CN108809767B - MAC address processing method, equipment and cascade networking system - Google Patents

MAC address processing method, equipment and cascade networking system Download PDF

Info

Publication number
CN108809767B
CN108809767B CN201810692460.3A CN201810692460A CN108809767B CN 108809767 B CN108809767 B CN 108809767B CN 201810692460 A CN201810692460 A CN 201810692460A CN 108809767 B CN108809767 B CN 108809767B
Authority
CN
China
Prior art keywords
mac address
lldp
lldp message
message
convergence device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810692460.3A
Other languages
Chinese (zh)
Other versions
CN108809767A (en
Inventor
毕首文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201810692460.3A priority Critical patent/CN108809767B/en
Publication of CN108809767A publication Critical patent/CN108809767A/en
Application granted granted Critical
Publication of CN108809767B publication Critical patent/CN108809767B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks

Landscapes

  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure provides a method, a device and a cascade networking system for processing an MAC address, which relate to the technical field of communication, and the method comprises the following steps: the non-convergence device monitors whether an LLDP message is received within a set time length, and if not, the non-convergence device generates and sends the LLDP message with an extended TLV, wherein an MAC address field of the extended TLV carries an MAC address of the non-convergence device; if so, reconstructing the LLDP message to add an MAC address of the LLDP message in an MAC address field of the LLDP message, and forwarding the LLDP message through other ports except an input port of the LLDP message; and if the convergence device receives the LLDP message, writing the MAC address in the MAC address field into an 802.1x MAC table. The method and the device for collecting the MAC addresses of the devices can enable the sink node to automatically collect the MAC addresses of the devices which are hung down, and effectively improve the MAC address collecting efficiency of the sink node.

Description

MAC address processing method, equipment and cascade networking system
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a MAC address processing method, device (including a convergence device and a non-convergence device), and a cascaded networking system.
Background
The 802.1x protocol standard is a network access control protocol based on a port, in particular to an access control and authentication protocol based on a client to a server, which can authenticate and control the accessed user equipment and prevent the user equipment from being accessed to the network under the condition of no authentication, thereby improving the network security. For example, it may restrict unauthorized devices from accessing the local area network through the access port, and only 802.1x authenticated devices may forward messages and use various resources provided by the local area network.
In 802.1x authentication, only network nodes whose MAC addresses are written into the 802.1x MAC table can be authenticated. Network nodes can be generally divided into a sink node that hangs down multiple nodes, an edge node for accessing external devices, and an intermediate node that may exist between the sink node and the edge node. Both edge nodes and intermediate nodes may be considered to be under-hung from the sink node. In order to implement 802.1x authentication deployment in a network conveniently, a user usually enables 802.1x authentication at a sink node, however, this approach requires the sink node to acquire the MAC address of each node that is hung down and write the acquired MAC address into an 802.1x MAC table. Because the sink node cannot automatically collect the MAC address, in the prior art, the MAC address of each node hung below the sink node is usually collected manually, and the MAC address of each node is manually configured on the sink node, which wastes time and labor and is low in efficiency.
Disclosure of Invention
In view of this, the present disclosure aims to provide a MAC address processing method, device and cascade networking system, which enable a convergence device to automatically collect MAC addresses of network devices that are hung down, and effectively improve the efficiency of the convergence device in collecting MAC addresses.
In order to achieve the above purpose, the technical scheme adopted by the disclosure is as follows:
in a first aspect, an embodiment of the present disclosure provides a MAC address processing method, where the method is applied to a cascade networking in an 802.1x authentication scenario, and a convergence device and a non-convergence device in the cascade networking both support an LLDP protocol, and the method includes: the non-convergence device monitors whether an LLDP message is received within a set time length, wherein the LLDP message comprises an extended TLV (threshold Length value), the extended TLV comprises an MAC (media access control) address field, and the MAC address field is used for recording the MAC address of each non-convergence device which sends the LLDP message; if the non-convergence device does not receive the LLDP message, the non-convergence device generates and sends the LLDP message, wherein an MAC address field of the LLDP message carries an MAC address of the non-convergence device; if the non-convergence device receives the LLDP message, the non-convergence device reconstructs the LLDP message to add an MAC address of the non-convergence device in an MAC address field of the LLDP message, and forwards the LLDP message through other ports except an input port of the LLDP message; and if the convergence device receives the LLDP message, writing the MAC address in the MAC address field into an 802.1x MAC table.
In a second aspect, an embodiment of the present disclosure provides an aggregation device in a cascaded networking system, where the cascaded networking system is a cascaded networking system in an 802.1x authentication scenario, and both an aggregation device and a non-aggregation device in the cascaded networking system support an LLDP protocol, and the aggregation device includes: the message receiving module is used for receiving the LLDP message; the LLDP message comprises an extended TLV (threshold Length value), wherein the extended TLV comprises an MAC address field, and the MAC address field is used for recording the MAC address of each non-convergence device which sends the LLDP message; and the MAC table writing module is used for writing the MAC address in the MAC address field of the LLDP message into an 802.1x MAC table.
In a third aspect, an embodiment of the present disclosure provides a non-convergence device in a cascaded networking, where the cascaded networking is a cascaded networking in an 802.1x authentication scenario, and both a convergence device and a non-convergence device in the cascaded networking support an LLDP protocol, and the non-convergence device includes: the monitoring module is used for monitoring whether an LLDP message is received within a set time length, wherein the LLDP message comprises an extended TLV (threshold Length value), the extended TLV comprises an MAC (media access control) address field, and the MAC address field is used for recording the MAC address of each non-convergence device which sends the LLDP message; the first message processing module is configured to generate and send the LLDP message if the LLDP message is not received, where an MAC address field of the LLDP message carries an MAC address of the non-convergence device; and the second message processing module is used for reconstructing the LLDP message to add an MAC address of the LLDP message to an MAC address field of the LLDP message if the LLDP message is received, and forwarding the LLDP message through other ports except an input port of the LLDP message so that the LLDP message reaches the convergence device, and triggering the convergence device to write the MAC address in the MAC address field into an 802.1x MAC table.
In a fourth aspect, an embodiment of the present disclosure provides a cascading networking system, where the cascading networking system is a cascading networking system in an 802.1x authentication scenario, and the system includes the aggregation device and the non-aggregation device.
The MAC address processing method, the equipment and the cascade networking system are applied to an 802.1x authentication scene, wherein non-convergence equipment (including edge equipment and intermediate equipment) can carry the MAC address of the non-convergence equipment through the extended TLV of the LLDP message, so that the convergence equipment obtains the MAC address of the non-convergence equipment from the LLDP message, the collection process of the MAC address is realized, compared with a mode of manually collecting the MAC address, the collection efficiency of the MAC address is effectively improved, and in addition, the expansion mode is carried out on the basis of the existing LLDP message, a new protocol does not need to be arranged on each network equipment (namely the convergence equipment and the non-convergence equipment), the realization mode is simple and reliable, and the popularization and the application are facilitated.
Additional features and advantages of the disclosure will be set forth in the description which follows, or in part may be learned by the practice of the above-described techniques of the disclosure, or may be learned by practice of the disclosure.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic diagram of a cascaded networking provided in an embodiment of the present disclosure;
fig. 2 is a flowchart of a MAC address processing method according to an embodiment of the present disclosure;
fig. 3 is a flowchart of a MAC address processing method at an intermediate node side according to an embodiment of the present disclosure;
fig. 4 is a flowchart of a MAC address processing method at a sink node side according to an embodiment of the present disclosure;
fig. 5 is a block diagram of a convergence device according to an embodiment of the present disclosure;
fig. 6 is a block diagram of a non-convergence device according to an embodiment of the present disclosure;
fig. 7 is a block diagram of a cascaded networking system according to an embodiment of the present disclosure;
fig. 8 is a block diagram of an edge device according to an embodiment of the present disclosure;
fig. 9 is a block diagram of an intermediate device according to an embodiment of the present disclosure;
fig. 10 is a schematic structural diagram of a network device according to an embodiment of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the embodiments of the present disclosure will be described clearly and completely with reference to the accompanying drawings, and it is to be understood that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by one of ordinary skill in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It should be noted that the above method embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other.
For better understanding of the technical solution of the present disclosure, an application environment of the present disclosure is first described below, referring to a schematic diagram of a cascaded networking shown in fig. 1, where each node in the networking may also be referred to as a device or a network device, for example, a sink node may also be referred to as a sink device, and an access node may also be referred to as an access device, and is represented by a node, where fig. 1 simply illustrates a sink node 1, a node 2, a node 3, an access node 4, an access node 5, an edge node 6, and a terminal PC 1. The terminal PC1 is connected to the access node 4 in the network through the edge node 6, and the node 2 is connected to the access node 4 and the access node 5, respectively, so that the node 2 can be regarded as a sink node, and the sink node 1 is connected to the node 2 and the node 3. The node 3 and the access node 5 may also be connected to other nodes, not illustrated in fig. 1. In the embodiment of the present invention, a node between the edge node and the aggregation node is referred to as an intermediate node, for example, the access node 4 is an intermediate node on a link where the edge node 6 and the node 2 are located. Each node may be a switch.
Typically, a plurality of other nodes are suspended below the sink node, such as an access node 4 and an access node 5 suspended below the sink node 2, and an edge node 6 suspended below the access node 4. In order to improve network security, each node on the 802.1x authentication link is usually adopted, and only the authenticated node can be accessed by the aggregation node. To simplify deployment, the 802.1x authentication function is typically deployed on the aggregation node, and therefore the aggregation node needs to collect MAC addresses of nodes on various links to implement 802.1x authentication.
Considering that the IEEE802.1x Protocol is an access control and Authentication Protocol based on a client to a server, an Authentication server needs to authenticate a client connected to each port of a network node, before the client is authenticated, the IEEE802.1x Protocol specifies that only EAPOL (Extensible Authentication Protocol, local area network-based extended Authentication Protocol), CDP (Cisco Discovery Protocol), LLDP (Link layer Discovery Protocol), and STP (Spanning Tree Protocol) traffic are allowed to pass through the port to reach the client, and after the Authentication is passed, regular traffic is allowed to pass through the port. Because LLDP occupies a small amount of traffic, is easy to expand, and is convenient and feasible to implement, in the embodiment of the present disclosure, an automatic collection process of an aggregation node for an MAC address is implemented based on an LLDP protocol, and specifically, a MAC address processing method, an MAC address processing device, and a cascade networking system are provided, which are described in detail in the following embodiments of the present disclosure.
Referring to a flowchart of a MAC address processing method shown in fig. 2, the method is applied to a cascade networking in an 802.1x authentication scenario, and a convergence device and a non-convergence device in the cascade networking both support an LLDP protocol, where the non-convergence device includes the edge device, the access device, and the intermediate device. The method comprises the following steps:
step S202, the non-convergence device monitors whether an LLDP message is received within a set time length, and if not, step S204 is executed; if yes, go to step S206;
the LLDP message contains an extended TLV, which includes an MAC address field for recording the MAC address of each non-convergence device that sends the LLDP message.
Step S204, the non-convergence device generates and sends an LLDP packet, where an MAC address field of the LLDP packet carries an MAC address of the non-convergence device.
Step S206, the non-convergence device reconstructs the LLDP packet to add its own MAC address to the MAC address field of the LLDP packet, and forwards the LLDP packet through other ports except the ingress port of the LLDP packet.
Step S208, if the convergence device receives the LLDP packet, writing the MAC address in the MAC address field into an 802.1x MAC table.
The non-convergence device (including the edge device and the intermediate device) in the MAC address processing method can carry the MAC address of the non-convergence device through the extended TLV of the LLDP message, so that the convergence device can obtain the MAC address of the non-convergence device from the LLDP message, and the collection process of the MAC address is realized.
The LLDP packet uses a neighbor discovery protocol, which enables network nodes such as switches, routers, and wlan aps to advertise their own presence to neighboring nodes, i.e., allows the network nodes to advertise their own device identifiers and capabilities in the local subnet, and stores the relevant information of each neighboring node. Specifically, LLDP provides a standard Link layer discovery method, which can organize information such as the main capability, management address, device identifier, and interface identifier of a network device into different TLVs (Type/Length/Value), and encapsulate them in LLDPDU (Link layer discovery Protocol Data Unit) to distribute them to neighboring devices. The TLVs are units forming the LLDPDU, each TLV represents one piece of information, and a value between 0 and 127 can be generally selected for a TLV type (type field), wherein TLVs of 9 to 126 are reserved TLVs, which are not used in the existing protocol, and the extended TLV in the embodiment of the present disclosure can be a TLV corresponding to any value between 9 and 126.
When the non-convergence device forwards the LLDP message, the non-convergence device may forward the LLDP message to other network devices from a port other than the port receiving the LLDP message, that is, one LLDP message may be copied in multiple copies and sent to different network devices from different ports, and each intermediate device in the cascade networking may forward the LLDP message according to this manner after reconstructing the LLDP message, so that the convergence device quickly collects the MAC address of each network device in the current cascade networking. Certainly, the intermediate device may also forward the LLDP packet from only one egress port or a limited number of egress ports, which is slightly lower in efficiency compared to the above forwarding method, and may reduce the flooding pressure of the LLDP packet in the cascaded networking to a certain extent. Based on this, the step of forwarding, by the non-convergence device, the LLDP packet through a port other than the ingress port of the LLDP packet includes: the non-convergence device broadcasts the LLDP message through other ports except the input port of the LLDP message; or the non-convergence device forwards the LLDP message through a specified other port except the input port of the LLDP message.
If the non-convergence device is an edge device in the cascade networking, when the method is implemented, the edge device may directly generate and send an LLDP message with an extended TLV with a set time duration as a period, and record the MAC address of the edge device through the extended TLV.
If the non-convergence device is an intermediate device in the cascade networking, when the method is implemented, the intermediate device may monitor whether an LLDP packet with an extended TLV is received within a set time period by starting a timer, and if the LLDP packet is received, perform an LLDP packet reconfiguration operation, where the reconfiguration operation may specifically include: adding a self MAC address in the MAC address field of the LLDP message, and modifying the address of the SA field of the LLDP message as the self MAC address; and after reconstructing the LLDP message, forwarding the LLDP message. And if the LLDP message is not received, generating and sending the LLDP message with the extended TLV, and recording the MAC address of the intermediate device through the extended TLV.
In the prior art, an LLDP packet is usually sent to an adjacent device of the device by one device, and the adjacent device does not forward the LLDP packet any more.
As shown in table 1, an encapsulation form of LLDP packet is mainly encapsulated in Ethernet II format.
TABLE 1
Figure BDA0001712381430000081
Wherein, DA represents the destination MAC address, LLDP-Multicast address represents the LLDP Multicast address, and the Multicast MAC address is usually 0x 0180-C200-000E.
The MAC address (MAC address) stored in the SA is a MAC address of a node that sends an LLDP packet, and specifically may be a port MAC address or a device MAC address of the node (if the port address is present, the port MAC address is used, otherwise, the device MAC address is used).
LLDP Ethertype (Ethertype field) is 0x88 CC; data corresponds to LLDPDU specifically; FCS denotes a frame check sequence. Table 1 also shows the number of bytes corresponding to each field in LLDP, where 1octet is 8 bits.
Considering that there are multiple levels of connections in the cascaded network, the standard LLDP protocol can only interact address information of two adjacent devices, and for the sink node deployed with 802.1x authentication, MAC address information of all the following cascaded network devices cannot be collected, so the embodiment of the present disclosure extends the LLDP TLV. Since the original LLDPDU has defined 9 to 126 as function reservation TLVs, the embodiment of the present disclosure may select one TLV from the function reservation TLVs for expansion, and in practical application, a TLV type field of the expanded TLV is a specific value, and the specific value is any value from 9 to 126.
When the non-convergence device forwards the LLDP message in sequence, adding its own MAC address in an MAC address field, where the MAC address field may be a group of address fields, starting from a first address field, and the group of address fields is used to record the MAC address of each non-convergence device that sends the LLDP message in sequence. For example, the TLV corresponding to the specific value of 100 is selected as the extended TLV, see the format of the extended TLV shown in table 2:
TABLE 2
Figure BDA0001712381430000091
Wherein, the TLV type represents TLV type, and the field type can be any value in 9-126. Since the disclosed embodiment has chosen the TLV with a specific value of 100, the TLV type is 100; the TLV information string length represents the TLV information string length; the Device address string length represents the length of the Device address string; devicemac address denotes the nth device MAC address. The second row in table 2 corresponds to the number of bytes occupied. Taking an edge node as the edge node 6 in fig. 1 as an example, the edge node 6 fills its MAC address into the Device MAC address1 in table 2.
For example, after the edge node 6 fills the MAC address of itself into the Device MAC address1 in the LLDP message, the LLDP message is sent to the access node 4, and the access node 4 adds the MAC address of itself to the Device MAC address2 in the LLDP message and continues to forward the LLDP message to the node 2. So far, the LLDP message received by the node 2 already records the MAC addresses of the edge node 6 and the access node 4 which are hung down, so that the 802.1x can authenticate the edge node 6 and the access node 4.
In addition, the MAC address field in the extended TLV may be only one field, and each node may be separated by a specific character when filling in its own address, such as recorded in the form of Device MAC address1-Device MAC address2-Device MAC address3- … -Device MAC address, or in the form of Device MAC address 1; device mac address 2; device mac address 3; …, respectively; device mac address and the like; at this time, the Device mac address1, Device mac address2, … Device mac address n in table 2 are not separately separated into different fields but are concentrated in one field.
The mode of recording the MAC address in the MAC address field of the extended TLV can orderly record the MAC address of each node in a link, and is convenient for the sink node to authenticate the node and maintain the MAC address based on the MAC address.
The LLDP message sent by the non-aggregation device may send the LLDP message according to configuration information pre-stored by the non-aggregation device, where the configuration information may be from the aggregation device, or may be pre-stored on the non-aggregation device in a cascade networking deployment stage or before deployment, for example, when the LLDP protocol is configured on the non-aggregation device, the configuration information is also configured on the non-aggregation device. Taking the example that the aggregation device sends the configuration information, the method may further include: (1) the convergence device sends an LLDP configuration message, wherein the LLDP configuration message comprises configuration information of the LLDP message, and the configuration information comprises configuration information of an extended TLV and/or configuration information of the set time; (2) and after receiving the LLDP configuration message, the non-convergence device sends the LLDP message according to the LLDP configuration message.
The configuration information included in the LLDP configuration packet may be flexibly configured according to needs, for example, the configuration information may only include configuration information of an extended TLV; alternatively, the configuration information may include only configuration information of a set time; or, the configuration information includes configuration information of the extended TLV and configuration information of the set time at the same time. In addition, the configuration information may also include configuration information on a forwarding policy for forwarding the LLDP packet, such as information about broadcast transmission or forwarding from only a limited number of egress ports.
The configuration information of the extended TLV may include, but is not limited to, a specific value used to configure a TLV type field of the extended TLV, a specific format of the extended TLV, and the like.
Referring to a flowchart of a MAC address processing method shown in fig. 3, the method is described by taking an example of the method applied to an intermediate node in a cascaded networking, and the method includes:
step S302, receiving LLDP message. The LLDP packet is transmitted to the intermediate node by the node under the intermediate node, which may be an edge node or an intermediate node.
Step S304, checking whether the LLDP message contains an extended TLV; the extended TLV includes a MAC address field for recording the MAC address of each network node sending the LLDP packet.
And if the TLV type value of the TLV carried by the LLDP message is the specific value, the LLDP message contains the extended TLV. Taking the specific value as 100 as an example, checking whether TLV type is equal to 100, if so, the LLDP packet contains the extended TLV, otherwise, the LLDP packet does not contain the extended TLV.
Step S306, if the LLDP message contains the extended TLV, the MAC address of the intermediate node is added to the MAC address field, and the address of the SA field of the LLDP message is modified to be the MAC address of the intermediate node.
For example, if the LLDP message is transmitted from the edge node 6 to the access node 4, the access node 4 acts as an intermediate node, and after receiving the LLDP message, the access node 4 fills the MAC address of the access node 4 in a Device MAC address2 of an extended TLV shown in table 2, where the Device MAC address1 in the extended TLV is filled with the MAC address of the edge node 6. In addition, since the SA field in the LLDP message transmitted to the access node 4 originally records the MAC address of the edge node 6, the access node 4 in the embodiment of the present disclosure replaces the address in the SA field in the LLDP message with the MAC address of the access node 4. That is, when receiving the LLDP packet containing the extended TLV, the intermediate node generally processes the following: (1) replacing the MAC address recorded in the SA field in the LLDP message with the MAC address of the LLDP message; (2) and adding the MAC address of the self into the extended TLV in the LLDP message.
Step S308, forwarding the LLDP packet, where the specific forwarding mode may be sent in a broadcast mode.
If the MAC address field in the extended TLV is a group of address fields, the manner of adding the MAC address of each node to the MAC address field may be: starting from the first address field, each network node sending an LLDP packet adds its own MAC address to the address field in turn. If the MAC address field in the extended TLV is an address field, the manner in which each node adds its own MAC address to the MAC address field may be: spaced apart by a specific character when filling out the own address, thereby being distinguished from MAC addresses of other nodes in the MAC address field.
In this way, when the LLDP is forwarded to the sink node of the cascaded network, the sink node can collect the MAC address of each node that is hung down from the extended LTV.
In the MAC address processing method provided in the embodiment of the present disclosure, the intermediate node may add its own MAC address to the LLDP packet including the extended TLV, and continue to forward the LLDP packet to the neighboring node until the LLDP packet reaches the sink node. The method can enable the LLDP to carry the MAC addresses of the nodes in the path, thereby realizing that the sink node automatically collects the MAC addresses of the nodes hung down and effectively improving the MAC address collection efficiency of the sink node.
Referring to a flowchart of a MAC address processing method shown in fig. 4, the method is described by taking an example of applying the method to a sink node in a tandem networking, and the method includes:
step S402, receiving LLDP message. The LLDP message is transmitted to the sink node by the node hung below the sink node. The node under-hung by the sink node may be an edge node or an intermediate node, and of course, may also be another sink node.
Step S404, checking whether the LLDP message contains an extended TLV; the extended TLV includes a MAC address field for recording the MAC address of each network node sending the LLDP packet.
Step S406, if the LLDP message contains the extended TLV, the MAC address in the MAC address field is written into the 802.1xMAC table.
The 802.1x MAC table is a MAC table in which a legitimate network node is recorded in the 802.1x authentication, and the 802.1x authentication may determine whether a network node passes the authentication according to whether a MAC address of a certain network node exists in the 802.1x MAC table. The sink node facilitates subsequent 802.1x MAC authentication by writing the MAC address into the 802.1x MAC table.
In the MAC address processing method provided in the embodiment of the present disclosure, when the received LLDP packet contains the extended TLV, the sink node may collect the MAC addresses of the off-hook nodes recorded by the extended TLV, and write the MAC addresses into the 802.1x MAC table, so as to perform 802.1x MAC-enabled authentication on the off-hook nodes. In the mode, the MAC addresses of the nodes hung down can be automatically collected by the sink node without manually configuring the MAC addresses of the nodes hung down on the sink node, and the MAC address collecting efficiency of the sink node is effectively improved.
When the sink node collects the MAC addresses of the nodes that are hanging down, the network node may be authenticated based on the 802.1x MAC table. During specific implementation, the sink node 2 may write all MAC addresses in the received LLDP TLV100 into the 802.1x MAC table, and the network node whose MAC address is written into the 802.1x MAC table may pass authentication and normally access the local area network.
Each entry of the 802.1x MAC table includes a group of MAC addresses, for example, an LLDP packet sent by the edge node 6, and after the sink node receives the LLDP packet, the sink node extracts the MAC address of the edge node 6 and the MAC address of the access node 4 from the LLDP packet, and records in the entry of the 802.1x MAC table: the MAC address of the edge node 6 and the MAC address of the access node 4; the order of recording the MAC addresses may be preset.
In addition, it is considered that the tandem networking may be changed due to reasons such as partial device failure, device replacement, and the like; after receiving the LLDP packet, the step of writing the MAC address in the MAC address field into the 802.1x MAC table by the sink device may include: checking whether the MAC address in the MAC address field has a matched table entry in an 802.1x MAC table; if not, adding the MAC address in the MAC address field into the table entry of the 802.1x MAC table; if yes, the matched table entry is modified by using the MAC address in the MAC address field, the modification mode can be adding the MAC address, deleting the MAC address, updating the MAC address and the like, and the network security can be further ensured by modifying the 802.1xMAC table in time.
Wherein, whether the MAC address in the MAC address field has a matching entry in the 802.1x MAC table may include: checking whether the MAC addresses in the MAC address field are all contained in a group of MAC addresses recorded in a certain table entry, and if so, determining that the MAC addresses are matched with the MAC addresses; otherwise, the two are considered to be mismatched.
Such as, table entry 1 was previously recorded in the 802.1x MAC table: the MAC address of the edge node 6 and the MAC address of the access node 4. If the edge node 6 fails, the LLDP packet is not sent out, but the access node 4 may still send the LLDP packet out and carry its own MAC address in the packet. If the MAC address in the MAC address field of the extended TLV of the LLDP packet received by the sink node 2 is only the MAC address of the access node 4, and does not contain the MAC address of the edge node 6 any more, and the MAC address of the access node 4 is contained in the entry 1, it indicates that the MAC address in the MAC address field matches the entry 1, the entry 1 is modified by using the MAC address in the MAC address field, that is, the address of the edge node 6 in the entry 1 is deleted, and the modified entry 1 is: MAC address of the access node 4.
And if the edge node 6 does not have a fault and the MAC address in the MAC address field is completely consistent with the table entry 1, refreshing the table entry 1 by using the MAC address in the MAC address field.
If the access node 4 fails, the sink node 2 does not receive the LLDP packet of the link where the edge node 6 is located any more, and the sink node 2 deletes the entry 1 after a specified time length.
With reference to fig. 2 to 4, fig. 1 is explained as follows:
firstly, the edge node 6 generates an LLDP message; the LLDP message contains an extended TLV, the extended TLV comprises an MAC address field, and the MAC address field is used for recording the MAC address of each network node which sends the LLDP message. For example, the MAC address of the edge node 6 fills in the Device MAC address1 of Table 2.
Then, the edge node 6 transmits the generated LLDP packet to the connected access node 4. The access node 4 is used as an intermediate node, after receiving the LLDP message, firstly, it checks whether the LLDP message contains the extended TLV, if yes, adds the MAC address of the access node 4 in the MAC address field, and modifies the address of the SA field of the LLDP message to the MAC address of the access node 4, and then sends the LLDP message to the next node connected. For example, when the access node 4 determines that the LLDP message contains the extended TLV, the access node 4 adds its MAC address to the Device MAC address2 in the extended TLV, modifies the MAC address of the edge node 6 originally recorded in the SA field in the LLDP message to the MAC address of the access node 4, and then sends the LLDP message to the sink node 2.
It should be noted that, when the access node 4 sends the LLDP packet, the LLDP packet is not returned to the edge node 6 through the port that receives the LLDP packet, but the access node uses another port to send the LLDP packet outwards, such as to the node 2 and other nodes not shown in fig. 1 that are connected to the access node 4; that is, the access node 4 sends the LLDP packet to the outside through all other ports except the port receiving the LLDP packet.
The sink node 2 is connected with the access node 4, so that the sink node 2 receives the LLDP message, checks whether the LLDP message contains an extended TLV, and if so, writes the MAC address located in the MAC address field in the extended TLV into the 802.1x MAC table, where the 802.1x MAC table records the MAC address of the edge node 2 and the MAC address of the access node 4, and can authenticate the edge node 2 and the access node 4.
In summary, the present embodiment extends the TLV of the LLDP, and defines the extended format of the MAC address of the device in the extended TLV. Moreover, by using the MAC address processing method provided in this embodiment, each node in the cascaded networking can add its own MAC address in the extended TLV in an additional manner, so that the sink node can acquire the MAC address of each node that is hung down without manual configuration, which is also helpful for improving the MAC address collection efficiency on the basis of reducing the labor cost, and the extended manner is performed on the basis of the existing LLDP packet without laying a new protocol on each node, so that the implementation manner is simple and reliable, and is beneficial to popularization and application.
Corresponding to the foregoing method implementation, the present disclosure also provides an aggregation device in a cascade networking system, where the cascade networking system is a cascade networking system in an 802.1x authentication scenario, and both the aggregation device and a non-aggregation device in the cascade networking system support an LLDP protocol, referring to a structural block diagram of the aggregation device shown in fig. 5, the aggregation device includes the following modules:
a message receiving module 52, configured to receive an LLDP message; the LLDP message comprises an extended TLV (threshold Length value), wherein the extended TLV comprises an MAC address field, and the MAC address field is used for recording the MAC address of each non-convergence device which sends the LLDP message;
a MAC table writing module 54, configured to write the MAC address in the MAC address field of the LLDP packet into the 802.1x MAC table.
The embodiment of the present disclosure further provides a non-convergence device in a cascade networking, where the cascade networking is a cascade networking in an 802.1x authentication scenario, and both the convergence device and the non-convergence device in the cascade networking support an LLDP protocol, see a structural block diagram of the non-convergence device shown in fig. 6, where the non-convergence device includes the following modules:
a monitoring module 62, configured to monitor whether an LLDP packet is received within a set time length, where the LLDP packet includes an extended TLV, where the extended TLV includes an MAC address field, and the MAC address field is used to record an MAC address of each non-convergence device that sends the LLDP packet;
a first packet processing module 64, configured to generate and send an LLDP packet if the LLDP packet is not received, where an MAC address field of the LLDP packet carries an MAC address of the non-convergence device;
the second packet processing module 66 is configured to, if the LLDP packet is received, reconstruct the LLDP packet to add an MAC address of the LLDP packet to an MAC address field of the LLDP packet, and forward the LLDP packet through a port other than an ingress port of the LLDP packet, so that the LLDP packet reaches the sink device, and trigger the sink device to write the MAC address in the MAC address field into the 802.1x MAC table.
The embodiment of the present disclosure further provides a cascading networking system, which is a cascading networking system in an 802.1x authentication scenario, and refer to a block diagram of a structure of the cascading networking system shown in fig. 7, where the system includes a convergence device 50 and a non-convergence device 60, and structures of the convergence device 50 and the non-convergence device 60 are as described above, and are not described herein again.
If the non-convergence device is an edge device, referring to the structural block diagram of the edge device shown in fig. 8, the edge device includes:
a message generating module 82, configured to generate an LLDP message; the LLDP message contains an extended TLV, the extended TLV comprises an MAC address field, and the MAC address field is used for recording the MAC address of each non-convergence device which sends the LLDP message.
In one embodiment, the TLV type field of the extended TLV is a specific value, the specific value being any of 9 to 126. The MAC address field may be a group of address fields, starting from the first address field and starting from the first address field, where the group of address fields is used to sequentially record the MAC address of each non-convergence device that sends the LLDP packet.
The message sending module 84 is configured to send the LLDP message to a next device connected to the edge device, so that the next device adds its own MAC address in the MAC address field, and continues to forward the LLDP message until the LLDP message reaches the sink device of the cascade networking.
The edge device provided by the embodiment of the disclosure can generate an LLDP message with an extended TLV, and records the MAC address of each device through the extended TLV, so that the collection process from the edge device to each device MAC address on a link where the convergence device is located is realized.
If the non-convergence device is an intermediate device, referring to a structural block diagram of the intermediate device shown in fig. 9, the intermediate device includes:
a message receiving module 92, configured to receive an LLDP message;
a packet checking module 94, configured to check whether the LLDP packet includes an extended TLV; the extended TLV comprises an MAC address field, wherein the MAC address field is used for recording the MAC address of each network device which sends the LLDP message;
an address adding module 96, configured to add an MAC address of the intermediate device in the MAC address field if the LLDP packet includes the extended TLV, and modify an address of an SA field of the LLDP packet to be the MAC address of the intermediate device;
and the message sending module 98 is configured to send the LLDP message to a next device connected to the intermediate device, so that the next device adds its own MAC address according to the extended TLV and continues to forward the LLDP message until the LLDP message reaches the sink device of the cascade networking.
In the MAC address processing apparatus of the network device provided in the embodiment of the present disclosure, the intermediate device may add the MAC address of the intermediate device to the LLDP packet including the extended TLV, and continue to forward the LLDP packet to the neighboring device until the LLDP packet reaches the aggregation device. The method can record the MAC addresses of the devices hung down by the convergence device when the LLDP message is transmitted to the convergence device from the edge device, thereby realizing that the convergence device automatically collects the MAC addresses of the devices hung down, effectively improving the MAC address collection efficiency of the convergence device, and expanding the existing LLDP message without laying new protocols on the devices.
The implementation principle and the generated technical effect of the MAC address processing apparatus of the network node provided in the embodiment of the present disclosure are the same as those of the foregoing method embodiment, and for brief description, reference may be made to corresponding contents in the foregoing method embodiment for the fact that no part of the embodiment corresponding to the aggregation device and the non-aggregation device is mentioned.
The disclosed embodiment also provides a network device, which comprises a processor and a machine-readable storage medium, wherein the machine-readable storage medium stores machine-executable instructions capable of being executed by the processor, and the processor executes the machine-executable instructions to realize the MAC address processing method. In one embodiment, a machine-readable storage medium stores machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the above-described method.
Referring to fig. 10, a schematic diagram of a network device is shown, which includes a memory 100 and a processor 101; the memory 100 is a machine-readable storage medium, and is configured to store one or more computer instructions, where the one or more computer instructions are executed by the processor to implement the steps executed by the convergence device and the steps executed by the non-convergence device in the MAC address processing method.
Further, the network device shown in fig. 10 further includes a bus 102 and a communication interface 103, and the processor 101, the communication interface 103, and the memory 100 are connected by the bus 102.
The Memory 100 may include a high-speed Random Access Memory (RAM) and may further include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 103 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, and the like can be used. The bus 102 may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 10, but this does not indicate only one bus or one type of bus.
The processor 101 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 101. The Processor 101 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component. The various methods, steps, and logic blocks disclosed in the embodiments of the present disclosure may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present disclosure may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 100, and the processor 101 reads the information in the memory 100, and completes the steps of the method of the foregoing embodiment in combination with the hardware thereof.
Finally, it should be noted that: the above-mentioned embodiments are merely specific embodiments of the present disclosure, which are used for illustrating the technical solutions of the present disclosure and not for limiting the same, and the scope of the present disclosure is not limited thereto, and although the present disclosure is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive of the technical solutions described in the foregoing embodiments or equivalent technical features thereof within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present disclosure, and should be construed as being included therein. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (10)

1. A MAC address processing method is applied to cascade networking in an 802.1x authentication scene, and convergence equipment and non-convergence equipment in the cascade networking support a Link Layer Discovery Protocol (LLDP), and the method comprises the following steps:
the non-convergence device monitors whether an LLDP message is received within a set time length, wherein the LLDP message comprises an extended type length value TLV (threshold Length value), the extended TLV comprises an MAC address field, and the MAC address field is used for recording the MAC address of each non-convergence device which sends the LLDP message;
if the non-convergence device does not receive the LLDP message, the non-convergence device generates and sends the LLDP message, wherein an MAC address field of the LLDP message carries an MAC address of the non-convergence device;
if the non-convergence device receives the LLDP message, the non-convergence device reconstructs the LLDP message to add an MAC address of the non-convergence device in an MAC address field of the LLDP message, and forwards the LLDP message through other ports except an input port of the LLDP message;
and if the convergence equipment receives the LLDP message, writing the MAC address in the MAC address field into an 802.1xMAC table.
2. The method of claim 1, further comprising:
the convergence device sends an LLDP configuration message, wherein the LLDP configuration message comprises configuration information of the LLDP message, and the configuration information comprises configuration information of an extended TLV and/or configuration information of the set duration;
and after receiving the LLDP configuration message, the non-convergence device sends the LLDP message according to the LLDP configuration message.
3. The method according to claim 1, wherein the step of the non-convergence device reconstructing the LLDP packet to add its own MAC address to the MAC address field of the LLDP packet comprises:
and the non-convergence device adds the MAC address of the non-convergence device in the MAC address field of the LLDP message, and modifies the address of the SA field of the LLDP message into the MAC address of the non-convergence device.
4. The method according to claim 1, wherein the step of forwarding the LLDP packet by the non-convergence device through a port other than the ingress port of the LLDP packet comprises:
the non-convergence device broadcasts the LLDP message through other ports except the input port of the LLDP message; or
And the non-convergence equipment forwards the LLDP message through a specified other port except the input port of the LLDP message.
5. The method of claim 1, further comprising:
the aggregation device authenticates the non-aggregation device based on an 802.1x MAC table.
6. The method according to claim 1, wherein the TLV type field of the extended TLV is a specific value, and wherein the specific value is any of 9 to 126.
7. The method of claim 1, wherein the MAC address field is a set of address fields, starting with a first address field, and the set of address fields is used for sequentially recording the MAC address of each non-convergence device that sends the LLDP packet.
8. An aggregation device in a cascaded networking, wherein the cascaded networking is cascaded networking in an 802.1x authentication scenario, and both an aggregation device and a non-aggregation device in the cascaded networking support a Link Layer Discovery Protocol (LLDP), and the aggregation device comprises:
the message receiving module is used for receiving the LLDP message; the LLDP message comprises an extended type length value TLV, wherein the extended TLV comprises an MAC address field, and the MAC address field is used for recording the MAC address of each non-convergence device which sends the LLDP message;
and the MAC table writing module is used for writing the MAC address in the MAC address field of the LLDP message into an 802.1x MAC table.
9. A non-convergence device in a cascade networking is characterized in that the cascade networking is in an 802.1x authentication scene, the convergence device and the non-convergence device in the cascade networking both support a Link Layer Discovery Protocol (LLDP), and the non-convergence device comprises:
the monitoring module is used for monitoring whether an LLDP message is received within a set time length, wherein the LLDP message comprises an extended type length value TLV (threshold Length value), the extended TLV comprises an MAC address field, and the MAC address field is used for recording the MAC address of each non-convergence device which sends the LLDP message;
the first message processing module is configured to generate and send the LLDP message if the LLDP message is not received, where an MAC address field of the LLDP message carries an MAC address of the non-convergence device;
and the second message processing module is used for reconstructing the LLDP message to add an MAC address of the LLDP message to an MAC address field of the LLDP message if the LLDP message is received, and forwarding the LLDP message through other ports except an input port of the LLDP message so that the LLDP message reaches the convergence device, and triggering the convergence device to write the MAC address in the MAC address field into an 802.1x MAC table.
10. A cascading networking system in an 802.1x authentication scenario, the system comprising the aggregation device of claim 8 and comprising the non-aggregation device of claim 9.
CN201810692460.3A 2018-06-28 2018-06-28 MAC address processing method, equipment and cascade networking system Active CN108809767B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810692460.3A CN108809767B (en) 2018-06-28 2018-06-28 MAC address processing method, equipment and cascade networking system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810692460.3A CN108809767B (en) 2018-06-28 2018-06-28 MAC address processing method, equipment and cascade networking system

Publications (2)

Publication Number Publication Date
CN108809767A CN108809767A (en) 2018-11-13
CN108809767B true CN108809767B (en) 2020-09-15

Family

ID=64071379

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810692460.3A Active CN108809767B (en) 2018-06-28 2018-06-28 MAC address processing method, equipment and cascade networking system

Country Status (1)

Country Link
CN (1) CN108809767B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115567441A (en) * 2019-11-05 2023-01-03 华为技术有限公司 Method, device and system for generating forwarding information
CN113904857A (en) * 2021-10-17 2022-01-07 济南浪潮数据技术有限公司 Method, device and equipment for filtering data packets in local area network and readable medium
CN114157475B (en) * 2021-11-30 2023-09-19 迈普通信技术股份有限公司 Equipment access method and device, authentication equipment and access equipment
CN116996341B (en) * 2023-09-26 2023-12-19 深圳市顾美科技有限公司 Device management method, device, terminal device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8402120B1 (en) * 2010-11-04 2013-03-19 Adtran, Inc. System and method for locating and configuring network device
CN103259728A (en) * 2013-05-24 2013-08-21 华为技术有限公司 OFS in-band communication method and OFS
CN107465622A (en) * 2017-10-09 2017-12-12 安徽皖通邮电股份有限公司 A kind of method and system that discovering network topology is realized using LLDP
CN107493188A (en) * 2017-07-31 2017-12-19 江西山水光电科技股份有限公司 A kind of DCN management methods of data communication network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8402120B1 (en) * 2010-11-04 2013-03-19 Adtran, Inc. System and method for locating and configuring network device
CN103259728A (en) * 2013-05-24 2013-08-21 华为技术有限公司 OFS in-band communication method and OFS
CN107493188A (en) * 2017-07-31 2017-12-19 江西山水光电科技股份有限公司 A kind of DCN management methods of data communication network
CN107465622A (en) * 2017-10-09 2017-12-12 安徽皖通邮电股份有限公司 A kind of method and system that discovering network topology is realized using LLDP

Also Published As

Publication number Publication date
CN108809767A (en) 2018-11-13

Similar Documents

Publication Publication Date Title
CN108809767B (en) MAC address processing method, equipment and cascade networking system
US8140654B2 (en) Verifying management virtual local area network identifier provisioning consistency
CN107800602B (en) Message processing method, device and system
US6801506B1 (en) Method and apparatus for providing fast spanning tree re-starts
US10212004B2 (en) Method for implementing GRE tunnel, access device and aggregation gateway
US20210014158A1 (en) Network Device Management Method and Apparatus, and System
US20130103836A1 (en) Centralized Configuration with Dynamic Distributed Address Management
US7733807B2 (en) Systems and methods for accelerated learning in ring networks
US11063810B2 (en) Information notification method and device
CN106789527B (en) Private network access method and system
WO2017054576A1 (en) Unicast tunnel building method, apparatus and system
CN105791072A (en) Access method and device of Ethernet virtual network
CN112187647B (en) Message forwarding method, message forwarding equipment and computer readable storage medium
WO2021013233A1 (en) Evpn packet forwarding method, system, storage medium, and terminal
WO2009082978A1 (en) Access network protecting method, system and access edge node
EP3817285B1 (en) Method and device for monitoring forwarding table entry
JP5678678B2 (en) Provider network and provider edge device
CN105471725A (en) Routing method and routing device for traversing autonomous system
CN116633585A (en) Message processing method, UP device and CP device
Cisco Cisco IOS Commands
US8351348B2 (en) Value-adoption and value-translation for automatic provisioning of port parameters
CN112929193B (en) Method and apparatus for configuring aging time of medium access control address
Cisco Cisco IOS Commands
Cisco Cisco IOS Commands
Cisco Cisco IOS Commands - s

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant