CN113518104A - Data message processing method, transfer equipment and system - Google Patents
Data message processing method, transfer equipment and system Download PDFInfo
- Publication number
- CN113518104A CN113518104A CN202110265860.8A CN202110265860A CN113518104A CN 113518104 A CN113518104 A CN 113518104A CN 202110265860 A CN202110265860 A CN 202110265860A CN 113518104 A CN113518104 A CN 113518104A
- Authority
- CN
- China
- Prior art keywords
- service network
- site
- sites
- network
- interconnection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012546 transfer Methods 0.000 title claims abstract description 26
- 238000003672 processing method Methods 0.000 title abstract description 6
- 238000000034 method Methods 0.000 claims abstract description 41
- 238000012545 processing Methods 0.000 claims abstract description 26
- 230000006855 networking Effects 0.000 claims abstract description 19
- 230000015654 memory Effects 0.000 claims description 27
- 238000004590 computer program Methods 0.000 claims description 13
- 230000008569 process Effects 0.000 claims description 11
- 230000003068 static effect Effects 0.000 claims description 11
- 238000001914 filtration Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 10
- 238000003860 storage Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000003993 interaction Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/562—Brokering proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a data message processing method, a transfer device and a system, wherein the method is applied to the transfer device of an intermediate service network, and comprises the following steps: establishing network connection with network equipment in a site; acquiring the service network segment of the site from the network equipment through the network connection, and acquiring the service network segment of other sites needing to establish interconnection relation with the site from a route reflector of the intermediate service network; and when receiving the data message related to the service network segment of the site, determining the processing mode of the data message according to the service network segments of other sites, so as to realize that the site only accesses other sites with interconnection relation and is isolated from the sites without interconnection relation in the intermediate service network. The technical scheme provided by the application can improve the flexibility of the networking mode.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a method, a relay device, and a system for processing a data packet.
Background
Currently, data access is typically achieved through a VPN within an enterprise. With the continuous expansion of the enterprise scale, an enterprise may be provided with headquarters, branches and data centers everywhere, and in order to achieve interconnection of the headquarters, the branches and the data centers, the current VPN technology may build a network topology based on a fixed structure such as a full-mesh (full-mesh) or a hub-spoke (hub-spoke). However, with the refinement of enterprise management, the networking method cannot meet diversified networking requirements and permission control requirements. Therefore, there is a need for a more flexible networking method to meet the requirement of customized enterprise network construction.
Disclosure of Invention
The application aims to provide a data message processing method, a transfer device and a system, which can improve the flexibility of a networking mode.
In order to achieve the above object, an aspect of the present application provides a method for processing a data packet, where the method is applied to a transit device of an intermediary service network, and the method includes: establishing network connection with network equipment in a site; acquiring the service network segment of the site from the network equipment through the network connection, and acquiring the service network segment of other sites needing to establish interconnection relation with the site from a route reflector of the intermediate service network; and when receiving the data message related to the service network segment of the site, determining the processing mode of the data message according to the service network segments of other sites, so as to realize that the site only accesses other sites with interconnection relation and is isolated from the sites without interconnection relation in the intermediate service network.
In one embodiment, establishing a network connection with a network device in a site includes:
configuring a pair of interconnected IPs in the network device and the relay device, configuring a static routing rule on the network device, so that a next hop of a data packet sent by the network device and matching the static routing rule points to the interconnected IP in the relay device, and configuring a backhaul route of the interconnected IP pointing to the network device at the relay device.
In one embodiment, the static routing rule is an interconnection IP forwarding the data packet whose destination address belongs to the service network segment of the other station to the relay device.
In one embodiment, the acquiring, from a route reflector in the intermediate service network, a traffic segment of another station that needs to establish an interconnection relationship with the station includes:
directly acquiring the service network segments of the other sites from the route reflector; alternatively, the first and second electrodes may be,
and acquiring the service network segments of all the sites accessed to the intermediate service network from the route reflector, and filtering the service network segments of other sites based on the information of other sites which are acquired from the central server and need to establish interconnection relationship with the sites.
In one embodiment, the transit device and the route reflector establish a neighbor relationship based on a border gateway protocol, so as to obtain the service network segments of the other sites through the established neighbor relationship, and report the service network segments of the sites to the route reflector.
In one embodiment, the determining, according to the service network segment of the other station, a processing manner of the data packet includes:
judging whether the source address or the destination address of the data message belongs to the service network segment of the other site or not; if yes, releasing the data message; and if not, discarding the data message.
In one embodiment, the transit apparatus is determined by a central server based on the site information.
In order to achieve the above object, another aspect of the present application further provides a relay device, where the relay device includes a memory and a processor, the memory is used to store a computer program, and the computer program, when executed by the processor, implements the above method for processing a data packet.
In order to achieve the above object, another aspect of the present invention further provides a system for processing data packets, the system including a central server and an intermediary service network constructed by a plurality of relay devices, wherein,
the central server is used for receiving networking connection requirements of clients, generating interconnection information among all sites of the clients based on the networking connection requirements, selecting at least one target transfer server for realizing the interconnection information from a plurality of transfer devices in the intermediate service network, instructing the target transfer server to process a data message of a site, determining one transfer server as a route reflector, and issuing the interconnection information to the route reflector or the target transfer device;
the route reflector is used for receiving the service network segments reported by the sites;
the target transfer equipment is used for processing the data message of the site based on the data message processing method according to the instruction of the central server.
In one embodiment, the intermediary service network further includes a client terminal device, where the client terminal device is deployed in a local area network of at least one of the other sites, establishes a neighbor relation with the route reflector based on a border gateway protocol, acquires a service network segment of the other site having a connection relation with the site where the client terminal device is located through the established neighbor relation, and reports the service network segment of the site where the client terminal device is located to the route reflector.
In one embodiment, the client terminal device determines whether to forward the received data packet according to the service network segment obtained from the route reflector, and forwards the data packet if a destination address or a source address of the data packet belongs to the service network segment, or discards the data packet if not.
As can be seen from the above, in the technical solutions provided in one or more embodiments of the present application, a transit device in an intermediate service network may directly establish a network connection with a network device in a client site, acquire a service network segment of the client site, acquire a service network segment of another site that needs to establish an interconnection relationship with the client site from a route reflector in the intermediate service network, and forward or discard a data packet when receiving the data packet, thereby implementing that the client site can only access the other site that needs to establish the interconnection relationship, and isolate the site that does not need to establish the interconnection relationship, thereby implementing on-demand interconnection between the sites based on the intermediate service network, and a network service provider does not need to deploy a client terminal device (CPE) in the client site, the access mode is more flexible, and can adapt to an application scenario in which the client terminal device cannot be deployed, the flexibility of the networking mode is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic diagram of a system architecture for processing data packets according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for processing data packets according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of the relay apparatus in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clear, the technical solutions of the present application will be clearly and completely described below with reference to the detailed description of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art without any inventive work based on the embodiments in the present application are within the scope of protection of the present application.
The technical scheme provided by the application can be applied to the system architecture shown in fig. 1. In the system architecture, a central server provided by a network service provider, an intermediate service network, and various sites of customers may be included. For example, an enterprise has office points in china, the united states, and the united kingdom, each office point has a corresponding local area network for managing the network of users in the site, and if networking of the three office points is required, the three office points correspond to three sites. The network service provider may provide networking connectivity services, transport optimization services, etc. for multiple enterprise users based on an intermediary service network.
The intermediate service network may be a transmission network constructed based on an SD-WAN (Software-Defined WAN) technology, and includes a plurality Of relay devices, which are deployed in various regions by a network service provider and may be POP (Point Of Presence) devices, and each relay device may establish a TCP connection with the central server to receive a control instruction issued by the central server, so as to implement processing on a received data packet by executing the control instruction, and optimize a transmission rate or security Of the data packet.
The central server can be used for receiving networking connection requirements among stations of a client, determining a mode of accessing each station to an intermediate service network, such as CPE accessing or non-CPE accessing, determining interconnection relationships among the stations based on the networking requirements, selecting the transfer equipment for establishing the interconnection relationships from the plurality of transfer equipment according to the interconnection relationships among the stations, and issuing a control instruction to the transfer equipment to complete construction of network topology among the stations, wherein the interconnection relationships among the stations are used for determining whether the stations can be accessed to each other, if the stations have the interconnection relationships, the stations can be accessed to each other, if the stations do not have the interconnection relationships, the stations cannot be accessed to each other, and under the condition, data among the stations need to be isolated from each other, and data interaction cannot be performed.
In an implementation, the network service provider may set a manner in which a station accesses the intermediate service network according to an actual situation of a customer station, and in an implementation, as in a station A, C, D in fig. 1, the network service provider may deploy customer end devices (such as CPE a, CPE B, and CPE C) in the station, the CPE devices may be deployed at network outlets of a local area network of the station, may obtain data packets of interactions between users in the local area network of the station and an external network, and when the central server determines an access manner of the station according to networking requirements, the central server may directly select to implement access of the station through the CPE devices deployed in the station. The central server may establish a communication connection, e.g., a TCP connection, with the selected CPE, so that a control command may be issued to the CPE through the established communication connection to control forwarding of the data packet by the CPE.
In implementation, the control command issued by the central server to each CPE device and the relay device may include a dynamic routing software installation command, wherein the dynamic routing software installation instructions are for instructing each CPE and transit device to install dynamic routing software, such as a Qugga or Frr, so that the CPE and the transit equipment can exchange routing information based on a dynamic routing protocol, the dynamic Routing Protocol may be selected from OSPF (Open Shortest Path First Protocol), RIP (Routing Information Protocol), IS-IS (Intermediate System-to-Intermediate System), IGRP (Interior Gateway Routing Protocol), EIGRP (Enhanced Interior Gateway Routing Protocol), BGP (Border Gateway Protocol), and the like. Thus, an internal network can be established between the CPE and the transit device. The internal network can perform routing information interaction through a dynamic routing protocol.
In this embodiment, in order to ensure that the service traffic can be forwarded normally based on the constructed network topology, the central server needs to select one route reflector RR from the relay devices used for constructing the network topology. In practical application, the relay device with the most stable performance may be taken as the RR, where the performance of the relay device may be obtained by weighting each index, and for example, the performance of the relay device may be determined by combining indexes such as hardware configuration, historical failure rate, maximum bandwidth that can be supported, and maximum number of connections that can be supported of the relay device.
After the RR is selected, the RR and the CPE device accessing the site can implement routing information interaction based on a dynamic routing protocol, taking BGP protocol as an example, the CPE device can respectively establish a neighbor relationship with the RR, and after the neighbor relationship is established, each CPE device can report a service network segment of its corresponding site to the RR based on the neighbor relationship, and based on this, the RR can collect the service network segment corresponding to each site accessed by the CPE device, where the service network segment of a site is an IP address segment set under the site, and a user in the site can interact with an external network based on these IP addresses.
It is understood that, because the actual situation of each site is different, some sites cannot deploy CPE therein, for example, a site may be an Internet Data Center (IDC) or other third party platform, and at this time, the site does not normally run CPE devices deploying network service providers, and for this scenario, the central server may determine, from a plurality of transit devices based on the information of the site, that a transit device establishes a network connection with a network device having a switch function in the site, for example, a switch, a router, and the like, and implement interconnection between the site and other sites through the transit device, which may specifically refer to the method provided in the following embodiments.
The method for processing a data packet provided in an embodiment of the present application may be applied to the transit device, where the present embodiment takes a network device as an example for explanation. Referring to fig. 1 and 2, the method may include the following steps.
S1: a network connection is established with a switch in a site.
Specifically, the transit device is selected by the central server from a plurality of transit devices in the intermediary service network according to the location information or performance requirements of the site, for example, the transit device closest to the site. Preferably, the transit device may be connected to the switch via a dedicated line, so that it is not necessary to pass through an operator network to ensure the security of data traffic.
When network connection is established with the switch, a pair of interconnection IPs can be configured in the switch and the transit device for data interaction between the switch and the transit device, and a static routing rule is configured on the switch, so that the next hop of a data packet sent by the switch and matched with the static routing rule points to the interconnection IP of the transit device, and a backhaul route of the interconnection IP pointing to the switch is configured on the transit device.
In this embodiment, the switch may be a switch deployed in a client site, and is configured to forward a data packet between an intra-site user and an external network, so that the switch may receive all data packets sent by the site to the external network, and configure a static routing rule on the switch, so as to forward all data packets sent by the site to the external network to the forwarding device, and further process, for example, forward or discard, the data packets by the forwarding device. In one implementation, the intermediate service network is only used to implement networking interconnection between different sites of the same client, and does not process data packets that are not interacted between sites, so that when a static routing rule on the switch is configured, only data packets sent to other sites of the client can be forwarded to the relay device, thereby reducing processing pressure of the relay device.
S2: and acquiring the service network segment of the station from the switch through the network connection, and acquiring the service network segment of other stations needing to establish interconnection relation with the station from a route reflector of the intermediate service network.
Specifically, after the network connection relationship between the switch and the network is established, the service network segment of the site where the switch is located can be obtained from the switch through the network connection.
In addition, the relay device and the RR may establish a neighbor relation based on a border gateway protocol, so as to obtain the service network segments of the other sites through the established neighbor relation, and report the service network segments of the sites to the route reflector. In one implementation, the relay device may directly obtain the service segments of other sites from the RR, where the other sites are sites that need to establish an interconnection relationship with the site where the switch is located, and specifically, after determining the RR, the central server may issue a control instruction to each CPE and the relay device connected to the switch to instruct each CPE and the switch to report the service segment of the site corresponding to the CPE and the switch to the RR, so that the RR may obtain the service segments of each site of the customer, and at the same time, the central server may issue the interconnection relationship between the sites to the RR, so that the RR may determine the service segments of the other sites that need to establish a connection relationship with the RR for each site based on the interconnection relationship between the sites, and thus, the relay device may directly obtain the service segments of the other sites from the RR.
In another implementation, the relay device may obtain, from the RR, all service segments of the sites accessing the intermediate service network, and filter out the service segments of other sites based on information of other sites that need to establish an interconnection relationship with the site where the switch is located, which is obtained from the central server.
S3: and when receiving the data message related to the service network segment of the site, determining the processing mode of the data message according to the service network segments of other sites, so as to realize that the site only accesses other sites with interconnection relation and is isolated from the sites without interconnection relation in the intermediate service network.
Specifically, since the transit node needs to process not only the data packet related to the site where the switch is located, but also possibly needs to forward other data packets transmitted in the intermediate service network, when the transit node receives the data packet, it may first determine whether the data packet is related to the service network segment of the site where the switch is located, including determining whether the source address or the destination address of the data packet belongs to the service network segment, if so, it determines that the data packet is related to the service network of the site where the switch is located, otherwise, it determines that the data packet is not related.
For the data message related to the service network segment of the site where the switch is located, the relay node may further determine whether to forward the data message according to the obtained service network segments of other sites needing to establish an interconnection relationship, and similarly, the relay node may determine whether the source address or the destination address of the data message belongs to the service network segments of the other sites; if yes, releasing the data message, namely forwarding normally; and if not, discarding the data message.
In one implementation, the transit device may set an Access Control List (ACL) rule for performing Access Control, where the ACL rule may be expressed as: and judging whether the current data message is the data message between the switch and the target site or not aiming at the target site which has an interconnection relation with the site where the switch is positioned. If so, the current data message may be released. If not, the current data packet may be discarded.
For example, the site B where the switch is located only has an interconnection relationship with the site a currently, and does not have an interconnection relationship with the sites D and C, so when the relay device receives a data packet sent from the switch to the site C or D, the data packet should be directly discarded. Similarly, when the relay device receives the data packet sent from the station C or D to the station B, the data packet should be discarded. Only when the transit device receives the data packet sent from the switch to site a will the data packet be passed through. Similarly, when the relay device receives the data packet sent from the station a to the station B, the data packet should be released.
In this way, the transit node may determine a processing manner of the data packet based on the acquired service network segments of the other sites that need to establish the interconnection relationship, and only normally forward the data packet from or to the other sites having the interconnection relationship, so that the data packet between the sites may be forwarded according to the interconnection relationship between the sites, thereby implementing data access between the sites having the interconnection relationship and data isolation between the sites not having the interconnection relationship.
It should be noted that the switch described above is merely an example of a device for convenience of explaining the technical solution of the present application. Those skilled in the art will appreciate that any network device within a site having the same functionality can be equated with the switch described above.
The application also provides a data message processing system, which comprises a central server and an intermediate service network constructed by a plurality of transfer devices, wherein,
the central server is used for receiving networking connection requirements of clients, generating interconnection information among all sites of the clients based on the networking connection requirements, selecting at least one target transfer server for realizing the interconnection information from a plurality of transfer devices in the intermediate service network, instructing the target transfer server to process a data message of a site, determining one transfer server as a route reflector, and issuing the interconnection information to the route reflector or the target transfer device;
the route reflector is used for receiving the service network segments reported by the sites;
the target transfer equipment is used for processing the data message of the site based on the data message processing method according to the instruction of the central server.
In one embodiment, the intermediary service network further includes a client terminal device, where the client terminal device is deployed in a local area network of at least one of the other sites, establishes a neighbor relation with the route reflector based on a border gateway protocol, acquires a service network segment of the other site having a connection relation with the site where the client terminal device is located through the established neighbor relation, and reports the service network segment of the site where the client terminal device is located to the route reflector.
In one embodiment, the client terminal device determines whether to forward the received data packet according to the service network segment obtained from the route reflector, and forwards the data packet if a destination address or a source address of the data packet belongs to the service network segment, or discards the data packet if not.
Referring to fig. 3, the present application further provides a relay device, where the relay device includes a memory and a processor, where the memory is used to store a computer program, and when the computer program is executed by the processor, the method for processing the data packet is implemented.
In this application, the memory may include physical means for storing information, typically media that digitize the information and store it in an electrical, magnetic, or optical manner. The memory may in turn comprise: devices that store information using electrical energy, such as RAM or ROM; devices that store information using magnetic energy, such as hard disks, floppy disks, tapes, core memories, bubble memories, or usb disks; devices for storing information optically, such as CDs or DVDs. Of course, there are other ways of memory, such as quantum memory or graphene memory, among others.
In the present application, the processor may be implemented in any suitable way. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth.
As can be seen from the above, in the technical solutions provided in one or more embodiments of the present application, a transit device in an intermediate service network may directly establish a network connection with a network device in a client site, acquire a service network segment of the client site, acquire a service network segment of another site that needs to establish an interconnection relationship with the client site from a route reflector in the intermediate service network, and forward or discard a data packet when receiving the data packet, thereby implementing that the client site can only access the other site that needs to establish the interconnection relationship, and isolate the site that does not need to establish the interconnection relationship, thereby implementing on-demand interconnection between the sites based on the intermediate service network, and a network service provider does not need to deploy a client terminal device (CPE) in the client site, the access mode is more flexible, and can adapt to an application scenario in which the client terminal device cannot be deployed, the flexibility of the networking mode is improved.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the embodiments of the system and of the relay device, reference may be made to the introduction of embodiments of the method described above for comparison.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only an embodiment of the present application, and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (11)
1. A method for processing data message is applied to a transit device of an intermediate service network, and the method comprises the following steps:
establishing network connection with network equipment in a site;
acquiring the service network segment of the site from the network equipment through the network connection, and acquiring the service network segment of other sites needing to establish interconnection relation with the site from a route reflector of the intermediate service network;
and when receiving the data message related to the service network segment of the site, determining the processing mode of the data message according to the service network segments of other sites, so as to realize that the site only accesses other sites with interconnection relation and is isolated from the sites without interconnection relation in the intermediate service network.
2. The method of claim 1, wherein establishing a network connection with a network device in a site comprises:
configuring a pair of interconnected IPs in the network device and the relay device, configuring a static routing rule on the network device, so that a next hop of a data packet sent by the network device and matching the static routing rule points to the interconnected IP in the relay device, and configuring a backhaul route of the interconnected IP pointing to the network device at the relay device.
3. The method according to claim 2, wherein the static routing rule is forwarding data packets with destination addresses belonging to the service network segments of the other sites to an interconnection IP in the transit device.
4. The method of claim 1, wherein the obtaining the traffic segment of the other station needing to establish an interconnection relationship with the station from the route reflector in the intermediate service network comprises:
directly acquiring the service network segments of the other sites from the route reflector; alternatively, the first and second electrodes may be,
and acquiring the service network segments of all the sites accessed to the intermediate service network from the route reflector, and filtering the service network segments of other sites based on the information of other sites which are acquired from the central server and need to establish interconnection relationship with the sites.
5. The method according to claim 4, wherein the relay device establishes a neighbor relation with the route reflector based on a border gateway protocol, so as to obtain the service network segments of the other stations through the established neighbor relation, and report the service network segments of the stations to the route reflector.
6. The method of claim 1, wherein the determining the processing manner of the data packet according to the service network segment of the other station comprises:
judging whether the source address or the destination address of the data message belongs to the service network segment of the other site or not; if yes, releasing the data message; and if not, discarding the data message.
7. The method of claim 1, wherein the transit device is determined by a central server based on site information.
8. A relay device, characterized in that the relay device comprises a memory for storing a computer program and a processor, the computer program, when executed by the processor, implementing the method according to any one of claims 1 to 7.
9. A system for processing data messages, the system comprising a central server and an intermediary service network constructed from a plurality of relay devices, wherein,
the central server is used for receiving networking connection requirements of clients, generating interconnection information among all sites of the clients based on the networking connection requirements, selecting at least one target transfer server for realizing the interconnection information from a plurality of transfer devices in the intermediate service network, instructing the target transfer server to process a data message of a site, determining one transfer server as a route reflector, and issuing the interconnection information to the route reflector or the target transfer device;
the route reflector is used for receiving the service network segments reported by the sites;
the target transit device is configured to process the data packet of the site based on the method according to any one of claims 1 to 7 according to the instruction of the central server.
10. The system according to claim 9, wherein the intermediate service network further comprises a client terminal device, wherein the client terminal device is deployed in a local area network of at least one of the other sites, and establishes a neighbor relation with the route reflector based on a border gateway protocol, so as to obtain a service network segment of the other site having a connection relation with the site where the client terminal device is located through the established neighbor relation, and report the service network segment of the site where the client terminal device is located to the route reflector.
11. The system according to claim 10, wherein said client terminal device determines whether to forward the received data packet according to said service segment obtained from said route reflector, and forwards said data packet if a destination address or a source address of said data packet belongs to said service segment, otherwise, discards it.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110265860.8A CN113518104B (en) | 2021-03-11 | 2021-03-11 | Data message processing method, transfer equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110265860.8A CN113518104B (en) | 2021-03-11 | 2021-03-11 | Data message processing method, transfer equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113518104A true CN113518104A (en) | 2021-10-19 |
| CN113518104B CN113518104B (en) | 2024-02-27 |
Family
ID=78061228
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110265860.8A Active CN113518104B (en) | 2021-03-11 | 2021-03-11 | Data message processing method, transfer equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113518104B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114449601A (en) * | 2022-01-27 | 2022-05-06 | 浙江大华技术股份有限公司 | Method and device for sharing traffic under networking |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020184388A1 (en) * | 2001-06-01 | 2002-12-05 | Nimer Yaseen | Layered approach to virtual private routing |
| US20040034702A1 (en) * | 2002-08-16 | 2004-02-19 | Nortel Networks Limited | Method and apparatus for exchanging intra-domain routing information between VPN sites |
| CN1852212A (en) * | 2005-09-09 | 2006-10-25 | 华为技术有限公司 | Method for providing communication between virtual special network stations |
| US7590074B1 (en) * | 2004-12-02 | 2009-09-15 | Nortel Networks Limited | Method and apparatus for obtaining routing information on demand in a virtual private network |
| CN101626338A (en) * | 2009-08-03 | 2010-01-13 | 杭州华三通信技术有限公司 | Method and device for realizing multiple virtual private network (VPN) examples |
| CN102137001A (en) * | 2010-11-29 | 2011-07-27 | 华为技术有限公司 | Routing information exchange method, equipment and system |
| CN109150685A (en) * | 2018-08-10 | 2019-01-04 | 哈尔滨工业大学(威海) | A kind of intelligent interconnection method and system towards heterogeneous network |
| CN110290093A (en) * | 2018-03-19 | 2019-09-27 | 杭州达乎科技有限公司 | The SD-WAN network architecture and network-building method, message forwarding method |
| CN111654399A (en) * | 2020-06-08 | 2020-09-11 | 奇安信科技集团股份有限公司 | Networking method, device and equipment based on SD-WAN and storage medium |
| CN112291151A (en) * | 2020-11-18 | 2021-01-29 | 迈普通信技术股份有限公司 | Message forwarding method, device, network equipment and storage medium |
-
2021
- 2021-03-11 CN CN202110265860.8A patent/CN113518104B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020184388A1 (en) * | 2001-06-01 | 2002-12-05 | Nimer Yaseen | Layered approach to virtual private routing |
| US20040034702A1 (en) * | 2002-08-16 | 2004-02-19 | Nortel Networks Limited | Method and apparatus for exchanging intra-domain routing information between VPN sites |
| US7590074B1 (en) * | 2004-12-02 | 2009-09-15 | Nortel Networks Limited | Method and apparatus for obtaining routing information on demand in a virtual private network |
| CN1852212A (en) * | 2005-09-09 | 2006-10-25 | 华为技术有限公司 | Method for providing communication between virtual special network stations |
| CN101626338A (en) * | 2009-08-03 | 2010-01-13 | 杭州华三通信技术有限公司 | Method and device for realizing multiple virtual private network (VPN) examples |
| CN102137001A (en) * | 2010-11-29 | 2011-07-27 | 华为技术有限公司 | Routing information exchange method, equipment and system |
| CN110290093A (en) * | 2018-03-19 | 2019-09-27 | 杭州达乎科技有限公司 | The SD-WAN network architecture and network-building method, message forwarding method |
| CN109150685A (en) * | 2018-08-10 | 2019-01-04 | 哈尔滨工业大学(威海) | A kind of intelligent interconnection method and system towards heterogeneous network |
| CN111654399A (en) * | 2020-06-08 | 2020-09-11 | 奇安信科技集团股份有限公司 | Networking method, device and equipment based on SD-WAN and storage medium |
| CN112291151A (en) * | 2020-11-18 | 2021-01-29 | 迈普通信技术股份有限公司 | Message forwarding method, device, network equipment and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114449601A (en) * | 2022-01-27 | 2022-05-06 | 浙江大华技术股份有限公司 | Method and device for sharing traffic under networking |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113518104B (en) | 2024-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11212215B2 (en) | Routing optimizations in a network computing environment | |
| US9979605B2 (en) | Virtualization mapping | |
| CN109923838B (en) | Resilient VPN bridging remote islands | |
| US10938714B2 (en) | Communication between distinct network domains | |
| US9979694B2 (en) | Managing communications between virtual computing nodes in a substrate network | |
| CN103873366B (en) | There is central controlled converging network communication means and the network equipment | |
| US9025468B1 (en) | Custom routing decisions | |
| US9009217B1 (en) | Interaction with a virtual network | |
| CN1770743B (en) | Softrouter | |
| CN113973026B (en) | Site interconnection method, central controller and route reflector | |
| CN114363115B (en) | Multi-area virtual overlay wide area network | |
| CN107733795B (en) | Ethernet virtual private network EVPN and public network intercommunication method and device | |
| US8667174B2 (en) | Method and system for survival of data plane through a total control plane failure | |
| CN111164936A (en) | Modeling an access network as a tree in a software defined network controller | |
| US20230308391A1 (en) | Communication of policy changes in lisp-based software defined networks | |
| CN109788018B (en) | Cross-domain service intercommunication method, network equipment and storage medium | |
| CN113518104B (en) | Data message processing method, transfer equipment and system | |
| CN113904981A (en) | Routing information processing method and device, electronic equipment and storage medium | |
| WO2022061798A1 (en) | Label deduction with flexible-algorithm | |
| CN106576076B (en) | Route control method for internet exchange point | |
| CN113098750A (en) | Site interconnection method, system and transfer equipment | |
| Hakiri et al. | Work-in-progress: Towards real-time smart city communications using software defined wireless mesh networking | |
| EP2983333B1 (en) | A system and method for providing routes to physical residential gateways | |
| CN113067781A (en) | Data processing method and device | |
| CN115118655A (en) | Cross-network message forwarding method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |