Traffic mirroring method, switch, controller, electronic device, and storage medium

By creating service bridges and traffic mirroring bridges in virtual switches and using the network controller to generate flow tables, the isolation between traffic mirroring services and customer services is achieved, solving the problem of traffic overload in the cloud network platform and ensuring the normal operation of mirroring services and customer services under high traffic conditions.

CN118921379BActive Publication Date: 2026-06-23CHINA TELECOM CORP LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA TELECOM CORP LTD
Filing Date
2024-06-14
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

In cloud network platforms, existing traffic mirroring methods can easily cause network traffic to exceed the capacity of business network cards or network element servers, resulting in the traffic mirroring service failing to operate normally.

Method used

By creating service bridges and traffic mirroring bridges in virtual switches, and using the network controller to generate and distribute flow tables, the isolation between traffic mirroring services and customer services is achieved. Mirroring operations are performed using separate traffic mirroring bridges, network interface cards (NICs), and switches.

Benefits of technology

Under high traffic conditions, this ensures that traffic mirroring services and customer services do not interfere with each other, guaranteeing normal operation and improving the rationality of the traffic mirroring process.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN118921379B_ABST
    Figure CN118921379B_ABST
Patent Text Reader

Abstract

The embodiment of the application provides a traffic mirroring method, a switch, a controller, an electronic device and a storage medium. The traffic mirroring method comprises the following steps: a virtual switch receives a first flow table issued by a network controller through a service bridge, and obtains first mirror network traffic by copying network traffic of a mirror source according to the first flow table, and forwards the first mirror network traffic to a traffic mirror bridge; the virtual switch receives the first mirror network traffic sent by the service bridge through the traffic mirror bridge, receives a second flow table issued by the network controller through the traffic mirror bridge, filters second mirror network traffic from the first mirror network traffic according to the second flow table, and forwards the second mirror network traffic to a traffic mirror switch through a traffic mirror network card. In the embodiment of the application, the isolation between the traffic mirroring service and the customer service is realized, the traffic mirroring service and the user service do not affect each other, and the rationality of the traffic mirroring process is improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of communication technology, and in particular to a traffic mirroring method, a switch, a controller, an electronic device, and a storage medium. Background Technology

[0002] Traffic mirroring is a network traffic processing technology that works by copying real online traffic to a mirror service using specific configurations. Traffic mirroring can provide detailed analysis of traffic data for various scenarios such as security auditing, intrusion detection, and business analysis without affecting online services.

[0003] In cloud network platforms, whether public or private, traffic mirroring involves mirroring network traffic from the service network interface card (NIC) to a network element server. The network traffic is then aggregated on the network element server before being sent to the customer's virtual machine. However, this method can lead to situations where network traffic exceeds the capacity of the service NIC or network element server, causing the traffic mirroring service to malfunction. Summary of the Invention

[0004] In view of the above problems, this application proposes a traffic mirroring method, switch, controller, electronic device and storage medium to improve the rationality of the traffic mirroring process and ensure the normal operation of traffic mirroring services.

[0005] According to one aspect of an embodiment of this application, a traffic mirroring method is provided, applied to a virtual switch, wherein the virtual switch interacts with a network controller, and a service bridge and a traffic mirroring bridge are created in the virtual switch; the method includes:

[0006] The service bridge receives the first flow table issued by the network controller, replicates the network traffic of the mirror source according to the first flow table to obtain the first mirror network traffic, and forwards the first mirror network traffic to the traffic mirroring bridge.

[0007] The traffic mirroring bridge receives the first mirrored network traffic sent by the service bridge, and receives the second flow table issued by the network controller through the traffic mirroring bridge. Based on the second flow table, the second mirrored network traffic is filtered out from the first mirrored network traffic, and the second mirrored network traffic is forwarded to the traffic mirroring switch via the traffic mirroring network card.

[0008] Optionally, obtaining first mirrored network traffic by copying the network traffic of the mirror source according to the first flow table, and forwarding the first mirrored network traffic to the traffic mirroring bridge, includes: obtaining first mirrored network traffic by copying the network traffic of the mirror source according to the mirror source information and mirroring action type contained in the first flow table; and forwarding the first mirrored network traffic to the traffic mirroring bridge according to the transmission port information contained in the first flow table.

[0009] Optionally, before receiving the first flow table issued by the network controller through the service bridge, the method further includes: creating a port for interconnection between the service bridge and the traffic mirroring bridge.

[0010] Optionally, filtering out second mirror network traffic from the first mirror network traffic according to the second flow table, and forwarding the second mirror network traffic to the traffic mirroring switch via the traffic mirroring network card, includes: filtering out second mirror network traffic from the first mirror network traffic according to the filtering conditions contained in the second flow table; and forwarding the second mirror network traffic to the traffic mirroring switch via the traffic mirroring network card according to the mirroring destination information contained in the second flow table.

[0011] Optionally, after forwarding the first mirrored network traffic to the traffic mirroring bridge, the method further includes: deleting the first flow table; after forwarding the second mirrored network traffic to the traffic mirroring switch via the traffic mirroring network card, the method further includes: deleting the second flow table.

[0012] Optionally, before receiving the first flow table issued by the network controller through the service bridge, the method further includes: configuring the service network traffic forwarding priority and the mirror network traffic forwarding priority in the service bridge, wherein the service network traffic forwarding priority is higher than the mirror network traffic forwarding priority.

[0013] According to another aspect of the embodiments of this application, a traffic mirroring method is provided, applied to a network controller, wherein the network controller interacts with a virtual switch, and a service bridge and a traffic mirroring bridge are created in the virtual switch; the method includes:

[0014] A first flow table corresponding to the traffic mirroring service is generated, and the first flow table is sent to the service bridge. The first flow table is used to instruct the service bridge to copy the network traffic of the mirror source to obtain the first mirror network traffic, and forward the first mirror network traffic to the traffic mirroring bridge.

[0015] A second flow table corresponding to the traffic mirroring service is generated and sent to the traffic mirroring bridge. The second flow table is used to instruct the traffic mirroring bridge to filter out the second mirroring network traffic from the first mirroring network traffic and forward the second mirroring network traffic to the traffic mirroring switch via the traffic mirroring network card.

[0016] Optionally, generating a first flow table corresponding to the traffic mirroring service includes: generating the first flow table corresponding to the traffic mirroring service when the traffic mirroring service starts; generating a second flow table corresponding to the traffic mirroring service includes: generating the second flow table corresponding to the traffic mirroring service when the traffic mirroring service starts.

[0017] Optionally, the method further includes: deleting the first flow table and the second flow table after the traffic mirroring service ends.

[0018] According to another aspect of the embodiments of this application, a virtual switch is provided, which interacts with a network controller, and creates service bridges and traffic mirroring bridges in the virtual switch; the virtual switch includes:

[0019] The first processing module is used to receive the first flow table issued by the network controller through the service bridge, and obtain the first mirror network traffic by copying the network traffic of the mirror source according to the first flow table, and forward the first mirror network traffic to the traffic mirroring bridge.

[0020] The second processing module is used to receive the first mirrored network traffic sent by the service bridge through the traffic mirroring bridge, and to receive the second flow table issued by the network controller through the traffic mirroring bridge. Based on the second flow table, the second mirrored network traffic is filtered out from the first mirrored network traffic, and the second mirrored network traffic is forwarded to the traffic mirroring switch via the traffic mirroring network card.

[0021] Optionally, the first processing module includes: a copying unit, configured to copy the network traffic of the mirror source to obtain the first mirror network traffic according to the mirror source information and mirror action type contained in the first flow table; and a first forwarding unit, configured to forward the first mirror network traffic to the traffic mirroring bridge according to the transmission port information contained in the first flow table.

[0022] Optionally, the virtual switch further includes a creation module for creating ports for interconnection between the service bridge and the traffic mirroring bridge.

[0023] Optionally, the second processing module includes: a filtering unit, configured to filter out second mirror network traffic from the first mirror network traffic according to the filtering conditions contained in the second flow table; and a second forwarding unit, configured to forward the second mirror network traffic to the traffic mirroring switch via the traffic mirroring network card according to the mirroring destination information contained in the second flow table.

[0024] Optionally, the virtual switch further includes: a first deletion module, configured to delete the first flow table after the first processing module forwards the first mirror network traffic to the traffic mirroring bridge; and a second deletion module, configured to delete the second flow table after the second processing module forwards the second mirror network traffic to the traffic mirroring switch via the traffic mirroring network card.

[0025] Optionally, the virtual switch further includes a configuration module for configuring the service network traffic forwarding priority and the mirror network traffic forwarding priority in the service bridge, wherein the service network traffic forwarding priority is higher than the mirror network traffic forwarding priority.

[0026] According to another aspect of the embodiments of this application, a network controller is provided that interacts with a virtual switch, wherein a service bridge and a traffic mirroring bridge are created in the virtual switch; the network controller includes:

[0027] The first generation module is used to generate a first flow table corresponding to the traffic mirroring service, send the first flow table to the service bridge, and the first flow table is used to instruct the service bridge to copy the network traffic of the mirror source to obtain the first mirror network traffic and forward the first mirror network traffic to the traffic mirroring bridge.

[0028] The second generation module is used to generate a second flow table corresponding to the traffic mirroring service, and send the second flow table to the traffic mirroring bridge. The second flow table is used to instruct the traffic mirroring bridge to filter out the second mirroring network traffic from the first mirroring network traffic, and forward the second mirroring network traffic to the traffic mirroring switch via the traffic mirroring network card.

[0029] Optionally, the first generation module is specifically used to generate a first flow table corresponding to the traffic mirroring service when the traffic mirroring service starts; the second generation module is specifically used to generate a second flow table corresponding to the traffic mirroring service, including: generating the second flow table corresponding to the traffic mirroring service when the traffic mirroring service starts.

[0030] Optionally, the network controller further includes a third deletion module, configured to delete the first flow table and the second flow table after the traffic mirroring service ends.

[0031] According to another aspect of the embodiments of this application, an electronic device is provided, the electronic device including a processor and a computer-readable storage medium storing a computer program thereon; when the computer program is executed by the processor, the processor causes the processor to perform the traffic mirroring method as described in any of the preceding claims.

[0032] According to another aspect of the embodiments of this application, a computer-readable storage medium is provided, on which a computer program is stored, which, when executed by a processor, causes the processor to perform the traffic mirroring method as described in any of the preceding claims.

[0033] In this embodiment, the virtual switch interacts with the network controller, creating a service bridge and a traffic mirroring bridge within the virtual switch. The virtual switch receives a first flow table from the network controller via the service bridge, replicates the network traffic from the mirror source according to the first flow table to obtain first mirrored network traffic, and forwards the first mirrored network traffic to the traffic mirroring bridge. The virtual switch also receives the first mirrored network traffic from the service bridge via the traffic mirroring bridge, and receives a second flow table from the network controller via the traffic mirroring bridge. Based on the second flow table, it selects second mirrored network traffic from the first mirrored network traffic and forwards the second mirrored network traffic to the traffic mirroring switch via the traffic mirroring network interface card (NIC). Therefore, in this embodiment, by using separate traffic mirroring bridges, traffic mirroring NICs, and traffic mirroring switches for traffic mirroring services, isolation between traffic mirroring services and customer services is achieved. This ensures that traffic mirroring services and user services do not interfere with each other, guaranteeing the normal and smooth operation of both traffic mirroring services and customer services under high traffic conditions, and improving the rationality of the traffic mirroring process.

[0034] The above description is only an overview of the technical solution of this application. In order to better understand the technical means of this application and to implement it in accordance with the contents of the specification, and to make the above and other objects, features and advantages of this application more obvious and understandable, the following are specific embodiments of this application. Attached Figure Description

[0035] To more clearly illustrate the technical solutions of the embodiments of this application, the drawings used in the description of the embodiments of this application will be briefly introduced below. Obviously, the drawings described below are only some drawings of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0036] Figure 1 This is a network architecture diagram according to an embodiment of this application.

[0037] Figure 2 This is a control plane architecture diagram according to an embodiment of this application.

[0038] Figure 3 This is an application environment architecture diagram according to an embodiment of this application.

[0039] Figure 4 This is a flowchart illustrating the steps of a traffic mirroring method according to an embodiment of this application.

[0040] Figure 5 This is a flowchart illustrating the steps of another traffic mirroring method according to an embodiment of this application.

[0041] Figure 6 This is a structural block diagram of a virtual switch according to an embodiment of this application.

[0042] Figure 7 This is a structural block diagram of a network controller according to an embodiment of this application.

[0043] Figure 8 This is a structural block diagram of an electronic device according to an embodiment of this application.

[0044] Figure 9 This is a structural block diagram of a computer-readable storage medium according to an embodiment of this application. Detailed Implementation

[0045] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0046] In related technologies, within cloud network platforms, whether public or private, traffic mirroring involves mirroring network traffic from the service network interface card (NIC) to a network element server. The network traffic is then aggregated on the network element server before being sent to the customer's virtual machine. However, this method presents several problems when network traffic is high: First, when the service network traffic of the cloud host exceeds 50% of the NIC's capacity, the NIC copies this traffic as mirrored traffic, causing the total network traffic to exceed the NIC's capacity, resulting in packet loss. Second, since mirrored network traffic is aggregated on the network element server, and since only a limited number of network element servers are deployed, exceeding their capacity can lead to the server being unable to process the mirrored traffic properly, causing service failures.

[0047] To address the aforementioned issues, this application proposes to implement traffic mirroring services through traffic mirroring bridges, traffic mirroring network cards, and traffic mirroring switches. This isolates traffic mirroring services from customer services, ensuring that under high traffic conditions, traffic mirroring services and customer services do not interfere with each other, thus guaranteeing the normal and smooth operation of both services.

[0048] The traffic mirroring method in this application can be applied to traffic mirroring processes in private or public clouds, and its beneficial effects are particularly pronounced in large network traffic scenarios. For example, in private clouds, especially for financial clients, the traffic mirroring method in this application can produce more significant beneficial effects.

[0049] First, the application environment of the embodiments in this application will be introduced.

[0050] The embodiments in this application can be applied to cloud network platforms.

[0051] The cloud network platform supports multi-AZ (Availability Zone) resource deployment, ultra-large cluster scale, and hardware-software collaboration. Its core resource pool capabilities meet the demands of providing ultra-large-scale, high-performance, secure, and reliable cloud services.

[0052] The cloud network platform boasts ultra-large-scale resource pool management and scheduling capabilities, supporting ultra-large-scale data center networking and multi-AZ architecture deployment. It possesses the ability to manage resource pool networks with a large number of nodes, with a single AZ supporting a large number of servers and a region scale that is several times larger, reaching industry-leading levels. It meets diverse business needs of enterprises.

[0053] The cloud network platform has been fully productized, commercialized, and deployed on the live network. As an independently controllable cloud foundation, it provides a high-performance, highly available, and highly reliable basic cloud network foundation.

[0054] The cloud network platform is a distributed network platform that supports platform-based network elements, provides rich APIs (Application Program Interfaces), supports high customization, is transparent to all business processes, can quickly converge faults, provides extreme performance, and has a fully redundant and disaster recovery architecture to provide customers with a highly reliable and available platform.

[0055] The cloud network platform offers a variety of segmented network products for different scenarios, including VPC (Virtual Private Cloud), subnets, routing, security groups, load balancing, NAT (Network Address Translation) gateways, VPN (Virtual Private Network) connections, peering connections, and leased line access.

[0056] In cloud network platforms, VPC products achieve multi-tenant isolation through overlay technology, helping users build dedicated cloud network spaces and achieve logical isolation between different private networks. Within a VPC network, users can plan and use cloud resources as if they were using their own data center, dividing different network segments, flexibly configuring routes, and accessing the Internet through Elastic IP (Internet Protocol) or NAT gateways.

[0057] The cloud network platform's network products enable connectivity between multiple VPCs in the cloud via peering or high-speed inter-cloud connections. It also solves the interoperability problem between local IDCs (Internet Data Centers) and multiple VPCs in the cloud through dedicated lines and VPN connections, helping customers easily build hybrid clouds. The cloud network platform boasts high adaptability, supporting various forwarding plane devices and multiple southbound protocols: northbound interfaces for OpenFlow (a network communication protocol at the data link layer that controls the forwarding plane of network switches or routers, thereby changing the network path of network packets), NETCONF (Network Configuration Protocol), SSH (Secure Shell), etc. Southbound interfaces are independent modules, facilitating modification.

[0058] Reference Figure 1 This diagram illustrates a network architecture according to an embodiment of this application. It should be noted that... Figure 1 The network architecture shown is for illustrative purposes only and is not intended to limit the embodiments of this application. In practical applications, there may be more or fewer network elements.

[0059] like Figure 1 As shown, virtual networks can be divided into the following layers:

[0060] The first layer is the cloud functional area (equivalent to...) Figure 1The cloud functionality portion of this area is responsible for accessing external networks, including external network traffic, NAS (Network Attached Storage) traffic, leased POPs (Point of Presence), high-speed cloud-to-cloud devices, VPN devices, etc., and can utilize multi-active access. Network elements deployed in this area include AGW (Access Gateway), SGW (Serving Gateway), VPNGW (Virtual Private Network Gateway), and DCGW (Data Center Gateway). AGW is responsible for publishing public network CIDR (Classless Inter-Domain Routing), and SGW is responsible for rate limiting. The network elements in the cloud functionality area are deployed in a distributed cluster.

[0061] The second layer is the network element service area (equivalent to...). Figure 1 The network element service area (within the network element service area) provides tenants with Layer 3 to Layer 7 network services, including leased lines, IGW (Internet Gateway), NAT gateways, VPN access, and LB (Load Balancer). The network elements in the network element service area are deployed in a distributed cluster.

[0062] The third layer is the resource access layer (equivalent to...). Figure 1 The AZ1 and AZ2 components are responsible for providing virtual network access services for VMs (Virtual Machines), containers, and bare metals. The network element types are DVRs (Digital Video Recorders) and SmartNICs (Smart Network Interface Controllers).

[0063] Figure 1 In this context, leaf represents a leaf node (such as a leaf switch), spine represents a spine node (such as a spine switch), Super-spine represents a super spine node, dci-leaf represents a data center interconnect leaf node, and b-leaf represents a b-leaf node.

[0064] Reference Figure 2 This diagram illustrates a control plane architecture according to an embodiment of this application. It should be noted that... Figure 2 The control plane architecture shown is for illustrative purposes only and is not intended to limit the embodiments of this application. In practical applications, there may be more or fewer network elements.

[0065] like Figure 2 As shown, the control plane architecture can be divided into the following layers:

[0066] Access Layer: Deploys VNET (Virtual Network) - API and access layer services (such as GoStone). Its functions include cloud network API access, authentication, authorization, rate limiting, and circuit breaking. External APIs connect through this layer. Currently, the rate limiting functionality provided includes interface-level and tenant-level rate limiting. Upstream components can interact with the access layer via HTTP (Hypertext Transfer Protocol). Upstream components can include Component 1, Component 2, Component 3 (e.g., Yacos, GoStack, Steel, etc.), and also the management backend. The access layer can interact with the service layer via HTTP.

[0067] The service layer is divided into three parts: monitoring, service governance, and business services. The business services are the core services, typically categorized by product, and include VPC, EIP (Elastic IP), LB, NAT, leased lines, internal DNS (Domain Name System), DTC (Data Transmission Control), and Inspector. The service governance part includes VNET service discovery, configuration center, VNET service deployment, and VNET OPS (Open Programmability System). The monitoring part is primarily responsible for ensuring service availability and data statistical reporting, including netprobe (network monitoring), network visualization, basic monitoring, and log monitoring. The service layer can interact with the storage layer via HTTP / Feign Client (virtual client).

[0068] Storage layer: Responsible for storing data storage services, including business data and runtime data. The storage layer can include caches (such as Redis clusters), relational databases (such as MySQL master-slave clusters), distributed clusters (such as Kafka clusters), search engine clusters (such as Elasticsearch clusters), key-value store clusters (such as etcd clusters, which is an open-source, distributed, and reliable key-value store system used for configuration sharing and service discovery), etc.

[0069] The control plane architecture splits the Neutron-server (central service) into two parts: server and manager. The server handles external API requests (mostly writes to the database), while the manager synchronizes data with various controllers on the compute nodes (mostly reads from the database). The manager is equipped with a two-level cache to ensure read performance. Each Availability Zone (AZ) deploys a group of managers to ensure access efficiency, fault isolation, and improved scalability within the AZ. The manager communicates with various controllers on the compute nodes via HTTP. Message queue nodes are functionally categorized as compute nodes, AGW nodes, IGW nodes, LB nodes, VPN nodes, and FW (Firewall) nodes, each deploying a corresponding type of controller. Controllers use a cache to store real-time data. This design is characterized by: business controllability, service scalability, high performance, full distribution, and support for a large number of business nodes.

[0070] The above Figure 1 The AZ1 and AZ2 parts, and Figure 2 The business service portion of this application may involve the traffic mirroring method in the embodiments of this application.

[0071] The concepts involved in traffic mirroring can include:

[0072] Mirror Source: An elastic network interface card (NIC) that needs to mirror network traffic;

[0073] Mirror Target: The elastic network interface card (NIC) that receives mirrored network traffic;

[0074] Traffic Mirror Session: The process of mirroring network traffic from a source to a destination based on specified filtering criteria;

[0075] Mirror Filter: Includes inbound and outbound rules, used to filter network traffic mirrored in a mirroring session;

[0076] Inbound and outbound rules: These include 5-tuple information and the action type of acquiring / not acquiring (i.e., mirroring / not mirroring). The 5-tuple information may include the mirror source address, mirror source port, mirror destination address, mirror destination port, and protocol type.

[0077] Reference Figure 3 This diagram illustrates an application environment architecture according to an embodiment of this application. The traffic mirroring method in this embodiment is applied to... Figure 3In the application environment architecture shown, it should be noted that... Figure 3 The application environment architecture shown is for illustrative purposes only and is not intended to limit the embodiments of this application. In actual applications, there may be more or fewer network elements.

[0078] like Figure 3 As shown, the application environment architecture may include: Virtual Machine 1, Virtual Machine 2, Service Bridge, Service Network Interface Card (NIC), Service Switch, Traffic Mirroring Bridge, Traffic Mirroring NIC, Traffic Mirroring Switch, and Traffic Analysis System. Service network traffic between Virtual Machine 1 and Virtual Machine 2 can be transmitted via the service bridge, service NIC, and service switch. Mirrored network traffic can be transmitted via the service bridge, traffic mirroring bridge, traffic mirroring NIC, traffic mirroring switch, and traffic analysis system. The aforementioned service bridge can be referred to as Bridge1, the traffic mirroring bridge as Bridge2, the service NIC as Aggregator NIC1, and the traffic mirroring NIC as Aggregator NIC2.

[0079] In this embodiment of the application, the above-mentioned [device] can be created in OVS (Open Vswitch, Virtual Switch). Figure 3 The OVS includes service bridges and traffic mirroring bridges. OVS can interact with the network controller, which can be an SDN (Software Defined Network) controller, etc.

[0080] The role of the SDN controller in traffic mirroring can include:

[0081] Separating the control plane and data plane: By separating the network's control plane from its data plane, the SDN controller enables flexible management and control of network traffic. In traffic mirroring, the SDN controller can centrally control network traffic, achieving fine-grained traffic identification and routing.

[0082] Programmable configuration: The SDN controller supports programmatic network configuration and management. In traffic mirroring, the SDN controller can dynamically adjust traffic mirroring policies and rules according to business needs, enabling real-time control of network traffic.

[0083] Standardized Interfaces: SDN controllers use standardized interfaces for communication and control, enabling seamless integration and interoperability of devices from different vendors. In traffic mirroring, this facilitates collaborative work and unified management of devices from multiple vendors.

[0084] The role of OVS in traffic mirroring can include:

[0085] Virtual Switch: OVS is a high-quality, multi-layer virtual switch that can be used to create virtual networks and enable information exchange between virtual machines. In traffic mirroring, OVS can act as a virtual switch, forwarding traffic that needs to be mirrored to specified target ports or devices.

[0086] Component Composition: OVS mainly consists of three parts: ovsdb-server (database server), ovs-vswitchd (core component), and ovs kernel module (kernel module). ovsdb-server stores the configuration information of the virtual switches; ovs-vswitchd is responsible for communicating with the upper-layer controller and processing data packets; and the ovs kernel module is responsible for handling packet switching and tunneling operations.

[0087] OpenFlow support: OVS supports the OpenFlow protocol, enabling communication and control with the SDN controller. This allows OVS to receive traffic mirroring policies and rules from the SDN controller and perform network traffic mirroring operations based on these policies and rules.

[0088] VXLAN (Virtual eXtensible Local Area Network) support: OVS also supports VXLAN technology, which can be used to build cross-domain clusters to share auditable and secure resource pools. In traffic mirroring, this helps to achieve cross-domain traffic mirroring and auditing.

[0089] In summary, the SDN controller and OVS work together in traffic mirroring. The SDN controller provides global network control and management capabilities, while OVS acts as a virtual switch to implement specific traffic forwarding and mirroring operations. Through the collaborative work of the SDN controller and OVS, fine-grained identification, routing, and mirroring of network traffic can be achieved, providing strong support for network security auditing and troubleshooting.

[0090] Reference Figure 4 The diagram illustrates a flowchart of a traffic mirroring method according to an embodiment of this application. Figure 4 The traffic mirroring method shown is applied to the network controller, which interacts with the virtual switch to create service bridges and traffic mirroring bridges within the virtual switch.

[0091] like Figure 4 As shown, the traffic mirroring method may include the following steps:

[0092] Step 401: The network controller generates a first flow table corresponding to the traffic mirroring service and sends the first flow table to the service bridge. The first flow table is used to instruct the service bridge to copy the network traffic of the mirror source to obtain the first mirror network traffic and forward the first mirror network traffic to the traffic mirroring bridge.

[0093] Network controllers can control the forwarding of traffic in a network by issuing flow tables to virtual switches. Flow tables in traffic mirroring are a crucial component of virtual switches used to implement traffic replication and forwarding. By configuring flow tables, it is possible to flexibly define which network traffic needs to be mirrored and how the mirrored network traffic is processed.

[0094] In this embodiment of the application, since a service bridge and a traffic mirroring bridge are created in the virtual switch, and the traffic mirroring service is divided into two bridges for execution, the network controller can issue flow tables to the service bridge and the traffic mirroring bridge respectively to instruct the service bridge and the traffic mirroring bridge to perform the corresponding operations.

[0095] In this embodiment, the network controller can generate a first flow table corresponding to the traffic mirroring service and send the first flow table to the service bridge. The first flow table is used to instruct the service bridge to copy the network traffic from the mirror source to obtain first mirrored network traffic, and to forward the first mirrored network traffic to the traffic mirroring bridge.

[0096] For example, the first flow table may include mirror source information, mirror action type, transmission port information, etc. The mirror source information may include the mirror source address and mirror source port; the mirror action type refers to the action type being mirroring; and the transmission port information may include the transmission port between the service bridge and the traffic mirroring bridge. Of course, the first flow table may also include other information, such as protocol type, etc., but this embodiment does not impose any limitations on this.

[0097] Step 402: The network controller generates a second flow table corresponding to the traffic mirroring service and sends the second flow table to the traffic mirroring bridge. The second flow table is used to instruct the traffic mirroring bridge to filter out the second mirroring network traffic from the first mirroring network traffic and forward the second mirroring network traffic to the traffic mirroring switch via the traffic mirroring network card.

[0098] In this embodiment, the network controller can generate a second flow table corresponding to the traffic mirroring service and send the second flow table to the traffic mirroring bridge. The second flow table instructs the traffic mirroring bridge to filter out second mirrored network traffic from the first mirrored network traffic and forward the second mirrored network traffic to the traffic mirroring switch via the traffic mirroring network interface card.

[0099] For example, the second flow table may include filtering conditions, mirror destination information, etc. The filtering conditions may include inbound and outbound rules. Inbound and outbound rules may include 5-tuple information and a capture / non-capture (i.e., mirror / non-mirror) action type. The 5-tuple information may include the mirror source address, mirror source port, mirror destination address, mirror destination port, and protocol type. The mirror destination information may include the mirror destination address and mirror destination port. Of course, the second flow table may also include other information; this embodiment does not limit this.

[0100] Reference Figure 5 The flowchart illustrates another traffic mirroring method according to an embodiment of this application. Figure 1 The traffic mirroring method shown is applied to a virtual switch, which interacts with the network controller to create service bridges and traffic mirroring bridges within the virtual switch.

[0101] like Figure 5 As shown, the traffic mirroring method may include the following steps:

[0102] Step 501: The virtual switch receives the first flow table issued by the network controller through the service bridge, and obtains the first mirror network traffic by copying the network traffic of the mirror source according to the first flow table, and forwards the first mirror network traffic to the traffic mirroring bridge.

[0103] After receiving the first flow table issued by the network controller through the service bridge, the virtual switch obtains the first mirror network traffic by copying the network traffic of the mirror source according to the first flow table, and forwards the first mirror network traffic to the traffic mirroring bridge.

[0104] In one optional implementation, the process of obtaining first mirrored network traffic by copying the network traffic of the mirror source according to the first flow table and forwarding the first mirrored network traffic to the traffic mirroring bridge may include: obtaining first mirrored network traffic by copying the network traffic of the mirror source according to the mirror source information and mirroring action type contained in the first flow table; and forwarding the first mirrored network traffic to the traffic mirroring bridge according to the transmission port information contained in the first flow table.

[0105] In this embodiment of the application, in order to realize the interaction between the service bridge and the traffic mirroring bridge, a port for interconnection between the service bridge and the traffic mirroring bridge can be created.

[0106] The process of creating interconnecting ports between the service bridge and the traffic mirroring bridge can be represented as follows, where bridge1 represents the service bridge and bridge2 represents the traffic mirroring bridge:

[0107] The command `ovs-vsctl add-br bridge2` creates a bridge named `bridge2`.

[0108] `ovs-vsctl add-port bridge2 patch-to-bridge2-in` adds an inline port to bridge2 named `patch-to-bridge2-in`.

[0109] ovs-vsctl set interface bridge2 type=patch options:peer=patch-to-bridge2-in;

[0110] Set the attribute of patch-to-bridge2-in to patch, and associate bridge2 with patch-to-bridge2-in.

[0111] `ovs-vsctl add-port bridge1 patch-to-bridge2-in` adds an inline port to bridge1 named `patch-to-bridge2-in`.

[0112] ovs-vsctl set interface patch-to-bridge2-in type=patch options:peer=bridge2;

[0113] Set the `patch-to-bridge2-in` property to `patch`, and associate `patch-to-bridge2-in` with `bridge2`.

[0114] `ovs-vsctl add-port bridge1 patch-to-bridge1-out` adds an inline port to bridge1 named `patch-to-bridge1-out`.

[0115] ovs-vsctl set interface bridge1 type=patch options:peer=patch-to-bridge1-out;

[0116] Set the `patch-to-bridge1-out` property to `patch`, and associate `bridge2` with `patch-to-bridge2-in`.

[0117] `ovs-vsctl add-port bridge1 patch-to-bridge1-out` adds an inline port to bridge1 named `patch-to-bridge1-out`.

[0118] The command `ovs-vsctl set interface patch-to-bridge1-out type = patch options:peer = bridge1;` sets the attribute of `patch-to-bridge1-out` to `patch`, thus associating `patch-to-bridge1-out` with `bridge1`.

[0119] For example, the first-order table can take the form of:

[0120] table=0, tcp, in_port=vxlan0, nw_src=3.3.3.28 actions=clone(output:patch_br1_to_br2)gototable: 10

[0121] In this table, `table` represents the flow table number, `tcp` (Transmission Control Protocol) represents the protocol type, `in_port` represents the inbound port number, `nw_src` represents the source IP address, `actions` represents the action type, `clone` represents the mirroring (i.e., copying) action, `br1` represents bridge1, and `br2` represents bridge2. This flow table means that traffic originating from IP address 3.3.3.28 will be copied and sent from bridge1 to bridge2 via the patch port.

[0122] Step 502: The virtual switch receives the first mirrored network traffic sent by the service bridge through the traffic mirroring bridge, and receives the second flow table issued by the network controller through the traffic mirroring bridge. Based on the second flow table, the virtual switch filters out the second mirrored network traffic from the first mirrored network traffic and forwards the second mirrored network traffic to the traffic mirroring switch via the traffic mirroring network card.

[0123] After receiving the first mirrored network traffic sent by the service bridge through the traffic mirroring bridge, and receiving the second flow table issued by the network controller through the traffic mirroring bridge, the virtual switch filters out the second mirrored network traffic from the first mirrored network traffic according to the second flow table, and forwards the second mirrored network traffic to the traffic mirroring switch via the traffic mirroring network card.

[0124] In one optional implementation, the process of filtering second mirrored network traffic from the first mirrored network traffic according to the second flow table, and forwarding the second mirrored network traffic to the traffic mirroring switch via the traffic mirroring network interface card, may include: filtering second mirrored network traffic from the first mirrored network traffic according to the filtering conditions contained in the second flow table; and forwarding the second mirrored network traffic to the traffic mirroring switch via the traffic mirroring network interface card according to the mirroring destination information contained in the second flow table. Here, the second mirrored network traffic refers to the mirrored network traffic in the first mirrored network traffic that meets the filtering conditions.

[0125] The network controller sends a second flow table to the traffic mirroring bridge. The traffic mirroring bridge matches the traffic of the first mirrored network according to the outbound and inbound rules defined in the filtering conditions of the second flow table. If a match is found, the traffic mirroring bridge forwards this part of the traffic, encapsulates it with VXLAN, and forwards it to a separate physical network card (NIC) on the compute node for traffic mirroring. The destination address is the probe of the traffic analysis system set by the customer. The probe is deployed on a dedicated traffic mirroring switch and connects to the customer's traffic analysis system.

[0126] The filtering process can be represented as follows:

[0127] `proto src_cidr src_port dst_cidr dst_port priority action(match or not match);` sets the source address, source port, destination address, destination port, and protocol number, and performs a match or not match action.

[0128] ovs-ofctl-O Openflow15 add-flow bridge2 "table=0,priority=50,in_port=1,actions=goto_table=5"; This adds a flow table to bridge2 via the Openflow15 protocol, setting table0 to priority 50, in port 1, and actions to goto_table 5.

[0129] ovs-ofctl-O Openflow15 add-flow bridge2 "table=0,priority=10,actions=goto_table:200"; This adds a flow table to bridge2 via the Openflow15 protocol, and the action jumps to flow table 200.

[0130] ovs-ofctl-O Openflow15 add-flow bridge2 "table=5,priority=50,ip,nw_dst=bridge2 actions=set_filter:bridge2->nw_dst,goto_table:10"; This adds a flow table to bridge2 via the Openflow15 protocol, setting forwarding rules.

[0131] The command `ovs-ofctl -O Openflow15 add-flow bridge2 "table=10,priority=50,actions=set_field:fa:16:3e:85:e0:b7->eth_dst,output:2"` adds a flow table to bridge2 via the Openflow15 protocol, sets the target MAC address, and forwards the data to port 2.

[0132] In this embodiment, traffic mirroring services are performed using separate traffic mirroring bridges, traffic mirroring network cards, and traffic mirroring switches. This achieves isolation between traffic mirroring services and customer services, ensuring that traffic mirroring services and user services do not affect each other. This guarantees that both traffic mirroring services and customer services can operate normally and smoothly under high traffic conditions, and improves the rationality of the traffic mirroring process.

[0133] For example, in Figure 3 In the illustrated architecture, when the traffic of virtual machine 1 needs to be mirrored, virtual machine 1 acts as the mirroring source. The network controller sends a first flow table to the service bridge connected to the mirroring source. Upon receiving the first flow table, the service bridge copies the network traffic of virtual machine 1 to obtain the first mirrored network traffic, which it then sends to the traffic mirroring bridge. The network controller then sends a second flow table to the traffic mirroring bridge connected to the service bridge. Upon receiving the second flow table, the traffic mirroring bridge filters the second mirrored network traffic from the first mirrored network traffic according to the filtering conditions in the second flow table. The traffic mirroring bridge sends the second mirrored network traffic to the traffic mirroring network interface card (NIC), which then sends it to the traffic mirroring switch. The traffic mirroring switch then sends the second mirrored network traffic to the traffic analysis system, which performs subsequent analysis and processing on the second mirrored network traffic.

[0134] In this embodiment, the number of flow tables is considered a key factor limiting cluster scalability. Setting flow table entries for every service instance running on the cluster would significantly impact network performance, scalability, and maintainability. However, for a business system, the interaction between a single service instance on a node and service instances on other nodes is very limited; therefore, over 80% of flow table entries are unnecessary. Thus, in this embodiment, the network controller adopts an on-demand flow table generation design. Initially, it contains only a small number of default flow tables. As service instances on the node begin establishing network connections with other entities, flow tables are created; as service instances are terminated, flow tables are deleted. This design effectively improves cluster scalability and single-node flow table query performance, and also significantly enhances network convergence. Correspondingly, the first packet of a network connection experiences a millisecond-level delay during flow table creation; subsequent packets are quickly forwarded or discarded as flow tables are established.

[0135] Accordingly, in one optional implementation, the process by which the network controller generates the first flow table corresponding to the traffic mirroring service may include: generating the first flow table corresponding to the traffic mirroring service when the traffic mirroring service begins. The process by which the network controller generates the second flow table corresponding to the traffic mirroring service may include: generating the second flow table corresponding to the traffic mirroring service when the traffic mirroring service begins. In other words, the network controller generates the corresponding flow table only when traffic mirroring is required, achieving on-demand flow table generation.

[0136] Accordingly, in an optional implementation, the network controller may also delete the first flow table and the second flow table after the traffic mirroring service ends, so that the network controller can promptly clear useless flow tables.

[0137] Accordingly, in an optional implementation, the virtual switch may also delete the first flow table after the service bridge forwards the first mirrored network traffic to the traffic mirroring bridge. The virtual switch may also delete the second flow table after the traffic mirroring bridge forwards the second mirrored network traffic to the traffic mirroring switch via the traffic mirroring network interface card. This allows the virtual switch to promptly clear useless flow tables.

[0138] In this embodiment, considering that the service bridge involves both service network traffic forwarding and mirror network traffic forwarding, and that service network traffic forwarding has higher real-time requirements, in an optional implementation, the virtual switch can further configure the service network traffic forwarding priority and the mirror network traffic forwarding priority in the service bridge, wherein the service network traffic forwarding priority is higher than the mirror network traffic forwarding priority.

[0139] In this embodiment, two bridges are used to bind two physical aggregation network interface cards (NICs). Specifically, the service bridge is bound to the service NIC, and the traffic mirroring bridge is bound to the traffic mirroring NIC. This ensures that mirrored network traffic and service network traffic use different physical NICs, preventing mirrored network traffic from affecting the forwarding of service network traffic. Simultaneously, the priority of service network traffic forwarding on the service bridge is increased at the underlying level, prioritizing the forwarding of service network traffic. Furthermore, the filtering of mirrored network traffic is performed on the traffic mirroring bridge, reducing the number of flow tables on the service bridge, alleviating flow table pressure, and increasing service traffic matching efficiency, thereby ensuring the forwarding efficiency and reliability of service traffic.

[0140] In this embodiment, mirrored network traffic is forwarded through a separate traffic mirroring switch. This separation from the service switch ensures that mirrored network traffic does not affect service network traffic. For example, if full network traffic mirroring is required, traditionally aggregating all traffic onto a single network element server would necessitate a large number of servers to handle such high throughput. By distributing the traffic's five-tuple information and collection / non-collection control onto a separate traffic mirroring bridge on each computing node, it is possible to prevent the mirrored traffic from congesting on a single network element server, significantly saving server resources.

[0141] In this embodiment of the application, the above process can achieve the isolation of traffic mirroring services and customer's real services in the private cloud through separate traffic mirroring bridges, traffic mirroring network cards, and traffic mirroring switches. This ensures that traffic mirroring services and customer's real services do not affect each other under high traffic conditions in the private cloud, and guarantees the normal and smooth operation of both traffic mirroring services and customer services.

[0142] Reference Figure 6 The diagram illustrates a structural block diagram of a virtual switch according to an embodiment of this application. The virtual switch interacts with a network controller, and service bridges and traffic mirroring bridges are created within the virtual switch.

[0143] like Figure 6 As shown, a virtual switch may include the following modules:

[0144] The first processing module 601 is used to receive the first flow table issued by the network controller through the service bridge, and obtain the first mirror network traffic by copying the network traffic of the mirror source according to the first flow table, and forward the first mirror network traffic to the traffic mirroring bridge.

[0145] The second processing module 602 is used to receive the first mirrored network traffic sent by the service bridge through the traffic mirroring bridge, and to receive the second flow table issued by the network controller through the traffic mirroring bridge, to filter out the second mirrored network traffic from the first mirrored network traffic according to the second flow table, and to forward the second mirrored network traffic to the traffic mirroring switch via the traffic mirroring network card.

[0146] Optionally, the first processing module 601 includes: a copying unit, configured to copy the network traffic of the mirror source to obtain the first mirror network traffic according to the mirror source information and mirror action type contained in the first flow table; and a first forwarding unit, configured to forward the first mirror network traffic to the traffic mirroring bridge according to the transmission port information contained in the first flow table.

[0147] Optionally, the virtual switch further includes a creation module for creating ports for interconnection between the service bridge and the traffic mirroring bridge.

[0148] Optionally, the second processing module 602 includes: a filtering unit, configured to filter out second mirror network traffic from the first mirror network traffic according to the filtering conditions contained in the second flow table; and a second forwarding unit, configured to forward the second mirror network traffic to the traffic mirroring switch via the traffic mirroring network card according to the mirroring destination information contained in the second flow table.

[0149] Optionally, the virtual switch further includes: a first deletion module, used to delete the first flow table after the first processing module 601 forwards the first mirror network traffic to the traffic mirroring bridge; and a second deletion module, used to delete the second flow table after the second processing module 602 forwards the second mirror network traffic to the traffic mirroring switch via the traffic mirroring network card.

[0150] Optionally, the virtual switch further includes a configuration module for configuring the service network traffic forwarding priority and the mirror network traffic forwarding priority in the service bridge, wherein the service network traffic forwarding priority is higher than the mirror network traffic forwarding priority.

[0151] Reference Figure 7 The diagram illustrates a structural block diagram of a network controller according to an embodiment of this application. The network controller interacts with a virtual switch, in which service bridges and traffic mirroring bridges are created.

[0152] like Figure 7 As shown, the network controller may include the following modules:

[0153] The first generation module 701 is used to generate a first flow table corresponding to the traffic mirroring service, send the first flow table to the service bridge, and the first flow table is used to instruct the service bridge to copy the network traffic of the mirror source to obtain the first mirror network traffic and forward the first mirror network traffic to the traffic mirroring bridge.

[0154] The second generation module 702 is used to generate a second flow table corresponding to the traffic mirroring service, and send the second flow table to the traffic mirroring bridge. The second flow table is used to instruct the traffic mirroring bridge to filter out the second mirroring network traffic from the first mirroring network traffic, and forward the second mirroring network traffic to the traffic mirroring switch via the traffic mirroring network card.

[0155] Optionally, the first generation module 701 is specifically used to generate a first flow table corresponding to the traffic mirroring service when the traffic mirroring service starts; the second generation module 702 is specifically used to generate a second flow table corresponding to the traffic mirroring service, including: generating the second flow table corresponding to the traffic mirroring service when the traffic mirroring service starts.

[0156] Optionally, the network controller further includes a third deletion module, configured to delete the first flow table and the second flow table after the traffic mirroring service ends.

[0157] In this embodiment, traffic mirroring services are performed using separate traffic mirroring bridges, traffic mirroring network cards, and traffic mirroring switches. This achieves isolation between traffic mirroring services and customer services, ensuring that traffic mirroring services and user services do not affect each other. This guarantees that both traffic mirroring services and customer services can operate normally and smoothly under high traffic conditions, and improves the rationality of the traffic mirroring process.

[0158] As the device embodiment is basically similar to the method embodiment, the description is relatively simple, and relevant parts can be found in the description of the method embodiment.

[0159] In embodiments of this application, an electronic device is also provided. This electronic device may include a processor and a computer-readable storage medium storing a computer program; when the computer program is executed by the processor, it causes the processor to perform the traffic mirroring method of any of the above embodiments.

[0160] Reference Figure 8 This diagram illustrates a structural block diagram of an electronic device according to an embodiment of this application. Figure 8 As shown, the electronic device 80 includes a processor 801 and a computer-readable storage medium 802, on which a computer program 8021 is stored.

[0161] The processor 801 is used to execute the computer program 8021 stored on the computer-readable storage medium 802. When the processor 801 executes the computer program 8021, it implements the traffic mirroring method of any of the above embodiments and can achieve the same technical effect. To avoid repetition, it will not be described again here.

[0162] The processor 801 mentioned above may include, but is not limited to: a central processing unit (CPU), a network processor (NP), a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.

[0163] The computer-readable storage medium 802 mentioned above may include, but is not limited to: read-only memory (ROM), random access memory (RAM), compact disc read-only memory (CD-ROM), electronically erasable programmable read-only memory (EEPROM), hard disk, floppy disk, flash memory, etc.

[0164] In embodiments of this application, a computer-readable storage medium is also provided, on which a computer program is stored, which can be executed by a processor of an electronic device, and when the computer program is executed by the processor, the processor performs the traffic mirroring method as described in any of the above embodiments.

[0165] Reference Figure 9 This diagram illustrates a structural block diagram of a computer-readable storage medium according to an embodiment of this application. Figure 9 As shown, a computer program 901 is stored on a computer-readable storage medium 90. When the computer program 901 is executed by a processor, it causes the processor to perform the traffic mirroring method as described in any of the above embodiments, and achieves the same technical effect. To avoid repetition, it will not be described again here.

[0166] The various embodiments in this specification are related to each other and are described in a progressive manner. Each embodiment focuses on the differences from other embodiments, and the same or similar parts between the embodiments can be referred to each other.

[0167] It should be noted that all actions involving the acquisition of signals, information, or data in this application are carried out in compliance with the relevant data protection laws and policies of the country where the application is located, and with the authorization granted by the owner of the relevant device.

[0168] It should be noted that, in this document, relational terms such as "first" and "second" are used merely to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or terminal device that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or terminal device. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or terminal device that includes said element.

[0169] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application.

[0170] The embodiments of this application have been described above with reference to the accompanying drawings. However, this application is not limited to the specific embodiments described above. The specific embodiments described above are merely illustrative and not restrictive. Those skilled in the art can make many other forms under the guidance of this application without departing from the spirit and scope of the claims, and all of these forms are within the protection scope of this application.

[0171] Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed in this application can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.

[0172] Those skilled in the art will understand that, for the sake of convenience and brevity, the specific working processes of the systems, devices, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.

[0173] In the embodiments provided in this application, it should be understood that the disclosed apparatus and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative. For instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between apparatuses or units may be electrical, mechanical, or other forms.

[0174] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0175] In addition, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit.

[0176] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. In summary, the content of this specification should not be construed as a limitation of this application.

Claims

1. A traffic mirroring method, characterized in that, The method is applied to a virtual switch, which interacts with a network controller, and creates service bridges and traffic mirroring bridges within the virtual switch; the method includes: The service bridge receives the first flow table issued by the network controller, replicates the network traffic of the mirror source according to the first flow table to obtain the first mirror network traffic, and forwards the first mirror network traffic to the traffic mirroring bridge. The traffic mirroring bridge receives the first mirrored network traffic sent by the service bridge, and receives the second flow table issued by the network controller through the traffic mirroring bridge. Based on the second flow table, the second mirrored network traffic is filtered out from the first mirrored network traffic, and the second mirrored network traffic is forwarded to the traffic mirroring switch via the traffic mirroring network card. The first flow table and the second flow table are important components of the virtual switch used to implement traffic replication and forwarding.

2. The method according to claim 1, characterized in that, The process includes obtaining first mirror network traffic by copying the network traffic from the mirror source based on the first flow table, and forwarding the first mirror network traffic to the traffic mirroring bridge, including: Based on the mirror source information and mirror action type contained in the first flow table, the network traffic of the mirror source is copied to obtain the first mirror network traffic; Based on the transmission port information contained in the first flow table, the first mirror network traffic is forwarded to the traffic mirroring bridge.

3. The method according to claim 1, characterized in that, Before receiving the first flow table issued by the network controller through the service bridge, the process also includes: Create a port for interconnection between the service bridge and the traffic mirroring bridge.

4. The method according to claim 1, characterized in that, Based on the second flow table, second mirror network traffic is filtered from the first mirror network traffic, and the second mirror network traffic is forwarded to the traffic mirroring switch via the traffic mirroring network card, including: Based on the filtering conditions contained in the second flow table, the second mirror network traffic is filtered out from the first mirror network traffic; Based on the mirroring destination information contained in the second flow table, the second mirrored network traffic is forwarded to the traffic mirroring switch via the traffic mirroring network card.

5. The method according to claim 1, characterized in that, After forwarding the first mirror network traffic to the traffic mirroring bridge, the method further includes: deleting the first flow table; After forwarding the traffic of the second mirrored network to the traffic mirrored switch via the traffic mirroring network card, the process also includes: deleting the second flow table.

6. The method according to claim 1, characterized in that, Before receiving the first flow table issued by the network controller through the service bridge, the process also includes: Configure the service network traffic forwarding priority and mirror network traffic forwarding priority in the service bridge, wherein the service network traffic forwarding priority is higher than the mirror network traffic forwarding priority.

7. A traffic mirroring method, characterized in that, The method is applied to a network controller that interacts with a virtual switch, where a service bridge and a traffic mirroring bridge are created. A first flow table corresponding to the traffic mirroring service is generated, and the first flow table is sent to the service bridge. The first flow table is used to instruct the service bridge to copy the network traffic of the mirror source to obtain the first mirror network traffic, and forward the first mirror network traffic to the traffic mirroring bridge. A second flow table corresponding to the traffic mirroring service is generated, and the second flow table is sent to the traffic mirroring bridge. The second flow table is used to instruct the traffic mirroring bridge to filter out the second mirroring network traffic from the first mirroring network traffic and forward the second mirroring network traffic to the traffic mirroring switch via the traffic mirroring network card. The first flow table and the second flow table are important components of the virtual switch used to implement traffic replication and forwarding.

8. The method according to claim 7, characterized in that, Generating a first flow table corresponding to a traffic mirroring service includes: generating a first flow table corresponding to the traffic mirroring service when the traffic mirroring service starts; Generating a second flow table corresponding to the traffic mirroring service includes: generating the second flow table corresponding to the traffic mirroring service when the traffic mirroring service starts.

9. The method according to claim 7, characterized in that, The method further includes: After the traffic mirroring service ends, delete the first flow table and the second flow table.

10. A virtual switch, characterized in that, The virtual switch interacts with the network controller, and creates service bridges and traffic mirroring bridges within the virtual switch; the virtual switch includes: The first processing module is used to receive the first flow table issued by the network controller through the service bridge, and obtain the first mirror network traffic by copying the network traffic of the mirror source according to the first flow table, and forward the first mirror network traffic to the traffic mirroring bridge. The second processing module is used to receive the first mirrored network traffic sent by the service bridge through the traffic mirroring bridge, and to receive the second flow table issued by the network controller through the traffic mirroring bridge, to filter out the second mirrored network traffic from the first mirrored network traffic according to the second flow table, and to forward the second mirrored network traffic to the traffic mirroring switch via the traffic mirroring network card; The first flow table and the second flow table are important components of the virtual switch used to implement traffic replication and forwarding.

11. A network controller, characterized in that, The network controller interacts with the virtual switch, and the virtual switch creates service bridges and traffic mirroring bridges; the network controller includes: The first generation module is used to generate a first flow table corresponding to the traffic mirroring service, send the first flow table to the service bridge, and the first flow table is used to instruct the service bridge to copy the network traffic of the mirror source to obtain the first mirror network traffic and forward the first mirror network traffic to the traffic mirroring bridge. The second generation module is used to generate a second flow table corresponding to the traffic mirroring service, and send the second flow table to the traffic mirroring bridge. The second flow table is used to instruct the traffic mirroring bridge to filter out the second mirroring network traffic from the first mirroring network traffic, and forward the second mirroring network traffic to the traffic mirroring switch via the traffic mirroring network card. The first flow table and the second flow table are important components of the virtual switch used to implement traffic replication and forwarding.

12. An electronic device, characterized in that, The electronic device includes a processor and a computer-readable storage medium on which a computer program is stored; when the computer program is executed by the processor, the processor causes the processor to perform the traffic mirroring method as described in any one of claims 1 to 6, or to perform the traffic mirroring method as described in any one of claims 7 to 9.

13. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, causes the processor to perform the traffic mirroring method as described in any one of claims 1 to 6, or the traffic mirroring method as described in any one of claims 7 to 9.