CN106209616B - Flooding inhibition method and device - Google Patents

Flooding inhibition method and device Download PDF

Info

Publication number
CN106209616B
CN106209616B CN201610543360.5A CN201610543360A CN106209616B CN 106209616 B CN106209616 B CN 106209616B CN 201610543360 A CN201610543360 A CN 201610543360A CN 106209616 B CN106209616 B CN 106209616B
Authority
CN
China
Prior art keywords
vxlan
address
arp
message
flooding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610543360.5A
Other languages
Chinese (zh)
Other versions
CN106209616A (en
Inventor
李树奎
李素芬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201610543360.5A priority Critical patent/CN106209616B/en
Publication of CN106209616A publication Critical patent/CN106209616A/en
Application granted granted Critical
Publication of CN106209616B publication Critical patent/CN106209616B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/32Flooding

Abstract

The invention provides a flooding suppression method and a device, wherein the flooding suppression method comprises the following steps: receiving a VXLAN virtual extensible local area network multicast message which has a free ARP message identifier and carries a free message; generating public network ARP flooding inhibition information based on the VXLAN multicast message; the VXLAN identification, the source tunnel endpoint address, the terminal IP address and the terminal MAC address of the public network ARP flooding inhibition information respectively correspond to the VXLAN identification of the VXLAN multicast message, the outer layer source IP address of the VXLAN multicast message, the sending end IP address of the free ARP message and the sending end MAC address of the free ARP message. Based on the invention, the exchanger as the convergent point in the VXLAN network generates the ARP flooding inhibition information of the public network so as to inhibit the ARP message flooding in the VXLAN network.

Description

Flooding inhibition method and device
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for suppressing flooding.
Background
VXLAN (Virtual Extensible Local Area Network) is a two-layer VPN (Virtual Private Network) technology based on an IP Network and in an "MAC in UDP (User data packet Protocol)" encapsulation format. VXLAN may provide two-layer interconnection for decentralized physical sites based on existing service provider or enterprise IP networks, and thus, ARP (Address resolution protocol) flooding may occur.
In the existing ARP flooding suppression method of the VXLAN network, a switch serving as a VTEP (VXLAN Tunnel End Point ) receives an ARP request message of a local station, establishes an ARP flooding suppression table locally, identifies the VXLAN to which the switch belongs, sends the ARP request message through all local interfaces of the VXLAN except a receiving interface, encapsulates the ARP request message according to a multicast address of the VXLAN to which the switch belongs, and sends the VXLAN multicast message into the VXLAN network. The multicast forwarding entries already established by the devices in the VXLAN network forward the VXLAN multicast message to the switch as the Rendezvous Point (RP). And the switch as the RP copies and forwards the VXLAN multicast message to the switches of VETPs as other sites in the VXLAN network according to the multicast forwarding table entry.
Although the above method can relatively reduce the number of times of flooding the ARP request message in the VXLAN network, the switch as the RP still occupies the network bandwidth when the ARP request message is copied and sent in the VXLAN network.
Disclosure of Invention
The invention aims to provide a flooding inhibition method and a flooding inhibition device so as to generate ARP flooding inhibition information of a public network for inhibiting ARP message flooding in a VXLAN network.
To achieve the above object, the present invention provides a flooding suppression method, wherein the method comprises: receiving a first VXLAN multicast message with a free ARP message identifier; wherein the first VXLAN multicast message carries a first gratuitous ARP message; generating public network ARP flooding inhibition information based on the first VXLAN multicast message; the VXLAN identification, the source tunnel endpoint address, the terminal IP address and the terminal MAC address of the public network ARP flooding suppression information respectively correspond to the VXLAN identification of the first VXLAN multicast message, the outer layer source IP address of the first VXLAN multicast message, the sending end IP address of the first free ARP message and the sending end MAC address of the first free ARP message.
To achieve the above object, the present invention also provides a flooding suppression apparatus, wherein the apparatus comprises: the receiving module is used for receiving a first VXLAN multicast message with a free ARP message identifier; wherein the first VXLAN multicast message carries a first gratuitous ARP message; the flooding suppression module is used for generating public network ARP flooding suppression information based on the first VXLAN multicast message; the VXLAN identification, the source tunnel endpoint address, the terminal IP address and the terminal MAC address of the public network ARP flooding suppression information respectively correspond to the VXLAN identification of the first VXLAN multicast message, the outer layer source IP address of the first VXLAN multicast message, the sending end IP address of the first free ARP message and the sending end MAC address of the first free ARP message.
The invention has the advantages that the exchanger as the convergent point in the VXLAN network generates the ARP flooding inhibition information of the public network, so that the ARP request message in the VXLAN network can be conveniently responded according to the ARP flooding inhibition information of the public network, the flooding of the ARP message in the VXLAN network is avoided, and the bandwidth occupation is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a flooding suppression method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a VXLAN network provided by the present invention;
fig. 3 is a schematic diagram of a VXLAN message format with an ARP message type identifier according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a flooding suppression apparatus according to an embodiment of the present invention.
Detailed Description
In order to reduce ARP flooding and save network bandwidth when acquiring address information of a virtual device, embodiments of the present invention provide a flooding suppression method and apparatus.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
The flooding suppression method shown in fig. 1 is applied to a switch as a rendezvous point in a VXLAN network, and includes:
step S101, receiving VXLAN multicast message with free ARP message identification and carrying free ARP message.
And step S102, generating public network ARP flooding inhibition information based on the received VXLAN multicast message.
The VXLAN identification, the source tunnel endpoint address, the terminal IP address and the terminal MAC address of the public network ARP flooding inhibition information respectively correspond to the VXLAN identification, the outer layer source IP address, the sending end IP address and the sending end MAC address of the free ARP message of the received VXLAN multicast message.
The embodiment shown in fig. 1 has the advantage that the switch serving as the aggregation point in the VXLAN network generates the public network ARP flooding suppression information to suppress ARP packet flooding in the VXLAN network.
In the VXLAN network provided by the embodiment of the present invention shown in fig. 2, switch F serves as the aggregation point for the VXLAN10 network.
The IP address and MAC address of VM1 and VM4 carried by server sever1 are IP1 and MAC1 and IP4 and MAC4, respectively, the IP address and MAC address of VM2 carried by server sever2 are IP2 and MAC2, respectively, and the IP address and MAC address of VM3 carried by server sever3 are IP3 and MAC3, respectively.
A VXLAN tunnel is established between switch a and switch B, and switch D, F, G may be an intermediate device on the VXLAN tunnel. A VXLAN tunnel is established between switches a and C, and switch D, F, E may be an intermediate device on the VXLAN tunnel. A VXLAN tunnel is established between switch B and switch C, and switch G, F, E may be an intermediate device on the VXLAN tunnel.
Switch F and switch A, B, C have a VXLAN tunnel established between them, respectively, switch D as the intermediate device for a VXLAN tunnel between switch F and switch a, switch G as the intermediate device for a VXLAN tunnel between switches F and B, and switch E as the intermediate device for a VXLAN tunnel between switches F and C. The devices in VXLAN10 send VXLAN multicast messages in VXLAN10 network to switch F, which is the aggregation point.
Switch a, switch B, and switch C establish VXLAN network tunnels within VXLAN10 with IP addresses IPA, IPB, and IPC, respectively.
And sending gratuitous ARP messages when the virtual machines VM1 and VM4 are accessed to the network. The switch A receives the gratuitous ARP messages from the virtual machines VM1 and VM4 through the ports GE1/0/1, and determines that the VLAN2 to which the receiving ports GE1/0/1 belong is associated with the virtual forwarding instance VSI to which the VXLAN10 belongs. Switch a records VXLAN10, IP1, MAC1, port GE1/0/1, VLAN2 as local ARP flooding suppression information for virtual machine VM1, and records VXLAN10, IP4, MAC4, port GE1/0/1, and VLAN2 as local ARP flooding suppression information for virtual machine VM 4. The ARP flooding suppression information recorded by switch a is shown in the following table:
VXLAN identification Terminal IP address Terminal MAC address Port(s)
VXLAN10 IP1 MAC1 GE1/0/1,VLAN2
VXLAN10 IP4 MAC4 GE1/0/1,VLAN2
The switch a may obtain the IP address and MAC address of the virtual machine VM1 from the sender IP address and the sender MAC address of the gratuitous ARP message.
The switch A encapsulates the received free ARP message into a VXLAN multicast message which has a free ARP message identifier and carries the free ARP message according to the multicast IP address of the VXLAN network 10, wherein the outer layer source IP address is IPA (namely, the IP address of a VXLAN tunnel of the switch A), and the outer layer destination IP address is a multicast IP address; the VXLAN head carries a free ARP message identifier. And the switch A sends the VXLAN multicast message carrying the free ARP message through the output interface of the VXLAN tunnel corresponding to the multicast IP address.
Fig. 3 is a schematic diagram illustrating a VXLAN message format with an ARP message type identifier according to an embodiment of the present invention. As shown in fig. 3, the first reserved field 301 of the VXLAN header of the VXLAN message has 24 bits (bit). The embodiment of the present invention may divide the 24-bit first reserved field 301 into three parts, each part having 8 bits. Thus, the three parts are respectively used for carrying free ARP message identification, ARP request message identification and ARP response message identification. Or, in this embodiment, a part of bits of the reserved field 301 is used to carry the different ARP packet type identifiers. Or, the reserved field of the last 8 bits of the VXLAN header is used for carrying the different ARP message type identifications. In the embodiment of the present invention, when the switch F serving as a rendezvous point receives a VXLAN multicast message having a gratuitous ARP message identifier, an ARP request message identifier, or an ARP response message identifier, the core copy is not executed, but the processing described below is executed.
The switch F receives a VXLAN multicast message which is sent by the switch A and has a toll-free ARP message identifier and carries the toll-free ARP message, records VXLAN10, IP1, MAC1 and IPA as public network ARP flooding inhibition information of the virtual machine VM1, and records VXLAN10, IP4, MAC4 and IPA as public network ARP flooding inhibition information of the virtual machine VM 4. The public network ARP flooding suppression information recorded by switch F is shown in the following table:
VXLAN identification Terminal IP address Terminal MAC address Source VETP Associating VTEP
VXLAN10 IP1 MAC1 IP A
VXLAN10 IP4 MAC4 IP A
The switch F receives a VXLAN multicast message carrying a free ARP message identifier, and obtains VXLAN10 (namely a VXLAN identifier) according to the UNI field of the VXLAN header; obtaining IPA (i.e., the IP address of the source VETP) from the outer source IP address; and acquiring the IP address and the MAC address of the VM1 and the VM4 according to the IP address and the MAC address of the sending end of the inner layer gratuitous ARP message.
Similarly, virtual machine VM2 sends gratuitous ARP messages on its access network. The switch B receives the gratuitous ARP message from the virtual machine VM2 through the port GE2/0/1, and records VXLAN10, IP2, MAC2, port GE2/0/1, and VLAN2 as local ARP flooding suppression information. The local ARP flooding suppression information recorded by switch B is shown in the following table:
VXLAN identification Terminal IP address Terminal MAC address Port(s)
VXLAN10 IP2 MAC2 GE2/0/1,VLAN2
The switch B encapsulates the received free ARP message into a VXLAN multicast message which has a free ARP message identifier and carries the free ARP message according to the multicast IP address of VXLAN10, wherein the outer layer source IP address is IPB; the outer layer destination IP address is a multicast IP address; the VXLAN header has a gratuitous ARP message identification. And the switch B sends the VXLAN multicast message carrying the free ARP message through the output interface of the VXLAN tunnel corresponding to the multicast IP address.
Virtual machine VM3 sends a gratuitous ARP message. The switch C receives the gratuitous ARP message from the virtual machine VM3 through the port GE3/0/1, and records VXLAN10, IP3, MAC3, port GE3/0/1, and VLAN2 as local ARP flooding suppression information. The local ARP flooding suppression information recorded by switch C is shown in the following table:
VXLAN identification Terminal IP address Terminal MAC address Port(s)
VXLAN10 IP3 MAC3 GE3/0/1,VLAN2
The switch C encapsulates the received free ARP message into a VXLAN multicast message which has a free ARP message identifier and carries the free ARP message according to the multicast IP address of VXLAN10, wherein the outer layer source IP address is IPC; the outer layer destination IP address is a multicast IP address; the VXLAN head carries a free ARP message identifier. And the exchanger C sends the VXLAN multicast message carrying the free ARP message through the output interface of the VXLAN tunnel corresponding to the multicast IP address.
The switch F receives the VXLAN multicast message with the gratuitous ARP message identification sent by the switch B and the switch C, and records the public network ARP flooding suppression information of the virtual machines VM2 and VM3 as follows:
VXLAN identification Terminal IP address Terminal MAC address Source VETP Associating VTEP
VXLAN10 IP1 MAC1 IP A
VXLAN10 IP4 MAC4 IP A
VXLAN10 IP2 MAC2 IP B
VXLAN10 IP3 MAC3 IP C
Virtual machine VM1 sends an ARP request message requesting the MAC address of virtual machine VM 4. The switch A searches the matched local ARP flooding inhibition information according to the VXLAN10 and the IP4 to generate an ARP response message.
In the invention, the switch A searches the local ARP flooding inhibition information according to the VXLAN identification and the target end IP address of the ARP request message. The switch A searches the matched local ARP flooding inhibition information to generate an ARP response message, sets the terminal IP address and the terminal MAC address of the local ARP flooding inhibition information as the sending end IP address and the MAC address of the ARP response message, and sets the sending end IP address and the MAC address of the ARP request message as the target end IP address and the MAC address of the ARP response message. The switch A sets the VLAN identification of the ARP response message according to the matched VLAN2 of the local ARP flooding inhibition information, and then sends the ARP response message through a local ARP flooding inhibition information port GE 1/0/1.
Virtual machine VM1 sends an ARP request message requesting virtual machine VM 3. The switch A does not find out matched local ARP inhibition information according to the VXLAN10 and the IP3 of the target end, and encapsulates the ARP message according to the multicast IP address of the VXLAN network 10 to obtain the VXLAN multicast message which has an ARP request message identifier and carries the ARP request message, wherein the source IP address of the outer layer is the IP address of a VXLAN tunnel of the switch A, and the target IP address of the outer layer is a multicast IP address; the VXLAN header has an ARP request message identification. And the switch A sends the VXLAN multicast message carrying the free ARP message through the output interface of the VXLAN tunnel corresponding to the multicast IP address.
In the VXLAN network 10, a VXLAN multicast message sent by switch a with an ARP request message identification and carrying an ARP request message is sent to a rendezvous point switch F. The switch F searches the matched ARP flooding inhibition information of the public network according to the VXLAN10 and the IP3 of the target end, generates an ARP response message according to the matched ARP flooding inhibition information of the public network, and encapsulates the generated ARP response message into a VXLAN unicast message which has an ARP response message identifier and carries the generated ARP response message; wherein, the outer layer source IP address is IP C of source VTEP in the matched public network ARP flooding inhibition information, and the outer layer destination IP address is IPA of exchanger A for inquiring the public network ARP flooding inhibition information; the VXLAN header has an ARP response message identification.
In the embodiment of the invention, the exchange F of the convergent point searches the matched ARP flooding inhibition information of the public network, generates an ARP response message in a reply mode, sets the outer layer source IP address and the outer layer target IP address of the VXLAN message as the IP addresses of VXLAN tunnels of a target party and a request party, and sends the VXLAN unicast message carrying the ARP response message through the VXLAN tunnel of the self-connected request party. In this way, in the VXLAN network, the VXLAN unicast packet carrying the ARP response packet with the ARP response packet identifier is finally sent to switch a according to the IP address of the requesting VXLAN tunnel, i.e., IPA. Therefore, the embodiment of the invention can avoid flooding of the ARP request message in the VXLAN10 network, and reduce the bandwidth occupation.
And the switch F records the IP address of the VETP (namely, the switch A) related to the public network flooding information in the matched public network ARP flooding inhibition information. The updated public network suppression information of the switch F is as follows:
VXLAN identification Terminal IP address Terminal MAC address Source VETP Associating VTEP
VXLAN10 IP1 MAC1 IP A
VXLAN10 IP4 MAC4 IP A
VXLAN10 IP2 MAC2 IP B
VXLAN10 IP3 MAC3 IP C IPA
The switch a receives the ARP response message encapsulated by VXLAN, and records that VXLAN10 and IP3 correspond to MAC3 and TunnelID1 as local ARP flooding suppression information of the virtual machine VM 3. The local ARP flooding suppression information recorded by switch a is shown in the following table:
VXLAN identification Terminal IP address Terminal MAC address Port(s)
VXLAN10 IP1 MAC1 GE1/0/1,VLAN2
VXLAN10 IP4 MAC4 GE1/0/1,VLAN2
VXLAN10 IP3 MAC3 Tunnel ID1
When the switch A receives the VXLAN unicast message carrying the ARP response message, the switch A can think that the ARP response message is received through the VXLAN tunnel connected with the switch C according to the outer layer source IP address IPC. Switch a therefore obtains the VXLAN Tunnel identification, such as Tunnel ID 2; and recording local ARP flooding suppression information.
The switch A decapsulates the VXLAN unicast message which has the ARP response message identification and carries the ARP response message, searches the local ARP flooding inhibition information according to the VXLAN10 and the IP address 1 of the target end, and sends the decapsulated ARP response message according to the GE 1/0/1. The virtual machine VM1 learns the ARP entry after receiving the ARP response message, and encapsulates the IP packet of the virtual machine VM3 into an ethernet packet according to the learned ARP entry. When the switch a receives the ethernet message sent by the virtual machine VM1 to the virtual machine VM3, the switch a finds the matched local ARP flooding suppression information according to the destination MAC address MAC3, encapsulates the packet into a VXLAN unicast message according to the VXLAN Tunnel index corresponding to the Tunnel ID1, and sends the VXLAN unicast message through the egress interface corresponding to the Tunnel ID 1. Finally, the VXLAN unicast message is sent to switch C through the VXLAN tunnel between switches a and C. And the switch C receives the VXLAN unicast message, removes VXLAN encapsulation, finds out matched local flooding inhibition information according to the target MAC, and sends the information through the port GE 3/0/1. Finally, the ethernet packet is sent to virtual machine VM 3.
When virtual machine VM3 migrates from server3 to server2, virtual machine VM3 sends a gratuitous ARP message. And the switch B packages the free ARP message into a VXLAN multicast message which has a free ARP message identifier and carries the free ARP message, and sends the message through an output interface of a corresponding VXLAN tunnel. Switch B updates the local ARP flooding suppression information as follows:
VXLAN identification Terminal IP address Terminal MAC address Port(s)
VXLAN10 IP2 MAC2 GE2/0/1,VLAN2
VXLAN10 IP3 MAC3 GE2/0/1,VLAN2
The switch F receives a VXLAN multicast message which is sent by the switch B and has a free ARP message identifier and carries the free ARP message, finds out matched public network ARP flooding information according to VXLAN10 and IP3, and modifies the IP address of a source VETP of the matched public network ARP flooding inhibition information into an IPB, as shown in the following table:
VXLAN identification Terminal IP address Terminal MAC address Source VETP Associating VTEP
VXLAN10 IP1 MAC1 IP A
VXLAN10 IP4 MAC4 IP A
VXLAN10 IP2 MAC2 IP B
VXLAN10 IP3 MAC3 IP B IPA
And the switch F decapsulates the VXLAN multicast message carrying the free ARP message, encapsulates the free ARP message into a VXLAN unicast message which has a free ARP message identifier and carries the free ARP message according to the IP address associated with the VETP in the matched public network ARP flooding inhibition information, wherein the outer source IP address and the outer destination IP address are IPB and IPA respectively.
And the switch F receives the VXLAN multicast message carrying the free ARP message, and unicasts the free ARP message to the associated VETP inquiring the ARP flooding inhibition information of the public network when confirming the change of the source VETP. And the exchanger F sets the IP addresses of the updated source VTEP and the VXLAN tunnel associated with VETP as an outer layer source IP address and an outer layer destination IP address of the VXLAN message, and sends a VXLAN unicast message carrying the ARP response message through the VXLAN tunnel of the own connection requester. Thus, in the VXLAN network, a VXLAN unicast message which has a free ARP message identification and carries the free ARP message is directly sent to the switch A which inquires the ARP flooding inhibition information of the public network. Therefore, the flooding of the gratuitous ARP broadcast message in the VXLAN10 network is avoided, and the switch A can be informed to update the local ARP flooding inhibition information in time.
The switch A receives a VXLAN unicast message carrying a gratuitous ARP message, finds out that VXLAN10 and a sending end IP address IP3 are matched with local ARP flooding inhibition information, determines that a VXLAN Tunnel corresponding to an outer source IP address of the VXLAN unicast message carrying the gratuitous ARP message is not corresponding to a VXLAN Tunnel outlet interface of the matched local ARP flooding inhibition information, and updates a Tunnel identifier of the matched local ARP flooding inhibition information to Tunnel ID2, as shown in the following table:
VXLAN identification Terminal IP address Terminal MAC address Port(s)
VXLAN10 IP1 MAC1 GE1/0/1,VLAN2
VXLAN10 IP4 MAC4 GE1/0/1,VLAN2
VXLAN10 IP3 MAC3 Tunnel ID2
When the VM1 sends an ethernet packet to the VM3, the switch a may encapsulate and send the ethernet packet according to the updated local flooding suppression information and the VXLAN Tunnel connected to the switch B and corresponding to the Tunnel ID 2. When the ARP entry of the virtual machine VM1 is aged and the ARP request message requesting the virtual machine VM3 is retransmitted, the switch a directly generates an ARP response message according to the local flooding suppression information and transmits the ARP response message to the switch VM 1.
Corresponding to the above method embodiment, the embodiment of the present invention also provides a corresponding device embodiment.
Fig. 4 is a schematic diagram of a flooding suppression apparatus 400 according to an embodiment of the present invention, where the flooding suppression apparatus 400 can be applied to a switch as a convergence point in a VXLAN network. The flooding suppression apparatus 400 includes a receiving module 410, a flooding suppression module 420, and a transmitting module 430.
A receiving module 410, configured to receive a first VXLAN multicast packet with a gratuitous ARP packet identifier; wherein the first VXLAN multicast message carries a first gratuitous ARP message. A flooding suppression module 420, configured to generate public network ARP flooding suppression information based on the first VXLAN multicast packet; the VXLAN identification, the source tunnel endpoint address, the terminal IP address and the terminal MAC address of the public network ARP flooding suppression information respectively correspond to the VXLAN identification of the first VXLAN multicast message, the outer layer source IP address of the first VXLAN multicast message, the sending end IP address of the first free ARP message and the sending end MAC address of the first free ARP message.
The receiving module 410 is further configured to receive a second VXLAN multicast packet having an ARP request packet identifier. The flooding suppression module 420 is further configured to find that the VXLAN identifier of the second VXLAN multicast packet and the target IP address of the ARP request packet match the VXLAN identifier of the public network ARP flooding suppression information and the terminal IP address; generating an ARP response message based on the public network ARP flooding inhibition information and packaging the ARP response message into a first VXLAN unicast message; wherein, the sending end IP address and the sending end MAC address of the ARP response message correspond to the terminal IP address and the terminal MAC address of the public network ARP flooding inhibition information; the outer layer source IP address and the outer layer destination IP address of the first VXLAN unicast message correspond to the source tunnel endpoint address of the public network ARP flooding suppression information and the source IP address of the second VXLAN multicast message. A sending module 430, configured to send the first VXLAN unicast packet.
The flooding suppression module 420 is further configured to set an outer layer source IP address of the second VXLAN multicast packet as an associated tunnel endpoint address of the public network ARP flooding suppression information.
The receiving module 410 is further configured to receive a third VXLAN multicast packet with a free ARP packet identifier; wherein the third VXLAN multicast message carries a second gratuitous ARP message. The flooding suppression module 420 is further configured to find that the VXLAN identifier of the third VXLAN multicast packet and the sending end IP address of the second free ARP packet match the VXLAN identifier of the public network ARP flooding suppression information and the terminal IP address, and the outer layer source IP address of the third VXLAN multicast packet is not consistent with the source tunnel endpoint address of the public network ARP flooding suppression information, and modify the source tunnel endpoint address of the public network ARP flooding suppression information according to the outer layer source IP address of the third VXLAN multicast packet.
The flooding suppression module 420 is further configured to encapsulate the second gratuitous ARP packet into a second VXLAN unicast packet according to the public network ARP flooding suppression information; the outer layer source IP address and the outer layer target IP address of the VXLAN unicast message are respectively the source tunnel endpoint address and the associated tunnel endpoint address of the public network ARP flooding inhibition information. The sending module 430 is further configured to send a second VXLAN unicast message.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (8)

1. A flooding suppression method applied to a switch serving as a convergence point in a virtual extensible local area network (VXLAN), the method comprising:
receiving a first VXLAN multicast message with a free ARP message identifier; wherein the first VXLAN multicast message carries a first gratuitous ARP message;
generating public network ARP flooding inhibition information based on the first VXLAN multicast message; the VXLAN identification, the source tunnel endpoint address, the terminal IP address and the terminal MAC address of the public network ARP flooding suppression information respectively correspond to the VXLAN identification of the first VXLAN multicast message, the outer layer source IP address of the first VXLAN multicast message, the sending end IP address of the first free ARP message and the sending end MAC address of the first free ARP message;
the method further comprises the following steps:
receiving a second VXLAN multicast message with an ARP request message identifier; the second VXLAN multicast message is sent by other exchangers in the VXLAN under the condition that the received ARP request message is not matched with the local ARP suppression information;
finding that the VXLAN identification of the second VXLAN multicast message and the target end IP address of the ARP request message are matched with the VXLAN identification and the terminal IP address of the public network ARP flooding inhibition information;
generating an ARP response message based on the public network ARP flooding inhibition information and packaging the ARP response message into a first VXLAN unicast message; wherein, the sending end IP address and the sending end MAC address of the ARP response message correspond to the terminal IP address and the terminal MAC address of the public network ARP flooding inhibition information; the outer layer source IP address and the outer layer destination IP address of the first VXLAN unicast message correspond to the source tunnel endpoint address of the public network ARP flooding suppression information and the source IP address of the second VXLAN multicast message;
and sending the first VXLAN unicast message.
2. The method of claim 1, further comprising;
and setting the outer layer source IP address of the second VXLAN multicast message as the associated tunnel endpoint address of the public network ARP flooding inhibition information.
3. The method of claim 2, further comprising:
receiving a third VXLAN multicast message with a free ARP message identifier; wherein the third VXLAN multicast message carries a second gratuitous ARP message;
and finding that the VXLAN identification of the third VXLAN multicast message and the IP address of the sending end of the second free ARP message are matched with the VXLAN identification and the IP address of the terminal of the public network ARP flooding inhibition information, and the outer layer source IP address of the third VXLAN multicast message is inconsistent with the source tunnel endpoint address of the public network ARP flooding inhibition information, and modifying the source tunnel endpoint address of the public network ARP flooding inhibition information according to the outer layer source IP address of the third VXLAN multicast message.
4. The method of claim 3, further comprising:
packaging the second free ARP message into a second VXLAN unicast message according to the public network ARP flooding inhibition information; the outer layer source IP address and the outer layer target IP address of the VXLAN unicast message are respectively a source tunnel endpoint address and a related tunnel endpoint address of the public network ARP flooding inhibition information;
and sending the second VXLAN unicast message.
5. A flooding suppression apparatus, applied to a switch as a rendezvous point within a virtual extensible local area network, VXLAN, the apparatus comprising:
the receiving module is used for receiving a first VXLAN multicast message with a free ARP message identifier; wherein the first VXLAN multicast message carries a first gratuitous ARP message;
a flooding suppression module, configured to generate public network ARP flooding suppression information based on the first VXLAN multicast packet; the VXLAN identification, the source tunnel endpoint address, the terminal IP address and the terminal MAC address of the public network ARP flooding suppression information respectively correspond to the VXLAN identification of the first VXLAN multicast message, the outer layer source IP address of the first VXLAN multicast message, the sending end IP address of the first free ARP message and the sending end MAC address of the first free ARP message;
the device also comprises a sending module;
the receiving module is also used for receiving a second VXLAN multicast message with an ARP request message identifier; the second VXLAN multicast message is sent by other exchangers in the VXLAN under the condition that the received ARP request message is not matched with the local ARP suppression information;
the flooding suppression module is further configured to find that the VXLAN identifier of the second VXLAN multicast packet and the target IP address of the ARP request packet match the VXLAN identifier of the public network ARP flooding suppression information and the terminal IP address; generating an ARP response message based on the public network ARP flooding inhibition information and packaging the ARP response message into a first VXLAN unicast message; wherein, the sending end IP address and the sending end MAC address of the ARP response message correspond to the terminal IP address and the terminal MAC address of the public network ARP flooding inhibition information; the outer layer source IP address and the outer layer destination IP address of the first VXLAN unicast message correspond to a source tunnel endpoint address of the public network ARP flooding suppression information and a source IP address of the second VXLAN multicast message;
the sending module is configured to send the first VXLAN unicast packet.
6. The apparatus of claim 5,
the flooding suppression module is further configured to set an outer layer source IP address of the second VXLAN multicast packet as an associated tunnel endpoint address of the public network ARP flooding suppression information.
7. The apparatus of claim 6,
the receiving module is also used for receiving a third VXLAN multicast message with a free ARP message identifier; wherein the third VXLAN multicast message carries a second gratuitous ARP message;
the flooding suppression module is further configured to find that the VXLAN identifier of the third VXLAN multicast packet and the sending end IP address of the second free ARP packet match the VXLAN identifier of the public network ARP flooding suppression information and the terminal IP address, and the outer layer source IP address of the third VXLAN multicast packet is not consistent with the source tunnel endpoint address of the public network ARP flooding suppression information, and modify the source tunnel endpoint address of the public network ARP flooding suppression information according to the outer layer source IP address of the third VXLAN multicast packet.
8. The apparatus of claim 7,
the flooding suppression module is further configured to encapsulate the second free ARP packet into a second VXLAN unicast packet according to the public network ARP flooding suppression information; the outer layer source IP address and the outer layer target IP address of the VXLAN unicast message are respectively a source tunnel endpoint address and a related tunnel endpoint address of the public network ARP flooding inhibition information;
the sending module is further configured to send the second VXLAN unicast message.
CN201610543360.5A 2016-07-06 2016-07-06 Flooding inhibition method and device Active CN106209616B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610543360.5A CN106209616B (en) 2016-07-06 2016-07-06 Flooding inhibition method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610543360.5A CN106209616B (en) 2016-07-06 2016-07-06 Flooding inhibition method and device

Publications (2)

Publication Number Publication Date
CN106209616A CN106209616A (en) 2016-12-07
CN106209616B true CN106209616B (en) 2020-11-06

Family

ID=57477733

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610543360.5A Active CN106209616B (en) 2016-07-06 2016-07-06 Flooding inhibition method and device

Country Status (1)

Country Link
CN (1) CN106209616B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106899706B (en) * 2017-01-11 2020-04-17 新华三技术有限公司 Flooding inhibition method and device
CN107547340B (en) * 2017-06-19 2020-09-08 新华三技术有限公司 Message forwarding method and device
CN110048925B (en) * 2018-01-15 2021-07-06 厦门靠谱云股份有限公司 IaaS OverLay control plane implementation method based on open source EVPN
CN109257265B (en) * 2018-08-10 2021-04-20 锐捷网络股份有限公司 Flooding suppression method, VXLAN bridge, gateway and system
CN110995623B (en) * 2019-11-26 2022-03-18 锐捷网络股份有限公司 Method for controlling flooding between data centers and first switch
CN116055398A (en) * 2022-12-29 2023-05-02 天翼云科技有限公司 Forwarding method and system node of VXLAN cluster system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7596693B1 (en) * 2003-03-12 2009-09-29 Occam Networks Controlling ARP packet traffic to enhance network security and scalability in TCP/IP networks
CN103200069A (en) * 2013-03-29 2013-07-10 华为技术有限公司 Message processing method and device
CN103647853A (en) * 2013-12-04 2014-03-19 华为技术有限公司 Method for sending ARP message in VxLAN, VTEP and VxLAN controller
CN103841028A (en) * 2014-03-24 2014-06-04 杭州华三通信技术有限公司 Method and device for forwarding messages
CN104702476A (en) * 2013-12-05 2015-06-10 华为技术有限公司 Distributed gateway, message processing method and message processing device based on distributed gateway
CN104935516A (en) * 2015-06-17 2015-09-23 武汉邮电科学研究院 Communication system based on software defined network and communication method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7596693B1 (en) * 2003-03-12 2009-09-29 Occam Networks Controlling ARP packet traffic to enhance network security and scalability in TCP/IP networks
CN103200069A (en) * 2013-03-29 2013-07-10 华为技术有限公司 Message processing method and device
CN103647853A (en) * 2013-12-04 2014-03-19 华为技术有限公司 Method for sending ARP message in VxLAN, VTEP and VxLAN controller
CN104702476A (en) * 2013-12-05 2015-06-10 华为技术有限公司 Distributed gateway, message processing method and message processing device based on distributed gateway
CN103841028A (en) * 2014-03-24 2014-06-04 杭州华三通信技术有限公司 Method and device for forwarding messages
CN104935516A (en) * 2015-06-17 2015-09-23 武汉邮电科学研究院 Communication system based on software defined network and communication method

Also Published As

Publication number Publication date
CN106209616A (en) 2016-12-07

Similar Documents

Publication Publication Date Title
CN106209616B (en) Flooding inhibition method and device
CN103841028B (en) Method and device for forwarding messages
CN102025591B (en) Method and system for implementing virtual private network
US9374323B2 (en) Communication between endpoints in different VXLAN networks
WO2020029976A1 (en) Vpn cross-domain implementation method, device, and border node
CN107872542B (en) Data transmission method and network equipment
JP5830093B2 (en) Asymmetric network address encapsulation
US8898334B2 (en) System for network deployment and method for mapping and data forwarding thereof
KR100886433B1 (en) IPv6 Support Method for Bridge Extension Using Wireless Communications System
US8848609B2 (en) Forwarding internet protocol version 6 link-local multicast to support roaming of wireless mobile client devices
WO2012142750A1 (en) Method, apparatus and system for address resolution
WO2015165311A1 (en) Method for transmitting data packet and provider edge device
US10432578B2 (en) Client address based forwarding of dynamic host configuration protocol response packets
WO2018214809A1 (en) Message transmission method and device, and storage medium
CN113872845B (en) Method for establishing VXLAN tunnel and related equipment
KR20230101903A (en) BIER packet forwarding method, device and system
WO2007112645A1 (en) A method and system for implementing a mobile virtual private network
WO2015085788A1 (en) Method and apparatus for processing dynamic host configuration protocol message
WO2014186978A1 (en) Method and device used in ethernet virtual private network
WO2022121466A1 (en) Data processing method and device for ethernet virtual private network, and storage medium
WO2020220459A1 (en) Vxlan and openflow-based method and system for sharing virtual home network
US9438475B1 (en) Supporting relay functionality with a distributed layer 3 gateway
CN113507425B (en) Overlay multicast method, device and equipment
CN106487677B (en) Provider edge equipment and data forwarding method
CN110620715B (en) Virtual extended local area network communication method, tunnel endpoint and controller

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310053 Hangzhou science and Technology Industrial Park, high tech Industrial Development Zone, Zhejiang Province, No. six and road, No. 310

Applicant before: Huasan Communication Technology Co., Ltd.

CB02 Change of applicant information
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant