CN107547351A - Address distribution method and device - Google Patents

Address distribution method and device Download PDF

Info

Publication number
CN107547351A
CN107547351A CN201710686367.7A CN201710686367A CN107547351A CN 107547351 A CN107547351 A CN 107547351A CN 201710686367 A CN201710686367 A CN 201710686367A CN 107547351 A CN107547351 A CN 107547351A
Authority
CN
China
Prior art keywords
user
address
dhcp message
equipment
controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710686367.7A
Other languages
Chinese (zh)
Other versions
CN107547351B (en
Inventor
黄李伟
徐燕成
王伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201710686367.7A priority Critical patent/CN107547351B/en
Publication of CN107547351A publication Critical patent/CN107547351A/en
Application granted granted Critical
Publication of CN107547351B publication Critical patent/CN107547351B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

This disclosure relates to a kind of address distribution method and device.Wherein, this method includes:Controller receives the first DHCP message of gateway device transmission by VXLAN tunnels, and the identity information of the user is carried in first DHCP message;Whether controller preserves the first IP address corresponding with the user according to identity information inquiry is local;In the case where Query Result is to be, controller replys the second DHCP message by the VXLAN tunnels to the gateway device, second DHCP message includes first IP address, and second DHCP message is used to indicate that first IP address is distributed to the user by the gateway device.User can be assigned to identical IP address by itself remote access specific region network and the equipment access from specific region network internal, advantageously ensure that the inside and outside proper communication of specific region network.

Description

Address distribution method and device
Technical field
This disclosure relates to communication technical field, more particularly to a kind of address distribution method and device.
Background technology
VXLAN (Virtual eXtensible Local Area Network, expansible VLAN) is to be based on IP Network, using " two-layer VPN (Virtual Private Network, Virtual Private Network) skill of MAC in UDP " packing forms Art.VXLAN can be based on existing service provider or enterprise IP (Internet Protocol, Internet Protocol) network, be Scattered physical site provides two layers of interconnection, and business isolation can be provided for different tenants.
VXLAN is mainly used in data center network.VXLAN has following features:
A, substantial amounts of tenant is supported:Using the identifier of 24, it can at most support that 2 24 powers (16777216) are individual VXLAN, makes tenant's number of support increase on a large scale, solves the problems, such as traditional double layer network VLAN inadequate resources.
B, it is easy to maintain:IP based network sets up big double layer network so that network design and maintenance are more prone to, and can Fully to utilize existing IP network technology, such as utilize equal-cost route progress load balancing etc..Only IP core network Edge device needs to carry out VXLAN processing, and network intermediary device need to only E-Packet according to IP heads, reduce the difficulty of network design Degree and expense.
VXLAN technologies construct virtual using existing three layer physical network as Underlay (bottom) network thereon Double layer network, i.e. Overlay (top layer) network.What Overlay networks were provided by encapsulation technology, using Underlay networks Three layers of forward-path, realize that tenant's two layer message transmits across three-layer network between different websites.For tenant, Underlay networks are transparent, and the different websites of same tenant are just as being operated in a LAN.
Fig. 1 is the structural representation of VXLAN representative network model, as shown in figure 1, VXLAN includes following several parts:
VM (Virtual Machine, virtual machine):More virtual machines, different void can be created on a server Plan machine may belong to different VXLAN.The virtual machine for belonging to identical VXLAN is in same logic double layer network, each other Double layer intercommunication.Belong to two layers of isolation between different VXLAN virtual machine.VXLAN is identified by VXLAN ID, and VXLAN ID are again Claim VNI (VXLAN Network Identifier, VXLAN network identifier), its length is 24 bits.
VTEP (VXLAN Tunnel End Point, VXLAN endpoint of a tunnel):VXLAN edge device.VXLAN phase Pass processing carried out all on VTEP, such as identification ethernet data frame belonging to VXLAN, based on VXLAN to data frame carry out two Layer forwarding, encapsulation/decapsulation message etc..VTEP can be the clothes where independent a physical equipment or virtual machine Business device (Server).
VXLAN tunnels:Point-to-point logical tunnel between two VTEP.VTEP is data frame packaging V XLAN heads, UDP After (User Datagram Protocol, UDP) head and IP heads, by VXLAN tunnels by the message after encapsulation Distal end VTEP is transmitted to, distal end VTEP decapsulates to it.
Nucleus equipment:Equipment in IP core network.Nucleus equipment is not involved in VXLAN processing, it is only necessary to after encapsulation The purpose IP address of message carries out three layers of forwarding to message.
VSI (Virtual Switch Instance, virtual switch instance):On VTEP two layers of friendship are provided for a VXLAN Change the virtual switch instance of service.The stylobate that VSI can be regarded as on VTEP carries out the virtual switch of two layers of forwarding in VXLAN Machine.VSI have traditional ethernet interchanger institute it is functional, including:Source MAC study, MAC address aging, flood. VSI and VXLAN is corresponded.
For user's dynamic access VXLAN business, scheme the most frequently used at present is by DHCP (Dynamic Host Configuration Protocol, DHCP) server carry out user IP address acquisition.Such as Fig. 2 institutes Show, for a garden, user A is authenticated accessing after reaching the standard grade by portsec (port security) certification inside garden, And it is authenticated connecing by SSLVPN (Security Socket Layer VPN, SSL VPN) outside garden Enter.Under both of these case, the acquisition of IP address is all carried out by Dynamic Host Configuration Protocol server.
Fig. 2 is VXLAN existing realization figure.As shown in Fig. 2 user A inside garden by VXLAN dynamic access, with And pass through VPN dynamic access outside garden.Dynamic Host Configuration Protocol server can give the IP of both access ways distribution different segment at present Address, for ensureing the intercommunication of business inside and outside garden.
The content of the invention
In view of this, the present disclosure proposes a kind of address distribution method and device.
According to the one side of the disclosure, there is provided a kind of address distribution method, including:
Controller receives the first DHCP message of gateway device transmission by virtual expansible LAN VXLAN tunnels, its In, the first DHCP message gateway device is sent when user remotely accesses specific region network by itself, The identity information of the user is carried in first DHCP message, the VXLAN tunnels are the controller and the gateway Tunnel between equipment;
The controller is inquired about locally with whether preserving first IP corresponding with the user according to the identity information Location;
In the case where Query Result is to be, the controller is replied by the VXLAN tunnels to the gateway device Second DHCP message, second DHCP message include first IP address, and second DHCP message is described for indicating First IP address is distributed to the user by gateway device.
According to another aspect of the present disclosure, there is provided a kind of address distribution method, including:
Gateway device sends the first DHCP message by VXLAN tunnels to controller, and first DHCP message is described What gateway device was sent when user remotely accesses specific region network by itself, in first DHCP message described in carrying The identity information of user, tunnel of the VXLAN tunnels between the controller and the gateway device;
The gateway device receives the second DHCP message that the controller replys by the VXLAN tunnels, and described the Two DHCP messages include IP address corresponding to the user;
IP address corresponding to the user is distributed to the user by the gateway device.
According to another aspect of the present disclosure, there is provided a kind of address distributing device, including:
First receiving module, for receiving the first of gateway device transmission by virtual expansible LAN VXLAN tunnels DHCP message, wherein, first DHCP message is that the gateway device remotely accesses specific region net in user by itself Sent during network, the identity information of the user is carried in first DHCP message, the VXLAN tunnels are the controller With the tunnel between the gateway device;
Enquiry module, for whether preserving first IP corresponding with the user according to identity information inquiry is local Address;
First sending module, in the case of being in Query Result, set by the VXLAN tunnels to the gateway Standby to reply the second DHCP message, second DHCP message includes first IP address, and second DHCP message is used to refer to Show that first IP address is distributed to the user by the gateway device.
According to another aspect of the present disclosure, there is provided a kind of address distributing device, including:
3rd sending module, for sending the first DHCP message, the first DHCP reports to controller by VXLAN tunnels The text gateway device is sent when user remotely accesses specific region network by itself, in first DHCP message Carry the identity information of the user, tunnel of the VXLAN tunnels between the controller and the gateway device;
Second receiving module, for receiving the second DHCP message of the controller reply, institute by the VXLAN tunnels Stating the second DHCP message includes IP address corresponding to the user;
First distribute module, for IP address corresponding to the user to be distributed into the user.
By the address distribution method and device of the disclosure, user by itself remote access specific region network with from spy Determine inside Local Area Network equipment access can be assigned to identical IP address, advantageously ensure that specific region network inside and Outside proper communication.Further, be advantageous to bind user and IP address, follow IP address to move the access rights of user Move.Furthermore, it is not necessary that it is different according to the access place of user, redistribute User IP and the security domain of user.
According to below with reference to the accompanying drawings becoming to detailed description of illustrative embodiments, the further feature and aspect of the disclosure It is clear.
Brief description of the drawings
Comprising in the description and the accompanying drawing of a part for constitution instruction and specification together illustrate the disclosure Exemplary embodiment, feature and aspect, and for explaining the principle of the disclosure.
Fig. 1 is the structural representation of VXLAN representative network model.
Fig. 2 is VXLAN existing realization figure.
Fig. 3 shows the flow chart of the address distribution method according to the embodiment of the disclosure one.
Fig. 4 shows another flow chart of the address distribution method according to the embodiment of the disclosure one.
Fig. 5 shows the flow chart of the address distribution method according to another embodiment of the disclosure.
Fig. 6 shows another flow chart of the address distribution method according to another embodiment of the disclosure.
Fig. 7 shows the application scenarios schematic diagram in the address distribution method according to the embodiment of the disclosure one.
Fig. 8 shows the flow chart of the address distribution method according to another embodiment of the disclosure.
Fig. 9 shows the structural representation of the address distributing device according to the embodiment of the disclosure one.
Figure 10 shows another structural representation of the address distributing device according to the embodiment of the disclosure one.
Figure 11 shows the structural representation of the address distributing device according to another embodiment of the disclosure.
Figure 12 shows another structural representation of the address distributing device according to another embodiment of the disclosure.
Embodiment
Describe various exemplary embodiments, feature and the aspect of the disclosure in detail below with reference to accompanying drawing.It is identical in accompanying drawing Reference represent the same or analogous element of function.Although the various aspects of embodiment are shown in the drawings, remove Non-specifically point out, it is not necessary to accompanying drawing drawn to scale.
Special word " exemplary " is meant " being used as example, embodiment or illustrative " herein.Here as " exemplary " Illustrated any embodiment should not necessarily be construed as preferred or advantageous over other embodiments.
In addition, in order to better illustrate the disclosure, numerous details is given in embodiment below. It will be appreciated by those skilled in the art that without some details, the disclosure can equally be implemented.In some instances, for Method, means, element and circuit well known to those skilled in the art are not described in detail, in order to highlight the purport of the disclosure.
In Fig. 2 implementation, for EVPN (Ethernet VPN, Ethernet VPN) networking, if user connects from outside The IP address for entering specific region network (such as garden) belongs to the difference of phase same network segment with user from the IP address during access of inside IP address, because SPINE equipment can only issue network segment route, outer net route mutually conflicts with the Host routes of inside, it may appear that nothing The problem of method communication (such as in garden and can not be communicated outside garden).For example, user A from VPN GW access when, Dynamic Host Configuration Protocol server IP address for user A distribution is 10.1.1.10.When LEAF equipment of the user A out of garden logs in, Dynamic Host Configuration Protocol server is user The IP address of distribution is 10.1.1.11.The two addresses belong to the different IP addresses of phase same network segment.SPINE equipment can only select Route 10.1.1.11 inside 32 main frames is forwarded, without selecting the outer net route 10.1.1.10 of 24 to be turned Hair.Such that user A can not proper communication in garden and outside garden.
In the disclosed embodiments, Dynamic Host Configuration Protocol server can carry out the distribution of IP address according to user, same to ensure User no matter inside garden or garden outside all logged in by an IP address, so as to ensure user in garden and Proper communication outside garden.
Fig. 3 shows the flow chart of the address distribution method according to the embodiment of the disclosure one.As shown in figure 3, this method can be with Applied in controller, this method can include:
Step 301, controller receive the first DHCP message that gateway device sends by VXLAN tunnels, wherein, described the The one DHCP message gateway device is sent when user remotely accesses specific region network by itself, and described first The identity information of the user is carried in DHCP message, the VXLAN tunnels are between the controller and the gateway device Tunnel;
Step 302, the controller according to identity information inquiry it is local whether preserve it is corresponding with the user First IP address;
Step 303, in Query Result in the case of being, the controller is by the VXLAN tunnels to the gateway The DHCP message of device replied second, second DHCP message include first IP address, and second DHCP message is used for Indicate that first IP address is distributed to the user by the gateway device.
In the disclosed embodiments, gateway device can be the gateway device with VPN functions, such as the VPN in Fig. 2 GW。
In a kind of possible implementation, as shown in figure 4, in step 400, when the user passes through specific region net In the case of equipment access in network, the Dynamic Host Configuration Protocol server is asked to distribute untapped IP address, the control for the user Device processed regard the IP address distributed as the user accessed by the equipment in the network of specific region as first IP address, And record the first corresponding relation of the user and first IP address.
In addition, in step 401, the VXLAN tunnels that can be established between controller and gateway device.Wherein, controller VXLAN tunnels between gateway device can cause direct communication between controller and gateway device.And the VXLAN tunnels Can be as the dedicated tunnel for initiating local search IP address, can be first after controller receives DHCP message from the VXLAN tunnels Local search is initiated, locally searches whether there is IP address corresponding with user in controller.
Also, special VXLAN network identifiers can be set on SPINE equipment and VPN GW.A kind of possible Implementation in, also include being used for the VXLAN nets for representing that the user carries out VPN access service in first DHCP message Network identifier;The VXLAN network identifiers be used for indicate the controller for the user distribution locally preserve with it is described First IP address corresponding to user.After controller receives the first DHCP message from the VXLAN tunnels, from first DHCP message Middle acquisition special VXLAN network identifiers, you can first initiate local search.
In a kind of possible implementation, as shown in figure 4, being no in the Query Result of step 302 in step 402 In the case of, controller request Dynamic Host Configuration Protocol server is that the user distributes untapped second IP address, and passes through the VXLAN The 3rd DHCP message is replied in tunnel to the gateway device, and the 3rd DHCP message includes second IP address, and described the Three DHCP messages are used to indicate that second IP address is distributed to the user by the gateway device.
In a kind of possible implementation, controller records the second corresponding relation of the user and the second IP address, Make it that the controller can be according to second correspondence when the user is accessed by the equipment in the network of specific region Relation is that the user distributes second IP address.
As shown in fig. 7, the equipment in the network of specific region can include root device (SPINE equipment) and leaf equipment (LEAF Equipment) etc..Wherein, SPINE equipment is referred to as backbone equipment, root node etc..LEAF equipment be referred to as access device, Dynamic access point, leaf node etc..In addition, Dynamic Host Configuration Protocol server can be independent equipment, can also integrate in the controller.
For example, user A is logged in first from such as LEAF equipment of the equipment inside garden when reaching the standard grade, by being set with LEAF The SPINE equipment access controller (Director) of standby connection.Director can be authenticated to user A, and pass through DHCP Agreement is that the user A that certification passes through distributes untapped IP address.And record between user A and the first IP address for being its distribution The first corresponding relation.Such as record first corresponding between the account information of the user, login name etc. and first IP address Relation.And it is possible to the special VXLAN tunnels between establishing Director and VPN GW.For example, in SPINE equipment and VPN It is provided for representing the VXLAN network identifiers that user carries out VPN access service, such as VIN 65535 on GW.
If user A remotely accesses garden subsequently through itself, such as log in and reach the standard grade from VPN GW, then VPN GW to After the certification of family, received VPN messages can be terminated.Then, VPN GW are Resealed based on above-mentioned special VXLAN tunnels again DHCP VXLAN encapsulated messages (example of the first DHCP message), the message includes VIN 65535.Director, which is received, to be carried After VIN 65535 message, local the first corresponding relation for whether saving user A is searched.If so, then from the of user A The first IP address corresponding with the user A is obtained in one corresponding relation.
If Director locally has the first IP address corresponding with the user A, Director is sent to VPN GW With VIN 65535 and the first IP address corresponding with the user A DHCP provide message (example of the second DHCP message).Such as Local first IP address not corresponding with the user A of fruit Director, then it is the user A that Director, which asks Dynamic Host Configuration Protocol server, Distribute a untapped IP address (the second IP address).Then sent to VPN GW again with the IP of VIN 65535 and the 2nd The DHCP of location provides message.After VPN GW receive DHCP offer messages, the second IP address therein is distributed into the user S.
In addition, Director can also locally preserve user A and the second corresponding relation of the second IP address.Subsequently, such as Fruit user A is logged in from the LEAF equipment inside garden and reached the standard grade, and controller first locally can search whether to preserve the of user A Two corresponding relations.If so, then the second IP address corresponding with user A is distributed to user by controller by DHCP offer messages A.If not provided, controller asks Dynamic Host Configuration Protocol server to distribute untapped IP address for user A again.
Can be after user is assigned with IP address in VPN GW, VPN GW can be sent out by Routing Protocol to SPINE equipment Host address corresponding to the cloth IP address (or being Host routes).After SPINE equipment receives the host address, it can pass through The host address is distributed to each LEAF equipment by EVPN.The LEAF equipment of the host address is received, the main frame can be directly generated Forwarding-table item corresponding to address, and cause the forwarding-table item to point to SPINE equipment.Wherein, VPN GW can be by the host address In extended community attribute of migrating be arranged to 0, to represent limit priority group attribute.SPINE equipment is received with highest After the group attribute host address of priority, then the host address is distributed to by each LEAF equipment by EVPN.
If receive the network segment identical local IP existed in the LEAF equipment of the host address with the host address The forwarding-table item of address, and the forwarding-table item is not directed to SPINE equipment, then can in LEAF equipment the synchronous user road By.Specifically, local ip address in LEAF equipment can be compared and the host address that receives migrates extended community category The value of property, forwarding surface is issued by the forwarding-table item for the less address of value that extended community attribute can be migrated in the two.If the two It can migrate that the value of extended community attribute is identical, then the forwarding-table item of the rear address to LEAF equipment can preferentially be come into force.
In the present embodiment, it is only a kind of example to set the extended community attribute of migrating in host address, can also be adopted Generate forwarding-table item in other ways.If exist and the main frame for example, receiving in the LEAF equipment of the host address The forwarding-table item of the network segment identical local ip address of address, the existing forwarding-table item can be deleted, then using the master received Machine address regenerates corresponding forwarding-table item.
The address distribution method of the present embodiment, user by itself remote access specific region network with from specific region net Inside network equipment access can be assigned to identical IP address, advantageously ensure that specific region network it is inside and outside just Normal open is believed.Further, be advantageous to bind user and IP address, follow IP address to migrate the access rights of user.It is not required to IP address and the security domain of user are redistributed according to the access place difference of user.
Fig. 5 shows the flow chart of the address distribution method according to another embodiment of the disclosure.As shown in figure 5, this method can So that applied in gateway device, this method can include:
Step 501, gateway device send the first DHCP message, the first DHCP reports by VXLAN tunnels to controller The text gateway device is sent when user remotely accesses specific region network by itself, in first DHCP message Carry the identity information of the user, tunnel of the VXLAN tunnels between the controller and the gateway device;
Step 502, gateway device receive the second DHCP message of the controller reply, institute by the VXLAN tunnels Stating the second DHCP message includes IP address corresponding to the user;
IP address corresponding to the user is distributed to the user by step 503, gateway device.
In a kind of possible implementation, IP address corresponding to the user is with including the first IP address or the 2nd IP Location;When first IP address is that the user remotely accesses specific region network by itself, the controller is according to local The first corresponding relation preserved is the IP address of user distribution;Second IP address is that the user is long-range by itself When accessing specific region network, the controller request Dynamic Host Configuration Protocol server is that the user distributes untapped IP address.
Also include being used to represent that the user is carried out in a kind of possible implementation, in first DHCP message The VXLAN network identifiers of VPN access service;The VXLAN network identifiers are used to indicate that the controller is the user Distribute the first IP address corresponding with the user locally preserved.
As shown in fig. 6, in step 601, first equipment of the gateway device into specific region network is issued as the use The IP address of family distribution, the IP address of user's distribution is issued as from first equipment to each second equipment, with described Forwarding-table item corresponding with the IP address distributed for the user is generated in second equipment.
For example, as shown in fig. 7, gateway device is issued as by Routing Protocol to the first equipment such as SPINE equipment User A distribution IP address, from SPINE equipment by EVPN to each LEAF equipment be issued as user A distribution IP address, with Forwarding-table item corresponding with the IP address distributed for user A is generated in LEAF equipment.Wherein, gateway device can will be user A Extended community attribute of migrating in the IP address of distribution is arranged to limit priority, for example, being arranged to 0.
The IP address identical local ip address in (if receiving the host address) LEAF equipment with being distributed for user A Forwarding-table item be not directed to SPINE equipment, then the local ip address and the IP address distributed for the user are moved The value for extended community attribute of moving.The forwarding-table item for the less address of value that extended community attribute can be migrated in the two is issued into forwarding Face.If the two value that can migrate extended community attribute is identical, the forwarding-table item of the rear address to LEAF equipment is preferentially given birth to Effect.
In addition, as shown in fig. 6, in step 602, gateway device is detecting the user from the case that VPN is offline, Indicate that first equipment issues BGP (the order Gateway for cancelling EVPN synchronization routings to each second equipment Protocol, Border Gateway Protocol) route messages.As shown in fig. 7, after the VPN GW notice SPINE equipment user A is offline, SPINE equipment can issue BGP routes to all EVPN far-end neighbors (each LEAF equipment being such as connected with the SPINE equipment) Message, to cancel EVPN synchronization routings.
Fig. 7 shows the application scenarios schematic diagram in the address distribution method according to the embodiment of the disclosure one.As shown in fig. 7, In the disclosure, increase a kind of interaction mechanism newly, accessing user's certification is done in SSLVPN accessing gateway equipment (i.e. VPN GW) Termination operation.And the acquisition of dhcp address is done in local gateway simultaneously.By building between SSLVPN and Director (controller) Special VXLAN tunnels are found to connect, directly can remove applied address to Dynamic Host Configuration Protocol server.If use was done inside garden before Family A login is reached the standard grade, then Director (controller) has user's A log-on messages above.Now to the SSLVPN accessing users, When then carrying out response with IP address logged inside garden, and carrying out VXLAN encapsulation to the IP address simultaneously, in DHCP Do special marking (such as VNI is arranged to 65535) in the head of VXLAN encapsulated messages.Special marking is done when VPN GW are received During IP address in DHCP VXLAN encapsulated messages, to garden internal network issue the main frame of IP address by EVPN agreements Route, ensure that the communication in garden and outside garden is normal.
Fig. 8 shows the flow chart of the address distribution method according to another embodiment of the disclosure.As shown in figure 8, with reference to Fig. 7, The address distribution method can include:
After step 801, user A reach the standard grade inside garden, accessed by VXLAN dynamic access point (such as LEAF equipment) Director, IP address, such as 100.1.1.2/32 are obtained from Dynamic Host Configuration Protocol server (can be integrated in Director).Simultaneously Director can record user A and the corresponding relation of the IP address for user A distribution.
VXLAN tunnels are established between step 802, Director and access SPINE equipment (root device) and VPN GW.Should VXLAN tunnels are the passages for being authenticated to the user for accessing VPN and address is distributed.Can on SPINE and VPN GW To carry out VNI 65535 setting, the business represented by the VNI 65535 can refer in particular to user and carry out VPN access service.
Step 803, when user A by SSLVPN access VPN GW when, the user A is recognized above with VPN in GW Card.Such as whether certification user A account and password are correct, if certification passes through the message for the VPN that can terminate.Then, weight Newly encapsulate the message in above-mentioned VXLAN tunnels, with to Director application inside IP address (i.e. DHCP VXLAN encapsulated messages). After Director is receiving the DHCP VXLAN encapsulated messages with VNI 65535 from VPN GW, garden can be inquired about Area inside local user and the corresponding relation for distributing IP address., can be straight if inquiring the corresponding relation of the user A Meet the user A that the IP address in the corresponding relation is distributed to VPN accesses.If inquiring about the corresponding relation less than the user A, A new IP address is distributed for user A.And it is possible to preserve the IP address and user A pair in Director local synchronizations It should be related to, when logging in (VXLAN) (by LEAF equipment) inside garden so as to subsequent user A with can using identical IP Location.
, can be according to original while IP address 100.1.1.2/32 is distributed to user A by step 804, Director XLAN tunnels corresponding to VNI 65535 are sent to VPN GW equipment.VPN GW equipment is receiving the VXLAN of Director transmissions It is encapsulated as after 65535 DHCP offer (offer) messages, then IP address 100.1.1.2/32 is distributed into user A as VPN The IP address of access.
User A is assigned to IP address 100.1.1.2/32 and (is referred to as host address, master above step 805, VPN GW Machine route etc.) after, address 100.1.1.2/32 is distributed to by SPINE equipment by Routing Protocol.The address is also simultaneously Director distributes to the IP address of VPN accessing users.So when SPINE equipment receives the address, directly pass through EVPN The address (32 Host routes) is released.Simultaneously because the address is the route for being distributed to outer net, then can be in EVPN It is middle that the extended community attribute of migrating of the address is arranged to 0, it is limit priority group attribute.Wherein, VPN GW can be first The extended community attribute of migrating of the address is arranged to 0, then issues SPINE equipment.
All LEAF access points (being referred to as LEAF equipment, leaf equipment etc.) are receiving inside step 806, garden After IP address 100.1.1.2/32 synchronous EVPN, forwarding-table item corresponding to the IP address is locally generated.If local deposit In IP address 100.1.1.2/32 forwarding-table item (being properly termed as local forwarding-table item), and local forwarding-table item do not imply that to SPINE equipment, then relatively the two (for the IP address and local ip address of user A distribution) migrates extended community attribute Value, forwarding surface is issued with the list item of small person.If the value that can migrate extended community attribute is identical, the ground of LEAF access points is arrived afterwards Preferentially come into force location.
If step 807, VPN accessing users are offline, issued for example from SPINE equipment to all EVPN far-end neighbors BGP route messages, to cancel EVPN synchronization routings.
The address distribution method of the present embodiment, VPN user's dynamic access VXLAN networkings DHCP is increased newly and has obtained IP address Function, and Director has been increased newly to user and the binding function of distribution IP address.For follow-up same subscriber, in different ways When accessing VXLAN networkings, the IP address distribution of distribution identical provides possibility.In this manner it is ensured that VXLAN/EVPN dynamics connect In the case of entering networking, user can be assigned to identical IP address inside and outside garden, be advantageous to bind user with IP address, use The access rights at family can follow IP address to migrate.Need not be again different according to the access place of user, redistribute user IP and the security domain of user.The address distribution method of the present embodiment, SPINE equipment are issued as VPN by EVPN to LEAF equipment The IP address of accessing user's distribution, the function that EVPN inserts Host routes for VPN accessing users to EVPN is increased newly.In addition, The address distribution method of the present embodiment, in LEAF equipment on pair and the forwarding-table item of the IP address identical local ip address received It is updated, has increased EVPN newly for the VPN accessing users function synchronous with the forwarding-table item of Intranet same subscriber.So, have Beneficial to the Intranet for ensureing VXLAN networkings and the proper communication of outer net.
Fig. 9 shows the structural representation of the address distributing device according to the embodiment of the disclosure one.As shown in figure 9, the address Distributor can include:
First receiving module 11, for receive that gateway device sends by virtual expansible LAN VXLAN tunnels the One DHCP message, wherein, first DHCP message is that the gateway device remotely accesses specific region in user by itself Sent during network, the identity information of the user is carried in first DHCP message, the VXLAN tunnels are the control Tunnel between device and the gateway device;
Enquiry module 13, for whether preserving corresponding with the user first according to identity information inquiry is local IP address;
First sending module 15, in Query Result in the case of being, by the VXLAN tunnels to the gateway The DHCP message of device replied second, second DHCP message include first IP address, and second DHCP message is used for Indicate that first IP address is distributed to the user by the gateway device.
In a kind of possible implementation, as shown in Figure 10, the device can also include:
Second sending module 21, in the case of being no in Query Result, request Dynamic Host Configuration Protocol server is the user point With untapped second IP address, and by the VXLAN tunnels the 3rd DHCP message is replied to the gateway device, described the Three DHCP messages include second IP address, and the 3rd DHCP message is used to indicate the gateway device by the 2nd IP The user is distributed in address, and records the second corresponding relation of the user and the second IP address, to cause in the user Can be user distribution described second according to second corresponding relation when being accessed by the equipment in the network of specific region IP address.
In a kind of possible implementation, as shown in Figure 10, the device can also include:
Request module 22, in the case of being accessed as the user by the equipment in the network of specific region, ask institute State Dynamic Host Configuration Protocol server and distribute untapped IP address for the user;
Logging modle 23, for the IP address that will be distributed for the user accessed by the equipment in the network of specific region As first IP address, and record the first corresponding relation of the user and first IP address.
Also include being used to represent that the user is carried out in a kind of possible implementation, in first DHCP message The VXLAN network identifiers of VPN access service;The VXLAN network identifiers are used to indicate that the controller is the user Distribute the first IP address corresponding with the user locally preserved.
Figure 11 shows the structural representation of the address distributing device according to another embodiment of the disclosure.As shown in figure 11, should Address distributing device can include:
3rd sending module 31, for sending the first DHCP message, the first DHCP to controller by VXLAN tunnels The message gateway device is sent when user remotely accesses specific region network by itself, first DHCP message The middle identity information for carrying the user, tunnel of the VXLAN tunnels between the controller and the gateway device;
Second receiving module 33, for receiving the second DHCP message of the controller reply by the VXLAN tunnels, Second DHCP message includes IP address corresponding to the user;
First distribute module 35, for IP address corresponding to the user to be distributed into the user.
In a kind of possible implementation, IP address corresponding to the user is with including the first IP address or the 2nd IP Location;When first IP address is that the user remotely accesses specific region network by itself, the controller is according to local The first corresponding relation preserved is the IP address of user distribution;Second IP address is that the user is long-range by itself When accessing specific region network, the controller request Dynamic Host Configuration Protocol server is that the user distributes untapped IP address.
In a kind of possible implementation, the VXLAN network identifiers are used to indicate that the controller is the use The first IP address corresponding with the user that family distribution locally preserves.
In a kind of possible implementation, as shown in figure 12, the device can also include:
3rd receiving module 41, for receiving the second DHCP message from the controller by the VXLAN tunnels, Second DHCP message includes the controller in the case where the user is accessed by the equipment in the network of specific region, The Dynamic Host Configuration Protocol server is asked to distribute untapped IP address for the user;
Second distribute module 43, for second IP address to be distributed into the user.
In a kind of possible implementation, as shown in figure 12, the device can also include:
Release module 45, the IP address of user's distribution is issued as the first equipment into specific region network, The IP address of user distribution is issued as from first equipment to each second equipment, with generated in second equipment with For forwarding-table item corresponding to the IP address of user distribution.
In a kind of possible implementation, as shown in figure 12, the device can also include:
Module 49 is cancelled, for detecting the user from the case that VPN is offline, indicating first equipment to each Second equipment issues the BGP route messages for cancelling EVPN synchronization routings.
On each device in above-described embodiment, wherein modules perform the concrete mode of operation in the relevant party It is described in detail in the embodiment of method, explanation will be not set forth in detail herein.
Using the address distributing device of the embodiment of the present disclosure, by itself remote access specific region network with from given zone The equipment access of domain network internal can be assigned to identical IP address, advantageously ensure that the inside and outside of specific region network Proper communication.Further, be advantageous to bind user and IP address, follow IP address to migrate the access rights of user. IP address and the security domain of user need not be redistributed according to the access place difference of user.
It is described above the presently disclosed embodiments, described above is exemplary, and non-exclusive, and It is not limited to disclosed each embodiment.In the case of without departing from the scope and spirit of illustrated each embodiment, for this skill Many modifications and changes will be apparent from for the those of ordinary skill in art field.The selection of term used herein, purport The principle of each embodiment, practical application or technological improvement to the technology in market are best being explained, or is leading this technology Other those of ordinary skill in domain are understood that each embodiment disclosed herein.

Claims (18)

  1. A kind of 1. address distribution method, it is characterised in that including:
    Controller receives the first DHCP message of gateway device transmission by virtual expansible LAN VXLAN tunnels, wherein, institute State the first DHCP message gateway device to send when user remotely accesses specific region network by itself, described the Carry the identity information of the user in one DHCP message, the VXLAN tunnels be the controller and the gateway device it Between tunnel;
    Whether the controller preserves the first IP address corresponding with the user according to identity information inquiry is local;
    In the case where Query Result is to be, the controller replys second by the VXLAN tunnels to the gateway device DHCP message, second DHCP message include first IP address, and second DHCP message is used to indicate the gateway First IP address is distributed to the user by equipment.
  2. 2. according to the method for claim 1, it is characterised in that also include:
    In the case where Query Result is no, the controller request Dynamic Host Configuration Protocol server is user distribution untapped second IP address, and the 3rd DHCP message is replied to the gateway device by the VXLAN tunnels, the 3rd DHCP message includes Second IP address, the 3rd DHCP message are used to indicating that the gateway device distributes to second IP address described User, and the second corresponding relation of the user and the second IP address is recorded, to pass through specific region net in the user When equipment in network accesses, the controller can be according to second corresponding relation for user distribution the 2nd IP Location.
  3. 3. according to the method for claim 1, it is characterised in that also include:
    In the case that the user is accessed by the equipment in the network of specific region, request Dynamic Host Configuration Protocol server is the user point With untapped IP address, the controller will be the IP of the user distribution accessed by the equipment in the network of specific region Address records the first corresponding relation of the user and first IP address as first IP address.
  4. 4. according to the method in any one of claims 1 to 3, it is characterised in that
    Also include being used for the VXLAN network identifiers for representing that the user carries out VPN access service in first DHCP message;
    The VXLAN network identifiers are used to indicate that the controller is locally preserving with the user couple for user distribution The first IP address answered.
  5. A kind of 5. address distribution method, it is characterised in that including:
    Gateway device sends the first DHCP message by VXLAN tunnels to controller, and first DHCP message is the gateway What equipment was sent when user remotely accesses specific region network by itself, carry the user in first DHCP message Identity information, tunnel of the VXLAN tunnels between the controller and the gateway device;
    The second DHCP message that the gateway device is replied by the VXLAN tunnels reception controller, described second DHCP message includes IP address corresponding to the user;
    IP address corresponding to the user is distributed to the user by the gateway device.
  6. 6. according to the method for claim 5, it is characterised in that IP address corresponding to the user include the first IP address or Second IP address;
    When first IP address is that the user remotely accesses specific region network by itself, the controller is according to local The first corresponding relation preserved is the IP address of user distribution;
    When second IP address is that the user remotely accesses specific region network by itself, the controller asks DHCP Server is that the user distributes untapped IP address.
  7. 7. the method according to claim 5 or 6, it is characterised in that also include being used to represent in first DHCP message The user carries out the VXLAN network identifiers of VPN access service;
    The VXLAN network identifiers are used to indicate that the controller is locally preserving with the user couple for user distribution The first IP address answered.
  8. 8. the method according to any one of claim 5 to 7, it is characterised in that also include:
    First equipment of the gateway device into specific region network is issued as the IP address of user distribution, by described the One equipment is issued as the IP address of user's distribution to each second equipment, to be generated and for the use in second equipment Forwarding-table item corresponding to the IP address of family distribution.
  9. 9. the method according to any one of claim 5 to 8, it is characterised in that also include:
    The gateway device is detecting the user from the case that VPN is offline, and the first equipment of instruction is under each second equipment Hair is in the BGP route messages of revocation EVPN synchronization routings.
  10. A kind of 10. address distributing device, it is characterised in that including:
    First receiving module, for receiving the first DHCP of gateway device transmission by virtual expansible LAN VXLAN tunnels Message, wherein, first DHCP message is the gateway device when user remotely accesses specific region network by itself Send, the identity information of the user is carried in first DHCP message, the VXLAN tunnels are controller and the net Close the tunnel between equipment;
    Enquiry module, for being inquired about locally with whether preserving first IP corresponding with the user according to the identity information Location;
    First sending module, in the case of being in Query Result, returned by the VXLAN tunnels to the gateway device Multiple second DHCP message, second DHCP message include first IP address, and second DHCP message is used to indicate institute State gateway device and first IP address is distributed into the user.
  11. 11. device according to claim 10, it is characterised in that also include:
    Second sending module, in the case of being no in Query Result, request Dynamic Host Configuration Protocol server is that user distribution does not make Second IP address, and the 3rd DHCP message, the 3rd DHCP are replied to the gateway device by the VXLAN tunnels Message includes second IP address, and the 3rd DHCP message is used to indicate the gateway device by second IP address point User described in dispensing, and the second corresponding relation of the user and the second IP address is recorded, to pass through spy in the user , can be according to second corresponding relation when determining the equipment access in Local Area Network for user distribution the 2nd IP Location.
  12. 12. device according to claim 10, it is characterised in that also include:
    Request module, in the case of being accessed as the user by the equipment in the network of specific region, ask DHCP service Device is that the user distributes untapped IP address;
    Logging modle, for regarding the IP address distributed as the user accessed by the equipment in the network of specific region as institute The first IP address is stated, and records the first corresponding relation of the user and first IP address.
  13. 13. the device according to any one of claim 10 to 12, it is characterised in that
    Also include being used for the VXLAN network identifiers for representing that the user carries out VPN access service in first DHCP message;
    The VXLAN network identifiers are used to indicate that the controller is locally preserving with the user couple for user distribution The first IP address answered.
  14. A kind of 14. address distributing device, it is characterised in that including:
    3rd sending module, for sending the first DHCP message to controller by VXLAN tunnels, first DHCP message is What gateway device was sent when user remotely accesses specific region network by itself, in first DHCP message described in carrying The identity information of user, tunnel of the VXLAN tunnels between the controller and the gateway device;
    Second receiving module, for receiving the second DHCP message that the controller replys by the VXLAN tunnels, described the Two DHCP messages include IP address corresponding to the user;
    First distribute module, for IP address corresponding to the user to be distributed into the user.
  15. 15. device according to claim 14, it is characterised in that IP address corresponding to the user includes the first IP address Or second IP address;
    When first IP address is that the user remotely accesses specific region network by itself, the controller is according to local The first corresponding relation preserved is the IP address of user distribution;
    When second IP address is that the user remotely accesses specific region network by itself, the controller asks DHCP Server is that the user distributes untapped IP address.
  16. 16. the device according to claims 14 or 15, it is characterised in that also include being used for table in first DHCP message Show that the user carries out the VXLAN network identifiers of VPN access service;
    The VXLAN network identifiers are used to indicate that the controller is locally preserving with the user couple for user distribution The first IP address answered.
  17. 17. the device according to any one of claim 14 to 16, it is characterised in that also include:
    Release module, the IP address of user's distribution is issued as the first equipment into specific region network, by described First equipment is issued as the IP address of user's distribution to each second equipment, to be generated in second equipment with being described Forwarding-table item corresponding to the IP address of user's distribution.
  18. 18. the device according to any one of claim 14 to 17, it is characterised in that also include:
    Module is cancelled, for detecting the user from the case that VPN is offline, the first equipment of instruction is under each second equipment Hair is in the BGP route messages of revocation EVPN synchronization routings.
CN201710686367.7A 2017-08-11 2017-08-11 Address allocation method and device Active CN107547351B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710686367.7A CN107547351B (en) 2017-08-11 2017-08-11 Address allocation method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710686367.7A CN107547351B (en) 2017-08-11 2017-08-11 Address allocation method and device

Publications (2)

Publication Number Publication Date
CN107547351A true CN107547351A (en) 2018-01-05
CN107547351B CN107547351B (en) 2020-07-07

Family

ID=60970259

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710686367.7A Active CN107547351B (en) 2017-08-11 2017-08-11 Address allocation method and device

Country Status (1)

Country Link
CN (1) CN107547351B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109921944A (en) * 2019-03-21 2019-06-21 青岛铁木真软件技术有限公司 Network boundary control method and device for industry internet
CN110601881A (en) * 2019-09-04 2019-12-20 厦门网宿有限公司 Two-layer private network system, configuration method and equipment
CN113595847A (en) * 2021-07-21 2021-11-02 上海淇玥信息技术有限公司 Remote access method, system, device and medium
CN113765904A (en) * 2021-08-26 2021-12-07 新华三大数据技术有限公司 Authentication method and device
CN113885307A (en) * 2021-10-12 2022-01-04 广东安朴电力技术有限公司 SVG parallel machine redundancy control method, SVG control method and SVG control system
WO2023280186A1 (en) * 2021-07-07 2023-01-12 中兴通讯股份有限公司 Cross-device link aggregation message processing method and system, switch, and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105592062A (en) * 2015-10-28 2016-05-18 杭州华三通信技术有限公司 Method and device for remaining IP address unchanged
CN105763671A (en) * 2016-04-27 2016-07-13 杭州华三通信技术有限公司 IP address distribution method and apparatus
CN106059888A (en) * 2016-07-29 2016-10-26 浪潮(北京)电子信息产业有限公司 IP (Internet Protocol) address assignment method and device based on open network operating system
CN106302861A (en) * 2016-09-27 2017-01-04 杭州华三通信技术有限公司 A kind of address distribution method and device
US20170195225A1 (en) * 2015-05-08 2017-07-06 Cisco Technology, Inc. Dynamic host configuration protocol relay in a multipod fabric
CN107094110A (en) * 2017-04-19 2017-08-25 新华三技术有限公司 A kind of DHCP message retransmission method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170195225A1 (en) * 2015-05-08 2017-07-06 Cisco Technology, Inc. Dynamic host configuration protocol relay in a multipod fabric
CN105592062A (en) * 2015-10-28 2016-05-18 杭州华三通信技术有限公司 Method and device for remaining IP address unchanged
CN105763671A (en) * 2016-04-27 2016-07-13 杭州华三通信技术有限公司 IP address distribution method and apparatus
CN106059888A (en) * 2016-07-29 2016-10-26 浪潮(北京)电子信息产业有限公司 IP (Internet Protocol) address assignment method and device based on open network operating system
CN106302861A (en) * 2016-09-27 2017-01-04 杭州华三通信技术有限公司 A kind of address distribution method and device
CN107094110A (en) * 2017-04-19 2017-08-25 新华三技术有限公司 A kind of DHCP message retransmission method and device

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109921944A (en) * 2019-03-21 2019-06-21 青岛铁木真软件技术有限公司 Network boundary control method and device for industry internet
CN109921944B (en) * 2019-03-21 2021-12-14 青岛铁木真软件技术有限公司 Network boundary control method and device for industrial internet
CN110601881A (en) * 2019-09-04 2019-12-20 厦门网宿有限公司 Two-layer private network system, configuration method and equipment
CN110601881B (en) * 2019-09-04 2021-10-22 厦门网宿有限公司 Two-layer private network system, configuration method and equipment
WO2023280186A1 (en) * 2021-07-07 2023-01-12 中兴通讯股份有限公司 Cross-device link aggregation message processing method and system, switch, and storage medium
CN113595847A (en) * 2021-07-21 2021-11-02 上海淇玥信息技术有限公司 Remote access method, system, device and medium
CN113765904A (en) * 2021-08-26 2021-12-07 新华三大数据技术有限公司 Authentication method and device
CN113765904B (en) * 2021-08-26 2023-03-31 新华三大数据技术有限公司 Authentication method and device
CN113885307A (en) * 2021-10-12 2022-01-04 广东安朴电力技术有限公司 SVG parallel machine redundancy control method, SVG control method and SVG control system

Also Published As

Publication number Publication date
CN107547351B (en) 2020-07-07

Similar Documents

Publication Publication Date Title
CN107547351A (en) Address distribution method and device
CN105978708B (en) The system and method for vCPE virtualization enterprise network is realized based on NFV
CN104780088B (en) A kind of transmission method and equipment of service message
CN103139037B (en) For realizing the method and apparatus of VLAN flexibly
US10931575B2 (en) Multi-tenant virtual private network based on an overlay network
EP3376712B1 (en) Method and apparatus for implementing communication between virtual machines
CN102577256B (en) For the method and apparatus of transparent cloud computing in virtual network infrastructure situation
US8407366B2 (en) Interconnecting members of a virtual network
CN104052666B (en) The method and apparatus for realizing host routing reachable
CN102882758B (en) Method, network side equipment and the data center apparatus of virtual private cloud access network
CN109716717A (en) From software-defined network controller management virtual port channel switching equipment peer-to-peer
CN102447752B (en) Service access method, system and device based on layer 2 tunnel protocol (L2TP)
CN108075956A (en) A kind of data processing method and device
CN107959654A (en) A kind of data transmission method, device and mixing cloud system
CN105577723B (en) Virtualize the method and apparatus that load balancing is realized in network
CN107113219A (en) VLAN marks in virtual environment
CN104506404B (en) The method and apparatus for establishing VLAN forwarding channel
CN107666419B (en) Virtual broadband access method, controller and system
CN104350467A (en) Elastic enforcement layer for cloud security using SDN
CN111612466B (en) Consensus and resource transmission method, device and storage medium
CN107493297B (en) VxLAN tunnel access authentication method
CN107241454B (en) A kind of method, apparatus that realizing address administration, aaa server and SDN controller
CN108199963A (en) Message forwarding method and device
CN106899478B (en) Method for realizing resource elastic expansion of power test service through cloud platform
CN102546349B (en) A kind of message forwarding method and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant