WO2020199780A1 - Traffic collection method and device, network apparatus and storage medium - Google Patents

Traffic collection method and device, network apparatus and storage medium Download PDF

Info

Publication number
WO2020199780A1
WO2020199780A1 PCT/CN2020/076073 CN2020076073W WO2020199780A1 WO 2020199780 A1 WO2020199780 A1 WO 2020199780A1 CN 2020076073 W CN2020076073 W CN 2020076073W WO 2020199780 A1 WO2020199780 A1 WO 2020199780A1
Authority
WO
WIPO (PCT)
Prior art keywords
traffic
collection
target
flow
collection object
Prior art date
Application number
PCT/CN2020/076073
Other languages
French (fr)
Chinese (zh)
Inventor
毕以峰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2020199780A1 publication Critical patent/WO2020199780A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • H04L43/062Generation of reports related to network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • H04L43/0894Packet rate
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/20Arrangements for monitoring or testing data switching networks the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/30Peripheral units, e.g. input or output ports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0896Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities
    • H04L41/0897Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities by horizontal or vertical scaling of resources, or by migrating entities, e.g. virtual resources or entities

Definitions

  • This application relates to the field of communications, and in particular to a method, device, network device and storage medium for traffic collection.
  • the switch collects outgoing traffic on a certain port
  • the traffic collection action will take effect globally, that is, regardless of The traffic in and out of which port on this switch will be collected, and then filtered according to the flow feature collection strategy. This will inevitably lead to an increase in the processing burden of the switch and reduce the efficiency of the switch in performing traffic collection.
  • the traffic collection method, device, network equipment, and storage medium mainly solve the technical problem: in the related traffic collection scheme, when collecting inbound traffic on a certain interface of a network element, it is responsible for traffic collection
  • the switch handles the problem of heavy burden and low efficiency.
  • an embodiment of the present application provides a traffic collection method, including:
  • the original collection object is the object that needs to collect the incoming and outgoing target traffic.
  • the flow direction of the target traffic is the outgoing direction relative to the target collection object.
  • the target collection object is the one that supports the collection and outgoing direction Target traffic;
  • An embodiment of the present application also provides a flow collection device, including:
  • the object determining unit is used to determine the target collection object corresponding to the original collection object according to the network topology.
  • the original collection object is the object for which the inbound and target traffic needs to be collected.
  • the flow direction of the target traffic is the outgoing direction relative to the target collection object.
  • the object is the object that supports the collection of target traffic from the outgoing direction;
  • the collection control unit is used to collect incoming target traffic on the forwarding device connected to the target collection object.
  • An embodiment of the present application also provides a network device, which includes a processor, a memory, and a communication bus;
  • the communication bus is used to realize the connection and communication between the processor and the memory
  • the processor is used to execute one or more programs stored in the memory to implement the steps of the above-mentioned flow collection method.
  • the embodiment of the present application also provides a storage medium, the storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement the steps of the above-mentioned traffic collection method.
  • FIG. 1 is a schematic diagram of the logical relationship between the controller and the switch in the SDN network shown in Embodiment 1 of the application;
  • Figure 2 is a flow chart of flow collection in related technologies
  • FIG. 3 is a flow chart of the flow collection method provided in Embodiment 1 of this application.
  • FIG. 4 is a schematic diagram of the flow of traffic between VNFs in the SDN network shown in Embodiment 1 of the application;
  • FIG. 5 is a flow chart of the NFVO in the first embodiment of the application for collecting the outgoing target traffic for the target collection object;
  • FIG. 6 is a flow chart of the flow collection method provided in Embodiment 2 of this application.
  • FIG. 7 is a flow interaction diagram of the traffic collection process provided in the second embodiment of this application.
  • FIG. 8 is a schematic diagram of the flow of target traffic between VNF1 and VNF2 shown in Example 2 of the third embodiment of the application;
  • Example 9 is a flow interaction diagram of the traffic collection process provided in Example 2 of the third embodiment of the application.
  • FIG. 10 is a schematic diagram of the flow of traffic between network elements in the SDN network shown in Example 3 of the third embodiment of the application;
  • FIG. 11 is a schematic diagram of the flow of target traffic between ER and VNF1 shown in Example 3 of the third embodiment of the application;
  • FIG. 12 is a flow interaction diagram of the traffic collection process provided in Example 3 of the third embodiment of the application.
  • FIG. 13 is a flow interaction diagram of the migration of the traffic collection strategy with VM provided in Example 4 of the fourth embodiment of the application;
  • Example 14 is a flow interaction diagram of the flow collection process in the VM pop-up scenario provided in Example 5 of the fourth embodiment of the application;
  • Example 15 is a flow interaction diagram of traffic collection management in the VNF shrinking scenario provided in Example 6 of the fourth embodiment of the application;
  • FIG. 16 is a flow interaction diagram of the traffic collection process in the scenario where the VNF deployed VM is a cluster provided in Example 7 of the fourth embodiment of the application;
  • FIG. 17 is a schematic structural diagram of a flow collection device provided in Embodiment 5 of this application.
  • FIG. 18 is a schematic diagram of a hardware structure of a network device provided in Embodiment 6 of this application.
  • NFVI Network Function Virtualisation Infrastructure
  • NFVI Network Function Virtualisation Infrastructure
  • NFV is a set of resources used to host and connect virtual functions.
  • NFVI is a cloud data center that includes servers, virtualization hypervisors, operating systems, virtual machines, virtual switches, and network resources.
  • NFV uses x86 and other general-purpose hardware and virtualization technology to carry many functions of software processing, thereby reducing the cost of expensive network equipment.
  • NFV can decouple software and hardware and abstract functions, so that network equipment functions no longer depend on dedicated hardware, resources can be fully and flexibly shared, rapid development and deployment of new services, and automatic deployment, elastic scaling, and failure based on actual business needs Isolation and self-healing, etc.
  • SDN Software Defined Network
  • SDN is also a hot technology in the current communication field.
  • SDN includes two parts: a controller (Controller, C for short) on the control plane and a switch (Switch, SW or S for short) on the forwarding plane.
  • the controller and the switch send control instructions through the OPENFLOW (OF) protocol to guide the data flow forwarding on the switch.
  • OPENFLOW OPENFLOW
  • NFV management and orchestration On top of NFVI, there is NFV management and orchestration (MANO), and its architecture is composed of NFVO (Network Function Virtualization Orchestrator, NFV orchestrator), VNF management (VNFManager), and VIM (Virtualized Infrastructure Manager, virtualized infrastructure management).
  • NFVO Network Function Virtualization Orchestrator
  • VNFManager VNF management
  • VIM Virtualized Infrastructure Manager, virtualized infrastructure management
  • NFVO is responsible for the management and maintenance of data storage, reference points (Reference points) and interfaces, so that the various components that make up the service can exchange data, so as to orchestrate and coordinate the operations of NFVI and VNF.
  • VIM Virtualized Infrastructure Manager
  • VNF is deployed in NFVI, such as vEPC (virtualized Evolved Packet Core) network elements of mobile core network, xGW (x Gateway, x gateway), MME (Mobility Management Entity, mobility management entity), PCRF (Policy and Charging Rules Function, policy and charging rules function unit), AAA (Authentication, Authorization, Accounting, authentication authorization and charging) etc.
  • vEPC virtualized Evolved Packet Core
  • MME Mobility Management Entity
  • PCRF Policy and Charging Rules Function
  • policy and charging rules function unit Policy and Charging Rules Function
  • AAA Authentication, Authorization, Accounting, authentication authorization and charging
  • the Gx interface between xGW and PCRF as shown by the dotted line 1 (thin dotted line) in the figure, the traffic on the interface is forwarded under the control of the SDN controller 10 through the switch A; for example, xGW and AAA
  • the traffic on the S6 interface between, as shown by the dashed line 2 (thick dashed line) in the figure, is realized by the switch A, switch C, and switch B forwarding level by level.
  • S202 NFVO queries VNFM for the target virtual machine (VM) where VNF1 is deployed;
  • S203 NFVO queries VIM for the port UUID (port Universally Unique Identifier) of the SDN network to which the target VM is connected;
  • UUID port Universally Unique Identifier
  • NFVO can send traffic collection policies to VIM by calling the TAAS (Test Access Point as Service, TAP as a service, also known as TAPaaS) interface of VIM.
  • TAP Transmission Access Point as Service
  • TAPaaS TAPaS interface of VIM.
  • the port UUID of the SDN network to which the target VM is connected is bound.
  • VIM sends a traffic collection strategy to the SDN controller
  • VIM can send traffic collection policies by calling the northbound interface of the SDN controller.
  • S206 The SDN controller issues a traffic collection instruction to the switch A to which the target virtual machine is attached.
  • the direction of the flow is relative.
  • VNFs there are outgoing flow and incoming flow, and the corresponding switch ports are incoming flow and outgoing flow respectively, that is,
  • the outbound flow of the VNF interface is actually the inbound flow of the switch to which the target virtual machine deploying the VNF is connected;
  • the inbound flow of the VNF interface is actually the outgoing flow of the switch to which the target virtual machine deploying the VNF is connected.
  • switch A collects the inbound flow of the P1 port. Therefore, it can be understood that the SDN controller will convert the received traffic collection strategy to obtain a traffic collection instruction: in the traffic collection instruction, the target traffic to be collected is changed from the outgoing flow of the target virtual machine to the target virtual machine The incoming flow of the connected switch port.
  • Switch A performs a traffic collection operation, and sends the collected traffic to the destination.
  • the traffic collection strategy configured by the tenant on the NFVO is sent from VNFM and passed through the VIM.
  • the traffic collection strategy reaches the SDN controller (S201-S205), and the SDN controller downloads the traffic collection strategy.
  • the traffic collection strategy injected into the SDN controller by the upper layer includes traffic collection features (including the port UUID of the target virtual machine, the five-tuple information of the flow, and the direction of the flow).
  • the switch to which the target virtual machine is connected filters the traffic on it according to the characteristics of traffic collection, and the matching traffic is ready to be copied and sent to the destination through a special channel for traffic collection (S207).
  • the collected traffic can pass through VLAN (Virtual Local Area Network, virtual local area network) channel, VxLAN (Virtual Extensible LAN, virtual extended local area network) channel or GRE (Generic Routing Encapsulation, general routing encapsulation) channel
  • VLAN Virtual Local Area Network, virtual local area network
  • VxLAN Virtual Extensible LAN, virtual extended local area network
  • GRE Generic Routing Encapsulation, general routing encapsulation
  • the switch can directly collect it. But if the target traffic that the tenant wants to collect is the inbound flow of a certain VNF, the target traffic is the outbound flow relative to the switch port corresponding to the VNF. In the related traffic collection scheme, it is limited by the switch. The processing capability of the chip. When the switch collects the outgoing flow of a certain port of its own, it cannot bind the flow characteristics of the outgoing flow to the port. The flow collection action can only take effect globally on the switch, that is, no matter which port the switch is from.
  • the incoming and outgoing traffic will be collected, and then filtered according to the traffic collection strategy received by the switch to obtain the target traffic. This leads to low efficiency and heavy burden for the switch to collect the outgoing flow of its own port. At the same time, if a flow is forwarded back and forth two or more times on different ports on the switch, the flow that should be collected once will be collected multiple times, causing unnecessary burdens and burdens on the destination of the flow and the transmission link. Shock.
  • this embodiment provides a flow collection method. Please refer to the flow chart of the flow collection method shown in FIG. 3:
  • S302 Determine the target collection object corresponding to the original collection object according to the network topology relationship.
  • the original collection object refers to an object designated by a tenant or an operator that needs to collect inbound target traffic. It is worth noting that, in related technologies, when collecting outbound traffic on a VNF interface, the corresponding switch can directly collect target traffic on its own corresponding port, which will not be as burdensome and inefficient as collecting inbound traffic on a VNF interface.
  • the original collection object specifically refers to the object for which inbound traffic collection needs to be performed, that is, target traffic; when it flows through the switch port connected to the original collection object, it is the outgoing flow, for example ,
  • the tenant requests to collect the inbound flow of VNF1 logical interface 2
  • the logical interface 2 of VNF1 is the original collection object.
  • the tenant requests to collect the inbound flow of VNF3 logical interface 3
  • the original collection object is the original collection object.
  • the target collection object is an object that supports the collection of the aforementioned target traffic in the outgoing direction, because when the aforementioned target traffic flows through the target collection object, it is the outgoing flow, that is, when the target traffic flows through the switch port connected to the target collection object, it is In this way, the switch can directly collect the target traffic with a relatively high collection efficiency and a relatively low collection burden.
  • the target collection object is considered to be an object that supports the collection of outbound target traffic. . It should be understood that the target traffic requested by the tenant or operator will flow from the port of the first switch to the original collection object, and at the same time, the target traffic will also flow from the target collection object to the second switch.
  • the target collection object corresponding to an original collection object can be determined according to the network topology, because according to the network topology, it can be determined which interface of which network element flows through an interface of another network element.
  • the traffic is the same traffic, or the traffic on which network element flows through the same flow as the traffic on an interface of another network element, or the traffic on which network element flows through the other network element.
  • the traffic is the same traffic, therefore, the target collection object corresponding to the original collection object can be determined according to the network topology.
  • the target collection object can be determined from the communication relationship map of each network element communication in the SDN network.
  • Figure 4 shows a schematic diagram of the flow of traffic between VNFs in the SDN network: there is a two-way flow of traffic between interface 1 of VNF1 and interface 1 of VNF2; there is traffic between interface 2 of VNF1 and interface 2 of VNF3 Two-way flow; there is a two-way flow of traffic between interface 3 of VNF1 and interface 3 of VNF4; there is a two-way flow of traffic between interface 4 of VNF2 and interface 4 of VNF4.
  • Table 1 shows a communication relationship map in the SDN network in Figure 4:
  • the target collection object corresponding to the original collection object can be determined according to the communication relationship map shown in Table 1.
  • S304 Collect the incoming target traffic on the forwarding device connected to the target collection object.
  • the outgoing target flow can be collected on the target collection object.
  • the process of collecting outbound and outbound traffic from the target collection object is actually collecting the inbound and outbound traffic from the forwarding device connected to the target collection object.
  • the forwarding device can collect the incoming traffic of its port 4, so as to realize the collection of the target collection object's outgoing target traffic, that is, the original collection object's inbound target Flow collection.
  • the forwarding device may be a switch or a DC GW (Data Center Gateway), and the traffic collection method may be executed by NFVO or implemented by an SDN controller.
  • NFVO Data Center Gateway
  • NFVO can obtain and store the communication relationship map of each network element in the SDN network in advance. For example, the operator can input the communication relationship map into NFVO, so that when NFVO needs to query the corresponding target collection object for a certain original collection object , NFVO can directly determine the corresponding target collection object based on its stored communication relationship map and the original collection object query.
  • NFVO can determine the original collection object according to the stream mirroring strategy entered by the tenant or operator, and then query the target collection object.
  • the flow mirroring strategy configured by the tenant or the operator may include VNF index, interface name, and flow direction.
  • NFVO can determine the flow direction of the target traffic to be collected relative to the interface specified by the VNF specified in the flow mirroring policy according to the flow direction. If the flow direction specifies the target flow direction relative to the specified VNF specified interface If it is the inbound direction, NFVO can determine that the collection object specified by the current tenant is the original collection object. Subsequently, NFVO will determine the corresponding target collection object according to the communication relationship map stored by itself. After determining the target collection object, NFVO will issue a traffic collection strategy to the SDN controller.
  • the traffic collection strategy includes information indicating the target collection object and information indicating the flow direction of the target traffic.
  • the SDN controller After the SDN controller receives the traffic collection strategy, it will convert the collection instructions in the new traffic collection strategy, because the new traffic collection strategy instructs the target collection object to perform outgoing target traffic collection, but in fact, it executes The traffic is collected by the forwarding device, so the SDN controller will convert the instruction of collecting the outgoing target flow of the target collection object into the instruction of collecting the inbound target flow of the port connected to the target collecting object on the collection and forwarding device. After the conversion is completed, the SDN controller sends the converted traffic collection instruction to the forwarding device, so that the forwarding device collects the inbound target traffic according to the traffic collection instruction, and transmits the collected target traffic to the destination end.
  • NFVO determines that the flow mirroring strategy requires the collection of outgoing traffic for a certain collection object, then the target traffic is relative to the forwarding device port connected to the target collection object. Incoming target traffic. In this case, NFVO can directly collect the incoming target traffic by notifying the corresponding forwarding device (see Figure 2 for the specific process, which will not be repeated here) without having to include the flow mirroring strategy
  • the collected objects are regarded as the original collection objects.
  • Scenario 1 Assume that the original collection object is the first interface of the first VNF in the DC (data center) (for example, ⁇ VNF1, interface 1> in Table 1), and the target collection object determined by NFVO is the second VNF of the second VNF Interface (for example, ⁇ VNF2, interface 1> in Table 1), see Figure 5:
  • NFVO determines the target virtual machine where the second VNF is deployed.
  • the second VNF can be deployed on only one virtual machine (VM).
  • VM virtual machine
  • the target virtual machine queried by NFVO is only one. If the second VNF is deployed on two or more virtual machines, there will naturally be multiple target virtual machines.
  • the query result obtained by NFVO is the virtual machine list.
  • the virtual machine list includes the deployment of the second VNF. Instructions for the virtual machine.
  • the NFVO may query the VNFM for the virtual machine deployed by the second VNF. After the VNFM receives the NFVO query request, the query result is fed back to the NFVO as a response.
  • the NFVO determines the UUID of the access port for the target virtual machine to access the SDN network.
  • NFVO After querying the target virtual machine, NFVO will determine the UUID of the port where the target virtual machine accesses the SDN network. In this embodiment, NFVO can query the VIM for the port UUID of the corresponding port of the target virtual machine. In this embodiment, the port through which the target virtual machine accesses the SDN network is referred to as "access port". It should be noted that when the second VNF is deployed on multiple virtual machines, these virtual machines are usually connected to the SDN network through different ports. Therefore, in this case, NFVO can be queried from the VIM There are multiple access port UUIDs corresponding to different target virtual machines. Therefore, the VIM feedback to NFVO is likely to be a port list. If there is only one target virtual machine, there is naturally only one access port UUID corresponding to the target virtual machine. In this case, VIM feedbacks only one port UUID according to the NFVO query request.
  • NFVO sends the traffic collection policy to the SDN controller.
  • NFVO can send a traffic collection strategy to the SDN controller.
  • the traffic collection strategy can include the following types of information:
  • Target virtual machine list the target virtual machine list is used for at least one target virtual machine
  • the traffic collection strategy sent to the SDN controller can be used to instruct the SDN controller to control the forwarding device connected to the target virtual machine to collect the inbound traffic of the target port.
  • the so-called "target port” here refers to the forwarding device for the target Port to which the virtual machine is connected.
  • the SDN controller After the SDN controller receives the traffic collection strategy, it is basically the same as the processing method in the related technology, and will not be repeated here.
  • Scenario 2 Assume that the original collection object is the first interface of the first VNF inside the DC, and the target collection object is the second network element outside the DC.
  • the NFVO determines the original collection object corresponding to the target collection object . You can directly send the traffic collection strategy to the SDN controller without querying the port UUID of the target virtual machine and the access port.
  • the traffic collection strategy sent by NFVO to the SDN controller can be used to instruct the SDN controller to control the forwarding device connected to the second network element to collect the inbound traffic of the target port.
  • the target port in scenario 2 is The port on the forwarding device for the second network element to access.
  • the traffic collection policy sent by NFVO to the SDN controller may include the following information:
  • ⁇ Network element indication information which is used to indicate the information of the second network element, that is, to indicate to the SDN controller that the object for which the target traffic is currently collected is the second network element;
  • the inbound flow collection process for the original collection object can be transferred to the outbound flow collection for the target collection object according to the network topology relationship.
  • forwarding devices such as switches no longer need to collect outgoing traffic on their own ports, which reduces the collection burden of traffic collection on the switch, and also improves the efficiency of traffic collection.
  • the collection object can be used as the original collection object, and the target collection object corresponding to the original collection object can be determined according to the network topology.
  • the target collection object and the original collection object have the same target flow transmission.
  • the outgoing flow on the target collection object and the inbound flow on the original collection object are the same. Therefore, it can be considered to convert the target flow collection for the inbound direction of the original collection object into the target flow collection for the outbound direction of the target collection object, and the target flow collection for the outbound direction of the target collection object is collected, and the original collection object inbound and target flow collection is completed. .
  • the flow direction of the traffic to be collected by the forwarding device is specified. Therefore, even if the target traffic passes through the forwarding device Multiple forwarding will not cause multiple collections by the forwarding device, avoiding multiple collections and false collections of traffic.
  • the first embodiment mainly introduces the scheme of implementing the flow collection method by NFVO.
  • This embodiment will describe the scenario where the SDN controller implements the flow collection method.
  • the scenario where the SDN controller executes the traffic collection method is mainly the case where the original collection object is the first Host in the DC, and the target collection object is the second Host in the DC. Please refer to the flowchart shown in Figure 6:
  • the SDN controller determines the target collection object corresponding to the first Host according to the pre-stored communication relationship map.
  • the SDN controller pre-stores the communication relationship map between the network elements in the network.
  • the SDN controller determines that it currently needs to collect inbound target traffic for a certain network element
  • the network element can be used as the original collection object, and the original collection object can be queried in the communication relationship map to determine the target collection object corresponding to the original collection object.
  • the SDN controller According to the communication relationship map, it can be determined that the target collection object corresponding to the first Hsot is the second Host.
  • the Host in this embodiment is a physical server Host, or a virtual machine Host, or a router, or a switch, or any other layer 3 device, as long as it is a device that is uniformly managed on the SDN network.
  • S604 The SDN controller sends a traffic collection instruction to the forwarding device accessed by the found second Host.
  • the SDN controller may also determine the forwarding device connected to the second Host.
  • the forwarding device here may be a switch or a DC GW.
  • the traffic collection instruction sent by the SDN controller to the forwarding device can be used to instruct the forwarding device to collect the inbound traffic of the target port.
  • the target port here refers to the port on the forwarding device for the second Host to access.
  • the SDN controller receives the communication relationship map between each Host in the SDN network.
  • the network operation and maintenance personnel can directly input the communication relationship map to the SDN controller from the interactive interface of the SDN controller, or input the communication relationship map through the command line of the SDN controller.
  • Table 2 shows a map of communication relations between Hosts:
  • the SDN controller receives the configured flow mirroring strategy.
  • the SDN controller should cooperate with other network elements to copy the target traffic that needs to be collected and then transmit it to the destination.
  • S703 The SDN controller queries that the target collection object corresponding to Host1 is Host2.
  • the SDN controller After receiving the flow mirroring strategy, the SDN controller can determine according to the flow mirroring strategy that the collected target traffic is inbound with respect to Host1. Therefore, it is not convenient for the switch connected to Host1 to collect. Therefore, the SDN controller can Take Host1 as the original collection object, and then query the target collection object corresponding to Host1 in the communication relationship map. According to the communication relationship map shown in Table 2, the target collection object corresponding to Host1 is Host2.
  • S704 The SDN controller issues a traffic collection instruction to the switch to which Host2 is linked.
  • the traffic collection instruction sent by the SDN controller will instruct the switch to which Host2 is attached, switch B, to allow switch B to collect the inbound traffic of the target port.
  • Switch B performs a traffic collection operation, and sends the collected incoming target traffic to the destination end.
  • the switch can send the collected target traffic to the destination through any one of the VLAN channel, the VxLAN channel and the GRE channel.
  • the traffic collection method provided in this embodiment is mainly based on the communication scenarios between different hosts within the DC, which can not only reduce the burden of traffic collection on the switch and improve the efficiency of traffic collection, but also free from the restrictions on NFVO and VIM in the solution .
  • Figure 8 shows the flow of target traffic between VNF1 and VNF2 Schematic diagram
  • Figure 9 shows a flow collection interactive diagram:
  • NFVO receives the communication relationship map between VNFs in the SDN network.
  • the operation and maintenance personnel of the tenant or the operator can inject a map of the interconnection relationship between the VNF and the VNF into the NFVO.
  • the specific communication relationship map is shown in Table 1.
  • NFVO can query the key-value pair ⁇ network element, interface> of the target collection object by entering the key-value pair ⁇ network element, interface> of the original collection object. For example, if you want to collect the inbound traffic on interface 1 of VNF1, but it is not convenient to collect, you can query the communication relationship map shown in Table 1 by entering ⁇ VNF1, interface 1>, and query ⁇ VNF2, interface 1>. In this case, interface 1 of VNF2 is the target collection object. By collecting the outbound traffic of interface 1 of VNF2, the collection requirements of tenants or operators for collecting the inbound traffic of interface 1 of VNF1 can be met.
  • NFVO receives tenants or operation and maintenance personnel to configure flow mirroring policies
  • NFVO determines the target collection object by querying the communication relationship map
  • NFVO can query the communication relationship map to find that the target collection object is ⁇ VNF2, interface 1>, so NFVO determines that it needs to collect the traffic of VNF2 interface 1, and at the same time determines that it needs to collect VNF2 interface 1. The outgoing traffic.
  • the port UUID corresponding to the target virtual machine that the NFVO queried according to VNF2 may be a UUID list including multiple port UUIDs.
  • NFVO may send traffic collection policies to VIM by calling the TAAS interface of VIM. It should be understood that in this traffic collection strategy, NFVO has replaced the collection object with the target collection object, specified the flow direction of the target traffic to be collected, and bound the port UUID of the SDN network to which the target VM was connected.
  • VIM sends a traffic collection strategy to the SDN controller
  • VIM sends the traffic collection strategy by calling the northbound interface of the SDN controller.
  • S908 The SDN controller issues a traffic collection instruction to the switch B to which the target virtual machine is attached;
  • the switch B collects the inbound traffic on the P4 port.
  • the SDN controller After the SDN controller receives the traffic collection strategy, it will convert it to get a traffic collection instruction: In the traffic collection instruction, the target traffic to be collected is changed from the outgoing flow of the target virtual machine to the target virtual machine access Inbound flow of the switch port.
  • Switch B performs a traffic collection operation, and sends the collected traffic to the destination.
  • Switch B collects traffic according to the corresponding strategy, and sends the collected traffic to the remote destination through the tunnel.
  • Fig. 10 shows a schematic diagram of the flow of traffic between network elements in an SDN network
  • Fig. 11 shows A schematic diagram of the flow of target traffic between ER (External Router) and VNF1.
  • Figure 12 shows an interactive diagram of a flow collection process:
  • the SDN network includes VNF1, VNF2, and VNF3, as well as ER. It can be seen from Figure 10 that there is a two-way flow of traffic between interface 1 of VNF1 and interface 1 of VNF2; there is a two-way flow of traffic between interface 2 of VNF1 and interface 2 of VNF3; interface 5 of VNF1 and ER interface There is a two-way flow of traffic between 5.
  • Table 3 shows a communication relationship map in the SDN network in Figure 10:
  • Target collection object ⁇ VNF1, interface 1> ⁇ VNF2, interface 1> ⁇ VNF1, interface 2> ⁇ VNF3, interface 2> ⁇ VNF1, interface 5> ⁇ ER, interface 5> ⁇ VNF2, interface 1> ⁇ VNF1, interface 1> ⁇ VNF3, interface 2> ⁇ VNF1, interface 2> ⁇ ER, interface 5> ⁇ VNF1, interface 5>
  • S1201 NFVO receives the communication relationship map of the SDN network.
  • the operation and maintenance personnel of tenants or operators can inject a communication relationship map into NFVO.
  • the specific communication relationship map is shown in Table 3.
  • the communication relationship map includes communication connection relationships between VNFs in the SDN network and between VNFs and DC external networks.
  • NFVO receives tenants or operation and maintenance personnel to configure flow mirroring policies
  • NFVO determines the target collection object through the communication relationship map query
  • NFVO can query from the communication relationship map in Table 3 that the target collection object is ⁇ ER, interface 5>, so NFVO determines that what needs to be collected is the flow of ER interface 5, and at the same time, it is determined that what needs to be collected is Outbound traffic of ER interface 5.
  • NFVO may send traffic collection policies to VIM by calling the TAAS interface of VIM. It should be understood that in this traffic collection strategy, NFVO has replaced the collection object with the target collection object and specified the flow direction of the target traffic to be collected.
  • the traffic collection policy may not carry the UUID of the ER access interface or carry the UUID, but the value corresponding to the UUID is the default value.
  • VIM sends the traffic collection strategy to the SDN controller
  • VIM sends the traffic collection strategy by calling the northbound interface of the SDN controller.
  • the SDN controller issues a traffic collection instruction to the DC GW to which the ER is linked;
  • the DC GW collects the inbound traffic on the P5 port.
  • the SDN controller After the SDN controller receives the traffic collection strategy, it will convert it to obtain a traffic collection instruction: In the traffic collection instruction, the target traffic to be collected is changed from the outgoing flow of the ER to the incoming flow of the DC GW P5 port.
  • S1207 The DC GW performs a traffic collection operation and sends the collected traffic to the destination.
  • the DC GW collects incoming traffic on the P5 port according to the corresponding strategy, and sends the collected traffic to the remote destination through the tunnel.
  • the SDN controller maps the collection requirements in the flow mirroring strategy to collect the inbound traffic of port P5 of the DC GW. It can be seen that the inbound traffic of the P5 port on the DC GW and the outbound traffic of the ER are the same as the inbound traffic of the VNF1 interface 5 originally required in the flow mirroring strategy. Therefore, the collection scheme of this example can achieve the tenant Collection requirements in the flow mirroring strategy.
  • the traffic collection process in the scenario where the VNF deployed VM is migrated the traffic collection process in the scenario where the VNF deployed VM is elastically expanded, and the traffic collection process in the scenario where the VNF deployed VM is reduced
  • the process and the traffic collection process in the scenario where the VM where the VNF is deployed is a cluster are described:
  • Example 2 Based on Example 2, this example describes the traffic collection process in the scenario where the VM where VNF2 is deployed is migrated, see Figure 13:
  • VNF2 virtual machine of VNF2
  • VM2 which is originally connected to the SDN network through port P4 of switch B.
  • VM2 is connected to the SDN network through port P5 of switch C.
  • the SDN controller receives the P5 port of the switch C and reports the port online event to the SDN controller.
  • the P5 port of the switch C reports the port online event to the SDN controller, and carries the port UUID of the virtual machine VM2' of the VNF2 after the virtual machine migration, and the UUID remains unchanged from the UUID before the migration.
  • the SDN controller updates the traffic collection strategy according to the correspondence between the traffic collection strategy obtained from the VIM and the UUID;
  • S1304 The SDN controller sends a traffic collection strategy on port P5 of switch C, which is newly launched on VM2’, and the traffic collection will be collected from port P5 of switch C and sent to the corresponding destination.
  • S1305 The SDN controller deletes the traffic collection policy on the switch B port P4 that VM2 originally went online.
  • port P4 of switch B no longer collects traffic.
  • This example illustrates the automatic follow-up mechanism of the traffic collection policy in the virtual machine migration scenario on the target collection object side, that is, after the migration of the target collection object side virtual machine, the traffic collection policy automatically follows the migration to ensure that the tenant's traffic demand can continue to be met.
  • the original collection object side virtual machine is migrated, for example, based on Example 2, the virtual machine migration occurs is the virtual machine where VNF1 is deployed, then the target collection object side virtual machine has not changed, so the traffic The collection location has not changed, so the SDN controller does not need to adjust the location of the traffic collection strategy.
  • VNF2 is expanded, and the virtual machine VM3 is ejected;
  • NFVO calls the TAAS interface of VIM to issue traffic collection policies
  • This traffic collection strategy is for VM3.
  • VIM calls the northbound interface of the SDN controller to issue a traffic collection policy
  • S1406 The SDN controller sends the traffic collection instruction to the corresponding port P5 of switch C;
  • the SDN controller converts the received traffic collection strategy to obtain a traffic collection instruction, and sends the traffic collection instruction to the corresponding port P5 of the switch C to which VM3 is attached.
  • Switch C performs a traffic collection operation and sends the collected traffic to the destination.
  • This example illustrates the traffic collection scheme of the VNF2 on the target collection object side in the scenario of expanding the virtual machine VM3.
  • the traffic collection strategy is automatically generated and sent to the SDN controller, and the SDN controller will generate and send the traffic collection instruction according to the traffic collection strategy Give the corresponding switch port to ensure that the service traffic on the new virtual machine can be collected and not lost.
  • the traffic collection scenario before VM shrinking in this example is the traffic collection scenario after the expansion in Example 5, that is, the original collection object is VNF1 interface 1, the target collection object is VNF2 interface 1, and the virtual deployment of VNF2
  • the machines include VM2 and VM3.
  • VM2 is connected to the SDN network through port P4 of switch B, and VM3 is connected to the SDM network through port P5 of switch C. Both switch B and switch C will collect the corresponding service traffic.
  • VNF2 performs virtual machine shrinkage
  • VIM calls the northbound interface of the SDN controller to send a policy deletion instruction
  • the SDN controller After the SDN controller receives the policy deletion instruction, it will delete the traffic collection policy from the network side.
  • S1504 The SDN controller deletes the traffic collection strategy from the switch C port P5;
  • switch C After the traffic collection policy on port P5 of switch C is deleted, switch C will no longer collect the inbound traffic of port P5.
  • This example illustrates the deletion of the traffic collection policy in the scenario where the VNF2 is reduced on the target collection object side and the virtual machine VM3 is deleted to prevent the remaining garbage policy.
  • NFVO receives the communication relationship map between VNFs in the SDN network.
  • the communication relationship map is injected into the NFVO by the tenant.
  • the communication relationship map may also be injected into the NFVO by the operation and maintenance personnel of the operator.
  • NFVO receives the flow mirroring strategy
  • the tenant requires the collection of inbound traffic on interface 1 of VNF1 in the flow mirroring policy.
  • NFVO determines the target collection object corresponding to VNF1 interface 1 according to the communication relationship map.
  • VM1 is connected to port P4-1 of switch A
  • VM2 is connected to port P4-2 of switch B
  • VM3 is connected to switch C.
  • port P4-3 Under port P4-3.
  • S1604 NFVO queries VIM for the port UUID of the SDN network to which the target VM is connected;
  • UUIDs of the access interfaces for VM1, VM2, and VM3 to access the SDN network are UUID1, UUID2, and UUID3, respectively.
  • NFVO invokes the TAAS interface of VIM to issue a traffic collection policy
  • the traffic collection policy instructs to perform outgoing traffic collection on interface 1 of VNF2, and the port UUID is specified in the traffic collection policy as UUID1, UUID2, UUID3, respectively.
  • VIM calls the northbound interface of the SDN controller to issue traffic collection policies for the three virtual machines
  • S1607 The SDN controller respectively issues traffic collection instructions to the switches to which the three target virtual machines are attached;
  • the SDN controller sends the traffic collection instructions for VM1 to port P4-1 of switch A, the traffic collection instructions for VM1 to port P4-2 of switch B, and the traffic collection instructions for VM3 to port P4 of switch C -3.
  • S1608 The three switches each collect traffic, and the collected traffic is sent to the destination through their respective VxLAN tunnels.
  • This example explains how to collect traffic when the VNF on the target collection side is deployed on a cluster VM.
  • This embodiment provides a flow collection device. Please refer to a schematic structural diagram of the flow collection device shown in FIG. 17:
  • the flow collection device 170 includes an object determination unit 172 and a collection control unit 174.
  • the object determination unit 172 is used to determine the target collection object corresponding to the original collection object according to the network topology, and the collection control unit 174 is used to connect the target collection object.
  • the forwarding device collects the incoming target traffic.
  • the original collection object refers to an object designated by a tenant or an operator that needs to collect inbound target traffic. It is worth noting that, in related technologies, when collecting outbound traffic on a VNF interface, the corresponding switch can directly collect target traffic on its own corresponding port, which will not be as burdensome and inefficient as collecting inbound traffic on a VNF interface.
  • the original collection object specifically refers to the object for which inbound traffic collection needs to be performed, that is, target traffic; when it flows through the switch port connected to the original collection object, it is the outgoing flow, for example ,
  • the tenant requests to collect the inbound flow of VNF1 logical interface 2
  • the logical interface 2 of VNF1 is the original collection object.
  • the tenant requests to collect the inbound flow of VNF3 logical interface 3
  • the original collection object is the original collection object.
  • the target collection object is the object that supports the collection of the aforementioned target traffic in the outgoing direction, that is, when the target traffic flows through the switch port connected to the target collection object, it is the incoming flow. In this way, the switch can directly collect relatively high efficiency. , The relatively low collection burden realizes the collection of the target flow.
  • the target collection object is considered to be an object that supports the collection of the target flow. It should be understood that the target traffic requested by the tenant or operator will flow from the port of the first switch to the original collection object, and at the same time, the target traffic will also flow from the target collection object to the second switch. Although the flow direction of the target traffic is different between the original collection object and the target collection object, in essence, the two flows through the same flow.
  • the tenant or operator when the tenant or operator requests to collect the inbound target traffic of the original collection object, that is, when the tenant or operator requests to collect the outbound target traffic that is not suitable for the first switch to collect, it can instead collect the outbound traffic of the target collection object.
  • the second switch realizes the collection of incoming target traffic on its port, so that the collection requirements of the tenant or the operator can be fulfilled with less collection and processing burden and higher collection efficiency.
  • the object determining unit 172 can determine the target collection object corresponding to an original collection object according to the network topology, because according to the network topology, it can be determined which interface of which network element is connected to an interface of another network element
  • the traffic flowing through is the same traffic, or the traffic on which network element is the same as the traffic on an interface of another network element, or the traffic on which network element is the same as the traffic on another network.
  • the traffic flowing through the yuan is the same traffic. Therefore, the object determining unit 172 can determine the target collection object corresponding to the original collection object according to the network topology.
  • the object determining unit 172 may determine the target collection object corresponding to the original collection object based on the communication relationship map of each network element communication in the SDN network.
  • the collection control unit 174 may collect the outgoing target flow of the target collection object.
  • the process of collecting outbound and outbound traffic from the target collection object is actually collecting the inbound and outbound traffic from the forwarding device connected to the target collection object.
  • the forwarding device can collect the inbound traffic of its port, so as to realize the collection of the target collection object's outgoing and target traffic, that is, the original collection object's inbound and outbound traffic collection.
  • the traffic collection device 170 can be deployed on the NFVO network element or on the SDN controller.
  • the function of the object determination unit 172 can be realized by the processor of the network device that deploys the NFVO network element, and the function of the collection control unit 174 is implemented by the communication device of the network device and The processors are implemented together.
  • the function of the object determination unit 172 can be realized by deploying the processor of the SDN controller, and the function of the collection control unit 174 is shared by the communication device and the processor of the SDN controller.
  • the process of collecting the inbound flow for the original collection object can be transferred to the outgoing flow collection for the target collection object according to the network topology.
  • forwarding devices such as switches no longer need to collect outgoing traffic on their own ports, which reduces the collection burden of traffic collection on the switch and improves the efficiency of traffic collection.
  • Embodiment 6 is a diagrammatic representation of Embodiment 6
  • This embodiment provides a storage medium that can store one or more computer programs that can be read, compiled, and executed by one or more processors.
  • the computer-readable storage medium A flow collection program may be stored, and the flow collection program can be used by one or more processors to execute the flow of any one of the flow collection methods introduced in the foregoing embodiments.
  • the network device 180 includes a processor 181, a memory 182, and a communication bus 183 for connecting the processor 181 and the memory 182.
  • the memory 182 may be the aforementioned storage device.
  • the processor 181 may read the flow collection program, compile and execute the flow of the flow collection method introduced in the foregoing embodiment:
  • the processor 181 is configured to determine the target collection object corresponding to the original collection object according to the network topology relationship, and collect incoming target traffic on the forwarding device connected to the target collection object.
  • the original collection object refers to an object designated by a tenant or an operator that needs to collect inbound target traffic. It is worth noting that, in related technologies, when collecting outbound traffic on a VNF interface, the corresponding switch can directly collect target traffic on its own corresponding port, which will not be as burdensome and inefficient as collecting inbound traffic on a VNF interface.
  • the original collection object specifically refers to the object for which inbound traffic collection needs to be performed, that is, target traffic; when it flows through the switch port connected to the original collection object, it is the outgoing flow, for example ,
  • the tenant requests to collect the inbound flow of VNF1 logical interface 2
  • the logical interface 2 of VNF1 is the original collection object.
  • the tenant requests to collect the inbound flow of VNF3 logical interface 3
  • the original collection object is the original collection object.
  • the target collection object is the object that supports the collection of the aforementioned target traffic in the outgoing direction, that is, when the target traffic flows through the switch port connected to the target collection object, it is the incoming flow. In this way, the switch can directly collect relatively high efficiency. , The relatively low collection burden realizes the collection of the target flow.
  • the target collection object is considered to be an object that supports the collection of the target flow. It should be understood that the target traffic requested by the tenant or operator will flow from the port of the first switch to the original collection object, and at the same time, the target traffic will also flow from the target collection object to the second switch. Although the flow direction of the target traffic is different between the original collection object and the target collection object, in essence, the two flows through the same flow.
  • the tenant or operator when the tenant or operator requests to collect the inbound target traffic of the original collection object, that is, when the tenant or operator requests to collect the outbound target traffic that is not suitable for the first switch to collect, it can instead collect the outbound traffic of the target collection object.
  • the second switch realizes the collection of incoming target traffic on its port, so that the collection requirements of the tenant or the operator can be fulfilled with less collection and processing burden and higher collection efficiency.
  • the processor 181 can determine the target collection object corresponding to an original collection object according to the network topology, because according to the network topology, it can determine which interface of which network element is connected to an interface of another network element.
  • the traffic flowing through is the same traffic, or the traffic on which network element is the same as the traffic on an interface of another network element, or the traffic on which network element is the same as the other network element
  • the upstream traffic is the same traffic. Therefore, the processor 181 can determine the target collection object corresponding to the original collection object according to the network topology.
  • the operator when the operator is planning the network, he can determine the mapping relationship between each original collection object and each target collection object according to the planned network topology. For the original collection object planned by the operator, the target collection object The mapping relationship is called "communication relationship map" in this embodiment. Therefore, in some examples of this embodiment, the processor 181 can determine the target collection object corresponding to the original collection object based on the communication relationship map of each network element communication in the SDN network.
  • the target collection object may be collected for outgoing target traffic.
  • the process of collecting outbound and outbound traffic from the target collection object is actually collecting the inbound and outbound traffic from the forwarding device connected to the target collection object.
  • the forwarding device can collect the inbound traffic of its port, so as to realize the collection of the target collection object's outgoing and target traffic, that is, the original collection object's inbound and outbound traffic collection.
  • the forwarding device may be a switch or a DC GW
  • the network device 180 may be an NFVO network element or an SDN controller.
  • the network device provided in this embodiment When it is determined that the network device provided in this embodiment needs to collect inbound and target traffic for the original collection object, it can transfer the inbound traffic collection for the original collection object to the outbound traffic collection for the target collection object according to the network topology relationship. In this way, forwarding devices such as switches no longer need to collect outgoing traffic on their own ports, which reduces the burden of traffic collection on the switch and improves the efficiency of traffic collection.
  • the functional modules/units in the system, and the device can be implemented as software (which can be implemented by program code executable by a computing device) , Firmware, hardware and their appropriate combination.
  • the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may consist of several physical components. The components are executed cooperatively.
  • Some physical components or all physical components can be implemented as software executed by a processor, such as a central processing unit, a digital signal processor, or a microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit .
  • the computer-readable medium may include computer storage Medium (or non-transitory medium) and communication medium (or temporary medium).
  • computer storage medium includes volatile and non-volatile memory implemented in any method or technology for storing information (such as computer-readable instructions, data structures, program modules, or other data).
  • flexible, removable and non-removable media are examples of flexible, removable and non-removable media.
  • Computer storage media include but are not limited to RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cassette, tape, magnetic disk storage or other magnetic storage devices, or Any other medium used to store desired information and that can be accessed by a computer.
  • communication media usually contain computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as carrier waves or other transmission mechanisms, and may include any information delivery media . Therefore, this application is not limited to any specific hardware and software combination.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided in embodiments of the present invention are a traffic collection method and device, a network apparatus and a storage medium. The traffic collection method comprises: determining, according to a network topology, a target object to undergo collection corresponding to an original object to undergo collection, wherein the original object is an object requiring collection of inbound target traffic, a flow direction of the target traffic is an outbound direction relative to the target object, and the target object is an object supporting collection of the target traffic in the outbound direction (S302); and collecting the target traffic entering a forwarding apparatus connected to the target object (S304).

Description

一种流量采集方法、装置、网络设备及存储介质Flow collection method, device, network equipment and storage medium
相关申请的交叉引用Cross references to related applications
本申请基于申请号为201910272723.X、申请日为2019年4月4日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此以引入方式并入本申请。This application is filed based on the Chinese patent application with the application number 201910272723.X and the filing date on April 4, 2019, and claims the priority of the Chinese patent application. The entire content of the Chinese patent application is hereby incorporated into this by way of introduction. Application.
技术领域Technical field
本申请涉及通信领域,尤其涉及一种流量采集方法、装置、网络设备及存储介质。This application relates to the field of communications, and in particular to a method, device, network device and storage medium for traffic collection.
背景技术Background technique
由于运营商有对流量进行采集和监控的需求,因此需要在网络中按需地对流量进行采集。不过,相关的流量采集方案中,存在这样一个问题:当需要采集的流量相对于VNF(Network Function Virtualization,网络功能虚拟化)是入向的流量,那么该流量相对该VNF所挂接的交换机就是出向的流量。所以,理论上只需要交换机对本交换机上与该VNF接口对应的端口上的出向流量进行采集即可。不过,受限于交换机芯片的能力,交换机无法将出向流量的流特征采集策略绑定到特定的端口上,所以交换机在采集某端口出向流量时,流量采集动作将会全局生效,也即,不论是本交换机上哪一端口进出的流量,都会被采集,然后再根据流特征采集策略进行过滤。这样就势必导致交换机处理负担的增大,同时降低交换机执行流量采集的效率。Since operators have the need to collect and monitor traffic, they need to collect traffic on demand in the network. However, in the related traffic collection scheme, there is such a problem: when the traffic that needs to be collected is inbound traffic relative to VNF (Network Function Virtualization), then the traffic is relative to the switch to which the VNF is attached. Outbound traffic. Therefore, in theory, only the switch needs to collect the outgoing traffic on the port corresponding to the VNF interface on the switch. However, due to the ability of the switch chip, the switch cannot bind the flow characteristic collection strategy of outgoing traffic to a specific port. Therefore, when the switch collects outgoing traffic on a certain port, the traffic collection action will take effect globally, that is, regardless of The traffic in and out of which port on this switch will be collected, and then filtered according to the flow feature collection strategy. This will inevitably lead to an increase in the processing burden of the switch and reduce the efficiency of the switch in performing traffic collection.
发明内容Summary of the invention
本申请实施例提供的流量采集方法、装置、网络设备及存储介质,主要解决的技术问题是:相关流量采集方案中,在对某一网元某一接口进行入向流量采集时,负责流量采集的交换机处理负担大,效率低的问题。The traffic collection method, device, network equipment, and storage medium provided by the embodiments of this application mainly solve the technical problem: in the related traffic collection scheme, when collecting inbound traffic on a certain interface of a network element, it is responsible for traffic collection The switch handles the problem of heavy burden and low efficiency.
为解决上述技术问题,本申请实施例提供一种流量采集方法,包括:In order to solve the foregoing technical problems, an embodiment of the present application provides a traffic collection method, including:
根据网络拓扑关系确定与原采集对象对应的目标采集对象,原采集对象为需要对其采集入向目标流量的对象,目标流量的流向相对于目标采集对象为出向,目标采集对象为支持采集出向的目标流量的对象;Determine the target collection object corresponding to the original collection object according to the network topology. The original collection object is the object that needs to collect the incoming and outgoing target traffic. The flow direction of the target traffic is the outgoing direction relative to the target collection object. The target collection object is the one that supports the collection and outgoing direction Target traffic;
对目标采集对象所连接的转发设备进行入向的目标流量的采集。Collect incoming target traffic to the forwarding device connected to the target collection object.
本申请实施例还提供一种流量采集装置,包括:An embodiment of the present application also provides a flow collection device, including:
对象确定单元,用于根据网络拓扑关系确定与原采集对象对应的目标采集对象,原采集对象为需要对其采集入向目标流量的对象,目标流量的流向相对于目标采集对象为出向,目标采集对象为支持采集出向的目标流量的对象;The object determining unit is used to determine the target collection object corresponding to the original collection object according to the network topology. The original collection object is the object for which the inbound and target traffic needs to be collected. The flow direction of the target traffic is the outgoing direction relative to the target collection object. The object is the object that supports the collection of target traffic from the outgoing direction;
采集控制单元,用于对目标采集对象所连接的转发设备进行入向的目标流量的采集。The collection control unit is used to collect incoming target traffic on the forwarding device connected to the target collection object.
本申请实施例还提供一种网络设备,网络设备包括处理器、存储器及通信总线;An embodiment of the present application also provides a network device, which includes a processor, a memory, and a communication bus;
通信总线用于实现处理器和存储器之间的连接通信;The communication bus is used to realize the connection and communication between the processor and the memory;
处理器用于执行存储器中存储的一个或者多个程序,以实现上述流量采集方法的步骤。The processor is used to execute one or more programs stored in the memory to implement the steps of the above-mentioned flow collection method.
本申请实施例还提供一种存储介质,该存储介质存储有一个或者多个程序,一个或者多个程序可被一个或者多个处理器执行,以实现上述的流量采集方法的步骤。The embodiment of the present application also provides a storage medium, the storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement the steps of the above-mentioned traffic collection method.
本申请其他特征和相应的有益效果在说明书的后面部分进行阐述说明,且应当理解,至少部分有益效果从本申请说明书中的记载变的显而易见。Other features and corresponding beneficial effects of this application are described in the latter part of the specification, and it should be understood that at least part of the beneficial effects will become apparent from the description in the specification of this application.
附图说明Description of the drawings
图1为本申请实施例一中示出的SDN网络中控制器与交换机逻辑关系示意图;FIG. 1 is a schematic diagram of the logical relationship between the controller and the switch in the SDN network shown in Embodiment 1 of the application;
图2为相关技术中流量采集的一种流程交互图;Figure 2 is a flow chart of flow collection in related technologies;
图3为本申请实施例一中提供的流量采集方法的一种流程图;FIG. 3 is a flow chart of the flow collection method provided in Embodiment 1 of this application;
图4为本申请实施例一中示出的SDN网络中各VNF之间的流量流向示意图;4 is a schematic diagram of the flow of traffic between VNFs in the SDN network shown in Embodiment 1 of the application;
图5为本申请实施例一中示出的NFVO针对目标采集对象进行出向目标流量进行采集的一种流程图;FIG. 5 is a flow chart of the NFVO in the first embodiment of the application for collecting the outgoing target traffic for the target collection object;
图6为本申请实施例二中提供的流量采集方法的一种流程图;FIG. 6 is a flow chart of the flow collection method provided in Embodiment 2 of this application;
图7为本申请实施例二中提供的流量采集过程的一种流程交互图;FIG. 7 is a flow interaction diagram of the traffic collection process provided in the second embodiment of this application;
图8为本申请实施例三示例2中示出的目标流量在VNF1与VNF2之间的流向示意图;FIG. 8 is a schematic diagram of the flow of target traffic between VNF1 and VNF2 shown in Example 2 of the third embodiment of the application;
图9为本申请实施例三示例2中提供的流量采集过程的一种流程交互图;9 is a flow interaction diagram of the traffic collection process provided in Example 2 of the third embodiment of the application;
图10为本申请实施例三示例3中示出的SDN网络中各网元间的流量流向示意图;10 is a schematic diagram of the flow of traffic between network elements in the SDN network shown in Example 3 of the third embodiment of the application;
图11为本申请实施例三示例3中示出的目标流量在ER与VNF1之间的流向示意图;11 is a schematic diagram of the flow of target traffic between ER and VNF1 shown in Example 3 of the third embodiment of the application;
图12为本申请实施例三示例3中提供的流量采集过程的一种流程交互图;FIG. 12 is a flow interaction diagram of the traffic collection process provided in Example 3 of the third embodiment of the application;
图13为本申请实施例四示例4中提供的流量采集策略随VM迁移的一种流程交互图;FIG. 13 is a flow interaction diagram of the migration of the traffic collection strategy with VM provided in Example 4 of the fourth embodiment of the application;
图14为本申请实施例四示例5中提供的VM弹扩场景下流量采集过程的一种流程交互图;14 is a flow interaction diagram of the flow collection process in the VM pop-up scenario provided in Example 5 of the fourth embodiment of the application;
图15为本申请实施例四示例6中提供的VNF缩容场景下流量采集管理的一种流程交互图;15 is a flow interaction diagram of traffic collection management in the VNF shrinking scenario provided in Example 6 of the fourth embodiment of the application;
图16为本申请实施例四示例7中提供的部署VNF的VM为集群情景下的流量采集过程的一种流程交互图;FIG. 16 is a flow interaction diagram of the traffic collection process in the scenario where the VNF deployed VM is a cluster provided in Example 7 of the fourth embodiment of the application;
图17为本申请实施例五提供的流量采集装置的一种结构示意图;FIG. 17 is a schematic structural diagram of a flow collection device provided in Embodiment 5 of this application;
图18为本申请实施例六提供的网络设备的一种硬件结构示意图。FIG. 18 is a schematic diagram of a hardware structure of a network device provided in Embodiment 6 of this application.
具体实施方式detailed description
为了使本申请的目的、技术方案及优点更加清楚明白,下面通过具体实施方式结合附图对本申请实施例作进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the objectives, technical solutions, and advantages of the present application clearer, the following describes the embodiments of the present application in further detail through specific implementations in conjunction with the accompanying drawings. It should be understood that the specific embodiments described here are only used to explain the application, and are not used to limit the application.
实施例一:Example one:
NFVI(Network Function Virtualisation Infrastructure,网络功能虚拟化基础设施),是用来托管和连接虚拟功能的一组资源。具体来说就是,NFVI是一种包含服务器、虚拟化管理程序、操作***、虚拟机、 虚拟交换机和网络资源的云数据中心。NFV通过使用x86等通用性硬件以及虚拟化技术,来承载很多功能的软件处理,从而降低网络昂贵的设备成本。NFV可以通过软硬件解耦及功能抽象,使网络设备功能不再依赖于专用硬件,资源可以充分灵活共享,实现新业务的快速开发和部署,并基于实际业务需求进行自动部署、弹性伸缩、故障隔离和自愈等。NFVI (Network Function Virtualisation Infrastructure) is a set of resources used to host and connect virtual functions. Specifically, NFVI is a cloud data center that includes servers, virtualization hypervisors, operating systems, virtual machines, virtual switches, and network resources. NFV uses x86 and other general-purpose hardware and virtualization technology to carry many functions of software processing, thereby reducing the cost of expensive network equipment. NFV can decouple software and hardware and abstract functions, so that network equipment functions no longer depend on dedicated hardware, resources can be fully and flexibly shared, rapid development and deployment of new services, and automatic deployment, elastic scaling, and failure based on actual business needs Isolation and self-healing, etc.
NFVI中的网络虚拟机化方案之一是通过SDN(Software Defined Network,软件定义网络)技术实现,SDN也是当前通信领域研究的热点技术。SDN包括控制面的控制器(Controller,简称C)和转发面的交换机(Switch,简称SW或者S)两部分构成。根据当前SDN技术的定义,控制器Controller和交换机Switch之间通过OPENFLOW(简称OF)协议下发控制指令,指导交换机上的数据流转发。具体逻辑原理示意请参见图1。One of the network virtualization solutions in NFVI is achieved through SDN (Software Defined Network) technology. SDN is also a hot technology in the current communication field. SDN includes two parts: a controller (Controller, C for short) on the control plane and a switch (Switch, SW or S for short) on the forwarding plane. According to the current definition of SDN technology, the controller and the switch send control instructions through the OPENFLOW (OF) protocol to guide the data flow forwarding on the switch. Please refer to Figure 1 for the specific logic principle.
在NFVI之上,有NFV管理和编排(ManagementandOrchestration,MANO),其架构是由NFVO(NetworkFunctionVirtualization Orchestrator,NFV编排器),VNF管理(VNFManager),VIM(VirtualizedInfrastructureManager,虚拟化基础设施管理)组成。NFVO负责管理和维护数据存储、参考点(Referencepoint)和接口,使组成服务的各个组件能够进行数据的交换,从而对NFVI和VNF的运行进行编排协调。VIM有多种选择类型,VNFM也有不同的实现。根据当前业界内的主流方案,VIM多选择基于Openstack的功能增强,请继续参见图1。On top of NFVI, there is NFV management and orchestration (MANO), and its architecture is composed of NFVO (Network Function Virtualization Orchestrator, NFV orchestrator), VNF management (VNFManager), and VIM (Virtualized Infrastructure Manager, virtualized infrastructure management). NFVO is responsible for the management and maintenance of data storage, reference points (Reference points) and interfaces, so that the various components that make up the service can exchange data, so as to orchestrate and coordinate the operations of NFVI and VNF. There are many options for VIM, and VNFM also has different implementations. According to the current mainstream solutions in the industry, VIM mostly chooses Openstack-based functional enhancements. Please continue to refer to Figure 1.
VNF部署在NFVI中,比如移动核心网的vEPC(virtualizedEvolved Packet Core,虚拟化分组核心演进)的网元,xGW(x Gateway,x网关),MME(Mobility Management Entity,移动管理实体),PCRF(Policy and Charging Rules Function,策略与计费规则功能单元),AAA(Authentication,Authorization,Accounting,认证授权和计费)等可以以虚拟机的形式部署在NFVI的虚拟机上。不同的VNF之间的接口以逻辑形式存在,通过SDN网络打通。例如,xGW和PCRF之间的Gx接口,如图中的虚线1(细虚线)所示,接口上的流量是通过交换机A在SDN控制器10的控制下进行转发的;再比如,xGW和AAA之间的S6接口上的流量,如图中的虚线2(粗虚线)所示,是通过交换机A、交换机C和交换机B一级一级地转发实现的。VNF is deployed in NFVI, such as vEPC (virtualized Evolved Packet Core) network elements of mobile core network, xGW (x Gateway, x gateway), MME (Mobility Management Entity, mobility management entity), PCRF (Policy and Charging Rules Function, policy and charging rules function unit), AAA (Authentication, Authorization, Accounting, authentication authorization and charging) etc. can be deployed on the NFVI virtual machine in the form of a virtual machine. The interfaces between different VNFs exist in a logical form and are opened through the SDN network. For example, the Gx interface between xGW and PCRF, as shown by the dotted line 1 (thin dotted line) in the figure, the traffic on the interface is forwarded under the control of the SDN controller 10 through the switch A; for example, xGW and AAA The traffic on the S6 interface between, as shown by the dashed line 2 (thick dashed line) in the figure, is realized by the switch A, switch C, and switch B forwarding level by level.
为了满足运营商对流量进行采集和监控的需求,需要按需的从网络中对流量进行采集,假定当前需要采集的是图1中VNF1逻辑接口1上的出向流量,那么,目前的流量采集方案请参见如图2:In order to meet the needs of operators for traffic collection and monitoring, traffic needs to be collected from the network on demand. Assuming that the current need to collect is the outgoing traffic on logical interface 1 of VNF1 in Figure 1, then the current traffic collection scheme See Figure 2:
S201:NFVO接收租户配置的流镜像策略;S201: NFVO receives the stream mirroring policy configured by the tenant;
S202:NFVO向VNFM查询部署VNF1的目标虚拟机(VM);S202: NFVO queries VNFM for the target virtual machine (VM) where VNF1 is deployed;
S203:NFVO向VIM查询目标VM所接入SDN网络的port UUID(port Universally Unique Identifier,端口通用唯一识别码);S203: NFVO queries VIM for the port UUID (port Universally Unique Identifier) of the SDN network to which the target VM is connected;
S204:NFVO向VIM发送流量采集策略;S204: NFVO sends a traffic collection strategy to VIM;
NFVO可以通过调用VIM的TAAS(Test Access Point as a Service,TAP即服务,也称作TAPaaS)接口向VIM发送流量采集策略。在向VIM发送的流量采集策略中绑定了目标VM所接入SDN网络的port UUID。NFVO can send traffic collection policies to VIM by calling the TAAS (Test Access Point as Service, TAP as a service, also known as TAPaaS) interface of VIM. In the traffic collection policy sent to the VIM, the port UUID of the SDN network to which the target VM is connected is bound.
S205:VIM向SDN控制器发送流量采集策略;S205: VIM sends a traffic collection strategy to the SDN controller;
在图2示出的方案当中,VIM可以通过调用SDN控制器的北向接口来发送流量采集策略。In the solution shown in Figure 2, VIM can send traffic collection policies by calling the northbound interface of the SDN controller.
S206:SDN控制器将流量采集指示下发给目标虚拟机所挂靠的交换机A。S206: The SDN controller issues a traffic collection instruction to the switch A to which the target virtual machine is attached.
对于流的方向在此要做一下说明:流的方向是有相对性的,对于VNF来说,有出向流和入向流,对应交换机的端口就分别是入向流和出向流,也即,VNF接口的出向流实际就是部署该VNF的目标虚拟机所接入交换机端的入向流;VNF接口的入向流实际就是部署该VNF的目标虚拟机所接入交换机端的出向流。Here is an explanation for the direction of the flow: the direction of the flow is relative. For VNFs, there are outgoing flow and incoming flow, and the corresponding switch ports are incoming flow and outgoing flow respectively, that is, The outbound flow of the VNF interface is actually the inbound flow of the switch to which the target virtual machine deploying the VNF is connected; the inbound flow of the VNF interface is actually the outgoing flow of the switch to which the target virtual machine deploying the VNF is connected.
所以,租户想要采集VNF1逻辑接口1上的出向流量,那么实际上,是由交换机A采集P1端口的入向流。因此,可以理解的是,SDN控制器会对接收到的流量采集策略进行转换,得到流量采集指示:在流量采集指示中,待采集的目标流量由目标虚拟机的出向流改为该目标虚拟机所接入交换机端口的入向流。Therefore, if the tenant wants to collect the outgoing traffic on the logical interface 1 of VNF1, in fact, switch A collects the inbound flow of the P1 port. Therefore, it can be understood that the SDN controller will convert the received traffic collection strategy to obtain a traffic collection instruction: in the traffic collection instruction, the target traffic to be collected is changed from the outgoing flow of the target virtual machine to the target virtual machine The incoming flow of the connected switch port.
S207:交换机A执行流量采集操作,并将采集到的流量发往目的端。S207: Switch A performs a traffic collection operation, and sends the collected traffic to the destination.
在图2示出的方案当中,租户在NFVO上配置的流量采集策略是从VNFM上下发,经过VIM的传递,流量采集策略到达SDN控制器(S201-S205),SDN控制器将流量采集策略下发到对应的交换机上(S206)。通常,上层注入给SDN控制器的流量采集策略包含了流量采集特征(包括目标虚拟机的port UUID,流的五元组信息,流的方向)。目标虚拟机接入的交换机根据流量采集特征,对其上的流量进行过滤,匹配中的流量准备复制后通过流量采集的专门通道,送往目的端(S207)。在相关的流量采集方案中,采集到的流量可以通过VLAN(Virtual Local Area Network,虚拟局域网)通道,VxLAN(Virtual Extensible LAN,虚拟扩展局域网)通道或者是GRE(Generic Routing Encapsulation,通用路由封装)通道送往目的端,目的端将对流量进行分析处理,或者目的端作为中转站,在对接收到的流量进行预处理后送往其他的第二级目的端。In the scheme shown in Figure 2, the traffic collection strategy configured by the tenant on the NFVO is sent from VNFM and passed through the VIM. The traffic collection strategy reaches the SDN controller (S201-S205), and the SDN controller downloads the traffic collection strategy. Send to the corresponding switch (S206). Generally, the traffic collection strategy injected into the SDN controller by the upper layer includes traffic collection features (including the port UUID of the target virtual machine, the five-tuple information of the flow, and the direction of the flow). The switch to which the target virtual machine is connected filters the traffic on it according to the characteristics of traffic collection, and the matching traffic is ready to be copied and sent to the destination through a special channel for traffic collection (S207). In the related traffic collection scheme, the collected traffic can pass through VLAN (Virtual Local Area Network, virtual local area network) channel, VxLAN (Virtual Extensible LAN, virtual extended local area network) channel or GRE (Generic Routing Encapsulation, general routing encapsulation) channel Send to the destination, the destination will analyze and process the flow, or the destination will act as a relay station, and the received flow will be preprocessed and then sent to other second-level destinations.
在上述示例当中,因为租户需要采集的目标流量相对于VNF1是出向流,因此,相对于对应交换机则是入向流,所以交换机可以直接进行采集。但如果租户想要采集的目标流量是某一VNF的入向流,则该目标流量相对于与该VNF对应的交换机端口则是出向流,而在相关的流量采集方案中,因为受限于交换机芯片的处理能力,交换机在采集自身某端口出向流的时候,不能将出向流的流的流量特征绑定到该端口上,流量采集动作只能在交换机上全局生效,也即不论从交换机哪个端口进出的流量,都会被采集,然后依据交换机接收到的流量采集策略进行筛选过滤,得到目标流量。这就导致交换机采集自身端口出向流的效率低,负担大。同时,如果一个流在该交换机上的不同端口来回经过两次或者多次转发,则本应该采集一次的流量,会被采集多次,对流量目的端和输送链路造成了不必要的负担和冲击。In the above example, because the target traffic that the tenant needs to collect is the outgoing flow relative to VNF1, it is the inbound flow relative to the corresponding switch, so the switch can directly collect it. But if the target traffic that the tenant wants to collect is the inbound flow of a certain VNF, the target traffic is the outbound flow relative to the switch port corresponding to the VNF. In the related traffic collection scheme, it is limited by the switch. The processing capability of the chip. When the switch collects the outgoing flow of a certain port of its own, it cannot bind the flow characteristics of the outgoing flow to the port. The flow collection action can only take effect globally on the switch, that is, no matter which port the switch is from. The incoming and outgoing traffic will be collected, and then filtered according to the traffic collection strategy received by the switch to obtain the target traffic. This leads to low efficiency and heavy burden for the switch to collect the outgoing flow of its own port. At the same time, if a flow is forwarded back and forth two or more times on different ports on the switch, the flow that should be collected once will be collected multiple times, causing unnecessary burdens and burdens on the destination of the flow and the transmission link. Shock.
为了解决上述问题,本实施例提供一种流量采集方法,请参见图3示出的流量采集方法的流程图:In order to solve the above problem, this embodiment provides a flow collection method. Please refer to the flow chart of the flow collection method shown in FIG. 3:
S302:根据网络拓扑关系确定与原采集对象对应的目标采集对象。S302: Determine the target collection object corresponding to the original collection object according to the network topology relationship.
在本实施例中,原采集对象指的是租户或者运营商指定的需要对其进行入向目标流量采集的对象。值得注意的是,因为在相关技术中,在采集VNF接口出向流量时,对应的交换机可以直接在自身对应端口对目标流量进行采集,不会如采集VNF接口入向流量一般处理负担大,效率低下的问题,所以,在本实施例中,原采集对象特指需要针对其进行入向流量采集的对象,也即目标流量;流经与该原采集对象连接的交换机端口时,是出向流,例如,假定在图1对应的示例当中,租户要求采集VNF1逻辑接口2的入向 流,那么VNF1的逻辑接口2则为原采集对象。如果租户要求采集的是VNF3逻辑接口3的入向流,那么VNF3的逻辑接口3就是原采集对象。In this embodiment, the original collection object refers to an object designated by a tenant or an operator that needs to collect inbound target traffic. It is worth noting that, in related technologies, when collecting outbound traffic on a VNF interface, the corresponding switch can directly collect target traffic on its own corresponding port, which will not be as burdensome and inefficient as collecting inbound traffic on a VNF interface. Therefore, in this embodiment, the original collection object specifically refers to the object for which inbound traffic collection needs to be performed, that is, target traffic; when it flows through the switch port connected to the original collection object, it is the outgoing flow, for example , Assuming that in the example corresponding to Figure 1, the tenant requests to collect the inbound flow of VNF1 logical interface 2, then the logical interface 2 of VNF1 is the original collection object. If the tenant requests to collect the inbound flow of VNF3 logical interface 3, then the logical interface 3 of VNF3 is the original collection object.
目标采集对象是支持采集出向的前述目标流量的对象,因为前述目标流量流经该目标采集对象时,是出向流,也即,与目标流量流经与该目标采集对象连接的交换机端口时,是入向流,这样,该交换机可以直接以比较高的采集效率,比较低的采集负担实现目标流量的采集,对于这种情况,本实施例中认为该目标采集对象是支持出向目标流量采集的对象。应当明白的是,租户或运营商要求采集的目标流量会从第一交换机的端口流入到原采集对象,同时,该目标流量也会从目标采集对象流入到第二交换机中。虽然在原采集对象和目标采集对象中,目标流量的流向不一样,但从本质上来说,二者中流经的是同一个流。所以,当租户或运营商要求采集原采集对象中入向的目标流量,也即租户或运营商要求采集不适合第一交换机采集的出向的目标流量时,可以转而采集目标采集对象的出向流量,也即转而由第二交换机在其端口上实现对入向的目标流量的采集,从而,以较小的采集处理负担以及较高的采集效率完成租户或运营商的采集要求。The target collection object is an object that supports the collection of the aforementioned target traffic in the outgoing direction, because when the aforementioned target traffic flows through the target collection object, it is the outgoing flow, that is, when the target traffic flows through the switch port connected to the target collection object, it is In this way, the switch can directly collect the target traffic with a relatively high collection efficiency and a relatively low collection burden. In this case, in this embodiment, the target collection object is considered to be an object that supports the collection of outbound target traffic. . It should be understood that the target traffic requested by the tenant or operator will flow from the port of the first switch to the original collection object, and at the same time, the target traffic will also flow from the target collection object to the second switch. Although the flow direction of the target traffic is different between the original collection object and the target collection object, in essence, the two flows through the same flow. Therefore, when the tenant or operator requests to collect the inbound target traffic of the original collection object, that is, when the tenant or operator requests to collect the outbound target traffic that is not suitable for the first switch to collect, it can instead collect the outbound traffic of the target collection object. , That is, the second switch realizes the collection of incoming target traffic on its port, so that the collection requirements of the tenant or the operator can be fulfilled with less collection and processing burden and higher collection efficiency.
在本实施例中,根据网络拓扑可以确定出一个原采集对象对应的目标采集对象,因为根据网络拓扑可以确定出哪一个网元的哪一个接口上与另一个网元的一个接口所流经的流量是同一个流量,或者哪一个网元上流量的流量与另一个网元的一个接口所流经的流量是同一个流量,或者哪一个网元上流量的流量与另一个网元上流经的流量是同一个流量,因此,根据网络拓扑可以确定原采集对象对应的目标采集对象。In this embodiment, the target collection object corresponding to an original collection object can be determined according to the network topology, because according to the network topology, it can be determined which interface of which network element flows through an interface of another network element. The traffic is the same traffic, or the traffic on which network element flows through the same flow as the traffic on an interface of another network element, or the traffic on which network element flows through the other network element The traffic is the same traffic, therefore, the target collection object corresponding to the original collection object can be determined according to the network topology.
通常,运营商在进行网络规划的时候,就可以根据规划的网络拓扑确定出各原采集对象与各个目标采集对象之间的映射关系,对于运营商所规划出的原采集对象目标采集对象之间的映射关系,本实施例将其称为“通信关系地图”。所以,在本实施例的一些示例中,可以根SDN网络中的各网元通信的通信关系地图确定出原采集对象对应的目标采集对象。Generally, when the operator is planning the network, he can determine the mapping relationship between each original collection object and each target collection object according to the planned network topology. For the original collection object planned by the operator, the target collection object The mapping relationship is called "communication relationship map" in this embodiment. Therefore, in some examples of this embodiment, the target collection object corresponding to the original collection object can be determined from the communication relationship map of each network element communication in the SDN network.
例如,图4示出了SDN网络中各VNF之间的流量流向示意图:VNF1的接口1与VNF2的接口1之间有流量的双向流动;VNF1的接口2与VNF3的接口2之间有流量的双向流动;VNF1的接口3与VNF4的接口3之间有流量的双向流动;VNF2的接口4与VNF4的接口4之间有流量的双向流动。表1示出的是图4中SDN网络中的一种通信关系地图:For example, Figure 4 shows a schematic diagram of the flow of traffic between VNFs in the SDN network: there is a two-way flow of traffic between interface 1 of VNF1 and interface 1 of VNF2; there is traffic between interface 2 of VNF1 and interface 2 of VNF3 Two-way flow; there is a two-way flow of traffic between interface 3 of VNF1 and interface 3 of VNF4; there is a two-way flow of traffic between interface 4 of VNF2 and interface 4 of VNF4. Table 1 shows a communication relationship map in the SDN network in Figure 4:
表1Table 1
原采集对象Original collection object 目标采集对象Target collection object
<VNF1,接口1><VNF1, interface 1> <VNF2,接口1><VNF2, interface 1>
<VNF1,接口2><VNF1, interface 2> <VNF3,接口2><VNF3, interface 2>
<VNF1,接口3><VNF1, interface 3> <VNF4,接口3><VNF4, interface 3>
<VNF2,接口1><VNF2, interface 1> <VNF1,接口1><VNF1, interface 1>
<VNF2,接口4><VNF2, interface 4> <VNF4,接口4><VNF4, interface 4>
<VNF3,接口2><VNF3, interface 2> <VNF1,接口2><VNF1, interface 2>
<VNF4,接口3><VNF4, interface 3> <VNF1,接口3><VNF1, interface 3>
<VNF4,接口4><VNF4, interface 4> <VNF2,接口4><VNF2, interface 4>
假定当租户或运营商指示采集表1中某一原采集对象入向的目标流量时,可以根据表1示出的额通信关系地图确定出该原采集对象对应的目标采集对象。Assuming that when a tenant or an operator instructs to collect the target traffic of an original collection object in Table 1, the target collection object corresponding to the original collection object can be determined according to the communication relationship map shown in Table 1.
S304:对目标采集对象所连接的转发设备进行入向目标流量的采集。S304: Collect the incoming target traffic on the forwarding device connected to the target collection object.
在确定出原采集对象对应的目标采集对象之后,可以对目标采集对象进行出向目标流量的采集。毫无疑义的是,对目标采集对象进行出向目标流量采集的过程实际上就是对该目标采集对象所连接的转发设备进行入向目标流量的采集。例如,目标采集对象与转发设备通过转发设备的端口4连接,则可以让转发设备采集其端口4的入向流量,从而实现目标采集对象出向目标流量的采集,也即实现原采集对象入向目标流量的采集。After the target collection object corresponding to the original collection object is determined, the outgoing target flow can be collected on the target collection object. There is no doubt that the process of collecting outbound and outbound traffic from the target collection object is actually collecting the inbound and outbound traffic from the forwarding device connected to the target collection object. For example, if the target collection object is connected to the forwarding device through port 4 of the forwarding device, the forwarding device can collect the incoming traffic of its port 4, so as to realize the collection of the target collection object's outgoing target traffic, that is, the original collection object's inbound target Flow collection.
在本实施例中,转发设备可以是交换机或DC GW(数据中心网关),流量采集方法可以是由NFVO执行的,也可以是由SDN控制器实现的。下面先对由NFVO实现流量采集方法的情况进行说明:In this embodiment, the forwarding device may be a switch or a DC GW (Data Center Gateway), and the traffic collection method may be executed by NFVO or implemented by an SDN controller. The following first describes the implementation of the flow collection method by NFVO:
NFVO可以预先获取并存储SDN网络中各网元的通信关系地图,例如,运营商可以将通信关系地图输入到NFVO中,这样,当NFVO需要针对某一原采集对象查询其对应的目标采集对象时,NFVO可以直接根据自己存储的通信关系地图以及原采集对象查询确定出对应的目标采集对象。NFVO can obtain and store the communication relationship map of each network element in the SDN network in advance. For example, the operator can input the communication relationship map into NFVO, so that when NFVO needs to query the corresponding target collection object for a certain original collection object , NFVO can directly determine the corresponding target collection object based on its stored communication relationship map and the original collection object query.
例如,NFVO可以根据租户或运营商输入的流镜像策略确定处原采集对象,然后查询到目标采集对象。在租户或运营商配置的流镜像策略中,可以包括VNF索引、接口名称、流方向几种信息。当NFVO接收到一个流镜像策略后,可以根据其中的流方向确定待采集目标流量相对于该流镜像策略中所指定的VNF所指定接口的流向,如果流方向指定目标流向相对于指定VNF指定接口是入向,则NFVO可以确定当前租户所指定的采集对象是原采集对象,随后,NFVO将会根据自身所存储的通信关系地图确定出对应的目标采集对象。确定出目标采集对象之后,NFVO将向SDN控制器下发流量采集策略,在该流量采集策略中,包括指示目标采集对象的信息,以及指示目标流量流向的信息。For example, NFVO can determine the original collection object according to the stream mirroring strategy entered by the tenant or operator, and then query the target collection object. The flow mirroring strategy configured by the tenant or the operator may include VNF index, interface name, and flow direction. After NFVO receives a flow mirroring policy, it can determine the flow direction of the target traffic to be collected relative to the interface specified by the VNF specified in the flow mirroring policy according to the flow direction. If the flow direction specifies the target flow direction relative to the specified VNF specified interface If it is the inbound direction, NFVO can determine that the collection object specified by the current tenant is the original collection object. Subsequently, NFVO will determine the corresponding target collection object according to the communication relationship map stored by itself. After determining the target collection object, NFVO will issue a traffic collection strategy to the SDN controller. The traffic collection strategy includes information indicating the target collection object and information indicating the flow direction of the target traffic.
在SDN控制器接收到流量采集策略之后,其会对新流量采集策略中的采集指示进行转换,因为新流量采集策略中指示的是对目标采集对象进行出向的目标流量采集,但事实上,执行流量采集的是转发设备,所以,SDN控制器将会将采集目标采集对象出向目标流量的指示转换为采集转发设备上与该目标采集对象连接的端口的入向目标流量的指示。转换完成之后,SDN控制器将转换后的流量采集指示发送给转发设备,让转发设备根据流量采集指示实现入向目标流量的采集,并将采集到的目标流量传输到目的端。After the SDN controller receives the traffic collection strategy, it will convert the collection instructions in the new traffic collection strategy, because the new traffic collection strategy instructs the target collection object to perform outgoing target traffic collection, but in fact, it executes The traffic is collected by the forwarding device, so the SDN controller will convert the instruction of collecting the outgoing target flow of the target collection object into the instruction of collecting the inbound target flow of the port connected to the target collecting object on the collection and forwarding device. After the conversion is completed, the SDN controller sends the converted traffic collection instruction to the forwarding device, so that the forwarding device collects the inbound target traffic according to the traffic collection instruction, and transmits the collected target traffic to the destination end.
当然,本领域技术人员可以理解的是,如果NFVO确定流镜像策略中要求的是对某一采集对象采集出向的流量,那么该目标流量相对于与目标采集对象连接的转发设备端口而言,就是入向的目标流量,在这种情况下,NFVO可以直接通过通知对应的转发设备进行入向的目标流量采集(具体流程参见图2所示,这里不再赘述),而不必将流镜像策略中的采集对象作为原采集对象。Of course, those skilled in the art can understand that if NFVO determines that the flow mirroring strategy requires the collection of outgoing traffic for a certain collection object, then the target traffic is relative to the forwarding device port connected to the target collection object. Incoming target traffic. In this case, NFVO can directly collect the incoming target traffic by notifying the corresponding forwarding device (see Figure 2 for the specific process, which will not be repeated here) without having to include the flow mirroring strategy The collected objects are regarded as the original collection objects.
下面结合几种原采集对象与目标采集对象,对NFVO针对目标采集对象进行出向目标流量进行采集的过程进行说明:The following describes the process of NFVO collecting the outgoing target traffic from the target collection object in combination with several original collection objects and target collection objects:
情景1:假定原采集对象为DC(数据中心)中的第一VNF的第一接口(例如表1中的<VNF1,接口1>),NFVO确定出的目标采集对象为第二VNF的第二接口(例如表1中的<VNF2,接口1>),请参见图5:Scenario 1: Assume that the original collection object is the first interface of the first VNF in the DC (data center) (for example, <VNF1, interface 1> in Table 1), and the target collection object determined by NFVO is the second VNF of the second VNF Interface (for example, <VNF2, interface 1> in Table 1), see Figure 5:
S502:NFVO确定部署第二VNF的目标虚拟机。S502: NFVO determines the target virtual machine where the second VNF is deployed.
可以理解的是,第二VNF可以仅部署在一台虚拟机(VM)上,在这种情况下,NFVO查询到的目标虚拟机就是一台。如果第二VNF部署在两台甚至多台虚拟机上时,那么目标虚拟机自然也就有多台,NFVO获取到的查询结果就是虚拟机列表,该虚拟机列表中包括部署第二VNF的各虚拟机的指示信息。It is understandable that the second VNF can be deployed on only one virtual machine (VM). In this case, the target virtual machine queried by NFVO is only one. If the second VNF is deployed on two or more virtual machines, there will naturally be multiple target virtual machines. The query result obtained by NFVO is the virtual machine list. The virtual machine list includes the deployment of the second VNF. Instructions for the virtual machine.
在一个实施例中,NFVO可以向VNFM查询第二VNF部署的虚拟机,VNFM接收到NFVO的查询请求之后,将查询结果作为响应反馈给NFVO。In one embodiment, the NFVO may query the VNFM for the virtual machine deployed by the second VNF. After the VNFM receives the NFVO query request, the query result is fed back to the NFVO as a response.
S504:NFVO确定目标虚拟机接入SDN网络的接入端口UUID。S504: The NFVO determines the UUID of the access port for the target virtual machine to access the SDN network.
查询到目标虚拟机之后,NFVO将会确定目标虚拟机接入SDN网络的中的端口UUID,在本实施例中,NFVO可以向VIM查询目标虚拟机对应端口的端口UUID。本实施例中将目标虚拟机接入到SDN网络的端口称为“接入端口”。需要说明的是,当第二VNF部署在多台虚拟机上时,这些虚拟机通常也是通过不同的端口接入到SDN网络中的,因此,在这种情况下,NFVO可以从VIM处查询到多个分别与不同目标虚拟机对应的接入端口UUID,所以,VIM反馈给NFVO的很可能是一张端口列表。如果目标虚拟机仅有一台,那么与该目标虚拟机对应的接入端口UUID自然也只有一个,在这种情况下,VIM根据NFVO的查询请求反馈的就只是一个端口UUID。After querying the target virtual machine, NFVO will determine the UUID of the port where the target virtual machine accesses the SDN network. In this embodiment, NFVO can query the VIM for the port UUID of the corresponding port of the target virtual machine. In this embodiment, the port through which the target virtual machine accesses the SDN network is referred to as "access port". It should be noted that when the second VNF is deployed on multiple virtual machines, these virtual machines are usually connected to the SDN network through different ports. Therefore, in this case, NFVO can be queried from the VIM There are multiple access port UUIDs corresponding to different target virtual machines. Therefore, the VIM feedback to NFVO is likely to be a port list. If there is only one target virtual machine, there is naturally only one access port UUID corresponding to the target virtual machine. In this case, VIM feedbacks only one port UUID according to the NFVO query request.
S506:NFVO向SDN控制器发送流量采集策略。S506: NFVO sends the traffic collection policy to the SDN controller.
确定出目标虚拟机以及接入端口的端口UUID之后,NFVO可以向SDN控制器发送流量采集策略,在该流量采集策略中,可以包括以下几种信息:After determining the target virtual machine and the port UUID of the access port, NFVO can send a traffic collection strategy to the SDN controller. The traffic collection strategy can include the following types of information:
●目标虚拟机列表,目标虚拟机列表中用于至少一个目标虚拟机;● Target virtual machine list, the target virtual machine list is used for at least one target virtual machine;
●待采集的目标流量在目标虚拟机上的流向;●The flow direction of the target traffic to be collected on the target virtual machine;
●接入端口的UUID。● UUID of the access port.
发送给SDN控制器的流量采集策略可用于指示SDN控制器控制目标虚拟机所接入的转发设备对目标端口的入向流量进行采集,这里所谓的“目标端口”指的是转发设备上供目标虚拟机接入的端口。The traffic collection strategy sent to the SDN controller can be used to instruct the SDN controller to control the forwarding device connected to the target virtual machine to collect the inbound traffic of the target port. The so-called "target port" here refers to the forwarding device for the target Port to which the virtual machine is connected.
SDN控制器接收到流量采集策略之后,同相关技术中的处理方式基本相同,这里不再赘述。After the SDN controller receives the traffic collection strategy, it is basically the same as the processing method in the related technology, and will not be repeated here.
情景2:假定原采集对象为DC内部第一VNF的第一接口,目标采集对象为该DC外的第二网元,在这种示例中,当NFVO确定出原采集对象对应地目标采集对象之后,可以直接向SDN控制器流量采集策略,而不用查询目标虚拟机以及接入端口的端口UUID。Scenario 2: Assume that the original collection object is the first interface of the first VNF inside the DC, and the target collection object is the second network element outside the DC. In this example, when the NFVO determines the original collection object corresponding to the target collection object , You can directly send the traffic collection strategy to the SDN controller without querying the port UUID of the target virtual machine and the access port.
在这种情况下,NFVO向SDN控制器发送的流量采集策略可用于指示SDN控制器控制第二网元所接入的转发设备对目标端口的入向流量进行采集,情景2中的目标端口为转发设备上供所述第二网元接入的端口。NFVO向SDN控制器发送的流量采集策略中可以包括以下信息:In this case, the traffic collection strategy sent by NFVO to the SDN controller can be used to instruct the SDN controller to control the forwarding device connected to the second network element to collect the inbound traffic of the target port. The target port in scenario 2 is The port on the forwarding device for the second network element to access. The traffic collection policy sent by NFVO to the SDN controller may include the following information:
●网元指示信息,该网元指示信息用于指示第二网元的信息,即向SDN控制器指示当前采集目标流量所针对的对象是第二网元;●Network element indication information, which is used to indicate the information of the second network element, that is, to indicate to the SDN controller that the object for which the target traffic is currently collected is the second network element;
●待采集的目标流量在第二网元上的流向。●The flow direction of the target traffic to be collected on the second network element.
本实施例提供的流量采集方法,在确定需要针对原采集对象进行入向目标流量采集的时候,可以根据网络拓扑关系将针对原采集对象入向流量采集的过程转到针对目标采集对象出向流量采集,通过这种做法,使得交换机等转发设备不必再对于自身端口进行出向流量采集,降低了交换机进行流量采集的采集负担,同时也提升了流量采集效率。具体地说,在确定需要针对某一采集对象进行入向的目标流量采集时,可以将该采集对象作为原采集对象,根据网络拓扑关系确定与该原采集对象对应的目标采集对象。目标采集对象和原采集对象上都有同一目标流量的传输,换言之,目标采集对象上出向的流量和原采集对象上入向的流量是同一流量。因此,可以考虑将针对原采集对象入向的目标流量采集转换成针对目标采集对象出向的目标流量采集,采集到目标采集对象出向的目标流量采集,也就完成了原采集对象入向目标流量采集。而为了对目标采集对象出向的目标流量进行采集,只需要对于该目标采集对象连接的转发设备进行目标流量的入向流量的采集即可。如此,在针对某一采集对象进行入向的目标流量采集的过程中,无需对应交换机对其所有端口的流量均进行采集,减少了交换机的处理负担,提升了流量采集的效率。In the flow collection method provided in this embodiment, when it is determined that the inbound target flow collection for the original collection object is required, the inbound flow collection process for the original collection object can be transferred to the outbound flow collection for the target collection object according to the network topology relationship. In this way, forwarding devices such as switches no longer need to collect outgoing traffic on their own ports, which reduces the collection burden of traffic collection on the switch, and also improves the efficiency of traffic collection. Specifically, when it is determined that inbound target traffic collection for a certain collection object is required, the collection object can be used as the original collection object, and the target collection object corresponding to the original collection object can be determined according to the network topology. The target collection object and the original collection object have the same target flow transmission. In other words, the outgoing flow on the target collection object and the inbound flow on the original collection object are the same. Therefore, it can be considered to convert the target flow collection for the inbound direction of the original collection object into the target flow collection for the outbound direction of the target collection object, and the target flow collection for the outbound direction of the target collection object is collected, and the original collection object inbound and target flow collection is completed. . In order to collect the outgoing target flow of the target collection object, it is only necessary to collect the incoming flow of the target flow for the forwarding device connected to the target collection object. In this way, in the process of collecting inbound target traffic for a certain collection object, there is no need for the corresponding switch to collect the traffic of all its ports, which reduces the processing burden of the switch and improves the efficiency of traffic collection.
此外,因为本实施例提供的流量采集方案中,在针对某一采集对象进行入向的目标流量采集时,指定了转发设备待采集流量的流向,因此,即便是目标流量在该转发设备上经由多次转发,也不会造成转发设备的多次采集,避免了流量的多采集与误采集。In addition, because in the traffic collection solution provided by this embodiment, when the inbound target traffic is collected for a certain collection object, the flow direction of the traffic to be collected by the forwarding device is specified. Therefore, even if the target traffic passes through the forwarding device Multiple forwarding will not cause multiple collections by the forwarding device, avoiding multiple collections and false collections of traffic.
实施例二:Embodiment two:
实施例一中主要介绍了由NFVO实现流量采集方法的方案,本实施例将针对SDN控制器实现流量采集方法的情景进行说明,在介绍该情景中流量采集方法的流程之前,需要说明的是,SDN控制器来执行流量采集方法的情景主要是原采集对象为DC中第一Host(主机),而目标采集对象为该DC中第二Host的情况。请参见图6示出的流程图:The first embodiment mainly introduces the scheme of implementing the flow collection method by NFVO. This embodiment will describe the scenario where the SDN controller implements the flow collection method. Before introducing the flow of the flow collection method in this scenario, it needs to be explained that: The scenario where the SDN controller executes the traffic collection method is mainly the case where the original collection object is the first Host in the DC, and the target collection object is the second Host in the DC. Please refer to the flowchart shown in Figure 6:
S602:SDN控制器根据预先存储的通信关系地图确定第一Host对应的目标采集对象。S602: The SDN controller determines the target collection object corresponding to the first Host according to the pre-stored communication relationship map.
在本实施例中,SDN控制器中预先存储了本网络中各网元之间的通信关系地图,当SDN控制器确定当前需要针对某一网元进行入向的目标流量采集时,SDN控制器可以将该网元作为原采集对象,并根据原采集对象在通信关系地图中进行查询,从而确定出该原采集对象对应的目标采集对象,以原采集对象为第一Host为例,SDN控制器可以根据通信关系地图,确定出第一Hsot对应的目标采集对象为第二Host。In this embodiment, the SDN controller pre-stores the communication relationship map between the network elements in the network. When the SDN controller determines that it currently needs to collect inbound target traffic for a certain network element, the SDN controller The network element can be used as the original collection object, and the original collection object can be queried in the communication relationship map to determine the target collection object corresponding to the original collection object. Taking the original collection object as the first Host as an example, the SDN controller According to the communication relationship map, it can be determined that the target collection object corresponding to the first Hsot is the second Host.
本实施例中的Host为物理服务器Host,或者虚拟机Host,或者路由器,或者交换机,或者其他任何三层设备,只要是在SDN网络统一管理的设备即可。The Host in this embodiment is a physical server Host, or a virtual machine Host, or a router, or a switch, or any other layer 3 device, as long as it is a device that is uniformly managed on the SDN network.
S604:SDN控制器向查询到的第二Host所接入的转发设备发送流量采集指示。S604: The SDN controller sends a traffic collection instruction to the forwarding device accessed by the found second Host.
确定出第二Host之后,SDN控制器还可以确定出与该第二Host连接的转发设备,这里所谓的转发设备可以是交换机,也可以是DC GW。随后,SDN控制器向转发设备所发送的流量采集指示可用于指示该转发设备对目标端口的入向流量进行采集,这里所说的目标端口是指转发设备上供第二Host接入的端口。After determining the second Host, the SDN controller may also determine the forwarding device connected to the second Host. The forwarding device here may be a switch or a DC GW. Subsequently, the traffic collection instruction sent by the SDN controller to the forwarding device can be used to instruct the forwarding device to collect the inbound traffic of the target port. The target port here refers to the port on the forwarding device for the second Host to access.
下面以示例1对这种情景进行进一步说明,请参见图7:The following example 1 illustrates this scenario further, please refer to Figure 7:
S701:SDN控制器接收SDN网络中各Host之间的通信关系地图。S701: The SDN controller receives the communication relationship map between each Host in the SDN network.
网络运维人员可以直接从SDN控制器的交互界面向SDN控制器输入通信关系地图,或者是通过SDN 控制器的命令行输入通信关系地图。表2示出了一种Host间的通信关系地图:The network operation and maintenance personnel can directly input the communication relationship map to the SDN controller from the interactive interface of the SDN controller, or input the communication relationship map through the command line of the SDN controller. Table 2 shows a map of communication relations between Hosts:
表2Table 2
原采集对象Original collection object 目标采集对象Target collection object
Host1Host1 Host2Host2
Host2Host2 Host1Host1
Host3Host3 Host4Host4
Host4Host4 Host3Host3
S702:SDN控制器接收配置的流镜像策略。S702: The SDN controller receives the configured flow mirroring strategy.
例如,租户或运营商要求采集Host1上的逻辑接口1的入向流量,则SDN控制器应当与其他网元相互配合,将需要采集的目标流量进行复制之后传输到目的端。For example, if a tenant or an operator requests to collect the incoming traffic of logical interface 1 on Host1, the SDN controller should cooperate with other network elements to copy the target traffic that needs to be collected and then transmit it to the destination.
S703:SDN控制器查询Host1对应的目标采集对象为Host2。S703: The SDN controller queries that the target collection object corresponding to Host1 is Host2.
在接收到流镜像策略之后,SDN控制器可以根据该流镜像策略确定,要求采集的目标流量相对于Host1是入向的,因此,这不便于与Host1连接的交换机采集,因此,SDN控制器可以将Host1作为原采集对象,然后到通信关系地图中查询与Host1对应的目标采集对象,根据表2示出的通信关系地图可知,Host1对应的目标采集对象为Host2。After receiving the flow mirroring strategy, the SDN controller can determine according to the flow mirroring strategy that the collected target traffic is inbound with respect to Host1. Therefore, it is not convenient for the switch connected to Host1 to collect. Therefore, the SDN controller can Take Host1 as the original collection object, and then query the target collection object corresponding to Host1 in the communication relationship map. According to the communication relationship map shown in Table 2, the target collection object corresponding to Host1 is Host2.
S704:SDN控制器将流量采集指示下发给Host2所挂靠的交换机。S704: The SDN controller issues a traffic collection instruction to the switch to which Host2 is linked.
SDN控制器发送的流量采集指示将指示Host2所挂靠的交换机,交换机B,让交换机B对目标端口的入向流量进行采集。The traffic collection instruction sent by the SDN controller will instruct the switch to which Host2 is attached, switch B, to allow switch B to collect the inbound traffic of the target port.
S705:交换机B执行流量采集操作,并将采集的入向的目标流量发送给目的端。S705: Switch B performs a traffic collection operation, and sends the collected incoming target traffic to the destination end.
在本实施例中,交换机可以通过VLAN通道,VxLAN通道和GRE通道中的任意一个将采集到的目标流量发送给目的端。In this embodiment, the switch can send the collected target traffic to the destination through any one of the VLAN channel, the VxLAN channel and the GRE channel.
本实施例提供的流量采集方法,主要基于DC内部的不同Host之间通信场景,不仅可以降低交换机进行流量采集的负担,提升流量采集的效率,而且,该方案中脱离了对NFVO和VIM的限制。The traffic collection method provided in this embodiment is mainly based on the communication scenarios between different hosts within the DC, which can not only reduce the burden of traffic collection on the switch and improve the efficiency of traffic collection, but also free from the restrictions on NFVO and VIM in the solution .
实施例三:Example three:
为了让本领域技术人员能够更加清楚前述流量采集方法的优点与细节,本实施例将结合更多的示例对前述实施例中提供的流量采集方法进行阐述:In order to allow those skilled in the art to be more clear about the advantages and details of the foregoing flow collection method, this embodiment will describe the flow collection method provided in the foregoing embodiment with more examples:
示例2:Example 2:
本示例将继续基于实施例一种情景1对流量采集方法进行说明,请再继续参见图4的基础上结合图8与图9,图8示出的是目标流量在VNF1与VNF2之间的流向示意图,图9示出的是流量采集的一种流程交互图:This example will continue to describe the traffic collection method based on the first scenario of the embodiment. Please continue to refer to Figure 4 and combine Figures 8 and 9. Figure 8 shows the flow of target traffic between VNF1 and VNF2 Schematic diagram, Figure 9 shows a flow collection interactive diagram:
S901:NFVO接收SDN网络中各VNF间的通信关系地图。S901: NFVO receives the communication relationship map between VNFs in the SDN network.
租户或运营商的运维人员可以向NFVO注入VNF与VNF之间的相互连接关系的地图,具体的通信关系地图如表1所示。The operation and maintenance personnel of the tenant or the operator can inject a map of the interconnection relationship between the VNF and the VNF into the NFVO. The specific communication relationship map is shown in Table 1.
根据该通信关系地图,NFVO可以通过输入原采集对象的键值对<网元,接口>查询到目标采集对象的<网元,接口>键值对。例如,如果要采集VNF1的接口1上的入向流量,但是又不方便采集,可以通过输入<VNF1,接口1>查询表1示出的通信关系地图,查询到<VNF2,接口1>,这种情况下,VNF2的接口1即为目标采集对象,通过采集VNF2的接口1的出向流量,就能够达到租户或运营商采集VNF1的接口1入向流量的采集要求。According to the communication relationship map, NFVO can query the key-value pair <network element, interface> of the target collection object by entering the key-value pair <network element, interface> of the original collection object. For example, if you want to collect the inbound traffic on interface 1 of VNF1, but it is not convenient to collect, you can query the communication relationship map shown in Table 1 by entering <VNF1, interface 1>, and query <VNF2, interface 1>. In this case, interface 1 of VNF2 is the target collection object. By collecting the outbound traffic of interface 1 of VNF2, the collection requirements of tenants or operators for collecting the inbound traffic of interface 1 of VNF1 can be met.
S902:NFVO接收租户或运维人员配置流镜像策略;S902: NFVO receives tenants or operation and maintenance personnel to configure flow mirroring policies;
例如,假定本示例中租户或运维人员通过流镜像策略要求采集VNF1上的接口1的入向的流量。For example, assume that in this example, the tenant or the operation and maintenance personnel requires the collection of inbound traffic of interface 1 on VNF1 through a flow mirroring policy.
S903:NFVO通过通信关系地图查询确定目标采集对象;S903: NFVO determines the target collection object by querying the communication relationship map;
NFVO可以根据<VNF1,接口1>,从通信关系地图中查询到目标采集对象为<VNF2,接口1>,所以NFVO确定需要采集的是VNF2接口1的流量,同时确定需要采集的是VNF2接口1的出向流量。According to <VNF1, interface 1>, NFVO can query the communication relationship map to find that the target collection object is <VNF2, interface 1>, so NFVO determines that it needs to collect the traffic of VNF2 interface 1, and at the same time determines that it needs to collect VNF2 interface 1. The outgoing traffic.
S904:NFVO向VNFM查询部署VNF2的目标虚拟机;S904: NFVO queries VNFM for the target virtual machine deploying VNF2;
S905:NFVO向VIM查询目标VM所接入SDN网络的port UUID;S905: NFVO queries VIM for the port UUID of the SDN network to which the target VM is connected;
可以理解的是,NFVO根据VNF2查询到的目标虚拟机对应的port UUID可能是包括多个port UUID的UUID列表。It is understandable that the port UUID corresponding to the target virtual machine that the NFVO queried according to VNF2 may be a UUID list including multiple port UUIDs.
S906:NFVO向VIM发送流量采集策略;S906: NFVO sends traffic collection strategy to VIM;
在一个实施例中,NFVO可以通过调用VIM的TAAS接口向VIM发送流量采集策略。应当明白的是,在该流量采集策略当中,NFVO已经将采集对象替换成了目标采集对象,指定了待采集目标流量的流向,同时还绑定了目标VM所接入SDN网络的port UUID。In one embodiment, NFVO may send traffic collection policies to VIM by calling the TAAS interface of VIM. It should be understood that in this traffic collection strategy, NFVO has replaced the collection object with the target collection object, specified the flow direction of the target traffic to be collected, and bound the port UUID of the SDN network to which the target VM was connected.
S907:VIM向SDN控制器发送流量采集策略;S907: VIM sends a traffic collection strategy to the SDN controller;
VIM通过调用SDN控制器的北向接口来发送流量采集策略。VIM sends the traffic collection strategy by calling the northbound interface of the SDN controller.
S908:SDN控制器将流量采集指示下发给目标虚拟机所挂靠的交换机B;S908: The SDN controller issues a traffic collection instruction to the switch B to which the target virtual machine is attached;
可以理解的是,租户想要采集的是VNF1逻辑接口1上的入向流量,那么实际上,是由交换机B采集P4端口的入向流。SDN控制器在接收到的流量采集策略之后,会对其进行转换,得到流量采集指示:在流量采集指示中,待采集的目标流量由目标虚拟机的出向流改为该目标虚拟机所接入交换机端口的入向流。It is understandable that what the tenant wants to collect is the inbound traffic on the logical interface 1 of VNF1. In fact, the switch B collects the inbound traffic on the P4 port. After the SDN controller receives the traffic collection strategy, it will convert it to get a traffic collection instruction: In the traffic collection instruction, the target traffic to be collected is changed from the outgoing flow of the target virtual machine to the target virtual machine access Inbound flow of the switch port.
S909:交换机B执行流量采集操作,并将采集到的流量发往目的端。S909: Switch B performs a traffic collection operation, and sends the collected traffic to the destination.
交换机B根据对应的策略进行流量采集,并将采集的流量通过隧道送往远端的目的端。Switch B collects traffic according to the corresponding strategy, and sends the collected traffic to the remote destination through the tunnel.
示例3:Example 3:
本实施例基于实施例一种情景1对流量采集方法进行说明,请结合图10-12,其中,图10示出的是SDN网络中各网元间的流量流向示意图,图11示出的是目标流量在ER(External Router,外部路由器)与VNF1之间的流向示意图,图12示出的是流量采集的一种流程交互图:This embodiment describes the traffic collection method based on a scenario 1 of the embodiment. Please refer to Figs. 10-12. Fig. 10 shows a schematic diagram of the flow of traffic between network elements in an SDN network, and Fig. 11 shows A schematic diagram of the flow of target traffic between ER (External Router) and VNF1. Figure 12 shows an interactive diagram of a flow collection process:
从图11可以看出,在SDN网络中包括VNF1、VNF2以及VNF3,同时还包括ER。从图10中可以看出,VNF1的接口1与VNF2的接口1之间有流量的双向流动;VNF1的接口2与VNF3的接口2之间有 流量的双向流动;VNF1的接口5与ER的接口5之间有流量的双向流动。表3示出的是图10中SDN网络中的一种通信关系地图:It can be seen from Figure 11 that the SDN network includes VNF1, VNF2, and VNF3, as well as ER. It can be seen from Figure 10 that there is a two-way flow of traffic between interface 1 of VNF1 and interface 1 of VNF2; there is a two-way flow of traffic between interface 2 of VNF1 and interface 2 of VNF3; interface 5 of VNF1 and ER interface There is a two-way flow of traffic between 5. Table 3 shows a communication relationship map in the SDN network in Figure 10:
表3table 3
原采集对象Original collection object 目标采集对象Target collection object
<VNF1,接口1><VNF1, interface 1> <VNF2,接口1><VNF2, interface 1>
<VNF1,接口2><VNF1, interface 2> <VNF3,接口2><VNF3, interface 2>
<VNF1,接口5><VNF1, interface 5> <ER,接口5><ER, interface 5>
<VNF2,接口1><VNF2, interface 1> <VNF1,接口1><VNF1, interface 1>
<VNF3,接口2><VNF3, interface 2> <VNF1,接口2><VNF1, interface 2>
<ER,接口5><ER, interface 5> <VNF1,接口5><VNF1, interface 5>
S1201:NFVO接收SDN网络的通信关系地图。S1201: NFVO receives the communication relationship map of the SDN network.
租户或运营商的运维人员可以向NFVO注入通信关系地图,具体的通信关系地图如表3所示。该通信关系地图中包括SDN网络中各VNF间以及VNF与DC外部网络间的通信连接关系。The operation and maintenance personnel of tenants or operators can inject a communication relationship map into NFVO. The specific communication relationship map is shown in Table 3. The communication relationship map includes communication connection relationships between VNFs in the SDN network and between VNFs and DC external networks.
S1202:NFVO接收租户或运维人员配置流镜像策略;S1202: NFVO receives tenants or operation and maintenance personnel to configure flow mirroring policies;
例如,假定本示例中租户或运维人员通过流镜像策略要求采集VNF1上的接口5的入向的流量。For example, assume that in this example, the tenant or the operation and maintenance personnel requires the collection of inbound traffic of interface 5 on VNF1 through a flow mirroring policy.
S1203:NFVO通过通信关系地图查询确定目标采集对象;S1203: NFVO determines the target collection object through the communication relationship map query;
NFVO可以根据<VNF1,接口5>,从表3的通信关系地图中查询到目标采集对象为<ER,接口5>,所以NFVO确定需要采集的是ER接口5的流量,同时确定需要采集的是ER接口5的出向流量。According to <VNF1, interface 5>, NFVO can query from the communication relationship map in Table 3 that the target collection object is <ER, interface 5>, so NFVO determines that what needs to be collected is the flow of ER interface 5, and at the same time, it is determined that what needs to be collected is Outbound traffic of ER interface 5.
S1204:NFVO向VIM发送流量采集策略;S1204: NFVO sends traffic collection strategy to VIM;
在一个实施例中,NFVO可以通过调用VIM的TAAS接口向VIM发送流量采集策略。应当明白的是,在该流量采集策略当中,NFVO已经将采集对象替换成了目标采集对象,指定了待采集目标流量的流向。在本实施例中,流量采集策略可以不携带ER接入接口的UUID,或者是携带UUID,但UUID对应的值为缺省值。In one embodiment, NFVO may send traffic collection policies to VIM by calling the TAAS interface of VIM. It should be understood that in this traffic collection strategy, NFVO has replaced the collection object with the target collection object and specified the flow direction of the target traffic to be collected. In this embodiment, the traffic collection policy may not carry the UUID of the ER access interface or carry the UUID, but the value corresponding to the UUID is the default value.
S1205:VIM向SDN控制器发送流量采集策略;S1205: VIM sends the traffic collection strategy to the SDN controller;
VIM通过调用SDN控制器的北向接口来发送流量采集策略。VIM sends the traffic collection strategy by calling the northbound interface of the SDN controller.
S1206:SDN控制器将流量采集指示下发给ER所挂靠的DC GW;S1206: The SDN controller issues a traffic collection instruction to the DC GW to which the ER is linked;
可以理解的是,租户想要采集的是VNF1逻辑接口5上的入向流量,那么实际上,是由DC GW采集P5端口的入向流量。SDN控制器在接收到的流量采集策略之后,会对其进行转换,得到流量采集指示:在流量采集指示中,待采集的目标流量由ER的出向流改为DC GW P5端口的入向流。It is understandable that what the tenant wants to collect is the inbound traffic on the logical interface 5 of VNF1. In fact, the DC GW collects the inbound traffic on the P5 port. After the SDN controller receives the traffic collection strategy, it will convert it to obtain a traffic collection instruction: In the traffic collection instruction, the target traffic to be collected is changed from the outgoing flow of the ER to the incoming flow of the DC GW P5 port.
S1207:DC GW执行流量采集操作,并将采集到的流量发往目的端。S1207: The DC GW performs a traffic collection operation and sends the collected traffic to the destination.
DC GW根据对应的策略对P5端口进行入向流量的采集操作,并将采集的流量通过隧道送往远端的目的端。The DC GW collects incoming traffic on the P5 port according to the corresponding strategy, and sends the collected traffic to the remote destination through the tunnel.
应当明白的是,通过S1203的查询,已经确定采集的是ER接口5的出向流量。在S1206中,SDN控 制器将流镜像策略中的采集要求映射为采集DC GW的端口P5的入向流量。可以看到,DC GW上P5端口的入向流量和ER的出向流量,和流镜像策略中最初需求的VNF1接口5的入向流量是同一流量,因此通过本示例的采集方案,可以达到租户在流镜像策略中的采集需求。It should be understood that through the query in S1203, it has been determined that the collected outgoing traffic is the ER interface 5. In S1206, the SDN controller maps the collection requirements in the flow mirroring strategy to collect the inbound traffic of port P5 of the DC GW. It can be seen that the inbound traffic of the P5 port on the DC GW and the outbound traffic of the ER are the same as the inbound traffic of the VNF1 interface 5 originally required in the flow mirroring strategy. Therefore, the collection scheme of this example can achieve the tenant Collection requirements in the flow mirroring strategy.
实施例四:Embodiment four:
本实施例中将结合示例对部署VNF的VM发生迁移场景下的流量采集过程、部署VNF的VM发生弹扩的场景下的流量采集过程,以及部署VNF的VM发生缩容的场景下的流量采集过程以及部署VNF的VM为集群的场景下的流量采集过程进行说明:In this embodiment, the traffic collection process in the scenario where the VNF deployed VM is migrated, the traffic collection process in the scenario where the VNF deployed VM is elastically expanded, and the traffic collection process in the scenario where the VNF deployed VM is reduced The process and the traffic collection process in the scenario where the VM where the VNF is deployed is a cluster are described:
示例4:Example 4:
本示例在示例2的基础上,对部署VNF2的VM发生迁移场景下的流量采集过程进行说明,请参见图13:Based on Example 2, this example describes the traffic collection process in the scenario where the VM where VNF2 is deployed is migrated, see Figure 13:
S1300:进行流量采集;S1300: Perform traffic collection;
在本示例中,流镜像策略中要求采集的是VNF1接口1的入向流量采集,根据示例2中的介绍可知,此次流量采集最终将转换成针对于VNF2的目标VM连接的交换机B端口P4上入向流量的采集。这个过程可以参见示例2中的介绍,这里不再赘述。In this example, what is required to be collected in the flow mirroring policy is the inbound traffic collection of VNF1 interface 1. According to the introduction in example 2, this traffic collection will eventually be converted to the switch B port P4 connected to the target VM of VNF2 Collection of upward and inbound traffic. This process can be referred to the introduction in Example 2, which will not be repeated here.
S1301:部署VNF2的虚拟机VM2发生迁移。S1301: The virtual machine VM2 where the VNF2 is deployed is migrated.
部署假定VNF2的虚拟机是VM2,其原本通过交换机B的端口P4接入到SDN网络,发生迁移之后,VM2通过交换机C的P5端口接入到SDN网络。The deployment assumes that the virtual machine of VNF2 is VM2, which is originally connected to the SDN network through port P4 of switch B. After migration, VM2 is connected to the SDN network through port P5 of switch C.
S1302:SDN控制器接收交换机C的P5端口向SDN控制器上报端口上线事件。S1302: The SDN controller receives the P5 port of the switch C and reports the port online event to the SDN controller.
交换机C的P5端口向SDN控制器上报端口上线事件,并携带虚拟机迁移之后的VNF2的虚拟机VM2’的端口UUID,该UUID与迁移前的UUID保持不变的。The P5 port of the switch C reports the port online event to the SDN controller, and carries the port UUID of the virtual machine VM2' of the VNF2 after the virtual machine migration, and the UUID remains unchanged from the UUID before the migration.
S1303:SDN控制器根据从VIM获取的流量采集策略与UUID的对应关系,对流量采集策略进行更新;S1303: The SDN controller updates the traffic collection strategy according to the correspondence between the traffic collection strategy obtained from the VIM and the UUID;
S1304:SDN控制器在VM2’新上线的交换机C的端口P5上下发流量采集策略,流量采集将改为从交换机C的P5端口上采集,并送往对应的目的端。S1304: The SDN controller sends a traffic collection strategy on port P5 of switch C, which is newly launched on VM2’, and the traffic collection will be collected from port P5 of switch C and sent to the corresponding destination.
S1305:SDN控制器删除VM2原来上线的交换机B端口P4上流量采集策略。S1305: The SDN controller deletes the traffic collection policy on the switch B port P4 that VM2 originally went online.
这样,交换机B的端口P4不再采集流量。In this way, port P4 of switch B no longer collects traffic.
此示例阐述了目标采集对象侧虚拟机迁移场景下的流量采集策略的自动跟随机制,也即目标采集对象侧虚拟机迁移后,流量采集策略自动跟随迁移,保证租户的流量需求能继续被满足。应当明白的是,如果发生迁移的是原采集对象侧虚拟机,例如在示例2的基础上,发生虚拟机迁移的是部署VNF1的虚拟机,则因为目标采集对象侧虚拟机未改变,因此流量采集地点没有改变,所以,SDN控制器无需调整流量采集策略的位置点。This example illustrates the automatic follow-up mechanism of the traffic collection policy in the virtual machine migration scenario on the target collection object side, that is, after the migration of the target collection object side virtual machine, the traffic collection policy automatically follows the migration to ensure that the tenant's traffic demand can continue to be met. It should be understood that if the original collection object side virtual machine is migrated, for example, based on Example 2, the virtual machine migration occurs is the virtual machine where VNF1 is deployed, then the target collection object side virtual machine has not changed, so the traffic The collection location has not changed, so the SDN controller does not need to adjust the location of the traffic collection strategy.
示例5:Example 5:
本示例在示例2的基础上,对部署VNF2的VM发生弹扩场景下的流量采集过程进行说明,请参见图14:Based on Example 2, this example explains the traffic collection process in the scenario where the VM deployed with VNF2 is elastically expanded, see Figure 14:
在本示例中,流镜像策略中要求采集的是VNF1接口1的入向流量采集,根据示例2中的介绍可知,此次流量采集最终将转换成针对于VNF2的目标VM连接的交换机2端口P4上入向流量的采集。这个过程可以参见示例2中的介绍,这里不再赘述。In this example, what is required to collect in the flow mirroring policy is the collection of inbound traffic on interface 1 of VNF1. According to the introduction in example 2, this traffic collection will eventually be converted to port P4 of switch 2 connected to the target VM of VNF2. Collection of upward and inbound traffic. This process can be referred to the introduction in Example 2, which will not be repeated here.
S1401:VNF2进行扩容,弹出虚拟机VM3;S1401: VNF2 is expanded, and the virtual machine VM3 is ejected;
本实施例中假定弹出的VM3是通过交换机C的P5端口进行接入的。In this embodiment, it is assumed that the pop-up VM3 is accessed through the P5 port of the switch C.
S1402:NFVO向VNFM查询新弹出虚拟机VM3;S1402: NFVO queries VNFM for the newly ejected virtual machine VM3;
S1403:NFVO向VIM查询VM3的Port UUID;S1403: NFVO queries VIM for the Port UID of VM3;
S1404:NFVO调用VIM的TAAS接口下发流量采集策略;S1404: NFVO calls the TAAS interface of VIM to issue traffic collection policies;
该流量采集策略是针对VM3的。This traffic collection strategy is for VM3.
S1405:VIM调用SDN控制器的北向接口下发流量采集策略;S1405: VIM calls the northbound interface of the SDN controller to issue a traffic collection policy;
S1406:SDN控制器将流量采集指示发送交换机C的对应端口P5;S1406: The SDN controller sends the traffic collection instruction to the corresponding port P5 of switch C;
SDN控制器对接收到的流量采集策略进行转换得到流量采集指示,并将该流量采集指示发送给VM3所挂靠的交换机C的对应端口P5。The SDN controller converts the received traffic collection strategy to obtain a traffic collection instruction, and sends the traffic collection instruction to the corresponding port P5 of the switch C to which VM3 is attached.
S1407:交换机C执行流量采集操作,并将采集到的流量发往目的端。S1407: Switch C performs a traffic collection operation and sends the collected traffic to the destination.
此示例阐述了目标采集对象侧的VNF2在扩容增加虚拟机VM3场景下的流量采集方案,流量采集策略自动生成并下发给SDN控制器,SDN控制器将根据流量采集策略生成流量采集指示并发送给对应的交换机端口,能保证新的虚拟机上的业务流量能被采集到,不被丢失。This example illustrates the traffic collection scheme of the VNF2 on the target collection object side in the scenario of expanding the virtual machine VM3. The traffic collection strategy is automatically generated and sent to the SDN controller, and the SDN controller will generate and send the traffic collection instruction according to the traffic collection strategy Give the corresponding switch port to ensure that the service traffic on the new virtual machine can be collected and not lost.
示例6:Example 6:
本示例将对部署VNF2的VM发生缩容场景下的流量采集过程进行说明,请参见图15:This example will describe the traffic collection process in the scenario where the VM on which VNF2 is deployed is scaled down, see Figure 15:
首先假定本示例中发生VM缩容之前的流量采集场景是示例5中弹扩之后的流量采集场景,也即原采集对象是VNF1接口1,目标采集对象为VNF2的接口1,而部署VNF2的虚拟机包括VM2和VM3,VM2通过交换机B的端口P4接入到SDN网络中,而VM3通过交换机C的端口P5接入到SDM网络中。交换机B与交换机C都会对对应的业务流量进行采集。First, assume that the traffic collection scenario before VM shrinking in this example is the traffic collection scenario after the expansion in Example 5, that is, the original collection object is VNF1 interface 1, the target collection object is VNF2 interface 1, and the virtual deployment of VNF2 The machines include VM2 and VM3. VM2 is connected to the SDN network through port P4 of switch B, and VM3 is connected to the SDM network through port P5 of switch C. Both switch B and switch C will collect the corresponding service traffic.
S1501:VNF2进行虚拟机缩容;S1501: VNF2 performs virtual machine shrinkage;
这里假定VNF2的缩容是将原来交换机C端口P5下的虚拟机VM3删除。那么,交换机C端口P5下的虚拟机VM3将会不再存在。It is assumed here that the shrinkage of VNF2 is to delete the virtual machine VM3 under the original switch C port P5. Then, the virtual machine VM3 under port P5 of switch C will no longer exist.
S1502:NFVO调用VIM的TAAS的接口发送策略删除指示;S1502: NFVO calls VIM's TAAS interface to send a policy deletion instruction;
S1503:VIM调用SDN控制器的北向接口发送策略删除指示;S1503: VIM calls the northbound interface of the SDN controller to send a policy deletion instruction;
SDN控制器接收到策略删除指示之后,将会从网络侧删除流量采集策略。After the SDN controller receives the policy deletion instruction, it will delete the traffic collection policy from the network side.
S1504:SDN控制器从交换机C端口P5上进行流量采集策略删除;S1504: The SDN controller deletes the traffic collection strategy from the switch C port P5;
在交换机C端口P5上的流量采集策略被删除之后,交换机C将不会再对P5端口的入向流量进行采集操作。After the traffic collection policy on port P5 of switch C is deleted, switch C will no longer collect the inbound traffic of port P5.
此示例阐述了在目标采集对象侧VNF2缩容,删除虚拟机VM3场景下的流量采集策略删除,防止遗 留垃圾策略。This example illustrates the deletion of the traffic collection policy in the scenario where the VNF2 is reduced on the target collection object side and the virtual machine VM3 is deleted to prevent the remaining garbage policy.
示例7:Example 7:
本示例将对目标采集对象侧部署VNF的VM为集群情景下的流量采集过程进行说明,请参见图16:This example will describe the traffic collection process in the scenario where the VM where the VNF is deployed on the side of the target collection object is a cluster, see Figure 16:
S1600:NFVO接收SDN网络中各VNF之间的通信关系地图。S1600: NFVO receives the communication relationship map between VNFs in the SDN network.
本示例中假定,通信关系地图由租户向NFVO注入,不过,本领域技术人员可以理解的是,该通信关系地图也可以由运营商的运维人员向NFVO注入。In this example, it is assumed that the communication relationship map is injected into the NFVO by the tenant. However, those skilled in the art can understand that the communication relationship map may also be injected into the NFVO by the operation and maintenance personnel of the operator.
S1601:NFVO接收流镜像策略;S1601: NFVO receives the flow mirroring strategy;
假定本示例中租户在流镜像策略中要求采集VNF1接口1的入向流量。Assume that in this example, the tenant requires the collection of inbound traffic on interface 1 of VNF1 in the flow mirroring policy.
S1602:NFVO根据通信关系地图确定VNF1接口1对应的目标采集对象。S1602: NFVO determines the target collection object corresponding to VNF1 interface 1 according to the communication relationship map.
通过通信关系地图,确定VNF1接口1对应的目标采集对象为VNF2的接口1。Through the communication relationship map, it is determined that the target collection object corresponding to interface 1 of VNF1 is interface 1 of VNF2.
S1603:NFVO向VNFM查询部署VNF2的目标虚拟机;S1603: NFVO queries VNFM for the target virtual machine deploying VNF2;
这里假定部署VNF2的虚拟机包括三个,分别是VM1,VM2和VM3,其中VM1接入交换机A的端口P4-1下,VM2接入交换机B的端口P4-2下,VM3接入交换机C的端口P4-3下。It is assumed here that there are three virtual machines deploying VNF2, namely VM1, VM2, and VM3. VM1 is connected to port P4-1 of switch A, VM2 is connected to port P4-2 of switch B, and VM3 is connected to switch C. Under port P4-3.
S1604:NFVO向VIM查询目标VM所接入SDN网络的port UUID;S1604: NFVO queries VIM for the port UUID of the SDN network to which the target VM is connected;
这里假定VM1,VM2和VM3接入SDN网络的接入接口的UUID分别为UUID1,UUID2,UUID3。It is assumed here that the UUIDs of the access interfaces for VM1, VM2, and VM3 to access the SDN network are UUID1, UUID2, and UUID3, respectively.
S1605:NFVO调用VIM的TAAS的接口下发流量采集策略;S1605: NFVO invokes the TAAS interface of VIM to issue a traffic collection policy;
这里,流量采集策略指示在VNF2的接口1上进行出向流量采集,同时流量采集策略中指定了port UUID分别为UUID1,UUID2,UUID3。Here, the traffic collection policy instructs to perform outgoing traffic collection on interface 1 of VNF2, and the port UUID is specified in the traffic collection policy as UUID1, UUID2, UUID3, respectively.
S1606:VIM调用SDN控制器的北向接口下发针对三个虚拟机的流量采集策略;S1606: VIM calls the northbound interface of the SDN controller to issue traffic collection policies for the three virtual machines;
S1607:SDN控制器将流量采集指示分别下发给三个目标虚拟机所挂靠的交换机;S1607: The SDN controller respectively issues traffic collection instructions to the switches to which the three target virtual machines are attached;
SDN控制器将针对VM1的流量采集指示发送给交换机A的端口P4-1,将VM1的流量采集指示发送给交换机B的端口P4-2,将针对VM3的流量采集指示发送给交换机C的端口P4-3。The SDN controller sends the traffic collection instructions for VM1 to port P4-1 of switch A, the traffic collection instructions for VM1 to port P4-2 of switch B, and the traffic collection instructions for VM3 to port P4 of switch C -3.
S1608:三个交换机各自进行流量采集,并采集的流量通过各自的VxLAN隧道送往目的端。S1608: The three switches each collect traffic, and the collected traffic is sent to the destination through their respective VxLAN tunnels.
此示例阐述了目标采集对象侧VNF部署在集群VM上时,如何进行流量采集的过程。This example explains how to collect traffic when the VNF on the target collection side is deployed on a cluster VM.
实施例五:Embodiment five:
本实施例提供一种流量采集装置,请参见图17示出的流量采集装置的一种结构示意图:This embodiment provides a flow collection device. Please refer to a schematic structural diagram of the flow collection device shown in FIG. 17:
流量采集装置170包括对象确定单元172以及采集控制单元174,其中对象确定单元172用于根据网络拓扑关系确定与原采集对象对应的目标采集对象,而采集控制单元174用于对目标采集对象所连接的转发设备进行入向的目标流量的采集。The flow collection device 170 includes an object determination unit 172 and a collection control unit 174. The object determination unit 172 is used to determine the target collection object corresponding to the original collection object according to the network topology, and the collection control unit 174 is used to connect the target collection object. The forwarding device collects the incoming target traffic.
在本实施例中,原采集对象指的是租户或者运营商指定的需要对其进行入向目标流量采集的对象。值得注意的是,因为在相关技术中,在采集VNF接口出向流量时,对应的交换机可以直接在自身对应端口对目标流量进行采集,不会如采集VNF接口入向流量一般处理负担大,效率低下的问题,所以,在本实施例中,原采集对象特指需要针对其进行入向流量采集的对象,也即目标流量;流经与该原采集对象连接 的交换机端口时,是出向流,例如,假定在图1对应的示例当中,租户要求采集VNF1逻辑接口2的入向流,那么VNF1的逻辑接口2则为原采集对象。如果租户要求采集的是VNF3逻辑接口3的入向流,那么VNF3的逻辑接口3就是原采集对象。In this embodiment, the original collection object refers to an object designated by a tenant or an operator that needs to collect inbound target traffic. It is worth noting that, in related technologies, when collecting outbound traffic on a VNF interface, the corresponding switch can directly collect target traffic on its own corresponding port, which will not be as burdensome and inefficient as collecting inbound traffic on a VNF interface. Therefore, in this embodiment, the original collection object specifically refers to the object for which inbound traffic collection needs to be performed, that is, target traffic; when it flows through the switch port connected to the original collection object, it is the outgoing flow, for example , Assuming that in the example corresponding to Figure 1, the tenant requests to collect the inbound flow of VNF1 logical interface 2, then the logical interface 2 of VNF1 is the original collection object. If the tenant requests to collect the inbound flow of VNF3 logical interface 3, then the logical interface 3 of VNF3 is the original collection object.
目标采集对象是支持采集出向的前述目标流量的对象,也即,与目标流量流经与该目标采集对象连接的交换机端口时,是入向流,这样,该交换机可以直接以比较高的采集效率,比较低的采集负担实现目标流量的采集,对于这种情况,本实施例中认为该目标采集对象是支持出向目标流量采集的对象。应当明白的是,租户或运营商要求采集的目标流量会从第一交换机的端口流入到原采集对象,同时,该目标流量也会从目标采集对象流入到第二交换机中。虽然在原采集对象和目标采集对象中,目标流量的流向不一样,但从本质上来说,二者中流经的是同一个流。所以,当租户或运营商要求采集原采集对象中入向的目标流量,也即租户或运营商要求采集不适合第一交换机采集的出向的目标流量时,可以转而采集目标采集对象的出向流量,也即转而由第二交换机在其端口上实现对入向的目标流量的采集,从而,以较小的采集处理负担以及较高的采集效率完成租户或运营商的采集要求。The target collection object is the object that supports the collection of the aforementioned target traffic in the outgoing direction, that is, when the target traffic flows through the switch port connected to the target collection object, it is the incoming flow. In this way, the switch can directly collect relatively high efficiency. , The relatively low collection burden realizes the collection of the target flow. In this case, in this embodiment, the target collection object is considered to be an object that supports the collection of the target flow. It should be understood that the target traffic requested by the tenant or operator will flow from the port of the first switch to the original collection object, and at the same time, the target traffic will also flow from the target collection object to the second switch. Although the flow direction of the target traffic is different between the original collection object and the target collection object, in essence, the two flows through the same flow. Therefore, when the tenant or operator requests to collect the inbound target traffic of the original collection object, that is, when the tenant or operator requests to collect the outbound target traffic that is not suitable for the first switch to collect, it can instead collect the outbound traffic of the target collection object. , That is, the second switch realizes the collection of incoming target traffic on its port, so that the collection requirements of the tenant or the operator can be fulfilled with less collection and processing burden and higher collection efficiency.
在本实施例中,对象确定单元172根据网络拓扑可以确定出一个原采集对象对应的目标采集对象,因为根据网络拓扑可以确定出哪一个网元的哪一个接口上与另一个网元的一个接口所流经的流量是同一个流量,或者哪一个网元上流量的流量与另一个网元的一个接口所流经的流量是同一个流量,或者哪一个网元上流量的流量与另一个网元上流经的流量是同一个流量,因此,对象确定单元172根据网络拓扑可以确定原采集对象对应的目标采集对象。In this embodiment, the object determining unit 172 can determine the target collection object corresponding to an original collection object according to the network topology, because according to the network topology, it can be determined which interface of which network element is connected to an interface of another network element The traffic flowing through is the same traffic, or the traffic on which network element is the same as the traffic on an interface of another network element, or the traffic on which network element is the same as the traffic on another network. The traffic flowing through the yuan is the same traffic. Therefore, the object determining unit 172 can determine the target collection object corresponding to the original collection object according to the network topology.
通常,运营商在进行网络规划的时候,就可以根据规划的网络拓扑确定出各原采集对象与各个目标采集对象之间的映射关系,对于运营商所规划出的原采集对象目标采集对象之间的映射关系,本实施例将其称为“通信关系地图”。所以,在本实施例的一些示例中,对象确定单元172可以根SDN网络中的各网元通信的通信关系地图确定出原采集对象对应的目标采集对象。Generally, when the operator is planning the network, he can determine the mapping relationship between each original collection object and each target collection object according to the planned network topology. For the original collection object planned by the operator, the target collection object The mapping relationship is called "communication relationship map" in this embodiment. Therefore, in some examples of this embodiment, the object determining unit 172 may determine the target collection object corresponding to the original collection object based on the communication relationship map of each network element communication in the SDN network.
在对象确定单元172确定出原采集对象对应的目标采集对象之后,采集控制单元174可以对目标采集对象进行出向目标流量的采集。毫无疑义的是,对目标采集对象进行出向目标流量采集的过程实际上就是对该目标采集对象所连接的转发设备进行入向目标流量的采集。例如,目标采集对象与转发设备通过转发设备的端口连接,则可以让转发设备采集其端口的入向流量,从而实现目标采集对象出向目标流量的采集,也即实现原采集对象入向目标流量的采集。After the object determination unit 172 determines the target collection object corresponding to the original collection object, the collection control unit 174 may collect the outgoing target flow of the target collection object. There is no doubt that the process of collecting outbound and outbound traffic from the target collection object is actually collecting the inbound and outbound traffic from the forwarding device connected to the target collection object. For example, if the target collection object and the forwarding device are connected through the port of the forwarding device, the forwarding device can collect the inbound traffic of its port, so as to realize the collection of the target collection object's outgoing and target traffic, that is, the original collection object's inbound and outbound traffic collection.
在本实施例中,流量采集装置170可以部署在NFVO网元上,也可以部署在SDN控制器上。当流量采集装置170可以部署在NFVO网元上时,对象确定单元172的功能可以通过部署NFVO网元的网络设备的处理器实现,而采集控制单元174的功能则由该网络设备的通信装置与处理器共同实现。当流量采集装置170部署在SDN控制器上时,对象确定单元172的功能可以通过部署SDN控制器的处理器实现,而采集控制单元174的功能则由该SDN控制器的通信装置与处理器共同实现。In this embodiment, the traffic collection device 170 can be deployed on the NFVO network element or on the SDN controller. When the traffic collection device 170 can be deployed on the NFVO network element, the function of the object determination unit 172 can be realized by the processor of the network device that deploys the NFVO network element, and the function of the collection control unit 174 is implemented by the communication device of the network device and The processors are implemented together. When the traffic collection device 170 is deployed on the SDN controller, the function of the object determination unit 172 can be realized by deploying the processor of the SDN controller, and the function of the collection control unit 174 is shared by the communication device and the processor of the SDN controller. achieve.
本实施例提供的流量采集装置,在确定需要针对原采集对象进行入向目标流量采集的时候,可以根据网络拓扑关系将针对原采集对象入向流量采集的过程转到针对目标采集对象出向流量采集,通过这种做法, 使得交换机等转发设备不必再对于自身端口进行出向流量采集,降低了交换机进行流量采集的采集负担,同时也提升了流量采集效率。In the flow collection device provided in this embodiment, when it is determined that it is necessary to collect the inbound target flow for the original collection object, the process of collecting the inbound flow for the original collection object can be transferred to the outgoing flow collection for the target collection object according to the network topology. In this way, forwarding devices such as switches no longer need to collect outgoing traffic on their own ports, which reduces the collection burden of traffic collection on the switch and improves the efficiency of traffic collection.
实施例六:Embodiment 6:
本实施例提供一种存储介质,该存储介质中可以存储有一个或多个可供一个或多个处理器读取、编译并执行的计算机程序,在本实施例中,该计算机可读存储介质可以存储有流量采集程序,该流量采集程序可供一个或多个处理器执行实现前述实施例介绍的任意一种流量采集方法的流程。This embodiment provides a storage medium that can store one or more computer programs that can be read, compiled, and executed by one or more processors. In this embodiment, the computer-readable storage medium A flow collection program may be stored, and the flow collection program can be used by one or more processors to execute the flow of any one of the flow collection methods introduced in the foregoing embodiments.
本实施例中还提供一种网络设备,如图18所示:网络设备180包括处理器181、存储器182以及用于连接处理器181与存储器182的通信总线183,其中存储器182可以为前述存储有流量采集程序的存储介质。处理器181可以读取流量采集程序,进行编译并执行实现前述实施例中介绍的流量采集方法的流程:This embodiment also provides a network device, as shown in FIG. 18: the network device 180 includes a processor 181, a memory 182, and a communication bus 183 for connecting the processor 181 and the memory 182. The memory 182 may be the aforementioned storage device. The storage medium of the flow collection program. The processor 181 may read the flow collection program, compile and execute the flow of the flow collection method introduced in the foregoing embodiment:
处理器181用于根据网络拓扑关系确定与原采集对象对应的目标采集对象,对目标采集对象所连接的转发设备进行入向的目标流量的采集。The processor 181 is configured to determine the target collection object corresponding to the original collection object according to the network topology relationship, and collect incoming target traffic on the forwarding device connected to the target collection object.
在本实施例中,原采集对象指的是租户或者运营商指定的需要对其进行入向目标流量采集的对象。值得注意的是,因为在相关技术中,在采集VNF接口出向流量时,对应的交换机可以直接在自身对应端口对目标流量进行采集,不会如采集VNF接口入向流量一般处理负担大,效率低下的问题,所以,在本实施例中,原采集对象特指需要针对其进行入向流量采集的对象,也即目标流量;流经与该原采集对象连接的交换机端口时,是出向流,例如,假定在图1对应的示例当中,租户要求采集VNF1逻辑接口2的入向流,那么VNF1的逻辑接口2则为原采集对象。如果租户要求采集的是VNF3逻辑接口3的入向流,那么VNF3的逻辑接口3就是原采集对象。In this embodiment, the original collection object refers to an object designated by a tenant or an operator that needs to collect inbound target traffic. It is worth noting that, in related technologies, when collecting outbound traffic on a VNF interface, the corresponding switch can directly collect target traffic on its own corresponding port, which will not be as burdensome and inefficient as collecting inbound traffic on a VNF interface. Therefore, in this embodiment, the original collection object specifically refers to the object for which inbound traffic collection needs to be performed, that is, target traffic; when it flows through the switch port connected to the original collection object, it is the outgoing flow, for example , Assuming that in the example corresponding to Figure 1, the tenant requests to collect the inbound flow of VNF1 logical interface 2, then the logical interface 2 of VNF1 is the original collection object. If the tenant requests to collect the inbound flow of VNF3 logical interface 3, then the logical interface 3 of VNF3 is the original collection object.
目标采集对象是支持采集出向的前述目标流量的对象,也即,与目标流量流经与该目标采集对象连接的交换机端口时,是入向流,这样,该交换机可以直接以比较高的采集效率,比较低的采集负担实现目标流量的采集,对于这种情况,本实施例中认为该目标采集对象是支持出向目标流量采集的对象。应当明白的是,租户或运营商要求采集的目标流量会从第一交换机的端口流入到原采集对象,同时,该目标流量也会从目标采集对象流入到第二交换机中。虽然在原采集对象和目标采集对象中,目标流量的流向不一样,但从本质上来说,二者中流经的是同一个流。所以,当租户或运营商要求采集原采集对象中入向的目标流量,也即租户或运营商要求采集不适合第一交换机采集的出向的目标流量时,可以转而采集目标采集对象的出向流量,也即转而由第二交换机在其端口上实现对入向的目标流量的采集,从而,以较小的采集处理负担以及较高的采集效率完成租户或运营商的采集要求。The target collection object is the object that supports the collection of the aforementioned target traffic in the outgoing direction, that is, when the target traffic flows through the switch port connected to the target collection object, it is the incoming flow. In this way, the switch can directly collect relatively high efficiency. , The relatively low collection burden realizes the collection of the target flow. In this case, in this embodiment, the target collection object is considered to be an object that supports the collection of the target flow. It should be understood that the target traffic requested by the tenant or operator will flow from the port of the first switch to the original collection object, and at the same time, the target traffic will also flow from the target collection object to the second switch. Although the flow direction of the target traffic is different between the original collection object and the target collection object, in essence, the two flows through the same flow. Therefore, when the tenant or operator requests to collect the inbound target traffic of the original collection object, that is, when the tenant or operator requests to collect the outbound target traffic that is not suitable for the first switch to collect, it can instead collect the outbound traffic of the target collection object. , That is, the second switch realizes the collection of incoming target traffic on its port, so that the collection requirements of the tenant or the operator can be fulfilled with less collection and processing burden and higher collection efficiency.
在本实施例中,处理器181根据网络拓扑可以确定出一个原采集对象对应的目标采集对象,因为根据网络拓扑可以确定出哪一个网元的哪一个接口上与另一个网元的一个接口所流经的流量是同一个流量,或者哪一个网元上流量的流量与另一个网元的一个接口所流经的流量是同一个流量,或者哪一个网元上流量的流量与另一个网元上流经的流量是同一个流量,因此,处理器181根据网络拓扑可以确定原采集对象对应的目标采集对象。In this embodiment, the processor 181 can determine the target collection object corresponding to an original collection object according to the network topology, because according to the network topology, it can determine which interface of which network element is connected to an interface of another network element. The traffic flowing through is the same traffic, or the traffic on which network element is the same as the traffic on an interface of another network element, or the traffic on which network element is the same as the other network element The upstream traffic is the same traffic. Therefore, the processor 181 can determine the target collection object corresponding to the original collection object according to the network topology.
通常,运营商在进行网络规划的时候,就可以根据规划的网络拓扑确定出各原采集对象与各个目标采 集对象之间的映射关系,对于运营商所规划出的原采集对象目标采集对象之间的映射关系,本实施例将其称为“通信关系地图”。所以,在本实施例的一些示例中,处理器181可以根SDN网络中的各网元通信的通信关系地图确定出原采集对象对应的目标采集对象。Generally, when the operator is planning the network, he can determine the mapping relationship between each original collection object and each target collection object according to the planned network topology. For the original collection object planned by the operator, the target collection object The mapping relationship is called "communication relationship map" in this embodiment. Therefore, in some examples of this embodiment, the processor 181 can determine the target collection object corresponding to the original collection object based on the communication relationship map of each network element communication in the SDN network.
在处理器181确定出原采集对象对应的目标采集对象之后,可以对目标采集对象进行出向目标流量的采集。毫无疑义的是,对目标采集对象进行出向目标流量采集的过程实际上就是对该目标采集对象所连接的转发设备进行入向目标流量的采集。例如,目标采集对象与转发设备通过转发设备的端口连接,则可以让转发设备采集其端口的入向流量,从而实现目标采集对象出向目标流量的采集,也即实现原采集对象入向目标流量的采集。After the processor 181 determines the target collection object corresponding to the original collection object, the target collection object may be collected for outgoing target traffic. There is no doubt that the process of collecting outbound and outbound traffic from the target collection object is actually collecting the inbound and outbound traffic from the forwarding device connected to the target collection object. For example, if the target collection object and the forwarding device are connected through the port of the forwarding device, the forwarding device can collect the inbound traffic of its port, so as to realize the collection of the target collection object's outgoing and target traffic, that is, the original collection object's inbound and outbound traffic collection.
在本实施例中,转发设备可以是交换机或DC GW,网络设备180可以是NFVO网元,也可以是SDN控制器。In this embodiment, the forwarding device may be a switch or a DC GW, and the network device 180 may be an NFVO network element or an SDN controller.
本实施例提供的网络设备,在确定需要针对原采集对象进行入向目标流量采集的时候,可以根据网络拓扑关系将针对原采集对象入向流量采集的过程转到针对目标采集对象出向流量采集,通过这种做法,使得交换机等转发设备不必再对于自身端口进行出向流量采集,降低了交换机进行流量采集的采集负担,同时也提升了流量采集效率。When it is determined that the network device provided in this embodiment needs to collect inbound and target traffic for the original collection object, it can transfer the inbound traffic collection for the original collection object to the outbound traffic collection for the target collection object according to the network topology relationship. In this way, forwarding devices such as switches no longer need to collect outgoing traffic on their own ports, which reduces the burden of traffic collection on the switch and improves the efficiency of traffic collection.
显然,本领域的技术人员应该明白,上文中所公开方法中的全部或某些步骤、***、装置中的功能模块/单元可以被实施为软件(可以用计算装置可执行的程序代码来实现)、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些物理组件或所有物理组件可以被实施为由处理器,如中央处理器、数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM,ROM,EEPROM、闪存或其他存储器技术、CD-ROM,数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。所以,本申请不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that all or some of the steps in the method disclosed above, the functional modules/units in the system, and the device can be implemented as software (which can be implemented by program code executable by a computing device) , Firmware, hardware and their appropriate combination. In hardware implementations, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may consist of several physical components. The components are executed cooperatively. Some physical components or all physical components can be implemented as software executed by a processor, such as a central processing unit, a digital signal processor, or a microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit . Such software may be distributed on a computer-readable medium and executed by a computing device, and in some cases, the steps shown or described may be executed in a different order than here. The computer-readable medium may include computer storage Medium (or non-transitory medium) and communication medium (or temporary medium). As is well known to those of ordinary skill in the art, the term computer storage medium includes volatile and non-volatile memory implemented in any method or technology for storing information (such as computer-readable instructions, data structures, program modules, or other data). Flexible, removable and non-removable media. Computer storage media include but are not limited to RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cassette, tape, magnetic disk storage or other magnetic storage devices, or Any other medium used to store desired information and that can be accessed by a computer. In addition, as is well known to those of ordinary skill in the art, communication media usually contain computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as carrier waves or other transmission mechanisms, and may include any information delivery media . Therefore, this application is not limited to any specific hardware and software combination.
以上内容是结合具体的实施方式对本申请实施例所作的进一步详细说明,不能认定本申请的具体实施只局限于这些说明。对于本发明所属技术领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本发明的保护范围。The above content is a further detailed description of the embodiments of the application in combination with specific implementations, and it cannot be considered that the specific implementations of the application are limited to these descriptions. For those of ordinary skill in the technical field to which the present invention belongs, several simple deductions or substitutions can be made without departing from the concept of the present invention, which should be regarded as falling within the protection scope of the present invention.

Claims (12)

  1. 一种流量采集方法,包括:A flow collection method, including:
    根据网络拓扑关系确定与原采集对象对应的目标采集对象,所述原采集对象为需要对其采集入向目标流量的对象,所述目标流量的流向相对于所述目标采集对象为出向,所述目标采集对象为支持采集出向的所述目标流量的对象;Determine the target collection object corresponding to the original collection object according to the network topology, the original collection object is the object for which the inbound target traffic needs to be collected, the flow direction of the target traffic is the outbound direction relative to the target collection object, The target collection object is an object that supports the collection of the target traffic from the outgoing direction;
    对所述目标采集对象所连接的转发设备进行入向的所述目标流量的采集。Collect the incoming target traffic on the forwarding device connected to the target collection object.
  2. 如权利要求1所述的流量采集方法,其中,所述转发设备为交换机或数据中心网关DC GW。The traffic collection method according to claim 1, wherein the forwarding device is a switch or a data center gateway DC GW.
  3. 如权利要求1所述的流量采集方法,其中,所述流量采集方法还包括:5. The flow collection method of claim 1, wherein the flow collection method further comprises:
    若确定当前需要针对某采集对象进行出向目标流量的采集;If it is determined that it is necessary to collect outgoing target traffic for a certain collection object;
    对所述采集对象所连接的转发设备进行入向的所述目标流量的采集。Collect the incoming target traffic on the forwarding device connected to the collection object.
  4. 如权利要求1所述的流量采集方法,其中,所述根据网络拓扑关系确定与原采集对象对应的目标采集对象包括:8. The traffic collection method according to claim 1, wherein said determining the target collection object corresponding to the original collection object according to the network topology relationship comprises:
    根据预先存储的SDN网络中各网元通信的通信关系地图确定与所述原采集对象对应的目标采集对象,所述通信关系地图基于运营商的网络拓扑规划配置。The target collection object corresponding to the original collection object is determined according to the pre-stored communication relationship map of each network element communication in the SDN network, and the communication relationship map is based on the network topology planning configuration of the operator.
  5. 如权利要求1-4任一项所述的流量采集方法,其中,所述原采集对象为第一虚拟网络功能VNF的第一接口,所述目标采集对象为第二VNF的第二接口,所述对所述目标采集对象所连接的转发设备进行入向的所述目标流量的采集包括:The traffic collection method according to any one of claims 1-4, wherein the original collection object is a first interface of a first virtual network function VNF, and the target collection object is a second interface of a second VNF, so The collection of the inbound target traffic on the forwarding device connected to the target collection object includes:
    确定部署所述第二VNF的目标虚拟机;Determining a target virtual machine for deploying the second VNF;
    确定所述目标虚拟机接入所述SDN网络的接入端口的通用唯一识别码UUID;Determining the universally unique identifier UUID of the access port through which the target virtual machine accesses the SDN network;
    向SDN控制器发送流量采集策略,所述流量采集策略用于指示所述SDN控制器控制所述目标虚拟机所接入的转发设备对目标端口的入向流量进行采集,所述目标端口为所述转发设备上供所述目标虚拟机接入的端口。Send a traffic collection strategy to the SDN controller, where the traffic collection strategy is used to instruct the SDN controller to control the forwarding device accessed by the target virtual machine to collect the inbound traffic of the target port, where the target port is all The port on the forwarding device for the target virtual machine to access.
  6. 如权利要求5所述的流量采集方法,其中,所述流量采集策略中包括以下信息:The method for collecting traffic according to claim 5, wherein the traffic collecting strategy includes the following information:
    目标虚拟机列表,所述目标虚拟机列表中用于至少一个目标虚拟机;A target virtual machine list, where the target virtual machine list is used for at least one target virtual machine;
    待采集的目标流量在所述目标虚拟机上的流向;The flow direction of the target traffic to be collected on the target virtual machine;
    所述接入端口的UUID。The UUID of the access port.
  7. 如权利要求1-4任一项所述的流量采集方法,其中,所述原采集对象为数据中心DC内部第一VNF的第一接口,所述目标采集对象为所述DC外部的第二网元,所述对所述目标采集对象所连接的转发设备进行入向的所述目标流量的采集包括:The traffic collection method according to any one of claims 1-4, wherein the original collection object is a first interface of a first VNF inside a data center DC, and the target collection object is a second network outside the DC Yuan, the collection of the inbound target traffic to the forwarding device connected to the target collection object includes:
    向SDN控制器发送流量采集策略,所述流量采集策略用于指示所述SDN控制器控制所述第二网元所接入的转发设备对目标端口的入向流量进行采集,所述目标端口为所述转发设备上供所述第二网元接入的端口。Send a traffic collection strategy to the SDN controller, where the traffic collection strategy is used to instruct the SDN controller to control the forwarding device accessed by the second network element to collect the inbound traffic of the target port, where the target port is A port on the forwarding device for the second network element to access.
  8. 如权利要求7所述的流量采集方法,其中,所述流量采集策略中包括以下信息:7. The traffic collection method of claim 7, wherein the traffic collection strategy includes the following information:
    网元指示信息,所述网元指示信息用于指示所述第二网元的信息;Network element indication information, where the network element indication information is used to indicate information of the second network element;
    待采集的目标流量在所述第二网元上的流向。The flow direction of the target traffic to be collected on the second network element.
  9. 如权利要求1-4任一项所述的流量采集方法,其中,所述原采集对象为第一主机Host,所述目标采集对象为第二Host,所述对所述目标采集对象所连接的转发设备进行入向的所述目标流量的采集包括:The traffic collection method according to any one of claims 1-4, wherein the original collection object is a first host Host, the target collection object is a second Host, and the target collection object is connected to The collection of the inbound target traffic performed by the forwarding device includes:
    向所述第二Host所接入的转发设备发送流量采集指示,所述流量采集指示用于指示所述转发设备对目标端口的入向流量进行采集,所述目标端口为所述转发设备上供所述第二Host接入的端口。Send a traffic collection instruction to the forwarding device accessed by the second Host, where the traffic collection instruction is used to instruct the forwarding device to collect the inbound traffic of a target port, and the target port is provided by the forwarding device. The port accessed by the second Host.
  10. 一种网络设备,所述网络设备包括处理器、存储器及通信总线;A network device, the network device including a processor, a memory, and a communication bus;
    所述通信总线用于实现处理器和存储器之间的连接通信;The communication bus is used to realize connection and communication between the processor and the memory;
    所述处理器用于执行存储器中存储的一个或者多个程序,以实现如权利要求1至9中任一项所述的流量采集方法的步骤。The processor is configured to execute one or more programs stored in the memory to implement the steps of the flow collection method according to any one of claims 1 to 9.
  11. 如权利要求10所述的网络设备,其中,所述网络设备为网络功能虚拟化编排器NFVO网元或SDN控制器。The network device according to claim 10, wherein the network device is a network function virtualization orchestrator NFVO network element or an SDN controller.
  12. 一种存储介质,存储有一个或者多个程序,所述一个或者多个程序可被一个或者多个处理器执行,以实现如权利要求1至9中任一项所述的流量采集方法的步骤。A storage medium storing one or more programs, and the one or more programs can be executed by one or more processors to implement the steps of the flow collection method according to any one of claims 1 to 9 .
PCT/CN2020/076073 2019-04-04 2020-02-20 Traffic collection method and device, network apparatus and storage medium WO2020199780A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910272723.X 2019-04-04
CN201910272723.XA CN111786843B (en) 2019-04-04 2019-04-04 Traffic acquisition method and device, network equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2020199780A1 true WO2020199780A1 (en) 2020-10-08

Family

ID=72664916

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/076073 WO2020199780A1 (en) 2019-04-04 2020-02-20 Traffic collection method and device, network apparatus and storage medium

Country Status (2)

Country Link
CN (1) CN111786843B (en)
WO (1) WO2020199780A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115834459A (en) * 2022-10-10 2023-03-21 大连海事大学 Dynamic cleaning system and method for link flooding attack flow

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471670A (en) * 2014-09-11 2016-04-06 中兴通讯股份有限公司 Flow data classification method and device
WO2017028317A1 (en) * 2015-08-20 2017-02-23 Hewlett Packard Enterprise Development Lp Containerized virtual network function
CN107404421A (en) * 2017-09-18 2017-11-28 赛尔网络有限公司 Flow monitoring, monitoring and managing method and system
US20180367371A1 (en) * 2017-06-16 2018-12-20 Cisco Technology, Inc. Handling controller and node failure scenarios during data collection

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3606941B2 (en) * 1995-03-23 2005-01-05 株式会社東芝 Flow control apparatus and flow control method
JP2004165996A (en) * 2002-11-13 2004-06-10 Ntt Docomo Inc Ip router, method for totalizing point to point traffic on ip network, and ip network system
US7474666B2 (en) * 2003-09-03 2009-01-06 Cisco Technology, Inc. Switch port analyzers
CN102082692B (en) * 2011-01-24 2012-10-17 华为技术有限公司 Method and equipment for migrating virtual machines based on network data flow direction, and cluster system
CN104579810B (en) * 2013-10-23 2019-10-25 中兴通讯股份有限公司 Software defined network traffic sampling method and system
JP6305812B2 (en) * 2014-03-31 2018-04-04 株式会社Nttドコモ Flow control apparatus and flow control method
US9781037B2 (en) * 2015-09-15 2017-10-03 Cisco Technology, Inc. Method and apparatus for advanced statistics collection
CN106549792B (en) * 2015-09-22 2019-10-15 ***通信集团公司 A kind of method, apparatus and system of the security control of VNF
US10701076B2 (en) * 2016-01-14 2020-06-30 Arbor Networks, Inc. Network management device at network edge for INS intrusion detection based on adjustable blacklisted sources
CN105871602B (en) * 2016-03-29 2019-10-18 华为技术有限公司 A kind of control method, device and system counting flow
CN106100999B (en) * 2016-08-28 2019-05-24 北京瑞和云图科技有限公司 Image network flow control methods in a kind of virtualized network environment
US10601778B2 (en) * 2016-09-15 2020-03-24 Arbor Networks, Inc. Visualization of traffic flowing through a host
EP3334104A1 (en) * 2016-12-08 2018-06-13 Alcatel Lucent A network element and packet forwarding network element with traffic mirroring function, and corresponding method
CN107360100B (en) * 2017-07-31 2019-11-15 中通服咨询设计研究院有限公司 A kind of network flow arranging system and method based on SDN technology
CN108650154B (en) * 2018-06-29 2020-11-27 新华三技术有限公司 Flow control method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471670A (en) * 2014-09-11 2016-04-06 中兴通讯股份有限公司 Flow data classification method and device
WO2017028317A1 (en) * 2015-08-20 2017-02-23 Hewlett Packard Enterprise Development Lp Containerized virtual network function
US20180367371A1 (en) * 2017-06-16 2018-12-20 Cisco Technology, Inc. Handling controller and node failure scenarios during data collection
CN107404421A (en) * 2017-09-18 2017-11-28 赛尔网络有限公司 Flow monitoring, monitoring and managing method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115834459A (en) * 2022-10-10 2023-03-21 大连海事大学 Dynamic cleaning system and method for link flooding attack flow
CN115834459B (en) * 2022-10-10 2024-03-26 大连海事大学 Dynamic cleaning system and method for link flooding attack flow

Also Published As

Publication number Publication date
CN111786843B (en) 2023-07-04
CN111786843A (en) 2020-10-16

Similar Documents

Publication Publication Date Title
US11716669B2 (en) Internet of things service routing method
US9628290B2 (en) Traffic migration acceleration for overlay virtual environments
US11283649B2 (en) Multicast traffic across virtual networks (VNs)
US9225631B2 (en) Implementation of protocol in virtual link aggregate group
US10742554B2 (en) Connectivity management using multiple route tables at scalable virtual traffic hubs
US11671355B2 (en) Packet flow control in a header of a packet
CN117280665A (en) Extending cloud-based virtual private networks to radio-based networks
US20230031462A1 (en) Selective handling of traffic received from on-premises data centers
WO2020199780A1 (en) Traffic collection method and device, network apparatus and storage medium
US20180198708A1 (en) Data center linking system and method therefor
US20240106760A1 (en) Network device level optimizations for latency sensitive rdma traffic
US20230344777A1 (en) Customized processing for different classes of rdma traffic
KR102651239B1 (en) Method for communicating using virtualization scheme and electric device for performing the same
US11637770B2 (en) Invalidating cached flow information in a cloud infrastructure
US20220103628A1 (en) Secure communications of storage tenants that share a storage cluster system
KR101585413B1 (en) Openflow controller and method of disaster recoverty for cloud computing system based on software definition network
US20240056402A1 (en) Network architecture for dedicated region cloud at customer
EP4149062A1 (en) Deployment method and apparatus for virtualized network service
US20230246956A1 (en) Invalidating cached flow information in a cloud infrastructure
US20240126581A1 (en) Implementing communications within a container environment
US20220417139A1 (en) Routing policies for graphical processing units
US20230344778A1 (en) Network device level optimizations for bandwidth sensitive rdma traffic
US20240095865A1 (en) Resource usage monitoring, billing and enforcement for virtual private label clouds
US20240143365A1 (en) Initializing a container environment
WO2024039519A1 (en) Multiple top-of-rack (tor) switches connected to a network virtualization device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20782557

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20782557

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 18.03.22)

122 Ep: pct application non-entry in european phase

Ref document number: 20782557

Country of ref document: EP

Kind code of ref document: A1