CN106878288A - A kind of message forwarding method and device - Google Patents

A kind of message forwarding method and device Download PDF

Info

Publication number
CN106878288A
CN106878288A CN201710042734.XA CN201710042734A CN106878288A CN 106878288 A CN106878288 A CN 106878288A CN 201710042734 A CN201710042734 A CN 201710042734A CN 106878288 A CN106878288 A CN 106878288A
Authority
CN
China
Prior art keywords
forwarding
table item
target
preset mark
item
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710042734.XA
Other languages
Chinese (zh)
Other versions
CN106878288B (en
Inventor
黄李伟
王伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201710042734.XA priority Critical patent/CN106878288B/en
Publication of CN106878288A publication Critical patent/CN106878288A/en
Application granted granted Critical
Publication of CN106878288B publication Critical patent/CN106878288B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The application provides a kind of forwarding-table item update method and device, and methods described includes:When the target forwarding-table item of distal end VTEP equipment synchronizations is received, according to the local forwarding-table item for preserving of target forwarding-table item inquiry;If locally there is the forwarding-table item matched with the target forwarding-table item, and the target forwarding-table item is not provided with preset mark, and the forwarding-table item matched with the target forwarding-table item for locally preserving is provided with the preset mark, then refuse to carry out forwarding-table item renewal according to the target forwarding-table item.The forwarding-table item caused due to ARP attacks etc. can be avoided to switch repeatedly using the embodiment of the present application, it is ensured that corresponding service normally runs.

Description

A kind of message forwarding method and device
Technical field
The application is related to network communication technology field, more particularly to a kind of message forwarding method and device.
Background technology
VXLAN (Virtual Extensible Local Area Network, expansible Virtual Local Area Network) is to be based on IP (Internet Protocol, Internet protocol) network, using " MAC (Media Access Control, media interviews control System) in UDP (User Datagram Protocol, UDP) " packing forms two-layer VPN (Virtual Private Network, Virtual Private Network) technology.VXLAN can be based on existing service provider or enterprise IP network, be Scattered physical site provides two layers of interconnection, and can provide business isolation for different tenants.
EVPN (Ethernet Virtual Private Network, Ethernet VPN) is a kind of two layers VPN technologies, control plane uses MP-BGP (Multiprotocol Border Gateway Protocol, multiprotocol-border net Close agreement) EVPN routing iinformations are noticed, datum plane is E-Packeted using VXLAN packaged types.
The content of the invention
The application provides a kind of forwarding-table item update method and device, to solve to be caused by ARP attacks etc. in the prior art Forwarding-table item switch repeatedly, and then cause the problem that business cannot normally run.
According to the first aspect of the embodiment of the present application, there is provided a kind of forwarding-table item update method, Ethernet is applied to virtual The expansible LAN endpoint of a tunnel VTEP equipment of destination virtual in private network EVPN networkings, methods described includes:
It is local according to target forwarding-table item inquiry when the target forwarding-table item of distal end VTEP equipment synchronizations is received The forwarding-table item of preservation;
If locally there is the forwarding-table item that is matched with the target forwarding-table item, and the target forwarding-table item be not provided with it is pre- Bidding note, and the forwarding-table item matched with the target forwarding-table item for locally preserving is provided with the preset mark, then refuse Forwarding-table item renewal is carried out according to the target forwarding-table item;Wherein, be provided with the preset mark forwarding-table item it is preferential Priority of the level higher than the forwarding-table item for being not provided with the preset mark.
According to the second aspect of the embodiment of the present application, there is provided a kind of forwarding-table item updating device, Ethernet is applied to virtual The expansible LAN endpoint of a tunnel VTEP equipment of destination virtual in private network EVPN networkings, it is characterised in that described device bag Include:
Receiving unit, the target forwarding-table item synchronous for receiving distal end VTEP equipment;
Query unit, during for the target forwarding-table item that distal end VTEP equipment synchronizations are received when the receiving unit, root According to the local forwarding-table item for preserving of target forwarding-table item inquiry;
Updating block, if for locally there is the forwarding-table item matched with the target forwarding-table item, and the target turns Forwarding list item is not provided with preset mark, and the forwarding-table item matched with the target forwarding-table item for locally preserving be provided with it is described pre- Bidding note, then refuse to carry out forwarding-table item renewal according to the target forwarding-table item;Wherein, it is provided with turning for the preset mark The priority of forwarding list item is higher than the priority of the forwarding-table item for being not provided with the preset mark.
Using the embodiment of the present application, when the target forwarding-table item of distal end VTEP equipment synchronizations is received, according to the target The local forwarding-table item for preserving of forwarding-table item inquiry;If locally there is the forwarding-table item matched with the target forwarding-table item, and should Target forwarding-table item is not provided with preset mark, and the forwarding-table item matched with the target forwarding-table item for locally preserving is provided with this Preset mark, then refuse to carry out forwarding-table item renewal according to the target forwarding-table item, so as to avoid because ARP attacks etc. are caused Forwarding-table item switch repeatedly, it is ensured that corresponding service normally runs.
Brief description of the drawings
Fig. 1 is a kind of configuration diagram of EVPN networkings;
Fig. 2 is a kind of schematic flow sheet of forwarding-table item update method that the embodiment of the present application is provided;
Fig. 3 is a kind of structural representation of forwarding-table item updating device that the embodiment of the present application is provided;
Fig. 4 is the structural representation of another forwarding-table item updating device that the embodiment of the present application is provided;
Fig. 5 is the structural representation of another forwarding-table item updating device that the embodiment of the present application is provided.
Specific embodiment
In order that those skilled in the art more fully understand the technical scheme in the embodiment of the present application, and make the application reality Applying the above-mentioned purpose of example, feature and advantage can be more obvious understandable, below in conjunction with the accompanying drawings to technical side in the embodiment of the present application Case is described in further detail.
Current EVPN networks carry out the synchronization of forwarding-table item, including MAC (Media Access by bgp protocol Control, media access control) and ARP (Address Resolution Protocol, address resolution protocol) list item, so that The message that can avoid flooding in IP (Internet Protocol, Internet protocol) core network is too many.
By taking EVPN networkings shown in Fig. 1 as an example, when VM (Virtual Machine, virtual machine) 1 is in VTEP (VXLAN Tunneling End Point, VXLAN endpoint of a tunnel) reach the standard grade at 1 after, VTEP1 can be by the ARP of VM1 and MAC address entries It is synchronized to VTEP2;Similarly, after VM2 reaches the standard grade at the VTEP2, can be synchronized to for the ARP of VM2 and MAC address entries by VTEP2 VTEP1, and then, when VM2 and VM1 need communication, corresponding forwarding-table item can be directly inquired on VTEP2 and VTEP1, Without to public network side flooded broadcast message.
In the EVPN networkings shown in Fig. 1, when VM1 is moved to below VTEP3 from VTEP1, VTPE3 can be same to VTEP2 The ARP and MAC address entries of VM1 are walked, when VTEP2 receives the ARP and MAC address entries of VTEP3 synchronous VM1, can be by this The next-hop of the forwarding-table item of the corresponding VM1 in ground is switched to VXLAN tunnels 3 from VXLAN tunnels 1, completes the migration of VM1.
But, may there is the attack of the types such as ARP in existing EVPN networkings, cause forwarding-table item ground in EVPN networkings anti- Multiple switching, the business of may result in cannot be run.
Fig. 2 is referred to, is a kind of schematic flow sheet of forwarding-table item update method that the embodiment of the present application is provided, wherein, The forwarding-table item update method can apply to the target VTEP equipment in EVPN networkings, as shown in Fig. 2 the forwarding-table item updates Method may comprise steps of:
Step 201, when the synchronous target forwarding-table item of distal end VTEP equipment is received, looked into according to the target forwarding-table item Ask the local forwarding-table item for preserving.
In the embodiment of the present application, target VTEP equipment is simultaneously not specific to the VTEP equipment of a certain fixation, but may refer to Any VTEP equipment in EVPN networkings, the embodiment of the present application is subsequently no longer repeated.
In the embodiment of the present application, when the local VM of target VTEP equipment (virtual Machine, virtual machine) is reached the standard grade, mesh Mark VTEP equipment needs to be locally generated the forwarding-table item (including ARP and MAC address entries etc.) of the VM, and by the forward table Item is synchronized to distal end VTEP equipment.Similarly, target VTEP equipment can also receive the synchronous forwarding-table item of distal end VTEP equipment.
In the embodiment of the present application, when target VTEP equipment receives the synchronous forwarding-table item of distal end VTEP equipment (herein Referred to as target forwarding-table item) when, target VTEP equipment can according to the local forwarding-table item for preserving of target forwarding-table item inquiry, To determine that local whether there is has the forwarding-table item matched with the target forwarding-table item.
Wherein, in the embodiment of the present application, forwarding-table item matching can include that MAC Address is identical, i.e., ought locally preserve Exist in forwarding-table item with target forwarding-table item during MAC Address identical forwarding-table item, it is determined that locally existing and the target turns The forwarding-table item of forwarding list item matching.
If step 202, locally there is the forwarding-table item that is matched with target forwarding-table item, and target forwarding-table item be not provided with it is pre- Bidding note, and the forwarding-table item matched with target forwarding-table item for locally preserving is provided with the preset mark, then refusal basis should Target forwarding-table item carries out forwarding-table item renewal.
In the embodiment of the present application, in order to avoid ARP attacks etc. cause the frequent switching of VTEP device forwards list items, for spy Determine the corresponding forwarding-table item of business (being properly termed as key business herein), can be its setting preset mark, wherein, it is provided with The priority of the forwarding-table item of the preset mark is higher than the priority of the forwarding-table item for being not provided with the preset mark, is not provided with The forwarding-table item of the preset mark cannot trigger the renewal of the forwarding-table item for being provided with the preset mark.
For the ease of describing and understanding, below with the preset mark as static tay, the forwarding of the preset mark is provided with List item is static entry, is not provided with the forwarding-table item of the preset mark to be illustrated as a example by non-static list item.
Correspondingly, in the embodiment of the present application, turn when target VTEP equipment receives the synchronous target of distal end VTEP equipment Forwarding list item, and when determining locally to there is the forwarding-table item matched with the target forwarding-table item, target VTEP equipment needs further Judge whether the synchronous target forwarding-table item of distal end VTEP equipment is static entry, and local preserving forwarded with the target Whether the forwarding-table item of list item matching is static entry.
It is when target VTEP equipment determines target forwarding-table item for non-static list item and local preserving with the target forward table When the forwarding-table item of item matching is static entry, target VTEP equipment can be refused to carry out forward table according to the target forwarding-table item Item updates.
Further, in the embodiment of the present application, when target VTEP equipment determines target forwarding-table item for non-static list item, And the local forwarding-table item matched with the target forwarding-table item for preserving also is non-static list item, i.e. target forwarding-table item and sheet When the forwarding-table item matched with the target forwarding-table item that ground is preserved is non-static list item, target VTEP equipment can be according to this Target forwarding-table item carries out forwarding-table item renewal, for example, by the local forwarding-table item matched with target forwarding-table item for preserving Next-hop be updated to receive the VXLAN tunnels of the target forwarding-table item.
It is when target VTEP equipment determines target forwarding-table item for static entry and local preserving with the target forwarding-table item The forwarding-table item of matching also for static entry, i.e. target forwarding-table item and it is local preserve matched with the target forwarding-table item When forwarding-table item is static entry, target VTEP equipment can carry out forwarding-table item renewal according to the target forwarding-table item.
It is when target VTEP equipment determines target forwarding-table item for static entry and local preserving with the target forwarding-table item When the forwarding-table item of matching is non-static list item, target VTEP equipment can carry out forwarding-table item more according to the target forwarding-table item Newly.Wherein, in this case, target VTEP equipment is except needing to update the local forwarding matched with target forwarding-table item for preserving Outside the next-hop of list item, local forwarding-table item for preserving can also be set to static entry.
Further, in the embodiment of the present application, when in target VTEP equipment in the absence of matching with target forwarding-table item Forwarding-table item, and the target forwarding-table item be static entry when, target VTEP equipment can locally protect target forwarding-table item Save as static entry.
In the embodiment of the present application, when target VTEP equipment receives the synchronous target forwarding-table item of distal end VTEP equipment, And when not inquiring the forwarding-table item matched with the target forwarding-table item in the local forwarding-table item for preserving, target VTEP equipment Can determine whether whether the forwarding-table item is static entry, if the forwarding-table item is static entry, target VTEP equipment The forwarding-table item locally can saved as static entry.
What deserves to be explained is, in the embodiment of the present application, if target VTEP equipment in the local forwarding-table item for preserving not When inquiring the forwarding-table item matched with target forwarding-table item, and the forwarding-table item for non-static performance, target VTEP equipment can Processed with according to the processing mode in existing related procedure, the embodiment of the present application is not repeated this.
In the embodiment of the present application, key business can be by user (such as keeper) manual configuration, it is also possible to according to Business Stream The forwarding demand of amount determines.
For example, so that key business is by user's manual configuration as an example, it is assumed that user configures key business on VTEP1 IP address is IP1, and MAC Address is MAC1, then when VTEP1 detects IP address for IP1, MAC Address for the VM of MAC1 reach the standard grade when, The forwarding-table item of the VM of local generation can be set to static entry, and be synchronized to distal end VTEP equipment.
Again for example, by key business according to the forwarding demand of service traffics come as a example by determining, it is assumed that certain business refer to Service traffics forwarding demand exceedes predetermined threshold value in section of fixing time, then VTEP equipment can be within the specified time period by the business Key business is set to, correspondingly, the corresponding forwarding-table item of the key business could be arranged to static entry.
In the embodiment of the present application, can also comprise the following steps:
11), when detecting virtual machine and reaching the standard grade, it is locally generated the corresponding forwarding-table item of the virtual machine;
12), when the virtual machine meets pre-conditioned, for the forwarding-table item sets the preset mark, and this is set The forwarding-table item for having the preset mark is synchronized to distal end VTEP equipment.
Specifically, in the embodiment of the present application, when target VTEP equipment is detected when VM reaches the standard grade, it is necessary to be locally generated this The corresponding forwarding-table items of VM.
Target VTEP equipment is generated after the corresponding forwarding-table items of the VM, it is necessary to judge whether the VM meets pre-conditioned, For example, whether the IP address and MAC Address of the VM belong to the IP address and MAC Address of the key business being pre-configured with, or, should VM whether belong to be pre-configured with the need for carry out the VM of preventing ARP aggression protection (can be true according to the IP address of VM and MAC Address It is fixed), if target VTEP equipment determines that the VM meets pre-conditioned, for example, the IP address and MAC Address of the VM belong to being pre-configured with Key business IP address and MAC Address, or, the VM belong to be pre-configured with the need for carry out the VM of preventing ARP aggression protection Can determine that (as the forwarding-table item sets above-mentioned pre- bidding for static entry for the forwarding-table item of the VM Deng, target VTEP equipment Note), and the static entry (being provided with the forwarding-table item of preset mark) is synchronized to distal end VTEP equipment, to indicate distal end The forwarding-table item of the VTEP equipment VM is static entry.
Wherein, when VTEP equipment in distal end receives the forwarding-table item of the target VTEP equipment synchronous VM, can be by this turn It is static entry that forwarding list item is issued.
What deserves to be explained is, in this embodiment, when target VTEP equipment determines that the corresponding forwarding-table items of the VM are non-quiet During state forwarding-table item, target VTEP equipment can be processed according to the related procedure in existing scheme, and the embodiment of the present application exists This is not repeated.
Further, in the embodiment of the present application, for target VTEP equipment locally preserve any static entry, when In preset duration during flow corresponding in the absence of the static entry, the static entry is converted into non-static list item, that is, deleting should The corresponding preset mark of forwarding-table item.
Specifically, in the embodiment of the present application, for static entry, can preset corresponding ageing time (or Referred to as hardening time), for any static entry, target VTEP equipment can be monitored within the ageing time of the static entry With the presence or absence of corresponding flow, if in the presence of resetting the ageing time of the static entry;If corresponding aging in the static entry Do not exist the corresponding flow of the static entry in time, then the static entry can be converted to non-static table by target VTEP equipment .
It can be seen that, in the method flow shown in Fig. 2, static table is set to by by the corresponding forwarding-table item of specific transactions , and non-static list item cannot trigger static entry such that it is able to avoid ARP attacks etc. from causing the corresponding forward table of specific transactions The switching repeatedly of item, it is ensured that the normal operation of specific transactions.
In order that those skilled in the art more fully understand the technical scheme that the embodiment of the present application is provided, with reference to specific Application scenarios are described to the technical scheme that the embodiment of the present application is provided.
By taking EVPN networkings shown in Fig. 1 as an example, it is assumed that the IP address of VM1 is 10.1.1.2, and MAC Address is 1-1-1, VTEP1 The IP address of upper configuration key business is 10.1.1.2, and MAC Address is 1-1-1.
Based on the application scenarios, the forwarding-table item update scheme that the embodiment of the present application is provided is realized as follows:
1st, when VM1 reaches the standard grade, VTEP1 is locally generated the forwarding-table item of VM1, and next-hop points to VM1.
2nd, VTEP1 determines the corresponding forwarding-table items of VM1 according to the IP address and MAC Address of the key business being locally configured It is static entry, so that, the corresponding ARPs of VM1 and MAC address entries of local generation are set to static entry by VTEP1, and are led to Cross the classes of EVPN 2 route and the ARP and MAC address entries are synchronized to VTEP2, wherein, carried in the classes of EVPN 2 route and be directed to The static tay of the ARP and MAC address entries, it is static entry that the static tay is used to identify the ARP and MAC address entries;
Additionally, can also carry static entry corresponding hardening time in the classes of EVPN 2 route, the hardening time can be with Set according to the actual requirements, in this embodiment as a example by 600 seconds.
3rd, when VTEP2 receives the synchronization message of VTEP1 transmissions, discovery wherein carries static tay, therefore, VTEP2 It is static entry that the corresponding forwarding-table items of VM1 can be issued, and the next-hop of the forwarding-table item is VXLAN tunnels 1, while setting up The static tay form of VM1 corresponding ARP and MAC, and hardening time is parsed from message, issue static mark as follows Note form:
Business IP Business MAC Static tay Hardening time
10.1.1.2 1-1-1 1 600S
Wherein, static tay for 1 show corresponding forwarding-table item be static entry.
4th, when VTEP2 receives other distal ends VTEP equipment, ARP and MAC address entries that such as VTEP3 synchronously comes, and The local forwarding-table item that there is matching, if the VTEP3 synchronous ARP and MAC address entries are non-static list item, and on VTEP2 Corresponding forwarding-table item is static entry, then VTEP2 directly ignores the synchronization message.
If the corresponding forwarding-table items of VTEP2 are non-static list item, or the synchronous ARPs of VTEP3 and MAC address entries are quiet State list item, then VTEP2 implementations VM migrations, VXLAN tunnels 3 are switched to by the next-hop of the corresponding forwarding-table items of VM1.
5th, when VTEP2 is within static entry corresponding hardening time, do not receive always be sent to 10.1.1.2 1-1-1 Service traffics, then VTEP2 the corresponding forwarding-table items of 10.1.1.2/1-1-1 can be converted to non-static list item.
By above description as can be seen that in the technical scheme that the embodiment of the present application is provided, when receiving distal end VTEP During the target forwarding-table item of equipment synchronization, according to the local forwarding-table item for preserving of target forwarding-table item inquiry;If locally existing The forwarding-table item matched with the target forwarding-table item, and the target forwarding-table item is not provided with preset mark, and locally preserve with The forwarding-table item of target forwarding-table item matching is provided with the preset mark, then refuse to be forwarded according to the target forwarding-table item Entry updating, so as to avoid because the forwarding-table item that ARP attacks etc. are caused switches repeatedly, it is ensured that corresponding service normally runs.
Fig. 3 is referred to, is a kind of structural representation of forwarding-table item updating device that the embodiment of the present application is provided, wherein, The forwarding-table item updating device can apply to the target VTEP equipment in above method embodiment, as shown in figure 3, the forwarding Entry updating device can include:
Receiving unit 310, the target forwarding-table item synchronous for receiving distal end VTEP equipment;
Query unit 320, for receiving the synchronous target forwarding-table item of distal end VTEP equipment when the receiving unit 310 When, according to the local forwarding-table item for preserving of target forwarding-table item inquiry;
Updating block 330, if for locally there is the forwarding-table item matched with the target forwarding-table item, and the target Forwarding-table item is not provided with preset mark, and the forwarding-table item matched with the target forwarding-table item for locally preserving be provided with it is described Preset mark, then refuse to carry out forwarding-table item renewal according to the target forwarding-table item;Wherein, it is provided with the preset mark The priority of forwarding-table item is higher than the priority of the forwarding-table item for being not provided with the preset mark.
In an alternative embodiment, the updating block 330, if be additionally operable to locally exist being matched with the target forwarding-table item Forwarding-table item, and the target forwarding-table item and it is local preserve it is equal with the forwarding-table item that the target forwarding-table item is matched Be provided with the preset mark, or, the target forwarding-table item and it is local preserve matched with the target forwarding-table item Forwarding-table item be not provided with the preset mark, or, the target forwarding-table item is provided with the preset mark, but locally The forwarding-table item matched with the target forwarding-table item for preserving is not provided with the preset mark, then according to the target forward table Item carries out forwarding-table item renewal.
It is the structural representation of another forwarding-table item updating device that the embodiment of the present application is provided please also refer to Fig. 4, As shown in figure 4, on the basis of forwarding-table item updating device shown in Fig. 3, the forwarding-table item updating device shown in Fig. 4 also includes:
Storage unit 340, if for local in the absence of the forwarding-table item matched with the target forwarding-table item, and the mesh Mark forwarding-table item is when being provided with the preset mark, by the target forwarding-table item locally preserving, and sets the pre- bidding Note.
It is the structural representation of another forwarding-table item updating device that the embodiment of the present application is provided please also refer to Fig. 5, As shown in figure 5, on the basis of forwarding-table item updating device shown in Fig. 3, the forwarding-table item updating device shown in Fig. 5 also includes:
Generation unit 350, for when detecting virtual machine and reaching the standard grade, being locally generated the corresponding forward table of the virtual machine ;
Setting unit 360, for when the virtual machine meets pre-conditioned, for the forwarding-table item sets the pre- bidding Note;
Transmitting element 370, the forwarding-table item for this to be provided with the preset mark is synchronized to distal end VTEP equipment.
In an alternative embodiment, the updating block 330, is additionally operable to that any of local preservation is provided with described presetting The forwarding-table item of mark, when the flow corresponding in the absence of the forwarding-table item in preset duration, deletes forwarding-table item correspondence The preset mark.
The function of unit and the implementation process of effect correspond to step in specifically referring to the above method in said apparatus Implementation process, will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is referring to method reality Apply the part explanation of example.Device embodiment described above is only schematical, wherein described as separating component The unit of explanation can be or may not be physically separate, and the part shown as unit can be or can also It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality Selection some or all of module therein is needed to realize the purpose of application scheme.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and implement.
As seen from the above-described embodiment, when the target forwarding-table item of distal end VTEP equipment synchronizations is received, according to the target The local forwarding-table item for preserving of forwarding-table item inquiry;If locally there is the forwarding-table item matched with the target forwarding-table item, and should Target forwarding-table item is not provided with preset mark, and the forwarding-table item matched with the target forwarding-table item for locally preserving is provided with this Preset mark, then refuse to carry out forwarding-table item renewal according to the target forwarding-table item, so as to avoid because ARP attacks etc. are caused Forwarding-table item switch repeatedly, it is ensured that corresponding service normally runs.
Those skilled in the art will readily occur to its of the application after considering specification and putting into practice application disclosed herein Its embodiment.The application is intended to any modification, purposes or the adaptations of the application, these modifications, purposes or Person's adaptations follow the general principle of the application and including the undocumented common knowledge in the art of the application Or conventional techniques.Description and embodiments are considered only as exemplary, and the true scope of the application and spirit are by following Claim is pointed out.
It should be appreciated that the application is not limited to the precision architecture for being described above and being shown in the drawings, and And can without departing from the scope carry out various modifications and changes.Scope of the present application is only limited by appended claim.

Claims (10)

1. a kind of forwarding-table item update method, is applied to the expansible office of destination virtual in Ethernet Virtual Private Network EVPN networkings Domain net endpoint of a tunnel VTEP equipment, it is characterised in that methods described includes:
When the target forwarding-table item of distal end VTEP equipment synchronizations is received, according to the local preservation of target forwarding-table item inquiry Forwarding-table item;
If locally there is the forwarding-table item matched with the target forwarding-table item, and the target forwarding-table item is not provided with pre- bidding Note, and the forwarding-table item matched with the target forwarding-table item for locally preserving is provided with the preset mark, then refuse basis The target forwarding-table item carries out forwarding-table item renewal;Wherein, the priority for being provided with the forwarding-table item of the preset mark is high In the priority of the forwarding-table item for being not provided with the preset mark.
2. method according to claim 1, it is characterised in that methods described also includes:
If locally there is the forwarding-table item matched with the target forwarding-table item, and the target forwarding-table item and local preservation The forwarding-table item matched with the target forwarding-table item be provided with the preset mark, or, the target forwarding-table item And the local forwarding-table item matched with the target forwarding-table item for preserving is not provided with the preset mark, or, it is described Target forwarding-table item is provided with the preset mark, but the local forwarding-table item matched with the target forwarding-table item for preserving is not The preset mark is set, then forwarding-table item renewal is carried out according to the target forwarding-table item.
3. method according to claim 1, it is characterised in that methods described also includes:
If it is local in the absence of forwarding-table item match with the target forwarding-table item, and described in the target forwarding-table item is provided with During preset mark, by the target forwarding-table item locally preserving, and the preset mark is set.
4. method according to claim 1, it is characterised in that methods described also includes:
When detecting virtual machine and reaching the standard grade, the corresponding forwarding-table item of the virtual machine is locally generated;
Be that the forwarding-table item sets the preset mark when the virtual machine meets pre-conditioned, and by this be provided with it is described pre- The forwarding-table item for being marked with note is synchronized to distal end VTEP equipment.
5. method according to claim 1, it is characterised in that methods described also includes:
For the local any forwarding-table item for being provided with the preset mark for preserving, when in preset duration in the absence of the forwarding During the corresponding flow of list item, the corresponding preset mark of the forwarding-table item is deleted.
6. a kind of forwarding-table item updating device, is applied to the expansible office of destination virtual in Ethernet Virtual Private Network EVPN networkings Domain net endpoint of a tunnel VTEP equipment, it is characterised in that described device includes:
Receiving unit, the target forwarding-table item synchronous for receiving distal end VTEP equipment;
Query unit, for when the receiving unit receives the synchronous target forwarding-table item of distal end VTEP equipment, according to institute State the local forwarding-table item for preserving of target forwarding-table item inquiry;
Updating block, if for locally there is the forwarding-table item matched with the target forwarding-table item, and the target forward table Item is not provided with preset mark, and the forwarding-table item matched with the target forwarding-table item for locally preserving is provided with the pre- bidding Note, then refuse to carry out forwarding-table item renewal according to the target forwarding-table item;Wherein, it is provided with the forward table of the preset mark The priority of item is higher than the priority of the forwarding-table item for being not provided with the preset mark.
7. device according to claim 6, it is characterised in that
The updating block, if it is additionally operable to locally exist the forwarding-table item matched with the target forwarding-table item, and the target Forwarding-table item and the local forwarding-table item matched with the target forwarding-table item for preserving are provided with the preset mark, or Person, the target forwarding-table item and the local forwarding-table item matched with the target forwarding-table item for preserving are not provided with described Preset mark, or, the target forwarding-table item is provided with the preset mark, but local preserving with the target forward table The forwarding-table item of item matching is not provided with the preset mark, then carry out forwarding-table item renewal according to the target forwarding-table item.
8. device according to claim 6, it is characterised in that described device also includes:
Storage unit, if being forwarded in the absence of the forwarding-table item matched with the target forwarding-table item, and the target for local When list item is provided with the preset mark, by the target forwarding-table item locally preserving, and the preset mark is set.
9. device according to claim 6, it is characterised in that described device also includes:
Generation unit, for when detecting virtual machine and reaching the standard grade, being locally generated the corresponding forwarding-table item of the virtual machine;
Setting unit, for when the virtual machine meets pre-conditioned, for the forwarding-table item sets the preset mark;
Transmitting element, the forwarding-table item for this to be provided with the preset mark is synchronized to distal end VTEP equipment.
10. device according to claim 6, it is characterised in that
The updating block, is additionally operable to for the local any forwarding-table item for being provided with the preset mark for preserving, when pre- If deleting the corresponding preset mark of the forwarding-table item during flow corresponding in the absence of the forwarding-table item in duration.
CN201710042734.XA 2017-01-20 2017-01-20 message forwarding method and device Active CN106878288B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710042734.XA CN106878288B (en) 2017-01-20 2017-01-20 message forwarding method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710042734.XA CN106878288B (en) 2017-01-20 2017-01-20 message forwarding method and device

Publications (2)

Publication Number Publication Date
CN106878288A true CN106878288A (en) 2017-06-20
CN106878288B CN106878288B (en) 2019-12-06

Family

ID=59158528

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710042734.XA Active CN106878288B (en) 2017-01-20 2017-01-20 message forwarding method and device

Country Status (1)

Country Link
CN (1) CN106878288B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107733793A (en) * 2017-11-28 2018-02-23 新华三技术有限公司 A kind of forwarding-table item maintaining method and device
CN108418740A (en) * 2018-02-28 2018-08-17 新华三技术有限公司 Message processing method and device
CN108512949A (en) * 2018-03-23 2018-09-07 烽火通信科技股份有限公司 A kind of MAC Address synchronous method and system
CN108881024A (en) * 2018-05-31 2018-11-23 新华三技术有限公司 A kind of flux of multicast retransmission method and device
CN109412925A (en) * 2018-09-30 2019-03-01 锐捷网络股份有限公司 Forwarding-table item update method and VTEP based on VTEP
CN109547317A (en) * 2018-12-29 2019-03-29 新华三技术有限公司 Connect the method for building up and device in tunnel
CN109617817A (en) * 2019-01-22 2019-04-12 新华三技术有限公司 A kind of generation method and device of the forwarding-table item of MLAG networking
CN114374637A (en) * 2021-12-23 2022-04-19 新华三技术有限公司合肥分公司 Route processing method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1581818A (en) * 2003-07-31 2005-02-16 华为技术有限公司 Method for supporting multi-port virtual LAN by multi-protocol label swtich
CN101175080A (en) * 2007-07-26 2008-05-07 杭州华三通信技术有限公司 Method and system for preventing ARP message attack
CN105763440A (en) * 2016-01-29 2016-07-13 杭州华三通信技术有限公司 Message forwarding method and device
CN105791457A (en) * 2016-02-26 2016-07-20 杭州华三通信技术有限公司 Data processing method and apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1581818A (en) * 2003-07-31 2005-02-16 华为技术有限公司 Method for supporting multi-port virtual LAN by multi-protocol label swtich
CN101175080A (en) * 2007-07-26 2008-05-07 杭州华三通信技术有限公司 Method and system for preventing ARP message attack
CN105763440A (en) * 2016-01-29 2016-07-13 杭州华三通信技术有限公司 Message forwarding method and device
CN105791457A (en) * 2016-02-26 2016-07-20 杭州华三通信技术有限公司 Data processing method and apparatus

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107733793A (en) * 2017-11-28 2018-02-23 新华三技术有限公司 A kind of forwarding-table item maintaining method and device
CN107733793B (en) * 2017-11-28 2020-03-06 新华三技术有限公司 Forwarding table item maintenance method and device
CN108418740A (en) * 2018-02-28 2018-08-17 新华三技术有限公司 Message processing method and device
CN108418740B (en) * 2018-02-28 2020-09-08 新华三技术有限公司 Message processing method and device
CN108512949A (en) * 2018-03-23 2018-09-07 烽火通信科技股份有限公司 A kind of MAC Address synchronous method and system
CN108881024A (en) * 2018-05-31 2018-11-23 新华三技术有限公司 A kind of flux of multicast retransmission method and device
CN108881024B (en) * 2018-05-31 2021-03-23 新华三技术有限公司 Multicast traffic forwarding method and device
CN109412925A (en) * 2018-09-30 2019-03-01 锐捷网络股份有限公司 Forwarding-table item update method and VTEP based on VTEP
CN109412925B (en) * 2018-09-30 2021-06-18 锐捷网络股份有限公司 Forwarding table item updating method based on VTEP and VTEP
CN109547317B (en) * 2018-12-29 2020-12-08 新华三技术有限公司 Method and device for establishing connection tunnel
CN109547317A (en) * 2018-12-29 2019-03-29 新华三技术有限公司 Connect the method for building up and device in tunnel
CN109617817A (en) * 2019-01-22 2019-04-12 新华三技术有限公司 A kind of generation method and device of the forwarding-table item of MLAG networking
CN109617817B (en) * 2019-01-22 2021-06-04 新华三技术有限公司 Method and device for generating forwarding table entry of MLAG networking
CN114374637A (en) * 2021-12-23 2022-04-19 新华三技术有限公司合肥分公司 Route processing method and device
CN114374637B (en) * 2021-12-23 2023-12-26 新华三技术有限公司合肥分公司 Routing processing method and device

Also Published As

Publication number Publication date
CN106878288B (en) 2019-12-06

Similar Documents

Publication Publication Date Title
CN106878288A (en) A kind of message forwarding method and device
US10666561B2 (en) Virtual machine migration
US10757006B1 (en) Enhanced traffic flow in software-defined networking controller-based architecture
CN105471744B (en) A kind of virtual machine migration method and device
EP2974234B1 (en) Generating a host route
US8750288B2 (en) Physical path determination for virtual network packet flows
US10237377B2 (en) Packet rewriting apparatus, control apparatus, communication system, packet transmission method and program
US10263808B2 (en) Deployment of virtual extensible local area network
CN103905251B (en) Network topology obtaining method and device
CN104871495A (en) Overlay virtual gateway for overlay networks
CN108429680B (en) Route configuration method, system, medium and equipment based on virtual private cloud
CN104115453A (en) Method and device for achieving virtual machine communication
CN106209553A (en) Message processing method, equipment and system
CN106453025A (en) Tunnel creating method and device
CN106572021B (en) Method for realizing network virtualization superposition and network virtualization edge node
EP4073986A1 (en) Efficient arp bindings distribution in vpn networks
CN105591907B (en) A kind of route obtaining method and device
CN106209643A (en) Message forwarding method and device
EP2874356B1 (en) Method for controlling generation of routing information, method for generating routing information and apparatuses thereof
EP3420687B1 (en) Addressing for customer premises lan expansion
US20150229523A1 (en) Virtual extensible local area network (vxlan) system of automatically configuring multicasting tunnel for segment of virtual extensible local area network according to life cycle of end system and operating method thereof
CN107770294A (en) The processing method and processing device of IP address conflicts in EVPN
EP3292663B1 (en) Packet forwarding
CN106911549A (en) A kind of data message processing method and device
US20150256445A1 (en) Avoiding gratuitous address resolution protocol and unsolicited neighborhood discovery during host mobility events

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant