CN106878199A - The collocation method and device of a kind of access information - Google Patents
The collocation method and device of a kind of access information Download PDFInfo
- Publication number
- CN106878199A CN106878199A CN201611185070.4A CN201611185070A CN106878199A CN 106878199 A CN106878199 A CN 106878199A CN 201611185070 A CN201611185070 A CN 201611185070A CN 106878199 A CN106878199 A CN 106878199A
- Authority
- CN
- China
- Prior art keywords
- main frame
- message
- label
- vxlan
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The application provides a kind of collocation method and device of access information, and the method includes:The certification sync message from opposite equip. is received, wherein, the certification sync message is the opposite equip. it is determined that being sent after host machine authentication success;Information, the authentication information of aggregation port are parsed from the certification sync message;It is that the physical port for belonging to the aggregation port configures access information using the authentication information.By the technical scheme of the application, under the VXLAN networkings of distributed polymerization, the data message can be sent based on the access information, the problems such as so as to avoid service disconnection, message from losing.
Description
Technical field
The application is related to communication technical field, more particularly to a kind of access information collocation method and device.
Background technology
VXLAN (Virtual eXtensible Local Area Network, expansible Virtual Local Area Network) is to be based on
IP network, using " MAC (Media Access Control, media access control) in UDP (User Datagram
Protocol, UDP) " two-layer VPN (the Virtual Private Network, Virtual Private Network of packing forms
Network) technology.VXLAN can be based on existing service provider or enterprise IP network, for scattered website provides two layers of interconnection,
And business isolation can be provided for different tenants.
In order to improve reliability, can be using the VXLAN networking modes of distributed polymerization, as shown in figure 1, for distribution is poly-
The networking schematic diagram of conjunction.Physical port 1 and physical port 2 the addition aggregation port A of host A, and VTEP (VXLAN Tunnel End
Point, VXLAN endpoint of a tunnel) between equipment B and VTEP equipment C by distributed aggregation protocol, by the physics of VTEP equipment B
The physical port 4 of port 3 and VTEP equipment C is also added to aggregation port A.So, the message of main frame E is sent to for host A, it is main
Machine A can be transmitted by physical port 1 or physical port 2, and VTEP equipment B or VTEP equipment C is receiving message
Afterwards, the message can be forwarded.And, when VTEP equipment B or VTEP equipment C breaks down, host A still can be by message
Main frame E is sent to, so as to improve reliability.
Under above-mentioned application scenarios, it is assumed that host A sends message by physical port 1, then VTEP equipment B can be by message
VTEP equipment D are transmitted to, message is sent to main frame E by VTEP equipment D.The message of host A is returned to for main frame E, it is assumed that
Message is sent to VTEP equipment C by VTEP equipment D, then be There may be a case when:VTEP equipment C does not know needs by polymerization
Physical port 4 in mouth A forwards the message, causes the message to be transferred to host A, causes service disconnection, and message is lost
Lose.
The content of the invention
The application provides a kind of collocation method of access information, is applied to the local device of distributed paradigmatic system, described
Distributed paradigmatic system also includes opposite equip. and the main frame being connected with the local device and opposite equip., methods described bag
Include:
The certification sync message from the opposite equip. is received, wherein, the certification sync message is that the opposite end sets
For it is determined that transmission after host machine authentication success;
Information, the authentication information of aggregation port are parsed from the certification sync message;
It is that the physical port for belonging to the aggregation port configures access information using the authentication information.
The application provides a kind of collocation method of access information, is applied to the opposite equip. of distributed paradigmatic system, described
Distributed paradigmatic system also includes local device and the main frame being connected with the local device and opposite equip., methods described bag
Include:
After the data message from the main frame is received, the main frame is authenticated;
If the host machine authentication success, generates certification sync message, wherein, the certification sync message includes the master
The information of the corresponding aggregation port of machine, the corresponding authentication information of the main frame;
The certification sync message is sent to the local device, so that the local device is using the authentication information
Belong to the physical port configuration access information of the aggregation port.
The application provides a kind of configuration device of access information, is applied to the local device of distributed paradigmatic system, described
Distributed paradigmatic system also includes opposite equip. and the main frame being connected with the local device and opposite equip., described device bag
Include:
Receiver module, for receiving the certification sync message from the opposite equip., wherein, the certification sync message
It is the opposite equip. it is determined that being sent after host machine authentication success;
Parsing module, information, authentication information for parsing aggregation port from the certification sync message;
Configuration module, for being that the physical port for belonging to the aggregation port configures access information using authentication information.
The application provides a kind of configuration device of access information, is applied to the opposite equip. of distributed paradigmatic system, described
Distributed paradigmatic system also includes local device and the main frame being connected with the local device and opposite equip., described device bag
Include:
Authentication module, for after the data message from the main frame is received, being authenticated to the main frame;
Generation module, for when the host machine authentication is successful, then generating certification sync message, wherein, the certification is same
Step message includes information, the corresponding authentication information of the main frame of the corresponding aggregation port of the main frame;
Sending module, for sending the certification sync message to the local device, so that the local device is utilized
The authentication information is the physical port configuration access information for belonging to the aggregation port.
Based on above-mentioned technical proposal, in the embodiment of the present application, under the VXLAN networkings of distributed polymerization, if local terminal is set
Standby physical port 1 constitutes aggregation port with the physical port 2 of opposite equip., when main frame is in opposite equip. certification success, and opposite end
Equipment is that after physical port 2 configures access information, opposite equip. can trigger local device for the configuration of physical port 1 accesses letter
Breath.So, the physical port 1 of local device is each equipped with access information, above-mentioned configuration process with the physical port 2 of opposite equip.
Can be dynamic configuration, so as to avoid the operation of user, save amount of user effort.Above-mentioned configuration process can be according to user's request
Complete (being configured after receiving data message), and ensure that physical port 1 accesses letter with the configuration identical of physical port 2
Breath.Because physical port 1 and physical port 2 are each equipped with access information, therefore, either local device receives datagram
Text, or opposite equip. receives data message, the data message can be sent based on the access information, so as to avoid business
The problems such as interruption, message are lost.
Brief description of the drawings
In order to clearly illustrate the embodiment of the present application or technical scheme of the prior art, below will be to the application
The accompanying drawing to be used needed for embodiment or description of the prior art is briefly described, it should be apparent that, in describing below
Accompanying drawing is only some embodiments described in the application, for those of ordinary skill in the art, can also be according to this Shen
Please these accompanying drawings of embodiment obtain other accompanying drawings.
Fig. 1 is the networking schematic diagram of distributed polymerization;
Fig. 2 is the flow chart of the collocation method of the access information in a kind of implementation method of the application;
Fig. 3 is the flow chart of the collocation method of the access information in the application another embodiment;
Fig. 4 is the application scenarios schematic diagram in a kind of implementation method of the application;
Fig. 5 is the hardware structure diagram of the local device in a kind of implementation method of the application;
Fig. 6 is the structure chart of the configuration device of the access information in a kind of implementation method of the application;
Fig. 7 is the hardware structure diagram of the opposite equip. in a kind of implementation method of the application;
Fig. 8 is the structure chart of the configuration device of the access information in a kind of implementation method of the application.
Specific embodiment
In term used in this application merely for the sake of the purpose for describing specific embodiment, and unrestricted the application.This Shen
Please it is also intended to include most forms with " one kind ", " described " and " being somebody's turn to do " of the singulative used in claims, unless
Context clearly shows that other implications.It is also understood that term "and/or" used herein refers to comprising one or more
Associated any or all of project listed may be combined.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application
A little information should not necessarily be limited by these terms.These terms are only used for being distinguished from each other open same type of information.For example, not departing from
In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on linguistic context, additionally, used word " if " can be construed to " and ... when ", or " when ...
When ", or " in response to determining ".
A kind of collocation method of access information is proposed in the embodiment of the present application, the method can apply to distributed polymerization system
The local device of system, and distributed paradigmatic system also includes opposite equip. and the master being connected with the local device and opposite equip.
Machine, and for the polymerization that the main frame, the physical port of local device are associated with the physical port composition of opposite equip. with the main frame
Mouthful.It is shown in Figure 2, it is the flow chart of the collocation method of the access information, the method may comprise steps of:
Step 201, receives the certification sync message from opposite equip., wherein, the certification sync message is that the opposite end sets
For it is determined that transmission after host machine authentication success.
In one example, when unverified with the main frame that the aggregation port is associated, the data message that the main frame sends may
Local device is sent to, the data message is likely to be sent to opposite equip..
Assuming that the data message is sent to opposite equip., then opposite equip. is received from the master by the aggregation port
After the data message of machine, because main frame is not authenticated, therefore, opposite equip. sends message identifying to certificate server, so as to recognize
The card server by utilizing message identifying is authenticated to main frame.If opposite equip. receive the certificate server return certification into
Work(message, then opposite equip. can determine the host machine authentication success, and to local device send carry aggregation port information and
The certification sync message of authentication information.And, opposite equip. can utilize certification success message to belong in the opposite equip.
The physical port configuration access information of the aggregation port.
Assuming that the data message is sent to local device, then local device is received from the master by the aggregation port
After the data message of machine, because main frame is not authenticated, therefore, local device sends message identifying to certificate server, so as to recognize
The card server by utilizing message identifying is authenticated to main frame.If local device receive the certificate server return certification into
Work(message, then local device can determine the host machine authentication success, and to opposite equip. send carry aggregation port information and
The certification sync message of authentication information.And, local device can utilize certification success message to belong in the local device
The physical port configuration access information of the aggregation port.
In one example, the message identifying for being sent to certificate server for local device/opposite equip., the certification report
Text can carry the address (being obtained from data message) of main frame and the label (being obtained from data message) of main frame, and certification
The address of server by utilizing main frame and the label of main frame are authenticated to main frame.And, after the authentication has been successful, certificate server
Label, address, the mapping relations of VXLAN marks being pre-configured with can be inquired about by the address of main frame and the label of main frame,
So as to obtain VXLAN marks, and certificate server can be carried to the certification success message that local device/opposite equip. is returned
VXLAN is identified.Wherein, the address of main frame can be able to be the VLAN, VXLAN of main frame for the label of the MAC Address of main frame, main frame
Mark can be VXLAN ID.And, the label of certificate server maintenance, address, the mapping relations of VXLAN marks can be
The mapping relations of MAC Address, VLAN, VXLAN mark.
In one example, for local device/opposite equip., using the certification, successfully message is to belong to the aggregation port
Physical port configures the process of access information, and local device/opposite equip. can go out VXLAN marks from certification success packet parsing
Know, be that physical port configures the label of the main frame and the relation of VXLAN marks.
In order to simplify description, certification sync message is subsequently sent to local device with opposite equip., performed by local device
Illustrated as a example by subsequent treatment, and be directed to local device and send certification sync message, the treatment of opposite equip. to opposite equip.
Process, the processing procedure with local device is similar, and subsequent process is repeated no more.
Step 202, parses information, the authentication information of aggregation port from the certification sync message.
In one example, due to information, the authentication information of carrying aggregation port in certification sync message, therefore, local terminal sets
Standby information, the authentication information that aggregation port can be parsed from certification sync message.The information of aggregation port can be aggregation port
Mark.Authentication information can include that the label of main frame, certificate server are identified for the VXLAN of host assignment;Or, authentication information
Label, the address of main frame of main frame can be included.
In one example, the certification sync message can be the protocol massages of opposite equip. generation, and the protocol massages are used
In the information, the label of main frame, the VXLAN marks that certificate server is host assignment that carry aggregation port;Or, the protocol massages
Address for carrying the information of aggregation port, the label of main frame, main frame.And the certification sync message is a kind of new message class
Type, is generated and sent to local device by opposite equip..
In another example, the data message that the certification sync message can also be received for opposite equip., i.e. opposite end
The data message from main frame that equipment is received by aggregation port.Due to the data message carried main frame label,
The information such as the address of main frame, therefore, as long as opposite equip. adds the information of aggregation port in the data message, it is possible to which this is counted
Local device is sent to according to message.And, local device can parse the information of aggregation port, main frame from the data message
The contents such as label, the address of main frame.In actual applications, when carrying data message by certification sync message, the certification synchronization
Message need not carry all the elements of data message, as long as carry the information of aggregation port, the label of main frame, the address of main frame being
Can, heading is such as only included, and heading carries information, the label of main frame, the address of main frame of aggregation port.
Step 203, is that the physical port for belonging to the aggregation port configures access information using the authentication information.
In one example, local device gathers due to aggregation port has been locally configured after the information for obtaining aggregation port with this
Heal up including physical port corresponding relation, thus may determine that going out to belong to the physical port of the aggregation port, physics here
Port is the physical port of local device, rather than the physical port of opposite equip..
In one example, the access information can include that label (label of main frame) identifies (certificate server with VXLAN
Be the VXLAN marks of host assignment) mapping relations, based on this, for " being the thing that belongs to the aggregation port using the authentication information
The process of reason port configuration access information ", can include but is not limited to following manner:If label of the authentication information including main frame,
Certificate server is identified for the VXLAN of host assignment, then local device can be directly that the physical port for belonging to the aggregation port is matched somebody with somebody
Put the relation of the label and VXLAN marks.Or, if authentication information includes label, the address of main frame of main frame, local terminal sets
It is standby that label, the message identifying of the address of main frame for carrying main frame can be sent to certificate server, so that certificate server is utilized
The label of main frame, the address of main frame are authenticated to the main frame.If local device receive certificate server return certification into
Work(message, then parse the VXLAN that certificate server is host assignment from certification success message and identify, and gather to belong to this
The label of the physical port configuration main frame for healing up and the relation of VXLAN marks.Wherein, carried in certification success message
The mapping that VXLAN marks are certificate servers to be identified by the label of main frame, the address lookup label of main frame, address, VXLAN is closed
What system obtained.
In one example, local device is host assignment in the label for physical port configuration main frame and certificate server
VXLAN mark mapping relations after, if local device receive carry label data message (associated with aggregation port
The data message that main frame sends), then the mapping relations that can be identified by inquiry tag and VXLAN are obtained the data message and taken
The corresponding VXLAN marks of label of band, and sent datagram using VXLAN marks.And/or, local device is being physics
After the mapping relations that the label of port configuration main frame is identified with certificate server for the VXLAN of host assignment, if local device
The data message (i.e. purpose is the data message of the main frame associated with aggregation port) for carrying VXLAN marks is received, then can be led to
The mapping relations of inquiry tag and VXLAN marks are crossed, the VXLAN for obtaining data message carrying identifies corresponding label, and profit
The data message is sent with the label.
In one example, local device is host assignment in the label for physical port configuration main frame and certificate server
VXLAN mark mapping relations after, can also for the mapping relations set ageing timer.In ageing timer time-out
Before, if receiving the data message matched with the mapping relations, local device updates the ageing time of the ageing timer.
After ageing timer time-out, then local device sends to opposite equip. and deletes message.Opposite equip. is deleted receiving this
After message, whether inquiry is local is still present with the mapping relations that (opposite equip. is same to safeguard label with reflecting that VXLAN is identified
Penetrate relation, and the mapping relations that opposite equip. is safeguarded are identical with the mapping relations that local device is safeguarded) data message that matches.Such as
Fruit is that then opposite equip. sends to local device and deletes failed message;If it is not, then opposite equip. sends to local device deleting
Success message.If local device receives the deletion success message of opposite equip. return, local device can delete the mapping
Relation.If local device receives the deletion failed message of opposite equip. return, local device can retain the mapping relations,
Update the ageing time of the ageing timer.
Based on above-mentioned technical proposal, in the embodiment of the present application, under the VXLAN networkings of distributed polymerization, if local terminal is set
Standby physical port 1 constitutes aggregation port with the physical port 2 of opposite equip., when main frame is in opposite equip. certification success, and opposite end
Equipment is that after physical port 2 configures access information, opposite equip. can trigger local device for the configuration of physical port 1 accesses letter
Breath.So, the physical port 1 of local device is each equipped with access information, above-mentioned configuration process with the physical port 2 of opposite equip.
Can be dynamic configuration, so as to avoid the operation of user, save amount of user effort.Above-mentioned configuration process can be according to user's request
Complete (being configured after receiving data message), and ensure that physical port 1 accesses letter with the configuration identical of physical port 2
Breath.Because physical port 1 and physical port 2 are each equipped with access information, therefore, either local device receives datagram
Text, or opposite equip. receives data message, the data message can be sent based on the access information, so as to avoid business
The problems such as interruption, message are lost.
It is shown in Figure 3, it is the flow chart of the collocation method of the access information proposed in the application, the method is applied to point
The opposite equip. of cloth paradigmatic system, and distributed paradigmatic system also includes local device and set with the local device and opposite end
The main frame of standby connection, and for the main frame, the physical port of local device and the physical port composition of opposite equip. and the main frame
The aggregation port of association.
Step 301, after the data message from main frame is received, is authenticated to the main frame.
Step 302, if host machine authentication success, generates certification sync message, wherein, the certification sync message can be wrapped
Include information, the corresponding authentication information of main frame of the corresponding aggregation port of main frame.
Further, the authentication information can include that the label of main frame, certificate server are marked for the VXLAN of host assignment
Know;Or, the authentication information can include label, the address of main frame of main frame.
Step 303, the certification sync message is sent to local device, so that local device is to belong to using the authentication information
The physical port configuration access information of the aggregation port, referring to the treatment of step 201-203.
In one example, for the process of " being authenticated to main frame ", can include:Sent to certificate server and carried
The label of main frame, the message identifying of the address of main frame, so that certificate server is authenticated using the message identifying to main frame, tool
Body verification process is repeated no more.If receive certificate server return certification success message, can determine host machine authentication into
Work(, and the VXLAN marks that certificate server is the host assignment are parsed from certification success message;Wherein, VXLAN marks
Knowledge is certificate server to be obtained by the mapping relations for inquiring about the label of main frame, the address of main frame, VXLAN are identified.
Further, after being authenticated to main frame, if host machine authentication success, can be the corresponding physics of the main frame
Port configures the label of the main frame and the relation of VXLAN marks.
Below in conjunction with the application scenarios shown in Fig. 4, the such scheme to the embodiment of the present application is illustrated.It is poly- in distribution
The networking scene of conjunction, the physical port 1 and physical port 2 of main frame 3 are added between aggregation port A, VTEP equipment 1 and VTEP equipment 2
By distributed aggregation protocol, the physical port 4 of the physical port 3 of VTEP equipment 1 and VTEP equipment 2 is also added to aggregation port
A, the configuration process to this aggregation port A is repeated no more.VTEP equipment 1 can configure aggregation port A and physical port 3, physical port 4
Corresponding relation, VTEP equipment 2 can configure aggregation port A and physical port 3, the corresponding relation of physical port 4.
Under above-mentioned application scenarios, for the data-message transmission process between main frame 3 and main frame 4, the embodiment of the present application
The collocation method of the access information of middle proposition, can include but is not limited to following steps:
Step 1, main frame 3 are sent datagram 1, the source MAC of the data message 1 by physical port 1 or physical port 2
Address is the MAC Address 0000-0000-0001 of main frame 3, and source IP address is the IP address of main frame 3, and target MAC (Media Access Control) address is main frame 4
MAC Address, purpose IP address for main frame 4 IP address.Data message 1 can also carry the label (tag) of main frame 3, the mark
It can be VLAN (Virtual Local Area Network, Virtual Local Area Network) to sign, such as VLAN100, subsequently with label 100
As a example by.
Describe for convenience, sent datagram by physical port 1 by main frame 3 and illustrate as a example by 1.
Step 2, VTEP equipment 1 receive the data message 1 that main frame 3 sends by physical port 3.
Step 3, VTEP equipment 1 determine that main frame 3 is current not authenticated, parsed from data message 1 main frame 3 address and
Label, and the message identifying for carrying the address and the label is sent to certificate server.
In one example, the address of main frame 3 can be the source MAC and/or source IP address of data message 1, in order to
Convenient description, is subsequently illustrated by taking source MAC 0000-0000-0001 as an example, and for other address styles, it is treated
Journey is similar to, therefore the MAC Address 0000-0000-0001 of main frame 3 can be parsed from data message 1.It is additionally, since data
The label 100 of main frame 3 is carried in message 1, therefore the label 100 of main frame 3 can be parsed from data message 1.To sum up institute
State, message identifying can carry MAC Address 0000-0000-0001 and label 100.
In one example, VXLAN tunnels, and VTEP equipment 1 can be configured between VTEP equipment 1 and certificate server
Above-mentioned message identifying can be sent to by certificate server by the VXLAN tunnels.
Step 4, certificate server are authenticated using message identifying after message identifying is received to main frame 3.
In one example, certificate server can configure the MAC Address of main frame and reflecting for label for allowing to access network
Relation is penetrated, this configuration process is repeated no more.Based on this mapping relations, certificate server, can be with after message identifying is received
MAC Address 0000-0000-0001 and label 100 are parsed from the message identifying, and by MAC Address 0000-0000-
0001 and label 100 inquire about above-mentioned mapping relations.If there is MAC Address 0000-0000-0001 and label in above-mentioned mapping relations
100, then the certification of main frame 3 success can be determined, otherwise, it determines the authentification failure of main frame 3, subsequently enters by taking the certification of main frame 3 success as an example
Row explanation.
If step 5, the certification of main frame 3 success, certificate server determines to be identified with the corresponding VXLAN of label 100, and to
VTEP equipment 1 sends the certification success message for carrying label 100 and VXLAN marks.
In one example, certificate server when the mapping relations of the MAC Address of main frame and label are configured, close by the mapping
System can also identify including VXLAN.Therefore, above-mentioned mapping pass is being inquired about by MAC Address 0000-0000-0001 and label 100
After system, it is possible to obtain being identified with the corresponding VXLAN of label 100, such as 10000, therefore, certification success message can carry mark
100 are signed with VXLAN marks 10000.
Step 6, VTEP equipment 1 determine the certification of main frame 3 success, and utilize the certification after certification success message is received
Success message is configuration access information, i.e. the VTEP equipment 1 of physical port 3 for belonging to aggregation port A for the physical port 3 configures mark
Sign the mapping relations of 100 and VXLAN marks 10000.
VTEP equipment 1 after the mapping relations for the label allocation 100 of physical port 3 with VXLAN marks 10000, if
VTEP equipment 1 receives the data message that main frame 3 is sent to main frame 4 by physical port 3, then parsed from the data message
Label 100, and the mapping relations identified by the inquiry tag of label 100 and VXLAN, obtain being marked with the corresponding VXLAN of label 100
Know 10000, and using VXLAN mark 10000 send the data message, will label 100 data message be mapped to VXLAN mark
Know 10000 to send, to the process that this is sent datagram using VXLAN marks 10000, will not be repeated here.
And, VTEP equipment 1 after the mapping relations for the label allocation 100 of physical port 3 with VXLAN marks 10000,
If VTEP equipment 1 receives the data message (coming from the data message of VTEP equipment 3) that main frame 4 is sent to main frame 3, from
VXLAN marks 10000 are parsed in the data message, and the mapping that 1000 inquiry tags are identified with VXLAN is identified by VXLAN
Relation, obtaining identifying 10000 corresponding labels 100 with VXLAN, and send the data message using label 100 (can now pass through
Physical port 3 sends datagram), will the data message of VXLAN marks 10000 be mapped to label 100 and be transmitted, to this
The process sent datagram using label 100, will not be repeated here.
But, if data message is sent into VTEP equipment 2 by physical port 2 for main frame 3 or VTEP equipment 2 is received
Main frame 4 is sent to the data message of main frame 3, because the mapping of the non-label allocation 100 of VTEP equipment 2 and VXLAN marks 10000 is closed
System, therefore cause service disconnection, message is lost.
Regarding to the issue above, it is further comprising the steps of after VTEP equipment 1 determines the certification of main frame 3 success:
Step 7, VTEP equipment 1 send certification sync message to VTEP equipment 2.Wherein, the certification sync message can be taken
Information (such as mark of aggregation port A) and authentication information with aggregation port.
In one example, VTEP equipment 1 can by the inside conversion link between VTEP equipment 1 and VTEP equipment 2,
Certification sync message is sent to VTEP equipment 2.Certainly, VTEP equipment 1 can also otherwise, by certification sync message
VTEP equipment 2 is sent to, it is without limitation.
Mode one, the certification sync message are the protocol massages of the generation of VTEP equipment 1, and the protocol massages can be a kind of new
The message of type, its information and authentication information that are used to carry aggregation port;The certification sync message can also be multiplexed existing message,
As long as carrying the information and authentication information of aggregation port in the message.
In one example, the authentication information can be included but is not limited to:Based on the label 100, certificate server of main frame 3
The VXLAN of the distribution of machine 3 identifies the contents such as 10000.Certainly, the authentication information can also include other contents, such as MAC of main frame 3
Address 0000-0000-0001, is not limited to this content.
Describe for convenience, subsequently illustrated so that the certification sync message includes following content as an example:Type of message:Such as
MLAG (Multi-Chassis Link Aggregation, striding equipment link aggregation), the type of message represents that current message is
Certification sync message, it is that physical port configures access information that VTEP equipment is needed based on certification sync message;MAC Address:Such as MAC
Address 0000-0000-0001;VXLAN is identified:Such as VXLAN marks 10000;Label:Such as label 100;The mark of aggregation port:Such as
Aggregation port A.
Mode two, the certification sync message are the data messages that VTEP equipment 1 is received, i.e., received in above-mentioned steps 2
Data message 1, the label 100 of main frame 3, the MAC Address 0000-0000-0001 of main frame 3 have been carried in the data message 1
Etc. content, therefore, VTEP equipment 1 can add the mark of aggregation port A in data message 1, and by amended data message 1
As above-mentioned certification sync message.
Step 8, VTEP equipment 2 after the certification sync message from VTEP equipment 1 is received, from the certification sync message
In parse the information (such as aggregation port A) and authentication information of aggregation port.
Step 9, VTEP equipment 2 determine the physical port 4 for belonging to aggregation port A.
Step 10, VTEP equipment 2 are that physical port 4 configures access information using the authentication information.
In one example, it is that the access information that physical port 4 is configured can include:The label 100 of main frame 3 takes with certification
Business device is the mapping relations of the VXLAN marks 10000 of the distribution of main frame 3.For " VTEP equipment 2 is physics end using authentication information
The process of the configuration of mouth 4 access informations ", can include but is not limited to:
Mode one, the label 100, certificate server of main frame 3 is parsed for VTEP equipment 2 is the VXLAN of the distribution of main frame 3
(such as certification sync message is the label 100, certificate server for carrying main frame 3 for main frame 3 is distributed to the situation of mark 10000
VXLAN mark 10000 protocol massages), VTEP equipment 2 can directly for physical port 4 configuration main frame 3 label 100 with
The mapping relations of VXLAN marks 10000.
Because in which, once, VTEP equipment 2 need not be interacted with certificate server, such that it is able to shorten to thing
The label allocation 100 of reason port 4 identifies the time of 10000 mapping relations with VXLAN.
Mode two, the label 100 that main frame 3 is parsed for VTEP equipment 2, the MAC Address 0000-0000-0001 of main frame 3
Situation (such as certification sync message be carry main frame 3 label 100, the agreement of the MAC Address 0000-0000-0001 of main frame 3
Message or, certification sync message be carry main frame 3 label 100, the data of the MAC Address 0000-0000-0001 of main frame 3
Message), then VTEP equipment 2 can send the certification for carrying label 100 and MAC Address 0000-0000-0001 to certificate server
Message.Being additionally, since can be configured with VXLAN tunnels between VTEP equipment 2 and certificate server, therefore, VTEP equipment 2 can be with
Above-mentioned message identifying is sent to by certificate server by the VXLAN tunnels.
Certificate server is authenticated using message identifying after message identifying is received to main frame 3.Specifically, certification
Server can configure the MAC Address of the main frame for allowing to access network and the mapping relations of label, based on this mapping relations, certification
Server can parse MAC Address 0000-0000-0001 and label after message identifying is received from the message identifying
100, and above-mentioned mapping relations are inquired about by MAC Address 0000-0000-0001 and label 100.If existing in above-mentioned mapping relations
MAC Address 0000-0000-0001 and label 100, then can determine the certification of main frame 3 success, otherwise, it determines the certification of main frame 3 is lost
Lose.
If the certification of main frame 3 success, certificate server can determine with the corresponding VXLAN of label 100 mark 10000, and
The certification success message for carrying label 100 and VXLAN marks 10000 is sent to VTEP equipment 2.Specifically, certificate server exists
During the mapping relations of the MAC Address and the label that configure main frame, the mapping relations can also be identified including VXLAN.Therefore, passing through
After MAC Address 0000-0000-0001 and label 100 inquire about above-mentioned mapping relations, it is possible to obtain corresponding with label 100
VXLAN marks 10000, therefore, certification success message can carry label 100 with VXLAN marks 10000.
VTEP equipment 2 determines the certification of main frame 3 success, and successfully report using the certification after certification success message is received
Text is the label allocation 100 of physical port 4 and the mapping relations of VXLAN marks 10000.
For aforesaid way one and mode two, VTEP equipment 2 is identified for the label allocation 100 of physical port 4 with VXLAN
After 10000 mapping relations, if VTEP equipment 2 receives the data message that main frame 3 is sent to main frame 4 by physical port 4,
Outgoing label 100 is parsed from the data message, and the mapping relations identified by the inquiry tag of label 100 and VXLAN, obtain with
Label 100 corresponding VXLAN mark 10000, and the data message is sent using VXLAN marks 10000, will label 100
Data message is mapped to VXLAN marks 10000 and sends.And, if VTEP equipment 2 receives the data that main frame 4 is sent to main frame 3
Message, then parse VXLAN marks 10000 from data message, and identify 1000 inquiry tags by VXLAN and marked with VXLAN
The mapping relations of knowledge, obtain identifying 10000 corresponding labels 100 with VXLAN, and send the data message (meeting using label 100
Sent datagram by physical port 4), will the data message of VXLAN marks 10000 be mapped to label 100 and be transmitted.
It is that the physical port 3 of VTEP equipment 1 and the physical port 4 of VTEP equipment 2 are configured with identical by said process
Access information, i.e. label 100 identify 10000 mapping relations with VXLAN.
In one example, VTEP equipment 1/VTEP equipment 2 for the label allocation 100 of 3/ physical port of physical port 4 with
VXLAN mark 10000 mapping relations after, can also for the mapping relations set ageing timer, the ageing timer it is old
The change time can configure according to practical experience.Before ageing timer time-out, if VTEP equipment 1/VTEP equipment 2 is received
The data message matched with the mapping relations, then update the ageing time of the ageing timer, after ageing timer time-out,
Deletion message can then be sent.
Describe for convenience, subsequently illustrated by taking the ageing timer time-out of VTEP equipment 1 as an example.
VTEP equipment 1 sends to VTEP equipment 2 and deletes message, and the deletion message can carry the information of aggregation port A, label
100th, VXLAN marks 10000.In one example, the content for deleting message carrying can be similar with certification sync message, simply
Type of message is different from the type of message of certification sync message, and the type of message of the deletion message is represented to be needed to delete label 100
With the mapping relations of VXLAN marks 10000.
After deletion message is received, whether inquiry is local is still present and " label 100 and VXLAN marks VTEP equipment 2
The data message of 10000 mapping relations " matching.If it is, VTEP equipment 2 sends to VTEP equipment 1 deletes failed message;
If not, send deleting success message to VTEP equipment 1.
Specifically, being that the ageing timer that the mapping relations are set surpasses in VTEP equipment 2 after the deletion message is received
When before, if receiving the data message matched with the mapping relations, illustrate locally to be still present and matched with the mapping relations
Data message, VTEP equipment 2 can update the ageing time of the ageing timer, and sent to VTEP equipment 1 and delete failure
Message.After the deletion message is received, after VTEP equipment 2 is the ageing timer time-out that the mapping relations are set, if
The data message matched with the mapping relations is not received, then illustrates local in the absence of the datagram matched with the mapping relations
Text, VTEP equipment 2 can delete the mapping relations and the ageing timer, sent to VTEP equipment 1 and delete success message.
Further, if VTEP equipment 1 receives the deletion success message of the return of VTEP equipment 2, mapping pass is deleted
System and the ageing timer.If VTEP equipment 1 receives the deletion failed message of the return of VTEP equipment 2, this can be retained
Mapping relations, and update the ageing time of the ageing timer.
Conceived based on the application same with the above method, the embodiment of the present application also provides a kind of configuration dress of access information
Put, the configuration device of the access information is applied in local device.The configuration device of the access information can be realized by software,
Can be realized by way of hardware or software and hardware combining.As a example by implemented in software, as the device on a logical meaning,
It is the processor by the local device where it, corresponding computer program instructions are formed in reading non-volatile storage
's.From for hardware view, as shown in figure 5, a kind of hardware knot of the local device where the configuration device of the access information
Composition, except the processor shown in Fig. 5, in addition to nonvolatile memory, local device can also include other hardware, such as be responsible for place
Manage forwarding chip, network interface, internal memory of message etc.;For from hardware configuration, local device is also possible to be distributed apparatus,
Multiple interface cards are potentially included, to carry out the extension of Message processing in hardware view.
As shown in fig. 6, the structure chart of the configuration device for the access information of the application proposition, is applied to distributed polymerization system
The local device of system, distributed paradigmatic system also includes opposite equip. and the master being connected with the local device and opposite equip.
Machine, the device includes:
Receiver module 11, for receiving the certification sync message from the opposite equip., wherein, the certification is synchronously reported
Text is the opposite equip. it is determined that being sent after host machine authentication success;Parsing module 12, for from the certification synchronization
Information, the authentication information of aggregation port are parsed in message;Configuration module 13, for being gathered to belong to described using the authentication information
The physical port configuration access information for healing up.
In one example, the authentication information can include the label of main frame, certificate server for host assignment can
Extension Virtual Local Area Network VXLAN marks;Based on this, the configuration module 13, specifically for being to belong to using authentication information
During the physical port configuration access information of the aggregation port, for the physical port for belonging to the aggregation port configures the mark
Sign the relation identified with the VXLAN.
In one example, the authentication information includes label, the address of main frame of main frame;The configuration module 13, tool
Body is used for during using the authentication information being the physical port configuration access information for belonging to the aggregation port, to certification
Server sends label, the message identifying of the address of the main frame for carrying the main frame, so that certificate server is using described
The label of main frame, the address of the main frame are authenticated to the main frame;If receiving the certification that the certificate server is returned
Success message, then parse the VXLAN marks that the certificate server is the host assignment from certification success message;
Wherein, the VXLAN marks are that the certificate server is obtained by the mapping relations that inquiry tag, address, VXLAN are identified
's;For the physical port for belonging to the aggregation port configures the relation that the label is identified with the VXLAN.
In one example, the configuration module 13 is the access information of physical port configuration including the main frame
The mapping relations that label is identified with the VXLAN that certificate server is the host assignment;
Described device also includes (not embodied in figure):Sending module;
The sending module, for after the data message for carrying label is received, by inquiring about the mapping relations, obtaining
The corresponding VXLAN marks of the label, and sent datagram using VXLAN marks;And/or, carry VXLAN receiving
After the data message of mark, by inquiring about the mapping relations, obtain the VXLAN and identify corresponding label, and using described
Label sends datagram.
In one example, the configuration module 13 is the access information of physical port configuration including the main frame
The mapping relations that label is identified with the VXLAN that certificate server is the host assignment;
Described device also includes (not embodied in figure):Maintenance module;
The maintenance module, for setting ageing timer for the mapping relations;In the ageing timer time-out
Before, if receiving the data message matched with the mapping relations, update the ageing time of the ageing timer;Described
After ageing timer time-out, then sent to the opposite equip. and delete message;If receiving deleting for the opposite equip. return
Except success message, then the mapping relations are deleted;If receiving the deletion failed message that the opposite equip. is returned, retain institute
Mapping relations are stated, and updates the ageing time of the ageing timer;Wherein, the deletion success message is the opposite equip.
Sent when inquiring and locally not existing the data message matched with the mapping relations, the deletion failed message is described
What opposite equip. sent when inquiring and locally there is the data message matched with the mapping relations.
Conceived based on the application same with the above method, the embodiment of the present application also provides a kind of configuration dress of access information
Put, the configuration device of the access information is applied in opposite equip..The configuration device of the access information can be realized by software,
Can be realized by way of hardware or software and hardware combining.As a example by implemented in software, as the device on a logical meaning,
It is the processor by the opposite equip. where it, corresponding computer program instructions are formed in reading non-volatile storage
's.From for hardware view, as shown in fig. 7, a kind of hardware knot of the opposite equip. where the configuration device of the access information
Composition, except the processor shown in Fig. 7, in addition to nonvolatile memory, opposite equip. can also include other hardware, such as be responsible for place
Manage forwarding chip, network interface, internal memory of message etc.;For from hardware configuration, opposite equip. is also possible to be distributed apparatus,
Multiple interface cards are potentially included, to carry out the extension of Message processing in hardware view.
As shown in figure 8, the structure chart of the configuration device for the access information of the application proposition, is applied to distributed polymerization system
The opposite equip. of system, distributed paradigmatic system also includes local device and the master being connected with the local device and opposite equip.
Machine, the device includes:
Authentication module 21, for after the data message from the main frame is received, being authenticated to the main frame;Generation
Module 22, for when the host machine authentication is successful, then generating certification sync message, wherein, the certification sync message includes
Information, the corresponding authentication information of the main frame of the corresponding aggregation port of the main frame;Sending module 23, for being set to the local terminal
Preparation send the certification sync message, so that the local device is the physics for belonging to the aggregation port using the authentication information
Port configures access information.
The authentication information includes the label of the main frame, the VXLAN marks that certificate server is the host assignment;Or
Person, the authentication information includes label, the address of the main frame of the main frame;
The authentication module 21, specifically for during being authenticated to the main frame, being sent to certificate server
Label, the message identifying of the address of the main frame of the main frame are carried, so that the certificate server utilizes the certification report
Text is authenticated to the main frame;If receiving the certification success message that the certificate server is returned, it is determined that the main frame
Certification success, and the VXLAN marks that the certificate server is the host assignment are parsed from certification success message;
Wherein, VXLAN mark is the certificate server by inquiring about the label of main frame, the address of main frame, VXLAN are identified reflects
What the relation of penetrating was obtained;
Described device also includes:Configuration module, the configuration module, for being then institute when the host machine authentication is successful
State the corresponding physical port of main frame and configure the relation that the label of the main frame is identified with the VXLAN.
System, device, module or unit that above-described embodiment is illustrated, can specifically be realized by computer chip or entity,
Or realized by the product with certain function.A kind of typically to realize equipment for computer, the concrete form of computer can
Being personal computer, laptop computer, cell phone, camera phone, smart phone, personal digital assistant, media play
In device, navigation equipment, E-mail receiver/send equipment, game console, tablet PC, wearable device or these equipment
The combination of any several equipment.
For convenience of description, it is divided into various units with function during description apparatus above to describe respectively.Certainly, this is being implemented
The function of each unit can be realized in same or multiple softwares and/or hardware during application.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, the application can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.And, the embodiment of the present application can be used and wherein include computer usable program code at one or more
The computer implemented in computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of program product.
The application is the flow with reference to method, equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram are described.It is generally understood that each in realizing flow chart and/or block diagram by computer program instructions
The combination of flow and/or square frame in flow and/or square frame and flow chart and/or block diagram.These computer journeys can be provided
Sequence instruction to all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices processor with
Produce a machine so that being produced by the instruction of computer or the computing device of other programmable data processing devices is used for
The dress of the function that realization is specified in one flow of flow chart or multiple one square frame of flow and/or block diagram or multiple square frames
Put.
And, these computer program instructions can also be stored can guide computer or the treatment of other programmable datas to set
In the standby computer-readable memory for working in a specific way so that instruction of the storage in the computer-readable memory is produced
Manufacture including command device, the command device is realized in one flow of flow chart or multiple flows and/or block diagram one
The function of being specified in individual square frame or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented treatment, so as in computer
Or the instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram
The step of function of being specified in one square frame or multiple square frames.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product.
Therefore, the application can be using the implementation in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
The form of example.And, the application can be used and wherein include the calculating of computer usable program code at one or more
The computer implemented in machine usable storage medium (magnetic disk storage, CD-ROM, optical memory etc. can be included but is not limited to)
The form of program product.
Embodiments herein is the foregoing is only, the application is not limited to.For those skilled in the art
For, the application can have various modifications and variations.It is all any modifications made within spirit herein and principle, equivalent
Replace, improve etc., within the scope of should be included in claims hereof.
Claims (14)
1. a kind of collocation method of access information, is applied to the local device of distributed paradigmatic system, the distributed polymerization system
System also includes opposite equip. and the main frame being connected with the local device and opposite equip., it is characterised in that methods described includes:
The certification sync message from the opposite equip. is received, wherein, the certification sync message is that the opposite equip. exists
Determine what is sent after the host machine authentication is successful;
Information, the authentication information of aggregation port are parsed from the certification sync message;
It is that the physical port for belonging to the aggregation port configures access information using the authentication information.
2. method according to claim 1, it is characterised in that the authentication information includes label, the authentication service of main frame
Device is identified for the expansible Virtual Local Area Network VXLAN of host assignment;Described is to belong to the polymerization using the authentication information
The physical port of mouth configures the process of access information, specifically includes:
For the physical port for belonging to the aggregation port configures the relation that the label is identified with the VXLAN.
3. method according to claim 1, it is characterised in that
The authentication information includes label, the address of main frame of main frame, and described is to belong to the polymerization using the authentication information
The physical port of mouth configures the process of access information, specifically includes:
Label, the message identifying of the address of the main frame for carrying the main frame are sent to certificate server, so that the certification
The label of main frame described in server by utilizing, the address of the main frame are authenticated to the main frame;
If receiving the certification success message that the certificate server is returned, parsed from certification success message described
Certificate server is the VXLAN marks of the host assignment;Wherein, the VXLAN marks are the certificate servers by looking into
Inquiry label, address, the mapping relations of VXLAN marks are obtained;
For the physical port for belonging to the aggregation port configures the relation that the label is identified with the VXLAN.
4. method according to claim 1, it is characterised in that the access information includes label and the certification of the main frame
Server is the mapping relations of the VXLAN marks of the host assignment, and described is to belong to the polymerization using the authentication information
After the physical port configuration access information of mouth, also include:
After the data message for carrying label is received, by inquiring about the mapping relations, the corresponding VXLAN marks of the label are obtained
Know, and sent datagram using VXLAN marks;And/or,
After the data message for carrying VXLAN marks is received, by inquiring about the mapping relations, the VXLAN marks are obtained right
The label answered, and sent datagram using the label.
5. method according to claim 1, it is characterised in that the access information includes label and the certification of the main frame
Server is the mapping relations of the VXLAN marks of the host assignment, and described is to belong to the polymerization using the authentication information
After the physical port configuration access information of mouth, also include:
For the mapping relations set ageing timer;Before ageing timer time-out, if receiving and the mapping
The data message of relationship match, then update the ageing time of the ageing timer;
After ageing timer time-out, then sent to the opposite equip. and delete message;
If receiving the deletion success message that the opposite equip. is returned, the mapping relations are deleted;If it is described right to receive
The deletion failed message that end equipment is returned, then retain the mapping relations, and update the ageing time of the ageing timer;Its
In, the success message of deleting is that the opposite equip. is inquiring the local datagram for not existing and being matched with the mapping relations
Sent when literary, the deletion failed message is the opposite equip. to be matched with the mapping relations inquiring locally to exist
Sent during data message.
6. a kind of collocation method of access information, is applied to the opposite equip. of distributed paradigmatic system, the distributed polymerization system
System also includes local device and the main frame being connected with the local device and opposite equip., it is characterised in that methods described includes:
After the data message from the main frame is received, the main frame is authenticated;
If the host machine authentication success, generates certification sync message, wherein, the certification sync message includes the main frame pair
The information of the aggregation port answered, the corresponding authentication information of the main frame;
The certification sync message is sent to the local device, so that the local device is to belong to using the authentication information
The physical port configuration access information of the aggregation port.
7. method according to claim 6, it is characterised in that the authentication information includes label, the certification of the main frame
Server is the expansible Virtual Local Area Network VXLAN marks of the host assignment;Or, the authentication information includes the master
The address of the label of machine, the main frame;
The process being authenticated to the main frame, specifically includes:Sent to certificate server carry the main frame label,
The message identifying of the address of the main frame, so that the certificate server is recognized the main frame using the message identifying
Card;If receiving the certification success message that the certificate server is returned, it is determined that the host machine authentication success, and recognize from described
Demonstrate,prove the VXLAN marks for parsing that the certificate server is the host assignment in successfully message;Wherein, the VXLAN marks
Be the certificate server is obtained by the mapping relations for inquiring about the label of main frame, the address of main frame, VXLAN are identified;
It is described the main frame is authenticated after, methods described also includes:If the host machine authentication success, is the main frame
Corresponding physical port configures the relation that the label of the main frame is identified with the VXLAN.
8. a kind of configuration device of access information, is applied to the local device of distributed paradigmatic system, the distributed polymerization system
System also includes opposite equip. and the main frame being connected with the local device and opposite equip., it is characterised in that described device includes:
Receiver module, for receiving the certification sync message from the opposite equip., wherein, the certification sync message is institute
Opposite equip. is stated it is determined that transmission after host machine authentication success;
Parsing module, information, authentication information for parsing aggregation port from the certification sync message;
Configuration module, for being that the physical port for belonging to the aggregation port configures access information using authentication information.
9. device according to claim 8, it is characterised in that the authentication information includes label, the authentication service of main frame
Device is identified for the expansible Virtual Local Area Network VXLAN of host assignment;
The configuration module, specifically for being that the physical port for belonging to the aggregation port configures access information using authentication information
During, for the physical port for belonging to the aggregation port configures the relation that the label is identified with the VXLAN.
10. device according to claim 8, it is characterised in that
The authentication information includes label, the address of main frame of main frame;The configuration module, specifically for utilizing the certification
During information is the physical port configuration access information for belonging to the aggregation port, is sent to certificate server and carry the master
The label of machine, the message identifying of the address of the main frame, so that label, the master of the certificate server using the main frame
The address of machine is authenticated to the main frame;
If receiving the certification success message that the certificate server is returned, parsed from certification success message described
Certificate server is the VXLAN marks of the host assignment;Wherein, the VXLAN marks are the certificate servers by looking into
Inquiry label, address, the mapping relations of VXLAN marks are obtained;
For the physical port for belonging to the aggregation port configures the relation that the label is identified with the VXLAN.
11. devices according to claim 8, it is characterised in that the configuration module is connecing for the physical port configuration
Enter the mapping relations of label of the information including the main frame and the VXLAN marks that certificate server is the host assignment;It is described
Device also includes:Sending module;
The sending module, for after the data message for carrying label is received, by inquiring about the mapping relations, obtains described
The corresponding VXLAN marks of label, and sent datagram using VXLAN marks;And/or, carry VXLAN marks receiving
Data message after, by inquiring about the mapping relations, obtain the VXLAN and identify corresponding label, and utilize the label
Send datagram.
12. devices according to claim 8, it is characterised in that the configuration module is connecing for the physical port configuration
Enter the mapping relations of label of the information including the main frame and the VXLAN marks that certificate server is the host assignment;It is described
Device also includes:Maintenance module;
The maintenance module, for setting ageing timer for the mapping relations;Before ageing timer time-out, if
The data message matched with the mapping relations is received, then updates the ageing time of the ageing timer;Described aging
After timer expiry, then sent to the opposite equip. and delete message;If receive deletion that the opposite equip. returns into
Work(message, then delete the mapping relations;If receiving the deletion failed message that the opposite equip. is returned, reflected described in reservation
Relation is penetrated, and updates the ageing time of the ageing timer;Wherein, the deletion success message is that the opposite equip. is being looked into
Ask what is sent when locally not existing the data message matched with the mapping relations, the deletion failed message is the opposite end
What equipment sent when inquiring and locally there is the data message matched with the mapping relations.
A kind of 13. configuration devices of access information, are applied to the opposite equip. of distributed paradigmatic system, the distributed polymerization system
System also includes local device and the main frame being connected with the local device and opposite equip., it is characterised in that described device includes:
Authentication module, for after the data message from the main frame is received, being authenticated to the main frame;
Generation module, for when the host machine authentication is successful, then generating certification sync message, wherein, the certification is synchronously reported
Information, the main frame corresponding authentication information of the text including the corresponding aggregation port of the main frame;
Sending module, for sending the certification sync message to the local device, so that the local device is using described
Authentication information is the physical port configuration access information for belonging to the aggregation port.
14. devices according to claim 13, it is characterised in that the authentication information includes the label of the main frame, recognizes
Card server is the expansible Virtual Local Area Network VXLAN marks of the host assignment;Or, the authentication information includes described
The address of the label of main frame, the main frame;
The authentication module, specifically for during being authenticated to the main frame, being sent to certificate server and carrying institute
Label, the message identifying of the address of the main frame of main frame are stated, so that the certificate server utilizes the message identifying to institute
Main frame is stated to be authenticated;If receiving the certification success message that the certificate server is returned, it is determined that the host machine authentication into
Work(, and the VXLAN marks that the certificate server is the host assignment are parsed from certification success message;Wherein,
VXLAN mark is the certificate server is closed by the mapping for inquiring about the label of main frame, the address of main frame, VXLAN are identified
What system obtained;
Described device also includes:Configuration module, the configuration module, for being then the master when the host machine authentication is successful
The corresponding physical port of machine configures the relation that the label of the main frame is identified with the VXLAN.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611185070.4A CN106878199B (en) | 2016-12-20 | 2016-12-20 | Configuration method and device of access information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611185070.4A CN106878199B (en) | 2016-12-20 | 2016-12-20 | Configuration method and device of access information |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106878199A true CN106878199A (en) | 2017-06-20 |
CN106878199B CN106878199B (en) | 2020-02-11 |
Family
ID=59164871
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611185070.4A Active CN106878199B (en) | 2016-12-20 | 2016-12-20 | Configuration method and device of access information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106878199B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107547341A (en) * | 2017-06-23 | 2018-01-05 | 新华三技术有限公司 | Virtual extended LAN VXLAN cut-in method and device |
CN107547402A (en) * | 2017-07-19 | 2018-01-05 | 新华三技术有限公司 | A kind of forwarding table generation method and device |
CN107645433A (en) * | 2017-08-31 | 2018-01-30 | 新华三技术有限公司 | Message forwarding method and device |
CN107995110A (en) * | 2017-11-16 | 2018-05-04 | 新华三技术有限公司 | Flow forwarding method and device |
CN109495368A (en) * | 2018-12-19 | 2019-03-19 | 锐捷网络股份有限公司 | The update method and the network equipment of mac address forwarding table |
CN110545240A (en) * | 2019-08-02 | 2019-12-06 | 新华三大数据技术有限公司 | Method for establishing label forwarding table and forwarding message based on distributed aggregation system |
CN111786882A (en) * | 2020-06-30 | 2020-10-16 | 中国联合网络通信集团有限公司 | Route processing method and device |
CN114024756A (en) * | 2021-11-09 | 2022-02-08 | 迈普通信技术股份有限公司 | Access authentication method, device, electronic equipment and computer readable storage medium |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101102188A (en) * | 2006-07-07 | 2008-01-09 | 华为技术有限公司 | A method and system for mobile access to VLAN |
US20080127333A1 (en) * | 2006-08-04 | 2008-05-29 | Gabriel Raffi T | Verification Authentication System and Method |
CN102223347A (en) * | 2010-04-13 | 2011-10-19 | 中兴通讯股份有限公司 | Multi-access authentication method and system in next generation network |
CN103905283A (en) * | 2012-12-25 | 2014-07-02 | 华为技术有限公司 | Communication method and apparatus based on expandable virtual local area network |
CN104052753A (en) * | 2014-06-26 | 2014-09-17 | 杭州华三通信技术有限公司 | Authentication method and device |
US20150012621A1 (en) * | 2013-07-08 | 2015-01-08 | Cisco Technology, Inc. | Network-assisted configuration and programming of gateways in a network environment |
CN104468394A (en) * | 2014-12-04 | 2015-03-25 | 杭州华三通信技术有限公司 | Method and device for forwarding messages in VXLAN network |
CN105207873A (en) * | 2015-08-31 | 2015-12-30 | 华为技术有限公司 | Message processing method and apparatus |
CN105592062A (en) * | 2015-10-28 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and device for remaining IP address unchanged |
US20160149808A1 (en) * | 2014-11-21 | 2016-05-26 | Cisco Technology, Inc. | VxLAN Security Implemented using VxLAN Membership Information at VTEPs |
US9465668B1 (en) * | 2012-04-30 | 2016-10-11 | Google Inc. | Adaptive ownership and cloud-based configuration and control of network devices |
US20160381015A1 (en) * | 2015-06-26 | 2016-12-29 | Cisco Technology, Inc. | Authentication for VLAN Tunnel Endpoint (VTEP) |
-
2016
- 2016-12-20 CN CN201611185070.4A patent/CN106878199B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101102188A (en) * | 2006-07-07 | 2008-01-09 | 华为技术有限公司 | A method and system for mobile access to VLAN |
US20080127333A1 (en) * | 2006-08-04 | 2008-05-29 | Gabriel Raffi T | Verification Authentication System and Method |
CN102223347A (en) * | 2010-04-13 | 2011-10-19 | 中兴通讯股份有限公司 | Multi-access authentication method and system in next generation network |
US9465668B1 (en) * | 2012-04-30 | 2016-10-11 | Google Inc. | Adaptive ownership and cloud-based configuration and control of network devices |
CN103905283A (en) * | 2012-12-25 | 2014-07-02 | 华为技术有限公司 | Communication method and apparatus based on expandable virtual local area network |
US20150012621A1 (en) * | 2013-07-08 | 2015-01-08 | Cisco Technology, Inc. | Network-assisted configuration and programming of gateways in a network environment |
CN104052753A (en) * | 2014-06-26 | 2014-09-17 | 杭州华三通信技术有限公司 | Authentication method and device |
US20160149808A1 (en) * | 2014-11-21 | 2016-05-26 | Cisco Technology, Inc. | VxLAN Security Implemented using VxLAN Membership Information at VTEPs |
CN104468394A (en) * | 2014-12-04 | 2015-03-25 | 杭州华三通信技术有限公司 | Method and device for forwarding messages in VXLAN network |
US20160381015A1 (en) * | 2015-06-26 | 2016-12-29 | Cisco Technology, Inc. | Authentication for VLAN Tunnel Endpoint (VTEP) |
CN105207873A (en) * | 2015-08-31 | 2015-12-30 | 华为技术有限公司 | Message processing method and apparatus |
CN105592062A (en) * | 2015-10-28 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and device for remaining IP address unchanged |
Non-Patent Citations (1)
Title |
---|
缪仕福: "VXLAN网络技术研究", 《科技资讯》 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107547341A (en) * | 2017-06-23 | 2018-01-05 | 新华三技术有限公司 | Virtual extended LAN VXLAN cut-in method and device |
CN107547341B (en) * | 2017-06-23 | 2020-07-07 | 新华三技术有限公司 | Access method and device of virtual extensible local area network VXLAN |
CN107547402A (en) * | 2017-07-19 | 2018-01-05 | 新华三技术有限公司 | A kind of forwarding table generation method and device |
CN107645433A (en) * | 2017-08-31 | 2018-01-30 | 新华三技术有限公司 | Message forwarding method and device |
CN107995110A (en) * | 2017-11-16 | 2018-05-04 | 新华三技术有限公司 | Flow forwarding method and device |
CN107995110B (en) * | 2017-11-16 | 2020-12-01 | 新华三技术有限公司 | Traffic forwarding method and device |
CN109495368A (en) * | 2018-12-19 | 2019-03-19 | 锐捷网络股份有限公司 | The update method and the network equipment of mac address forwarding table |
CN110545240A (en) * | 2019-08-02 | 2019-12-06 | 新华三大数据技术有限公司 | Method for establishing label forwarding table and forwarding message based on distributed aggregation system |
CN110545240B (en) * | 2019-08-02 | 2022-06-07 | 新华三大数据技术有限公司 | Method for establishing label forwarding table and forwarding message based on distributed aggregation system |
CN111786882A (en) * | 2020-06-30 | 2020-10-16 | 中国联合网络通信集团有限公司 | Route processing method and device |
CN114024756A (en) * | 2021-11-09 | 2022-02-08 | 迈普通信技术股份有限公司 | Access authentication method, device, electronic equipment and computer readable storage medium |
CN114024756B (en) * | 2021-11-09 | 2024-04-09 | 迈普通信技术股份有限公司 | Access authentication method, device, electronic equipment and computer readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN106878199B (en) | 2020-02-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106878199A (en) | The collocation method and device of a kind of access information | |
CN108243106A (en) | Control method, forwarding unit, control device and the communication system of network slice | |
CN106603550B (en) | A kind of Network Isolation method and device | |
CN106878181A (en) | A kind of message transmitting method and device | |
CN106998297A (en) | A kind of virtual machine migration method and device | |
CN106921578A (en) | The generation method and device of a kind of forwarding-table item | |
CN104993993B (en) | A kind of message processing method, equipment and system | |
CN106878138A (en) | A kind of message transmitting method and device | |
CN106878184A (en) | A kind of data message transmission method and device | |
WO2019085975A1 (en) | Network topology display method and network management device | |
CN109150684A (en) | Message processing method, device, communication equipment and computer readable storage medium | |
CN109067784A (en) | The method and apparatus of anti-fraud in a kind of VXLAN | |
CN109635581A (en) | A kind of data processing method, equipment, system and storage medium | |
CN108600109A (en) | A kind of message forwarding method and device | |
CN106506515A (en) | A kind of authentication method and device | |
CN106878072A (en) | A kind of message transmitting method and device | |
US9332017B2 (en) | Monitoring remote access to an enterprise network | |
CN105592169B (en) | Terminal identification method and device | |
CN116056126A (en) | Simulation test method, simulation test device, computer equipment and computer readable storage medium | |
CN105763411B (en) | Method and device for establishing multicast tunnel | |
CN111654559B (en) | Container data transmission method and device | |
CN105472054B (en) | A kind of file transmitting method and access device | |
CN109379269A (en) | Virtual swap device data forwarding method, device and computer equipment | |
CN110581792B (en) | Message transmission method and device | |
CN104219160A (en) | Method and device for generating input parameter |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |