CN108259292A - Establish the method and device in tunnel - Google Patents
Establish the method and device in tunnel Download PDFInfo
- Publication number
- CN108259292A CN108259292A CN201611248613.2A CN201611248613A CN108259292A CN 108259292 A CN108259292 A CN 108259292A CN 201611248613 A CN201611248613 A CN 201611248613A CN 108259292 A CN108259292 A CN 108259292A
- Authority
- CN
- China
- Prior art keywords
- router
- information
- address
- mark
- retransmission unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
This application provides a kind of methods for establishing tunnel, can improve the flexibility of tunnel building.In this method method, controller receives the request message that the first router is sent, and the request message includes the mark of the second private net address and the first router;The controller is according to the second mapping item and second private net address, obtain the second public network IP address and the second tunnel information, second mapping item includes second private net address, second public network IP address and second tunnel information, second public network IP address is the public network IP address that the second router is assigned, and second tunnel information is the tunnel information of the second router;The controller sends the first response message, first response message includes second public network IP address and second tunnel information according to the mark of the first router to the first router.
Description
Technical field
This application involves the communications field more particularly to a kind of method and devices for establishing tunnel.
Background technology
Router is both provided between the general headquarters of enterprise and the office of enterprise, to ensure doing for the general headquarters of enterprise and enterprise
Communication before at thing.Each router can connect one or more private networks.As shown in Figure 1, R1, R2 and R3 are provided in
Different cities or the router in area.R1, R2 and R3 connect one or more private networks respectively, for example R1 connections first are privately owned
Network, R2 the second private networks of connection, R3 connection third private networks.If the first private network that R1 is connected is enterprise
Private network used by general headquarters, the equipment in third private network will communicate with the equipment in the second private network, then R2 with
It needs to establish a tunnel, such as third tunnel between R3.Specifically, R2 and R1 establishes the first tunnel, such as R2 according in advance
Public network Internet protocol (Internet Protocol, IP) address of the R1 of configuration, the first tunnel is established with R1.R2 passes through
One tunnel communicates with R1, obtains the public network IP address of the R3 of router as a purpose.Similarly, R3 and R1 establishes the second tunnel, and
It is communicated by the second tunnel with R1, to obtain the public network IP address of the R2 of router as a purpose.R2 and R3 are utilized respectively purpose
The public network IP address of router establishes third tunnel.R2 and R3 can be communicated by the third tunnel of foundation.
In the above method, as establishing centered on process needs for the third tunnel between the R2 and R3 of branch office router
The participation of the R1 of router, and need to complete the foundation in second tunnel in the first tunnel before the foundation in third tunnel.It is needing
In the case that interactive private network is more, R1 is needed to receive the request message that each branch office router is sent and be provided corresponding
Information increases the load of R1, reduces the flexibility of tunnel building.
Invention content
The embodiment of the present application provides a kind of method and device for establishing tunnel, can improve the flexibility of tunnel building.
In a first aspect, a kind of method for establishing tunnel is provided, the method includes:Controller receives the first router hair
The request message sent, the request message include the mark of the second private net address and the first router;The controller root
According to the second mapping item and second private net address, the second public network IP address and the second tunnel information are obtained, described second reflects
Firing table item includes second private net address, second public network IP address and second tunnel information, second public network
IP address is the public network IP address that the second router is assigned, and second tunnel information is the tunnel of the second router
Road information;The controller sends the first response message, institute according to the mark of the first router to the first router
It states the first response message and includes second public network IP address and second tunnel information.
In the above method, controller can be handled the request message for the router for administering different private networks, be asked
The first router for establishing tunnel establishes the second public network IP address and the second tunnel information needed for tunnel.In this way, the control
Device can flexibly control the foundation in tunnel between the router in different private networks, help to improve the flexibility of tunnel building.
Wherein, the address of host in the private network that second private net address is administered by the second router.Described
The public network IP address that two routers are assigned can be dynamic host configuration protocol (Dynamic Host Configuration
Protocol, DHCP) server pass through DHCP protocol be the second router distribute IP address.Second public network IP
The IP address that location can also be other servers or equipment is the second router distribution.The second router is available
Assigned second public network IP address, passes through Asymmetrical Digital Subscriber Line (asymmetric digital
Subscriber line, ADSL) circuit, ethernet line or Radio Link transmission data or information.The second router
Tunnel information is information of the second router as Ingress node or the tunnel of Egress node.
Wherein, the mark of the first router is to be used for identifying the information of the first router on the controller.
The mark of the second router is to be used for identifying the information of the second router on the controller.
Optionally, the controller sends the first sound according to the mark of the first router to the first router
Before answering message, the method further includes:The controller obtains the mark of the second router from second mapping item
Know, second mapping item further includes the mark of the second router;The controller is according to the first router
The mark of mark and the second router, searches communication strategy, and the communication strategy includes the N number of routing that can be communicated
The mark of device, N are the integer more than or equal to 2, and the mark of N number of router includes mark and the institute of the first router
State the mark of the second router;The controller determines the first router and second tunnel according to the communication strategy
By that can communicate between device;
The controller sends first response to the first router and disappears according to the mark of the first router
Breath includes:The controller is determining based on what can be communicated between the first router and the second router, root
According to the mark of the first router first response message is sent to the first router.
Wherein, the communication strategy is in identical communication authority for identifying N number of router, i.e., described identical
Communication authority expression can communicate, and the expression of different communication authorities is forbidden communicating.By the setting of communication strategy, have
Help the safety for improving communication and the leakage for avoiding confidential information.
Optionally, the controller also can be used other modes determine the first router and the second router it
Between can communicate.Such as:The controller can determine the power of the first router according to the mark of the first router
Limit, the permission of the first router can represent the safe class of the first router.The controller can be according to described
The mark of two routers, determines the permission of the second router, and the permission of the second router can represent second tunnel
By the safe class of device.The controller determines that the permission of the first router and the permission of the second router are all higher than
Preset safe class, it is determined that can communicate between the first router and the second router.
Optionally, after the controller receives the request message that the first router is sent, the method further includes:It is described
Controller is according to the first mapping item and the mark of the first router, with obtaining the first private net address section, the first public network IP
Location and the first tunnel information, first mapping item include the first private net address section, first public network IP address, institute
The mark of the first tunnel information and the first router is stated, first public network IP address is assigned for the first router
Public network IP address, first tunnel information is the tunnel information of the first router, and the first private net address section is
The address field that the private network that the first router is administered is assigned;The controller obtains described from second mapping item
The mark of the second router, second mapping item further include the mark of the second router;The controller is according to institute
The mark of the second router is stated, sends the second response message to the second router, second response message includes described
First private net address section, first public network IP address and first tunnel information.
In the above method, the controller can also be after the request message for receiving the first router, by described
The end-to-end router of one router establishes the first public network IP address, the first tunnel information and the first private net address section needed for tunnel
The end-to-end router is sent to, the end-to-end router is above-mentioned the second router.
Wherein, any private net address that the first private net address includes, such as the first private net address are the first router
The address of host in the private network administered.The public network IP address that the first router is assigned can be that Dynamic Host Configuration Protocol server passes through
DHCP protocol is the IP address of the first router distribution.First public network IP address can also be other servers or
Equipment is the IP address of the first router distribution.The first router is with can utilizing assigned first public network IP
Location passes through adsl line, ethernet line or Radio Link transmission data or information.The tunnel information of the first router is
Information of the first router as Ingress node or the tunnel of Egress node.
Optionally, before the controller receives the request message that the first router is sent, the method further includes:It is described
Controller receives the third information that the second router is sent, and the third information includes the second private net address section and described the
The mark of two routers, the address field that the private network that the second private net address section is administered by the second router is assigned,
The second private net address section includes second private net address;The controller receives the 4th that the second router is sent
Information, the 4th information include the mark of second public network IP address, second tunnel information and the second router
Know;The controller generates second mapping item, second mapping according to the third information and the 4th information
List item further includes the second private net address section.
Optionally, before the controller receives the request message that the first router is sent, the method further includes:It is described
Controller receives the first information that the first router is sent, and the first information includes first public network IP address, institute
State the mark of the first tunnel information and the first router;The controller receives the second letter that the first router is sent
Breath, second information include the mark of the first private net address section and the first router;The controller is according to institute
The first information and second information are stated, generates first mapping item.
Second aspect provides a kind of method for establishing tunnel, the method includes:The first router is sent to controller
Request message, the request message include the mark of the second private net address and the first router, second private net address
It is the address in the address field being assigned in the private network that the second router is administered;The first router receives the controller
The response message of transmission, the response message include the second public network IP address and the second tunnel information, second public network IP
Location is the public network IP address that the second router is assigned, and second tunnel information is the tunnel letter of the second router
Breath;The first router utilizes second public network IP address and second tunnel information, and the first message is packaged,
The second message is obtained, first message includes second private net address, and second message includes second public network IP
Address, second tunnel information and second private net address;The first router sends institute to the second router
State the second message.
In the above method, the first router directly to controller ask for establishing tunnel required information, without to
The router solicitation for serving as role of manager in private network simplifies the road for serving as role of manager for establishing tunnel required information
By the burden of device.In addition, the first router is asked to controller for before establishing tunnel required information, without with
The controller establishes the tunnel for communication, saves Internet resources.
Optionally, the method further includes:The first router to the controller send the first information, described first
Information includes the mark of first public network IP address, first tunnel information and the first router, and described first is public
Net IP address is the public network IP address that the first router is assigned, and first tunnel information is the first router
Tunnel information;The first router sends the second information to the controller, and second information includes the first private net address
The mark of section and the first router, the private network that the first private net address section is administered by the first router are assigned
Address field.
Optionally, the method further includes:The first router is received in the private network that the first router is administered
Host send first message, first message include second private net address;The first router according to
The mark of second private net address and the first router, generates the request message.
The third aspect provides a kind of method for establishing tunnel, the method includes:The second router receives controller hair
The response message sent, the response message include the first public network IP address, the first tunnel information and the first private net address section;It is described
After the second router receives the first message for carrying the first private net address, according to first public network IP address and described first
Tunnel information is packaged first message, obtains the second message, first private net address is for first private network
Address in the section of location;The second router sends second message to the first router.
In the above method, the end-to-end router of the second router is the first router, i.e., described the second router and described
The first router is the node positioned at tunnel both ends.The first router is after controller has sent request message, the control
Device processed can send response message to the second router.The second router can be private according to first in the response message
Net address section, after the first message for determining the address being sent in the first private net address section, with the first public network IP address and
First tunnel information is packaged first message, obtains the second message, realizes and leads between the first router
Tunnel is crossed to communicate.In this way, the second router to the controller without asking the information for establishing tunnel again.
Optionally, the method further includes:The second router to the controller send the first information, described first
Information includes the mark of the second private net address section and the second router, and the second private net address section is the secondary route
The address field that the private network that device is administered is assigned;The second router to the controller send the second information, described second
Information includes the mark of the second public network IP address, the second tunnel information and the second router.
Fourth aspect, provides a kind of control device, and the control device includes being used to implement above-mentioned first aspect or the
The module for the method that any one realization method of one side provides.The control device can be above-mentioned first aspect or first
Controller in the method that any one realization method of aspect provides.
5th aspect, provides a kind of first retransmission unit, and first retransmission unit includes being used to implement above-mentioned second
The module for the method that any one of aspect or second aspect realization method provide.First retransmission unit can be above-mentioned
The first router in the method that any one realization method of two aspects or second aspect provides.
6th aspect, provides a kind of second retransmission unit, and second retransmission unit includes being used to implement above-mentioned third
The module for the method that any one of aspect or the third aspect realization method provide.Second retransmission unit can be above-mentioned
The second router in the method that any one realization method of three aspects or the third aspect provides.
7th aspect, provides a kind of control device, the control device includes:Processor, memory and communication interface.
The processor, the memory are connected with the communication interface by communication bus.The memory is used to store program.Institute
Executable instruction of the processor according to included by the program read from the memory is stated, performs above-mentioned first aspect or first
The method that the possible realization method of any one of aspect provides.
Eighth aspect, provides a kind of first retransmission unit, and first retransmission unit includes:Processor, memory and
Communication interface.The processor, the memory are connected with the communication interface by communication bus.The memory is used to deposit
Store up program.Executable instruction of the processor according to included by the program read from the memory performs above-mentioned second
The method that the possible realization method of any one of aspect or second aspect provides.
9th aspect, provides a kind of second retransmission unit, and second retransmission unit includes:Processor, memory and
Communication interface.The processor, the memory are connected with the communication interface by communication bus.The memory is used to deposit
Store up program.Executable instruction of the processor according to included by the program read from the memory, performs above-mentioned third
The method that the possible realization method of any one of aspect or the third aspect provides.
Tenth aspect, provides a kind of system for establishing tunnel, and the system for establishing tunnel includes fourth aspect or the
Any one of control device, the 5th aspect or the 5th aspect that any one possible realization method of four aspects provides may
Realization method provide the first retransmission unit and the 6th aspect or the 6th aspect any one possible realization method carry
The second retransmission unit supplied;Or
The system for establishing tunnel includes the 7th aspect or any one possible realization method of the 7th aspect provides
Control device, eighth aspect or eighth aspect the first retransmission unit for providing of any one possible realization method and
The second retransmission unit that any one possible realization method of 9th aspect or the 9th aspect provides.
Description of the drawings
In order to illustrate more clearly of the technical solution in the embodiment of the present application, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is some embodiments of the present application, for this
For the those of ordinary skill of field, without having to pay creative labor, other are can also be obtained according to these attached drawings
Attached drawing.
Fig. 1 is existing network scenarios schematic diagram.
Fig. 2 is a kind of network scenarios schematic diagram provided by the embodiments of the present application.
Fig. 3 is the method flow diagram provided by the embodiments of the present application for establishing tunnel.
Fig. 4 is the structure diagram of control device provided by the embodiments of the present application.
Fig. 5 is the structure diagram of the first retransmission unit provided by the embodiments of the present application.
Fig. 6 is the structure diagram of control device provided by the embodiments of the present application.
Fig. 7 is the structure diagram of the first retransmission unit provided by the embodiments of the present application.
Specific embodiment
The application scenarios of the embodiment of the present application description are the technical solutions in order to more clearly illustrate the embodiment of the present application,
The restriction for technical solution provided by the embodiments of the present application is not formed, those of ordinary skill in the art are it is found that with network
The differentiation of framework and the appearance of new business scene, technical solution provided by the embodiments of the present application for it is similar the technical issues of, together
Sample is applicable in.
Provided by the embodiments of the present application to establish in the method in tunnel, controller receives the request that the first router is sent and disappears
Breath, the request message include the mark of the second private net address and the first router;The controller is according to the second mapping
List item and second private net address, obtain the second public network IP address and the second tunnel information, second mapping item include
Second private net address, second public network IP address and second tunnel information, second public network IP address are institute
The public network IP address that the second router is assigned is stated, second tunnel information is the tunnel information of the second router;Institute
Mark of the controller according to the first router is stated, the first response message, first sound are sent to the first router
Message is answered to include second public network IP address and second tunnel information.
Fig. 2 is a kind of network scenarios schematic diagram provided by the embodiments of the present application.As shown in Fig. 2, R1, R2 and R3 can be A
The router of different regions is arranged on, A can represent company, organ, mechanism etc..M private network, the R2 that R1 is administered are managed
The K private network that the L private network and R3 of linchpin are administered is the private network of A.Wherein, M, L and K are to be more than or wait
In 1 integer.The M private network that R1 is administered represents that the M private network is needed through R1 and other servers or road
It is communicated by device.L private network that R2 is administered represent the L private network need through R2 and other servers or
Router communicates.The K private network that R3 is administered represents that the K private network is needed through R3 and other servers
Or router communicates.R1 includes interface 212, interface 210 and interface 213.Wherein, interface 210 is to be able to access that backbone network
Interface, the backbone network can be internet (Internet).Interface 212 is the interface that tunnel can be established with R2.Interface
213 be the interface that tunnel can be established with R3.Interface 212 and interface 213 belong to logic interfacing, are acted from the transmitting-receiving of interface 212
Or the transmitting-receiving action of interface 213 is acted to realize in physical layer by the transmitting-receiving of interface 210.R2 includes interface 221,220 and of interface
Interface 223.Wherein, interface 221 is the interface that tunnel can be established with R1.Interface 220 is to be able to access that connecing for the backbone network
Mouthful.Interface 223 is the interface that tunnel can be established with R3.Interface 221 and interface 223 belong to logic interfacing, the transmitting-receiving of interface 221
Action or the transmitting-receiving of interface 223 action are acted to realize in physical layer by the transmitting-receiving of interface 220.R3 includes interface 231, interface
230 and interface 232.Wherein, interface 231 is the interface that tunnel can be established with R1.Interface 230 is to be able to access that the backbone network
Interface.Interface 232 is the interface that tunnel can be established with R2.Interface 231 and interface 232 belong to logic interfacing, interface 231
Transmitting-receiving action or the transmitting-receiving of interface 232 action are acted to realize in physical layer by the transmitting-receiving of interface 210.Controller 24 can be with
R1, R2 and R3 communicate.Fig. 2 is only illustrated by taking 3 routers as an example, and the embodiment of the present application is not limited to above-mentioned number
Purpose router can be extended on the basis of the router of above-mentioned number, herein no longer to other possible realization methods
It is illustrated.
Fig. 3 is the method flow diagram provided by the embodiments of the present application for establishing tunnel.With reference to Fig. 2 and Fig. 3, to the application
The method for establishing tunnel that embodiment provides illustrates.
301, R1 send the first information and the second information to controller.
For example, the first information includes the mark of the first public network IP address, the first tunnel information and R1.Wherein,
First public network IP address is the public network IP address that R1 is assigned, and can be specifically the assigned public network IP of the interface 210 of R1
Address.First tunnel information is the tunnel information of R1.R1 can configure an interface to realize the foundation in multiple tunnels, that is, connect
Mouth 212 and interface 213 can share a physical interface, and interface 212 and interface 213 can be assigned identical tunnel information, the phase
Same tunnel information is first tunnel information.R1 can configure multiple interfaces to realize the foundation in multiple tunnels, i.e. interface 212
It is physically different interfaces with interface 213, the tunnel information of interface 212 is different with the tunnel information of interface 213, interface
One or more of 212 tunnel information and the tunnel information of interface 213 can be used as first tunnel information, i.e., and described the
One tunnel information can be an address set.
Wherein, first public network IP address can be that Dynamic Host Configuration Protocol server passes through IP address of the DHCP protocol for R1 distribution.
The IP address that first public network IP address can also be other servers or equipment is R1 distribution.R1 can utilize what is be assigned
First public network IP address passes through adsl line, ethernet line or Radio Link transmission data or information.The tunnel letter of R1
It ceases for information of the R1 as Ingress node or the tunnel of Egress node.The mark of R2 is can be used for by what the controller identified
Identify the information of R1.
For example, second information includes the first private net address section and the mark of R1.The first private net address section
It is the address field that private network that R1 is administered is assigned.Equipment in the private network that R1 is administered can utilize the first private net address section
In address communicate with the equipment in other private networks.Optionally, the ground that the M private network that R1 can be administered is assigned
Location section is sent to the controller.It is only illustrated by taking a private net address section as an example in the embodiment of the present application, for multiple
The processing mode of private net address section is similar to method provided by the embodiments of the present application, and details are not described herein.
For example, R1 can send the first information and described second by different message to the controller
Information.Specifically, R1 can send first message to the controller, the first message carries the first information.R1 is each
After restarting, it can apply for public network IP address again, i.e., described first public network IP address is likely to occur change.R1 can restart every time
The first message is sent to the controller afterwards, so that the controller can update corresponding mapping table in timely and efficient manner
.R1 can send second message to the controller, and the second message carries second information.R1 can be in the described first private
After net address section changes, the second message is sent to the controller, so that the controller can be in time and effective
Ground updates corresponding mapping item.The embodiment of the present application R1 is sent the sequence of the first message and the second message not into
Row limits.
Optionally, if R1 carries the first information and second information in same message, it is sent to institute
Controller is stated, then the parameter that R1 can include the first information and second information optimizes, and R1 can delete described
The mark for the R1 that one information includes deletes the mark of R1 that second information includes.
For example, between R1 and the controller using Border Gateway Protocol (Border Gateway Protocol,
BGP it) communicates, Border Gateway Protocol update (BGP update) first information described in information reporting and described the can be used in R1
Two information.R1 sends the first BGP update message to the controller, and the first BGP update message includes described the
One information.Network Layer Reachable Information (the network layer reachability that the first BGP update include
Information, NLRI) type be virtual private network parameters (virtual private network
Specification, VPN specification), described in the NLRI in the first BGP update message can be used for carrying
The first information is specifically carried in NLRI values (value) field, is expressed as:
<Type, length, the first public network IP address>
<Type, length, the first tunnel information>
<The mark of type, length, R1>
R1 sends the 2nd BGP update message to the controller, and the 2nd BGP update message includes described the
Two information.The type of NLRI that the 2nd BGP update message includes is VPN specification, the 2nd BGP
NLRI in update message can be used for carrying second information, is specifically carried in NLRI value fields, is expressed as:
<Type, length, the first private net address section>
<The mark of type, length, R1>
Optionally, open flows (Openflow) agreement can be used between R1 and the controller to communicate.R1 can pass through
First table status (table status) message sends the first information to the controller.R1 can pass through the 2nd table
Status message sends second information to the controller.Wherein, the form of table status message is represented by:
Wherein, the ofp_table_desc table that the first table status message includes can be used to carry described
The first information, the ofp_table_desc table that the 2nd table status message includes can be used to carry described second
Information.
Optionally, R1 is communicated with the controller by Openflow agreements, and R1 also deletes (flow using stream
Removed) message sends the first information and second information to the controller, no longer illustrates herein.
Optionally, network configuration protocol (Network Configuration can be passed through between R1 and the controller
Protocol, NETCONF) it communicates.R1 sends notice (notification) message to the controller, described
Notification message includes the first information and second information.Wherein, the notification message can table
It is shown as:
Optionally, R1 can send the first information by sending the first notification message to the controller,
The first notification message includes the first information.R1 can by send the 2nd notification message, to
The controller sends second information, and the 2nd notification message includes second information.Described first
The content of notification message and the 2nd notification message can refer to above-mentioned notification message,
This no longer repeats the content of the first notification message and the 2nd notification message.
302, the controller generates the first mapping item according to the first information and second information.
For example, the controller can according to the mark of the R1 included by the first information and second information,
Determining the first information and second information is and the relevant information of R1.It is public that first mapping item includes described first
Net IP address, first tunnel information, the first private net address section and R1 mark.Wherein, first public network IP
Location, first tunnel information, the first private net address section and R1 mark between be one-to-one relationship.
303, R2 send third information and the 4th information to controller.
For example, the third information includes the mark of the second public network IP address, the second tunnel information and R2.Wherein,
Second public network IP address is the public network IP address that R2 is assigned, and can be specifically the assigned public network IP of the interface 220 of R2
Address.Second tunnel information is the tunnel information of R2.R2 can configure an interface to realize the foundation in multiple tunnels, that is, connect
Mouth 221 and interface 223 are physically an interface, and interface 221 and interface 223 can be assigned identical tunnel information, the phase
Same tunnel information is second tunnel information.R2 can configure multiple interfaces to realize the foundation in multiple tunnels, i.e. interface 221
It is physically different interfaces with interface 223, the tunnel information of interface 221 is different with the tunnel information of interface 223, interface
One or more of 221 tunnel information and the tunnel information of interface 223 can be used as second tunnel information, i.e., and described the
Two tunnel informations can be an address set.
Wherein, second public network IP address can be that Dynamic Host Configuration Protocol server passes through IP address of the DHCP protocol for R2 distribution.
The IP address that second public network IP address can also be other servers or equipment is R2 distribution.R2 can utilize what is be assigned
Second public network IP address passes through adsl line, ethernet line or Radio Link transmission data or information.The tunnel letter of R2
It ceases for information of the R2 as Ingress node or the tunnel of Egress node.The mark of R2 is can be used for by what the controller identified
Identify the information of R2.
For example, the 4th information includes the second private net address section and the mark of R2.The second private net address section
It is the address field that private network that R2 is administered is assigned.Equipment in the private network that R2 is administered can utilize the second private net address section
In address communicate with the equipment in other private networks.Optionally, the ground that the L private network that R2 can be administered is assigned
Location section is sent to the controller.It is only illustrated by taking a private net address section as an example in the embodiment of the present application, for multiple
The processing mode of private net address section is similar to method provided by the embodiments of the present application, and details are not described herein.
For example, R2 can send the third information and the described 4th by different message to the controller
Information.Specifically, R2 can send third message to the controller, the third message carries the third information.R2 is each
After restarting, it can apply for public network IP address again, i.e., described second public network IP address is likely to occur change.R2 can restart every time
The third message is sent to the controller afterwards, so that the controller can update corresponding mapping table in timely and efficient manner
.R2 can send the 4th message to the controller, and the 4th message carries the 4th information.R2 can be in the described second private
After net address section changes, the 4th message is sent to the controller, so that the controller can be in time and effective
Ground updates corresponding mapping item.The embodiment of the present application R2 is sent the sequence of the third message and the 4th message not into
Row limits.
Optionally, if R2 carries the third information and the 4th information in same message, it is sent to institute
Controller is stated, then the parameter that R2 can include the third information and the 4th information optimizes, and R2 can delete described
The mark for the R2 that three information include deletes the mark of R2 that the 4th information includes.
For example, R2 can be used 301 in any agreement used by R1, send the third to the controller and believe
Breath and the 4th information herein no longer repeat the form of the R2 message used.
304, the controller generates the second mapping item according to the third information and the 4th information.
For example, the controller can according to the mark of the R2 included by the third information and the 4th information,
Determining the third information and the 4th information is and the relevant information of R2.It is public that second mapping item includes described second
Net IP address, second tunnel information, the second private net address section and R2 mark.Wherein, second public network IP
Location, second tunnel information, the second private net address section and R2 mark between be one-to-one relationship.
305, R3 send the 5th information and the 6th information to controller.
For example, the 5th information includes the mark of third public network IP address, third tunnel information and R3.Wherein,
The third public network IP address is the public network IP address that R3 is assigned, and can be specifically the assigned public network IP of the interface 230 of R3
Address.The third tunnel information is the tunnel information of R3.R3 can configure an interface to realize the foundation in multiple tunnels, that is, connect
Mouth 231 and interface 232 are physically an interface, and interface 231 and interface 232 can be assigned identical tunnel information, the phase
Same tunnel information is the third tunnel information.R3 can configure multiple interfaces to realize the foundation in multiple tunnels, i.e. interface 231
It is physically different interfaces with interface 232, the tunnel information of interface 231 is different with the tunnel information of interface 232, interface
One or more of 231 tunnel information and the tunnel information of interface 232 can be used as the third tunnel information, i.e., and described the
Three tunnel informations can be an address set.
Wherein, the third public network IP address can be that Dynamic Host Configuration Protocol server passes through IP address of the DHCP protocol for R3 distribution.
The IP address that the third public network IP address can also be other servers or equipment is R3 distribution.R3 can utilize what is be assigned
The third public network IP address passes through adsl line, ethernet line or Radio Link transmission data or information.The tunnel letter of R3
It ceases for information of the R3 as Ingress node or the tunnel of Egress node.The mark of R3 is can be used for by what the controller identified
Identify the information of R3.
For example, the 6th information includes third private net address section and the mark of R3.The third private net address section
It is the address field that private network that R3 is administered is assigned.Equipment in the private network that R3 is administered can utilize the third private net address section
In address communicate with the equipment in other private networks.Optionally, the ground that the K private network that R3 can be administered is assigned
Location section is sent to the controller.It is only illustrated by taking a private net address section as an example in the embodiment of the present application, for multiple
The processing mode of private net address section is similar to method provided by the embodiments of the present application, and details are not described herein.
For example, R3 can send the 5th information and the described 6th by different message to the controller
Information.Specifically, R3 can send the 5th message to the controller, the 5th message carries the 5th information.R3 is each
After restarting, it can apply for public network IP address again, i.e., described third public network IP address is likely to occur change.R3 can restart every time
The 5th message is sent to the controller afterwards, so that the controller can update corresponding mapping table in timely and efficient manner
.R3 can send the 6th message to the controller, and the 6th message carries the 6th information.R3 can be in third private
After net address section changes, the 6th message is sent to the controller, so that the controller can be in time and effective
Ground updates corresponding mapping item.The embodiment of the present application R3 is sent the sequence of the 5th message and the 6th message not into
Row limits.
Optionally, if R3 carries the 5th information and the 6th information in same message, it is sent to institute
Controller is stated, then the parameter that R3 can include the 5th information and the 6th information optimizes, and R3 can delete described
The mark for the R3 that five information include deletes the mark of R3 that the 6th information includes.
For example, R3 can be used 301 in any agreement used by R1, send the third to the controller and believe
Breath and the 4th information, details are not described herein.
306, the controller generates third mapping item according to the 5th information and the 6th information.
For example, the controller can according to the mark of the R3 included by the 5th information and the 6th information,
Determining the 5th information and the 6th information is and the relevant information of R3.It is public that the third mapping item includes the third
Net IP address, the third tunnel information, the third private net address section and R3 mark.Wherein, the third public network IP
Location, the third tunnel information, the third private net address section and R3 mark between be one-to-one relationship.
Method provided by the embodiments of the present application is not defined 301,303 and 305 order of occurrence, as long as ensureing 301
It is performed earlier than 302,303 perform earlier than 304, and 305 occur earlier than 306.
Method provided by the embodiments of the present application, is only illustrated for establishing tunnel with R2 in R1, i.e., 307 to 310
Content.For between R1 and R3 and method that R2 and R3 establishes tunnel can be found in 307 to 310 content, the embodiment of the present application is not
It illustrates one by one again.
307, R1 send request message to the controller.
For example, the request message includes the second private net address and the mark of R1.Second private net address belongs to
The second private net address section.Second private net address can be first that the host in the private network that R1 is administered is sent to R1
It is carried in message, can also be preconfigured on R1.
Optionally, after first message that R1 can be sent in the host in receiving the private network that R1 administered, institute is generated
Request message is stated, and performs to the controller and sends the request message.
In order to improve message forward efficiency, R1 can generate the request message after second private net address is configured with,
And it performs to the controller and sends the request message.
For example, the request message can be the message under any agreement that R1 is used in 301, i.e. R1 can be used
Three kinds of message in 301 to send the request message to the controller.
308, the controller obtains the first response message and the second response message according to the request message.
For example, the controller obtains second private net address and the mark of R1 from the request message.Institute
Mapping table of the controller using the generation of the identifier lookup of second private net address and R1 is stated, the mapping table includes described first
Mapping item, second mapping item and the third mapping item.The controller is according to second private net address, really
The second private net address section that fixed second mapping item includes includes second private net address.The controller according to
The mark of R2 that second mapping table includes determines that R1 needs to establish tunnel with R2.
In the case where not considering the communication strategy between R1 and R2, the controller according to second mapping item,
Generate first response message.First response message includes second public network IP address and second tunnel is believed
Breath.The controller sends first response message according to the mark of R1 to R1.Simultaneously or after, the controller according to
The mark of R1 determines that first mapping item includes the mark of R1.The controller is according to first mapping item, generation
Second response message.
Optionally, first response message further includes the second private net address section.In this way, R1 can be according to described second
Private net address section, after the message for carrying the address in the second private net address section is received, using second public network
IP address and second tunnel information send message to R2.
For example, the communication strategy in the embodiment of the present application can be multiple roads that setting is considered based on factors such as safety
By the rule of communication between device.The communication strategy includes the mark of N number of router that can be communicated, and N is is more than or waits
In 2 integer.If the mark of N number of router includes the mark of R1 and the mark of R2, then it represents that can be built between R1 and R2
Vertical tunnel.
In the case of the communication strategy between considering R1 and R2, the controller can determine to establish between R1 and R2
After tunnel, first response message is generated.
For example, first response message is also used other than being used to establish tunnel required information to R1 transmission
Tunnel is established in instruction R1.Second response message is also used other than being used to establish tunnel required information to R2 transmission
Tunnel is established in instruction R2.
Optionally, can the controller also can be used other modes and determine communicate between R and R2.Such as:The control
Device can determine the permission of R1 according to the mark of R1, and the permission of R1 can represent the safe class of R1.The controller can be according to R2's
Mark, determines the permission of R2, and the permission of R2 can represent the safe class of R2.The controller determines the permission of R1 and the permission of R2
It is all higher than preset safe class, it is determined that can communicate between the first router and the second router.
309, the controller sends first response message to R1.
For example, mark of the controller according to R1, first response message is sent to the R1.
In R1 in the case where sending the request message after receiving first message, R1 can utilize first sound
Second public network IP address and second tunnel information that message includes are answered, first message is packaged, is obtained
Second message.Second message is including second public network IP address, second tunnel information and second private network
Location.Second tunnel information that second message includes is the tunnel information of Egress node.Optionally, R1 can also be by described in
First public network IP address and first tunnel information, added in second message.First tunnel information is entrance
The tunnel information of node.R1 can send second message by the corresponding interface of first tunnel information to R2.Such as Fig. 2
Shown, if R1 communicates with R2, the corresponding interface of first tunnel information can be interface 212, in physical layer
Second message is sent by interface 210.Optionally, second message further include first public network IP address and
First tunnel information.By taking tunnel information is the IP address in tunnel as an example, first tunnel information represents the source IP in tunnel
Address, second tunnel information represent the purpose IP address in tunnel.First public network IP address represents the source of physical layer
IP address, second public network IP address represent the purpose IP address of physical layer.
Optionally, first response message may also include the second private net address section.R1 receives what it was administered
The third message that equipment in private network is sent, the third message include third private net address, and the third private net address belongs to
The second private net address section.After R1 determines that the third private net address belongs to the second private net address section, with described second
Public network IP address and second tunnel information are packaged the third message, obtain the 4th message, the 4th message
Including second public network IP address, second tunnel information and the third message.If as shown in Fig. 2, R1 and R2 into
Row communication, then the corresponding interface of first tunnel information can be interface 212, in the second message described in physical layer by connecing
Mouth 210 is sent.
In the case of being communicated between R1 and the controller using bgp protocol, first response message is the 3rd BGP
Update message, the 3rd BGP update message include the NLRI that type operates (operation) for VPN.The third
The NLRI that BGP update message includes is represented by:
<Type, length, action type>
<Type, length, the second the private network network segment>
<Type, length, the second tunnel information>
<Type, length, the second public network IP address>
Wherein, the action type of first is used to indicate the operation carried out to the parameter that first response message includes.
The action type can be establishment, deletion or update.If action type is to create, R1 can include first response message
Parameter be stored in local.If action type is to delete, R1 can delete including with first response message of locally preserving
The identical parameter of parameter.If action type is update, the local preservation of parameter update that first response message includes can be used in R1
Parameter.
Using in the case of Openflow protocol communications before R1 and the controller, first response message can be with
(flow table configuration) message is configured for flow table.The flow table configuration message includes
Matching (match) field can be used for carry the second private net address section, the flow table configuration disappear
Instruction (instruction) field included is ceased to can be used for carrying second tunnel information and second public network IP address.
Using in the case of NETCONF protocol communications before R1 and the controller, first response message can be with
(configuration) message is configured for NETCONF.The NETCONF configuration message can be used for described in carrying
Second private network gateway, second tunnel information and second public network IP address.
310, the controller sends second response message to R2.
For example, mark of the controller according to R2, second response message is sent to the R2.Described second
The form of the first response message in 309 can also be used in response message, and details are not described herein.
For example, R2 can preserve the first private net address section, first public affairs that second request message includes
Net IP address and first tunnel information.If it in this way, is taken in the 4th message that the equipment in the private network that R2 is administered is sent
Address in band the first private net address section, then R2 ask establish the letter needed for tunnel to the controller without again
Breath, R2 can utilize first public network IP address and first tunnel information, the 4th message are packaged, and obtain the
Five messages.5th message includes first public network IP address and first tunnel information.5th message includes
First tunnel information be Egress node tunnel information, optionally, R2 can also be by second public network IP address and institute
The second tunnel information is stated, added in the 5th message.Second tunnel information is the tunnel information of Ingress node.
In method provided by the embodiments of the present application, controller can be in the request message of the router in different private networks into
Row processing searches to obtain and the R1 for establishing tunnel is asked to establish the second public network IP address and the second tunnel information needed for tunnel.Institute
Stating controller can also be after the request message of R1 be received, the end-to-end router of R1 is established to the first public network IP needed for tunnel
Location, the first tunnel information and the first private net address section are sent to the end-to-end router, and the end-to-end router is R2.In this way,
The controller can flexibly control the foundation in tunnel between the router in different private networks, help to improve the flexible of tunnel building
Property.
The tunnel information that router in the embodiment of the present application is configured includes the mark in tunnel, and the mark in the tunnel can
To be the IP address in tunnel.Optionally, the tunnel information that the router is configured may also include the type in tunnel.Optionally,
The tunnel information that the router is configured may also include other and establish tunnel required information and parameter, no longer lift one by one herein
Example explanation.
Fig. 4 is the structure diagram of control device provided by the embodiments of the present application.On the corresponding control devices of Fig. 4 can be
The controller in Fig. 2 is stated, can also be the controller in the corresponding embodiments of Fig. 3.The corresponding control devices of Fig. 4 can perform Fig. 3
The method that controller performs in the method that corresponding embodiment provides.As shown in figure 4, control device provided by the embodiments of the present application
402 and first sending module 404 of module is obtained including the first receiving module 401, first.
The request message that first receiving module 401 sends for the first retransmission unit of reception, the request message packet
Include the mark of the second private net address and first retransmission unit.
Described first, which obtains module 402, is used to, according to the second mapping item and second private net address, it is public to obtain second
Net IP address and the second tunnel information.Second mapping item is with including second private net address, second public network IP
Location and second tunnel information.Second public network IP address is the public network IP address that second retransmission unit is assigned.
Second tunnel information is the tunnel information of second retransmission unit.Optionally, second mapping item further includes institute
State the mark of the second retransmission unit.
First sending module 404 is used for the mark according to first retransmission unit, to first retransmission unit
The first response message is sent, first response message includes second public network IP address and second tunnel information.
Optionally, 402 pieces of the mould of the first acquisition is additionally operable to obtain the second forwarding dress from second mapping item
The mark put.The control device further includes:Second obtains 403 and second sending module 405 of module.Described second obtains module
403 are used for the mark according to the first mapping item and first retransmission unit, and it is mutual to obtain the first private net address section, the first public network
Networking protocol IP address and the first tunnel information.First mapping item includes the first private net address section, described first
The mark of public network IP address, first tunnel information and first retransmission unit.First public network IP address is described
The public network IP address that first retransmission unit is assigned.First tunnel information is the tunnel information of first retransmission unit.
The address field that the private network that the first private net address section is administered by first retransmission unit is assigned.Described second sends mould
Block 405 is used for according to the mark of second retransmission unit, and the second response message is sent to second retransmission unit, and described the
Two response messages include the first private net address section, first public network IP address and first tunnel information.
Optionally, 402 pieces of the mould of the first acquisition is additionally operable to obtain the second forwarding dress from second mapping item
The mark put.The control device further includes:Searching module 406 and determination module 407.The searching module 406 is used for basis
The mark of first retransmission unit and the mark of second retransmission unit, search communication strategy, and the communication strategy includes
The mark of N number of retransmission unit that can be communicated, N are integer more than or equal to 2, the mark packet of N number of retransmission unit
Include the mark of first retransmission unit and the mark of second retransmission unit.The determination module 407 is used for according to
Communication strategy determined after being communicated between first retransmission unit and second retransmission unit, triggering described the
One sending module 404.Optionally, the determination module 407 can also determine first retransmission unit and second forwarding
After being communicated between device, second sending module 405 is triggered.
Optionally, the control device further includes:Second receiving module, third receiving module and the first generation module.Institute
The second receiving module is stated for receiving the first information that first retransmission unit is sent, the first information includes described first
The mark of public network IP address, first tunnel information and first retransmission unit.The third receiving module is used to receive
The second information that first retransmission unit is sent, second information include the first private net address section and first turn described
The mark of transmitting apparatus.First generation module is used for according to the first information and second information, the first mapping of generation
List item.
Optionally, the control device further includes:4th receiving module, the 5th receiving module and the second generation module.Institute
The 4th receiving module is stated for receiving the third information that second retransmission unit is sent, the third information includes the second private network
The mark of address field and second retransmission unit, the private that the second private net address section is administered by second retransmission unit
The assigned address field of net, the second private net address section include second private net address.5th receiving module is used for
Receive the 4th information that second retransmission unit is sent, the 4th information includes second public network IP address, described the
The mark of two tunnel informations and second retransmission unit.Second generation module is used for according to the third information and described
4th information, generates second mapping item, and second mapping item includes the second private net address section, described second
The mark of public network IP address, second tunnel information and second retransmission unit.
Fig. 5 is the structure diagram of the first retransmission unit provided by the embodiments of the present application.Corresponding first retransmission units of Fig. 5
Can be the R1 in Fig. 2 or R1 in the corresponding embodiments of Fig. 3.It is corresponding that Fig. 3 may be used in corresponding first retransmission units of Fig. 5
Method used by R1 in embodiment.First retransmission unit provided by the embodiments of the present application includes the first sending module 501, first
Receiving module 502, the first generation module 503 and the second sending module 504.
First sending module 501 is used to send request message to control device.It is private that the request message includes second
The mark of net address and first retransmission unit.Second private net address is quilt in the private network that the second retransmission unit is administered
Address in the address field of distribution.
First receiving module 502 is used to receive the response message that the control device is sent.The response message packet
Include the second public network internet protocol address and the second tunnel information.Second public network IP address is second retransmission unit
Assigned public network IP address.Second tunnel information is the tunnel information of second retransmission unit.
First generation module 503 is used to utilize second public network IP address and second tunnel information, to the
One message is packaged, and obtains the second message.First message includes second private net address.Second message includes
Second public network IP address, second tunnel information and second private net address.
Second sending module 504 is used to send second message to second retransmission unit.
Optionally, first retransmission unit further includes:Third sending module and the 4th sending module.The third is sent
Module is used to send the first information to the control device, and the first information includes first public network IP address, described the
The mark of one tunnel information and first retransmission unit, first public network IP address are assigned for first retransmission unit
Public network IP address, first tunnel information be first retransmission unit tunnel information.4th sending module is used
In sending the second information to the control device, second information includes the first private net address section and first retransmission unit
Mark, the address field that the private network that the first private net address section is administered by first retransmission unit is assigned.
Optionally, first retransmission unit further includes:Second receiving module and the second generation module.Described second receives
Module is used to receive the first message that the user in the private network that first retransmission unit is administered sends, the first message packet
Include second private net address.Second generation module is used for according to second private net address and first retransmission unit
Mark, generate the request message.
Second retransmission unit in the embodiment of the present application is the opposite equip. of first retransmission unit, i.e., described
One retransmission unit and second retransmission unit are the equipment in tunnel both ends.
Fig. 6 is the structure diagram of control device provided by the embodiments of the present application.The control device of the embodiment can be with
The control device of Fig. 4 corresponding embodiments is same device.The control device of the embodiment can be performed in the corresponding embodiments of Fig. 3
Method used by controller.The control device that the embodiment provides includes:Processor 601, memory 602 and communication interface
603.The processor 601, the memory 602 and the communication interface 603 are connected by communication bus 604.The storage
Device 602 is used to store program.The processor 601 is executable according to included by the program read from the memory 602
Instruction, performs the method and step performed by controller in the corresponding embodiments of above-mentioned Fig. 3.
Fig. 7 is the structure diagram of the first retransmission unit provided by the embodiments of the present application.First forwarding dress of the embodiment
Putting can be same device with the first retransmission unit of Fig. 5 corresponding embodiments.First retransmission unit of the embodiment can perform
Method used by R1 in the corresponding embodiments of Fig. 3.The first retransmission unit that the embodiment provides includes:Processor 701, storage
Device 702 and communication interface 703.The processor 701, the memory 702 and the communication interface 703 pass through communication bus
704 connections.The memory 702 is used to store program.The processor 701 is according to the journey read from the memory 702
Executable instruction included by sequence performs the method and step performed by R1 in the corresponding embodiments of above-mentioned Fig. 3.If described first
Retransmission unit is the opposite equip. in tunnel established of other retransmission units needs, then the processor 701 can also be according to from described
The executable instruction included by program read in memory 702 performs the side performed by R2 in the corresponding embodiments of above-mentioned Fig. 3
Method step.
" first " and " second " referred in the embodiment of the present application does not indicate that sequencing.In the embodiment of the present application " the
One " the equipment and information different with " second " expression.
Above-mentioned processor can be microprocessor or the processor can also be any conventional processor.With reference to this hair
The step of method disclosed in bright embodiment, hardware processor can be embodied directly in and perform completion or in processor
Hardware and software module combination perform completion.When implemented in software, the code for realizing above-mentioned function can be stored in meter
In calculation machine readable medium.Computer-readable medium includes computer storage media.Storage medium can be that computer can access
Any usable medium.As example but it is not limited to:Computer-readable medium can be that (English full name is random access memory
Random access memory, english abbreviation RAM), read-only memory (English full name be read-only memory, English
Text is abbreviated as ROM), Electrically Erasable Programmable Read-Only Memory (English full name be electrically erasable
Programmable read-only memory, english abbreviation EEPROM), CD-ROM (English full name be compact
Disc read-only memory, english abbreviation CD-ROM) or other optical disc storages, magnetic disk storage medium or other magnetic
Storage device or can be used in carrying or store simultaneously can be by computer with instruction or the program code of data structure form
Any other medium of access.Computer-readable medium can be that (English full name is compact disc to compression optical disc, and English contracts
Be written as CD), laser disc, optical disc, digital video disc (English full name be digital video disc, english abbreviation DVD),
Floppy disk or Blu-ray Disc.
Obviously, those skilled in the art can carry out the application model of the various modification and variations without departing from the application
It encloses.In this way, if these modifications and variations of the application belong within the scope of the application claim and its equivalent technologies, then
The application is also intended to include these modifications and variations.
Claims (10)
- A kind of 1. method for establishing tunnel, which is characterized in that the method includes:Controller receives the request message that the first router is sent, and the request message includes the second private net address and described first The mark of router;The controller obtains the second public network internet protocol address according to the second mapping item and second private net address With the second tunnel information, second mapping item includes second private net address, second public network IP address and described Second tunnel information, second public network IP address are the public network IP address that the second router is assigned, the second tunnel letter Cease the tunnel information for the second router;The controller sends the first response message according to the mark of the first router to the first router, described First response message includes second public network IP address and second tunnel information.
- 2. according to the method described in claim 1, it is characterized in that, the controller according to the mark of the first router, Before sending the first response message to the first router, the method further includes:The controller obtains the mark of the second router from second mapping item, and second mapping item also wraps Include the mark of the second router;The controller searches communication strategy, institute according to the mark of the first router and the mark of the second router It states communication strategy and includes the mark of N number of router that can communicate, N is the integer more than or equal to 2, N number of routing The mark of device includes the mark of the first router and the mark of the second router;AndThe controller determines to carry out between the first router and the second router according to the communication strategy Communication;The controller sends the first response message packet according to the mark of the first router to the first router It includes:The controller is determined based on what can be communicated between the first router and the second router, according to institute The mark for stating the first router sends first response message to the first router.
- 3. method according to claim 1 or 2, which is characterized in that the controller receives asking for the first router transmission After seeking message, the method further includes:The controller obtains the first private net address section, first according to the first mapping item and the mark of the first router Public network IP address and the first tunnel information, first mapping item include the first private net address section, first public network The mark of IP address, first tunnel information and the first router, first public network IP address are the first via The public network IP address being assigned by device, first tunnel information are the tunnel information of the first router, and described first is private The address field that the private network that net address section is administered by the first router is assigned;The controller obtains the mark of the second router from second mapping item, and second mapping item also wraps Include the mark of the second router;The controller sends the second response message according to the mark of the second router to the second router, described Second response message includes the first private net address section, first public network IP address and first tunnel information.
- 4. method according to any one of claims 1 to 3, which is characterized in that the controller receives the first router and sends Request message before, the method further includes:The controller receives the third information that the second router is sent, and the third information includes the second private net address section With the mark of the second router, what the private network that the second private net address section is administered by the second router was assigned Address field, the second private net address section include second private net address;The controller receives the 4th information that the second router is sent, and the 4th information includes second public network IP The mark of address, second tunnel information and the second router;The controller generates second mapping item, described second reflects according to the third information and the 4th information Firing table item further includes the second private net address section.
- 5. according to the method described in claim 3, it is characterized in that, the request that the controller receives the first router transmission disappears Before breath, the method further includes:The controller receives the first information that the first router is sent, and the first information includes first public network IP The mark of address, first tunnel information and the first router;The controller receives the second information that the first router is sent, and second information is including first private network The mark of location section and the first router;The controller generates first mapping item according to the first information and second information.
- 6. a kind of control device, which is characterized in that the control device includes:First receiving module, for receiving the request message that the first retransmission unit is sent, the request message includes the second private network Address and the mark of first retransmission unit;First obtains module, for according to the second mapping item and second private net address, obtaining the second public network internet protocol IP address and the second tunnel information are discussed, second mapping item is with including second private net address, second public network IP Location and second tunnel information, second public network IP address is the public network IP address that the second retransmission unit is assigned, described Second tunnel information is the tunnel information of second retransmission unit;For the mark according to first retransmission unit, the first sound is sent to first retransmission unit for first sending module Message is answered, first response message includes second public network IP address and second tunnel information.
- 7. control device according to claim 6, which is characterized in thatThe first acquisition module is additionally operable to obtain the mark of second retransmission unit from second mapping item, and described the Two mapping items further include the mark of second retransmission unit;The control device further includes:Searching module, for according to the mark of first retransmission unit and the mark of second retransmission unit, searching communication Strategy, the communication strategy include the mark of N number of retransmission unit that can communicate, and N is the integer more than or equal to 2, institute The mark for stating N number of retransmission unit includes the mark of first retransmission unit and the mark of second retransmission unit;Determination module, for according to the communication strategy, determining between first retransmission unit and second retransmission unit After being communicated, first sending module is triggered.
- 8. the control device described according to claim 6 or 7, which is characterized in thatThe first acquisition module is additionally operable to obtain the mark of second retransmission unit from second mapping item, and described the Two mapping items further include the mark of second retransmission unit;The control device further includes:Second obtains module, for the mark according to the first mapping item and first retransmission unit, with obtaining the first private network Location section, the first public network IP address and the first tunnel information, first mapping item include the first private net address section, described The mark of first public network IP address, first tunnel information and first retransmission unit, first public network IP address are The public network IP address that first retransmission unit is assigned, first tunnel information are believed for the tunnel of first retransmission unit Breath, the address field that the private network that the first private net address section is administered by first retransmission unit is assigned;For the mark according to second retransmission unit, the second sound is sent to second retransmission unit for second sending module Message is answered, second response message includes the first private net address section, first public network IP address and first tunnel Road information.
- 9. according to any control device of claim 6 to 8, which is characterized in that the control device further includes:4th receiving module, for receiving the third information that second retransmission unit is sent, the third information includes second The mark of private net address section and second retransmission unit, the second private net address section are administered by second retransmission unit The address field that is assigned of private network, the second private net address section includes second private net address;5th receiving module, for receiving the 4th information that second retransmission unit is sent, the 4th information includes described The mark of second public network IP address, second tunnel information and second retransmission unit;Second generation module, it is described for according to the third information and the 4th information, generating second mapping item Second mapping item includes also described second private net address section.
- 10. control device according to claim 8, which is characterized in that the control device further includes:Second receiving module, for receiving the first information that first retransmission unit is sent, the first information includes described The mark of first public network IP address, first tunnel information and first retransmission unit;Third receiving module, for receiving the second information that first retransmission unit is sent, second information includes described The mark of first private net address section and first retransmission unit;First generation module, for according to the first information and second information, generating first mapping item.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611248613.2A CN108259292B (en) | 2016-12-29 | 2016-12-29 | Method and device for establishing tunnel |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611248613.2A CN108259292B (en) | 2016-12-29 | 2016-12-29 | Method and device for establishing tunnel |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108259292A true CN108259292A (en) | 2018-07-06 |
| CN108259292B CN108259292B (en) | 2020-12-15 |
Family
ID=62721345
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611248613.2A Active CN108259292B (en) | 2016-12-29 | 2016-12-29 | Method and device for establishing tunnel |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108259292B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111064670A (en) * | 2019-12-30 | 2020-04-24 | 联想(北京)有限公司 | Method and device for acquiring next hop routing information |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102447752A (en) * | 2012-02-09 | 2012-05-09 | 杭州华三通信技术有限公司 | Service access method, system and device based on layer2 tunnel protocol (L2TP) |
| CN102546349A (en) * | 2012-02-09 | 2012-07-04 | 杭州华三通信技术有限公司 | Message forwarding method and equipment |
| CN102594678A (en) * | 2012-02-15 | 2012-07-18 | 杭州华三通信技术有限公司 | Method for large-scale networking of dynamic virtual private network (DVPN) and client |
| CN102739540A (en) * | 2012-06-29 | 2012-10-17 | 华为技术有限公司 | Method and system of access of branch to headquarters, and branch equipment |
| CN102739497A (en) * | 2012-06-07 | 2012-10-17 | 杭州华三通信技术有限公司 | Automatic generation method for routes and device thereof |
| CN103023667A (en) * | 2012-12-03 | 2013-04-03 | 杭州华三通信技术有限公司 | Multicast data transmission method and device based on dynamic virtual private network (DVPN) |
| CN103023783A (en) * | 2012-12-03 | 2013-04-03 | 杭州华三通信技术有限公司 | Dynamic virtual private network (DVPN) based data transmission method and device |
| CN103209108A (en) * | 2013-04-10 | 2013-07-17 | 杭州华三通信技术有限公司 | Dynamic virtual private network (DVPN)-based route generation method and equipment |
| CN104883287A (en) * | 2014-02-28 | 2015-09-02 | 杭州迪普科技有限公司 | Ipsec vpn system control method |
| US20160182444A1 (en) * | 2013-08-30 | 2016-06-23 | Hangzhou H3C Technologies Co., Ltd. | Translating network address |
-
2016
- 2016-12-29 CN CN201611248613.2A patent/CN108259292B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102447752A (en) * | 2012-02-09 | 2012-05-09 | 杭州华三通信技术有限公司 | Service access method, system and device based on layer2 tunnel protocol (L2TP) |
| CN102546349A (en) * | 2012-02-09 | 2012-07-04 | 杭州华三通信技术有限公司 | Message forwarding method and equipment |
| CN102594678A (en) * | 2012-02-15 | 2012-07-18 | 杭州华三通信技术有限公司 | Method for large-scale networking of dynamic virtual private network (DVPN) and client |
| CN102739497A (en) * | 2012-06-07 | 2012-10-17 | 杭州华三通信技术有限公司 | Automatic generation method for routes and device thereof |
| CN102739540A (en) * | 2012-06-29 | 2012-10-17 | 华为技术有限公司 | Method and system of access of branch to headquarters, and branch equipment |
| CN103023667A (en) * | 2012-12-03 | 2013-04-03 | 杭州华三通信技术有限公司 | Multicast data transmission method and device based on dynamic virtual private network (DVPN) |
| CN103023783A (en) * | 2012-12-03 | 2013-04-03 | 杭州华三通信技术有限公司 | Dynamic virtual private network (DVPN) based data transmission method and device |
| CN103209108A (en) * | 2013-04-10 | 2013-07-17 | 杭州华三通信技术有限公司 | Dynamic virtual private network (DVPN)-based route generation method and equipment |
| US20160182444A1 (en) * | 2013-08-30 | 2016-06-23 | Hangzhou H3C Technologies Co., Ltd. | Translating network address |
| CN104883287A (en) * | 2014-02-28 | 2015-09-02 | 杭州迪普科技有限公司 | Ipsec vpn system control method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111064670A (en) * | 2019-12-30 | 2020-04-24 | 联想(北京)有限公司 | Method and device for acquiring next hop routing information |
| CN111064670B (en) * | 2019-12-30 | 2021-05-11 | 联想(北京)有限公司 | Method and device for acquiring next hop routing information |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108259292B (en) | 2020-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11777783B2 (en) | Network slicing with smart contracts | |
| CN106878253B (en) | MAC (L2) layer authentication, security and policy control | |
| CN104471899B (en) | Supported by IETF EVPN 802.1AQ | |
| US10263808B2 (en) | Deployment of virtual extensible local area network | |
| EP3151509B1 (en) | Enhanced evpn mac route advertisement having mac (l2) level authentication, security and policy control | |
| CN103997414B (en) | Generate method and the network control unit of configuration information | |
| CN104052666B (en) | The method and apparatus for realizing host routing reachable | |
| US7796593B1 (en) | Router using internal flood groups for flooding VPLS traffic | |
| CN107040469A (en) | The network equipment and method | |
| US7373660B1 (en) | Methods and apparatus to distribute policy information | |
| CN109309621A (en) | Method and the network equipment based on Service Level Agreement selection next-hop | |
| CN109936629B (en) | Hybrid cloud network interconnection method and system | |
| CN107888406A (en) | Method, system and provider edge | |
| EP3809641A1 (en) | Improved port mirroring over evpn vxlan | |
| CN102739497B (en) | Automatic generation method for routes and device thereof | |
| CN112272145B (en) | Message processing method, device, equipment and machine readable storage medium | |
| CN108156067B (en) | Method and system for realizing Ethernet-based virtual private network | |
| US20190215191A1 (en) | Deployment Of Virtual Extensible Local Area Network | |
| CN107615712A (en) | Inside route assignment for virtual network | |
| US8612626B2 (en) | Group member detection among nodes of a network | |
| US8559431B2 (en) | Multiple label based processing of frames | |
| WO2012078523A1 (en) | Systems and methods for pseudo-link creation | |
| CN103634210B (en) | Find the method and apparatus of the opposite end PE equipment of VPLS example | |
| Wu et al. | Research on the application of cross-domain VPN technology based on MPLS BGP | |
| CN108259292A (en) | Establish the method and device in tunnel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |