CN109861924A

CN109861924A - The transmission of message, processing method and processing device, PE node, node

Info

Publication number: CN109861924A
Application number: CN201711243807.8A
Authority: CN
Inventors: 王玉保
Original assignee: ZTE Corp
Current assignee: ZTE Corp
Priority date: 2017-11-30
Filing date: 2017-11-30
Publication date: 2019-06-07
Anticipated expiration: 2037-11-30
Also published as: CN109861924B; WO2019105462A1

Abstract

The present invention provides a kind of transmission of message, processing method and processing device, PE node, nodes；Wherein, the sending method of message includes: to receive the first message from the first access circuit AC；First message is handled, one or more second messages are obtained；It wherein, include: the first internet protocol address in the second message；First IP address is the IP address modified using predetermined entropy to the second IP address；Wherein, predetermined entropy is used to identify the entropy of the first message；Send the second message.The problem of can solve the stream feature that message can not be embodied in message transmission procedure in the related technology, improves the degree of load balancing.

Description

The transmission of message, processing method and processing device, PE node, node

Technical field

The present invention relates to the communications fields, transmission, processing method and processing device in particular to a kind of message, PE node, Node.

Background technique

In a vpn service, network node is divided into service-aware node and non-traffic sensing node, the service-aware Node, i.e. PE node, expansible virtual LAN endpoint of a tunnel (VXLAN Tunnel End Point, abbreviation VTEP) node or Network virtual edge (Network Virtualization Edge, abbreviation NVE) node, so-called non-traffic sensing node, that is, PE Node or single layer network (underlay) network node.

In order to improve the bandwidth availability ratio of carrier network, operator usually disposes load sharing technology, wherein two kinds wide The load sharing technology of general application is known as link aggregation group (Link Aggregation Group, abbreviation LAG) and multichannel of equal value Diameter (Equal Cost Multi-Path, abbreviation ECMP).

LAG the and ECMP technology when carrying out load balancing, generally use IP packet five-tuple < source IP, destination IP, Protocol type, source port, destination port > as feature field to carry out Hash calculation and as the entropy of IP packet, root Arithmetic complementation operation is carried out to select a forward-path to the message from a plurality of forward-path according to entropy.In load balancing For selecting the information of forward-path for message, referred to as entropy, entropy is acted as in the form of entropy in load balancing routing process With.

But for vpn service, the default entropy for all containing only underlay network in the five-tuple, it is clear that described negative Carrying equalization algorithm, there is no the entropys considered in Overlay network.

Fig. 1 is the topological diagram for the VXLAN business that RFC7348 is defined in the related technology, is with VXLAN business shown in FIG. 1 Example, for non-traffic sensing node P1, with a pair<source PE, purpose PE>between all vpn service streams, whether is it belonging to Different business, also whether is it not cocurrent flow in same business, can be connected the load of the LAG of P2 node by P1 node Equalization algorithm is selected on same forward-path (because its described five-tuple is all equal), and the degree of load balancing will compare It is low, and the stream feature of message can not be embodied.

For above-mentioned technical problem in the related technology, currently no effective solution has been proposed.

Summary of the invention

The embodiment of the invention provides a kind of transmission of message, processing method and processing device, PE node, nodes, at least to solve The technical issues of stream feature of overlay message can not certainly be embodied in underlay message transmission procedure in the related technology.

The embodiment of the invention provides a kind of sending methods of message, this method comprises: receiving from the first access circuit AC First message；First message is handled, one or more second messages are obtained；It wherein, include: first mutual in the second message Networking protocol IP address；First IP address is the IP address modified using predetermined entropy to the second IP address；Wherein, Predetermined entropy is used to identify the entropy of the first message；Send the second message.

The embodiment of the invention provides a kind of processing methods of message, this method comprises: receiving first service provider side The third message that edge equipment PE is sent, wherein third message is the first PE received to the first access circuit AC from the first PE The message that 4th message is handled includes: the first internet protocol address in third message；First IP address is to make The IP address modified with predetermined entropy to the second IP address, predetermined entropy are used to identify the entropy of the 4th message；Processing Third message.

The embodiment of the invention provides a kind of sending device of message, which includes: receiving module, for connecing from first Enter circuit AC and receives the first message；Processing module obtains one or more second messages for handling the first message； It wherein, include: the first internet protocol address in the second message；First IP address is using predetermined entropy to the second IP address The IP address modified；Wherein, predetermined entropy is used to identify the entropy of the first message；Sending module, for sending second Message.

The embodiment of the invention provides a kind of processing unit of message, which includes: receiving module, for receiving first The third message that service provider edge devices PE is sent, wherein third message is the first PE to the first access from the first PE The message that received 4th message of circuit AC is handled includes: the first internet protocol address in third message；The One IP address is the IP address modified using predetermined entropy to the second IP address, and predetermined entropy is for identifying the 4th report The entropy of text；Processing module, for handling third message.

The embodiment of the invention provides a kind of PE nodes, comprising: communication interface, for receiving the from the first access circuit AC One message；Processor obtains one or more second messages for handling the first message；Wherein, it is wrapped in the second message It includes: the first internet protocol address；First IP address is the IP to be modified using predetermined entropy to the second IP address Address；Wherein, predetermined entropy is used to identify the entropy of the first message；Communication interface, for sending the second message.

The embodiment of the invention provides a kind of nodes, comprising: communication interface is set for receiving first service provider edge The third message that standby PE is sent, wherein third message is that the first PE accesses circuit AC the received 4th to from the first of the first PE The message that message is handled includes: the first internet protocol address in third message；First IP address is using pre- Determine the IP address that entropy modifies to the second IP address, predetermined entropy is used to identify the entropy of the 4th message；Processor is used In processing third message.

The embodiment of the invention provides message handling systems, comprising: first node and second node；Wherein, described first Node is handled to obtain one or more the to first message for receiving the first message from the first access circuit AC Two messages and second message is sent to the second node；It wherein, include: the first internet in second message Protocol IP address；First IP address is the IP address modified using predetermined entropy to the second IP address；Wherein, The predetermined entropy is used to identify the entropy of first message；The second node, for after receiving second message, Handle second message.

The embodiment of the invention provides a kind of storage medium, storage medium includes the program of storage, wherein when program is run Execute method described in any of the above embodiments.

The embodiment of the invention provides a kind of processor, processor is for running program, wherein executes when program is run State described in any item methods.

Through the invention, the first IP address for including in the second message of transmission is to use predetermined entropy to the 2nd IP The IP address that location is modified, wherein the predetermined entropy is used to identify the entropy of the first message；I.e. by the second message Related with the entropy of the first message entropy information is carried in first IP, is enabled on the node for receiving the second message has benefited from It states predetermined entropy and can distinguish whether the first message packaged in the second message of difference received belongs to a certain extent In different data streams, such as, if belong to different business, if belong to difference<source MAC, purpose MAC>binary group, i.e., second The stream feature of the first message packaged by it can be embodied in the transmission process of message, thus can solve in the related technology The problem of stream feature of overlay message can not be embodied in underlay message transmission procedure, improve the degree of load balancing.

Detailed description of the invention

The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:

Fig. 1 is the topological diagram for the VXLAN business that RFC7348 is defined in the related technology；

Fig. 2 is that draft-ietf-bess-evpn-overlay (hereinafter referred to as [EVPN Overlay]) is fixed in the related technology The topological diagram of the VXLAN EVPN MAC-VRF business of justice；

Fig. 3 is that draft-ietf-bess-evpn-prefix-advertisement is (hereinafter referred to as in the related technology [EVPN Prefix]) topological diagram of VXLAN EVPN IP-VRF business that defines；

Fig. 4 is the topological diagram for the EVPN VPWS business that RFC8214 is defined in the related technology；

Fig. 5 is the flow diagram of the file transmitting method provided according to embodiments of the present invention；

Fig. 6 is that the PE1 node provided according to embodiments of the present invention sends message processing method in message process to P1 node Flow diagram；

Fig. 7 is that the PE1 node provided according to embodiments of the present invention sends message processing method in message process to PE2 node Flow diagram；

Fig. 8 is the structural block diagram of the sending device of the message provided according to embodiments of the present invention；

Fig. 9 is the structural block diagram of the processing unit of the message provided according to embodiments of the present invention；

Figure 10 is the structural schematic diagram of the PE node provided according to embodiments of the present invention；

Figure 11 is the structural block diagram of the node provided according to embodiments of the present invention；

Figure 12 is the structural schematic diagram for the PE node that preferred embodiment provides according to the present invention；

Figure 13 is the structural schematic diagram for the non-traffic sensing node that preferred embodiment provides according to the present invention；

Figure 14 is the comparison schematic diagram of preferred embodiment provides according to the present invention VXLAN encapsulation and SRv6 encapsulation；

Figure 15 is the comparison detail drawing of preferred embodiment provides according to the present invention VXLAN encapsulation and SRv6 encapsulation；

Figure 16 is that one kind of ERH (Entropy Routing Header) head that preferred embodiment provides according to the present invention can The encapsulation format figure of energy；

Figure 17 is the SRv6 encapsulation that preferred embodiment provides according to the present invention with SRH formats and without SRH formats Comparison diagram.

Specific embodiment

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings and in combination with Examples.It should be noted that not conflicting In the case of, the features in the embodiments and the embodiments of the present application can be combined with each other.

It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.

For EVPN business as a kind of important vpn service, RFC7432 defines its control plane frame, therein Ethernet Auto-discovery Route、MAC/IP Advertisement Route、Inclusive Multicast Four kinds of Ethernet Tag Route, Ethernet Segment Route etc. routing be referred to as RT-1, RT-2, RT-3 and RT-4 routing.Draft-ietf-bess-evpn-prefix-advertisement defines the IP Prefix of EVPN business again Route is known as RT-5 routing.

The factor for being used for load balancing in message is known as entropy in RFC6790, carries the mark containing entropy in messages The method of label contains the entropy of overlay network in the label containing entropy, and still, which depends on MPLS technology, It is required that underlay network must support MPLS technology, i.e., it is dependent on MPLS encapsulation.And in the IPv4 for not supporting MPLS technology In network, there is no the methods for carrying entropy in messages in the related technology, therefore load balancing is very uneven.

In addition, IPv6 Flow-label fields are designed to take in the IPv6 network for not supporting MPLS technology For the function of IPv4 types of service (Type of Service, abbreviation ToS) field, but due to from RFC2460 to In tens of years between RFC3697 to RFC6437, it is fixed that the specifically used details of the field never has specific standard Justice, therefore, field carrying entropy requires the non-traffic perception node in all underlay networks all to support in practice should Field is for load balancing routing and is not used in the pseudo-randomness of other purposes or entropy and can cause to reaching for other purposes Interference.

The entropy of existing RFC6790 refers to the entropy generated according to the feature field of message itself, to lack to report The embodiment of the contextual information of text, the contextual information includes that message enters business, message belonging to the interface of equipment, message There is the leeway further increased in affiliated node etc., therefore, the uniformity coefficient of load balancing.

In some cases, user is not intended to for the specific IP address of oneself being exposed in underlay network.

In order to overcome the above problem, the present invention provides following embodiments:

Embodiment 1

The embodiment of the invention provides a kind of sending method of message, this method be can be applied in topology described in Fig. 1, But it is not limited to this, for example this method can also be applied to topology, topology shown in Fig. 3 or topology shown in Fig. 4 shown in Fig. 2 In, wherein Fig. 2 is the topological diagram for the VXLAN EVPN MAC-VRF business that [EVPN Overlay] is defined in the related technology；Fig. 3 It is the topological diagram for the VXLAN EVPN IP-VRF business that [EVPN Prefix] is defined in the related technology；Fig. 4 is in the related technology The topological diagram for the EVPN VPWS business that RFC8214 is defined.The executing subject of the sending method can be PE node, shown in Fig. 1 Topology for, the executing subject of the sending method can be PE1 node, PE2 node or PE3 node shown in FIG. 1, and unlimited In this.

Below with the executing subject of the sending method for PE1 node shown in FIG. 1, and the transmission flow of message is from CE1 It is illustrated for being sent via non-traffic sensing node P1 of the PE1 node into underlay network.Fig. 5 is according to the present invention The flow diagram for the file transmitting method that embodiment provides, as shown in figure 5, this method comprises:

Step S502, PE1 node receives the first message from the first access circuit AC of PE1 node；Wherein, the access electricity Interface or sub-interface or virtual circuit of the road AC between PE node and customer edges CE node, wherein the PE node includes VTEP node and NVE node.

Step S504, PE1 node handles the first message, obtains one or more second messages；Wherein, the second report It include: the first internet protocol address in text；First IP address is to be modified using predetermined entropy to the second IP address The IP address arrived；Wherein, predetermined entropy is used to identify the entropy of the first message；

Step S506, PE1 node sends the second message to P1 node.

It should be noted that the entropy of entropy E (such as above-mentioned predetermined entropy) identification message P (such as above-mentioned first message), Referring to the entropy E is calculated with F pairs of assignment algorithm one or more specify informations corresponding with the message P Numerical value pass through institute also, when random variation occurs for any one of described specify information corresponding with the message P Stating the calculated entropy E of algorithm F also has scheduled probability to change.

It should be noted that the scheduled probability is the binary digit sum as shared by algorithm F, all specify informations It is determined with binary digit sum shared by the sum of binary digit shared by changed specify information and entropy E.

Through the above steps, the first IP address for including in the second message of transmission is using predetermined entropy to the 2nd IP The IP address that address is modified, wherein the predetermined entropy is used to identify the entropy of the first message；I.e. by the second message The first IP in carry related with the entropy of the first message entropy information, the node for receiving the second message is had benefited from Above-mentioned predetermined entropy and the first packaged message can be distinguished in the second message of difference received to a certain extent whether Belong to different data streams, such as, if belong to different business, if belong to difference<source MAC, purpose MAC>binary group, i.e., The stream feature of the first message packaged by it can be embodied in the transmission process of two messages, thus can solve in the related technology The problem of stream feature of overlay message can not be embodied in underlay message transmission procedure, improve the degree of load balancing.

It should be noted that above-mentioned first IP address can be located in at least one of position of above-mentioned second message: Source IP, destination IP, in the 6th edition IPv6 option head of Internet protocol.By the way that the first IP address to be placed on to the source IP of the second message, mesh IP, at least one of the 6th edition IPv6 option head of Internet protocol position, i.e., existed by carrying the entropy of the first message The source IP of second message, destination IP, at least one of the 6th edition IPv6 option head of Internet protocol, without to message MPLS encapsulation is carried out, i.e., in IPv4 the or IPv6 network for not supporting MPLS, realizes the method for carrying entropy in messages, into And make not needing non-traffic perception node upgrading in underlay network and do not depend on MPLS technology in the case where solves Load balancing non-uniform problem in IPv4 and IPv6underlay network.

Optionally, in the IPv6 option head that first IP address is located at second message in the case where, by with One of lower mode indicates in the IPv6 option head with the presence or absence of the predetermined entropy: by next in the IPv6 head of the second message The instruction of header Next-header field, is indicated by the field in the IPv6 option head.

It should be noted that above-mentioned IPv6 can be IPv6 option head, it is also possible to the essential head of IPv6, is not limited to This.

It should be noted that above-mentioned second IP address can be when being not turned on functional switch of the invention to described One message carries out the source IP or destination IP of corresponding second message for handling and obtaining, and but it is not limited to this.When described first When IP address is in the IPv6 option head, second IP address can be copied in IPv6 option head, then with described pre- Determine entropy and modifies copy of second IP address in the IPv6 option head.

It should be noted that the processing in above-mentioned steps S504 can show themselves in that encapsulation, modification, but it is not limited to this.

It should be noted that using the predetermined entropy to second IP address modify including it is following at least it One: replacing the value of designated position in the second IP address with predetermined entropy, wherein the predetermined entropy is one of the following: intrinsic entropy Value, context entropy, comprehensive entropy；It will be calculated with the predetermined entropy and the value of designated position in second IP address Obtained result replaces the value of designated position described in second IP address, wherein the predetermined entropy is one of the following: this Levy entropy, context entropy, comprehensive entropy；Added with value of the predetermined entropy to designated position in second IP address It is close, wherein the predetermined entropy is intrinsic entropy；Wherein, the intrinsic entropy is by one or more in first message A feature field passes through the entropy that Hash calculation obtains；The context entropy is by the corresponding one or more of the first AC Feature configuration information passes through the entropy that mapping obtains；The comprehensive entropy is by the intrinsic entropy of first message and described the The entropy that the context entropy of one message is calculated jointly.

It should be noted that the entropy of FRC6790 refers to the entropy generated according to the feature field of message itself, thus Lack the embodiment to the contextual information of message, the contextual information includes that message enters belonging to the interface of equipment, message Node belonging to business, message etc., and in an embodiment of the present invention, when predetermined entropy is context entropy or comprehensive entropy In the case of, i.e., context entropy or comprehensive entropy are carried in the first IP of the second message, further improve load balancing Uniformity coefficient.

It in an embodiment of the present invention, include intrinsic entropy in above-mentioned predetermined entropy, with predetermined entropy to the second IP address The value of middle designated position is encrypted, i.e., is encrypted by the intrinsic entropy of the first message to the second IP address, both in message In be added to the first message entropy and the IP address on PE1 node is encrypted, can both not need underlay net Non-traffic perception node in network upgrades and solves IPv4 and IPv6underlay network in the case where not depending on MPLS technology In the non-uniform problem of load balancing, and can guarantee that IP address will not expose.

It should be noted that features described above field may include at least one of: source IP, the purpose of first message The Flow-label field of IP, protocol type, source port, destination port, the tos field of IPv4, IPv6；First message Source media access control MAC, purpose MAC；The ethernet type ethertype of first message, ectonexine virtual LAN Identify VLAN ID, 802.1p priority.Wherein, the 802.1p priority refers to the precedence field that 802.1p is defined, packet It includes preferential in the Tag that tag protocol mark (Tag Protocol Identifier, abbreviation TPID) is 0x8100 or 0x88a8 Grade.

The corresponding feature configuration information of above-mentioned first AC may include at least one of: map to obtain by the first AC Information；The node level configuration information obtained as the node where the first AC；The main interface as belonging to the first AC reflects The information penetrated；It is obtained after Hash calculation by the corresponding Ethernet segment identifiers ESI of the first affiliated main interface of AC Information；The corresponding ESI of the affiliated main interface of first AC itself；The corresponding ESI of the corresponding ESI of the affiliated main interface of first AC IP, wherein the ESI IP is an IP address for ESI configuration, on node belonging to the ESI IP and the ESI The corresponding ESI IP of other ESI is different.

In an embodiment of the present invention, above-mentioned comprehensive entropy can be obtained according at least one of method, but and unlimited In this: carrying out step-by-step logic XOR operation by the intrinsic entropy and the context entropy, obtain the comprehensive entropy；By institute It states intrinsic entropy, the context entropy and any N number of constant to be calculated, obtains the comprehensive entropy；Wherein, N be greater than Or the integer equal to 1.

It should be noted that above-mentioned calculating can be with Hash calculation, but it is not limited to this.

In one embodiment of the invention, the affiliated type of service of above-mentioned first AC may include at least one of: The VPN of MAC header forwarding in Virtual Private Network VPN based on first message；IP based on first message in VPN The VPN of head forwarding (VPN for how giving the IP head in VPN based on first message to forward is referring to preferred embodiment 9)；? Be forwarded in VPN according to the configuration information on the first AC VPN (how in VPN according on the first AC The VPN that configuration information is forwarded is referring to preferred embodiment 11).

In one embodiment of the invention, above-mentioned steps S504 can also show as at least one of, but and unlimited In this: PE1 node carries out expansible virtual LAN VXLAN to first message and encapsulates；PE1 node is to first message Carry out the extension GPE encapsulation of VXLAN puppy parc；PE1 node carries out universal network virtualization encapsulation to first message Geneve (Generic Network Virtualization Encapsulation, abbreviation Geneve) encapsulation；PE1 node pair First message carries out generic route encapsulation (the Network Virtualization using Generic of network virtualization Routing Encapsulation, abbreviation NVGRE) encapsulation；PE1 node is extended SRv6 to first message (Segment Routing instantiated on the IPv6 dataplane, abbreviation SRv6) encapsulation.

It should be noted that Segment routing SRv6 can be " with the realization of IPv6 data surface " or " on IPv6 data surface The Segment routing of realization " (SRv6 refers to Segment Routing instantiated on the IPv6 dataplane)。

It should be noted that the above-mentioned explanation carried out using PE1 as executing subject, but PE1 is not limited to as execution Main body can also be PE2, PE3 etc., and without limitation.

One embodiment of the present of invention additionally provides a kind of processing method of message, and the processing method of the message can also answer For being still illustrated by taking Fig. 1 as an example in topology shown in any figure in above-mentioned Fig. 1 to Fig. 4 below, the processing method of message Executing subject can be PE1, PE2, PE3 in Fig. 1, any one node in P1 and P2, wherein P1 and P2 is non-traffic Sensing node, below with the executing subject of the processing method for P1 node shown in FIG. 1, and the transmission flow of message is from PE1 Non-traffic sensing node P1 of the node into underlay network is illustrated for sending to PE2.Fig. 6 is according to the present invention The PE1 node that embodiment provides sends the flow diagram of message processing method in message process to P1 node, as shown in fig. 6, This method comprises:

Step S602, P1 node receives the third message that first service provider edge PE is sent, wherein described the Three messages are that the first PE is handled from the first access received 4th message of circuit AC of the first PE Message includes: the first internet protocol address in the third message；First IP address is using predetermined entropy to the The IP address that two IP address are modified, the predetermined entropy are used to identify the entropy of the 4th message；

Third message described in step S604, P1 node processing.

It should be noted that above-mentioned first PE can be PE1 node.Above-mentioned third message is equivalent to the transmission of above-mentioned message The second message in embodiment shown in method, above-mentioned 4th message are equivalent in the sending method embodiment of above-mentioned message One message.

By the above method, by the first IP address for including in the third message that receives for using predetermined entropy to the The IP address that two IP address are modified, wherein the predetermined entropy is used to identify the entropy of the 4th message；I.e. by third Entropy information related with the entropy of the 4th message is carried in the IP of message, enables P1 by above-mentioned predetermined entropy in certain journey Distinguish whether the first message packaged in the second message of difference received belongs to different data streams on degree, such as, if belong to In different business, if belong to difference<source MAC, purpose MAC>binary group can embody in the transmission process of the second message The stream feature of the first message packaged by it, thus can solve in underlay message transmission procedure in the related technology without body of laws The problem of stream feature of existing overlay message, improve the degree of load balancing.

It should be noted that first IP address is located in at least one of position of the third message: source IP, Destination IP, in the 6th edition IPv6 option head of Internet protocol.

It should be noted that in the case where in the IPv6 option head that first IP address is located at second message, It is indicated in the IPv6 option head by following one mode with the presence or absence of the predetermined entropy: by the third message Next header Next-header field instruction, is indicated by the field in the IPv6 option head in IPv6.

It should be noted that the destination IP of above-mentioned third message is the far-end IP address on the node for receive third message, The executing subject of i.e. above-mentioned processing method can be P1 node, and above-mentioned steps S604 can show as at least one of: P1 section Point selects load balancing forwarding information according to first IP address, and P1 node forwards institute according to the load balancing forwarding information State third message；Binary digit corresponding with the predetermined entropy carried in first IP address is respectively seen as by P1 node Predetermined value carries out other processing in addition to forwarding to the third message；P1 node directly forwards the third message.

It should be noted that above-mentioned load balancing forwarding information can be P1 node during load balancing to third report Selected works select the information of forward-path.

It should be noted that above-mentioned predetermined entropy can be with the meaning of the predetermined entropy in above-mentioned embodiment shown in fig. 5 Or explanation is identical, details are not described herein again.

Fig. 7 is that the PE1 node provided according to embodiments of the present invention sends message processing method in message process to PE2 node Flow diagram, as shown in fig. 7, this method comprises:

Step S702, PE2 node receives the third message that first service provider edge PE is sent, wherein described Third message is that the first PE is handled to obtain to from the first access received 4th message of circuit AC of the first PE Message, include: the first internet protocol address in the third message；First IP address is to use predetermined entropy pair The IP address that second IP address is modified, the predetermined entropy are used to identify the entropy of the 4th message；

Third message described in step S704, PE2 node processing.

It should be noted that above-mentioned steps S702 can show themselves in that PE2 directly receives the third message of PE1 transmission, it can also By be by the forwarding of P1 or P2 in a manner of come receive PE1 transmission third message, but it is not limited to this.

It should be noted that in the case where in the IPv6 option head that first IP address is located at second message, It is indicated in the IPv6 option head by following one mode with the presence or absence of the predetermined entropy: by the IPv6 head of third message In the instruction of next header Next-header field, pass through the field in the IPv6 option head.

When the destination IP of above-mentioned third message is the IP address for the configuration of PE2 node, i.e., above-mentioned processing third message In the case that executing subject is PE2, above-mentioned steps S704 can be showed themselves in that first IP address in the third message The middle binary digit modified by the predetermined entropy is set as predetermined value；Wherein, the predetermined value phase of different binary digit settings It is same or different；Recalculate the predetermined entropy, and with the predetermined entropy after recalculating in the third message It is decrypted in first IP address by the part that the predetermined entropy encrypts；Wherein, the predetermined entropy is intrinsic entropy； By the IPv6 option head removing comprising first IP address in the third message；Directly handle the third message.

It should be noted that the explanation of intrinsic entropy etc. can be with reference in embodiment illustrated in fig. 5 for above-mentioned predetermined entropy To predetermined entropy, the explanation of intrinsic entropy, details are not described herein again, thanks.

Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much In the case of the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to existing The part that technology contributes can be embodied in the form of software products, which is stored in a storage In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.

Embodiment 2

A kind of sending device of message is additionally provided in the present embodiment, and the device is for realizing above-described embodiment and preferably Embodiment, the descriptions that have already been made will not be repeated.As used below, predetermined function may be implemented in term " module " The combination of software and/or hardware.Although device described in following embodiment is preferably realized with software, hardware, or The realization of the combination of person's software and hardware is also that may and be contemplated.

It should be noted that the sending device of message provided in an embodiment of the present invention can be located at any figure in Fig. 1 to Fig. 4 Shown on PE node, such as PE1 node shown in FIG. 1, PE2 node or PE3 node, but it is not limited to this.

Fig. 8 is the structural block diagram of the sending device of the message provided according to embodiments of the present invention, as shown in figure 8, the device Include:

Receiving module 82, for receiving the first message from the first access circuit AC；

Processing module 84 is connect with above-mentioned receiving module 82, for handling first message, obtain one or Multiple second messages；It wherein, include: the first internet protocol address in second message；First IP address is to make The IP address modified with predetermined entropy to the second IP address；Wherein, the predetermined entropy is for identifying described first The entropy of message；

Sending module 86 is connect with above-mentioned processing module 84, for sending second message.

By above-mentioned apparatus, the first IP address for including in the second message of transmission is using predetermined entropy to the 2nd IP The IP address that address is modified, wherein the predetermined entropy is used to identify the entropy of the first message；I.e. by the second message The first IP in carry related with the entropy of the first message entropy information, the node for receiving the second message is had benefited from Above-mentioned predetermined entropy and the first packaged message can be distinguished in the second message of difference received to a certain extent whether Belong to different data streams, such as, if belong to different business, if belong to difference<source MAC, purpose MAC>binary group, i.e., The stream feature of the first message packaged by it can be embodied in the transmission process of two messages, thus can solve in the related technology The problem of stream feature of overlay message can not be embodied in underlay message transmission procedure, improve the degree of load balancing.

It should be noted that interface or sub-interface of the access circuit AC between PE node and customer edges CE node Or virtual circuit, wherein the PE node includes VTEP node and NVE node；Entropy E (such as above-mentioned predetermined entropy) identification message The entropy of P (such as above-mentioned first message), refer to the entropy E be with F pairs of assignment algorithm one corresponding with the message P or The numerical value that multiple specify informations are calculated, also, as any one in the specify information corresponding with the message P When a generation changes at random, also there is scheduled probability to change by the calculated entropy E of the algorithm F.

It should be noted that above-mentioned first IP address can be located in at least one of position of above-mentioned second message: Source IP, destination IP, in the 6th edition IPv6 option head of Internet protocol.By the way that the first IP address to be placed on to the source IP of the second message, mesh IP, at least one of the 6th edition IPv6 option head of Internet protocol position, i.e., existed by carrying the entropy of the first message The source IP of second message, destination IP, at least one of the 6th edition IPv6 option head of Internet protocol, without to message MPLS encapsulation is carried out, i.e., in IPv4 the or IPv6 network for not supporting MPLS, realizes the method for carrying entropy in messages, into And make not needing non-traffic perception node upgrading in underlay network and do not depend on MPLS technology in the case where solves Load balancing non-uniform problem in IPv4 and IPv6 underlay network.

It should be noted that in the case where in the IPv6 option head that first IP address is located at second message, It is indicated in the IPv6 option head by following one mode with the presence or absence of the predetermined entropy: by the IPv6 head of the second message In the instruction of next header Next-header field, the field passed through in the IPv6 option head indicates.

It should be noted that above-mentioned processing can show themselves in that encapsulation, modification, but it is not limited to this.

It in an embodiment of the present invention, include intrinsic entropy in above-mentioned predetermined entropy, with predetermined entropy to the second IP address The value of middle designated position is encrypted, i.e., is encrypted by the intrinsic entropy of the first message to the second IP address, both in message In be added to the first message entropy and the IP address on PE1 node is encrypted, can both not need underlay net Non-traffic perception node in network upgrades and solves IPv4 and IPv6 underlay network in the case where not depending on MPLS technology In the non-uniform problem of load balancing, and it is also ensured that IP address will not expose.

It should be noted that features described above field may include at least one of: source IP, the purpose of first message The Flow-label field of IP, protocol type, source port, destination port, the tos field of IPv4, IPv6；First message Source media access control MAC, purpose MAC；The ethernet type ethertype of first message, ectonexine virtual LAN Identify VLAN ID, 802.1p priority；Wherein, the 802.1p priority refers to the precedence field that 802.1p is defined, packet It includes preferential in the Tag that tag protocol mark (Tag Protocol Identifier, abbreviation TPID) is 0x8100 or 0x88a8 Grade.

In an embodiment of the present invention, above-mentioned processing module 84 can be also used for obtaining according at least one of method Comprehensive entropy is stated, but it is not limited to this: step-by-step logic XOR operation being carried out by the intrinsic entropy and the context entropy, is obtained To the comprehensive entropy；It is calculated, is obtained described comprehensive by the intrinsic entropy, the context entropy and any N number of constant Close entropy；Wherein, N is the integer more than or equal to 1.It should be noted that above-mentioned calculating can be with Hash calculation, but it is not limited to This.

In one embodiment of the invention, the affiliated type of service of above-mentioned first AC may include at least one of: The VPN of MAC header forwarding in Virtual Private Network VPN based on first message；IP based on first message in VPN The VPN of head forwarding；The VPN being forwarded in VPN according to the configuration information on the first AC.

In one embodiment of the invention, above-mentioned processing module 84 can be also used at least one of, but and unlimited In this: carrying out expansible virtual LAN VXLAN to first message and encapsulate；It is general that VXLAN is carried out to first message Protocol extension GPE encapsulation；Universal network virtualization encapsulation Geneve encapsulation is carried out to first message；To first message Carry out generic route encapsulation (the Network Virtualization using Generic Routing of network virtualization Encapsulation, abbreviation NVGRE) encapsulation；SRv6 encapsulation is extended to first message.

It can be used for message topological shown in any figure in above-mentioned Fig. 1 to Fig. 4 the embodiment of the invention also provides a kind of Processing unit, it should be noted that the processing unit of above topology message can be located in Fig. 1 to Fig. 4 shown in any figure PE node (for example PE1, PE2, PE3 are not limited to this) or non-traffic sensing node (P1 or P2), Fig. 9 are to implement according to the present invention The structural block diagram of the processing unit for the message that example provides, as shown in figure 9, the device includes:

Receiving module 92, for receiving the third message of first service provider edge PE transmission, wherein described the Three messages are that the first PE is handled from the first access received 4th message of circuit AC of the first PE Message includes: the first internet protocol address in the third message；First IP address is using predetermined entropy to the The IP address that two IP address are modified, the predetermined entropy are used to identify the entropy of the 4th message；

Processing module 94 is connect with above-mentioned receiving module 92, for handling the third message.

It should be noted that above-mentioned third message is equivalent to the second message in above-mentioned embodiment shown in Fig. 8, above-mentioned Four messages are equivalent to the first message in above-mentioned embodiment shown in Fig. 8.Where the above-mentioned above-mentioned device shown in Fig. 8 of first PE PE node, but it is not limited to this.

By above-mentioned apparatus, by the first IP address for including in the third message that receives for using predetermined entropy to the The IP address that two IP address are modified, wherein the predetermined entropy is used to identify the entropy of the 4th message；I.e. by third Entropy information related with the entropy of the 4th message is carried in the IP of message, enables P1 by above-mentioned predetermined entropy in certain journey Distinguish whether the first message packaged in the second message of difference received belongs to different data streams on degree, such as, if belong to In different business, if belong to difference<source MAC, purpose MAC>binary group can embody in the transmission process of the second message The stream feature of the first message packaged by it, thus can solve in underlay message transmission procedure in the related technology without body of laws The problem of stream feature of existing overlay message, improve the degree of load balancing.

It should be noted that in the case where in the IPv6 option head that first IP address is located at second message, It is indicated in the IPv6 option head by following one mode with the presence or absence of the predetermined entropy: by the IPv6 head of third message In the instruction of next header Next-header field, the field passed through in the IPv6 option head indicates.

It should be noted that the destination IP of above-mentioned third message is the far-end IP address on the node for receive third message, I.e. above-mentioned processing unit is located in P1 node, and processing module 94 can be also used at least one of: according to the first IP Location selects load balancing forwarding information, forwards the third message according to the load balancing forwarding information；It will be with described first The corresponding binary digit of the predetermined entropy carried in IP address is respectively seen as predetermined value, carries out the third message except turning Other processing except hair；Directly forward the third message.

Third message is selected during load balancing it should be noted that above-mentioned load balancing forwarding information can be The information of forward-path.

When the destination IP of above-mentioned third message is the IP address for the configuration of PE node, i.e., above-mentioned processing unit is located at PE section In the case where in point, above-mentioned processing module 94 can be also used at least one of: by described first in the third message Predetermined value is set as by the binary digit that the predetermined entropy was modified in IP address；Wherein, different binary digit settings is pre- Definite value is identical or different；Recalculate the predetermined entropy, and with the predetermined entropy after recalculating to the third report It is decrypted in first IP address in text by the part that the predetermined entropy encrypts；Wherein, the predetermined entropy is this Levy entropy；By the IPv6 option head removing comprising first IP address in the third message；Directly handle the third Message.

It should be noted that above-mentioned predetermined entropy can be with the meaning of the predetermined entropy in above-mentioned embodiment shown in Fig. 8 Or explanation is identical, details are not described herein again.

It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong Following manner realization is crossed, but not limited to this: above-mentioned module is respectively positioned in same processor；Alternatively, above-mentioned modules are with any Combined form is located in different processors.

Embodiment 3

The embodiment of the invention also provides a kind of PE node, which can be PE shown in any figure in Fig. 1 to Fig. 4 Node, such as PE1 node shown in FIG. 1, PE2 node or PE3 node, Figure 10 are the PE nodes provided according to embodiments of the present invention Structural schematic diagram, as shown in Figure 10, which includes:

Communication interface 1002, for receiving the first message from the first access circuit AC；

Processor 1004 is connect with above-mentioned communication interface 1002, for handling the first message, obtains one or more A second message；It wherein, include: the first internet protocol address in the second message；First IP address is to use predetermined entropy The IP address modified to the second IP address；Wherein, predetermined entropy is used to identify the entropy of the first message；

Above-mentioned communication interface 1002, is also used to send the second message.

By above-mentioned PE node, the first IP address for including in the second message of transmission is using predetermined entropy to second The IP address that IP address is modified, wherein the predetermined entropy is used to identify the entropy of the first message；I.e. by the second report Entropy information related with the entropy of the first message is carried in first IP of text, and the node for receiving the second message is benefited The first message packaged in the second message of difference received can be distinguished to a certain extent in above-mentioned predetermined entropy is It is no to belong to different data streams, such as, if belong to different business, if belong to difference<source MAC, purpose MAC>binary group exists The stream feature of the first message packaged by it can be embodied in the transmission process of second message, thus can solve in the related technology The problem of stream feature of overlay message can not be embodied in underlay message transmission procedure, improve the degree of load balancing.

It in an embodiment of the present invention, include intrinsic entropy in above-mentioned predetermined entropy, with predetermined entropy to the second IP address The value of middle designated position is encrypted, i.e., is encrypted by the intrinsic entropy of the first message to the second IP address, both in message In be added to the first message entropy and the IP address on PE1 node is encrypted, can both not need underlay net Non-traffic perception node in network upgrades and solves IPv4 and IPv6 underlay network in the case where not depending on MPLS technology In the non-uniform problem of load balancing, and can guarantee that IP address will not expose.

In an embodiment of the present invention, above-mentioned processor 1004 can be also used for obtaining according at least one of method Comprehensive entropy is stated, but it is not limited to this: step-by-step logic XOR operation being carried out by the intrinsic entropy and the context entropy, is obtained To the comprehensive entropy；It is calculated, is obtained described comprehensive by the intrinsic entropy, the context entropy and any N number of constant Close entropy；Wherein, N is the integer more than or equal to 1.It should be noted that above-mentioned calculating can be with Hash calculation, but it is not limited to This.

In one embodiment of the invention, above-mentioned processor 1004 can be also used at least one of, but and unlimited In this: carrying out expansible virtual LAN VXLAN to first message and encapsulate；It is general that VXLAN is carried out to first message Protocol extension GPE encapsulation；Universal network virtualization encapsulation Geneve encapsulation is carried out to first message；To first message Carry out generic route encapsulation (the Network Virtualization using Generic Routing of network virtualization Encapsulation, abbreviation NVGRE) encapsulation；SRv6 encapsulation is extended to first message.

The embodiment of the invention also provides a kind of node, which can be PE node shown in any figure in Fig. 1 to Fig. 4 (for example PE1, PE2, PE3 are not limited to this) or non-traffic sensing node (P1 or P2), Figure 11 are to mention according to embodiments of the present invention The structural block diagram of the node of confession, as shown in figure 11, which includes:

Communication interface 1102, for receiving the third message of first service provider edge PE transmission, wherein third Message is the first PE to the message handled from the first access received 4th message of circuit AC of the first PE, third report It include: the first internet protocol address in text；First IP address is to be modified using predetermined entropy to the second IP address The IP address arrived, predetermined entropy are used to identify the entropy of the 4th message；

Processor 1104 is connect, for handling third message with above-mentioned communication interface 1102.

By above-mentioned node, by the first IP address for including in the third message that receives for using predetermined entropy to the The IP address that two IP address are modified, wherein the predetermined entropy is used to identify the entropy of the 4th message；I.e. by third Entropy information related with the entropy of the 4th message is carried in the IP of message, enables P1 by above-mentioned predetermined entropy in certain journey Distinguish whether the first message packaged in the second message of difference received belongs to different data streams on degree, such as, if belong to In different business, if belong to difference<source MAC, purpose MAC>binary group can embody in the transmission process of the second message The stream feature of the first message packaged by it, thus can solve in underlay message transmission procedure in the related technology without body of laws The problem of stream feature of existing overlay message, improve the degree of load balancing.

It should be noted that above-mentioned third message is equivalent to the second message in above-mentioned embodiment shown in Fig. 10, it is above-mentioned 4th message is equivalent to the first message in above-mentioned embodiment shown in Fig. 10.The above-mentioned above-mentioned PE section shown in Fig. 10 of first PE Point, but it is not limited to this.

It should be noted that the destination IP of above-mentioned third message is the far-end IP address on the node for receive third message, I.e. above-mentioned node is in non-traffic sensing node, and above-mentioned processor 1104 can be also used at least one of: according to described the One IP address selects load balancing forwarding information, forwards the third message according to the load balancing forwarding information；Will with institute State the corresponding binary digit of the predetermined entropy of carry in the first IP address described and be respectively seen as predetermined value, to the third message into Other processing of the row in addition to forwarding；Directly forward the third message.

When the destination IP of above-mentioned third message is the IP address for the configuration of PE node, i.e., above-mentioned node is the feelings of PE node Under condition, above-mentioned processor 1104 can be also used at least one of: will be in first IP address in the third message Predetermined value is set as by the binary digit that the predetermined entropy was modified；Wherein, the predetermined value of different binary digit settings is identical Or it is different；Recalculate the predetermined entropy, and with the predetermined entropy after recalculating to the institute in the third message It states in the first IP address and is decrypted by the part that the predetermined entropy encrypts；Wherein, the predetermined entropy is intrinsic entropy；It will The IPv6 option head removing comprising first IP address in the third message；Directly handle the third message.

It should be noted that above-mentioned predetermined entropy can be with the meaning of the predetermined entropy in above-mentioned embodiment shown in Fig. 10 Or explanation is identical, details are not described herein again.

Embodiment 4

The embodiment of the invention also provides a kind of processing systems of message, comprising: first node and second node；Wherein, The first node is handled to obtain one for receiving the first message from the first access circuit AC to first message Or multiple second messages and second message is sent to the second node；It wherein, include: in second message One internet protocol address；First IP address is the IP that is modified to the second IP address using predetermined entropy Location；Wherein, the predetermined entropy is used to identify the entropy of first message；The second node, for receiving described After two messages, second message is handled.

It should be noted that above-mentioned first node can be the PE node shown in Fig. 10 in above-described embodiment 3, above-mentioned Two nodes can be node shown in Figure 11 in above-described embodiment 3 (PE node or non-traffic sensing node).For first segment The explanation of point and second node, detailed in Example 3, details are not described herein again.

Embodiment 5

The embodiments of the present invention also provide a kind of storage medium, which includes the program of storage, wherein above-mentioned Program executes method described in any of the above embodiments when running.

Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (Read- Only Memory, referred to as ROM), it is random access memory (Random Access Memory, referred to as RAM), mobile hard The various media that can store program code such as disk, magnetic or disk.

The embodiments of the present invention also provide a kind of processor, the processor is for running program, wherein program operation Step in Shi Zhihang any of the above-described method.

Optionally, the specific example in the present embodiment can be with reference to described in above-described embodiment and optional embodiment Example, details are not described herein for the present embodiment.

Embodiment for a better understanding of the present invention is further explained the present invention below in conjunction with preferred embodiment.

The technical solution that the preferred embodiment of the present invention provides can at least reach technical effect below: excellent using the present invention The entropy IP transmitting-receiving node for selecting embodiment to provide is solved as PE node in the non-industry for not upgrading existing underlay network Business sensing node, under the premise of not requiring underlay network support MPLS technology, solves the non-of existing underlay network Load balancing can not embody the problem of stream feature of overlay message on service-aware node.In addition, since entropy can be in source Carried in IP and/or mesh IP, therefore, can solve load balancing unevenness with and need to upgrade the non-of existing underlay network Service-aware node and the defect for requiring underlay network support MPLS technology, reach in not needing underlay network Under the premise of non-traffic perception node upgrading, solves the load in IPv4 and IPv6underlay network using unified technology The effect of balanced non-uniform problem.Due to identifying context entropy, by further carrying context entropy, further mention The high uniformity coefficient of the load balancing.Further, by with the intrinsic entropy of Overlay message to source IP or destination IP Encryption, the entropy of Overlay message is not only added in underlay IP but also is encrypted to the IP address on PE node, It can solve the above problems simultaneously, the effect of entropy is made to reach a kind of resultant effect.

Figure 12 is the structural schematic diagram for the PE node that preferred embodiment provides according to the present invention, as shown in figure 12, comprising: VPN infrastructure module, the second card module of the first card module of entropy IP and entropy IP, wherein the second card module of entropy IP is can Choosing, i.e., it can not also include the second card module of entropy IP that above-mentioned PE node, which may include the second card module of entropy IP, specific to wrap Including still does not include the second card module of entropy IP, can according to need and is configured, does not limit.

It should be noted that above-mentioned VPN infrastructure module can be completed with above-mentioned receiving module 82, sending module 86 Function is similar, and can also complete the partial function of above-mentioned processing module 84, or can complete and above-mentioned communication interface 1002 function and the partial function of processor 1004, or can complete function that above-mentioned communication interface 1102 is completed and The partial function of processor 1104, but it is not limited to this.

Above-mentioned the first card module of entropy IP can complete the partial function of above-mentioned processing module 84 or processor 1004, such as Complete the function of modifying using predetermined entropy to the 2nd IP；Above-mentioned the second card module of entropy IP can complete above-mentioned processor 1104 partial function, but it is not limited to this.

Figure 13 is the structural schematic diagram for the non-traffic sensing node that preferred embodiment provides according to the present invention, such as Figure 13 institute Show, comprising: IP basis instrument module, entropy IP third card module；It should be noted that entropy IP third card module is optional , i.e., it can not also include entropy IP third card module that above-mentioned non-traffic sensing node, which may include entropy IP third card module, Specifically including still does not include entropy IP third card module, can according to need and is configured, does not limit.

It should be noted that above-mentioned IP basis instrument module can be completed and above-mentioned communication interface 1102 and above-mentioned processing The partial function of device 1104, above-mentioned entropy IP third card module can complete the partial function with above-mentioned processor 1104, but simultaneously It is without being limited thereto.

The effect for the above-mentioned module for including for above-mentioned PE node or non-traffic sensing node can be by following preferred realities Example is applied to be described in detail.

Preferred embodiment 1

In conjunction with Figure 12 to the method and apparatus (system) of the entropy for being transmitted in outer layer IP and using internal layer message The implementation of PE node of technical solution be described in further detail:

1: realize the VPN infrastructure module:

Common VXLAN business is realized by RFC7348, then control plane module, that is, basis the VPN of gained VXLAN business is set Apply control plane and the man-machine interface part of module.

Similarly, VXLAN business is realized by RFC7348, then the forwarding surface module of gained VXLAN business, that is, basis the VPN The forwarding surface part of infrastructure modules.

In addition in place of specified otherwise, this module man-machine interface corresponding with the above RFC7348 and process flow phase Together.

It is noted that a kind of resulting EVPN control plane module can be used for without loss of generality by the above process Configuration, the configuration of EVPN example, the binding configuration of AC and EVPN example, the tunnel VXLAN and EVPN example including the tunnel VXLAN The contents such as binding configuration, wherein EVPN example is mark with VNI, and VNI comes from user configuration.Wherein, the tunnel VXLAN Using the VPN Router ID of place node as source IP on its two leaf, made with the VPN Router ID to leaf For purpose IP.Wherein, the VPN Router ID is the IP address of a loopback interface.For the sake of description simplicity, do not lose Generality, this module set node only one VPN Router ID.

This module is used as software realization, needs to realize a kind of Plugin Mechanism, for forwarding in this module by RFC7432 process When first message, after the addition IP encapsulation of the first message, X message is obtained, the X message encapsulates link layer not yet Forwarding information (such as Ethernet header) then calls the first card module of entropy IP to the source IP and purpose in IP encapsulation with X message IP modifies, and obtains Y message, then proceedes to forward the Y message by the process of RFC7432, including by described Other forwarding informations such as the destination IP encapsulation link layer forwarding information of Y message, obtain the second message and (are equivalent to above-described embodiment In the second message or third message), and send second message.The Plugin Mechanism can be function call, readjustment letter Number, polymorphic functions are also possible to standalone insert.

In addition to Plugin Mechanism, the forwarding surface of this module is identical as the process flow of the corresponding forwarding surface of RFC7348, wherein wrapping Include BUM message forwarding process, mac learning process, unicast forwarding forwarding process etc..

In addition, the IP address as VPN Router ID must be a loopback interface IP address, which is connect Port address can configure subnet mask, also, the value for not needing each binary digit of the subnet mask is 1.It is worth one It is mentioned that, when low N binary bit values of the subnet mask are 0, which will form in IP route table One corresponds to the route prefix of the subnet mask, and the route prefix is issued in underlay network；Also, this node exists When receiving a destination IP and matching the message of the route prefix, it is regarded as the message of the loopback interface, with destination IP Message for the IP address of the loopback interface is similarly handled.

In addition, without loss of generality, in the preferred embodiment, underlay network is set as IPv4 network, therefore, The source IP and destination IP in the tunnel VXLAN are the address IPv4.

In addition, this module (is equivalent to the second message or the third in above-described embodiment when the third message received Message) destination IP when matching direct-connected route prefix corresponding to the interface where the source IP in the tunnel EVPN, be considered as institute The third message matching tunnel is stated, without checking whether the source IP of the third message matches the destination IP in the tunnel EVPN.

2: realize the specific method of first plug-in unit of entropy IP:

Different from RFC7348, this module will also be calculated based on the source MAC of first message by certain Hash operation 5 entropy, and use gained entropy replace low 5 of destination IP of IP packet of VPN infrastructure module input it is original Value；

3: realize that the specific method is as follows for second card module of entropy IP:

This preferred embodiment is not necessarily to this module.

In conjunction with Figure 13 to the method and apparatus (system) of the entropy for being transmitted in outer layer IP and using internal layer message The implementation of non-traffic perception P node of technical solution be described in further detail:

1: realize the IP infrastructure module:

Basic IPv4 routing and IPv4 forwarding capability are realized by the prior art, include being based in the IPv4 forwarding capability The load-balancing function of MC-LAG, load balancing using received IP packet (be equivalent to the second message in above-described embodiment Or third message) IP five-tuple as calculate entropy factor, carry out Hash calculation, obtain the entropy of the IP packet.

It is noted that this module does not perceive the entropy for whether having internal layer message in the IP packet.But if Itself the entropy of internal layer message is contained in the source IP or destination IP of the IP packet, has then calculated in entropy factor and just contain automatically The entropy of internal layer message, to also just include the entropy of internal layer message in the new entropy of gained.

This module does not need to call the entropy IP third plug-in unit yet.

2: realize that the specific method is as follows for the entropy IP third card module:

This module is not present on this node, and generally, this node is all existing node.

By taking VPN topology shown in FIG. 1 as an example, network and service deployment process include:

The first step chooses the PE node as PE1, PE2 and PE3 node, chooses the non-traffic perception node conduct P1 and P2 node selectes underlay network type.Network and service deployment process in each preferred embodiment of the invention Part uses node defined in the preferred embodiment as PE1, PE2, PE3, P1 and P2 node, hereafter repeats no more.This The selected underlay network type of preferred embodiment is IPv4 network.

Second step, the VPN Router ID of each PE node of configuration concurrency cloth.It is connect to one loopback of each PE Node deployment Mouthful, and an IP address and corresponding subnet mask are configured to the loopback interface, and use the loopback interface VPN Router ID of the IP address as the PE, and make to generate with the VPN Router ID and its corresponding subnet mask Route prefix is that routing is reachable (can be logical with ping) in underlay network；Wherein, the VPN Router ID of each PE and Corresponding route prefix is different.In the preferred embodiment, the subnet mask of the loopback interface is that 27 seat nets are covered Code, its value of the host identifier portion of IP address of each loopback interface is 1.

Third step establishes common VXLAN network shown in FIG. 1 and configures each tunnel VXLAN.Wherein, with a pair of PE node Between only a bidirectional tunnel.Wherein, when being configured to the tunnel VXLAN of specified target PE node, target PE node is used Purpose IP address of the VPN Router ID as the tunnel VXLAN, use the VPN Router ID of oneself as the VXLAN The source IP address in tunnel.It is worth noting that, configuring the tunnel VXLAN come, by this method with the VXLAN between PE1 and PE3 For tunnel, tunnel source IP is the VPN Router ID of PE1 in view of PE1, and destination IP is the VPN Router of PE3 ID, and the source IP in the tunnel is the VPN Router ID of PE3 in view of PE3, destination IP is the VPN Router ID of PE1.

4th step establishes a VXLAN business as shown in Figure 1.Wherein, AC1, AC2, AC3, AC4, AC5, AC6 etc. 6 connect Mouth binds the VXLAN business as access circuit, and by each VXLAN tunnel binding into the VXLAN business.

5th step eliminates access side ring road.Since each PE node is for the BUM message received from each AC interface, it is all made of Entrance duplication, by taking the BUM message (the first message or the 4th message that are equivalent in above-described embodiment) that PE3 is received from AC3 as an example, PE3 can respectively replicate portion to PE1 and PE2, and PE1 and PE2 to CE1 when giving out a contract for a project, wherein to there is a node that can abandon wherein Portion, this is hindered port belonging to AC1, AC2 by disposing a MC-LAG session on the port belonging to AC1 and AC2 Plug falls one and realizes, after MC-LAG is enabled, CE1 would not receive two parts of BUM messages again, and two between CE1, PE1 and PE2 Layer loop also disappears.Similarly, a MC-LAG session is also disposed on port belonging to AC3, AC4.Without loss of generality, false If what two MC-LAG connections were blocked respectively is the port where port and AC5 where AC1.

6th step, by above step, the VXLAN business is just set up, and data message can be used to verify Forwarding behavior and effect on PE node defined in this preferred embodiment and non-traffic perception node.

By taking VPN topology shown in FIG. 1 as an example, end-to-end message forwarding process includes:

The first step (is equivalent to the first report in above-described embodiment when PE1 node receives a BUM message B1 from local AC1 Text or the 4th message) when, the PE node forwards B1 message by the forwarding process that RFC7348 is defined, respectively by the two of B1 message A copy B1b (the second message or third message that are equivalent in above-described embodiment) and B1c (are equivalent in above-described embodiment Two messages or third message) PE2 and PE3 are issued, and the B1b is compared with two messages of B1c and is added to for B1 message VXLAN is encapsulated, and includes the intrinsic entropy of the B1 message in outer layer IP of the VXLAN encapsulation, and the intrinsic entropy is The entropy calculated by the feature field of B1 message itself.

Second step, without loss of generality, it is assumed that before PE3 node receives the B1c message, in underlay network one A non-traffic perception node P1 first has received the B1c message, due to the P1 node do not go perception internal layer message, it will still as It forwards common IP packet such, forwards B1c message by the destination IP of B1c message, without loss of generality, this preferred embodiment sets institute The forwarding that P1 node is obtained by the destination IP of B1c message is stated the result is that by B1c message P1 node and P2 node shown in Fig. 1 Between link aggregation group LAG on forward.Further, the P1 node is reported as forwarding common IP packet by B1c Text outermost layer IP corresponding five-tuple calculated load share entropy, still, due in the outermost layer destination IP of B1c message It is included the entropy of the B1 message, therefore, the entropy of calculated B1c message will include the B1 message automatically on P1 node Entropy.So, as the feature field of 1 message of inner layer B takes different values, the entropy of B1 message and B1c message Changes will occur for entropy, and then the load sharing process on the P1 node forwards letter to the outlet of B1c message final choice Breath can also change therewith, that is to say, that the load sharing on P1 node more evenly because, PE1 be not carried out the present invention with Before, no matter how B1 message changes, and the outlet forwarding information that B1c message obtains on P1 node is the same.Obviously, exactly Load point with the help of the entropy of 1 message of inner layer B added in PE1 outer layer IP to B1c message, on the P1 node The harmony of load is just improved.

Third step, when PE3 node receives the B1c message, the VPN infrastructure module can be real to B1c message Apply performance statistics, the algorithm for implementing performance statistics to B1c message, not contained in the B1c entropy it is different due to use difference Performance statistic counter because the entropy used in this preferred embodiment has pseudo-randomness for PE3 node, It is nonsensical.

Obviously, by above-mentioned second step it is found that in embodiments of the present invention not doing any change to P1 node It is dynamic, just improve the load sharing effect on P1 node.Also, the present invention does not use any MPLS technology.

Preferred embodiment 2

1: realize the VPN infrastructure module:

In addition to clearly stating place, this module is identical as the module of the same name in preferred embodiment 1.

Different from preferred embodiment 1, this module sets underlay network as IPv6 network.It is noted that this anticipates Taste the source IP in the tunnel VXLAN that is configured of this module and destination IP be the address IPv6.

Different from preferred embodiment 1, the Plugin Mechanism of this module will also receive the third message, and to described After third message carries out link layer error detection processing and IP layer error detection processing, and before handling the third message, calling entropy The second card module of IP to IP encapsulate in source IP and destination IP modify, then to modified message continue according to Process flow in RFC7348 is handled.

2: realize that the specific method is as follows for first card module of entropy IP:

It is different from preferred embodiment 1, the Kazakhstan of the interface name of port belonging to entrance AC of this module using the first message 32 entropy of the uncommon value as first message；

Different from preferred embodiment 1, the source IP and destination IP of the encapsulation of VXLAN used in this module are the address IPv6, And meet format defined in RFC7348Section 5Figure 2.

Different from preferred embodiment 1, this module uses the source IP field of the second message as entropy IP, and the entropy IP is uses State low 32 resulting IP address that entropy replaces the source IP of the VPN infrastructure module input；

It is worth noting that, referring to making using the field using certain field as entropy IP described in the embodiment of the present invention The entropy is allowed for by being modified with the entropy of first message to entropy IP for the carrier of the entropy of first message The entropy of first message is carried in IP.

This module determines the position for the binary digit for needing to modify in the third message, and to two on the position into It modifies position processed.It is defined in the realization of first card module of entropy IP, this module determines to need to repair in the third message The binary digit changed is low 32 of source IP address, and correspondingly, this module also determines, for each position for needing to modify, to this The modification of position is specifically exactly to reset the position.

1: realize the IP infrastructure module:

In addition in place of specified otherwise, this module is identical as the module of the same name in preferred embodiment 1.

Different from preferred embodiment 1, this module is used as software realization, needs to realize a kind of Plugin Mechanism, for calling entropy IP third card module obtains two IP address values, one of them is source IP substitution value, the other is destination IP substitution value.It is described Plugin Mechanism can be function call, call back function, polymorphic functions and be also possible to standalone insert.

Different from preferred embodiment 1, this module is carrying out link layer error detection processing and IP layers of error detection to the third message After processing, and carrying out the processing related with the source IP of the third message or purpose IP address in addition to load balancing When, call the IP infrastructure to obtain the source IP substitution value and destination IP substitution value of the third message, and with the source IP Substitution value (or destination IP substitution value) substitutes the source IP value (or destination IP value) of the third message, participate in it is described with source IP (or Destination IP) the related processing in address.

The processing related with the source IP of third message also includes by described including the processing to third message itself The processing for other messages that the triggering of third message generates, for example, when the TTL of the third message exhausts or the third message When destination IP is unreachable, this node can respond an ICMP message to the source IP of the third message.

The main function of this module is returned according to the source IP and destination IP of the IP packet of IP infrastructure module input Return source IP substitution value and destination IP substitution value.Wherein it is determined that the algorithm of the source IP substitution value and destination IP substitution value is as follows:

If it is 0 that source IP, which takes entropy mask, source IP substitution value is the value of described source IP itself；

If it is 0 that destination IP, which takes entropy mask, destination IP substitution value is the value of the destination IP itself；

If it is not 0 that source IP, which takes entropy mask, the radix-minus-one complement of entropy mask is taken to carry out step-by-step with the source IP address and the source IP Logic and operation, and the source IP substitution value is used as after the minimum binary digit of acquired results is set to 1；

If it is not 0 that destination IP, which takes entropy mask, with the destination IP address and the destination IP take the radix-minus-one complement of entropy mask into Row step-by-step logic and operation, and the destination IP substitution value is used as after the minimum binary digit of acquired results is set to 1；

Wherein, in the preferred embodiment, it is all the address IPv6 that the source IP, which takes entropy mask and the destination IP that entropy is taken to cover, Format, also, it is 0x0FFFFFFFF that the source IP, which takes 16 hex values of entropy mask, it is 0 that the destination IP, which takes the value of entropy mask,.

Then, the source IP substitution value and the destination IP substitution value are returned to the IP infrastructure mould by this module Block.

It is worth noting that, this module does not change the message of the IP infrastructure input.

By taking vpn service shown in FIG. 1 as an example, the processing step of network and service deployment flow elements is as follows:

In addition in place of specified otherwise, this step is identical as the correspondence step in preferred embodiment 1；

With preferred embodiment 1, only in addition to underlay network is IPv6 network, and where each VPN Router ID Loopback interface is configured with 96 bit subnet masks, and the source IP in the tunnel VXLAN and destination IP are the address IPv6.

By taking VPN topology shown in FIG. 1 as an example, the processing step of end-to-end message forwarding process part is as follows:

This step is identical as the correspondence step in preferred embodiment 1.In addition to embodying the present invention to the load balancing of P1 node The phenomenon that effect improves are as follows: when the B1 message enters the EVPN example from the different AC of PE1, corresponding B1c report Text finally obtained outlet forwarding information on P1 node is also different.This phenomenon is simply due to PE1 in the outer of B1c message The context entropy of the B1 message is added in layer IP, the context entropy is carried out by the interface name of the entrance AC of the B1 message Hash operation obtains.

Preferred embodiment 3

(it is below with reference to method and apparatus of the Figure 12 to the entropy for being transmitted in outer layer IP and using internal layer message System) the implementation of PE node of technical solution be described in further detail:

1: realize the VPN infrastructure module:

In addition to clearly stating place, this module is identical as the module of the same name in preferred embodiment 2.

Different from preferred embodiment 2, the underlay network technology that this module uses is IPv6 technology.

Different from preferred embodiment 2, first message is encapsulated as encapsulation format used in second message by this mould For Geneve encapsulation format, which defines in draft-ietf-nvo3-geneve；Also defined in the draft how Not changing message in the case where basic service effect from VXLAN encapsulation transition is that Geneve is encapsulated, and the conversion of this part belongs to existing There is technology.Whether it is superimposed Geneve and encapsulates distinctive function (relative to RFC7348), belongs to Geneve technology and the present embodiment Combined application, it is unrelated with this preferred embodiment itself, for simplicity, this preferred embodiment only consider Geneve encapsulation with The case where within the public limit of power of VXLAN encapsulation.

Different from preferred embodiment 2, this module uses the purpose MAC of the first message to carry out the result of Hash calculation as institute State 8 entropy of the first message；

Different from preferred embodiment 2, this module uses the source IP field of the first message as entropy IP, and the entropy IP is uses The least-significant byte for stating the source IP of entropy and the input of VPN infrastructure module carries out the resulting IP address of step-by-step logic xor operation；

In addition in place of specified otherwise, this module is identical as preferred embodiment 2；

It is different from preferred embodiment 2, the position for the binary digit for needing to modify in the third message that this module determines For the least-significant byte of source IP.Further, this module determines that the amending method of the binary digit of the position be to be restored to it By the value before the modification of the first plug-in unit of entropy IP.Specifically, the restored method are as follows: first with first card module of entropy IP In algorithm recalculate the entropy of the 4th message that the IP head internal layer of the third message is carried, then with the entropy Step-by-step logic xor operation is carried out with the binary digit of the position.

It is worth noting that, because the VPN infrastructure itself is a kind of realization of RFC7348VXLAN, RFC7348 It is the study that MAC entry in distal end is carried out based on VXLAN data message, if source IP is without except entropy processing, the distal end MAC Entry can frequently drift about between the different ciphertexts of same source IP, because the VPN infrastructure module is not aware that these are close Text is same IP address, it is treated as different IP addresses；Similarly, the ciphertext after source IP address is not encrypted may touch Skilful identical, they are treated by the VPN infrastructure module as same IP address again at this time, also can be problematic.This is removed institute Source IP recovery, undoubtedly a kind of decrypting process are stated, purpose (is equivalent to also for internal layer message contained in the source IP is removed The first message or the 4th message in above-described embodiment) entropy.

1: realize the IP infrastructure module:

In addition in place of specified otherwise, this module is identical as the module of the same name in preferred embodiment 2.

Different from preferred embodiment 2, this module is routed using IPv4 and retransmission technique, and forwarding is IPv4 message.

Different from preferred embodiment 2, in this module, it is all IPv4 that the source IP, which takes entropy mask and destination IP to take entropy mask, Address format, and the source IP takes entropy mask, 16 hex values are 0x0FF, and it is 0 that the destination IP, which takes its value of entropy mask,.

With preferred embodiment 1, only in addition to the loopback interface where each VPN Router ID is configured with 24 seat nets Mask.Meanwhile it needing to dispose Geneve in a network and being applied to the EVPN example.

This step is identical as the correspondence step in preferred embodiment 1.

Preferred embodiment 4

1: realize the VPN infrastructure module:

In addition in place of specified otherwise, this module is identical as the module of the same name in preferred embodiment 2；

Different from preferred embodiment 2, first message is encapsulated as encapsulation format used in second message by this mould For VXLAN GPE encapsulation format, which defines in draft-ietf-nvo3-vxlan-gpe, defined in the draft as Where not changing message under the premise of basic service effect from VXLAN encapsulation transition is that VXLAN GPE is encapsulated, the conversion of this part Belong to the prior art.Whether it is superimposed VXLAN GPE and encapsulates distinctive function (relative to RFC7348), belongs to VXLAN GPE technology Unrelated with this preferred embodiment itself with the combination of this preferred embodiment, for simplicity, this preferred embodiment only considers The case where VXLAN GPE encapsulation is within the public limit of power of RFC7348 encapsulation.

Different from preferred embodiment 2, this module uses five-tuple < source when the ether load of internal layer message is IPv6 packet IP, destination IP, protocol type, source port number, destination slogan > and IPv6 Flow-label fields carry out Hash jointly 20 entropy of the result of calculating as first message；

Different from preferred embodiment 2, it is to use that this module, which uses the destination IP field of the second message as entropy IP, the entropy IP, Low 20 progress step-by-step logic XOR operation of the entropy and the destination IP of VPN infrastructure module input, acquired results are deposited Enter low 20 of the destination IP address；

It is worth noting that, step-by-step logic XOR operation is actually a kind of simple encryption algorithm.

It is different from preferred embodiment 2, the position for the binary digit for needing to modify in the third message that this module determines It is low 20 of purpose IP.Further, this module determines that the amending method of the binary digit of the position be to be restored It is it by the value before the modification of the first plug-in unit of entropy IP.Specifically, the restored method are as follows: first with first plug-in unit of entropy IP The entropy for the 4th message that the IP head internal layer that algorithm in module recalculates the third message is carried, then using should The binary digit of entropy and the position carries out step-by-step logic XOR operation, is as a result stored in the destination IP of the third message In low 20.

1: realize the IP infrastructure module:

This module is identical as the module of the same name in preferred embodiment 2.

Different from preferred embodiment 2, in this module, it is all IPv6 that the source IP, which takes entropy mask and destination IP to take entropy mask, Address format, also, the source IP takes entropy mask, and 16 hex values are 0, and the destination IP takes entropy mask, and 16 hex values are 0x0FFFFF。

With preferred embodiment 2, only in addition to the loopback interface where each VPN Router ID is configured with 108 seats Net mask.Meanwhile it needing to dispose VXLAN GPE in a network and being applied to the EVPN example.

This step is identical as the correspondence step in preferred embodiment 2.

Preferred embodiment 5

1: realize that the specific method is as follows for the VPN infrastructure module:

In addition in place of specified otherwise, this module is identical as module of the same name in preferred embodiment 2；

Different from preferred embodiment 2, this module is generated with the VNI configured in VPN Router ID combination EVPN example One IP address, referred to as VNI IP address, the VNI IP address using high 104 of VPN Router ID as high by 104, with VNI is as low 24；Wherein, low 24 of the VNI and VPN Router ID it is unequal.

Different from preferred embodiment 2, first message is encapsulated as encapsulation format used in second message by this mould For NVGRE (Network Virtualization Using Generic Routing Encapsulation) format, the lattice Formula defines in RFC7637, defines how do not changing basic service effect in draft-ietf-bess-evpn-overlay Under the premise of fruit by message from VXLAN encapsulation transition be NVGRE encapsulate, this part conversion belongs to the prior art.Whether it is superimposed NVGRE encapsulates distinctive function (relative to RFC7348), belongs to the combination of NVGRE technology Yu this preferred embodiment, preferably with this Embodiment itself is unrelated, and for simplicity, this preferred embodiment only considers the public energy of NVGRE encapsulation with RFC7348 encapsulation The case where within the scope of power.

Different from preferred embodiment 2, this module replaces the message that the VPN infrastructure module inputs with the VNI IP Outermost layer destination IP so that including the VNI, this VNI of EVPN example in low 24 of final outermost layer destination IP The context entropy of as described first message, it is carried by second message.

Different from preferred embodiment 2, this module intactly returns to the message that the VPN infrastructure module inputs To the VPN infrastructure module.

It is noted that although low 24 in destination IP contain the context entropy of internal layer message, but not Need the reason of resetting to be, at this numerical value really with the third message via the tunnel VXLAN source node it is (i.e. described First PE) on some interfaces (specifically an EVPN Instance Interface) IP address it is corresponding, thus the destination IP Location is strictly IP reachable, and commonly the IP address comprising entropy does not meet this condition then.

1: realize the IP infrastructure module:

Different from preferred embodiment 1, this module is routed using IPv6 and retransmission technique, can handle IPv6 message.

Identical as preferred embodiment 1, this node does not need this module.

In addition in place of specified otherwise, this step is identical as the correspondence step in preferred embodiment 2；

With preferred embodiment 2, only in addition to the loopback interface where each VPN Router ID is configured with 104 seats Net mask.

This step is identical as the correspondence step in preferred embodiment 2.

Preferred embodiment 6

In addition in place of specified otherwise, this module is identical as module of the same name in preferred embodiment 5；

Different from preferred embodiment 5, the EVPN example of this module also corresponds to a virtual interface of the same name, referred to as EVPN simultaneously Instance Interface, the EVPN Instance Interface have the institute of existing loopback interface functional.It is noted that this is meaned : the IP address of EVPN Instance Interface will be added in routing table as local host routing, also, on the EVPN Instance Interface The IP address mask of configuration will be added in routing table as local direct-connected route prefix, also, route from the local host It is known that it (must be EVPN reality which interface it, which is according to, in routing entry corresponding with the direct-connected route prefix in the local Example interface) routing generated.

Different from preferred embodiment 5, the VNI configured in the EVPN example of this module is only used as a mark EVPN example Numerical value treat, and do not have the effect of the VNI in RFC7348, instead directly will be described in preferred embodiment 5 VNI IP as corresponding EVPN Instance Interface IP address configure on the EVPN Instance Interface；

Different from preferred embodiment 5, every tunnel VXLAN is all specific to a business in this preferred embodiment, and every Business is all that each distant-end node disposes a tunnel VXLAN in the business；Specifically, every VXLAN in this preferred embodiment The source IP in tunnel is the IP address of the corresponding EVPN Instance Interface of the affiliated EVPN example in the tunnel VXLAN, and destination IP is the VXLAN The IP address of the corresponding EVPN Instance Interface of tunnel affiliated EVPN example in destination node；

First message is packaged into the VXLAN used in encapsulation used in the second message and preferred embodiment 5 and sealed by this module Pretend and compare, UDP and VXLAN head is eliminated, thus the Function format having the same with End.DX2 type in SRv6； This encapsulation format is known as A type extension SRv6 encapsulation in the present invention, shown in the format B in such as Figure 14, Figure 15, wherein Figure 15 It is the expansion of Figure 14, includes from source IP to the relevant field in each field and VXLAN encapsulation ether layer load data Detailed comparisons；

Correspondingly, when this module receives third message, if the destination IP of third message hits a direct-connected routing in local, and The routing is that an EVPN Instance Interface generates, then it is assumed that the third message is A type extension SRv6 encapsulation, also, described Third message forwards in the corresponding EVPN example of the EVPN Instance Interface.When forwarding, in addition to encapsulating decapsulation, Tu15Zhong Each field in format B all has work identical with the same file-name field in Figure 15 in format A in addition in place of specified otherwise With.

Different from preferred embodiment 5, the sub-interface vlan information on entrance AC is mapped as the 4th message by this module 24 entropy, method is: high 12 of entropy take the outside VLAN ID configured on the entrance AC, low 12 take it is described enter The inner VLAN ID configured on mouth AC, when the inner VLAN ID is there is no when corresponding configuration, low 12 take 0x3FF, work as institute Outside VLAN ID is stated there is no when corresponding configuration, high 12 take 0x3FF；

Different from preferred embodiment 5, this module uses the source IP field of the second message as entropy IP, and the entropy IP is uses It states 24 entropy and replaces the low 24 resulting IP address for forwarding the source IP that will be obtained by RFC7348 process；

It is worth noting that, there is no the destination IP fields of the message of modification VPN infrastructure module input for this module, but It is that EVPN business information belonging to message itself has been contained in the field, it is automatic compared with preferred embodiment 5 in DIP to have There are more entropys.

It is worth noting that, this module does not modify the 104 high of the source IP field of second message, therefore, MAC High 104 of the destination IP that learning process is acquired have no difference with the prior art, and high 104 of the destination IP can make described Affiliated EVPN example is matched on second message to purpose PE node.

In addition in place of specified otherwise, this module is identical as preferred embodiment 5；

Different from preferred embodiment 5, this module intactly returns to the message that the VPN infrastructure module inputs To the VPN infrastructure module.

It is worth noting that, because including distal end certain in the source IP of the message of VPN infrastructure module input The corresponding VLAN id information of AC, is used for performance statistics for the information, and the message from distal end difference AC can be made to be counted on not On same counter, so that performance statistic is more accurate.

1: realize the IP infrastructure module:

This module is identical as the module of the same name in preferred embodiment 5.

With preferred embodiment 5, other than following situation: the corresponding EVPN Instance Interface of each EVPN example, giving should The interface address configuration of IP v6 and 104 IPv6 address masks, and 104 IPv6 routing that any two EVPN Instance Interface generates Prefix does not match that.The source IP and destination IP in every tunnel VXLAN are all the IP address of some EVPN Instance Interface, are removed Except this, it is necessary to meet the requirement of preferred embodiment 5.

It is worth noting that, only one corresponding EVPN Instance Interface of each EVPN example, each EVPN Instance Interface Also only one corresponding EVPN example.

This step is identical as the correspondence step in preferred embodiment 5.

Obviously, in preferred embodiment 6, configure to EVPN Instance Interface therein low 24 of the address IPv6 whether with The VNI value of corresponding EVPN example is equal, has no effect on the effect of the address IPv6, because, regardless of whether have this relationship, it is described The address IPv6 has all had one-to-one relationship with EVPN example.Why this kind describing mode is taken in preferred embodiment 6, It is intended merely to keep the one-to-one relationship more intuitive and obviously, does not constitute the improper restriction to this preferred embodiment.

Preferred embodiment 7

1: realize the VPN infrastructure module:

VXLAN is realized by draft-ietf-bess-evpn-overlay (hereinafter referred to as " [EVPN overlay] ") EVPN business, then gained VXLAN EVPN business control plane module, that is, VPN infrastructure module control plane part.

Similarly, VXLAN EVPN business is realized by [EVPN overlay], then the forwarding surface of gained VXLAN EVPN business Module, that is, VPN infrastructure module forwarding surface part.

It is noted that resulting EVPN control plane module by the above process, including MP-BGP agreement L2VPN The contents such as EVPN address family relevant configuration, the configuration of EVPN example, the binding configuration of AC and EVPN example, ESI relevant configuration, In, EVPN example is mark with VNI, and VNI comes from user configuration.

It is noted that the tunnel VXLAN and its pressing [EVPN with the binding relationship of EVPN example in this module Overlay] agreement regulation by MP-BGP session dynamic generation.

Requirement of this module to Plugin Mechanism is identical as preferred embodiment 1.

This module is to the IP address of VPN Router ID and loopback interface and its configuration requirement and function of subnet mask It can require identical as preferred embodiment 1.

In addition in place of specified otherwise, this module is identical as preferred embodiment 3；

It is different from preferred embodiment 3, source MAC of this module based on first message, VLAN ID, 802.1p priority, The corresponding ethertype of load carries out 5 intrinsic entropy that Hash calculation obtains first message, and then, this module is based on The interface name of the affiliated main interface of entrance AC of first message carries out Hash calculation, obtains 5 context entropy, by the two into Row step-by-step logic XOR operation, then step-by-step logic XOR operation is carried out with prime number 29,5 comprehensive entropy are obtained, then, by VPN Low 5 of the destination IP for second message that infrastructure module is inputted carry out step-by-step logic exclusive or with the comprehensive entropy Operation, result are stored in the former.

Need to reset before carrying out relevant to IP address processing in the third message that this module determines two into The position of position processed is low 5 of purpose IP.

1: realize the IP infrastructure module:

This module is identical as the module of the same name in preferred embodiment 3.

In addition in place of specified otherwise, this module is identical as the module of the same name in preferred embodiment 3.

Different from preferred embodiment 3, in this module, it is all IPv6 that the source IP, which takes entropy mask and destination IP to take entropy mask, Address format, also, the source IP takes entropy mask, and 16 hex values are 0, and the destination IP takes entropy mask, and 16 hex values are 0x01F。

By taking EVPN topology shown in Fig. 2 as an example, network and service deployment process include:

The first step, it is identical as the correspondence step in preferred embodiment 1, in addition to underlay network is IPv4.

Second step, it is identical as the correspondence step in preferred embodiment 1, in addition to loopback where VPN Router ID connects Mouth is configured with 27 bit subnet masks.

Third step establishes VXLAN EVPN network shown in FIG. 1.Including configuring MP- two-by-two between PE1, PE2, PE3 Bgp session, and the relevant configuration of enabled L2VPN EVPN address family.For the sake of simplicity, by adjusting the configuration of BGP, so that EVPN RT-3 routing can be by the tunnel whole VXLAN dynamic generation needed for business.Without loss of generality, for the sake of simplicity, Ke Yitong Cross adjustment BGP configure so that by RT-3 routing generation the tunnel VXLAN meet following rule: any two PE node it Between, only generate the two-way tunnel VXLAN；The VPN Router of node where the both ends in any two-way tunnel VXLAN, use Source IP of the ID as the tunnel VXLAN, also, at the both ends in the same two-way tunnel VXLAN, the tunnel source IP of one end is exactly another The tunnel destination IP of the tunnel destination IP of one end, one end is exactly the tunnel source IP of the other end.Similarly, it is configured by adjusting BGP, It is also possible that RT-3 routing can all generate in all tunnels VXLAN and the binding relationship of EVPN example；These are belonged to The prior art, those skilled in the art should be able to understand the specific method being directed to.

4th step establishes a VXLAN EVPN business as shown in Figure 1, and is the VXLAN EVPN on each PE node Business specifies identical VNI.Wherein, 6 interfaces such as AC1, AC2, AC3, AC4, AC5, AC6 are as described in access circuit binding VXLAN EVPN business.After completing the above configuration, the signaling that [EVPN Overlay] is defined is pressed in the MP-BGP session start Process exchange RT-3 routing, cause the tunnel VXLAN between each node be established and with the VXLAN EVPN business phase Binding.

5th step eliminates access side ring road.The same ESI (note is mapped to the CE1 physical interface for being linked into PE1 and PE2 For ESI1) and ESI1 relevant configuration, to trigger the MP-BGP session by the road RT-4 described in [EVPN Overlay] By carrying out, DF negotiates and RT-1 routing is issued.Similarly, it is also mapped onto the CE2 physical interface for being linked into PE1 and PE2 same ESI (being denoted as ESI2) and the relevant configuration of ESI2.Without loss of generality, this preferred embodiment assume DF negotiate the result is that AC1 It is the interface of the non-DF role of ESI1 and ESI2 in the business respectively with AC5.Due to the PE node of this preferred embodiment [EVPN Overlay] agreement is realized, in configuration ESI relevant configuration and after completing related signaling process, two ESI correlations Loop also can release.

6th step, by above step, the VXLAN EVPN business is just set up, and data message can be used Verify the forwarding behavior and effect on PE node defined in this preferred embodiment and non-traffic perception node.

By taking EVPN topology shown in Fig. 2 as an example, end-to-end message forwarding process includes:

The first step, it is identical as preferred embodiment 1, other than forwarding surface process is executed by [EVPN Overlay].

Second step, it is identical as preferred embodiment 1, other than forwarding surface process is executed by [EVPN Overlay].

Third step, it is identical as preferred embodiment 1, other than forwarding surface process is executed by [EVPN Overlay].

Obviously, it can be proved that the present invention does not do P1 node in the third step of end-to-end message forwarding process Any change just improves the load sharing effect on P1 node.Also, the present invention does not use any MPLS technology.

Preferred embodiment 8

1: realize the VPN infrastructure module:

In addition in place of specified otherwise, this module is identical as preferred embodiment 7；

Different from preferred embodiment 7, this module sets underlay network as IPv6 network；

It is noted that this means that the source IP and destination IP in the tunnel VXLAN of this module institute dynamic generation are The address IPv6.

In addition in place of specified otherwise, this module is identical as preferred embodiment 4；

It is different from preferred embodiment 4, the corresponding ESI of main interface belonging to entrance AC of this module based on first message (10 byte) carries out entropy of the result of Hash calculation as first message.This module uses the source IP field of the second message As entropy IP, low 32 of the source IP carry out step-by-step logic XOR operation with the entropy, and acquired results are stored in the former.

It is different from preferred embodiment 4, processing relevant to IP address is being carried out in the third message that this module determines The position for the binary digit for needing to reset before is low 32 of source IP.

1: realize the IP infrastructure module:

Although it is worth noting that, low 32 of the source IP of the third message are by the encrypted ciphertext of entropy and this knot Point can not decrypt it, still, since the source IP is the IP address of a loopback interface on the first PE, and institute It states loopback interface and is configured with 96 bitmasks, therefore, no matter what value the cipher text part in the source IP is, it is all routing Therefore reachable IP address had both made to carry out handling except entropy to it, and do not influence forwarding.

By taking vpn service shown in Fig. 2 as an example, the processing step of network and service deployment flow elements is as follows:

In addition in place of specified otherwise, this step is identical as the correspondence step in preferred embodiment 7；

Different from preferred embodiment 7, the underlay network of this preferred embodiment is IPv6 network, and each VPN Router Loopback interface where ID is configured with 96 bit subnet masks, and the source IP in the tunnel VXLAN and destination IP are IPv6 Location.

By taking VPN topology shown in Fig. 2 as an example, the processing step of end-to-end message forwarding process part is as follows:

This step is identical as the correspondence step in preferred embodiment 7.

Preferred embodiment 9

1: realize the VPN infrastructure module:

By [EVPN overlay] and draft-ietf-bess-evpn-prefix-advertisement is (hereinafter referred to as " [EVPN prefix] ") realize VXLAN EVPN business, then gained VXLAN EVPN business control plane module, that is, VPN The control plane part of infrastructure module.

Similarly, VXLAN EVPN business is realized by [EVPN overlay] and [EVPN prefix], then gained VXLAN The forwarding surface module of EVPN business, that is, VPN infrastructure module forwarding surface part.

It is noted that resulting EVPN control plane module by the above process, including bgp protocol L2VPN EVPN Address family relevant configuration, the configuration of IP-VRF example, AC and IP-VRF example the contents such as binding configuration, wherein IP-VRF is real Example is mark with VNI, and VNI comes from user configuration.Wherein, the tunnel VXLAN is on its source node with the VPN of the node Router ID is as source IP, with the VPN Router ID of purpose node IP as a purpose.Wherein, the VPN Router ID It is the IP address of a loopback interface.For the sake of description simplicity, without loss of generality, this module sets a node and there was only one A VPN Router ID.

It is noted that for the sake of simplicity, for this patent without loss of generality, this module only needs Realize the corresponding function of interface-less model of wherein IP-VRF to IP-VRF, therefore, the AC of IP-VRF in this module Interface is still common sub-interface, without including IRB interface described in [EVPN prefix]；

It is noted that the control plane part of resulting module by the above process, does not need static configuration VXLAN tunnel Road, RT-5 routing can be by the required whole tunnel VXLAN dynamic generation.It without loss of generality, for the sake of simplicity, can be by adjusting BGP is configured so that meeting following rule by the tunnel VXLAN that RT-5 routing generates: only raw between any two PE node At a two-way tunnel VXLAN；The both ends in any two-way tunnel VXLAN, use where node VPN Router ID as The source IP in the tunnel VXLAN, also, at the both ends in the same two-way tunnel VXLAN, the tunnel source IP of one end is exactly the other end The tunnel destination IP of tunnel destination IP, one end is exactly the tunnel source IP of the other end.It similarly, can also be with by adjusting BGP configuration So that RT-5 routing can all generate in all tunnels VXLAN and the binding relationship of EVPN example；These belong to existing skill Art, those skilled in the art should be able to understand the specific method being directed to.

This module is used as software realization, needs to realize a kind of Plugin Mechanism, for flowing in this module by [EVPN prefix] When journey forwards, after completing from the first message to the IP of the second message encapsulation, call the plug-in unit to the source IP and purpose in IP encapsulation IP modifies.The plug-in unit can be function call, call back function, polymorphic functions and be also possible to standalone insert.

In addition to Plugin Mechanism, this module is identical as [EVPN prefix] the corresponding forwarding process of forwarding module.

In addition, the IP address as VPN Router ID must be a loopback interface IP address, which is connect Port address is configured with 96 bitmasks, therefore, will form 96 routings, and have 96 route prefix in underlay It is issued in network；Also, this node receive a destination IP match this 96 routing message when, be regarded as this The message of loopback interface, which is that the message of the loopback interface is same with destination IP, to be handled.

In addition, without loss of generality, in the preferred embodiment, underlay network is set as IPv6 network, therefore, The source IP and destination IP in the tunnel VXLAN are the address IPv6.

In addition in place of specified otherwise, this module is identical as preferred embodiment 8；

Different from preferred embodiment 8, this module is in IP five-tuple field and Ipv4 based on first message The cryptographic Hash that tos field progress Hash operation obtains is as 32 final entropy.

The message that the VPN infrastructure module inputs intactly is returned to the VPN infrastructure by this module Module；

1: realize the IP infrastructure module:

By taking EVPN topology shown in Fig. 3 as an example, network and service deployment process include:

The first step, it is identical as preferred embodiment 7, in addition to the underlay network type that this preferred embodiment is selected is IPv6 Network.

Second step, it is identical as preferred embodiment 7, in addition to the subnet of the loopback interface where VPN Router ID is covered Code is 96 bit subnet masks.

Third step, it is identical as preferred embodiment 7, in addition to generating the tunnel VXLAN and arriving VXLAN tunnel binding generated The routing of EVPN example is RT-5 routing rather than RT-3 is routed.

4th step establishes a VXLAN L3 EVPN business as shown in Figure 1, and is the VXLAN on each PE node L3 EVPN business specifies identical VNI.Wherein, AC1, AC2, AC3, etc. 3 interfaces as access circuit binding described in VXLAN L3EVPN business.After completing the above configuration, the signaling that [EVPN Prefix] is defined is pressed in the MP-BGP session start Process exchange RT-5 routing, cause the tunnel VXLAN between each node be established and with the VXLAN L3 EVPN business Mutually bind.

5th step configures the IP address of AC interface.An IP address, the IP of this IP address and corresponding CE are configured to every AC Address is different in the same subnet, and from the IP address of CE is corresponded to.For the sake of simplicity, this preferred embodiment set each CE as IPv4 host, therefore, the EVPN prefix in RT-5 routing that MP-BGP session is issued is IPv4 prefix, still, the road RT-5 It is the address IPv6 by the source IP and destination IP in the tunnel VXLAN generated.

6th step, by above step, the VXLAN L3 EVPN business is just set up, and datagram can be used Text come verify PE node defined in this preferred embodiment and it is non-traffic perception node on forwarding behavior and effect.

By taking EVPN topology shown in Fig. 3 as an example, end-to-end message forwarding process includes:

The first step, when PE1 node receives an IPv4 message B1 from local AC1, the PE node presses [EVPN Prefix] define forwarding process forwarding B1 message, without loss of generality, it is assumed that should be by it according to the purpose IP address of B1 message It is transmitted to PE3.B1 is encapsulated as B1c and is transmitted to PE3.

Second step, it is identical as the correspondence step in preferred embodiment 1, in addition to B1 is an IPv4 message and the feature Field is except the IPv4 five-tuple of the B1 message.

Third step, it is identical as preferred embodiment 1, other than forwarding surface process is executed by [EVPN prefix].

Preferred embodiment 10

1: realize the VPN infrastructure module:

In addition in place of specified otherwise, this module is identical as preferred embodiment 6；

It is different from preferred embodiment 6, compared with the encapsulation format that this module uses encapsulation format used in it, it is added to SRH Head, SRH positions are as shown in format C in Figure 17, and format B is format used in preferred embodiment 6 in the figure.The SRH head Road is segmented defined in draft-ietf-6man-segment-routing-header (hereinafter referred to as " [SRH] ") for IETF By head, SRH of the format, including Flags field and Segment List field are defined in [SRH].

Different from preferred embodiment 6, this module is directly corresponding by main interface belonging to the entrance AC of first message Low 10 byte of the ESI (10 byte) as 16 byte entropy, by the source MAC of first message, purpose MAC, Ehertype, High 6 byte of the 6 byte cryptographic Hash that VLAN ID is generated as 16 byte entropy.

It is different from preferred embodiment 6, compared with the encapsulation format that this module uses encapsulation format used in it, it is added to SRH Head, SRH positions are as shown in format C in Figure 17, and format B is format used in preferred embodiment 6 in the figure.The SRH head Road is segmented defined in draft-ietf-6man-segment-routing-header (hereinafter referred to as " [SRH] ") for IETF By head, SRH of the format, including Flags field and Segment List field are defined in [SRH].This module institute Flags field value described in the SRH of addition meets following place's part: it carries out step-by-step logic and operation with predetermined constant TBD1 It as a result is not 0, wherein TBD1 waits for ietf definition, and the possibility value of TBD1 has several possibility such as 1,2,4 and 128.Wherein, Segment List field is the address an IPv6 array, only one element of the array in SRH added by this module, i.e., Segment List [0], Segment List [0] value described in SRH added by this module are the entropy.

This module reads the entropy from Segment List [0] field of the SRH head of the third message, and by institute It states SRH to peel off, and the value of next header fields in SRH is copied in IPv6, another message is obtained and is returned It is handled back to the VPN infrastructure module, low 10 byte of the entropy is described the of third message carrying The corresponding ESI of entrance AC of four messages, can be used for counting messages, by the statistical data of the message to come from distal end difference ESI It is recorded in different counters, to improve the accuracy of counting messages；

If described SRH of the Flags field and the predetermined constant TBD1 connect the result of a logic and operation It is 0, then any processing is not carried out to message, directly gives the VPN infrastructure module processing.

It is noted that the destination IP of the third message is actually one on the PE node for configure the destination IP A local SID, the local SID concept, that is, draft-filsfils-spring-srv6-network-programming-01 Local SID concept described in the section 4 of (hereinafter referred to as [srv6-program]).This module is actually to define correspondence In the novel SRv6 Function of one kind of local SID, the SRv6 Function concept is [srv6-program] SRv6 Fucntion concept described in Section 4.This novel SRv6 Function indicates the Segment List in SRH [0] if field is different from the destination IP, Segment List [0] field be one can not road in underlay network By IP address, also, Segment List [0] field cannot be used to cover the third report as other SRv6Function The destination IP field of text.This preferred embodiment can be used in combination with the SR-Policy function of SRv6, at this point, according to the SR- The message of Policy encapsulates specification, originally the destination IP of the third message is not purpose PE node (the i.e. execution of this module Main body) on the local SID, still, the destination IP of the third message is passing through each non-traffic perception node or purpose The modification of the SRv6 forwarding process of PE node eventually becomes the local SID on the purpose PE node, and by described new The rule of type SRv6Fuction handles the third message.

1: realize the IP infrastructure module:

Different from preferred embodiment 2, this module be not the mistake that is forwarded of IP packet of local interface IP to destination IP Cheng Zhong, if containing the SRH head in IPv6 heading, calls the entropy IP third when carrying out load-balancing paths selection Card module obtains the entropy, also, carries out load balancing with source IP, destination IP and the entropy.

It is identical as preferred embodiment 2, in this module when the IP packet is free of SRH, still use five yuan of the IP Group carries out load balancing.

If the Flags field and the undetermined constant TBD1 in SRH described carry out the result of step-by-step logic and operation not It is 0, then it is assumed that contain entropy in SRH described, and read the entropy from SRH described, no set thinks that entropy is 0. Wherein, the method for reading the entropy corresponding with VPN infrastructure module described in this preferred embodiment are as follows: described in reading The value of Segment List [0] in SRH is as the entropy.

In addition in place of specified otherwise, this step is identical as the correspondence step in preferred embodiment 6；

Different from preferred embodiment 6, the subnet mask of the EVPN Instance Interface configuration is 128.

This step is identical as the correspondence step in preferred embodiment 6.

Preferred embodiment 11

1: realize the VPN infrastructure module:

The EVPN VPWS business of VXLAN encapsulation is realized by RFC8214 and [EVPN overlay], then gained EVPN VPWS The control plane module of business, that is, VPN infrastructure module control plane part.Wherein, [EVPN overlay] is mainly pair The format of message provides guidance, and business processing flow is in accordance with RFC8214.

Similarly, the EVPN VPWS business of VXLAN encapsulation is realized by RFC8214 and [EVPN overlay], then gained EVPN The forwarding surface module of VPWS business, that is, VPN infrastructure module forwarding surface part.

It is noted that resulting EVPN VPWS control plane module by the above process, including bgp protocol L2VPN Each VPWS srvice instance in the configuration of the corresponding EVI example of EVPN address family relevant configuration, EVPN VPWS, the EVI example Configuration, the contents such as binding configuration, ESI relevant configuration, VPN Router ID configuration of AC and the VPWS srvice instance.Its In, the VPN Router ID is the IP address of a loopback interface.For the sake of description simplicity, without loss of generality, this mould Block sets node only one VPN Router ID.The control plane part of resulting module by the above process, can also be The forwarding-table item of each VPWS srvice instance is established under the participation of BGP routing in each EVI example.

Especially it is noted that the control plane part of resulting module by the above process, does not need static configuration The tunnel VXLAN, by adjusting the configuration of BGP, RT-1 routing can be by the required whole tunnel VXLAN dynamic generation.It does not lose general Property, for the sake of simplicity, it can be configured by adjusting BGP so that meeting following rule by the tunnel VXLAN that RT-1 routing generates: Between any two PE node, the two-way tunnel VXLAN is only generated；The both ends in any two-way tunnel VXLAN use institute In source IP of the VPN Router ID as the tunnel VXLAN of node, also, at the both ends in the same two-way tunnel VXLAN, one The tunnel source IP at end is exactly the tunnel destination IP of the other end, and the tunnel destination IP of one end is exactly the tunnel source IP of the other end. Similarly, by adjusting BGP configuration, it is also possible that RT-1 routing can be by the binding in all tunnels VXLAN and the EVI example Relationship all generates；These belong to the prior art, and those skilled in the art should be able to understand the specific method being directed to.

Especially it is noted that the forwarding surface part of resulting module, first message are only used by the above process In determining the local AC for receiving the message, after determining the local AC, the field in first message is no longer applied to The selection of message forwarding information.

This module is used as software realization, needs to realize a kind of Plugin Mechanism, for pressing the EVPN VPWS industry in this module When forwarding process of being engaged in forwarding, after completing from the first message to the IP of the second message encapsulation, the first plug-in unit of entropy IP is called to encapsulate IP In source IP and destination IP modify, and, when receiving the third message and handling the third message, call The second plug-in unit of entropy IP to IP encapsulate in source IP and destination IP modify.The plug-in unit can be function call, call back function, Polymorphic functions are also possible to standalone insert.

In addition to Plugin Mechanism, the forwarding flow of forwarding module is corresponded in this module and RFC8214 and [EVPN overlay] Cheng Xiangtong.

In addition in place of specified otherwise, this module is identical as preferred embodiment 10；

It is different from preferred embodiment 10, main interface belonging to entrance AC of this module based on first message corresponding Low 16 as entropy of low 16 of 4 classes or the Local Discriminator value field in the 5th class ESI, using institute Low 16 of the source MAC of the first message are stated as the 16 high of entropy.

Different from preferred embodiment 10, this module is not to be inserted into SRH toward the position that the third message is inserted into SRH at it Head, but it is inserted into a kind of new IPv6 route option head, referred to as ERH (report by Entropy Route Header, entropy routing for the time being Head) head, also, the case where in order to quickly exclude in IPv6 option head without entropy, reduce non-traffic perception node to IPv6 The processing load of option header defines a predetermined constant TBD2, when the value of next header fields in IPv6 is described pre- It is permanent when stating TBD2, indicate that next header is a kind of route header, and entropy may be contained in the route header.The TBD2's Value is determined by IETF.A kind of possible format of the ERH header is as shown in figure 16；Wherein, Entropy Value field is used for Carry the entropy.Wherein, the Route-type field value of the ERH header is predetermined constant TBD3, the value of the TBD3 Determined by IETF, it is ERH described in Reserved2 field value be 0xFF, Reserved3, Reserved4 and The value of Reserved5 field is for 0, Next Header and Hdr Ext Len field value according to RFC2460 to route header Field definition fill in.

It is worth noting that, the access circuit AC of EVPN VPWS business is not limited to the interface of EtherType, work as access When circuit AC is the access circuit identified by frame relay FR data link connection identifier DLCI, or access circuit AC is by different When the access circuit that step transmission mode ATM virtual path identifier VPI or Virtual Path Identifier VCI is identified, the DLCI or VPI Or VCI can be used for calculating the intrinsic entropy of first message.How to configure this EVPN VPWS business is not this hair Therefore bright innovative point just different one schematically illustrates in this specification, those skilled in the art should be clear how excellent according to this Select embodiment that the use of entropy is extended to the EVPN VPWS business of non-EtherType.

The ERH header of the third message is directly stripped, and the value of next header fields in ERH header is copied to In IPv6, another message is obtained；The obtained message is returned into the VPN infrastructure module.

1: realize the IP infrastructure module:

Different from preferred embodiment 2, this module be not the mistake that is forwarded of IP packet of local interface IP to destination IP Cheng Zhong, when carrying out load-balancing paths selection, if the value of next header fields in IPv6 heading is the TBD2, Think that first IPv6 option header is route header, and wherein may include entropy, then entropy IP third plug-in unit is called to obtain Otherwise the internal layer entropy does not have to that entropy IP third card module is called to obtain entropy.

It is different from preferred embodiment 2, in the case where success obtains entropy according to the above method, with source IP, mesh in this module IP and the entropy carry out load balancing, otherwise still with IP five-tuple carry out load balancing.

If the Route-type field value in first route header of the third message is equal with predetermined constant TBD3, Indicate that it is an ERH head, wherein the value of Entropy Value field is the entropy.Otherwise it is assumed that the third report The internal layer entropy of text is 0.

By taking EVPN VPWS topology shown in Fig. 4 as an example, network and service deployment process include:

Second step, it is identical as preferred embodiment 7, in addition to the subnet of the loopback interface where VPN Router ID is covered Code is 128 bit subnet masks.

Third step, it is identical as preferred embodiment 7, in addition to generating the tunnel VXLAN and arriving VXLAN tunnel binding generated The routing of EVPN example is RT-1 routing rather than RT-3 is routed.

4th step establishes an EVPN VPWS business as shown in Figure 4, and is the EVPN VPWS industry on each PE node Identical VNI is specified in business.Wherein, AC1, AC2, AC3, etc. 3 interfaces bind the EVPN VPWS industry as access circuit Business.After completing the above configuration, the signaling process interaction RT-1 that the MP-BGP session start is defined by RFC8214 is routed, and is led The tunnel VXLAN between each node is caused to be established and mutually bind with the EVPN VPWS business.

5th step configures ESI.It is identical as preferred embodiment 7, in addition to signaling process is the process in RFC8214.

6th step, by above step, the EVPN VPWS business is just set up, and data message can be used Verify the forwarding behavior and effect on PE node defined in this preferred embodiment and non-traffic perception node.

By taking EVPN VPWS topology shown in Fig. 4 as an example, end-to-end message forwarding process includes:

The first step, when PE1 node receives an IPv4 message B1 from local AC1, the PE node is defined by RFC8214 Forwarding process forward B1 message, without loss of generality, it is assumed that should be forwarded it to according to the EVPN example of B1 message PE3.Then B1 is encapsulated as B1c and is transmitted to PE3 by PE1.

Second step, it is identical as the correspondence step in preferred embodiment 1, in addition to B1 is an Ethernet message and the feature Field is except the source MAC of the B1 message.

Third step, it is identical as preferred embodiment 1, other than forwarding surface process is executed by RFC8124.

Preferred embodiment 12

1: realize the VPN infrastructure module:

Different from preferred embodiment 8, each ESI has a corresponding homonymous interfaces, referred to as ESI interface in this module, should Whole effects that IP address has loopback interface IP address are configured on interface.

Different from preferred embodiment 8, it is corresponding that this module directlys adopt main interface belonging to the entrance AC of first message ESI IP entirety as 128 entropy.The ESI IP is that the corresponding ESI of main interface belonging to the entrance AC is corresponding The IP address configured on ESI interface；

Different from preferred embodiment 8, this module fills in the ESI IP as entropy using whole 128 of source IP.

This module, which directly remains untouched the third message, to be returned to the VPN infrastructure module and carries out continuing to locate Reason；

It is worth noting that, because the entropy that the source IP of the third message carries is the local AC institute of the 4th message The complete body of the corresponding ESI IP of the main interface of category, and the ESI IP is that routing is reachable in underlay network, Therefore, although it has whole effects of entropy, also therefore the complete effect with an IP address is not necessarily to herein simultaneously ESI IP is considered as zero.But general entropy usually has pseudo-randomness, the effect without a complete IP address, This kind of entropy with pseudo-randomness is preferably thus considered as zero on non-traffic sensing node.

In conjunction with Fig. 6 to the method and apparatus (system) of transmission and the entropy for using internal layer message in outer layer IP The implementation of the non-traffic perception P node of technical solution is described in further detail:

1: realize the IP infrastructure module:

In addition in place of specified otherwise, this step is identical as the correspondence step in preferred embodiment 8；

Different from preferred embodiment 8, the loopback interface where each VPN Router ID of this preferred embodiment is matched 128 bit subnet masks are set.

This step is identical as the correspondence step in preferred embodiment 8.

Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored It is performed by computing device in the storage device, and in some cases, it can be to be different from shown in sequence execution herein Out or description the step of, perhaps they are fabricated to each integrated circuit modules or by them multiple modules or Step is fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific hardware and softwares to combine.

The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.It is all within principle of the invention, it is made it is any modification, etc. With replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims

1. a kind of sending method of message characterized by comprising

The first message is received from the first access circuit AC；

First message is handled, one or more second messages are obtained；It wherein, include: in second message One internet protocol address；First IP address is the IP that is modified to the second IP address using predetermined entropy Location；Wherein, the predetermined entropy is used to identify the entropy of first message；

Send second message.

2. the method according to claim 1, wherein first IP address is located at the following of second message At least one in position: source IP, destination IP, in the 6th edition IPv6 option head of Internet protocol.

3. the method according to claim 1, wherein being carried out using the predetermined entropy to second IP address Modification includes at least one of:

Replace the value of designated position in second IP address with the predetermined entropy, wherein the predetermined entropy be it is following it One: intrinsic entropy, context entropy, comprehensive entropy；

It will be described in the result replacement that be calculated with the value of designated position in the predetermined entropy and second IP address The value of designated position described in second IP address, wherein the predetermined entropy is one of the following: intrinsic entropy, context entropy, Comprehensive entropy；

It is encrypted with value of the predetermined entropy to designated position in second IP address, wherein the predetermined entropy is Intrinsic entropy；

Wherein, the intrinsic entropy is the entropy by one or more feature fields in first message by being calculated Value；The context entropy is to pass through the entropy that mapping obtains by the corresponding one or more features configuration information of the first AC Value；The comprehensive entropy is to be calculated jointly by the intrinsic entropy of first message and the context entropy of first message The entropy arrived.

4. according to the method described in claim 3, it is characterized in that, the feature field includes at least one of:

The source IP of first message, destination IP, protocol type, source port, destination port, IPv4 type of service tos field, The stream label Flow-label field of IPv6；

Source media access control MAC, the purpose MAC of first message；

Ethernet type ethertype, ectonexine VLAN ID VLAN ID, the 802.1p of first message are preferential Grade.

5. according to the method described in claim 3, it is characterized in that, the corresponding feature configuration information of the first AC includes following At least one:

The information mapped by the first AC；

The node level configuration information obtained as the node where the first AC；

The information that the main interface as belonging to the first AC maps；

The information obtained after Hash calculation by the corresponding Ethernet segment identifiers ESI of the first affiliated main interface of AC；

The corresponding ESI of the affiliated main interface of first AC itself；

The corresponding ESI IP of the corresponding ESI of the affiliated main interface of first AC, wherein the ESI IP is for ESI configuration An IP address, ESI IP ESI IP corresponding with ESI other on node belonging to the ESI be different.

6. according to the method described in claim 3, it is characterized in that, obtaining the comprehensive entropy according at least one of mode Value:

Step-by-step logic XOR operation is carried out by the intrinsic entropy and the context entropy, obtains the comprehensive entropy；

It is calculated by the intrinsic entropy, the context entropy and any N number of constant, obtains the comprehensive entropy；Wherein, N is the integer more than or equal to 1.

7. according to the method described in claim 2, it is characterized in that, being located at second message in first IP address In the case where in IPv6 option head, indicated in the IPv6 option head by following one mode with the presence or absence of the predetermined entropy Value:

It is indicated by header Next-header field next in the IPv6 head of second message, passes through the IPv6 option head In field instruction.

8. the method according to claim 1, wherein the affiliated type of service of the first AC include it is following at least it One:

The VPN of MAC header forwarding in Virtual Private Network VPN based on first message；

The VPN of IP head forwarding in VPN based on first message；

The VPN being forwarded in VPN according to the configuration information on the first AC.

9. the method according to claim 1, wherein to first message carry out processing include it is following at least it One:

Expansible virtual LAN VXLAN encapsulation is carried out to first message；

The extension GPE encapsulation of VXLAN puppy parc is carried out to first message；

Universal network virtualization encapsulation Geneve encapsulation is carried out to first message；

The generic route encapsulation NVGRE encapsulation of network virtualization is carried out to first message；

The Segment routing SRv6 realized on IPv6 data surface encapsulation is carried out to first message.

10. a kind of processing method of message characterized by comprising

Receive the third message that first service provider edge PE is sent, wherein the third message is the first PE To the message handled from the first of the first PE the access received 4th message of circuit AC, in the third message It include: the first internet protocol address；First IP address is to be modified using predetermined entropy to the second IP address The IP address arrived, the predetermined entropy are used to identify the entropy of the 4th message；

Handle the third message.

11. according to the method described in claim 10, it is characterized in that, first IP address be located at the third message with In at least one lower position: source IP, destination IP, in the 6th edition IPv6 option head of Internet protocol.

12. according to the method described in claim 10, it is characterized in that, being located at the third message in first IP address In the case where in IPv6 option head, indicated in the IPv6 option head by following one mode with the presence or absence of the predetermined entropy Value:

It is indicated by header Next-header field next in the IPv6 head of the third message, passes through the IPv6 option head In field instruction.

13. according to the method described in claim 10, it is characterized in that, when the destination IP of the third message is for described in reception When the IP address of the node configuration of third message, the third message is handled, comprising:

It will be set as pre- by the binary digit that the predetermined entropy was modified in first IP address in the third message Definite value；Wherein, the predetermined value of different binary digit settings is identical or different；

Recalculate the predetermined entropy, and with the predetermined entropy after recalculating to described in the third message It is decrypted in one IP address by the part that the predetermined entropy encrypts；Wherein, the predetermined entropy is intrinsic entropy；

By the IPv6 option head removing comprising first IP address in the third message；

Directly handle the third message.

14. according to the method described in claim 10, it is characterized in that, when the destination IP of the third message is to receive described the When far-end IP address on the node of three messages, the third message, including at least one of are handled:

Load balancing forwarding information is selected according to first IP address, according to load balancing forwarding information forwarding described the Three messages；

Binary digit corresponding with the predetermined entropy carried in first IP address is respectively seen as predetermined value, to described Third message carries out other processing in addition to forwarding；

Directly forward the third message.

15. a kind of sending device of message characterized by comprising

Receiving module, for receiving the first message from the first access circuit AC；

Processing module obtains one or more second messages for handling first message；Wherein, described second It include: the first internet protocol address in message；First IP address is to be carried out using predetermined entropy to the second IP address Modify obtained IP address；Wherein, the predetermined entropy is used to identify the entropy of first message；

Sending module, for sending second message.

16. device according to claim 15, which is characterized in that first IP address be located at second message with In at least one lower position: source IP, destination IP, in the 6th edition IPv6 option head of Internet protocol.

17. a kind of processing unit of message characterized by comprising

Receiving module, for receiving the third message of first service provider edge PE transmission, wherein the third message It is the first PE to the message handled from the first access received 4th message of circuit AC of the first PE, institute Stating includes: the first internet protocol address in third message；First IP address is to use predetermined entropy to the 2nd IP The IP address that location is modified, the predetermined entropy are used to identify the entropy of the 4th message；

Processing module, for handling the third message.

18. device according to claim 17, which is characterized in that first IP address be located at the third message with In at least one lower position: source IP, destination IP, in the 6th edition IPv6 option head of Internet protocol.

19. a kind of PE node characterized by comprising

Communication interface, for receiving the first message from the first access circuit AC；

Processor obtains one or more second messages for handling first message；Wherein, second report It include: the first internet protocol address in text；First IP address is to be repaired using predetermined entropy to the second IP address The IP address changed；Wherein, the predetermined entropy is used to identify the entropy of first message；

The communication interface, for sending second message.

20. a kind of node characterized by comprising

Communication interface, for receiving the third message of first service provider edge PE transmission, wherein the third message It is the first PE to the message handled from the first access received 4th message of circuit AC of the first PE, institute Stating includes: the first internet protocol address in third message；First IP address is to use predetermined entropy to the 2nd IP The IP address that location is modified, the predetermined entropy are used to identify the entropy of the 4th message；

Processor, for handling the third message.

21. a kind of message handling system characterized by comprising first node and second node；Wherein,

The first node is handled to obtain for receiving the first message from the first access circuit AC to first message One or more second messages and second message is sent to the second node；Wherein, it is wrapped in second message It includes: the first internet protocol address；First IP address is to modify to obtain to the second IP address using predetermined entropy IP address；Wherein, the predetermined entropy is used to identify the entropy of first message；

The second node, for handling second message after receiving second message.

22. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein when described program is run Method described in any one of perform claim requirement 1 to 14.

23. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run Benefit require any one of 1 to 14 described in method.