進階搜尋


   電子論文尚未授權公開,紙本請查館藏目錄
(※如查詢不到或館藏狀況顯示「閉架不公開」,表示該本論文不在書庫,無法取用。)
系統識別號 U0026-0708201515114300
論文名稱(中文) 利用多流表技術於軟體定義網路環境
論文名稱(英文) Using Multiple Flow Tables in Software Defined Networking Environment
校院名稱 成功大學
系所名稱(中) 電腦與通信工程研究所
系所名稱(英) Institute of Computer & Communication
學年度 103
學期 2
出版年 104
研究生(中文) 楊子江
研究生(英文) Zi-Jiang Yang
學號 Q36023022
學位類別 碩士
語文別 中文
論文頁數 86頁
口試委員 指導教授-楊竹星
口試委員-許良政
口試委員-蔡崇煒
口試委員-林輝堂
口試委員-侯廷偉
中文關鍵字 OpenFlow  SDN  多流表 
英文關鍵字 OpenFLow  SDN  Multiple Flow Tables 
學科別分類
中文摘要 近幾年來,網際網路飛速發展,在帶給人們諸多便利的同時,也面臨著嚴峻的挑戰。網路技術負擔的任務日益增多,網路的控制、監督和優化也也來越複雜。為了類比真實網路進行實驗,斯坦福大學Nick McKeown教授為首的團隊提出了SDN(軟體定義網路)的概念,通過一個集中式的控制器,讓網路系統管理員可以方便地控制每一個交換機的功能,實現網路結構的虛擬化,在不影響真實網路環境的前提下讓研究者對網路結構進行研究與改進。
封包匹配是SDN結構中非常重要的一環。在過去對SDN的諸多研究中,封包匹配一般使用的是單流表.對進入交換機的封包,根據其匹配域不同,作出轉發、丟棄等動作。但是隨著網際網路的發展,單流表結構存在著存儲空間需求過大、維護難度過高等問題,反過來限制了網路的發展。為了解決上述問題,多流表技術應運而生。
本文在SDN環境中應用多流表技術,將流表進行特徵提取。封包進入交換機後,根據匹配域將封包發送到不同的流表進行匹配,進而將匹配過程分解成多個步驟,形成流水線的處理形式,實現主機間的相互通信。實驗結果顯示,多流表技術在SDN環境中可以順利實現主機間相互通信,防火牆隔離不信任IP等功能。本文還對多流表技術存在的匹配時延、頻寬利用率問題進行了探討並分析了不同情況下如何添加流規則以實現網路效能和維護便利性的平衡。
英文摘要 SUMMARY
Packets matching is a very important part of the SDN structure. In the past research of SDN, packets matching used one flow table. On packets entering the switch, the switch will drop, forward or make other actions to the packets according to its matching fields. But with the development of the Internet, structure of single flow table has issues such as too much storage space and too difficult to maintain. These issues limit the development of network in turn. In order to solve the above problems, multiple flow tables’ technique came into being.
This paper uses the multiple flow tables technique in SDN environment, extracts the features of the flow tables. Packets were sent to different flow tables for matching according to matching fields. Then the matching process is broken down into multiple steps, forming lines of form for communication between hosts. Experimental results showed that multiple flow tables’ technique in SDN can implement the communication between hosts successfully and isolating mistrust IP through firewalls. This paper also discussed the delay problem and bandwidth utilization because of using multiple flow tables technique. This paper also analyzed the different scenarios how to add flow rules in order to achieve balance between network performance and ease of maintenance.
Key words:OpenFLow、SDN、Multiple Flow Tables

INTRODUCTION

In recent years, the Internet develops rapidly. The Internet has brought people a lot of convenience, but also facing serious challenges. Network technique is burdening increasing tasks, Controlling, monitoring and optimization of the network is also more complex. In order to simulate real network for experiments, Professor Nick Mckeown’s team from Stanford University proposed the concept of SDN (software defined network).Network administrators can easily control each switch features through a centralized controller to virtualize the network structure. This design helps the researchers researching and improving the network structure without affecting the real network environment.
In the past research of SDN, packets matching used one flow table. But with the development of the Internet, structure of single flow table has issues such as too much storage space and too difficult to maintain. These issues limit the development of network in turn. Multiple flow tables can help reduce the storage space and make the network structure more flexible. However, current research on multiple flow tables focused largely on how to reduce the storage space, I hope to design a multiple flow tables structure makes it easier to deploy network.
In this paper, packets were sent to different flow tables for matching according to matching fields. Then the matching process is broken down into multiple steps, forming lines of form for communication between hosts. Experimental results showed that multiple flow tables’ technique in SDN can implement the communication between hosts successfully and isolating mistrust IP through firewalls. This paper also discussed the delay problem and bandwidth utilization because of using multiple flow tables technique. This paper also analyzed the different scenarios how to add flow rules in order to achieve balance between network performance and ease of maintenance.

MATERIALS AND METHODS

The network topology I designed is a network topology of Cheng-Kung University. This topology includes 8 hosts representing student’s computers, 4 access switches, representing the virtual switches of each lab, 4 aggregate switches representing the virtual switches of each department and 1 core switch. The core switch is connected to the Internet and aggregate switches, each aggregate switch connects 2 access switches, each access switch connects 2 hosts. According to the topology, I designed 11 flow tables. Table 0 is used to determine whether the packet is uplink or downlink, table 1 to table 5 are firewalls, which were used to drop packets from the IP not trusted. table 7 is send the packet to the corresponding switch or host based on the destination physical address, table 8 to table 9 are send the packet to the corresponding switch based on the destination IP address, table 10 is used to process ARP packets and table 11 is used to process ICMP packets.

RESULTS AND DISCUSSION

Based on the above topology structure and flow tables, I conducted some experiments and analysis on the packet latency, network bandwidth and flow rules. Experimental results show that the packet transmission delay is basically the same in single flow tables and multiple flow tables. At low port bandwidth, the actual bandwidth can reach the port bandwidth. At higher port bandwidth, the actual bandwidth can’t reach port bandwidth. In modular design, we need the most flow rules and in customization design, the rules needed are least. When the network structure more complex, the modular design flow rules require the maximum increase in the number.

CONCLUSION

The multiple flow tables can greatly facilitate the deployment and maintenance of the network. In the network structure is relatively simple case, the delay between single and multiple flow tables are same. But in multiple flow tables’ case, the utilization of bandwidth is not very high. At the same time in complex network, we need to sacrifice some case of deployment to improve network performance.
論文目次 目錄
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機與目的 2
1.3 論文架構 3
第二章 相關技術與研究 4
2.1 SDN技術 4
2.1.1 SDN概念 4
2.1.2 SDN基本架構 4
2.1.3 SDN 的優勢 6
2.2 OpenFLow 7
2.2.1 OpenFLow的概念 7
2.2.2 OpenFLow基本結構 8
2.2.2.1 OpenFLow Switch 8
2.2.2.2 Flow Tables 9
2.2.2.2.1 Match Fields(匹配域) 10
2.2.2.2.2 Counter(計數器) 11
2.2.2.2.3 Actions(行動) 13
2.2.2.2.4 匹配 15
2.2.2.2.5 流表項的修改與刪除 16
2.2.3 OpenFLow的演進 17
2.2.3.1 OpenFLow交換機結構 17
2.2.3.2 流表結構 18
2.2.3.3 多流表 19
2.2.3.4 組表 21
2.2.3.5 匹配域 21
2.2.3.6 計數器 24
2.2.3.7 指令與行動 24
2.2.3.8 秘密頻道 26
2.2.3.9 OpenFlow埠 26
2.2.3.10 IPv6支持 30
2.2.3.11 多控制器 30
2.2.3.12 計量表 30
2.3 Open VSwitch介紹 31
2.3.1 Open VSwitch含義 31
2.3.2 Open Vswitch結構 32
2.3.3 Open Vswitch運行原理 32
2.4 Opendaylight介紹 33
2.4.1 Opendaylight簡介 33
2.4.2 Opendaylight控制器 34
2.4.2.1 Opendaylight控制器介紹 34
2.4.2.2 Opendaylight控制器設計原則 35
2.4.2.3 Opendaylight控制器結構 35
2.5 Mininet介紹 37
2.5.1 Mininet簡介 37
2.5.2 Mininet實現的特性 37
2.5.3 Mininet常用操作 38
第三章 實驗架構 39
3.1 拓撲結構 39
3.2 封包傳輸情況分析 41
3.3 多流表設計 44
3.4 封包在多流表中匹配流程 48
第四章 實驗與結果 61
4.1 實驗配置 61
4.2 IP與閘道設置 61
4.3 主機間連通性測試 64
4.4 防火牆測試 65
4.5 匹配時延測試 66
4.6 頻寬測試 70
4.7 模組化設計及流規則數量統計 74
第五章 結論與未來工作 83
參考文獻 85

圖目錄
圖2.1 SDN基本架構 5
圖2.2 OpenFLow結構圖 9
圖2.3 Flow Tables 中的條目組成欄位 10
圖2.4 OpenFlow1.3流表匹配流程圖 16
圖2.5 OpenFlow1.4流表結構 18
圖2.7 流表流水線工程 20
圖2.8 Opendaylight 控制器結構 37
圖3.1 模擬校園網路拓撲 39
圖3.2 底層主機發出ARP封包 41
圖3.3 同一個VLAN下封包的傳輸 42
圖3.4同一個Aggregate Switch下封包的傳輸 42
圖3.5校園內不同Aggregate Switch下封包的傳輸 43
圖3.6校園內部主機向Internet發送封包 44
圖3.7 Internet向校園內部主機發送封包 44
圖3.8 多流表結構 45
圖3.9 情況一:S31中封包匹配流程 48
圖3.10 情況一:S211中封包匹配流程 49
圖3.11 情況一:S211中 ARP_Reply封包匹配流程 50
圖3.12 情況一:S31中 ARP_Reply封包匹配流程 50
圖3.13 情況二:封包在S31中匹配流程 51
圖3.14 情況三:封包在S31中匹配流程 52
圖3.15情況三:封包在S211中匹配流程 52
圖3.16情況三:封包在S32中匹配流程 53
圖3.17 情況四:封包在S31中匹配流程 54
圖3.18情況四:封包在S211中匹配流程 54
圖3.19情況四:封包在S1中匹配流程 55
圖3.20情況四:封包在S221中匹配流程 56
圖3.21情況四:封包在S33中匹配流程 56
圖3.22 情況五:封包在S31中匹配流程 57
圖3.23 情況五:封包在S211中匹配流程 58
圖3.24 情況五:封包在S1中匹配流程 58
圖3.25 情況六:封包在S1中匹配流程 69
圖3.26 情況六:封包在S211中匹配流程 60
圖3.27 情況六:封包在S31中匹配流程 60
圖4.1 啟動類比拓撲網路 61
圖4.2 查看各個節點 62
圖4.3 查看每個節點之間的連接情況 62
圖4.4 類比實驗的拓撲結構 63
圖4.5 主機IP設置 63
圖4.6主機閘道設置 63
圖4.7 交換機閘道設置 64
圖4.8 對拓撲結構執行”pingall”操作 64
圖4.9 寫入流規則後執行”pingall”操作 65
圖4.10 將H31和H5添加進不信任名單 65
圖4.11 將H31添加進不信任名單後執行”ping”操作 65
圖4.12 將H5添加進不信任名單後執行”ping”操作 66
圖4.13 將H31從不信任名單刪除後執行”ping”操作 66
圖4.14 將H5從不信任名單刪除後執行”ping”操作 66
圖4-15 H11與H12執行”ping”操作的時延 67
圖4-16 H11與H21執行”ping”操作的時延 68
圖4-17 H11與H31執行”ping”操作的時延 69
圖4-18 H11與H5執行”ping”操作的時延 70
圖4-19 H11與H12之間實際傳輸流量 71
圖4-20 H11與H21之間實際傳輸流量 72
圖4-21 H11與H31之間實際傳輸流量 73
圖4-22 H11與H5之間實際傳輸流量 73
圖4.23 Access Switch下增加主機拓撲結構圖 76
圖4.24 Aggregate Switch下增加Access Switch拓撲結構圖 78
圖4.25 增加一個Aggregate Switch後的拓撲結構圖 80
圖4-26 不同情況下所需要流規則總數 82

表目錄
表2-1 OpenFlow流表項匹配域 10
表2-2 匹配域說明 11
表2-3 不同的計數器分類 12
表2-4 修改匹配域的行動 15
表2-5 流表項修改與刪除的類型 17
表2-6 OpenFLow1.3流表結構 19
表2-7 組表項結構 21
表2-8 OpenFlow流表匹配變化 23
表2-9 OpenFlow流表新增指令與說明 25
表2-10 埠資訊 28
表2-11 計量表結構圖 31
表2-12 Mininet常用操作指令 38
表4-1 H11與H12執行”ping”操作的時延 67
表4-2 H11與H21執行”ping”操作的時延 68
表4-3 H11與H31執行”ping”操作的時延 68
表4-4 H11與H5執行”ping”操作的時延 69
表4-5 H11與H12之間實際傳輸流量 70
表4-6 H11與H21之間實際傳輸流量 71
表4-7 H11與H31之間實際傳輸流量 72
表4-8 H11與H5之間實際傳輸流量 73
表4-9 定制情況下流規則數目 74
表4-10 半模組化情況下流規則數目 75
表4-11 模組化情況下流規則數目 75
表4-12增加主機定制情況下流規則數目 76
表4-13 增加主機半模組化情況下流規則數目 77
表4-14 模組化情況下流規則數目 77
表4-15增加Access Switch定制情況下流規則數目 78
表4-16增加Access Switch半模組化情況下流規則數目 79
表4-17 增加Access Switch模組化情況下流規則數目 79
表4-18 增加Aggregate Switch定制情況下流規則數目 80
表4-19 增加主機半模組化情況下流規則數目 81
表4-20 模組化情況下流規則數目 81
參考文獻 參考文獻
【1】淺析SDN安全須知和安全實現。http://network.chinabyte.com/16/12802516.shtml. 2013-12-11
【2】 Google SDN部署經驗:如何漸進部署到現有資料中心。. 2013-10-17
【3】雷葆華,SDN核心技術剖析和實戰指南,北京,電子工業出版社,2013
【4】謝希仁 .電腦網路(第五版) .北京 :電子工業出版社 ,2008年1月 :355-366.
【5】軟體定義網路框架Opendaylight,http://www.oschina.net/p/opendaylight. 2015-7-23.
【6】SDNlab,OpenDaylight控制器架構分析,http://www.sdnlab.com/odlcommunity/article/4?notification_id=84&item_id=14. 2015-7-23.
【7】羅俊,趙煒,陳璽,SDN 網路系統之 Mininet 與 API 詳解,http://www.ibm.com/developerworks/cn/cloud/library/1404_luojun_sdnmininet/index.html,2015-07-21.
【8】君子一諾,OpenDaylight與Mininet應用實戰之三層轉發機制(四), http://www.sdnlab.com/2233.html.2015-7-23.
【9】Zhi Chen, Yulei Wu, Jingguo Ge and Yuepeng. E, A New Lookup Model for Multiple Flow Tables of Open Flow with Implementation and Optimization Considerations. Computer and Information Technology (CIT), 2014:528-532
【10】Li X, Ji M, Cao M, et al. An optimization scheme for resource-reuse-based Openflow flow table storage. Study on Optical Communications, 2014.
【11】Kim H, Feamster N. Improving network management with software defined networking. Communications Magazine, IEEE, 2013, 51(2): 114-119.
【12】Das S, Parulkar G, McKeown N. Simple unified control for packet and circuit networks[J]. Month Unknown, 2009: 147-148.
【13】Nakagawa Y, Hyoudou K, Lee C, et al. Domainflow: Practical flow management method using multiple flow tables in commodity switches. Proceedings of the ninth ACM conference on Emerging networking experiments and technologies. ACM, 2013: 399-404.
【14】Stanford University. Clean slate program. 2006. http://cleanslate.stanford.edu/
【15】McKeown N. Software-Defined metworking. In: Proc. of the INFOCOM Key Note. 2009. http://infocom2009.ieee-infocom.org/ technicalProgram.htm
【16】OpenFlow: enabling innovation in campus networks. ACM SIGCOMM, Volume 38 Issue 2, April 2008: 69-74
【17】OpenFlow Switch Specification Version 1.0.0 .http://archive.openflow.org/documents/openflow-spec-v1.0.0.pdf,2009-12-31
【18】Open Networking Foundation. https://www.opennetworking.org/about/onf-overview
【19】open vswitch Official website. http://openvswitch.org/, 2015-07-20.
【20】compilife, OVS Brief introduction,http://blog.csdn.net/sqx2011/article/details/39344869, 2015-07-20
【21】yoofooyoo, Opendaylight Brief introduction, http://www.sdnlab.com/odlcommunity/article/1, 2015-07-20.
【22】What’s New in Lithium, http://www.opendaylight.org/lithium,2015-7-23.
【23】OpenDaylight Controller:Overview, https://wiki.opendaylight.org/view/OpenDaylight_Controller:Overview, 2015-7-23.
【24】GREG FERRO,SDN Use Case: Firewall Migration in the Enterprise, http://etherealmind.com/sdn-use-case-firewall-migration-in-the-enterprise/,2015-07-21.
【25】Mininet with different network subnet, http://hwchiu.logdown.com/posts/203260-mininet-and-network-subnet, 2015-7-23.
【26】OpenFlow Tutorial, http://archive.openflow.org/wk/index.php/OpenFlow_Tutorial, 2015-7-23.
【27】Sushant Jain, Alok Kumar, Subhasree Mandal, Joon Ong, Leon Poutievski, Arjun Singh,Subbaiah Venkata, Jim Wanderer, Junlan Zhou, Min Zhu, Jonathan Zolla,Urs Hölzle, Stephen Stuart and Amin Vahdat. “B4: experience with a globally-deployed software defined wan,” the ACM SIGCOMM 2013 conference,2013:3-14
【28】Gelberger. A, Yemini. N. and Giladi. R, Performance Analysis of Software-Defined Networking (SDN). Modeling, Analysis & Simulation of Computer and Telecommunication Systems (MASCOTS), 2013: 389 - 393
論文全文使用權限
  • 同意授權校內瀏覽/列印電子全文服務,於2016-08-19起公開。


  • 如您有疑問,請聯絡圖書館
    聯絡電話:(06)2757575#65773
    聯絡E-mail:etds@email.ncku.edu.tw