Nothing Special   »   [go: up one dir, main page]

WO2016029345A1 - 网络流的信息统计方法和装置 - Google Patents

网络流的信息统计方法和装置 Download PDF

Info

Publication number
WO2016029345A1
WO2016029345A1 PCT/CN2014/085108 CN2014085108W WO2016029345A1 WO 2016029345 A1 WO2016029345 A1 WO 2016029345A1 CN 2014085108 W CN2014085108 W CN 2014085108W WO 2016029345 A1 WO2016029345 A1 WO 2016029345A1
Authority
WO
WIPO (PCT)
Prior art keywords
network flow
flow
switching device
data packet
identifier
Prior art date
Application number
PCT/CN2014/085108
Other languages
English (en)
French (fr)
Inventor
苏金钊
王蛟
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to EP14900441.8A priority Critical patent/EP3179687B1/en
Priority to PCT/CN2014/085108 priority patent/WO2016029345A1/zh
Priority to CN201480038251.7A priority patent/CN105556916B/zh
Publication of WO2016029345A1 publication Critical patent/WO2016029345A1/zh
Priority to US15/442,544 priority patent/US9973400B2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/20Arrangements for monitoring or testing data switching networks the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/38Flow based routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows

Definitions

  • the embodiments of the present invention relate to communication technologies, and in particular, to an information statistics method and device for network flows. Background technique
  • SDN Software Defined Network
  • the core idea of Software Defined Network is to separate the network control forwarding logic from the physical forwarding plane.
  • the network control forwarding logic is executed by the controller.
  • the physical forwarding plane is executed by the switching device.
  • the switching device is based on the controller.
  • the forwarded forwarding entry forwards the data packet.
  • the most commonly used protocol between the controller and the switching device is called OpenFlow (OF).
  • OF OpenFlow
  • the controller can control resource allocation and network flow scheduling from a global perspective to optimize resource utilization. However, how the controller obtains information about each network stream in the SDN is an important issue.
  • the switching device counts the number of packets, the number of bytes, the number of flow entries, and time-related information of the network flows passing through each flow entry.
  • the OpenFlow standard can obtain the number of packets, the number of bytes, and the number of packets forwarded by a single or multiple flow entries whose matching fields are in the specified fields in a flow table of the switching device by using the network flow statistics request message and the response message between the controller and the switching device. Number of entries and time related information.
  • the statistics of the flow entry are the aggregated values of multiple network flows that successfully match the entry.
  • the statistics of each network flow are not counted.
  • the device forwards the data of a single network flow.
  • the information of each network flow cannot be calculated from the statistics of the flow entries.
  • the same network flow may be exchanged with multiple flow entries of different flow tables in the device.
  • the matching causes the switching device to repeatedly count the forwarding data of each network stream.
  • the accuracy of the information statistics of the network device by the switching device is not high. Summary of the invention
  • Embodiments of the present invention provide a method and device for collecting information of a network flow, and improving a pair of switching devices The accuracy of the information statistics of the network stream.
  • a first aspect of the embodiments of the present invention provides a method for collecting statistics of a network flow, including: receiving, by the switching device, a data packet;
  • the switching device generates an identifier of the network flow to which the data packet belongs according to all flow entries that the data packet passes through the ingress port to the egress port in the switching device;
  • the switching device updates information of the network flow corresponding to the identifier of the network flow.
  • the switching device generates, according to all flow entries that the data packet passes through the ingress port to the egress port in the switching device, to generate the data packet to which the data packet belongs.
  • the identifier of the network stream including:
  • the switching device generates an identifier of the network flow of the data packet according to the identifier of all flow entries that the data packet passes through the ingress port to the egress port in the switching device.
  • the switching device performs, according to the data packet, all flow entries that pass through the ingress port to the egress port in the switching device.
  • the identifier of the network stream that generates the data packet including:
  • the switching device sequentially arranges the identifiers of all flow entries in the switching device from the ingress port to the egress port, and generates an identifier of the network flow of the data packet.
  • the method before the switching device updates information about the network flow corresponding to the identifier of the network flow, the method further includes:
  • the information that the switching device updates the network flow corresponding to the identifier of the network flow includes: Whether the identifier of the network flow to which the data packet belongs is stored in the storage space;
  • the storage space has an identifier of the network flow to which the data packet belongs, the information of the network flow corresponding to the identifier of the network flow is updated.
  • the method further includes: if there is no target of the network flow to which the data packet belongs in the storage space And identifying an identifier of the network flow in the storage space, and updating information about the network flow corresponding to the identifier of the network flow.
  • the switching device is in accordance with the data packet Before all the flow entries passing through the inbound port to the egress port in the switching device are generated, before the identifier of the network flow to which the data packet belongs is generated, the method further includes:
  • the switching device checks whether a flow table entry matching the data packet is stored in the flow table space
  • the switching device sends the data packet to the controller, so that the controller generates and the data according to the data packet. Packet matching flow entry;
  • the switching device receives a flow entry that is sent by the controller and matches the data packet.
  • the method further includes:
  • the switching device generates an identifier of the network flow to be queried according to the matching domain
  • the switching device acquires the information of the network flow corresponding to the identifier of the network flow to be queried; the switching device sends the information of the network flow corresponding to the identifier of the network flow to be queried to the controller.
  • the information of the network flow includes at least one of the following Kind of information:
  • the switching device forwards the occupied bandwidth of the network flow.
  • a second aspect of the embodiments of the present invention provides an information statistics apparatus for a network stream, including: a packet transceiver module, configured to receive a data packet;
  • a network flow statistics module configured to generate an identifier of a network flow to which the data packet belongs according to all flow entries that pass through the inbound port to the egress port of the data packet; and update an identifier of the network flow Corresponding information about the network flow.
  • the network flow statistics module includes:
  • a first acquiring unit configured to acquire an identifier of all flow entries that the data packet passes through the ingress port to the egress port in the switching device;
  • a processing unit configured to generate an identifier of the network flow of the data packet according to an identifier of all flow entry entries that the data packet passes through the ingress port to the egress port in the switching device.
  • the processing unit is specifically configured to use the data packet in the switching device from the ingress port to the egress port.
  • the identifiers of the flow entry are sequentially arranged to generate an identifier of the network flow of the data packet.
  • the network flow statistics module further includes: an establishing unit, configured to establish an identifier of the storage network flow and information about the network flow corresponding to the identifier of the network flow storage.
  • the network flow statistics module further includes:
  • a searching unit configured to find, in the storage space, whether an identifier of a network flow to which the data packet belongs is stored
  • an updating unit configured to: if the identifier of the network flow to which the data packet belongs in the storage space, update information of the network flow corresponding to the identifier of the network flow.
  • the updating unit is further configured to: if there is no identifier of the network flow to which the data packet belongs in the storage space, Adding an identifier of the network flow to the storage space, and updating information of the network flow corresponding to the identifier of the network flow.
  • the method further includes: a flow table matching module for viewing Whether the flow table entry matching the data packet is stored in the flow table space; if the flow table space If the flow entry that matches the data packet is not stored, the data packet is sent to the controller, so that the controller generates a flow entry that matches the data packet according to the data packet; a flow entry that is sent by the controller and matches the data packet.
  • the network flow statistics module further includes:
  • a receiving unit configured to receive, by the controller, a request for querying information about a network flow, where the request includes a matching domain;
  • a generating unit configured to generate an identifier of the network flow to be queried according to the matching domain, where the second acquiring unit is configured to acquire a network flow corresponding to the identifier of the network flow to be queried
  • a sending unit configured to send information about the network flow corresponding to the identifier of the network flow to be queried to the controller.
  • the information about the network flow includes at least one of the following Kind of information:
  • the switching device forwards the occupied bandwidth of the network flow.
  • a third aspect of the embodiments of the present invention provides an information statistics device for a network flow, where the network flow information statistics device is a switching device, where the switching device includes: a processor, a memory, a communication interface, and a bus, where the processor The memory and the communication interface communicate via the bus;
  • the switching device further includes: a data packet transceiver module and a network flow statistics module, where the data packet transceiver module is configured to receive a data packet;
  • the network flow statistics module is configured to generate, according to the flow entry of the data packet in the switching device from the ingress port to the egress port, the identifier of the network flow to which the data packet belongs; The information of the network flow corresponding to the identifier of the new network stream.
  • the information statistics method and device for the network flow provided by the embodiment of the present invention, the data packet to be received by the switching device, and the network flow to which the data packet belongs according to all the flow entries that the data packet passes through the ingress port to the egress port in the switching device.
  • the information of all the flow entries passing through the inbound port to the egress port of the same network flow packet in the switching device is the same. Different, that is, all flow entries passing through the inbound port to the egress port can uniquely identify a network flow. Therefore, according to all flow entries passing through the inbound port to the egress port of the data packet, statistics are collected.
  • the information about the network flow to which the packet belongs can accurately count the information that the switching device forwards each network flow, and improve the accuracy of the information statistics of the switching device to the network flow.
  • FIG. 1 is a schematic diagram of an application scenario according to an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart of processing of an SDN network flow according to an embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of a controller according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a switching device according to an embodiment of the present invention.
  • FIG. 5 is a schematic flowchart of Embodiment 1 of a method for collecting statistics of a network flow according to the present invention
  • FIG. 6 is a schematic flowchart of a second embodiment of a method for collecting statistics of a network flow according to the present invention
  • FIG. 8 is a schematic flowchart of Embodiment 3 of a method for collecting statistics of a network flow according to the present invention
  • FIG. 9 is a schematic structural diagram of Embodiment 1 of an information statistics apparatus for network flow according to the present invention
  • FIG. 11 is a schematic structural diagram of Embodiment 3 of an information statistics apparatus for a network stream according to the present invention.
  • the application scenario of the embodiment of the present invention is mainly SDN.
  • the SDN is mainly composed of a controller that executes network control logic and a plurality of switching devices that perform data plane forwarding.
  • the controller and a single switching device are established through a dedicated physical connection or in-band mode. Communication, the most common communication interface between them is the OF protocol.
  • FIG. 1 is a schematic diagram of an application scenario of the embodiment of the present invention. In FIG. 1, the controller and the switching device are used.
  • the interconnections are shown in dashed lines and the interconnections between the switching devices are shown in solid lines.
  • the switching device in the SDN network may also connect some terminal devices, and the terminal devices carry the upper layer network services.
  • the source terminal device After the user initiates a new service request on the source terminal device, the source terminal device sends the first data packet of the network stream (the data stream of the new service) to the nearest access switching device, because the flow device in the flow table space of the switching device There is no forwarding entry for the data packet, and the switching device attempts to match the failure.
  • the first data packet is encapsulated into the request message and reported to the controller while the first data packet is cached (in the OpenFlow protocol, the request message is called " Packetln message "), the controller looks at the source network protocol (Internet Protocol, IP address), the destination IP address, the Vlan domain value, and the like in the first data packet, according to the current routing policy, the first data.
  • the network flow to which the packet belongs calculates the optimal path, and sends a flow entry modification message to the switching device on the optimal path (the message is modified for the flow entry in the 0penFl O protocol) and is called "FlowMod message").
  • FIG. 2 is a schematic diagram of a processing flow of an SDN network flow according to an embodiment of the present invention, where a processing flow of a first data packet of a network flow from a source terminal device to a destination terminal device is performed with an arrow As indicated by the line, the serial number next to the solid line of the arrow indicates the order in which the first packet is processed.
  • the embodiment of the present invention identifies a network flow by using all flow entries that the data packet passes through from the ingress port to the egress port in a switching device, because the same network flow data packet is in the switch device from the ingress port to the outbound port. All the flow entries passed by the port are the same. Different network flows are in the same line. The flow entries from the ingress port to the egress port in the device are different. Therefore, the identifier of the network flow generated based on all flow entries passed by the packet from the ingress port to the egress port in a switching device can be unique.
  • a network flow is identified, and the information of the network flow to which the switching data packet belongs is accurately calculated according to the information of the network flow, and the information of each network flow is forwarded by the switching device, and the accuracy of the information statistics of the network device by the switching device is improved.
  • FIG. 3 is a schematic structural diagram of a controller according to an embodiment of the present invention.
  • the controller generally runs on a server with a high hardware configuration, adopts a common architecture, and uses a network adapter. External switching device communication.
  • the controller mainly includes the modules of message sending and receiving, switching device configuration management, topology discovery, link management, and device management. To save the network status information collected from the switching device, you need to maintain the network information base (hereinafter referred to as: NIB). ) to facilitate the upper-level control program to make optimal decisions based on real-time NIB.
  • NIB network information base
  • FIG. 4 is a schematic structural diagram of a switching device according to an embodiment of the present invention.
  • the hardware part thereof includes a processor, a storage device, a dedicated hardware circuit, a network adapter, and other peripherals.
  • the switching device interacts with the controller through a network adapter, and uses a storage device such as a static random access memory (SRAM) or a Ternary Content Addressable Memory (TCAM).
  • SRAM static random access memory
  • TCAM Ternary Content Addressable Memory
  • the software part includes a network flow statistics module, which is mainly used for storing and maintaining the identifier of the network flow and the mapping with the information of the network flow, in particular, the flow table, in addition to the data packet transceiving and the flow table matching module.
  • the matching module performs matching on the flow entry of the data packet received by the data packet transceiver module, and the network flow statistics module stores and maintains the network flow identifier according to the matching result of the flow table matching module, and statistics the network flow according to the matching result of the flow table matching module.
  • Information includes at least one of the following information: a quantity of data packets of the switching device forwarding the network flow; a size of the data packet of the switching device forwarding the network flow; an average size of the data packet of the switching device forwarding the network flow; The interval at which packets of the network stream are forwarded; the forwarding rate at which the switching device forwards the network stream; the bandwidth occupied by the switching device to forward the network stream.
  • FIG. 5 is a schematic flowchart of Embodiment 1 of a method for collecting statistics on a network flow according to the present invention.
  • the execution entity of this embodiment is a switching device, and the method in this embodiment is as follows:
  • S501 The switching device receives the data packet.
  • Packets received by the switching device may come from the terminal device or from other forwarding devices.
  • the step can be performed by the packet transceiving module of FIG.
  • the switching device generates an identifier of the network flow to which the data packet belongs according to all flow entries that the data packet passes through the ingress port to the egress port in the switching device.
  • the switching device acquires an identifier of all flow entries that the data packet passes through the ingress port to the egress port in the switching device; the switching device enters the egress port to the egress port according to the data packet in the switching device.
  • the switching device updates information about the network flow corresponding to the identifier of the network flow.
  • the flow table matching module of the switching device searches the flow table space for the flow entry matching the foregoing data packet, and forwards the data packet according to the instruction in the matched flow entry, and the network flow statistics of the switching device.
  • the module identifies the network flow to which the data packet belongs according to all flow entries passed by the data packet from the ingress port to the egress port in the switching device, and collects statistics on the network flow.
  • the information of the network flow includes at least one of the following information: a quantity of data packets of the switching device forwarding the network flow; a size of the data packet of the switching device forwarding the network flow; an average size of the data packet of the switching device forwarding the network flow; The interval at which the device forwards the packets of the network stream; the forwarding rate at which the switching device forwards the network stream; the occupied bandwidth of the switching device to forward the network stream.
  • the switching device sequentially arranges the identifiers of all flow entries that the data packets pass through the ingress port to the egress port in the switching device, and generates an identifier of the network flow of the data packet.
  • All the flow entries passed by the packet from the ingress port to the egress port in the switching device are the entry of flow table 1, the entry 2 of flow table 2, and the entry 3 of flow table 3, assuming that "011" is The identifier of the entry 1 of the flow table 1, "022" is the identifier of the entry 2 of the flow table 2, and "033" is the identifier of the entry 3 of the flow table 3, and the identifier of the network flow to which the data packet belongs is generated as " 011022033 " , the information of the network flow is the size of the data packet of the switching device forwarding the network flow and the average size of the data packet of the switching device forwarding the network flow, and then, according to the size of the data packet, the switching device forwards the data packet of the network flow according to the size of the data packet.
  • the size of the network packet is the same as the total size of the packet that the switching device forwards the network stream identifier to "011022033" before the packet is received.
  • the total size of the packet forwarded by the switching device is "011022033".
  • the size of the stream packet is 2M, and the size of the packet of the stream whose switching device forwards the network stream identifier "011022033" is changed to 12M (10M+2M).
  • the switching device forwards the total size of the data packet of the flow with the network flow identifier "011022033" to 10M, and then the latest statistical exchange device forwards the network flow identifier before receiving the data packet as " The average size of the packets of the stream of 011022033" is (10/3) M, if the network stream identifier forwarded by the switching device is
  • the size of the packet of the stream of "011022033" is 2M, that is, the total size of the packet of the stream whose network stream identifier is "011022033" forwarded by the switching device 4 times is 12M, and the switching device forwards the network network stream identifier to "
  • the average size of the stream packets for 011022033" is updated to 3M ((10+2) /4) M.
  • the statistics on other network flow information are similar to this, and will not be described here.
  • the data packet is received by the switching device, and according to all the flow entries that the data packet passes through the ingress port to the egress port in the switching device, the information of the network flow to which the data packet belongs is counted, because the same network flow data packet All the flow entries from the ingress port to the egress port in the switching device are the same. Different network flows in the switching device are different from the ingress port to the egress port. That is, the ingress port to the egress port. All the flow entries that pass through can uniquely identify a network flow. Therefore, according to all flow entries passing through the inbound port to the egress port of the data packet, the information about the network flow to which the data packet belongs can be accurately counted.
  • the switching device forwards the information of each network stream, and improves the accuracy of the information statistics of the switching device to the network stream.
  • FIG. 6 is a schematic flowchart of the second embodiment of the method for collecting statistics on the network flow according to the present invention.
  • the execution body of the embodiment is a switching device, and the method in this embodiment is as follows:
  • S601 The switching device receives the data packet.
  • This step can be performed in particular by the packet transceiving module of the switching device.
  • S602 The switching device checks whether a flow table entry matching the data packet is stored in the flow table space. If not, execute S603, and if yes, execute S605.
  • the flow table matching module of the switching device checks whether a flow entry matching the data packet is stored in the flow table space.
  • the flow table space includes multiple flow tables, and each flow table stores multiple flow entries, different The flow table has different matching fields. If the data packet is the first data packet of a network flow, usually the flow table entry that matches the data packet is not stored in the first flow table space that receives the data packet. Then, S603 is performed; if a flow table entry matching the data packet is stored in the flow table space of the switching device, S605 is performed.
  • the switching device sends the data packet to the controller, so that the controller generates a flow entry that matches the foregoing data packet according to the data packet.
  • the communication module interacting with the controller in the switching device encapsulates the data packet into a "Packetln message” and reports it to the controller. After the controller generates a flow entry matching the above data packet according to the data packet, the controller sends the flow entry to the switching device through a "FlowMod message".
  • S604 The switching device receives a flow entry that is sent by the controller and matches the data packet.
  • the data packet transceiver module of the switching device receives the flow entry that is sent by the controller and matches the data packet, and the flow table matching module of the switching device installs the flow entry matching the data packet in its own flow table space.
  • the switching device generates an identifier of the network flow to which the data packet belongs according to all flow entries that the data packet passes through the ingress port to the egress port in the switching device.
  • the flow table matching module of the switching device forwards the data packet from the ingress port to the egress port according to the instruction of the flow table entry matched by the data packet, and the network flow statistics module of the switching device follows the data packet in the switching device from the ingress port to the outbound port. All the flow entries passed by the port generate the identifier of the network flow to which the packet belongs.
  • the identifier of the network flow is also called (FlowID), and the identifier of the network flow to which the data packet belongs is composed of the corresponding segment code of the flow entry that the data packet passes through the ingress port to the egress port in the switching device, and the format of the identifier of the network flow. As shown in Table 1:
  • the segment code number N is equal to the number of flow tables in the switching device, and the value of each segment code is equal to the relative position information of the flow table entry in the flow table, and the location information may be a sequence number, a relative header offset,
  • the hash value of the cookie or the matching domain, etc. is not limited in this embodiment of the present invention.
  • the location information is used as an example of the sequence number of the flow entry in the flow table.
  • the data packet is processed in the forwarding process of the switching device, and the pipeline is processed in sequence by the flow table. However, the data packet may skip some After the flow table is processed by a flow table in the middle, it leaves the switching device from a port of the switch. If the data packet is used in the forwarding process of the switching device, only the switching device is used. For the partial flow table, the segment code corresponding to the unused flow table is filled with special characters (for example: "#,,"). There are 4 flow tables in the flow table space of a switching device, where one data stream passes once. The second flow entry of flow table 1, the third flow entry of flow table 2, and then jump directly to the flow table.
  • the identifier of the network flow to which the data packet belongs may be: "0102###00", where "01" indicates the second flow of flow table 1.
  • the entry "02" indicates the third flow entry of flow table 2; "###” indicates that flow table 3 is not passed, and "00" indicates the flow table.
  • the first stream entry of 4 wherein, specifically, the segment encoding of each flow table is represented by several bits, which is related to the number of flow entries that the flow table can store.
  • the location information is taken as an example of a cookie.
  • the cookie is the identifier specified by the controller for adding a flow entry when the flow parameter is added by the controller.
  • the identifier of the network flow is nJ il H ⁇ H 3 ⁇ H 2 ⁇ H x ⁇ Cookie ⁇ Cookie2), - ⁇ CookieA) ⁇ , where HH 2 , H 3 , H 4 are the hash functions of the cookie, and -1 means the flow table without the third flow table. item.
  • the location information is used as an example of the hash value of the matching domain.
  • the identifier of the network flow can be ⁇ ⁇ 3 ⁇ 2 ⁇ ⁇ ⁇ ,00 : IB:21:CC:ED: C3).
  • the method for determining or generating the identifier of the network flow in the embodiment of the present invention includes, but is not limited to, the foregoing methods, as long as it is generated according to the flow entry that the data packet passes through the ingress port to the egress port in the switching device, The embodiment of the invention is not limited.
  • the switching device updates information about the network flow corresponding to the identifier of the network flow.
  • the network flow statistics module of the switching device searches whether the identifier of the network flow to which the data packet belongs is stored in the storage space. If there is an identifier of the network flow to which the data packet belongs in the storage space, the information of the network flow corresponding to the identifier of the network flow is updated. If there is no identifier of the network flow to which the data packet belongs in the storage space, the identifier of the network flow is added to the storage space, and the information of the network flow corresponding to the identifier of the network flow is updated. For details on how to update the network flow corresponding to the identifier of the network flow, refer to the detailed description of S502, and details are not described herein again.
  • the method further includes: establishing an identifier of the storage network flow and information about the network flow corresponding to the identifier of the network flow.
  • Storage space The storage space of the information of the network flow corresponding to the identifier of the storage network stream and the identifier of the network flow may be a table, a binary tree or the like. The table is shown in Table 2:
  • the identifier of the network flow is the key (Key) field of the node in the tree
  • the information of the network flow is the data (data) field saved in the node time of the data
  • the binary tree The time complexity of dynamic insertion, deletion, and lookup is 0 (IgN), where N is the number of network flows forwarded by the switching device.
  • the identifier of the new network flow is inserted into the storage space, and The information of the network flow is updated, and if the identifier of the storage network flow and the storage space of the information of the network flow corresponding to the identifier of the network flow include the identifier of the network flow, the information of the network flow is directly updated.
  • the embodiment of the present invention can store the identifiers of the network flows in order of size by specifying the size relationship of the network flows, thereby reducing the complexity of storing and searching the information of the network flows. Degrees make the discovery and storage of network flow information more convenient.
  • the size relationship of network flow identifiers can follow the following principles:
  • the identifiers of the network flows of all network flows are equal in length; 2.
  • the inner segment of the same flow table is encoded as a special character (for example: "#"), which is smaller than any valid segment code; The greater the identity of the identity; 3, the first segment encoding of the network flow identifier (corresponding to the first flow table), the highest weight, the last segment encoding (corresponding to the last flow table), the lowest weight, the segment encoding weight, with the flow table number in the pipeline The increase is reduced in turn.
  • FIG. 7 is a schematic diagram of the storage structure of the binary tree according to the present invention.
  • the data packet is received by the switching device, and the flow table entry matching the data packet is stored in the flow table space. If the flow entry matching the data packet is stored, the data packet is in the switching device. All the flow entries passing through the inbound port to the egress port determine the identifier of the network flow to which the data packet belongs, and update the information about the network flow corresponding to the identifier of the network flow.
  • the switching device sends the data packet to the controller, so that the controller generates a flow entry that matches the data packet according to the data packet, and matches the data packet sent by the receiving controller.
  • the flow entry the switching device determines the identifier of the network flow to which the data packet belongs according to all the flow entries in the switching device from the ingress port to the egress port, and updates the information of the network flow corresponding to the identifier of the network flow. . Since all the flow entries of the same network flow packet passing through the ingress port to the egress port are the same in the switching device, different network flows are different in the switching device from the ingress port to the egress port.
  • the statistics packet belongs to The information of the network stream can accurately count the information that the switching device forwards each network stream, and improve the accuracy of the information statistics of the switching device to the network stream.
  • FIG. 8 is a schematic flowchart of Embodiment 3 of the method for collecting statistics of the network flow according to the present invention.
  • the embodiment shown in FIG. 8 is based on the embodiment shown in FIG. 5 or FIG. 6 , and the controller obtains information about the network flow from the switching device.
  • the process of this embodiment is as follows:
  • the switching device receives a request sent by the controller to query information of the network flow.
  • the above request includes a matching domain.
  • This step is performed by a communication module in the switching device that interacts with the controller.
  • the switching device generates an identifier of the network flow to be queried according to the matching domain.
  • the flow table matching module of the switching device matches each flow table according to the matching field included in the request, and the network flow statistics module generates the identifier of the network flow to be queried according to the flow entry corresponding to the matching. This method is similar to the method of S605, and will not be described again here.
  • the switching device acquires information about the network flow corresponding to the identifier of the network flow to be queried.
  • the network flow statistics module of the switching device queries the identifier of the network flow to be queried from the storage space of the identifier of the storage network flow and the information of the network flow corresponding to the identifier of the network flow Information about the network flow that should be.
  • the network stream matching the identifier of the network stream to be queried may be one or more.
  • the switching device sends information about the network flow corresponding to the identifier of the network flow to be queried to the controller.
  • the communication module interacting with the controller in the switching device sends information of the network flow corresponding to the identifier of the network flow to be queried to the controller.
  • the information of the network flow corresponding to the identifier of the network flow to be queried may include the number of matched network flows, and the information of each matched network flow.
  • the controller carries the information of the specified matching domain in the request message, so that the switching device generates the identifier of the network stream to be queried according to the information of the matching domain, and queries and queries the to-be-queried in the storage space.
  • the information of the network flow corresponding to the identifier of the network flow is sent to the controller by the information of the network flow corresponding to the identifier of the network flow to be queried.
  • the controller can accurately know the information of the forwarded network stream of each switching device in the network.
  • the controller can also provide the obtained network flow information to the upper layer application in the form of an API, and can further aggregate the network flow statistics or adopt corresponding policies.
  • Embodiment 9 is a schematic structural diagram of Embodiment 1 of an information statistics apparatus for a network flow according to the present invention.
  • the apparatus of this embodiment includes a data packet transceiver module 901 and a network flow statistics module 902, wherein the data packet transceiver module 901 is configured to receive a data packet;
  • the flow statistics module 902 is configured to generate an identifier of the network flow to which the data packet belongs according to all flow entries that pass through the inbound port to the egress port in the foregoing switching device, and update the network flow corresponding to the identifier of the network flow. information.
  • the network flow statistics module 902 further includes a first obtaining unit and a processing unit, where the first obtaining unit is configured to acquire the data packet from the ingress port to the outbound in the switching device. An identifier of all flow entry entries that the port passes through; a processing unit, configured to generate, according to the identifier of all flow entries that the data packet passes through the ingress port to the egress port in the switching device, generate a network flow of the data packet Logo.
  • the processing unit is specifically configured to sequentially arrange the identifiers of all the flow entries that the data packet passes through the ingress port to the egress port in the switching device, and generate the network flow of the data packet.
  • the network flow statistics module 902 further includes an establishing unit, where the establishing unit is configured to establish an identifier of the storage network flow and a network corresponding to the identifier of the network flow.
  • the storage space for streaming information is configured to establish an identifier of the storage network flow and a network corresponding to the identifier of the network flow.
  • the network flow statistics module further includes: a searching unit, configured to search whether an identifier of the network flow to which the data packet belongs is stored in the storage space; and an update unit, configured to: The storage space has an identifier of the network flow to which the data packet belongs, and the information of the network flow corresponding to the identifier of the network flow is updated.
  • the updating unit is further configured to: if the identifier of the network flow to which the data packet belongs in the storage space, add an identifier of the network flow in the storage space, and update the The information of the network flow corresponding to the identifier of the network flow.
  • the data packet is received by the data packet transceiver module, and the network flow statistics module collects information about the network flow to which the data packet belongs according to all flow entries that the data packet passes through the ingress port to the egress port in the switching device, because All the flow entries of the same network flow packet from the ingress port to the egress port in the switching device are the same.
  • Different network flows in the switching device are different from all the flow entries passing through the ingress port to the egress port, that is, All the flow entries passing through the inbound port to the egress port can uniquely identify a network flow. Therefore, according to all flow entries passing through the inbound port to the egress port of the data packet, the network flow to which the data packet belongs is counted.
  • the information can accurately count the information that the switching device forwards each network stream, and improve the accuracy of the information statistics of the switching device to the network stream.
  • FIG. 10 is a schematic structural diagram of Embodiment 2 of the information flow device of the network flow according to the present invention.
  • FIG. 10 is further included on the basis of the embodiment shown in FIG. 9, further including a flow table matching module 903, where the flow table matching module 903 is used.
  • the controller generates a flow entry that matches the foregoing data packet according to the foregoing data packet; and receives a flow entry that is sent by the controller and matches the data packet.
  • the network flow statistics module 902 further includes a receiving unit, a generating unit, a second obtaining unit, and a sending unit, where the receiving unit is configured to receive, by the controller, a request for querying information of the network flow, where The request includes a matching field, a generating unit, configured to generate an identifier of the network stream to be queried according to the matching domain, and a second acquiring unit, configured to acquire information about the network stream corresponding to the identifier of the network stream to be queried And a sending unit, configured to send information about the network flow corresponding to the identifier of the network flow to be queried to the controller.
  • the processing unit is specifically configured to sequentially sequence the identifiers of all the flow entries that the data packet passes through the ingress port to the egress port in the switching device, to generate the data.
  • the identifier of the network flow of the packet is specifically configured to sequentially sequence the identifiers of all the flow entries that the data packet passes through the ingress port to the egress port in the switching device, to generate the data.
  • the identifier of the network flow of the packet is specifically configured to sequentially sequence the identifiers of all the flow entries that the data packet passes through the ingress port to the egress port in the switching device, to generate the data.
  • the identifier of the network flow of the packet is specifically configured to sequentially sequence the identifiers of all the flow entries that the data packet passes through the ingress port to the egress port in the switching device, to generate the data.
  • the network flow statistics module 902 further includes: an establishing unit, configured to establish a storage space for storing an identifier of the network flow and information of the network flow corresponding to the identifier of the network flow.
  • the network flow statistics module 902 further includes a search unit and an update unit, where the search unit is configured to search whether the identifier of the network flow to which the data packet belongs is stored in the storage space; And, if the identifier of the network flow to which the data packet belongs in the storage space, update information about the network flow corresponding to the identifier of the network flow.
  • the updating unit is further configured to: if the identifier of the network flow to which the data packet belongs in the storage space, add an identifier of the network flow in the storage space, and update the network flow The identifier corresponds to the information of the network flow.
  • the flow table matching module 903 is further configured to check whether a flow entry matching the data packet is stored in the flow table space; if the flow table space does not store the flow matching the data packet An entry, the data packet is sent to the controller, so that the controller generates a flow entry that matches the data packet according to the data packet, and receives a packet that is sent by the controller and matches the data packet. Flow entry.
  • the data packet is received by the data packet transceiver module, and the flow table matching module checks whether a flow entry matching the data packet is stored in the flow table space. If a flow entry matching the data packet is stored, the network flow is The statistics module determines the identifier of the network flow to which the data packet belongs according to all the flow entries that the data packet passes through the ingress port to the egress port in the switching device, and updates the information of the network flow corresponding to the identifier of the network flow. If the flow table entry matching the data packet is not stored, the flow table matching module sends the data packet to the controller, so that the controller generates a flow entry that matches the data packet according to the data packet, and receives the data and data sent by the controller.
  • the network flow statistics module determines the identifier of the network flow to which the data packet belongs according to all flow entries that the data packet passes through the ingress port to the egress port, and updates the identifier of the network flow.
  • Network flow information Since all the flow entries of the same network flow packet passing through the ingress port to the egress port are the same in the switching device, different network flows are different in the switching device from the ingress port to the egress port. That is, all flow entries passing through the inbound port to the egress port can uniquely identify a network flow. Therefore, according to all flow entries passing through the inbound port to the egress port of the packet, the statistics packet belongs to The information of the network stream can accurately count the forwarding device to forward each network stream. The information is used to improve the accuracy of the information exchange of the switching device on the network stream.
  • the network flow statistics module 902 further includes a receiving unit, a generating unit, a second obtaining unit, and a sending unit, where the receiving unit is configured to receive a request sent by the controller to query information of the network flow, where the request is a matching unit is included; a generating unit is configured to generate an identifier of the network stream to be queried according to the matching domain; and a second acquiring unit is configured to acquire information about the network stream corresponding to the identifier of the network stream to be queried; And transmitting, to the controller, information about a network flow corresponding to the identifier of the network flow to be queried.
  • the information of the network flow includes at least one of the following information: the switching device forwards the number of data packets of the network flow; and the switching device forwards a data packet size of the network flow; The switching device forwards an average size of data packets of the network flow; the switching device forwards an interval of data packets of the network flow; the switching device forwards a forwarding rate of the network flow; and the switching device forwards The occupied bandwidth of the network stream.
  • the controller carries the information of the specified matching domain in the request message, so that the network flow statistics module generates the identifier of the network flow to be queried according to the information of the matching domain, and queries and checks the storage space in the storage space.
  • the information of the network stream corresponding to the identifier of the network stream to be queried is sent to the controller by the information of the network stream corresponding to the identifier of the network stream to be queried.
  • the controller can accurately know the information of the forwarded network stream of each switching device in the network.
  • the controller can also provide the obtained network stream information to the upper layer application in the form of an API, and can further aggregate network traffic statistics or adopt corresponding policies.
  • FIG. 11 is a schematic structural diagram of Embodiment 3 of the information flow device of the network flow according to the present invention.
  • the information statistics device of the network flow in this embodiment is a switching device.
  • the switching device includes at least: a processor 1101 and a memory 1102. , communication interface 1103 and bus 1104.
  • the processor 1101, the memory 1102, and the communication interface 1103 communicate through the bus 1104.
  • the switching device further includes: a data packet transceiver module and a network flow statistics module, where the data packet transceiver module 1105 is configured to receive a data packet;
  • the network flow statistics module 1106 is configured to generate an identifier of the network flow to which the data packet belongs according to all flow entries that the data packet passes through the ingress port to the egress port in the switching device, and update the network flow. Identifies the information of the corresponding network flow.
  • the embodiment of the present invention further provides a computer readable medium, comprising computer execution instructions, where the computer execution instruction is used by the switching device to perform the information statistics method of the network flow of the present invention.
  • the aforementioned program can be stored in a computer readable storage medium.
  • the program when executed, performs the steps including the above-described method embodiments; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明实施例提供一种网络流的信息统计方法和装置,通过交换设备接收数据包,根据数据包在交换设备中从入端口到出端口经过的所有的流表项,统计数据包所属的网络流的信息,由于同一个网络流数据包在交换设备中从入端口到出端口经过的所有的流表项相同,不同的网络流在交换设备中从入端口到出端口经过的所有的流表项不同,也就是,从入端口到出端口经过的所有的流表项能够唯一标识一条网络流,因此,根据数据包在交换设备中从入端口到出端口经过的所有的流表项,统计数据包所属的网络流的信息,能准确统计出交换设备转发每一条网络流的信息,提高交换设备对网络流的信息统计的准确性。

Description

网络流的信息统计方法和装置
技术领域
本发明实施例涉及通信技术, 尤其涉及一种网络流的信息统计方法和装 置。 背景技术
软件定义网络 (Software Defined Network, 以下简称: SDN) 的核心思 想是将网络控制转发逻辑和物理转发面分离, 网络控制转发逻辑由控制器执 行, 物理转发面由交换设备执行, 交换设备根据控制器下发的转发表项转发 数据包,控制器和交换设备之间最常用的协议称为(OpenFlow,以下简称: OF) 协议。 在 SDN中, 控制器能从全局视角掌控资源分配和网络流调度, 优化资 源利用率, 但是, 控制器如何得到 SDN中每条网络流的信息, 是一个至关重 要的问题。
现有技术中, 交换设备统计经过每个流表项的网络流的转发的包数、 字 节数、 流表项数目及时间相关信息。 OpenFlow标准通过在控制器和交换设备 间交互网络流统计请求消息和应答消息, 可以获得交换设备某张流表中匹配 域为指定字段的单条或多条流表项转发的包数、 字节数、 流表项数目及时间 相关信息。
然而, 由于同一流表项可能被多条网络流成功匹配, 因此流表项的统计 值是多条成功匹配该表项的网络流的汇聚值, 并非统计每条网络流的信息, 无法体现交换设备转发单条网络流的数据量, 从这些流表项的统计信息中也 无法计算得出每条网络流的信息; 而且同一条网络流有可能被交换设备中不 同流表的多条流表项匹配,导致交换设备对每条网络流的转发数据重复统计, 综上所述, 采用现有技术的方法, 交换设备对网络流的信息统计的准确性不 高。 发明内容
本发明实施例提供一种网络流的信息统计方法和装置, 提高交换设备对 网络流的信息统计的准确性。
本发明实施例第一方面提供一种网络流的信息统计方法, 包括: 交换设备接收数据包;
所述交换设备按照所述数据包在所述交换设备中从入端口到出端口 经过的所有流表项, 生成所述数据包所属的网络流的标识;
所述交换设备更新所述网络流的标识对应的网络流的信息。
结合第一方面, 在第一种可能的实现方式中, 所述交换设备按照所述 数据包在所述交换设备中从入端口到出端口经过的所有流表项, 生成所述 数据包所属的网络流的标识, 包括:
所述交换设备获取所述数据包在所述交换设备中从入端口到出端口 经过的所有流表项的标识;
所述交换设备根据所述数据包在所述交换设备中从入端口到出端口 经过的所有流表项的标识, 生成所述数据包的网络流的标识。
结合第一方面的第一种可能的实现方式, 在第二种可能的实现方式 中, 所述交换设备根据所述数据包在所述交换设备中从入端口到出端口经 过的所有流表项的标识, 生成所述数据包的网络流的标识, 包括:
所述交换设备将所述数据包在所述交换设备中从入端口到出端口经 过的所有流表项的标识依次排列, 生成所述数据包的网络流的标识。
结合第一方面, 在第三种可能的实现方式中, 所述交换设备更新所述 网络流的标识对应的网络流的信息之前, 还包括:
建立存储网络流的标识以及所述网络流的标识对应的网络流的信息 的存储空间。
结合第一方面的第三种可能的实现方式, 在第四种可能的实现方式 中, 所述交换设备更新所述网络流的标识对应的网络流的信息, 包括: 所述交换设备査找所述存储空间中是否存储有所述数据包所属的网 络流的标识;
若所述存储空间中有所述数据包所属的网络流的标识, 则更新所述网 络流的标识对应的网络流的信息。
结合第一方面的第四种可能的实现方式, 在第五种可能的实现方式 中, 所述方法还包括: 若所述存储空间中无所述数据包所属的网络流的标 识, 则在所述存储空间中添加所述网络流的标识, 并更新所述网络流的标 识对应的网络流的信息。
结合第一方面或第一方面的第一种至第五种可能的实现方式中任一 种可能的实现方式, 在第七种可能的实现方式中, 所述交换设备按照所述 数据包在所述交换设备中从入端口到出端口经过的所有流表项, 生成所述 数据包所属的网络流的标识之前, 还包括:
所述交换设备査看流表空间中是否存储有与所述数据包匹配的流表 项;
若流表空间中未存储有与所述数据包匹配的流表项, 所述交换设备则 将所述数据包发送给控制器, 以使所述控制器根据所述数据包生成与所述 数据包匹配的流表项;
所述交换设备接收所述控制器发送的与所述数据包匹配的流表项。 结合第一方面或第一方面的第一种至第六种可能的实现方式中任一 种可能的实现方式, 在第七种可能的实现方式中, 所述方法还包括:
所述交换设备接收控制器发送的査询网络流的信息的请求, 所述请求 中包含匹配域;
所述交换设备根据所述匹配域生成待査询的网络流的标识;
所述交换设备获取所述待査询的网络流的标识对应的网络流的信息; 所述交换设备将所述待査询的网络流的标识对应的网络流的信息发 送给所述控制器。
结合第一方面或第一方面的第一种至第七种可能的实现方式中任一 种可能的实现方式, 在第八种可能的实现方式中, 所述网络流的信息包括 下述至少一种信息:
所述交换设备转发所述网络流的数据包的数量;
所述交换设备转发所述网络流的数据包的大小;
所述交换设备转发所述网络流的数据包的平均大小;
所述交换设备转发所述网络流的数据包的间隔时间;
所述交换设备转发所述网络流的转发速率;
所述交换设备转发所述网络流的占用带宽。
本发明实施例第二方面提供一种网络流的信息统计装置, 包括: 数据包收发模块, 用于接收数据包;
网络流统计模块, 用于按照所述数据包在所述交换设备中从入端口到 出端口经过的所有流表项, 生成所述数据包所属的网络流的标识; 更新所 述网络流的标识对应的网络流的信息。
结合第二方面, 在第一种可能的实现方式中, 所述网络流统计模块, 包括:
第一获取单元, 用于获取所述数据包在所述交换设备中从入端口到出 端口经过的所有流表项的标识;
处理单元, 用于根据所述数据包在所述交换设备中从入端口到出端口 经过的所有流表项的标识, 生成所述数据包的网络流的标识。
结合第二方面的第一种可能的实现方式, 在第二种可能的实现方式 中, 所述处理单元具体用于将所述数据包在所述交换设备中从入端口到出 端口经过的所有流表项的标识依次排列, 生成所述数据包的网络流的标 识。
结合第二方面, 在第三种可能的实现方式中, 所述网络流统计模块, 还包括: 建立单元, 用于建立存储网络流的标识以及所述网络流的标识对 应的网络流的信息的存储空间。
结合第二方面的第三种可能的实现方式, 在第四种可能的实现方式 中, 所述网络流统计模块, 还包括:
査找单元, 用于査找所述存储空间中是否存储有所述数据包所属的网 络流的标识;
更新单元, 用于若所述存储空间中有所述数据包所属的网络流的标 识, 则更新所述网络流的标识对应的网络流的信息。
结合第二方面的第四种可能的实现方式, 在第五种可能的实现方式 中, 所述更新单元, 还用于若所述存储空间中无所述数据包所属的网络流 的标识, 则在所述存储空间中添加所述网络流的标识, 并更新所述网络流 的标识对应的网络流的信息。
结合第二方面或第二方面的第一种至第五种可能的实现方式中任一 种可能的实现方式, 在第六种可能的实现方式中, 还包括: 流表匹配模块 用于査看流表空间中是否存储有与所述数据包匹配的流表项; 若流表空间 中未存储有与所述数据包匹配的流表项, 则将所述数据包发送给控制器, 以使所述控制器根据所述数据包生成与所述数据包匹配的流表项; 接收所 述控制器发送的与所述数据包匹配的流表项。
结合第二方面或第二方面的第一种至第六种可能的实现方式中任一 种可能的实现方式, 在第七种可能的实现方式中, 所述网络流统计模块, 还包括:
接收单元, 用于接收控制器发送的査询网络流的信息的请求, 所述请 求中包含匹配域;
生成单元, 用于根据所述匹配域生成待査询的网络流的标识; 第二获取单元, 用于获取所述待査询的网络流的标识对应的网络流的
I Ή自、 .,
发送单元, 用于将所述待査询的网络流的标识对应的网络流的信息发 送给所述控制器。
结合第二方面或第二方面的第一种至第七种可能的实现方式中任一 种可能的实现方式, 在第八种可能的实现方式中, 所述网络流的信息包括 下述至少一种信息:
所述交换设备转发所述网络流的数据包的数量;
所述交换设备转发所述网络流的数据包的大小;
所述交换设备转发所述网络流的数据包的平均大小;
所述交换设备转发所述网络流的数据包的间隔时间;
所述交换设备转发所述网络流的转发速率;
所述交换设备转发所述网络流的占用带宽。
本发明实施例第三方面提供一种网络流的信息统计装置, 所述网络流 信息统计装置为交换设备, 所述交换设备包括: 处理器、 存储器、 通信接 口和总线, 其中, 所述处理器、 所述存储器和所述通信接口通过所述总线 通信;
所述交换设备还包括: 数据包收发模块和网络流统计模块, 其中, 所述数据包收发模块, 用于接收数据包;
所述网络流统计模块, 用于按照所述数据包在所述交换设备中从入端 口到出端口经过的所有流表项, 生成所述数据包所属的网络流的标识; 更 新所述网络流的标识对应的网络流的信息。
本发明实施例提供的网络流的信息统计方法和装置, 通过交换设备接收 数据包, 根据数据包在交换设备中从入端口到出端口经过的所有的流表项, 统计数据包所属的网络流的信息, 由于同一个网络流数据包在交换设备中从 入端口到出端口经过的所有的流表项相同, 不同的网络流在交换设备中从入 端口到出端口经过的所有的流表项不同, 也就是, 从入端口到出端口经过的 所有的流表项能够唯一标识一条网络流, 因此, 根据数据包在交换设备中从 入端口到出端口经过的所有的流表项, 统计数据包所属的网络流的信息, 能 准确统计出交换设备转发每一条网络流的信息, 提高交换设备对网络流的信 息统计的准确性。 附图说明
为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实 施例或现有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面 描述中的附图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动性的前提下, 还可以根据这些附图获得其他的附图。
图 1为本发明实施例应用场景示意图;
图 2为本发明实施例 SDN网络流的处理流程示意图;
图 3为本发明实施例控制器的结构示意图;
图 4为本发明实施例交换设备的结构示意图;
图 5为本发明网络流的信息统计方法实施例一的流程示意图; 图 6为本发明网络流的信息统计方法实施例二的流程示意图; 图 7为本发明二叉树的存储结构示意图;
图 8为本发明网络流的信息统计方法实施例三的流程示意图; 图 9为本发明网络流的信息统计装置实施例一的结构示意图; 图 10为本发明网络流的信息统计装置实施例二的结构示意图; 图 11为本发明网络流的信息统计装置实施例三的结构示意图。 具体实施方式
下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进 行清楚、完整地描述, 显然,所描述的实施例仅仅是本发明一部分实施例, 而不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没 有做出创造性劳动前提下所获得的所有其他实施例, 都属于本发明保护的 范围。
本发明实施例的应用场景主要为 SDN, SDN主要由执行网络控制逻辑的 控制器和若干执行数据面转发的交换设备组成, 控制器和单个交换设备间通 过专用的物理连线或带内方式建立通信, 它们之间最常用的通信接口为 OF 协议, 本发明实施例的应用场景示意图如图 1所示, 图 1为本发明实施例应 用场景示意图, 在图 1 中, 控制器与交换设备之间的互联以虚线示出, 交换 设备之间的互联以实线示出。
SDN网络中交换设备除和控制器及其他交换设备互联外,还可能连接部分 终端设备, 终端设备承载了上层的网络业务。 在源终端设备上用户发起新业 务请求后, 源终端设备将网络流 (新业务的数据流) 首个数据包发送至其最 邻近的接入交换设备上, 由于交换设备的流表空间内并无针对该数据包的转 发表项, 交换设备尝试匹配失败, 在缓存首个数据包的同时将该首个数据包 封装为请示消息并上报至控制器 (在 OpenFlow协议中该请示消息称为 " Packetln消息" ) , 控制器査看首个数据包中的源网络协议 (Internet Protocol , 以下简称: IP ) 地址、 目的 IP地址、 Vlan域值等信息, 依据当前 的路由策略, 为该首个数据包所属的网络流计算最优路径, 并向最优路径上 的交换设备下发流表项修改消息 (在 0penFlO 办议中为该流表项修改该消息 称为 "FlowMod消息" ) , 收到 FlowMod消息的交换设备, 依据控制器下发的 FlowMod消息中的指令在自身流表内添加、删除或更新对应流表项, 并在收到 同一个网络流的数据包后, 査找流表空间并依据匹配的流表项的指令完成报 文在数据面的转发。 网络流的处理流程如图 2所示, 图 2为本发明实施例 SDN 网络流的处理流程示意图, 其中, 网络流的首个数据包从源终端设备到目的 终端设备的处理流程如带箭头实线所示, 箭头实线旁的序号表明对首个数据 包处理的先后顺序。
本发明实施例是通过根据数据包在一个交换设备中从入端口到出端 口经过的所有的流表项来来标识一条网络流, 由于同一个网络流数据包在 交换设备中从入端口到出端口经过的所有的流表项相同, 不同的网络流在交 换设备中从入端口到出端口经过的所有的流表项不同, 因此, 根据数据包在 一个交换设备中从入端口到出端口经过的所有的流表项来生成的网络流 的标识能够唯一标识一条网络流, 基于上述网络流的标识统计数据包所属 的网络流的信息, 能准确统计出交换设备转发每一条网络流的信息, 提高交 换设备对网络流的信息统计的准确性。
本发明实施例涉及的控制器如图 3所示, 图 3为本发明实施例控制器的结 构示意图, 控制器一般运行在硬件配置较高的服务器上, 采用通用的体系架 构, 通过网络适配器与外部的交换设备通信。 控制器主要包括消息收发、 交 换设备配置管理、 拓扑发现、 链路管理、 设备管理等模块, 为了保存从交换 设备收集到的网络状态信息, 需要维护网络信息库 (Network Information Base, 以下简称: NIB ) , 以方便上层的控制程序基于实时的 NIB做出最优决 策。
本发明实施例涉及的交换设备的结构如图 4所示, 图 4为本发明实施 例交换设备的结构示意图, 它的硬件部分包含处理器、 存储器件、 专用硬 件电路、 网络适配器以及其他外设等, 交换设备通过网络适配器与控制器 交互, 利用静态随机访问存储器 (Static Random Access Memory, 以下简 称: SRAM )、三态内容寻址存储器(Ternary Content Addressable Memory, 以下简称: TCAM ) 等存储器件保存交换设备的流表空间等。 软件部分除 包含数据包收发、流表匹配模块外,本发明实施例新增了网络流统计模块, 主要用于存储和维护网络流的标识以及与网络流的信息的映射, 具体地, 流表匹配模块对数据包收发模块收到的数据包进行流表项的匹配, 网络流 统计模块根据流表匹配模块的匹配结果存储和维护网络流标识, 并根据流 表匹配模块的匹配结果统计网络流的信息。 其中, 网络流的信息包含下述 至少一种信息: 交换设备转发网络流的数据包的数量; 交换设备转发网络 流的数据包的大小; 交换设备转发网络流的数据包的平均大小; 交换设备 转发网络流的数据包的间隔时间; 交换设备转发网络流的转发速率; 交换 设备转发网络流的占用带宽等。
下面以具体地实施例对本发明的技术方案进行详细说明。 下面这几个 具体的实施例可以相互结合, 对于相同或相似的概念或过程可能在某些实 施例不再赘述。 本发明各实施例中的交换设备指 OF交换设备。 图 5为本发明网络流的信息统计方法实施例一的流程示意图, 如图 5 所示, 本实施例的执行主体为交换设备, 本实施例的方法如下:
S501 : 交换设备接收数据包。
交换设备接收的数据包可能来自于终端设备, 也可能来自于其他的转 发设备。
具体地, 该歩骤可以由图 4中的数据包收发模块执行。
S502: 交换设备按照数据包在交换设备中从入端口到出端口经过的所 有流表项, 生成数据包所属的网络流的标识。
具体地, 交换设备获取所述数据包在所述交换设备中从入端口到出端 口经过的所有流表项的标识; 交换设备根据所述数据包在所述交换设备中 从入端口到出端口经过的所有流表项的标识, 生成所述数据包的网络流的 标识。
S503 : 交换设备更新网络流的标识对应的网络流的信息。
交换设备接收到数据包之后, 交换设备的流表匹配模块在流表空间中 査找与上述数据包匹配的流表项, 按照匹配的流表项中的指令转发数据 包, 交换设备的网络流统计模块根据数据包在交换设备中从入端口到出端 口经过的所有的流表项标识上述数据包所属的网络流, 并统计上述网络流 的信息。
具体地, 网络流的信息包含下述至少一种信息: 交换设备转发网络流 的数据包的数量; 交换设备转发网络流的数据包的大小; 交换设备转发网 络流的数据包的平均大小; 交换设备转发网络流的数据包的间隔时间; 交 换设备转发网络流的转发速率; 交换设备转发网络流的占用带宽等。 举例 来说, 假设, 交换设备将数据包在所述交换设备中从入端口到出端口经过 的所有流表项的标识依次排列, 生成所述数据包的网络流的标识。 数据包 在交换设备中从入端口到出端口经过的所有的流表项分别为流表 1的表项 1、 流表 2的表项 2和流表 3的表项 3, 假设 " 011 " 为流表 1的表项 1的 标识, " 022 "为流表 2的表项 2的标识, " 033 "为流表 3的表项 3的标 识, 则生成数据包所属的网络流的标识为 " 011022033 " , 网络流的信息 为交换设备转发网络流的数据包的大小和交换设备转发网络流的数据包 的平均大小, 则, 根据该数据包的大小统计交换设备转发网络流的数据包 的大小, 具体为, 假设接收数据包之前, 最近一次统计的交换设备转发网 络流标识为 "011022033" 的流的数据包的总的大小为 10M, 交换设备本 次转发的网络流标识为 "011022033"的流的数据包的大小为 2M, 则将交 换设备转发网络流标识为 "011022033" 的流的数据包的大小更改为 12M (10M+2M) 。 在另外一种实现场景中, 假设交换设备 3次转发网络流标 识为 "011022033" 的流的数据包的总的大小为 10M, 则接收数据包之前 最近一次统计的交换设备转发网络流标识为 "011022033" 的流的数据包 的平均大小为 (10/3) M, 如果交换设备本次转发的网络流标识为
"011022033"的流的数据包的大小为 2M, 也就是, 交换设备 4次转发的 网络流标识为 "011022033" 的流的数据包的总大小为 12M, 则交换设备 转发网络网络流标识为 "011022033"的流的数据包的平均大小更新为 3M ( (10+2) /4) M。 对于其他网络流信息的统计与此类似, 在此不再赘述。
本实施例中, 通过交换设备接收数据包, 根据数据包在交换设备中从入 端口到出端口经过的所有的流表项, 统计数据包所属的网络流的信息, 由于 同一个网络流数据包在交换设备中从入端口到出端口经过的所有流表项相 同,不同的网络流在交换设备中从入端口到出端口经过的所有的流表项不同, 也就是, 从入端口到出端口经过的所有的流表项能够唯一标识一条网络流, 因此, 根据数据包在交换设备中从入端口到出端口经过的所有的流表项, 统 计数据包所属的网络流的信息, 能准确统计出交换设备转发每一条网络流的 信息, 提高交换设备对网络流的信息统计的准确性。
图 6为本发明网络流的信息统计方法实施例二的流程示意图, 如图 6 所示, 本实施例的执行主体为交换设备, 本实施例的方法如下:
S601: 交换设备接收数据包。
该歩骤具体地可由交换设备的数据包收发模块执行。
S602: 交换设备査看流表空间中是否存储有与数据包匹配的流表项。 若否, 执行 S603, 若是, 执行 S605。
交换设备的流表匹配模块査看流表空间中是否存储有与数据包匹配 的流表项, 流表空间中包含多个流表, 每个流表中存储有多个流表项, 不 同的流表具有不同的匹配域, 如果数据包为一个网络流的首个数据包, 通 常第一个接收该数据包的流表空间中不会存储有与数据包匹配的流表项, 则执行 S603 ; 如果交换设备的流表空间中存储有与数据包匹配的流表项, 则执行 S605。
S603 : 交换设备将数据包发送给控制器, 以使控制器根据数据包生成 与上述数据包匹配的流表项。
交换设备中与控制器交互的通信模块将数据包封装为 " Packetln消息" 上报至控制器。 控制器根据数据包生成与上述数据包匹配的流表项之后, 通过 " FlowMod消息" 发送给交换设备。
S604: 交换设备接收控制器发送的与数据包匹配的流表项。
交换设备的数据包收发模块接收控制器发送的与数据包匹配的流表 项, 交换设备的流表匹配模块在自身的流表空间内安装与数据包匹配的流 表项。
S605 : 交换设备按照数据包在交换设备中从入端口到出端口经过的所 有的流表项, 生成数据包所属的网络流的标识。
交换设备的流表匹配模块根据上述数据包匹配的流表项的指令将上 述数据包从入端口到出端口转发出去, 交换设备的网络流统计模块按照数 据包在交换设备中从入端口到出端口经过的所有的流表项, 生成数据包所 属的网络流的标识。
网络流的标识也称为 (FlowID ) , 数据包所属的网络流的标识是依据 数据包在交换设备中从入端口到出端口经过的流表项对应地段编码组成 的, 网络流的标识的格式如表 1所示:
表 1 网络流的标识的格式
Figure imgf000012_0001
段编码数 N等于交换设备中的流表的数目,每个段编码的值等于流表 项在所处的流表内的相对位置信息, 该位置信息可以为序号, 相对表头偏 移量、 Cookie或者匹配域的哈希 (Hash )值等, 对此, 本发明实施例不作 限制。
以位置信息为流表项在流表中的序号为例来举例说明: 数据包在交换 设备的转发过程中, 会依次匹配由交换机内若干流表组成的流水线处理, 但数据包可能跳过某张流表或者经中间某张流表处理后从交换机的某个 端口上离开交换设备, 若数据包在交换设备的转发过程中只使用了交换设 备的部分流表,则没有使用的流表对应的段编码由特殊字符(例如: "#,,) 填充, 一个交换设备的流表空间内有 4个流表, 其中, 一个数据流一次通 过流表 1的第 2条流表项、 流表 2的第 3条流表项, 然后直接跳转到流表
4的第 1条流表项离开该交换设备, 则, 该数据包所属的网络流的标识可 以记为: "0102###00", 其中, "01"表示流表 1的第 2条流表项, "02" 表示流表 2的第 3条流表项; "###"表示不经过流表 3, "00"表示流表
4的第 1条流表项; 其中, 具体地每个流表的段编码通过几个比特来表示, 与该流表能够存储的流表项的多少有关。
再以位置信息为 Cookie为例来举例说明: Cookie是由控制器在下发 (FlowMod) 消息增加流表项时, 为新增流表项指定的标识, 网络流的标 nJ il H {H3{H2{Hx{Cookie\ Cookie2),-\ CookieA)† ,其中 H H2、 H3、 H4 分别为 cookie的哈希 (Hash) 函数, -1表示没有使用第三个流表的流表项。 再以位置信息为匹配域的哈希值为例来举例说明, 则网络流的标识可 通过 Η {Η32λ{\,00 :IB:21:CC:ED: C3),192.168.0.1,6843),0),192.168.0.2.7652) 计 算, 同样 H,、 H2、 H3、 H4为四个匹配域的哈希 (Hash) 函数。 本发明实施例确定或者生成网络流的标识的方法包括但不限于上述 几种方法, 只要是依据数据包在交换设备中从入端口到出端口经过的流表 项生成的即可, 对此, 本发明实施例不作限制。
S606: 交换设备更新所述网络流的标识对应的网络流的信息。
具体地, 交换设备的网络流统计模块査找存储空间中是否存储有数据 包所属的网络流的标识。 若存储空间中有数据包所属的网络流的标识, 则 更新网络流的标识对应的网络流的信息。 若存储空间中无数据包所属的网 络流的标识, 则在存储空间中添加网络流的标识, 并更新网络流的标识对 应的网络流的信息。 具体如何更新网络流的标识对应的网络流的信息可以 参见 S502的详细描述, 在此不再赘述。
需要说明的是, 在上述实施例中, 交换设备更新所述网络流的标识对 应的网络流的信息之前, 还包括: 建立存储网络流的标识以及所述网络流 的标识对应的网络流的信息的存储空间。 存储网络流的标识以及网络流的标识对应的网络流的信息的存储空 间可以为表格、 二叉树等。 表格如表 2所示:
表 2
Figure imgf000014_0002
也可以以二叉树形式存储, 在以二叉树存储的存储空间中, 网络流的 标识为树中节点的键 (Key ) 域, 网络流的信息为数据中节点时间保存的 数据(data)域,对二叉树动态插入、删除、査找时间复杂度均为 0 ( IgN ), 其中 N为交换设备转发的网络流的数目。
收到新的数据包之后, 若存储网络流的标识以及网络流的标识对应的 网络流的信息的存储空间中不包含网络流的标识, 则在存储空间中插入新 的网络流的标识, 并更新网络流的信息, 若存储网络流的标识以及所述网 络流的标识对应的网络流的信息的存储空间中包含网络流的标识, 则直接 更新网络流的信息。
为便于网络流的信息的査找与存储, 本发明实施例通过对网络流的大 小关系进行规定, 可以将网络流的标识按照大小顺序进行存储, 从而减小 网络流的信息的存储和査找的复杂度, 使得网络流信息的査找与存储更加 方便, 网络流的标识的大小关系可以遵循如下几个原则:
1、 所有网络流的网络流的标识长度相等; 2、 同一个流表内段编码为 特殊字符 (例如: "#" ) 的小于任意有效段编码; 同一流表内段编码较 大的网络流的标识也越大; 3、 网络流的标识的第一个段编码 (对应第一 个流表) 权重最高, 最后一个段编码 (对应最后一张流表) 权重最低, 段 编码权重随 pipeline中流表编号增加依次降低。
假设有 4个网络流的标识如表 3所
Figure imgf000014_0001
Figure imgf000014_0003
那么依据上述原则, 则 4个网络流的标识的大小关系如下: m , 在二叉树中的存储结构可以如图 7所示, 图 7为本发明二叉 树的存储结构示意图。 本实施例中, 通过交换设备接收数据包, 査看流表空间中是否存储有 与数据包匹配的流表项, 如果存储有与数据包匹配的流表项, 则按照数据 包在交换设备中从入端口到出端口经过的所有的流表项, 确定数据包所属 的网络流的标识, 并更新网络流的标识对应的网络流的信息。 如果未存储 有数据包匹配的流表项, 则交换设备将数据包发送给控制器, 以使控制器 根据数据包生成与数据包匹配的流表项, 通过接收控制器发送的与数据包 匹配的流表项, 交换设备按照数据包在交换设备中从入端口到出端口经过 的所有的流表项, 确定数据包所属的网络流的标识, 并更新网络流的标识 对应的网络流的信息。 由于同一个网络流数据包在交换设备中从入端口到出 端口经过的所有的流表项相同, 不同的网络流在交换设备中从入端口到出端 口经过的所有的流表项不同, 也就是, 从入端口到出端口经过的所有的流表 项能够唯一标识一条网络流, 因此, 根据数据包在交换设备中从入端口到出 端口经过的所有的流表项, 统计数据包所属的网络流的信息, 能准确统计出 交换设备转发每一条网络流的信息, 提高交换设备对网络流的信息统计的准 确性。
图 8为本发明网络流的信息统计方法实施例三的流程示意图, 图 8所 示实施例是在图 5或图 6所示实施例的基础上, 控制器从交换设备中获取 网络流的信息的过程, 如图 8所示, 本实施例的方法如下:
S801 : 交换设备接收控制器发送的査询网络流的信息的请求。
其中, 上述请求中包含匹配域。
该歩骤由交换设备中与控制器交互的通信模块执行。
S802: 交换设备根据匹配域生成待査询的网络流的标识。
交换设备的流表匹配模块根据请求中包含的匹配域与每个流表进行 匹配, 网络流统计模块根据依次匹配上的流表项生成待査询的网络流的标 识。 该方法与 S605的方法类似, 在此不再赘述。
S803 : 交换设备获取待査询的网络流的标识对应的网络流的信息。 交换设备的网络流统计模块从存储网络流的标识以及所述网络流的 标识对应的网络流的信息的存储空间中査询与待査询的网络流的标识对 应的网络流的信息。
与待査询的网络流的标识匹配的网络流可能为一条也可能为多条。
S804: 交换设备将待査询的网络流的标识对应的网络流的信息发送给 控制器。
具体地, 交换设备中与控制器交互的通信模块将待査询的网络流的标 识对应的网络流的信息发送给控制器。
与待査询的网络流的标识对应的网络流的信息可以包含匹配的网络 流的数目, 以及匹配的每个网络流的信息。
本实施例中, 控制器通过在请求消息中携带指定的匹配域的信息, 使 交换设备根据匹配域的信息生成待査询的网络流的标识, 并在存储空间中 査询与上述待査询的网络流的标识对应的网络流的信息, 将待査询的网络 流的标识对应的网络流的信息发送给控制器。 从而, 使控制器可以准确获 知网络中各交换设备的转发的网络流的信息。控制器也可以将获取到的网 络流的信息以 API形式提供给上层应用,可做进一歩网络流统计信息聚合 或采取相应策略。
图 9为本发明网络流的信息统计装置实施例一的结构示意图, 本实施 例的装置包括数据包收发模块 901和网络流统计模块 902, 其中, 数据包 收发模块 901用于接收数据包; 网络流统计模块 902用于按照上述数据包 在上述交换设备中从入端口到出端口经过的所有流表项, 生成上述数据包 所属的网络流的标识; 更新上述网络流的标识对应的网络流的信息。
在上述实施例中, 所述网络流统计模块 902进一歩地包括第一获取单 元和处理单元, 其中, 第一获取单元, 用于获取所述数据包在所述交换设 备中从入端口到出端口经过的所有流表项的标识; 处理单元, 用于根据所 述数据包在所述交换设备中从入端口到出端口经过的所有流表项的标识, 生成所述数据包的网络流的标识。
在上述实施例中, 所述处理单元具体用于将所述数据包在所述交换设 备中从入端口到出端口经过的所有流表项的标识依次排列, 生成所述数据 包的网络流的标识。
在上述实施例中,所述网络流统计模块 902进一歩地还包括建立单元, 建立单元用于建立存储网络流的标识以及所述网络流的标识对应的网络 流的信息的存储空间。
在上述实施例中, 所述网络流统计模块, 进一歩地还包括: 査找单元, 用于査找所述存储空间中是否存储有所述数据包所属的网络流的标识; 更 新单元, 用于若所述存储空间中有所述数据包所属的网络流的标识, 则更 新所述网络流的标识对应的网络流的信息。
在上述实施例中, 所述更新单元还用于若所述存储空间中无所述数据 包所属的网络流的标识, 则在所述存储空间中添加所述网络流的标识, 并 更新所述网络流的标识对应的网络流的信息。
上述实施例中, 通过数据包收发模块接收数据包, 网络流统计模块根据 数据包在交换设备中从入端口到出端口经过的所有的流表项, 统计数据包所 属的网络流的信息, 由于同一个网络流数据包在交换设备中从入端口到出端 口经过的所有流表项相同, 不同的网络流在交换设备中从入端口到出端口经 过的所有的流表项不同, 也就是, 从入端口到出端口经过的所有的流表项能 够唯一标识一条网络流, 因此, 根据数据包在交换设备中从入端口到出端口 经过的所有的流表项, 统计数据包所属的网络流的信息, 能准确统计出交换 设备转发每一条网络流的信息,提高交换设备对网络流的信息统计的准确性。
图 10为本发明网络流的信息统计装置实施例二的结构示意图, 图 10 是在图 9所示实施例的基础上, 进一歩地还包括流表匹配模块 903, 流表 匹配模块 903用于査看流表空间中是否存储有与上述数据包匹配的流表 项; 若流表空间中未存储有与上述数据包匹配的流表项, 则将上述数据包 发送给控制器, 以使上述控制器根据上述数据包生成与上述数据包匹配的 流表项; 接收上述控制器发送的与上述数据包匹配的流表项。
在上述实施例中, 网络流统计模块 902还包括接收单元、 生成单元、 第二获取单元和发送单元, 其中, 接收单元, 用于接收控制器发送的査询 网络流的信息的请求, 所述请求中包含匹配域; 生成单元, 用于根据所述 匹配域生成待査询的网络流的标识; 第二获取单元, 用于获取所述待査询 的网络流的标识对应的网络流的信息; 发送单元, 用于将所述待査询的网 络流的标识对应的网络流的信息发送给所述控制器。
在上述实施例中, 所述处理单元具体用于将所述数据包在所述交换设 备中从入端口到出端口经过的所有流表项的标识依次排列, 生成所述数据 包的网络流的标识。
在上述实施例中, 所述网络流统计模块 902还包括: 建立单元, 用于 建立存储网络流的标识以及所述网络流的标识对应的网络流的信息的存 储空间。
在上述实施例中, 所述网络流统计模块 902还包括査找单元和更新单 元, 其中, 査找单元, 用于査找所述存储空间中是否存储有所述数据包所 属的网络流的标识; 更新单元, 用于若所述存储空间中有所述数据包所属 的网络流的标识, 则更新所述网络流的标识对应的网络流的信息。
在上述实施例中, 更新单元还用于若所述存储空间中无所述数据包所 属的网络流的标识, 则在所述存储空间中添加所述网络流的标识, 并更新 所述网络流的标识对应的网络流的信息。
在上述实施例中, 流表匹配模块 903还用于査看流表空间中是否存储 有与所述数据包匹配的流表项; 若流表空间中未存储有与所述数据包匹配 的流表项, 则将所述数据包发送给控制器, 以使所述控制器根据所述数据 包生成与所述数据包匹配的流表项; 接收所述控制器发送的与所述数据包 匹配的流表项。
上述实施例, 通过数据包收发模块接收数据包, 流表匹配模块査看流 表空间中是否存储有与数据包匹配的流表项, 如果存储有与数据包匹配的 流表项, 则网络流统计模块按照数据包在交换设备中从入端口到出端口经 过的所有的流表项, 确定数据包所属的网络流的标识, 并更新网络流的标 识对应的网络流的信息。 如果未存储有数据包匹配的流表项, 则流表匹配 模块将数据包发送给控制器, 以使控制器根据数据包生成与数据包匹配的 流表项, 通过接收控制器发送的与数据包匹配的流表项, 网络流统计模块 按照数据包在交换设备中从入端口到出端口经过的所有的流表项, 确定数 据包所属的网络流的标识, 并更新网络流的标识对应的网络流的信息。 由 于同一个网络流数据包在交换设备中从入端口到出端口经过的所有的流表项 相同, 不同的网络流在交换设备中从入端口到出端口经过的所有的流表项不 同, 也就是, 从入端口到出端口经过的所有的流表项能够唯一标识一条网络 流, 因此, 根据数据包在交换设备中从入端口到出端口经过的所有的流表项, 统计数据包所属的网络流的信息, 能准确统计出交换设备转发每一条网络流 的信息, 提高交换设备对网络流的信息统计的准确性。
在上述实施例中, 网络流统计模块 902还包括接收单元、 生成单元、 第二获取单元和发送单元, 其中, 接收单元用于接收控制器发送的査询网 络流的信息的请求, 所述请求中包含匹配域; 生成单元用于根据所述匹配 域生成待査询的网络流的标识; 第二获取单元用于获取所述待査询的网络 流的标识对应的网络流的信息; 发送单元用于将所述待査询的网络流的标 识对应的网络流的信息发送给所述控制器。
在上述实施例中, 所述网络流的信息包括下述至少一种信息: 所述交 换设备转发所述网络流的数据包的数量; 所述交换设备转发所述网络流的 数据包的大小; 所述交换设备转发所述网络流的数据包的平均大小; 所述 交换设备转发所述网络流的数据包的间隔时间; 所述交换设备转发所述网 络流的转发速率; 所述交换设备转发所述网络流的占用带宽。
上述实施例, 控制器通过在请求消息中携带指定的匹配域的信息, 使 网络流统计模块根据匹配域的信息生成待査询的网络流的标识, 并在存储 空间中査询与上述待査询的网络流的标识对应的网络流的信息, 将待査询 的网络流的标识对应的网络流的信息发送给控制器。 从而, 使控制器可以 准确获知网络中各交换设备的转发的网络流的信息。 控制器也可以将获取 到的网络流的信息以 API形式提供给上层应用,可做进一歩网络流统计信 息聚合或采取相应策略。
图 11为本发明网络流的信息统计装置实施例三的结构示意图,本实施 例的网络流的信息统计装置为交换设备, 如图 11所示, 上述交换设备至少包 括: 处理器 1101、 存储器 1102、 通信接口 1103和总线 1104。 其中, 所述处 理器 1101、 所述存储器 1102和所述通信接口 1103通过所述总线 1104通信。
所述交换设备还包括: 数据包收发模块和网络流统计模块, 其中, 所述数据包收发模块 1105用于接收数据包;
所述网络流统计模块 1106 用于按照所述数据包在所述交换设备中从入端 口到出端口经过的所有流表项生成所述数据包所属的网络流的标识; 更新所述 网络流的标识对应的网络流的信息。
本发明实施例还提供一种计算机可读介质, 包含计算机执行指令, 所述 计算机执行指令用于交换设备执行本发明网络流的信息统计方法实施例一 至实施例三中任一实施例所述的方法。
本领域普通技术人员可以理解: 实现上述各方法实施例的全部或部分 歩骤可以通过程序指令相关的硬件来完成。 前述的程序可以存储于一计算 机可读取存储介质中。 该程序在执行时, 执行包括上述各方法实施例的歩 骤; 而前述的存储介质包括: ROM、 RAM, 磁碟或者光盘等各种可以存 储程序代码的介质。
最后应说明的是: 以上各实施例仅用以说明本发明的技术方案, 而非对 其限制; 尽管参照前述各实施例对本发明进行了详细的说明, 本领域的普通 技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改, 或者对其中部分或者全部技术特征进行等同替换; 而这些修改或者替换, 并 不使相应技术方案的本质脱离本发明各实施例技术方案的范围。

Claims

权 利 要 求 书
1、 一种网络流的信息统计方法, 其特征在于, 包括:
交换设备接收数据包;
所述交换设备按照所述数据包在所述交换设备中从入端口到出端口 经过的所有流表项, 生成所述数据包所属的网络流的标识;
所述交换设备更新所述网络流的标识对应的网络流的信息。
2、 根据权利要求 1所述的方法, 其特征在于, 所述交换设备按照所 述数据包在所述交换设备中从入端口到出端口经过的所有流表项, 生成所 述数据包所属的网络流的标识, 包括:
所述交换设备获取所述数据包在所述交换设备中从入端口到出端口 经过的所有流表项的标识;
所述交换设备根据所述数据包在所述交换设备中从入端口到出端口 经过的所有流表项的标识, 生成所述数据包的网络流的标识。
3、 根据权利要求 2所述的方法, 其特征在于, 所述交换设备根据所 述数据包在所述交换设备中从入端口到出端口经过的所有流表项的标识, 生成所述数据包的网络流的标识, 包括:
所述交换设备将所述数据包在所述交换设备中从入端口到出端口经 过的所有流表项的标识依次排列, 生成所述数据包的网络流的标识。
4、 根据权利要求 1所述的方法, 其特征在于, 所述交换设备更新所 述网络流的标识对应的网络流的信息之前, 还包括:
建立存储网络流的标识以及所述网络流的标识对应的网络流的信息 的存储空间。
5、 根据权利要求 4所述的方法, 其特征在于, 所述交换设备更新所 述网络流的标识对应的网络流的信息, 包括:
所述交换设备査找所述存储空间中是否存储有所述数据包所属的网 络流的标识;
若所述存储空间中有所述数据包所属的网络流的标识, 则更新所述网 络流的标识对应的网络流的信息。
6、 根据权利要求 5所述的方法, 其特征在于, 还包括: 若所述存储 空间中无所述数据包所属的网络流的标识, 则在所述存储空间中添加所述 网络流的标识, 并更新所述网络流的标识对应的网络流的信息。
7、 根据权利要求 1~6任一项所述的方法, 其特征在于, 所述交换设 备按照所述数据包在所述交换设备中从入端口到出端口经过的所有流表 项, 生成所述数据包所属的网络流的标识之前, 还包括:
所述交换设备査看流表空间中是否存储有与所述数据包匹配的流表 项;
若流表空间中未存储有与所述数据包匹配的流表项, 所述交换设备则 将所述数据包发送给控制器, 以使所述控制器根据所述数据包生成与所述 数据包匹配的流表项;
所述交换设备接收所述控制器发送的与所述数据包匹配的流表项。
8、 根据权利要求 1~7任一项所述的方法, 其特征在于, 还包括: 所述交换设备接收控制器发送的査询网络流的信息的请求, 所述请求 中包含匹配域;
所述交换设备根据所述匹配域生成待査询的网络流的标识;
所述交换设备获取所述待査询的网络流的标识对应的网络流的信息; 所述交换设备将所述待査询的网络流的标识对应的网络流的信息发 送给所述控制器。
9、 根据权利要求 1~8任一项所述的方法, 其特征在于, 所述网络流 的信息包括下述至少一种信息:
所述交换设备转发所述网络流的数据包的数量;
所述交换设备转发所述网络流的数据包的大小;
所述交换设备转发所述网络流的数据包的平均大小;
所述交换设备转发所述网络流的数据包的间隔时间;
所述交换设备转发所述网络流的转发速率;
所述交换设备转发所述网络流的占用带宽。
10、 一种网络流的信息统计装置, 其特征在于, 包括:
数据包收发模块, 用于接收数据包;
网络流统计模块, 用于按照所述数据包在所述交换设备中从入端口到 出端口经过的所有流表项, 生成所述数据包所属的网络流的标识; 更新所 述网络流的标识对应的网络流的信息。
11、 根据权利要求 10所述的装置, 其特征在于, 所述网络流统计模 块, 包括:
第一获取单元, 用于获取所述数据包在所述交换设备中从入端口到出 端口经过的所有流表项的标识;
处理单元, 用于根据所述数据包在所述交换设备中从入端口到出端口 经过的所有流表项的标识, 生成所述数据包的网络流的标识。
12、 根据权利要求 11所述的装置, 其特征在于, 所述处理单元具体 用于将所述数据包在所述交换设备中从入端口到出端口经过的所有流表 项的标识依次排列, 生成所述数据包的网络流的标识。
13、 根据权利要求 10所述的装置, 其特征在于, 所述网络流统计模 块, 还包括: 建立单元, 用于建立存储网络流的标识以及所述网络流的标 识对应的网络流的信息的存储空间。
14、 根据权利要求 13所述的装置, 其特征在于, 所述网络流统计模 块, 还包括:
査找单元, 用于査找所述存储空间中是否存储有所述数据包所属的网 络流的标识;
更新单元, 用于若所述存储空间中有所述数据包所属的网络流的标 识, 则更新所述网络流的标识对应的网络流的信息。
15、 根据权利要求 14所述的装置, 其特征在于, 所述更新单元还用 于若所述存储空间中无所述数据包所属的网络流的标识, 则在所述存储空 间中添加所述网络流的标识, 并更新所述网络流的标识对应的网络流的信 息。
16、 根据权利要求 10~15任一项所述的装置, 其特征在于, 流表匹配 模块还用于査看流表空间中是否存储有与所述数据包匹配的流表项; 若流 表空间中未存储有与所述数据包匹配的流表项, 则将所述数据包发送给控 制器, 以使所述控制器根据所述数据包生成与所述数据包匹配的流表项; 接收所述控制器发送的与所述数据包匹配的流表项。
17、 根据权利要求 10~16任一项所述的装置, 其特征在于, 所述网络 流统计模块, 还包括:
接收单元, 用于接收控制器发送的査询网络流的信息的请求, 所述请 求中包含匹配域;
生成单元, 用于根据所述匹配域生成待査询的网络流的标识; 第二获取单元, 用于获取所述待査询的网络流的标识对应的网络流的
I Ή自、 .,
发送单元, 用于将所述待査询的网络流的标识对应的网络流的信息发 送给所述控制器。
18、 根据权利要求 10~17任一项所述的装置, 其特征在于, 所述网络 流的信息包括下述至少一种信息:
所述交换设备转发所述网络流的数据包的数量;
所述交换设备转发所述网络流的数据包的大小;
所述交换设备转发所述网络流的数据包的平均大小;
所述交换设备转发所述网络流的数据包的间隔时间;
所述交换设备转发所述网络流的转发速率;
所述交换设备转发所述网络流的占用带宽。
19、 一种网络流的信息统计装置, 所述网络流信息统计装置为交换设 备, 其特征在于, 所述交换设备包括: 处理器、 存储器、 通信接口和总线, 其中, 所述处理器、 所述存储器和所述通信接口通过所述总线通信;
所述交换设备还包括: 数据包收发模块和网络流统计模块, 其中, 所述数据包收发模块, 用于接收数据包;
所述网络流统计模块, 用于按照所述数据包在所述交换设备中从入端 口到出端口经过的所有流表项, 生成所述数据包所属的网络流的标识; 更 新所述网络流的标识对应的网络流的信息。
PCT/CN2014/085108 2014-08-25 2014-08-25 网络流的信息统计方法和装置 WO2016029345A1 (zh)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP14900441.8A EP3179687B1 (en) 2014-08-25 2014-08-25 Network flow information statistics method and apparatus
PCT/CN2014/085108 WO2016029345A1 (zh) 2014-08-25 2014-08-25 网络流的信息统计方法和装置
CN201480038251.7A CN105556916B (zh) 2014-08-25 2014-08-25 网络流的信息统计方法和装置
US15/442,544 US9973400B2 (en) 2014-08-25 2017-02-24 Network flow information collection method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/085108 WO2016029345A1 (zh) 2014-08-25 2014-08-25 网络流的信息统计方法和装置

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/442,544 Continuation US9973400B2 (en) 2014-08-25 2017-02-24 Network flow information collection method and apparatus

Publications (1)

Publication Number Publication Date
WO2016029345A1 true WO2016029345A1 (zh) 2016-03-03

Family

ID=55398563

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/085108 WO2016029345A1 (zh) 2014-08-25 2014-08-25 网络流的信息统计方法和装置

Country Status (4)

Country Link
US (1) US9973400B2 (zh)
EP (1) EP3179687B1 (zh)
CN (1) CN105556916B (zh)
WO (1) WO2016029345A1 (zh)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10135670B2 (en) * 2014-12-22 2018-11-20 Hewlett Packard Enterprise Development Lp Response to an inoperative network device managed by a controller
US10033638B1 (en) * 2015-05-29 2018-07-24 Netronome Systems, Inc. Executing a selected sequence of instructions depending on packet type in an exact-match flow switch
US10243778B2 (en) * 2015-08-11 2019-03-26 Telefonaktiebolaget L M Ericsson (Publ) Method and system for debugging in a software-defined networking (SDN) system
CN107547293B (zh) * 2016-06-29 2020-09-08 新华三技术有限公司 一种流路径探测方法和装置
US10623308B2 (en) * 2017-02-17 2020-04-14 Dell Products L.P. Flow routing system
CN109474540B (zh) * 2018-09-12 2022-06-10 奇安信科技集团股份有限公司 一种识别opc流量的方法及装置
US11431829B2 (en) 2019-03-06 2022-08-30 Parsons Corporation Multi-tiered packet processing
CN111130946B (zh) * 2019-12-30 2022-03-25 联想(北京)有限公司 一种深度报文识别的加速方法、装置和存储介质
US12047269B2 (en) * 2022-03-29 2024-07-23 Cisco Technology, Inc. End-to-end flow visibility in a data network including service appliances
US20240250902A1 (en) * 2023-01-23 2024-07-25 Cisco Technology, Inc. Data network duplicate flow detection in hardware with line rate throughput

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321088A (zh) * 2008-07-18 2008-12-10 北京星网锐捷网络技术有限公司 一种统计ip数据流信息的方法及装置
WO2013133400A1 (ja) * 2012-03-09 2013-09-12 日本電気株式会社 制御装置、通信システム、スイッチ制御方法及びプログラム
CN103460666A (zh) * 2011-03-29 2013-12-18 日本电气株式会社 网络系统和vlan标签数据获取方法

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4774357B2 (ja) * 2006-05-18 2011-09-14 アラクサラネットワークス株式会社 統計情報収集システム及び統計情報収集装置
WO2011074630A1 (ja) * 2009-12-17 2011-06-23 日本電気株式会社 負荷分散システム、負荷分散方法、負荷分散システムを構成する装置およびプログラム
RU2541113C2 (ru) * 2010-10-15 2015-02-10 Нек Корпорейшн Система коммутаторов и способ централизованного управления мониторингом
US20120099591A1 (en) * 2010-10-26 2012-04-26 Dell Products, Lp System and Method for Scalable Flow Aware Network Architecture for Openflow Based Network Virtualization
JP5717057B2 (ja) * 2011-01-17 2015-05-13 日本電気株式会社 ネットワークシステム、コントローラ、スイッチ、及びトラフィック監視方法
EP2721777B1 (en) * 2011-06-20 2016-04-13 Telefonaktiebolaget LM Ericsson (publ) Methods and devices for monitoring a data path
US8964563B2 (en) * 2011-07-08 2015-02-24 Telefonaktiebolaget L M Ericsson (Publ) Controller driven OAM for OpenFlow
US9450870B2 (en) * 2011-11-10 2016-09-20 Brocade Communications Systems, Inc. System and method for flow management in software-defined networks
US8718064B2 (en) * 2011-12-22 2014-05-06 Telefonaktiebolaget L M Ericsson (Publ) Forwarding element for flexible and extensible flow processing software-defined networks
US8751645B2 (en) * 2012-07-20 2014-06-10 Telefonaktiebolaget L M Ericsson (Publ) Lattice based traffic measurement at a switch in a communication network
US9215093B2 (en) * 2012-10-30 2015-12-15 Futurewei Technologies, Inc. Encoding packets for transport over SDN networks
US9923831B2 (en) * 2012-11-29 2018-03-20 Futurewei Technologies, Inc. Packet prioritization in a software-defined network implementing OpenFlow
CN105052087B (zh) * 2013-11-19 2018-10-09 华为技术有限公司 一种基于流表的表项寻址方法、交换机及控制器
US20150180769A1 (en) * 2013-12-20 2015-06-25 Alcatel-Lucent Usa Inc. Scale-up of sdn control plane using virtual switch based overlay
US9548927B2 (en) * 2014-06-17 2017-01-17 Comcast Cable Communications, Llc Flow-based load balancing

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321088A (zh) * 2008-07-18 2008-12-10 北京星网锐捷网络技术有限公司 一种统计ip数据流信息的方法及装置
CN103460666A (zh) * 2011-03-29 2013-12-18 日本电气株式会社 网络系统和vlan标签数据获取方法
WO2013133400A1 (ja) * 2012-03-09 2013-09-12 日本電気株式会社 制御装置、通信システム、スイッチ制御方法及びプログラム

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3179687A4 *

Also Published As

Publication number Publication date
US20170171039A1 (en) 2017-06-15
US9973400B2 (en) 2018-05-15
CN105556916B (zh) 2019-03-08
EP3179687A1 (en) 2017-06-14
EP3179687A4 (en) 2017-07-05
CN105556916A (zh) 2016-05-04
EP3179687B1 (en) 2020-02-12

Similar Documents

Publication Publication Date Title
WO2016029345A1 (zh) 网络流的信息统计方法和装置
CN108307434B (zh) 用于流控制的方法和设备
US10623308B2 (en) Flow routing system
US9608938B2 (en) Method and system for tracking and managing network flows
US10574763B2 (en) Session-identifer based TWAMP data session provisioning in computer networks
JP6490082B2 (ja) 経路制御方法、デバイス、およびシステム
US9887881B2 (en) DNS-assisted application identification
US10277481B2 (en) Stateless forwarding in information centric networks with bloom filters
EP2677704B1 (en) Unicast data frame transmission method and apparatus
US20150215236A1 (en) Method and apparatus for locality sensitive hash-based load balancing
JP6364106B2 (ja) DiameterシグナリングルータにおいてDiameterメッセージをルーティングするための方法、システムおよびコンピュータ読取可能媒体
WO2018036254A1 (zh) 报文转发方法及装置
US10791051B2 (en) System and method to bypass the forwarding information base (FIB) for interest packet forwarding in an information-centric networking (ICN) environment
CN109714274B (zh) 一种获取对应关系的方法和路由设备
WO2014139481A1 (zh) 报文处理方法及设备
JP5858141B2 (ja) 制御装置、通信装置、通信システム、通信方法及びプログラム
WO2021098425A1 (zh) 配置业务的服务质量策略方法、装置和计算设备
WO2018184487A1 (zh) Bier报文的转发方法及装置
CN102891800A (zh) 获知溢出地址的可升级转发表
US20220294712A1 (en) Using fields in an encapsulation header to track a sampled packet as it traverses a network
JP5725236B2 (ja) 通信システム、ノード、パケット転送方法およびプログラム
WO2015039616A1 (zh) 一种报文处理方法及设备
US20150381775A1 (en) Communication system, communication method, control apparatus, control apparatus control method, and program
CN108075955B (zh) 骨干网的数据处理方法及装置
WO2016183732A1 (zh) 一种数据包转发方法和网络设备

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201480038251.7

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14900441

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

REEP Request for entry into the european phase

Ref document number: 2014900441

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2014900441

Country of ref document: EP