近幾年來，網際網路飛速發展，在帶給人們諸多便利的同時，也面臨著嚴峻的挑戰。網路技術負擔的任務日益增多，網路的控制、監督和優化也也來越複雜。為了類比真實網路進行實驗，斯坦福大學Nick McKeown教授為首的團隊提出了SDN(軟體定義網路)的概念，通過一個集中式的控制器，讓網路系統管理員可以方便地控制每一個交換機的功能，實現網路結構的虛擬化，在不影響真實網路環境的前提下讓研究者對網路結構進行研究與改進。
封包匹配是SDN結構中非常重要的一環。在過去對SDN的諸多研究中，封包匹配一般使用的是單流表.對進入交換機的封包，根據其匹配域不同，作出轉發、丟棄等動作。但是隨著網際網路的發展，單流表結構存在著存儲空間需求過大、維護難度過高等問題，反過來限制了網路的發展。為了解決上述問題，多流表技術應運而生。
本文在SDN環境中應用多流表技術，將流表進行特徵提取。封包進入交換機後，根據匹配域將封包發送到不同的流表進行匹配，進而將匹配過程分解成多個步驟，形成流水線的處理形式，實現主機間的相互通信。實驗結果顯示，多流表技術在SDN環境中可以順利實現主機間相互通信，防火牆隔離不信任IP等功能。本文還對多流表技術存在的匹配時延、頻寬利用率問題進行了探討並分析了不同情況下如何添加流規則以實現網路效能和維護便利性的平衡。

SUMMARY
Packets matching is a very important part of the SDN structure. In the past research of SDN, packets matching used one flow table. On packets entering the switch, the switch will drop, forward or make other actions to the packets according to its matching fields. But with the development of the Internet, structure of single flow table has issues such as too much storage space and too difficult to maintain. These issues limit the development of network in turn. In order to solve the above problems, multiple flow tables’ technique came into being.
This paper uses the multiple flow tables technique in SDN environment, extracts the features of the flow tables. Packets were sent to different flow tables for matching according to matching fields. Then the matching process is broken down into multiple steps, forming lines of form for communication between hosts. Experimental results showed that multiple flow tables’ technique in SDN can implement the communication between hosts successfully and isolating mistrust IP through firewalls. This paper also discussed the delay problem and bandwidth utilization because of using multiple flow tables technique. This paper also analyzed the different scenarios how to add flow rules in order to achieve balance between network performance and ease of maintenance.
Key words:OpenFLow、SDN、Multiple Flow Tables

INTRODUCTION

In recent years, the Internet develops rapidly. The Internet has brought people a lot of convenience, but also facing serious challenges. Network technique is burdening increasing tasks, Controlling, monitoring and optimization of the network is also more complex. In order to simulate real network for experiments, Professor Nick Mckeown’s team from Stanford University proposed the concept of SDN (software defined network).Network administrators can easily control each switch features through a centralized controller to virtualize the network structure. This design helps the researchers researching and improving the network structure without affecting the real network environment.
In the past research of SDN, packets matching used one flow table. But with the development of the Internet, structure of single flow table has issues such as too much storage space and too difficult to maintain. These issues limit the development of network in turn. Multiple flow tables can help reduce the storage space and make the network structure more flexible. However, current research on multiple flow tables focused largely on how to reduce the storage space, I hope to design a multiple flow tables structure makes it easier to deploy network.
In this paper, packets were sent to different flow tables for matching according to matching fields. Then the matching process is broken down into multiple steps, forming lines of form for communication between hosts. Experimental results showed that multiple flow tables’ technique in SDN can implement the communication between hosts successfully and isolating mistrust IP through firewalls. This paper also discussed the delay problem and bandwidth utilization because of using multiple flow tables technique. This paper also analyzed the different scenarios how to add flow rules in order to achieve balance between network performance and ease of maintenance.

MATERIALS AND METHODS

The network topology I designed is a network topology of Cheng-Kung University. This topology includes 8 hosts representing student’s computers, 4 access switches, representing the virtual switches of each lab, 4 aggregate switches representing the virtual switches of each department and 1 core switch. The core switch is connected to the Internet and aggregate switches, each aggregate switch connects 2 access switches, each access switch connects 2 hosts. According to the topology, I designed 11 flow tables. Table 0 is used to determine whether the packet is uplink or downlink, table 1 to table 5 are firewalls, which were used to drop packets from the IP not trusted. table 7 is send the packet to the corresponding switch or host based on the destination physical address, table 8 to table 9 are send the packet to the corresponding switch based on the destination IP address, table 10 is used to process ARP packets and table 11 is used to process ICMP packets.

RESULTS AND DISCUSSION

Based on the above topology structure and flow tables, I conducted some experiments and analysis on the packet latency, network bandwidth and flow rules. Experimental results show that the packet transmission delay is basically the same in single flow tables and multiple flow tables. At low port bandwidth, the actual bandwidth can reach the port bandwidth. At higher port bandwidth, the actual bandwidth can’t reach port bandwidth. In modular design, we need the most flow rules and in customization design, the rules needed are least. When the network structure more complex, the modular design flow rules require the maximum increase in the number.

CONCLUSION

The multiple flow tables can greatly facilitate the deployment and maintenance of the network. In the network structure is relatively simple case, the delay between single and multiple flow tables are same. But in multiple flow tables’ case, the utilization of bandwidth is not very high. At the same time in complex network, we need to sacrifice some case of deployment to improve network performance.

參考文獻
【1】淺析SDN安全須知和安全實現。http://network.chinabyte.com/16/12802516.shtml. 2013-12-11
【2】 Google SDN部署經驗：如何漸進部署到現有資料中心。. 2013-10-17
【3】雷葆華，SDN核心技術剖析和實戰指南，北京，電子工業出版社，2013
【4】謝希仁 ．電腦網路（第五版） ．北京 ：電子工業出版社 ，2008年1月 ：355-366.
【5】軟體定義網路框架Opendaylight，http://www.oschina.net/p/opendaylight. 2015-7-23.
【6】SDNlab，OpenDaylight控制器架構分析，http://www.sdnlab.com/odlcommunity/article/4?notification_id=84&item_id=14. 2015-7-23.
【7】羅俊，趙煒，陳璽，SDN 網路系統之 Mininet 與 API 詳解，http://www.ibm.com/developerworks/cn/cloud/library/1404_luojun_sdnmininet/index.html，2015-07-21.
【8】君子一諾,OpenDaylight與Mininet應用實戰之三層轉發機制（四）, http://www.sdnlab.com/2233.html.2015-7-23.
【9】Zhi Chen, Yulei Wu, Jingguo Ge and Yuepeng. E, A New Lookup Model for Multiple Flow Tables of Open Flow with Implementation and Optimization Considerations. Computer and Information Technology (CIT), 2014:528-532
【10】Li X, Ji M, Cao M, et al. An optimization scheme for resource-reuse-based Openflow flow table storage. Study on Optical Communications, 2014.
【11】Kim H, Feamster N. Improving network management with software defined networking. Communications Magazine, IEEE, 2013, 51(2): 114-119.
【12】Das S, Parulkar G, McKeown N. Simple unified control for packet and circuit networks[J]. Month Unknown, 2009: 147-148.
【13】Nakagawa Y, Hyoudou K, Lee C, et al. Domainflow: Practical flow management method using multiple flow tables in commodity switches. Proceedings of the ninth ACM conference on Emerging networking experiments and technologies. ACM, 2013: 399-404.
【14】Stanford University. Clean slate program. 2006. http://cleanslate.stanford.edu/
【15】McKeown N. Software-Defined metworking. In: Proc. of the INFOCOM Key Note. 2009. http://infocom2009.ieee-infocom.org/ technicalProgram.htm
【16】OpenFlow: enabling innovation in campus networks. ACM SIGCOMM, Volume 38 Issue 2, April 2008: 69-74
【17】OpenFlow Switch Specification Version 1.0.0 .http://archive.openflow.org/documents/openflow-spec-v1.0.0.pdf，2009-12-31
【18】Open Networking Foundation. https://www.opennetworking.org/about/onf-overview
【19】open vswitch Official website. http://openvswitch.org/, 2015-07-20.
【20】compilife, OVS Brief introduction,http://blog.csdn.net/sqx2011/article/details/39344869, 2015-07-20
【21】yoofooyoo, Opendaylight Brief introduction, http://www.sdnlab.com/odlcommunity/article/1, 2015-07-20.
【22】What’s New in Lithium, http://www.opendaylight.org/lithium,2015-7-23.
【23】OpenDaylight Controller:Overview, https://wiki.opendaylight.org/view/OpenDaylight_Controller:Overview, 2015-7-23.
【24】GREG FERRO，SDN Use Case: Firewall Migration in the Enterprise, http://etherealmind.com/sdn-use-case-firewall-migration-in-the-enterprise/，2015-07-21.
【25】Mininet with different network subnet, http://hwchiu.logdown.com/posts/203260-mininet-and-network-subnet, 2015-7-23.
【26】OpenFlow Tutorial, http://archive.openflow.org/wk/index.php/OpenFlow_Tutorial, 2015-7-23.
【27】Sushant Jain, Alok Kumar, Subhasree Mandal, Joon Ong, Leon Poutievski, Arjun Singh,Subbaiah Venkata, Jim Wanderer, Junlan Zhou, Min Zhu, Jonathan Zolla,Urs Hölzle, Stephen Stuart and Amin Vahdat. “B4: experience with a globally-deployed software defined wan,” the ACM SIGCOMM 2013 conference,2013:3-14
【28】Gelberger. A, Yemini. N. and Giladi. R, Performance Analysis of Software-Defined Networking (SDN). Modeling, Analysis & Simulation of Computer and Telecommunication Systems (MASCOTS), 2013: 389 - 393