公开(公告)号：US10313375B2

公开(公告)日：2019-06-04

申请号：US15160158

申请日：2016-05-20

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Ke Lin ,  Yongcan Wang ,  Yingjun Tian

IPC: H04L29/00 ,  H04L29/06 ,  H04L12/26

Abstract: A malicious attack detection method includes: receiving, by a controller, a Packet-in message sent by a switch, where the Packet-in message includes a source host identifier and a destination host identifier of a data packet for which the switch does not find a flow entry; when determining that a host indicated by the destination host identifier does not exist in an SDN network, sending, by the controller, an abnormal flow entry to the switch; receiving, by the controller, a triggering count sent by the switch, where the triggering count is a quantity of times that the abnormal flow entry is triggered; and determining, according to the triggering count, whether a malicious attack is initiated. According to the method, a malicious attack from a host can be detected, a data processing volume of a controller can be reduced, and performance of the controller can be improved.

公开(公告)号：US10237166B2

公开(公告)日：2019-03-19

申请号：US15639791

申请日：2017-06-30

Applicant: Huawei Technologies Co., Ltd.

Inventor： Ke Lin ,  Chenji Li

IPC: H04L12/751 ,  H04L29/06 ,  H04L12/931 ,  H04L12/715

Abstract: A topological learning method and apparatus for an OPENFLOW network cross a conventional Internet Protocol (IP) network. The method includes obtaining, by a controller, M OPENFLOW switch (OFS) ports connected to a same conventional IP network, determining whether there is a logical switch corresponding to the conventional IP network, if the controller determines that there is no logical switch corresponding to the conventional IP network, creating and storing the information about the logical switch, where the information about the logical switch includes related information of the M OFS ports, and related information of each OFS port includes link information in a direction from the port to the logical switch and/or link information in a direction from the logical switch to the port, and managing, by the controller, the logical switch as a common OPENFLOW switch of an OPENFLOW network.

公开(公告)号：US20170041234A1

公开(公告)日：2017-02-09

申请号：US15299667

申请日：2016-10-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Ke Lin ,  Quancai Li

IPC: H04L12/803 ,  H04L12/741

CPC classification number: H04L47/125 ,  H04L45/70 ,  H04L45/745

Abstract: A load balancing implementation method, device, and system, where the method includes determining, by a switch according to a meter entry of each output port, a write value corresponding to a real-time flow rate of each output port when a flow entry used to forward traffic does not exist, sending the write value to a controller such that the controller creates a forwarding flow entry used to forward the traffic according to the write value, receiving, by the switch, the forwarding flow entry, and forwarding the traffic through the target output port. Therefore, the controller can obtain a rate range of a real-time flow rate of an output port of the switch and allocate a forwarding path according to the obtained rate range of the real-time flow rate, and implement a better load balancing.

Abstract translation: 一种负载平衡实现方法，设备和系统，其中所述方法包括：当所述流入口使用时，由交换机根据每个输出端口的计费器条目确定与每个输出端口的实时流量对应的写入值 转发流量不存在，向控制器发送写入值，使得控制器根据写入值创建用于转发流量的转发流条目，由交换机接收转发流项，并转发流量 目标输出端口。 因此，控制器可以获得交换机输出端口实时流量的速率范围，并根据获取的实时流量速率范围分配转发路径，实现更好的负载均衡。