CN107612808B - Tunnel establishment method and device - Google Patents

Tunnel establishment method and device Download PDF

Info

Publication number
CN107612808B
CN107612808B CN201710822971.8A CN201710822971A CN107612808B CN 107612808 B CN107612808 B CN 107612808B CN 201710822971 A CN201710822971 A CN 201710822971A CN 107612808 B CN107612808 B CN 107612808B
Authority
CN
China
Prior art keywords
vtep
interface
aggregation system
address
distributed aggregation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710822971.8A
Other languages
Chinese (zh)
Other versions
CN107612808A (en
Inventor
黄李伟
王伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201710822971.8A priority Critical patent/CN107612808B/en
Publication of CN107612808A publication Critical patent/CN107612808A/en
Application granted granted Critical
Publication of CN107612808B publication Critical patent/CN107612808B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure relates to a tunnel establishment method and device. Wherein the method comprises the following steps: the method comprises the steps that a first VTEP detects whether a virtual machine VM connected with the first VTEP is accessed to the distributed aggregation system; if the VM does not access the distributed aggregation system, a first VXLAN tunnel between a remote VTEP and the first VTEP is established according to the actual address of the first VTEP, and a next hop-out interface to the VM is set as the first VXLAN tunnel on the remote VTEP. In the embodiment of the disclosure, if the VM connected to the first VTEP does not access the distributed aggregation system, a VXLAN tunnel between the first VTEP and the remote VTEP may be established according to the actual address of the first VTEP, and the service is not forwarded on the IPL between the VTEPs in the distributed aggregation system as far as possible, thereby saving bandwidth resources and reducing packet loss.

Description

Tunnel establishment method and device
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a tunnel establishment method and apparatus.
Background
VXLAN (Virtual eXtensible Local Area Network) is a two-layer VPN (Virtual Private Network) technology based on IP networks and in the form of "MAC in UDP" encapsulation. VXLAN may provide two-layer interconnection for distributed physical sites based on existing service provider or enterprise IP (Internet Protocol) networks, and may provide service isolation for different tenants.
VXLAN is used primarily in data center networks. VXLAN has the following characteristics:
a. support a large number of tenants: by using the 24-bit identifier, at most 24 power (16777216) VXLANs of 2 can be supported, so that the number of supported tenants is increased on a large scale, and the problem of insufficient resources of the traditional two-layer network VLAN is solved.
b. Easy maintenance: the two-layer network is built based on the IP network, so that the network deployment and maintenance are easier, and the existing IP network technology can be fully utilized, such as load sharing by utilizing equivalent routing. Only the edge device of the IP core network needs to carry out VXLAN processing, and the network intermediate device only needs to forward the message according to the IP header, thereby reducing the difficulty and the cost of network deployment.
The VXLAN technology takes an existing three-layer physical network as an Underlay network, and a virtual two-layer network, namely an Overlay network, is constructed on the Underlay network. The Overlay network realizes the transfer of the second-layer message of the tenant between different sites across a three-layer network by using a three-layer forwarding path provided by the Underlay network through a packaging technology. The Underlay network is transparent to the tenants, and different sites of the same tenant behave as if they are operating in one local area network.
Fig. 1 is a schematic structural diagram of a typical network model of VXLAN, and as shown in fig. 1, VXLAN includes the following parts:
VM (Virtual Machine): multiple virtual machines can be created on one server, and different virtual machines can belong to different VXLANs. Virtual machines belonging to the same VXLAN are in the same logic two-layer network and are communicated with each other in two layers. Two levels of isolation between virtual machines belonging to different VXLANs. VXLAN is identified by VXLAN ID, also known as VNI (VXLAN Network Identifier), which is 24 bits long.
VTEP (VXLAN Tunnel End Point ): edge device of VXLAN. The VXLAN processing is performed on the VTEP, for example, to identify the VXLAN to which the ethernet data frame belongs, to perform two-layer forwarding on the data frame based on the VXLAN, and to encapsulate/decapsulate the packet. The VTEP may be an independent physical device or a server where the virtual machine is located.
VXLAN tunnel: a point-to-point logical tunnel between two VTEPs. After encapsulating a VXLAN header, a UDP (User Datagram Protocol) header, and an IP header for a data frame, the VTEP forwards the encapsulated packet to a remote VTEP through a VXLAN tunnel, and the remote VTEP decapsulates the packet.
Core equipment: devices in an IP core network. The core device does not participate in VXLAN processing, and only needs to forward the message in three layers according to the destination IP address of the encapsulated message.
VSI (Virtual Switch Instance): a virtual switching instance on the VTEP provides a two-layer switching service for VXLAN. The VSI can be viewed as a virtual switch on the VTEP that performs layer two forwarding based on VXLAN. The VSI has all the functions of a conventional ethernet switch including: source MAC address learning, MAC address aging, flooding, etc. VSIs correspond one-to-one to VXLANs.
Disclosure of Invention
In view of this, the present disclosure provides a tunnel establishment method and apparatus.
According to an aspect of the present disclosure, there is provided a tunnel establishment method applied to a first VTEP in a distributed aggregation system, the method including:
the method comprises the steps that a first VTEP detects whether a virtual machine VM connected with the first VTEP is accessed to the distributed aggregation system;
if the VM does not access the distributed aggregation system, a first VXLAN tunnel between a remote VTEP and the first VTEP is established according to the actual address of the first VTEP, and a next hop-out interface to the VM is set as the first VXLAN tunnel on the remote VTEP.
According to another aspect of the present disclosure, there is provided a tunnel establishment apparatus applied to a first VTEP in a distributed aggregation system, the apparatus including:
the first detection module is used for detecting whether a virtual machine VM connected with the first detection module is accessed to the distributed aggregation system;
a first establishing module, configured to establish a first VXLAN tunnel between a remote VTEP and the first VTEP according to a real address of the first VTEP if the VM does not access the distributed aggregation system, and set a next hop-out interface to the VM as the first VXLAN tunnel on the remote VTEP.
In the embodiment of the disclosure, if the VM connected to the first VTEP does not access the distributed aggregation system, a VXLAN tunnel between the first VTEP and the remote VTEP may be established according to the actual address of the first VTEP. Therefore, the service from the remote VTEP to the VM can be directly forwarded through the first VTEP which is singly hung on the VM, and is not bypassed from other VTEPs in the distributed aggregation system, so that the service is not forwarded on IPLs among the VTEPs in the distributed aggregation system as far as possible, the bandwidth resource is saved, and the message loss is reduced.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features, and aspects of the disclosure and, together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a schematic diagram of a typical network model of VXLAN.
Fig. 2 is a schematic diagram of an example of distributed aggregation.
Fig. 3 is a simplified diagram of distributed aggregation of VTEP B and VTEP C.
Fig. 4 is a schematic diagram of an example of application of EVPN in an MLAG scenario.
Fig. 5 is a schematic diagram of another example of application of EVPN in an MLAG scenario.
Fig. 6 is a schematic diagram of another example of application of EVPN in an MLAG scenario.
Fig. 7 shows a flowchart of a tunnel establishment method according to an embodiment of the present disclosure.
Fig. 8 shows another flowchart of a tunnel establishment method according to an embodiment of the present disclosure.
Fig. 9 shows a schematic diagram of an application scenario of a tunnel establishment method according to an embodiment of the present disclosure.
Fig. 10 is a schematic diagram illustrating another application scenario of a tunnel establishment method according to an embodiment of the present disclosure.
Fig. 11 is a schematic diagram illustrating another application scenario of a tunnel establishment method according to an embodiment of the present disclosure.
Fig. 12 shows a block diagram of a tunnel establishment apparatus according to an embodiment of the present disclosure.
Fig. 13 shows another block diagram of a tunnel establishment apparatus according to an embodiment of the present disclosure.
Fig. 14 shows a block diagram of a tunnel establishment apparatus according to another embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments, features and aspects of the present disclosure will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.
To improve high reliability in VXLAN networks, the concept of distributed aggregation is proposed. That is, device a has 2 physical ports to add 1 aggregation interface, and the other end is 2 physical devices B and C, each physical device has a physical link to add an aggregation interface, and device a looks like that they are 1 device, but they are actually two devices B and C, and thus, the function of improving the reliability of B and C services is achieved. Fig. 2 is a schematic diagram of an example of distributed aggregation. As shown in fig. 2, VTEP B and VTEP C simulate two physical links on two devices as an aggregation interface through a distributed aggregation protocol. Fig. 3 is a simplified diagram of distributed aggregation of VTEPB and VTEP C. Fig. 3 shows the relationship between CE a and VTEP B and VTEP C. As shown in fig. 2 and 3, traffic forwarding from CE a to CE E may pass through any one of VTEP B or VTEPC devices of the distributed aggregation. When one of the VTEP B and VTEP C hangs up, the other will take over the work, will not influence the processing of business, this is the advantage of stacking the apparatus.
EVPN (Ethernet Virtual Private Network) is a two-layer VPN technology. The control plane adopts MP-BGP (Multi Protocol Border Gateway Protocol) to announce EVPN routing information, and the data plane adopts VXLAN encapsulation mode to forward messages. When physical sites of tenants are dispersed at different positions, the greatest difference between EVPN and VXLAN networking is that: the VXLAN encapsulation tunnel of the EVPN data plane is automatically established through BGP (Border Gateway Protocol), so that the advantages of the BGP Protocol are utilized to a great extent, and the complexity of manual configuration of the VXLAN network is reduced.
At present, an MLAG (Multi-Chassis Link Aggregation) scene also supports the EVPN technology. Fig. 4 is a schematic diagram of an example of application of EVPN in an MLAG scenario. The solid arrows in fig. 4 indicate the traffic forwarding direction and the dashed arrows indicate the protocol synchronization direction. As shown in fig. 4, two VTEP devices (VTEP B, VTEP C) construct a distributed aggregation system. And a VM device (CE a) accesses the distributed aggregation system. The two VTEP devices learn the MAC address of CE a, respectively. Then both VTEP B and VTEP C synchronize the MAC address to the VTEP D device via the EVPN protocol. And forming a forwarding table item on VTEP D equipment, wherein the next hop is VTEP B equipment and VTEP C equipment respectively. So that VTEP B and VTEP C can act as backups of each other. When one device fails, the other device can immediately process the service, so that the reliability of the current network is improved.
If the traffic sent by the CE a to the VTEP B or the VTEP C is the same traffic, the traffic will be forwarded to one link by hash (hash) to realize load sharing under the condition that both links are normal. If the source MAC sent by CE A is the traffic hash of A-A-A to VTEP B. VTEP B dynamically learns the forwarding table entry of the MAC address of CE a, and the next hop-out interface is AGG1 (distributed aggregation interface). Meanwhile, the VTEP B synchronizes the MAC address of A-A-A to the VTEPD through the BGP protocol, and the next hop-out interface is a VXLAN tunnel from VTEP D to VTEP B/VTEP C (tunnel 0, the destination address of tunnel 0 is the aggregate IP address of VTEP B and VTEP C). The VTEP B also synchronizes the MAC address of A-A-A to the VTEP C device through MLAG, and the next hop-out interface is another AGG1 (distributed aggregation interface). After all the table entries are synchronized, if the CEE device has two flows (one is indicated by a thick solid line and the other is indicated by a thin solid line) which are forwarded to the CE a, the source MACs of the two flows are different, namely B-B and C-C, and the destination MAC is a-a. Thus, the two traffics can share the load on the VTEP D, and are respectively forwarded to the VTEP B and the VTEP C, and after being forwarded to the VTEP B and the VTEP C, the two traffics hit the forwarding table entry of the A-A-A and are forwarded to the CE A through the AGG 1.
Fig. 5 is a schematic diagram of another example of application of EVPN in an MLAG scenario. As shown in fig. 5, in the EVPN networking of distributed aggregation, the destination IP address of the established tunnel embodied externally is an aggregated IP (group IP) address of two VTEPs (VTEP B and VTEP C), such as 3.3.3.3.3. And the traffic forwarding of each VTEP in the distributed aggregation system is realized by utilizing the aggregation IP address. The VM a has an outgoing interface of tunnel1, and only one destination address 3.3.3.3 of tunnel1 appears to the remote VTEP D, and the route of 3.3.3.3 on the underlay network forms an equivalent on top of VTEP D. This may result in load sharing. Fig. 6 is a schematic diagram of another example of application of EVPN in an MLAG scenario. As shown in fig. 6, the next hop for synchronous routing by VTEP B and VTEP C is the aggregated IP address of distributed aggregation 3.3.3.3. The single-hanging VM F is hung under VTEP C, but the next hop of the outbound forwarding entries of VTEP B and VTEP C is still the aggregate IP address. Therefore, traffic forwarded by VTEP D to VMF may be hash to VTEP B device. And then, the traffic is forwarded to the VM F through a Link between the VTEP B and the VTEP C, i.e., an IPL (intra port Link, distributed aggregation internal Link), so that the traffic bypasses other VTEPs in the distributed aggregation system, thereby wasting bandwidth resources and easily causing message loss.
In view of the above problems, the present disclosure proposes a case where, for different cases of an Access Circuit (AC) under connection, an EVPN route is determined according to a learned virtual machine ARP (Address Resolution Protocol) entry. And if the route is received from the single-hung virtual machine, directly sending the actual IP address route, and establishing a tunnel according to the actual IP address. And if the single-hanging AC interface of the virtual machine is changed into a DR (distributed aggregation) interface, switching the route of the actual IP address into the route of the aggregated IP address. And if the virtual machine is changed from the DR interface to the single-hanging AC, switching the route of the aggregated IP address into the route of the actual IP address.
Fig. 7 shows a flowchart of a tunnel establishment method according to an embodiment of the present disclosure. As shown in fig. 7, the tunnel establishment method is applied to a first VTEP in a distributed aggregation system, and the method may include:
step 101, the first VTEP detects whether a virtual machine VM connected with the first VTEP is accessed to the distributed aggregation system.
Step 102, if the VM does not access the distributed aggregation system, establishing a first VXLAN tunnel between a remote VTEP and the first VTEP according to the real address of the first VTEP, and setting a next hop-out interface to the VM as the first VXLAN tunnel on the remote VTEP.
The distributed aggregation system in the present disclosure may include at least two VTEPs, e.g., a first VTEP and a second VTEP, the remote VTEPs being VTEPs located on the public network side. A virtual machine in the distributed aggregation system is linked with a first VTEP and a second VTEP through a distributed aggregation interface (DR interface). Facing the VTEP on the public network side, the first VTEP and the second VTEP have the same address (e.g., aggregate IP address, system MAC address), while the first VTEP and the second VTEP each have an actual address (e.g., real IP address, real MAC address) for distinguishing each other from the individual first VTEP and second VTEP. For convenience of description, the following embodiments mostly use three-layer forwarding implemented by aggregating IP addresses as an example, and certainly, two-layer forwarding implemented by system MAC addresses is similar to three-layer forwarding, and will not be described in detail.
In one possible implementation, step 102 may include:
detecting the interface state of the connection of the first VTEP and the VM;
if the interface state is a single-hanging access circuit AC interface, the VM does not access the distributed aggregation system;
and if the interface state is a distributed aggregation DR interface, the VM is accessed to the distributed aggregation system. Of course, it may also be considered that the VM is a single-suspended device of the first VTEP if the VM and the first VTEP are not connected through the DR interface.
In this embodiment, each VTEP may detect a VM connected to itself to determine the interface status of the VTEP with the VM. If a VM is connected with only one VTEP in the distributed aggregation system, it may be detected that the interface state of the VM is a single-suspended AC interface, which indicates that the VM is not connected to the distributed aggregation system. If a VM is connected to each VTEP in the distributed aggregation system, it may be detected that the interface state of the VM is a DR interface, which indicates that the VM is accessed to the distributed aggregation system.
In this embodiment, if a VM is connected only to a first VTEP in the distributed aggregation system, the VM is singly suspended below the first VTEP, and it may be detected that the interface state between the VM and the first VTEP is a singly suspended AC interface. In this case, the first VXLAN tunnel may be established using the real address of the distributed aggregation system (i.e., the real address of the first VTEP) as the destination address of the first VXLAN tunnel, and the next hop-out interface of the VM may be set as the first VXLAN tunnel on the remote VTEP.
In one possible implementation, step 102 may include:
if the VM does not access the distributed aggregation system, the first VTEP acquires address information of the VM;
the first VTEP informs the far-end VTEP that the next hop of the VM is the first VTEP;
and establishing the first VXLAN tunnel according to the actual address of the first VTEP, and setting a next hop-out interface to the VM as the first VXLAN tunnel on the far-end VTEP according to the address of the VM.
In a possible implementation manner, in step 102, if the interface state of the first VTEP and the VM of the distributed aggregation system is a single-suspended AC interface, indicating that the VM does not access the distributed aggregation system, the first VTEP learns an address resolution protocol ARP entry of the VM. And notifying the remote VTEP of the next hop of the VM as the first VTEP through the EVPN. And then, establishing the first VXLAN tunnel according to the actual IP address of the first VTEP, and generating a first routing forwarding table entry on the far-end VTEP according to the IP address of the VM. And setting the next hop-out interface of the VM as the first VXLAN tunnel in the first routing forwarding table entry. Wherein the destination address of the first VXLAN tunnel is the actual IP address of the first VTEP.
For example, the distributed aggregation system in fig. 10 includes VTEP B and VTEP C, where the actual IP address of VTEP B is 1.1.1.1, the actual IP address of VTEP C is 2.2.2.2, and the aggregate IP address advertised to the outside by VTEP B and VTEP C is 3.3.3.3. Since the VM F is singly hung below the VTEP C, after learning the ARP entry of the VM F, the VTEP C can notify the remote VTEP D of the next hop of the VM F as the VTEP C through the EVPN. A VXLAN tunnel11 is established between VTEP D and VTEP C based on the actual IP address of VTEP C. Wherein, the source address of tunnel11 is the IP address of VTEP D, and the destination address is the actual IP address 2.2.2.2 of VTEPC. And generating a route forwarding table entry on the VTEP D according to the IP address of the VM F, and setting a next hop-out interface of the VM F in the route forwarding table entry as the tunnel 11.
Further, as shown in fig. 8, the tunnel establishment method may further include:
step 103, if the VM accesses the distributed aggregation system, establishing a second VXLAN tunnel between the remote VTEP and the distributed aggregation system according to the aggregation address of the distributed aggregation system, and setting a next hop-out interface to the VM as the second VXLAN tunnel on the remote VTEP.
In this embodiment, if a VM is connected to each VTEP in the distributed aggregation system, it may be detected that the interface state of the distributed aggregation system and the VM is a DR interface. In this case, the aggregation address of the distributed aggregation system may be used as the destination address of the second VXLAN tunnel, the second VXLAN tunnel may be established, and the next egress interface of the VM may be set as the second VXLAN tunnel on the remote VTEP.
In a possible implementation manner, in step 103, if the interface state of the distributed aggregation system and the VM is a DR interface, indicating that the VM accesses the distributed aggregation system, the first VTEP and/or the second VTEP learns the ARP entry of the VM. And notifying the remote VTEP of the next hop of the VM as the distributed aggregation system through the EVPN. And establishing the second VXLAN tunnel according to the aggregation IP address of the distributed aggregation system, and generating a second routing forwarding table item on the far-end VTEP according to the IP address of the VM. And setting the next hop-out interface of the VM as the second VXLAN tunnel in the second routing forwarding table entry. Wherein the destination address of the second VXLAN tunnel is an aggregation IP address of the distributed aggregation system.
For example, the distributed aggregation system in fig. 9 includes VTEP B and VTEP C, where the actual IP address of VTEP B is 1.1.1.1, the actual IP address of VTEP C is 2.2.2.2, and the aggregate IP address advertised to the outside by VTEP B and VTEP C is 3.3.3.3. Since VM A is connected with VTEP B and VTEP C respectively, the interface state is DR interface. After learning the ARP table entry of the VM A, the VTEP B and the VTEP C can inform the remote VTEP D of the next hop of the VM A as a distributed aggregation system through the EVPN. And establishing a VXLAN tunnel10 between the VTEP D and the distributed aggregation system according to the aggregation IP address of the distributed aggregation system. Wherein, the source address of tunnel10 is the IP address of VTEP D, and the destination address is the aggregation IP address 3.3.3.3 of the distributed aggregation system. And generating a route forwarding table entry on the VTEP D according to the IP address of the VM A, and setting a next hop-out interface of the VMA in the route forwarding table entry as the tunnel 10.
Further, as shown in fig. 8, after step 102, the tunnel establishment method may further include:
step 104, periodically detecting the interface state of the first VTEP connected with the VM;
step 105, if the interface state is changed from the single-hanging AC interface to the DR interface, notifying the remote VTEP that the next hop of the VM is the distributed aggregation system, establishing a second VXLAN tunnel according to an aggregation address of the distributed aggregation system, and setting a next hop-out interface to the VM as the second VXLAN tunnel on the remote VTEP;
step 106, if the interface state is changed from the DR interface to the single-hanging AC interface, notifying the remote VTEP that the next hop of the VM is the first VTEP, establishing a first VXLAN tunnel according to the actual address of the first VTEP, and setting the next hop-out interface to the VM as the first VXLAN tunnel on the remote VTEP.
For example, in fig. 10 and 11, the distributed aggregation system includes VTEP B and VTEP C, where the actual IP address of VTEP B is 1.1.1.1, the actual IP address of VTEP C is 2.2.2.2, and the aggregate IP address advertised to the outside by VTEP B and VTEP C is 3.3.3.3.3.
The interface state of VM a changes from the DR interface in fig. 10 to the single-hung AC interface in fig. 11. The next hop route of VM a advertised to VTEP D changes from an aggregate IP address of 3.3.3.3 to a VTEP C actual IP address of 2.2.2.2. A VXLAN tunnel11 is established between VTEP D and VTEP C based on the actual IP address of VTEP C. Wherein, the source address of tunnel11 is the IP address of VTEP D, and the destination address is the actual IP address 2.2.2.2 of VTEP C. And on VTEP D, generating a route forwarding table according to the IP address of VM A, and setting the next hop-out interface of VM A in the route forwarding table as tunnel 11. Wherein, the source address of tunnel11 is the IP address of VTEP D, and the destination address is the actual IP address 2.2.2.2 of VTEP C. If there is an established VXLAN tunnel11, it is also possible to directly set the next hop-out interface of VM a in the route forwarding table entry as tunnel11 without repeatedly establishing a tunnel.
The interface state of VM F is changed from the AC interface of single suspension in fig. 10 to the DR interface in fig. 11. The next hop route of VM F advertised to VTEP D changes from the actual IP address of VTEP C of 2.2.2.2 to the aggregate IP address of 3.3.3.3. And establishing a VXLAN tunnel10 between the VTEP D and the distributed aggregation system according to the aggregation IP address of the distributed aggregation system. Wherein, the source address of tunnel10 is the IP address of VTEP D, and the destination address is the aggregation IP address 3.3.3.3 of the distributed aggregation system. And on VTEP D, according to the IP address of VM F, generate the route and transmit the table entry, set up the next hop out interface of VMF in the route transmits the table entry as tunnel 10. Wherein, the source address of tunnel10 is the IP address of VTEP D, and the destination address is the aggregation IP address 3.3.3.3 of the distributed aggregation system. If there is an established VXLAN tunnel10, it is also possible to set the next hop-out interface of VM F in the route forwarding table entry as tunnel10 without repeatedly establishing the tunnel.
The embodiment extends the EVPN function, and if the VM connected to the first VTEP does not access the distributed aggregation system, a VXLAN tunnel between the first VTEP and the remote VTEP can be established according to the actual address of the first VTEP. Therefore, the service from the remote VTEP to the VM can be forwarded through the VTEP which is singly hung on the VM, and is not bypassed from other VTEPs in the distributed aggregation system, so that the service is not forwarded on IPLs among the VTEPs in the distributed aggregation system as far as possible, the bandwidth resource is saved, and the message loss is reduced. For example, the situation that the service message is lost due to insufficient bandwidth of the IPL is reduced, and the situation that the distributed aggregation protocol message is discarded due to too large data message volume is reduced.
Fig. 9 shows a schematic diagram of an application scenario of a tunnel establishment method according to an embodiment of the present disclosure. The following description will be given taking an IP address as an example of an actual address of a VTEP and an aggregation address of a distributed aggregation system. As shown in fig. 9, the method includes the steps of:
step 301, VTEP B and VTEP C are two Leaf devices of the distributed aggregation system. VM A is a virtual machine and belongs to a distributed aggregation system in a dual mode. The IP address of VM A is 100.1.1.2/24. The actual IP addresses of VTEP B and VTEP C are 1.1.1.1 and 2.2.2.2, respectively, and the aggregate IP address advertised to the outside by VTEP B and VTEP C is 3.3.3.3, that is, the ARP sent by the dual-homed virtual machine carries the aggregate IP address when pushing the EVPN route to the outside.
After VM a gets online, VTEP B and VTEP C can learn the ARP entry of VM a, step 302. Meanwhile, VTEP B and VTEP C advertise 100.1.1.2/24(VM A) the next hop of type 2 route of 3.3.3.3 (distributed aggregation system) to the far-end VTEP D through EVPN. After receiving the 2-type route, the VTEP D locally generates a route forwarding table entry: in the IP routing forwarding table entry generated on VTEP D according to the IP address of VM a, the egress interface is VXLAN tunnel 10. The destination address of VXLAN tunnel10 is the aggregate IP address of the distributed aggregation system 3.3.3.3. The route over the underlay network 3.3.3.3 forms an equivalence on top of VTEP D. If the virtual machine VM E needs to forward the service to the VM A, the hash is carried out on the VTEP D, and the hash can be carried out to any Leaf device of the VTEP B or the VTEP C to be used as a tail node of a VXLAN tunnel to forward the service. For example, fig. 9 hash to VTEP B.
Step 303, as shown in fig. 10, the virtual machine VM F is online, the IP address of VM F is 101.1.1.2/24, and step 304 is executed.
Step 304, after VM F comes online, VTEP C can learn the ARP entry of virtual machine VM F. Meanwhile, the VTEP C informs the far-end VTEP D of 2-type 2 route with the next hop of 101.1.1.2/24(VM F) being 2.2.2.2(VTEP C) through EVPN. After receiving the 2-type route, the VTEP D locally generates a route forwarding table entry: in the IP routing forwarding table entry generated on VTEP D according to the IP address of VM F, the egress interface is VXLAN tunnel 11. The destination address of VXLAN tunnel11 is the actual IP address of the distributed aggregation system, i.e. the actual IP address of VTEP C2.2.2. The 2.2.2.2 route over the underlay network forms an equivalence on top of VTEP D. If VM E wants to forward the service to VM F, the service can be directly forwarded to VTEP C according to the actual newly generated routing forwarding table entry.
And 305, if one end of the DR interface of the VM A has a problem or networking changes, the DR interface becomes a single-hanging AC interface, and the single-hanging AC interface of the VM F becomes a DR interface. Step 306 is performed as shown in fig. 11.
The advertised route to VTEP D from steps 306, 100.1.1.2/24(VM a) changes from the aggregate IP address 3.3.3.3 of the distributed aggregation system to the actual IP address 2.2.2.2 of VTEP C. The next hop-out interface in the route forwarding entry of VM a is modified from tunnel10 to tunnel11 on VTEP D.
The advertised route to VTEP D from steps 307, 101.1.1.2/24(VM F) changes from the actual IP address 2.2.2.2 of VTEP C to the aggregated IP address 3.3.3.3 of the distributed aggregation system. The next hop-out interface in the route forwarding entry of VM F is modified from tunnel11 to tunnel10 on VTEP D. The 3.3.3.3 route over the underlay network forms an equivalence on top of the VTEPD.
According to the method, under the scenes of distributed aggregation and EVPN networking, different VXLAN tunnels are established by utilizing an aggregation IP address or an actual IP address according to whether a virtual machine is accessed to a distributed aggregation system, so that the service forwarding of a corresponding VM is realized, and the EVPN function is expanded. For the condition that the VM is a single-hanging AC interface, the service is directly forwarded to the VM through the VTEP connected with the VM without bypassing other VTEPs in the distributed aggregation system, so that the effect that the service is not on the IPL as far as possible is achieved, the bandwidth resource is saved, and the message loss is reduced. For example, the loss of service messages caused by insufficient bandwidth of the IPL link and the dropping of distributed aggregation protocol messages caused by too large data message volume are reduced.
Fig. 12 shows a block diagram of a tunnel establishment apparatus according to an embodiment of the present disclosure. As shown in fig. 12, the tunnel establishment apparatus is applied to a first VTEP in a distributed aggregation system, and the apparatus may include:
a first detection module 41, configured to detect whether a virtual machine VM connected to the first detection module is connected to the distributed aggregation system;
a first establishing module 43, configured to establish a first VXLAN tunnel between a remote VTEP and the first VTEP according to the real address of the first VTEP if the VM does not access the distributed aggregation system, and set a next hop-out interface to the VM as the first VXLAN tunnel on the remote VTEP.
In a possible implementation manner, the first detection module 41 is further configured to:
detecting the interface state of the connection of the first VTEP and the VM;
if the interface state is a single-hanging access circuit AC interface, the VM does not access the distributed aggregation system;
and if the interface state is a distributed aggregation DR interface, the VM is accessed to the distributed aggregation system.
In a possible implementation manner, the first establishing module 43 is further configured to:
if the VM does not access the distributed aggregation system, the first VTEP acquires address information of the VM;
the first VTEP informs the far-end VTEP that the next hop of the VM is the first VTEP;
and establishing the first VXLAN tunnel according to the actual address of the first VTEP, and setting a next hop-out interface to the VM as the first VXLAN tunnel on the far-end VTEP according to the address of the VM.
In one possible implementation, the apparatus further includes: a second establishing module 45, configured to establish a second VXLAN tunnel between the remote VTEP and the distributed aggregation system according to the aggregation address of the distributed aggregation system if the VM accesses the distributed aggregation system, and set a next hop-out interface to the VM as the second VXLAN tunnel on the remote VTEP.
As shown in fig. 13, in a possible implementation, the apparatus further includes:
a second detecting module 51, configured to periodically detect an interface state where the first VTEP is connected to the VM;
a third establishing module 53, configured to notify the remote VTEP that a next hop of the VM is the distributed aggregation system if the interface state is changed from the single-hanging AC interface to the DR interface, establish a second VXLAN tunnel according to an aggregation address of the distributed aggregation system, and set a next hop-out interface to the VM as the second VXLAN tunnel on the remote VTEP;
a fourth establishing module 55, configured to notify the remote VTEP that the next hop of the VM is the first VTEP if the interface status is changed from the DR interface to the single-hanging AC interface, establish a first VXLAN tunnel according to the actual address of the first VTEP, and set the next hop-out interface to the VM as the first VXLAN tunnel on the remote VTEP.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
The tunnel establishing apparatus of this embodiment may establish the VXLAN tunnel between the first VTEP and the remote VTEP according to the actual address of the first VTEP if the VM connected to the first VTEP does not access the distributed aggregation system. Therefore, the service from the remote VTEP to the VM can be directly forwarded through the VTEP which is singly hung on the VM, and is not bypassed from other VTEPs in the distributed aggregation system, so that the service is not forwarded on IPLs among the VTEPs in the distributed aggregation system as far as possible, the bandwidth resource is saved, and the message loss is reduced.
Fig. 14 shows a block diagram of a tunnel establishment apparatus according to another embodiment of the present disclosure. Referring to fig. 14, the apparatus 900 may include a processor 901, a machine-readable storage medium 902 having stored thereon machine-executable instructions. The processor 901 and the machine-readable storage medium 902 may communicate via a system bus 903. Also, the processor 901 performs the tunnel establishment method described above by reading machine executable instructions in the machine readable storage medium 902 corresponding to the tunnel establishment logic.
The machine-readable storage medium 902 referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: a RAM (random Access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terms used herein were chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the techniques in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (10)

1. A tunnel establishment method is applied to a first VTEP in a distributed aggregation system, and comprises the following steps:
the method comprises the steps that a first VTEP detects whether a virtual machine VM connected with the first VTEP is accessed to the distributed aggregation system;
if the VM does not access the distributed aggregation system, a first VXLAN tunnel between a remote VTEP and the first VTEP is established according to the actual address of the first VTEP, and a next hop-out interface to the VM is set as the first VXLAN tunnel on the remote VTEP.
2. The method according to claim 1, wherein the first VTEP detecting whether a VM connected to itself accesses the distributed aggregation system comprises:
detecting the interface state of the connection of the first VTEP and the VM;
if the interface state is a single-hanging access circuit AC interface, the VM does not access the distributed aggregation system;
and if the interface state is a distributed aggregation DR interface, the VM is accessed to the distributed aggregation system.
3. The method of claim 1 or 2, wherein if the VM does not access the distributed aggregation system, establishing a first VXLAN tunnel between the remote VTEP and the first VTEP according to the real address of the first VTEP, and setting a next hop-out interface to the VM to the first VXLAN tunnel on the remote VTEP, comprises:
if the VM does not access the distributed aggregation system, the first VTEP acquires address information of the VM;
the first VTEP informs the far-end VTEP that the next hop of the VM is the first VTEP;
and establishing the first VXLAN tunnel according to the actual address of the first VTEP, and setting a next hop-out interface to the VM as the first VXLAN tunnel on the far-end VTEP according to the address of the VM.
4. The method of claim 1 or 2, further comprising:
if the VM accesses the distributed aggregation system, a second VXLAN tunnel between the remote VTEP and the distributed aggregation system is established according to an aggregation address of the distributed aggregation system, and a next hop-out interface to the VM is set as the second VXLAN tunnel on the remote VTEP.
5. The method of claim 1 or 2, further comprising:
periodically detecting the interface state of the first VTEP and the VM connection;
if the interface state is changed from the single-hanging AC interface to the DR interface, notifying the far-end VTEP that the next hop of the VM is the distributed aggregation system, establishing a second VXLAN tunnel according to the aggregation address of the distributed aggregation system, and setting the next hop-out interface to the VM as the second VXLAN tunnel on the far-end VTEP;
if the interface state is changed from a DR interface to a single-hanging AC interface, notifying the far-end VTEP that the next hop of the VM is the first VTEP, establishing a first VXLAN tunnel according to the actual address of the first VTEP, and setting the next hop-out interface to the VM as the first VXLAN tunnel on the far-end VTEP.
6. A tunnel establishment apparatus, wherein the apparatus is applied to a first VTEP in a distributed aggregation system, and the apparatus comprises:
the first detection module is used for detecting whether a virtual machine VM connected with the first detection module is accessed to the distributed aggregation system;
a first establishing module, configured to establish a first VXLAN tunnel between a remote VTEP and the first VTEP according to a real address of the first VTEP if the VM does not access the distributed aggregation system, and set a next hop-out interface to the VM as the first VXLAN tunnel on the remote VTEP.
7. The apparatus of claim 6, wherein the first detection module is further configured to:
detecting the interface state of the connection of the first VTEP and the VM;
if the interface state is a single-hanging access circuit AC interface, the VM does not access the distributed aggregation system;
and if the interface state is a distributed aggregation DR interface, the VM is accessed to the distributed aggregation system.
8. The apparatus of claim 6 or 7, wherein the first establishing module is further configured to:
if the VM does not access the distributed aggregation system, the first VTEP acquires address information of the VM;
the first VTEP informs the far-end VTEP that the next hop of the VM is the first VTEP;
and establishing the first VXLAN tunnel according to the actual address of the first VTEP, and setting a next hop-out interface to the VM as the first VXLAN tunnel on the far-end VTEP according to the address of the VM.
9. The apparatus of claim 6 or 7, further comprising:
a second establishing module, configured to establish a second VXLAN tunnel between the remote VTEP and the distributed aggregation system according to an aggregation address of the distributed aggregation system if the VM accesses the distributed aggregation system, and set a next hop-out interface to the VM as the second VXLAN tunnel on the remote VTEP.
10. The apparatus of claim 6 or 7, further comprising:
the second detection module is used for periodically detecting the interface state of the connection between the first VTEP and the VM;
a third establishing module, configured to notify the remote VTEP that a next hop of the VM is the distributed aggregation system if the interface state is changed from a single-hanging AC interface to a DR interface, establish a second VXLAN tunnel according to an aggregation address of the distributed aggregation system, and set a next hop-out interface to the VM as the second VXLAN tunnel on the remote VTEP;
a fourth establishing module, configured to notify the remote VTEP that a next hop of the VM is the first VTEP if the interface state is changed from the DR interface to the single-hanging AC interface, establish a first VXLAN tunnel according to an actual address of the first VTEP, and set the next hop-out interface to the VM as the first VXLAN tunnel on the remote VTEP.
CN201710822971.8A 2017-09-13 2017-09-13 Tunnel establishment method and device Active CN107612808B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710822971.8A CN107612808B (en) 2017-09-13 2017-09-13 Tunnel establishment method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710822971.8A CN107612808B (en) 2017-09-13 2017-09-13 Tunnel establishment method and device

Publications (2)

Publication Number Publication Date
CN107612808A CN107612808A (en) 2018-01-19
CN107612808B true CN107612808B (en) 2020-09-08

Family

ID=61063932

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710822971.8A Active CN107612808B (en) 2017-09-13 2017-09-13 Tunnel establishment method and device

Country Status (1)

Country Link
CN (1) CN107612808B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322338B (en) * 2018-01-23 2021-02-26 新华三技术有限公司 Broadcast suppression method and VTEP device
CN108471372B (en) * 2018-02-28 2020-11-10 新华三技术有限公司 State control method, device and message transmission method
CN108600073B (en) * 2018-04-19 2020-12-29 新华三技术有限公司 Dynamic tunnel establishment method and device
CN108600075B (en) * 2018-04-23 2021-06-29 新华三技术有限公司 Fault processing method and device
CN108712316B (en) * 2018-05-30 2020-12-08 新华三技术有限公司 Access configuration method, device and system of virtual machine
CN108900414B (en) * 2018-06-08 2021-09-10 新华三技术有限公司 Forwarding table generation method and device
CN108965089B (en) * 2018-06-21 2020-11-06 新华三技术有限公司 Flow forwarding method and device
CN109450767B (en) * 2018-10-26 2020-06-12 新华三技术有限公司 Message processing method and device
CN109728972B (en) * 2018-12-14 2021-07-23 新华三技术有限公司 Network connection detection method and device
CN109639556B (en) * 2019-01-07 2021-05-28 新华三技术有限公司 Forwarding table entry reporting method and VTEP equipment
CN110311860B (en) * 2019-07-24 2022-06-24 北京天融信网络安全技术有限公司 Multilink load balancing method and device under VXLAN
CN111865779B (en) * 2020-07-13 2022-08-02 中国联合网络通信集团有限公司 Route synchronization method and cross-device link aggregation group

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9749231B2 (en) * 2013-07-02 2017-08-29 Arista Networks, Inc. Method and system for overlay routing with VXLAN on bare metal servers
US9769088B2 (en) * 2014-07-31 2017-09-19 Arista Networks, Inc. Method and system for VTEP redundancy in a multichassis link aggregation domain
CN106161248B (en) * 2015-04-27 2019-03-29 新华三技术有限公司 Message forwarding method and device in a kind of VXLAN network
CN106059946B (en) * 2016-05-23 2019-12-06 新华三技术有限公司 Message forwarding method and device
CN106899430B (en) * 2016-12-09 2020-05-29 新华三技术有限公司 Traffic forwarding processing method and device
CN106878065B (en) * 2017-01-18 2021-06-11 新华三技术有限公司 Configuration method and device of distributed aggregation system

Also Published As

Publication number Publication date
CN107612808A (en) 2018-01-19

Similar Documents

Publication Publication Date Title
CN107612808B (en) Tunnel establishment method and device
US20210250294A1 (en) Route Processing Method, Device, and System
US10333836B2 (en) Convergence for EVPN multi-homed networks
US10135627B2 (en) System for avoiding traffic flooding due to asymmetric MAC learning and achieving predictable convergence for PBB-EVPN active-active redundancy
CN106936777B (en) Cloud computing distributed network implementation method and system based on OpenFlow
US8694664B2 (en) Active-active multi-homing support for overlay transport protocol
CN107547402B (en) Forwarding table generation method and device
US8948181B2 (en) System and method for optimizing next-hop table space in a dual-homed network environment
EP2985959B1 (en) Progressive mac address learning
US9300524B2 (en) Message forwarding between geographically dispersed network sites
US10193707B2 (en) Packet transmission method and apparatus
US9100213B1 (en) Synchronizing VPLS gateway MAC addresses
CN108199963B (en) Message forwarding method and device
CN108200225A (en) Dissymmetric network address encapsulates
CN108092890B (en) Route establishing method and device
EP3301868B1 (en) Symmetric intersubnet traffic load balancing in multihomed networks
WO2018058639A1 (en) Pseudo wire load sharing method and apparatus
US10158567B1 (en) PBB-EVPN customer MAC synchronization among all-active multi-homing PEs
US10033636B1 (en) Ethernet segment aware MAC address learning
CN113037883B (en) Method and device for updating MAC address table entries
US11303474B1 (en) Split-horizon filtering for EVPN-VXLAN
CN113452606A (en) Communication method and device
EP3190752B1 (en) Method, apparatus and medium for avoiding traffic flooding due to asymmetric mac learning and achieving predictable convergence for pbb-evpn active-active redundancy
WO2020136661A1 (en) First node, second node, third node and methods performed thereby for handling data traffic in an ethernet segment
CN115174312B (en) Broadcast information transmission method, tunnel endpoint device, electronic device, and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant