软件定义网络中规则管理关键技术研究

发布时间：2018-06-21 14:04

本文选题：软件定义网络 + 规则管理　；参考：《北京邮电大学》2017年博士论文

【摘要】：传统网络僵化的体系结构为网络管理和创新研究带来了很大挑战。因此,学术界和产业界提出了许多网络革新方案。美国国防部高级研究计划局1990年提出了主动网络。它的基本思想是分组在传输过程中携带自定义代码,网络设备通过执行这些代码对分组进行灵活处理。与此同时,OpenSig组织建议在网络设备上开放编程接口,允许服务提供商利用中间件(如COBAR)对网络进行控制。ForCES,PCEP和RCP提出了针对路由协议控制平面与数据平面分离的方案。4D架构,SANE和Ethane提出了控制平面与数据平面完全分离,并且控制平面逻辑中心化的方案。通过对上述网络可编程,控制平面和数据平面分离方案的借鉴,软件定义网络(Software-Defined Networking,SDN)成为人们将白盒设计思想引入网络的重要成果,引起了学术界和产业界的广泛关注。在SDN中,网络交换机的功能非常简单,仅负责数据转发。所有交换机的控制功能被逻辑集中于控制器中,极大地方便了网络管理。网络管理员不需要再根据网络状态变化,频繁地对网络设备进行逐个设置,仅需要在控制器上配置能够动态响应的高层策略。SDN对网路创新也有着巨大的推动作用。通过在控制器上进行编程,研究人员可以快速地部署新的网络功能。OpenFlow综合考虑了 SDN的网络完全可编程的目标与实际部署的复杂性,使SDN由理论变为现实。OpenFlow协议已成为当前SDN中控制器与交换机之间实际的通信标准,为网络管理和科研人员提供了许多新的视角。但是,OpenFlow也带来了许多新的问题,比如,如何设计网络编程语言,如何确定数据流的控制粒度,如何进行数据流测量,如何进行网络虚拟化,如何将SDN网络与传统网络进行结合。如何对规则进行管理是解决上述所有问题的关键环节。例如,如何进行数据流测量其实就是在网络资源约束条件下合理地部署测量规则。本文首先对软件定义网络中规则管理问题的研究背景和挑战进行归纳总结,然后围绕如何在流表资源有限的条件下如何进行规则放置问题进行了深入研究,具体内容如下:1).对软硬件SDN交换机构成的组合SDN转发节点的时延上限进行了理论分析。组合SDN转发节点是解决硬件SDN交换机流表空间不足的重要方法之一。在组合转发节点中,软件交换机和硬件交换机的各自的特点和它们之间的协作流程决定了在硬件交换机中命中规则的数据流的时延必然比其余数据流的时延低。为了能够对经过组合转发节点的时延上限进行定量分析,作者首先提出了组合SDN转发节点的理论模型,然后根据进入组合SDN转发节点所有数据流的累积到达过程,利用网络演算的相关定理,如输出定理,剩余服务定理,时延上限定理等,分析了经过组发转发节点的数据流在最差情况下的分组时延。在NS-3环境下进行仿真实验,结果表明作者根据根据网络演算得到的时延上限的理论值与仿真值极为接近,并且揭示了组合转发节点中软件交换机数量与规则放置方案对各通道时延上限的影响规律。2).提出了适用于组合SDN转发节点的基于遗传的规则放置算法。在组合SDN转发节点中,由于硬件交换机中流表空间有限,所以只有部分数据流可以经由快速通道进行转发,并且由成果1可知任意数据流的通道选择都会影响所有数据流的时延上限。为了保障数据流在组合SDN转发节点的时延需求,作者首先定义了时延满意度,用于衡量规则放置方法达到的时延保障水平,其次对组合SDN转发节点中的规则放置问题进行形式化描述,并证明该问题是NP难问题,然后基于遗传的规则放置算法对该问题进行求解,实验表明与另外三种算法相比,所提算法能够获得更高的时延满意度。3).提出了基于时空联合的规则放置算法。除采用类组合SDN转发节点的方法增大交换机流表空间外,提高流表的利用效率也是克服流表空间不足的重要手段。OpenFlow的超时机制和通配符匹配机制可以分别从时间和空间上调整规则对流表的占用,为解决交换机的流表资源有限问题提供了有效的解决途径。利用超时机制或者通配符匹配机制,研究人员提出了许多能够有效提高规则命中率的规则放置算法。但是,这些已有的规则放置算法都仅采用一种机制进行性能优化,不能充分提高规则命中率,并且在应用范围方面都存在一定的局限性。为此,作者首先对联合采用超时机制和通配符匹配机制的规则放置问题进行形式化描述,然后针对该问题提出了基于时空联合的规则放置算法,综合考虑规则在流表中的逗留时间和规则的匹配空间,确定规则的放置方案。实验结果表明,所提算法产生的规则放置方案能够有效提高规则命中率,降低分组拒绝率。4).提出了一个基于SDN的网络虚拟化架构。网络虚拟化可以为每个网络租赁者灵活地提供独立的网络拓扑和自主的网络管理权限。软件定义网络,尤其是OpenFlow,提供了开放的底层物理网络抽象接口,提高了网络的可编程性。基于SDN的网络虚拟化架构能够结合二者的优势,进一步加快网络发展。尽管在SDN环境下进行网络虚拟化已经取得了许多成果,但是如何设计基于SDN的网络虚拟化架构仍然是一个开放性问题。作者首先对基于SDN的网络虚拟化架构的需求进行分析,其次提出了一个基于SDN的网络虚拟化架构,SDNVA。在SDNVA中,通过对OpenDayLight控制器进行扩展,实现了网络虚拟化组件;结合OpenFlow交换机对多级流表的支持,提出了虚拟管线机制,并扩展至组合SDN转发节点中;提出了分别针对物理网络和虚拟网络的自治管理机制。最后在SDNVA的原型系统中验证了虚拟化组件对资源的隔离,以及虚拟网络对物理网络变化的感知。
[Abstract]:The traditional network rigid architecture has brought great challenges to network management and innovation research. Therefore, a number of network innovations have been proposed by the academia and industry. The United States Department of Defense advanced research project proposed an active network in 1990. Its basic idea is to carry the custom code in the transmission process, and the network equipment is passed. At the same time, the OpenSig organization proposes to open programming interfaces on network devices and allow service providers to use middleware (such as COBAR) to control the network.ForCES, PCEP and RCP propose a.4D architecture for routing protocol control plane and data plane separation scheme, SANE and Ethane proposed. Software-Defined Networking (SDN) has become an important achievement for people to introduce white box planning ideas into the network. In SDN, the function of the network switch is very simple, only responsible for data forwarding. The control functions of all switches are logically centralized in the controller, and the network management is a great place. Network administrators do not need to set up the network equipment one by one according to the change of network state, only need to be controlled. .SDN, a high-level strategy with dynamic response on the device, has a great impetus for network innovation. By programming on the controller, researchers can quickly deploy new network functions,.OpenFlow, and take into account the complexity of the SDN network fully programmable and the actual department, so that the SDN is transformed from the theory to the reality.Op EnFlow protocol has become the actual communication standard between controllers and switches in current SDN and provides a lot of new perspectives for network management and researchers. However, OpenFlow has also brought many new problems, such as how to design network programming language, how to determine the control granularity of data flow, how to measure data flow, and how to get into the data flow Network virtualization, how to combine the SDN network with the traditional network. How to manage the rules is the key link to solve all the problems mentioned above. For example, how to conduct data flow measurement is actually a reasonable deployment of measurement rules under the constraints of network resources. The background and challenge are summarized, and then how to carry on the problem of rule placement under the limited resources of the flow meter is deeply studied. The specific contents are as follows: 1) the time delay upper limit of the combined SDN forwarding node composed of the hardware and software SDN switches is theoretically analyzed. The combination of SDN forwarding nodes is the solution to the hardware SDN switching. One of the most important methods of insufficient flow table space. In a combined forwarding node, the respective characteristics of the software switch and the hardware switch and the cooperation flow between them determine that the time delay of the data flow of the hit rule in the hardware switch is necessarily lower than that of the rest of the data stream. The upper limit is quantified. The author first proposes a theoretical model of the combined SDN forwarding node. Then, according to the cumulative arrival process of all data streams in the SDN forwarding node, the correlation theorems of the network calculus, such as the output theorem, the residual service theorem and the delay on the delay, are used to analyze the data flow through the forwarding nodes. In the worst case, the packet delay is simulated in the NS-3 environment. The results show that the theoretical value of the time delay upper limit obtained according to the network calculus is very close to the simulation value, and the effect of the number of software switches and the rule placement scheme on the upper limit of the delay of each channel in the combined forwarding node is revealed. A suitable method is proposed. A genetic based rule placement algorithm for combining SDN forwarding nodes. In a combined SDN forwarding node, because the flow table space in a hardware switch is limited, only a portion of the data stream can be forwarded via a fast channel, and the channel selection of any data stream can affect the upper limit of the delay of all data streams by results 1. In order to guarantee the delay requirement of the data flow in the combined SDN forwarding node, the author first defines the time delay satisfaction, which is used to measure the level of time delay guaranteed by the rule placement method. Secondly, the formal description of the rule placement problem in the combined SDN forwarding node is described, and it is proved that the problem is a NP difficult problem and then is placed based on the genetic rules. The method is used to solve this problem. The experiment shows that compared with the other three algorithms, the proposed algorithm can obtain higher delay satisfaction.3. A rule placement algorithm based on spatio-temporal joint is proposed. Besides the use of class combination SDN forwarding nodes to increase the flow table space of the switch, the utilization efficiency of the high flow table is also overcome the shortage of the flow table space. The important means of.OpenFlow's timeout mechanism and wildcard matching mechanism can adjust the occupancy of regular convective table respectively from time and space. It provides an effective solution to solve the problem of the limited flow table resource. By using the timeout mechanism or the matching mechanism of wildcards, the researchers have proposed many effective measures to improve the rules. However, these existing rule placement algorithms use only one mechanism to optimize the performance, which can not fully improve the rule hit rate, and there are some limitations in the scope of application. For this reason, the author first puts the problem of rules placement on the combination of timeout mechanism and wildcard matching mechanism. By formal description, a rule placement algorithm based on time and space is proposed, which considers the time of stay and the matching space of rules in the flow table, and the placement scheme of rules is determined. The experimental results show that the rule placement scheme produced by the proposed algorithm can effectively improve the rule hit rate and reduce the rejection of the packet. .4). A network virtualization architecture based on SDN is proposed. Network virtualization provides an independent network topology and independent network management authority for each network leaseholder. Software definition network, especially OpenFlow, provides an open underlying physical network pumping interface, which improves the network programmability. SDN The network virtualization architecture can combine the advantages of the two to further accelerate the development of the network. Although many achievements have been made in the network virtualization in the SDN environment, how to design the network virtualization architecture based on SDN is still an open question. The author first divides the requirements of the network virtualization architecture based on SDN. Secondly, a network virtualization architecture based on SDN is proposed. In SDNVA, the network virtualization component is realized by extending the OpenDayLight controller in SDNVA. The virtual pipeline mechanism is proposed and extended to the combined SDN forwarding node with the support of the OpenFlow switch to the multilevel flow table, and it is proposed for the physical network respectively. And the autonomous management mechanism of virtual network. Finally, in the prototype system of SDNVA, the isolation of the virtualized components to the resources and the perception of the physical network changes by the virtual network are verified.
【学位授予单位】：北京邮电大学
【学位级别】：博士
【学位授予年份】：2017
【分类号】：TP393.0

【相似文献】