[0023] In order to solve the following problems in the prior art: under the SDN solution with complete separation of control/forwarding, there is no method to find out whether there is a loop in the network outside the controller domain. Once a loop occurs, a broadcast storm will cause the network to be paralyzed; the present invention provides A detection method, device, and controller for a controller network loop are provided. The following describes the present invention in further detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, but do not limit the present invention.
[0024] The first embodiment of the present invention provides a method for detecting a controller network loop. The process of the method is as follows figure 2 As shown, steps S202 to S206 are included:
[0025] S202: The controller sends a detection message with predetermined characteristics to the switch, so that the switch broadcasts the detection message at the access port of the device outside the domain;
[0026] S204: When the controller receives a message from the switch, the controller judges whether the message has predetermined characteristics;
[0027] S206: In the case that the message has a predetermined characteristic, the controller determines that a loop occurs in the external network of the controller.
[0028] The embodiment of the present invention sets a loop detection mechanism on the controller side to send a detection message with predetermined characteristics to the switch, so that the switch broadcasts the detection message. If the controller receives a message from the switch, and the message If it also has a predetermined feature, it is determined that a loop occurs in the external network of the controller, and then the loop can be determined according to the relevant information of the received message. The detection result is accurate, and the following problems in the prior art are solved: Under the completely separated SDN solution with forwarding, there is no way to find out whether there is a loop in the network outside the controller domain. Once a loop occurs, the broadcast storm will cause the network to be paralyzed.
[0029] Under normal circumstances, you need to set a time for the controller to wait to receive the return message from the switch, instead of endless waiting. When setting, you can set the time according to the time when the device farthest from the controller can return the message Waiting time, but loops generally occur on the switch side. If a loop occurs, the time to receive packets will be far less than the set waiting time. In specific implementation, the controller determines whether the message returned by the switch is received within the first predetermined time interval (waiting time); upon receiving the message, the controller determines whether the message has predetermined characteristics.
[0030] When the controller sends a detection message, the user can trigger the controller to send a detection message with predetermined characteristics to the switch once, that is, when the user wants to detect whether the system has a loop or not, the function will be triggered; of course, It may also be that the system automatically performs loop detection, and the controller periodically sends a detection message with a predetermined characteristic to the switch at a second predetermined time interval. The foregoing second predetermined time interval can be set to be relatively short, such as 30 minutes, 1 hour, etc., of course, it can also be set for a long time, for example, 1 day, 10 days, etc.
[0031] If the second predetermined time interval is set to be relatively long, the current detection cycle does not receive the packet returned by the switch within the first predetermined time interval, and the next detection cycle has not yet started, there will still be a loop generation Therefore, during this period of time, the controller records the number of host migration events of devices outside the domain at the third predetermined time interval. Of course, the migration location and migration time of the host migration time are included in the host migration event, and the emphasis is here. Number of statistics. Subsequently, the controller determines whether the number of host migration events is greater than the predetermined migration threshold of the external domain device in the third predetermined time interval, and when the number of host migration events is greater than the predetermined migration threshold, the controller determines that the controller’s external network has occurred Loop.
[0032] If no message is received or the received message does not have predetermined characteristics, the controller determines that no loop occurs in the controller's external network.
[0033] For example, through the above detection method, you can determine figure 1 Which of the Node ports has a loop, and then solve the problem.
[0034] The second embodiment of the present invention provides a detection device for a controller network loop. The structure of the device is shown as follows: image 3 Shown, including:
[0035] The sending module 10 is used to send the detection message with predetermined characteristics to the switch, so that the switch broadcasts the detection message at the access port of the device outside the domain; the feature judgment module 11 is coupled with the sending module 10 and is used to receive the detection message in the controller In the case of a message from the switch, it is determined whether the message has a predetermined characteristic; the determining module 12, coupled with the characteristic determining module 11, is used to determine that a loop occurs in the external network of the controller when the message has a predetermined characteristic.
[0036] Wherein, the characteristic judgment module 11 is specifically configured to judge whether the packet has a predetermined characteristic when the controller determines that the packet returned by the switch is received within the first predetermined time interval.
[0037] When implemented, the sending module 10 is further configured to periodically send a detection message with a predetermined characteristic to the switch according to a second predetermined time interval. When the sending module 10 periodically sends detection messages, it is equivalent to the controller automatically performing loop detection, providing a loop detection mechanism in an automatic state without manual operation. The foregoing second predetermined time interval can be set to be relatively short, such as 30 minutes, 1 hour, etc., of course, it can also be set for a long time, for example, 1 day, 10 days, etc.
[0038] If the second predetermined time interval is set to be relatively long, the current detection cycle does not receive the packet returned by the switch within the first predetermined time interval, and the next detection cycle has not yet started, there will still be a loop generation risk.
[0039] Therefore, when this embodiment is implemented, the determining module 12 may also be provided with a preferred structure, which is schematically shown as Figure 4 As shown, it includes: a recording unit 121, which is used to record host migration events of devices outside the domain at a third predetermined time interval when the packet returned by the switch is not received in the current detection cycle and the next detection cycle has not yet started. The number of times; the number of times judging unit 122, coupled with the recording unit 121, is used for judging whether the number of host migration events is greater than the predetermined migration threshold of the external device in the third predetermined time interval; the determining unit 123, coupled with the number of times judging unit 122, is used for In the case that the number of host migration events is greater than the predetermined migration threshold, it is determined that a loop occurs in the external network of the controller.
[0040] When implemented, the determining module 12 is also used to determine that there is no loop in the external network of the controller when no message is received or the received message does not have predetermined characteristics.
[0041] The third embodiment of the present invention also provides a controller, which includes the controller network loop detection device in the second embodiment described above. Those skilled in the art can know how to install the above-mentioned detection device in the controller based on the above description, which will not be repeated here.
[0042] In order to be able to detect loops in the network in time to avoid serious impact on the entire network, a monitoring mechanism needs to be provided. The fourth embodiment of the present invention provides a method for detecting loops in a controller network so that they can appear in the network. When looping, the user can be notified in time to check the network connection and configuration, and the port in question can be automatically closed to eliminate the loop. This mechanism is the loop monitoring mechanism. When a loop occurs in the network, the loop monitoring mechanism sends an alarm message (trap) to notify the user; at the same time, when a loop occurs on the port, the protection strategy can be selected according to the protection strategy configured by the user in advance.
[0043] In implementation, the controller receives a broadcast message sent by the controller at any time and at any access (ACCESS) port, that is, it can be considered that a loop has occurred, and the controller should generate a severe alarm and specify the specific port , The administrator is responsible for processing or performing necessary protection actions (for example, down a port, or perform speed limit operations on a port). The detection method of the controller network loop of this embodiment is as follows Figure 5 As shown, steps S501 to S507 are included.
[0044] S501: Issue a matching rule to a switch, the rule may include the destination MAC, source MAC, and characteristic fields carried in the payload of the message (issued to all switches in the domain).
[0045] S502: The controller periodically sends out a detection message, which is sent to the switch through PktOut, and the switch broadcasts a characteristic message on the ACCESS port.
[0046] S503: The switch sends the packet to the controller through PktIn according to the matching rule.
[0047] S504: The controller parses the PktIn message and performs loop detection judgment to determine whether a loop has occurred, that is, whether the PktIn message is a detection message sent by the controller itself. If it is a detection message sent by itself, execute S505; otherwise, execute S507.
[0048] S505: Confirm that a loop occurs in the external network of the controller.
[0049] S506, if a loop occurs, the controller can report an alarm to the network manager, or through the controller, inform the switch to implement a predetermined protection strategy (such as shutting down the port; prohibiting port MAC learning; limiting port speed).
[0050] S507: Confirm that no loop occurs, wait for the next detection cycle to arrive, and return to S501 to repeat the execution. Here you can set the time interval for sending detection messages in each detection cycle. The default time interval is 30s. According to the pressure of the controller, the time interval for sending detection messages can be flexibly set to avoid load.
[0051] Of course, this embodiment sets up an automatic detection process. Therefore, after the S507 process, it returns to S501 and continues to wait for the next detection cycle to arrive. However, if the repeated detection cycle is not set, the detection can be performed only according to user needs. Set an active detection switch and turn on the active detection switch when you need to detect.
[0052] When the above steps are implemented in detail, the controller sends the flow table to request the switch to match the specified characteristics to send the message, and periodically actively sends the broadcast detection message on the Access port (L2 port, L3 port, etc.), and receives the sent controller The sent detection message is judged as a loop occurrence.
[0053] If the time interval of the above detection message is set to be longer, the next detection cycle will come later. Therefore, the detection message sent in the current detection cycle does not receive the message returned by the switch, and the next detection cycle When it has not yet arrived, a supplementary detection mechanism is needed, that is, monitoring host migration events in the controller network domain, that is, judging whether the host frequently migrates or whether the ACCESS port receives the message sent by the device. In this process, the recent migration records of a certain number of hosts are recorded, including the online location and time stamp. For hosts whose migration frequency is greater than a certain threshold, a loop is considered to occur, and a trap alarm or notification can be generated.
[0054] Although the preferred embodiments of the present invention have been disclosed for illustrative purposes, those skilled in the art will realize that various improvements, additions and substitutions are also possible, and therefore, the scope of the present invention should not be limited to the above-mentioned embodiments.
