CN107566237B - Data message processing method and device - Google Patents

Data message processing method and device Download PDF

Info

Publication number
CN107566237B
CN107566237B CN201610514793.8A CN201610514793A CN107566237B CN 107566237 B CN107566237 B CN 107566237B CN 201610514793 A CN201610514793 A CN 201610514793A CN 107566237 B CN107566237 B CN 107566237B
Authority
CN
China
Prior art keywords
message
port
domain
vlan
processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610514793.8A
Other languages
Chinese (zh)
Other versions
CN107566237A (en
Inventor
张平平
陈志伟
孙军欢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen ZTE Technical Service Co.,Ltd.
Original Assignee
Shenzhen Zte Technical Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Zte Technical Service Co ltd filed Critical Shenzhen Zte Technical Service Co ltd
Priority to CN201610514793.8A priority Critical patent/CN107566237B/en
Priority to PCT/CN2017/090326 priority patent/WO2018001242A1/en
Publication of CN107566237A publication Critical patent/CN107566237A/en
Application granted granted Critical
Publication of CN107566237B publication Critical patent/CN107566237B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks

Abstract

The embodiment of the invention provides a data message processing method and a device, wherein an SDN domain VLAN identification and a traditional domain VLAN identification are configured under a port in advance, and after a message transmitted by the port is received, a processing mode aiming at the message is determined according to VLAN information carried in the message and the VLAN identification configured under the corresponding port. By the method, the same port on the network equipment can simultaneously process the service of the SDN domain and the service of the traditional domain, and corresponding ports do not need to be respectively set for the service of the SDN domain and the service of the traditional domain, so that the port resources of the network equipment are saved, and the optimal configuration of the resources is realized.

Description

Data message processing method and device
Technical Field
The present invention relates to the field of communications devices, and in particular, to a method and an apparatus for processing a data packet.
Background
In a network in a conventional IT (Internet Technology ) architecture, after the network is deployed and brought online according to service requirements, if the service requirements change, IT is a very tedious matter to modify the configuration on corresponding network devices (routers, switches, firewalls). In the service environment of the internet/mobile internet, the high stability and the high performance of the network are not enough to meet the service requirement, but the flexibility and the agility of the equipment configuration are more critical.
Therefore, an SDN (Software Defined Network) arises, the SDN is a novel Network innovation architecture and is an implementation manner of Network virtualization, and a core technology OpenFlow separates a control plane and a data plane of a Network device, so that flexible control of Network traffic is realized, and a Network becomes more intelligent as a pipeline. What SDN does is to separate the control rights on the network devices, manage them by a centralized controller, and shield the differences from the underlying network devices without relying on the underlying network devices (routers, switches, firewalls). Meanwhile, under the framework of the SDN, the control right of the network equipment is completely opened, and a user can customize any network routing and transmission rule strategy to be realized according to the expectation of the user, so that the network becomes more flexible and intelligent.
Although the advantages of the SDN network architecture are obvious and the future development trend of the network is more biased towards the SDN, the application of the conventional domain service is still wider at present, and the SDN does not completely replace the conventional IT network architecture. Therefore, during the transition from the conventional IT network architecture to the SDN network architecture, a network device is required to process the traffic of the conventional domain while having SDN forwarding capability. Therefore, dual-mode forwarding of the traditional service plane and the SDN service plane is realized on one network device.
In the prior art, the method for realizing the dual-mode forwarding effect is as follows: planning is made on an SDN switch in advance, and the planned ports are SDN ports for processing SDN domain services and traditional ports for processing traditional domain services. Once the planning is completed, the traffic that a port can carry has been determined: the SDN port can only process SDN domain services, when the SDN port receives an unknown unicast message, the message is transmitted to the CPU, the CPU packages the message and then sends the message to the controller, and the controller determines the forwarding processing rule of the message. However, the conventional port only relates to the conventional domain service, and if the conventional port of the SDN switch receives a data packet, the data packet is flooded.
Although the above scheme enables one switch to process services of the SDN domain and services of the conventional domain simultaneously, the SDN switch and the conventional switch are simply physically fused, and the SDN domain services and the conventional domain services are still isolated through ports, which is not favorable for optimal configuration of resources and is not flexible enough for network application.
Disclosure of Invention
The embodiment of the invention provides a data message processing method and a device, which mainly solve the technical problems that: the method solves the problems that in the prior art, when the dual-mode service processing of the network equipment is realized, the network equipment in the SDN domain is simply physically fused with the port of the traditional network equipment, and the port of the network equipment cannot be multiplexed, so that the resource utilization rate is low and the network flexibility is low.
To solve the foregoing technical problem, an embodiment of the present invention provides a message processing method, including:
receiving a message transmitted by a port of network equipment, wherein an SDN domain VLAN identification and a traditional domain VLAN identification are simultaneously configured below the port, and the message carries VLAN information;
and determining a processing mode aiming at the message according to the VLAN information carried in the message and the VLAN identification configured under the port, and carrying out corresponding processing on the message.
An embodiment of the present invention further provides a packet processing apparatus, including:
the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving a message transmitted by a port of network equipment, an SDN domain VLAN identification and a traditional domain VLAN identification are simultaneously configured below the port, and the message carries VLAN information;
and the processing module is used for determining a processing mode aiming at the message according to the VLAN information carried in the message and the VLAN identification configured under the port and carrying out corresponding processing on the message.
The embodiment of the invention also provides a computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions are used for executing any one of the message processing methods.
The invention has the beneficial effects that:
according to the message processing method, device and computer storage medium provided by the embodiment of the invention, the SDN domain VLAN identification and the traditional domain VLAN identification are configured under the port in advance, and after the message transmitted by the port is received, the processing mode aiming at the message is determined according to the VLAN information carried in the message and the VLAN identification configured under the corresponding port. By the method, the same port on the network equipment can simultaneously process the service of the SDN domain and the service of the traditional domain, and corresponding ports do not need to be respectively set for the service of the SDN domain and the service of the traditional domain, so that the port resources of the network equipment are saved, and the optimal configuration of the resources is realized.
Drawings
Fig. 1 is a flowchart of a message processing method according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a process of processing a data packet of an unknown unicast in an SDN domain according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a process of processing a data packet of an unknown unicast in an SDN domain according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a message processing apparatus according to a second embodiment of the present invention;
fig. 5 is a schematic structural diagram of a switch according to a third embodiment of the present invention;
fig. 6 is a flowchart of a switch processing a message according to a third embodiment of the present invention;
fig. 7 is an application scenario diagram of a message processing method according to a third embodiment of the present invention.
Detailed Description
The following describes embodiments of the present invention in further detail with reference to the accompanying drawings.
The first embodiment is as follows:
in the prior art, when the dual-mode forwarding effect is realized, the service borne by each port of the network equipment can only be solidified in a planning stage, so that the port action of the network equipment is rigid, flexible service cannot be provided for a user, more importantly, the port for processing the SDN domain service is separated from the port for processing the traditional domain service, and the method greatly wastes port resources and is not beneficial to the optimal configuration of resources. Accordingly, the present embodiment provides a message processing method, please refer to fig. 1:
s102, receiving a message transmitted by a network equipment port.
The network device in this embodiment may be a switch or a router. The SDN domain VLAN id and the legacy domain VLAN id may be configured at the same time under a port of the network device, for example, the SDN domain VLAN id configured for one port of the network device is VLAN3 to VLAN9, and the VLAN id of the legacy domain is VLAN13 to VLAN 19. This indicates that the port can handle SDN domain traffic from VLAN3 to VLAN9, and can also handle legacy domain traffic from VLAN13 to VLAN 19. It is understood that the VLAN id of the SDN domain and the VLAN id of the legacy domain should be different under the same port.
The message at least should include VLAN information of the message, and the VLAN information may be used to determine a processing method for the message according to a VLAN identifier configured on a port receiving the message.
S104, determining a processing mode aiming at the message according to the VLAN information carried in the message and the VLAN identification configured under the port for transmitting the message, and carrying out corresponding processing on the message.
In the network device, a hardware forwarding table stores some message forwarding rules corresponding to destination information, where the destination information includes a destination IP or a destination MAC address of a message. Taking destination information as an IP address as an example, for a message with destination information of "125.120.218.106", the forwarding rule stored in the hardware forwarding table is transmitted from the port 4; for example, the destination information is a MAC address, and a packet with a destination MAC of "00-01-6C-06-a 6-29" is output from port7 of the network device. Therefore, after a port of the network device receives a message, the port can query the message destination information carried in the message to the hardware forwarding table, and if the forwarding rule corresponding to the message destination information is found to be recorded in the hardware forwarding table, the network device can directly transmit the message according to the forwarding rule in the hardware forwarding table. For those messages that cannot be queried from the hardware forwarding table to the forwarding rule, that is, those messages that have no forwarding rule recorded in the hardware forwarding table, we refer to the messages as "unknown unicast".
In the working principle of the switch, when the switch is started, the hardware forwarding table is empty, so if the host a sends a message to the host B through the switch at this time, when the switch receives the message, it cannot be determined on which port the host B is (because the hardware forwarding table does not have the MAC or IP address of the host B), so that the message is an unknown unicast message.
For an unknown unicast message, the traditional domain processing method is to perform Flooding (Flooding) processing on the message. Flooding is a data stream delivery technique used by switches and bridges to route data streams received by an interface out of all but that interface.
The virtual forwarding instance of the message is obtained according to the VLAN information carried in the message, the virtual forwarding instance corresponds to the VLAN information in the message, and at the same time, it also corresponds to a port configured with a VLAN identifier corresponding to the VLAN information, and the correspondence between the virtual forwarding instance and the port may be one-to-one, but more cases are one-to-many. For example, VLAN information carried in one message is VLAN3, and a virtual forwarding instance a may be obtained according to VLAN3, where the virtual forwarding instance a corresponds to all ports configured with the VLAN identifier of VLAN3 in the network device. Therefore, the information of all ports with VLAN3 id in the network device can be obtained through the virtual forwarding instance as an intermediary. For example, in the network device, port 1, port7, and port 8 all have VLAN3, which is a VLAN identifier, so port 1, port7, and port 8 are all ports associated with VLAN information in a packet, and these ports may also be used as flooding outlets of the packet.
The processing mode of the SDN domain on the unknown unicast message is slightly different from that of the traditional domain, the SDN port generally encapsulates the message by using a protocol of the SDN domain, and then transmits the encapsulated message to the controller, and the controller performs processing calculation according to a series of algorithms to determine a forwarding processing rule for the message. Then, after receiving the forwarding processing rule issued by the controller, the message can be correspondingly forwarded according to the forwarding processing rule.
In the prior art, each port of a network device only processes one type of service, either the service of an SDN domain or the service of a traditional domain, so each port only receives a relevant packet of the service that can be processed by the port. In this embodiment, because one port is configured with both the SDN domain VLAN id and the legacy domain VLAN id, one port can carry two types of services, namely, the SDN domain and the legacy domain, and thus, a packet received by a port of a network device in this embodiment may not be a packet of the SDN domain alone or a packet of the legacy domain alone. However, the processing modes for these two types of messages are very different. Therefore, in this embodiment, after receiving a packet transmitted by a port of a network device, it is necessary to determine a processing manner for the packet, and it should be understood that determining the processing manner for the packet actually distinguishes the type of the packet.
Firstly, assuming that a port of the network equipment is configured with SDN domain VLANs of the VLANs 3-9 and traditional domain VLANs of the VLANs 13-19; on this basis, if the VLAN information carried in the packet received by the port is VLAN1, the network device cannot process the packet, and therefore, the packet can be directly discarded.
If the VLAN information carried in the received message is VLAN7, further determining whether the message is an unknown unicast data message. Judging whether a packet is an unknown unicast data packet can be mainly divided into two processes:
firstly, judging whether the message is a data message. This determination may be made based on the protocol identification and access control list contained in the message. Any one of the messages carries a protocol identifier, if a message is a data message, the message may carry a relatively common TCP protocol identifier or UDP protocol identifier, and if the message is a protocol message, the protocol identifier carried by the message is no longer the common TCP protocol identifier or UDP protocol identifier. The access control list stores the protocol identifier of the specific type, and after the protocol identifier carried in the message is obtained, the protocol identifier can be searched in the access control list to determine whether the protocol identifier carried in the message exists in the access control list. If the access control list has the protocol identification carried by the message, the message is indicated to be a protocol message, the processing mode of the protocol message is simpler, the protocol message can be controlled to be directly sent to a CPU of the network equipment, and the CPU sends the protocol message to a protocol stack module in the network equipment for processing; if the access control list does not have the corresponding protocol identification, the message is a data message.
And secondly, judging whether the message is an unknown unicast message. The hardware forwarding table has been described above, in which forwarding rules of messages sent to destinations are stored in units of destination information. Therefore, when a message is received, whether the destination information carried in the message exists can be searched in a hardware forwarding table according to the destination information carried in the message, if yes, the message is not an unknown unicast message, and the network equipment can directly carry out ordinary forwarding processing; if the destination information carried by the packet does not exist in the hardware forwarding table, it indicates that the network device does not currently know to which specific port the packet should be forwarded, and therefore, the packet belongs to an unknown unicast packet.
It can be understood that, in this embodiment, the process of determining that the packet is a data packet and determining that the packet is an unknown unicast packet has no strict timing limitation. The determination may be performed sequentially or simultaneously.
After determining that the packet belongs to the unknown unicast data packet, it may be determined whether the packet belongs to the SDN domain or the legacy domain according to the VLAN information in the packet and the VLAN identifier under the port transmitting the packet. The determining method may be matching VLAN information in the packet with a VLAN identifier of an SDN domain under a port, and if the matching is successful, it indicates that the packet belongs to the SDN domain, and if the matching is unsuccessful, it indicates that the packet belongs to a conventional domain. Similarly, the VLAN information of the packet may be matched with a traditional domain VLAN identifier under the port, and if the matching is successful, the packet is indicated to belong to the traditional domain, otherwise, the packet belongs to the SDN domain.
The messages belonging to the SDN domain can be processed according to the processing mode of the SDN domain to the unknown unicast data messages. The processing flow of the SDN domain on the unknown unicast data packet may refer to fig. 2:
and S202, encapsulating the message by using a protocol of the SDN domain and transmitting the encapsulated message to the controller.
Generally, after an unknown unicast data packet of a packet belonging to an SDN domain is determined, the packet is uploaded to a protocol stack module in a network device, and an SDN protocol stack in the protocol stack module encapsulates the packet according to an SDN domain protocol, adds an upper layer protocol label, and transmits the packet to a controller. The SDN protocol mainly includes OpenFlow and the like.
And S204, receiving a processing table aiming at the message sent by the controller.
The controller, upon receiving the encapsulated message, determines how the message should be sent to its destination according to a series of algorithms or processing rules. These forwarding rules are included in the processing table and sent to the network device.
S206, forwarding the message according to the processing table and updating the information contained in the processing table to a hardware forwarding table.
After the processing table is obtained, the message may be sent according to the forwarding rule included in the processing table, for example, if the message indicating that the destination information is a in the processing table should be sent out through the port 3 of the network device, the message is transmitted to the port 3 according to the indication. For all data messages with destination information a in the SDN domain, the data messages can be sent out from the port 3 according to the forwarding rule in the future, so that, in order to facilitate subsequent network devices to process subsequent messages, the processing table can be updated into a hardware forwarding table, and when a message with destination information a in the same manner appears again in the subsequent process, the message can be processed according to the forwarding rule corresponding to the destination information a.
The messages belonging to the traditional domain can be processed according to the processing mode of the traditional domain to the unknown unicast data messages. The processing flow of the unknown unicast data packet by the conventional domain may refer to fig. 3:
s302, obtaining a corresponding virtual forwarding instance according to the VLAN information contained in the message.
In a network device, for example, in a switch, a switch chip may obtain a virtual forwarding instance from a forwarding control module, and if VLAN identifiers of ports are different in one switch, the virtual forwarding instance may be obtained only according to VLAN information included in a message. If two ports of a switch are an SDN port and a conventional port respectively, and the two ports are configured with the same VLAN identifier, when a virtual forwarding instance is obtained, the virtual forwarding instance may be obtained according to VLAN information in a message and identifier information of a port that receives the message, so that a forwarding control module determines whether the message is received by the SDN port or the conventional port according to the identifier information of the port, thereby allocating the virtual forwarding instance to the message according to an actual situation.
S304, determining a port as the message flooding outlet according to the virtual forwarding example.
The virtual forwarding instance corresponds to the VLAN information in the message, and at the same time, it also corresponds to the port configured with the VLAN identifier corresponding to the VLAN information, and the correspondence between the virtual forwarding instance and the port may be one-to-one, but more often, one-to-many.
In a processing mode of an unknown unicast data message in an SDN domain, a protocol in the SDN domain is used to perform encapsulation processing on the message, and the process of the encapsulation processing is generally executed by a CPU of a network device, so that when it is determined that the message belongs to the unknown unicast data message in the SDN domain, the message may also be sent to a forwarding control module to obtain a corresponding virtual forwarding instance, but the virtual forwarding instance indicates that a flooding outlet of the message is the CPU.
S306, flooding the message to the determined ports.
In the above description, the present invention provides a scheme for configuring the same VLAN identifier for the SDN port and the conventional port, and in the scheme, the same VLAN identifier is configured for different ports, so that VLAN resources can be effectively saved, and the resource utilization rate can be improved.
In the network device, after receiving a packet, a switching chip at a bottom layer reports MAC information or routing information of the packet to upper layer software, and the upper layer software processes the MAC information or routing information. Therefore, in this embodiment, after receiving the learning message, it may be determined whether the learning message is in the SDN domain first, and if yes, the learning message is discarded directly, and if not, the learning message is handed to upper layer software for processing.
In the message processing method provided in this embodiment, an SDN domain VLAN identifier and a conventional domain VLAN identifier may be configured at the same time in one port, and when a message transmitted by the port is received, a processing mode for the message is determined according to VLAN information carried in the message and the VLAN identifier configured in the corresponding port. By the method, the same port on the network equipment can simultaneously process the service of the SDN domain and the service of the traditional domain, and corresponding ports do not need to be respectively arranged for the service of the SDN domain and the service of the traditional domain, so that the port resources of the network equipment are saved, the optimal configuration of the resources is realized, and the improvement of the network application flexibility is facilitated.
Example two:
referring to fig. 4, the message processing apparatus 40 shown in fig. 4 includes a receiving module 402 and a processing module 404.
The receiving module 402 is configured to receive a packet transmitted by a port of a network device.
The network device in this embodiment may be a switch or a router. The SDN domain VLAN id and the legacy domain VLAN id may be configured at the same time under a port of the network device, for example, the SDN domain VLAN id configured for one port of the network device is VLAN3 to VLAN9, and the VLAN id of the legacy domain is VLAN13 to VLAN 19. This indicates that the port can handle SDN domain traffic from VLAN3 to VLAN9, and can also handle legacy domain traffic from VLAN13 to VLAN 19. It is understood that the VLAN id of the SDN domain and the VLAN id of the legacy domain should be different under the same port.
The message at least should include VLAN information of the message, and the VLAN information may be used to determine a processing method for the message according to a VLAN identifier configured on a port receiving the message.
The processing module 404 determines a processing mode for the packet according to the VLAN information carried in the packet and the VLAN identifier configured at the port where the packet is transmitted, and performs corresponding processing on the packet.
In the network device, a hardware forwarding table stores some message forwarding rules corresponding to destination information, where the destination information includes a destination IP or a destination MAC address of a message. Taking destination information as an IP address as an example, for a message with destination information of "125.120.218.106", the forwarding rule stored in the hardware forwarding table is transmitted from the port 4; for example, the destination information is a MAC address, and a packet with a destination MAC of "00-01-6C-06-a 6-29" is output from port7 of the network device. Therefore, after a port of the network device receives a message, the port can query the message destination information carried in the message to the hardware forwarding table, and if the forwarding rule corresponding to the message destination information is found to be recorded in the hardware forwarding table, the network device can directly transmit the message according to the forwarding rule in the hardware forwarding table. For those messages that cannot be queried from the hardware forwarding table to the forwarding rule, that is, those messages that have no forwarding rule recorded in the hardware forwarding table, we refer to the messages as "unknown unicast".
In the working principle of the switch, when the switch is started, the hardware forwarding table is empty, so if the host a sends a message to the host B through the switch at this time, when the switch receives the message, it cannot be determined on which port the host B is (because the hardware forwarding table does not have the MAC or IP address of the host B), so that the message is an unknown unicast message.
For an unknown unicast message, the traditional domain processing method is to perform Flooding (Flooding) processing on the message. Flooding is a data stream delivery technique used by switches and bridges to route data streams received by an interface out of all but that interface.
The virtual forwarding instance of the message is obtained according to the VLAN information carried in the message, the virtual forwarding instance corresponds to the VLAN information in the message, and at the same time, it also corresponds to a port configured with a VLAN identifier corresponding to the VLAN information, and the correspondence between the virtual forwarding instance and the port may be one-to-one, but more cases are one-to-many. For example, VLAN information carried in one message is VLAN3, and a virtual forwarding instance a may be obtained according to VLAN3, where the virtual forwarding instance a corresponds to all ports configured with the VLAN identifier of VLAN3 in the network device. Therefore, the information of all ports with VLAN3 id in the network device can be obtained through the virtual forwarding instance as an intermediary. For example, in the network device, port 1, port7, and port 8 all have VLAN3, which is a VLAN identifier, so port 1, port7, and port 8 are all ports associated with VLAN information in a packet, and these ports may also be used as flooding outlets of the packet.
The processing mode of the SDN domain on the unknown unicast message is slightly different from that of the traditional domain, the SDN port generally encapsulates the message by using a protocol of the SDN domain, and then transmits the encapsulated message to the controller, and the controller performs processing calculation according to a series of algorithms to determine a forwarding processing rule for the message. Then, after receiving the forwarding processing rule issued by the controller, the message can be correspondingly forwarded according to the forwarding processing rule.
In the prior art, each port of a network device only processes one type of service, either the service of an SDN domain or the service of a traditional domain, so each port only receives a relevant packet of the service that can be processed by the port. In this embodiment, because one port is configured with both the SDN domain VLAN id and the legacy domain VLAN id, one port can carry two types of services, namely, the SDN domain and the legacy domain, and thus, a packet received by a port of a network device in this embodiment may not be a packet of the SDN domain alone or a packet of the legacy domain alone. However, the processing modes for these two types of messages are very different. Therefore, in this embodiment, after receiving a packet transmitted by a port of a network device, it is necessary to determine a processing manner for the packet, and it should be understood that determining the processing manner for the packet actually distinguishes the type of the packet.
Firstly, assuming that a port of the network equipment is configured with SDN domain VLANs of the VLANs 3-9 and traditional domain VLANs of the VLANs 13-19; on this basis, if the VLAN information carried in the packet received by the port is VLAN1, the network device cannot process the packet, and therefore, the packet can be directly discarded.
If the VLAN information carried in the received message is VLAN7, further determining whether the message is an unknown unicast data message. Judging whether a packet is an unknown unicast data packet can be mainly divided into two processes:
firstly, judging whether the message is a data message. This determination may be made based on the protocol identification and access control list contained in the message. Any one of the messages carries a protocol identifier, if a message is a data message, the message may carry a relatively common TCP protocol identifier or UDP protocol identifier, and if the message is a protocol message, the protocol identifier carried by the message is no longer the common TCP protocol identifier or UDP protocol identifier. The access control list stores the protocol identifier of the specific type, and after the protocol identifier carried in the message is obtained, the protocol identifier can be searched in the access control list to determine whether the protocol identifier carried in the message exists in the access control list. If the access control list has the protocol identification carried by the message, the message is indicated to be a protocol message, the processing mode of the protocol message is simpler, the protocol message can be controlled to be directly sent to a CPU of the network equipment, and the CPU sends the protocol message to a protocol stack module in the network equipment for processing; if the access control list does not have the corresponding protocol identification, the message is a data message.
And secondly, judging whether the message is an unknown unicast message. The hardware forwarding table has been described above, in which forwarding rules of messages sent to destinations are stored in units of destination information. Therefore, when a message is received, whether the destination information carried in the message exists can be searched in a hardware forwarding table according to the destination information carried in the message, if yes, the message is not an unknown unicast message, and the network equipment can directly carry out ordinary forwarding processing; if the destination information carried by the packet does not exist in the hardware forwarding table, it indicates that the network device does not currently know to which specific port the packet should be forwarded, and therefore, the packet belongs to an unknown unicast packet.
It can be understood that, in this embodiment, the process of determining that the packet is a data packet and determining that the packet is an unknown unicast packet has no strict timing limitation. The determination may be performed sequentially or simultaneously.
After determining that the packet belongs to the unknown unicast data packet, it may be determined whether the packet belongs to the SDN domain or the legacy domain according to the VLAN information in the packet and the VLAN identifier under the port transmitting the packet. The determining method may be matching VLAN information in the packet with a VLAN identifier of an SDN domain under a port, and if the matching is successful, it indicates that the packet belongs to the SDN domain, and if the matching is unsuccessful, it indicates that the packet belongs to a conventional domain. Similarly, the VLAN information of the packet may be matched with a traditional domain VLAN identifier under the port, and if the matching is successful, the packet is indicated to belong to the traditional domain, otherwise, the packet belongs to the SDN domain.
For those packets belonging to the SDN domain, the processing module 404 may process the unknown unicast data packet according to a processing manner of the SDN domain:
the processing module 404 encapsulates the packet using the SDN domain protocol and transmits the encapsulated packet to the controller.
Generally, after determining that a packet belongs to an unknown unicast data packet in the SDN domain, the processing module 404 may send the packet to a protocol stack module in the network device, package the packet according to the SDN domain protocol by an SDN protocol stack in the protocol stack module, add an upper layer protocol label, and transmit the packet to the controller. The SDN protocol mainly includes OpenFlow and the like.
The controller, upon receiving the encapsulated message, determines how the message should be sent to its destination according to a series of algorithms or processing rules. These forwarding rules are included in the processing table and sent to the network device. The processing module 404 receives a processing table for the message sent by the controller.
The processing module 404 forwards the packet according to the processing table and updates the information contained in the processing table to the hardware forwarding table.
After the processing module 404 obtains the processing table, it may send out the message according to the forwarding rule included in the processing table, for example, if the message indicating that the destination information is a in the processing table should be sent out through the port 3 of the network device, the message is transmitted to the port 3 according to the indication. For all data packets whose destination information in the SDN domain is a, the data packets may be sent out from the port 3 according to the forwarding rule in the future, so that, in order to facilitate processing of subsequent packets by subsequent network devices, the processing module 404 may update the processing table into a hardware forwarding table, and when a packet whose destination information is also a appears again in the subsequent process, the packet may be processed according to the forwarding rule corresponding to the destination information a.
For packets belonging to the legacy domain, the processing module 404 may process the unknown unicast data packet according to the processing manner of the legacy domain:
the processing module 404 obtains the corresponding virtual forwarding instance according to the VLAN information included in the packet.
In a network device, for example, in a switch, a switch chip may obtain a virtual forwarding instance from a forwarding control module, and if VLAN identifiers of ports are different in one switch, the virtual forwarding instance may be obtained only according to VLAN information included in a message. If two ports of a switch are an SDN port and a conventional port respectively, and the two ports are configured with the same VLAN identifier, when a virtual forwarding instance is obtained, the virtual forwarding instance may be obtained according to VLAN information in a message and identifier information of a port that receives the message, so that a forwarding control module determines whether the message is received by the SDN port or the conventional port according to the identifier information of the port, thereby allocating the virtual forwarding instance to the message according to an actual situation.
The virtual forwarding instance corresponds to the VLAN information in the message, and at the same time, it also corresponds to the port configured with the VLAN identifier corresponding to the VLAN information, and the correspondence between the virtual forwarding instance and the port may be one-to-one, but more often, one-to-many. The processing module 404 determines the port as the outlet of the message flooding according to the virtual forwarding instance.
In a processing mode of an unknown unicast data message in an SDN domain, a protocol in the SDN domain is used to perform encapsulation processing on the message, and the process of the encapsulation processing is generally executed by a CPU of a network device, so that when it is determined that the message belongs to the unknown unicast data message in the SDN domain, the message may also be sent to a forwarding control module to obtain a corresponding virtual forwarding instance, but the virtual forwarding instance indicates that a flooding outlet of the message is the CPU.
Finally, the processing module 404 floods the message to the determined ports.
In the above description, the present invention provides a scheme for configuring the same VLAN identifier for the SDN port and the conventional port, and in the scheme, the same VLAN identifier is configured for different ports, so that VLAN resources can be effectively saved, and the resource utilization rate can be improved.
In the network device, after receiving a packet, a switching chip at a bottom layer reports MAC information or routing information of the packet to upper layer software, and the upper layer software processes the MAC information or routing information. Therefore, in this embodiment, after receiving the learning message, the processing module 404 may first determine whether the learning message is in the SDN domain, if so, directly discard the learning message, and if not, give the learning message to upper layer software for processing.
The message processing apparatus 40 provided in this embodiment may be deployed on a switch or a router, where the receiving module 402 may be implemented by a switch chip in the switch or the router, and the processing module 404 may be implemented by the switch chip in the switch or the router and a CPU together. In this embodiment, the controller may be a physical device or an application running on a general-purpose server.
The message processing apparatus 40 provided in this embodiment may configure an SDN domain VLAN identifier and a conventional domain VLAN identifier at the same time in one port, and when a message transmitted by the port is received, determine a processing mode for the message according to VLAN information carried in the message and the VLAN identifier configured in the corresponding port. By the method, the same port on the network equipment can simultaneously process the service of the SDN domain and the service of the traditional domain, and corresponding ports do not need to be respectively arranged for the service of the SDN domain and the service of the traditional domain, so that the port resources of the network equipment are saved, the optimal configuration of the resources is realized, and the improvement of the network application flexibility is facilitated.
Example three:
the message processing method in the first embodiment and the message processing apparatus provided in the second embodiment are described below with reference to specific examples, where the network device in this embodiment takes a switch as an example, but it should be understood by those skilled in the art that the network device may also be a router, and fig. 5 shows a schematic structural diagram of the switch in this embodiment:
the switch 5 includes a switch chip 51 and a CPU52, and the switch chip 51 receives a message transmitted by an external device through a port. The switch provides a configuration interface from which a user can issue a configuration for the switch 5, for example, the user can configure both a VLAN id of an SDN domain and a VLAN id of a legacy domain at one port 511 of the switch chip 5.
The following describes the processing of the packet by the switch in this embodiment with reference to fig. 6:
s601, port 511 receives the message.
After the port 511 receives the message, the switch chip 51 may extract the VLAN information included in the message.
S602, the switch chip 51 determines whether the extracted VLAN information exists in the configuration of the port 511.
If yes, S603 is executed, and if not, S604 is executed.
S603, the switch chip 51 determines whether the packet is a data packet.
If the VLAN identifier corresponding to the VLAN information carried in the packet exists under the port 511, it can be determined whether the packet is a data packet according to the protocol identifier and the access control list included in the packet. If so, go to S605, otherwise, go to S606.
And S604, the switching chip 51 discards the message.
If the VLAN information carried in the packet is not configured under the port 511, the switch cannot process the packet, and therefore, the packet can be directly discarded.
S605, the switch chip 51 determines whether the packet is an unknown unicast packet.
If the packet is a data packet, it needs to further determine whether the data packet is an unknown unicast packet according to the hardware forwarding table and the destination information carried in the packet, if so, S607 is executed, otherwise, S608 is executed.
S606, the switch chip 51 sends the message to the CPU.
If the message is not a data message, the message is a protocol message, the processing mode of the protocol message is simple, and the protocol message can be controlled to be directly sent to a CPU of the network equipment.
S607, the switch chip 51 determines whether the packet belongs to the SDN domain according to the VLAN information in the packet and the VLAN id under the port transmitting the packet.
When the determination is made, the VLAN information in the packet may be matched with a VLAN identifier of an SDN domain under a port, if the matching is successful, the packet is indicated to belong to the SDN domain, and if the matching is unsuccessful, the packet is indicated to belong to a conventional domain.
And S608, the switching chip 51 forwards the message according to the hardware forwarding table.
If the switching chip 51 determines that the forwarding rule of the message destination information is already recorded in the hardware forwarding table, the forwarding process can be directly performed according to the corresponding forwarding rule.
And S609, the exchange chip floods the message.
And if the judgment result shows that the message belongs to the SDN domain, the message can be reported to the CPU. During reporting, if the message belongs to a two-layer service, the reporting is performed according to an Access Control List (ACL), and if the message belongs to a three-layer service, the reporting is performed through a route. If the judgment result is negative, the message belongs to the traditional domain, and the message can be directly flooded according to the processing mode of the traditional domain to the unknown unicast data message.
S610, the CPU judges whether the message belongs to the SDN domain according to the VLAN information in the message and the VLAN identification under the port for transmitting the message.
Since the messages reported to the CPU are not all unknown unicast data messages in the SDN domain, but may also be protocol messages in the conventional domain, the CPU needs to perform a determination before performing the encapsulation processing, and if the determination result is yes, S611 is executed.
S611, the CPU packages the message by using the SDN domain protocol.
A common encapsulation protocol may be performed using the OpenFlow protocol.
And S612, the CPU sends the message to the controller 6.
Upon receipt of the encapsulated message, the controller 6 determines how the message should be sent to its destination according to a series of algorithms or processing rules. These forwarding rules are included in the processing table and sent to the forwarding control module in the CPU.
S613, forwarding the message according to the forwarding rule issued by the controller, and updating the hardware forwarding table.
Fig. 7 is an application scenario of the message processing method provided in this embodiment: the server 71 and the server 72 respectively access the network device 73 and the network device 74 through a single network card, a connection port between the server 71 and the network device 74 is an SDN port, forwarding control of service traffic of the server 71 and the server 72 is controlled to access an SDN control plane, meanwhile, access of the server 71 and the server 72 to a storage network is also controlled through an SDN instance port, but the traffic of the part is not controlled by an SDN controller. Since the servers 71 and 72 are accessed through a single network card, the interfaces between the network device 73 and the network device 74 and the servers 71 and 72 are connected through both the SDN control plane and the conventional plane control plane.
The message processing method and the message processing device provided by the embodiment can realize that the same port is controlled by a traditional protocol layer and a controller, so that port resources are saved, and meanwhile, the application flexibility of the SDN switch in some scenes is greatly improved.
It will be apparent to those skilled in the art that the modules or steps of the embodiments of the invention described above may be implemented in a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented in program code executable by a computing device, such that they may be stored on a computer storage medium (ROM/RAM, magnetic disk, optical disk) and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The foregoing is a more detailed description of embodiments of the present invention, and the present invention is not to be considered limited to such descriptions. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (4)

1. A message processing method comprises the following steps:
receiving a message transmitted by a port of network equipment, wherein an SDN domain VLAN identification and a traditional domain VLAN identification are simultaneously configured below the port, and the message carries VLAN information;
determining that the message is an unknown unicast data message; determining that the message belongs to an SDN domain or a traditional domain according to the VLAN information in the message and the VLAN identifier under the port; processing the message according to a processing mode of an unknown unicast data message of an SDN domain or a traditional domain;
wherein the processing the packet according to the processing mode of the data packet of the unknown unicast of the traditional domain comprises:
when a port of a traditional domain and a port of an SDN domain have the same VLAN identification, acquiring a corresponding virtual forwarding instance according to VLAN information contained in the message and identification information of the port receiving the message, wherein the port identification information is used for representing that the port receiving the message is a traditional domain port or an SDN domain port; the virtual forwarding instance is used for determining a flooding outlet of the message according to the VLAN information, and the flooding outlet is a port configured with a VLAN identifier corresponding to the VLAN information; and flooding the message to each port.
2. The message processing method according to claim 1, wherein the processing the message according to the processing manner of the data message of the unknown unicast in the SDN domain comprises:
packaging the message by utilizing a protocol of an SDN domain and transmitting the message to a controller;
receiving a processing table aiming at the message and sent by the controller, wherein the processing table comprises destination information of the message and a message forwarding rule corresponding to the destination information;
and forwarding the message according to the processing table, updating information contained in the processing table to a hardware forwarding table, and determining that the message does not belong to an unknown unicast message when destination information carried in the message exists in the hardware forwarding table.
3. The message processing method of claim 1, wherein the determining that the message is an unknown unicast data message comprises:
extracting protocol identification and destination information contained in the message, wherein the destination information comprises any one of an MAC address and a route;
searching the protocol identification in an access control list;
searching the destination information in a hardware forwarding table;
if the access control list does not contain the protocol identification and the hardware forwarding table does not contain the destination information, the message is judged to be a data message of unknown unicast.
4. A message processing apparatus, comprising:
the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving a message transmitted by a port of network equipment, an SDN domain VLAN identification and a traditional domain VLAN identification are simultaneously configured below the port, and the message carries VLAN information;
the processing module is used for determining that the message is an unknown unicast data message; determining that the message belongs to an SDN domain or a traditional domain according to the VLAN information in the message and the VLAN identifier under the port; processing the message according to a processing mode of an unknown unicast data message of an SDN domain or a traditional domain; wherein the processing the packet according to the processing mode of the data packet of the unknown unicast of the traditional domain comprises: when a port of a traditional domain and a port of an SDN domain have the same VLAN identification, acquiring a corresponding virtual forwarding instance according to VLAN information contained in the message and identification information of the port receiving the message, wherein the port identification information is used for representing that the port receiving the message is a traditional domain port or an SDN domain port; the virtual forwarding instance is used for determining a flooding outlet of the message according to the VLAN information, and the flooding outlet is a port configured with a VLAN identifier corresponding to the VLAN information; and flooding the message to each port.
CN201610514793.8A 2016-06-30 2016-06-30 Data message processing method and device Active CN107566237B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610514793.8A CN107566237B (en) 2016-06-30 2016-06-30 Data message processing method and device
PCT/CN2017/090326 WO2018001242A1 (en) 2016-06-30 2017-06-27 Data-message processing method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610514793.8A CN107566237B (en) 2016-06-30 2016-06-30 Data message processing method and device

Publications (2)

Publication Number Publication Date
CN107566237A CN107566237A (en) 2018-01-09
CN107566237B true CN107566237B (en) 2021-06-29

Family

ID=60785835

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610514793.8A Active CN107566237B (en) 2016-06-30 2016-06-30 Data message processing method and device

Country Status (2)

Country Link
CN (1) CN107566237B (en)
WO (1) WO2018001242A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495370B (en) * 2018-12-29 2020-11-24 瑞斯康达科技发展股份有限公司 Message transmission method and device based on VPLS
CN110830371B (en) * 2019-11-13 2022-04-05 迈普通信技术股份有限公司 Message redirection method and device, electronic equipment and readable storage medium
CN113497799B (en) * 2020-04-08 2022-09-16 维沃移动通信有限公司 Protocol architecture determination method, device and equipment
CN113079030B (en) * 2020-05-29 2022-05-24 新华三信息安全技术有限公司 Configuration information issuing method and access equipment
CN114205185B (en) * 2020-09-16 2023-03-24 厦门网宿有限公司 Proxy method and device for control message
CN115225585A (en) * 2021-04-14 2022-10-21 华为技术有限公司 DCN message processing method, network equipment and system
CN113452593B (en) * 2021-06-10 2022-06-03 烽火通信科技股份有限公司 Method and device for coexistence of OLT VXLAN and multiple slices
CN116319619A (en) * 2021-12-07 2023-06-23 中兴通讯股份有限公司 Network processing module, data processing method, network node and storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100553220C (en) * 2007-08-22 2009-10-21 杭州华三通信技术有限公司 A kind of method and apparatus of realizing that downlink user is isolated in the VLAN
US9729425B2 (en) * 2012-11-29 2017-08-08 Futurewei Technologies, Inc. Transformation and unified control of hybrid networks composed of OpenFlow switches and other programmable switches
US9450823B2 (en) * 2013-08-09 2016-09-20 Nec Corporation Hybrid network management
CN103763146B (en) * 2014-01-29 2017-05-17 新华三技术有限公司 Soft defined network controller and transmission information generating method of soft defined network controller
CN105429870B (en) * 2015-11-30 2018-10-02 北京瑞和云图科技有限公司 VXLAN security gateway devices under SDN environment and its application process
CN105357099A (en) * 2015-12-18 2016-02-24 南京优速网络科技有限公司 Implementation method of VPN (virtual private network) on basis of SDN (software defined network)

Also Published As

Publication number Publication date
CN107566237A (en) 2018-01-09
WO2018001242A1 (en) 2018-01-04

Similar Documents

Publication Publication Date Title
CN107566237B (en) Data message processing method and device
US11929945B2 (en) Managing network traffic in virtual switches based on logical port identifiers
CN105376154B (en) Gradual MAC address learning
EP3210345B1 (en) Transparent network service header path proxies
US9331936B2 (en) Switch fabric support for overlay network features
US10374972B2 (en) Virtual flow network in a cloud environment
Bakshi Considerations for software defined networking (SDN): Approaches and use cases
US20160301603A1 (en) Integrated routing method based on software-defined network and system thereof
EP2544409B1 (en) Generic monitoring packet handling mechanism for OpenFlow 1.1
US10038627B2 (en) Selective rule management based on traffic visibility in a tunnel
US20200186465A1 (en) Multi-site telemetry tracking for fabric traffic using in-band telemetry
CN104410541B (en) The method and device that VXLAN internal layer virtual machine traffics are counted in intermediary switch
EP3197107B1 (en) Message transmission method and apparatus
CN105791214B (en) Method and equipment for converting RapidIO message and Ethernet message
WO2013185715A1 (en) Method for implementing virtual network and virtual network
CN106936777A (en) Cloud computing distributed network implementation method based on OpenFlow, system
US9900238B2 (en) Overlay network-based original packet flow mapping apparatus and method therefor
CN105051688A (en) Extended tag networking
CN102334112A (en) Method and system for virtual machine networking
WO2016128834A1 (en) Method and system for identifying an outgoing interface using openflow protocol
EP2883123B1 (en) Forwarding packet in stacking system
WO2016128833A1 (en) Method and system for identifying an incoming interface using openflow protocol
WO2017157206A1 (en) Method of interconnecting cloud data centers, and device
US20180359181A1 (en) Ethernet frame transmission method in software defined networks (sdn)
CN111193644A (en) vBRAS service transmission method, device, terminal equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200622

Address after: 518057 Zhongxing building, A3-01, A3-02, Nanshan District hi tech Industrial Park, Shenzhen, Guangdong

Applicant after: Shenzhen ZTE Technical Service Co.,Ltd.

Address before: 518057 Nanshan District science and Technology Industrial Park, Guangdong high tech Industrial Park, ZTE building

Applicant before: ZTE Corp.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant