CN109587064B

CN109587064B - IPv4/IPv6 address management system and method

Info

Publication number: CN109587064B
Application number: CN201910018274.6A
Authority: CN
Inventors: 刘捷; 吴彦良; 肖波; 罗斌
Original assignee: Southwest Jiaotong University; China Railway Corp
Current assignee: Southwest Jiaotong University; China State Railway Group Co Ltd
Priority date: 2019-01-09
Filing date: 2019-01-09
Publication date: 2021-03-16
Anticipated expiration: 2039-01-09
Also published as: CN109587064A

Abstract

The invention discloses an IPv4/IPv6 address management system, which comprises a plurality of IPv4Hub sites, a plurality of IPv6Hub sites, IPv4/IPv6 sites, IPv4VPN sites and IPv6VPN sites which are all connected with an MPLS backbone network. The invention manages IP address of terminal device in a centralized and unified way, different from address management of granularity (address management can be carried out on one or more application services with non-overlapping address spaces at the same time), and provides a method for communication between pure IPv4VPN and pure IPv6 VPN.

Description

IPv4/IPv6 address management system and method

Technical Field

The invention belongs to the field of communication, and particularly relates to an IPv4/IPv6 address management system and method.

Background

At present, MP-BGP/MPLS IP VPN is an MPLS (Multi-Protocol Label Switching) three-layer VPN (Virtual Private Network) scheme, and is widely applied to a service provider to implement a Virtual Private Network on a backbone Network. The MP-BGP/MPLS IP VPN scheme employs MPLS to establish tunnels and forward user packets based on MPLS labels in a backbone network. The MP-BGP/MPLS IP VPN scheme carries IP messages in VPN tunnels, and connected user networks are also IP networks. The MP-BGP/MPLS IP VPN scheme uses MP-BGP (Multi-Protocol Border Gateway Protocol) to publish private network IPv4/IPv6 routes of user sites on the MPLS IP backbone.

However, IPv6 transition is a long-term process and existing IPv4 application services and network infrastructure (networks and terminals) will still exist for a long time. During the transition from IPv4 to IPv6, on the one hand, both the existing old IPv4 application service and the newly deployed IPv6 application service may access both the existing old IPv4 network infrastructure and the upgraded or newly added IPv6 network infrastructure. On the other hand, in order to ensure smooth transition, the existing old IPv4 application service is required to be gradually upgraded to the IPv4/IPv6 application service in the transition process, and the service access capabilities of IPv4 and IPv6 are provided at the same time.

In summary, in the transition process, some network infrastructures involved may need to be allocated with IPv4 and IPv6 addresses at the same time, so that management of IPv4 and IPv6 addresses is required. For example, a mapping relation of IPv4/IPv6 addresses of the same device is established, maintained and queried, IPv4 and IPv6 addresses are issued to a network infrastructure, and a corresponding IPv6 address is queried according to an IPv4 address of the device, or a corresponding IPv4 address is queried according to an IPv6 address of the device, and so on. At present, MP-BGP/MPLS IP VPN lacks a management system for IPv4/IPv6 addresses in the transition process from IPv4 to IPv 6.

Disclosure of Invention

In view of the above-mentioned deficiencies in the prior art, the present invention provides an IPv4/IPv6 address management system that solves the above-mentioned problems in the background art.

In order to achieve the purpose of the invention, the invention adopts the technical scheme that: an IPv4/IPv6 address management system comprises a plurality of IPv4Hub sites, a plurality of IPv6Hub sites, IPv4/IPv6 sites, IPv4VPN sites, IPv6VPN sites and an MPLS backbone network;

a plurality of IPv4Hub sites, IPv6Hub sites, IPv4/IPv6 sites, IPv4VPN sites and IPv6VPN sites are connected with the MPLS backbone network;

the MPLS backbone network comprises a plurality of spokes-4 PEs, a plurality of spokes-6 PEs, a Hub-4PE and a Hub-6PE, wherein each Spoke-4PE and each Spoke-6PE are connected with the Hub-6PE, and each Spoke-4PE is also connected with the Hub-4 PE;

the plurality of Spoke-4 PEs are connected with the plurality of IPv4Hub sites in a one-to-one corresponding mode, the plurality of Spoke-6 PEs are connected with the plurality of Hub IPv6 sites in a one-to-one corresponding mode, the IPv4VPN site is connected with the Hub-4PE, the IPv6VPN is connected with the Hub-6PE, and the IPv4/IPv 6site is further connected with the Hub-4PE and the Hub-6PE respectively.

Further, each IPv4Hub site comprises an IPv4 address client and a Spoke-4CE which are connected with each other;

each IPv6Hub site comprises an IPv6 address client and a Spoke-6CE which are connected with each other;

the IPv4VPN site comprises an IPv4 application server and a Hub-4CE which are connected with each other;

the IPv4/IPv 6site is circularly connected with the Hub-4CE, the Hub-6CE, the IPv4/IPv6 application server and the IPv4/IPv6 address server;

the IPv6VPN site includes an IPv6 application server and a Hub-6CE interconnected.

Further, the IPv4 address client and the IPv4 address client comprise an address information transmitter, an address information receiver, an address signal query requester and an address automatic configurator;

the IPv4/IPv6 address server comprises an address information manager, an address information issuing device, an address information inquiry corresponding device and an address information report receiver.

Furthermore, the Spoke-4PE is a device which is accessed to a Spoke site at the VPN network side in the MPLS backbone network and only runs IPv 4;

the Spoke-6PE is a device which is accessed to a Spoke site at the VPN network side in the MPLS backbone network and only runs IPv 6;

the Hub-4PE is equipment which is accessed to a Hub site at the VPN network side in the MPLS backbone network and only runs IPv 4;

the Hub-6PE is equipment which is accessed to a Hub site at a VPN network side in an MPLS backbone network and only runs IPv 6;

the Spoke-4CE is a device which is accessed to an MPLS backbone network at a Spoke site side and only runs IPv 4;

the Spoke-6CE is a device which is accessed to an MPLS backbone network at a Spoke site side and only runs IPv 6;

the Hub-4CE is equipment which is accessed to an MPLS backbone network at the Hub site side and only runs IPv 4;

the Hub-6CE is a device which only runs IPv6 and accesses to an MPLS backbone network at the Hub site side.

An IPv4/IPv6 address management method includes the following steps;

s1, planning, establishing, storing and maintaining network prefix information for IPv4 address client and IPv6 address client uniformly in the universe through the address information manager;

s2, issuing network prefix information and address information of an IPv4/IPv6 address server through an address information issuing device, and periodically sending the network prefix information and the address information to an IPv4 address client and an IPv6 address client which are connected with the Spoke-4CE and the Spoke-6 CE;

s3, performing automatic address allocation through the cooperation of the automatic address configurator in the IPv4 address client and the IPv6 address client and the Spoke-4CE and the Spoke-6CE connected with the automatic address configurator;

s4, when the address is automatically allocated, sending an address report message to the IPv4/IPv6 address server through the address information sender, and reporting the configured actual address;

s5, when the IPv4 application client needs to communicate with the IPv6 application client, the IP address of the destination terminal is obtained through DNS;

s6, directly sending address query messages to an IPv4/IPv6 address server through address information query requesters in the IPv4 address server and the IPv6 address server which are connected with the IPv4 application client and the IPv6 application client;

s7, after the address information query correspondents in the IPv4/IPv6 address server receive the address query message, extracting the encapsulated destination IP address, searching the local real part address mapping table, obtaining the virtual addresses of the local real part address mapping table and the corresponding IPv4 application client and IPv6 application client, encapsulating the local real part address mapping table in an address query response message, and returning the address query response message to the IPv4 application client and the IPv6 application client;

and S8, the IPv4 application client and the IPv6 application client send IP packets for communication by taking the obtained virtual address as a destination address, and Pv4/IPv6 address management is realized.

The invention has the beneficial effects that: the IPv4/IPv6 address management system and method provided by the invention centrally and uniformly manages the IP address of the terminal equipment, is different from the address management of granularity (address management can be simultaneously carried out on one or more application services with non-overlapping address spaces), and provides a method for communication between pure IPv4VPN and pure IPv6 VPN.

Drawings

FIG. 1 is a diagram of an IPv4/IPv6 address management system architecture provided by the present invention.

FIG. 2 is a flow chart of an IPv4/IPv6 address management method implementation provided by the invention.

Fig. 3 is a schematic diagram of an IPv4 and IPv6 network prefix distribution packet and its encapsulation in the present invention.

Fig. 4 is a diagram illustrating an address query and report message according to the present invention.

Detailed Description

The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.

As shown in fig. 1, an IPv4/IPv6 address management system includes several IPv4Hub sites, several IPv6Hub sites, IPv4/IPv6 sites, IPv4VPN sites, IPv6VPN sites, and an MPLS backbone;

Each IPv4Hub site comprises an IPv4 address client and a Spoke-4CE which are connected with each other;

The IPv4 address client and the IPv4 address client comprise an address information transmitter, an address information receiver, an address signal query requester and an address automatic configurator;

The Spoke-4PE is a device which is accessed to a Spoke site at the VPN network side in the MPLS backbone network and only runs IPv 4;

In an MP-BGP/MPLS IP VPN network, IPv4 sites (Site) and IPv6 sites do not have interoperability, i.e., cannot directly access each other.

Site refers to a group of IP systems with IP connectivity to each other, and such IP connectivity cannot be achieved through the MPLS backbone. The Site can internally realize IP interconnection through translation technology or tunnel technology.

IPv4Site refers to Site implementing IPv4 connectivity. Typically, the network is a pure IPv4 single stack network, but is not limited to pure IPv4 single stack network, and may also be a plurality of single stack networks internally interconnected by IP through translation technology or tunneling technology.

IPv6Site refers to Site implementing IPv6 connectivity. Typically, the network is a pure IPv6 single stack network, but is not limited to pure IPv6 single stack network, and may also be a plurality of single stack networks internally interconnected by IP through translation technology or tunneling technology.

Ce (customer edge), customer network edge, customer premises router to which the service provider is connected. The CE router provides service access for the user by connecting one or more PE routers. A CE router is typically an IP router that establishes an adjacency with a connected PE router.

Pe (provider edge), service provider edge router.

MP-BGP/MPLS IP VPN adopts Hub and Spoke networking mode to realize communication between more than two same protocol (IPv4 or IPv6) sites. Namely, a VPN is formed by Site of the same protocol (IPv4 or IPv6) according to a Hub and Spoke networking mode.

An application service may run on top of 0 or 1 IPv4VPN and 0 or 1 IPv6 VPN.

An IPv4 application service must provide IPv4 access capability and must operate on an IPv4 VPN. For example, S1, a server operating on an IPv 4-only single-stack network for IPv4 application service must provide IPv4 access service, may only provide IPv4 access service, may also provide IPv4/IPv6 access service at the same time, and communicates with an IPv4 client through IPv4 VPN. A client running on an IPv4 single stack network and using IPv4 application service, such as C1, must provide IPv4 access service, may only provide IPv4 access service, and may also provide IPv4/IPv6 access service at the same time, and communicate with an IPv4 server, such as S1, through an IPv4 VPN.

An IPv6 application service must provide IPv6 access capability and must operate on an IPv6 VPN. For example, S2, a server operating on an IPv 6-only single-stack network for IPv6 application service must provide IPv6 access service, may only provide IPv6 access service, may also provide IPv4/IPv6 access service at the same time, and communicates with an IPv6 client through IPv6 VPN. A client running on an IPv6 single stack network and using IPv6 application service, such as C2, must provide IPv6 access service, may only provide IPv6 access service, and may also provide IPv4/IPv6 access service at the same time, and communicate with an IPv4 server, such as S2, through an IPv6 VPN.

An IPv4/IPv6 application service must provide both IPv4 and IPv6 access capabilities, and must operate on both an IPv4VPN and an IPv6 VPN. The server of the IPv4/IPv6 application service, such as S3, needs to run on the IPv4/IPv6 dual-stack network, and communicate with the IPv4 and IPv6 clients through IPv4VPN and IPv6VPN, respectively. The IPv4/IPv6 application service client running on the pure IPv4 single stack network, such as C1, must provide IPv4 access service, can only provide pure IPv4 access service, can also provide IPv4/IPv6 access service at the same time, and communicates with IPv4/IPv6 servers, such as S3, through IPv4 VPN. The IPv4/IPv6 application service client running on the pure IPv6 single stack network, such as C2, must provide IPv6 access service, can only provide pure IPv6 access service, can also provide IPv4/IPv6 access service at the same time, and communicates with IPv4/IPv6 servers, such as S3, through IPv6 VPN.

The device accessing the VPN backbone network at the Hub site side is called Hub-CE; a device which is accessed to the VPN backbone network at the Spoke site side is called Spoke-CE. The device accessing the Hub site at the VPN backbone network side is called Hub-PE; and the device accessed to the Spoke site at the VPN backbone network side is called Spoke-PE.

The Spoke-4CE, the Spoke-4PE, the Hub-4PE and the Hub-4CE are respectively the Spoke-CE, the Spoke-PE, the Hub-PE and the Hub-CE which only run IPv 4. The Spoke-6CE and the Hub-6CE respectively refer to the Spoke-CE and the Hub-CE which only run IPv 6. The Spoke-6PE and the Hub-6PE refer to the Spoke-PE and the Hub-PE running IPv6, but the connection of IPv4 and IPv6 can be simultaneously provided, and as shown by a dotted line in an MPLS backbone network in the figure, both the Spoke-4PE and the Spoke-6PE can be connected with the Hub-6 PE.

The centralized address management system is composed of an address client and an address server. The Site running the address client is called client Site, and the Site running the address server is called server Site.

The IPv4 address client refers to only address clients with IPv4 access capability, such as 4AC1 and 4AC 2. The IPv4 address server refers to an address server with only IPv4 access capability. The IPv4 address client and the IPv4 address server are operated on the terminal equipment, and can transmit IPv4 and IPv6 address information, such as mapping relation and the like, between each other.

The IPv6 address client refers to only address clients with IPv6 access capability, such as 6AC1 and 6AC 2. The IPv6 address server refers to an address server with only IPv6 access capability. The IPv6 address client and the IPv6 address server are operated on the terminal equipment, and can transmit IPv4 and IPv6 address information, such as mapping relation and the like, between each other.

The IPv4 address server and the IPv6 address server can simultaneously run on the same terminal device, called IPv4/IPv6 address server, such AS AS, the terminal device simultaneously has a plurality of network interfaces of IPv4 and IPv6, and is simultaneously connected with an IPv4/IPv6 dual stack server Site through IPv4 and IPv6 interfaces. The IPv4/IPv6 dual-stack server Site belongs to an IPv4VPN and an IPv6VPN at the same time. Because there is no interoperability, i.e. no direct access to each other, between IPv4Site and IPv6 Site. Therefore, centralized sharing and management of address information between the IPv4VPN and the IPv6VPN are realized through the multi-host server, namely the IPv4/IPv6 address server.

A centralized address management system may manage one or more application services simultaneously, provided that the address spaces of all client sites in all VPNs on which the application services are running do not overlap each other. In this case, the centralized address management system only needs to run one address server at the same time. That is, if all application services are only operated on the IPv4VPN, only one IPv4 address server needs to be operated on the IPv4 server Site; if all application services only run on the IPv6VPN, only one IPv6 address server needs to run on the IPv6 server Site; if all application services run on both IPv4VPN and IPv6VPN, only one IPv4/IPv6 address server needs to run on IPv4/IPv6 dual stack server Site.

As shown in FIG. 2, the present invention also provides an IPv4/IPv6 address management method, including the following steps;

the address information manager is responsible for centrally and uniformly distributing, storing and managing network prefixes for all client sites, and establishing a mapping relation between the IPv4 or IPv6 addresses of the Spoke-CEs of the client sites and the network prefixes of the client sites, namely < the IPv4 addresses of the client sites, the IPv4 network prefixes of the client sites, the IPv4 network prefix length of the client sites, < the IPv6 addresses of the client sites, the IPv6 network prefixes of the client sites, and the IPv6 network prefix length of the client sites > two ternary group data, which are referred to as the triple of the client Spoke-CE/client Site network prefixes for short.

as shown in fig. 3, the address information issuing device reads the client Spoke-CE/client Site network prefix triple in the database, constructs a network prefix issuing message, and sends the network prefix issuing message to the Spoke-CE to send the network prefix of the client Site.

If the client Spoke-CE address is an IPv4 address, firstly constructing an IPv4 network prefix issuing message, and encapsulating the client Site IPv4 network prefix and the client Site IPv4 network prefix length. And then, in the network prefix issuing message packaging IPv4 grouping, the IPv4 address of the client Spoke-CE is taken as a destination address, the IPv4 address of the address server is taken as a source address, and the network prefix issuing message packaging IPv 3578 grouping is issued to the client Spoke-CE.

If the client Spoke-CE address is an IPv6 address, firstly constructing an IPv6 network prefix issuing message, and encapsulating the client Site IPv6 network prefix and the client Site IPv6 network prefix length. And then, in the network prefix issuing message packaging IPv6 grouping, the IPv6 address of the client Spoke-CE is taken as a destination address, the IPv6 address of the address server is taken as a source address, and the network prefix issuing message packaging IPv 3578 grouping is issued to the client Spoke-CE.

After receiving the network prefix issued message, the client Spoke-CE can extract the network prefix information of the client Site and the IP address information of the address server from the network prefix issued message, so as to periodically notify the client Site of the network prefix, the length of the client Site network prefix and the IP address of the address server. And the address information receiver receives the network prefix and the address of the address server and stores the network prefix and the address of the address server into the local.

As shown in fig. 4, if the address client wants to obtain a network prefix or an address of the address server, the address information query requester may directly and actively send a network prefix query message to the Spoke-CE without waiting for the periodic notification of the Spoke-CE. After receiving the network prefix query message, if the Spoke-CE knows the network prefix or the address information of the address server, the Spoke-CE directly sends the network prefix or the address information of the address server to the address client. If the Spoke-CE does not know the network prefix or the address information of the address server, the Spoke-CE forwards the network prefix query message to the address server, as shown by the reference number sixthly in the figure. After receiving the network prefix query message, the address information query responder of the address server extracts the address of the Spoke-CE from the source address, then queries the client Spoke-CE/client Site network prefix triple, and issues the network prefix and the address server address information.

The address client in the client Site can also initiatively initiate a network prefix request to the client Spoke-CE, and the client Spoke-CE receives the network prefix request.

in the step S3, the Address autoconfigurator in the IPv4 Address client and the IPv6 Address client cooperates with the Spoke-4CE and the Spoke-6CE connected thereto to perform Address autoconfiguration by cooperating with the technologies such as DHCPv4, SLAAC (Stateless Address Auto-Configuration protocol), DHCPv6, and the like; substantially comprising the following:

a) after the IPv4Spoke-CE obtains the network prefix, an IPv4 address pool can be set through the DHCPv4, and therefore an IPv4 address client can automatically obtain an IPv4 address through the DHCPv 4.

b) After acquiring the network prefix, the IPv6Spoke-CE periodically sends a Router Advertisement (RA) message of the SLAAC according to the stateless address automatic configuration protocol SLAAC, so that the terminal device where the IPv6 address client is located can automatically generate an interface identifier of its IPv6 address according to the IPv6 address stateless address automatic configuration protocol, and then, the client Site network prefix is added to form its IPv6 address.

c) After the IPv6Spoke-CE obtains the network prefix, an IPv6 address pool can be set through the DHCPv6, and therefore an IPv6 address client can automatically obtain an IPv6 address through the DHCPv 6.

after receiving the address report message, the address information report receiver of the address server extracts the IPv4 or IPv6 address therein, and generates a corresponding virtual IPv6 or IPv4 address for the address, where the virtual address exists only in the address server and is not actually allocated to the terminal device. Then storing the address into a local real and virtual address mapping table in a binary form of < real address, virtual address >, wherein the real address and the virtual address are different protocol addresses. After all address clients send address report messages to the address server, the address server can acquire global IPv4 and IPv6 address information and generate and maintain a virtual IPv6 and IPv4 address mapping address for each IPv4 and IPv6 address.

In the above steps S6-S7, the address information query requester of the address client is used to directly send the address query message to the address server. And the destination IP address acquired through the DNS is encapsulated in the address query message. After receiving the address query message, the address information query responder of the address server extracts the destination IP address encapsulated therein, searches for the local real-virtual address mapping table, thereby obtaining the virtual address corresponding to the same protocol as the source, and encapsulates the address query response message and sends it back to the source, as shown by the reference numeral ninthly arrow in the figure.

After obtaining the destination IP address virtual address, the source peer may send an IP packet to communicate with the destination IP address as the virtual address. IP packets with the virtual address as the destination address are sent to the Hub-CE firstly, then the Hub-CE requests the address server to inquire a local real and virtual address mapping table, the actual address of the IP packets is obtained according to the virtual address, and finally the IP packets with the virtual address as the destination address are forwarded to the destination end by the Hub-CE, so that communication between application clients crossing different protocol VPNs is realized.

Claims

1. An IPv4/IPv6 address management method, IPv4/IPv6 address management system include several IPv4Hub websites, several IPv6Hub websites, IPv4/IPv6 website, IPv4VPN website, IPv6VPN website and MPLS backbone network;

the plurality of Spoke-4 PEs are connected with the plurality of IPv4Hub sites in a one-to-one corresponding mode, the plurality of Spoke-6 PEs are connected with the plurality of Hub IPv6 sites in a one-to-one corresponding mode, the IPv4VPN site is connected with the Hub-4PE, the IPv6VPN is connected with the Hub-6PE, and the IPv4/IPv 6site is also connected with the Hub-4PE and the Hub-6PE respectively;

the IPv6VPN site comprises an IPv6 application server and a Hub-6CE which are connected with each other;

the IPv4/IPv6 address server comprises an address information manager, an address information issuing device, an address information inquiry corresponding device and an address information report receiver;

the Hub-6CE is equipment which is accessed to an MPLS backbone network at the Hub site side and only runs IPv 6;

the method is characterized by comprising the following steps;