Embodiment
A kind of network environment that the embodiment of the present invention is applied as shown in Figure 1, in SDN, comprises multiple main frames of control appliance, switch and access switch.Switch can be in esse hardware switch also can be VS (Virtual Switch, virtual switch), and main frame can be in esse main frame also can be VM (Virtual Machine, fictitious host computer).Switch shown in Fig. 1 and main frame are respectively VS (comprising VS1 and VS2) and VM (comprising VM1, VM2, VM3 and VM4), each VS comprises again multiple port (Port), as VS1 comprises VS1-Port1, VS1-Port2, VS1-Port3, wherein, control appliance and VS1 disconnect.The ARP set up by the ARP information of study preserved by each main frame, each ARP has its fixing ageing time, before each ARP is aging, the ARP that main frame can carry out a new round by switch to control appliance transmission ARP request message learns, after control appliance receives the ARP request message of main frame transmission, usually this ARP request message is broadcasted, to obtain the information that this ARP request message is asked.But in order to reduce the quantity of broadcasting packet, this ARP request message can not be broadcasted by control appliance, but each host information preserved according to self by control appliance is to the host response arp reply message sending ARP request message.But, if control appliance and switch disconnect, as control appliance in Fig. 1 to be connected with VS1 disconnect time, the ARP request message of being initiated by VM1 just cannot by deliver to control appliance, thus cannot answer in controlled device generation, if so do not receive the arp reply message that control appliance is replied within the ARP ageing time of VM1, the ARP of VM1 then can be deleted when ageing time arrives, VM1 thus be difficult to communicate with other main frame.
For this reason, the invention provides arp reply Proxy Signature Scheme to solve the predicament run in prior art.
See Fig. 2, be an embodiment flow chart of arp reply Proxy Method of the present invention, this embodiment is applied on the switch of SDN, comprises the following steps:
Step 201, the ARP request message that Receiving Host sends;
In the embodiment of the present invention, exchange opportunity receives the ARP request message that connected each main frame regularly sends, this ARP request message is forwarded to control appliance via switch, each host information that control appliance is preserved according to self is to the host response arp reply message sending ARP request message, the arp reply message of being replied according to control appliance by main frame carries out ARP study, and upgrades the ageing time of the ARP that self preserves.
Step 202, if detect, described switch and control appliance disconnect, then resolve the message information of described ARP request message;
In the embodiment of the present invention, prestore the MAC/IP stream list item that control appliance issues in switch, the list item information of this MAC/IP stream list item comprises the source MAC of stream list item, object MAC, inbound port, source IP address and object IP address.The present invention can the connection status of Real-Time Monitoring switch and control appliance, even if switch and control appliance disconnecting, the MAC/IP that switch is preserved flows list item and remains unchanged.Thus, when receiving the ARP request message that main frame sends, if monitor the disconnecting of switch and control appliance, then parse the message information of this ARP request message, replace control appliance to reply arp reply message to make switch according to the message information parsed.This message information comprises the source MAC of described ARP request message, source IP address, inbound port and object IP address.
But when switch is connected normal with control appliance, switch still delivers to control appliance by this ARP request message after receiving the ARP request message of main frame transmission, replys arp reply message by control appliance.
Step 203, judges whether the list item information of the stream list item that described message information and described switch prestore mates;
After the message information parsing described ARP request message, all stream list items that traversal switch is preserved, the source MAC of described ARP request message, source IP address, inbound port and object IP address are compared with the source MAC of described stream list item, source IP address, inbound port and object IP address respectively, if all consistent, then determine that described message information mates with described list item information.
Particularly, first travel through all stream list items preserved in switch, search in coupling (Match) territory of each stream list item whether have the object IP address consistent with the object IP address of this ARP request message.Wherein, the source MAC that Match territory comprises, source IP address, inbound port, source IP address and object IP address, if there be the object IP address consistent with the object IP address of this ARP request message in stream list item, then further the source MAC, source IP address and the inbound port that have in the stream list item Match territory of consistent object IP address are compared with the source MAC of described ARP request message, source IP address and inbound port respectively, if all consistent, can determine that described message information mates with the list item information of described stream list item.If do not find the object IP address consistent with the object IP address of this ARP request message in the Match territory of each stream list item, illustrate in switch and do not preserve the forwarding flow list item corresponding with it.So then can think that the target MAC (Media Access Control) address that this ARP request message is asked can be following one of two things:
The target MAC (Media Access Control) address that a, this ARP request message are asked is the MAC Address of gateway;
Suppose that in Fig. 1, VM1 and VM3 is the fictitious host computer of the different IP addresses network segment, send request the ARP request message of the MAC Address of VM3 at VM1 before, if VM1 judges VM3 and it is not at same IP address network segment, so then can send the ARP request message that object IP address is gateway ip address, to ask the MAC Address of gateway, in this case, determine that the target MAC (Media Access Control) address that this ARP request message is asked is the MAC Address of gateway.
The target MAC (Media Access Control) address that b, this ARP request message are asked is the MAC Address (carrying out the main frame of ARP study first) of the same network segment main frame also not setting up stream list item.
For when not finding the object IP address consistent with the object IP address of this ARP request message in the Match territory of each stream list item (situation a or situation b), illustrate in switch and do not preserve the forwarding flow list item corresponding with it.Can first compare according to the source MAC in the source MAC of described ARP request message and source IP address and described stream list item Macth territory and source IP address, if the source MAC of the source MAC of ARP request message and source IP address and described stream list item and source IP address consistent, and the inbound port of described stream list item is consistent with the switch ports themselves receiving described ARP request message, check further again in action (action) territory in the stream list item consistent with the source MAC of ARP request message and source IP address and whether have modified source MAC and target MAC (Media Access Control) address, namely whether action territory there occurs the action that MAC Address is replaced, if, when in action territory after replacement, source MAC is consistent with the target MAC (Media Access Control) address (i.e. the MAC Address of gateway) in match territory, determine that described message information mates with described list item information.
But, in the stream list item consistent with the source MAC of ARP request message and source IP address, many action territories may be had to there occurs the stream list item of MAC Address replacement, now, the stream list item carrying out MAC Address replacement in any action territory can be chosen and mate.Because these many source MACs carried out in the action territory of MAC Address replacement are the MAC Address of gateway, therefore choose any stream list item carrying out the action territory of MAC Address replacement to mate, all can produce same matching result, in the action territory after namely replacing, source MAC is consistent with the target MAC (Media Access Control) address (i.e. the MAC Address of gateway) in match territory.
Still for Fig. 1, when VM1 asks destination host VM3, VM3 is judged and it is not at same IP address network segment due to VM1, therefore the object IP address that the ARP request message sent is asked is the IP address of gateway, searches less than the stream list item consistent with this object IP address in the stream list item that switch prestores.So, if the source MAC of VM1 and the source IP address of VM1 are consistent with the source MAC in stream list item Macth territory and source IP address in this ARP request message, the switch ports themselves VM1-Port1 receiving described ARP request message is consistent with the corresponding inbound port VM1-Port1 flowing list item, the amendment to source MAC and target MAC (Media Access Control) address whether is there is in the action territory of this stream list item of further inspection, namely be whether that the MAC Address of VM1 is revised as gateway MAC address by original source MAC, it is the MAC Address that the MAC Address of gateway is revised as VM3 by original target MAC (Media Access Control) address, if, illustrate that action territory there occurs the action of MAC Address replacement, and replace after action territory in source MAC consistent with the target MAC (Media Access Control) address (MAC Address of gateway) in match territory.So can determine that described message information mates with the list item information of described stream list item.
Step 204, if described message information mates with described list item information, obtains target MAC (Media Access Control) address;
According to above-mentioned matching way by message information with stream list item list item information comparison after, when described ARP request message and the source MAC in stream list item Match territory, source IP address, inbound port and object IP address are all consistent, the target MAC (Media Access Control) address of the destination host that the target MAC (Media Access Control) address in the correspondence stream list item obtained is asked for described ARP request message;
The source MAC of the source MAC of described ARP request message and source IP address and described stream list item and source IP address consistent, and have modified source MAC and target MAC (Media Access Control) address in action territory in the stream list item consistent with the source MAC of ARP request message and source IP address, and the inbound port of described stream list item consistent with receiving the switch ports themselves of described ARP request message time, the target MAC (Media Access Control) address in the correspondence stream list item obtained can be the MAC Address of gateway.
Step 205, sends arp reply message according to described target MAC (Media Access Control) address to described main frame.
After getting the target MAC (Media Access Control) address that ARP request message asks, switch can replace control appliance to generate arp reply message according to the target MAC (Media Access Control) address of this acquisition, the source MAC of described arp reply message is the target MAC (Media Access Control) address (target MAC (Media Access Control) address corresponding with the list item information of stream list item or gateway MAC address) of above-mentioned acquisition, the target MAC (Media Access Control) address of described arp reply message is the source MAC of described ARP request message, and the arp reply message of this generation is sent to the main frame sending described ARP request message, the target MAC (Media Access Control) address in this arp reply message is used to upgrade the ARP of self to make main frame, prevent the ARP of main frame aging.
The present invention is preferably in embodiment, if detecting that described switch is connected with described control appliance the service message that normal rear switch receives the inter-host communication setting up ARP, first by switch, the stream list item that the message informations such as the target MAC (Media Access Control) address of this service message and object IP address prestore with self is mated, if coupling, then by described service message by with coupling stream list item in corresponding outbound port be forwarded to corresponding main frame.Such as this service message is that VM1 and VM2 is when carrying out the service message communicated, switch preserves the stream list item of VM1 and VM2, therefore, when the target MAC (Media Access Control) address of this service message and object IP address mate with stream list item, this service message is forwarded to VM2 by VM1-Port2.
If this service message does not match any stream list item of switch, or this service message can match switch preserve perform an action as the Table Miss (default stream list item) above sending control appliance, this service message will by deliver to control appliance process.Such as, this service message is that VM1 and VM4 is when carrying out the service message communicated, the object IP address of this service message is the IP address of VM4, target MAC (Media Access Control) address is the gateway MAC address in the arp reply message answered in above-mentioned switch generation, because switch does not preserve the stream list item corresponding with it, therefore the target MAC (Media Access Control) address of this service message and object IP address cannot match and flow list item arbitrarily, so by this service message by VM1-Port3 delivers to control appliance.
Control appliance prestores the host information of each main frame, this host information comprises MAC Address and the IP address of each main frame, control appliance is after receiving this service message, when the object IP address being checked through described service message according to this host information is not mated with corresponding target MAC (Media Access Control) address, the target MAC (Media Access Control) address mistake of this service message is described, so then initiatively issue gratuitous ARP list item by switch to described main frame, namely the ARP update including correct target MAC (Media Access Control) address is sent to described main frame, the ARP of the correspondence that it is preserved is refreshed according to described ARP update to make main frame.And, the target MAC (Media Access Control) address that control appliance uses this correct revises the target MAC (Media Access Control) address of mistake in described service message, afterwards described service message is packaged in Pack-out message, is sent to the main frame corresponding with described correct target MAC (Media Access Control) address by the outbound port that switch is corresponding with described correct target MAC (Media Access Control) address.In addition, control appliance issues the forwarding flow list item with the main frame sending ARP request message and the destination host of asking to switch, during the service message sent to asked destination host to make the main frame of subsequently received described transmission ARP request message, without the need to delivering to control appliance by this service message again, can be forwarded according to this forwarding flow list item by switch.
See Fig. 3, be another embodiment flow chart of arp reply Proxy Method of the present invention, this embodiment is applied on the control appliance of SDN, comprises the following steps:
Step 301, if monitor to be connected with switch normal after receive the service message that switch send, then resolve the message information of described service message;
In the embodiment of the present invention, control appliance prestores the host information of each main frame, and this host information comprises MAC Address and the IP address of each main frame.If control appliance be connected with described switch normal after receive the service message that switch send, illustrate that this service message is the message of any stream list item not matching switch, or also can be performing an action as the service message of the Table Miss (default stream list item) that above send control appliance of matching that switch preserves.Control appliance after receiving this service message, then resolves the message information of described service message, and this message information comprises object IP address and the target MAC (Media Access Control) address of described service message.
Step 302, mates the host information that the message information of described service message and self prestore;
After the message information of resolving described service message, the MAC Address of each main frame in the object IP address of described message information and target MAC (Media Access Control) address and the host information that prestores and IP address are compared, if the object IP address of message information is consistent with the IP address of main frame in host information, when but the MAC Address that the target MAC (Media Access Control) address of described message information is corresponding with the IP address (the object IP address of described service message) of described main frame is inconsistent, determine that the host information that the message information of described service message and self prestore does not mate, the target MAC (Media Access Control) address mistake of this service message is then described.
Step 303, when the host information that message information and self of described service message prestore does not mate, issues ARP update by described switch to main frame.
When the target MAC (Media Access Control) address mistake of described service message, obtain MAC Address corresponding with the object IP address of described message information in described host information, initiatively issue gratuitous ARP list item by switch to described main frame, namely described ARP update is generated according to described MAC Address, and described ARP update is issued to the main frame sending described service message by described switch, upgrade the ARP of described main frame preservation to make described main frame according to described ARP update.And, the target MAC (Media Access Control) address that control appliance uses this correct revises the target MAC (Media Access Control) address of mistake in described service message, afterwards described service message is packaged in Pack-out message, is sent to the main frame corresponding with described correct target MAC (Media Access Control) address by the outbound port corresponding with described correct target MAC (Media Access Control) address.
In addition, control appliance can issue the forwarding flow list item with the main frame sending ARP request message and the destination host of asking to switch, during the service message sent to asked destination host to make the main frame of subsequently received described transmission ARP request message, without the need to delivering to control appliance by this service message again, can be forwarded according to this forwarding flow list item by switch.
See Fig. 4, for another embodiment flow chart of arp reply Proxy Method of the present invention, this embodiment composition graphs 1, by main frame (VM), between switch (VS) and control appliance, describe arp reply agent process alternately in detail, comprise the following steps:
Step 401, the ARP request message that switch Receiving Host sends;
In the embodiment of the present invention, suppose that VM1, VM2 and VM4 coexist in the network of two layers, need three layers of forwarding between VM1 and VM3, switch VS1 preserves the stream list item between VM1 and VM2 and VM1 and VM3, does not preserve the stream list item between VM1 and VM4.
If VM1 needs to communicate with VM2, VM3 and VM4 respectively, but the ARP of self is aging, then can send request by VS-Port1 the ARP request message that object IP address is the IP address of VM2, VM3 and VM4 respectively.
Step 402, whether the connection of monitoring switch and control appliance disconnects, if connect normal, performs step 403, and terminates current process; If disconnect, perform step 404;
Step 403, the ARP request message that main frame sends by switch send control appliance, terminates current process;
During default stream list item in the stream list item that prestores of ARP request message hit switch, the ARP request message that main frame is sent is sent control appliance, and terminates current process.
Step 404, switch resolves the message information carried in ARP request message;
VS1 then parses the message information of each ARP request message after receiving the ARP request message that VM1 sends respectively respectively, and this message information comprises the source MAC of described ARP request message, source IP address, inbound port and object IP address.
Step 405, switch checks whether the stream list item all consistent with message information, if all consistent, performs step 406, if inconsistent, performs step 407;
All stream list items that traversal VS1 preserves, the source MAC of each ARP request message, source IP address, inbound port and object IP address are compared with the source MAC of described stream list item, source IP address, inbound port and object IP address respectively, if all consistent, can determine that described message information mates with described list item information.
In the embodiment of the present invention, because VM1 and VM2 coexists in the network of two layers, and VS1 preserves the stream list item between VM1 and VM2, therefore when mating, message information in the ARP message of the request VM2 that VM1 sends can match the list item information in the stream list item that VS1 prestores, namely determine that described message information mates with described list item information, illustrate in the stream list item that VS1 prestores have the stream list item all consistent with message information, and perform step 406.
When VM1 asks the MAC Address of VM3, because VM1 and VM3 is not at same IP address network segment, VM1 is when asking the MAC Address of VM3, object IP address in ARP request message can be changed into the IP address of gateway, so because VS1 does not preserve VM1 and gateway stream list item, therefore, when mating, the stream list item consistent with the object IP address of this ARP request message cannot be matched in the stream list item of switch; When VM1 asks the MAC Address of VM4, although VM1 and VM4 is at same IP address network segment, but because VM1 and VM4 is for carry out ARP study first, switch is not preserved the stream list item of this VM1 and VM4, therefore, when mating, in the stream list item of switch, the stream list item consistent with the object IP address of this VM4 cannot also be matched.When above-mentioned two situations, perform step 407.
Step 406, obtains target MAC (Media Access Control) address corresponding in this stream list item, generates arp reply message, and perform step 409 according to target MAC (Media Access Control) address.
When VM1 asks the target MAC (Media Access Control) address of VM2, message information in the ARP request message of the request VM2 that VM1 sends can match the list item information in the stream list item that VS1 prestores, now, the target MAC (Media Access Control) address obtained is MAC Address (MAC Address of VM2) corresponding in described coupling stream list item.VS1 can replace control appliance to generate arp reply message according to the MAC Address of the VM2 obtained, the source MAC of described arp reply message is the target MAC (Media Access Control) address of described stream list item, and the target MAC (Media Access Control) address of described arp reply message is the source MAC of described ARP request message.
Step 407, switch has checked whether consistent with source MAC, source IP address and inbound port in Match territory, and the stream list item consistent with the target MAC (Media Access Control) address in match territory of the source MAC after MAC Address replacement is carried out in action territory, if perform step 408, otherwise in generation, is not answered, and terminates current process.
For the ARP request message of request VM3 and VM4, can compare according to the source MAC of the source MAC of described ARP request message and source IP address and described stream list item and source IP address, if the source MAC of the source MAC of ARP request message and source IP address and described stream list item and source IP address consistent, and the inbound port of described stream list item is consistent with the switch ports themselves receiving described ARP request message, then check further in the action territory in the stream list item consistent with the source MAC of ARP request message and source IP address and whether have modified source MAC and target MAC (Media Access Control) address, namely whether action territory there occurs the action that MAC Address is replaced, if, when in action territory after replacement, source MAC is consistent with the target MAC (Media Access Control) address in match territory, determine that described message information mates with described list item information, go to step 408, otherwise in generation, is not answered, and terminate current process.
Step 408, the MAC Address obtaining gateway generates arp reply message according to gateway MAC address.
VM1 is asked to the ARP request message of VM3 and VM4, namely when switch does not preserve the corresponding stream list item between main frame with asked destination host, obtain the MAC Address of gateway as target MAC (Media Access Control) address.After getting the target MAC (Media Access Control) address that ARP request message asks, VS1 can replace control appliance to generate arp reply message according to the MAC Address of the gateway of this acquisition, the source MAC of described arp reply message is the MAC Address of gateway, and the target MAC (Media Access Control) address of described arp reply message is the source MAC of described ARP request message.
Step 409, the arp reply message of generation is issued to the main frame sending ARP request message by switch.
Step 410, if control appliance be connected with switch normal after receive the service message that switch send, then resolve the message information of described service message.
The present invention is preferably in embodiment, if detecting that described switch is connected with described control appliance the service message that normal rear switch receives the inter-host communication with ARP, first the stream list item that the message informations such as the target MAC (Media Access Control) address of this service message and object IP address prestore with self mates by switch, if this service message does not match any stream list item of switch, or this service message can match performing an action as the Table Miss (default stream list item) above sending control appliance of switch preservation.Now, this service message will by deliver to control appliance process.Such as, this service message is that VM1 and VM4 is when carrying out the service message communicated, the object IP address of this service message is the IP address of VM4, target MAC (Media Access Control) address is the gateway MAC address in the arp reply message answered in above-mentioned switch generation, because switch does not preserve the stream list item of VM1 and VM4, therefore cannot match at the target MAC (Media Access Control) address of this service message and object IP address and flow list item arbitrarily, so by this service message by VM1-Port3 delivers to control appliance.
Control appliance, when receiving the service message that this send, obtains the message information of this service message, and this message information comprises object IP address and the target MAC (Media Access Control) address of service message.Such as, this service message be VM1 and VM4 carry out the service message communicated time, the object IP address of this service message is the IP address of VM4, and target MAC (Media Access Control) address is the MAC Address of the gateway in the above-mentioned switch arp reply message answered of generation.
Step 411, the host information that the message information of described service message and self prestore mates by control appliance; If the message information of described service message does not mate with the host information that self prestores, perform step 414;
Control appliance prestores the host information of each main frame, this host information comprises the port information of the MAC Address of each main frame, IP address and correspondence, control appliance is after the message information of resolving described service message, find that the object IP address of this service message is the IP address of VM4, target MAC (Media Access Control) address is the MAC Address (gateway MAC address of replying in the arp reply message that switch generation is answered) of gateway.So the IP address of the VM4 of described service message information and target MAC (Media Access Control) address and the MAC Address of each main frame prestored and IP address are compared, the IP address of this VM4 and the IP address of VM4 in host information consistent, but when the MAC Address that target MAC (Media Access Control) address is corresponding with the IP address of described VM4 is inconsistent, determine that the host information that the message information of described service message and self prestore does not mate, then the target MAC (Media Access Control) address mistake of this service message is described.
Step 412, obtains MAC Address corresponding with the object IP address of described message information in described host information, issues ARP update by described switch to main frame, and service message is sent to corresponding destination host;
When the target MAC (Media Access Control) address mistake of described service message, obtain MAC Address (MAC Address of VM4) corresponding with the object IP address (the IP address of VM4) of described message information in described host information, initiatively issue gratuitous ARP by switch to described VM1, namely generate described ARP update according to the MAC Address of VM4, described ARP update is issued to VM1 by described switch.Further, control appliance use the MAC Address of this VM4 to revise in described service message mistake target MAC (Media Access Control) address, afterwards described service message is packaged in Pack-out message, is sent to VM4 by the outbound port corresponding with the MAC Address of VM4.
Step 416, control appliance issues the forwarding flow list item with the main frame sending ARP request message and the destination host of asking to switch;
Control appliance issues the forwarding flow list item between VM1 and VM4 to switch.
Step 417, the ARP update that switch receiving control apparatus issues and forwarding flow list item;
Step 418, ARP update is issued to the main frame sending described service message by switch;
Described ARP update is sent to VM1 after receiving the ARP update that control appliance issues by switch, upgrades its ARP of preserving to make VM1 according to described ARP update.
Step 419, switch preserves described forwarding flow list item;
Switch receives and preserves the forwarding flow list item between VM1 and VM4 that control appliance issues, during the service message sent to VM4 to make subsequently received VM1, without the need to delivering to control appliance by this service message again, can be forwarded according to this forwarding flow list item by switch.
Corresponding with the embodiment of arp reply Proxy Method of the present invention, present invention also offers the embodiment of arp reply agent apparatus.
The embodiment of arp reply agent apparatus of the present invention can be applied on the switch in SDN.This device embodiment can pass through software simulating, also can be realized by the mode of hardware or software and hardware combining.For software simulating, as the device on a logical meaning, be by the CPU of its place equipment, computer program instructions corresponding in nonvolatile memory is read operation in internal memory to be formed.Say from hardware view, as shown in Figure 5, for a kind of hardware structure diagram of arp reply agent apparatus place of the present invention equipment, except the CPU shown in Fig. 5, internal memory, the network port and nonvolatile memory, in embodiment, the equipment at device place can also comprise other hardware usually, as the forwarding chip etc. of responsible process message; May be also distributed equipment from this equipment of hardware configuration, multiple interface card may be comprised, to carry out the expansion of Message processing at hardware view.
See Fig. 6, be the example structure schematic diagram of arp reply agent apparatus of the present invention, its in essence this device be a logic device.In the present embodiment, for software simulating, this arp reply agent apparatus can comprise on logic level: message receiving element 601, first packet parsing unit 602, first information matching unit 603, MAC Address acquiring unit 604 and message generation answers unit 605.Wherein:
Message receiving element 601, for the ARP request message that Receiving Host sends;
First packet parsing unit 602, during for detecting that described switch and control appliance disconnect, resolves the message information of described ARP request message;
First information matching unit 603, for judging whether the list item information of the stream list item that described message information and described switch prestore mates;
MAC Address acquiring unit 604, for when described message information mates with described list item information, obtains the object medium access control MAC Address in described list item information;
In message generation, answers unit 605, for sending arp reply message according to described target MAC (Media Access Control) address to described main frame.
Further, described device can also comprise stream list item matching unit 606, for described switch receives the main frame that sends described ARP request message and sends service message when being connected normal with described control appliance being detected, the stream list item described service message and self prestored mates; If described service message coupling default stream list item, control appliance is delivered to by described service message, to make control appliance, the host information that the message information of described service message and self prestore is compared, and described message information and host information are when inconsistent, issue ARP update by described switch to main frame.
Refer to Fig. 7, the first information matching unit 603 in Fig. 6 specifically can comprise: the first coupling subelement 6031 and the second coupling subelement 6032.In order to example is convenient, also show above-mentioned two subelements in Fig. 6, in practical application, can wherein arbitrary subelement be only set as required.Wherein, first coupling subelement 6031 is for comparing the source MAC of described ARP request message, source IP address, inbound port and object IP address with the source MAC of described stream list item, source IP address, inbound port and object IP address respectively, if all consistent, then determine that described message information mates with described list item information; Second coupling subelement 6032, for the source MAC of the source MAC of described ARP request message and source IP address and described stream list item and source IP address consistent, and the inbound port of described stream list item consistent with receiving the switch ports themselves of described ARP request message time, determine that described message information mates with described list item information;
Refer to Fig. 8, MAC Address acquiring unit 604 in Fig. 6 specifically can comprise object MAC and obtain subelement 6041 or gateway MAC acquisition subelement 6042, for example is convenient, illustrate in Fig. 8 that object MAC obtains subelement 6041 and gateway MAC obtains subelement 6042 simultaneously, wherein: object MAC obtains subelement 6041, for obtaining the target MAC (Media Access Control) address in the list item information of coupling; Gateway MAC obtains subelement 6042, for obtaining the MAC Address of gateway as described target MAC (Media Access Control) address.
Refer to Fig. 9, in message generation in Fig. 6, is answered unit 605 and specifically can comprise: message generates subelement 6051 and message sends subelement 6052, wherein, message generates subelement 6051, for generating arp reply message, the source MAC of described arp reply message is the target MAC (Media Access Control) address of described stream list item, and the target MAC (Media Access Control) address of described arp reply message is the source MAC of described ARP request message; Message sends subelement 6052, for sending the arp reply message generated to described main frame.
See Figure 10, described message receiving element 601 can also comprise reception subelement 6011 and issue subelement 6012.Wherein: receive subelement 6011, for the ARP update that receiving control apparatus sends, described ARP update is when the message information of the service message that control appliance receives is inconsistent with the host information that self prestores, according to the ARP update of the respective hosts information generation found; Issue subelement 6012, for described ARP update is issued to the main frame corresponding with described host information.
Another embodiment of arp reply agent apparatus of the present invention can be applied on the control appliance in SDN.This device embodiment can pass through software simulating, also can be realized by the mode of hardware or software and hardware combining.For software simulating, as the device on a logical meaning, be by the CPU of its place equipment, computer program instructions corresponding in nonvolatile memory is read operation in internal memory to be formed.Saying from hardware view, is a kind of hardware structure diagram of arp reply agent apparatus place of the present invention equipment, for example is convenient, also show the hardware structure schematic diagram of arp reply agent apparatus place switch and control appliance in Fig. 5.Except the CPU shown in Fig. 5, internal memory, the network port and nonvolatile memory, in embodiment, the equipment at device place can also comprise other hardware usually, as the forwarding chip etc. of responsible process message; May be also distributed equipment from this equipment of hardware configuration, multiple interface card may be comprised, to carry out the expansion of Message processing at hardware view.
See Figure 11, be another example structure schematic diagram of arp reply agent apparatus of the present invention, its in essence this device be a logic device.In the present embodiment, for software simulating, this arp reply agent apparatus can comprise on logic level: the second message resolution unit 1101, second information matching unit 1102 and message issue unit 1103.Wherein:
Second message resolution unit 1101, for monitor to be connected with switch normal after receive the service message that switch send, resolve the message information of described service message;
Second information matching unit 1102, mates for the host information message information of described service message and self prestored;
Message issues unit 1103, for when the message information of described service message does not mate with the host information that self prestores, issues ARP update by described switch to main frame.
As shown in figure 12, described second information matching unit 1102 in Figure 11 specifically can comprise address comparer unit 11021 and matching judgment subelement 11022.Wherein: address comparer unit 11021, for the object IP address of described message information and the MAC Address of target MAC (Media Access Control) address and each main frame and IP address are compared; Matching judgment subelement 11022, for the object IP address of message information and the IP address of main frame in host information consistent, when the MAC Address that the target MAC (Media Access Control) address of described message information is corresponding with the IP address of described main frame is inconsistent, determine that the host information that the message information of described service message and self prestore does not mate.
As shown in figure 13, the described message in Figure 11 issues unit 1103 and specifically can comprise update and generate subelement 11031 and update and issue subelement 11032.Wherein: update generates subelement 11031, obtains MAC Address corresponding with the object IP address of described message information in described host information, generates described ARP update according to described MAC Address; Update issues subelement 11032, for described ARP update to be issued to the main frame sending described service message by described switch, upgrades the ARP of described main frame preservation to make described main frame according to described ARP update.
As can be seen from the execution mode of above various method and apparatus, the present invention is by when detecting that described switch and control appliance disconnect, judge whether its message information mates with the list item information of stream list item according to the ARP request message received, and send arp reply message according to target MAC (Media Access Control) address corresponding in stream list item to described main frame when mating, thus when switch and control appliance disconnect, arp reply message is replied, to ensure the proper communication between main frame by switch agent control device.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.