Summary of the invention
The object of the present invention is to provide VRRPE message processing method and equipment in a kind of double layer network, with the saving Internet resources, and improve Systems balanth.For this reason, the present invention adopts following technical scheme:
VRRPE message processing method in a kind of double layer network is applied to comprise the VRRPE networking of two-layer switching equipment and VRRPE backup group, and described VRRPE backup group is realized interconnected by two-layer switching equipment, and the method comprises:
Described two-layer switching equipment receives the VRRPE message, and safeguards VRRP Snooping list item according to this VRRPE message; Record notification time, source media interviews control MAC Address and the incoming interface of VRRP backup group sign, VRRPE message in the described VRRP Snooping list item;
Described two-layer switching equipment is according to the described VRRP Snooping list item of VRRPE backup group sign inquiry that carries in the described VRRPE message, the VRRPE backup group that carries in recording VRRPE backup group sign and described VRRPE message in the described VRRP Snooping list item identifies identical, but the source MAC that carries in source MAC and the described VRRPE message, and during the incoming interface list item different from the incoming interface that receives described VRRPE message, described two-layer switching equipment replaces with the source MAC that records in this list item with the target MAC (Media Access Control) address of described VRRPE message, and the VRRPE message after according to the source MAC that records in this list item and incoming interface this target MAC (Media Access Control) address being replaced carries out two layers of unicast forwarding; Otherwise two-layer switching equipment stops two layers of forwarding of described VRRPE message.
Wherein, described two-layer switching equipment is safeguarded VRRP Snooping list item according to described VRRPE message, is specially:
Described two-layer switching equipment is according to the described VRRP Snooping list item of VRRPE backup group sign inquiry that carries in the described VRRPE message;
When not recording the list item of the VRRPE backup group sign correspondence of carrying in the described VRRPE message in the described VRRP Snooping list item, described two-layer switching equipment is set up list item corresponding to this VRRPE backup group sign, and notification time, the source MAC of the VRRPE message that carries in the described VRRPE message and the incoming interface that receives this VRRPE message are recorded in this list item;
In described VRRP Snooping list item, record list item corresponding to VRRPE backup group sign that carries in the described VRRPE message, but there is not the source MAC that carries in source MAC and the described VRRPE message in the list item of the VRRPE backup group that carries in described VRRPE message sign correspondence, and incoming interface and the incoming interface that receives described VRRPE message are all during identical list item, described two-layer switching equipment increases the list item of the VRRPE backup group sign of carrying in the described VRRPE message of correspondence, and with the notification time of the VRRPE message that carries in the described VRRPE message, source MAC and the incoming interface that receives this VRRPE message are recorded in this newly-increased list item;
In described VRRP Snooping list item, record list item corresponding to VRRPE backup group sign that carries in the described VRRPE message, and exist incoming interface identical with the incoming interface that receives described VRRPE message in the list item of the VRRPE backup group that carries in described VRRPE message sign correspondence, but during the different list item of the source MAC that carries in source MAC and the described VRRPE message, described two-layer switching equipment is with the notification time of the VRRPE message in the list item, source MAC and incoming interface replace with respectively the notification time of the VRRPE message that carries in the described VRRPE message, source MAC and the incoming interface that receives described VRRPE message;
In described VRRP Snooping list item, record list item corresponding to VRRPE backup group sign that carries in the described VRRPE message, and there is the source MAC that carries in source MAC and the described VRRPE message in the list item of the VRRPE backup group that carries in described VRRPE message sign correspondence, and incoming interface is all identical with the incoming interface that receives described VRRPE message, but during the not identical list item of the notification time of the VRRPE message that carries in the notification time of VRRPE message and the described VRRPE message, described two-layer switching equipment replaces with the notification time in this list item the notification time of the VRRPE message that carries in the described VRRPE message.
Wherein, be provided with VRRP Snooping list item ageing timer in the described two-layer switching equipment;
When described two-layer switching equipment before ageing timer is overtime, VRRPE backup group sign in the notification time that incoming interface from list item corresponding to this ageing timer receives VRRPE backup group sign, VRRPE message and this list item, when the notification time of VRRPE message is distinguished identical VRRPE message, described two-layer switching equipment upgrades this ageing timer;
When described two-layer switching equipment before ageing timer is overtime, it is identical that the incoming interface that records from list item corresponding to this ageing timer receives the VRRPE backup group that records in VRRPE backup group sign and this list item, but during the different VRRPE message of the notification time of the VRRPE message that records in the notification time of VRRPE message and this list item, described two-layer switching equipment is according to the notification time of the VRRPE message that carries in this VRRPE message this ageing timer of resetting;
When described two-layer switching equipment before ageing timer is overtime, when the incoming interface that does not record from list item corresponding to this ageing timer received the identical VRRPE message of VRRP backup group, described two-layer switching equipment was deleted this list item.
Wherein, the method also comprises:
When described two-layer switching equipment when to receive virtual transponder VF priority be 0 VRRPE notification packet, described two-layer switching equipment is according to carrying VRRPE backup group sign in this VRRPE notification packet and receiving the incoming interface inquiry of this VRRPE notification packet and delete corresponding list item in the described VRRP Snooping list item;
Having VRRPE backup group sign and this VF priority in described VRRP Snooping list item is that the VRRPE backup group of 0 VRRPE notification packet identifies identical, the source MAC of source MAC and this VRRPE notification packet, and during the incoming interface list item different from the incoming interface that receives this VRRPE notification packet, described two-layer switching equipment replaces with source MAC in this list item with the target MAC (Media Access Control) address of this VRRPE notification packet, and the VRRPE notification packet after according to the source MAC that records in this list item and incoming interface this target MAC (Media Access Control) address being replaced carries out two layers of unicast forwarding.
Wherein, also record virtual MAC address and empty Internet protocol IP address in the VRRP Snooping list item of safeguarding in the described two-layer switching equipment;
The method also comprises:
When described two-layer switching equipment receives the ARP request message that purpose IP address that client sends and the virtual IP address in the VRRP Snooping list item mate, described two-layer switching equipment stops this ARP request message, and determines the virtual MAC address corresponding with this purpose IP address according to VRRP Snooping list item corresponding to this purpose IP address;
When the described virtual MAC address corresponding with this purpose IP address was one, described two-layer switching equipment was carried at the corresponding relation of described purpose IP address and this virtual MAC address and returns to described client in the arp reply message;
When the described virtual MAC address corresponding with this purpose IP address when being a plurality of, described two-layer switching equipment is selected one from described a plurality of virtual MACs address, and the corresponding relation of described purpose IP address and selected virtual MAC address is carried at returns to described client in the arp reply message.
Wherein, described two-layer switching equipment is safeguarded VRRP Snooping list item according to described VRRPE message, also comprises:
In described VRRP Snooping list item, record list item corresponding to VRRPE backup group sign that carries in the described VRRPE message, and there is the source MAC that carries in source MAC and the described VRRPE message in the list item of the VRRPE backup group that carries in described VRRPE message sign correspondence, the notification time of the VRRPE message that carries in the notification time of VRRP message and the described VRRPE message, and incoming interface is all identical with the incoming interface that receives described VRRPE message, but during the not identical list item in the virtual MAC address of carrying in virtual MAC address and the described VRRPE message, described two-layer switching equipment is recorded to the virtual MAC address of carrying in the described VRRPE message in this list item.
A kind of two-layer switching equipment is applied to comprise VRRPE backup group VRRPE networking, and described VRRPE backup group is realized interconnected by two-layer switching equipment, and this two-layer switching equipment comprises:
Receiver module is used for receiving the VRRPE message;
Maintenance module is used for safeguarding VRRP Snooping list item according to this VRRPE message; Record notification time, source media interviews control MAC Address and the incoming interface of VRRP backup group sign, VRRPE message in the described VRRP Snooping list item;
Sending module, the VRRPE backup group that is used for carrying in described VRRP Snooping list item records VRRPE backup group sign and described VRRPE message identifies identical, but the source MAC that carries in source MAC and the described VRRPE message, and during the incoming interface list item different from the incoming interface that receives described VRRPE message, the target MAC (Media Access Control) address of described VRRPE message is replaced with the source MAC that records in this list item, and the VRRPE message after according to the source MAC that records in this list item and incoming interface this target MAC (Media Access Control) address being replaced carries out two layers of unicast forwarding; Otherwise, stop two layers of forwarding of described VRRPE message.
Wherein, described maintenance module specifically is used for realizing safeguarding VRRP Snooping list item according to described VRRPE message in the following manner:
According to the described VRRP Snooping list item of VRRPE backup group sign inquiry that carries in the described VRRPE message;
When not recording the list item of the VRRPE backup group sign correspondence of carrying in the described VRRPE message in the described VRRP Snooping list item, set up list item corresponding to this VRRPE backup group sign, and notification time, the source MAC of the VRRPE message that carries in the described VRRPE message and the incoming interface that receives this VRRPE message are recorded in this list item;
In described VRRP Snooping list item, record list item corresponding to VRRPE backup group sign that carries in the described VRRPE message, but there is not the source MAC that carries in source MAC and the described VRRPE message in the list item of the VRRPE backup group that carries in described VRRPE message sign correspondence, and incoming interface and the incoming interface that receives described VRRPE message are all during identical list item, increase the list item of the VRRPE backup group sign of carrying in the described VRRPE message of correspondence, and with the notification time of the VRRPE message that carries in the described VRRPE message, source MAC and the incoming interface that receives this VRRPE message are recorded in this newly-increased list item;
In described VRRP Snooping list item, record list item corresponding to VRRPE backup group sign that carries in the described VRRPE message, and exist incoming interface identical with the incoming interface that receives described VRRPE message in the list item of the VRRPE backup group that carries in described VRRPE message sign correspondence, but during the different list item of the source MAC that carries in source MAC and the described VRRPE message, with the notification time of the VRRPE message in the list item, source MAC and incoming interface replace with respectively the notification time of the VRRPE message that carries in the described VRRPE message, source MAC and the incoming interface that receives described VRRPE message;
In described VRRP Snooping list item, record list item corresponding to VRRPE backup group sign that carries in the described VRRPE message, and there is the source MAC that carries in source MAC and the described VRRPE message in the list item of the VRRPE backup group that carries in described VRRPE message sign correspondence, and incoming interface is all identical with the incoming interface that receives described VRRPE message, but during the not identical list item of the notification time of the VRRPE message that carries in the notification time of VRRPE message and the described VRRPE message, the notification time in this list item is replaced with the notification time of the VRRPE message that carries in the described VRRPE message.
Wherein, be provided with VRRP Snooping list item ageing timer in the described two-layer switching equipment;
Described maintenance module also is used for, when described two-layer switching equipment before ageing timer is overtime, VRRPE backup group sign in the notification time that incoming interface from list item corresponding to this ageing timer receives VRRPE backup group sign, VRRPE message and this list item, when the notification time of VRRPE message is distinguished identical VRRPE message, described two-layer switching equipment upgrades this ageing timer; When described two-layer switching equipment before ageing timer is overtime, it is identical that the incoming interface that records from list item corresponding to this ageing timer receives the VRRPE backup group that records in VRRPE backup group sign and this list item, but during the different VRRPE message of the notification time of the VRRPE message that records in the notification time of VRRPE message and this list item, described two-layer switching equipment is according to the notification time of the VRRPE message that carries in this VRRPE message this ageing timer of resetting; When described two-layer switching equipment before ageing timer is overtime, when the incoming interface that does not record from list item corresponding to this ageing timer received the identical VRRPE message of VRRP backup group, described two-layer switching equipment was deleted this list item.
Wherein, described maintenance module also is used for, when described receiver module when to receive virtual transponder VF priority be 0 VRRPE notification packet, according to carrying VRRPE backup group sign in this VRRPE notification packet and receiving the incoming interface inquiry of this VRRPE notification packet and delete corresponding list item in the described VRRP Snooping list item;
Described sending module also is used for, having VRRPE backup group sign and this VF priority in described VRRP Snooping list item is that the VRRPE backup group of 0 VRRPE notification packet identifies identical, the source MAC of source MAC and this VRRPE notification packet, and during the incoming interface list item different from the incoming interface that receives this VRRPE notification packet, the target MAC (Media Access Control) address of this VRRPE notification packet is replaced with source MAC in this list item, and the VRRPE notification packet after according to the source MAC that records in this list item and incoming interface this target MAC (Media Access Control) address being replaced carries out two layers of unicast forwarding.
Wherein, also record virtual MAC address and empty Internet protocol IP address in the VRRP Snooping list item that described two-layer switching equipment is safeguarded;
Described two-layer switching equipment also comprises:
The ARP responder module, be used for when described receiver module receives the ARP request message that the virtual IP address of purpose IP address that client sends and VRRP Snooping list item mates, stop this ARP request message, and determine the virtual MAC address corresponding with this purpose IP address according to VRRP Snooping list item corresponding to this purpose IP address; When the described virtual MAC address corresponding with this purpose IP address is one, the corresponding relation of described purpose IP address and this virtual MAC address is carried at returns to described client in the arp reply message; When the described virtual MAC address corresponding with this purpose IP address when being a plurality of, from described a plurality of virtual MACs address, select one, and the corresponding relation of described purpose IP address and selected virtual MAC address is carried at returns to described client in the arp reply message.
Wherein, described maintenance module also is used for, in described VRRP Snooping list item, record list item corresponding to VRRPE backup group sign that carries in the described VRRPE message, and there is the source MAC that carries in source MAC and the described VRRPE message in the list item of the VRRPE backup group that carries in described VRRPE message sign correspondence, the notification time of the VRRPE message that carries in the notification time of VRRP message and the described VRRPE message, and incoming interface is all identical with the incoming interface that receives described VRRPE message, but during the not identical list item in the virtual MAC address of carrying in virtual MAC address and the described VRRPE message, the virtual MAC address of carrying in the described VRRPE message is recorded in this list item.
In the above embodiment of the present invention, after two-layer switching equipment receives the VRRPE message, judge in the VRRPE backup group that sends this VRRPE message whether also have other routing device according to the VRRPE backup group sign, the source MAC that carry in this message and the incoming interface that receives this VRRPE message, and when being judged as when being, the target MAC (Media Access Control) address of this VRRPE message is replaced with corresponding unicast mac address, and carry out two layers of unicast forwarding, prevented the broadcast transmission of message; When the determination result is NO, stop the forwarding of this VRRPE message, effectively reduced flooding of the interior VRRPE message of double layer network, saved Internet resources, improved the stability of a system.
Embodiment
For the above-mentioned problems in the prior art, the embodiment of the invention provides the technical scheme that the VRRPE message is processed in a kind of double layer network, is applied to comprise the VRRPE networking of two-layer switching equipment and VRRPE backup group.In this technical scheme, the VRRPE backup group is realized interconnected by two-layer switching equipment, when two-layer switching equipment receives the VRRPE message of the router transmission in the VRRPE backup group, safeguards the VRRPE list item according to this VRRPE message; This two-layer switching equipment is according to the VRRPE backup group sign inquiry VRRP Snooping list item that carries in the VRRPE message that receives, and record the VRRPE backup group that carries in VRRPE backup group sign and this VRRPE message in the VRRP Snooping list item and identify identical, but the source MAC that carries in source MAC and this VRRPE message, and during the incoming interface list item different from the incoming interface that receives this VRRPE message, two-layer switching equipment replaces with the source MAC that records in this list item with the target MAC (Media Access Control) address of the VRRPE message that receives, and the VRRPE message after according to the source MAC that records in this list item and incoming interface this target MAC (Media Access Control) address being replaced carries out two layers of unicast forwarding; Otherwise two-layer switching equipment stops the forwarding of this VRRPE message.Wherein, record notification time, source MAC, virtual MAC address and the incoming interface of VRRP backup group sign, VRRPE message in the VRRPE list item that two-layer switching equipment is safeguarded, its form can be as shown in table 1:
Table 1
Wherein, VRRP VRID, notification time and source MAC are respectively VRRPE backup group sign, notification time and the source MAC that carries in the VRRPE message that two-layer switching equipment receives, and incoming interface is the incoming interface that two-layer switching equipment receives this VRRPE message.
In embodiments of the present invention, after two-layer switching equipment receives the VRRPE message, judge in the VRRPE backup group that sends this VRRPE message whether also have other routing device according to the VRRPE backup group sign, the source MAC that carry in this message and the incoming interface that receives this VRRPE message, and when being judged as when being, the target MAC (Media Access Control) address of this VRRPE message is replaced with corresponding unicast mac address, and carry out two layers of unicast forwarding, prevented the broadcast transmission of message; When the determination result is NO, stop the forwarding (namely this VRRPE message not being transmitted) of this VRRPE message, effectively reduced flooding of the interior VRRPE message of double layer network, saved Internet resources, improved the stability of a system.
Below in conjunction with the accompanying drawing in the embodiments of the invention, the technical scheme in the embodiments of the invention is carried out clear, complete description, obviously, the embodiments described below only are the application's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not paying the every other embodiment that obtains under the creative work prerequisite, all belong to the scope of embodiments of the invention protection.
As shown in Figure 3, the schematic flow sheet of VRRPE message processing method in a kind of double layer network that provides for the embodiment of the invention can may further comprise the steps:
Step 301, two-layer switching equipment receive the VRRPE message, and safeguard VRRP Snooping list item according to this VRRPE message.
Concrete, when two-layer switching equipment receives message, can judge whether this message is the VRRPE message according to the message characteristic of this message.For example, if the protocol number of the message that two-layer switching equipment receives is 112, version number is 8 or 9, and then two-layer switching equipment determines that this message is the VRRPE message.
In embodiments of the present invention, when two-layer switching equipment receives the VRRPE message, can safeguard VRRP Snooping list item according to this VRRPE message.
Wherein, in embodiments of the present invention, two-layer switching equipment safeguards that according to the VRRPE message VRRP Snooping list item can specifically realize in the following manner:
Two-layer switching equipment is according to the VRRPE backup group sign inquiry VRRP Snooping list item that carries in the VRRPE message that receives;
When not recording the list item of the VRRPE backup group sign correspondence of carrying in this VRRPE message in the VRRP Snooping list item, two-layer switching equipment is set up list item corresponding to this VRRPE backup group sign, and notification time, the source MAC of the VRRPE message that carries in this VRRPE message and the incoming interface that receives this VRRPE message are recorded in this list item;
When recording list item corresponding to VRRPE backup group sign that carries in this VRRPE message in the VRRP Snooping list item, but there is not the source MAC that carries in source MAC and this VRRPE message in the list item of the VRRPE backup group that carries in this VRRPE message sign correspondence, and incoming interface and the incoming interface that receives this VRRPE message are all during identical list item, two-layer switching equipment increases by one to the list item of the VRRPE backup group sign of carrying in should the VRRPE message, and with the notification time of the VRRPE message that carries in this VRRPE message, source MAC and the incoming interface that receives this VRRPE message are recorded in this newly-increased list item;
When recording list item corresponding to VRRPE backup group sign that carries in this VRRPE message in the VRRP Snooping list item, and exist incoming interface identical with the incoming interface that receives this VRRPE message in the list item of the VRRPE backup group that carries in this VRRPE message sign correspondence, but during the different list item of the source MAC that carries in source MAC and this VRRPE message, two-layer switching equipment is with the notification time of the VRRPE message in the list item, source MAC and incoming interface replace with respectively the notification time of the VRRPE message that carries in this VRRPE message, source MAC and the incoming interface that receives this VRRPE message;
When recording list item corresponding to VRRPE backup group sign that carries in this VRRPE message in the VRRP Snooping list item, and there is the source MAC that carries in source MAC and this VRRPE message in the list item of the VRRPE backup group that carries in this VRRPE message sign correspondence, and incoming interface is all identical with the incoming interface that receives this VRRPE message, but during the not identical list item of the notification time of the VRRPE message that carries in the notification time of VRRPE message and this VRRPE message, two-layer switching equipment replaces with the notification time in this list item the notification time of the VRRPE message that carries in this VRRPE message.
Step 302, two-layer switching equipment are according to the VRRPE backup group sign inquiry VRRP Snooping list item that carries in this VRRPE message, the VRRPE backup group that carries in recording VRRPE backup group sign and VRRPE message in this VRRP Snooping list item identifies identical, but the source MAC that carries in source MAC and this VRRPE message, and during the incoming interface list item different from the incoming interface that receives this VRRPE message, go to step 303; Otherwise, go to step 304.
Concrete, in embodiments of the present invention, in order to prevent that the VRRPE message floods in the double layer network, after two-layer switching equipment receives the VRRPE message, only give other routers that belong to same VRRPE backup group with the router that sends this VRRPE message with this VRRPE message repeating.
Wherein, two-layer switching equipment can be according to the VRRPE backup group sign inquiry VRRP Snooping list item that carries in the VRRPE message that receives, the VRRPE backup group that carries in recording VRRPE backup group sign and this VRRPE message in the VRRP Snooping list item identifies identical, but the source MAC that carries in source MAC and this VRRPE message, and during the incoming interface list item different from the incoming interface that receives this VRRPE message, determine to send the router that also has other in the VRRPE backup group under the router of this VRRPE message; Otherwise, determine to send the router that does not have other in the VRRPE backup group under the router of this VRRPE message.
Step 303, two-layer switching equipment replace with the source MAC that records in this list item with the target MAC (Media Access Control) address of this VRRPE message, and the VRRPE message after according to the source MAC that records in this list item and incoming interface this target MAC (Media Access Control) address being replaced carries out two layers of unicast forwarding.
Concrete, the VRRPE backup group that carries in two-layer switching equipment determines to record in the VRRP Snooping list item VRRPE backup group sign and the VRRPE message that receives identifies identical, but the source MAC that carries in source MAC and this VRRPE message, and the incoming interface list item different from the incoming interface that receives this VRRPE message, namely send when also having other routers in the VRRPE backup group under the router of VRRPE message, two-layer switching equipment replaces with source MAC in the corresponding list item with the target MAC (Media Access Control) address of this VRRPE message, and the VRPPE message after according to the source MAC that records in this list item and incoming interface target MAC (Media Access Control) address being replaced carries out two layers of unicast forwarding
Step 304, two-layer switching equipment stop two layers of forwarding of this VRRPE message.
Concrete, there is not other router in the VRRPE backup group under two-layer switching equipment determines to send the router of this VRRPE message, two-layer switching equipment is not transmitted this VRRPE message.Wherein, two-layer switching equipment can directly abandon this VRRPE message.
Further, in embodiments of the present invention, VRRP Snooping list item ageing timer can be set, and according to ageing timer corresponding list item be safeguarded.
Concrete, for each list item in the VRRP Snooping list item, two-layer switching equipment all can arrange according to the notification time of VRRPE message corresponding ageing timer.Before ageing timer is overtime, the incoming interface that two-layer switching equipment records from list item corresponding to this ageing timer receives the VRRPE backup group that records in VRRPE backup group sign, notification time and this list item, notification time respectively during identical VRRPE message, and two-layer switching equipment upgrades this ageing timer; Before ageing timer is overtime, it is identical that the incoming interface that two-layer switching equipment records from list item corresponding to this ageing timer receives the VRRPE backup group that records in VRRPE backup group sign and this list item, but during the different VRRPE message of the notification time that records in notification time and this list item, two-layer switching equipment is according to the notification time of carrying in this VRRPE message this ageing timer of resetting; Overtime when ageing timer, when the incoming interface that two-layer switching equipment does not record from list item corresponding to this ageing timer received the identical VRRPE message of VRRP backup group, two-layer switching equipment was deleted this list item.Preferably, the overtime time limit of ageing timer can be set to 3 times notification time.
Further, the router in the VRRPE backup group can send VF(Virtual Forwarder, virtual transponder to two-layer switching equipment when withdrawing from backup group) priority is 0 VRRPE notification packet.In embodiments of the present invention, when two-layer switching equipment when to receive VF priority be 0 VRRPE notification packet, two-layer switching equipment inquires about and deletes corresponding list item in VRRP Snooping list item according to this VRRPE notification packet, and the target MAC (Media Access Control) address of this VRRPE notification packet is replaced with VRRPE backup group sign identify identical with the VRRPE backup group of this VRRPE notification packet, the source MAC of source MAC and this VRRPE notification packet, and the source MAC that records in the incoming interface list item different from the incoming interface that receives this VRRPE notification packet, and the VRRPE notification packet after target MAC (Media Access Control) address replaced is transmitted to corresponding router.The router that receives this VRRPE notification packet is processed according to the message handling process of agreement regulation, takes over the virtual MAC address of carrying in this VRRPE notification packet.The router of taking over the virtual MAC address of carrying in this VRRPE notification packet sends two VRRPE messages to two-layer switching equipment, and one of them carries the virtual MAC of self, and another carries the virtual MAC of taking over, and its specific implementation flow process does not repeat them here.Wherein, after two-layer switching equipment receives the VRRPE message, safeguard VRRP Snooping list item according to the VRRPE message that receives.
Further, in embodiments of the present invention, can also record the virtual MAC address and the virtual IP address that carry in the VRRPE message that two-layer switching equipment receives in the VRRP Snooping list item.Correspondingly, when two-layer switching equipment receives the ARP request message that client sends, and during the coupling of the virtual IP address in the purpose IP address of this ARP request message and the VRRP Snooping list item, two-layer switching equipment stops this ARP request message, and according in should the list item of purpose IP address, determining virtual MAC address corresponding to this purpose IP address in the VRRP Snooping list item, when virtual MAC address corresponding to this purpose IP address was one, two-layer switching equipment was carried at the corresponding relation of this purpose IP address and virtual MAC address in the arp reply message and returns to client; When virtual MAC address corresponding to this purpose IP address when being a plurality of, two-layer switching equipment is selected a virtual MAC address from a plurality of virtual MACs address corresponding to this purpose IP address, and the corresponding relation of purpose IP address and selected virtual MAC address is carried in the arp reply message returns to client, avoided the broadcasting of ARP request message in VLAN, reduce flooding of ARP request message, saved Internet resources.Wherein, two-layer switching equipment selects the mode of a virtual MAC address to select for poll from a plurality of virtual MACs address corresponding to purpose IP address, the random mode such as selection, and its specific implementation does not repeat them here.
Correspondingly, when two-layer switching equipment receives the VRRPE message, and record list item corresponding to VRRPE backup group sign that carries in this VRRPE message in the VRRP Snooping list item, and there is the source MAC that carries in source MAC and the VRRPE message in the list item of the VRRPE backup group that carries in VRRPE message sign correspondence, the notification time of the VRRPE message that carries in the notification time of VRRP message and this VRRPE message, and incoming interface is all identical with the incoming interface that receives the VRRPE message, but during the not identical list item in the virtual MAC address of carrying in virtual MAC address and this VRRPE message, this two-layer switching equipment is recorded to the virtual MAC address of carrying in this VRRPE message in this list item.
Below in conjunction with concrete application scenarios the technical scheme that the embodiment of the invention provides is further described in more detail.
In this embodiment, the VRRP Snooping list item of safeguarding in the two-layer switching equipment can be as shown in table 2:
Table 2
Wherein, corresponding each the VRRP Snooping list item of two-layer switching equipment is provided with ageing timer, is limited to 3 times notification time during ageing timer overtime.
VRRP VRID is 1, notification time is that 1s, source MAC are that 0-0-1, virtual MAC address are that 000f-e2ff-0011, virtual IP address are the VRRPE message of 20.10.0.10 if two-layer switching equipment receives from interface E0/1, two-layer switching equipment is inquired about VRRP Snooping list item according to this VRRPE switch according to the respective field in this VRRPE message, determine to exist in the VRRP Snooping list item list item of coupling, then two-layer switching equipment upgrades ageing timer corresponding to this list item.
Further, two-layer switching equipment according to Query Result as can be known, also exist the VRRP VRID that carries in two VRRP VRID and the VRRPE message that receives identical in the VRRP Snooping list item, but the source MAC (0-0-1) that carries in source MAC and this VRRPE message, and the incoming interface list item different from the incoming interface that receives this VRRPE message (E0/1), two-layer switching equipment replaces with 0-0-2 and 0-0-3 with the target MAC (Media Access Control) address of this VRRPE message respectively, and respectively according to corresponding relation (0-0-2 and the E0/2 of the source MAC that records in the corresponding list item and incoming interface, 0-0-3 and E0/3) inquire about the two layer MAC address table, and then the VRRPE message after the target MAC (Media Access Control) address replacement is carried out two layers of unicast forwarding by corresponding interface.
If it is 2 that two-layer switching equipment receives VRRP VRID from interface E0/4, notification time is 1s, source MAC is 0-0-4, the virtual MAC address is 000f-e2ff-0021, virtual IP address is the VRRPE message of 30.10.0.10, two-layer switching equipment is according to the respective field inquiry VRRP Snooping list item of this VRRPE message, determining not exist in the VRRP Snooping list item VRRP VRID is 2 list item, then two-layer switching equipment is set up should VRRP VRID(2) list item, and the respective field of carrying in this VRRPE message is recorded in this list item, wherein, this list item can be as shown in table 3:
Table 3
After two-layer switching equipment is set up this list item, arrange ageing timer that should list item, be limited to 3s when it is overtime.
If it is the ARP request message of 20.0.0.10 that two-layer switching equipment receives the purpose IP address of client transmission, two-layer switching equipment determines that according to this purpose IP address lookup VRRP Snooping list item virtual MAC address corresponding to this purpose IP address comprises: 000f-e2ff-0011,000f-e2ff-0012 and 000f-e2ff-0013.The mode that two-layer switching equipment is selected by poll is therefrom selected a virtual MAC address, such as 000f-e2ff-0012, and the corresponding relation of this virtual MAC address (000f-e2ff-0012) and purpose IP address is carried at returns to this client in the arp reply message.
Can find out by above description, in the technical scheme that the embodiment of the invention provides, after two-layer switching equipment receives the VRRPE message, this VRRPE message is not transmitted in VLAN, but this VRRPE message repeating is given other routers that belong to same VRRPE backup group with the router that sends this VRRPE message by mode of unicast, prevented that effectively the VRRPE message floods in the double layer network, saved Internet resources, improved the stability of a system.
Based on the inventive concept of said method embodiment system, the embodiment of the invention also provides a kind of two-layer switching equipment, can be used as two-layer switching equipment and is applied to said method embodiment.
As shown in Figure 4, the structural representation of a kind of two-layer switching equipment that provides for the embodiment of the invention can be applied to comprise VRRPE backup group VRRPE networking, and described VRRPE backup group is realized interconnected by two-layer switching equipment, and this two-layer switching equipment can comprise:
Receiver module 41 is used for receiving the VRRPE message;
Maintenance module 42 is used for safeguarding VRRP Snooping list item according to this VRRPE message; Record notification time, source media interviews control MAC Address and the incoming interface of VRRP backup group sign, VRRPE message in the described VRRP Snooping list item;
Sending module 43, the VRRPE backup group that is used for carrying in described VRRP Snooping list item records VRRPE backup group sign and described VRRPE message identifies identical, but the source MAC that carries in source MAC and the described VRRPE message, and during the incoming interface list item different from the incoming interface that receives described VRRPE message, the target MAC (Media Access Control) address of described VRRPE message is replaced with the source MAC that records in this list item, and the VRRPE message after according to the source MAC that records in this list item and incoming interface this target MAC (Media Access Control) address being replaced carries out two layers of unicast forwarding; Otherwise, stop two layers of forwarding of described VRRPE message.
Wherein, described maintenance module 42 specifically is used for realizing safeguarding VRRP Snooping list item according to described VRRPE message in the following manner:
According to the described VRRP Snooping list item of VRRPE backup group sign inquiry that carries in the described VRRPE message;
When not recording the list item of the VRRPE backup group sign correspondence of carrying in the described VRRPE message in the described VRRP Snooping list item, set up list item corresponding to this VRRPE backup group sign, and notification time, the source MAC of the VRRPE message that carries in the described VRRPE message and the incoming interface that receives this VRRPE message are recorded in this list item;
In described VRRP Snooping list item, record list item corresponding to VRRPE backup group sign that carries in the described VRRPE message, but there is not the source MAC that carries in source MAC and the described VRRPE message in the list item of the VRRPE backup group that carries in described VRRPE message sign correspondence, and incoming interface and the incoming interface that receives described VRRPE message are all during identical list item, increase the list item of the VRRPE backup group sign of carrying in the described VRRPE message of correspondence, and with the notification time of the VRRPE message that carries in the described VRRPE message, source MAC and the incoming interface that receives this VRRPE message are recorded in this newly-increased list item;
In described VRRP Snooping list item, record list item corresponding to VRRPE backup group sign that carries in the described VRRPE message, and exist incoming interface identical with the incoming interface that receives described VRRPE message in the list item of the VRRPE backup group that carries in described VRRPE message sign correspondence, but during the different list item of the source MAC that carries in source MAC and the described VRRPE message, with the notification time of the VRRPE message in the list item, source MAC and incoming interface replace with respectively the notification time of the VRRPE message that carries in the described VRRPE message, source MAC and the incoming interface that receives described VRRPE message;
In described VRRP Snooping list item, record list item corresponding to VRRPE backup group sign that carries in the described VRRPE message, and there is the source MAC that carries in source MAC and the described VRRPE message in the list item of the VRRPE backup group that carries in described VRRPE message sign correspondence, and incoming interface is all identical with the incoming interface that receives described VRRPE message, but during the not identical list item of the notification time of the VRRPE message that carries in the notification time of VRRPE message and the described VRRPE message, the notification time in this list item is replaced with the notification time of the VRRPE message that carries in the described VRRPE message.
Wherein, be provided with VRRP Snooping list item ageing timer in the described two-layer switching equipment;
Described maintenance module 42 also is used for, when described two-layer switching equipment before ageing timer is overtime, VRRPE backup group sign in the notification time that incoming interface from list item corresponding to this ageing timer receives VRRPE backup group sign, VRRPE message and this list item, when the notification time of VRRPE message is distinguished identical VRRPE message, described two-layer switching equipment upgrades this ageing timer; When described two-layer switching equipment before ageing timer is overtime, it is identical that the incoming interface that records from list item corresponding to this ageing timer receives the VRRPE backup group that records in VRRPE backup group sign and this list item, but during the different VRRPE message of the notification time of the VRRPE message that records in the notification time of VRRPE message and this list item, described two-layer switching equipment is according to the notification time of the VRRPE message that carries in this VRRPE message this ageing timer of resetting; When described two-layer switching equipment before ageing timer is overtime, when the incoming interface that does not record from list item corresponding to this ageing timer received the identical VRRPE message of VRRP backup group, described two-layer switching equipment was deleted this list item.
Wherein, described maintenance module 42 also is used for, when described receiver module when to receive virtual transponder VF priority be 0 VRRPE notification packet, according to carrying VRRPE backup group sign in this VRRPE notification packet and receiving the incoming interface inquiry of this VRRPE notification packet and delete corresponding list item in the described VRRP Snooping list item;
Described sending module 43 also is used for, having VRRPE backup group sign and this VF priority in described VRRP Snooping list item is that the VRRPE backup group of 0 VRRPE notification packet identifies identical, the source MAC of source MAC and this VRRPE notification packet, and during the incoming interface list item different from the incoming interface that receives this VRRPE notification packet, the target MAC (Media Access Control) address of this VRRPE notification packet is replaced with source MAC in this list item, and the VRRPE notification packet after according to the source MAC that records in this list item and incoming interface this target MAC (Media Access Control) address being replaced carries out two layers of unicast forwarding.
Wherein, also record virtual MAC address and empty Internet protocol IP address in the VRRP Snooping list item that described two-layer switching equipment is safeguarded;
Described two-layer switching equipment also comprises:
ARP responder module 44, be used for when described receiver module 41 receives the ARP request message that the virtual IP address of purpose IP address that client sends and VRRP Snooping list item mates, stop this ARP request message, and determine the virtual MAC address corresponding with this purpose IP address according to VRRP Snooping list item corresponding to this purpose IP address; When the described virtual MAC address corresponding with this purpose IP address is one, the corresponding relation of described purpose IP address and this virtual MAC address is carried at returns to described client in the arp reply message; When the described virtual MAC address corresponding with this purpose IP address when being a plurality of, from described a plurality of virtual MACs address, select one, and the corresponding relation of described purpose IP address and selected virtual MAC address is carried at returns to described client in the arp reply message.
Wherein, described maintenance module 42 also is used for, in described VRRP Snooping list item, record list item corresponding to VRRPE backup group sign that carries in the described VRRPE message, and there is the source MAC that carries in source MAC and the described VRRPE message in the list item of the VRRPE backup group that carries in described VRRPE message sign correspondence, the notification time of the VRRPE message that carries in the notification time of VRRP message and the described VRRPE message, and incoming interface is all identical with the incoming interface that receives described VRRPE message, but during the not identical list item in the virtual MAC address of carrying in virtual MAC address and the described VRRPE message, the virtual MAC address of carrying in the described VRRPE message is recorded in this list item.
It will be appreciated by those skilled in the art that the module in the device among the embodiment can be distributed in the device of embodiment according to the embodiment description, also can carry out respective change and be arranged in the one or more devices that are different from the present embodiment.The module of above-described embodiment can be merged into a module, also can further split into a plurality of submodules.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode in a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a station terminal equipment (can be mobile phone, personal computer, server, perhaps two-layer switching equipment etc.) carry out the described method of each embodiment of the present invention.
The above only is preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be looked protection scope of the present invention.