CN105591871B - A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration - Google Patents
A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration Download PDFInfo
- Publication number
- CN105591871B CN105591871B CN201510671692.7A CN201510671692A CN105591871B CN 105591871 B CN105591871 B CN 105591871B CN 201510671692 A CN201510671692 A CN 201510671692A CN 105591871 B CN105591871 B CN 105591871B
- Authority
- CN
- China
- Prior art keywords
- advpn
- address
- branch node
- private net
- net address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Embodiment of the present invention proposes a kind of method and apparatus of automatic discovery Virtual Private Network (ADVPN) branch node of configuration.This method comprises: receiving the registration request message of the public network address comprising the ADVPN branch node from ADVPN branch node;Distribution corresponds to the private net address of the public network address of the ADVPN branch node;The message that succeeds in registration for carrying the private net address is sent to the ADVPN branch node, to configure based on the private net address address in the tunnel ADVPN on the ADVPN branch node by the ADVPN branch node.
Description
Technical field
The present invention relates to field of communication technology, especially a kind of automatic discovery Virtual Private Network (ADVPN) branch of configuration
The method and apparatus of node (Spoke).
Background technique
It is automatic to find that Virtual Private Network (Auto Discovery Virtual Private Network, ADVPN) is
One kind being based on the Dynamic VPN technology of VPN address administration (VPN Address Management, VAM) agreement.VAM agreement is responsible for
The information such as the public network address of collection, maintenance and distribution dynamic change.
Node (referred to as ADVPN node) in ADVPN network belongs to VAM client (Client).During VAM client includes
Heart node (Hub) and branch node (Spoke).Hub is the center of Routing Information Exchange;Spoke is usually enterprise branch office
Gateway.The public network address of ADVPN node refers to the interface IP address of ADVPN node access public network;The private network of ADVPN node
Address refers to the address of ADVPN tunnel interface on ADVPN node.The current public network address of itself is registered to VAM by ADVPN node
Server (Server), and pass through the current public network address that VAM agreement obtains other end ADVPN node from VAM server, from
And realize the tunnel ADVPN dynamically established between two ADVPN nodes and cross over IP core network.
In existing ADVPN network, the address (i.e. private net address) of the ADVPN tunnel interface on Spoke is all static
Specified.The private net address of Spoke ununified planning and management, may cause the waste of address space, are unfavorable for ADVPN
The Scaledeployment of network, in some instances it may even be possible to lead to IP address conflict.
Summary of the invention
In view of this, the present invention proposes a kind of method and apparatus for configuring ADVPN branch node (Spoke), to private network
Location is managed to save address space.
The one side of embodiment according to the present invention proposes a kind of method for configuring ADVPN branch node, this method application
In VAM server;This method comprises:
The registration request message of the public network address comprising the ADVPN branch node is received from ADVPN branch node;
Distribution corresponds to the private net address of the public network address of the ADVPN branch node;
The message that succeeds in registration for carrying the private net address is sent to the ADVPN branch node, thus by the ADVPN
Branch node configures the address in the tunnel ADVPN on the ADVPN branch node based on the private net address.
Preferably, the registration request message further includes the mark of group belonging to the ADVPN branch node;
It is described distribution correspond to the public network address private net address include:
Determine address pool corresponding with described group of mark;
The private net address for corresponding to public network address is distributed from identified address pool.
Preferably, the distribution corresponds to the private net address of the public network address of ADVPN branch node are as follows: is based on DynamicHost
Configuration protocol DHCP distribution corresponds to the private net address of the public network address of the ADVPN branch node;
Before sending the message that succeeds in registration for carrying the private net address to the ADVPN branch node, this method is also
Include:
When the private net address is identical as the private net address of ADVPN central node, corresponded to again based on DHCP distribution
The private net address of the public network address of the ADVPN branch node.
Preferably, this method further include:
When the ADVPN branch node exits, the private net address is deleted;Or
When the ADVPN branch node in the given time without update when, delete the private net address.
Preferably, the message that succeeds in registration further includes ADVPN central node belonging to the ADVPN branch node
Routing property information, so that being based on the routing property information by the ADVPN branch node generates corresponding local routing
Configuration information, and the local routing configuration information is based on by the ADVPN branch node and passes through the tunnel ADVPN from ADVPN
Heart node learns VPN route information;
The routing property information includes: Routing Protocol type and routing field parameter.
The another aspect of embodiment according to the present invention proposes that a kind of method for configuring ADVPN branch node, this method are answered
For ADVPN branch node;This method comprises:
The public network address comprising the ADVPN branch node is sent to Virtual Private Network address administration VAM server
Registration request message;
The message that succeeds in registration is received from VAM server, the message that succeeds in registration includes the distribution of VAM server, corresponding
In the private net address of the public network address of the ADVPN branch node;
The address in the tunnel ADVPN on the ADVPN branch node is configured based on the private net address.
Preferably, the message that succeeds in registration further includes ADVPN central node belonging to the ADVPN branch node
Routing property information, the routing property information include: Routing Protocol type and routing field parameter;This method further include:
Corresponding local routing configuration information is generated based on the routing property information;
VPN route information is learnt from ADVPN central node by the tunnel ADVPN based on the local routing configuration information.
The another aspect of embodiment according to the present invention proposes that a kind of device for configuring ADVPN branch node, the device are answered
For VAM server, which includes:
Registration request message receiving module, for receiving the public affairs comprising the ADVPN branch node from ADVPN branch node
The registration request message of net address;
Private net address distribution module, for distributing the private net address for corresponding to the public network address of the ADVPN branch node;
Succeed in registration message sending module, for sending the note for carrying the private net address to the ADVPN branch node
Volume success message, to be configured on the ADVPN branch node by the ADVPN branch node based on the private net address
The address in the tunnel ADVPN.
Preferably, the registration request message further includes the group mark of the ADVPN branch node;
Private net address distribution module, for determining address pool corresponding with the group of ADVPN branch node mark;From
The private net address for corresponding to public network address is distributed in identified address pool.
Preferably, private net address distribution module, it is described for being corresponded to based on dynamic host configuration protocol DHCP distribution
The private net address of the public network address of ADVPN branch node, and work as the private net address phase of the private net address and ADVPN central node
Meanwhile corresponding to the private net address of the public network address of the ADVPN branch node based on DHCP distribution again.
The another aspect of embodiment according to the present invention proposes that a kind of device for configuring ADVPN branch node, the device are answered
For ADVPN branch node, which includes:
Registration request message sending module, for sending to Virtual Private Network address administration VAM server comprising described
The registration request message of the public network address of ADVPN branch node;
Succeed in registration message receiving module, for receiving the message that succeeds in registration, the message that succeeds in registration from VAM server
The private net address of public network address comprising the distribution of VAM server, corresponding to the ADVPN branch node;
Configuration module, for configuring the address in the tunnel ADVPN on the ADVPN branch node based on the private net address.
Preferably, the message that succeeds in registration further includes the routing property information of ADVPN central node, the routing
Attribute information includes: Routing Protocol type and routing field parameter;
Configuration module, for generating corresponding local routing configuration information based on the routing property information;Based on institute
It states local routing configuration information and VPN route information is learnt from ADVPN central node by the tunnel ADVPN.
It can be seen from the above technical proposal that the private net address of the not static specified ADVPN branch node of the present invention, but by
VAM server distributes the private net address of ADVPN branch node, is managed collectively to private net address, saves address space and drop
Low address collision problem, but also reduce ADVPN node deployment difficulty.
Detailed description of the invention
Fig. 1 is the method flow diagram for configuring ADVPN branch node in VAM server side according to the present invention;
Fig. 2 is to configure the method flow diagram of ADVPN branch node in ADVPN branch node side according to the present invention;
Fig. 3 is the schematic diagram that ADVPN branch node is configured according to first embodiment of the invention;
Fig. 4 is the schematic diagram that ADVPN branch node is configured according to second embodiment of the invention;
Fig. 5 is the structure drawing of device for configuring ADVPN branch node in VAM server side according to the present invention;
Fig. 6 is to configure the structure drawing of device of ADVPN branch node in ADVPN branch node side according to the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, the present invention is made with reference to the accompanying drawing further
Detailed description.
Address space is caused to waste in view of the private net address of static specified ADVPN branch node (Spoke) in the prior art
Technological deficiency, the private net address of the not static specified ADVPN branch node of the present invention, but by VAM server distribution ADVPN point
The private net address of Zhi Jiedian.
Fig. 1 is the method flow diagram for configuring ADVPN branch node in VAM server side according to the present invention, this method application
In VAM server.
As shown in Figure 1, this method comprises:
Step 101:VAM server receives the registration of the public network address comprising ADVPN branch node from ADVPN branch node
Request message.
Herein, the public network address of the ADVPN branch node is configured on ADVPN branch node first, and is taken to VAM
Business device sends the registration request message comprising the public network address.
In the prior art, VAM server from the received registration request message of ADVPN branch node not only include ADVPN
The public network address of branch node also includes the private net address configured on ADVPN branch node.Unlike, the present invention without
The private net address of ADVPN branch node need to be configured on ADVPN branch node, therefore in registration request message and do not include
The private net address of ADVPN branch node.
The distribution of step 102:VAM server corresponds to the private net address of the public network address of ADVPN branch node.
Herein, after VAM server receives registration request message, ADVPN points are parsed from registration request message
The public network address of Zhi Jiedian.Moreover, the IP address-based dynamic allocation mechanism distribution of VAM server corresponds to ADVPN branch and saves
The private net address of the public network address of point.
For example, VAM server can be based on dynamic host configuration protocol (Dynamic Host Configuration
Protocol, DHCP) private net address of the distribution corresponding to the public network address of ADVPN branch node.It is also recorded in VAM server
Corresponding relationship between the public network address of ADVPN branch node and the private net address distributed.
Specifically, the private net address that VAM server is distributed can be private for A class private net address, B class private net address or C class
Net address, in which:
A class private net address: 10.0.0.1--10.255.255.254;
B class private net address: 172.16.0.0.1--172.31.255.254;
C class private net address: 192.168.0.1--192.168.255.254.
Step 103:VAM server sends the message that succeeds in registration for carrying the private net address to ADVPN branch node, thus
The address in the tunnel ADVPN on the ADVPN branch node is configured based on private net address by ADVPN branch node.
VAM server sends the message that succeeds in registration for carrying the private net address to ADVPN branch node.ADVPN branch section
After point receives the message that succeeds in registration for carrying private net address, the private net address can be configured on ADVPN branch node
The address in the tunnel ADVPN.After ADVPN branch node configures the address in the tunnel ADVPN, it can be built with ADVPN central node
The vertical tunnel ADVPN.
ADVPN branch node can be divided into multiple groups by the usual Numerous of ADVPN branch node.In same packets
Each ADVPN branch node should belong to identical private network network segment.It correspondingly, is each ADVPN branch in VAM server
Corresponding address pool is arranged in node grouping, so that VAM server can be the ADVPN branch node distribution for belonging to different grouping
The private net address of different private network network segments.
In one embodiment, registration request message further includes group belonging to ADVPN branch node in step 101
Mark;In a step 102, the private net address that the distribution of VAM server corresponds to public network address comprises determining that corresponding with group mark
Address pool;Distribution corresponds to the private net address of public network address from identified address pool.
Such as, it is assumed that ADVPN branch node 1 belongs to group 1;ADVPN branch node 2 belongs to group 2.ADVPN branch node 1
Public network address is 123.123.123.1;The public network address of ADVPN branch node 2 is 123.123.123.2.In VAM server
In, the address pool of designated groups 1 are as follows: 172.16.0.0.1--172.31.255.254;The address pool of group 2 is 10.0.0.1--
10.255.255.254。
It not only includes ADVPN branch node 1 in the registration request message of VAM server that ADVPN branch node 1, which is sent to,
Public network address (123.123.123.1), also comprising the mark of group belonging to ADVPN branch node (organizing 1).VAM server receives
After the registration request message, it is first determined address pool corresponding with group mark is 172.16.0.0.1--
172.31.255.254, then from identified address pool distribution correspond to public network address private net address, such as
172.16.0.0.5。
Similarly, ADVPN branch node 2 is sent in the registration request message of VAM server not only comprising ADVPN branch
The public network address (123.123.123.2) of node 1, also comprising the mark of group belonging to ADVPN branch node (organizing 2).VAM service
After device receives the registration request message, it is first determined address pool corresponding with group mark is 10.0.0.1--
10.255.255.254, then from identified address pool distribution correspond to public network address private net address, such as
10.0.0.6。
Since the tunnel the ADVPN number of ADVPN central node (Hub) is less, and ADVPN central node is located at total position
The problem of there is no large scale deployments is set, therefore ADVPN central node does not need to dynamically distribute private net address, it only need to be in ADVPN
Static state specifies its private net address on central node.
ADVPN central node is also required to execute registration on VAM server.VAM server is received from ADVPN central node
Registration request message, the registration request message include the public network address of ADVPN central node, the static state on ADVPN central node
Specified private net address.VAM server is based on the registration request message and registers ADVPN central node, therefore in VAM server
Record has the private net address of ADVPN central node.It needs to prevent the private net address distributed for ADVPN branch node and VAM from taking
Address conflict occurs for the private net address of ADVPN central node recorded in business device.
In one embodiment, private net address of the distribution corresponding to the public network address of ADVPN branch node in step 102
Are as follows: correspond to the private net address of the public network address of ADVPN branch node based on DHCP distribution.It is saved in step 103 to ADVPN branch
Before point sends the message that succeeds in registration for carrying private net address, this method further include:
When the private net address phase of private net address and ADVPN central node that VAM server is distributed by ADVPN branch node
Meanwhile private net address is distributed for ADVPN branch node again.
For example, when the private net address static state setting of ADVPN central node is 111.1.1.1, and VAM server is based on DHCP
Address pool is the private net address that dynamically distributes of ADVPN branch node when being also 111.1.1.1, and private network occurs for the confirmation of VAM server
Address conflict, therefore before sending the message that succeeds in registration for carrying private net address to ADVPN branch node, by dhcp address pool
New address is redistributed for ADVPN branch node.
In one embodiment, the message that succeeds in registration in step 103 further includes belonging to the ADVPN branch node
ADVPN central node routing property information.Specifically, which includes: the routing association of ADVPN central node
Discuss the routing field parameter of type and ADVPN central node.Preferably, routing property information can also include ADVPN operating mode.
Specifically, the Routing Protocol type of ADVPN central node may include ospf (OSPF) or
Border Gateway Protocol (BGP);The routing field parameter of ADVPN central node may include region (area) parameter or BGP of OSPF
Autonomous system (AS) parameter;ADVPN operating mode includes full interconnection (Full-Mesh) mode or Hub-Spoke mode.
After ADVPN branch node receives the message that succeeds in registration, corresponding local is generated based on routing property information
Routing configuration information, and Routing Protocol neighborhood is established based on local routing configuration information and ADVPN central node.It is establishing
After Routing Protocol neighborhood, ADVPN branch node can learn private network road from ADVPN central node by the tunnel ADVPN
By information.
Fig. 2 is the method flow diagram that ADVPN branch node is configured according to ADVPN branch node of the present invention side, and this method is answered
For ADVPN branch node.
As shown in Fig. 2, this method comprises:
Step 201: the registration request message of the public network address comprising ADVPN branch node is sent to VAM server.
Step 202: receiving the message that succeeds in registration from VAM server, which includes that VAM server distributes
, the private net address of public network address corresponding to ADVPN branch node.
Step 203: the address in the tunnel ADVPN on the ADVPN branch node is configured based on the private net address.
In one embodiment, the message that succeeds in registration further includes the center ADVPN belonging to the ADVPN branch node
The routing property information of node, the routing property information include: Routing Protocol type and routing field parameter;This method further include:
Corresponding local routing configuration information is generated based on routing property information;Passed through based on local routing configuration information
The tunnel ADVPN learns VPN route information from ADVPN central node.
The present invention is specifically described below with reference to specific ADVPN network structure.
Fig. 3 is the schematic diagram that ADVPN branch node (Spoke) is configured according to first embodiment of the invention.
In Fig. 3, public network address 123.123.123.1 is configured on Spoke;Match on ADVPN central node (Hub)
It is equipped with public network address 123.123.123.2 and private net address 10.0.1.1.Routing Protocol type on Hub is OSPF;Routed domain
Parameter is area0;Operating mode is Hub-Spoke mode.
Hub sends the registration comprising public network address 123.123.123.2 and private net address 10.0.1.1 to VAM server and asks
Seek message.VAM server receives the registration of Hub, and record private net address 10.0.1.1 and public network address 123.123.123.2 it
Between corresponding relationship.
Spoke sends the registration request message comprising public network address 123.123.123.1 to VAM server.VAM server
Private net address 10.0.1.1 is dynamically distributed first for Spoke.VAM server finds that the private net address of Hub is also 10.0.1.1, because
This VAM server redistributes private net address 10.0.1.3, and receives the registration of Spoke, records private net address 10.0.1.3
With the corresponding relationship between public network address 123.123.123.1.Moreover, it includes private net address that VAM server is sent to Spoke
10.0.1.3 the message that succeeds in registration.
Spoke is received succeed in registration message after, configure private net address 10.0.1.3 to the address in the tunnel ADVPN,
And the tunnel ADVPN is established between Spoke and Hub.
As it can be seen that the present invention is dynamically distributed the private net address of ADVPN branch node by VAM server, for the private network of Spoke
Address has unified planning and management, has saved address space, is conducive to the Scaledeployment of ADVPN network, and can be to prevent
Only IP address conflict problem.
What VAM server was sent to Spoke succeed in registration, and message can further include Routing Protocol type OSPF, routing
Field parameter area0 and Hub-Spoke mode parameter.After Spoke receives the message that succeeds in registration, you can learn that the road on Hub
It is OSPF by protocol type, routed domain area0, operating mode is Hub-Spoke mode, and is locally generated corresponding
Ground routing configuration information.The same specified circuit of local routing configuration information is OSPF, routed domain area0, work by protocol type
Operation mode is Hub-Spoke mode.Then, Spoke is based on local routing configuration information and Hub establishes ospf neighbor relationship, and
Learn VPN route information from Hub by the tunnel ADVPN.
As it can be seen that Spoke can obtain the routing property information of Hub automatically, to realize Spoke after the application present invention
Automatically VPN route information is issued.
Fig. 4 is the schematic diagram that ADVPN branch node is configured according to second embodiment of the invention.
In Fig. 4, Hub1, Hub2 and Hub3 belong to the same Hub group (Group0), which uses Full-Mesh group
Net.Moreover, Spoke1 and Spoke2 belong to an ADVPN grouping (i.e. the domain ADVPN), the entitled Group1 of group of ADVPN grouping;
Spoke3 and Spoke4 belongs to another ADVPN grouping, the entitled Group2 of group of ADVPN grouping.
Routing Protocol type on Hub1 is OSPF;Routing field parameter is area0;Operating mode is Hub-Spoke mode.
Routing Protocol type on Hub2 is BGP;Routing field parameter is AS1;Operating mode is Hub-Spoke mode.Group1 is corresponding
Central node be Hub1;The corresponding central node of Group2 is Hub2.
In VAM server, setting there are two dhcp address pool, respectively 10.0.0.1--10.255.255.254 and
172.16.0.0.1--172.31.255.254, wherein 10.0.0.1--10.255.255.254 corresponds to Group1;
172.16.0.0.1--172.31.255.254 correspond to Group2.
It is illustrated by taking Spoke2 as an example below.Assuming that the public network address configured on Spoke2 is 123.123.123.1.
Spoke2 sends the registration request comprising public network address 123.123.123.1 and group name Group1 to VAM server
Message 1.VAM server parses group name Group1 and public network address 123.123.123.1, and from corresponding to group name Group1's
Private net address 10.0.1.2 is dynamically distributed in address pool 10.0.0.1--10.255.255.254, and records private net address
10.0.1.2 with the corresponding relationship between public network address 123.123.123.1.Moreover, VAM server includes to Spoke2 transmission
The message 1 that succeeds in registration of private net address 10.0.1.2.
Spoke2 is received succeed in registration message 1 after, configure ADVPN tunnel on Spoke2 for private net address 10.0.1.2
The address in road, and the tunnel ADVPN is established between Spoke2 and Hub1.
What VAM server was sent to Spoke2 succeed in registration, and message 1 can further include the Routing Protocol type of Hub1
The routing field parameter (i.e. area0) of (i.e. OSPF), Hub1 and the operating mode parameter (i.e. Hub-Spoke mode) of Hub1.
After Spoke2 receives the message 1 that succeeds in registration, you can learn that the Routing Protocol type on Hub1 is OSPF, routed domain is
Area0, operating mode is Hub-Spoke mode, and is locally generated corresponding local routing configuration information.The local routing
The same specified circuit of configuration information is OSPF by protocol type, and routed domain area0, operating mode is Hub-Spoke mode.So
Afterwards, Spoke2 is based on local routing configuration information and Hub1 establishes ospf neighbor relationship, and is learnt by the tunnel ADVPN from Hub1
VPN route information.
It is illustrated by taking Spoke3 as an example again.Assuming that the public network address configured on Spoke3 is 123.123.123.5.
Spoke3 sends the registration request comprising public network address 123.123.123.5 and group name Group2 to VAM server
Message 2.VAM server parses group name Group2 and public network address 123.123.123.5, and from corresponding to group name Group2's
Private net address 172.16.0.2 is dynamically distributed in address pool 172.16.0.0.1--172.31.255.254, and with recording private network
Corresponding relationship between location 172.16.0.2 and public network address 123.123.123.5.Moreover, VAM server is sent to Spoke3
The message 2 that succeeds in registration comprising private net address 172.16.0.2.
Spoke3 is received succeed in registration message 2 after, configure private net address 172.16.0.2 on Spoke3
The address in the tunnel ADVPN, and the tunnel ADVPN is established between Spoke3 and Hub2.
What VAM server was sent to Spoke3 succeed in registration, and message 2 can further include the Routing Protocol type of Hub2
The routing field parameter (i.e. AS1) of (i.e. BGP), Hub1 and the operating mode parameter (i.e. Hub-Spoke mode) of Hub2.Spoke3 connects
After receiving the message that succeeds in registration, you can learn that Routing Protocol type on Hub2 is BGP, routed domain AS1, operating mode is
Hub-Spoke mode, and it is locally generated corresponding local routing configuration information.The local routing configuration information is equally specified
Routing Protocol type is BGP, and routed domain AS1, operating mode is Hub-Spoke mode.Then, Spoke3 is based on local routing
Configuration information and Hub2 establish bgp neighbor relationship, and learn VPN route letter from Hub2 by the tunnel ADVPN between Hub2
Breath.
It is described in detail by taking Spoke2 and Spoke3 as an example above.Similarly, also have for Spoke1 and Spoke4
Similar treatment process.
In network structure shown in Fig. 4, an ADVPN grouping corresponds to a Hub.In fact, an ADVPN grouping is also
It can correspond to two Hub.
When ADVPN grouping corresponds to two Hub, each Spoke in ADVPN grouping respectively with the two Hub
Establish the connection of the tunnel ADVPN.VAM server specifies one in the two Hub for main Hub, another is standby Hub, and is being infused
Volume success message carries the Routing Protocol type of main Hub and the routing field parameter of main Hub, thus each of ADVPN grouping
Spoke can learn VPN route information from main Hub by the tunnel ADVPN between main Hub.
Based on above-mentioned analysis, the invention also provides a kind of devices in VAM server side configuration ADVPN branch node.
Fig. 5 is the structure drawing of device for configuring ADVPN branch node in VAM server side according to the present invention.
As shown in figure 5, the device 500 is applied to VAM server, which includes:
Registration request message receiving module 501, for receiving the public affairs comprising ADVPN branch node from ADVPN branch node
The registration request message of net address;
Private net address distribution module 502, for distributing the private net address for corresponding to the public network address of ADVPN branch node;
Succeed in registration message sending module 503, carries succeeding in registration for private net address for sending to ADVPN branch node
Message, to configure based on private net address the address in the tunnel ADVPN on the ADVPN branch node by ADVPN branch node.
In one embodiment, registration request message further includes the group mark of ADVPN branch node;
Private net address distribution module 502, for determining address pool corresponding with the group of ADVPN branch node mark;From
Distribution corresponds to the private net address of public network address in identified address pool.
In one embodiment, private net address distribution module 502, for corresponding to ADVPN branch based on DHCP distribution
The private net address of the public network address of node, and when private net address is identical as the private net address of ADVPN central node, it is based on again
DHCP distribution corresponds to the private net address of the public network address of ADVPN branch node.
Based on above-mentioned analysis, the invention also provides a kind of dresses in ADVPN branch node side configuration ADVPN branch node
It sets.
Fig. 6 is to configure the structure drawing of device of ADVPN branch node in ADVPN branch node side according to the present invention.The device
600 are applied to ADVPN branch node.
As shown in fig. 6, the device 600 includes:
Registration request message sending module 601, for public network of the VAM server transmission comprising ADVPN branch node
The registration request message of location;
Succeed in registration message receiving module 602, and for receiving the message that succeeds in registration from VAM server, succeed in registration message
The private net address of public network address comprising the distribution of VAM server, corresponding to ADVPN branch node;
Configuration module 603, for configuring the address in the tunnel ADVPN on the ADVPN branch node based on private net address.
In one embodiment, the message that succeeds in registration further includes the routing property information of ADVPN central node, road
It include: Routing Protocol type and routing field parameter by attribute information;
Configuration module 603, for generating corresponding local routing configuration information based on routing property information;Based on local
Routing configuration information learns VPN route information from ADVPN central node by the tunnel ADVPN.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.It is all
Within the spirit and principles in the present invention, any modification, equivalent replacement, improvement and so on should be included in protection of the invention
Within the scope of.
Claims (12)
1. a kind of method of the automatic discovery Virtual Private Network ADVPN branch node of configuration, which is characterized in that this method is applied to
Virtual Private Network address administration VAM server;This method comprises:
The registration request message of the public network address comprising the ADVPN branch node is received from ADVPN branch node;
IP address-based dynamic allocation mechanism distribution corresponds to the private net address of the public network address of the ADVPN branch node;
The message that succeeds in registration for carrying the private net address is sent to the ADVPN branch node, thus by the ADVPN branch
Node configures the address in the tunnel ADVPN on the ADVPN branch node based on the private net address.
2. the method according to claim 1, wherein the registration request message further includes the ADVPN
The mark of group belonging to branch node;
It is described distribution correspond to the public network address private net address include:
Determine address pool corresponding with described group of mark;
The private net address for corresponding to public network address is distributed from identified address pool.
3. the method according to claim 1, wherein the distribution is with corresponding to the public network of ADVPN branch node
The private net address of location are as follows: correspond to the public network address of the ADVPN branch node based on dynamic host configuration protocol DHCP distribution
Private net address;
Before sending the message that succeeds in registration for carrying the private net address to the ADVPN branch node, this method further include:
When the private net address is identical as the private net address of ADVPN central node, corresponded to again based on DHCP distribution
The private net address of the public network address of the ADVPN branch node.
4. the method according to claim 1, wherein this method further include:
When the ADVPN branch node exits, the private net address is deleted;Or
When the ADVPN branch node in the given time without update when, delete the private net address.
5. method according to any of claims 1-4, which is characterized in that the message that succeeds in registration further includes
The routing property information of ADVPN central node belonging to the ADVPN branch node, to be based on by the ADVPN branch node
The routing property information generates corresponding local routing configuration information, and is based on described by the ADVPN branch node
Ground routing configuration information learns VPN route information from ADVPN central node by the tunnel ADVPN;
The routing property information includes: Routing Protocol type and routing field parameter.
6. a kind of method of the automatic discovery Virtual Private Network ADVPN branch node of configuration, which is characterized in that this method is applied to
ADVPN branch node;This method comprises:
The registration of the public network address comprising the ADVPN branch node is sent to Virtual Private Network address administration VAM server
Request message;
The message that succeeds in registration is received from VAM server, the message that succeeds in registration includes the IP address-based dynamic of VAM server
The private net address of public network address that distribution mechanism is distributed, corresponding to the ADVPN branch node;
The address in the tunnel ADVPN on the ADVPN branch node is configured based on the private net address.
7. according to the method described in claim 6, it is characterized in that, the message that succeeds in registration further includes the ADVPN points
The routing property information of ADVPN central node belonging to Zhi Jiedian, the routing property information include: Routing Protocol type and road
By field parameter;This method further include:
Corresponding local routing configuration information is generated based on the routing property information;
VPN route information is learnt from ADVPN central node by the tunnel ADVPN based on the local routing configuration information.
8. a kind of device of the automatic discovery Virtual Private Network ADVPN branch node of configuration, which is characterized in that the device is applied to
Virtual Private Network address administration VAM server, the device include:
Registration request message receiving module, for from public network of the ADVPN branch node reception comprising the ADVPN branch node
The registration request message of location;
Private net address distribution module corresponds to the ADVPN branch node for the distribution of IP address-based dynamic allocation mechanism
Public network address private net address;
Succeed in registration message sending module, carries registering for the private net address for sending to the ADVPN branch node
Function message, to configure based on the private net address ADVPN tunnel on the ADVPN branch node by the ADVPN branch node
The address in road.
9. device according to claim 8, which is characterized in that the registration request message further includes the ADVPN
The group of branch node identifies;
Private net address distribution module, for determining address pool corresponding with the group of ADVPN branch node mark;From really
The private net address for corresponding to public network address is distributed in fixed address pool.
10. device according to claim 8, which is characterized in that
Private net address distribution module, for corresponding to the ADVPN branch node based on dynamic host configuration protocol DHCP distribution
The private net address of public network address be based on and when the private net address is identical as the private net address of ADVPN central node again
DHCP distribution corresponds to the private net address of the public network address of the ADVPN branch node.
11. a kind of device of the automatic discovery Virtual Private Network ADVPN branch node of configuration, which is characterized in that the device application
In ADVPN branch node, which includes:
Registration request message sending module includes the ADVPN for sending to Virtual Private Network address administration VAM server
The registration request message of the public network address of branch node;
Succeed in registration message receiving module, and for receiving the message that succeeds in registration from VAM server, the message that succeeds in registration includes
The private of public network address that the IP address-based dynamic allocation mechanism of VAM server is distributed, corresponding to the ADVPN branch node
Net address;
Configuration module, for configuring the address in the tunnel ADVPN on the ADVPN branch node based on the private net address.
12. device according to claim 11, which is characterized in that
The message that succeeds in registration further includes the routing property information of ADVPN central node, the routing property packet
It includes: Routing Protocol type and routing field parameter;
Configuration module, for generating corresponding local routing configuration information based on the routing property information;Based on described
Ground routing configuration information learns VPN route information from ADVPN central node by the tunnel ADVPN.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510671692.7A CN105591871B (en) | 2015-10-16 | 2015-10-16 | A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510671692.7A CN105591871B (en) | 2015-10-16 | 2015-10-16 | A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105591871A CN105591871A (en) | 2016-05-18 |
CN105591871B true CN105591871B (en) | 2019-03-08 |
Family
ID=55931118
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510671692.7A Active CN105591871B (en) | 2015-10-16 | 2015-10-16 | A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105591871B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106506312B (en) * | 2016-11-24 | 2019-08-27 | 浙江宇视科技有限公司 | A kind of networking configuration method, data communications method and device |
CN108512755B (en) * | 2017-02-24 | 2021-03-30 | 华为技术有限公司 | Method and device for learning routing information |
CN109617922B (en) * | 2019-01-24 | 2021-04-27 | 杭州迪普科技股份有限公司 | Processing method and device for VPN protection network segment conflict, and electronic equipment |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7848335B1 (en) * | 2005-10-27 | 2010-12-07 | Juniper Networks, Inc. | Automatic connected virtual private network |
CN102546434A (en) * | 2012-02-15 | 2012-07-04 | 杭州华三通信技术有限公司 | DVPN (dynamic virtual private network) large-scale networking method and Spoke |
CN103023667A (en) * | 2012-12-03 | 2013-04-03 | 杭州华三通信技术有限公司 | Multicast data transmission method and device based on dynamic virtual private network (DVPN) |
CN103209108A (en) * | 2013-04-10 | 2013-07-17 | 杭州华三通信技术有限公司 | Dynamic virtual private network (DVPN)-based route generation method and equipment |
US8499095B1 (en) * | 2006-05-25 | 2013-07-30 | Cisco Technology, Inc. | Methods and apparatus for providing shortcut switching for a virtual private network |
CN104427010A (en) * | 2013-08-30 | 2015-03-18 | 杭州华三通信技术有限公司 | NAT (network address translation) method and device applied to DVPN (dynamic virtual private network) |
CN104639417A (en) * | 2015-02-27 | 2015-05-20 | 杭州华三通信技术有限公司 | Method and device for binding public network link for ADVPN (auto discovery virtual private network) tunnel |
-
2015
- 2015-10-16 CN CN201510671692.7A patent/CN105591871B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7848335B1 (en) * | 2005-10-27 | 2010-12-07 | Juniper Networks, Inc. | Automatic connected virtual private network |
US8499095B1 (en) * | 2006-05-25 | 2013-07-30 | Cisco Technology, Inc. | Methods and apparatus for providing shortcut switching for a virtual private network |
CN102546434A (en) * | 2012-02-15 | 2012-07-04 | 杭州华三通信技术有限公司 | DVPN (dynamic virtual private network) large-scale networking method and Spoke |
CN103023667A (en) * | 2012-12-03 | 2013-04-03 | 杭州华三通信技术有限公司 | Multicast data transmission method and device based on dynamic virtual private network (DVPN) |
CN103209108A (en) * | 2013-04-10 | 2013-07-17 | 杭州华三通信技术有限公司 | Dynamic virtual private network (DVPN)-based route generation method and equipment |
CN104427010A (en) * | 2013-08-30 | 2015-03-18 | 杭州华三通信技术有限公司 | NAT (network address translation) method and device applied to DVPN (dynamic virtual private network) |
CN104639417A (en) * | 2015-02-27 | 2015-05-20 | 杭州华三通信技术有限公司 | Method and device for binding public network link for ADVPN (auto discovery virtual private network) tunnel |
Also Published As
Publication number | Publication date |
---|---|
CN105591871A (en) | 2016-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9485147B2 (en) | Method and device thereof for automatically finding and configuring virtual network | |
US9787632B2 (en) | Centralized configuration with dynamic distributed address management | |
US8380819B2 (en) | Method to allow seamless connectivity for wireless devices in DHCP snooping/dynamic ARP inspection/IP source guard enabled unified network | |
CN103636167B (en) | Station opening configuration method in base station, base station, and server | |
EP2731313B1 (en) | Distributed cluster processing system and message processing method thereof | |
US20170013508A1 (en) | Stateless load-balancing across multiple tunnels | |
CN106797347A (en) | Method, system and computer-readable medium for virtual architecture route | |
CN107666419B (en) | Virtual broadband access method, controller and system | |
US9913198B2 (en) | Systems and methods for routing data | |
CN103209108B (en) | A kind of route generating method based on DVPN and equipment | |
WO2018006654A1 (en) | Method, apparatus and system for processing flowspec message | |
US20200092251A1 (en) | Unique identities of endpoints across layer 3 networks | |
US11102169B2 (en) | In-data-plane network policy enforcement using IP addresses | |
CN105591871B (en) | A kind of method and apparatus of the automatic discovery Virtual Private Network branch node of configuration | |
CN106878480A (en) | A kind of DHCP service process sharing method and device | |
US11985110B2 (en) | Distribution of stateless security functions | |
US20240007353A1 (en) | Software defined access fabric without subnet restriction to a virtual network | |
US20060193330A1 (en) | Communication apparatus, router apparatus, communication method and computer program product | |
CN104486193B (en) | A kind of method and device for establishing network node interconnection | |
US11496589B2 (en) | Zero day zero touch providing of services with policy control | |
CN107888473B (en) | Method and device for creating AC port | |
US8645564B2 (en) | Method and apparatus for client-directed inbound traffic engineering over tunnel virtual network links | |
US20240073973A1 (en) | Split control plane for private mobile network | |
CN116418724A (en) | Service access method, device and load balancing system | |
CN108390953A (en) | A kind of server discovery method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |