CN108322391B - Data transmission method based on flow table - Google Patents

Abstract

The present invention relates to a data transmission method based on a flow table, comprising: delivering a flow table to a first virtual switch, so that an external interface corresponding to the first virtual switch is configured to receive an ARP request from an external device; the first virtual switch is configured to receive an ARP request from an external device; Generate the corresponding ARP response to the ARP request based on the flow table; the external interface receives the data packet from the external device; determine whether the destination virtual machine of the data packet is in the physical machine corresponding to the first node; if the destination virtual machine is in a different location from the first node For the physical machine corresponding to the second node, the first virtual switch forwards the data packet to the second virtual switch. It can reliably and efficiently realize the bidirectional transmission of data packets between each terminal and external devices, and make the distributed routing communication scheme work to the greatest extent.

Description

Data transfer method based on flow table

technical field

The present invention relates to the technical field of data transmission, and more particularly, to a data transmission method based on a flow table.

Background technique

A router is used to connect multiple logically separated networks. The so-called logical network represents a single network or a subnet. When data is transferred from one subnet to another, it is done through the router's routing capabilities. As shown in Figure 1.

Computer communication under different subnets must be completed through routers. In the network implementation of software SDN, the routing function is realized through the mechanism of software, which can be divided into two forms: centralized routing and distributed routing.

(1) Centralized routing

In a centralized routing mechanism, east-west traffic (traffic between different networks) and north-south traffic (traffic between internal and external networks) pass through routers. The central location of the router makes it a bottleneck in the network. To solve this problem, a distributed routing mechanism is proposed.

(2) Distributed routing

The distributed routing mechanism enables a router on each node. For east-west traffic, traffic is passed directly between compute nodes. For north-south traffic, if there is a floating IP, the traffic goes directly to the computing node. If there is no floating IP, it will go to the network node. When dealing with traffic without floating IP, distributed routing will still go to centralized network nodes, which is essentially a centralized routing mode.

In the software SDN solution, the functions of distributed routing are implemented based on flow tables. The following takes the openflow flow table and the virtual switch that executes the flow table as an example to outline the problems of traditional distributed routing based on openflow flow tables. The logical diagram of software SDN north-south traffic communication is shown in Figure 2.

The data flow of a virtual machine in a network (for example, equivalent to a network terminal) communicating with an external network needs to pass through a router. In the software SDN solution, the logical diagram is mapped to a physical structure diagram, as shown in Figure 3. It can be seen that virtual machines on the same network segment may be distributed under different routers. When the virtual machine communicates with the external network, when the data packet goes to the virtual switch, the virtual switch will convert the source IP address of the data packet to a unique floating IP corresponding to the virtual machine. For example, when v1 communicates with the external network, the source IP address of the data packet from v1 is still the IP address of v1, that is, 10.0.0.1, then after the data packet arrives on the virtual switch, the virtual switch will be based on the destination IP address of the data packet. It is judged that this is the data packet that v1 communicates with the external network. At this time, there will be a corresponding flow table in the virtual switch to convert the source IP address field of the data packet, and convert 10.0.0.1 to 172.16.1.1, which is v1. Floating IP. Then for the external network, the IP address of v1 becomes 172.16.1.1.

Because there is a one-to-one correspondence between the floating IP and the virtual machine, when the external network returns packets, it can find the location of v1 through the floating IP, so as to send the return packet back to v1. However, if v1 does not have a floating IP, the data it actively sends to the publishing network can be sent to the other party, but the return packet of the other party cannot be sent to v1, because the data packet of v1 uses its intranet address 10.0.0.1 as the source IP address, and its intranet address is not recognized by the external network. Therefore, the backhaul traffic can only be directed to the external interface by configuring static routes on the external network, and then sent to the inside of the platform through this interface.

However, in the existing distributed routing architecture design, the external interface may not even have the function of receiving external network data. As shown in Figure 3, the interfaces between the router and the external network are actually distributed on each node when mapped to the physical architecture, that is, each node will have an external interface with an IP address of 172.16.1.100. Therefore, it is still difficult to accurately send the external data packets back to the corresponding local virtual machines (V1-V6) without floating IPs via the nodes (Node 1, 2) and then via the subnets (Net1, Net2).

SUMMARY OF THE INVENTION

An object of the present invention is to provide a data transfer method based on a flow table, which enables bidirectional transfer of data packets even without applying a floating IP.

To achieve the above object, the present invention provides a technical scheme as follows:

A data transmission method based on a flow table, for providing data packets to one node in a plurality of network nodes, wherein each node is respectively deployed with a physical machine, the physical machine is configured with a virtual switch and at least one virtual machine, and the virtual machine is configured by The method includes: a) delivering the flow table to the first virtual switch, so that the external interface corresponding to the first virtual switch is configured to receive the ARP request from the external device; wherein, the first virtual switch is in The physical machine corresponding to the first node; b), the first virtual switch generates a corresponding ARP response to the ARP request based on the flow table; c), the external interface receives the data packet from the external device; wherein, the data packet is received by the external device. Provide after ARP response; d), determine whether the destination virtual machine of the data packet is in the physical machine corresponding to the first node; and e), if the destination virtual machine is in the physical machine corresponding to the second node different from the first node, then the first A virtual switch forwards the data packet to a second virtual switch; wherein, the second virtual switch is in a physical machine corresponding to the second node.

Preferably, the flow table is generated by the SDN controller.

Preferably, the ARP response at least includes the MAC address of the physical machine corresponding to the first virtual switch.

Preferably, in step e), the IP address of the physical machine where the second virtual switch is located is obtained by using the SDN controller, and the data packet is forwarded to the second virtual switch by using the tunneling technology.

Preferably, the destination virtual machine is not set with a floating IP.

The present invention further provides a physical machine for receiving data packets, which is deployed at a network node, wherein the physical machine is configured with a virtual switch and at least one virtual machine, the virtual machine is routed by the virtual switch, and the virtual switch is configured to : receive an ARP request from an external device with an external interface, and generate a corresponding ARP response to the ARP request; receive a data packet from an external device with an external interface; wherein the data packet is provided by the external device after receiving the ARP response; determine Whether the destination virtual machine of the data packet is in the physical machine corresponding to the first node; wherein, the first node is the current network node; and if it is determined that the destination virtual machine is in the physical machine corresponding to the second node, the data packet is forwarded to the second node. The virtual switch in the physical machine corresponding to the node; wherein the second node is a network node different from the first node.

Preferably, the physical machine is coupled to the SDN controller and obtains the flow table from the SDN controller.

The data transmission method based on the flow table provided by the embodiments of the present invention can still reliably and efficiently implement data packets between each virtual machine and an external device when each network node or the virtual machine therein does not have a floating IP two-way transmission. The method enables the distributed routing communication scheme to maximize its effectiveness, and can overcome the traffic bottleneck problem that may exist in the centralized routing and distributed routing in the prior art. The physical machine additionally provided by the present invention can realize the bidirectional transmission of data packets under the condition that the virtual machine does not have a floating IP, thereby promoting the maximization of the efficacy of the distributed routing communication scheme.

Description of drawings

FIG. 1 shows a schematic diagram of the network topology between routers and different subnets.

Figure 2 shows a logical diagram of software SDN north-south traffic communication.

FIG. 3 shows a schematic diagram of mapping the interface between the router and the external network to the physical architecture.

FIG. 4 shows a schematic flowchart of a transmission method according to an embodiment of the present invention.

FIG. 5 shows a network topology of a data transmission system according to an embodiment of the present invention.

Detailed ways

Specific details are set forth in the following description in order to provide a thorough understanding of the present invention. However, it will be apparent to those skilled in the art that embodiments of the present invention may be practiced without these specific details. In the present invention, specific numerical references such as "first element", "second means" and the like may be made. However, specific numerical references should not be construed as necessarily obeying their literal order, but rather should be construed as being distinct from "a first element" and "a second element."

The specific details set forth in the present invention are merely exemplary and may vary while remaining within the spirit and scope of the present invention. The term "coupled" is defined to mean directly connected to a component or indirectly connected to a component via another component.

Preferred embodiments of methods, systems and apparatus suitable for implementing the present invention are described below with reference to the accompanying drawings. Although the various embodiments are described with respect to a single combination of elements, it is to be understood that this invention includes all possible combinations of the disclosed elements. Thus, if one embodiment includes elements A, B, and C, and a second embodiment includes elements B and D, the invention should also be considered to include other remaining combinations of A, B, C, or D, even if not explicitly disclosed.

As shown in FIG. 4 , the first embodiment of the present invention provides a data transmission method, which is implemented based on a flow table, and specifically includes the following steps.

Step S10: Deliver the flow table to the first virtual switch, so that the external interface corresponding to the first virtual switch is configured to receive an ARP request from an external device.

Wherein, the first virtual switch is in a physical machine corresponding to the first node, and the first node may be any node among multiple network nodes. Throughout this application, a network is a specific network defined according to the SDN technology, which includes a plurality of network nodes, each node can deploy a physical machine, and the physical machine is configured with a virtual switch and at least one virtual machine. Virtual machines are routed by virtual switches that reside within the same physical machine. In other words, the communication between each virtual machine and the external network is realized via the virtual switch. It should be understood that there may be one or more layers of subnetworks under the network, and network nodes are then accessed under the subnetworks.

According to the embodiment of the present invention, each virtual machine in each network node and/or its corresponding physical machine may not have a floating IP, and two-way communication between the virtual machine and an external device on the network can still be implemented, which will be described in detail below. .

By delivering the openflow flow table to the first virtual switch, the openflow flow table can be configured and applied to the first node, so that the external interface corresponding to the first virtual switch is configured to receive ARP (Address Resolution Protocol) requests from external devices , and further, it is possible to generate a response to the ARP request (described in step S11 ).

As an example, the flow table is generated by the SDN controller accessing the current network, and delivered to all or part of the network nodes in the current network by the SDN controller. By delivering to the corresponding network node, the flow table will be able to implement the functionality of the corresponding network node, especially when the network node or its subordinate virtual machine does not have a floating IP, the flow table can still be efficiently implemented in the virtual machine. Bidirectional transmission to and from devices outside the network.

In the distributed routing mode, the external interfaces are distributed on each network node in the network, that is, each virtual switch has an external interface, so the full distribution (flow table) method can be adopted in the implementation, that is, each network All nodes obtain the flow table, so that the current network as a cluster of nodes has a routing architecture with high distribution and high availability. Alternatively, a certain optimization strategy can be adopted, for example, the flow table configured for ARP response is only sent to the network node to which the network terminal with the current tenant belongs, or other strategies are used to select several network nodes to download. The flow table is sent, so that the incoming traffic can be received more quickly and the network terminal can be located, and the content of the flow table is less, which is easier to maintain.

The flow table integrates the network configuration information of all levels (including subnets) of the current network in its entry, so that there are specific rules to follow when data forwarding (communication with the external network), and even more complex and richer can be defined. rule. Specifically, the matching field of the flow table can be used to match the data packets received by the virtual switch, which covers the network configuration information of the second to fourth layers in the ISO network model. The action field of the flow table is used to instruct the virtual switch what to do when it receives a matching data packet. Multiple groups of actions can be defined in the action field. The flow table may also include a calculator for statistical information about data flow.

According to the preferred embodiment of the present invention, after the flow table is issued for the first time, the flow table can also be modified according to the actual situation or application. For example, such as modifying the table value and priority of the flow table, or changing the steps to perform actions in the openflow flow table, or simplifying the steps in the flow table (for example, without going through the three-layer forwarding step), directly performing port forwarding operations, etc.

Step S11, the first virtual switch generates a corresponding ARP response to the ARP request based on the flow table.

It should be understood that for the physical machine corresponding to each network node, the flow table can be obtained through the virtual switch and used to configure itself, and then the virtual switch can generate a corresponding ARP response to the ARP request, and each ARP response is the content different. Specifically, by receiving ARP responses, devices outside the network should at least be able to distinguish between physical machines and determine their location in the network in order to send packets later.

In order to realize the distributed architecture of network routing, the flow table is also delivered to other network nodes in the current network (specifically, to the corresponding virtual switches), and the physical machines corresponding to these other network nodes pass through the virtual switches. An ARP response packet is sent back and forth, which contains the MAC address of the physical machine, so that the device outside the network that obtains the MAC address can accurately identify the physical machine.

As an example, the flow table can be designed in the following format (only a part of the content of the flow table is shown):

table=20,priority=1024,arp,arp_tpa=172.16.1.100,arp_op=1actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],set_field:f8:4a:bf:5a:2b:ea->eth_src,load: 0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0xf84abf5a2bea->NXM_NX_ARP_SHA[],load:0xac100164->NXM_OF_ARP_SPA[],IN_PORT

The main function of the above flow table is to construct a response packet for the ARP request for the external interface, and the external interface sends the response packet back to the ARP requester (device outside the network). After receiving the ARP reply packet, the requester can further send the data packet to be transmitted to the external interface. It can be understood that the above flow table as an example only shows a part of the actual flow table. In order to realize the complete functionality of the virtual switch and/or the virtual machine, the actual flow table will be more complicated. In practical applications, various improvements can also be made to the flow table format, such as omitting and/or combining the actions included in the action field, limiting the number of executions of each action, and the like.

In this step, the function of the ARP request is to obtain the MAC address of the data sending target, and each ARP response at least includes the MAC address of the corresponding physical machine of the corresponding network node that is ready to receive the data packet to be transmitted. It should be understood that the ARP request and the ARP response are only preparations before sending the data packet, and they do not involve the data packet to be transmitted.

Step S12, the external interface receives the data packet from the external device.

In this step, specifically, after the external device obtains the ARP response, it can know the MAC address of the physical machine corresponding to each network node that is ready to receive the data packet. As far as the first node and its corresponding first virtual switch are concerned, after the external device receives the ARP response from the first virtual switch, the data packet will be sent to the external interface of the first virtual switch. After the external interface receives the data packet, depending on the location of the destination terminal, it can be directly delivered to any virtual machine subordinate to the first node, or forwarded.

Step S13: Determine whether the destination virtual machine of the data packet is a physical machine corresponding to the first node.

Specifically, step S13 is performed by the first virtual switch corresponding to the first node. The virtual switch can directly learn the destination terminal (destination virtual machine) from the data packet, and then determines the network according to the flow table issued by the SDN controller. Whether the destination terminal of the data packet sent by the device is in the physical machine corresponding to the first node.

If the destination terminal of the data packet is located on the physical machine corresponding to the first node, the first virtual switch can directly deliver the data packet to the destination terminal. In this case, the complete information about the data packet can be realized in the most efficient way. communication, but often this situation is uncertain and random.

As an example, the flow table could then take the following format (showing a portion of the flow table):

table=70, priority=1024, ip, tun_id=0x5a, nw_dst=10.0.0.3

actions=set_field:fa:16:3e:99:df:47->eth_dst,goto_table:80 (layer three forwarding)

table=110,tun_id=0x5a,dl_dst=fa:16:3e:99:df:47actions=output:23 (layer 2 forwarding to the virtual machine, port 23 is the port of the virtual switch connected to the virtual machine)

Step S14: If the destination terminal (destination virtual machine) is in a physical machine corresponding to a second node different from the first node, forward the data packet to the second virtual switch.

The second virtual switch is located in a physical machine corresponding to the second node, and corresponds to the second node.

As a more general case, when the destination terminal is not located in the physical machine corresponding to the first node, but is located in the physical machine corresponding to the second node, the data of the physical machine corresponding to the second node can be obtained based on the flow table or using the SDN controller. IP address, and then use tunneling technology, such as Point to Point Tunneling Protocol (PPTP for short), to forward the data packet from the first node (specifically, the first virtual switch) to the second node (specifically, second virtual switch).

As an example, the flow table format in this case is as follows (showing part of the flow table):

table=70, priority=1024, ip, tun_id=0x5a, nw_dst=10.0.0.3

actions=set_field:fa:16:3e:99:df:47->eth_dst,goto_table:80 (layer three forwarding)

table=110,tun_id=0x5a,dl_dst=fa:16:3e:99:df:47actions=output:3 (forwarded to the corresponding physical machine through tunneling technology, the latter output: 3 means sent from port 3, and port 3 is port of the tunnel)

After step S14, the following steps may also be performed: the second virtual switch directly delivers the data packet to the destination virtual machine (because the destination virtual machine is in the physical machine corresponding to the second node and is routed by the second virtual switch), thus, The destination virtual machine finally gets the packet from the external device.

When the data packet arrives at the second node to be delivered to the destination virtual machine, the example flow table can be in the following format:

table=110,tun_id=0x5a,dl_dst=fa:16:3e:99:df:47actions=output:23 (layer 2 forwarding to virtual machine)

The data transmission method based on the flow table provided by the above-mentioned first embodiment, by using the SDN technology to define the network, and using the flow table to configure the network, in the case that each network node or each virtual machine does not have a floating IP, it can still be reliable. And efficiently realize the bidirectional transmission of data packets between the virtual machine and the external device.

In addition, the above method can overcome the traffic bottleneck problem that may exist in the centralized routing and distributed routing in the prior art, so that the communication scheme of the distributed routing can exert its effect to the greatest extent.

A second embodiment of the present invention provides a physical machine, which is deployed at one or more network nodes in a network, the physical machine is configured with a virtual switch and multiple virtual machines, and each virtual machine is routed by a corresponding virtual switch.

Among them, the virtual switch is configured based on the flow table and performs various operations as follows:

1. Receive an ARP request from an external device through an external interface, and then generate a corresponding ARP response to the ARP request.

2. Receive data packets from an external device through an external interface. Among them, the data packet is provided by the external device after receiving the ARP response.

3. Determine whether the destination virtual machine of the data packet is a physical machine corresponding to the first node. The first node is the current network node.

4. If it is determined that the destination virtual machine is in the physical machine corresponding to the second node, forward the data packet to the virtual switch in the physical machine corresponding to the second node.

Wherein, the second node is another network node different from the first node.

Specifically, the SDN controller can firstly enable the network, and can also generate a flow table for configuring each network node in the network, including but not limited to the configuration of physical machines, virtual switches, and virtual machines. The SDN controller can further provide a flow table modification unit, so that the designer can modify the flow table and re-deliver the modified flow table to the virtual switch corresponding to the current network.

According to the flow table, the external interface of the virtual switch corresponding to the first node (the first virtual switch) receives the ARP request from the external device.

According to the flow table, the first virtual switch generates a corresponding ARP response to the ARP request, encapsulates the ARP response into a response packet and sends it back to the external device. The ARP response includes the MAC address of the physical machine where the first virtual switch is located.

According to the flow table, the first virtual switch receives packets from the external device through its external interface.

According to the flow table, the first virtual switch can determine whether the destination terminal (destination virtual machine) of the data packet is in the physical machine corresponding to the first node.

When the destination terminal is in the physical machine corresponding to the second node (instead of the first node), according to the flow table, the first virtual switch can forward the data packet to the second virtual switch. The second virtual switch delivers the data packet directly to the destination virtual machine. The second virtual switch is a virtual switch located in a physical machine corresponding to the second node, which provides a route to the destination virtual machine.

The virtual switch in the physical machine is configured based on the flow table, so that the physical machine has the following beneficial effects: no matter whether the virtual machine under it has a floating IP or not, the physical machine can realize the bidirectional transmission of data packets between the virtual machine and the external device , which in turn contributes to the realization of distributed routing to the greatest extent.

As shown in FIG. 5 , a third embodiment of the present invention provides a data transmission system based on a flow table, which is used to transmit data packets between multiple network nodes, wherein each network node is deployed with the above-mentioned second embodiment. In the disclosed physical machines, these physical machines can be configured by using the flow table issued by the SDN controller, so that the virtual switch set therein can receive ARP requests from external devices and generate corresponding ARP responses. After receiving the ARP response, the external device can send the data packet to the desired destination terminal.

Specifically, the first node 11 is provided with a first virtual switch 110, and the second node 12 is provided with a second virtual switch 120. The first and second virtual switches 110 and 120 provide virtual machines V1, V2, V3 and virtual machines respectively. Machine V4, V5, V6 routing.

After configuring the virtual switch provided in the physical machine using the flow table, this data transfer system can facilitate bidirectional transmission of data packets between virtual machines and external devices regardless of whether the virtual machines have floating IPs or not.

As an example, if the destination terminal of the data packet 1 points to the virtual machine V1 in the first node 11, the first virtual switch 110 can directly deliver the data packet 1 to the virtual machine V1; if the destination terminal of the data packet points to the second node 12 The first virtual switch 110 forwards the data packet to the second virtual switch 120 through the tunneling technology, and then the second virtual switch 120 delivers the data packet to the virtual machine V5.

In some embodiments of the present invention, at least a portion of the system described above may be implemented using a set of distributed computing devices connected by a communication network, or based on a "cloud". In such systems, multiple computing devices operate together to provide services by using their shared resources.

A "cloud"-based implementation can provide one or more advantages, including: openness, flexibility and scalability, central management, reliability, scalability, optimized for computing resources, with aggregation and analysis across multiple The ability of the user's information, the ability to connect across multiple geographic areas, and the ability to use multiple mobile or data network operators for network connectivity.

According to another embodiment of the present invention, a computer storage medium is provided on which computer-executable instructions are stored, and when executed by a processor, the computer-executable instructions will implement the method in the above-mentioned first embodiment.

According to yet another embodiment of the present invention, a computer program is provided, which includes a batch of computer-executable instructions, which, when executed by a processor, execute the steps of the method in the first embodiment in an orderly manner.

The above description is only for the preferred embodiments of the present invention, and is not intended to limit the protection scope of the present invention. Those skilled in the art may make various modification designs without departing from the spirit of the present invention and the appended claims.

Claims (12)

1. A data transmission method based on a flow table, for providing a data packet to a node in a plurality of network nodes, wherein each of the nodes is respectively deployed with a physical machine, and the physical machine is configured with a virtual switch and at least one a virtual machine, the virtual machine being routed by the virtual switch, the method comprising: a), delivering the flow table to the first virtual switch, so that the external interface corresponding to the first virtual switch is configured to receive an ARP request from an external device; wherein, the first virtual switch is in the corresponding location of the first node the physical machine; b), the first virtual switch generates a corresponding ARP response to the ARP request based on the flow table; c), the external interface receives a data packet from the external device; wherein, the data packet is provided by the external device after receiving the ARP response; d), determining whether the destination virtual machine of the data packet is in the physical machine corresponding to the first node; and e), if the destination virtual machine is in the physical machine corresponding to a second node different from the first node, the first virtual switch forwards the data packet to the second virtual switch; wherein, the The second virtual switch is located in the physical machine corresponding to the second node. 2. The method of claim 1, wherein the flow table is generated by an SDN controller. 3 . The method according to claim 2 , wherein the ARP response at least includes the MAC address of the physical machine corresponding to the first virtual switch. 4 . 4. The method according to claim 2, characterized in that, in step e), the SDN controller is used to obtain the IP address of the physical machine where the second virtual switch is located, and a tunneling technique is used to transfer the data to the IP address. The packet is forwarded to the second virtual switch. 5. The method according to claim 1, wherein the method further comprises: The second virtual switch delivers the data packet to the destination virtual machine. 6 . The method according to claim 1 , wherein the destination virtual machine does not set a floating IP. 7 . 7. A computer storage medium having computer-executable instructions stored thereon, wherein the computer-executable instructions, when executed by a processor, will implement the method of any one of claims 1-6. 8. A computer device comprising a processor, a memory and a batch of computer-executable instructions stored on the memory, the computer-executable instructions, when executed by the processor, executes any of claims 1-6. A step of the method. 9. A physical machine for receiving data packets, deployed at a network node, wherein the physical machine is configured with a virtual switch and at least one virtual machine, the virtual machine is routed by the virtual switch, the virtual machine is The switch is configured based on the flow table as: receiving an ARP request from an external device at an external interface, and generating a corresponding ARP response to the ARP request; receiving a data packet from the external device at the external interface; wherein the data packet is provided by the external device after receiving the ARP response; determining whether the destination virtual machine of the data packet is in the physical machine corresponding to the first node; wherein the first node is the current network node; and If it is determined that the destination virtual machine is in the physical machine corresponding to the second node, forward the data packet to the virtual switch in the physical machine corresponding to the second node; wherein the first The second node is the network node different from the first node. 10. The physical machine according to claim 9, wherein the physical machine is coupled to an SDN controller, and obtains the flow table from the SDN controller. 11. A data transmission system based on a flow table for transmitting data packets between multiple network nodes, wherein each of the network nodes is deployed with a physical machine as claimed in claim 9 or 10. 12. The system of claim 11, wherein the system is deployed based on cloud computing.

Images