The content of the invention
A disclosure technical problem to be solved is how to provide the spirit in a kind of SDNTenant network division methods living, extendible, simplify tenant and divide and tenant's matching field, improveThe performance of network.
The disclosure provides the tenant's division methods in a kind of SDN, including:Receive tenant to sendEstablishment virtual machine request, it is described establishment virtual machine request include tenant's information;Create virtual machineAnd distribute tenant identification for virtual machine according to tenant's information;Close virtual machine corresponding with tenant identificationSystem is advertised to software defined network SDN controllers so that SDN controller managements virtual machine and tenantThe corresponding relation of mark;Wherein, carried by OpenFlow message and interact tenant identification.
Further, the corresponding relation by virtual machine with tenant identification is advertised to SDN controlsDevice, including:Virtual switch is received according to the inquiry virtual machine sent after the access request of virtual machineTenant identification request;According to the request of the tenant identification of the inquiry virtual machine, inquiry is virtualThe corresponding relation of machine and tenant identification;If finding the tenant identification of virtual machine, the tenant is markedKnowledge is sent to virtual switch;Virtual switch extends message by OpenFlowOFPT_VENDOR notices the tenant identification of the virtual machine to SDN controllers.
Further, the virtual switch extends message by OpenFlowAfter OFPT_VENDOR notices the tenant identification of the virtual machine to SDN controllers,Including:SDN controllers record or update the corresponding relation of virtual machine and tenant identification, are tenant pointWith agent controller, wherein, the corresponding relation of virtual machine and tenant identification include MAC, IP withTenant identification corresponding relation.
Further, the corresponding relation by virtual machine with tenant identification is advertised to SDN controllersAlso include:Receive the request of the tenant identification of the inquiry virtual machine that SDN controllers send;Inquiry is emptyThe corresponding relation of plan machine and tenant identification;If finding the tenant identification of virtual machine, pass throughOpenFlow extension corresponding relations of message OFPT_VENDOR by virtual machine with tenant identification leads toAccuse and give SDN controllers.
Further, also include:Virtual switch receives the packet that virtual machine sends;It is virtual to hand overModification packet of changing planes adds OpenFlow extended fields in the loadOFPXMC_EXPERIMENTER is carrying tenant identification;By including described in tenant identificationPacket is sent to OpenFlow switches.
Further, if the packet that virtual switch receives the transmission of virtual machine is first packet,Also include:The first packet is transmitted to into SDN controllers;SDN controllers according toThe information analysis tenant mark of OpenFlow extended field OFPXMC_EXPERIMENTERKnow, obtain tenant identification;The packet is given corresponding generation according to tenant identification by SDN controllersReason controller.
Further, the packet is given corresponding generation according to tenant identification by the SDN controllersAfter reason controller, including:Agent controller calculate communication path, and issue flow table toOpenFlow switches;OpenFlow switches are divided to flow table according to tenant identification and are pacifiedDress, and data forwarding is carried out according to flow table.
Further, also include:OpenFlow switches receive flow table mount request, will streamTable is arranged on the flow table space belonging to tenant;Wherein, if tenant is new tenant, SDN controlsDevice will distribute new agent controller for the new tenant, be responsible for processing described new by agent controllerThe request of tenant;OpenFlow switches are the newly-increased flow table region of the new tenant, in flow table layerRealize that tenant isolates in face.
The tenant that the present invention is also provided in a kind of SDN divides device, including:Receiver module,For receiving the establishment virtual machine request of tenant's transmission, the establishment virtual machine request includes tenantInformation;Processing module, is virtual machine distribution tenant's mark for creating virtual machine and according to tenant's informationKnow;Announcement module, is advertised to software defined network for the corresponding relation by virtual machine with tenant identificationNetwork SDN controllers so that the corresponding relation of SDN controller managements virtual machine and tenant identification, itsIn, carried by OpenFlow message and interact tenant identification.
Further, also include:The receiver module is used to receive virtual switch according to virtual machineAccess request after send inquiry virtual machine tenant identification request;The processing module is used forAccording to the request of the tenant identification of the inquiry virtual machine, inquiry virtual machine is corresponding with tenant identificationRelation;If the announcement module is used for the tenant identification for finding virtual machine, by the tenant identificationIt is sent to virtual switch;Virtual switch extends message by OpenFlowOFPT_VENDOR notices the tenant identification of the virtual machine to SDN controllers.
Further, also include:SDN controllers are recorded or renewal virtual machine is right with tenant identificationShould be related to, be tenant's assignment agent controller, wherein, the corresponding relation of virtual machine and tenant identificationIncluding MAC, IP and tenant identification corresponding relation.
Further, also include:The receiver module is used for the inquiry for receiving the transmission of SDN controllersThe request of the tenant identification of virtual machine;The processing module is used to inquire about virtual machine with tenant identificationCorresponding relation;If the announcement module is used for the tenant identification for finding virtual machine, pass throughOpenFlow extension corresponding relations of message OFPT_VENDOR by virtual machine with tenant identification leads toAccuse and give SDN controllers.
The disclosure also provides a kind of SDN system, including:SDN controllers, agentbased controlDevice, OpenFlow switches, virtual machine switch and the tenant as included in SDN drawThe cloud management platform of separating device.
Further, SDN controllers are used for the correspondence pass for safeguarding and updating tenant identification and virtual machineSystem;Agent controller is used to calculate communication path, and issues flow table;Virtual machine switch is used to connectThe packet that virtual machine sends is received, modification packet adds OpenFlow extended fields in the loadOFPXMC_EXPERIMENTER will be included described in tenant identification with carrying tenant identificationPacket is sent to OpenFlow switches.
Further, if the packet that virtual switch receives the transmission of virtual machine is first packet,The first packet is transmitted to into SDN controllers then;The SDN controllers are used for basisThe information analysis tenant mark of OpenFlow extended field OFPXMC_EXPERIMENTERKnow, obtain tenant identification;SDN controllers are for giving the packet accordingly according to tenant identificationThe agent controller;The agent controller calculates communication path, and issue flow table toOpenFlow switches;OpenFlow switches are for dividing to flow table according to tenant identificationAnd install, and data forwarding is carried out according to flow table.
Further, OpenFlow switches are used to receive flow table mount request, and flow table is pacifiedThe flow table space being mounted in belonging to tenant;Wherein, if tenant is new tenant, SDN controllers willDistribute new agent controller for the new tenant, be responsible for processing the new tenant by agent controllerRequest;OpenFlow switches are the newly-increased flow table region of the new tenant, in flow table aspect realityExisting tenant's isolation.
Tenant's division methods of SDN, device and SDN system that the disclosure is provided,The tenant identification of any digit is introduced, controller is directly distinguished tenant using tenant identification, simply hadEffect, can meet large-scale cloud data center multi-tenant and carry demand, be disappeared using OpenFlow extensionsBreath and extended field carry tenant's information, and tenant's net that reduction fluid space division may cause is overlapping to askTopic, realizes a kind of flexible, efficient tenant network division methods, can be applicable to data center's netThe data communication fields such as network virtualization.
Specific embodiment
With reference to the accompanying drawings the present invention is described more fully, wherein illustrating the example of the present inventionProperty embodiment.
Fig. 1 illustrates the flow chart that the tenant in the SDN of one embodiment of the invention divides.As shown in figure 1, the method mainly includes:
Step 100, receives the establishment virtual machine request that tenant sends, the establishment virtual machine requestInclude tenant's information.
Wherein, tenant's information refers to tenant ID, needs to specify which VM belongs to when VM is createdIndividual tenant.Tenant simply can be represented by 24 digits that its numerical range can be 224。
Step 102, creates virtual machine and distributes tenant identification for virtual machine according to tenant's information.
Before creating empty machine, need first to create tenant (tenant), distribute tenant identification (tenantID);When creating empty machine, it is intended that be the VM of which tenant, so as to realize VM and Tenant IDBinding, so can determine the network of tenant, realize that the network to tenant is divided.
Corresponding relation of the virtual machine with tenant identification is advertised to software defined network by step 104SDN controllers so that the corresponding relation of SDN controller managements virtual machine and tenant identification;ItsIn, carried by OpenFlow message and interact tenant identification.
In one embodiment, the OpenFlow message can disappear including OpenFlow extensionsBreath or OpenFlow extended fields.
Relative to prior art, the embodiment of the present invention realizes a kind of flexible, efficient tenant networkDivision methods, can be applicable to the data communication fields such as data center network virtualization, and its advantage is canMessage and extended field carrying tenant's information are extended using OpenFlow, reduce fluid space and divideThe overlapping problem of tenant's net that may cause, while the Tenant ID for introducing any digit eliminate VLANThe quantity of presence is limited, and controller directly distinguishes tenant using Tenant ID, simple effective, canMeet large-scale cloud data center multi-tenant and carry demand.
In one embodiment, cloud management platform receives access of the virtual switch according to virtual machineThe request of the tenant identification of the inquiry virtual machine sent after request;Cloud management platform is according to the inquiryThe request of the tenant identification of virtual machine, inquires about the corresponding relation of virtual machine and tenant identification;If searchingTo the tenant identification of virtual machine, the tenant identification is sent to into virtual switch;Virtual switchMessage OFPT_VENDOR is extended by OpenFlow the virtual machine is noticed to SDN controllersThe tenant identification;SDN controllers record or update virtual machine pass corresponding with tenant identificationSystem, is tenant's assignment agent controller, wherein, virtual machine is included with the corresponding relation of tenant identificationMAC, IP and tenant identification corresponding relation.
In one embodiment, can be by OpenFlow extension message OFPT_VENDOR definitionIt is as follows:
/*Vendor extension*/
Struct ofp_vendor{
Struct ofp_header header;/*Type OFPT_VENDOR*/
Uint32_t vendor;/*Vendor ID
*-MSB 0:low–order bytes are IEEE OUI
*-MSB!=0:defined by OpenFlow
*consortium*/
/*Vendor-defined arbitrary additional data.*/
};
In one embodiment, tenant's letter of virtual machine directly can be inquired about from controller to cloud platformBreath.Wherein, cloud management platform receives the tenant identification of the inquiry virtual machine that SDN controllers sendAfter request, the corresponding relation of virtual machine and tenant identification is inquired about;If finding tenant's mark of virtual machineKnow, message OFPT_VENDOR is extended by OpenFlow virtual machine is right with tenant identificationShould be related to and be advertised to SDN controllers.
In one embodiment, virtual switch receives the packet that virtual machine sends;Can changePacket, adds OpenFlow extended fields in the loadOFPXMC_EXPERIMENTER is carrying tenant identification;By including described in tenant identificationPacket is sent to OpenFlow switches.Wherein, if virtual switch receives sending out for virtual machineThe packet for sending is first packet, then the first packet is transmitted to SDN controllers;SDN is controlledInformation analysis of the device processed according to OpenFlow extended field OFPXMC_EXPERIMENTERTenant identification, obtains tenant identification;The packet is given phase according to tenant identification by SDN controllersThe agent controller answered;Agent controller calculates communication path, and issues flow table to OpenFlowSwitch;OpenFlow switches are divided to flow table according to tenant identification and are installed, and rootData forwarding is carried out according to flow table.
In one embodiment, OpenFlow extended fieldsThe information of OFPXMC_EXPERIMENTER can be defined as:
/*Header for OXM experimenter match fields*/
Struct ofp_oxm_experimenter_header{
Unit32_t oxm_header;/ * oxm_class=OFPXC_EXPERIMENTER*/
Unit32_t experimenter;/*Experimenter ID*/
};
OFP_ASSERT (sizeof (struct ofp_oxm_experimenter_header)==8);
In one embodiment, OpenFlow switches receive flow table mount request, by flow tableInstalled in the flow table space belonging to tenant;Wherein, if tenant is new tenant, SDN controllersNew agent controller will be distributed for the new tenant, be responsible for processing the new rent by agent controllerThe request at family;OpenFlow switches are the newly-increased flow table region of the new tenant, in flow table aspectRealize that tenant isolates.
The tenant network division methods that the embodiment of the present invention is proposed for SDN, create in tenantDistribute tenant identification for tenant when building virtual machine, and devise new OpenFlow message, pass throughOpenFlow extended fields carry and interact with extension message tenant identification information, realize spiritTenant network living, efficient is divided, and the method safeguards a unique tenant identification for each tenantTenant ID, the Tenant ID with any digit such as 24, and can pass throughOFPT_VENDOR extends message announcement to controller.Packet is passed in OpenFlow networksTenant ID are carried by extended field OFPXMC_EXPERIMENTER during sendingInformation, OpenFlow switches directly distinguish tenant according to packet Tenant ID, are providedSource divides and forwards.Relative to prior art, by OFPT_VENDOR orOFPXMC_EXPERIMENTER carries Tenant id informations, on the one hand can simplify rentFamily divides, and realizes flexible, extendible tenant network, on the other hand can also simplify tenant's matchingField, improves the performance of network.Existing OpenFlow SDNs virtualization side can be solvedMethod divides the possible caused tenant's space overlap problem of tenant, and Mac addresses by fluid spaceAutgmentability and flexibility problem that planning is present.
Fig. 2 illustrates the SDN system schematic of one embodiment of the invention.Such as Fig. 2 institutesShow, tenant A by cloud management platform 201 (OpenStack) create virtual machine such as VM1,When VM2, VM3, cloud management platform 201 is that each virtual machine VM distribution tenant A are correspondingTenant ID (24), if tenant A is new tenant, generation one is unique unduplicated newTenant ID。
Tenant A after cloud management platform 201OpenStack starts a certain virtual machine such as VM2,VM2 access of virtual switches.Virtual switch detect port change (as corresponding port byDown becomes up), cloud platform is inquired about, tenant's information of VM1 is retrieved.Cloud platform is returnedTenant id informations.Virtual switch records the corresponding relation of VM1 and Tenant ID, toOpenFlow controllers send the Tenant ID of OFPT_VENDOR message announcements VM1.Controller records the positional information of VM1, safeguards the mapping relations of VM1 and tenant A, updatesTenant's list.If tenant A is new tenant, controller will distribute new agentbased control for whichDevice, is responsible for processing the request of the tenant by agent controller.
Virtual machine VM1 initiates communication request, and virtual switch 202 receives packet, changesPacket, increases OFPXMC_EXPERIMENTER fields in Payload, carriesTenant id informations.Wherein, if virtual switch 202 lacks corresponding flow table processing data bag(first packet), will upload the packet to controller.Controller parses the Tenant of PayloadID, obtains tenant's information, and the message including tenant identification is transmitted to agent controller 205.The tenant network information calculating forward-path that agent controller 205 is represented according to tenant identification, and underSend out flow table.OpenFlow switches 207 on forward-path receive flow table mount request, will streamTable is installed in the flow table space belonging to tenant A.If tenant A is new tenant, OpenFlow is exchangedMachine is its newly-increased flow table region.Realize that tenant isolates in flow table aspect.
OpenFlow switches 207 can inquire about flow table according to Tenant ID, be advised according to flow tableData forwarding is carried out then.In the case where there is agent controller 205, multiple agent controllers are altogetherFlow table is enjoyed, needs to carry out flow table resource burst, different controllers use different flow table bursts.Additionally, bandwidth, CPU these resources can also be divided.When being forwarded according to tenant id,According to the flow table belonging to Tenant ID inquiries, and flow table can be matched, if matched intoWork(, forwards according to flow table rule, otherwise forwards packet to the corresponding agentbased controls of TenantDevice.
Fig. 3 illustrates that the tenant in a kind of SDN of one embodiment of the invention divides the knot of deviceStructure block diagram, as shown in figure 3, the device includes:
Receiver module 301, it is for receiving the establishment virtual machine request of tenant's transmission, described to create emptyThe request of plan machine includes tenant's information.
Processing module 302, is that virtual machine distributes tenant for creating virtual machine and according to tenant's informationMark.
Announcement module 303, it is fixed for virtual machine and the corresponding relation of tenant identification are advertised to softwareAdopted network SDN controllers so that SDN controller managements virtual machine is corresponding with tenant identification to closeSystem, wherein, carried by OpenFlow message and interact tenant identification.
In one embodiment, the receiver module 301 is used to receive virtual switch according to virtualThe request of the tenant identification of the inquiry virtual machine sent after the access request of machine;Processing module 302 is usedIn the request of the tenant identification according to the inquiry virtual machine, inquiry virtual machine is right with tenant identificationShould be related to;If the announcement module 303 is used for the tenant identification for finding virtual machine, by the rentFamily mark is sent to virtual switch;Virtual switch extends message by OpenFlowOFPT_VENDOR notices the tenant identification of the virtual machine to SDN controllers;SDNController records or updates the corresponding relation of virtual machine and tenant identification, is the control of tenant's assignment agentDevice, wherein, virtual machine includes MAC, IP and tenant identification pair with the corresponding relation of tenant identificationShould be related to.
In one embodiment, the receiver module 301 is used to receive looking into for SDN controllers transmissionAsk the request of the tenant identification of virtual machine;The processing module 302 is used to inquire about virtual machine and tenantThe corresponding relation of mark;If the announcement module 303 is used for the tenant identification for finding virtual machine,Extend message OFPT_VENDOR by OpenFlow to close virtual machine corresponding with tenant identificationSystem is advertised to SDN controllers.
Fig. 4 illustrates a kind of structured flowchart of SDN system of one embodiment of the invention, such as Fig. 4Shown, the system 400 includes:SDN controllers 401, agent controller 402, OpenFlow are handed overChange planes 403, virtual machine switch 404, including in SDN tenant divide device cloud managementPlatform 405 and virtual machine 406;Wherein, SDN controllers 401, for safeguarding and updating tenantThe corresponding relation of mark and virtual machine 406;Agent controller 402, for calculating communication path, andIssue flow table;Virtual machine switch 404, for receiving the packet of virtual machine transmission, changes numberAccording to bag in the load add OpenFlow extended fields OFPXMC_EXPERIMENTER withTenant identification is carried, the packet including tenant identification is sent to into OpenFlow switches403。
In one embodiment, if the packet that virtual switch 404 receives the transmission of virtual machine isFirst packet, then be transmitted to SDN controllers 401 by the first packet;
The SDN controllers 401 are for according to OpenFlow extended fieldsThe information analysis tenant identification of OFPXMC_EXPERIMENTER, obtains tenant identification;SDN controllers 401 are for giving the corresponding agentbased control by the packet according to tenant identificationDevice 402;The agent controller 402 calculate communication path, and issue flow table give OpenFlow hand overChange planes;OpenFlow switches 403 for being divided to flow table according to tenant identification and being installed,And data forwarding is carried out according to flow table.
In one embodiment, OpenFlow switches 403 are used to receive flow table mount request,Flow table is arranged on into the flow table space belonging to tenant;Wherein, if tenant is new tenant, SDNController 401 will distribute new agent controller 402 for the new tenant, by agent controller 402It is responsible for processing the request of the new tenant;OpenFlow switches 403 are its newly-increased flow table region,Realize that tenant isolates in flow table aspect.
Fig. 5 shows that the tenant in the SDN of one embodiment of the invention divides the structure of deviceBlock diagram.It can be the host services for possessing computing capability that tenant in SDN divides device 500Device, personal computer PC or portable portable computer, mobile terminal or other endsEnd etc..The specific embodiment of the invention is not limited to implementing for calculate node.
Tenant in SDN divides device 500 includes that processor (processor) 501, communication connectMouth (Communications Interface) 502, memorizer (memory) 503 and bus 504.ItsIn, processor 501, communication interface 502, and memorizer 503 completed each other by bus 504Communication.
Communication interface 502 is used for and network device communications, and the wherein network equipment includes such as virtual machineAdministrative center, shared storage etc..
Processor 501 is used for configuration processor.Processor 501 can be a central processor CPU,Or can be application-specific integrated circuit ASIC (Application Specific IntegratedCircuit), or be arranged to implement the embodiment of the present invention one or more integrated circuits.
Memorizer 530 is used to deposit file.Memorizer 530 can include high-speed RAM memorizer,Also nonvolatile memory (non-volatile memory), for example, at least one disk can also be includedMemorizer.Memorizer 530 can also be memory array.Memorizer 530 is also possible to by piecemeal, andAnd block can be combined into virtual volume by certain rule.
In one embodiment, said procedure can be the program generation for including computer-managed instructionCode.The program is particularly used in:The establishment virtual machine request that tenant sends is received, it is described to create emptyThe request of plan machine includes tenant's information;Create virtual machine and rented for virtual machine distribution according to tenant's informationFamily identifies;Corresponding relation of the virtual machine with tenant identification is advertised to into software defined network SDN controlsDevice so that the corresponding relation of SDN controller managements virtual machine and tenant identification;Wherein, pass throughOpenFlow message is carried and interaction tenant identification.
In one specifically embodiment, the corresponding relation by virtual machine with tenant identification leads toAccuse and give SDN controllers, including:Receive virtual switch to send according to after the access request of virtual machineInquiry virtual machine tenant identification request;According to asking for the tenant identification for inquiring about virtual machineAsk, inquire about the corresponding relation of virtual machine and tenant identification;If finding the tenant identification of virtual machine,The tenant identification is sent to into virtual switch;Virtual switch is disappeared by OpenFlow extensionsBreath OFPT_VENDOR notices the tenant identification of the virtual machine to SDN controllers;SDN controllers record or update the corresponding relation of virtual machine and tenant identification, are tenant's assignment agentController, wherein, virtual machine includes MAC, IP and tenant's mark with the corresponding relation of tenant identificationKnow corresponding relation.
In one specifically embodiment, the corresponding relation by virtual machine with tenant identification leads toAccusing also includes to SDN controllers:Receive the tenant identification of the inquiry virtual machine that SDN controllers sendRequest;The corresponding relation of inquiry virtual machine and tenant identification;If finding tenant's mark of virtual machineKnow, message OFPT_VENDOR is extended by OpenFlow virtual machine is right with tenant identificationShould be related to and be advertised to SDN controllers.
Those of ordinary skill in the art are it is to be appreciated that each example in embodiment described hereinProperty unit and algorithm steps, can be with electronic hardware or the knot of computer software and electronic hardwareClose to realize.These functions actually with hardware or software form realizing, depending on technical schemeApplication-specific and design constraint.Professional and technical personnel can be selected not for specific applicationWith method realizing described function, but this realize it is not considered that beyond the model of the present inventionEnclose.
If function is realized using in the form of computer software and as independent production marketing or useWhen, then to a certain extent it is believed that all or part of technical scheme is (such as to existingHave the part that technology contributes) embody in form of a computer software product.The computerSoftware product is generally stored inside in the non-volatile memory medium of embodied on computer readable, including some fingersOrder is used so that computer equipment (can be personal computer, server or the network equipmentDeng) perform various embodiments of the present invention method all or part of step.And aforesaid storage medium bagInclude USB flash disk, portable hard drive, read only memory (ROM, Read-Only Memory), randomAccess memorizer (RAM, Random Access Memory), magnetic disc or CD etc. are variousCan be with the medium of store program codes.