CN100486241C - Method and system for obtaining path maximum transmission length in channel gateway environment - Google Patents
Method and system for obtaining path maximum transmission length in channel gateway environment Download PDFInfo
- Publication number
- CN100486241C CN100486241C CNB2004100594862A CN200410059486A CN100486241C CN 100486241 C CN100486241 C CN 100486241C CN B2004100594862 A CNB2004100594862 A CN B2004100594862A CN 200410059486 A CN200410059486 A CN 200410059486A CN 100486241 C CN100486241 C CN 100486241C
- Authority
- CN
- China
- Prior art keywords
- tunnel
- length
- maximum transmitted
- gateway
- probe messages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
This invention discloses a method and a system for obtaining the largest transmission path length in the tunnel gateway environment. Said system tunnel gateway includes: a tunnel link MTU obtaining device and its assigning device, the tunnel gateway sets up a tunnel link MTU, when a detection message passes through the gateway, it returns back the ICMP control message to the send party according to the tunnel link MTU and the length of the detection message till the send party considers the message will not be segmented. The message length of this time is the path MTU. By this invention, the tunnel gateway can return back ICMP information gateway simply and effectively to un-segmented IP messages or selects the tunnel MTU or link MTU to segment them to segmented IP messages.
Description
Technical field
The present invention relates to network communications technology field, be specifically related to a kind of method and system of obtaining path maximum transmitted length.
Background technology
Along with development of internet technology, TCP/IP (TCP) agreement has guaranteed that various heterogeneous networks realizations are interconnected, like this, the transmission of IP message just may be passed through multiple mixed type link, as Ethernet, FDDI (Fiber Distributed Data Interface), ATM (asynchronous transfer mode) etc.When two main frames communicated by the Internet, long IP message usually need carry out burst owing to surpassed the restriction of bottom link MTU (maximum transmitted length) when transmission.MTU is meant the maximum amount of data of a physical frame that particular network allowed, and link layer has MTU, and it has limited the maximum transmitted length of Frame, and different network types all has a higher limit, such as, the MTU of Ethernet is 1500.When router was received a datagram greater than the MTU of its network that will transmit, router must be divided into this datagram and can make the length of each sheet all be less than or equal to MTU by the datagram sheet of this network.Each sheet still adopts the form of datagram, and keeps the identifier of former datagram, but only comprises the partial data of former datagram, and when needed, the datagram sheet is burst once more.Suppose to transmit a UDP message bag, the MTU of Ethernet is 1500 bytes, and the general ip stem is 20 bytes, and the UDP stem is 8 bytes, and the payload part of data is 1500-20-8=1472 bytes, if data division greater than 1472 bytes, burst will occur.The IP stem has comprised the burst information required with reorganization.After datagram was by burst, the total length value of each sheet will change the length value of this sheet into.
On a TCP/IP the Internet, in case behind the datagram burst, every is all transmitted as datagram independently, wait until always arrive destination host after, just be reassembled as former message by the IP layer.Whether destination host is investigated each sheet by the identifier of datagram header is the burst of same datagram, and controls burst and reorganization according to sheet skew and sign.
Though brought convenience to the user, also there are some problems in the use of burst recombinant technique: if the abnormal destination host that arrives of a burst in message, the then bust this of whole message need be transmitted whole message again.So, in order to improve message transmissions efficient, wish that the message of transmission does not carry out burst in transmission course, this just needs transmit leg to know link MTU minimum on the entire path, i.e. path mtu (PMTU) at the very start.For this reason, RFC1191 has provided the method for a kind of PMTU of detection, and the process prescription of this method is as follows:
(1) an abundant big IP probe messages of transmit leg structure (length is greater than the MTU of outlet), to the position, DF position in the IP head, identifying this message can not burst, transmission then.
(2) router on the way is if to message fragment, after being checked through position, DF position, will dropping packets, and return ICMP (internet control management protocol) the error control message of a unreachable type of purpose to source host.
(3) after transmit leg is received ICMP error control message, reduce the length of probe messages, and then send.
(4) survey so repeatedly, till transmit leg thought that message can be again by burst, the message length of this moment was PMTU.
Usually utilize echo/reply (response is asked/replied) message of ICMP to realize this scheme.
This method probably can go wrong in the environment of tunnel gateway is arranged.
The tunnel be data seal when transmitting in the payload that is contained in another packet the path of process.Adopt tunneling technique the message of an agreement can be encapsulated in another agreement, and utilize the equipment of second agreement to pass some network nodes, behind the arrival destination, encapsulation is stripped from, and former message is reinjected in this network.Tunneling technique can overcome the locality of network, and two spaced-apart site links are got up.In the Internet many tunnel gateway are arranged now, as IPv4/IPv6 gateway, Ipsec (IP security) gateway or the like.Message can add new IP head, and then transmit with entire I P message as data content through these gateways the time.
The principle that the tunnel is transmitted is as shown in Figure 1: wherein, the source address of new IP head is the tunnel gateway of transmit leg, and destination address is recipient's a tunnel gateway.When message sends to recipient's tunnel gateway, remove new IP head, recover original IP message and continue again to transmit by this gateway.
In the process of internet transmission, if router will be to the overlength message fragment midway, but since probe messages be masked as can not burst, then router is understood dropping packets midway, and return the ICMP error control message of the unreachable type of purpose, can carry the stem of former IP message and the content of follow-up 8 bytes thereof in this message, processing procedure is as shown in Figure 2: the treatable just channel message of router midway, can not see original IP head, so the destination address of IP 1 is the tunnel gateway of transmit leg, source address is a router midway.And the former message information that ICMP carries is the IP head of channel message and 8 follow-up bytes thereof.In this case, the transmit leg tunnel gateway should be transmitted to source host after receiving ICMP error control message, could notify main frame message overlength like this.But tunnel gateway is the source IP address that is difficult to determine former IP message by this message content only, so be difficult to generally speaking icmp packet is returned to source host.
At the problems referred to above, RFC2401 has proposed a solution, and this scheme specifically describes as follows:
(1) the IPsec gateway receives that the unreachable message of ICMP purpose that router midway returns is when (needing burst to message that can not burst), if can determine the source address of former message according to the information of carrying in the icmp packet (new IP head+8 follow-up bytes), just will rebuild ICMP error control message, send it to all possible source host according to this information.
This point might realize in the IPsec gateway, because may be as shown in Figure 3 through the channel message structure of IPsec gateway encapsulation:
Wherein, write down the relevant information of head authentication protocol among the AH (authentication header), connectionless integrity verification, data source authentication, the anti-service of replaying of selectivity are provided.The AH header fields comprises:
Next header: the next header that uses IP protocol number of identification, for example, Next Header value equals " 6 ", represent to be right after thereafter be the TCP header.
Length: AH header length.
SPI (Security Parameter Index): this is 32 pseudorandom values for datagram identification security association.SPI value 0 is retained and shows that " does not have security association to have ".
Sequence number: 32 single increasing sequences since 1 number, do not allow repetition, identify each uniquely and sent packet, for providing bob-weight, security association broadcasts protection.The receiving terminal verification sequence was number for whether the packet of this field value had been received, if then reject this packet.
AD (verify data): comprise integrity checking and.After receiving terminal receives packet, at first carry out hash and calculate, again this field value that is calculated with transmitting terminal relatively, if both equate, the expression data integrity, if data are revised in transmission course, two result of calculations are inconsistent, then abandon this packet.
SPI is an important parameter in the ipsec protocol, and it combines with destination address and security protocol, is used for identifying a security association, determines length of the selected algorithm of transmit leg, key and key etc. with this.SPI distributes according to destination address, is associated with a specific transmit leg, has the different transmit leg messages of identical destination address, and its SPI value is also different.Therefore, available SPI replaces TCP/UDP (transmission control protocol/user datagram protocol) port.
Because the IPsec gateway has all been created a Security Association (SA) for each bar IPsec tunnel, wherein write down the feature of encapsulation parameter and institute's transmitting data stream in tunnel, so require the SA database set up according to RFC2401, be to pass through tlv triple<purpose IP, type of security protocol, SPI〉oppositely find the pairing data flow of former message, thus might find the source IP address or the source IP address scope of former message.
(2) if the IPsec gateway can not obtain the source IP address of former message from the entrained content-data of ICMP error control message, then the outlet MTU of router midway that can be earlier that icmp packet is entrained is kept among the SA corresponding with this message, requirement of going up follow-up transmission to this SA to be monitored is not during the message of burst, compare message length and the MTU that has deposited, if the message overlength then directly sends the unreachable message of ICMP purpose (message that can not burst is needed burst) to source host.At this moment can utilize the source IP of subsequent packet to know the source of message.
Though this scheme is feasible, implement very complicated; And the success of the unreachable message of ICMP purpose is returned and is depended on the special realization mechanism of Ipsec gateway, and this scheme can't realize that for the tunnel gateway of other types versatility is poor.
Summary of the invention
The purpose of this invention is to provide a kind of method and system of obtaining maximum transmitted length in path in the tunnel gateway environment, realize shortcoming complicated, the versatility difference to overcome above-mentioned prior art scheme, make tunnel gateway return ICMP message simply, effectively IP message that can not burst.
The objective of the invention is to be achieved through the following technical solutions:
A kind of method of obtaining maximum transmitted length in path in the tunnel gateway environment may further comprise the steps:
A, set up tunnel links maximum transmitted length by described tunnel gateway;
B, structure can not burst path maximum transmitted length probe messages;
C, send described probe messages to destination node;
D, when described probe messages during through described tunnel gateway, described tunnel gateway is returned the internet control management protocol message according to the tunnel links maximum transmitted length of described foundation and the length of described probe messages to transmit leg;
E, when described transmit leg is received the internet control management protocol message of the unreachable type of purpose, adjust the length of described probe messages by predetermined way, repeat above-mentioned steps c to d, receive the internet control management protocol message of the response newspaper type that described destination node returns up to transmit leg;
F, when described transmit leg receives the internet control management protocol message of the response type that described destination node returns, with the current length of described probe messages as path maximum transmitted length.
Described step a comprises:
A1, on described tunnel gateway, set up at least one tunnel;
A2, with described tunnel as direct-connected data link, obtain the maximum transmitted length of this direct-connected data link;
A3, with the maximum transmitted length of the described direct-connected data link of obtaining tunnel links maximum transmitted length as described tunnel correspondence;
A4, described tunnel links maximum transmitted length is configured in the outlet of described tunnel gateway.
Described step a2 comprises:
Adopt standard agreement to obtain the maximum transmitted length of described direct-connected data link; Perhaps
Adopt proprietary protocol to obtain the maximum transmitted length of described direct-connected data link.
Described step a4 also comprises:
When having many tunnels on the described tunnel gateway, for setting up a logic interfacing in every tunnel;
The tunnel links maximum transmitted length of every tunnel correspondence is configured on the logic interfacing in described tunnel.
Described steps d is specially:
D11, described probe messages is sent on the logic interfacing in corresponding tunnel;
D12, carry out burst by described logic interfacing according to the tunnel links maximum transmitted length of configuration and handle;
D13, when described probe messages length during greater than described tunnel links maximum transmitted length, return the internet control management protocol error control message of the unreachable type of purpose to described transmit leg by described tunnel gateway;
D14, when described probe messages length during less than described tunnel links maximum transmitted length, transmit described probe messages to described tunnel gateway next node.
Described step a4 also comprises:
When having many tunnels on the described tunnel gateway, in described tunnel gateway outlet, set up tunnel links maximum transmitted length concordance list;
The tunnel links maximum transmitted length of described every tunnel correspondence obtaining is write described concordance list.
Described steps d is specially:
D21, obtain according to described probe messages and to transmit the required tunnel of described probe messages;
D22, the described concordance list of retrieval obtain the tunnel links maximum transmitted length of required tunnel correspondence;
D23, when described probe messages length during greater than described tunnel links maximum transmitted length, return the internet control management protocol error control message of the unreachable type of purpose to described transmit leg;
D24, when described probe messages length during less than described tunnel links maximum transmitted length, transmit described probe messages to next node.
Described method also comprises:
G, described tunnel gateway are surveyed described tunnel links maximum transmitted length again by predetermined way;
H, when the tunnel links maximum transmitted length that detects and the tunnel links maximum transmitted length that disposed not simultaneously, upgrade described configuration.
Described predetermined way comprises:
Regularly survey described tunnel links maximum transmitted length; Perhaps
When described tunnel gateway is received the internet control management protocol error control message of the unreachable type of purpose that node returns in the way, tunnel, survey described tunnel links maximum transmitted length again.
Described method also comprises:
Set described tunnel links maximum transmitted length threshold;
When the tunnel links maximum transmitted length of described foundation during, on described tunnel gateway, make the sheet message and carry out Fragmentation dividing according to gateway outbound maximum transmitted length less than described threshold value.
A kind of system that obtains maximum transmitted length in path in the tunnel gateway environment comprises: a plurality of nodes, a plurality of tunnel gateway, the tunnel links that interconnects between the tunnel gateway, the node link that interconnection and node link to each other with tunnel gateway between the node;
Described node comprises: source node, node, destination node midway;
Described tunnel gateway comprises: transmit leg tunnel gateway, recipient's tunnel gateway;
Described transmit leg tunnel gateway comprises:
LI(link interface) is used for communicating with adjacent node;
Tunnel links MTU deriving means is used to obtain described tunnel links MTU;
Tunnel links MTU inking device is used to dispose the tunnel links MTU of described discovery.
Described source node comprises:
Path mtu probe messages setting device is used to set the required message of detective path MTU;
The probe messages length adjuster is used to adjust the length of described path mtu probe messages;
The path mtu discovery device is used for finding path mtu according to the path mtu probe messages.
Described LI(link interface) comprises:
The node link interface is coupled in described logic interfacing, is used for communicating with the adjacent node that is connected by described node link;
The tunnel links interface is coupled in described logic interfacing, is used for communicating with the adjacent node that is connected by described tunnel links.
Described tunnel links MTU inking device comprises:
At least one logic interfacing is coupled in described node link interface and described tunnel links interface respectively, corresponding to described tunnel links, is used to dispose the maximum transmitted length of corresponding tunnel links.
By above technical scheme provided by the invention as can be seen, the present invention is by regarding the tunnel as a direct-connected data link, introduce the notion of tunnel MTU, make message when entering the tunnel, carry out burst according to tunnel MTU, like this, make length greater than tunnel MTU can not burst probe messages be dropped when arriving tunnel gateway, directly return the ICMP error control message of the unreachable type of purpose to the source node main frame by tunnel gateway, when having avoided that probe messages is transmitted in the prior art in the tunnel, ICMP can not be controlled message when being dropped and return the source node main frame owing to the message overlength, perhaps realize complicated situation, simplified in complex network environment measuring and calculating PMTU; Simultaneously, but, can select to adopt tunnel MTU or link MTU that message is carried out burst as required and handle, help improving network transmission efficiency for the IP message of burst.
Description of drawings
Fig. 1 is the tunnel gateway principle schematic;
Fig. 2 is the schematic diagram that returns ICMP error control message when surveying MTU in the prior art in the tunnel gateway environment;
Fig. 3 is the channel message structure through the encapsulation of IPsec gateway;
Fig. 4 is the tunnel links MTU schematic diagram of introducing among the present invention;
Fig. 5 is the flow chart of the inventive method;
Fig. 6 is the IP message format;
Fig. 7 is the icmp packet form;
Fig. 8 is a probe messages form in the inventive method;
Fig. 9 is a flow chart of setting up first embodiment of tunnel links MTU in the inventive method;
Figure 10 is a flow chart of setting up second embodiment of tunnel links MTU in the inventive method;
Figure 11 is the tunnel logic interfacing schematic diagram of setting up in the inventive method;
Figure 12 is the first embodiment networking diagram of system of the present invention;
Figure 13 is the second embodiment networking diagram of system of the present invention;
Figure 14 is the 3rd an embodiment networking diagram of system of the present invention.
Embodiment
Core of the present invention is to introduce the notion in tunnel MTU (maximum transmitted path), promptly in the tunnel minimum link MTU on the Network Transmission path of process, just with the tunnel as a direct-connected data link, referring to Fig. 4 with common various media link attributes.When setting up the tunnel, the method for recommending according to RFC1191 by tunnel gateway or adopt other proprietary protocols to obtain the tunnel links MTU of every tunnel correspondence, and it is configured in the outlet of tunnel gateway.
When path mtu probe messages that can not burst enters the tunnel, if message length is greater than corresponding tunnel links MTU, then directly this probe messages is abandoned, and directly send the unreachable ICMP of purpose (internet control management protocol) message to the source node main frame by tunnel gateway.The source node main frame is regulated the length of path mtu probe messages according to the unreachable icmp packet of the purpose received, when receiving the icmp packet of the response type that destination node is returned, with the current length of described probe messages as path maximum transmitted length.
But, select to adopt tunnel MTU still to adopt outbound MTU that message is carried out burst according to actual needs as the IP of burst (Internet protocol) when message enters the tunnel.When message being carried out burst, can make the tunnel other end receive minimum message fragment according to the length of the tunnel MTU of correspondence; But,, can directly use link MTU that message is carried out burst in order not influence the efficiency of transmission of some link when the value of tunnel MTU during less than a certain predetermined value.
Because the route in the Internet might change, so tunnel path also may change thereupon, therefore, also need safeguard, as the tunnel links MTU that detects the current preservation that upgrades in time when tunnel links MTU changes by the tunnel links MTU of tunnel gateway to every tunnel correspondence obtaining.
In order to make those skilled in the art person understand the present invention program better, the present invention is described in further detail below in conjunction with drawings and embodiments.
With reference to Fig. 5, Fig. 5 shows the detailed process of the inventive method, may further comprise the steps:
Step 501: set up tunnel links maximum transmitted length by tunnel gateway, can adopt the method for recommending among the RFC1191, also can adopt other proprietary protocol methods to realize.
Step 502: the path maximum transmitted length probe messages that structure can not burst.
It is enough big that the length of probe messages is wanted, and is greater than the MTU of outlet at least, adopts the IP message format of standard shown in Figure 6.In the IP head, mark domain comprises 3 bits, and wherein, first bit R reservation is not used; Second bit DF (Don ' t fragment) expression destination host can not burst; The 3rd bit MF (Morefragment): " 1 " represents to also have burst behind this burst, and " 0 " represents do not had burst behind this burst, and except last a slice, the sheet of other each composition datagrams all will be this bit set.With the position, DF position in the mark domain, identifying this message can not burst.
Data message in specific physical frame, is realized the transmission of data message as the data encapsulation of physical frame by the transmission of frame.The destination address of data frame header is the physical address that datagram is sent to next jumping of destination.
Datagram encapsulates at source node, physical frame is passed to next jump, and the recipient extracts data message in the data field from physical frame, loses the head of frame, adopts the frame format of next physical network to encapsulate then, passes to next jumping again, until the destination.
Utilize IC standard MP agreement control and treatment mistake and control information shown in Figure 7, ICMP is encapsulated in the IP packet.Icmp packet is represented the type of message by type field, such as:
Type 8:ICMP echo (icmp echo request);
Type 0:ICMP reply (icmp echo is replied);
Type 3: the unreachable icmp packet of purpose.
ICMP echo message is encapsulated in the probe messages.Behind the encapsulation ICMP echo message, the form of probe messages as shown in Figure 7.
Step 503: send probe messages to destination node.
Step 504: when probe messages process of passing through tunnel gateway, tunnel gateway judges that whether the length of probe messages is greater than tunnel links MTU.
If the length of probe messages is greater than tunnel links MTU,, therefore, enter step 505: the icmp packet that returns the unreachable type of purpose to transmit leg because probe messages can not burst.
Then, enter step 506: after transmit leg is received the icmp packet of the unreachable type of purpose, press the length that predetermined way is adjusted probe messages.
Such as, can adjust the length of probe messages according to following dual mode:
(1) enumerative technique: list all possible path mtu in advance, select these possible path mtus to survey from high to low successively as the length of probe messages;
(2) feedback transmitter: according to the MTU value of the router outlet of writing down in the unreachable type i CMP error control of the purpose of the returning message, with the length of this value as probe messages.
Then, return step 503: continue to send probe messages to destination node.
If the length of probe messages less than tunnel links MTU, then enters step 507: transmit probe messages to destination node.
Then, enter step 508: after destination node is received probe messages, return the icmp packet of responding type to transmit leg.
Step 509: after transmit leg is received the icmp packet of responding type, then with the current length of probe messages as the PMTU that detects.
Fig. 9 shows the above-mentioned flow process of setting up first embodiment of tunnel links MTU:
At first, in step 901: on tunnel gateway, set up many tunnels.
Then, enter step 902: respectively with the tunnel set up as direct-connected data link, obtain the maximum transmitted length of every direct-connected data link.Can adopt the method for recommending among the RFC1191, also can adopt other proprietary protocol methods to obtain the maximum transmitted length of described direct-connected data link.
Step 903: the maximum transmitted length of the direct-connected data link that will obtain is as the tunnel links MTU of this tunnel correspondence;
Step 904: in the tunnel gateway outlet, set up tunnel links MTU concordance list.This concordance list comprises: tunnel portal address, tunnel exit address, tunnel links MTU.
Step 905: the tunnel links MTU of every tunnel correspondence is write concordance list.
After in a manner described the tunnel links MTU of every tunnel correspondence being configured to the concordance list on the tunnel gateway, tunnel gateway is as follows to the processing procedure of the probe messages received:
At first, obtain according to probe messages and to transmit the required tunnel of this probe messages, can know required tunnel according to the routing table that disposes in the destination address of this probe messages and the tunnel gateway;
Then, the search index table obtains the tunnel links MTU of required tunnel correspondence;
When probe messages length during, return the icmp packet of the unreachable type of purpose to transmit leg greater than tunnel links MTU;
When probe messages length during, transmit probe messages to destination node less than tunnel links MTU.
Owing to may set up the different tunnel of a plurality of destinations simultaneously on a tunnel gateway, but the outlet in the local terminal tunnel gateway but is identical, handle for the ease of message forwarding, can adopt the above-mentioned flow process of setting up second embodiment of tunnel links MTU shown in Figure 10:
At first, in step 101: on tunnel gateway, set up many tunnels.
Then, enter step 102: the tunnel links MTU that obtains every tunnel correspondence respectively.Equally, can adopt the method for recommending among the RFC1191, also can adopt other proprietary protocol methods to obtain tunnel links MTU.
Step 103: for setting up a logic interfacing in every tunnel.
Step 104: the tunnel links MTU of every tunnel correspondence is configured on the logic interfacing in this tunnel.
Figure to shown in Figure 11, on this tunnel gateway, set up 3 tunnels: tunnel 1, tunnel 2, tunnel 3, there are 3 logic interfacings in corresponding these 3 tunnels: logic interfacing 1, logic interfacing 2, logic interfacing 3, the tunnel links MTU of configuration is respectively MTU1, MTU2, MTU3.
After in a manner described the tunnel links MTU of every tunnel correspondence being configured on the logic interfacing of foundation, tunnel gateway is as follows to the processing procedure of the probe messages received:
At first, the inlet of tunnel gateway receives probe messages;
Then, the probe messages of receiving is sent on the logic interfacing in corresponding tunnel;
Then, obtain the tunnel links MTU that disposes on this logic interfacing;
By this logic interfacing probe messages and the tunnel links MTU that obtains are transmitted to the tunnel gateway outlet again;
When probe messages length during, return the icmp packet of the unreachable type of purpose to transmit leg greater than tunnel links MTU;
When probe messages length during, transmit probe messages to destination node less than tunnel links MTU.
Because the route in the Internet might change, so tunnel links also may change thereupon, different tunnel links MTU might be different.So tunnel gateway also needs the tunnel links MTU of configuration is safeguarded, as changes, and upgrades in time.In the methods of the invention, tunnel gateway is surveyed tunnel links MTU again by predetermined way, such as, regularly survey tunnel links MTU, perhaps when tunnel gateway is received the icmp packet (the error control message that returns when message that can not burst is needed burst) of the unreachable type of purpose that node returns in the tunnel way, survey tunnel links MTU again; When the tunnel links MTU that detects and the tunnel links MTU that disposed not simultaneously, upgrade original configuration.
By top description as seen, the use of tunnel links MTU give to handle can not burst channel message brought convenience, when channel message that can not burst arrives the logical links interface, if the length of message is greater than tunnel links MTU, then tunnel gateway just can directly abandon it, and to the correct unreachable icmp packet of purpose of source host transmission, after needn't entering the tunnel by the time, message length that can not burst is during greater than the link MTU between the router midway, the intractability that when source host sends the unreachable icmp packet of purpose, increases again, even can not return the problem of effective control message to source host.
Since set up tunnel links MTU, if message just carries out burst according to tunnel links MTU in the porch in tunnel, obviously can make the tunnel other end receive minimum message fragment, like this, help improving efficiency of transmission.Therefore, to IP message that can burst, the implementor can decide in its sole discretion and adopt the tunnel links MTU or the MTU of outbound that message is carried out burst to handle.But when tunnel links MTU too hour, might reduce the efficiency of transmission of some link.
For this reason, the present invention also can take following measure:
Set tunnel links maximum transmitted length threshold;
When the tunnel links maximum transmitted length of setting up during, on tunnel gateway, make the sheet message and carry out Fragmentation dividing according to gateway outbound MTU less than described threshold value;
When the tunnel links maximum transmitted length of setting up during, on tunnel gateway, make the sheet message and carry out Fragmentation dividing according to tunnel links MTU greater than described threshold value.
Figure 12 is the first embodiment networking diagram of system of the present invention:
Comprise: source node 121, transmit leg tunnel gateway 122, recipient's tunnel gateway 123, destination node 124, and the tunnel links between the node link between the node link between source node 121 and the transmit leg tunnel gateway 122, recipient's tunnel gateway 123 and the destination node 124, transmit leg tunnel gateway 122 and the recipient's tunnel gateway 123.
In transmit leg gateway 122, comprise: be used to obtain the tunnel links MTU deriving means 125 of tunnel links MTU, and the tunnel links MTU inking device 126 that is used to dispose the tunnel links MTU that obtains.
When transmit leg tunnel gateway and recipient's tunnel gateway are set up tunnel links, obtain the MTU value of this tunnel links by tunnel links MTU deriving means 125, by tunnel links MTU inking device 126 this value is configured in the outlet of transmit leg tunnel gateway then.
When source node send by node link can not burst path mtu probe messages (IP message) after the transmit leg tunnel gateway, by this tunnel gateway detection messages length, if message length is greater than the tunnel links MTU that has disposed, then directly returned the icmp packet of the unreachable type of purpose to source node by this tunnel gateway, the length of this message of notification source node is long; If message length is less than the tunnel links MTU that has disposed, then this message is encapsulated as channel message by transmit leg tunnel gateway: with former probe messages as data content, add new IP head, source address in the new IP head is the tunnel gateway of transmit leg, destination address is recipient's a tunnel gateway, by tunnel links this message is transmitted to recipient's tunnel gateway.After recipient's tunnel gateway is received channel message, remove new IP head, recover former IP message, be transmitted to destination node through node link then.After destination node is received this message, send it back the icmp packet of answering respond style to source node by original route.
Figure 13 is the second embodiment networking diagram of system of the present invention:
Wherein, source node 121 comprises:
Path mtu probe messages setting device 127 is used to set the required message of detective path MTU;
Probe messages length adjuster 128 is used to adjust the length of described path mtu probe messages;
Path mtu discovery device 129 is used for finding path mtu according to the path mtu probe messages.
When source node needs detective path MTU, at first by path mtu probe messages setting device 127 structural exploration messages, the DF position that is provided with in the message header field is 1, identifying this message can not burst, the MTU value of the length of message greater than the outlet of source node main frame is set, and ICMP error control message is encapsulated in this message, so that the recipient returns control information; Then, source node sends the probe messages of structure to destination node, when process of passing through tunnel, judge by the transmit leg tunnel gateway whether the length of this message surpasses tunnel links MTU at tunnel portal, if surpassed tunnel links MTU, then directly abandon this message, and send the ICMP control message of the unreachable type of purpose to source node, after source node is received icmp packet, according to the icmp packet information of returning, control probe messages length adjuster 128 is adjusted the length of probe messages by path mtu discovery device 129; Then, resend probe messages in a manner described, after receiving the ICMP reply message that destination node sends, then with the length of current probe messages as path mtu.
Figure 14 is the 3rd an embodiment networking diagram of system of the present invention:
Wherein, on transmit leg tunnel gateway, have two tunnels simultaneously: tunnel 1 and tunnel 2, have logic interfacing 223 corresponding to tunnel 1, have logic interfacing 224 corresponding to tunnel 2, the link MTU in tunnel 1 is configured on the logic interfacing 223, and the link MTU in tunnel 2 is configured on the logic interfacing 224.
Logic interfacing 223 and logic interfacing 224 are coupled in node link interface 221 and tunnel links interface 222 respectively.Node link interface 221 is used for communicating with the adjacent node that is connected by node link; Tunnel links interface 222 is used for communicating with the adjacent node that is connected by tunnel links.
When source node send by node link can not burst path mtu probe messages (IP message) after the transmit leg tunnel gateway, at first the node link interface 221 by this tunnel gateway is forwarded to message on the corresponding logic interfacing 223, tunnel links MTU with message and configuration is forwarded on the tunnel links interface 222 by this logic interfacing, this message is handled according to the value of message length and chain road MTU by tunnel links interface 222.
If probe messages does not need burst during by the tunnel, and when the tunnel exit, at tunnel exit to the link MTU between the next node less than this probe messages, at this moment need message is carried out burst, if this message be can not burst message, then need to return the unreachable icmp packet of purpose to source node, because removed the new IP head that increases when entering the tunnel at this message of tunnel exit, revert to original IP message, source address in this IP heading is the address of source node (transmit leg), therefore, the unreachable icmp packet of purpose correctly can be sent to source node.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, wish that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.
Claims (14)
1, a kind of method of obtaining maximum transmitted length in path in the tunnel gateway environment is characterized in that, may further comprise the steps:
A, set up tunnel links maximum transmitted length by described tunnel gateway;
B, structure can not burst path maximum transmitted length probe messages;
C, send described probe messages to destination node;
D, when described probe messages during through described tunnel gateway, described tunnel gateway is returned the internet control management protocol message according to the tunnel links maximum transmitted length of described foundation and the length of described probe messages to transmit leg;
E, when described transmit leg is received the internet control management protocol message of the unreachable type of purpose, adjust the length of described probe messages by predetermined way, repeat above-mentioned steps c to d, receive the internet control management protocol message of the response type that described destination node returns up to transmit leg;
F, when described transmit leg receives the internet control management protocol message of the response type that described destination node returns, with the current length of described probe messages as path maximum transmitted length.
2, the method for obtaining maximum transmitted length in path in the tunnel gateway environment according to claim 1 is characterized in that described step a comprises:
A1, on described tunnel gateway, set up at least one tunnel;
A2, with described tunnel as direct-connected data link, obtain the maximum transmitted length of this direct-connected data link;
A3, with the maximum transmitted length of the described direct-connected data link of obtaining tunnel links maximum transmitted length as described tunnel correspondence;
A4, described tunnel links maximum transmitted length is configured in the outlet of described tunnel gateway.
3, the method for obtaining maximum transmitted length in path in the tunnel gateway environment according to claim 2 is characterized in that described step a2 comprises:
Adopt standard agreement to obtain the maximum transmitted length of described direct-connected data link; Perhaps
Adopt proprietary protocol to obtain the maximum transmitted length of described direct-connected data link.
4, the method for obtaining maximum transmitted length in path in the tunnel gateway environment according to claim 2 is characterized in that described step a4 also comprises:
When having many tunnels on the described tunnel gateway, for setting up a logic interfacing in every tunnel;
The tunnel links maximum transmitted length of every tunnel correspondence is configured on the logic interfacing in every tunnel.
5, the method for obtaining maximum transmitted length in path in the tunnel gateway environment according to claim 4 is characterized in that described steps d is specially:
D11, described probe messages is sent on the logic interfacing in corresponding tunnel;
D12, carry out burst by described logic interfacing according to the tunnel links maximum transmitted length of configuration and handle;
D13, when described probe messages length during greater than described tunnel links maximum transmitted length, return the internet control management protocol error control message of the unreachable type of purpose to described transmit leg by described tunnel gateway;
D14, when described probe messages length during less than described tunnel links maximum transmitted length, transmit described probe messages to the next node of described tunnel gateway.
6, the method for obtaining maximum transmitted length in path in the tunnel gateway environment according to claim 2 is characterized in that described step a4 also comprises:
When having many tunnels on the described tunnel gateway, in described tunnel gateway outlet, set up tunnel links maximum transmitted length concordance list;
The tunnel links maximum transmitted length of described every tunnel correspondence obtaining is write described concordance list.
7, the method for obtaining maximum transmitted length in path in the tunnel gateway environment according to claim 6 is characterized in that described steps d is specially:
D21, obtain the required tunnel that transmits described probe messages according to described probe messages;
D22, the described concordance list of retrieval obtain the tunnel links maximum transmitted length of required tunnel correspondence;
D23, when described probe messages length during greater than described tunnel links maximum transmitted length, return the internet control management protocol error control message of the unreachable type of purpose to described transmit leg;
D24, when described probe messages length during less than described tunnel links maximum transmitted length, transmit described probe messages to the next node of described tunnel gateway.
8, the method for obtaining maximum transmitted length in path in the tunnel gateway environment according to claim 1 is characterized in that described method also comprises:
G, described tunnel gateway are surveyed described tunnel links maximum transmitted length again by predetermined way;
H, when the tunnel links maximum transmitted length that detects and the tunnel links maximum transmitted length set up not simultaneously, upgrade the configuration of tunnel links maximum transmitted length.
9, the method for obtaining maximum transmitted length in path in the tunnel gateway environment according to claim 8 is characterized in that predetermined way comprises described in the step g:
Regularly survey described tunnel links maximum transmitted length; Perhaps
When described tunnel gateway is received the internet control management protocol error control message of the unreachable type of purpose that node returns in the way, tunnel, survey described tunnel links maximum transmitted length again.
10, the method for obtaining maximum transmitted length in path in the tunnel gateway environment according to claim 1 is characterized in that described method also comprises:
Set the threshold value of described tunnel links maximum transmitted length;
When the tunnel links maximum transmitted length of described foundation during, but on described tunnel gateway, fragment message is carried out Fragmentation according to gateway outbound maximum transmitted length less than described threshold value.
11, a kind of system that obtains path maximum transmitted length M TU in the tunnel gateway environment comprises: a plurality of nodes, a plurality of tunnel gateway, the tunnel links that interconnects between the tunnel gateway, the node link that interconnection and node link to each other with tunnel gateway between the node;
Described node comprises: source node, node, destination node midway; Described tunnel gateway comprises: transmit leg tunnel gateway, recipient's tunnel gateway;
It is characterized in that described transmit leg tunnel gateway comprises:
LI(link interface) is used for communicating with adjacent node;
Tunnel links MTU deriving means is used to obtain described tunnel links MTU;
Tunnel links MTU inking device is used to dispose the described tunnel links MTU that obtains;
Described source node, structure can not burst path maximum transmitted length probe messages, and send described probe messages to destination node; And, when receiving the internet control management protocol message of the unreachable type of purpose, again send adjusted probe messages to destination node adjust the length of described probe messages by predetermined way after, up to the internet control management protocol message that receives the response type that described destination node returns; When receiving the internet control management protocol message of the response type that described destination node returns, with the current length of described probe messages as path maximum transmitted length;
Described transmit leg tunnel gateway through out-of-date, according to the tunnel links maximum transmitted length of configuration and the length of described probe messages, is returned the internet control management protocol message to source node in the probe messages that sends when described source node.
12, the system that obtains path maximum transmitted length M TU in the tunnel gateway environment according to claim 11 is characterized in that described source node comprises:
Path mtu probe messages setting device is used to set the required message of detective path MTU;
The probe messages length adjuster is used to adjust the length of the required message of described detective path MTU;
The path mtu discovery device is used for finding path mtu according to the path mtu probe messages.
13, the system that obtains path maximum transmitted length M TU in the tunnel gateway environment according to claim 11 is characterized in that, described tunnel links MTU inking device comprises:
At least one logic interfacing is coupled in node link interface and tunnel that described LI(link interface) comprises respectively
The road LI(link interface) corresponding to described tunnel links, is used to dispose the tunnel links MTU of corresponding tunnel links.
14, the system that obtains path maximum transmitted length M TU in the tunnel gateway environment according to claim 13 is characterized in that described LI(link interface) comprises:
The node link interface is coupled in described logic interfacing, is used for communicating with the adjacent node that is connected by described node link;
The tunnel links interface is coupled in described logic interfacing, is used for communicating with the adjacent node that is connected by described tunnel links.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100594862A CN100486241C (en) | 2004-06-28 | 2004-06-28 | Method and system for obtaining path maximum transmission length in channel gateway environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100594862A CN100486241C (en) | 2004-06-28 | 2004-06-28 | Method and system for obtaining path maximum transmission length in channel gateway environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1716943A CN1716943A (en) | 2006-01-04 |
| CN100486241C true CN100486241C (en) | 2009-05-06 |
Family
ID=35822363
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100594862A Active CN100486241C (en) | 2004-06-28 | 2004-06-28 | Method and system for obtaining path maximum transmission length in channel gateway environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100486241C (en) |
Families Citing this family (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101374101B (en) * | 2007-08-22 | 2011-05-04 | 华为技术有限公司 | Method, equipment and system for transmitting multiplexing packet |
| CN101197783A (en) * | 2007-12-28 | 2008-06-11 | 华为技术有限公司 | Method for data message transmission and converter |
| CN101640645B (en) * | 2009-09-09 | 2012-01-11 | 中兴通讯股份有限公司 | Message transmission method and system |
| CN101695048B (en) * | 2009-10-29 | 2012-05-30 | 福建星网锐捷网络有限公司 | Discovering and processing method of maximum transmission unit of tunnel and device as well as router |
| CN101827031A (en) * | 2010-04-22 | 2010-09-08 | 中兴通讯股份有限公司 | Method and device for packet transmission in user datagram protocol UDP tunnel |
| CN102457404B (en) * | 2010-10-15 | 2016-03-30 | 中兴通讯股份有限公司 | Detect the methods, devices and systems of communication path MTU |
| CN102088410A (en) * | 2011-01-25 | 2011-06-08 | 中国人民解放军国防科学技术大学 | Method and system for message fragmentation |
| CN102868613A (en) * | 2012-08-14 | 2013-01-09 | 中兴通讯股份有限公司 | Method and device for transmission of generic routing encapsulation tunnel packet |
| CN102821051B (en) * | 2012-08-21 | 2015-11-18 | 神州数码网络(北京)有限公司 | PMTU change method in generic routing encapsulation tunnel |
| CN104618275A (en) * | 2015-01-21 | 2015-05-13 | 大唐移动通信设备有限公司 | Fragmentation processing method and equipment |
| CN104601409B (en) * | 2015-01-30 | 2018-01-09 | 新华三技术有限公司 | A kind of MTU detection methods and device |
| CN106302246A (en) * | 2015-06-03 | 2017-01-04 | 中兴通讯股份有限公司 | A kind of method and apparatus adjusting IPv6 tunnel MTU |
| EP3905618A3 (en) | 2015-08-31 | 2022-02-16 | Huawei Technologies Co., Ltd. | Data packet sending method and apparatus in ipv6 network |
| CN107342885A (en) * | 2016-05-03 | 2017-11-10 | 中兴通讯股份有限公司 | Method of adjustment, device and the terminal device of terminal MTU |
| CN109525534A (en) * | 2017-09-18 | 2019-03-26 | 北京握奇智能科技有限公司 | A kind of method and system for guaranteeing message in secure network and not being fragmented |
| CN109873763B (en) * | 2017-12-05 | 2021-12-03 | 北京华为数字技术有限公司 | Communication method and device |
| CN108600861A (en) * | 2018-03-26 | 2018-09-28 | 南京地铁建设有限责任公司 | The long method of adjustment of audio, video data packet based on city rail passenger information system |
| CN110177052A (en) * | 2019-04-30 | 2019-08-27 | 佛山易识科技有限公司 | A kind of fragment processing method and processing device of tunnel packet |
| CN111884877B (en) * | 2020-07-23 | 2022-02-15 | 厦门爱陆通通信科技有限公司 | Method for enhancing effective gateway detection mechanism of IPSEC link stability |
| CN111988309B (en) * | 2020-08-18 | 2022-07-05 | 深圳市联软科技股份有限公司 | ICMP hidden tunnel detection method and system |
| CN112787905A (en) * | 2020-12-25 | 2021-05-11 | 北京中科网威信息技术有限公司 | MTU (maximum Transmission Unit) determining method and system, electronic equipment and storage medium |
| CN114244782A (en) * | 2021-08-27 | 2022-03-25 | 新华三信息安全技术有限公司 | Path maximum transmission unit Path MTU value adjusting method and device |
| CN116015943B (en) * | 2022-12-30 | 2024-03-12 | 电子科技大学 | Privacy protection method based on multi-level tunnel confusion |
-
2004
- 2004-06-28 CN CNB2004100594862A patent/CN100486241C/en active Active
Non-Patent Citations (4)
| Title |
|---|
| Path MTU Discovery. J.Mogul,S.Deering.Request for Comments,Vol.1191 . 1990 |
| Path MTU Discovery. J.Mogul,S.Deering.Request for Comments,Vol.1191 . 1990 * |
| Security Architecture for the Internet Protocol. S.Kent,R.Atkinson.Request for Comments,Vol.2401 . 1998 |
| Security Architecture for the Internet Protocol. S.Kent,R.Atkinson.Request for Comments,Vol.2401 . 1998 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1716943A (en) | 2006-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100486241C (en) | Method and system for obtaining path maximum transmission length in channel gateway environment | |
| KR100910818B1 (en) | Method and system for tunneling macsec packets through non-macsec nodes | |
| CN101218575B (en) | Techniques for migrating a point to point protocol to a protocol for an access network | |
| US7853691B2 (en) | Method and system for securing a network utilizing IPsec and MACsec protocols | |
| US7143282B2 (en) | Communication control scheme using proxy device and security protocol in combination | |
| US7499445B2 (en) | System and method for routing ISIS traffic through unidirectional links of a computer network | |
| US7310688B1 (en) | Relative addressing for network elements | |
| EP2100406B1 (en) | Method and apparatus for implementing multicast routing | |
| US20020055999A1 (en) | System and method for measuring quality of service | |
| US20120106339A1 (en) | Probing Specific Customer Flow in Layer-2 Multipath Networks | |
| CN104683210B (en) | A kind of automatic method and apparatus for establishing tunnel | |
| US20120300781A1 (en) | Packet Routing in a Network | |
| CN103262472A (en) | Computer system, controller, controller manager, and communication path analysis method | |
| Loshin | IPv6 clearly explained | |
| CN115314467B (en) | Data communication system and method based on distribution network differential protection | |
| WO2021088813A1 (en) | Packet encapsulating method and apparatus, and packet decapsulating method and apparatus | |
| CN107154917A (en) | Data transmission method and server | |
| CN100484101C (en) | A method, system and device to transport the IPv6 message of Ethernet | |
| CN100353711C (en) | Communication system, communication apparatus, operation control method, and program | |
| KR100849494B1 (en) | Apparatus and Method for IPv6 Tunneling | |
| WO2022132208A1 (en) | Performance measurement in a segment routing network | |
| JP2001067291A (en) | Network monitor system | |
| US11924095B1 (en) | Utilizing network routing to communicate covert message | |
| CN110752992B (en) | Device and method for realizing point-to-multipoint by MPLS SBFD reflection end | |
| CN101350693B (en) | Method and apparatus for conveying protocol information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |