The Design And Implementation Of Enterprise Network Monitoring System Based On SDN

Software-only network monitoring systems based on the general X86 architecture mostly use packet capture APIs to capture data packets from network cards and complete the identification and control of data packets in user space.Data packets need to go through multiple CPU interrupts and memory copies of the network card driver,kernel mode and user mode.The system overhead is large,the processing bandwidth is not high,and it cannot meet the high traffic environment of the enterprise network.Therefore,the performance problem of the network monitoring system is urgently needed to be resolved.The problem.The main work of this paper is to find out the performance bottlenecks of traditional software network monitoring systems,and use SDN related technologies to design and implement a pure software network monitoring system that can meet the cost and bandwidth requirements of enterprises.This article first describes the current status and significance of network monitoring systems,analyzes the advantages and disadvantages of network monitoring protocols,and proposes to implement a network monitoring system based on SDN technology.Then the performance bottlenecks of the traditional network monitoring system are analyzed,and the kernel-state forwarding mechanism of the OVS switch is proposed to realize the kernel-state forwarding of data packets.Without hitting the data table cached by the kernel,OVS will send the data packets to user space and match them one by one according to the priority of the flow table.However,with the increase of the number of monitoring flow tables,the time complexity of flow table matching is O(n).In order to reduce the flow table matching time,this paper designs and implements a multi-level hash flow table structure based on source IP addresses.Packets are hashed into different flow tables for matching,which optimizes the flow table matching time complexity.There is no data table that hits the flow table.OVS sends the data table to the SDN controller,and the controller parses and generates the corresponding monitoring flow table for the data flow.In order to balance the controller load and monitoring accuracy,the monitoring flow table uses a combination of hardware and software timeout design.After the monitoring flow table times out,the control synchronizes the statistical data to the monitoring database for interface query.In the same test environment,compared with the simulation test program based on Lib Pcap,the 64-byte UDP packet transmission bandwidth increased by 83.4%,and the TCP transmission bandwidth increased by 9.4%.Tests on delay,bandwidth and other aspects prove that SDN-based enterprise network monitoring systems deployed on ordinary PCs overcome the shortcomings of low bandwidth of traditional software-only monitoring systems and can meet the cost and bandwidth requirements of enterprises.