KR101610048B1 - Method, apparatus and computer program for managing repository of software defined network controller - Google Patents
Method, apparatus and computer program for managing repository of software defined network controller Download PDFInfo
- Publication number
- KR101610048B1 KR101610048B1 KR1020150053537A KR20150053537A KR101610048B1 KR 101610048 B1 KR101610048 B1 KR 101610048B1 KR 1020150053537 A KR1020150053537 A KR 1020150053537A KR 20150053537 A KR20150053537 A KR 20150053537A KR 101610048 B1 KR101610048 B1 KR 101610048B1
- Authority
- KR
- South Korea
- Prior art keywords
- shared memory
- application program
- change
- controller
- memory
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
- G06F15/163—Interprocessor communication
- G06F15/167—Interprocessor communication using a common memory, e.g. mailbox
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
The present invention relates to a method, apparatus and computer program for controlling a software defined network. More particularly, the present invention relates to a method of operating a storage of a controller on a shared memory basis in a software defined network.
Software Defined Networking (SDN) is a technology that manages all the network devices in the network by an intelligent central management system. In the SDN technology, a controller provided in a software form instead of a control operation related to packet processing performed in a network device of existing hardware type has a merit in that it can develop and assign various functions over an existing network structure .
The SDN system generally comprises a controller server for controlling the entire network, a plurality of open flow switches controlled by the controller server for processing packets, and a host corresponding to a lower layer of the open flow switch. Here, the open flow switch is only responsible for transmitting and receiving packets, and routing, management, and control of the packets are all performed in the controller server. In other words, separating the data planes and control planes that form the network equipment is the basic structure of the SDN system.
SUMMARY OF THE INVENTION It is an object of the present invention to provide a method and apparatus that can minimize the delay associated with storage access in a software defined network while ensuring the stability of storage operations.
A method of operating a repository of an application program in a controller server of a software defined network according to an embodiment of the present invention includes allocating a portion of a memory to a shared memory for at least one application program; And a step of directly accessing the shared memory without using any other process in the process of executing the application program, and using the shared memory as a storage of the application program.
Meanwhile, at least one controller server that distributes and controls a software defined network according to an embodiment of the present invention operates a storage of an application program. In the first controller server in which the first controller instance is installed, Allocating a portion of the memory to a second shared memory for at least one or more application programs in a second controller server that has installed a second controller instance; The first controller server transmitting the change and change time information of the first shared memory to the second controller server; And if the second controller server needs to reflect the change of the first shared memory by using the change time information of the first shared memory, And synchronizing the second shared memory with the first shared memory using the information.
Further, a controller server for operating a storage of application programs in a software defined network according to an embodiment of the present invention includes a memory for storing data; A process of allocating a part of the memory as a shared memory for at least one application program and controlling the access to the shared memory directly as a storage of the application program without executing any other process when the application program is executed .
Meanwhile, a system for distributing and controlling a software defined network according to an exemplary embodiment of the present invention allocates a part of memory to a first shared memory for at least one application program, To the second controller server; And allocating a part of the memory to a second shared memory for at least one application program and checking whether the change in the first shared memory needs to be reflected by using the modification time information of the first shared memory, The second controller server having a second controller instance installed to synchronize the second shared memory with the first shared memory using the change information of the first shared memory when it is necessary to synchronize the second shared memory with the first shared memory .
Further, a computer program stored in a medium for performing a process of operating a storage of an application program in a controller server of a software defined network according to an embodiment of the present invention includes a function of allocating a part of memory to a shared memory for at least one application program ; And a step of accessing the shared memory directly without using any other process in the process of executing the application program and using the shared memory as a storage of the application program.
Meanwhile, a computer program stored in a medium for performing a process of operating a storage of an application program in at least one controller server that distributes and controls a software defined network according to an embodiment of the present invention includes a first controller Allocating a part of the memory to a first shared memory for at least one application program in the server, and transmitting the change and change time information of the first shared memory to the second controller server; And allocating a part of the memory to a second shared memory for at least one application program in the second controller server in which the second controller instance is installed, Checking whether the change of the memory needs to be reflected, and synchronizing the second shared memory with the first shared memory using the change information of the first shared memory when it is necessary to reflect .
According to the present invention, since the application program of the controller server does not need to communicate with a separate process to access the repository, the delay in accessing the repository is minimized, and even when an application accesses the shared memory, There is an effect that a problem can be prevented from occurring.
Furthermore, according to the present invention, it is possible to effectively synchronize storage changes among a plurality of servers (instances) implementing a distributed controller of the SDN.
1 is a diagram for explaining the configuration of a software defined network;
2 is a block diagram for explaining a structure of a controller server according to an embodiment of the present invention
3 is a flowchart illustrating a concrete method for a controller server operating a shared memory based storage according to an embodiment of the present invention.
4 is a flow chart for explaining a specific method of operating a storage of a distributed controller according to an embodiment of the present invention
It is to be understood that the present invention is not limited to the description of the embodiments described below, and that various modifications may be made without departing from the technical scope of the present invention. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail.
In the drawings, the same components are denoted by the same reference numerals. And in the accompanying drawings, some of the elements may be exaggerated, omitted or schematically illustrated. It is intended to clearly illustrate the gist of the present invention by omitting unnecessary explanations not related to the gist of the present invention. Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.
1 is a diagram for explaining a configuration of a software defined network. Referring to FIG. 1, a software defined network may include a
The
The
When the
Meanwhile, the SDN of FIG. 1 can constitute a plurality of
On the other hand, the
On the other hand, the application program can access necessary data such as a network topology and a work context for a switch, a link, and the like, and share the same with other applications.
For example, the datapath manager writes information about switch specifications, status, and port information to the repository each time the switch is turned on / off, Information about the change can be recorded in the repository. Routing can read the switch information and link information from the repository to set the routing path, and write the corresponding path information to the repository after setting the routing path. Alternatively, the firewall can record the IP and port information requested by the network administrator and the corresponding statistics in the storage.
Because such applications handle the work related to sending and receiving packets, storage access requires a very fast response time, ie low latency design. On the other hand, storage is directly connected to the stability of network operation, so a recoverable and stable design is also required at the same time.
Such repositories have traditionally been implemented using independent software products, such as distributed databases or file systems in general. Among them, the memory cache has the fastest response speed, but there is a limitation that the application program must access the cache program to access the storage.
That is, in order for an application to access the repository, the process that processes the application communicates with the database or the process that processes the memory cache to deliver a message about the repository query or change, A procedure for transferring a process completion message to a process that processes an application program is required.
Here, the time to communicate with other processes to access the repository or the cost of context switching between processes is not a very important factor in a typical system. However, in a network system where a large number of packets are required to be processed in real time, dramatic performance improvements can be expected by reducing these costs.
SUMMARY OF THE INVENTION It is an object of the present invention to solve the above problems. According to an embodiment of the present invention, a shared memory is allocated to a storage of an application program, and a process of processing an application program can directly access the shared memory without going through another process. This architecture allows applications to handle events such as packet in and topology change at microsecond level.
As a result of measuring the processing speed when the storage is operated on the basis of the shared memory according to the embodiment of the present invention, the time required for the storage inquiry and / or recording is several tens of minutes to several hundreds Of the total population. (See Table 1)
Table 1 compares the shared memory method according to the present invention with Redis, which is the fastest known memory cache software, in terms of time required for storage access. Table 1 shows a single-threaded experiment.
Further, according to the embodiment of the present invention, in order to secure the stability of the storage operation, if the application program is not a reliable application program, the application program can be set to access the storage after obtaining the authority. In addition, since the application program records the contents of the change before the shared memory is changed, it is easy to recover even if an application program fails while accessing the shared memory.
More specific methods will be described below with reference to the accompanying drawings.
2 is a block diagram illustrating a structure of a
2, the
The
The
The
According to an embodiment of the present invention, the
In particular, although the
The shared
The application
If the application separately handles setting and / or revoking permissions for storage access, it can be slower than otherwise. Therefore, according to the embodiment of the present invention, a trusted application program can access the shared memory at any time, and can set access authority only for an untrusted application program.
The shared
The shared
For example, the shared
In general, the probability that an application will fail in the middle of a shared memory access is very low, so even if the shared memory recovery module periodically checks the status of the application, there is little practical load. On the other hand, the system stability is greatly improved.
In the example of FIG. 2, the
The shared
The shared
3 is a flowchart illustrating a concrete method for the
In
In
For example, the controller kernel may be an application that has not failed over a period of time, or an application provided by the provider of the controller server, may not authenticate the trust, or the application written by the user may not authenticate the trust.
In
For example, the controller kernel can pass information about the shared memory area, the recovery information area, and the shared
Further, the controller kernel may provide the shared
According to an embodiment of the present invention, as shown in FIG. 3, after
More specifically, if an event such as a packet is being generated at
At this time, the application program that has been authenticated as trusted in
On the other hand, an application program not authenticated in
Meanwhile, an application program accessing the shared memory can inquire or write the shared memory through the shared
At this time, when data of the shared memory is to be added, deleted, modified, or the like, the application program may record the contents of the change schedule in the
More specifically, in
On the other hand, in the distributed controller environment, each of the controller instances may have a storage, and according to an embodiment of the present invention, the storage of the controller instance may be operated based on the shared memory illustrated in FIG. 2 or FIG.
At this point, you can send and receive logs between the controller instances to synchronize changes in the repository. In particular, in the case of a controller instance according to an embodiment of the present invention, when the storage is changed, the synchronization processing method can be binarized according to the characteristics of the data, thereby ensuring efficiency and stability at the same time.
Further, a controller instance according to an embodiment of the present invention may issue a timestamp to minimize delay in storage synchronization in a distributed environment.
Details of the storage operation in the distributed controller environment will be described later with reference to FIG. 4 attached hereto.
4 is a flowchart illustrating a concrete method of operating a storage of a distributed controller instance according to an embodiment of the present invention. In FIG. 4, it is assumed that each repository of the controller instance is designed based on a shared memory as shown in FIGS. 2 and 3.
A case may be considered in which the first shared memory, which is a repository of the first controller instance, is changed in
According to an embodiment of the present invention, the controller instance can handle the synchronization method differently depending on the importance of the changed data.
For example, the first controller instance may determine whether real-time synchronization is required for added, deleted, or modified data (step 420) and, if real-time synchronization is required, the change may be immediately synchronized to the repository of another controller instance . (
More specifically, the first controller instance sends a log of changes to the shared memory in
Although FIG. 4 shows that the synchronization of the second shared memory proceeds (
On the other hand, when real-time synchronization of the changed data is not required, the change can be synchronized with a preset cycle. (
For example, in
The second controller instance may then synchronize the changes in the first shared memory to the second shared memory at
If the shared memory of the second controller instance has changed, then the second controller instance may also send a log of changes to the first controller instance in the same manner at
According to the embodiment of the present invention, each of the controller instances can transmit information on the change time, i.e., the addition, deletion, and modification of data, in the time stamp format, with the shared memory change as the log for storage synchronization . (
To this end, the timestamp may have a non-overlapping value for each controller instance, and each controller instance periodically communicates with another controller to periodically match the time information, You can adjust your own time stamps by referring to the instance's timestamp.
There are many ways to issue a timestamp, for example, if the number of controller instances is n, then the controller instances 1, 2, 3, ... , n-1, n are divided by n, and the rest are 1, 2, 3, ... , n-1, and 0 can be considered.
An example is provided to help you understand.
Table 2 illustrates a situation where the data values of the shared memory A position are changed to 5, 6, and 7, respectively, with the time indicated by the time stamps 97, 95, and 99 in the three controller instances as the change time.
Since there are three controller instances in total, the first controller instance can use a time stamp with the remainder being 1 divided by three. Therefore, the timestamp of the first controller instance is 1, 4, 7, ... , 91, 94, 97, 100 ... Will be increased in order. On the same principle, the timestamp of the second controller instance is 2, 5, 8, ... , 92, 95, 98, 101 ... And the time stamp of the third controller instance is 0, 3, 6, ... , 90, 93, 96, 99 ... Will be increased in order.
In this case, in the situation where A is 5 in the first controller instance (change time timestamp is 97), a log of A is 6 from the second controller instance (change time timestamp is 95) When the log of A 7 is received (time point of change time point is 99), the first controller instance does not reflect the change of the second controller since it is prior to the change of its own, The data in the first shared memory A position will be changed from 5 to 7 by reflecting this since it is a later change.
Likewise, if the second controller instance receives the log of the first controller and receives the log of the third controller, the data at the second shared memory A location will change from 6 to 5, 5 to 7. On the other hand, when the second controller instance receives the log of the first controller after receiving the log of the third controller, the change of the first controller is not reflected, and the change of the third controller is a change after the change of the first controller The data of the second shared memory A position will be changed from 6 to 7.
In the meantime, even if the third controller instance receives the logs of the first and second controllers, the change is not reflected because the change is prior to the change of the own controller, and the data of the third shared memory A is maintained at 7, 3 The data in the shared memory A location of the controller instance can be synchronized to seven.
If the time stamp scheme is used according to the embodiment of the present invention, even when a plurality of controller instances change the same position of the shared storage at a similar time, a complicated process such as exclusive rights setting or log transfer order determination The data at that position can be finally synchronized to the same value. Therefore, the time delay due to the storage synchronization in the distributed environment is reduced and the efficiency is increased.
The embodiments of the present invention disclosed in the present specification and drawings are intended to be illustrative only and not intended to limit the scope of the present invention. It is to be understood by those skilled in the art that other modifications based on the technical idea of the present invention are possible in addition to the embodiments disclosed herein.
100: Controller server
200: Open flow switch
300: Host
110: CPU
120: RAM
130: Nonvolatile memory
Claims (13)
Allocating a part of the memory as a shared memory for storing data necessary for execution of at least one application program; And
And accessing the shared memory directly without going through another process in the process of executing the application program to inquire or record data necessary for execution of the application program.
Wherein the assigning comprises:
Authenticating the trust for each of the application programs,
Wherein the querying or recording comprises:
If the first application program is not authenticated, the process executing the first application program accesses the shared memory after setting the access right to the shared memory, and releases the privilege when access is terminated; And
Wherein if the second application program is authenticated, the process executing the second application program can access the shared memory without permission setting.
Wherein the assigning comprises:
Allocating a part of the shared memory as a recovery information area for shared memory recovery,
Wherein the querying or recording comprises:
And recording the change scheduled contents in the recovery information area when the shared memory is to be changed in the process.
Checking a state of the application program at a preset cycle; And
Further comprising the step of confirming, in the recovery information area, a content of a scheduled change of the application program at the time of occurrence of a failure when the failure of the specific application program is detected, and reflecting the changed schedule content to the shared memory. How to operate.
In a first controller server in which a first controller instance is installed, a part of the memory is allocated to a first shared memory for at least one application program, and in a second controller server in which a second controller instance is installed, Assigning the second shared memory to one or more application programs;
The first controller server transmitting the change and change time information of the first shared memory to the second controller server; And
If the second controller server needs to reflect the change of the first shared memory by using the change time information of the first shared memory and if it is necessary to reflect the change information of the first shared memory, And synchronizing the second shared memory with the first shared memory using the second shared memory
And transmitting the change information and the modification time information of the first shared memory as soon as the first shared memory is changed.
And transmitting the change information and the modification time information of the first shared memory in the predetermined cycle at a preset cycle.
If the important data is changed in the first shared memory, immediately transmitting the corresponding change and change time information of the first shared memory;
Recording the change and change time information in a predetermined area of the first shared memory when unimportant data in the first shared memory is changed; And
And transmitting change information and change time information recorded in a predetermined area of the first shared memory at a preset cycle.
Further comprising the step of the second controller server synchronizing its own time information with the first controller server at a predetermined cycle using the change time information of the first shared memory.
A memory for storing data;
A part of the memory is allocated to a shared memory for storing data necessary for execution of at least one application program, and when the application program is executed, access to the shared memory is performed directly without going through another process, And a step of inquiring or recording data necessary for the controller server.
A first controller server that installs a first controller instance that allocates a part of the memory to a first shared memory for at least one application program and transmits the change and change time information of the first shared memory to a second controller server, ; And
Allocating a part of the memory to a second shared memory for at least one application program, checking whether the change in the first shared memory needs to be reflected by using the modification time information of the first shared memory, And a second controller server installed in the second shared memory to synchronize the second shared memory with the first shared memory by using the change information of the first shared memory when necessary. .
A function of allocating a part of the memory as a shared memory for storing data necessary for execution of at least one application program; And
Wherein the program executing unit executes a function of accessing the shared memory directly without going through another process in the process of executing the application program to inquire or record data necessary for execution of the application program.
In a first controller server in which a first controller instance is installed, a part of the memory is allocated to a first shared memory for at least one application program, and the change and the change time information of the first shared memory are transmitted to a second controller server Transfer function; And
The second controller server having the second controller instance allocates a part of the memory to a second shared memory for at least one application program, And synchronizes the second shared memory with the first shared memory by using the change information of the first shared memory when it is necessary to reflect the change of the first shared memory. .
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150053537A KR101610048B1 (en) | 2015-04-16 | 2015-04-16 | Method, apparatus and computer program for managing repository of software defined network controller |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150053537A KR101610048B1 (en) | 2015-04-16 | 2015-04-16 | Method, apparatus and computer program for managing repository of software defined network controller |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101610048B1 true KR101610048B1 (en) | 2016-04-07 |
Family
ID=55789937
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150053537A KR101610048B1 (en) | 2015-04-16 | 2015-04-16 | Method, apparatus and computer program for managing repository of software defined network controller |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101610048B1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106572019A (en) * | 2016-11-07 | 2017-04-19 | 电子科技大学 | Network energy-saving flow scheduling method based on mixing of time delay guaranteeing and SDN |
KR20210056056A (en) * | 2019-11-08 | 2021-05-18 | 아토리서치(주) | Method, apparatus and computer program for processing flow rule transactions in software defined network |
KR20210109156A (en) * | 2020-02-27 | 2021-09-06 | 이길헌 | traffic service platform system for weak person |
-
2015
- 2015-04-16 KR KR1020150053537A patent/KR101610048B1/en active IP Right Grant
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106572019A (en) * | 2016-11-07 | 2017-04-19 | 电子科技大学 | Network energy-saving flow scheduling method based on mixing of time delay guaranteeing and SDN |
CN106572019B (en) * | 2016-11-07 | 2020-06-09 | 电子科技大学 | Time delay guarantee hybrid SDN energy-saving flow scheduling method |
KR20210056056A (en) * | 2019-11-08 | 2021-05-18 | 아토리서치(주) | Method, apparatus and computer program for processing flow rule transactions in software defined network |
KR102275765B1 (en) * | 2019-11-08 | 2021-07-09 | 아토리서치(주) | Method, apparatus and computer program for processing flow rule transactions in software defined network |
KR20210109156A (en) * | 2020-02-27 | 2021-09-06 | 이길헌 | traffic service platform system for weak person |
KR102387709B1 (en) * | 2020-02-27 | 2022-04-18 | (주)부원정보통신 | traffic service platform system for weak person |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN114787781B (en) | System and method for enabling high availability managed failover services | |
US9787780B1 (en) | Method and apparatus for web based storage on-demand | |
US10229021B1 (en) | System, and control method and program for input/output requests for storage systems | |
JP4448719B2 (en) | Storage system | |
CN109542611B (en) | Database-as-a-service system, database scheduling method, device and storage medium | |
US9632892B1 (en) | NFS cluster failover | |
EP2102781B1 (en) | Highly available cryptographic key storage (hacks) | |
US9594922B1 (en) | Non-persistent shared authentication tokens in a cluster of nodes | |
US20060095705A1 (en) | Systems and methods for data storage management | |
CN108183961A (en) | A kind of distributed caching method based on Redis | |
US9952947B2 (en) | Method and system for processing fault of lock server in distributed system | |
CN106911648B (en) | Environment isolation method and equipment | |
US9842154B2 (en) | Secure data replication | |
CN104901923A (en) | Virtual machine access device and method | |
CN109739435B (en) | File storage and updating method and device | |
US20190104082A1 (en) | Live resegmenting of partitions in distributed stream-processing platforms | |
CN105260377B (en) | A kind of upgrade method and system based on classification storage | |
KR101610048B1 (en) | Method, apparatus and computer program for managing repository of software defined network controller | |
CN113422837A (en) | Cross-network data transmission device, method, terminal and readable storage medium | |
CN108352995B (en) | SMB service fault processing method and storage device | |
CN108366087B (en) | ISCSI service realization method and device based on distributed file system | |
US9521134B2 (en) | Control apparatus in software defined network and method for operating the same | |
KR20160090485A (en) | Method and apparatus for operating distributed controllers of software defined network | |
US7730122B2 (en) | Authenticating a node requesting another node to perform work on behalf of yet another node | |
CN117131493A (en) | Authority management system construction method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20190329 Year of fee payment: 4 |