WO2022121080A1

WO2022121080A1 - Network configuration method, controller, and traffic guide system

Info

Publication number: WO2022121080A1
Application number: PCT/CN2021/071102
Authority: WO
Inventors: 王力鹏
Original assignee: 网宿科技股份有限公司
Priority date: 2020-12-11
Filing date: 2021-01-11
Publication date: 2022-06-16
Also published as: CN112653575A; CN112653575B

Abstract

Disclosed are a network configuration method, a controller, and a traffic guide system. The method comprises: receiving an orchestration strategy issued by an orchestrator, the orchestration strategy comprising network configuration information of one or more users; receiving node information reported by a network node, the node information being used for representing a running state of the network node and/or network quality between network nodes; and according to the orchestration strategy and the node information, generating a configuration instruction set applied to the network node, and issuing the configuration instruction set to the network node, so that the network node performs network configuration and data forwarding according to the configuration instruction set.

Description

一种网络配置方法、控制器及流量引导***A network configuration method, controller and traffic guidance system

交叉引用cross reference

本申请要求于2020年12月11日递交的名称为“一种网络配置方法、控制器及流量引导***”、申请号为202011463114.1的中国专利申请的优先权，其通过引用被全部并入本申请。This application claims the priority of the Chinese patent application entitled "A Network Configuration Method, Controller and Traffic Guidance System" and the application number is 202011463114.1 filed on December 11, 2020, which is fully incorporated into this application by reference .

技术领域technical field

本申请涉及互联网技术领域，特别涉及一种网络配置方法、控制器及流量引导***。The present application relates to the field of Internet technologies, and in particular, to a network configuration method, a controller, and a traffic guidance system.

背景技术Background technique

随着企业规模的增长和互联网业务的不断发展，需要应用二层网络的业务场景不断增多。传统的二层网络可以通过部署专线或者创建虚拟扩展本地局域网(Visual eXtensible Local Area Network，简称VXLAN)隧道来实现。然而，现有的二层网络在部署过程中，通常需要在每个网络节点上配置用户的信息，并且由于网络节点之间的通信质量波动较大，很可能导致创建的二层网络不够稳定。With the growth of enterprise scale and the continuous development of Internet services, the business scenarios that require the application of Layer 2 networks continue to increase. A traditional Layer 2 network can be implemented by deploying a dedicated line or creating a Virtual eXtensible Local Area Network (VXLAN) tunnel. However, during the deployment of an existing Layer 2 network, it is usually necessary to configure user information on each network node, and since the communication quality between network nodes fluctuates greatly, the created Layer 2 network is likely to be unstable.

发明内容SUMMARY OF THE INVENTION

本申请的目的在于提供一种网络配置方法、控制器及流量引导***，能够提高二层网络的稳定性。The purpose of the present application is to provide a network configuration method, a controller and a traffic guidance system, which can improve the stability of a Layer 2 network.

为实现上述目的，本申请实施例提供一种网络配置方法，应用于控制器中，包括：接收编排器下发的编排策略，所述编排策略中包括一个或者多个用户的网络配置信息；接收网络节点上报的节点信息，所述节点信息用于表征网络节点的运行状态和/或网络节点之间的网络质量；根据所述编排策略和所述节点信息，生成应用于所述网络节点的配置指令集，并将所述配置指令集下发至所述网络节点，以使得所述网络节点根据所述配置指令集进行网络配置和数据转发。To achieve the above purpose, an embodiment of the present application provides a network configuration method, which is applied to a controller and includes: receiving an orchestration policy issued by an orchestrator, where the orchestration policy includes network configuration information of one or more users; receiving Node information reported by a network node, where the node information is used to represent the running state of the network node and/or the network quality between the network nodes; according to the orchestration strategy and the node information, a configuration applied to the network node is generated an instruction set, and deliver the configuration instruction set to the network node, so that the network node performs network configuration and data forwarding according to the configuration instruction set.

为实现上述目的，本申请实施例还提供一种网络配置控制器，包括：编排策略接收单元，用于接收编排器下发的编排策略，所述编排策略中包括一个或者多个用户的网络配置信息；节点信息接收单元，用于接收网络节点上报的节点信息，所述节点信息用于表征网络节点的运行状态和/或网络节点之间的网络质量；配置指令集下发单元，用于根据所述编排策略和所述节点信息，生成应用于所述网络节点的配置指令集，并将所述配置指令集下发至所述网络节点，以使得所述网络节点根据所述配置指令集进行网络配置和数据转发。To achieve the above purpose, an embodiment of the present application further provides a network configuration controller, including: an orchestration policy receiving unit, configured to receive an orchestration policy issued by an orchestrator, where the orchestration policy includes network configurations of one or more users information; a node information receiving unit for receiving node information reported by a network node, the node information being used to represent the operating state of the network node and/or the network quality between the network nodes; a configuration instruction set issuing unit for The orchestration strategy and the node information generate a configuration instruction set applied to the network node, and deliver the configuration instruction set to the network node, so that the network node executes the configuration instruction set according to the configuration instruction set. Network configuration and data forwarding.

为实现上述目的，本申请实施例还提供一种控制器，包括存储器和处理器，所述存储器用于存储计算机程序，所述计算机程序被所述处理器执行时，实现上述的网络配置方法。To achieve the above object, an embodiment of the present application further provides a controller, including a memory and a processor, where the memory is used to store a computer program, and when the computer program is executed by the processor, the above-mentioned network configuration method is implemented.

为实现上述目的，本申请实施例还提供一种流量引导***，包括编排器、控制器和至少两个网络节点，其中，所述控制器分别与所述编排器和各所述网络节点通信连接，所述网络节点间设有至少一条链路；所述编排器根据网络配置信息生成编排策略，并下发至所述控制器；所述控制器接收所述编排策略，并基于所述编排策略和上述的网络配置方法下发配置指令集至对应的所述网络节点；所述网络节点接收并执行所述配置指令集，以完成网络配置，并基于所述网络配置进行数据转发。To achieve the above object, an embodiment of the present application further provides a traffic steering system, including an orchestrator, a controller, and at least two network nodes, wherein the controller is respectively connected to the orchestrator and each of the network nodes in communication and connection , there is at least one link between the network nodes; the orchestrator generates an orchestration policy according to the network configuration information, and sends it to the controller; the controller receives the orchestration policy, and based on the orchestration policy and the above network configuration method to deliver a configuration instruction set to the corresponding network node; the network node receives and executes the configuration instruction set to complete the network configuration and perform data forwarding based on the network configuration.

由上可见，本申请实施例提供的技术方案，可以不需要在各个网络节点中部署用户的网络配置信息，而是可以由编排器统一生成编排策略，该编排策略中可以包含各个用户的网络配置信息。然后，编排器可以将编排策略下发至控制器，此外，控制器还可以接收各个网络节点上报的节点信息。该节点信息可以表征网络节点的运行状态，也可以表征网络节点之间的网络质量。这样，控制器结合编排策略和节点信息，可以针对不同的网络节点，下发对应的配置指令集。网络节点根据接收到的配置指令集，可以进行网络配置和数据转发。可见，控制器可以根据实时的节点信息，动态地对网络配置进行调节，从而使得创建的二层网络能够应对波动的网络环境。此外，由于统一地利用编排器进行网络配置信息的编排，从而简化了二层网络的创建过程。As can be seen from the above, the technical solutions provided by the embodiments of the present application may not need to deploy the user's network configuration information in each network node, but may generate an orchestration policy uniformly by the orchestrator, and the orchestration policy may include the network configuration of each user. information. Then, the orchestrator can deliver the orchestration policy to the controller, and the controller can also receive node information reported by each network node. The node information can represent the running state of the network nodes, and can also represent the network quality between the network nodes. In this way, the controller can issue corresponding configuration instruction sets for different network nodes in combination with the orchestration strategy and node information. The network node can perform network configuration and data forwarding according to the received configuration instruction set. It can be seen that the controller can dynamically adjust the network configuration according to the real-time node information, so that the created Layer 2 network can cope with the fluctuating network environment. In addition, since the orchestrator is used to orchestrate the network configuration information uniformly, the creation process of the Layer 2 network is simplified.

附图说明Description of drawings

为了更清楚地说明本申请实施例中的技术方案，下面将对实施例描述中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本申请的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动的前提下，还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present application more clearly, the following briefly introduces the drawings that are used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without creative effort.

图1A是本申请实施例中流量引导***的结构示意图；1A is a schematic structural diagram of a flow guidance system in an embodiment of the present application;

图1B是本申请实施例中执行完配置指令后的***结构示意图；1B is a schematic diagram of the system structure after the configuration instruction is executed in an embodiment of the present application;

图2是本申请实施例中网络配置方法的流程示意图；2 is a schematic flowchart of a network configuration method in an embodiment of the present application;

图3是本申请实施例中网络配置***的功能模块图；3 is a functional block diagram of a network configuration system in an embodiment of the present application;

图4是本申请实施例中控制器的结构示意图。FIG. 4 is a schematic structural diagram of a controller in an embodiment of the present application.

具体实施方式Detailed ways

为使本申请的目的、技术方案和优点更加清楚，下面将结合附图对本申请实施例作详细地描述。In order to make the objectives, technical solutions and advantages of the present application clearer, the embodiments of the present application will be described in detail below with reference to the accompanying drawings.

本申请提供的网络配置方法，可以应用于如图1A所示的流量引导***架构中。在图1A中，流量引导***可以包括编排器、控制器以及至少两个网络节点，其中，所述控制器分别与所述编排器和各所述网络节点通信连接，所述网络节点间设有至少一条链路，该链路类型可包含网络专线、基于Internet建立的网络连接、多协议标签交换(Multi-Protocol Label Switching，简称MPLS)线路、或者是基于软件定义广域网(Software Defined Wide Area Network，简称SD-WAN)加速网络建立的网络连接。各网络节点可分别部署在不同的地理区域，可用于为地理位置相近的用户局域网提供服务。The network configuration method provided by the present application can be applied to the traffic steering system architecture as shown in FIG. 1A . In FIG. 1A , the traffic steering system may include an orchestrator, a controller, and at least two network nodes, wherein the controller is connected in communication with the orchestrator and each of the network nodes, respectively, and the network nodes are provided with At least one link, the link type can include a dedicated network line, a network connection established based on the Internet, a Multi-Protocol Label Switching (MPLS) line, or a software-defined wide area network (Software Defined Wide Area Network) SD-WAN for short) accelerates the network connection established by the network. Each network node can be deployed in different geographical areas, and can be used to provide services for user local area networks with similar geographical locations.

编排器可接收用户提交的网络配置信息，并根据网络配置信息生成编排策略，下发至所述控制器。具体而言，用户可根据实际的组网需求提供对应的网络配置信息，所述网络配置信息可包含待连通的站点信息、带宽等线路要求，以及其他需求信息，编排器在接收到网络配置信息后，可先根据站点信息选择合适的网络节点，并根据其他要求生成各网络节点对应的编排策略。The orchestrator may receive the network configuration information submitted by the user, generate an orchestration policy according to the network configuration information, and deliver it to the controller. Specifically, the user can provide the corresponding network configuration information according to the actual networking requirements. The network configuration information can include the information of the site to be connected, the line requirements such as bandwidth, and other requirement information. When the orchestrator receives the network configuration information Afterwards, an appropriate network node can be selected according to the site information, and an arrangement strategy corresponding to each network node can be generated according to other requirements.

控制器接收所述编排策略，并基于所述编排策略生成对应的配置指令，并发送至网络节点；网络节点接收并执行所述配置指令，以完成网络配置，并基于所述网络配置对来自对应站点的流量进行数据转发。The controller receives the orchestration policy, generates a corresponding configuration instruction based on the orchestration policy, and sends it to the network node; the network node receives and executes the configuration instruction to complete the network configuration, and based on the network configuration The traffic of the site is forwarded.

请同时参照图1B，图1B进一步示出了网络站点在执行完配置指令后生成的网络配置。其中，可基于开放虚拟交换机(Open VSwitch，简称OVS)技术在网络节点中创建虚拟交换机，并基于虚拟交换机实现上述网络配置。Please refer to FIG. 1B at the same time. FIG. 1B further illustrates the network configuration generated by the network site after executing the configuration instruction. Wherein, a virtual switch may be created in a network node based on an Open Virtual Switch (Open VSwitch, OVS for short) technology, and the foregoing network configuration may be implemented based on the virtual switch.

图1B中的用户终端可以为对应站点中的网络出口，可以是用户侧与网络节点对接的设备。例如，用户终端可以是企业的交换机，或者是具备网络功能虚拟化(Network Functions Virtualization，简称NFV)的服务器。The user terminal in FIG. 1B may be a network outlet in a corresponding site, and may be a device that interfaces with a network node on the user side. For example, the user terminal may be an enterprise switch, or a server with Network Functions Virtualization (NFV for short).

网络节点则可以是负责进行网络配置和数据转发的设备，在网络节点中可以创建一个或者多个虚拟交换机，从而使得多个不同的用户终端能够复用同一个网络节点。不同的网络节点之间可以通过链路进行连接，基于该链路，可以根据实际需求创建不同的通信隧道(VXLAN隧道)，从而构建出对应的二层网络。例如在图1B中，网络节点1和网络节点2之间可以通过链路1和链路2进行连接，后续则可以在链路1或者链路2上创建VXLAN隧道。The network node may be a device responsible for network configuration and data forwarding, and one or more virtual switches may be created in the network node, so that multiple different user terminals can reuse the same network node. Different network nodes can be connected through links. Based on the links, different communication tunnels (VXLAN tunnels) can be created according to actual needs, thereby constructing a corresponding Layer 2 network. For example, in FIG. 1B , network node 1 and network node 2 may be connected through link 1 and link 2, and subsequently a VXLAN tunnel may be created on link 1 or link 2.

请参阅图1B和图2，本申请实施例提供的网络配置方法，可以应用于上述的控制器中，该方法可以包括以下多个步骤。Referring to FIG. 1B and FIG. 2 , the network configuration method provided by the embodiment of the present application may be applied to the above-mentioned controller, and the method may include the following steps.

S1：接收编排器下发的编排策略，所述编排策略中包括一个或者多个用户的网络配置信息。S1: Receive an orchestration policy issued by the orchestrator, where the orchestration policy includes network configuration information of one or more users.

在本实施例中，不同的用户可能有不同的组网需求。例如在图1B中，网络节点1和网络节点2分布于两个不同的城市(城市甲和城市乙)。假设，编排器接收到用户A和用户B的网络配置信息：用户A需要组建一条从城市甲的分支机构(站点)到城市乙的总部机构(对端站点)的二层网络，网络带宽为10M。同时，用户B需要组建一条从城市甲的数据中心a到城市乙的数据中心b的二层网络，网络带宽为20M。编排器可对应于用户A和B的站点位置信息，根据各网络节点的地理位置，从中选择出网络节点1和网络节点2用于构建对应的二层网络，如此，可分别针对用户A和用户B的网络配置信息，确定这两条二层网络均可以通过网络节点1和网络节点2之间的通信隧道实现。In this embodiment, different users may have different networking requirements. For example, in FIG. 1B, network node 1 and network node 2 are distributed in two different cities (city A and city B). Suppose that the orchestrator receives the network configuration information of user A and user B: user A needs to set up a Layer 2 network from the branch office (site) of city A to the headquarters office (peer site) of city B, with a network bandwidth of 10M . At the same time, user B needs to build a Layer 2 network from data center a in city A to data center b in city B, with a network bandwidth of 20M. The scheduler can correspond to the site location information of users A and B, and select network node 1 and network node 2 according to the geographic location of each network node to construct the corresponding Layer 2 network. According to the network configuration information of B, it is determined that both the two Layer 2 networks can be implemented through the communication tunnel between network node 1 and network node 2.

具体地，在编排器中，可以按照用户的网络配置信息，确定出对应的网络节点，并生成对应的编排策略。在该编排策略中，至少可以包括待建立通信隧道的多个网络节点和所述多个网络节点各自的接入网卡，以及待建立的通信隧道的链路选择模式。其中，按照图1B所示的场景，待建立通信隧道的可以是网络节点1和网络节点2，其中，网络节点1上的接入网卡可以是网卡1和网卡2，网络节点2上的接入网卡可以是网卡3和网卡4。上述的链路选择模式，可以根据实际应用场景灵活选择，例如，链路选择模式可以是手动模式，在该手动模式下，网络节点1和网络节点2之间的链路可以划分为主链路和备链路。手动模式则可以根据主链路和备链路的通信状态来创建VXLAN隧道。又例如，链路选择模式还可以是智能模式。该智能模式可以对网络节点1和网络节点2之间的各条链路进行评估，从而自动筛选出用于创建VXLAN隧道的链路。Specifically, in the orchestrator, a corresponding network node may be determined according to the user's network configuration information, and a corresponding orchestration policy may be generated. The orchestration strategy may include at least multiple network nodes to be established communication tunnels, respective access network cards of the multiple network nodes, and link selection modes of the communication tunnels to be established. Wherein, according to the scenario shown in FIG. 1B , network node 1 and network node 2 may be the ones to establish the communication tunnel, wherein the access network cards on network node 1 may be network card 1 and network card 2, and the access network card on network node 2 may be network card 1 and network card 2. The network cards can be network card 3 and network card 4. The above link selection mode can be flexibly selected according to the actual application scenario. For example, the link selection mode can be a manual mode. In this manual mode, the link between network node 1 and network node 2 can be classified as the main link. and backup link. In manual mode, a VXLAN tunnel can be created according to the communication status of the primary link and the backup link. For another example, the link selection mode may also be an intelligent mode. The intelligent mode can evaluate each link between network node 1 and network node 2, thereby automatically screening out the link used to create the VXLAN tunnel.

在实际应用中，智能模式在对各条链路进行评估时，通常需要提供参数权值系数，该参数权值系数可以作为各种网络质量参数的权重值。例如，网络节点1和网络节点2之间的链路，可以具备时延参数、抖动参数、丢包率参数等各项网络质量参数，针对这些网络质量参数，可以赋予各自的权重值。那么在评估各条链路的通信质量时，可以通过加权求和的方式，对这些网络质量参数进行综合评估，从而得到各条链路的通信指标。In practical applications, the intelligent mode usually needs to provide a parameter weight coefficient when evaluating each link, and the parameter weight coefficient can be used as the weight value of various network quality parameters. For example, the link between network node 1 and network node 2 may have various network quality parameters, such as delay parameters, jitter parameters, and packet loss rate parameters. These network quality parameters may be assigned respective weight values. Then, when evaluating the communication quality of each link, the network quality parameters can be comprehensively evaluated by means of weighted summation, so as to obtain the communication index of each link.

在一个实施例中，网络配置信息中还可以包括平台虚拟局域网(Virtual Local Area Network，简称VLAN)标识和用户VLAN标识。其中，平台VLAN标识可以用于在网络节点中区分不同平台的用户。用户VLAN标识则可以在同一个平台内，区分不同的用户。例如对于图1B中的用户A和用户B而言，可以属于不同的平台，那么这两个用户的网络配置信息中，可以包含不同的平台VLAN标识。又例如，对于用户B而言，需要在数据中心a和数据中心b之间进行数据传输，而数据中心a和数据中心b可以属于不同的用户，因此在用户B的网络配置信息中，可以包含两个不同的用户VLAN标识。这样，通过平台VLAN标识和用户VLAN标识，可以在同一个网络节点中隔离不同的平台和不同的用户，在复用网络节点的同时，不同用户的数据也可以互不干扰。In one embodiment, the network configuration information may further include a platform virtual local area network (Virtual Local Area Network, VLAN for short) identifier and a user VLAN identifier. The platform VLAN identifier can be used to distinguish users of different platforms in the network node. User VLAN identification can distinguish different users within the same platform. For example, user A and user B in FIG. 1B may belong to different platforms, and the network configuration information of the two users may include different platform VLAN identifiers. For another example, for user B, data transmission needs to be performed between data center a and data center b, and data center a and data center b may belong to different users. Therefore, the network configuration information of user B can include Two different user VLAN IDs. In this way, through the platform VLAN identification and the user VLAN identification, different platforms and different users can be isolated in the same network node, and the data of different users can not interfere with each other while the network nodes are reused.

在一个具体应用场景中，用户A的网络配置信息可以如下所示：In a specific application scenario, the network configuration information of user A can be as follows:

用户名称：A；Username: A;

对接节点：网络节点1，网卡1；Docking node: network node 1, network card 1;

网络节点2，网卡3；Network node 2, network card 3;

平台VLAN标识：100；Platform VLAN ID: 100;

用户VLAN标识：无；User VLAN ID: none;

VXLAN隧道：手动模式，VXLAN tunnel: manual mode,

主链路：链路1，main link: link 1,

备链路：链路2；Standby link: link 2;

带宽：10MBandwidth: 10M

用户B的网络配置信息可以如下所示：User B's network configuration information can be as follows:

用户名称：B；Username: B;

对接节点：网络节点1，网卡2；Docking node: network node 1, network card 2;

网络节点2，网卡4；Network node 2, network card 4;

平台VLAN标识：101；Platform VLAN ID: 101;

用户VLAN标识：网络节点1：10User VLAN ID: Network Node 1:10

网络节点2：20Network Node 2:20

VXLAN隧道：智能模式，VXLAN Tunnel: Smart Mode,

参数权值系数：时延权重α、抖动权重β、丢包率权重γ；Parameter weight coefficient: delay weight α, jitter weight β, packet loss rate weight γ;

带宽：20M。Bandwidth: 20M.

在编排器中根据各个用户的网络配置信息，对应生成编排策略，该编排策略可以由编排器通过调用控制器的应用程序接口(Application Programming Interface，简称API)，从而被下发给控制器。控制器接收到该编排策略后，可以将编排策略写入数据库中。In the orchestrator, according to the network configuration information of each user, a corresponding orchestration policy is generated, and the orchestration policy can be issued to the controller by the orchestrator by calling the application programming interface (Application Programming Interface, API) of the controller. After the controller receives the orchestration policy, it can write the orchestration policy into the database.

S3：接收网络节点上报的节点信息，所述节点信息用于表征网络节点的运行状态和/或网络节点之间的网络质量。S3: Receive node information reported by the network node, where the node information is used to represent the running state of the network node and/or the network quality between the network nodes.

在本实施例中，为了应对网络中出现的波动，各个网络节点可以定期地检测链路的网络通信质量，并可以检测自身的运行状态。例如，网络节点可以通过互联网包探测器(Packet Internet Groper，简称PING)、传输控制协议互联网包探测器(Transmission Control Protocol Packet Internet Groper，简称TCPING)、用户数据报协议互联网包探测器(User Datagram Protocol Packet Internet Groper，简称UDPING)等方式检测各条链路的时延、抖动、丢包率等参数，并可以检测自身的网卡状态。网络节点在采集到这些节点信息后，可以将节点信息上报给控制器。需要说明的是，由于不同的网络节点可能会针对相同的链路采集参数。例如，对于网络节点1和网络节点2而言，都会对链路1和链路2进行时延、抖动、丢包率的检测。当控制器接收到网络节点上报的节点信息后，针对节点信息中相同链路的参数，可以采纳上报时间靠后的参数，这样能够尽可能地保证链路参数的实时性。In this embodiment, in order to cope with fluctuations in the network, each network node can periodically detect the network communication quality of the link, and can detect its own running state. For example, network nodes can detect Internet packets (Packet Internet Groper, referred to as PING), Transmission Control Protocol Internet Packet detector (Transmission Control Protocol Packet Internet Groper, referred to as TCPING), User Datagram Protocol Internet Packet detector (User Datagram Protocol) Packet Internet Groper, referred to as UDPING) and other methods to detect the delay, jitter, packet loss rate and other parameters of each link, and can detect its own network card status. After collecting the node information, the network node can report the node information to the controller. It should be noted that different network nodes may collect parameters for the same link. For example, for network node 1 and network node 2, delay, jitter, and packet loss rate detection are performed on link 1 and link 2. After the controller receives the node information reported by the network node, for the parameters of the same link in the node information, the parameters with the later reporting time can be adopted, which can ensure the real-time performance of the link parameters as much as possible.

在实际应用中，网络节点采集到节点信息后，可以将节点信息通过 OpenFlow协议发送给控制器。In practical applications, after the network node collects the node information, it can send the node information to the controller through the OpenFlow protocol.

S5：根据所述编排策略和所述节点信息，生成应用于所述网络节点的配置指令集，并将所述配置指令集下发至所述网络节点，以使得所述网络节点根据所述配置指令集进行网络配置和数据转发。S5: Generate a configuration instruction set applied to the network node according to the orchestration policy and the node information, and deliver the configuration instruction set to the network node, so that the network node can make the configuration according to the configuration instruction set The instruction set performs network configuration and data forwarding.

在本实施例中，控制器根据编排策略和接收到的节点信息，可以针对不同的网络节点，生成对应的配置指令集。该配置指令集可以用于引导网络节点进行网络配置。具体地，在该配置指令集中，可以包括添加虚拟网卡、创建网桥、添加端口、创建流表项、创建通信隧道、创建服务质量(Quality of Service，简称QOS)策略等多项指令。在实际应用中，可以根据网络的复杂程度，对上述的多项指令进行增减。In this embodiment, the controller can generate corresponding configuration instruction sets for different network nodes according to the orchestration strategy and the received node information. The configuration instruction set can be used to guide network nodes to perform network configuration. Specifically, the configuration instruction set may include multiple instructions such as adding a virtual network card, creating a bridge, adding a port, creating a flow entry, creating a communication tunnel, and creating a Quality of Service (QOS) policy. In practical applications, the above-mentioned multiple instructions can be increased or decreased according to the complexity of the network.

请参阅图1B，在一个实施例中，通过解析编排策略中用户的网络配置信息，控制器可以生成添加虚拟网卡的指令和添加流表项的指令。具体地，以用户A为例，可以在网络节点1中创建虚拟网卡br_a，并通过添加流表项，以建立网络节点1的接入网卡1与创建的虚拟网卡br_a之间的数据流向。这样，从网卡1流入的数据可以从虚拟网卡br_a流出，而从虚拟网卡br_a流入的数据也相应地可以从网卡1流出。Referring to FIG. 1B , in one embodiment, by parsing the user's network configuration information in the orchestration policy, the controller can generate an instruction for adding a virtual network card and an instruction for adding a flow entry. Specifically, taking user A as an example, a virtual network card br_a can be created in network node 1, and a flow entry is added to establish a data flow direction between access network card 1 of network node 1 and the created virtual network card br_a. In this way, the data flowing in from the network card 1 can flow out from the virtual network card br_a, and the data flowing in from the virtual network card br_a can also flow out from the network card 1 accordingly.

为了完成接入网卡与虚拟网卡之间的数据流向，控制器还可以生成创建网桥的指令。该创建网桥的指令，可以在网络节点中创建用于对接平台的网桥。例如在图1B中，可以生成网桥ovs-hub。控制器还可以生成添加端口的指令，该指令可以将接入网卡和虚拟网卡添加至网桥中。例如，可以将网卡1和虚拟网卡br_a添加至网桥ovs-hub中。In order to complete the data flow between the access network card and the virtual network card, the controller may also generate an instruction to create a network bridge. The command for creating a network bridge can create a network bridge for connecting to the platform in the network node. For example in Figure IB, the bridge ovs-hub can be generated. The controller can also generate add port instructions, which can add access NICs and virtual NICs to the bridge. For example, network card 1 and virtual network card br_a can be added to the bridge ovs-hub.

在本实施例中，控制器还可以生成创建通信隧道的指令，该创建通信隧道的指令可以在虚拟网卡上创建符合链路选择模式的通信隧道。根据链路选择模式的不同，创建通信隧道的方式也可以不同。具体地，若链路选择模式为手动模式，那么表示需要在主链路和备链路中选择一条链路创建VXLAN隧道。在这种情况下，控制器可以从网络节点上报的节点信息中，识别主链路和备链路各自的通信状态。该通信状态可以通过时延、抖动、丢包率等参数表示。如果该通信状态满足一定的条件，例如丢包率小于50％，那么该通信状态便可以表征通信正常。在选择链路时，可以优先判断主链路的通信状态是否正常。如果主链路的通信状态正常，则可以直接在主链路上创建VXLAN隧道，从而生成在主链路上创建VXLAN隧道的指令。而如果主链路的通信状态异常，并且备链路的通信状态正常，则可以生成在备链路上创建VXLAN隧道的指令。In this embodiment, the controller may further generate an instruction for creating a communication tunnel, and the instruction for creating a communication tunnel may create a communication tunnel conforming to the link selection mode on the virtual network card. Depending on the link selection mode, the communication tunnel can be created differently. Specifically, if the link selection mode is the manual mode, it means that a link needs to be selected from the primary link and the backup link to create a VXLAN tunnel. In this case, the controller can identify the respective communication states of the primary link and the backup link from the node information reported by the network nodes. The communication state can be represented by parameters such as delay, jitter, and packet loss rate. If the communication state satisfies a certain condition, for example, the packet loss rate is less than 50%, then the communication state can indicate that the communication is normal. When selecting a link, it can be prioritized to determine whether the communication status of the main link is normal. If the communication status of the primary link is normal, you can directly create a VXLAN tunnel on the primary link to generate an instruction to create a VXLAN tunnel on the primary link. If the communication status of the primary link is abnormal and the communication status of the backup link is normal, an instruction to create a VXLAN tunnel on the backup link can be generated.

此外，如果链路选择模式为智能模式，则表示可以在预设的多条链路中选择一条链路创建VXLAN隧道。这些预设的多条链路并不互为主备关系，因此通常不会优先考虑某条链路的通信状态，而是根据节点信息，计算各条链路的通信指标，并根据各个通信指标确定目标链路。在实际应用中，每条链路都可以对应时延、抖动、丢包率等网络质量参数，通过上述加权求和的方式，对这些网络质量参数进行综合评估，从而得到各条链路的通信指标。In addition, if the link selection mode is the intelligent mode, it means that a link can be selected from the preset multiple links to create a VXLAN tunnel. These preset multiple links are not in a master/slave relationship with each other, so the communication status of a link is usually not given priority, but the communication indicators of each link are calculated according to the node information, and according to each communication indicator Determine the target link. In practical applications, each link can correspond to network quality parameters such as delay, jitter, and packet loss rate. Through the above weighted summation method, these network quality parameters are comprehensively evaluated to obtain the communication of each link. index.

在得到各条链路的通信指标之后，可以将通信指标最优的链路作为目标链路。后续，就可以在该目标链路上创建VXLAN隧道，从而生成在目标链路上创建VXLAN隧道的指令。After obtaining the communication index of each link, the link with the optimal communication index can be used as the target link. Subsequently, a VXLAN tunnel can be created on the target link, thereby generating an instruction for creating a VXLAN tunnel on the target link.

在一个实施例中，控制器还可以根据网络配置信息中的带宽信息，生成创建QOS策略的指令。具体地，该指令可以在接入网卡上创建符合带宽信息的QOS策略。例如，对于图1B中的用户A而言，可以在网卡1上创建最高速率为10Mbps的QOS策略。而对于用户B而言，可以在网卡2上创建最高速率为20Mbps的QOS策略。In one embodiment, the controller may further generate an instruction for creating a QOS policy according to the bandwidth information in the network configuration information. Specifically, the instruction can create a QOS policy conforming to the bandwidth information on the access network card. For example, for user A in FIG. 1B , a QOS policy with a maximum rate of 10 Mbps can be created on network card 1 . For user B, a QOS policy with a maximum rate of 20 Mbps can be created on network card 2.

在一个实施例中，在同一个平台内，不同用户的数据可以通过用户VLAN标识进行区分，网络节点在进行这种场景的网络配置时，也会生成功能不同的配置指令集。具体地，针对图1B中的用户B而言，生成的添加虚拟网卡的指令，可以用于在网络节点1中创建包含第一虚拟网卡br_b和第二虚拟网卡br_b1的虚拟网卡组。在实际应用中，该虚拟网卡组可以是一对虚拟以太网接口(Virtual Ethernet，简称veth)网卡。此外，该指令还可以在网络节点1中创建与用户VLAN标识对应的第三虚拟网卡br_b.10。需要说明的是，用户B的网络配置信息中，针对网络节点1的用户VLAN标识是10，针对网络节点2的用户VLAN标识为20，那么在网络节点1中可以创建与标识10相对应的虚拟网卡br_b.10，而在网络节点2中可以创建与标识20相对应的虚拟网卡br_b.20。In one embodiment, within the same platform, data of different users can be distinguished by user VLAN identifiers, and the network node will also generate configuration instruction sets with different functions when performing network configuration in this scenario. Specifically, for the user B in FIG. 1B , the generated instruction for adding a virtual network card can be used to create a virtual network card group including the first virtual network card br_b and the second virtual network card br_b1 in the network node 1 . In practical applications, the virtual network card group may be a pair of virtual Ethernet interface (Virtual Ethernet, veth for short) network cards. In addition, the instruction can also create a third virtual network card br_b.10 corresponding to the user VLAN ID in the network node 1. It should be noted that, in the network configuration information of user B, the user VLAN ID for network node 1 is 10, and the user VLAN ID for network node 2 is 20, then a virtual ID corresponding to ID 10 can be created in network node 1. The network card br_b.10, and the virtual network card br_b.20 corresponding to the identification 20 can be created in the network node 2.

在本实施例中，在生成创建网桥的指令时，ovs-hub网桥是对接平台的，在同一个平台内部，为了区分不同的用户，除了在网络节点1中创建第一网桥ovs-hub，还可以在网络节点1中添加第二网桥ovs-B，该第二网桥与用户VLAN标识10相对应。这样，在生成添加端口的指令时，可以将接入网卡2和第一虚拟网卡br_b添加至第一网桥ovs-hub上，并将第二虚拟网卡br_b1和第三虚拟网卡br_b.10添加至第二网桥ovs-B上。In this embodiment, when the instruction for creating a bridge is generated, the ovs-hub bridge is connected to the platform. Within the same platform, in order to distinguish different users, except that the first network bridge ovs-hub is created in the network node 1 hub, a second network bridge ovs-B may also be added to the network node 1, where the second network bridge corresponds to the user VLAN ID 10. In this way, when the instruction for adding a port is generated, the access network card 2 and the first virtual network card br_b can be added to the first network bridge ovs-hub, and the second virtual network card br_b1 and the third virtual network card br_b.10 can be added to the On the second bridge ovs-B.

在本实施例中，生成创建流表项的指令时，可以建立接入网卡2与第一虚拟网卡br_b之间的数据流向，以及建立第二虚拟网卡br_b1与第三虚拟网卡br_b.10之间的数据流向。由于第一虚拟网卡br_b和第二虚拟网卡br_b1是一对虚拟网卡组，因此这两个虚拟网卡之间可以直接具备数据流向，无需再次建立。这样，从网卡2流入的数据，可以依次经过br_b和br_b1，最终从br_b.10流出。同理，从br_b.10流入的数据，可以依次经过br_b1和br_b，最终从网卡2流出。In this embodiment, when an instruction for creating a flow entry is generated, a data flow direction between the access network card 2 and the first virtual network card br_b can be established, and a data flow direction between the second virtual network card br_b1 and the third virtual network card br_b.10 can be established. data flow. Since the first virtual network card br_b and the second virtual network card br_b1 are a pair of virtual network card groups, a data flow direction can be directly provided between the two virtual network cards, and there is no need to establish again. In this way, the data flowing in from the network card 2 can pass through br_b and br_b1 in sequence, and finally flow out from br_b.10. Similarly, the data flowing in from br_b.10 can pass through br_b1 and br_b in sequence, and finally flow out from network card 2.

在本实施例中，为了区分不同用户的数据，在数据中可以添加对应的用户VLAN标识。例如，流入第二虚拟网卡br_b1的数据中，可以携带用户VLAN标识10，但是在VXLAN隧道上传输的数据通常是不允许携带VLAN标识的，因此该数据在被去除用户VLAN标识10后，可以从第三虚拟网卡br_b.10流出。同理，流入第三虚拟网卡br_b.10的数据原本是没有携带用户VLAN标识10的，为了能够正确地将该数据转发至对应的用户终端，因此该数据可以在被添加用户VLAN标识10后，从第二虚拟网卡br_b1流出。在网络节点2中也是同理，流入br_b.20的数据需要添加用户VLAN标识20之后，才能从br_b1流出，而从br_b1流入的数据，需要在去除用户VLAN标识20之后，才能从br_b.20流出。In this embodiment, in order to distinguish data of different users, corresponding user VLAN identifiers may be added to the data. For example, the data flowing into the second virtual network card br_b1 can carry the user VLAN ID 10, but the data transmitted on the VXLAN tunnel is usually not allowed to carry the VLAN ID. Therefore, after the user VLAN ID 10 is removed, the data can be sent from The third virtual network card br_b.10 flows out. Similarly, the data flowing into the third virtual network card br_b.10 originally did not carry the user VLAN ID 10. In order to correctly forward the data to the corresponding user terminal, the data can be added after the user VLAN ID 10 is added. Outgoing from the second virtual network card br_b1. The same is true in network node 2. The data flowing into br_b.20 needs to add the user VLAN ID 20 before it can flow out from br_b1, and the data flowing in from br_b1 needs to remove the user VLAN ID 20 before it can flow out from br_b.20. .

在本实施例中，针对用户B而言，在网络节点1中生成的创建通信隧道的指令，可以在第三虚拟网卡br_b.10上创建符合链路选择模式的通信隧道。具体创建通信隧道的方式可以参照前文所述，这里便不再赘述。In this embodiment, for user B, the instruction for creating a communication tunnel generated in the network node 1 can create a communication tunnel conforming to the link selection mode on the third virtual network card br_b.10. For a specific manner of creating a communication tunnel, reference may be made to the foregoing description, which will not be repeated here.

由上可见，在本申请的实施例中，通过平台VLAN标识和用户VLAN标识实现VLAN隔离，从而保证在复用网络节点的同时，不同用户的数据不会相互干扰。此外，在网络节点内部，可以通过多层ovs网桥来实现二层网络的隔离，进一步保证了数据的独立性。As can be seen from the above, in the embodiments of the present application, VLAN isolation is implemented through the platform VLAN identifier and the user VLAN identifier, thereby ensuring that data of different users will not interfere with each other while multiplexing network nodes. In addition, within the network node, the isolation of the second-layer network can be achieved through multi-layer ovs bridges, which further ensures the independence of data.

请参阅图3，本申请实施例还提供一种网络配置控制器，所述网络配置控制器包括：编排策略接收单元，用于接收编排器下发的编排策略，所述编排策略中包括一个或者多个用户的网络配置信息；节点信息接收单元，用于接收网络节点上报的节点信息，所述节点信息用于表征网络节点的运行状态和/或网络节点之间的网络质量；配置指令集下发单元，用于根据所述编排策略和所述节点信息，生成应用于所述网络节点的配置指令集，并将所述配置指令集下发至所述网络节点，以使得所述网络节点根据所述配置指令集进行网络配置和数据转发。Referring to FIG. 3, an embodiment of the present application further provides a network configuration controller, where the network configuration controller includes: an orchestration policy receiving unit, configured to receive an orchestration policy issued by the orchestrator, where the orchestration policy includes one or more The network configuration information of multiple users; the node information receiving unit is used to receive the node information reported by the network node, the node information is used to represent the running state of the network node and/or the network quality between the network nodes; under the configuration instruction set a sending unit, configured to generate a configuration instruction set applied to the network node according to the orchestration strategy and the node information, and deliver the configuration instruction set to the network node, so that the network node The configuration instruction set performs network configuration and data forwarding.

请参阅图4，本申请实施例还提供一种控制器，所述控制器包括存储器和处理器，所述存储器用于存储计算机程序，所述计算机程序被所述处理器执行时，实现上述的网络配置方法。Referring to FIG. 4, an embodiment of the present application further provides a controller, the controller includes a memory and a processor, the memory is used to store a computer program, and when the computer program is executed by the processor, the above-mentioned Network configuration method.

本说明书中的各个实施例均采用递进的方式描述，各个实施例之间相同相似的部分互相参见即可，每个实施例重点说明的都是与其他实施例的不同之处。尤其，针对***和控制器的实施例来说，均可以参照前述方法的实施例的介绍对照解释。Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the embodiments of the system and the controller, reference may be made to the descriptions of the foregoing method embodiments for comparison and explanation.

通过以上的实施例的描述，本领域的技术人员可以清楚地了解到各实施例可借助软件加必需的通用硬件平台的方式来实现，当然也可以通过硬件。基于这样的理解，上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来，该计算机软件产品可以存储在计算机可读存储介质中，如只读存储器(Read-Only Memory，简称ROM)/随机存取存储器(Random Access Memory，简称RAM)、磁碟、光盘等，包括若干指令用以使得一台计算机设备(可以是个人计算机，服务器，或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on such understanding, the above-mentioned technical solutions can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in a computer-readable storage medium, such as a read-only memory (Read -Only Memory, referred to as ROM)/Random Access Memory (Random Access Memory, referred to as RAM), magnetic disks, optical disks, etc., including several instructions to make a computer device (can be a personal computer, server, or network device, etc.) The methods described in various embodiments or portions of embodiments are performed.

以上所述仅为本申请的部分实施例，并不用以限制本申请，凡在本申请的精神和原则之内，所作的任何修改、等同替换、改进等，均应包含在本申请的保护范围之内。The above descriptions are only part of the embodiments of the present application and are not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present application shall be included in the protection scope of the present application. within.

Claims

一种网络配置方法，应用于控制器中，包括：A network configuration method, applied in a controller, includes:

接收编排器下发的编排策略，所述编排策略中包括一个或者多个用户的网络配置信息；receiving an orchestration policy issued by the orchestrator, where the orchestration policy includes network configuration information of one or more users;

接收网络节点上报的节点信息，所述节点信息用于表征网络节点的运行状态和/或网络节点之间的网络质量；receiving node information reported by a network node, where the node information is used to characterize the running state of the network node and/or the network quality between the network nodes;

根据所述编排策略和所述节点信息，生成应用于所述网络节点的配置指令集，并将所述配置指令集下发至所述网络节点，以使得所述网络节点根据所述配置指令集进行网络配置和数据转发。According to the orchestration strategy and the node information, a configuration instruction set applied to the network node is generated, and the configuration instruction set is delivered to the network node, so that the network node can perform the configuration instruction set according to the configuration instruction set. Perform network configuration and data forwarding.
根据权利要求1所述的方法，其中，所述网络配置信息中至少包括待建立通信隧道的多个网络节点和所述多个网络节点各自的接入网卡，以及待建立的通信隧道的链路选择模式。The method according to claim 1, wherein the network configuration information at least includes multiple network nodes to be established communication tunnels, respective access network cards of the multiple network nodes, and links of the communication tunnel to be established Choose a mode.
根据权利要求2所述的方法，其中，生成应用于所述网络节点的配置指令集包括：The method of claim 2, wherein generating a set of configuration instructions applied to the network node comprises:

生成添加虚拟网卡的指令和添加流表项的指令，其中，所述添加虚拟网卡的指令用于在所述网络节点中创建虚拟网卡，所述添加流表项的指令用于建立所述网络节点的接入网卡与创建的所述虚拟网卡之间的数据流向；Generating an instruction to add a virtual network card and an instruction to add a flow entry, wherein the instruction to add a virtual network card is used to create a virtual network card in the network node, and the instruction to add a flow entry is used to create the network node The data flow between the access network card and the created virtual network card;

生成创建通信隧道的指令，所述创建通信隧道的指令用于在所述虚拟网卡上创建符合所述链路选择模式的通信隧道。An instruction for creating a communication tunnel is generated, and the instruction for creating a communication tunnel is used to create a communication tunnel conforming to the link selection mode on the virtual network card.
根据权利要求3所述的方法，其中，生成应用于所述网络节点的配置指令集还包括：The method of claim 3, wherein generating the set of configuration instructions applied to the network node further comprises:

生成创建网桥的指令，所述创建网桥的指令用于在所述网络节点中创建网桥；generating instructions for creating a network bridge, the instructions for creating a network bridge are used to create a network bridge in the network node;

生成添加端口的指令，所述添加端口的指令用于将所述接入网卡和所述虚拟网卡添加至所述网桥中。An instruction for adding a port is generated, where the instruction for adding a port is used to add the access network card and the virtual network card to the bridge.
根据权利要求3所述的方法，其中，生成创建通信隧道的指令包括：The method of claim 3, wherein generating the instructions to create the communication tunnel comprises:

若所述链路选择模式表征在主链路和备链路中选择一条链路创建虚拟扩展本地局域网VXLAN隧道，从所述节点信息中识别所述主链路和所述备链路各自的通信状态，若所述主链路的通信状态表征通信正常，生成在所述主链路上创建VXLAN隧道的指令；If the link selection mode represents selecting a link from the primary link and the backup link to create a virtual extended local area network VXLAN tunnel, identify the respective communications of the primary link and the backup link from the node information Status, if the communication status of the main link indicates that the communication is normal, generate an instruction to create a VXLAN tunnel on the main link;

若所述链路选择模式表征在预设的多条链路中选择一条链路创建VXLAN隧道，根据所述节点信息，计算各条链路的通信指标，并根据所述通信指标确定目标链路，并生成在所述目标链路上创建VXLAN隧道的指令。If the link selection mode indicates that a link is selected from a plurality of preset links to create a VXLAN tunnel, the communication index of each link is calculated according to the node information, and the target link is determined according to the communication index , and generate an instruction to create a VXLAN tunnel on the target link.
根据权利要求3所述的方法，其中，所述网络配置信息中还包括带宽信息；生成应用于所述网络节点的配置指令集还包括：The method according to claim 3, wherein the network configuration information further includes bandwidth information; and generating a configuration instruction set applied to the network node further comprises:

生成创建服务质量QOS策略的指令，所述创建QOS策略的指令用于在所述接入网卡上创建符合所述带宽信息的QOS策略。Generating an instruction for creating a quality of service QOS policy, where the instruction for creating a QOS policy is used to create a QOS policy conforming to the bandwidth information on the access network card.
根据权利要求2所述的方法，其中，所述网络配置信息中还包括用户虚拟局域网VLAN标识；The method according to claim 2, wherein, the network configuration information also includes a user virtual local area network (VLAN) identifier;

生成应用于所述网络节点的配置指令集包括：Generating a configuration instruction set applied to the network node includes:

生成添加虚拟网卡的指令，所述添加虚拟网卡的指令用于在所述网络节点中创建包含第一虚拟网卡和第二虚拟网卡的虚拟网卡组，并创建所述用户VLAN标识对应的第三虚拟网卡；Generate an instruction for adding a virtual network card, and the instruction for adding a virtual network card is used to create a virtual network card group comprising a first virtual network card and a second virtual network card in the network node, and create a third virtual network card corresponding to the user VLAN identification. network card;

生成创建网桥的指令，所述创建网桥的指令用于在所述网络节点中创建第一网桥，并创建与所述用户VLAN标识相对应的第二网桥；Generate an instruction to create a network bridge, the instruction to create a network bridge is used to create a first network bridge in the network node, and create a second network bridge corresponding to the user VLAN identification;

生成添加端口的指令，所述添加端口的指令用于将所述接入网卡和所述第一虚拟网卡添加至所述第一网桥上，并将所述第二虚拟网卡和所述第三虚拟网卡添加至所述第二网桥上；generating an instruction for adding a port, where the instruction for adding a port is used to add the access network card and the first virtual network card to the first network bridge, and add the second virtual network card and the third virtual network card to the first network bridge. adding a virtual network card to the second network bridge;

生成创建流表项的指令，所述创建流表项的指令用于建立所述接入网卡与所述第一虚拟网卡之间的数据流向，以及建立所述第二虚拟网卡与所述第三虚拟网卡之间的数据流向。Generating an instruction for creating a flow entry, the instruction for creating a flow entry is used to establish a data flow between the access network card and the first virtual network card, and to establish the second virtual network card and the third virtual network card. Data flow between virtual NICs.
根据权利要求7所述的方法，其中，所述创建流表项的指令还用于：The method of claim 7, wherein the instruction for creating a flow entry is further used to:

流入所述第二虚拟网卡的数据被去除所述用户VLAN标识后，从所述第三虚拟网卡流出，以及流入所述第三虚拟网卡的数据被添加了所述用户VLAN标识后，从所述第二虚拟网卡流出。After the data flowing into the second virtual network card is removed from the user VLAN identifier, it flows out from the third virtual network card, and the data flowing into the third virtual network card is added with the user VLAN identifier. The second virtual network card flows out.
根据权利要求7所述的方法，其中，生成应用于所述网络节点的配置指令集还包括：The method of claim 7, wherein generating the set of configuration instructions applied to the network node further comprises:

生成创建通信隧道的指令，所述创建通信隧道的指令用于在所述第三虚拟网卡上创建符合所述链路选择模式的通信隧道。An instruction for creating a communication tunnel is generated, where the instruction for creating a communication tunnel is used to create a communication tunnel conforming to the link selection mode on the third virtual network card.
一种网络配置控制器，包括：A network configuration controller comprising:

编排策略接收单元，用于接收编排器下发的编排策略，所述编排策略中包括一个或者多个用户的网络配置信息；an orchestration policy receiving unit, configured to receive an orchestration policy issued by the orchestrator, where the orchestration policy includes network configuration information of one or more users;

节点信息接收单元，用于接收网络节点上报的节点信息，所述节点信息用于表征网络节点的运行状态和/或网络节点之间的网络质量；a node information receiving unit, configured to receive the node information reported by the network node, where the node information is used to represent the running state of the network node and/or the network quality between the network nodes;

配置指令集下发单元，用于根据所述编排策略和所述节点信息，生成应用于所述网络节点的配置指令集，并将所述配置指令集下发至所述网络节点，以使得所述网络节点根据所述配置指令集进行网络配置和数据转发。A configuration instruction set issuing unit, configured to generate a configuration instruction set applied to the network node according to the orchestration strategy and the node information, and issue the configuration instruction set to the network node, so that all The network node performs network configuration and data forwarding according to the configuration instruction set.
一种控制器，包括存储器和处理器，所述存储器用于存储计算机程序，所述计算机程序被所述处理器执行时，实现如权利要求1至9中任一所述的方法。A controller comprising a memory and a processor, the memory being used to store a computer program, the computer program implementing the method according to any one of claims 1 to 9 when executed by the processor.
一种流量引导***，包括编排器、控制器和至少两个网络节点，其中，所述控制器分别与所述编排器和各所述网络节点通信连接，所述网络节点间设有至少一条链路；所述编排器根据网络配置信息生成编排策略，并下发至所述控制器；所述控制器接收所述编排策略，并基于所述编排策略和权利要求1至9中任一所述的方法下发配置指令集至对应的所述网络节点；所述网络节点接收并执行所述配置指令集，以完成网络配置，并基于所述网络配置进行数据转发。A traffic guidance system includes an orchestrator, a controller and at least two network nodes, wherein the controller is respectively connected to the orchestrator and each of the network nodes in communication, and at least one chain is provided between the network nodes The orchestrator generates an orchestration policy according to the network configuration information, and sends it to the controller; the controller receives the orchestration policy, and based on the orchestration policy and any one of claims 1 to 9 The method delivers a configuration instruction set to the corresponding network node; the network node receives and executes the configuration instruction set to complete the network configuration and perform data forwarding based on the network configuration.