CN106878199A - The collocation method and device of a kind of access information - Google Patents

The collocation method and device of a kind of access information Download PDF

Info

Publication number
CN106878199A
CN106878199A CN201611185070.4A CN201611185070A CN106878199A CN 106878199 A CN106878199 A CN 106878199A CN 201611185070 A CN201611185070 A CN 201611185070A CN 106878199 A CN106878199 A CN 106878199A
Authority
CN
China
Prior art keywords
main frame
message
label
vxlan
certification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611185070.4A
Other languages
Chinese (zh)
Other versions
CN106878199B (en
Inventor
黄李伟
王丽芳
王伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201611185070.4A priority Critical patent/CN106878199B/en
Publication of CN106878199A publication Critical patent/CN106878199A/en
Application granted granted Critical
Publication of CN106878199B publication Critical patent/CN106878199B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Abstract

The application provides a kind of collocation method and device of access information, and the method includes:The certification sync message from opposite equip. is received, wherein, the certification sync message is the opposite equip. it is determined that being sent after host machine authentication success;Information, the authentication information of aggregation port are parsed from the certification sync message;It is that the physical port for belonging to the aggregation port configures access information using the authentication information.By the technical scheme of the application, under the VXLAN networkings of distributed polymerization, the data message can be sent based on the access information, the problems such as so as to avoid service disconnection, message from losing.

Description

The collocation method and device of a kind of access information
Technical field
The application is related to communication technical field, more particularly to a kind of access information collocation method and device.
Background technology
VXLAN (Virtual eXtensible Local Area Network, expansible Virtual Local Area Network) is to be based on IP network, using " MAC (Media Access Control, media access control) in UDP (User Datagram Protocol, UDP) " two-layer VPN (the Virtual Private Network, Virtual Private Network of packing forms Network) technology.VXLAN can be based on existing service provider or enterprise IP network, for scattered website provides two layers of interconnection, And business isolation can be provided for different tenants.
In order to improve reliability, can be using the VXLAN networking modes of distributed polymerization, as shown in figure 1, for distribution is poly- The networking schematic diagram of conjunction.Physical port 1 and physical port 2 the addition aggregation port A of host A, and VTEP (VXLAN Tunnel End Point, VXLAN endpoint of a tunnel) between equipment B and VTEP equipment C by distributed aggregation protocol, by the physics of VTEP equipment B The physical port 4 of port 3 and VTEP equipment C is also added to aggregation port A.So, the message of main frame E is sent to for host A, it is main Machine A can be transmitted by physical port 1 or physical port 2, and VTEP equipment B or VTEP equipment C is receiving message Afterwards, the message can be forwarded.And, when VTEP equipment B or VTEP equipment C breaks down, host A still can be by message Main frame E is sent to, so as to improve reliability.
Under above-mentioned application scenarios, it is assumed that host A sends message by physical port 1, then VTEP equipment B can be by message VTEP equipment D are transmitted to, message is sent to main frame E by VTEP equipment D.The message of host A is returned to for main frame E, it is assumed that Message is sent to VTEP equipment C by VTEP equipment D, then be There may be a case when:VTEP equipment C does not know needs by polymerization Physical port 4 in mouth A forwards the message, causes the message to be transferred to host A, causes service disconnection, and message is lost Lose.
The content of the invention
The application provides a kind of collocation method of access information, is applied to the local device of distributed paradigmatic system, described Distributed paradigmatic system also includes opposite equip. and the main frame being connected with the local device and opposite equip., methods described bag Include:
The certification sync message from the opposite equip. is received, wherein, the certification sync message is that the opposite end sets For it is determined that transmission after host machine authentication success;
Information, the authentication information of aggregation port are parsed from the certification sync message;
It is that the physical port for belonging to the aggregation port configures access information using the authentication information.
The application provides a kind of collocation method of access information, is applied to the opposite equip. of distributed paradigmatic system, described Distributed paradigmatic system also includes local device and the main frame being connected with the local device and opposite equip., methods described bag Include:
After the data message from the main frame is received, the main frame is authenticated;
If the host machine authentication success, generates certification sync message, wherein, the certification sync message includes the master The information of the corresponding aggregation port of machine, the corresponding authentication information of the main frame;
The certification sync message is sent to the local device, so that the local device is using the authentication information Belong to the physical port configuration access information of the aggregation port.
The application provides a kind of configuration device of access information, is applied to the local device of distributed paradigmatic system, described Distributed paradigmatic system also includes opposite equip. and the main frame being connected with the local device and opposite equip., described device bag Include:
Receiver module, for receiving the certification sync message from the opposite equip., wherein, the certification sync message It is the opposite equip. it is determined that being sent after host machine authentication success;
Parsing module, information, authentication information for parsing aggregation port from the certification sync message;
Configuration module, for being that the physical port for belonging to the aggregation port configures access information using authentication information.
The application provides a kind of configuration device of access information, is applied to the opposite equip. of distributed paradigmatic system, described Distributed paradigmatic system also includes local device and the main frame being connected with the local device and opposite equip., described device bag Include:
Authentication module, for after the data message from the main frame is received, being authenticated to the main frame;
Generation module, for when the host machine authentication is successful, then generating certification sync message, wherein, the certification is same Step message includes information, the corresponding authentication information of the main frame of the corresponding aggregation port of the main frame;
Sending module, for sending the certification sync message to the local device, so that the local device is utilized The authentication information is the physical port configuration access information for belonging to the aggregation port.
Based on above-mentioned technical proposal, in the embodiment of the present application, under the VXLAN networkings of distributed polymerization, if local terminal is set Standby physical port 1 constitutes aggregation port with the physical port 2 of opposite equip., when main frame is in opposite equip. certification success, and opposite end Equipment is that after physical port 2 configures access information, opposite equip. can trigger local device for the configuration of physical port 1 accesses letter Breath.So, the physical port 1 of local device is each equipped with access information, above-mentioned configuration process with the physical port 2 of opposite equip. Can be dynamic configuration, so as to avoid the operation of user, save amount of user effort.Above-mentioned configuration process can be according to user's request Complete (being configured after receiving data message), and ensure that physical port 1 accesses letter with the configuration identical of physical port 2 Breath.Because physical port 1 and physical port 2 are each equipped with access information, therefore, either local device receives datagram Text, or opposite equip. receives data message, the data message can be sent based on the access information, so as to avoid business The problems such as interruption, message are lost.
Brief description of the drawings
In order to clearly illustrate the embodiment of the present application or technical scheme of the prior art, below will be to the application The accompanying drawing to be used needed for embodiment or description of the prior art is briefly described, it should be apparent that, in describing below Accompanying drawing is only some embodiments described in the application, for those of ordinary skill in the art, can also be according to this Shen Please these accompanying drawings of embodiment obtain other accompanying drawings.
Fig. 1 is the networking schematic diagram of distributed polymerization;
Fig. 2 is the flow chart of the collocation method of the access information in a kind of implementation method of the application;
Fig. 3 is the flow chart of the collocation method of the access information in the application another embodiment;
Fig. 4 is the application scenarios schematic diagram in a kind of implementation method of the application;
Fig. 5 is the hardware structure diagram of the local device in a kind of implementation method of the application;
Fig. 6 is the structure chart of the configuration device of the access information in a kind of implementation method of the application;
Fig. 7 is the hardware structure diagram of the opposite equip. in a kind of implementation method of the application;
Fig. 8 is the structure chart of the configuration device of the access information in a kind of implementation method of the application.
Specific embodiment
In term used in this application merely for the sake of the purpose for describing specific embodiment, and unrestricted the application.This Shen Please it is also intended to include most forms with " one kind ", " described " and " being somebody's turn to do " of the singulative used in claims, unless Context clearly shows that other implications.It is also understood that term "and/or" used herein refers to comprising one or more Associated any or all of project listed may be combined.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used for being distinguished from each other open same type of information.For example, not departing from In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on linguistic context, additionally, used word " if " can be construed to " and ... when ", or " when ... When ", or " in response to determining ".
A kind of collocation method of access information is proposed in the embodiment of the present application, the method can apply to distributed polymerization system The local device of system, and distributed paradigmatic system also includes opposite equip. and the master being connected with the local device and opposite equip. Machine, and for the polymerization that the main frame, the physical port of local device are associated with the physical port composition of opposite equip. with the main frame Mouthful.It is shown in Figure 2, it is the flow chart of the collocation method of the access information, the method may comprise steps of:
Step 201, receives the certification sync message from opposite equip., wherein, the certification sync message is that the opposite end sets For it is determined that transmission after host machine authentication success.
In one example, when unverified with the main frame that the aggregation port is associated, the data message that the main frame sends may Local device is sent to, the data message is likely to be sent to opposite equip..
Assuming that the data message is sent to opposite equip., then opposite equip. is received from the master by the aggregation port After the data message of machine, because main frame is not authenticated, therefore, opposite equip. sends message identifying to certificate server, so as to recognize The card server by utilizing message identifying is authenticated to main frame.If opposite equip. receive the certificate server return certification into Work(message, then opposite equip. can determine the host machine authentication success, and to local device send carry aggregation port information and The certification sync message of authentication information.And, opposite equip. can utilize certification success message to belong in the opposite equip. The physical port configuration access information of the aggregation port.
Assuming that the data message is sent to local device, then local device is received from the master by the aggregation port After the data message of machine, because main frame is not authenticated, therefore, local device sends message identifying to certificate server, so as to recognize The card server by utilizing message identifying is authenticated to main frame.If local device receive the certificate server return certification into Work(message, then local device can determine the host machine authentication success, and to opposite equip. send carry aggregation port information and The certification sync message of authentication information.And, local device can utilize certification success message to belong in the local device The physical port configuration access information of the aggregation port.
In one example, the message identifying for being sent to certificate server for local device/opposite equip., the certification report Text can carry the address (being obtained from data message) of main frame and the label (being obtained from data message) of main frame, and certification The address of server by utilizing main frame and the label of main frame are authenticated to main frame.And, after the authentication has been successful, certificate server Label, address, the mapping relations of VXLAN marks being pre-configured with can be inquired about by the address of main frame and the label of main frame, So as to obtain VXLAN marks, and certificate server can be carried to the certification success message that local device/opposite equip. is returned VXLAN is identified.Wherein, the address of main frame can be able to be the VLAN, VXLAN of main frame for the label of the MAC Address of main frame, main frame Mark can be VXLAN ID.And, the label of certificate server maintenance, address, the mapping relations of VXLAN marks can be The mapping relations of MAC Address, VLAN, VXLAN mark.
In one example, for local device/opposite equip., using the certification, successfully message is to belong to the aggregation port Physical port configures the process of access information, and local device/opposite equip. can go out VXLAN marks from certification success packet parsing Know, be that physical port configures the label of the main frame and the relation of VXLAN marks.
In order to simplify description, certification sync message is subsequently sent to local device with opposite equip., performed by local device Illustrated as a example by subsequent treatment, and be directed to local device and send certification sync message, the treatment of opposite equip. to opposite equip. Process, the processing procedure with local device is similar, and subsequent process is repeated no more.
Step 202, parses information, the authentication information of aggregation port from the certification sync message.
In one example, due to information, the authentication information of carrying aggregation port in certification sync message, therefore, local terminal sets Standby information, the authentication information that aggregation port can be parsed from certification sync message.The information of aggregation port can be aggregation port Mark.Authentication information can include that the label of main frame, certificate server are identified for the VXLAN of host assignment;Or, authentication information Label, the address of main frame of main frame can be included.
In one example, the certification sync message can be the protocol massages of opposite equip. generation, and the protocol massages are used In the information, the label of main frame, the VXLAN marks that certificate server is host assignment that carry aggregation port;Or, the protocol massages Address for carrying the information of aggregation port, the label of main frame, main frame.And the certification sync message is a kind of new message class Type, is generated and sent to local device by opposite equip..
In another example, the data message that the certification sync message can also be received for opposite equip., i.e. opposite end The data message from main frame that equipment is received by aggregation port.Due to the data message carried main frame label, The information such as the address of main frame, therefore, as long as opposite equip. adds the information of aggregation port in the data message, it is possible to which this is counted Local device is sent to according to message.And, local device can parse the information of aggregation port, main frame from the data message The contents such as label, the address of main frame.In actual applications, when carrying data message by certification sync message, the certification synchronization Message need not carry all the elements of data message, as long as carry the information of aggregation port, the label of main frame, the address of main frame being Can, heading is such as only included, and heading carries information, the label of main frame, the address of main frame of aggregation port.
Step 203, is that the physical port for belonging to the aggregation port configures access information using the authentication information.
In one example, local device gathers due to aggregation port has been locally configured after the information for obtaining aggregation port with this Heal up including physical port corresponding relation, thus may determine that going out to belong to the physical port of the aggregation port, physics here Port is the physical port of local device, rather than the physical port of opposite equip..
In one example, the access information can include that label (label of main frame) identifies (certificate server with VXLAN Be the VXLAN marks of host assignment) mapping relations, based on this, for " being the thing that belongs to the aggregation port using the authentication information The process of reason port configuration access information ", can include but is not limited to following manner:If label of the authentication information including main frame, Certificate server is identified for the VXLAN of host assignment, then local device can be directly that the physical port for belonging to the aggregation port is matched somebody with somebody Put the relation of the label and VXLAN marks.Or, if authentication information includes label, the address of main frame of main frame, local terminal sets It is standby that label, the message identifying of the address of main frame for carrying main frame can be sent to certificate server, so that certificate server is utilized The label of main frame, the address of main frame are authenticated to the main frame.If local device receive certificate server return certification into Work(message, then parse the VXLAN that certificate server is host assignment from certification success message and identify, and gather to belong to this The label of the physical port configuration main frame for healing up and the relation of VXLAN marks.Wherein, carried in certification success message The mapping that VXLAN marks are certificate servers to be identified by the label of main frame, the address lookup label of main frame, address, VXLAN is closed What system obtained.
In one example, local device is host assignment in the label for physical port configuration main frame and certificate server VXLAN mark mapping relations after, if local device receive carry label data message (associated with aggregation port The data message that main frame sends), then the mapping relations that can be identified by inquiry tag and VXLAN are obtained the data message and taken The corresponding VXLAN marks of label of band, and sent datagram using VXLAN marks.And/or, local device is being physics After the mapping relations that the label of port configuration main frame is identified with certificate server for the VXLAN of host assignment, if local device The data message (i.e. purpose is the data message of the main frame associated with aggregation port) for carrying VXLAN marks is received, then can be led to The mapping relations of inquiry tag and VXLAN marks are crossed, the VXLAN for obtaining data message carrying identifies corresponding label, and profit The data message is sent with the label.
In one example, local device is host assignment in the label for physical port configuration main frame and certificate server VXLAN mark mapping relations after, can also for the mapping relations set ageing timer.In ageing timer time-out Before, if receiving the data message matched with the mapping relations, local device updates the ageing time of the ageing timer. After ageing timer time-out, then local device sends to opposite equip. and deletes message.Opposite equip. is deleted receiving this After message, whether inquiry is local is still present with the mapping relations that (opposite equip. is same to safeguard label with reflecting that VXLAN is identified Penetrate relation, and the mapping relations that opposite equip. is safeguarded are identical with the mapping relations that local device is safeguarded) data message that matches.Such as Fruit is that then opposite equip. sends to local device and deletes failed message;If it is not, then opposite equip. sends to local device deleting Success message.If local device receives the deletion success message of opposite equip. return, local device can delete the mapping Relation.If local device receives the deletion failed message of opposite equip. return, local device can retain the mapping relations, Update the ageing time of the ageing timer.
Based on above-mentioned technical proposal, in the embodiment of the present application, under the VXLAN networkings of distributed polymerization, if local terminal is set Standby physical port 1 constitutes aggregation port with the physical port 2 of opposite equip., when main frame is in opposite equip. certification success, and opposite end Equipment is that after physical port 2 configures access information, opposite equip. can trigger local device for the configuration of physical port 1 accesses letter Breath.So, the physical port 1 of local device is each equipped with access information, above-mentioned configuration process with the physical port 2 of opposite equip. Can be dynamic configuration, so as to avoid the operation of user, save amount of user effort.Above-mentioned configuration process can be according to user's request Complete (being configured after receiving data message), and ensure that physical port 1 accesses letter with the configuration identical of physical port 2 Breath.Because physical port 1 and physical port 2 are each equipped with access information, therefore, either local device receives datagram Text, or opposite equip. receives data message, the data message can be sent based on the access information, so as to avoid business The problems such as interruption, message are lost.
It is shown in Figure 3, it is the flow chart of the collocation method of the access information proposed in the application, the method is applied to point The opposite equip. of cloth paradigmatic system, and distributed paradigmatic system also includes local device and set with the local device and opposite end The main frame of standby connection, and for the main frame, the physical port of local device and the physical port composition of opposite equip. and the main frame The aggregation port of association.
Step 301, after the data message from main frame is received, is authenticated to the main frame.
Step 302, if host machine authentication success, generates certification sync message, wherein, the certification sync message can be wrapped Include information, the corresponding authentication information of main frame of the corresponding aggregation port of main frame.
Further, the authentication information can include that the label of main frame, certificate server are marked for the VXLAN of host assignment Know;Or, the authentication information can include label, the address of main frame of main frame.
Step 303, the certification sync message is sent to local device, so that local device is to belong to using the authentication information The physical port configuration access information of the aggregation port, referring to the treatment of step 201-203.
In one example, for the process of " being authenticated to main frame ", can include:Sent to certificate server and carried The label of main frame, the message identifying of the address of main frame, so that certificate server is authenticated using the message identifying to main frame, tool Body verification process is repeated no more.If receive certificate server return certification success message, can determine host machine authentication into Work(, and the VXLAN marks that certificate server is the host assignment are parsed from certification success message;Wherein, VXLAN marks Knowledge is certificate server to be obtained by the mapping relations for inquiring about the label of main frame, the address of main frame, VXLAN are identified.
Further, after being authenticated to main frame, if host machine authentication success, can be the corresponding physics of the main frame Port configures the label of the main frame and the relation of VXLAN marks.
Below in conjunction with the application scenarios shown in Fig. 4, the such scheme to the embodiment of the present application is illustrated.It is poly- in distribution The networking scene of conjunction, the physical port 1 and physical port 2 of main frame 3 are added between aggregation port A, VTEP equipment 1 and VTEP equipment 2 By distributed aggregation protocol, the physical port 4 of the physical port 3 of VTEP equipment 1 and VTEP equipment 2 is also added to aggregation port A, the configuration process to this aggregation port A is repeated no more.VTEP equipment 1 can configure aggregation port A and physical port 3, physical port 4 Corresponding relation, VTEP equipment 2 can configure aggregation port A and physical port 3, the corresponding relation of physical port 4.
Under above-mentioned application scenarios, for the data-message transmission process between main frame 3 and main frame 4, the embodiment of the present application The collocation method of the access information of middle proposition, can include but is not limited to following steps:
Step 1, main frame 3 are sent datagram 1, the source MAC of the data message 1 by physical port 1 or physical port 2 Address is the MAC Address 0000-0000-0001 of main frame 3, and source IP address is the IP address of main frame 3, and target MAC (Media Access Control) address is main frame 4 MAC Address, purpose IP address for main frame 4 IP address.Data message 1 can also carry the label (tag) of main frame 3, the mark It can be VLAN (Virtual Local Area Network, Virtual Local Area Network) to sign, such as VLAN100, subsequently with label 100 As a example by.
Describe for convenience, sent datagram by physical port 1 by main frame 3 and illustrate as a example by 1.
Step 2, VTEP equipment 1 receive the data message 1 that main frame 3 sends by physical port 3.
Step 3, VTEP equipment 1 determine that main frame 3 is current not authenticated, parsed from data message 1 main frame 3 address and Label, and the message identifying for carrying the address and the label is sent to certificate server.
In one example, the address of main frame 3 can be the source MAC and/or source IP address of data message 1, in order to Convenient description, is subsequently illustrated by taking source MAC 0000-0000-0001 as an example, and for other address styles, it is treated Journey is similar to, therefore the MAC Address 0000-0000-0001 of main frame 3 can be parsed from data message 1.It is additionally, since data The label 100 of main frame 3 is carried in message 1, therefore the label 100 of main frame 3 can be parsed from data message 1.To sum up institute State, message identifying can carry MAC Address 0000-0000-0001 and label 100.
In one example, VXLAN tunnels, and VTEP equipment 1 can be configured between VTEP equipment 1 and certificate server Above-mentioned message identifying can be sent to by certificate server by the VXLAN tunnels.
Step 4, certificate server are authenticated using message identifying after message identifying is received to main frame 3.
In one example, certificate server can configure the MAC Address of main frame and reflecting for label for allowing to access network Relation is penetrated, this configuration process is repeated no more.Based on this mapping relations, certificate server, can be with after message identifying is received MAC Address 0000-0000-0001 and label 100 are parsed from the message identifying, and by MAC Address 0000-0000- 0001 and label 100 inquire about above-mentioned mapping relations.If there is MAC Address 0000-0000-0001 and label in above-mentioned mapping relations 100, then the certification of main frame 3 success can be determined, otherwise, it determines the authentification failure of main frame 3, subsequently enters by taking the certification of main frame 3 success as an example Row explanation.
If step 5, the certification of main frame 3 success, certificate server determines to be identified with the corresponding VXLAN of label 100, and to VTEP equipment 1 sends the certification success message for carrying label 100 and VXLAN marks.
In one example, certificate server when the mapping relations of the MAC Address of main frame and label are configured, close by the mapping System can also identify including VXLAN.Therefore, above-mentioned mapping pass is being inquired about by MAC Address 0000-0000-0001 and label 100 After system, it is possible to obtain being identified with the corresponding VXLAN of label 100, such as 10000, therefore, certification success message can carry mark 100 are signed with VXLAN marks 10000.
Step 6, VTEP equipment 1 determine the certification of main frame 3 success, and utilize the certification after certification success message is received Success message is configuration access information, i.e. the VTEP equipment 1 of physical port 3 for belonging to aggregation port A for the physical port 3 configures mark Sign the mapping relations of 100 and VXLAN marks 10000.
VTEP equipment 1 after the mapping relations for the label allocation 100 of physical port 3 with VXLAN marks 10000, if VTEP equipment 1 receives the data message that main frame 3 is sent to main frame 4 by physical port 3, then parsed from the data message Label 100, and the mapping relations identified by the inquiry tag of label 100 and VXLAN, obtain being marked with the corresponding VXLAN of label 100 Know 10000, and using VXLAN mark 10000 send the data message, will label 100 data message be mapped to VXLAN mark Know 10000 to send, to the process that this is sent datagram using VXLAN marks 10000, will not be repeated here.
And, VTEP equipment 1 after the mapping relations for the label allocation 100 of physical port 3 with VXLAN marks 10000, If VTEP equipment 1 receives the data message (coming from the data message of VTEP equipment 3) that main frame 4 is sent to main frame 3, from VXLAN marks 10000 are parsed in the data message, and the mapping that 1000 inquiry tags are identified with VXLAN is identified by VXLAN Relation, obtaining identifying 10000 corresponding labels 100 with VXLAN, and send the data message using label 100 (can now pass through Physical port 3 sends datagram), will the data message of VXLAN marks 10000 be mapped to label 100 and be transmitted, to this The process sent datagram using label 100, will not be repeated here.
But, if data message is sent into VTEP equipment 2 by physical port 2 for main frame 3 or VTEP equipment 2 is received Main frame 4 is sent to the data message of main frame 3, because the mapping of the non-label allocation 100 of VTEP equipment 2 and VXLAN marks 10000 is closed System, therefore cause service disconnection, message is lost.
Regarding to the issue above, it is further comprising the steps of after VTEP equipment 1 determines the certification of main frame 3 success:
Step 7, VTEP equipment 1 send certification sync message to VTEP equipment 2.Wherein, the certification sync message can be taken Information (such as mark of aggregation port A) and authentication information with aggregation port.
In one example, VTEP equipment 1 can by the inside conversion link between VTEP equipment 1 and VTEP equipment 2, Certification sync message is sent to VTEP equipment 2.Certainly, VTEP equipment 1 can also otherwise, by certification sync message VTEP equipment 2 is sent to, it is without limitation.
Mode one, the certification sync message are the protocol massages of the generation of VTEP equipment 1, and the protocol massages can be a kind of new The message of type, its information and authentication information that are used to carry aggregation port;The certification sync message can also be multiplexed existing message, As long as carrying the information and authentication information of aggregation port in the message.
In one example, the authentication information can be included but is not limited to:Based on the label 100, certificate server of main frame 3 The VXLAN of the distribution of machine 3 identifies the contents such as 10000.Certainly, the authentication information can also include other contents, such as MAC of main frame 3 Address 0000-0000-0001, is not limited to this content.
Describe for convenience, subsequently illustrated so that the certification sync message includes following content as an example:Type of message:Such as MLAG (Multi-Chassis Link Aggregation, striding equipment link aggregation), the type of message represents that current message is Certification sync message, it is that physical port configures access information that VTEP equipment is needed based on certification sync message;MAC Address:Such as MAC Address 0000-0000-0001;VXLAN is identified:Such as VXLAN marks 10000;Label:Such as label 100;The mark of aggregation port:Such as Aggregation port A.
Mode two, the certification sync message are the data messages that VTEP equipment 1 is received, i.e., received in above-mentioned steps 2 Data message 1, the label 100 of main frame 3, the MAC Address 0000-0000-0001 of main frame 3 have been carried in the data message 1 Etc. content, therefore, VTEP equipment 1 can add the mark of aggregation port A in data message 1, and by amended data message 1 As above-mentioned certification sync message.
Step 8, VTEP equipment 2 after the certification sync message from VTEP equipment 1 is received, from the certification sync message In parse the information (such as aggregation port A) and authentication information of aggregation port.
Step 9, VTEP equipment 2 determine the physical port 4 for belonging to aggregation port A.
Step 10, VTEP equipment 2 are that physical port 4 configures access information using the authentication information.
In one example, it is that the access information that physical port 4 is configured can include:The label 100 of main frame 3 takes with certification Business device is the mapping relations of the VXLAN marks 10000 of the distribution of main frame 3.For " VTEP equipment 2 is physics end using authentication information The process of the configuration of mouth 4 access informations ", can include but is not limited to:
Mode one, the label 100, certificate server of main frame 3 is parsed for VTEP equipment 2 is the VXLAN of the distribution of main frame 3 (such as certification sync message is the label 100, certificate server for carrying main frame 3 for main frame 3 is distributed to the situation of mark 10000 VXLAN mark 10000 protocol massages), VTEP equipment 2 can directly for physical port 4 configuration main frame 3 label 100 with The mapping relations of VXLAN marks 10000.
Because in which, once, VTEP equipment 2 need not be interacted with certificate server, such that it is able to shorten to thing The label allocation 100 of reason port 4 identifies the time of 10000 mapping relations with VXLAN.
Mode two, the label 100 that main frame 3 is parsed for VTEP equipment 2, the MAC Address 0000-0000-0001 of main frame 3 Situation (such as certification sync message be carry main frame 3 label 100, the agreement of the MAC Address 0000-0000-0001 of main frame 3 Message or, certification sync message be carry main frame 3 label 100, the data of the MAC Address 0000-0000-0001 of main frame 3 Message), then VTEP equipment 2 can send the certification for carrying label 100 and MAC Address 0000-0000-0001 to certificate server Message.Being additionally, since can be configured with VXLAN tunnels between VTEP equipment 2 and certificate server, therefore, VTEP equipment 2 can be with Above-mentioned message identifying is sent to by certificate server by the VXLAN tunnels.
Certificate server is authenticated using message identifying after message identifying is received to main frame 3.Specifically, certification Server can configure the MAC Address of the main frame for allowing to access network and the mapping relations of label, based on this mapping relations, certification Server can parse MAC Address 0000-0000-0001 and label after message identifying is received from the message identifying 100, and above-mentioned mapping relations are inquired about by MAC Address 0000-0000-0001 and label 100.If existing in above-mentioned mapping relations MAC Address 0000-0000-0001 and label 100, then can determine the certification of main frame 3 success, otherwise, it determines the certification of main frame 3 is lost Lose.
If the certification of main frame 3 success, certificate server can determine with the corresponding VXLAN of label 100 mark 10000, and The certification success message for carrying label 100 and VXLAN marks 10000 is sent to VTEP equipment 2.Specifically, certificate server exists During the mapping relations of the MAC Address and the label that configure main frame, the mapping relations can also be identified including VXLAN.Therefore, passing through After MAC Address 0000-0000-0001 and label 100 inquire about above-mentioned mapping relations, it is possible to obtain corresponding with label 100 VXLAN marks 10000, therefore, certification success message can carry label 100 with VXLAN marks 10000.
VTEP equipment 2 determines the certification of main frame 3 success, and successfully report using the certification after certification success message is received Text is the label allocation 100 of physical port 4 and the mapping relations of VXLAN marks 10000.
For aforesaid way one and mode two, VTEP equipment 2 is identified for the label allocation 100 of physical port 4 with VXLAN After 10000 mapping relations, if VTEP equipment 2 receives the data message that main frame 3 is sent to main frame 4 by physical port 4, Outgoing label 100 is parsed from the data message, and the mapping relations identified by the inquiry tag of label 100 and VXLAN, obtain with Label 100 corresponding VXLAN mark 10000, and the data message is sent using VXLAN marks 10000, will label 100 Data message is mapped to VXLAN marks 10000 and sends.And, if VTEP equipment 2 receives the data that main frame 4 is sent to main frame 3 Message, then parse VXLAN marks 10000 from data message, and identify 1000 inquiry tags by VXLAN and marked with VXLAN The mapping relations of knowledge, obtain identifying 10000 corresponding labels 100 with VXLAN, and send the data message (meeting using label 100 Sent datagram by physical port 4), will the data message of VXLAN marks 10000 be mapped to label 100 and be transmitted.
It is that the physical port 3 of VTEP equipment 1 and the physical port 4 of VTEP equipment 2 are configured with identical by said process Access information, i.e. label 100 identify 10000 mapping relations with VXLAN.
In one example, VTEP equipment 1/VTEP equipment 2 for the label allocation 100 of 3/ physical port of physical port 4 with VXLAN mark 10000 mapping relations after, can also for the mapping relations set ageing timer, the ageing timer it is old The change time can configure according to practical experience.Before ageing timer time-out, if VTEP equipment 1/VTEP equipment 2 is received The data message matched with the mapping relations, then update the ageing time of the ageing timer, after ageing timer time-out, Deletion message can then be sent.
Describe for convenience, subsequently illustrated by taking the ageing timer time-out of VTEP equipment 1 as an example.
VTEP equipment 1 sends to VTEP equipment 2 and deletes message, and the deletion message can carry the information of aggregation port A, label 100th, VXLAN marks 10000.In one example, the content for deleting message carrying can be similar with certification sync message, simply Type of message is different from the type of message of certification sync message, and the type of message of the deletion message is represented to be needed to delete label 100 With the mapping relations of VXLAN marks 10000.
After deletion message is received, whether inquiry is local is still present and " label 100 and VXLAN marks VTEP equipment 2 The data message of 10000 mapping relations " matching.If it is, VTEP equipment 2 sends to VTEP equipment 1 deletes failed message; If not, send deleting success message to VTEP equipment 1.
Specifically, being that the ageing timer that the mapping relations are set surpasses in VTEP equipment 2 after the deletion message is received When before, if receiving the data message matched with the mapping relations, illustrate locally to be still present and matched with the mapping relations Data message, VTEP equipment 2 can update the ageing time of the ageing timer, and sent to VTEP equipment 1 and delete failure Message.After the deletion message is received, after VTEP equipment 2 is the ageing timer time-out that the mapping relations are set, if The data message matched with the mapping relations is not received, then illustrates local in the absence of the datagram matched with the mapping relations Text, VTEP equipment 2 can delete the mapping relations and the ageing timer, sent to VTEP equipment 1 and delete success message.
Further, if VTEP equipment 1 receives the deletion success message of the return of VTEP equipment 2, mapping pass is deleted System and the ageing timer.If VTEP equipment 1 receives the deletion failed message of the return of VTEP equipment 2, this can be retained Mapping relations, and update the ageing time of the ageing timer.
Conceived based on the application same with the above method, the embodiment of the present application also provides a kind of configuration dress of access information Put, the configuration device of the access information is applied in local device.The configuration device of the access information can be realized by software, Can be realized by way of hardware or software and hardware combining.As a example by implemented in software, as the device on a logical meaning, It is the processor by the local device where it, corresponding computer program instructions are formed in reading non-volatile storage 's.From for hardware view, as shown in figure 5, a kind of hardware knot of the local device where the configuration device of the access information Composition, except the processor shown in Fig. 5, in addition to nonvolatile memory, local device can also include other hardware, such as be responsible for place Manage forwarding chip, network interface, internal memory of message etc.;For from hardware configuration, local device is also possible to be distributed apparatus, Multiple interface cards are potentially included, to carry out the extension of Message processing in hardware view.
As shown in fig. 6, the structure chart of the configuration device for the access information of the application proposition, is applied to distributed polymerization system The local device of system, distributed paradigmatic system also includes opposite equip. and the master being connected with the local device and opposite equip. Machine, the device includes:
Receiver module 11, for receiving the certification sync message from the opposite equip., wherein, the certification is synchronously reported Text is the opposite equip. it is determined that being sent after host machine authentication success;Parsing module 12, for from the certification synchronization Information, the authentication information of aggregation port are parsed in message;Configuration module 13, for being gathered to belong to described using the authentication information The physical port configuration access information for healing up.
In one example, the authentication information can include the label of main frame, certificate server for host assignment can Extension Virtual Local Area Network VXLAN marks;Based on this, the configuration module 13, specifically for being to belong to using authentication information During the physical port configuration access information of the aggregation port, for the physical port for belonging to the aggregation port configures the mark Sign the relation identified with the VXLAN.
In one example, the authentication information includes label, the address of main frame of main frame;The configuration module 13, tool Body is used for during using the authentication information being the physical port configuration access information for belonging to the aggregation port, to certification Server sends label, the message identifying of the address of the main frame for carrying the main frame, so that certificate server is using described The label of main frame, the address of the main frame are authenticated to the main frame;If receiving the certification that the certificate server is returned Success message, then parse the VXLAN marks that the certificate server is the host assignment from certification success message; Wherein, the VXLAN marks are that the certificate server is obtained by the mapping relations that inquiry tag, address, VXLAN are identified 's;For the physical port for belonging to the aggregation port configures the relation that the label is identified with the VXLAN.
In one example, the configuration module 13 is the access information of physical port configuration including the main frame The mapping relations that label is identified with the VXLAN that certificate server is the host assignment;
Described device also includes (not embodied in figure):Sending module;
The sending module, for after the data message for carrying label is received, by inquiring about the mapping relations, obtaining The corresponding VXLAN marks of the label, and sent datagram using VXLAN marks;And/or, carry VXLAN receiving After the data message of mark, by inquiring about the mapping relations, obtain the VXLAN and identify corresponding label, and using described Label sends datagram.
In one example, the configuration module 13 is the access information of physical port configuration including the main frame The mapping relations that label is identified with the VXLAN that certificate server is the host assignment;
Described device also includes (not embodied in figure):Maintenance module;
The maintenance module, for setting ageing timer for the mapping relations;In the ageing timer time-out Before, if receiving the data message matched with the mapping relations, update the ageing time of the ageing timer;Described After ageing timer time-out, then sent to the opposite equip. and delete message;If receiving deleting for the opposite equip. return Except success message, then the mapping relations are deleted;If receiving the deletion failed message that the opposite equip. is returned, retain institute Mapping relations are stated, and updates the ageing time of the ageing timer;Wherein, the deletion success message is the opposite equip. Sent when inquiring and locally not existing the data message matched with the mapping relations, the deletion failed message is described What opposite equip. sent when inquiring and locally there is the data message matched with the mapping relations.
Conceived based on the application same with the above method, the embodiment of the present application also provides a kind of configuration dress of access information Put, the configuration device of the access information is applied in opposite equip..The configuration device of the access information can be realized by software, Can be realized by way of hardware or software and hardware combining.As a example by implemented in software, as the device on a logical meaning, It is the processor by the opposite equip. where it, corresponding computer program instructions are formed in reading non-volatile storage 's.From for hardware view, as shown in fig. 7, a kind of hardware knot of the opposite equip. where the configuration device of the access information Composition, except the processor shown in Fig. 7, in addition to nonvolatile memory, opposite equip. can also include other hardware, such as be responsible for place Manage forwarding chip, network interface, internal memory of message etc.;For from hardware configuration, opposite equip. is also possible to be distributed apparatus, Multiple interface cards are potentially included, to carry out the extension of Message processing in hardware view.
As shown in figure 8, the structure chart of the configuration device for the access information of the application proposition, is applied to distributed polymerization system The opposite equip. of system, distributed paradigmatic system also includes local device and the master being connected with the local device and opposite equip. Machine, the device includes:
Authentication module 21, for after the data message from the main frame is received, being authenticated to the main frame;Generation Module 22, for when the host machine authentication is successful, then generating certification sync message, wherein, the certification sync message includes Information, the corresponding authentication information of the main frame of the corresponding aggregation port of the main frame;Sending module 23, for being set to the local terminal Preparation send the certification sync message, so that the local device is the physics for belonging to the aggregation port using the authentication information Port configures access information.
The authentication information includes the label of the main frame, the VXLAN marks that certificate server is the host assignment;Or Person, the authentication information includes label, the address of the main frame of the main frame;
The authentication module 21, specifically for during being authenticated to the main frame, being sent to certificate server Label, the message identifying of the address of the main frame of the main frame are carried, so that the certificate server utilizes the certification report Text is authenticated to the main frame;If receiving the certification success message that the certificate server is returned, it is determined that the main frame Certification success, and the VXLAN marks that the certificate server is the host assignment are parsed from certification success message; Wherein, VXLAN mark is the certificate server by inquiring about the label of main frame, the address of main frame, VXLAN are identified reflects What the relation of penetrating was obtained;
Described device also includes:Configuration module, the configuration module, for being then institute when the host machine authentication is successful State the corresponding physical port of main frame and configure the relation that the label of the main frame is identified with the VXLAN.
System, device, module or unit that above-described embodiment is illustrated, can specifically be realized by computer chip or entity, Or realized by the product with certain function.A kind of typically to realize equipment for computer, the concrete form of computer can Being personal computer, laptop computer, cell phone, camera phone, smart phone, personal digital assistant, media play In device, navigation equipment, E-mail receiver/send equipment, game console, tablet PC, wearable device or these equipment The combination of any several equipment.
For convenience of description, it is divided into various units with function during description apparatus above to describe respectively.Certainly, this is being implemented The function of each unit can be realized in same or multiple softwares and/or hardware during application.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program Product.Therefore, the application can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.And, the embodiment of the present application can be used and wherein include computer usable program code at one or more The computer implemented in computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of program product.
The application is the flow with reference to method, equipment (system) and computer program product according to the embodiment of the present application Figure and/or block diagram are described.It is generally understood that each in realizing flow chart and/or block diagram by computer program instructions The combination of flow and/or square frame in flow and/or square frame and flow chart and/or block diagram.These computer journeys can be provided Sequence instruction to all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices processor with Produce a machine so that being produced by the instruction of computer or the computing device of other programmable data processing devices is used for The dress of the function that realization is specified in one flow of flow chart or multiple one square frame of flow and/or block diagram or multiple square frames Put.
And, these computer program instructions can also be stored can guide computer or the treatment of other programmable datas to set In the standby computer-readable memory for working in a specific way so that instruction of the storage in the computer-readable memory is produced Manufacture including command device, the command device is realized in one flow of flow chart or multiple flows and/or block diagram one The function of being specified in individual square frame or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented treatment, so as in computer Or the instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram The step of function of being specified in one square frame or multiple square frames.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product. Therefore, the application can be using the implementation in terms of complete hardware embodiment, complete software embodiment or combination software and hardware The form of example.And, the application can be used and wherein include the calculating of computer usable program code at one or more The computer implemented in machine usable storage medium (magnetic disk storage, CD-ROM, optical memory etc. can be included but is not limited to) The form of program product.
Embodiments herein is the foregoing is only, the application is not limited to.For those skilled in the art For, the application can have various modifications and variations.It is all any modifications made within spirit herein and principle, equivalent Replace, improve etc., within the scope of should be included in claims hereof.

Claims (14)

1. a kind of collocation method of access information, is applied to the local device of distributed paradigmatic system, the distributed polymerization system System also includes opposite equip. and the main frame being connected with the local device and opposite equip., it is characterised in that methods described includes:
The certification sync message from the opposite equip. is received, wherein, the certification sync message is that the opposite equip. exists Determine what is sent after the host machine authentication is successful;
Information, the authentication information of aggregation port are parsed from the certification sync message;
It is that the physical port for belonging to the aggregation port configures access information using the authentication information.
2. method according to claim 1, it is characterised in that the authentication information includes label, the authentication service of main frame Device is identified for the expansible Virtual Local Area Network VXLAN of host assignment;Described is to belong to the polymerization using the authentication information The physical port of mouth configures the process of access information, specifically includes:
For the physical port for belonging to the aggregation port configures the relation that the label is identified with the VXLAN.
3. method according to claim 1, it is characterised in that
The authentication information includes label, the address of main frame of main frame, and described is to belong to the polymerization using the authentication information The physical port of mouth configures the process of access information, specifically includes:
Label, the message identifying of the address of the main frame for carrying the main frame are sent to certificate server, so that the certification The label of main frame described in server by utilizing, the address of the main frame are authenticated to the main frame;
If receiving the certification success message that the certificate server is returned, parsed from certification success message described Certificate server is the VXLAN marks of the host assignment;Wherein, the VXLAN marks are the certificate servers by looking into Inquiry label, address, the mapping relations of VXLAN marks are obtained;
For the physical port for belonging to the aggregation port configures the relation that the label is identified with the VXLAN.
4. method according to claim 1, it is characterised in that the access information includes label and the certification of the main frame Server is the mapping relations of the VXLAN marks of the host assignment, and described is to belong to the polymerization using the authentication information After the physical port configuration access information of mouth, also include:
After the data message for carrying label is received, by inquiring about the mapping relations, the corresponding VXLAN marks of the label are obtained Know, and sent datagram using VXLAN marks;And/or,
After the data message for carrying VXLAN marks is received, by inquiring about the mapping relations, the VXLAN marks are obtained right The label answered, and sent datagram using the label.
5. method according to claim 1, it is characterised in that the access information includes label and the certification of the main frame Server is the mapping relations of the VXLAN marks of the host assignment, and described is to belong to the polymerization using the authentication information After the physical port configuration access information of mouth, also include:
For the mapping relations set ageing timer;Before ageing timer time-out, if receiving and the mapping The data message of relationship match, then update the ageing time of the ageing timer;
After ageing timer time-out, then sent to the opposite equip. and delete message;
If receiving the deletion success message that the opposite equip. is returned, the mapping relations are deleted;If it is described right to receive The deletion failed message that end equipment is returned, then retain the mapping relations, and update the ageing time of the ageing timer;Its In, the success message of deleting is that the opposite equip. is inquiring the local datagram for not existing and being matched with the mapping relations Sent when literary, the deletion failed message is the opposite equip. to be matched with the mapping relations inquiring locally to exist Sent during data message.
6. a kind of collocation method of access information, is applied to the opposite equip. of distributed paradigmatic system, the distributed polymerization system System also includes local device and the main frame being connected with the local device and opposite equip., it is characterised in that methods described includes:
After the data message from the main frame is received, the main frame is authenticated;
If the host machine authentication success, generates certification sync message, wherein, the certification sync message includes the main frame pair The information of the aggregation port answered, the corresponding authentication information of the main frame;
The certification sync message is sent to the local device, so that the local device is to belong to using the authentication information The physical port configuration access information of the aggregation port.
7. method according to claim 6, it is characterised in that the authentication information includes label, the certification of the main frame Server is the expansible Virtual Local Area Network VXLAN marks of the host assignment;Or, the authentication information includes the master The address of the label of machine, the main frame;
The process being authenticated to the main frame, specifically includes:Sent to certificate server carry the main frame label, The message identifying of the address of the main frame, so that the certificate server is recognized the main frame using the message identifying Card;If receiving the certification success message that the certificate server is returned, it is determined that the host machine authentication success, and recognize from described Demonstrate,prove the VXLAN marks for parsing that the certificate server is the host assignment in successfully message;Wherein, the VXLAN marks Be the certificate server is obtained by the mapping relations for inquiring about the label of main frame, the address of main frame, VXLAN are identified;
It is described the main frame is authenticated after, methods described also includes:If the host machine authentication success, is the main frame Corresponding physical port configures the relation that the label of the main frame is identified with the VXLAN.
8. a kind of configuration device of access information, is applied to the local device of distributed paradigmatic system, the distributed polymerization system System also includes opposite equip. and the main frame being connected with the local device and opposite equip., it is characterised in that described device includes:
Receiver module, for receiving the certification sync message from the opposite equip., wherein, the certification sync message is institute Opposite equip. is stated it is determined that transmission after host machine authentication success;
Parsing module, information, authentication information for parsing aggregation port from the certification sync message;
Configuration module, for being that the physical port for belonging to the aggregation port configures access information using authentication information.
9. device according to claim 8, it is characterised in that the authentication information includes label, the authentication service of main frame Device is identified for the expansible Virtual Local Area Network VXLAN of host assignment;
The configuration module, specifically for being that the physical port for belonging to the aggregation port configures access information using authentication information During, for the physical port for belonging to the aggregation port configures the relation that the label is identified with the VXLAN.
10. device according to claim 8, it is characterised in that
The authentication information includes label, the address of main frame of main frame;The configuration module, specifically for utilizing the certification During information is the physical port configuration access information for belonging to the aggregation port, is sent to certificate server and carry the master The label of machine, the message identifying of the address of the main frame, so that label, the master of the certificate server using the main frame The address of machine is authenticated to the main frame;
If receiving the certification success message that the certificate server is returned, parsed from certification success message described Certificate server is the VXLAN marks of the host assignment;Wherein, the VXLAN marks are the certificate servers by looking into Inquiry label, address, the mapping relations of VXLAN marks are obtained;
For the physical port for belonging to the aggregation port configures the relation that the label is identified with the VXLAN.
11. devices according to claim 8, it is characterised in that the configuration module is connecing for the physical port configuration Enter the mapping relations of label of the information including the main frame and the VXLAN marks that certificate server is the host assignment;It is described Device also includes:Sending module;
The sending module, for after the data message for carrying label is received, by inquiring about the mapping relations, obtains described The corresponding VXLAN marks of label, and sent datagram using VXLAN marks;And/or, carry VXLAN marks receiving Data message after, by inquiring about the mapping relations, obtain the VXLAN and identify corresponding label, and utilize the label Send datagram.
12. devices according to claim 8, it is characterised in that the configuration module is connecing for the physical port configuration Enter the mapping relations of label of the information including the main frame and the VXLAN marks that certificate server is the host assignment;It is described Device also includes:Maintenance module;
The maintenance module, for setting ageing timer for the mapping relations;Before ageing timer time-out, if The data message matched with the mapping relations is received, then updates the ageing time of the ageing timer;Described aging After timer expiry, then sent to the opposite equip. and delete message;If receive deletion that the opposite equip. returns into Work(message, then delete the mapping relations;If receiving the deletion failed message that the opposite equip. is returned, reflected described in reservation Relation is penetrated, and updates the ageing time of the ageing timer;Wherein, the deletion success message is that the opposite equip. is being looked into Ask what is sent when locally not existing the data message matched with the mapping relations, the deletion failed message is the opposite end What equipment sent when inquiring and locally there is the data message matched with the mapping relations.
A kind of 13. configuration devices of access information, are applied to the opposite equip. of distributed paradigmatic system, the distributed polymerization system System also includes local device and the main frame being connected with the local device and opposite equip., it is characterised in that described device includes:
Authentication module, for after the data message from the main frame is received, being authenticated to the main frame;
Generation module, for when the host machine authentication is successful, then generating certification sync message, wherein, the certification is synchronously reported Information, the main frame corresponding authentication information of the text including the corresponding aggregation port of the main frame;
Sending module, for sending the certification sync message to the local device, so that the local device is using described Authentication information is the physical port configuration access information for belonging to the aggregation port.
14. devices according to claim 13, it is characterised in that the authentication information includes the label of the main frame, recognizes Card server is the expansible Virtual Local Area Network VXLAN marks of the host assignment;Or, the authentication information includes described The address of the label of main frame, the main frame;
The authentication module, specifically for during being authenticated to the main frame, being sent to certificate server and carrying institute Label, the message identifying of the address of the main frame of main frame are stated, so that the certificate server utilizes the message identifying to institute Main frame is stated to be authenticated;If receiving the certification success message that the certificate server is returned, it is determined that the host machine authentication into Work(, and the VXLAN marks that the certificate server is the host assignment are parsed from certification success message;Wherein, VXLAN mark is the certificate server is closed by the mapping for inquiring about the label of main frame, the address of main frame, VXLAN are identified What system obtained;
Described device also includes:Configuration module, the configuration module, for being then the master when the host machine authentication is successful The corresponding physical port of machine configures the relation that the label of the main frame is identified with the VXLAN.
CN201611185070.4A 2016-12-20 2016-12-20 Configuration method and device of access information Active CN106878199B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611185070.4A CN106878199B (en) 2016-12-20 2016-12-20 Configuration method and device of access information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611185070.4A CN106878199B (en) 2016-12-20 2016-12-20 Configuration method and device of access information

Publications (2)

Publication Number Publication Date
CN106878199A true CN106878199A (en) 2017-06-20
CN106878199B CN106878199B (en) 2020-02-11

Family

ID=59164871

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611185070.4A Active CN106878199B (en) 2016-12-20 2016-12-20 Configuration method and device of access information

Country Status (1)

Country Link
CN (1) CN106878199B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547341A (en) * 2017-06-23 2018-01-05 新华三技术有限公司 Virtual extended LAN VXLAN cut-in method and device
CN107547402A (en) * 2017-07-19 2018-01-05 新华三技术有限公司 A kind of forwarding table generation method and device
CN107645433A (en) * 2017-08-31 2018-01-30 新华三技术有限公司 Message forwarding method and device
CN107995110A (en) * 2017-11-16 2018-05-04 新华三技术有限公司 Flow forwarding method and device
CN109495368A (en) * 2018-12-19 2019-03-19 锐捷网络股份有限公司 The update method and the network equipment of mac address forwarding table
CN110545240A (en) * 2019-08-02 2019-12-06 新华三大数据技术有限公司 Method for establishing label forwarding table and forwarding message based on distributed aggregation system
CN111786882A (en) * 2020-06-30 2020-10-16 中国联合网络通信集团有限公司 Route processing method and device
CN114024756A (en) * 2021-11-09 2022-02-08 迈普通信技术股份有限公司 Access authentication method, device, electronic equipment and computer readable storage medium

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102188A (en) * 2006-07-07 2008-01-09 华为技术有限公司 A method and system for mobile access to VLAN
US20080127333A1 (en) * 2006-08-04 2008-05-29 Gabriel Raffi T Verification Authentication System and Method
CN102223347A (en) * 2010-04-13 2011-10-19 中兴通讯股份有限公司 Multi-access authentication method and system in next generation network
CN103905283A (en) * 2012-12-25 2014-07-02 华为技术有限公司 Communication method and apparatus based on expandable virtual local area network
CN104052753A (en) * 2014-06-26 2014-09-17 杭州华三通信技术有限公司 Authentication method and device
US20150012621A1 (en) * 2013-07-08 2015-01-08 Cisco Technology, Inc. Network-assisted configuration and programming of gateways in a network environment
CN104468394A (en) * 2014-12-04 2015-03-25 杭州华三通信技术有限公司 Method and device for forwarding messages in VXLAN network
CN105207873A (en) * 2015-08-31 2015-12-30 华为技术有限公司 Message processing method and apparatus
CN105592062A (en) * 2015-10-28 2016-05-18 杭州华三通信技术有限公司 Method and device for remaining IP address unchanged
US20160149808A1 (en) * 2014-11-21 2016-05-26 Cisco Technology, Inc. VxLAN Security Implemented using VxLAN Membership Information at VTEPs
US9465668B1 (en) * 2012-04-30 2016-10-11 Google Inc. Adaptive ownership and cloud-based configuration and control of network devices
US20160381015A1 (en) * 2015-06-26 2016-12-29 Cisco Technology, Inc. Authentication for VLAN Tunnel Endpoint (VTEP)

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102188A (en) * 2006-07-07 2008-01-09 华为技术有限公司 A method and system for mobile access to VLAN
US20080127333A1 (en) * 2006-08-04 2008-05-29 Gabriel Raffi T Verification Authentication System and Method
CN102223347A (en) * 2010-04-13 2011-10-19 中兴通讯股份有限公司 Multi-access authentication method and system in next generation network
US9465668B1 (en) * 2012-04-30 2016-10-11 Google Inc. Adaptive ownership and cloud-based configuration and control of network devices
CN103905283A (en) * 2012-12-25 2014-07-02 华为技术有限公司 Communication method and apparatus based on expandable virtual local area network
US20150012621A1 (en) * 2013-07-08 2015-01-08 Cisco Technology, Inc. Network-assisted configuration and programming of gateways in a network environment
CN104052753A (en) * 2014-06-26 2014-09-17 杭州华三通信技术有限公司 Authentication method and device
US20160149808A1 (en) * 2014-11-21 2016-05-26 Cisco Technology, Inc. VxLAN Security Implemented using VxLAN Membership Information at VTEPs
CN104468394A (en) * 2014-12-04 2015-03-25 杭州华三通信技术有限公司 Method and device for forwarding messages in VXLAN network
US20160381015A1 (en) * 2015-06-26 2016-12-29 Cisco Technology, Inc. Authentication for VLAN Tunnel Endpoint (VTEP)
CN105207873A (en) * 2015-08-31 2015-12-30 华为技术有限公司 Message processing method and apparatus
CN105592062A (en) * 2015-10-28 2016-05-18 杭州华三通信技术有限公司 Method and device for remaining IP address unchanged

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
缪仕福: "VXLAN网络技术研究", 《科技资讯》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547341A (en) * 2017-06-23 2018-01-05 新华三技术有限公司 Virtual extended LAN VXLAN cut-in method and device
CN107547341B (en) * 2017-06-23 2020-07-07 新华三技术有限公司 Access method and device of virtual extensible local area network VXLAN
CN107547402A (en) * 2017-07-19 2018-01-05 新华三技术有限公司 A kind of forwarding table generation method and device
CN107645433A (en) * 2017-08-31 2018-01-30 新华三技术有限公司 Message forwarding method and device
CN107995110A (en) * 2017-11-16 2018-05-04 新华三技术有限公司 Flow forwarding method and device
CN107995110B (en) * 2017-11-16 2020-12-01 新华三技术有限公司 Traffic forwarding method and device
CN109495368A (en) * 2018-12-19 2019-03-19 锐捷网络股份有限公司 The update method and the network equipment of mac address forwarding table
CN110545240A (en) * 2019-08-02 2019-12-06 新华三大数据技术有限公司 Method for establishing label forwarding table and forwarding message based on distributed aggregation system
CN110545240B (en) * 2019-08-02 2022-06-07 新华三大数据技术有限公司 Method for establishing label forwarding table and forwarding message based on distributed aggregation system
CN111786882A (en) * 2020-06-30 2020-10-16 中国联合网络通信集团有限公司 Route processing method and device
CN114024756A (en) * 2021-11-09 2022-02-08 迈普通信技术股份有限公司 Access authentication method, device, electronic equipment and computer readable storage medium
CN114024756B (en) * 2021-11-09 2024-04-09 迈普通信技术股份有限公司 Access authentication method, device, electronic equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN106878199B (en) 2020-02-11

Similar Documents

Publication Publication Date Title
CN106878199A (en) The collocation method and device of a kind of access information
CN108243106A (en) Control method, forwarding unit, control device and the communication system of network slice
CN106603550B (en) A kind of Network Isolation method and device
CN106878181A (en) A kind of message transmitting method and device
CN106998297A (en) A kind of virtual machine migration method and device
CN106921578A (en) The generation method and device of a kind of forwarding-table item
CN104993993B (en) A kind of message processing method, equipment and system
CN106878138A (en) A kind of message transmitting method and device
CN106878184A (en) A kind of data message transmission method and device
WO2019085975A1 (en) Network topology display method and network management device
CN109150684A (en) Message processing method, device, communication equipment and computer readable storage medium
CN109067784A (en) The method and apparatus of anti-fraud in a kind of VXLAN
CN109635581A (en) A kind of data processing method, equipment, system and storage medium
CN108600109A (en) A kind of message forwarding method and device
CN106506515A (en) A kind of authentication method and device
CN106878072A (en) A kind of message transmitting method and device
US9332017B2 (en) Monitoring remote access to an enterprise network
CN105592169B (en) Terminal identification method and device
CN116056126A (en) Simulation test method, simulation test device, computer equipment and computer readable storage medium
CN105763411B (en) Method and device for establishing multicast tunnel
CN111654559B (en) Container data transmission method and device
CN105472054B (en) A kind of file transmitting method and access device
CN109379269A (en) Virtual swap device data forwarding method, device and computer equipment
CN110581792B (en) Message transmission method and device
CN104219160A (en) Method and device for generating input parameter

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant