CN104780089A - Message isolating method and device - Google Patents
Message isolating method and device Download PDFInfo
- Publication number
- CN104780089A CN104780089A CN201510184344.7A CN201510184344A CN104780089A CN 104780089 A CN104780089 A CN 104780089A CN 201510184344 A CN201510184344 A CN 201510184344A CN 104780089 A CN104780089 A CN 104780089A
- Authority
- CN
- China
- Prior art keywords
- message
- isolation group
- information
- source
- isolation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention provides a message isolating method and device. The message isolating method comprises the following steps: receiving a message, and acquiring source isolation group information corresponding to a source address of the message; acquiring forwarding information, corresponding to a target address of the message, in a forwarding table item prestored locally, and according to the forwarding information, acquiring target isolation group information corresponding to the target address of the message; when the source isolation group information and the target isolation group information are determined to be consistent, according to isolation attributes in the target isolation group information, processing the message. Through the adoption of the message isolating method, the message is accurately isolated in the same VXLAN embodiment, an equipment load in a VXLAN network is effectively reduced, and the equipment performance is improved.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of message partition method and device.
Background technology
At VXLAN (VXLAN Tunnel End Point, VXLAN endpoint of a tunnel) intercommunication of each main frame in network time, can VXLAN example belonging to the VTEP recognition of devices source VM be connected with source VM, and learn this source VM information belonging to same VXLAN example, afterwards the message that source VM sends is encapsulated as VXLAN message, corresponding tunnel information is searched according to the destination address of this message, and according to the VTEP equipment that this VXLAN message repeating is extremely connected with object VM by this tunnel information.If VTEP equipment does not find corresponding tunnel information according to the destination address of this message, then, after this message being encapsulated as VXLAN message, flood in the VXLAN example belonging to the VM of this source.So, in VXLAN example, then can there is the message that a large amount of needs flood, thus cause the equipment heavy-duty service in VXLAN network, reduce equipment performance.
In prior art, for avoiding needing the message flooded to affect equipment performance in a large number, usually on the VTEP equipment be connected with main frame, issue control strategy, to realize isolating message.But the message that the All hosts that this isolation method only can connect VTEP equipment sends is isolated, the message that cannot realize the main frame that far-end VTEP equipment connects sends accurately is isolated.
Summary of the invention
For the defect of prior art, the invention provides a kind of message partition method and device.
The invention provides a kind of message partition method, be applied to the local endpoint of a tunnel VTEP equipment in VXLAN, the method comprises:
Receive message, obtain the source isolation group information corresponding with the source address of described message;
Obtain forwarding information corresponding with the destination address of described message in the local forwarding-table item prestored, obtain the object isolation group information corresponding with the destination address of described message according to described forwarding information;
When determining that described source isolation group information is consistent with described object isolation group information, message according to the isolation property process in described object isolation group information.
The present invention also provides a kind of message spacer assembly, and be applied to the local VTEP equipment in VXLAN network, described device comprises:
Source information acquiring unit, for receiving message, obtains the source isolation group information corresponding with the source address of described message;
Object information acquisition unit, for obtaining forwarding information corresponding with the destination address of described message in forwarding-table item that this locality prestores, obtains object isolation group information corresponding to the destination address of described message according to described forwarding information;
Message process unit, for obtaining forwarding information corresponding with the destination address of described message in forwarding-table item that this locality prestores, obtains object isolation group information corresponding to the destination address of described message according to described forwarding information.
The invention provides a kind of message partition method and device, when receiving message, obtain the source isolation group information corresponding with message and object isolation group information, and when determining that source isolation group information is consistent with object isolation group information, message according to the isolation property process in object isolation group information.Thus, present invention achieves and accurately isolate the message in same VXLAN example, effective machine utilization reduced in VXLAN network, improves equipment performance.
Accompanying drawing explanation
Fig. 1 is the network environment schematic diagram that the embodiment of the present invention is applied;
Fig. 2 is a kind of message partition method schematic flow sheet in the embodiment of the present invention;
Fig. 3 is the logical construction schematic diagram of a kind of message spacer assembly in the embodiment of the present invention;
Fig. 4 is the hardware structure schematic diagram of message spacer assembly place VTEP equipment in the embodiment of the present invention.
Embodiment
For making the object of the application, technical scheme and advantage are clearly understood, are described in further detail the application's scheme referring to accompanying drawing.
In order to solve problems of the prior art, the invention provides a kind of message partition method and device.
Fig. 1 is message partition method place of the present invention network environment schematic diagram, this networking comprise multiple VTEP equipment (such as VTEP1, VTEP2 and VTEP3) and respectively with the main frame (VM1 be such as connected with VTEP1) of VTEP equipment connection, each VTEP equipment has again multiple port (Port1, Port2 on such as VTEP1).
Please refer to Fig. 2, be the handling process schematic diagram of message partition method provided by the invention, this message partition method can be applicable to local VTEP equipment, and this message partition method comprises the following steps:
Step 201, receives message, obtains the source isolation group information corresponding with the source address of described message;
After each VTEP equipment of VXLAN network creates VXLAN example, each VTEP equipment can send the isolation group information announcement message carrying self isolation group information, to notice the isolation group information with the main frame of each VTEP equipment connection mutually with other VTEP equipment (far-end VTEP equipment) in same instance.Wherein, this isolation group information announcement message can be ISIS message.
After local VTEP equipment receives the ISIS message that far-end VTEP equipment (annunciator) sends, obtain the source IP address of this ISIS message, namely the IP address of the VTEP equipment (annunciator) of ISIS message is sent, and annunciator's unique identification (System ID), the isolation group information in the TLV field of this ISIS message.This isolation group information comprises and the isolation group ID at the main frame place of described far-end VTEP equipment connection and corresponding isolation property.Wherein, the mark of this isolation group ID isolation group belonging to main frame; Isolation property is for judging the message which kind of will be isolated, and such as, this isolation property can comprise unicast attribute isolation, the isolation of multicast attribute, broadcast nature isolation, retains the isolation of MAC Address attribute and retain protocol type attribute isolation etc.
Afterwards, the isolation group information of all VTEP equipment in same instance is saved in the isolation group information table prestored by local VTEP equipment.
The isolation group information table that this prestores can comprise two parts content:
1, with the isolation group information (local isolation group information table) of the All hosts of local VTEP equipment connection;
Isolation group information in this local isolation group information table can comprise host identification, isolation group ID and isolation property.
Wherein, host identification comprises the port information and Vlan (Virtual Local Area Network, VLAN) information that local VTEP equipment connect the port of each main frame.
2, the isolation group information (far-end isolation group information table) sent with local VTEP equipment other VTEP equipment in same instance.
Isolation group information in this far-end isolation group information table can comprise the isolation property of isolation group ID that main frame that the IP address of far-end VTEP equipment, far-end VTEP equipment connect adds and correspondence.
After each VTEP equipment of VXLAN network creates VXLAN example, just can communicate with from other main frames in same instance with the main frame of each VTEP equipment connection.
Local VTEP equipment can receive the message sent with the main frame of described local VTEP equipment connection and the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment.
If the message received is the message sent with the main frame of described local VTEP equipment connection, and when not being checked through host information corresponding to described source address according to the source address of described message in local forwarding-table item, in the isolation group information table prestored, search corresponding source isolation group information (source isolation group ID) according to the incoming interface information (that is: host identification) of message, and the corresponding relation of the source address (source MAC) of described message, the incoming interface information of message and source isolation group ID three is saved in described local forwarding-table item.
Wherein, this host information comprises MAC Address and the incoming interface information of the main frame sending this message.This incoming interface information (host identification) comprises the Vlan information of carrying in the port information and message local VTEP equipment receiving the port of message.
If described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment, check in described VXLAN message and whether carry source isolation group information (source isolation group ID), if carry, and when not being checked through host information corresponding to described source address according to the source address of described VXLAN message in local forwarding-table item, the corresponding relation of the source address (source MAC) of described message, the incoming interface information of message and described source isolation group ID three is saved in described local forwarding-table item.
Afterwards, the source isolation group information corresponding with the source address of described message is obtained.
Particularly, for the message that the main frame with described local VTEP equipment connection sends, and the VXLAN message to send at other VTEP equipment of same instance with described local VTEP equipment, it obtains the source isolation group information corresponding with the source address of described message and is respectively:
1, described message is the message sent with the main frame of described local VTEP equipment connection.
Obtain the incoming interface information of described message, if do not find the isolation group information corresponding with it in this locality isolation group information table, illustrate that the main frame sending this message does not add any isolation group, then this message flow process is conventionally forwarded.
If find the isolation group information corresponding with it in this locality isolation group information table, using the isolation group ID in isolation group information as source isolation group ID, and can judge that this message is unicast message, broadcasting packet or multicast message according to the target MAC (Media Access Control) address of this message further.
If determine, described message is unicast message, that is: the message attribute of described message is unicast attribute.So namely this unicast attribute and the source isolation group ID that finds in this locality isolation group information table can be used as the source isolation group information corresponding with the source address of this message.
It should be noted that, when the message sent with the main frame of described local VTEP equipment connection determining to receive is unknown unicast message, broadcasting packet or multicast message, then without the need to obtaining the source isolation group information of this unknown unicast message, broadcasting packet or multicast message.This unknown unicast message, broadcasting packet or multicast message can be encapsulated as VXLAN message, the isolation group ID found in the isolation group information corresponding with it in this locality isolation group information table is added in the header information of this VXLAN message simultaneously, and after adding isolated marks in header information to this VXLAN message, by its broadcast replication or multicast process in the example at local VETP equipment place.When carrying out broadcast replication to VXLAN message, can also by other interface broadcast replications on local VTEP equipment except the incoming interface of described message of this VXLAN message.
Wherein, when adding isolation group ID and isolated marks in the header information to VXLAN message, can by expanding existing VXLAN message, an isolated marks Sbit is increased in the tag field of VXLAN message, need to carry out the filtration of isolation group in order to identify this VXLAN Frame, increase a VLAN TAG by user's two layer message head, this VLAN TAG is Separation TAG, identifies the source isolation group ID of this message simultaneously.
2, described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment.
Check in described VXLAN message and whether carry isolation group echo, if so, obtain the source isolation group ID carried in described message, and check the message attribute of described message according to the target MAC (Media Access Control) address of this VXLAN message.Can using the source isolation group ID that carries in the message attribute of VXLAN message and VXLAN message as described source isolation group information.
Step 202, obtains forwarding information corresponding with the destination address of described message in the local forwarding-table item prestored, obtains the object isolation group information corresponding with the destination address of described message according to described forwarding information;
Wherein, this forwarding information comprises the tunnel information of message and the object isolation group ID of correspondence.This tunnel information comprises again the outbound port information of message, the VTEP device id (SystemID) corresponding with the destination address of message.
Particularly, for the message that the main frame with described local VTEP equipment connection sends, and the VXLAN message to send at other VTEP equipment of same instance with described local VTEP equipment, it obtains the object isolation group information corresponding with the destination address of described message and is respectively:
1, described message is the message sent with the main frame of described local VTEP equipment connection.
If the message received is unicast message, and find the forwarding information corresponding with the destination address of this unicast message in the forwarding-table item prestored in this locality, can determine that this unicast message is known unicast message, otherwise, determine that this unicast message is unknown unicast message.
When the message received is known unicast message, check whether described forwarding information has the object isolation group ID corresponding with the destination address of described known unicast message, if not, illustrate that this known unicast message is without object isolation group information, this known unicast message can be encapsulated as VXLAN message, the source isolation group ID corresponding with the incoming interface information of message simultaneously found in the isolation group information table prestored is added in the header information of this VXLAN message, and after adding isolated marks in header information to this VXLAN message, its forwarding information according to correspondence is forwarded.
If check in described forwarding information have the object isolation group ID corresponding with the destination address of described known unicast message, whether the object isolation group ID in further inspection forwarding information is consistent with the source isolation group ID found in isolation group information table, if inconsistent, then described known unicast message is encapsulated as VXLAN message, the source isolation group ID of acquisition is added in the header information of this VXLAN message simultaneously, and after adding isolated marks in header information to this VXLAN message, forward according to forwarding information; If consistent, determine that the VTEP equipment corresponding with the destination address of described known unicast message is other VTEP equipment or local VTEP equipment according to the object VTEP device id in forwarding information.
If other VTEP equipment, in the tunnel information list item prestored, search the IP address of other VTEP equipment described according to described object VTEP device id, and in described far-end isolation information list item, search the isolation property corresponding with described IP address and described object isolation group ID.Afterwards, using the object isolation group ID in described forwarding information and described isolation property as described object isolation group information.
If determine that the VTEP equipment corresponding with the destination address of described known unicast message is local VTEP equipment according to described object VTEP device id, in the local isolation information list item prestored, corresponding isolation property is searched, using the object isolation group ID in described forwarding information and described isolation property corresponding to the destination address of message as object isolation group information according to the object isolation group ID in described forwarding information.
2, described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment.
When this VXLAN message is unicast message, in the local isolation information list item prestored, corresponding isolation property is searched according to the object isolation group ID in forwarding information corresponding with described VXLAN message in forwarding-table item, and using the object isolation group ID in described forwarding information and described isolation property as object isolation group information.
Step 203, when determining that described source isolation group information is consistent with described object isolation group information, message according to the isolation property process in described object isolation group information.
1, described message is the message sent with the main frame of described local VTEP equipment connection.
Particularly, if described message is known unicast message, when determining that object isolation group information is consistent with described source isolation group information, the process action of this known unicast message can be determined according to the isolation property in this object isolation group information, and according to this known unicast message of this isolation property process.
Such as, the source isolation group information of this known unicast message is: isolation group 1, and message attribute is unicast attribute; The object isolation group information obtained is isolation group 1, and unicast attribute is isolated.Can determine that this source isolation group information is consistent with object isolation group information, can determine that this known unicast message is the message needing isolation according to the unicast attribute isolation in object isolation group information, so, be abandoned.
But, if object isolation group information and described source isolation group information inconsistent, illustrate that this known unicast message is not segregate message, according to the forwarding information found in forwarding-table item, this known unicast message is encapsulated as VXLAN message, and the source isolation group ID in source isolation group information and isolated marks are added in the header information of this VXLAN message, the VXLAN message after this encapsulation is forwarded according to forwarding information, to make the object VTEP equipment corresponding with the destination address of this VXLAN message after receiving this VXLAN message, judge whether this VXLAN message is the message that will carry out isolating further according to the isolation group ID carried in this VXLAN message.Wherein, object VTEP equipment is when judging whether receive VXLAN message is the message needing isolation, handling process during the VXLAN message that its handling process can send with other VTEP equipment that local VTEP equipment receives same instance is consistent, does not repeat them here.
2, described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment.
When determining consistent with described source isolation group information in object isolation group information, illustrate that this VXLAN message is the message that local VTEP equipment needs isolation, so, the process action of this known unicast message can be determined according to the isolation property in this object isolation group information, and according to this VXLAN message of this isolation property process.
Such as, the source isolation group information of this VXLAN message is: isolation group 2, and message attribute is broadcast nature; The object isolation group information obtained is isolation group 2, and broadcast nature is isolated.Can determine that this source isolation group information is consistent with object isolation group information, can determine that this VXLAN message is the message needing isolation, so by VXLAN packet loss according to the broadcast nature isolation in object isolation group information.
But, if object isolation group information and described source isolation group information inconsistent, then illustrate that this VXLAN message is not segregate message, when this VXLAN message is unknown unicast message, broadcasting packet or multicast message, by other interface broadcast replications on local VTEP equipment except the incoming interface of described message of this unknown unicast message, broadcasting packet or multicast message; When this VXLAN message is known unicast message, this known unicast message is sent to corresponding main frame according to forwarding information corresponding in forwarding-table item.
Below in conjunction with Fig. 1, the present invention is described further.
After each VTEP equipment of VXLAN network creates VXLAN example, each VTEP equipment creates the isolation group information table (local isolation group information table and far-end isolation group information table) with each VTEP equipment in same instance according to mutually sending ISIS message.Suppose, local VTEP equipment is that this locality isolation group information table of preserving of VTEP2, VTEP2 and far-end isolation group information table can with reference to shown in following tables:
| Isolation group ID | Isolation property | Host identification |
| Isolation group 1 | Broadcast nature is isolated | Port4+Vlan1 |
| Isolation group 2 | Unicast attribute is isolated | Port5+Vlan1 |
Table 1
| VETP IP address of equipment | Isolation group ID | Isolation property |
| VETP1-IP1 | Isolation group 2 | Unicast attribute is isolated |
| VETP3-IP3 | Isolation group 1 | Broadcast nature is isolated |
Table 2
Table 1 shows this locality isolation group information table that VTEP2 preserves, and table 2 shows the far-end isolation group information table that VTEP2 preserves.Being only for understanding example of the present invention further, being not limited to the particular content of local isolation group information table and far-end isolation group information table in the embodiment of the present invention.
If local VTEP equipment VTEP2 receives the message that main frame VM2 mails to the VM4 be connected with VTEP3 respectively, and the VM1 be connected with VTEP1 mails to the message of VM3.
The handling process of the message that local VTEP equipment VTEP2 sends for VM2 is specially:
Obtain the incoming interface information of described message, this incoming interface information can be the host identification of main frame sending message, that is: the port information (Port4) of the port of the Vlan information (Vlan1) of carrying in message and VTEP2 upper reception message.In this locality isolation group information table (table 1), the isolation group information corresponding with it is found according to Vlan1 and Port4.
If find, obtain the source isolation group ID in local isolation group information, i.e. isolation group 1, and judge that this message is unicast message, broadcasting packet or multicast message according to the destination address of this message further.
If this message is broadcasting packet or multicast message, this broadcasting packet or multicast message are carried out VXLAN encapsulation process, generate VXLAN message, the isolation group 1 of acquisition is added in the Separation TAG of VXLAN header simultaneously, and an isolated marks is increased in the tag field of VXLAN message, such as this isolated marks is " 1 ".Afterwards by this VXLAN message with broadcast replication in the example at VTEP2 place.Wherein, when broadcast replication, also need message described in other interfaces Port3, Port5 broadcast replication on VTEP2 except the incoming interface Port4 of described message.
If this message is unicast message, that is, the message attribute of described message is unicast attribute, and namely the isolation group 1 so obtained in this unicast attribute and local isolation group information is the source isolation group information of this message.
And then search the forwarding information corresponding with the destination address VM4 of this unicast message in the forwarding-table item of this locality, and when finding the forwarding information corresponding with this unicast message, determine that this unicast message is known unicast message.
Check in corresponding forwarding information and whether record isolation group ID, if do not record corresponding isolation group ID in forwarding information, then can illustrate that the destination host of this known unicast message does not add isolation group, so this unicast message can be encapsulated as VXLAN message, the source isolation group ID isolation group 1 of acquisition is added in the Separation TAG of VXLAN header simultaneously, and increase an isolated marks " 1 " in the tag field of VXLAN message after, send VXLAN message according to the forwarding information in forwarding-table item.
If have recorded corresponding isolation group ID in forwarding information, judge that whether the isolation group ID recorded in forwarding information is consistent with the isolation group 1 obtained in this locality isolation group information, if inconsistent, illustrate that the source host of this known unicast message and destination host be not in same isolation group, then this known unicast message is not isolated, but this known unicast message is encapsulated as VXLAN message, the source isolation group ID isolation group 1 of acquisition is added in the Separation TAG of VXLAN header simultaneously, and increase an isolated marks " 1 " in the tag field of VXLAN message after, the VXLAN message after encapsulation is sent according to the forwarding information in forwarding-table item.
If the isolation group ID recorded in judgement forwarding information is consistent with the source isolation group ID obtained in local isolation group information, all isolation groups 1, illustrate that this known unicast message may be segregate message with needs, so determine that the VTEP equipment corresponding with the destination address of known unicast message is other VTEP equipment of far-end or local VTEP equipment according to the VTEP device id in forwarding information.
Learn in forwarding-table item according to this destination host VM4, the VTEP device id corresponding with its VM4 is VTEP3, can determine that the VTEP equipment corresponding with the destination address of known unicast message is other VTEP equipment of far-end.
Afterwards, in the tunnel information list item prestored, the IP address corresponding with it is searched according to VTEP3, suppose that this IP address is VTEP3-IP3, in described far-end isolation information list item (table 2), the isolation property corresponding with it is searched, i.e. broadcast nature isolation according to the object isolation group ID isolation group 1 in this VTEP3-IP3 and forwarding-table item.So, namely the isolation group 1 in described forwarding information and broadcast nature isolation are object isolation group information.
Finally, can determine that object isolation group information is isolation group 1 and broadcast nature isolation, with source isolation group information isolation group 1 and unicast attribute inconsistent, illustrate that this known unicast message is not the message needing isolation, so this known unicast message encapsulated and obtain VXLAN message, this source isolation group ID isolation group 1 is added in the Separation TAG of VXLAN header simultaneously, and increase an isolated marks " 1 " in the tag field of VXLAN message after, according to the forwarding information in forwarding-table item, the VXLAN message after encapsulation is sent.
But, if do not search the forwarding information corresponding with the destination address VM4 of this unicast message in the forwarding-table item of this locality, illustrate that this unicast message is unknown unicast message, then need as process above-mentioned broadcasting packet by this unknown unicast message with copy broadcast in the example at VTEP2 place.
When carrying out copy broadcast, this message other interfaces Port3, Port5 on VTEP2 except the incoming interface Port4 of described message can also be carried out broadcast replication.Afterwards, VTEP2 obtains the object isolation group ID corresponding with other interfaces Port3, Port5, and judges whether the object isolation group ID corresponding with other interfaces Port3, Port5 is be all isolation group 2, if so, can according to this message of isolation property process.The handling process that local VTEP equipment VTEP2 is sent to the VXLAN message of VM3 for reception VM1 is specially:
Decapsulation process is carried out to this VXLAN message, check in the tag field that this VXLAN message is expanded and whether add isolated marks, if do not increase isolated marks, illustrate that this VXLAN message does not need to isolate, the VXLAN message carrying out decapsulation can be forwarded according to prior art.
If there is isolated marks, then obtains the isolation group ID carried in the Separation TAG of VXLAN header, suppose that this isolation group ID is isolation group 2.
Then, judge that the VXLAN message after decapsulation is unicast message, broadcasting packet or multicast message according to the target MAC (Media Access Control) address of this message.
If the VXLAN message after decapsulation is unicast message, that is, the message attribute of described message is unicast attribute, so can using the isolation group 2 that obtains in the header information of this unicast attribute and the VXLAN message source isolation group information as this unicast message.
Whether there is the forwarding information corresponding with the destination address VM3-MAC3 of this unicast message in the local forwarding-table item of further inspection, if having, illustrate that this unicast message is known unicast message.Obtain the isolation group ID (isolation group 2) in forwarding information, and in this locality isolation group information table (table 1), to search corresponding isolation property according to this isolation group 2 be unicast attribute isolation.
Due to this object isolation group information and source isolation group information is isolation group 2, unicast attribute is isolated, determine that object isolation group information is consistent with source isolation group information, can determine that to the process action of this known unicast message be isolation according to the isolation property in object isolation group information, so abandon this known unicast message.
In sum, message partition method provided by the invention and device, when receiving message, obtain the source isolation group information corresponding with message and object isolation group information, and when determining that object isolation group information is consistent with source isolation group information, according to isolation property process message.Thus, present invention achieves the accurate isolation to message in a VXLAN example, and then effective machine utilization reduced in VXLAN network, improve equipment performance.
The present invention also provides a kind of message spacer assembly, Fig. 3 is the structural representation of this message spacer assembly, this device can be applied in local VTEP equipment, and this message spacer assembly can comprise source information acquiring unit 301, object information acquisition unit 302 and message process unit 303, wherein:
Information acquisition unit 301, for receiving message, obtains the source isolation group information corresponding with the source address of described message;
Object information acquisition unit 302, for obtaining forwarding information corresponding with the destination address of described message in forwarding-table item that this locality prestores, obtains object isolation group information corresponding to the destination address of described message according to described forwarding information;
Message process unit 303, for when determining that described source isolation group information is consistent with described object isolation group information, message according to the isolation property process in described object isolation group information.
Further, described source information acquiring unit 301 specifically may be used for the message attribute determining described message according to the destination address of described message; If described message is the message sent with the main frame of described local VTEP equipment connection, obtain the incoming interface information of described message, if find the source isolation group ID corresponding with described incoming interface information in the isolation group information table prestored, using described message attribute and the source isolation group ID corresponding with described incoming interface information as described source isolation group information, wherein, described incoming interface information comprises port information VLAN Vlan information and local VTEP equipment receiving the port of described message; If described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment, check in described VXLAN message and whether carry isolation group echo, if, obtain the source isolation group ID carried in described message, using the source isolation group ID that carries in described message attribute and described VXLAN message as described source isolation group information.
Further, described forwarding information comprises the object isolation group ID corresponding with the destination address of described message, and the object VTEP device id of correspondence, if described object information acquisition unit 302 is the message sent with the main frame of described local VTEP equipment connection specifically for described message, and described message is known unicast message, obtain the incoming interface information of described known unicast message, incoming interface information according to described message searches described source isolation group information in the isolation group information table prestored, and judge that whether the source isolation group ID in described source isolation group information is consistent with the described object isolation group ID in described forwarding information, if consistent, determine that the VTEP equipment corresponding with the destination address of described known unicast message is other VTEP equipment or local VTEP equipment according to described object VTEP device id, if other VTEP equipment, the IP address corresponding with described object VTEP device id is searched in the tunnel information list item prestored, and in described isolation information list item, search the isolation property corresponding with described IP address and described object isolation group ID, using described object isolation group ID and described isolation property as described object isolation group information, if determine, the VTEP equipment corresponding with the destination address of described known unicast message is local VTEP equipment, in the isolation group information table prestored, the isolation property corresponding with described destination address is searched, using described object isolation group ID and isolation property corresponding to described and described destination address as described object isolation group information according to the object isolation group ID in described forwarding information, if described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment, and described message is known unicast message, when carrying isolated marks in described known unicast message, obtain the source isolation group ID that described known unicast message carries, judge that whether described source isolation group ID is consistent with the described object isolation group ID in described forwarding information, if consistent, in the isolation group information table prestored, corresponding isolation property is searched according to the object isolation group ID in described forwarding information, using the object isolation group ID in described forwarding information and described isolation property as object isolation group information.
Further, if described message process unit 303 is also the message sent with the main frame of described local VTEP equipment connection for described message, when judging that described message is multicast message, obtain the incoming interface information of described multicast message, if find the source isolation group ID corresponding with described incoming interface information in the isolation group information table prestored, after described source isolation group ID and isolated marks are added into described message, forward described message; If described message is the message sent with the main frame of described local VTEP equipment connection, when judge described message be unknown unicast message or broadcasting packet time, obtain the incoming interface information of described message, if find the source isolation group ID corresponding with described incoming interface information in the isolation group information table prestored, after described source isolation group ID and isolated marks are added into described message, by described message with broadcast replication in the example belonging to described local VTEP equipment.Further, described message process unit 303 can also for message described in other interface broadcast replications on local VTEP equipment except the incoming interface of described message; Wherein, when carrying out described broadcast replication, obtain with object isolation group ID corresponding to other interfaces, judge that whether described object isolation group ID consistent with described source isolation group ID, if unanimously, then according to message described in isolation property process.
Further, described device can also comprise information learning unit 304, for after receiving message, if the source address according to described message is not checked through host information corresponding to described source address in local forwarding-table item, in the isolation group information table prestored, search corresponding source isolation group information according to local VTEP equipment receiving the Vlan information of carrying in the port of this message and message, or obtain the source isolation group information of carrying in described message;
The corresponding relation of the incoming interface of the source address of described message, described message and described source isolation group information three is saved in described local forwarding-table item, described incoming interface information comprises the port information of the port that described local VTEP equipment is connected with the main frame sending described message, and the Vlan information of carrying in described message.
Further, described message process unit 303 specifically may be used for when determining not comprise described source isolation group information in described object isolation group information, if described message is the message sent with the main frame of described local VTEP equipment connection, described message is encapsulated as VXLAN message, and after described source isolation group information and isolated marks are added into described VXLAN message, and forward, wherein said isolation group information is source isolation group ID; When determining not comprise described source isolation group information in described object isolation group information, if described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment, after the decapsulation of described VXLAN message, forward with described forwarding information according in described forwarding-table item.
In addition, the present invention is applied to the message spacer assembly of local VTEP equipment can be consistent with the handling process of above-mentioned message partition method in concrete handling process, do not repeat them here.
Said apparatus can pass through software simulating, also hardware implementing can be passed through, the hardware structure schematic diagram of message spacer assembly place of the present invention VTEP equipment all can with reference to shown in figure 4, its basic hardware environment comprises central processor CPU, forwarding chip, memory and other hardware, wherein memory device comprises machine readable instructions, and CPU reads and performs the function that machine readable instructions performs each unit in Fig. 3.
As can be seen from the execution mode of above various method and apparatus, the present invention is when receiving message, obtain the source isolation group information corresponding with message and object isolation group information, and when determining that source isolation group information is consistent with object isolation group information, message according to the isolation property process in object isolation group information.As can be seen here, present invention achieves and accurately isolate the message in same VXLAN example, effective machine utilization reduced in VXLAN network, improves equipment performance.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (14)
1. a message partition method, be applied to the local endpoint of a tunnel VTEP equipment in easily extensible Virtual Local Area Network VXLAN, it is characterized in that, described method comprises:
Receive message, obtain the source isolation group information corresponding with the source address of described message;
Obtain forwarding information corresponding with the destination address of described message in the local forwarding-table item prestored, obtain the object isolation group information corresponding with the destination address of described message according to described forwarding information;
When determining that described source isolation group information is consistent with described object isolation group information, message according to the isolation property process in described object isolation group information.
2. the method for claim 1, is characterized in that, after receiving message, described method also comprises:
The message attribute of described message is determined according to the destination address of described message;
The described acquisition source isolation group information corresponding with the source address of described message specifically comprises:
If described message is the message sent with the main frame of described local VTEP equipment connection, obtain the incoming interface information of described message, if find the source isolation group ID corresponding with described incoming interface information in the isolation group information table prestored, using described message attribute and the source isolation group ID corresponding with described incoming interface information as described source isolation group information, wherein, described incoming interface information comprises port information VLAN Vlan information and local VTEP equipment receiving the port of described message;
If described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment, check in described VXLAN message and whether carry isolation group echo, if, obtain the source isolation group ID carried in described message, using the source isolation group ID that carries in described message attribute and described VXLAN message as described source isolation group information.
3. the method for claim 1, it is characterized in that, described forwarding information comprises the object isolation group ID corresponding with the destination address of described message and corresponding object VTEP device id, describedly obtains the object isolation group information corresponding with the destination address of described message according to described forwarding information and specifically comprises:
If described message is the message sent with the main frame of described local VTEP equipment connection, and described message is known unicast message, obtain the incoming interface information of described known unicast message, incoming interface information according to described message searches described source isolation group information in the isolation group information table prestored, and judge that whether the source isolation group ID in described source isolation group information is consistent with the described object isolation group ID in described forwarding information, if consistent, determine that the VTEP equipment corresponding with the destination address of described known unicast message is other VTEP equipment or local VTEP equipment according to described object VTEP device id, if other VTEP equipment, the IP address corresponding with described object VTEP device id is searched in the tunnel information list item prestored, and in described isolation information list item, search the isolation property corresponding with described IP address and described object isolation group ID, using described object isolation group ID and with described isolation property as described object isolation group information, if determine, the VTEP equipment corresponding with the destination address of described known unicast message is local VTEP equipment, in the isolation group information table prestored, the isolation property corresponding with described destination address is searched, using described object isolation group ID and isolation property corresponding to described and described destination address as described object isolation group information according to the object isolation group ID in described forwarding information,
If described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment, and described message is known unicast message, when carrying isolated marks in described known unicast message, obtain the source isolation group ID that described known unicast message carries, judge that whether described source isolation group ID is consistent with the described object isolation group ID in described forwarding information, if consistent, in the isolation group information table prestored, corresponding isolation property is searched according to the object isolation group ID in described forwarding information, using the object isolation group ID in described forwarding information and described isolation property as object isolation group information.
4. the method for claim 1, is characterized in that, described method also comprises:
If described message is the message sent with the main frame of described local VTEP equipment connection, when judging that described message is multicast message, obtain the incoming interface information of described multicast message, if find the source isolation group ID corresponding with described incoming interface information in the isolation group information table prestored, after described source isolation group ID and isolated marks are added into described message, forward described message;
If described message is the message sent with the main frame of described local VTEP equipment connection, when judge described message be unknown unicast message or broadcasting packet time, obtain the incoming interface information of described message, if find the source isolation group ID corresponding with described incoming interface information in the isolation group information table prestored, after described source isolation group ID and isolated marks are added into described message, by described message with broadcast replication in the example belonging to described local VTEP equipment.
5. method as claimed in claim 4, is characterized in that, is describedly specifically being comprised with broadcast replication in the example belonging to described local VTEP equipment by described message:
Message described in other interface broadcast replications on local VTEP equipment except the incoming interface of described message;
Wherein, when carrying out described broadcast replication, obtaining the object isolation group ID corresponding with other interfaces described, judging that whether described object isolation group ID is consistent with described source isolation group ID, if unanimously, then according to message described in isolation property process.
6. the method for claim 1, is characterized in that, described method also comprises:
After receiving message, if the source address according to described message is not checked through host information corresponding to described source address in local forwarding-table item, in the isolation group information table prestored, search corresponding source isolation group information according to local VTEP equipment receiving the Vlan information of carrying in the port of this message and message, or obtain the source isolation group information of carrying in described message;
The corresponding relation of the incoming interface information of the source address of described message, described message and described source isolation group information three is saved in described local forwarding-table item, described incoming interface information comprises the port information of the port that described local VTEP equipment is connected with the main frame sending described message, and the Vlan information of carrying in described message.
7. the method for claim 1, is characterized in that, described method also comprises:
When determining described object isolation group information and described source isolation group information is inconsistent, if described message is the message sent with the main frame of described local VTEP equipment connection, described message is encapsulated as VXLAN message, and forwards after described source isolation group information and isolated marks are added into described VXLAN message;
When determining described object isolation group information and described source isolation group information is inconsistent, if described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment, after the decapsulation of described VXLAN message, forward with described forwarding information according in described forwarding-table item;
Wherein, described isolation group information is source isolation group ID.
8. a message spacer assembly, be applied to the local VTEP equipment in VXLAN network, it is characterized in that, described device comprises:
Source information acquiring unit, for receiving message, obtains the source isolation group information corresponding with the source address of described message;
Object information acquisition unit, for obtaining forwarding information corresponding with the destination address of described message in forwarding-table item that this locality prestores, obtains object isolation group information corresponding to the destination address of described message according to described forwarding information;
Message process unit, for obtaining forwarding information corresponding with the destination address of described message in forwarding-table item that this locality prestores, obtains object isolation group information corresponding to the destination address of described message according to described forwarding information.
9. device as claimed in claim 8, is characterized in that, described source information acquiring unit specifically for:
The message attribute of described message is determined according to the destination address of described message;
If described message is the message sent with the main frame of described local VTEP equipment connection, obtain the incoming interface information of described message, if find the source isolation group ID corresponding with described incoming interface information in the isolation group information table prestored, using described message attribute and the source isolation group ID corresponding with described incoming interface information as described source isolation group information, wherein, described incoming interface information comprises port information VLAN Vlan information and local VTEP equipment receiving the port of described message;
If described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment, check in described VXLAN message and whether carry isolation group echo, if, obtain the source isolation group ID carried in described message, using the source isolation group ID that carries in described message attribute and described VXLAN message as described source isolation group information.
10. device as claimed in claim 8, it is characterized in that, described forwarding information comprises the object isolation group ID corresponding with the destination address of described message and corresponding object VTEP device id, described object information acquisition unit specifically for:
If described message is the message sent with the main frame of described local VTEP equipment connection, and described message is known unicast message, obtain the incoming interface information of described known unicast message, incoming interface information according to described message searches described source isolation group information in the isolation group information table prestored, and judge that whether the source isolation group ID in described source isolation group information is consistent with the described object isolation group ID in described forwarding information, if consistent, determine that the VTEP equipment corresponding with the destination address of described known unicast message is other VTEP equipment or local VTEP equipment according to described object VTEP device id, if other VTEP equipment, the IP address corresponding with described object VTEP device id is searched in the tunnel information list item prestored, and in described isolation information list item, search the isolation property corresponding with described IP address and described object isolation group ID, using the object isolation group ID in described forwarding information and described isolation property as described object isolation group information, if determine, the VTEP equipment corresponding with the destination address of described known unicast message is local VTEP equipment, in the isolation group information table prestored, the isolation property corresponding with described destination address is searched, using the object isolation group ID in described forwarding information and isolation property corresponding to described and described destination address as described object isolation group information according to the object isolation group ID in described forwarding information,
If described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment, and described message is known unicast message, when carrying isolated marks in described known unicast message, obtain the source isolation group ID that described known unicast message carries, judge that whether described source isolation group ID is consistent with the described object isolation group ID in described forwarding information, if consistent, in the isolation group information table prestored, corresponding isolation property is searched according to the object isolation group ID in described forwarding information, using the object isolation group ID in described forwarding information and described isolation property as object isolation group information.
11. devices as claimed in claim 8, is characterized in that, described message process unit also for:
If described message is the message sent with the main frame of described local VTEP equipment connection, when judging that described message is multicast message, obtain the incoming interface information of described multicast message, if find the source isolation group ID corresponding with described incoming interface information in the isolation group information table prestored, after described source isolation group ID and isolated marks are added into described message, forward described message;
If described message is the message sent with the main frame of described local VTEP equipment connection, when judge described message be unknown unicast message or broadcasting packet time, obtain the incoming interface information of described message, if find the source isolation group ID corresponding with described incoming interface information in the isolation group information table prestored, after described source isolation group ID and isolated marks are added into described message, by described message with broadcast replication in the example belonging to described local VTEP equipment.
12. devices as claimed in claim 11, is characterized in that, described message process unit also for:
Message described in other interface broadcast replications on local VTEP equipment except the incoming interface of described message; Wherein, when carrying out described broadcast replication, obtain with object isolation group ID corresponding to other interfaces, judge that whether described object isolation group ID consistent with described source isolation group ID, if unanimously, then according to message described in isolation property process.
13. devices as claimed in claim 8, it is characterized in that, described device also comprises information learning unit, for:
After receiving message, if the source address according to described message is not checked through host information corresponding to described source address in local forwarding-table item, in the isolation group information table prestored, search corresponding source isolation group information according to local VTEP equipment receiving the Vlan information of carrying in the port of this message and message, or obtain the source isolation group information of carrying in described message;
The corresponding relation of the incoming interface information of the source address of described message, described message and described source isolation group information three is saved in described local forwarding-table item, described incoming interface information comprises the port information of the port that described local VTEP equipment is connected with the main frame sending described message, and the Vlan information of carrying in described message.
14. devices as claimed in claim 8, it is characterized in that, described message process unit specifically for: when determining not comprise described source isolation group information in described object isolation group information, if described message is the message sent with the main frame of described local VTEP equipment connection, described message is encapsulated as VXLAN message, and after described source isolation group information and isolated marks are added into described VXLAN message, and forward, wherein said isolation group information is source isolation group ID;
When determining not comprise described source isolation group information in described object isolation group information, if described message is the VXLAN message sent at other VTEP equipment of same instance with described local VTEP equipment, after the decapsulation of described VXLAN message, forward with described forwarding information according in described forwarding-table item.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510184344.7A CN104780089B (en) | 2015-04-17 | 2015-04-17 | Message partition method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510184344.7A CN104780089B (en) | 2015-04-17 | 2015-04-17 | Message partition method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104780089A true CN104780089A (en) | 2015-07-15 |
| CN104780089B CN104780089B (en) | 2018-07-24 |
Family
ID=53621344
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510184344.7A Active CN104780089B (en) | 2015-04-17 | 2015-04-17 | Message partition method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104780089B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111541651A (en) * | 2020-03-31 | 2020-08-14 | 新华三技术有限公司 | Communication method and device |
| CN112311737A (en) * | 2019-07-31 | 2021-02-02 | 中兴通讯股份有限公司 | Flow isolation method, device and equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101232446A (en) * | 2008-02-01 | 2008-07-30 | 华为技术有限公司 | Message processing method and apparatus |
| CN101719877A (en) * | 2010-01-15 | 2010-06-02 | 福建星网锐捷网络有限公司 | Message forwarding device, network equipment and method |
| CN102594834A (en) * | 2012-03-09 | 2012-07-18 | 北京星网锐捷网络技术有限公司 | Method and device for defending network attack and network equipment |
| US20130272310A1 (en) * | 2010-12-27 | 2013-10-17 | Nec Corporation | Mapping server, network system, packet forwarding method and program |
| US20130294451A1 (en) * | 2010-09-08 | 2013-11-07 | Huawei Technologies Co., Ltd. | Method of sending address correspondence in a second layer protocol of applying link state routing |
-
2015
- 2015-04-17 CN CN201510184344.7A patent/CN104780089B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101232446A (en) * | 2008-02-01 | 2008-07-30 | 华为技术有限公司 | Message processing method and apparatus |
| CN101719877A (en) * | 2010-01-15 | 2010-06-02 | 福建星网锐捷网络有限公司 | Message forwarding device, network equipment and method |
| US20130294451A1 (en) * | 2010-09-08 | 2013-11-07 | Huawei Technologies Co., Ltd. | Method of sending address correspondence in a second layer protocol of applying link state routing |
| US20130272310A1 (en) * | 2010-12-27 | 2013-10-17 | Nec Corporation | Mapping server, network system, packet forwarding method and program |
| CN102594834A (en) * | 2012-03-09 | 2012-07-18 | 北京星网锐捷网络技术有限公司 | Method and device for defending network attack and network equipment |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112311737A (en) * | 2019-07-31 | 2021-02-02 | 中兴通讯股份有限公司 | Flow isolation method, device and equipment and storage medium |
| CN111541651A (en) * | 2020-03-31 | 2020-08-14 | 新华三技术有限公司 | Communication method and device |
| CN111541651B (en) * | 2020-03-31 | 2022-10-21 | 新华三技术有限公司 | Communication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104780089B (en) | 2018-07-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9825859B2 (en) | Item aggregation in shortest path bridging mac-in-mac mode (SPBM) network | |
| US10608866B2 (en) | Forwarding Ethernet packets | |
| CN104243269A (en) | Processing method and device of messages in VxLAN (virtual extensible local area network) | |
| US20150010003A1 (en) | Accessing ip network and edge devices | |
| CN107645431B (en) | Message forwarding method and device | |
| CN104283980A (en) | Address resolution protocol (ARP) reply on-behalf method and device | |
| CN105099921B (en) | A kind of fastext processing method and device based on user | |
| CN105187311B (en) | A kind of message forwarding method and device | |
| CN105827495A (en) | Message forwarding method and device for VXLAN gateway | |
| CN106130819B (en) | The detection method and device of VTEP exception | |
| CN103401781A (en) | Access method and access device applied to TRILL (Transparent Interconnection of Lots of Links) network | |
| US8472420B2 (en) | Gateway device | |
| CN107547346B (en) | Message transmission method and device | |
| CN106330719A (en) | VXLAN message forwarding method and device | |
| CN105227465A (en) | A kind of CPU Proxy Method and the network equipment | |
| CN105991795A (en) | ARP (address resolution protocol) table item updating method and device | |
| CN103685007B (en) | A kind of mac learning method when edge device message forwards and edge device | |
| CN104780089A (en) | Message isolating method and device | |
| CN106130865A (en) | The communication means of a kind of terminal room and device | |
| CN108667735B (en) | Method and device for forwarding multicast data | |
| CN105763444A (en) | Route synchronization method and route synchronization device | |
| CN110661710B (en) | Message transmission method and device of virtualization system | |
| CN105635138A (en) | Method and apparatus for preventing ARP attacks | |
| US11962673B2 (en) | Packet tunneling and decapsulation with split-horizon attributes | |
| CN110391984B (en) | Message forwarding method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190628 Address after: Room 101, 1st floor, No. 1 Building, No. 8 Courtyard, Yongjiabei Road, Haidian District, Beijing 100094 Patentee after: Beijing Huasan Communication Technology Co., Ltd. Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466 Patentee before: Xinhua three Technology Co., Ltd. |
|
| TR01 | Transfer of patent right |