CN105591871A - Method and device for configuration of auto discovery virtual private network (ADVPN) spoke - Google Patents

Method and device for configuration of auto discovery virtual private network (ADVPN) spoke Download PDF

Info

Publication number
CN105591871A
CN105591871A CN201510671692.7A CN201510671692A CN105591871A CN 105591871 A CN105591871 A CN 105591871A CN 201510671692 A CN201510671692 A CN 201510671692A CN 105591871 A CN105591871 A CN 105591871A
Authority
CN
China
Prior art keywords
advpn
address
branch node
private net
public network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510671692.7A
Other languages
Chinese (zh)
Other versions
CN105591871B (en
Inventor
张岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201510671692.7A priority Critical patent/CN105591871B/en
Publication of CN105591871A publication Critical patent/CN105591871A/en
Application granted granted Critical
Publication of CN105591871B publication Critical patent/CN105591871B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The embodiment of the invention provides a method and device for configuration of an auto discovery virtual private network (ADVPN) spoke. The method comprises: receiving the registration request message including the public network address of the ADVPN spoke from the ADVPN spoke; distributing the private network address corresponding to the public network address of the ADVPN spoke; and sending the registration success message carrying the private network address to the ADVPN spoke so as to allow the ADVPN spoke to configure the address of an ADVPN tunnel on the ADVPN spoke on the basis of the private network address.

Description

A kind of method and apparatus that configures automatic discovery VPN branch node
Technical field
The present invention relates to communication technical field, particularly VPN is found in a kind of configuration automatically(ADVPN) method and apparatus of branch node (Spoke).
Background technology
Automatic discovery VPN (AutoDiscoveryVirtualPrivateNetwork,ADVPN) be that one is assisted based on VPN address administration (VPNAddressManagement, VAM)The Dynamic VPN technology of view. The public network address of dynamic change is responsible for collecting, is safeguarded and distribute to VAM agreementEtc. information.
Node (being called ADVPN node) in ADVPN network belongs to VAM client (Client).VAM client comprises Centroid (Hub) and branch node (Spoke). Hub is routing iinformationThe center of exchange; Spoke is the gateway of enterprise branch office normally. The public network address of ADVPN nodeRefer to the interface IP address of ADVPN node access public network; The private net address of ADVPN node refers toThe address of ADVPN tunnel interface on ADVPN node. ADVPN node is by the current public network of selfVAM server (Server) is arrived in address registration, and passes through VAM agreement from VAM serverObtain the current public network address of other end ADVPN node, thus realize two ADVPN nodes itBetween Dynamic Establishing cross over the ADVPN tunnel of IP core network.
In existing ADVPN network, the address of the ADVPN tunnel interface on Spoke is (privateNet address) be all static appointment. The planning that the private net address of Spoke is ununified and management, mayCause the waste of address space, be unfavorable for the Scaledeployment of ADVPN network, even may cause IPAddress conflict.
Summary of the invention
In view of this, the present invention proposes the method and apparatus of a kind of configuration ADVPN branch node (Spoke),Private net address is managed to save address space.
According to the one side of embodiment of the present invention, a kind of method of the ADVPN of configuration branch node is proposed,The method is applied to VAM server; The method comprises:
The registration that receives the public network address that comprises described ADVPN branch node from ADVPN branch node pleaseAsk message;
Distribute the private net address corresponding to the public network address of described ADVPN branch node;
Send the message that succeeds in registration that carries described private net address to described ADVPN branch node, thereby byDescribed ADVPN branch node configures the ADVPN on this ADVPN branch node based on described private net addressThe address in tunnel.
Preferably, described registration request message further comprises the affiliated group mark of described ADVPN branch nodeKnow;
Described distribution comprises corresponding to the private net address of described public network address:
Determine and identify corresponding address pool with described group;
From determined address pool, distribute the described private net address corresponding to public network address.
Preferably, described distribution corresponding to the private net address of the public network address of ADVPN branch node is: baseDistribute the private corresponding to the public network address of described ADVPN branch node in dynamic host configuration protocol DHCPNet address;
Before carrying the message that succeeds in registration of described private net address to described ADVPN branch node transmission,The method also comprises:
In the time that the private net address of described private net address and ADVPN Centroid is identical, again based on DHCPDistribute the private net address corresponding to the public network address of described ADVPN branch node.
Preferably, the method also comprises:
In the time that described ADVPN branch node exits, delete described private net address; Or
When described ADVPN branch node in the given time without upgrade time, delete described private net address.
Preferably, the message that succeeds in registration described in further comprises the ADVPN under this ADVPN branch nodeThe routing property information of Centroid, thus believed based on described routing property by described ADVPN branch nodeBreath generates corresponding local routing configuration information, and by described ADVPN branch node based on described this localityRouting configuration information is learnt VPN route information by ADVPN tunnel from ADVPN Centroid;
Described routing property information comprises: Routing Protocol type and routed domain parameter.
According to embodiment of the present invention on the other hand, a kind of method of the ADVPN of configuration branch node is proposed,The method is applied to ADVPN branch node; The method comprises:
Send the public affairs that comprise described ADVPN branch node to VPN address administration VAM serverThe registration request message of net address;
Receive from VAM server the message that succeeds in registration, described in the message that succeeds in registration comprise VAM server and divideJoin, corresponding to the private net address of the public network address of described ADVPN branch node;
Configure the address in the ADVPN tunnel on this ADVPN branch node based on described private net address.
Preferably, the message that succeeds in registration described in further comprises the ADVPN under this ADVPN branch nodeThe routing property information of Centroid, described routing property information comprises: Routing Protocol type and routed domain ginsengNumber; The method also comprises:
Based on the corresponding local routing configuration information of described routing property Information generation;
Private from the study of ADVPN Centroid by ADVPN tunnel based on described local routing configuration informationNet routing iinformation.
According to embodiment of the present invention on the other hand, a kind of device of the ADVPN of configuration branch node is proposed,This application of installation is in VAM server, and this device comprises:
Registration request message receiver module, for receiving and comprise described ADVPN from ADVPN branch nodeThe registration request message of the public network address of branch node;
Private net address distribution module, for what distribute corresponding to the public network address of described ADVPN branch nodePrivate net address;
The message sending module that succeeds in registration, for sending and carry described private network to described ADVPN branch nodeThe message that succeeds in registration of address, thus should based on described private net address configuration by described ADVPN branch nodeThe address in the ADVPN tunnel on ADVPN branch node.
Preferably, described registration request message further comprises the group mark of described ADVPN branch node;
Private net address distribution module, corresponding with the group mark of described ADVPN branch node for determiningAddress pool; From determined address pool, distribute the described private net address corresponding to public network address.
Preferably, private net address distribution module, corresponding for distributing based on dynamic host configuration protocol DHCPIn the private net address of the public network address of described ADVPN branch node, and as described private net address and ADVPNWhen the private net address of Centroid is identical, again distributes and divide detail corresponding to described ADVPN based on DHCPThe private net address of the public network address of point.
According to embodiment of the present invention on the other hand, a kind of device of the ADVPN of configuration branch node is proposed,This application of installation is in ADVPN branch node, and this device comprises:
Registration request message sending module, for sending to VPN address administration VAM serverThe registration request message of the public network address that comprises described ADVPN branch node;
The message receiver module that succeeds in registration, for receiving the message that succeeds in registration, described note from VAM serverThe successful message of volume comprise VAM server-assignment, corresponding to the public network ground of described ADVPN branch nodeThe private net address of location;
Configuration module, for configuring the ADVPN on this ADVPN branch node based on described private net addressThe address in tunnel.
Preferably, described in the message that succeeds in registration further comprise the routing property information of ADVPN Centroid,Described routing property information comprises: Routing Protocol type and routed domain parameter;
Configuration module, for based on the corresponding local routing configuration information of described routing property Information generation;Learn private network road by ADVPN tunnel from ADVPN Centroid based on described local routing configuration informationBy information.
Can find out the private network ground of the not static appointment of the present invention ADVPN branch node from technique schemeLocation, but by the private net address of VAM server-assignment ADVPN branch node, private net address is carried outUnified management, saves address space and reduces address conflict problem, but also reducing ADVPN node deploymentDifficulty.
Brief description of the drawings
Fig. 1 is at the method flow of VAM server side configuration ADVPN branch node according to the present inventionFigure;
Fig. 2 is in the method for ADVPN branch node side configuration ADVPN branch node according to the present inventionFlow chart;
Fig. 3 is according to the schematic diagram of first embodiment of the invention configuration ADVPN branch node;
Fig. 4 is according to the schematic diagram of second embodiment of the invention configuration ADVPN branch node;
Fig. 5 is at the apparatus structure of VAM server side configuration ADVPN branch node according to the present inventionFigure;
Fig. 6 is at the device of ADVPN branch node side configuration ADVPN branch node according to the present inventionStructure chart.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to the present inventionBe described in further detail.
In view of static private net address of specifying ADVPN branch node (Spoke) in prior art causesThe technological deficiency of address space waste, the private net address of the not static appointment of the present invention ADVPN branch node,But by the private net address of VAM server-assignment ADVPN branch node.
Fig. 1 is at the method flow of VAM server side configuration ADVPN branch node according to the present inventionFigure, the method is applied to VAM server.
As shown in Figure 1, the method comprises:
Step 101:VAM server receives and comprises ADVPN branch node from ADVPN branch nodeThe registration request message of public network address.
, first on ADVPN branch node, configure the public network address of this ADVPN branch node here,And send the registration request message that comprises this public network address to VAM server.
In the prior art, the registration request message that VAM server receives from ADVPN branch node not onlyThe public network address that comprises ADVPN branch node, is also included in the private configuring on ADVPN branch nodeNet address. Different, the present invention is without configure ADVPN branch node on ADVPN branch nodePrivate net address, therefore in registration request message, do not comprise the private net address of ADVPN branch node.
Step 102:VAM server-assignment is corresponding to the private network ground of the public network address of ADVPN branch nodeLocation.
Here, after VAM server receives registration request message, from registration request message, parseThe public network address of ADVPN branch node. And, the IP address-based dynamic assignment mechanism of VAM serverDistribute the private net address corresponding to the public network address of ADVPN branch node.
Such as, VAM server can be based on DHCP (DynamicHostConfigurationProtocol, DHCP) distribute the private net address corresponding to the public network address of ADVPN branch node. At VAMCorresponding between the public network address that also records ADVPN branch node in server and distributed private net addressRelation.
Particularly, the private net address that VAM server distributes can be category-A private net address, category-B private network groundLocation or C class private net address, wherein:
Category-A private net address: 10.0.0.1--10.255.255.254;
Category-B private net address: 172.16.0.0.1--172.31.255.254;
C class private net address: 192.168.0.1--192.168.255.254.
Step 103:VAM server sends and carries registering of this private net address to ADVPN branch nodeMerit message, thus configured on this ADVPN branch node based on private net address by ADVPN branch nodeThe address in ADVPN tunnel.
VAM server sends the message that succeeds in registration that carries this private net address to ADVPN branch node.After ADVPN branch node is received the message that succeeds in registration that carries private net address, can be by this private net addressBe configured to the address in the ADVPN tunnel on ADVPN branch node. ADVPN branch node configuresAfter the address in ADVPN tunnel, can set up ADVPN tunnel with ADVPN Centroid.
The common number of ADVPN branch node is numerous, ADVPN branch node can be divided into many groups. ?Each ADVPN branch node in same packets should belong to the identical private network network segment. Correspondingly, existIn VAM server, for each ADVPN branch node grouping arranges corresponding address pool, thus VAMServer can distribute for belonging to the ADVPN branch node of different grouping the private network ground of the different private network network segmentsLocation.
In one embodiment, in step 101, registration request message further comprises ADVPN and divides detailGroup mark under point; In step 102, VAM server-assignment is corresponding to the private net address of public network addressComprise: determine the address pool corresponding with group mark; From determined address pool, distribute corresponding to public network groundThe private net address of location.
Such as, suppose that ADVPN branch node 1 belongs to group 1; ADVPN branch node 2 belongs to group 2.The public network address of ADVPN branch node 1 is 123.123.123.1; The public network ground of ADVPN branch node 2Location is 123.123.123.2. In VAM server, the address pool of designated groups 1 is:172.16.0.0.1--172.31.255.254; The address pool of group 2 is 10.0.0.1--10.255.255.254.
ADVPN branch node 1 sends in the registration request message of VAM server and not only comprisesThe public network address (123.123.123.1) of ADVPN branch node 1, also comprises ADVPN branch node instituteThe group mark (organizing 1) belonging to. VAM server is received after this registration request message, first determines and group markThe address pool of sensible correspondence is 172.16.0.0.1--172.31.255.254, then from determined address pool, dividesJoin the private net address corresponding to public network address, such as being 172.16.0.0.5.
Similarly, ADVPN branch node 2 sends in the registration request message of VAM server not only bagContaining the public network address (123.123.123.2) of ADVPN branch node 1, also comprise ADVPN branch nodeAffiliated group mark (organizing 2). VAM server is received after this registration request message, first determines and groupIdentifying corresponding address pool is 10.0.0.1--10.255.255.254, then from determined address pool, distributesCorresponding to the private net address of public network address, such as being 10.0.0.6.
Because the ADVPN tunnel number of ADVPN Centroid (Hub) is less, and in ADVPNHeart node is positioned at general headquarters position and does not exist the problem of large scale deployment, and therefore ADVPN Centroid does not needDynamic assignment private net address only need static state be specified its private net address on ADVPN Centroid.
ADVPN Centroid also need to be carried out registration on VAM server. VAM server fromADVPN Centroid receives registration request message, and this registration request message comprises ADVPN CentroidPublic network address, on ADVPN Centroid static private net address of specifying. VAM server is based on thisRegistration request message registration ADVPN Centroid therefore records ADVPN in VAM serverThe private net address of Centroid. Need to prevent into ADVPN branch node distribute private net address and VAMThe private net address generation address conflict of the ADVPN Centroid recording in server.
In one embodiment, in step 102, distribute the public network address corresponding to ADVPN branch nodePrivate net address be: distribute the private network ground corresponding to the public network address of ADVPN branch node based on DHCPLocation. Before step 103 is carried the message that succeeds in registration of private net address to the transmission of ADVPN branch node,The method also comprises:
The private net address and the ADVPN Centroid that distribute for ADVPN branch node when VAM serverPrivate net address when identical, be that ADVPN branch node distributes private net address again.
Such as, when the private net address static state setting of ADVPN Centroid is 111.1.1.1, and VAM clothesThe private net address that business device is ADVPN branch node dynamic assignment based on dhcp address pool is also 111.1.1.1Time, VAM server confirms to occur private net address conflict, is therefore sending and is carrying to ADVPN branch nodeBefore the message that succeeds in registration of private net address, be that ADVPN branch node is redistributed by dhcp address poolNew address.
In one embodiment, the message that succeeds in registration in step 103 further comprises this ADVPNThe routing property information of the ADVPN Centroid under branch node. Particularly, this routing property informationComprise: the Routing Protocol type of ADVPN Centroid and the routed domain parameter of ADVPN Centroid.Preferably, routing property information can also comprise ADVPN mode of operation.
Concrete, the Routing Protocol type of ADVPN Centroid can comprise ospfOr Border Gateway Protocol (BGP) (OSPF); The routed domain parameter of ADVPN Centroid can compriseAutonomous system (AS) parameter of region (area) parameter of OSPF or BGP; ADVPN mode of operationComprise interconnected (Full-Mesh) pattern or Hub-Spoke pattern entirely.
After ADVPN branch node is received this message that succeeds in registration, relative based on routing property Information generationThe local routing configuration information of answering, and set up road based on local routing configuration information and ADVPN CentroidBy agreement neighborhood. After setting up Routing Protocol neighborhood, ADVPN branch node can pass throughADVPN tunnel is from ADVPN Centroid study VPN route information.
Fig. 2 is the method flow of the ADVPN branch node side configuration ADVPN branch node according to the present inventionFigure, the method is applied to ADVPN branch node.
As shown in Figure 2, the method comprises:
Step 201: the registration that sends the public network address that comprises ADVPN branch node to VAM server pleaseAsk message.
Step 202: receive from VAM server the message that succeeds in registration, this message that succeeds in registration comprises VAMServer-assignment, corresponding to the private net address of the public network address of ADVPN branch node.
Step 203: the ground that configures the ADVPN tunnel on this ADVPN branch node based on this private net addressLocation.
In one embodiment, the message that succeeds in registration further comprises under this ADVPN branch nodeThe routing property information of ADVPN Centroid, this routing property information comprises: Routing Protocol type and roadBy field parameter; The method also comprises:
Based on the corresponding local routing configuration information of routing property Information generation; Based on local routing configuration letterBreath is learnt VPN route information by ADVPN tunnel from ADVPN Centroid.
Below in conjunction with concrete ADVPN network structure, the present invention is specifically described.
Fig. 3 is according to the schematic diagram of first embodiment of the invention configuration ADVPN branch node (Spoke).
In Fig. 3, on Spoke, dispose public network address 123.123.123.1; At ADVPN centromereOn point (Hub), dispose public network address 123.123.123.2 and private net address 10.0.1.1. Route on HubProtocol type is OSPF; Routed domain parameter is area0; Mode of operation is Hub-Spoke pattern.
Hub sends and comprises public network address 123.123.123.2 and private net address 10.0.1.1 to VAM serverRegistration request message. VAM server is accepted the registration of Hub, and records private net address 10.0.1.1 with publicCorresponding relation between net address 123.123.123.2.
Spoke sends the registration request message that comprises public network address 123.123.123.1 to VAM server.First VAM server is Spoke dynamic assignment private net address 10.0.1.1. VAM discovering server HubPrivate net address be also 10.0.1.1, therefore VAM server is redistributed private net address 10.0.1.3, andAccept the registration of Spoke, record right between private net address 10.0.1.3 and public network address 123.123.123.1Should be related to. And VAM server sends the report that succeeds in registration that comprises private net address 10.0.1.3 to SpokeLiterary composition.
After Spoke receives the message that succeeds in registration, this private net address 10.0.1.3 is configured to ADVPN tunnelAddress, and between Spoke and Hub, set up ADVPN tunnel.
Visible, the present invention is by the private net address of VAM server dynamic assignment ADVPN branch node, forThe private net address of Spoke has unified planning and management, has saved address space, is conducive to ADVPNThe Scaledeployment of network, and can prevent IP address conflict problem.
The message that succeeds in registration that VAM server sends to Spoke can further comprise Routing Protocol typeOSPF, routed domain parameter area0 and Hub-Spoke mode parameter. Spoke receives this report that succeeds in registrationWen Hou, can know that the Routing Protocol type on Hub is OSPF, and routed domain is area0, and mode of operation isHub-Spoke pattern, and generate corresponding local routing configuration information in this locality. This local routing configurationThe same specified circuit of information is OSPF by protocol type, and routed domain is area0, and mode of operation is Hub-SpokePattern. Then, Spoke sets up ospf neighbor relation based on local routing configuration information and Hub, and logicalCross ADVPN tunnel from Hub study VPN route information.
Visible, after application the present invention, the routing property information that Spoke can automatic acquisition Hub, therebyRealize Spoke and automatically issue VPN route information.
Fig. 4 is according to the schematic diagram of second embodiment of the invention configuration ADVPN branch node.
In Fig. 4, Hub1, Hub2 and Hub3 belong to same Hub group (Group0), this Hub groupAdopt Full-Mesh networking. And it (is ADVPN that Spoke1 and Spoke2 belong to an ADVPN groupingTerritory), the group name of this ADVPN grouping is Group1; Spoke3 and Spoke4 belong to another ADVPNGrouping, the group name of this ADVPN grouping is Group2.
Routing Protocol type on Hub1 is OSPF; Routed domain parameter is area0; Mode of operation isHub-Spoke pattern. Routing Protocol type on Hub2 is BGP; Routed domain parameter is AS1; Working mouldFormula is Hub-Spoke pattern. The Centroid that Group1 is corresponding is Hub1; The centromere that Group2 is correspondingPoint is Hub2.
In VAM server, be provided with two dhcp address pools, be respectively10.0.0.1--10.255.255.254 and 172.16.0.0.1--172.31.255.254, wherein10.0.0.1--10.255.255.254 corresponding to Group1; 172.16.0.0.1--172.31.255.254 corresponding toGroup2。
Describe as an example of Spoke2 example below. The public network address of supposing the upper configuration of Spoke2 is123.123.123.1。
Spoke2 sends and comprises public network address 123.123.123.1 and group name Group1 to VAM serverRegistration request message 1. VAM server parses goes out group name Group1 and public network address 123.123.123.1,And from the address pool 10.0.0.1--10.255.255.254 corresponding to group name Group1 dynamic assignment private net address, and record the corresponding relation between private net address 10.0.1.2 and public network address 123.123.123.1 10.0.1.2.And VAM server sends the message 1 that succeeds in registration that comprises private net address 10.0.1.2 to Spoke2.
After Spoke2 receives the message 1 that succeeds in registration, this private net address 10.0.1.2 is configured on Spoke2The address in ADVPN tunnel, and between Spoke2 and Hub1, set up ADVPN tunnel.
The message 1 that succeeds in registration that VAM server sends to Spoke2 can further comprise the route of Hub1The routed domain parameter (being area0) of protocol type (being OSPF), Hub1 and the mode of operation of Hub1 ginsengNumber (being Hub-Spoke pattern). Spoke2 receives this and succeeds in registration after message 1, can know Hub1On Routing Protocol type be OSPF, routed domain is area0, mode of operation is Hub-Spoke pattern, andGenerate corresponding local routing configuration information in this locality. The same specified circuit of this local routing configuration information is by assistingView type is OSPF, and routed domain is area0, and mode of operation is Hub-Spoke pattern. Then, Spoke2Set up ospf neighbor relation based on local routing configuration information and Hub1, and by ADVPN tunnel fromHub1 study VPN route information.
Describe as an example of Spoke3 example again. The public network address of supposing the upper configuration of Spoke3 is123.123.123.5。
Spoke3 sends and comprises public network address 123.123.123.5 and group name Group2 to VAM serverRegistration request message 2. VAM server parses goes out group name Group2 and public network address 123.123.123.5,And from the address pool 172.16.0.0.1--172.31.255.254 corresponding to group name Group2 dynamic assignment private networkAddress 172.16.0.2, and record between private net address 172.16.0.2 and public network address 123.123.123.5Corresponding relation. And VAM server sends the registration that comprises private net address 172.16.0.2 to Spoke3Success message 2.
After Spoke3 receives the message 2 that succeeds in registration, this private net address 172.16.0.2 is configured to Spoke3On the address in ADVPN tunnel, and between Spoke3 and Hub2, set up ADVPN tunnel.
The message 2 that succeeds in registration that VAM server sends to Spoke3 can further comprise the route of Hub2The routed domain parameter (being AS1) of protocol type (being BGP), Hub1 and the mode of operation parameter of Hub2(being Hub-Spoke pattern). Spoke3 receives this and succeeds in registration after message, can know on Hub2Routing Protocol type is BGP, and routed domain is AS1, and mode of operation is Hub-Spoke pattern, and in this localityGenerate corresponding local routing configuration information. The same specified circuit of this local routing configuration information is by protocol typeFor BGP, routed domain is AS1, and mode of operation is Hub-Spoke pattern. Then, Spoke3 is based on this localityRouting configuration information and Hub2 set up bgp neighbor relation, and by and Hub2 between ADVPN tunnelRoad is from Hub2 study VPN route information.
Be elaborated as an example of Spoke2 and Spoke3 example above. Similarly, for Spoke1 and Spoke4Also there is similar processing procedure.
In network structure shown in Fig. 4, an ADVPN divides into groups corresponding to a Hub. In fact, oneIndividual ADVPN grouping can also be corresponding to two Hub.
In the time that an ADVPN divides into groups corresponding to two Hub, the each Spoke in ADVPN grouping dividesNot setting up ADVPN tunnel with these two Hub is connected. VAM server is specified one in these two HubIndividual is main Hub, and another is standby Hub, and the Routing Protocol type of carrying main Hub at the message that succeeds in registrationWith the routed domain parameter of main Hub, thus the each Spoke in ADVPN grouping can by with main HubBetween ADVPN tunnel from main Hub study VPN route information.
Based on above-mentioned analysis, the invention allows for one and divide at VAM server side configuration ADVPNThe device of Zhi Jiedian.
Fig. 5 is at the apparatus structure of VAM server side configuration ADVPN branch node according to the present inventionFigure.
As shown in Figure 5, this device 500 is applied to VAM server, and this device 500 comprises:
Registration request message receiver module 501, divides for comprising ADVPN from the reception of ADVPN branch nodeThe registration request message of the public network address of Zhi Jiedian;
Private net address distribution module 502, for what distribute corresponding to the public network address of ADVPN branch nodePrivate net address;
The message sending module 503 that succeeds in registration, for sending and carry private net address to ADVPN branch nodeThe message that succeeds in registration, thereby configure this ADVPN branch by ADVPN branch node based on private net addressThe address in the ADVPN tunnel on node.
In one embodiment, registration request message further comprises the group mark of ADVPN branch node;
Private net address distribution module 502, corresponding with the group mark of ADVPN branch node for determiningAddress pool; From determined address pool, distribute the private net address corresponding to public network address.
In one embodiment, private net address distribution module 502, for based on DHCP distribute corresponding toThe private net address of the public network address of ADVPN branch node, and when private net address and ADVPN CentroidPrivate net address when identical, again distribute the public network address corresponding to ADVPN branch node based on DHCPPrivate net address.
Based on above-mentioned analysis, the invention allows for a kind of at ADVPN branch node side configuration ADVPNThe device of branch node.
Fig. 6 is at the device of ADVPN branch node side configuration ADVPN branch node according to the present inventionStructure chart. This device 600 is applied to ADVPN branch node.
As shown in Figure 6, this device 600 comprises:
Registration request message sending module 601, divides detail for comprising ADVPN to the transmission of VAM serverThe registration request message of the public network address of point;
The message receiver module 602 that succeeds in registration, for receiving from VAM server the message that succeeds in registration, registrationSuccess message comprise VAM server-assignment, corresponding to the private of the public network address of ADVPN branch nodeNet address;
Configuration module 603, for configuring the ADVPN tunnel on this ADVPN branch node based on private net addressThe address in road.
In one embodiment, succeed in registration message further comprise ADVPN Centroid route belong toProperty information, routing property information comprises: Routing Protocol type and routed domain parameter;
Configuration module 603, for based on the corresponding local routing configuration information of routing property Information generation;Believe from ADVPN Centroid study VPN route by ADVPN tunnel based on local routing configuration informationBreath.
The above, be only preferred embodiment of the present invention, is not intended to limit protection of the present inventionScope. Within the spirit and principles in the present invention all, any amendment of doing, be equal to replacement, improvement etc.,Within all should being included in protection scope of the present invention.

Claims (12)

1. a method for VPN ADVPN branch node is found in configuration automatically, it is characterized in that,The method is applied to VPN address administration VAM server; The method comprises:
The registration that receives the public network address that comprises described ADVPN branch node from ADVPN branch node pleaseAsk message;
Distribute the private net address corresponding to the public network address of described ADVPN branch node;
Send the message that succeeds in registration that carries described private net address to described ADVPN branch node, thereby byDescribed ADVPN branch node configures the ADVPN on this ADVPN branch node based on described private net addressThe address in tunnel.
2. method according to claim 1, is characterized in that, described registration request message further wrapsContaining the group mark under described ADVPN branch node;
Described distribution comprises corresponding to the private net address of described public network address:
Determine and identify corresponding address pool with described group;
From determined address pool, distribute the described private net address corresponding to public network address.
3. method according to claim 1, is characterized in that, described distribution divides corresponding to ADVPNThe private net address of the public network address of Zhi Jiedian for: distribute corresponding to institute based on dynamic host configuration protocol DHCPState the private net address of the public network address of ADVPN branch node;
Before carrying the message that succeeds in registration of described private net address to described ADVPN branch node transmission,The method also comprises:
In the time that the private net address of described private net address and ADVPN Centroid is identical, again based on describedDHCP distributes the private net address corresponding to the public network address of described ADVPN branch node.
4. method according to claim 1, is characterized in that, the method also comprises:
In the time that described ADVPN branch node exits, delete described private net address; Or
When described ADVPN branch node in the given time without upgrade time, delete described private net address.
5. according to the method described in any one in claim 1-4, it is characterized in that, described in the report that succeeds in registrationLiterary composition further comprises the routing property information of the ADVPN Centroid under this ADVPN branch node,Thereby joined based on the corresponding local routing of described routing property Information generation by described ADVPN branch nodePut information, and pass through ADVPN by described ADVPN branch node based on described local routing configuration informationTunnel is from ADVPN Centroid study VPN route information;
Described routing property information comprises: Routing Protocol type and routed domain parameter.
6. a method for VPN ADVPN branch node is found in configuration automatically, it is characterized in that,The method is applied to ADVPN branch node; The method comprises:
Send the public affairs that comprise described ADVPN branch node to VPN address administration VAM serverThe registration request message of net address;
Receive from VAM server the message that succeeds in registration, described in the message that succeeds in registration comprise VAM server and divideJoin, corresponding to the private net address of the public network address of described ADVPN branch node;
Configure the address in the ADVPN tunnel on this ADVPN branch node based on described private net address.
7. method according to claim 6, is characterized in that, described in the message that succeeds in registration further wrapContaining the routing property information of the ADVPN Centroid under this ADVPN branch node, described route belongs toProperty information comprises: Routing Protocol type and routed domain parameter; The method also comprises:
Based on the corresponding local routing configuration information of described routing property Information generation;
Private from the study of ADVPN Centroid by ADVPN tunnel based on described local routing configuration informationNet routing iinformation.
8. a device for VPN ADVPN branch node is found in configuration automatically, it is characterized in that,This application of installation is in VPN address administration VAM server, and this device comprises:
Registration request message receiver module, for receiving and comprise described ADVPN from ADVPN branch nodeThe registration request message of the public network address of branch node;
Private net address distribution module, for what distribute corresponding to the public network address of described ADVPN branch nodePrivate net address;
The message sending module that succeeds in registration, for sending and carry described private network to described ADVPN branch nodeThe message that succeeds in registration of address, thus should based on described private net address configuration by described ADVPN branch nodeThe address in the ADVPN tunnel on ADVPN branch node.
9. device according to claim 8, is characterized in that, described registration request message further wrapsContaining the group mark of described ADVPN branch node;
Private net address distribution module, corresponding with the group mark of described ADVPN branch node for determiningAddress pool; From determined address pool, distribute the described private net address corresponding to public network address.
10. device according to claim 8, is characterized in that,
Private net address distribution module, for distributing corresponding to described based on dynamic host configuration protocol DHCPThe private net address of the public network address of ADVPN branch node, and when described private net address and ADVPN centerWhen the private net address of node is identical, again distribute corresponding to described ADVPN branch node based on DHCPThe private net address of public network address.
The device of VPN ADVPN branch node is found in 11. 1 kinds of configurations automatically, and its feature existsIn, this application of installation is in ADVPN branch node, and this device comprises:
Registration request message sending module, for sending to VPN address administration VAM serverThe registration request message of the public network address that comprises described ADVPN branch node;
The message receiver module that succeeds in registration, for receiving the message that succeeds in registration, described note from VAM serverThe successful message of volume comprise VAM server-assignment, corresponding to the public network ground of described ADVPN branch nodeThe private net address of location;
Configuration module, for configuring the ADVPN on this ADVPN branch node based on described private net addressThe address in tunnel.
12. devices according to claim 11, is characterized in that,
The described message that succeeds in registration further comprises the routing property information of ADVPN Centroid, described roadComprised by attribute information: Routing Protocol type and routed domain parameter;
Configuration module, for based on the corresponding local routing configuration information of described routing property Information generation;Learn private network road by ADVPN tunnel from ADVPN Centroid based on described local routing configuration informationBy information.
CN201510671692.7A 2015-10-16 2015-10-16 A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration Active CN105591871B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510671692.7A CN105591871B (en) 2015-10-16 2015-10-16 A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510671692.7A CN105591871B (en) 2015-10-16 2015-10-16 A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration

Publications (2)

Publication Number Publication Date
CN105591871A true CN105591871A (en) 2016-05-18
CN105591871B CN105591871B (en) 2019-03-08

Family

ID=55931118

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510671692.7A Active CN105591871B (en) 2015-10-16 2015-10-16 A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration

Country Status (1)

Country Link
CN (1) CN105591871B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506312A (en) * 2016-11-24 2017-03-15 浙江宇视科技有限公司 A kind of networking configuration method, data communications method and device
CN108512755A (en) * 2017-02-24 2018-09-07 华为技术有限公司 A kind of learning method and device of routing iinformation
CN109617922A (en) * 2019-01-24 2019-04-12 杭州迪普科技股份有限公司 VPN protects the processing method of network segment conflict, device, electronic equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7848335B1 (en) * 2005-10-27 2010-12-07 Juniper Networks, Inc. Automatic connected virtual private network
CN102546434A (en) * 2012-02-15 2012-07-04 杭州华三通信技术有限公司 DVPN (dynamic virtual private network) large-scale networking method and Spoke
CN103023667A (en) * 2012-12-03 2013-04-03 杭州华三通信技术有限公司 Multicast data transmission method and device based on dynamic virtual private network (DVPN)
CN103209108A (en) * 2013-04-10 2013-07-17 杭州华三通信技术有限公司 Dynamic virtual private network (DVPN)-based route generation method and equipment
US8499095B1 (en) * 2006-05-25 2013-07-30 Cisco Technology, Inc. Methods and apparatus for providing shortcut switching for a virtual private network
CN104427010A (en) * 2013-08-30 2015-03-18 杭州华三通信技术有限公司 NAT (network address translation) method and device applied to DVPN (dynamic virtual private network)
CN104639417A (en) * 2015-02-27 2015-05-20 杭州华三通信技术有限公司 Method and device for binding public network link for ADVPN (auto discovery virtual private network) tunnel

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7848335B1 (en) * 2005-10-27 2010-12-07 Juniper Networks, Inc. Automatic connected virtual private network
US8499095B1 (en) * 2006-05-25 2013-07-30 Cisco Technology, Inc. Methods and apparatus for providing shortcut switching for a virtual private network
CN102546434A (en) * 2012-02-15 2012-07-04 杭州华三通信技术有限公司 DVPN (dynamic virtual private network) large-scale networking method and Spoke
CN103023667A (en) * 2012-12-03 2013-04-03 杭州华三通信技术有限公司 Multicast data transmission method and device based on dynamic virtual private network (DVPN)
CN103209108A (en) * 2013-04-10 2013-07-17 杭州华三通信技术有限公司 Dynamic virtual private network (DVPN)-based route generation method and equipment
CN104427010A (en) * 2013-08-30 2015-03-18 杭州华三通信技术有限公司 NAT (network address translation) method and device applied to DVPN (dynamic virtual private network)
CN104639417A (en) * 2015-02-27 2015-05-20 杭州华三通信技术有限公司 Method and device for binding public network link for ADVPN (auto discovery virtual private network) tunnel

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506312A (en) * 2016-11-24 2017-03-15 浙江宇视科技有限公司 A kind of networking configuration method, data communications method and device
CN106506312B (en) * 2016-11-24 2019-08-27 浙江宇视科技有限公司 A kind of networking configuration method, data communications method and device
CN108512755A (en) * 2017-02-24 2018-09-07 华为技术有限公司 A kind of learning method and device of routing iinformation
CN108512755B (en) * 2017-02-24 2021-03-30 华为技术有限公司 Method and device for learning routing information
CN109617922A (en) * 2019-01-24 2019-04-12 杭州迪普科技股份有限公司 VPN protects the processing method of network segment conflict, device, electronic equipment
CN109617922B (en) * 2019-01-24 2021-04-27 杭州迪普科技股份有限公司 Processing method and device for VPN protection network segment conflict, and electronic equipment

Also Published As

Publication number Publication date
CN105591871B (en) 2019-03-08

Similar Documents

Publication Publication Date Title
CN107733670B (en) Forwarding strategy configuration method and device
US9485147B2 (en) Method and device thereof for automatically finding and configuring virtual network
US9787632B2 (en) Centralized configuration with dynamic distributed address management
EP2947907B1 (en) Startup configuration method in base station, base station and server
EP3664420B1 (en) Managing address spaces across network elements
CN102137001B (en) Routing information exchange method, equipment and system
CN103209108B (en) A kind of route generating method based on DVPN and equipment
CN104040964B (en) Method, device and data center network across service area communication
CN102148879A (en) Port mapping method and device and communication system
CN102137004A (en) Edge-facing router capable of automatically identifying
US10091065B1 (en) Zero configuration networking on a subnetted network
CN107769939B (en) Network element management method, network management, gateway network element and system in data communication network
CN103607432A (en) Network establishment method and system, and network control center
CN109150638A (en) A kind of route management method and device
CN106878480A (en) A kind of DHCP service process sharing method and device
CN105635335B (en) Social resources cut-in method, apparatus and system
CN105591871A (en) Method and device for configuration of auto discovery virtual private network (ADVPN) spoke
US20060193330A1 (en) Communication apparatus, router apparatus, communication method and computer program product
CN103095508A (en) Business access method and edge device
CN110851238A (en) Implementation method of openstack fully-distributed dhcp service
CN104486193B (en) A kind of method and device for establishing network node interconnection
US10069715B2 (en) Method for deploying resource in cloud computing environment
CN107124307B (en) Management VLAN (virtual local area network) switching method and device
CN105119797A (en) Social resource access terminal, access management service device, method and system
CN107888473B (en) Method and device for creating AC port

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant before: Huasan Communication Technology Co., Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant