软件定义网络中基于匹配动作表的IP隧道  被引量：3

作　　者：张克尧[1,2,3] 毕军 王旸旸[1,3] ZHANG Ke -Yao;BI Jun;WANG Yang-Yang(Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084;Department of Computer Science and Technology, Tsinghua University, Beijing 100084;Beijing National Research Center for Information Science and Technology (BNRist), Beijing 100084)

机构地区：[1]清华大学网络科学与网络空间研究院,北京100084 [2]清华大学计算机科学与技术系,北京100084 [3]北京信息科学与技术国家研究中心,北京100084

出　　处：《计算机学报》2019年第2期282-294,共13页Chinese Journal of Computers

基　　金：国家"十三五"重点研发计划"网络空间安全"专项项目(2017YFB0801701);国家自然科学基金项目(61472213)资助~~

摘　　要：当前基于IP层的隧道技术在网络虚拟化、构建覆盖网络、连接异构网络等方面有着广泛的应用,但是这些传统IP隧道在管理配置方面存在不易维护、管理复杂、效率低等问题.软件定义网络是一种新型网络管控体系结构,它将网络的控制和管理逻辑从网络设备中抽离出来,并提供了开放统一的编程接口,从而大大提升了网络的管理效率.但作为软件定义网络的重要标准,OpenFlow原生并不支持IP隧道的建立,因此在SDN网络中建立隧道依然依赖于传统的配置方式.该文采用SDN中数据平面的匹配动作表编程模型,提出了一种新的IP隧道机制——MAT隧道.MAT隧道可以通过下发流表规则对隧道报文直接进行封装和解封,不再通过配置隧道端口的方式.该文基于开源软件交换机Open vSwitch和开源控制器Floodlight完成了MAT隧道原型的实现,并利用DPDK对于其性能做了一定优化.该文还根据真实拓扑搭建了仿真环境,对MAT隧道与Open vSwitch原有的隧道进行了对比评估,结果显示MAT隧道可以将隧道的平均时延降低10%左右,而采用DPDK加速后可以进一步降低20%左右.而通过隧道进行路径切换的测试表明,MAT隧道将隧道切换过程中的最大抖动降低3个数量级,同时将对吞吐量的影响降低50%.IP tunneling is a technology for packet encapsulation,which encapsulates the original packets in the payload of IP packets.It has been widely used in the field of network virtualization,overlay network,heterogeneous network and so on.Software Defined Networking(SDN)is a new network management architecture,which extracts the control and management logic from the device,thus promoting the innovation of the network.SDN provides open and unified APIs,which greatly enhances the network management efficiency.The establishment and management of tunnels is an important requirement of many applications in SDN.However,as a significant southbound interface,OpenFlow only supports tag-based tunneling(e.g.,MPLS),but does not primitively support the establishment of IP tunnels.As a result,OpenFlow has many restrictions on network application,function and scalability in terms of tunneling.To solve the problem,data plane which supports OpenFlow usually adopts the approach of traditional configurations,which provides various of vendor-dependent configure commands and programmable APIs,rather than a unified standard interface.But these commands or APIs are different on different targets.Therefore,IP tunneling is not actually simplified in SDN,suffering from maintenance difficulty,management complexity,and low flexibility.Inspired by the Match-Action Table programming models in OpenFlow,we argue that expressing tunneling logic with the MAT model could improve the programmability and flexibility.We propose a mechanism of IP tunneling based on Match-Action Table in SDN,called MAT tunnel.The MAT tunnel can encapsulate and decapsulate directly by real-time installing flow rules instead of manually configuring tunnel ports.We extend the Match and Action Fields in OpenFlow so that the controllers can install flow entries about MAT tunnel on the switches.We also provide RESTful API on controllers for network applications and administrators,which makes it easier to create or remove the MAT tunnel.In addition,we introduce an ARP proxy on the

关 键 词：软件定义网络 OpenFlow IP隧道技术 匹配动作表 OPEN vSwitch 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]