CN107018072B - data frame sending method and access equipment - Google Patents
data frame sending method and access equipment Download PDFInfo
- Publication number
- CN107018072B CN107018072B CN201610061708.7A CN201610061708A CN107018072B CN 107018072 B CN107018072 B CN 107018072B CN 201610061708 A CN201610061708 A CN 201610061708A CN 107018072 B CN107018072 B CN 107018072B
- Authority
- CN
- China
- Prior art keywords
- lag
- sub
- physical link
- indication message
- aggregation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/24—Multipath
- H04L45/245—Link aggregation, e.g. trunking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Abstract
a data frame sending method and an access device are applied to networking with an aggregation layer deployed with an M-LAG, a sub-LAG is defined on the access device, the sub-LAG only comprises a physical link between the access device and one aggregation device, and a firewall connected with the one aggregation device is in a working state. The south-north traffic reaching the access device is forwarded to the aggregation device only through the physical link contained in the sub LAG, so that the transmission path of the south-north traffic is optimized, the south-north traffic accessing an external network is ensured not to pass through peer-links among the aggregation devices, and the bandwidth pressure of the peer-links is also reduced.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a data frame sending method and an access device.
Background
an inter-device link aggregation group (M-LAG for short) is a mechanism for implementing inter-network device link aggregation, and performs inter-device link aggregation between one device and another two devices. The two devices forming the M-LAG are provided with independent control planes and management planes, can be upgraded independently and are convenient to maintain.
usually, the M-LAG is deployed in a convergence layer, and realizes network acyclic connection between a convergence device and an access device, thereby replacing a Spanning Tree Protocol (STP).
one deployment scenario for an M-LAG is shown in fig. 1: the aggregation devices DS1 and DS2 form an M-LAG system, which may include a plurality of M-LAGs (a first M-LAG and a second M-LAG are shown), wherein two links of the first M-LAG are connected to the access device AS1 and two links of the second M-LAG are connected to the access device AS 2. A direct link, called peer-link, exists between DS1 and DS2, and is used for negotiating message interaction and transmitting partial traffic.
In the networking shown in fig. 1, the north-south traffic between the internal and external networks usually needs to pass through a firewall to realize security protection, and the current deployment mode of the firewall is the active-standby mode, that is, only one of the firewalls 1 and 2 in fig. 1 is in a working state. Assuming that firewall 1 between DS1 and core device CS1 is in an operational state, the north-south traffic accessing the external network is forwarded from DS1 to firewall 1, and the north-south traffic accessing the internal network is forwarded from firewall 1 to DS 1. However, since the M-LAG is deployed between the DS1 and the DS2 of the convergence device, the AS1 regards the DS1 and the DS2 AS one device, when the AS1 sends the north-south traffic to the convergence device, a part of the north-south traffic is directly sent to the DS1 through the link 1 between the AS1 and the DS1, and another part of the north-south traffic is sent to the DS2 through the link 2 between the AS1 and the DS2, and then bypasses to the DS1 through the peer-link. If the traffic accessing the external network is large, the traffic of the peer-link may be overloaded, and the sending speed of the north-south traffic accessing the external network is affected.
Disclosure of Invention
The application provides a data frame sending method and access equipment, which are applied to a network group with an M-LAG deployed in a convergence layer and used for optimizing a transmission path of north-south traffic, ensuring that the north-south traffic does not pass through peer-links between convergence equipment, and avoiding the condition that the sending speed of the north-south traffic accessing an external network is influenced due to overload of bandwidth of the peer-link links.
a first aspect of the present invention provides a data frame sending method, including:
An access device receives a first indication message sent by a first aggregation device through a first physical link between the first aggregation device and the access device, wherein the first indication message is used for indicating a sub-LAG for adding the first physical link into an M-LAG, the sub-LAG only comprises one physical link between the aggregation device and the access device, the M-LAG is formed by the physical link between the first aggregation device and the access device and the physical link between a second aggregation device and the access device, a VRRP backup group is formed by the first aggregation device and the second aggregation device, a firewall connected with the first aggregation device is in a working state, and a firewall connected with the second aggregation device is in a backup state;
the access equipment adds the first physical link into a sub LAG according to the first indication message;
After the access equipment adds the first physical link into the sub LAG, establishing a corresponding relation between a virtual MAC address of the VRRP backup group and an interface of the sub LAG;
The access equipment receives a data frame;
If the destination MAC address of the data frame is consistent with the virtual MAC address, the access device forwards the data frame to an interface of the sub-LAG according to the correspondence, so as to send the data frame to the first aggregation device through a physical link included in the sub-LAG, so that the data frame does not pass through a peer-link between the first aggregation device and the second aggregation device.
Thus, by newly defining a sub-LAG on the access device, the sub-LAG only includes a physical link between the access device and one aggregation device, and a firewall connected to the aggregation device is in a working state, the north and south traffic reaching the access device can be forwarded to the aggregation device only through the physical link included in the sub-LAG, thereby achieving the purpose of controlling the transmission path of the north and south traffic.
in one possible design, the adding, by the access device, the first physical link to the sub-LAG according to the first indication message includes:
if the sub-LAG of the M-LAG exists on the access equipment, the access equipment adds the first physical link to the sub-LAG according to the first indication message;
And if the sub LAG of the M-LAG does not exist on the access equipment, the access equipment creates a new sub LAG for the M-LAG and adds the first physical link into the new sub LAG according to the first indication message.
In one possible design, establishing a correspondence between the virtual MAC address and the interface of the sub-LAG includes:
determining a Virtual Local Area Network (VLAN) of the north-south flow flowing through the access equipment;
Establishing a corresponding relation among interfaces of the virtual MAC address, the VLAN and a physical link contained in the sub-LAG on the access equipment;
if the destination MAC address of the data frame is consistent with the virtual MAC address, the access device forwards the data frame to the interface of the sub-LAG according to the correspondence, including:
and if the destination MAC address of the data frame is consistent with the virtual MAC address and the VLAN of the data frame is consistent with the VLAN of the north-south flow, the access equipment forwards the data frame to an interface of a physical link contained in the sub LAG on the access equipment according to the corresponding relation.
when different VLANs are adopted for the north-south flow and the east-west flow, the transmission path of the flow is further finely controlled based on the VLANs, and the north-south flow and the east-west flow are forwarded to different LAG interfaces, so that the north-south flow only passes through one gathering device; the east-west traffic is forwarded by both aggregation devices.
in one possible design, the method further includes:
The access device receives a second indication message sent by the first aggregation device through the first physical link, wherein the second indication message is used for indicating that the first physical link is deleted from the sub LAG; the second indication message is sent by the first aggregation device when detecting that the firewall connected with the first aggregation device is changed from the working state to the backup state;
the access device deleting the first physical link from the sub-LAG according to the second indication message;
the access device receives a third indication message sent by the second aggregation device through a second physical link between the second aggregation device and the access device, wherein the third indication message is used for indicating that the second physical link is added to the sub LAG; the third indication message is sent by the second aggregation device when detecting that the firewall connected with the second aggregation device is changed from the backup state to the working state;
And the access equipment adds the second physical link to the sub LAG according to the third indication message.
In one possible design, the first indication message is a first LACP message; the reserved field appointed in the first LACP message is a first set value, and the first LACP message is used for indicating that a physical link through which the first LACP message passes is added into the sub LAG;
The second indication message is a second LACP message, the reserved field appointed in the second LACP message is a second set value, and the second LACP message is used for indicating that the physical link through which the second LACP message passes is deleted from the sub-LAG;
The third indication message is a third LACP message; and the reserved field agreed in the third LACP message is a first set value, and the third LACP message is used for indicating that the physical link through which the third LACP message passes is added to the sub-LAG.
a second aspect of the present invention provides an access device, where the access device has a function of implementing the behavior of the access device in the above method. The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above-described functions.
In one possible design, the access device includes:
A receiving unit, configured to receive a first indication message sent by a first aggregation device through a first physical link between the first aggregation device and an access device, where the first indication message is used to indicate a sub-LAG that adds the first physical link to an M-LAG, the sub-LAG only includes one physical link between the aggregation device and the access device, a physical link between the first aggregation device and the access device and a physical link between a second aggregation device and the access device form the M-LAG, the first aggregation device and the second aggregation device form a VRRP backup group, a firewall connected to the first aggregation device is in a working state, and a firewall connected to the second aggregation device is in a backup state;
A processing unit, configured to add the first physical link to a sub-LAG according to the first indication message;
an establishing unit, configured to establish a correspondence between a virtual MAC address of the VRRP backup group and an interface of the sub LAG after the processing unit adds the first physical link to the sub LAG;
The receiving unit is further configured to receive a data frame;
And a sending unit, configured to forward the data frame to the interface of the sub-LAG according to the correspondence if the destination MAC address of the data frame is consistent with the virtual MAC address, so as to send the data frame to the first aggregation device through a physical link included in the sub-LAG.
In one possible design, the access device includes a transmitter, a receiver, and a processor, and the transmitter, the receiver, and the processor are connected to each other through a bus; wherein
the receiver is configured to receive a first indication message sent by a first aggregation device through a first physical link between the first aggregation device and the access device, where the first indication message is used to indicate that the first physical link is added to a sub-LAG of an M-LAG, the sub-LAG only includes one physical link between the aggregation device and the access device, a physical link between the first aggregation device and the access device and a physical link between a second aggregation device and the access device form the M-LAG, the first aggregation device and the second aggregation device form a VRRP backup group, a firewall connected to the first aggregation device is in a working state, and a firewall connected to the second aggregation device is in a backup state;
The processor is configured to add the first physical link to a sub-LAG according to the first indication message; after the first physical link is added into the sub LAG, establishing a corresponding relation between a virtual MAC address of the VRRP backup group and an interface of the sub LAG;
The receiver is further configured to receive a data frame;
And the sender, if the destination MAC address of the data frame is consistent with the virtual MAC address, is configured to forward the data frame to the interface of the sub-LAG according to the correspondence, so as to send the data frame to the first aggregation device through a physical link included in the sub-LAG.
By using the scheme provided by the application, a sub-LAG is defined on the access device, the sub-LAG only comprises a physical link between the access device and one aggregation device, a firewall connected with the aggregation device is in a working state, and the north-south traffic reaching the access device is forwarded to the aggregation device only through the physical link contained in the sub-LAG, so that a transmission path of the north-south traffic is optimized, the north-south traffic accessing an external network is ensured not to pass through peer-link between the aggregation devices, and the bandwidth pressure of the peer-link is also reduced.
Drawings
FIG. 1 is a schematic diagram of a deployment scenario of an M-LAG according to the prior art;
fig. 2 is a schematic diagram of a network applied to a data frame sending method provided in the present application;
Fig. 3 is a schematic flowchart of a data frame sending method provided in the present application;
FIG. 4 is a schematic diagram of the transmission paths of north-south traffic and east-west traffic in the present application;
fig. 5 is a schematic structural diagram of an access device provided in the present application;
fig. 6 is a schematic structural diagram of another access device provided in the present application.
Detailed Description
the application provides a data frame sending method and access equipment, which are applied to networking with an aggregation layer provided with an M-LAG, wherein a sub-LAG is defined on the access equipment, the sub-LAG only comprises a physical link between the access equipment and one aggregation equipment, a firewall connected with the aggregation equipment is in a working state, and the south-north flow reaching the access equipment is only forwarded to the aggregation equipment through the physical link contained in the sub-LAG, so that a transmission path of the south-north flow is optimized, the south-north flow accessing an external network is ensured not to pass through a peer-link between the aggregation equipment, and the bandwidth pressure of the peer-link is also reduced.
the technical scheme of the invention is explained by combining the drawings and various embodiments in the specification.
the data frame sending method provided by the application can be applied to the networking shown in fig. 2, and the networking adopts a three-layer network architecture and comprises a core layer, a convergence layer and an access layer, wherein the core layer, the convergence layer and the access layer are adopted in the networking
Two firewalls are arranged between the core equipment and the convergence equipment, the arrangement mode of the firewalls adopts a main-standby mode, one firewall is a main firewall, the other firewall is a backup firewall, and when the main firewall breaks down, the backup firewall takes over the work of the main firewall.
the convergence layer is deployed with an M-LAG, and a Virtual Router Redundancy Protocol (VRRP) is adopted between two convergence devices to form a VRRP backup group, so as to realize load sharing. From the perspective of the access device, the two convergence devices may be regarded as one device, and both devices share one virtual Media Access Control (MAC) address. The aggregation equipment provides LAG for the outside and is used for accessing a second-layer service; and peer-links are deployed among the aggregation devices and used for negotiating message interaction and transmission of part of flow. From the perspective of a three-layer network, the aggregation device is two independent devices, can support independent gateways, and serves as an independent Open Shortest Path First (OSPF) node. Meanwhile, the aggregation device supports local priority forwarding of traffic, for example, after the traffic sent to the access device AS2 by the access device AS1 in fig. 2 reaches the aggregation device DS1, the DS1 preferentially sends the traffic to the AS2 through a physical link between the DS1 and the AS2, and does not need to send the traffic to the aggregation device DS2 through peer-link and then forward the traffic to the AS2 through the DS2, so that the east-west traffic between the aggregation devices can be reduced to the greatest extent.
there are multiple physical links between the aggregation device and the access device, and since the aggregation layer deploys the M-LAG, the multiple physical links are aggregated together to form a logical link with a higher rate, such as M-LAG 1 and M-LAG 2 in fig. 2.
The access device provides two kinds of LAGs for the external, which are used for forwarding the two-layer service. For differentiation, a common LAG in the prior art is referred to as a parent LAG, and a LAG newly defined in this application is referred to as a child LAG, where the parent LAG includes all physical links between an access device and all aggregation devices, and the child LAG includes only physical links between the access device and one aggregation device, a firewall connected to the aggregation device is in an operating state, and the physical links included in the child LAG are a subset of the physical links included in the parent LAG.
fig. 3 is a schematic flow chart of a data frame sending method provided in the present application, where the method includes:
Step 301: the access device receives a first indication message sent by a first aggregation device through a first physical link between the first aggregation device and the access device, wherein the first indication message is used for indicating a sub-LAG for adding the first physical link into an M-LAG, the sub-LAG only comprises one aggregation device and a physical link between the access devices, the physical link between the first aggregation device and the access device and a physical link between a second aggregation device and the access device form the M-LAG, the first aggregation device and the second aggregation device form a VRRP backup group, a firewall connected with the first aggregation device is in a working state, and a firewall connected with the second aggregation device is in a backup state.
the first physical link may be any physical link between the first aggregation device and the access device. The first aggregation device may send the first indication message to the access device through each physical link connected to the access device, so that the access device finally adds all physical links therebetween to the sub-LAG on the access device.
Step 302: the access equipment adds the first physical link into a sub LAG according to the first indication message.
If a sub-LAG of the M-LAG exists on the access device, the access device adds the first physical link to the sub-LAG according to the first indication message. And if the sub LAG of the M-LAG does not exist on the access equipment, the access equipment creates a new sub LAG for the M-LAG and adds the first physical link into the new sub LAG according to the first indication message.
when the sub-LAG of the M-LAG already exists on the access device and only includes the physical link between the first aggregation device and the access device, it indicates that the access device has created the sub-LAG before receiving the first indication message sent by the first aggregation device through the first physical link, and preferentially receives the first indication message sent by the first aggregation device through another physical link, and adds an interface of the another physical link on the access device into an interface of the sub-LAG.
in another case, when a sub-LAG of the M-LAG already exists on the access device and only includes a physical link between the second aggregation device and the access device, the access device receives a first indication message sent by the first aggregation device, which indicates that a firewall is switched between a master state and a standby state, a firewall connected to the first aggregation device is switched from a backup state to a working state, and a firewall connected to the second aggregation device is switched from the working state to the backup state; if the access device receives the message indicating to add the physical link between the first aggregation device and the access device to the sub-LAG before receiving the message indicating to delete the physical link between the second aggregation device and the access device from the sub-LAG, the access device may add the first physical link to the sub-LAG only including the physical link between the second aggregation device and the access device.
the first indication message carries an identifier of the first physical link, and a process of adding the first physical link to the sub LAG is a process of associating the identifier of the first physical link with an index of the sub LAG. A sub-LAG may associate multiple physical links and aggregate the associated multiple physical links into a single logical link, and in particular, a sub-LAG may associate multiple physical links with interfaces on the access device.
step 303: and after the access equipment adds the first physical link into the sub LAG, establishing a corresponding relation between the virtual MAC address of the VRRP backup group and the interface of the sub LAG.
Step 304: the access device receives a data frame.
Step 305: if the destination MAC address of the data frame is consistent with the virtual MAC address, the access device forwards the data frame to an interface of the sub-LAG according to the correspondence, so as to send the data frame to the first aggregation device through a physical link included in the sub-LAG.
the physical links included in the sub-LAG include not only the first physical link but also other physical links between the first aggregation device and the access device, and the access device forwards the data frames on the multiple physical links, thereby implementing load sharing.
Through the above steps, the data frame can be enabled not to pass through a peer-link between the first aggregation device and the second aggregation device.
It should be noted that the virtual MAC address of the VRRP backup group learned by the access device is a virtual MAC address shared by the first aggregation device and the second aggregation device. By adopting the method of steps 301 to 305, both the north-south traffic and the east-west traffic are forwarded through the first aggregation device.
Considering that different Virtual Local Area Networks (VLAN) are generally used for north-south traffic and east-west traffic, in order to ensure that east-west traffic can still keep dual activity, further control can be performed based on VLAN, which specifically includes the following steps:
The access equipment determines the VLAN of the north-south flow flowing through the access equipment according to the pre-deployed VLAN information; then, the access device establishes a corresponding relationship among the virtual MAC address, the VLAN of the north-south traffic and the interface of the physical link contained in the sub-LAG on the access device. When the access device receives a data frame, if the destination MAC address of the data frame is consistent with the virtual MAC address and the VLAN of the data frame is consistent with the VLAN of the north-south flow, the access device forwards the data frame to an interface of a physical link on the access device, wherein the interface is contained in the sub LAG, according to the corresponding relation. Thus, it can be ensured that the east-west traffic is still forwarded according to the parent LAG, the south-north traffic is forwarded according to the child LAG, the transmission path of each traffic is as shown in fig. 4, and the south-north traffic only passes through one aggregation device; the east-west traffic is forwarded by both aggregation devices.
the first aggregation device and the second aggregation device can judge whether the firewall is switched between the main and standby state through Bidirectional Forwarding Detection (BFD), Detection of whether a routing Cost value changes and the like.
When the first aggregation device detects that a firewall connected with the first aggregation device is converted from a working state to a backup state, the first aggregation device sends a second indication message to the access device, wherein the second indication message is used for indicating that the first physical link is deleted from the sub LAG.
when the second aggregation device detects that a firewall connected with the second aggregation device is changed from a backup state to a working state, the second aggregation device sends a third indication message to the access device, where the third indication message is used to indicate that the second physical link is added to the sub LAG.
and after receiving the second indication message sent by the first aggregation device through the first physical link, the access device deletes the first physical link from the sub-LAG according to the second indication message.
after receiving the third indication message sent by the second aggregation device through the second physical link between the second aggregation device and the access device, the access device adds the second physical link to the sub-LAG according to the third indication message, and finally, the updated sub-LAG only includes the physical link between the access device and the second aggregation device.
because the first aggregation device and the second aggregation device share the virtual MAC address of one VRRP backup group, the access device does not need to update the correspondence between the virtual MAC address and the interface of the sub-LAG in the MAC address table, and only needs to withdraw the physical link connected to the first aggregation device from the sub-LAG and add the physical link connected to the second aggregation device to the sub-LAG.
Optionally, each indication message sent by the Aggregation device to the access device may adopt a newly defined message, or may also adopt an existing Link Aggregation Control Protocol (LACP) message. The access device and the aggregation device may agree to use one of the reserved fields in the LACP message as a flag bit in advance, and if the agreed reserved field in the LACP message is a first set value, and if the agreed reserved field in the LACP message is equal to 1, the LACP message is used for indicating that a physical link through which the LACP message passes is added to a sub-LAG on the access device; and if the reserved field agreed in the LACP message is a second set value, if the reserved field is equal to 0, the LACP message is used for indicating that the physical link through which the LACP message passes is deleted from the sub LAG on the access equipment.
In addition, the newly defined sub-LAG may be used to control the transmission of the specified data frame along the specified physical link, for example, if a data frame accessing server B from server a is to be transmitted along specified physical link C, a sub-LAG D may be defined, physical link C is added to the sub-LAG D, and a corresponding relationship between the MAC address of server a, the MAC address of server B, and the interface of sub-LAG D is established.
The present application further provides an access device 500, configured to implement the function of the access device in the data frame sending method. As shown in fig. 5, the access device 500 includes a receiving unit 501, a processing unit 502, a establishing unit 503, and a sending unit 504; wherein
The receiving unit 501 is configured to receive a first indication message sent by a first aggregation device through a first physical link between the first aggregation device and the access device 500, where the first indication message is used to indicate a sub-LAG that adds the first physical link to an M-LAG, the sub-LAG only includes a physical link between the first aggregation device and the access device 500, a physical link between the first aggregation device and the access device 500 and a physical link between a second aggregation device and the access device 500 form the M-LAG, the first aggregation device and the second aggregation device form a VRRP backup group, a firewall connected to the first aggregation device is in a working state, and a firewall connected to the second aggregation device is in a backup state.
The processing unit 502 is configured to add the first physical link to a sub-LAG according to the first indication message.
the establishing unit 503 is configured to establish a corresponding relationship between the virtual MAC address of the VRRP backup group and the interface of the sub LAG after the processing unit 502 adds the first physical link to the sub LAG.
The receiving unit 501 is further configured to receive a data frame.
the sending unit 504 is configured to forward the data frame to the interface of the sub-LAG according to the corresponding relationship if the destination MAC address of the data frame is consistent with the virtual MAC address, so as to send the data frame to the first aggregation device through a physical link included in the sub-LAG.
optionally, the processing unit 502 is specifically configured to: if a sub-LAG of the M-LAG exists on the access equipment, adding the first physical link to the sub-LAG according to the first indication message; and if the sub LAG of the M-LAG does not exist on the access equipment, newly building a sub LAG for the M-LAG, and adding the first physical link into the newly built sub LAG according to the first indication message.
Optionally, the establishing unit 503, when establishing the corresponding relationship between the virtual MAC address and the interface of the sub LAG, is specifically configured to: determining a VLAN of the north-south traffic flowing through the access device; establishing a corresponding relation among the virtual MAC address, the VLAN of the north-south flow and the interface of the physical link contained in the sub LAG on the access equipment;
Correspondingly, the sending unit 504 is specifically configured to: and if the destination MAC address of the data frame is consistent with the virtual MAC address and the VLAN of the data frame is consistent with the VLAN of the north-south flow, forwarding the data frame to an interface of a physical link contained in the sub LAG on the access equipment according to the corresponding relation.
optionally, the receiving unit 501 is further configured to: receiving a second indication message sent by the first aggregation device through the first physical link, wherein the second indication message is used for indicating that the first physical link is deleted from the sub-LAG; the second indication message is sent by the first aggregation device when detecting that the firewall connected with the first aggregation device is changed from the working state to the backup state;
Correspondingly, the processing unit 502 is further configured to: deleting the first physical link from the sub-LAG according to the second indication message.
optionally, the receiving unit 501 is further configured to: receiving a third indication message sent by the second aggregation device through a second physical link between the second aggregation device and the access device, where the third indication message is used to indicate that the second physical link is added to the sub-LAG; and the third indication message is sent by the second aggregation device when detecting that the firewall connected with the second aggregation device is changed from the backup state to the working state.
Correspondingly, the processing unit 502 is further configured to: adding the second physical link to the sub-LAG according to the third indication message.
Optionally, the indication message may be an LACP message.
the first indication message is a first LACP message; the reserved field appointed in the first LACP message is a first set value, and the first LACP message is used for indicating that a physical link through which the first LACP message passes is added into the sub LAG; the second indication message is a second LACP message, the reserved field appointed in the second LACP message is a second set value, and the second LACP message is used for indicating that the physical link through which the second LACP message passes is deleted from the sub-LAG; the third indication message is a third LACP message; and the reserved field agreed in the third LACP message is a first set value, and the third LACP message is used for indicating that the physical link through which the third LACP message passes is added to the sub-LAG.
For details that are not described in the present embodiment, reference may be made to the description of the access device in the data frame sending method shown in fig. 3, which is not described herein again.
based on the above provided data frame sending method, the present application further provides an access device 600, as shown in fig. 6, the access device 600 includes a receiver 601, a processor 602, and a transmitter 603, where the receiver 601, the processor 602, and the transmitter 603 are connected to each other through a bus 604.
The receiver 601 is configured to receive a first indication message sent by a first aggregation device through a first physical link between the first aggregation device and the access device 600, where the first indication message is used to indicate that the first physical link is added to a sub-LAG of an M-LAG, the sub-LAG includes a physical link between the aggregation device and the access device 600, the physical link between the first aggregation device and the access device 600 and a physical link between a second aggregation device and the access device 600 form the M-LAG, the first aggregation device and the second aggregation device form a VRRP backup group, a firewall connected to the first aggregation device is in a working state, and a firewall connected to the second aggregation device is in a backup state.
the processor 602, configured to add the first physical link to a sub-LAG according to the first indication message; and after the first physical link is added into the sub LAG, establishing the corresponding relation between the virtual MAC address of the VRRP backup group and the interface of the sub LAG.
The receiver 601 is further configured to receive a data frame.
the sender 603, if the destination MAC address of the data frame is consistent with the virtual MAC address, is configured to forward the data frame to the interface of the sub-LAG according to the correspondence, so as to send the data frame to the first aggregation device through a physical link included in the sub-LAG.
The processor 602 may be a general-purpose processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the integrated circuit may also be a Digital Signal Processor (DSP), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or other programmable logic devices.
When the processor 602 is a CPU, the access device 600 may further include: a memory for storing a program. In particular, the program may include program code comprising computer operating instructions. The memory may include a Random Access Memory (RAM), and may further include a non-volatile memory (non-volatile memory), such as at least one disk memory. The processor 602 executes the program code stored in the memory to implement the above-described functions.
it should be noted that the receiver 601 may also perform other operations performed by the receiving unit 501 shown in fig. 5, the processor 602 may also perform other operations performed by the processing unit 501 and the establishing unit 503 shown in fig. 5, and the transmitter 603 may also perform other operations performed by the transmitting unit 504 shown in fig. 5. For brevity, no further description is provided herein.
In summary, the technical solution provided by the present application may be applied to a networking in which an M-LAG is deployed in a convergence layer, and a sub-LAG is defined on an access device, where the sub-LAG only includes a physical link between the access device and one convergence device, a firewall connected to the one convergence device is in a working state, and south-north traffic reaching the access device is forwarded to the convergence device only through the physical link included in the sub-LAG, so as to optimize a transmission path of the south-north traffic, ensure that the south-north traffic accessing an external network does not pass through a peer-link between the convergence devices, and reduce bandwidth pressure of the peer-link. The method and the device can further finely control the forwarding path of the flow based on different VLANs of different flows, so that the flow in the east-west direction is still forwarded according to the general parent LAG, and the flow in the south-north direction is forwarded according to the newly defined child LAG. In addition, the newly defined sub LAG interface can be used for controlling the transmission of the specified data frame along the specified physical link.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
the present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
Claims (10)
1. A method for transmitting a data frame, comprising:
An access device receives a first indication message sent by a first aggregation device through a first physical link between the first aggregation device and the access device, wherein the first indication message is used for indicating that the first physical link is added into a sub-link aggregation group LAG of a cross-device link aggregation group M-LAG, the sub-LAG only comprises one physical link between the aggregation device and the access device, the physical link between the first aggregation device and the access device and the physical link between a second aggregation device and the access device form the M-LAG, the first aggregation device and the second aggregation device form a Virtual Routing Redundancy Protocol (VRRP) backup group, a firewall connected with the first aggregation device is in a working state, and a firewall connected with the second aggregation device is in a backup state;
the access equipment adds the first physical link into a sub LAG according to the first indication message;
After the access equipment adds the first physical link into the sub LAG, establishing a corresponding relation between a virtual Media Access Control (MAC) address of the VRRP backup group and an interface of the sub LAG;
the access equipment receives a data frame;
if the destination MAC address of the data frame is consistent with the virtual MAC address, the access device forwards the data frame to an interface of the sub-LAG according to the correspondence, so as to send the data frame to the first aggregation device through a physical link included in the sub-LAG.
2. The method of claim 1, wherein the access device adding the first physical link to a sub-LAG according to the first indication message, comprising:
If the sub-LAG of the M-LAG exists on the access equipment, the access equipment adds the first physical link to the sub-LAG according to the first indication message;
And if the sub LAG of the M-LAG does not exist on the access equipment, the access equipment creates a new sub LAG for the M-LAG and adds the first physical link into the new sub LAG according to the first indication message.
3. The method of claim 1 or 2, wherein establishing a correspondence of the virtual MAC address to an interface of the sub-LAG comprises:
Determining a Virtual Local Area Network (VLAN) of the north-south flow flowing through the access equipment;
Establishing a corresponding relation among interfaces of the virtual MAC address, the VLAN and a physical link contained in the sub-LAG on the access equipment;
If the destination MAC address of the data frame is consistent with the virtual MAC address, the access device forwards the data frame to the interface of the sub-LAG according to the correspondence, including:
And if the destination MAC address of the data frame is consistent with the virtual MAC address and the VLAN of the data frame is consistent with the VLAN of the north-south flow, the access equipment forwards the data frame to an interface of a physical link contained in the sub LAG on the access equipment according to the corresponding relation.
4. the method of claim 3, wherein the method further comprises:
The access device receives a second indication message sent by the first aggregation device through the first physical link, wherein the second indication message is used for indicating that the first physical link is deleted from the sub LAG; the second indication message is sent by the first aggregation device when detecting that the firewall connected with the first aggregation device is changed from the working state to the backup state;
the access device deleting the first physical link from the sub-LAG according to the second indication message;
The access device receives a third indication message sent by the second aggregation device through a second physical link between the second aggregation device and the access device, wherein the third indication message is used for indicating that the second physical link is added to the sub LAG; the third indication message is sent by the second aggregation device when detecting that the firewall connected with the second aggregation device is changed from the backup state to the working state;
and the access equipment adds the second physical link to the sub LAG according to the third indication message.
5. The method of claim 4,
The first indication message is a first Link Aggregation Control Protocol (LACP) message; the reserved field appointed in the first LACP message is a first set value, and the first LACP message is used for indicating that a physical link through which the first LACP message passes is added into the sub LAG;
the second indication message is a second LACP message, the reserved field appointed in the second LACP message is a second set value, and the second LACP message is used for indicating that the physical link through which the second LACP message passes is deleted from the sub-LAG;
The third indication message is a third LACP message; and the reserved field agreed in the third LACP message is a first set value, and the third LACP message is used for indicating that the physical link through which the third LACP message passes is added to the sub-LAG.
6. an access device, comprising:
A receiving unit, configured to receive a first indication message sent by a first aggregation device through a first physical link between the first aggregation device and an access device, where the first indication message is used to indicate that the first physical link is added to a sub-link aggregation group LAG of a cross-device link aggregation group M-LAG, the sub-LAG only includes one physical link between the aggregation device and the access device, a physical link between the first aggregation device and the access device and a physical link between a second aggregation device and the access device form the M-LAG, the first aggregation device and the second aggregation device form a virtual routing redundancy protocol VRRP backup group, a firewall connected to the first aggregation device is in an operating state, and a firewall connected to the second aggregation device is in a backup state;
A processing unit, configured to add the first physical link to a sub-LAG according to the first indication message;
an establishing unit, configured to establish a correspondence between a virtual MAC address of the VRRP backup group and an interface of the sub LAG after the processing unit adds the first physical link to the sub LAG;
The receiving unit is further configured to receive a data frame;
and a sending unit, configured to forward the data frame to the interface of the sub-LAG according to the correspondence if the destination MAC address of the data frame is consistent with the virtual MAC address, so as to send the data frame to the first aggregation device through a physical link included in the sub-LAG.
7. the access device of claim 6, wherein the processing unit is specifically configured to:
if a sub-LAG of the M-LAG exists on the access equipment, adding the first physical link to the sub-LAG according to the first indication message;
And if the sub LAG of the M-LAG does not exist on the access equipment, newly building a sub LAG for the M-LAG, and adding the first physical link into the newly built sub LAG according to the first indication message.
8. the access device according to claim 6 or 7, wherein the establishing unit, when establishing the correspondence between the virtual MAC address and the interface of the sub-LAG, is specifically configured to:
Determining a Virtual Local Area Network (VLAN) of the north-south flow flowing through the access equipment;
Establishing a corresponding relation among interfaces of the virtual MAC address, the VLAN and a physical link contained in the sub-LAG on the access equipment;
The sending unit is specifically configured to:
and if the destination MAC address of the data frame is consistent with the virtual MAC address and the VLAN of the data frame is consistent with the VLAN of the north-south flow, forwarding the data frame to an interface of a physical link contained in the sub LAG on the access equipment according to the corresponding relation.
9. the access device of claim 8, wherein the receiving unit is further to:
Receiving a second indication message sent by the first aggregation device through the first physical link, wherein the second indication message is used for indicating that the first physical link is deleted from the sub-LAG; the second indication message is sent by the first aggregation device when detecting that the firewall connected with the first aggregation device is changed from the working state to the backup state;
the processing unit is further to:
deleting the first physical link from the sub-LAG according to the second indication message;
The receiving unit is further configured to:
Receiving a third indication message sent by the second aggregation device through a second physical link between the second aggregation device and the access device, where the third indication message is used to indicate that the second physical link is added to the sub-LAG; the third indication message is sent by the second aggregation device when detecting that the firewall connected with the second aggregation device is changed from the backup state to the working state;
The processing unit is further to:
adding the second physical link to the sub-LAG according to the third indication message.
10. The access device of claim 9,
the first indication message is a first Link Aggregation Control Protocol (LACP) message; the reserved field appointed in the first LACP message is a first set value, and the first LACP message is used for indicating that a physical link through which the first LACP message passes is added into the sub LAG;
The second indication message is a second LACP message, the reserved field appointed in the second LACP message is a second set value, and the second LACP message is used for indicating that the physical link through which the second LACP message passes is deleted from the sub-LAG;
the third indication message is a third LACP message; and the reserved field agreed in the third LACP message is a first set value, and the third LACP message is used for indicating that the physical link through which the third LACP message passes is added to the sub-LAG.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610061708.7A CN107018072B (en) | 2016-01-28 | 2016-01-28 | data frame sending method and access equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610061708.7A CN107018072B (en) | 2016-01-28 | 2016-01-28 | data frame sending method and access equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107018072A CN107018072A (en) | 2017-08-04 |
| CN107018072B true CN107018072B (en) | 2019-12-17 |
Family
ID=59439301
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610061708.7A Active CN107018072B (en) | 2016-01-28 | 2016-01-28 | data frame sending method and access equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107018072B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107257300B (en) * | 2017-08-09 | 2018-08-31 | 广州市大为通信有限公司 | A kind of 4G access devices of wireless backup, system and method |
| CN110401596B (en) * | 2019-09-10 | 2023-05-26 | 迈普通信技术股份有限公司 | Message transmission method and device, electronic equipment and readable storage medium |
| CN111988213B (en) * | 2020-07-16 | 2022-06-03 | 浪潮思科网络科技有限公司 | Method, equipment and medium for synchronizing VXLAN tunnel in EVPN MLAG environment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103780480A (en) * | 2012-10-17 | 2014-05-07 | 杭州华三通信技术有限公司 | Message forwarding method and message forwarding equipment |
| CN104426720A (en) * | 2013-08-19 | 2015-03-18 | 日立金属株式会社 | Network relay system and switching device |
| CN104486124A (en) * | 2014-12-19 | 2015-04-01 | 盛科网络(苏州)有限公司 | Device and method for realizing MLAG (multi-system link aggregation) by logical ports |
| CN104639464A (en) * | 2015-01-09 | 2015-05-20 | 盛科网络(苏州)有限公司 | System and method for realizing cross-interchanger link aggregation on OpenFlow interchanger |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9385942B2 (en) * | 2014-04-30 | 2016-07-05 | Extreme Networks, Inc. | Methods, systems, and computer readable media for providing N-node multi-switch link aggregation groups (MLAGs) |
-
2016
- 2016-01-28 CN CN201610061708.7A patent/CN107018072B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103780480A (en) * | 2012-10-17 | 2014-05-07 | 杭州华三通信技术有限公司 | Message forwarding method and message forwarding equipment |
| CN104426720A (en) * | 2013-08-19 | 2015-03-18 | 日立金属株式会社 | Network relay system and switching device |
| CN104486124A (en) * | 2014-12-19 | 2015-04-01 | 盛科网络(苏州)有限公司 | Device and method for realizing MLAG (multi-system link aggregation) by logical ports |
| CN104639464A (en) * | 2015-01-09 | 2015-05-20 | 盛科网络(苏州)有限公司 | System and method for realizing cross-interchanger link aggregation on OpenFlow interchanger |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107018072A (en) | 2017-08-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9665530B2 (en) | Method and system for implementing elastic network interface and interconnection | |
| EP2553886B1 (en) | Aggregating data traffic from access domains | |
| EP3108625B1 (en) | Virtual private network migration and management in centrally controlled networks | |
| US20170085469A1 (en) | Virtual port channel bounce in overlay network | |
| US20200396162A1 (en) | Service function chain sfc-based communication method, and apparatus | |
| US10263808B2 (en) | Deployment of virtual extensible local area network | |
| US8369296B2 (en) | Distributed link aggregation | |
| EP2533475B1 (en) | Method and system for host route reachability in packet transport network access ring | |
| US9692697B2 (en) | Control channel establishing method, forwarding point, and controller | |
| EP2911355B1 (en) | Method and device for flow path negotiation in link aggregation group | |
| US20120163174A1 (en) | Methods and apparatus to reduce forwarding state on an fcoe-to-fc gateway using port-specific mac addresses | |
| WO2015010518A1 (en) | Service transmission path determination method, device and system | |
| JP7092813B2 (en) | Packet transmission method and equipment | |
| EP2911354A1 (en) | Method, device and system for bidirectional flow on same path in aggregation group | |
| EP3038296B1 (en) | Pool element status information synchronization method, pool register and pool element | |
| WO2018090210A1 (en) | Service packet transmission method, and node apparatus | |
| WO2023165137A1 (en) | Cross-cluster network communication system and method | |
| CN107018072B (en) | data frame sending method and access equipment | |
| US20190215191A1 (en) | Deployment Of Virtual Extensible Local Area Network | |
| US11381497B2 (en) | Path selection method and device | |
| EP3068082B1 (en) | Fault processing method and apparatus for edge route bridge in trill network | |
| US9774518B1 (en) | Methods and apparatus for a distributed control plane | |
| EP3232617B1 (en) | Protection switching method and system, and nodes | |
| CN103248502A (en) | Method and device for topology discovery and fault processing of distributed link aggregation group | |
| KR101260646B1 (en) | Method for transferring data and network system using the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |