CN110191042B - Message forwarding method and device - Google Patents

Message forwarding method and device Download PDF

Info

Publication number
CN110191042B
CN110191042B CN201910425545.XA CN201910425545A CN110191042B CN 110191042 B CN110191042 B CN 110191042B CN 201910425545 A CN201910425545 A CN 201910425545A CN 110191042 B CN110191042 B CN 110191042B
Authority
CN
China
Prior art keywords
service
vlan tag
mac address
destination
forwarding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910425545.XA
Other languages
Chinese (zh)
Other versions
CN110191042A (en
Inventor
张海洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201910425545.XA priority Critical patent/CN110191042B/en
Publication of CN110191042A publication Critical patent/CN110191042A/en
Application granted granted Critical
Publication of CN110191042B publication Critical patent/CN110191042B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4645Details on frame tagging
    • H04L12/465Details on frame tagging wherein a single frame includes a plurality of VLAN tags
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2212/00Encapsulation of packets

Abstract

The invention provides a message forwarding method and a device, wherein the method comprises the following steps: receiving a service message packaged by VXLAN sent by TOR equipment; removing the VXLAN packaging, and determining a first VPN corresponding to a first service VLAN Tag according to the first service VLAN Tag carried in the service message when determining that the destination MAC address of the service message is the MAC address of the EOR equipment; and searching a three-layer forwarding table entry in the first VPN according to the destination IP address of the service message, and forwarding the service message by three layers according to the searching result. The embodiment of the invention can fully utilize the capability of the EOR equipment, reduce the functional complexity of the CE equipment and save network resources.

Description

Message forwarding method and device
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a method and an apparatus for forwarding a packet.
Background
In a communication cloud Network, a VNF (virtualized Network Function) Network element serves as a Network device supported on a virtualization technology to provide a Network service Function. Under the environment of a non-SDN (Software Defined Network) Network, Network forwarding services are provided for service communication between VNF Network elements, and between a VNF Network element and a CE (Customer Edge) device. A TOR (Top of Rack) device connected to a VNF network element and an EOR (End of Row) device connected to a TOR device are used as underlay devices to provide a two-layer channel function between VNF network elements and between a VNF network element and a CE device. Typically, the CE device mainly functions as a gateway of the VNF network element device to provide services for the VNF network element.
When SDN technology and DC (Data Center) requirements are introduced into a communication cloud network, a Fabric network composed of TOR devices and EOR devices constructs a two-layer architecture network of an underlay and an overlay. In an overlay Network, VXLAN (Virtual Extensible Local Area Network) technology is usually adopted to carry upper layer service data. Due to the existence of overlay network, the deployment of the VNF network element has more flexibility, the VNF network element can be deployed on any host, the opening of the bearing network is fully automatic, and the efficiency is greatly improved compared with the non-SDN scene.
However, practice shows that after the SDN technology is introduced into the communication cloud network, the service packet needs to bypass to the CE device to perform three-layer routing processing, and the EOR device serving as the SDN gateway is only used as a two-layer device, which causes great waste on device capability and network resources.
Disclosure of Invention
The invention provides a message forwarding method and a message forwarding device, which are used for solving the problem that the existing communication cloud network running an SDN technology causes great waste of equipment capacity and network resources.
According to a first aspect of embodiments of the present invention, a packet forwarding method is provided, which is applied to an EOR device in a communication cloud network operating an SDN technology, where the EOR device is divided into a plurality of VPNs based on a service VLAN, and the method includes:
receiving a service message packaged by VXLAN sent by TOR equipment;
removing the VXLAN packaging, and determining a first VPN corresponding to a first service VLAN Tag according to the first service VLAN Tag carried in the service message when determining that the destination MAC address of the service message is the MAC address of the EOR equipment;
and searching a three-layer forwarding table entry in the first VPN according to the destination IP address of the service message, and forwarding the service message by three layers according to the searching result.
According to a second aspect of the embodiments of the present invention, there is provided a packet forwarding apparatus applied to an EOR device in a communication cloud network operating an SDN technology, where the EOR device is divided into a plurality of VPNs based on a service VLAN, the apparatus including:
the receiving unit is used for receiving the service message encapsulated by the VXLAN sent by the TOR equipment;
an encapsulation/decapsulation unit for decapsulating the VXLAN encapsulation;
a determining unit, configured to determine, when it is determined that a destination MAC address of the service packet is an MAC address of the EOR device, a first VPN corresponding to a first service VLAN Tag according to the first service VLAN Tag carried in the service packet;
and the forwarding unit is used for searching a three-layer forwarding table item in the first VPN according to the destination IP address of the service message and forwarding the service message by three layers according to the searching result.
By applying the embodiment of the invention, the service gateway is sunk to the EOR equipment from the CE equipment in the communication cloud network operating the SDN technology, the VPN division is carried out on the EOR equipment based on the service VLAN, when the EOR equipment receives a service message packaged by VXLAN sent by the TOR equipment, the EOR equipment removes the VXLAN packaging, and when the destination MAC address of the service message is determined to be the MAC address of the EOR equipment, the VPN corresponding to the service VLAN Tag is determined according to the service VLAN Tag carried in the service message, and a three-layer forwarding table entry is searched in the VPN according to the destination IP address of the service message for forwarding, so that the capability of the EOR equipment is fully utilized, and the functional complexity of the CE equipment is reduced; in addition, because the service gateway is an EOR device, traffic detour of the CE device serving as the service gateway is reduced, and network resources are saved.
Drawings
Fig. 1 is a schematic flowchart of a message forwarding method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a specific application scenario provided in the embodiment of the present invention;
fig. 3 is a schematic structural diagram of a message forwarding apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions in the embodiments of the present invention better understood and make the above objects, features and advantages of the embodiments of the present invention more comprehensible, the technical solutions in the embodiments of the present invention are described in further detail below with reference to the accompanying drawings.
Referring to fig. 1, a schematic flow diagram of a message forwarding method provided in an embodiment of the present invention is shown, where the message forwarding method may be applied to an EOR device in a communication cloud network operating an SDN technology, and the message forwarding method may include the following steps:
step 101, receiving a service message encapsulated by VXLAN sent by TOR equipment.
In the embodiment of the present invention, a forwarding flow of a service packet between a VNF network element and an EOR device will be described below with reference to an example, which is not described herein again.
And 102, removing the VXLAN packaging, and determining a first VPN corresponding to a first VLAN Tag according to the first VLAN Tag carried in the service message when the destination MAC address of the service message is determined to be the MAC address of the EOR equipment.
In the embodiment of the invention, in order to reduce the functional complexity of the CE equipment and fully utilize the forwarding performance of the EOR equipment, the service gateway can be sunk to the EOR equipment from the existing CE equipment, and the EOR is used as the service gateway to perform three-layer forwarding on the service message of the VNF network element.
Considering that, in the existing communication cloud network operating the SDN technology, the EOR device forwards the message based on the VXLAN ID, but the service network forwards the message based on the service VLAN Tag (Tag), therefore, the EOR device is used as a service gateway, and the forwarding mode of the EOR device needs to be modified to be the VXLAN ID + VLAN Tag mode.
Accordingly, in the embodiment of the present invention, VPN partition may be performed on the EOR device based on service VLANs (different services are distinguished by different service VLANs).
Illustratively, a VPN corresponds to one or more traffic VLAN tags (different traffic VLANs are distinguished by different traffic VLAN tags).
In the embodiment of the present invention, when receiving a service message encapsulated by VXLAN sent by a TOR device, an EOR device removes VXLAN encapsulation from the service message encapsulated by VXLAN, and determines whether a destination MAC (Media Access Control) address of the service message is the same as an MAC address of the EOR device.
It should be noted that, in the embodiment of the present invention, because the EOR device serves as a service gateway, a destination MAC address of a service packet (if not specifically described, all the service packets mentioned herein refer to a three-layer packet) of the VNF network element is an MAC address of the EOR device; in addition, three-layer forwarding table entries (routing table entry, Address Resolution Protocol (ARP) table entry, etc.) for forwarding the service packet of the VNF network element are also maintained by the EOR device.
When the EOR equipment determines that the destination MAC address of the service message subjected to the VXLAN encapsulation removal is the same as the MAC address of the EOR equipment, the EOR equipment acquires a service VLAN Tag (referred to as a first service VLAN Tag herein) in the service message, and inquires the corresponding relation between the service VLAN Tag and the VPN maintained by the EOR equipment according to the first service VLAN Tag so as to determine the VPN (referred to as a first VPN herein) corresponding to the first service VLAN Tag.
Step 103, searching a three-layer forwarding table entry in the first VPN according to the destination IP address of the service packet, and forwarding the service packet by three layers according to the search result.
In the embodiment of the invention, when the EOR equipment determines the first VPN corresponding to the first service VLAN Tag, a three-layer forwarding table entry is searched in the first VPN according to the destination IP address of the service message so as to determine the next hop information of the service message and the MAC address of destination end equipment, and the service message is forwarded in three layers according to the searching result.
The three-layer forwarding table entry may include a routing table entry (recording next hop information corresponding to the destination IP address, service VLAN information to which the destination belongs, and the like), an ARP table entry (recording an MAC address corresponding to the destination IP address), and the like.
The search result obtained by the EOR device according to the search of the three-layer forwarding table entry may include information such as the MAC address of the destination device, the service VLAN to which the destination device belongs, and the egress interface connected to the next hop.
It can be seen that, in the method flow shown in fig. 1, in a communication cloud network operating an SDN technology, a service gateway is sunk from a CE device to an EOR device, and VPN division is performed on the EOR device based on a service VLAN, when the EOR device receives a service packet encapsulated by VXLAN sent by a TOR device, and after the EOR device removes the VXLAN encapsulation, when it is determined that a destination MAC address of the service packet is an MAC address of the EOR device, a VPN corresponding to the service VLAN Tag is determined according to the service VLAN Tag carried in the service packet, and a three-layer forwarding entry is searched in the VPN according to a destination IP address of the service packet for forwarding, so that the capability of the EOR device is fully utilized, and the functional complexity of the CE device is reduced; in addition, because the service gateway is an EOR device, traffic detour of the CE device serving as the service gateway is reduced, and network resources are saved.
In one embodiment of the present invention, the three-layer forwarding of the service packet according to the search result may include:
and when the VLAN Tag of the service VLAN which the destination end equipment belongs to is determined to be the first service VLAN Tag according to the search result, replacing the destination MAC address of the service message with the MAC address of the destination end equipment, and forwarding the service message after the destination MAC address replacement from the outlet interface connected with the next hop after carrying out VXLAN packaging on the service message.
In this embodiment, the EOR device performs three-layer packet forwarding in the first VPN according to the destination IP address of the service packet, and may determine next hop information of the service packet (an outgoing interface connected to the EOR device is a next hop), the MAC address of the destination device, and a service VLAN Tag corresponding to the destination device (that is, a VLAN Tag of a service VLAN to which the destination device belongs).
When the service VLAN Tag corresponding to the destination device is the first service VLAN Tag (i.e., the same as the service VLAN Tag in the service message received by the EOR), the EOR directly performs intranet forwarding on the service message, replaces the destination MAC address of the service message with the MAC address of the destination device, performs VXLAN encapsulation on the service message after the destination MAC address replacement, and forwards the service message through an egress interface (a port on the TOR device side) connected to the next hop.
It should be noted that, in this embodiment, VXLAN encapsulation is performed on the service packet by the EOR device, and a forwarding process after the TOR device receives the VXLAN encapsulated service packet sent by the EOR device may refer to related descriptions in the prior art, which is not described herein again in this embodiment of the present invention.
In another embodiment of the present invention, the three-layer forwarding of the service packet according to the search result may include:
and when determining that the VLAN Tag corresponding to the service VLAN which the destination end equipment belongs to is the second service VLAN Tag according to the search result, and the first service VLAN Tag and the second service VLAN Tag correspond to the same VPN, replacing the destination MAC address of the service message with the MAC address of the destination end equipment, replacing the first service VLAN Tag in the service message with the second service VLAN Tag, carrying out VXLAN packaging on the destination MAC address and the service message after the service VLAN Tag is replaced, and forwarding the service message from an outlet connected with the next hop.
In this embodiment, when the EOR device determines that the service VLAN Tag corresponding to the destination device is a second service VLAN Tag (the first VLAN Tag is different from the second VLAN Tag), the EOR device may query, according to the second service VLAN Tag, a correspondence between the service VLAN Tag and the VPN maintained by the EOR device, so as to determine the VPN corresponding to the second service VLAN Tag.
When the VPN corresponding to the second service VLAN Tag is the same as the VPN corresponding to the first service VLAN Tag (i.e., both are the first VPN), the EOR device directly performs intranet forwarding on the service message, and at this time, the EOR device needs to replace the first service VLAN Tag carried in the service message with the second VLAN Tag in addition to replacing the destination MAC address of the service message with the MAC address of the destination device, perform VXLAN encapsulation on the destination MAC address and the service message after VLAN Tag replacement, and forward the service message through an egress interface (a port on the TOR device side) connected to the next hop.
In another embodiment of the present invention, the three-layer forwarding of the service packet according to the search result may include:
when the VLAN Tag corresponding to the service VLAN to which the destination end equipment belongs is determined to be a third service VLAN Tag according to the search result, and the first service VLAN Tag and the third service VLAN Tag correspond to different VPNs, determining an output interface connected with the next hop to be a port on the TOR equipment side or a port on the CE equipment side;
if the port is a port on the TOR equipment side, replacing a target MAC address of the service message with the MAC address of the target end equipment, replacing a first service VLAN Tag in the service message with a third service VLAN Tag, and forwarding the service message after the target MAC address and the service VLAN Tag are replaced from an outlet interface connected with the next hop after carrying out VXLAN packaging;
and if the port is the port on the CE device side, replacing the destination MAC address of the service message with the MAC address of the destination device, replacing the first service VLAN Tag in the service message with the third service VLAN Tag, and forwarding the destination MAC address and the service message after the service VLAN Tag is replaced from the outlet interface connected with the next hop.
In this embodiment, when the EOR device determines that the service VLAN Tag corresponding to the destination device is a third service VLAN Tag (the third VLAN Tag is different from the first VLAN Tag), the EOR device may query, according to the third service VLAN Tag, a correspondence between the service VLAN Tag and the VPN maintained by the EOR device, so as to determine the VPN corresponding to the third service VLAN Tag.
When the VPN corresponding to the third service VLAN Tag is different from the VPN corresponding to the first service VLAN Tag, the EOR device determines to forward the service packet across VPNs, and at this time, the EOR device may determine that the egress interface connected to the next hop is a port on the TOR device side or a port on the CE device side.
If the outgoing interface connected with the next hop is a port on the TOR equipment side, that is, the service message is an interactive service message between VNF network elements, the EOR equipment replaces the destination MAC address of the service message with the MAC address of the destination end equipment, replaces the first service VLAN Tag carried in the service message with the third service VLAN Tag, performs VXLAN encapsulation on the destination MAC address, that is, the service message after the service VLAN Tag is replaced, and forwards the service message from the outgoing interface connected with the next hop.
If the outgoing interface connected with the next hop is a port on the side of the CE device, that is, the service packet is a service packet (for example, a service packet accessing an external network) of a VNF network element accessing the CE device, the EOR device replaces the destination MAC address of the service packet with the MAC address of the destination device, replaces the first service VLAN Tag in the service packet with the third service VLAN Tag, and forwards the service packet (without VXLAN encapsulation) after the destination MAC address and the service VLAN Tag are replaced from the outgoing interface connected with the next hop, that is, sends the service packet to the CE device.
It should be noted that, in this embodiment, when the CE device receives the service packet sent by the EOR device, it may perform two-layer forwarding according to the destination MAC address of the service packet, and need not perform three-layer routing processing.
In order to enable those skilled in the art to better understand the technical solution provided by the embodiment of the present invention, the technical solution provided by the embodiment of the present invention is described below with reference to a specific application scenario.
Referring to fig. 2, which is a schematic diagram of an architecture of a specific application scenario provided in the embodiment of the present invention, as shown in fig. 2, in the application scenario, an EOR device serves as a service gateway, maintains three layers of forwarding table entries for forwarding service packets of a VNF network element, and divides different VPNs based on a service VLAN.
Based on the application scenario shown in fig. 2, the packet forwarding process provided in the embodiment of the present invention is implemented as follows:
embodiment one, VNF network element access CE equipment
Taking VNF network element 1 as an example, assume that a service VLAN Tag corresponding to VNF network element 1 is VLAN 101.
The VNF network element 1 sends a service packet carrying the VLAN101 to an OVS (Open Virtual Switch) device 1, where a destination MAC address of the service packet is an MAC address of the EOR device (assumed to be 1-1-1).
The OVS device 1 receives the service packet sent by the VNF network element 1, adds a VLAN Tag (assumed to be VLAN 201) in the host to the service packet, generates a service packet in a QinQ (double-layer VLAN) format, and sends the service packet to the TOR device 1.
When receiving the QinQ-format service packet, the TOR device 1 performs VLAN → VXLAN mapping according to the outer VLAN Tag (VLAN 201) (assuming that the mapped VXLAN ID is VXLAN 1), and performs VXLAN encapsulation on the service packet to obtain a VXLAN-encapsulated service packet (which may also be referred to as a QinVXLAN packet). Since the destination MAC address of the service packet is the MAC address of the EOR device, the TOR device sends the service packet encapsulated by the VXLAN to the EOR device.
When receiving a service message packaged by VXLAN, the EOR equipment removes the VXLAN packaging of the service message, determines that the destination MAC address of the service message is the MAC address (1-1-1) of the EOR equipment, acquires a service VLAN Tag (VLAN 101) carried in the service message, inquires the corresponding relation between the service VLAN Tag and the VPN maintained by the EOR equipment according to the service VLAN Tag, and determines the VPN (assumed as VPN 100) corresponding to the VLAN 101.
The EOR device searches a three-layer forwarding entry in the VPN 100 according to the destination IP address of the service packet to determine an egress interface (assumed to be a port connected to the CE device) connected to the next hop, an MAC address (assumed to be 2-2-2) of the destination device, and a service VLAN Tag (assumed to be VLAN300, and a VPN corresponding to the VLAN300 is VPN 300).
EOR equipment modifies the destination MAC address of a service message (VLAN data packet) without VXLAN encapsulation from 1-1-1 to 2-2-2, modifies the service VLAN Tag to VLAN300 from VLAN101, and sends the destination MAC address and the service message modified by the service VLAN Tag to CE equipment, and after the CE equipment receives the service message, the CE equipment does not need to perform three-layer routing processing on the service message, but only needs to perform two-layer forwarding according to the destination MAC.
Embodiment two, VNF network element inter-visit
Taking the VNF network element 1 accessing the VNF network element 3 as an example, assume that a service VLAN Tag corresponding to the VNF network element 1 is VLAN101, and a service VLAN Tag corresponding to the VNF network element 3 is VLAN 103.
The VNF network element 1 sends a service packet carrying the VLAN101 to an OVS (Open Virtual Switch) device 1, where a destination MAC address of the service packet is an MAC address of the EOR device (assumed to be 1-1-1).
The OVS device 1 receives the service packet sent by the VNF network element 1, adds a VLAN Tag (assumed to be VLAN 201) in the host to the service packet, generates a service packet in a QinQ (double-layer VLAN) format, and sends the service packet to the TOR device 1.
When receiving the QinQ-format service packet, the TOR device 1 performs VLAN → VXLAN mapping according to the outer VLAN Tag (VLAN 201) (assuming that the mapped VXLAN ID is VXLAN 1), and performs VXLAN encapsulation on the service packet to obtain a VXLAN-encapsulated service packet (which may also be referred to as a QinVXLAN packet). Since the destination MAC address of the service packet is the MAC address of the EOR device, the TOR device sends the service packet encapsulated by the VXLAN to the EOR device.
When receiving a service message packaged by VXLAN, the EOR equipment removes the VXLAN packaging of the service message, determines that the destination MAC address of the service message is the MAC address (1-1-1) of the EOR equipment, acquires a service VLAN Tag (VLAN 101) carried in the service message, inquires the corresponding relation between the service VLAN Tag and the VPN maintained by the EOR equipment according to the service VLAN Tag, and determines the VPN (assumed as VPN 100) corresponding to the VLAN 101.
The EOR device searches a three-layer forwarding entry in the VPN 100 according to the destination IP address of the service packet to determine an egress interface (assumed to be a port connected to the TOR device 2) connected to the next hop, an MAC address (assumed to be 3-3-3) of the destination device, and a service VLAN Tag (VLAN 103, a VPN corresponding to the VLAN103 is the VPN 200).
The EOR equipment modifies the destination MAC address of the service message subjected to the removal of the VXLAN packaging from 1-1-1 to 3-3-3, modifies the service VLAN Tag from VLAN101 to VLAN103, performs VXLAN packaging on the destination MAC address and the service message modified by the service VLAN Tag, and then sends the service message to the TOR equipment 2.
When receiving the service message encapsulated by VXLAN, the TOR device 2 performs VXLAN → VLAN mapping (assuming that the mapped VLAN Tag is VLAN202) according to VXLAN ID (assuming that VXLAN 2), obtains a service message in QinQ format, and transmits the service message in QinQ format to the OVS device 2 according to the destination MAC address of the message.
The OVS device 2 receives the service packet in the QinQ format, strips the outer VLAN Tag (VLAN202), and sends the service packet (VLAN packet) to the VNF3 according to the destination MAC address of the packet.
As can be seen from the above description, in the technical solution provided in the embodiment of the present invention, in a communication cloud network operating an SDN technology, a service gateway is sunk from a CE device to an EOR device, and VPN division is performed on the EOR device based on a service VLAN, when the EOR device receives a service packet encapsulated by a VXLAN sent by the TOR device, and after the VXLAN encapsulation is released by the EOR device, when a destination MAC address of the service packet is determined to be an MAC address of the EOR device, a VPN corresponding to the service VLAN Tag is determined according to the service VLAN Tag carried in the service packet, and a three-layer forwarding entry is searched in the VPN according to a destination IP address of the service packet for forwarding, so that the capability of the EOR device is fully utilized, and the functional complexity of the CE device is reduced; in addition, because the service gateway is an EOR device, traffic detour of the CE device serving as the service gateway is reduced, and network resources are saved.
Referring to fig. 3, a schematic structural diagram of a message forwarding apparatus according to an embodiment of the present invention is provided, where the apparatus may be applied to an EOR device in the foregoing method embodiment, and as shown in fig. 3, the message forwarding apparatus may include:
a receiving unit 310, configured to receive a service packet encapsulated by a virtual extensible local area network VXLAN, where the service packet is sent by a TOR device of a rack switch;
an encapsulation/decapsulation unit 320 for decapsulating the VXLAN encapsulation;
a determining unit 330, configured to determine, when it is determined that a destination media access control MAC address of the service packet is an MAC address of the EOR device, a first VPN corresponding to a first service VLAN Tag according to the first service VLAN Tag carried in the service packet;
the forwarding unit 340 is configured to search a three-layer forwarding table entry in the first VPN according to the destination IP address of the service packet, and perform three-layer forwarding on the service packet according to a search result.
In an alternative embodiment, one VPN corresponds to one or more traffic VLAN tags.
In an optional embodiment, the forwarding unit 340 is specifically configured to, when it is determined that the VLAN Tag of the service VLAN to which the destination device belongs is the first service VLAN Tag according to the search result, replace the destination MAC address of the service packet with the MAC address of the destination device;
the encapsulating/decapsulating unit 320 is specifically configured to perform VXLAN encapsulation on the service packet after the destination MAC address is replaced;
the forwarding unit 340 is specifically configured to forward the service packet encapsulated by the VLXAN from an egress interface connected to the next hop.
In an optional embodiment, the determining unit 330 is further configured to determine whether the first service VLAN Tag and the second service VLAN Tag correspond to the same VPN when it is determined, according to the search result, that the VLAN Tag corresponding to the service VLAN to which the destination device belongs is the second service VLAN Tag;
the forwarding unit 340 is specifically configured to, when the first service VLAN Tag and the second service VLAN Tag correspond to the same VPN, replace a destination MAC address of the service packet with an MAC address of the destination device, and replace the first service VLAN Tag in the service packet with the second service VLAN Tag;
the encapsulating/decapsulating unit 320 is specifically configured to perform VXLAN encapsulation on the service packet after the destination MAC address and the service VLAN Tag are replaced;
the forwarding unit 340 is specifically configured to forward the service packet encapsulated by the VLXAN from an egress interface connected to the next hop.
In an optional embodiment, the determining unit 330 is further configured to determine whether the first service VLAN Tag and the third service VLAN Tag correspond to the same VPN when it is determined, according to the search result, that the VLAN Tag corresponding to the service VLAN to which the destination device belongs is a third service VLAN Tag;
the determining unit 330 is further configured to determine, when the first service VLAN Tag and the third service VLAN Tag correspond to different VPNs, that an egress interface connected to a next hop is a port on the TOR device side or a port on the CE device side of a user network edge;
the forwarding unit 340 is specifically configured to, if the port is a port on the TOR device side, replace the destination MAC address of the service packet with the MAC address of the destination device, and replace the first service VLAN Tag in the service packet with the third service VLAN Tag;
the encapsulating/decapsulating unit 320 is specifically configured to perform VXLAN encapsulation on the service packet after the destination MAC address and the service VLAN Tag are replaced;
the forwarding unit 340 is specifically configured to forward a service packet encapsulated by a VLXAN from an egress interface connected to a next hop;
the forwarding unit 340 is specifically configured to, if the port is a port on the CE device side, replace the destination MAC address of the service packet with the MAC address of the destination device, replace the first service VLAN Tag in the service packet with the third service VLAN Tag, and forward the destination MAC address and the service packet after the service VLAN Tag replacement from the outgoing interface of the next hop of the connection.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the invention. One of ordinary skill in the art can understand and implement it without inventive effort.
As can be seen from the above embodiments, in a communication cloud network operating an SDN technology, a service gateway is sunk from a CE device to an EOR device, and VPN division is performed on the EOR device based on a service VLAN, when the EOR device receives a service packet encapsulated by VXLAN sent by a TOR device, the EOR device removes the VXLAN encapsulation, and when it is determined that a destination MAC address of the service packet is an MAC address of the EOR device, determines a VPN corresponding to the service VLAN Tag according to the service VLAN Tag carried in the service packet, and searches for a three-layer forwarding entry in the VPN according to the destination IP address of the service packet for forwarding, so that the capability of the EOR device is fully utilized, and the functional complexity of the CE device is reduced; in addition, because the service gateway is an EOR device, traffic detour of the CE device serving as the service gateway is reduced, and network resources are saved.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims (10)

1. A message forwarding method is applied to equipment cabinet switch EOR equipment in a communication cloud network running a Software Defined Network (SDN) technology, and is characterized in that a plurality of Virtual Private Networks (VPNs) are divided on the EOR equipment based on a service Virtual Local Area Network (VLAN), and the method comprises the following steps:
receiving a service message packaged by a virtual extensible local area network VXLAN (virtual extensible local area network) sent by a rack switch TOR (TOR) device;
removing the VXLAN packaging, and determining a first VPN corresponding to a first service VLAN Tag according to the first service VLAN Tag carried in the service message when determining that the destination Media Access Control (MAC) address of the service message is the MAC address of the EOR equipment;
and searching a three-layer forwarding table entry in the first VPN according to the destination IP address of the service message, and forwarding the service message by three layers according to the searching result.
2. The method of claim 1, wherein a VPN corresponds to one or more traffic VLAN tags.
3. The method according to claim 2, wherein said forwarding the service packet in three layers according to the search result comprises:
and when the VLAN Tag of the service VLAN which the destination end equipment belongs to is determined to be the first service VLAN Tag according to the search result, replacing the destination MAC address of the service message with the MAC address of the destination end equipment, carrying out VXLAN packaging on the service message after the destination MAC address is replaced, and then forwarding the service message from an outlet interface connected with the next hop.
4. The method according to claim 2, wherein said forwarding the service packet in three layers according to the search result comprises:
and when determining that the VLAN Tag corresponding to the service VLAN which the destination end equipment belongs to is a second service VLAN Tag according to the search result, and the first service VLAN Tag and the second service VLAN Tag correspond to the same VPN, replacing the destination MAC address of the service message with the MAC address of the destination end equipment, replacing the first service VLAN Tag in the service message with the second service VLAN Tag, carrying out VXLAN packaging on the destination MAC address and the service message after the service VLAN Tag is replaced, and forwarding the service message from an outlet connected with the next hop.
5. The method according to claim 2, wherein said forwarding the service packet in three layers according to the search result comprises:
when determining that the VLAN Tag corresponding to the service VLAN to which the destination device belongs is a third service VLAN Tag according to the search result, and the first service VLAN Tag and the third service VLAN Tag correspond to different VPNs, determining that an outgoing interface connected with the next hop is a port on the TOR device side or a port on the CE device side;
if the port is a port on the TOR equipment side, replacing a target MAC address of the service message with an MAC address of the target end equipment, replacing a first service VLAN Tag in the service message with a third service VLAN Tag, carrying out VXLAN packaging on the target MAC address and the service message after the service VLAN Tag is replaced, and forwarding the service message from an outlet interface connected with the next hop;
and if the port is a port on the CE equipment side, replacing the destination MAC address of the service message with the MAC address of the destination equipment, replacing the first service VLAN Tag in the service message with the third service VLAN Tag, and forwarding the destination MAC address and the service message after the service VLAN Tag is replaced from the next hop of the connection interface.
6. A message forwarding device is applied to equipment cabinet switch EOR equipment in a communication cloud network running a Software Defined Network (SDN) technology, and is characterized in that a plurality of Virtual Private Networks (VPNs) are divided on the EOR equipment based on a service Virtual Local Area Network (VLAN), and the device comprises:
the receiving unit is used for receiving a service message encapsulated by a virtual extensible local area network VXLAN (virtual extensible local area network) sent by a rack switch TOR (TOR) device;
an encapsulation/decapsulation unit for decapsulating the VXLAN encapsulation;
a determining unit, configured to determine, when it is determined that a destination media access control MAC address of the service packet is an MAC address of the EOR device, a first VPN corresponding to a first service VLAN Tag according to the first service VLAN Tag carried in the service packet;
and the forwarding unit is used for searching a three-layer forwarding table item in the first VPN according to the destination IP address of the service message and forwarding the service message by three layers according to the searching result.
7. The apparatus of claim 6, wherein a VPN corresponds to one or more traffic VLAN tags.
8. The apparatus of claim 7,
the forwarding unit is specifically configured to replace the destination MAC address of the service packet with the MAC address of the destination device when it is determined, according to the search result, that the VLAN Tag of the service VLAN to which the destination device belongs is the first service VLAN Tag;
the encapsulation/decapsulation unit is specifically configured to perform VXLAN encapsulation on the service packet after the destination MAC address is replaced;
the forwarding unit is specifically configured to forward the service packet encapsulated by the VLXAN from an egress interface connected to a next hop.
9. The apparatus of claim 7,
the determining unit is further configured to determine whether the first service VLAN Tag and the second service VLAN Tag correspond to the same VPN when determining, according to the search result, that the VLAN Tag corresponding to the service VLAN to which the destination device belongs is the second service VLAN Tag;
the forwarding unit is specifically configured to, when the first service VLAN Tag and the second service VLAN Tag correspond to the same VPN, replace a destination MAC address of the service packet with an MAC address of the destination device, and replace the first service VLAN Tag in the service packet with the second service VLAN Tag;
the encapsulation/decapsulation unit is specifically configured to perform VXLAN encapsulation on the service packet after the destination MAC address and the service VLAN Tag are replaced;
the forwarding unit is specifically configured to forward the service packet encapsulated by the VLXAN from an egress interface connected to a next hop.
10. The apparatus of claim 7,
the determining unit is further configured to determine whether the first service VLAN Tag and the third service VLAN Tag correspond to the same VPN when determining, according to the search result, that the VLAN Tag corresponding to the service VLAN to which the destination device belongs is the third service VLAN Tag;
the determining unit is further configured to determine, when the first service VLAN Tag and the third service VLAN Tag correspond to different VPNs, that an egress interface connected to a next hop is a port on a TOR device side or a port on a CE device side of a user network;
the forwarding unit is specifically configured to, if the port is a port on the TOR device side, replace a destination MAC address of the service packet with an MAC address of the destination device, and replace a first service VLAN Tag in the service packet with the third service VLAN Tag;
the encapsulation/decapsulation unit is specifically configured to perform VXLAN encapsulation on the service packet after the destination MAC address and the service VLAN Tag are replaced;
the forwarding unit is specifically configured to forward a service packet encapsulated by a VLXAN from an egress interface connected to a next hop;
the forwarding unit is specifically configured to, if the port is a port on the CE device side, replace the destination MAC address of the service packet with the MAC address of the destination device, replace the first service VLAN Tag in the service packet with the third service VLAN Tag, and forward the destination MAC address and the service packet after the service VLAN Tag replacement from the outgoing interface of the next hop of the connection.
CN201910425545.XA 2019-05-21 2019-05-21 Message forwarding method and device Active CN110191042B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910425545.XA CN110191042B (en) 2019-05-21 2019-05-21 Message forwarding method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910425545.XA CN110191042B (en) 2019-05-21 2019-05-21 Message forwarding method and device

Publications (2)

Publication Number Publication Date
CN110191042A CN110191042A (en) 2019-08-30
CN110191042B true CN110191042B (en) 2021-08-24

Family

ID=67717104

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910425545.XA Active CN110191042B (en) 2019-05-21 2019-05-21 Message forwarding method and device

Country Status (1)

Country Link
CN (1) CN110191042B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112565045B (en) * 2019-09-26 2024-05-07 中兴通讯股份有限公司 Method, device, equipment and storage medium for forwarding message in EVPN
CN112995005B (en) * 2019-12-17 2022-02-25 北京百度网讯科技有限公司 Virtual network data exchange method and device
CN114978781B (en) * 2022-08-02 2022-11-11 中国电子科技集团公司第三十研究所 Tor network-oriented hybrid anonymous link communication method and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103414626A (en) * 2013-08-28 2013-11-27 盛科网络(苏州)有限公司 Message processing method and device based on network virtualization
US9467536B1 (en) * 2014-03-21 2016-10-11 Cisco Technology, Inc. Shim layer abstraction in multi-protocol SDN controller
CN106209689A (en) * 2015-05-04 2016-12-07 杭州华三通信技术有限公司 From the multicast data packet forwarding method and apparatus of VXLAN to VLAN
CN106789667A (en) * 2016-11-21 2017-05-31 华为技术有限公司 A kind of data forwarding method, relevant device and system
CN107547403A (en) * 2017-07-26 2018-01-05 新华三技术有限公司 Message forwarding method, assisted method, device, controller and main frame
CN108199963A (en) * 2017-12-27 2018-06-22 新华三技术有限公司 Message forwarding method and device
CN108809796A (en) * 2018-07-16 2018-11-13 成都芮捷科技发展有限责任公司 A kind of Metropolitan Area Network (MAN) power system service communication means based on VxLAN
CN109660443A (en) * 2018-12-26 2019-04-19 江苏省未来网络创新研究院 Physical equipment and virtual network communication method and system based on SDN

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103414626A (en) * 2013-08-28 2013-11-27 盛科网络(苏州)有限公司 Message processing method and device based on network virtualization
US9467536B1 (en) * 2014-03-21 2016-10-11 Cisco Technology, Inc. Shim layer abstraction in multi-protocol SDN controller
CN106209689A (en) * 2015-05-04 2016-12-07 杭州华三通信技术有限公司 From the multicast data packet forwarding method and apparatus of VXLAN to VLAN
CN106789667A (en) * 2016-11-21 2017-05-31 华为技术有限公司 A kind of data forwarding method, relevant device and system
CN107547403A (en) * 2017-07-26 2018-01-05 新华三技术有限公司 Message forwarding method, assisted method, device, controller and main frame
CN108199963A (en) * 2017-12-27 2018-06-22 新华三技术有限公司 Message forwarding method and device
CN108809796A (en) * 2018-07-16 2018-11-13 成都芮捷科技发展有限责任公司 A kind of Metropolitan Area Network (MAN) power system service communication means based on VxLAN
CN109660443A (en) * 2018-12-26 2019-04-19 江苏省未来网络创新研究院 Physical equipment and virtual network communication method and system based on SDN

Also Published As

Publication number Publication date
CN110191042A (en) 2019-08-30

Similar Documents

Publication Publication Date Title
US20220174042A1 (en) Network Architecture for Cloud Computing Environments
US10333836B2 (en) Convergence for EVPN multi-homed networks
US10320664B2 (en) Cloud overlay for operations administration and management
CN106936777B (en) Cloud computing distributed network implementation method and system based on OpenFlow
US8819267B2 (en) Network virtualization without gateway function
US10205657B2 (en) Packet forwarding in data center network
CN106878048B (en) Fault processing method and device
US7411955B2 (en) 3-layer VPN and constructing method thereof
US9100213B1 (en) Synchronizing VPLS gateway MAC addresses
CN109716717A (en) From software-defined network controller management virtual port channel switching equipment peer-to-peer
CN104871483A (en) IP multicast service join process for MPLS-based virtual private cloud networking
CN104823405A (en) IP multicast service leave process for MPLS-based virtual private cloud networking
CN110191042B (en) Message forwarding method and device
CN108199963B (en) Message forwarding method and device
US20170317850A1 (en) Layer-3 Forwarding in VXLAN
CN102413060B (en) User private line communication method and equipment used in VPLS (Virtual Private LAN (Local Area Network) Service) network
CN111614541B (en) Method for adding public cloud network physical host into VPC
CN104272657A (en) Method and apparatus for providing tenant information for network flows
EP3605959A1 (en) Method, device and computer storage medium for implementing double control plane
CN102611618B (en) Route protection converting method and device
CN107995083B (en) Method, system and equipment for realizing intercommunication between L2VPN and VxLAN
CN106899478B (en) Method for realizing resource elastic expansion of power test service through cloud platform
EP4239973A1 (en) Packet sending method, device, and system
US11516184B2 (en) Firewall service insertion across secure fabric preserving security group tags end to end with dual homed firewall
US20210359879A1 (en) Packet forwarding method and network device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant