CN105591871B - A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration - Google Patents

A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration Download PDF

Info

Publication number
CN105591871B
CN105591871B CN201510671692.7A CN201510671692A CN105591871B CN 105591871 B CN105591871 B CN 105591871B CN 201510671692 A CN201510671692 A CN 201510671692A CN 105591871 B CN105591871 B CN 105591871B
Authority
CN
China
Prior art keywords
advpn
address
branch node
private net
net address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510671692.7A
Other languages
Chinese (zh)
Other versions
CN105591871A (en
Inventor
张岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201510671692.7A priority Critical patent/CN105591871B/en
Publication of CN105591871A publication Critical patent/CN105591871A/en
Application granted granted Critical
Publication of CN105591871B publication Critical patent/CN105591871B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Embodiment of the present invention proposes a kind of method and apparatus of automatic discovery Virtual Private Network (ADVPN) branch node of configuration.This method comprises: receiving the registration request message of the public network address comprising the ADVPN branch node from ADVPN branch node;Distribution corresponds to the private net address of the public network address of the ADVPN branch node;The message that succeeds in registration for carrying the private net address is sent to the ADVPN branch node, to configure based on the private net address address in the tunnel ADVPN on the ADVPN branch node by the ADVPN branch node.

Description

A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration
Technical field
The present invention relates to field of communication technology, especially a kind of automatic discovery Virtual Private Network (ADVPN) branch of configuration The method and apparatus of node (Spoke).
Background technique
It is automatic to find that Virtual Private Network (Auto Discovery Virtual Private Network, ADVPN) is One kind being based on the Dynamic VPN technology of VPN address administration (VPN Address Management, VAM) agreement.VAM agreement is responsible for The information such as the public network address of collection, maintenance and distribution dynamic change.
Node (referred to as ADVPN node) in ADVPN network belongs to VAM client (Client).During VAM client includes Heart node (Hub) and branch node (Spoke).Hub is the center of Routing Information Exchange;Spoke is usually enterprise branch office Gateway.The public network address of ADVPN node refers to the interface IP address of ADVPN node access public network;The private network of ADVPN node Address refers to the address of ADVPN tunnel interface on ADVPN node.The current public network address of itself is registered to VAM by ADVPN node Server (Server), and pass through the current public network address that VAM agreement obtains other end ADVPN node from VAM server, from And realize the tunnel ADVPN dynamically established between two ADVPN nodes and cross over IP core network.
In existing ADVPN network, the address (i.e. private net address) of the ADVPN tunnel interface on Spoke is all static Specified.The private net address of Spoke ununified planning and management, may cause the waste of address space, are unfavorable for ADVPN The Scaledeployment of network, in some instances it may even be possible to lead to IP address conflict.
Summary of the invention
In view of this, the present invention proposes a kind of method and apparatus for configuring ADVPN branch node (Spoke), to private network Location is managed to save address space.
The one side of embodiment according to the present invention proposes a kind of method for configuring ADVPN branch node, this method application In VAM server;This method comprises:
The registration request message of the public network address comprising the ADVPN branch node is received from ADVPN branch node;
Distribution corresponds to the private net address of the public network address of the ADVPN branch node;
The message that succeeds in registration for carrying the private net address is sent to the ADVPN branch node, thus by the ADVPN Branch node configures the address in the tunnel ADVPN on the ADVPN branch node based on the private net address.
Preferably, the registration request message further includes the mark of group belonging to the ADVPN branch node;
It is described distribution correspond to the public network address private net address include:
Determine address pool corresponding with described group of mark;
The private net address for corresponding to public network address is distributed from identified address pool.
Preferably, the distribution corresponds to the private net address of the public network address of ADVPN branch node are as follows: is based on DynamicHost Configuration protocol DHCP distribution corresponds to the private net address of the public network address of the ADVPN branch node;
Before sending the message that succeeds in registration for carrying the private net address to the ADVPN branch node, this method is also Include:
When the private net address is identical as the private net address of ADVPN central node, corresponded to again based on DHCP distribution The private net address of the public network address of the ADVPN branch node.
Preferably, this method further include:
When the ADVPN branch node exits, the private net address is deleted;Or
When the ADVPN branch node in the given time without update when, delete the private net address.
Preferably, the message that succeeds in registration further includes ADVPN central node belonging to the ADVPN branch node Routing property information, so that being based on the routing property information by the ADVPN branch node generates corresponding local routing Configuration information, and the local routing configuration information is based on by the ADVPN branch node and passes through the tunnel ADVPN from ADVPN Heart node learns VPN route information;
The routing property information includes: Routing Protocol type and routing field parameter.
The another aspect of embodiment according to the present invention proposes that a kind of method for configuring ADVPN branch node, this method are answered For ADVPN branch node;This method comprises:
The public network address comprising the ADVPN branch node is sent to Virtual Private Network address administration VAM server Registration request message;
The message that succeeds in registration is received from VAM server, the message that succeeds in registration includes the distribution of VAM server, corresponding In the private net address of the public network address of the ADVPN branch node;
The address in the tunnel ADVPN on the ADVPN branch node is configured based on the private net address.
Preferably, the message that succeeds in registration further includes ADVPN central node belonging to the ADVPN branch node Routing property information, the routing property information include: Routing Protocol type and routing field parameter;This method further include:
Corresponding local routing configuration information is generated based on the routing property information;
VPN route information is learnt from ADVPN central node by the tunnel ADVPN based on the local routing configuration information.
The another aspect of embodiment according to the present invention proposes that a kind of device for configuring ADVPN branch node, the device are answered For VAM server, which includes:
Registration request message receiving module, for receiving the public affairs comprising the ADVPN branch node from ADVPN branch node The registration request message of net address;
Private net address distribution module, for distributing the private net address for corresponding to the public network address of the ADVPN branch node;
Succeed in registration message sending module, for sending the note for carrying the private net address to the ADVPN branch node Volume success message, to be configured on the ADVPN branch node by the ADVPN branch node based on the private net address The address in the tunnel ADVPN.
Preferably, the registration request message further includes the group mark of the ADVPN branch node;
Private net address distribution module, for determining address pool corresponding with the group of ADVPN branch node mark;From The private net address for corresponding to public network address is distributed in identified address pool.
Preferably, private net address distribution module, it is described for being corresponded to based on dynamic host configuration protocol DHCP distribution The private net address of the public network address of ADVPN branch node, and work as the private net address phase of the private net address and ADVPN central node Meanwhile corresponding to the private net address of the public network address of the ADVPN branch node based on DHCP distribution again.
The another aspect of embodiment according to the present invention proposes that a kind of device for configuring ADVPN branch node, the device are answered For ADVPN branch node, which includes:
Registration request message sending module, for sending to Virtual Private Network address administration VAM server comprising described The registration request message of the public network address of ADVPN branch node;
Succeed in registration message receiving module, for receiving the message that succeeds in registration, the message that succeeds in registration from VAM server The private net address of public network address comprising the distribution of VAM server, corresponding to the ADVPN branch node;
Configuration module, for configuring the address in the tunnel ADVPN on the ADVPN branch node based on the private net address.
Preferably, the message that succeeds in registration further includes the routing property information of ADVPN central node, the routing Attribute information includes: Routing Protocol type and routing field parameter;
Configuration module, for generating corresponding local routing configuration information based on the routing property information;Based on institute It states local routing configuration information and VPN route information is learnt from ADVPN central node by the tunnel ADVPN.
It can be seen from the above technical proposal that the private net address of the not static specified ADVPN branch node of the present invention, but by VAM server distributes the private net address of ADVPN branch node, is managed collectively to private net address, saves address space and drop Low address collision problem, but also reduce ADVPN node deployment difficulty.
Detailed description of the invention
Fig. 1 is the method flow diagram for configuring ADVPN branch node in VAM server side according to the present invention;
Fig. 2 is to configure the method flow diagram of ADVPN branch node in ADVPN branch node side according to the present invention;
Fig. 3 is the schematic diagram that ADVPN branch node is configured according to first embodiment of the invention;
Fig. 4 is the schematic diagram that ADVPN branch node is configured according to second embodiment of the invention;
Fig. 5 is the structure drawing of device for configuring ADVPN branch node in VAM server side according to the present invention;
Fig. 6 is to configure the structure drawing of device of ADVPN branch node in ADVPN branch node side according to the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, the present invention is made with reference to the accompanying drawing further Detailed description.
Address space is caused to waste in view of the private net address of static specified ADVPN branch node (Spoke) in the prior art Technological deficiency, the private net address of the not static specified ADVPN branch node of the present invention, but by VAM server distribution ADVPN point The private net address of Zhi Jiedian.
Fig. 1 is the method flow diagram for configuring ADVPN branch node in VAM server side according to the present invention, this method application In VAM server.
As shown in Figure 1, this method comprises:
Step 101:VAM server receives the registration of the public network address comprising ADVPN branch node from ADVPN branch node Request message.
Herein, the public network address of the ADVPN branch node is configured on ADVPN branch node first, and is taken to VAM Business device sends the registration request message comprising the public network address.
In the prior art, VAM server from the received registration request message of ADVPN branch node not only include ADVPN The public network address of branch node also includes the private net address configured on ADVPN branch node.Unlike, the present invention without The private net address of ADVPN branch node need to be configured on ADVPN branch node, therefore in registration request message and do not include The private net address of ADVPN branch node.
The distribution of step 102:VAM server corresponds to the private net address of the public network address of ADVPN branch node.
Herein, after VAM server receives registration request message, ADVPN points are parsed from registration request message The public network address of Zhi Jiedian.Moreover, the IP address-based dynamic allocation mechanism distribution of VAM server corresponds to ADVPN branch and saves The private net address of the public network address of point.
For example, VAM server can be based on dynamic host configuration protocol (Dynamic Host Configuration Protocol, DHCP) private net address of the distribution corresponding to the public network address of ADVPN branch node.It is also recorded in VAM server Corresponding relationship between the public network address of ADVPN branch node and the private net address distributed.
Specifically, the private net address that VAM server is distributed can be private for A class private net address, B class private net address or C class Net address, in which:
A class private net address: 10.0.0.1--10.255.255.254;
B class private net address: 172.16.0.0.1--172.31.255.254;
C class private net address: 192.168.0.1--192.168.255.254.
Step 103:VAM server sends the message that succeeds in registration for carrying the private net address to ADVPN branch node, thus The address in the tunnel ADVPN on the ADVPN branch node is configured based on private net address by ADVPN branch node.
VAM server sends the message that succeeds in registration for carrying the private net address to ADVPN branch node.ADVPN branch section After point receives the message that succeeds in registration for carrying private net address, the private net address can be configured on ADVPN branch node The address in the tunnel ADVPN.After ADVPN branch node configures the address in the tunnel ADVPN, it can be built with ADVPN central node The vertical tunnel ADVPN.
ADVPN branch node can be divided into multiple groups by the usual Numerous of ADVPN branch node.In same packets Each ADVPN branch node should belong to identical private network network segment.It correspondingly, is each ADVPN branch in VAM server Corresponding address pool is arranged in node grouping, so that VAM server can be the ADVPN branch node distribution for belonging to different grouping The private net address of different private network network segments.
In one embodiment, registration request message further includes group belonging to ADVPN branch node in step 101 Mark;In a step 102, the private net address that the distribution of VAM server corresponds to public network address comprises determining that corresponding with group mark Address pool;Distribution corresponds to the private net address of public network address from identified address pool.
Such as, it is assumed that ADVPN branch node 1 belongs to group 1;ADVPN branch node 2 belongs to group 2.ADVPN branch node 1 Public network address is 123.123.123.1;The public network address of ADVPN branch node 2 is 123.123.123.2.In VAM server In, the address pool of designated groups 1 are as follows: 172.16.0.0.1--172.31.255.254;The address pool of group 2 is 10.0.0.1-- 10.255.255.254。
It not only includes ADVPN branch node 1 in the registration request message of VAM server that ADVPN branch node 1, which is sent to, Public network address (123.123.123.1), also comprising the mark of group belonging to ADVPN branch node (organizing 1).VAM server receives After the registration request message, it is first determined address pool corresponding with group mark is 172.16.0.0.1-- 172.31.255.254, then from identified address pool distribution correspond to public network address private net address, such as 172.16.0.0.5。
Similarly, ADVPN branch node 2 is sent in the registration request message of VAM server not only comprising ADVPN branch The public network address (123.123.123.2) of node 1, also comprising the mark of group belonging to ADVPN branch node (organizing 2).VAM service After device receives the registration request message, it is first determined address pool corresponding with group mark is 10.0.0.1-- 10.255.255.254, then from identified address pool distribution correspond to public network address private net address, such as 10.0.0.6。
Since the tunnel the ADVPN number of ADVPN central node (Hub) is less, and ADVPN central node is located at total position The problem of there is no large scale deployments is set, therefore ADVPN central node does not need to dynamically distribute private net address, it only need to be in ADVPN Static state specifies its private net address on central node.
ADVPN central node is also required to execute registration on VAM server.VAM server is received from ADVPN central node Registration request message, the registration request message include the public network address of ADVPN central node, the static state on ADVPN central node Specified private net address.VAM server is based on the registration request message and registers ADVPN central node, therefore in VAM server Record has the private net address of ADVPN central node.It needs to prevent the private net address distributed for ADVPN branch node and VAM from taking Address conflict occurs for the private net address of ADVPN central node recorded in business device.
In one embodiment, private net address of the distribution corresponding to the public network address of ADVPN branch node in step 102 Are as follows: correspond to the private net address of the public network address of ADVPN branch node based on DHCP distribution.It is saved in step 103 to ADVPN branch Before point sends the message that succeeds in registration for carrying private net address, this method further include:
When the private net address phase of private net address and ADVPN central node that VAM server is distributed by ADVPN branch node Meanwhile private net address is distributed for ADVPN branch node again.
For example, when the private net address static state setting of ADVPN central node is 111.1.1.1, and VAM server is based on DHCP Address pool is the private net address that dynamically distributes of ADVPN branch node when being also 111.1.1.1, and private network occurs for the confirmation of VAM server Address conflict, therefore before sending the message that succeeds in registration for carrying private net address to ADVPN branch node, by dhcp address pool New address is redistributed for ADVPN branch node.
In one embodiment, the message that succeeds in registration in step 103 further includes belonging to the ADVPN branch node ADVPN central node routing property information.Specifically, which includes: the routing association of ADVPN central node Discuss the routing field parameter of type and ADVPN central node.Preferably, routing property information can also include ADVPN operating mode.
Specifically, the Routing Protocol type of ADVPN central node may include ospf (OSPF) or Border Gateway Protocol (BGP);The routing field parameter of ADVPN central node may include region (area) parameter or BGP of OSPF Autonomous system (AS) parameter;ADVPN operating mode includes full interconnection (Full-Mesh) mode or Hub-Spoke mode.
After ADVPN branch node receives the message that succeeds in registration, corresponding local is generated based on routing property information Routing configuration information, and Routing Protocol neighborhood is established based on local routing configuration information and ADVPN central node.It is establishing After Routing Protocol neighborhood, ADVPN branch node can learn private network road from ADVPN central node by the tunnel ADVPN By information.
Fig. 2 is the method flow diagram that ADVPN branch node is configured according to ADVPN branch node of the present invention side, and this method is answered For ADVPN branch node.
As shown in Fig. 2, this method comprises:
Step 201: the registration request message of the public network address comprising ADVPN branch node is sent to VAM server.
Step 202: receiving the message that succeeds in registration from VAM server, which includes that VAM server distributes , the private net address of public network address corresponding to ADVPN branch node.
Step 203: the address in the tunnel ADVPN on the ADVPN branch node is configured based on the private net address.
In one embodiment, the message that succeeds in registration further includes the center ADVPN belonging to the ADVPN branch node The routing property information of node, the routing property information include: Routing Protocol type and routing field parameter;This method further include:
Corresponding local routing configuration information is generated based on routing property information;Passed through based on local routing configuration information The tunnel ADVPN learns VPN route information from ADVPN central node.
The present invention is specifically described below with reference to specific ADVPN network structure.
Fig. 3 is the schematic diagram that ADVPN branch node (Spoke) is configured according to first embodiment of the invention.
In Fig. 3, public network address 123.123.123.1 is configured on Spoke;Match on ADVPN central node (Hub) It is equipped with public network address 123.123.123.2 and private net address 10.0.1.1.Routing Protocol type on Hub is OSPF;Routed domain Parameter is area0;Operating mode is Hub-Spoke mode.
Hub sends the registration comprising public network address 123.123.123.2 and private net address 10.0.1.1 to VAM server and asks Seek message.VAM server receives the registration of Hub, and record private net address 10.0.1.1 and public network address 123.123.123.2 it Between corresponding relationship.
Spoke sends the registration request message comprising public network address 123.123.123.1 to VAM server.VAM server Private net address 10.0.1.1 is dynamically distributed first for Spoke.VAM server finds that the private net address of Hub is also 10.0.1.1, because This VAM server redistributes private net address 10.0.1.3, and receives the registration of Spoke, records private net address 10.0.1.3 With the corresponding relationship between public network address 123.123.123.1.Moreover, it includes private net address that VAM server is sent to Spoke 10.0.1.3 the message that succeeds in registration.
Spoke is received succeed in registration message after, configure private net address 10.0.1.3 to the address in the tunnel ADVPN, And the tunnel ADVPN is established between Spoke and Hub.
As it can be seen that the present invention is dynamically distributed the private net address of ADVPN branch node by VAM server, for the private network of Spoke Address has unified planning and management, has saved address space, is conducive to the Scaledeployment of ADVPN network, and can be to prevent Only IP address conflict problem.
What VAM server was sent to Spoke succeed in registration, and message can further include Routing Protocol type OSPF, routing Field parameter area0 and Hub-Spoke mode parameter.After Spoke receives the message that succeeds in registration, you can learn that the road on Hub It is OSPF by protocol type, routed domain area0, operating mode is Hub-Spoke mode, and is locally generated corresponding Ground routing configuration information.The same specified circuit of local routing configuration information is OSPF, routed domain area0, work by protocol type Operation mode is Hub-Spoke mode.Then, Spoke is based on local routing configuration information and Hub establishes ospf neighbor relationship, and Learn VPN route information from Hub by the tunnel ADVPN.
As it can be seen that Spoke can obtain the routing property information of Hub automatically, to realize Spoke after the application present invention Automatically VPN route information is issued.
Fig. 4 is the schematic diagram that ADVPN branch node is configured according to second embodiment of the invention.
In Fig. 4, Hub1, Hub2 and Hub3 belong to the same Hub group (Group0), which uses Full-Mesh group Net.Moreover, Spoke1 and Spoke2 belong to an ADVPN grouping (i.e. the domain ADVPN), the entitled Group1 of group of ADVPN grouping; Spoke3 and Spoke4 belongs to another ADVPN grouping, the entitled Group2 of group of ADVPN grouping.
Routing Protocol type on Hub1 is OSPF;Routing field parameter is area0;Operating mode is Hub-Spoke mode. Routing Protocol type on Hub2 is BGP;Routing field parameter is AS1;Operating mode is Hub-Spoke mode.Group1 is corresponding Central node be Hub1;The corresponding central node of Group2 is Hub2.
In VAM server, setting there are two dhcp address pool, respectively 10.0.0.1--10.255.255.254 and 172.16.0.0.1--172.31.255.254, wherein 10.0.0.1--10.255.255.254 corresponds to Group1; 172.16.0.0.1--172.31.255.254 correspond to Group2.
It is illustrated by taking Spoke2 as an example below.Assuming that the public network address configured on Spoke2 is 123.123.123.1.
Spoke2 sends the registration request comprising public network address 123.123.123.1 and group name Group1 to VAM server Message 1.VAM server parses group name Group1 and public network address 123.123.123.1, and from corresponding to group name Group1's Private net address 10.0.1.2 is dynamically distributed in address pool 10.0.0.1--10.255.255.254, and records private net address 10.0.1.2 with the corresponding relationship between public network address 123.123.123.1.Moreover, VAM server includes to Spoke2 transmission The message 1 that succeeds in registration of private net address 10.0.1.2.
Spoke2 is received succeed in registration message 1 after, configure ADVPN tunnel on Spoke2 for private net address 10.0.1.2 The address in road, and the tunnel ADVPN is established between Spoke2 and Hub1.
What VAM server was sent to Spoke2 succeed in registration, and message 1 can further include the Routing Protocol type of Hub1 The routing field parameter (i.e. area0) of (i.e. OSPF), Hub1 and the operating mode parameter (i.e. Hub-Spoke mode) of Hub1. After Spoke2 receives the message 1 that succeeds in registration, you can learn that the Routing Protocol type on Hub1 is OSPF, routed domain is Area0, operating mode is Hub-Spoke mode, and is locally generated corresponding local routing configuration information.The local routing The same specified circuit of configuration information is OSPF by protocol type, and routed domain area0, operating mode is Hub-Spoke mode.So Afterwards, Spoke2 is based on local routing configuration information and Hub1 establishes ospf neighbor relationship, and is learnt by the tunnel ADVPN from Hub1 VPN route information.
It is illustrated by taking Spoke3 as an example again.Assuming that the public network address configured on Spoke3 is 123.123.123.5.
Spoke3 sends the registration request comprising public network address 123.123.123.5 and group name Group2 to VAM server Message 2.VAM server parses group name Group2 and public network address 123.123.123.5, and from corresponding to group name Group2's Private net address 172.16.0.2 is dynamically distributed in address pool 172.16.0.0.1--172.31.255.254, and with recording private network Corresponding relationship between location 172.16.0.2 and public network address 123.123.123.5.Moreover, VAM server is sent to Spoke3 The message 2 that succeeds in registration comprising private net address 172.16.0.2.
Spoke3 is received succeed in registration message 2 after, configure private net address 172.16.0.2 on Spoke3 The address in the tunnel ADVPN, and the tunnel ADVPN is established between Spoke3 and Hub2.
What VAM server was sent to Spoke3 succeed in registration, and message 2 can further include the Routing Protocol type of Hub2 The routing field parameter (i.e. AS1) of (i.e. BGP), Hub1 and the operating mode parameter (i.e. Hub-Spoke mode) of Hub2.Spoke3 connects After receiving the message that succeeds in registration, you can learn that Routing Protocol type on Hub2 is BGP, routed domain AS1, operating mode is Hub-Spoke mode, and it is locally generated corresponding local routing configuration information.The local routing configuration information is equally specified Routing Protocol type is BGP, and routed domain AS1, operating mode is Hub-Spoke mode.Then, Spoke3 is based on local routing Configuration information and Hub2 establish bgp neighbor relationship, and learn VPN route letter from Hub2 by the tunnel ADVPN between Hub2 Breath.
It is described in detail by taking Spoke2 and Spoke3 as an example above.Similarly, also have for Spoke1 and Spoke4 Similar treatment process.
In network structure shown in Fig. 4, an ADVPN grouping corresponds to a Hub.In fact, an ADVPN grouping is also It can correspond to two Hub.
When ADVPN grouping corresponds to two Hub, each Spoke in ADVPN grouping respectively with the two Hub Establish the connection of the tunnel ADVPN.VAM server specifies one in the two Hub for main Hub, another is standby Hub, and is being infused Volume success message carries the Routing Protocol type of main Hub and the routing field parameter of main Hub, thus each of ADVPN grouping Spoke can learn VPN route information from main Hub by the tunnel ADVPN between main Hub.
Based on above-mentioned analysis, the invention also provides a kind of devices in VAM server side configuration ADVPN branch node.
Fig. 5 is the structure drawing of device for configuring ADVPN branch node in VAM server side according to the present invention.
As shown in figure 5, the device 500 is applied to VAM server, which includes:
Registration request message receiving module 501, for receiving the public affairs comprising ADVPN branch node from ADVPN branch node The registration request message of net address;
Private net address distribution module 502, for distributing the private net address for corresponding to the public network address of ADVPN branch node;
Succeed in registration message sending module 503, carries succeeding in registration for private net address for sending to ADVPN branch node Message, to configure based on private net address the address in the tunnel ADVPN on the ADVPN branch node by ADVPN branch node.
In one embodiment, registration request message further includes the group mark of ADVPN branch node;
Private net address distribution module 502, for determining address pool corresponding with the group of ADVPN branch node mark;From Distribution corresponds to the private net address of public network address in identified address pool.
In one embodiment, private net address distribution module 502, for corresponding to ADVPN branch based on DHCP distribution The private net address of the public network address of node, and when private net address is identical as the private net address of ADVPN central node, it is based on again DHCP distribution corresponds to the private net address of the public network address of ADVPN branch node.
Based on above-mentioned analysis, the invention also provides a kind of dresses in ADVPN branch node side configuration ADVPN branch node It sets.
Fig. 6 is to configure the structure drawing of device of ADVPN branch node in ADVPN branch node side according to the present invention.The device 600 are applied to ADVPN branch node.
As shown in fig. 6, the device 600 includes:
Registration request message sending module 601, for public network of the VAM server transmission comprising ADVPN branch node The registration request message of location;
Succeed in registration message receiving module 602, and for receiving the message that succeeds in registration from VAM server, succeed in registration message The private net address of public network address comprising the distribution of VAM server, corresponding to ADVPN branch node;
Configuration module 603, for configuring the address in the tunnel ADVPN on the ADVPN branch node based on private net address.
In one embodiment, the message that succeeds in registration further includes the routing property information of ADVPN central node, road It include: Routing Protocol type and routing field parameter by attribute information;
Configuration module 603, for generating corresponding local routing configuration information based on routing property information;Based on local Routing configuration information learns VPN route information from ADVPN central node by the tunnel ADVPN.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.It is all Within the spirit and principles in the present invention, any modification, equivalent replacement, improvement and so on should be included in protection of the invention Within the scope of.

Claims (12)

1. a kind of method of the automatic discovery Virtual Private Network ADVPN branch node of configuration, which is characterized in that this method is applied to Virtual Private Network address administration VAM server;This method comprises:
The registration request message of the public network address comprising the ADVPN branch node is received from ADVPN branch node;
IP address-based dynamic allocation mechanism distribution corresponds to the private net address of the public network address of the ADVPN branch node;
The message that succeeds in registration for carrying the private net address is sent to the ADVPN branch node, thus by the ADVPN branch Node configures the address in the tunnel ADVPN on the ADVPN branch node based on the private net address.
2. the method according to claim 1, wherein the registration request message further includes the ADVPN The mark of group belonging to branch node;
It is described distribution correspond to the public network address private net address include:
Determine address pool corresponding with described group of mark;
The private net address for corresponding to public network address is distributed from identified address pool.
3. the method according to claim 1, wherein the distribution is with corresponding to the public network of ADVPN branch node The private net address of location are as follows: correspond to the public network address of the ADVPN branch node based on dynamic host configuration protocol DHCP distribution Private net address;
Before sending the message that succeeds in registration for carrying the private net address to the ADVPN branch node, this method further include:
When the private net address is identical as the private net address of ADVPN central node, corresponded to again based on DHCP distribution The private net address of the public network address of the ADVPN branch node.
4. the method according to claim 1, wherein this method further include:
When the ADVPN branch node exits, the private net address is deleted;Or
When the ADVPN branch node in the given time without update when, delete the private net address.
5. method according to any of claims 1-4, which is characterized in that the message that succeeds in registration further includes The routing property information of ADVPN central node belonging to the ADVPN branch node, to be based on by the ADVPN branch node The routing property information generates corresponding local routing configuration information, and is based on described by the ADVPN branch node Ground routing configuration information learns VPN route information from ADVPN central node by the tunnel ADVPN;
The routing property information includes: Routing Protocol type and routing field parameter.
6. a kind of method of the automatic discovery Virtual Private Network ADVPN branch node of configuration, which is characterized in that this method is applied to ADVPN branch node;This method comprises:
The registration of the public network address comprising the ADVPN branch node is sent to Virtual Private Network address administration VAM server Request message;
The message that succeeds in registration is received from VAM server, the message that succeeds in registration includes the IP address-based dynamic of VAM server The private net address of public network address that distribution mechanism is distributed, corresponding to the ADVPN branch node;
The address in the tunnel ADVPN on the ADVPN branch node is configured based on the private net address.
7. according to the method described in claim 6, it is characterized in that, the message that succeeds in registration further includes the ADVPN points The routing property information of ADVPN central node belonging to Zhi Jiedian, the routing property information include: Routing Protocol type and road By field parameter;This method further include:
Corresponding local routing configuration information is generated based on the routing property information;
VPN route information is learnt from ADVPN central node by the tunnel ADVPN based on the local routing configuration information.
8. a kind of device of the automatic discovery Virtual Private Network ADVPN branch node of configuration, which is characterized in that the device is applied to Virtual Private Network address administration VAM server, the device include:
Registration request message receiving module, for from public network of the ADVPN branch node reception comprising the ADVPN branch node The registration request message of location;
Private net address distribution module corresponds to the ADVPN branch node for the distribution of IP address-based dynamic allocation mechanism Public network address private net address;
Succeed in registration message sending module, carries registering for the private net address for sending to the ADVPN branch node Function message, to configure based on the private net address ADVPN tunnel on the ADVPN branch node by the ADVPN branch node The address in road.
9. device according to claim 8, which is characterized in that the registration request message further includes the ADVPN The group of branch node identifies;
Private net address distribution module, for determining address pool corresponding with the group of ADVPN branch node mark;From really The private net address for corresponding to public network address is distributed in fixed address pool.
10. device according to claim 8, which is characterized in that
Private net address distribution module, for corresponding to the ADVPN branch node based on dynamic host configuration protocol DHCP distribution The private net address of public network address be based on and when the private net address is identical as the private net address of ADVPN central node again DHCP distribution corresponds to the private net address of the public network address of the ADVPN branch node.
11. a kind of device of the automatic discovery Virtual Private Network ADVPN branch node of configuration, which is characterized in that the device application In ADVPN branch node, which includes:
Registration request message sending module includes the ADVPN for sending to Virtual Private Network address administration VAM server The registration request message of the public network address of branch node;
Succeed in registration message receiving module, and for receiving the message that succeeds in registration from VAM server, the message that succeeds in registration includes The private of public network address that the IP address-based dynamic allocation mechanism of VAM server is distributed, corresponding to the ADVPN branch node Net address;
Configuration module, for configuring the address in the tunnel ADVPN on the ADVPN branch node based on the private net address.
12. device according to claim 11, which is characterized in that
The message that succeeds in registration further includes the routing property information of ADVPN central node, the routing property packet It includes: Routing Protocol type and routing field parameter;
Configuration module, for generating corresponding local routing configuration information based on the routing property information;Based on described Ground routing configuration information learns VPN route information from ADVPN central node by the tunnel ADVPN.
CN201510671692.7A 2015-10-16 2015-10-16 A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration Active CN105591871B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510671692.7A CN105591871B (en) 2015-10-16 2015-10-16 A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510671692.7A CN105591871B (en) 2015-10-16 2015-10-16 A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration

Publications (2)

Publication Number Publication Date
CN105591871A CN105591871A (en) 2016-05-18
CN105591871B true CN105591871B (en) 2019-03-08

Family

ID=55931118

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510671692.7A Active CN105591871B (en) 2015-10-16 2015-10-16 A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration

Country Status (1)

Country Link
CN (1) CN105591871B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506312B (en) * 2016-11-24 2019-08-27 浙江宇视科技有限公司 A kind of networking configuration method, data communications method and device
CN108512755B (en) * 2017-02-24 2021-03-30 华为技术有限公司 Method and device for learning routing information
CN109617922B (en) * 2019-01-24 2021-04-27 杭州迪普科技股份有限公司 Processing method and device for VPN protection network segment conflict, and electronic equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7848335B1 (en) * 2005-10-27 2010-12-07 Juniper Networks, Inc. Automatic connected virtual private network
CN102546434A (en) * 2012-02-15 2012-07-04 杭州华三通信技术有限公司 DVPN (dynamic virtual private network) large-scale networking method and Spoke
CN103023667A (en) * 2012-12-03 2013-04-03 杭州华三通信技术有限公司 Multicast data transmission method and device based on dynamic virtual private network (DVPN)
CN103209108A (en) * 2013-04-10 2013-07-17 杭州华三通信技术有限公司 Dynamic virtual private network (DVPN)-based route generation method and equipment
US8499095B1 (en) * 2006-05-25 2013-07-30 Cisco Technology, Inc. Methods and apparatus for providing shortcut switching for a virtual private network
CN104427010A (en) * 2013-08-30 2015-03-18 杭州华三通信技术有限公司 NAT (network address translation) method and device applied to DVPN (dynamic virtual private network)
CN104639417A (en) * 2015-02-27 2015-05-20 杭州华三通信技术有限公司 Method and device for binding public network link for ADVPN (auto discovery virtual private network) tunnel

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7848335B1 (en) * 2005-10-27 2010-12-07 Juniper Networks, Inc. Automatic connected virtual private network
US8499095B1 (en) * 2006-05-25 2013-07-30 Cisco Technology, Inc. Methods and apparatus for providing shortcut switching for a virtual private network
CN102546434A (en) * 2012-02-15 2012-07-04 杭州华三通信技术有限公司 DVPN (dynamic virtual private network) large-scale networking method and Spoke
CN103023667A (en) * 2012-12-03 2013-04-03 杭州华三通信技术有限公司 Multicast data transmission method and device based on dynamic virtual private network (DVPN)
CN103209108A (en) * 2013-04-10 2013-07-17 杭州华三通信技术有限公司 Dynamic virtual private network (DVPN)-based route generation method and equipment
CN104427010A (en) * 2013-08-30 2015-03-18 杭州华三通信技术有限公司 NAT (network address translation) method and device applied to DVPN (dynamic virtual private network)
CN104639417A (en) * 2015-02-27 2015-05-20 杭州华三通信技术有限公司 Method and device for binding public network link for ADVPN (auto discovery virtual private network) tunnel

Also Published As

Publication number Publication date
CN105591871A (en) 2016-05-18

Similar Documents

Publication Publication Date Title
US9485147B2 (en) Method and device thereof for automatically finding and configuring virtual network
US9787632B2 (en) Centralized configuration with dynamic distributed address management
US8380819B2 (en) Method to allow seamless connectivity for wireless devices in DHCP snooping/dynamic ARP inspection/IP source guard enabled unified network
CN103636167B (en) Station opening configuration method in base station, base station, and server
EP2731313B1 (en) Distributed cluster processing system and message processing method thereof
US20170013508A1 (en) Stateless load-balancing across multiple tunnels
CN106797347A (en) Method, system and computer-readable medium for virtual architecture route
CN107666419B (en) Virtual broadband access method, controller and system
US9913198B2 (en) Systems and methods for routing data
CN103209108B (en) A kind of route generating method based on DVPN and equipment
WO2018006654A1 (en) Method, apparatus and system for processing flowspec message
US20200092251A1 (en) Unique identities of endpoints across layer 3 networks
US11102169B2 (en) In-data-plane network policy enforcement using IP addresses
CN105591871B (en) A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration
CN106878480A (en) A kind of DHCP service process sharing method and device
US11985110B2 (en) Distribution of stateless security functions
US20240007353A1 (en) Software defined access fabric without subnet restriction to a virtual network
US20060193330A1 (en) Communication apparatus, router apparatus, communication method and computer program product
CN104486193B (en) A kind of method and device for establishing network node interconnection
US11496589B2 (en) Zero day zero touch providing of services with policy control
CN107888473B (en) Method and device for creating AC port
US8645564B2 (en) Method and apparatus for client-directed inbound traffic engineering over tunnel virtual network links
US20240073973A1 (en) Split control plane for private mobile network
CN116418724A (en) Service access method, device and load balancing system
CN108390953A (en) A kind of server discovery method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant before: Huasan Communication Technology Co., Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant