CN106850871B - Method for realizing DHCP server with single physical network card and multiple VLANs - Google Patents
Method for realizing DHCP server with single physical network card and multiple VLANs Download PDFInfo
- Publication number
- CN106850871B CN106850871B CN201710049421.7A CN201710049421A CN106850871B CN 106850871 B CN106850871 B CN 106850871B CN 201710049421 A CN201710049421 A CN 201710049421A CN 106850871 B CN106850871 B CN 106850871B
- Authority
- CN
- China
- Prior art keywords
- message
- network card
- dhcp
- physical network
- vlan
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5061—Pools of addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5076—Update or notification mechanisms, e.g. DynDNS
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a method for realizing a DHCP server with a single physical network card and multiple VLANs, which comprises a step S1 of configuring a virtual VLAN network card, wherein the step S1 comprises the following steps: s11, a virtual VLAN network card is newly built for each VLAN based on the physical network card; s12, configuring the IP of the network segment for each virtual VLAN network card, and loading an 802.1q module. The method for realizing the DHCP server with the single physical network card and the multiple VLANs is the combination of the virtual VLAN network card technology and the JAVA program, has good expansion and programming capabilities and good adaptability, and can effectively reduce the cost and improve the efficiency so as to better adapt to the requirements of times and markets.
Description
Technical Field
The invention relates to the technical field of networks, in particular to a method for realizing a DHCP server with a single physical network card and multiple VLANs.
Background
Currently, with the continuous upgrade of hardware, many companies gradually use Linux service to provide DHCP service to the whole company, and in the prior art, Linux has some open-source DHCP services, but these services need to provide IP distribution service to multiple VLANs, generally multiple physical network cards are needed, and configuration is generally complex.
In addition, today, when information security is considered, DHCP is often not only a simple function of providing IP, but also may involve processing packet data such as DCHP discover, offer, etc., so that how to allocate the packets is determined according to policy, and thus this requirement cannot be met if only the third-party DHCP service on Linux is used.
Disclosure of Invention
In order to solve the above problems, the present invention provides a method for implementing a single physical network card and multiple VLANs DHCP server. The method for realizing the DHCP server with the single physical network card and the multiple VLANs is the combination of the virtual VLAN network card technology and the JAVA program, has good expansion and programming capabilities and good adaptability, and can effectively reduce the cost and improve the efficiency so as to better adapt to the requirements of times and markets.
The technical scheme adopted by the invention is as follows:
a method for realizing a DHCP server with a single physical network card and multiple VLANs comprises a step S1 of configuring a virtual VLAN network card, wherein the step S1 comprises the following steps:
s11, a virtual VLAN network card is newly built for each VLAN based on the physical network card;
s12, configuring the IP of the network segment for each virtual VLAN network card, and loading an 802.1q module.
The above method for implementing a single physical network card and multiple VLANs DHCP server, wherein step S1 further includes:
s101, judging whether a network card drive of the physical network card supports an 802.1q protocol or not; if yes, go to step S102;
s102, judging whether the server kernel where the physical network card is located can load the 802.1q module, if so, going to step S11.
The method for implementing the DHCP server with a single physical network card and multiple VLANs further includes step S2, where the DHCP message is monitored for each VLAN network card.
The method for implementing the DHCP server with a single physical network card and multiple VLANs further includes step S3, core message parsing, where step S3 includes the following steps:
s31, judging whether the received message belongs to DHCP message, if yes, going to step S32, if no, ending;
and S32, analyzing the message type corresponding to the received message.
The method for implementing the DHCP server with a single physical network card and multiple VLANs further includes step S4, where the method performs corresponding DHCP packet encapsulation and transmission according to the type of the received message: when receiving a DHCP request message, calculating a correspondingly distributed IP and sending the message; when receiving a DHCP demand message, confirming a corresponding IP and sending the message; when receiving a DHCP notification message, confirming message parameter information and sending the message; and when receiving the DHCP release message, releasing the lease period.
The invention comprises the steps of virtual VLAN network card configuration, network card monitoring message, core message analysis and IP distribution algorithm logic, DHCP data packet encapsulation and transmission. The DHCP service can be provided for a plurality of VLANs only by a single physical network card.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a DHCP server implementation method with a single physical network card and multiple VLANs of the present invention;
FIG. 2 is a DHCP request process of a PC in an embodiment of a DHCP server implementation method for a single physical network card and multiple VLANs of the present invention;
fig. 3 is a flowchart of a method for implementing a single physical network card and multiple VLANs DHCP server according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Examples
As shown in fig. 1, a method for implementing a single physical network card and multiple VLANs DHCP server includes the following steps:
s1, configuring the virtual VLAN network card:
s101, judging whether a network card drive of the physical network card supports an 802.1q protocol or not; if yes, go to step S102;
s102, judging whether the server kernel where the physical network card is located can load the 802.1q module, if so, going to step S11.
S11, a virtual VLAN network card is newly built for each VLAN based on the physical network card; using a vconfig command to enable the last parameter to be the same as the VLAN number corresponding to the switch;
s12, configuring the IP of the network segment for each virtual VLAN network card, and loading an 802.1q module. And each virtual VLAN network card needs to be allocated with an IP, and the virtual VLAN network card is in one-to-one correspondence with the IP group to be allocated, namely the IP range.
And S2, monitoring the DHCP message for each virtual VLAN network card.
S3, core message analysis:
s31, judging whether the received message belongs to DHCP message, if yes, going to step S32, if no, ending;
and S32, analyzing the message type corresponding to the received message.
S4, according to the received message type, making corresponding DHCP data packet package and sending: when receiving a DHCP request message, calculating a correspondingly distributed IP and sending the message; when receiving a DHCP demand message, confirming a corresponding IP and sending the message; when receiving a DHCP notification message, confirming message parameter information and sending the message; and when receiving the DHCP release message, releasing the lease period.
As shown in fig. 2, in a specific embodiment, when the PC initiates a DHCP request, the specific request process is as follows:
(1) the PC host is started, the DHCP is in INTITIAL state, in order to obtain the IP address, the DHCP client initializes TCP/IP, and sends a DHCP discover broadcast packet to the network through the UDP port 67 to request to rent the IP address. The source IP address in the broadcast packet is 0.0.0.0, and the target IP address is 255.255.255.255; the packet also contains the MAC address and computer name of the client, all local DHCP servers will receive the message, and the destination port in the data packet is set as BOOTP67 port. The PC host will be in the SELECT state at this time.
(2) The PC host in SELECT state will receive the DHCP offer message sent by the DHCP server, each message will contain the information configured for the client and the lease IP provided by the server for the client, the general host will receive zero or more offer messages, the general PC host will respond to the first offer message and negotiate with the server about the matters, and send a DHCP REQUEST message for this host and enter the REQUEST state.
(3) The DHCP server will give the PC host an ack acknowledgement, and a DHCP acquisition process is finished. The host enters a BOUND stable state.
(4) If the PC host does not need the IP address or needs to change the IP, the PC host sends a DHCP release message to the DHCP server, and the PC host is in the initial state again.
(5) The IP addresses of the PC host sent by the general server have lease periods with different time lengths, the DHCP host has 3 timers, when the selective period exceeds half 50 percent, the PC host sends a DHCP request message to require the lease renewal to enter a RENEW state, the DHCP server responds to the message to send ack confirmation information, and the DHCP enters a BOUND state again.
(6) If the DHCP server does not respond to the request of the host, the host can resend the DHCP request message to require renewal of lease when the lease period reaches 87.5%, the host enters the REBIND state, if the IP address of the DHCP server is not enough at this time, a nack message is sent, and at this time, the host can reenter the initial state to reapply for IP again according to the steps (1) to (4). If the ack message is received to confirm successful lease renewal, the IP can be used continuously. Without response, the PC host re-enters the initial state for re-acquisition only after the IP lease is exhausted.
As shown in fig. 3, the DHCP service flow in a specific embodiment of the present invention is specifically as follows:
1. the Linux server is connected with a trunk port of the switch, so that the messages of all the VLANs can be sent to the server.
2. And establishing a corresponding virtual VLAN network card on a certain physical network card on the server according to each VLAN id, configuring an IP (Internet protocol), and simultaneously ensuring that the 802.1q module is loaded on a kernel of the server. The VLAN id is a corresponding VLAN number on the switch and has uniqueness.
3. And a DHCP server running JAVA for compiling monitors each virtual VLAN network card, and a handle of each virtual VLAN network card is opened by utilizing the libpcap, so that messages can be captured at any time.
4. According to the flow that the PC requests the DHCP, firstly, the PC sends a discover message, the message is broadcast to the switch, the switch forwards the message to the server, and the server supports 802.1q and is connected with the switch by trunk, so that the message is received by a corresponding virtual VLAN network card according to VLAN tag in the message. (this allocation is the same for all DHCP messages, and is not repeated hereinafter.)
5. The DHCP server captures the message from a virtual VLAN network card handle, firstly judges whether the message belongs to the DHCP message, namely whether the message is a UDP message sent to a 67 port, and if not, the process is finished directly, and then the next step is carried out.
6. According to the DHCP message format, corresponding data including client addresses, message types such as request messages or reply messages and the like and option data of DHCP are analyzed in one step.
7. Option 53 in the analyzed data is 0x01, namely the type of discover, and then 8 is carried out; 0x03, which is request type, turn 9; 0x08, namely, the type of inform, 10 is turned; 0x07, i.e. release type, turn 11;
8. the Discover message processor receives the Discover message, analyzes the MAC address and compares the MAC address with the system's bock list, and if the MAC address is in the block list, directly returns to the system without processing; if not, judging whether the IP is reserved for the MAC, if so, directly allocating the reserved IP, if not, finding out an IP group corresponding to the virtual VLAN network card for receiving the message, wherein the corresponding relation needs to be configured when the virtual VLAN network card is created, knowing the range of allocated IP after finding out the corresponding IP group, sequentially comparing whether the allocated IP is allocated from small to large, if so, finding out the next IP, if not, determining to allocate the IP, and adding the IP into an allocated list. If the allocation of the IP is determined, other option information including a gateway, a DNS, a lease period, and the like is obtained from the IP group, and all the information is encapsulated into an offer message, and the destination port 68 of the offer message is sent out through the virtual vlan network card handle.
9. The Request message processor receives a Request message, the processing flow in front of the Request message is the same as that of the discover, after the reserved IP is judged, the Request IP is directly analyzed from the message, the Request message is different from the discover and comprises a Request IP, and if the Request IP is not consistent with the reserved IP, the Request IP does not conform to the rule and is directly returned; if the IP and the option information are the same, the IP and the option information are packaged into ack messages to be sent, and the lease relation table corresponding to the IP and the MAC is updated.
10. The Inform message processor receives the info message, directly analyzes a client IP from the message, judges whether the client IP belongs to a certain IP group configured by the system, and directly returns if the client IP does not belong to the certain IP group configured by the system; if the IP group belongs to the ack message, some additional information configured in the IP group is packaged into the ack message for transmission.
11. The Release message processor receives the Release message, directly analyzes the client IP from the message, judges whether the client IP has lease information or not, and directly returns the lease information if the client IP does not have the lease information; if yes, judging whether the MAC address in the leasing information is the same as the client MAC in the message, if so, emptying the leasing information, and if not, directly returning.
In a specific embodiment of the present invention, taking physical network card eth0 as an example, and three VLANs 100, 200, and 300 exist in the network and need to provide services, three virtual VLAN network cards are created by three commands, namely, vconfig add eth 0100, vconfig add eth 0200, and vconfig add 0200, and at this time, ifconfig will see that three network cards, namely, the virtual VLAN network card, are added, that is, eth0.100, eth0.200, and eth0.300 are added. Then, each virtual VLAN network card needs to be configured with an IP, and an ifconfig command is used:
ifconfig eth0.100 192.168.100.1 netmask 255.255.255.0
ifconfig eth0.200 192.168.200.1 netmask 255.255.255.0
ifconfig eth0.300 192.168.300.1 netmask 255.255.255.0
after the creation is completed, a modprobe 8021q command is input to load the 802.1q module, and the configuration is completed.
In addition, some of the present application may be implemented as a computer program product, such as computer program instructions, which when executed by a computer, may invoke or provide methods and/or techniques in accordance with the present application through the operation of the computer. Program instructions which invoke the methods of the present application may be stored on a fixed or removable recording medium and/or transmitted via a data stream on a broadcast or other signal-bearing medium and/or stored within a working memory of a computer device operating in accordance with the program instructions. An embodiment according to the present application comprises an apparatus comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the apparatus to perform a method and/or a solution according to the aforementioned embodiments of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the apparatus claims may also be implemented by one unit or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.
It will, of course, be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (3)
1. A method for realizing a single-physical network card and a plurality of VLAN DHCP servers is characterized by comprising a step S1 of configuring a virtual VLAN network card, wherein the step S1 comprises the following steps:
s11, a virtual VLAN network card is newly built for each VLAN based on the physical network card;
s12, configuring IP of network segment for each virtual VLAN network card, and loading 802.1q module;
s2, monitoring DHCP message for each virtual VLAN network card;
s3, analyzing the core message;
s4, according to the received message type, making corresponding DHCP data packet package and sending: when receiving a DHCP request message, calculating a correspondingly distributed IP and sending the message; when receiving a DHCP demand message, confirming a corresponding IP and sending the message; when receiving a DHCP notification message, confirming message parameter information and sending the message; and when receiving the DHCP release message, releasing the lease period.
2. The method for implementing the DHCP server with a single physical network card and multiple VLANs according to claim 1, wherein the step S1 further includes:
s101, judging whether a network card drive of the physical network card supports an 802.1q protocol or not; if yes, go to step S102;
s102, judging whether the server kernel where the physical network card is located can load the 802.1q module, if so, going to step S11.
3. The method for implementing the DHCP server with a single physical network card and multiple VLANs according to claim 1 or 2, wherein the step S3 includes the following steps:
s31, judging whether the received message belongs to DHCP message, if yes, going to step S32, if no, ending;
and S32, analyzing the message type corresponding to the received message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710049421.7A CN106850871B (en) | 2017-01-23 | 2017-01-23 | Method for realizing DHCP server with single physical network card and multiple VLANs |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710049421.7A CN106850871B (en) | 2017-01-23 | 2017-01-23 | Method for realizing DHCP server with single physical network card and multiple VLANs |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106850871A CN106850871A (en) | 2017-06-13 |
| CN106850871B true CN106850871B (en) | 2020-11-17 |
Family
ID=59120184
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710049421.7A Active CN106850871B (en) | 2017-01-23 | 2017-01-23 | Method for realizing DHCP server with single physical network card and multiple VLANs |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106850871B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110224917B (en) * | 2018-03-02 | 2021-10-08 | 杭州海康威视数字技术股份有限公司 | Data transmission method, device and system and server |
| CN110099138A (en) * | 2019-04-09 | 2019-08-06 | 烽火通信科技股份有限公司 | A kind of method and system handling the DHCP data with VLAN TAG |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1512718A (en) * | 2002-12-26 | 2004-07-14 | 成都卫士通信息产业股份有限公司 | Realizing VLAN technology on Ethernet via network card drive |
| CN102413190A (en) * | 2011-12-19 | 2012-04-11 | 广东电子工业研究院有限公司 | Network architecture based on cloud computing and virtual network management method thereof |
| CN102801695A (en) * | 2011-05-27 | 2012-11-28 | 华耀(中国)科技有限公司 | Communication equipment for virtual private network and data packet transmission method for communication equipment |
| CN103312601A (en) * | 2013-05-31 | 2013-09-18 | 汉柏科技有限公司 | Data message processing method from user mode to kernel mode |
| CN105245430A (en) * | 2015-11-10 | 2016-01-13 | 中国电子科技集团公司第三十研究所 | Virtual machine communication data encryption method and system |
| CN106375176A (en) * | 2016-08-29 | 2017-02-01 | 无锡华云数据技术服务有限公司 | Method for accessing physical machine to cloud platform |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20120072240A (en) * | 2010-12-23 | 2012-07-03 | 한국전자통신연구원 | Apparatus for configuring virtual private network using network virtualization technique and method thereof |
-
2017
- 2017-01-23 CN CN201710049421.7A patent/CN106850871B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1512718A (en) * | 2002-12-26 | 2004-07-14 | 成都卫士通信息产业股份有限公司 | Realizing VLAN technology on Ethernet via network card drive |
| CN102801695A (en) * | 2011-05-27 | 2012-11-28 | 华耀(中国)科技有限公司 | Communication equipment for virtual private network and data packet transmission method for communication equipment |
| CN102413190A (en) * | 2011-12-19 | 2012-04-11 | 广东电子工业研究院有限公司 | Network architecture based on cloud computing and virtual network management method thereof |
| CN103312601A (en) * | 2013-05-31 | 2013-09-18 | 汉柏科技有限公司 | Data message processing method from user mode to kernel mode |
| CN105245430A (en) * | 2015-11-10 | 2016-01-13 | 中国电子科技集团公司第三十研究所 | Virtual machine communication data encryption method and system |
| CN106375176A (en) * | 2016-08-29 | 2017-02-01 | 无锡华云数据技术服务有限公司 | Method for accessing physical machine to cloud platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106850871A (en) | 2017-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9674054B2 (en) | Concept for providing information on a data packet association and for forwarding a data packet | |
| CN113810512B (en) | Internet of things terminal access system, method, device and storage medium | |
| CN114070723B (en) | Virtual network configuration method and system of bare metal server and intelligent network card | |
| CN112583910B (en) | Equipment access method and device of Internet of things platform, electronic equipment and storage medium | |
| CN111786867B (en) | Data transmission method and server | |
| CN101355594A (en) | Method for detecting address conflict when distributing IP address | |
| KR101139836B1 (en) | Method and system for two-phase mechanism for discovering web services based management service | |
| US20200259783A1 (en) | Method and apparatus for determining ethernet mac address | |
| CN111371666B (en) | Method, device and system for processing message | |
| CN107070719B (en) | Equipment management method and device | |
| US10419392B2 (en) | Method, device and system for implementing address sharing | |
| CN106850871B (en) | Method for realizing DHCP server with single physical network card and multiple VLANs | |
| US9413590B2 (en) | Method for management of a secured transfer session through an address translation device, corresponding server and computer program | |
| US7028104B1 (en) | Network access device having internetworking driver with active control | |
| US20170142234A1 (en) | Scalable addressing mechanism for virtual machines | |
| EP3503484A1 (en) | Message transmission method, device and network system | |
| CN113014680B (en) | Broadband access method, device, equipment and storage medium | |
| CN113765865A (en) | Message processing method, device and system | |
| CN114826807B (en) | Automatic dialing method, dialing device and dialing server | |
| CN107426263A (en) | Sending, receiving method and device, the electronic equipment of packet | |
| CN116488958A (en) | Gateway processing method, virtual access gateway, virtual service gateway and related equipment | |
| CN108880971B (en) | Capacity expansion method and device for virtual broadband remote access server vBRAS resource pool | |
| CN107547668B (en) | Message processing method and device and DHCP server | |
| CN102035724A (en) | Method, device and system for realizing message forwarding | |
| CN111654390B (en) | Data transmission method, device, terminal equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |