the VNF instance, the data packet is received through the network card 1, and then the data packet is analyzed. It is understood that parsing includes, but is not limited to, firewall reading IP address and port number and protocol, network address translation reading source IP address, source port number, destination IP address, destination port number, and protocol.
Then, connecting a local state storage library through a data storage interface according to the analyzed state to perform query, and returning a matching successful state if a matching state exists locally; if the state of the local storage does not have a matching state, the VNF sends a confirmation instruction to the remote data repository through the network card 1 to query whether the data repository is updated in state:
further, if there is a state update, the data repository will send the updated state to the local network function for storage, and then process the data packet. Similarly, if there is no update of the state, the packet is processed directly.
It can be understood that the reason for using two network cards is: firewalls operate with one network card and NATs operate with two network cards.
As shown in FIG. 5, the data structure used by the data store 300 is a hash table.
Specifically, the hash table is a data structure of a mapping type, and finds a value according to a key, that is, a key maps a position, and then the position is a position where the value is stored. It can be said that the hash table is improved on the principle of indexing value by key and the related operation of data is completed in a fixed time with the best effort, which is also in line with the requirement of implementing NAT in the embodiment of the present application.
For example, suppose for NAT, if a 5-tuple is defined, there is stored a source IP address, source port number, destination IP address, destination port number extracted from the header of the IP datagram, and the protocol used (TCP/UDP). When a forwarding request is sent, the host computer calculates a hash value according to the IP address and the Port number, and then searches for a matching rule according to the hash value.
However, when the amount of data to be stored exceeds the maximum capacity of the hash table, at least two values are mapped to the same hash value of the hash table. That is, when a packet is sent to the host, the host calculates a hash value according to the IP address and the Port number, but the hash values calculated by two different IP addresses and Port numbers may be the same, and a hash collision may occur.
As a preferred option in this embodiment, the local memory includes: a local data store, wherein a hash table-based number data structure is employed in the hash table local data store; under the condition of hash collision, after a new space is reconstructed according to the position of the current hash value, the new space is inserted into the position of the current hash value in a linked list mode.
Specifically, the chain address method in the embodiment of the present application can well solve the problems that the node space cannot be dynamically applied and the pile-up phenomenon is relatively easy to occur. The principle of the chain address method is that if a hash collision is encountered, a new space is reconstructed at the position of the hash value, and then the new space is inserted into the position of the hash value in a chain table manner. I.e. using a linked list to insert after an address of a hash value. Since the hash table can achieve the time complexity of O (1) most of the time when performing the lookup or insertion operation, all the calculated hash values correspond to the same position in only a few cases, so that the time complexity becomes O (n). Therefore, the time consumed by the hash table is mainly spent on calculating the hash value, and the hash table is a relatively efficient data structure.
As a preferred feature in this embodiment, a Redis network database is employed in the remote data repository.
The concept of decoupling in view of implementing states is an important concern for local state storage and remote data store storage. In other words, each component can focus more on its specific function when in a separated state and processed. Since the virtualized network function VNF only has to complete the handling of the flow and match the state, there is no need to worry about the problem of copying of the state. The remote data store makes the state scalable. Because of this state decoupling, and because this state separation occurs on the critical path of packet processing, the remote data store must also be able to complete low latency read accesses. In terms of my needs, the Redis network database is employed in embodiments of the present application as a remote data store, and thus as a data store that does not require transactional support. Redis is typically used as software that stores open-source in-memory data structures that act as databases, caches, or message brokers.
As shown in fig. 5, the data type of hash provided in Redis, when storing in Redis, the value stored internally is actually a hash map. In specific implementation, the name of the VNF instance may be stored as a key stored by Redis, and the IP address and the rule may be initially stored as a value stored by Redis. And by adopting a hash data structure, values stored in Redis are divided into keys and values again, wherein I take an IP address as a field (second key) and a rule as a value (second value), so that the storage of data is completed.
As shown in fig. 6, the control center 200 includes adding, deleting, and modifying states and completing states of data storage. When the control center adjusts the sending state, including but not limited to adding, modifying and deleting instructions, the control center sends all the virtual network function instances and the remote data storage library at the same time, so that the synchronization of the state is ensured.
When the virtual network function fails (usually, a crash occurs), the network function virtualization supports to quickly establish a new instance and relocate the stream to the new instance, and at this time, the remote data repository sends all the states stored therein to the new instance to realize state synchronization, thereby realizing state matching and quickly completing fault processing.
Wherein the state adjustment includes but is not limited to: the method comprises the steps of adding, deleting, modifying, inquiring, and enabling a control center to be responsible for artificially inputting state instructions, adding, deleting and modifying states of VNF instances and remote data repositories, and providing a state inquiry function.
Wherein, the state synchronization means: when the control center adjusts the sending state, including but not limited to adding, modifying and deleting instructions, the control center sends all the virtual network function instances and the remote data storage libraries at the same time, so that the synchronization of the state is ensured. And when the virtual network function is failed, the network function virtualization supports to quickly establish a new instance and relocate the stream to the new instance, and at the moment, the remote data storage library sends all the states stored in the new instance to the new instance, so that other instances are not required to be influenced, and the state synchronization is completed.
In order to implement fast failure handling, scaling and state synchronization of the virtualized network function, the present application provides an embodiment of a method for implementing all or part of the VNF device with full storage of the local state and the remote state, and with reference to fig. 3, the method specifically includes the following steps:
step S301, generating a state of a virtualized network function;
step S302, the states are respectively stored in a local memory and a remote data repository, where the states in the local memory are used for accessing and reading the VNF, and the states in the remote data repository are used for confirming the states.
As can be seen from the foregoing description, the method for virtualizing a network function provided in the embodiments of the present application generates a state of the virtualized network function; and storing the states to a local memory and a remote data repository respectively, wherein the state in the local memory is used for accessing and reading the VNF, and the state in the remote data repository is used for confirming the state, so that the purpose of decoupling the VNF from the state is achieved, the fault recovery capability and the capacity reduction capability of the VNF are improved, meanwhile, the delay is not affected, the technical effect of state synchronization is achieved, and the technical problem that the operation of VNF cluster capacity reduction and fault recovery is complex due to tight coupling between the state and the processing of the VNF is solved.
Based on the method, the state is respectively stored in the local memory and the remote data storage library, that is, the state is respectively stored in the remote data storage library and the local memory. Further, the state in the local is used for fast access and reading of virtual network functions and the state in the remote data repository is used for confirmation of state. Therefore, the fault processing can be carried out quickly, the scaling and the expansion become simple, and the state synchronization is realized.
As a preferred embodiment of the present invention, the control center performs a preset operation on the local memory and the remote data storage, where the preset operation at least includes one of the following operations: adding a state, deleting the state, modifying the state and synchronizing the state; when the control center sends a state adding, modifying or deleting instruction, the control center simultaneously sends the preset virtualized network function instance and the remote data repository to synchronize the states; when the control center sends a state synchronization instruction, the control center simultaneously sends the virtualized network function instance and the remote data repository to synchronize states; when a virtual network function fails, a new instance is created based on network function virtualization, and streams are relocated to the new instance, while the stored state is all sent to the new instance in the remote data repository.
As a preference in this embodiment, the method further includes: implementing a remote state access function in the VNF based on a preset virtualization network function, wherein the preset virtualization network function at least includes one of: firewall, network address translation NAT.
It should be noted that state is stored locally, so for firewall and NAT network address translation, it is observed that one read per packet needs to be done, and at most one additional read to the remote data store is needed at the beginning and end of each connection and usually occurs with little probability.
Further, in the embodiment of the present application, based on the firewall with the preset virtualized network function or the NAT, the remote status access is implemented, taking the TCP request as an example:
for the firewall, when receiving a TCP connection request, the network function directly compares the state of the local storage with the state of the local storage, if the state of the local storage corresponds to a rule, the firewall directly responds, receives the request, rejects or discards the request; if there is no rule corresponding to the locally stored state, the network function (firewall) will send a confirmation instruction to the remote data repository for query, asking the data repository if the state update occurs: if the state is updated, the data storage library sends the updated state to the local network function for storage, then responds to the request, and receives, rejects or discards the request; if there is no update of the state, the request is responded directly, and the state is accepted, rejected or discarded. The following is pseudo code of the firewall based remote state access logic process flow:
algorithm 1 firewall
1) if P (State of request input) belongs to locally stored state then
2) Responding to the request according to the rule; break
3)else
4) Sending confirmation instructions to a remote data store
5) if remote data repository has an update status then
6) Sending updated status to local network functions
7) Updated state then
8) Responding to the request according to the rule; break
9)else
10) Responding to the request according to a default rule; break
11) No update status then in else if data store
12) Responding to the request according to a default rule; break
For NAT (network address translation), when a connection request of an internal network is received, an IP address and a port number of the internal network are extracted, then circular matching is carried out in a locally stored state, if matching is successful, the IP address and the port number are subjected to network address translation into a public network address and then forwarded, when a response data packet is received, the IP address and the port number of the internal network which are sent originally are automatically matched, and the response data packet is sent back to an original internal network host; if the matching fails, that is, when the locally stored state does not have the matching translation rule, the network function, that is, the NAT, sends a confirmation instruction to the remote data repository for querying, and queries whether the state update occurs to the data repository: if the state is updated, the data repository sends the updated state to the local network function for storage, if the updated state has a rule matched with the updated state, the data repository performs network address translation and forwarding on the connection according to the rule, and if the updated state does not have a rule matched with the updated state, the data repository directly responds to the connection according to a default rule, including but not limited to forwarding or discarding; if there is no update of the state, the connection is responded to according to default rules. The following is pseudo code of the NAT-based remote state access logic process flow:
algorithm 2NAT
1) Extracting IP address and port number from connection S
2) if S ∈ locally stored state then
3) According to the rule, the network address conversion is carried out on the connection and the connection is forwarded; break
4)else
5) Sending confirmation instructions to a remote data store
6) if remote data repository has an update status then
7) Sending updated status to local network functions
8) Updated state then
9) According to the rule, the network address conversion is carried out on the connection and the connection is forwarded; break
10)else
11) Responding (converting and forwarding or discarding) the response according to default rules; break
12) No update status then in else if data store
13) Responding to the request according to a default rule; break
Although the present application provides method steps as described in an embodiment or flowchart, additional or fewer steps may be included based on conventional or non-inventive efforts. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or client product executes, it may execute sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the embodiments or methods shown in the figures.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects.
The embodiments of this specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The described embodiments may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of an embodiment of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and variations to the embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the embodiments of the present specification should be included in the scope of the claims of the embodiments of the present specification.

Claims (10)

1. A method for storing state in network function virtualization, comprising:
generating a state of a virtualized network function, VNF;
storing the states in a local memory and a remote data storage library respectively;
when the VNF accesses a local state stored in the local memory but cannot be matched with the local state, confirming a remote state stored in the remote data repository, where the local state and the remote state are states of the same VNF.
2. The method of claim 1, further comprising:
implementing remote state access in the VNF based on a preset virtualization network function, wherein the preset virtualization network function includes at least one of: firewall, network address translation NAT.
3. The method of claim 2,
comparing the state of the firewall with the state of the local memory according to a received TCP or UDP connection request under the condition that the preset virtualization network function comprises the firewall;
responding to the TCP or UDP connection request if the state comparison results in the local memory are matched;
if there is no rule corresponding to the connection request in the state in the local memory, the firewall sends a confirmation instruction to the remote data repository for querying to inquire whether the state update occurs in the remote data repository:
if the state is updated, the data storage library is used for sending the updated state to the firewall for storage and responding to the connection request;
responding to the TCP or UDP connection request if there is no update of the state.
4. The method of claim 2,
under the condition that the preset virtualization network function comprises the NAT, according to a received TCP or UDP connection request, matching the extracted IP address and port number with the state in the local memory;
if the matching is successful, converting the IP address and the network address of the port number into a public network address and then forwarding;
if the matching fails, the NAT sends a confirmation instruction to the remote data repository for inquiring to inquire whether the state updating occurs in the remote data repository:
if the state is updated, the data storage library is used for sending the updated state to the firewall for storage and responding to the connection request;
responding to the TCP or UDP connection request if there is no update of the state.
5. The method of claim 1, further comprising: through a network function host, a DPDK library is adopted when a virtual network function instance is built in the network function host.
6. The method of claim 1, wherein the local memory comprises: a local data store, wherein a hash table-based number data structure is employed in the hash table local data store;
under the condition of hash collision, after a new space is reconstructed according to the position of the current hash value, the new space is inserted into the position of the current hash value in a linked list mode.
7. The method of claim 1, wherein a Redis network database is employed in the remote data store.
8. A VNF device with full storage of local state and remote state, comprising:
a processor; and
a memory coupled to the processor, the memory for storing computer instructions that, when executed by the processor, cause the processor to:
generating a state of a virtualized network function;
and storing the state into a local memory and a remote data repository respectively, wherein the state in the local memory is used for accessing and reading the virtualized network function VNF, and the state in the remote data repository is used for confirming the state.
9. The apparatus of claim 8, further comprising:
the method comprises the following steps that a control center is used for carrying out preset operation on a local memory and a remote data storage library, wherein the preset operation at least comprises one of the following operations: adding a state, deleting the state, modifying the state and synchronizing the state;
the control center is used for simultaneously sending the instances of the preset virtualized network function and the remote data storage libraries when sending the adding, modifying or deleting instructions of the state so as to synchronize the state;
the control center is used for simultaneously sending the virtualized network function instance and the remote data repository when a synchronization instruction of the state is sent so as to synchronize the state;
the control center is further configured to establish a new instance based on network function virtualization when a virtual network function fails, relocate a stream to the new instance, and send all stored states to the new instance in the remote data repository.
10. The apparatus of claim 8, wherein: further comprising:
implementing a remote state access function in the VNF based on a preset virtualization network function, wherein the preset virtualization network function at least includes one of: firewall, network address translation NAT.
CN202110881946.3A 2021-08-02 2021-08-02 Method in network function virtualization and VNF device with full storage of local state and remote state Active CN113746802B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110881946.3A CN113746802B (en) 2021-08-02 2021-08-02 Method in network function virtualization and VNF device with full storage of local state and remote state

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110881946.3A CN113746802B (en) 2021-08-02 2021-08-02 Method in network function virtualization and VNF device with full storage of local state and remote state

Publications (2)

Publication Number Publication Date
CN113746802A true CN113746802A (en) 2021-12-03
CN113746802B CN113746802B (en) 2022-12-09

Family

ID=78729878

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110881946.3A Active CN113746802B (en) 2021-08-02 2021-08-02 Method in network function virtualization and VNF device with full storage of local state and remote state

Country Status (1)

Country Link
CN (1) CN113746802B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105429806A (en) * 2015-12-24 2016-03-23 武汉邮电科学研究院 Network function virtualization device and method based on data driving
CN105591801A (en) * 2015-08-11 2016-05-18 杭州华三通信技术有限公司 Virtual network function VNF fault processing method and VNF management equipment
US20170034318A1 (en) * 2014-04-14 2017-02-02 Huawei Technologies Co., Ltd. Method and apparatus for configuring redundancy solution in cloud computing architecture
CN108028827A (en) * 2015-10-21 2018-05-11 华为技术有限公司 The management method and device of certificate in network function virtualization architecture
CN112565086A (en) * 2019-09-10 2021-03-26 阿里巴巴集团控股有限公司 Distributed network system, message forwarding method, device and storage medium
CN112637105A (en) * 2019-09-24 2021-04-09 中国电信股份有限公司 Method, system, device and computer readable storage medium for switching firewall
CN112889247A (en) * 2018-10-18 2021-06-01 华为技术有限公司 VNF service instantiation method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170034318A1 (en) * 2014-04-14 2017-02-02 Huawei Technologies Co., Ltd. Method and apparatus for configuring redundancy solution in cloud computing architecture
CN105591801A (en) * 2015-08-11 2016-05-18 杭州华三通信技术有限公司 Virtual network function VNF fault processing method and VNF management equipment
CN108028827A (en) * 2015-10-21 2018-05-11 华为技术有限公司 The management method and device of certificate in network function virtualization architecture
CN105429806A (en) * 2015-12-24 2016-03-23 武汉邮电科学研究院 Network function virtualization device and method based on data driving
CN112889247A (en) * 2018-10-18 2021-06-01 华为技术有限公司 VNF service instantiation method and device
CN112565086A (en) * 2019-09-10 2021-03-26 阿里巴巴集团控股有限公司 Distributed network system, message forwarding method, device and storage medium
CN112637105A (en) * 2019-09-24 2021-04-09 中国电信股份有限公司 Method, system, device and computer readable storage medium for switching firewall

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SAMEER G KULKARNI,等: "Managing State for Failure Resiliency in Network Function Virtualization", 《2020 IEEE INTERNATIONAL SYMPOSIUM ON LOCAL AND METROPOLITAN AREA NETWORKS (LANMAN)》 *
魏亮,等: "基于强化学习的服务链映射算法", 《通信学报》 *

Also Published As

Publication number Publication date
CN113746802B (en) 2022-12-09

Similar Documents

Publication Publication Date Title
US9588807B2 (en) Live logical partition migration with stateful offload connections using context extraction and insertion
US8830870B2 (en) Network adapter hardware state migration discovery in a stateful environment
CN110177082B (en) Data processing method, device, medium and apparatus
JP6724252B2 (en) Data processing method, storage system and switching device
CN113326101B (en) Thermal migration method, device and equipment based on remote direct data storage
EP4318251A1 (en) Data access system and method, and device and network card
WO2024067336A1 (en) Packet processing method, programmable network card device, physical server, and storage medium
CN113746749A (en) Network connection device
CN116049085A (en) Data processing system and method
CN110945496A (en) System and method for state object data store
CN115202573A (en) Data storage system and method
CN113746802B (en) Method in network function virtualization and VNF device with full storage of local state and remote state
CN113765867A (en) Data transmission method, device, equipment and storage medium
US11755297B2 (en) Compiling monoglot function compositions into a single entity
US11700170B2 (en) Stateless control planes
CN109413118B (en) Method, device, storage medium and program product for realizing session synchronization
CN114338832B (en) Network protocol conversion method and system of container cloud platform
CN110875910B (en) Method, device and system for acquiring network transmission information
CN115277558B (en) Message sending method and device, computer storage medium and electronic equipment
US20230370336A1 (en) Re-simulation of updated sdn connection flows
WO2024066503A1 (en) Service invocation method and apparatus
CN117714398B (en) Data transmission system, method, electronic equipment and storage medium
US20220239767A1 (en) Efficient packet re-transmission for express data paths
US20230370326A1 (en) Efficient state replication in sdn networks
US20230070242A1 (en) Highly scalable container network interface operation to reduce startup overhead of functions

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant