CN109257265B

CN109257265B - Flooding suppression method, VXLAN bridge, gateway and system

Info

Publication number: CN109257265B
Application number: CN201810912058.1A
Authority: CN
Inventors: 林伟
Original assignee: Ruijie Networks Co Ltd
Current assignee: Ruijie Networks Co Ltd
Priority date: 2018-08-10
Filing date: 2018-08-10
Publication date: 2021-04-20
Anticipated expiration: 2038-08-10
Also published as: CN109257265A

Abstract

The embodiment of the invention provides a flooding suppression method, a VXLAN bridge, a gateway and a system. The method comprises the following steps: receiving a first ARP request message sent by a Virtual Machine (VM), and determining a destination IP address; if the target IP address is judged to be the non-gateway IP address, matching a first ARP suppression table entry stored locally, wherein the first ARP suppression table entry is determined according to a second ARP suppression table entry issued by the VXLAN gateway; and if the matching is successful, generating a first ARP response message based on the first ARP suppression table entry. In the embodiment of the invention, the VXLAN bridge determines the ARP suppression table entries stored locally according to the ARP suppression table entries issued by the VXLAN gateway, and when the VXLAN bridge receives the ARP request broadcast message, the target VM is searched from the ARP suppression table entries stored locally, and then the target VM is directly searched to respond to the ARP message in an agent manner, so that the flooding of the ARP flooding message in the VXLAN network is avoided.

Description

Flooding suppression method, VXLAN bridge, gateway and system

Technical Field

The embodiment of the invention relates to the technical field of computer communication, in particular to a flooding suppression method, a VXLAN bridge, a gateway and a system.

Background

A Virtual eXtensible local area network (VXLAN), which is a virtualized network technology, establishes a Virtual ethernet over a physical ip (underlay) network, and encapsulates the VXLAN by using a method of MAC (Media Access control, physical address) in UDP (User Datagram Protocol), which is a 50-byte encapsulated header. The Network access device has a 24-bit VXLAN Network Identifier VNI (virtual extended Local Network Identifier), breaks through the limit of 4096 isolated networks which can be represented by a VLAN (virtual Local Area Network) which is widely adopted at present, enables a user to create 16777216 mutually isolated virtual networks, and can meet the requirements of multi-tenant environment and scale extension. VNIs are used to represent different VXLAN network segments instead of VLANs, and only Virtual hosts or Virtual Servers (VMs) having the same VNI and located in the same VXLAN network segment can communicate with each other.

Fig. 1 is a schematic diagram of a VXLAN network in the prior art, as shown in fig. 1, the VXLAN network includes a backbone switch (Spine), a VXLAN Tunnel node (VTEP), a Border node (Border Leaf), an external router, a virtual switch (Vswitch), and a virtual machine VM, the VTEP encapsulates data generated by the virtual machine VM into a UDP header and sends the data, and a MAC address and VLAN information of the virtual machine itself are not used as a basis for data forwarding after being encapsulated. In a data center network, VTEP is generally referred to as a VXLAN switch. Data is transmitted between the VTEPs through a VXLAN tunnel, wherein the VXLAN tunnel is a logical tunnel for completing the transmission of VXLAN encapsulation messages between the two VTEPs. After a service message enters a VXLAN tunnel and is encapsulated by a VXLAN head, a UDP head and an IP head, the encapsulated message is transparently transmitted to a far-end VTEP through three-layer forwarding, and the far-end VTEP carries out tunnel decapsulation processing on the encapsulated message.

In the VXLAN Network, the VTEP may use an Ethernet Virtual Private Network (EVPN) protocol to establish and maintain a VXLAN tunnel, and learn address information of a remote device. EVPN is a Network technology defined by RFC7432, and uses Border Gateway Protocol (BGP) as an upper layer control Protocol, so that the topology of Virtual Private Network (VPN) is more flexible.

The EVPN protocol mutually synchronizes EVPN routes through BGP, wherein several commonly used EVPN route types comprise:

VTEP equipment mutually perceives by using EVPN3 type routes and establishes a VXLAN tunnel;

VTEP apparatus uses EVPN2 type route to synchronize local VM information, including MAC table entry, ARP table entry, etc., learned among VTEP each other;

EVPN 5-type routing the VTEP devices use EVPN 5-type routing to synchronize network routing information with each other between VTEPs.

VXLAN networks are divided into two architectures: a VXLAN centralized deployment architecture and a VXLAN distributed deployment architecture, fig. 2 is a schematic diagram of a VXLAN centralized deployment architecture in the prior art, and as shown in fig. 2, the VXLAN centralized deployment architecture is similar to a conventional ethernet (access layer-core layer) deployment architecture, and divides VTEP devices in an overlay network into two layers: VXLAN bridges and VXLAN gateways. The VXLAN bridge is the first VTEP device accessed by the virtual machine VM, and the VNI is configured on the VXLAN bridge, so that the VM can be mapped to the VNI through an accessed port and the VLAN. Messages sent by the VMs are all encapsulated into VXLAN messages at the VXLAN bridge and forwarded to other VTEP devices, including other VXLAN bridges or VXLAN gateways, through the VXLAN tunnel. Similar to bridges in physical (underlay) networks, VXLAN bridges can only perform VXLAN two-layer forwarding, i.e., based on a VXLAN MAC address table, two-layer forwarding is performed in the same VNI, and VXLAN bridges cannot perform VXLAN three-layer forwarding. The VXLAN gateway is a VTEP device that deploys the gateway. As shown in fig. 2, the VXLAN gateway is typically not directly connected to the VM (also called a server), and the VXLAN gateway interconnects all VXLAN bridges and establishes a VXLAN tunnel. The message from the VM equipment needs to be encapsulated into a VXLAN message through a VXLAN bridge, and the VXLAN message reaches a VXLAN gateway after being forwarded through a VXLAN tunnel. The VXLAN gateway can perform three-layer Forwarding of a VXLAN packet, which is the same as a core gateway in an underlay network, that is, perform three-layer Forwarding across VNIs based on a VXLAN Routing table (VRF Virtual Routing Forwarding, abbreviated as VRF) and an Address Resolution Protocol (ARP) adjacency table.

Fig. 3 is a schematic diagram of a VXLAN distributed deployment architecture in the prior art, and as shown in fig. 3, in the VXLAN distributed deployment architecture, an overlay network discards a layered architecture of a conventional network, and configures a VTEP as an IRB (integrated Router & Bridge Gateway) distributed Gateway, so as to implement fusion of access and Gateway functions. As shown in fig. 3, the IRB gateway device has both VXLAN bridge function and VXLAN gateway function, and a VM can perform two-layer or three-layer forwarding through a VXLAN tunnel established between IRB devices as long as the VM is connected to the IRB devices.

In a VXLAN network, since the network topology has a large two-layer structure, the broadcast domain of each VNI will be extended to all VTEP devices that deploy the VNI, thereby bringing about ARP flooding problem: for example, when a VM sends an ARP request packet of a two-layer broadcast to request the MAC address of another VM, the ARP request packet will be flooded to all VTEP devices in the VNI broadcast domain to which the VM belongs, and for a large data center network, the number of VTEP devices is as large as several hundred, so that one ARP request packet will be copied to several hundred parts and flooded into the VXLAN network, thereby placing a heavy burden on the network.

This problem is exacerbated in VXLAN centralized deployment architectures. In the centralized deployment architecture, the VTEP device directly connected to the server is a VXLAN bridge, and the VXLAN bridge itself does not deploy three-layer gateways, cannot learn ARP entries, and cannot respond to ARP messages, so that the VXLAN bridge can only flood the entire network unconditionally after receiving the ARP request message, including other VXLAN bridges and VXLAN gateways. Fig. 4 is a schematic diagram illustrating ARP request message flooding in a VXLAN centralized deployment architecture in the prior art, as shown in fig. 4, a VM1 sends an ARP request message to request ARP information of a VM 5. Although the VXLAN gateway already has ARP information for VM5, the ARP request message is still flooded on VXLAN bridge VTEP1 to all VTEPs of the whole network, including VTEP2, VTEP3, and VTEP4, and on each VTEP to all host VMs associated under it.

For the ARP flooding problem of VXLAN networks, there are currently two solutions: (1) using a Software Defined Network (SDN) controller to perform ARP suppression, namely uploading all ARP messages to the SDN controller by a VXLAN bridge and proxying ARP responses by the SDN controller; (2) and (3) inhibiting on a VXLAN distributed gateway directly connected with the server, namely intercepting all ARP request messages sent by the direct connection server by the VXLAN distributed gateway, searching a locally stored host ARP table entry, and responding the MAC of a target host requested by the ARP to the server through an ARP response message.

However, the first scheme is only applicable to a data center network with an SDN controller deployed, and cannot be applied to a data center network without an SDN controller deployed, and a large number of ARP messages are uploaded to the SDN controller, which causes a huge burden on the performance of the SDN controller, while the second scheme is only applicable to a VXLAN distributed VXLAN network scenario, and cannot be applied to a centralized VXLAN network scenario.

Disclosure of Invention

Aiming at the defects in the prior art, the embodiment of the invention provides a flooding suppression method, a VXLAN bridge, a gateway and a system.

In a first aspect, an embodiment of the present invention provides a method for suppressing flooding, which is applied to an extensible virtual local area network VXLAN, and includes:

receiving a first ARP request message of an address resolution protocol sent by a Virtual Machine (VM), analyzing the first ARP request message, and determining a target IP address;

if the target IP address is judged and known to be a non-gateway IP address, matching a first ARP suppression table entry stored locally according to the target IP address, wherein the first ARP suppression table entry is determined according to a second ARP suppression table entry issued by a VXLAN gateway;

and if the matching is successful, generating a first ARP response message containing a destination MAC address corresponding to the destination IP address based on the first ARP suppression table entry, packaging the first ARP response message into a VXLAN unicast message, and sending the VXLAN unicast message to the virtual machine VM.

The above flooding suppressing method optionally further comprises:

if the target IP address is judged to be the gateway IP address, unicasting the first ARP request message to a VXLAN gateway so that the VXLAN gateway generates a first ARP response message containing a gateway MAC address, acquiring an ARP table entry of the virtual machine VM, adding the ARP table entry of the virtual machine VM in a second ARP suppression table entry stored locally, and issuing the updated second ARP suppression table entry to all VXLAN bridges in the VXLAN network;

receiving a first ARP response message and a second ARP suppression table item sent by the VXLAN gateway;

unicasting the first ARP response message to the virtual machine VM;

and synchronizing the first ARP suppression table entry stored locally according to the second ARP suppression table entry.

The above flooding suppressing method optionally further comprises:

if the matching fails, unicasting the first ARP request message to a VXLAN gateway so that the VXLAN gateway determines a target VM according to the target IP address, generating a second ARP request message containing the target IP address, flooding the second ARP request message to all virtual machines VM in the VXLAN network, acquiring an ARP table entry of the target VM according to a received second ARP response message, adding the ARP table entry of the target VM into a second ARP suppression table entry stored locally, and issuing the updated second ARP suppression table entry to all LAN VXbridges in the VXLAN network, wherein the source MAC address of the second ARP request message is a gateway MAC address;

receiving a second ARP suppression table entry sent by the VXLAN gateway;

according to the second ARP suppression table entry, synchronizing a first ARP suppression table entry stored locally;

and generating a first ARP reply message containing a destination MAC address corresponding to the destination IP address according to the synchronized first ARP suppression table entry, and unicasting the first ARP reply message to the virtual machine VM.

The above flooding suppressing method optionally further comprises:

caching the first ARP request message, and if a second ARP suppression table entry containing a target VM in the first ARP request message is not received in a first preset time period, deleting the first ARP request message;

correspondingly, the generating a first ARP reply packet including a destination MAC address corresponding to the destination IP address according to the first ARP suppression table entry, and unicasting the first ARP reply packet to the virtual machine VM includes:

and generating a first ARP response message containing a target MAC address corresponding to the target IP address according to the cached first ARP request message and the synchronized first ARP suppression table entry, and unicasting the first ARP response message to the virtual machine VM.

Optionally, before receiving the first ARP request packet of the address resolution protocol sent by the virtual machine VM, the method for suppressing flooding further includes:

receiving a second ARP suppression table item issued by the VXLAN gateway, wherein the second ARP suppression table item comprises an ARP table item of the VXLAN gateway;

and establishing a first ARP suppression table entry according to the second ARP suppression table entry.

In a second aspect, another embodiment of the present invention provides a method for suppressing flooding, applied to a VXLAN, which includes:

receiving a first ARP request message of an address resolution protocol sent by a virtual machine VM forwarded by a VXLAN bridge;

analyzing the first ARP request message, and determining a target IP address corresponding to the first ARP request message;

if the destination IP address is judged to be the gateway IP address, generating a first ARP response message containing a gateway MAC address, packaging the first ARP response message into a VXLAN unicast message, and sending the VXLAN unicast message to the VXLAN bridge so that the VXLAN bridge can unicast the first ARP response message to the virtual machine VM;

acquiring an ARP (address resolution protocol) table entry of the virtual machine VM, and adding the ARP table entry of the virtual machine VM in a second ARP suppression table entry which is locally stored;

and sending the updated second ARP suppression table entry to all VXLAN bridges in the VXLAN so that the VXLAN bridges synchronize the first ARP suppression table entries stored locally according to the second ARP suppression table entry.

The above flooding suppressing method optionally further comprises:

if the destination IP address is judged and known to be a non-gateway IP address, determining a destination VM according to the destination IP address, and generating a second ARP request message containing the destination IP address, wherein the source MAC address of the second ARP request message is a gateway MAC address;

flooding the second ARP request message to all Virtual Machines (VM) in the VXLAN network;

receiving a second ARP response message corresponding to the second ARP request message;

acquiring an ARP table entry of the target VM according to the second ARP response message;

adding the ARP table entry of the target VM in a second ARP suppression table entry which is locally stored;

and sending the updated second ARP suppression table entry to all VXLAN bridges in the VXLAN, so that the VXLAN bridges synchronize the locally stored first ARP suppression table entries according to the second ARP suppression table entry, and generate a first ARP response message according to the first ARP suppression table entries.

The above flooding suppressing method optionally further comprises:

if the ARP table entry of the virtual machine VM in the second ARP suppression table entry is not updated in a second preset time period, generating a third ARP request message, wherein the destination IP address of the third ARP request message is the IP address of the virtual machine VM, and the source MAC address is the gateway MAC address;

sending the third ARP request message to a VXLAN bridge corresponding to the virtual machine VM, so that the VXLAN bridge can flood the third ARP request message to all virtual machine VMs corresponding to the third ARP request message;

if a third ARP response message corresponding to the third ARP request message is not received, deleting the ARP table entry of the virtual machine VM from the second ARP suppression table entry;

and sending the updated second ARP suppression table entry to all VXLAN bridges in the VXLAN network so that the VXLAN bridges synchronize the first ARP suppression table entries stored locally according to the second ARP suppression table entry.

As above, optionally, before receiving the first ARP request packet sent by the virtual machine VM forwarded by the VXLAN bridge, the method for suppressing flooding further includes:

acquiring an ARP table entry of a gateway;

establishing a second ARP suppression table entry, and adding the ARP table entry of the gateway into the second ARP suppression table entry;

and sending the second ARP suppression table entry to all VXLAN bridges in the VXLAN network so that the VXLAN bridges can establish a first ARP suppression table entry according to the second ARP suppression table entry.

In a third aspect, an embodiment of the present invention provides a VXLAN bridge, applied to a VXLAN in an extensible virtual local area network, including:

the first receiving module is used for receiving a first ARP request message of an address resolution protocol sent by the virtual machine VM, analyzing the ARP request message and determining a target IP address;

the matching module is used for matching a first ARP suppression table entry which is locally stored according to the target IP address if the target IP address is judged to be the non-gateway IP address, wherein the first ARP suppression table entry is determined according to a second ARP suppression table entry issued by a VXLAN gateway;

and the first response module is used for generating a first ARP response message containing a target MAC address corresponding to the target IP address based on the first ARP suppression table entry if the matching is successful, packaging the first ARP response message into a VXLAN unicast message, and sending the VXLAN unicast message to the virtual machine VM.

In a fourth aspect, an embodiment of the present invention provides a VXLAN gateway applied to a VXLAN in an extensible virtual local area network, including:

the second receiving module is used for receiving a first ARP request message of an address resolution protocol sent by the virtual machine VM forwarded by the VXLAN bridge;

the analysis module is used for analyzing the first ARP request message and determining a target IP address corresponding to the first ARP request message;

the second response module is used for generating a first ARP response message containing a gateway MAC address if the destination IP address is judged to be the gateway IP address, packaging the first ARP response message into a VXLAN unicast message, and sending the VXLAN unicast message to the VXLAN bridge so that the VXLAN bridge can unicast the first ARP response message to the virtual machine VM;

the updating module is used for acquiring the ARP table entry of the virtual machine VM and adding the ARP table entry of the virtual machine VM into a second ARP suppression table entry stored locally;

and the synchronization module is used for sending the updated second ARP suppression table entry to all VXLAN bridges in the VXLAN so that the VXLAN bridges synchronize the first ARP suppression table entries stored locally according to the second ARP suppression table entry.

In a fifth aspect, an embodiment of the present invention provides a flooding suppression system, applied in a VXLAN, which includes: at least one VXLAN bridge as described above and a VXLAN gateway as described above.

In the flooding suppression method provided by the embodiment of the invention, the VXLAN bridge determines the ARP suppression table entry stored locally according to the ARP suppression table entry issued by the VXLAN gateway, when the VXLAN bridge receives the ARP request broadcast message sent by the VM, the ARP information of the target VM is searched from the ARP suppression table entry stored locally, and after the ARP information is searched, the ARP message is directly responded by an agent, so that the flooding of the ARP flooding message in the VXLAN network is avoided.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.

Fig. 1 is a schematic diagram of a VXLAN network in the prior art;

fig. 2 is a schematic diagram of a VXLAN centralized deployment architecture in the prior art;

fig. 3 is a schematic diagram of a VXLAN distributed deployment architecture in the prior art;

fig. 4 is a schematic diagram illustrating ARP request message flooding in a VXLAN centralized deployment architecture in the prior art;

fig. 5 is a schematic flow chart of a flooding reduction method according to an embodiment of the present invention;

fig. 6 is a schematic diagram of a centralized VXLAN network according to an embodiment of the present invention;

fig. 7 is a schematic flow chart of a flooding reduction method according to another embodiment of the present invention;

FIG. 8 is a flow chart illustrating a method for flood suppression according to yet another embodiment of the present invention;

fig. 9 is a schematic structural diagram of a VXLAN bridge according to an embodiment of the present invention;

fig. 10 is a schematic structural diagram of a VXLAN gateway according to an embodiment of the present invention;

fig. 11 is a schematic structural diagram of a flooding suppression system according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Fig. 5 is a schematic flow chart of a flooding suppression method according to an embodiment of the present invention, as shown in fig. 5, the flooding suppression method is applied to an extensible virtual local area network VXLAN, and includes the following steps:

step S51, receiving a first ARP request message of an address resolution protocol sent by a virtual machine VM, analyzing the first ARP request message, and determining a target IP address;

specifically, in a centralized VXLAN network, the VTEP device directly connected to the virtual machine VM is a VXLAN bridge, and when a virtual machine VM in the VXLAN network needs to obtain ARP information of other virtual machines or gateways, an address resolution protocol request message is first generated and recorded as a first ARP request message, a source VM in the first ARP request message is the virtual machine VM, a destination VM is the requested other virtual machine, and a destination gateway is the requested VXLAN gateway. Because the virtual machine VM is directly connected to the VXLAN bridge, the VXLAN bridge first receives the first ARP request message, and is different from the prior art that the first ARP request message is directly flooded to all VTEP devices in the VXLAN network.

For example, fig. 6 is a schematic diagram of a centralized VXLAN network according to an embodiment of the present invention, as shown in fig. 6, the VXLAN network is VNI10, and after the VTEP device (including the VXLAN bridge and the VXLAN gateway) establishes the EVPN neighborhood, the VXLAN tunnel is automatically established through the EVPN3 type route. As shown in fig. 6: VTEP1, VTEP2, and VTEP3 are VXLAN bridges, VTEP4 is a VXLAN gateway, and VXLAN tunnels are established between VTEPs. VM1, VM2 and VTEP1 are directly connected, VM3 and VTEP2 are directly connected, VM4 and VM5 and VTEP3 are directly connected, the IP address of VM1 is IP _1, the MAC address is MAC _1, the IP address of VM2 is IP _2, the MAC address is MAC _2, the IP address of VM3 is IP _3, the MAC address is MAC _3, the IP address of VM4 is IP _4, the MAC address is MAC _4, the IP address of VM5 is IP _5, and the MAC address is MAC _ 5.

When VM1 requests ARP information of VM5, VM1 sends a first ARP request message, which is a two-layer ethernet broadcast message, and a destination MAC: ffff, the destination IP of the request is IP _ 5. The VTEP1, as a VXLAN bridge directly connected to the VM1, first receives the first ARP request message, and determines that the destination IP is IP _5 by analyzing the message.

Step S52, if the destination IP address is judged and known to be a non-gateway IP address, matching a first ARP suppression table entry stored locally according to the destination IP address, wherein the first ARP suppression table entry is determined according to a second ARP suppression table entry issued by a VXLAN gateway;

specifically, after the destination IP address is obtained, the VXLAN bridge determines whether the destination IP address is a gateway IP address, and if the destination IP address is a non-gateway IP address, the destination IP address is matched with an ARP suppression entry stored locally, which is recorded as a first ARP suppression entry, and the destination IP address is found in the first ARP suppression entry.

For example, after the VTEP1 parses the first ARP request message, if it is known that the destination IP address is IP _5 and the destination IP address is not the gateway IP address, the first ARP suppression entry stored locally is matched with IP _ 5.

Step S53, if the matching is successful, generating a first ARP reply packet including a destination MAC address corresponding to the destination IP address based on the first ARP suppression table entry, encapsulating the first ARP reply packet into a VXLAN unicast packet, and sending the VXLAN unicast packet to the virtual machine VM.

Specifically, if the VXLAN bridge finds the destination IP address in the locally stored first ARP suppression table entry, the VXLAN bridge determines the destination MAC address according to the destination IP address, generates a first ARP reply packet including the destination MAC address, encapsulates the first ARP reply packet into a VXLAN unicast packet, and sends the VXLAN unicast packet to the virtual machine VM.

For example, the VTEP1 finds IP _5 and its corresponding MAC _5 from the first ARP suppression entry stored locally, and encapsulates an ARP reply message according to the found information, including the information of MAC _5, and unicasts the ARP reply message to the VM 1. Upon receipt, the VM1 learns MAC _5 information. Therefore, the flooding of the ARP request message of the VM requested by the VM is avoided.

On the basis of the above embodiment, further, the flooding suppression method further includes:

unicasting the first ARP response message to the virtual machine VM;

Specifically, in the VXLAN network, after the non-dummy terminal VM configures the IP and gateway information, it will actively send a first ARP request message to the VXLAN gateway, requesting the MAC information of the gateway, where the ARP request message is a two-layer ethernet broadcast message, and the destination MAC: ffff, the destination IP of the request is gateway IP.

The method comprises the steps that a VXLAN bridge is directly connected with a VM, the VXLAN bridge firstly receives a first ARP request message, the target IP address is obtained through analysis and is a gateway IP address, the first ARP request message is unicast to a VXLAN gateway, the VXLAN gateway generates a first ARP response message containing a gateway MAC address after receiving the first ARP request message, the ARP table entry of a source VM corresponding to the first ARP request message is obtained, the ARP table entry of the source VM is added in a second ARP suppression table entry stored locally, and the IP address, the MAC address and next hop information of the VM are stored in the second ARP suppression table entry in a correlated mode. And sending the first ARP response message to a VXLAN bridge directly connected with the source VM, and synchronizing the updated second ARP suppression table entry to all VXLAN bridges in the VXLAN network through an EVPN-2 type route.

And after the VXLAN bridge receives the first ARP response message, unicasting the first ARP response message to the virtual machine VM.

And all VXLAN bridges in the VXLAN network synchronize the first ARP suppression list items stored locally according to the second ARP suppression list items, and increase the ARP list items of the virtual machine VM so as to learn the ARP list items of the virtual machine.

And after receiving the first ARP response message, the virtual machine VM learns the requested ARP information.

For example, assuming that VM1 and VM5 are non-dumb terminal VMs, when IP and gateway information are configured on the two VMs, an ARP request message is actively sent to the gateway (VTEP4) to request MAC information of the gateway. The ARP request message is a two-layer Ethernet broadcast message, and the target MAC: ffff, the destination IP of the request is gateway IP.

After receiving the ARP request message sent by VM1, VTEP1 finds that the destination IP address of the message request is the gateway IP address. VTEP1 delivers the message directly to the VXLAN gateway. When receiving the ARP request message sent by VM5, VTEP3 performs the same processing, thereby avoiding flooding of the ARP request message of the VM request gateway.

After receiving the ARP request message with the destination IP address as the gateway IP address sent by VM1 and VM5, the VXLAN gateway performs the following operations: 1) learning ARP entries of VM1 and VM 5; 2) and encapsulating the ARP response message, and responding the gateway ARP information to the VM1 and the VM 5. The reply message is a two-layer ethernet unicast message, and the destination MACs are the MAC addresses of VM1 and VM5, respectively. 3) And adding the learned ARP table entries of the VM1 and the VM5 into a second ARP suppression table entry stored locally, and synchronizing the updated second ARP suppression table entry to all VXLAN bridges through EVPN2 type routing. After receiving the ARP reply message, VTEP1 unicast-forwards the ARP reply message to VM 1. After receiving the ARP reply message, VTEP3 unicast-forwards the ARP reply message to VM 5. After receiving the EVPN2 type route, VTEP1, VTEP2, and VTEP3 synchronize ARP suppression entries of VM1 and VM5 in the first ARP suppression entry. After receiving the ARP reply message, VM1 learns the MAC address of the gateway. After receiving the ARP reply message, VM5 learns the MAC address of the gateway.

In the flooding suppression method provided by the embodiment of the invention, the host ARP information learned by the gateway is synchronized to the VXLAN bridge through 2 types of routes synchronized by an EVPN protocol, so that an ARP suppression table entry is generated on the VXLAN bridge. When the VXLAN bridge receives the ARP request broadcast message sent by the VM, the ARP information of the target VM is searched from the ARP suppression table entry, and the ARP message is responded by direct proxy after the ARP information is searched, so that the flooding of the ARP flooding message in the VXLAN network is avoided. In addition, the embodiment of the invention adopts the EVPN protocol synchronous gateway information of the RFC standard and the ARP information of the VM, avoids using a private protocol and has strong compatibility.

On the basis of the above embodiments, further, the flooding suppression method further includes:

receiving a second ARP suppression table entry sent by the VXLAN gateway;

Specifically, after configuring IP/gateway information, a dummy terminal in the VXLAN network does not initiate an ARP request to a gateway actively, so the gateway does not learn ARP information of the VM, that is, the first ARP suppression entry and the second ARP suppression entry cannot find ARP information corresponding to the VM, when requesting ARP information of the dummy terminal for the first time, the VXLAN bridge knows that a destination IP address is a non-gateway IP address by judging that the destination IP address is a non-gateway IP address, but fails to match a locally stored first ARP suppression entry, the first ARP request message is sent to the VXLAN gateway, the VXLAN gateway obtains a source VM and a destination VM in the first ARP request message, because the VXLAN gateway does not store any ARP entry of the destination VM, the VXLAN gateway cannot know next-hop information of the destination VM, generates a second ARP request message according to the destination VM, a source IP of the second ARP request message is a gateway IP, and a source MAC address is a gateway MAC address, and when the target VM receives the second ARP request message, packaging the ARP information of the target VM into a second ARP response message, sending the second ARP response message to the VXLAN gateway, and after the VXLAN gateway receives the second ARP response message, learning the ARP information of the target VM, adding the ARP information of the target VM into a second ARP suppression table entry stored locally, and synchronizing the updated second ARP suppression table entry into all VXLAN bridges in the VXLAN network through EVPN-2 type routing.

After the VXLAN bridge receives the second ARP suppression table entry, the first ARP suppression table entry stored locally is synchronized according to the second ARP suppression table entry, a first ARP response message containing a destination MAC address corresponding to the destination IP address is generated according to the synchronized first ARP suppression table entry, and the first ARP response message is unicast to the requested VM. Therefore, when the target IP address of the ARP request message is the IP address of the newly added VM, the response message can be directly generated through the first ARP suppression table entry stored by the VXLAN bridge, and the flooding of the ARP request dummy terminal message is avoided.

For example, assuming that VM3 is a dumb terminal, the configured IP/gateway information does not actively initiate ARP requests to the gateway, and thus the gateway does not learn the ARP information of VM 3. When VM1 requests ARP information of VM3, an ARP request is sent out, where the ARP request message is a two-layer ethernet broadcast message, and the destination MAC: ffff, the destination IP of the request is IP _ 3.

After receiving the ARP request message, VTEP1 locally searches a first ARP suppression table entry, finds that the target IP of the message request does not hit any table entry, and directly delivers the message to the VXLAN gateway. After receiving the ARP request of VM1 requesting VM3, the VXLAN gateway searches for a second ARP suppression entry, and if no ARP entry of VM3 is found, initiates an ARP unblocking operation for VM 3: and packaging an ARP request message, wherein the message is a two-layer Ethernet broadcast message, and the target MAC: ffff, the destination IP of the request is IP _ 3; the source IP is IP _ gw and the source MAC is MAC _ gw. This ARP broadcast message will be flooded to all VMs of the whole network, including VM 3.

After receiving the ARP getting through message sent by the gateway, VM3 sends an ARP reply message to the VXLAN gateway, including its own ARP information. This is an ethernet layer two unicast message that forwards the unicast to the VXLAN gateway. After receiving the ARP response message, the VXLAN gateway: the ARP entry for VM3 is learned. And synchronizing the learned ARP entries of the VM3 to all VXLAN bridges through EVPN2 type routing. After receiving the EVPN2 type route, VTEP1, VTEP2 and VTEP3 generate ARP suppression table entries of VM 3. When the VTEP1 generates the ARP suppression table entry of the VM3, it encapsulates an ARP reply message, which includes the ARP information of the VM3, and replies to the VM 1. VM1, upon receipt, learns the ARP information for VM 3.

Thereafter, when VM5 needs to request ARP of VM3, an ARP request message is issued. After receiving the ARP request message, VTEP3 locally searches for the first ARP suppression entry, and finds that the destination IP can hit the entry, VTEP3 encapsulates an ARP reply message, which contains the ARP information of VM3, and replies to VM5, and after VM5 receives the ARP reply message, VM3 learns the ARP information.

According to the flooding suppression method provided by the embodiment of the invention, when the VXLAN bridge receives the ARP request message and finds that the ARP information of the source VM or the target VM cannot be found in the ARP suppression table entry, the VXLAN bridge unicast the ARP request message to the VXLAN gateway, so that flooding is avoided. After receiving the message, the VXLAN gateway learns the ARP table entry of the source VM, simultaneously initiates ARP to the target VM for connection, and learns the ARP table entry of the target VM according to the received ARP response message. According to the flooding suppression method provided by the embodiment of the invention, the VXLAN gateway can quickly learn the ARP list item of the VM and synchronize the list item to all VXLAN bridges of the whole network for ARP suppression, so that the problem that the VXLAN gateway cannot learn the ARP list item of a dummy terminal is solved.

Specifically, when the VXLAN bridge fails to find the destination IP address corresponding to the ARP request message in the first ARP suppression entry, the VXLAN bridge may further cache the first ARP request message, and start a timer, and if a second ARP suppression entry that includes the destination VM and is sent by the VXLAN gateway is not received within a first preset time period, for example, within 5s, the first ARP request message is deleted, and then when the second ARP suppression entry is received, the first ARP request message is deleted, and the first ARP reply message is no longer generated. If the second ARP suppression table entry is received in the first preset time period, generating a first ARP response message according to the cached first ARP request message and the first ARP suppression table entry, unicasting the first ARP response message to the VM, and then deleting the cached first ARP request message.

For example, when VM1 requests ARP information of VM3, an ARP request message is sent, after VTEP1 receives the ARP request message, a first ARP suppression entry is searched locally, and if the destination IP address requested by the message does not hit any entry, the message is delivered directly to the VXLAN gateway. At the same time, VTEP1 caches a copy of the ARP request information (VM1 requests VM3), starting a timer for aging this request information. If the local cached ARP request information is searched when the VTEP1 generates the ARP suppression table entry of the VM3, and the request information of the VM3 requested by the VM1 is aged and deleted, the ARP response is not carried out. The VM1 that found the failure of the ARP request for VM3 would again send out an ARP request message for VM 3.

After receiving the ARP request message, VTEP1 locally searches the first ARP suppression table entry, finds the MAC address corresponding to the destination IP address requested by the message, VTEP1 encapsulates an ARP reply message containing the MAC address, and replies to VM 1. VM1, upon receipt, learns the ARP information for VM 3.

According to the flooding suppression method provided by the embodiment of the invention, the ARP request message is cached in the VXLAN bridge, and when the ARP suppression table entry is received in the first preset time period, the ARP response message is generated based on the synchronous ARP suppression table entry, and is sent to the virtual machine, so that the ARP request message is prevented from flooding.

On the basis of the foregoing embodiments, further before receiving the first ARP request packet of the address resolution protocol sent by the virtual machine VM, the method further includes:

Specifically, after configuring an IP address, the VXLAN gateway establishes a second ARP suppression table entry, adds an ARP table entry of the gateway to the second ARP suppression table entry, and sends the ARP table entry to all VXLAN bridges in the VXLAN network through EVPN-2 type routing, and after receiving the second ARP suppression table entry, the VXLAN bridge establishes a first ARP suppression table entry, and stores ARP information and next hop information of the gateway.

Then, when the VXLAN gateway sends down a second ARP suppression list item containing the ARP list item of the virtual machine, the VXLAN bridge adds the ARP list item of the virtual machine in the first ARP suppression list item, so that the first ARP suppression list item comprises the ARP list items of the VM and the ARP list items of the VXLAN gateway, and each ARP list item comprises an IP address, an MAC address and next hop information. For example, as shown in fig. 6, the ARP entry of the gateway in the first ARP suppression entry is: VTEP4(GW), which means that the IP address of the VXLAN gateway is IP GW, the MAC address is MAC GW, and the next hop is a tunnel to VTEP 4. The ARP entry of VM5 in the first ARP suppression entry is: IP _5/MAC _5 VTEP3, which means that the IP address of VM5 is IP _5, the MAC address is MAC _5, and the next hop is a tunnel to VTEP 3. Thus, when VM1 requests ARP information of VM5, VM1 sends an ARP request message, after VTEP1(VXLAN bridge) directly connected to VM1 receives the ARP request message, parses the ARP request message, determines that the target VM is VM5, finds an ARP entry of VM5 by searching a first ARP suppression entry stored locally, encapsulates IP _5/MAC _5 into an ARP reply message, and sends the ARP reply message to VM1 in a unicast manner, thereby avoiding flooding of the ARP request message.

In practical application, after the VXLAN gateway configures an IP address, the ARP table entry (MAC _ gw/IP _ gw) of the VXLAN gateway itself can be used as an EVPN-2 type route, and the is gateway is marked and sent to all VXLAN bridges in the VXLAN network. After receiving the EVPN-2 type route, the VXLAN bridge judges that the route is ARP information of the gateway according to an is gateway mark carried in the route. The VXLAN bridge extracts the ARP information of the gateway from the EVPN-2 type route, creates and stores the ARP information into a first ARP suppression table entry, IP _ GW/MAC _ GW: VTEP4(GW), so that the VXLAN bridge can know which VTEP is the gateway equipment and what the VXLAN tunnel connected with the VTEP is, and when the destination IP address of the ARP request message is the gateway IP address, the request message is directly delivered to the tunnel corresponding to the gateway, thereby avoiding flooding of the ARP request message directed to the gateway.

According to the flooding suppression method provided by the embodiment of the invention, the ARP suppression table entry is cached in the VXLAN bridge, and the gateway ARP table entry and the virtual machine ARP table entry are stored in the ARP suppression table entry, so that the virtual machine is prevented from requesting the flooding of the ARP request message of the virtual machine and the virtual machine is prevented from requesting the flooding of the ARP request message of the gateway.

Fig. 7 is a flowchart of a flooding suppression method according to another embodiment of the present invention, as shown in fig. 7, the flooding suppression method is applied to an extensible virtual local area network VXLAN, and includes the following steps:

step S71, receiving a first ARP request message of an address resolution protocol sent by a virtual machine VM forwarded by a VXLAN bridge;

specifically, in a centralized VXLAN network, the VTEP device directly connected to the virtual machine VM is a VXLAN bridge, and when a virtual machine VM in the VXLAN network needs to obtain ARP information of other virtual machines or gateways, an address resolution protocol request message is first generated and recorded as a first ARP request message, a source VM in the first ARP request message is the virtual machine VM, a destination VM is the requested other virtual machine, and a destination gateway is the requested VXLAN gateway. The VXLAN bridge is directly connected with the virtual machine VM, the VXLAN bridge receives a first ARP request message firstly, after receiving the first ARP request message, the VXLAN bridge acquires a target IP address, judges that the target IP address is a gateway IP address or cannot be matched with a first ARP suppression table entry stored locally, and then unicasts the first ARP request message to the VXLAN gateway, and the VXLAN gateway receives the first ARP request message sent by the virtual machine VM and sent by the VXLAN bridge through a tunnel.

Step S72, analyzing the first ARP request message, and determining a destination IP address corresponding to the first ARP request message;

specifically, after receiving the first ARP request message, the VXLAN gateway parses the first ARP request message, and determines a destination IP address, for example, the destination IP address is a gateway IP address, or the destination IP address is an IP address of another virtual machine.

Step S73, if the destination IP address is judged to be the gateway IP address, generating a first ARP response message containing the gateway MAC address, packaging the first ARP response message into a VXLAN unicast message, and sending the VXLAN unicast message to the VXLAN bridge so that the VXLAN bridge can unicast the first ARP response message to the virtual machine VM;

specifically, when the VXLAN gateway determines that the destination IP address is the gateway IP address, a first ARP reply message is generated according to the ARP information of the VXLAN gateway, the first ARP reply message is encapsulated into a VXLAN unicast message, and the VXLAN unicast message is sent to the VXLAN bridge corresponding to the first ARP request message, after receiving the first ARP reply message, the VXLAN bridge unicasts the first ARP reply message to the virtual machine VM, and the virtual machine VM learns the gateway ARP information.

Step S74, obtaining the ARP table entry of the virtual machine VM, and adding the ARP table entry of the virtual machine VM in a second ARP suppression table entry stored locally;

specifically, in a VXLAN network, a non-dumb terminal, after configuring IP and gateway information, will actively send an ARP request to the gateway (VTEP4) requesting the MAC information of the gateway. The ARP request message is a two-layer Ethernet broadcast message, and the target MAC: ffff, the destination IP of the request is gateway IP. Therefore, when the VXLAN gateway receives the first ARP request and determines that the destination IP address is the gateway IP address, the ARP entry of the source VM corresponding to the first ARP request is obtained, and the ARP entry of the virtual machine VM is added to the second ARP suppression entry stored locally. The second ARP suppression table entry stores the IP address, the MAC address and the next hop information of the VM in a correlated manner.

Step S75, the updated second ARP suppression entry is issued to all VXLAN bridges in the VXLAN, so that the VXLAN bridges synchronize the locally stored first ARP suppression entries according to the second ARP suppression entry.

Specifically, the VXLAN gateway synchronizes the updated second ARP suppression entry into all VXLAN bridges in the VXLAN network through EVPN-2 type routing. After each VXLAN bridge receives the second ARP suppression table entry, the first ARP suppression table entry stored locally is synchronized according to the second ARP suppression table entry, so that the first ARP suppression table entry and the second ARP suppression table entry are kept consistent.

Specifically, after configuring IP/gateway information, a dummy terminal in the VXLAN network does not initiate an ARP request to a gateway actively, so that the gateway does not learn ARP information of the VM, that is, the first ARP suppression entry and the second ARP suppression entry cannot find ARP information corresponding to the VM, when requesting ARP information of the dummy terminal for the first time, the VXLAN bridge knows that a target IP address is a non-gateway IP address by judging, but fails to match a locally stored first ARP suppression entry, the first ARP request message is sent to the VXLAN gateway, the VXLAN gateway judges that the target IP address is a non-gateway IP address according to the first ARP request message, a source VM and a target VM in the first ARP request message are obtained, the VXLAN gateway generates a second ARP request message according to the target VM, the source IP address of the message is a gateway IP address, the source MAC address is a gateway MAC address, and the target MAC address is the target VM of the first ARP request, the VXLAN gateway does not store the ARP table entry of the target VM, so the VXLAN gateway can not know the next hop information of the target VM, the VXLAN gateway floods the second ARP request message to all the virtual machines VM in the VXLAN network, when the target VM receives the second ARP request message, the ARP message of the target VM is packaged into a second ARP response message and sent to the VXLAN gateway, and after the VXLAN bridge receives the second ARP response message, the ARP message of the target VM is learned, and the second ARP suppression table entry stored locally is updated, so the ARP table entry of the target VM is stored in the second ARP suppression table entry, and the second ARP suppression table entry is synchronized to all the VXLAN bridges in the VXLAN network through EVPN-2 routes.

After the VXLAN bridge receives the second ARP suppression table entry, the first ARP suppression table entry stored locally is synchronized according to the second ARP suppression table entry, then a first ARP response message is generated according to the synchronized first ARP suppression table entry, and the message is unicast to the requested VM. Therefore, when the target IP address of the ARP request message is the IP address of the newly added VM, the response message can be directly generated through the first ARP suppression table entry stored by the VXLAN bridge, and the flooding of the ARP request dummy terminal message is avoided.

Specifically, every time the VXLAN gateway updates the ARP entry of one VM in the second ARP suppression entry, the VXLAN gateway times the VM, and if the ARP entry of the VM is not updated in a second time period, for example, 3600s, it indicates that the ARP entry is aged, and at this time, the VXLAN gateway needs to initiate an ARP unblock. The VXLAN gateway generates a third ARP request message, wherein a target VM of the third ARP request message is an aged VM, a source IP address is a gateway IP address, and a source MAC address is a gateway MAC address; because the second ARP suppression table entry stores the next hop information of the VM, the VXLAN gateway can directly send the third ARP request message to the VXLAN bridge corresponding to the VM according to the next hop information, and the VXLAN bridge floods the third ARP request message to all VMs directly connected to the VXLAN bridge.

If the aged VM is offline, the VXLAN bridge cannot receive the third ARP response message, the VXLAN gateway does not receive the third ARP response message within a period of time, the ARP table entry of the VM is deleted from the second ARP suppression table entry, then the updated second ARP suppression table entry is synchronized to all VXLAN bridges in the VXLAN network, and the VXLAN bridge synchronizes the first ARP suppression table entry stored locally according to the second ARP suppression table entry.

For example, fig. 8 is a schematic flow chart of a flooding suppression method according to still another embodiment of the present invention, as shown in fig. 8, the ARP entry of the VM1 of the VXLAN gateway is aged, and ARP tunneling is initiated: according to the next hop (VTEP1) stored in the ARP entry, a VXLAN broadcast message is encapsulated and sent to the tunnel leading to VTEP1, the dense dotted arrow in fig. 8 shows an ARP tunneling procedure, and after receiving the ARP tunneling message, VTEP1 broadcasts to all the VMs connected downstream. Since VM1 has gone offline, no VM replies to the ARP message. If the VXLAN gateway fails to open, the ARP entry corresponding to VM1 is deleted, and EVPN 2-type routing is sent to notify all VXLAN bridges to delete the ARP and entry of VM1, the dashed arrow in fig. 8 shows that VTEP4 sends the second ARP suppression entry to the VXLAN bridge, and the VXLAN bridge synchronizes the first ARP suppression entry.

According to the flooding suppression method provided by the embodiment of the invention, the ARP information of the VXLAN gateway is synchronized to the VXLAN bridge and is used for generating ARP suppression table entries, when a certain ARP table entry in the gateway is aged and deleted, the VXLAN bridge is notified to delete the ARP table entry through an EVPN protocol, the ARP suppression behavior is ensured to be consistent with the ARP table entry learned by the gateway, and the independent generation and maintenance of the suppression table entry by the VXLAN bridge are avoided.

before receiving the first ARP request message of the address resolution protocol sent by the virtual machine VM forwarded by the VXLAN bridge, the method further includes:

acquiring an ARP table entry of a gateway;

Specifically, after the VXLAN gateway configures an IP address, a second ARP suppression table entry is newly created, the ARP table entry (MAC _ gw/IP _ gw) of the VXLAN gateway itself is added to the second ARP suppression table entry, and the second ARP suppression table entry is used as an EVPN-2 type route, is gateway is marked, and is synchronized to all VXLAN bridges in the VXLAN network. After receiving the EVPN-2 type route, the VXLAN bridge judges the route to be ARP information of the gateway according to an is gateway mark carried in the route. The VXLAN bridge extracts the ARP information of the gateway from the EVPN-2 type route, and newly builds and stores the ARP information into a first ARP suppression table. Therefore, when the ARP request message sent to the VXLAN gateway exists, the ARP request message can be directly sent to the tunnel leading to the gateway according to the stored gateway ARP information, and the flooding of the ARP request message of the VM request gateway is avoided.

According to the flooding suppression method provided by the embodiment of the invention, the VXLAN gateway floods the ARP information of the gateway to all VXLAN bridges, and the VXLAN bridges cache the ARP table entries of the VXLAN gateway, so that the flooding of the ARP request message of the virtual machine request gateway is avoided.

Fig. 9 is a schematic structural diagram of a VXLAN bridge according to an embodiment of the present invention, and as shown in fig. 9, the VXLAN bridge includes: a first receiving module 91, a matching module 92 and a first answering module 93, wherein:

the first receiving module 91 is configured to receive a first Address Resolution Protocol (ARP) request packet sent by the virtual machine VM, analyze the ARP request packet, and determine a destination IP address; the matching module 92 is configured to match a locally stored first ARP suppression entry according to the destination IP address if it is determined that the destination IP address is a non-gateway IP address, where the first ARP suppression entry is determined according to a second ARP suppression entry issued by a VXLAN gateway; the first response module 93 is configured to, if the matching is successful, generate a first ARP reply packet that includes a destination MAC address corresponding to the destination IP address based on the first ARP suppression table entry, encapsulate the first ARP reply packet as a VXLAN unicast packet, and send the VXLAN unicast packet to the virtual machine VM.

Specifically, when a virtual machine VM in the VXLAN network needs to obtain ARP information of other virtual machines or gateways, a first ARP request message is first generated, a source VM in the first ARP request message is the virtual machine VM, and the first receiving module 91 parses the received first ARP request message, and determines a destination IP address, for example, the destination IP address is a gateway destination IP address, or the destination IP address is an IP address of other virtual machines. The matching module 92 determines whether the destination IP address is a gateway IP address, and if the destination IP address is a non-gateway IP address, matches a first ARP suppression table entry stored locally according to the destination IP address, and searches whether the destination IP address exists in the first ARP suppression table entry. If the VXLAN bridge finds the destination IP address in the first ARP suppression entry stored locally, the first response module 93 generates a first ARP reply message according to the information such as the MAC address corresponding to the destination P address, encapsulates the first ARP reply message into a VXLAN unicast message, and sends the VXLAN unicast message to the virtual machine VM. The first ARP suppression list item is determined according to a second ARP suppression list item issued by the VXLAN gateway.

In practical applications, the VXLAN bridge may further comprise:

the device comprises a first sending module and a first synchronization module;

the first sending module is configured to unicast the first ARP request message to a VXLAN gateway if it is determined that the destination IP address is a gateway IP address, so that the VXLAN gateway generates a first ARP reply message including a gateway MAC address, obtains an ARP entry of the virtual machine VM, adds the ARP entry of the virtual machine VM to a second ARP suppression entry stored locally, and sends the updated second ARP suppression entry to all VXLAN bridges in the VXLAN network;

correspondingly, the first receiving module is further configured to:

correspondingly, the first response module is specifically configured to:

unicasting the first ARP response message to the virtual machine VM;

and the first synchronization module is used for synchronizing the first ARP suppression table entry stored locally according to the second ARP suppression table entry.

In practical applications, the first sending module may be further configured to:

receiving a second ARP suppression table entry sent by the VXLAN gateway;

Accordingly, the first reply module is further configured to:

In practical applications, the VXLAN bridge may further comprise:

a first cache module, configured to cache the first ARP request packet, and delete the first ARP request packet if a second ARP suppression entry that includes a target VM in the first ARP request packet is not received within a first preset time period;

correspondingly, the first response module is specifically configured to:

The apparatus provided in the embodiment of the present invention is configured to implement the method, and its functions specifically refer to the method embodiment, which is not described herein again.

In the VXLAN bridge provided in the embodiment of the present invention, the VXLAN bridge determines the locally stored ARP suppression entry according to the ARP suppression entry issued by the VXLAN gateway, searches the ARP information of the target VM from the locally stored ARP suppression entry after receiving the ARP request broadcast message sent by the VM, and directly proxies the ARP message after finding the ARP information. Thus avoiding flooding of ARP flooding messages in VXLAN networks.

Fig. 10 is a schematic structural diagram of a VXLAN gateway according to an embodiment of the present invention, and as shown in fig. 10, the VXLAN gateway includes: a second receiving module 101, a parsing module 102, a second answering module 103, an updating module 104 and a synchronization module 105, wherein:

the second receiving module 101 is configured to receive an address resolution protocol first ARP request message sent by the virtual machine VM forwarded by the VXLAN bridge; the analyzing module 102 is configured to analyze the first ARP request packet, and determine a destination IP address corresponding to the first ARP request packet; the second response module 103 is configured to generate a first ARP response packet including a gateway MAC address if it is determined that the destination IP address is the gateway IP address, encapsulate the first ARP response packet as a VXLAN unicast packet, and send the VXLAN unicast packet to the VXLAN bridge, so that the VXLAN bridge unicasts the first ARP response packet to the virtual machine VM; the updating module 104 adds the ARP entry of the virtual machine VM to a second ARP suppression entry stored locally when acquiring the ARP entry of the virtual machine VM; the synchronization module 105 is configured to send the updated second ARP suppression entry to all VXLAN bridges in the VXLAN, so that the VXLAN bridges synchronize the locally stored first ARP suppression entry according to the second ARP suppression entry.

Specifically, when a certain virtual machine VM in the VXLAN network needs to obtain ARP information of other virtual machines or gateways, first of all, a first ARP request message is sent, where a source VM in the first ARP request message is the virtual machine VM, and since a VXLAN bridge is directly connected to the virtual machine VM, the VXLAN bridge first receives the first ARP request message, and after receiving the first ARP request message, the VXLAN bridge obtains a destination IP address, and determines that the destination IP address is a gateway IP address, or cannot match a locally stored first ARP suppression table entry, the first ARP request message is unicast to the second receiving module 101, and the second receiving module 101 receives, through a tunnel, the first ARP request message sent by the virtual machine VM sent by the VXLAN bridge. The parsing module 102 parses the first ARP request packet to determine a destination IP address. When the second response module 103 determines that the destination IP address is the gateway IP address, it generates a first ARP response packet according to its own ARP information, encapsulates the first ARP response packet into a VXLAN unicast packet, and sends the VXLAN unicast packet to the VXLAN bridge corresponding to the first ARP request packet, where after the VXLAN bridge receives the first ARP response packet, the VXLAN bridge unicasts the first ARP response packet to the virtual machine VM, and the virtual machine VM learns the gateway ARP information. The updating module 104 obtains an ARP entry of the source VM corresponding to the first ARP request, adds an ARP suppression entry in the second ARP suppression entry, and stores the IP address, MAC address, and next hop information of the VM in association with the second ARP suppression entry. The synchronization module 105 synchronizes the updated second ARP suppression entry to all VXLAN bridges in the VXLAN network through EVPN-2 type routing. After each VXLAN bridge receives the second ARP suppression table entry, the first ARP suppression table entry stored locally is synchronized according to the second ARP suppression table entry, so that the first ARP suppression table entry and the second ARP suppression table entry are kept consistent.

In practical applications, the VXLAN gateway may further include:

the acquisition module is used for determining a destination VM according to the destination IP address and generating a second ARP request message containing the destination IP address if the destination IP address is judged and known to be a non-gateway IP address, wherein the source MAC address of the second ARP request message is a gateway MAC address;

a flooding module, configured to flood the second ARP request packet to all virtual machines VM in the VXLAN network;

correspondingly, the second receiving module is further configured to: receiving a second ARP response message corresponding to the second ARP request message;

correspondingly, the obtaining module is further configured to: acquiring an ARP table entry of the target VM according to the second ARP response message;

accordingly, the update module is further configured to: adding the ARP table entry of the target VM in a second ARP suppression table entry which is locally stored;

correspondingly, the synchronization module is further configured to send the updated second ARP suppression entry to all VXLAN bridges in the VXLAN, so that the VXLAN bridges synchronize the locally stored first ARP suppression entry according to the second ARP suppression entry, and generate a first ARP reply message according to the first ARP suppression entry.

In practical applications, the VXLAN gateway may further include:

a second cache module, configured to generate a third ARP request packet if the ARP entry of the virtual machine VM in the second ARP suppression entry is not updated within a second preset time period, where a destination IP address of the third ARP request packet is an IP address of the virtual machine VM, and a source MAC address is a gateway MAC address;

the third ARP request message is sent to the VXLAN bridge corresponding to the virtual machine VM, so that the VXLAN bridge can flood the third ARP request message to all the virtual machine VMs corresponding to the third ARP request message;

accordingly, the update module is further configured to: if a third ARP response message corresponding to the third ARP request message is not received, deleting the ARP table entry of the virtual machine VM from the second ARP suppression table entry; the apparatus provided in the embodiment of the present invention is configured to implement the method, and its functions specifically refer to the method embodiment, which is not described herein again.

The VXLAN gateway provided in the embodiment of the present invention synchronizes the host ARP information learned by the gateway to the VXLAN bridge through EVPN protocol synchronized type 2 routing, thereby generating an ARP suppression entry on the VXLAN bridge. When the VXLAN bridge receives the ARP request broadcast message sent by the VM, the ARP information of the target VM is searched from the ARP suppression table entry, and the ARP message is responded by direct proxy after the ARP information is searched, so that the flooding of the ARP flooding message in the VXLAN network is avoided. In addition, the embodiment of the invention adopts the EVPN protocol synchronous gateway information of the RFC standard and the ARP information of the VM, avoids using a private protocol and has strong compatibility.

Fig. 11 is a schematic structural diagram of a flooding suppression system according to an embodiment of the present invention, and as shown in fig. 11, the flooding suppression system includes: VXLAN bridge 111 and VXLAN gateway 112, the function of VXLAN bridge 111 in the flooding suppression system specifically refers to the VXLAN bridge embodiment, and the function of VXLAN gateway 112 in the flooding suppression system specifically refers to the VXLAN gateway embodiment, which are not described herein again.

Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.

The above-described embodiments of the apparatuses and the like are merely illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.

Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the embodiments of the present invention, and are not limited thereto; although embodiments of the present invention have been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims

1. A flooding suppression method is applied to a scalable virtual local area network (VXLAN), and is characterized by comprising the following steps:

2. The method of claim 1, further comprising:

unicasting the first ARP response message to the virtual machine VM;

3. The method of claim 1, further comprising:

receiving a second ARP suppression table entry sent by the VXLAN gateway;

4. The method of claim 3, further comprising:

if the matching fails, caching the first ARP request message, and if a second ARP suppression table entry containing a target VM in the first ARP request message is not received in a first preset time period, deleting the first ARP request message;

correspondingly, the generating a first ARP reply message including a destination MAC address corresponding to the destination IP address according to the synchronized first ARP suppression table entry, and unicasting the first ARP reply message to the virtual machine VM includes:

5. The method according to any one of claims 1 to 4, wherein before receiving the first ARP request message sent by the virtual machine VM, the method further comprises:

6. A flooding suppression method is applied to a scalable virtual local area network (VXLAN), and is characterized by comprising the following steps:

7. The method of claim 6, further comprising:

8. The method of claim 7, further comprising:

9. The method according to any of claims 6-8, wherein before receiving the first ARP request message sent by the virtual machine VM forwarded by the VXLAN bridge, the method further comprises:

acquiring an ARP table entry of a gateway;

10. A VXLAN bridge for use in a scalable virtual local area network, VXLAN, comprising:

11. A VXLAN gateway for use in a VXLAN, an extensible virtual local area network, comprising:

12. A flooding suppression system applied to a scalable virtual local area network (VXLAN) is characterized by comprising: at least one VXLAN bridge of claim 10 and VXLAN gateway of claim 11.