CN111245700A - Loop detection method and device - Google Patents

Loop detection method and device Download PDF

Info

Publication number
CN111245700A
CN111245700A CN202010048030.5A CN202010048030A CN111245700A CN 111245700 A CN111245700 A CN 111245700A CN 202010048030 A CN202010048030 A CN 202010048030A CN 111245700 A CN111245700 A CN 111245700A
Authority
CN
China
Prior art keywords
port
leaf node
address
evpn
layer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010048030.5A
Other languages
Chinese (zh)
Other versions
CN111245700B (en
Inventor
杨柳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN202010048030.5A priority Critical patent/CN111245700B/en
Publication of CN111245700A publication Critical patent/CN111245700A/en
Application granted granted Critical
Publication of CN111245700B publication Critical patent/CN111245700B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4637Interconnected ring systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4675Dynamic sharing of VLAN information amongst network nodes

Abstract

The application provides a loop detection method and a device, the method is applied to a first leaf node, the first leaf node is positioned in an Ethernet virtual private network EVPN, the method comprises the following steps: a first leaf node receives a free ARP message sent by a layer two network device through a local first port, wherein the free ARP message comprises an ARP head, and the ARP head comprises a first IP address; the first leaf node judges whether the first IP address is the same as a second IP address of the first leaf node; if the first IP address is the EVPN distributed gateway address, the first leaf node judges whether the first IP address is the EVPN distributed gateway address; if yes, the first leaf node sends loop alarm information.

Description

Loop detection method and device
Technical Field
The present application relates to the field of communications technologies, and in particular, to a loop detection method and apparatus.
Background
The technology of Virtual machines of a Virtual eXtensible LAN (VXLAN for short) network is a technology for realizing two-layer VPN based on an IP network by adopting a packaging form of 'MAC in UDP'. On the basis of VXLAN, the control plane of the EVPN adopts the host addresses (MAC, IP) and host routing information hung under the MP-BGP notification leaf node (leaf), so that the occupation of the core Network bandwidth of an Address Resolution Protocol (ARP) broadcast message in an Ethernet Virtual Private Network (EVPN) can be greatly reduced.
If the user has networking misoperation, a loop exists in the host hung under the leaf: for example, a host that is hanging down may itself have a loop as in cases 1 and 3; or two leaf enable a cross-frame link aggregation feature (Distributed Resilient Network Interconnect, DRNI), so that although the host that is hung down does not have a loop, two layers of interworking connection exist between the two leaf, forming a loop as in case 2; or a virtual two-layer path is formed through the EVPN two-layer VXLAN tunnel so that the host hanging down also has a loop as in case 4.
In the existing loop detection mode, a leaf actively sends a loop detection message with a target MAC address as a specific multicast address, and a source MAC address is the MAC address of the leaf; if the leaf receives the loop detection message again, the leaf determines that a loop exists in the network. Like leaf5 in fig. 1, it sends a loop detection message, which will be sent in VXLAN tunnel of host side and upper spine node (spine) hanging under it, if leaf5 receives the loop detection message from any port, it determines that a loop occurs in the network.
However, the above-described detection loop method also has the following problems: 1) each device in the EVPN networking needs to enable the detection function, that is, the device needs to have a function of identifying a specific multicast MAC address or a specific protocol type, distinguish a received loop detection message from other messages, and send the loop detection message to the CPU of the device for processing, instead of forwarding or discarding. The device which does not enable the function only carries out ordinary two-layer forwarding; 2) the loop detection message needs to be flooded in the EVPN core network, which causes a large amount of multicast and broadcast messages to be generated in the EVPN, and if loops exist under multiple leaves, the broadcast storm in the EVPN is aggravated.
Disclosure of Invention
In view of this, the present application provides a loop detection method and apparatus, so as to solve the problems in the prior art that each device in an EVPN networking needs to be additionally enabled with a loop detection function, and a large number of loop detection messages are flooded in an EVPN core network.
In a first aspect, the present application provides a loop detection method applied to a first leaf node in an ethernet virtual private network EVPN, the method including:
the first leaf node receives a free ARP message sent by a layer two network device through a local first port, wherein the free ARP message comprises an ARP head, and the ARP head comprises a first IP address;
the first leaf node determining whether the first IP address is the same as a second IP address of the first leaf node;
if the first IP address is the EVPN distributed gateway address, the first leaf node judges whether the first IP address is the EVPN distributed gateway address;
if yes, the first leaf node sends loop alarm information.
With reference to the first aspect, in a first possible implementation manner, the EVPN further includes a second leaf node; the first IP address is the IP address of the second leaf node.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner, the layer-two network device includes a second port, and the second port is correspondingly connected to the first port;
the first leaf node receives a free ARP message sent by a layer two network device through a local first port, and specifically includes:
and the first leaf node receives a gratuitous ARP message sent by the second port through the first port.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner, the second leaf node includes a third port, and the layer-two network device further includes a fourth port, where the third port is connected to the fourth port correspondingly, and the third port is configured with a virtual switch instance VSI;
the free ARP message is sent to the fourth port by the second leaf node through the third port;
and when the second port which belongs to the same two-layer broadcast domain with the third port exists in the two-layer network equipment, the free ARP message is sent to the first port by the two-layer network equipment through the second port.
With reference to the first aspect, in a fourth possible implementation manner, the method further includes:
if not, the first leaf node sends address conflict warning information.
In a second aspect, the present application provides a loop detection method applied to a first leaf node, where the first leaf node is an ethernet virtual private network EVPN, and the EVPN further includes a second leaf node and a two-layer network device, where the method includes:
the first leaf node sends a free ARP message to a second port included in the two-layer network equipment through a local first port, the free ARP message comprises an ARP header, and a target IP included in the ARP header is an IP address of the first leaf node;
and the free ARP message is used for sending the free ARP message to the second leaf node through the third port when the second layer network equipment has the third port which belongs to the same two-layer broadcast domain as the second port, so that the second leaf node judges whether a loop exists in the EVPN according to the target IP.
With reference to the second aspect, in a first possible implementation manner, the first port is configured with a virtual switch instance VSI.
With reference to the second aspect, in a second possible implementation manner, a VXLAN tunnel is established between the first leaf node and the second leaf node;
and the first leaf node forbids the VXLAN tunnel to forward the gratuitous ARP message.
In a third aspect, the present application provides a loop detection method, where the method is applied to a layer two network device, and the method includes:
the method comprises the steps that the two-layer network equipment receives a free ARP message sent by a first leaf node of an Ethernet Virtual Private Network (EVPN) through a first port, wherein the free ARP message comprises an ARP head, and a target IP included in the ARP head is an IP address of the first leaf node;
when the second port which belongs to the same two-layer broadcast domain with the first port exists in the two-layer network equipment, the two-layer network equipment sends the free ARP message to a second leaf node in the EVPN network through the second port, so that the second leaf node judges whether a loop exists in the EVPN according to the target IP.
With reference to the third aspect, in a first possible implementation manner, the gratuitous ARP packet further includes VLAN identification information, where the VLAN identification information is used to indicate a VLAN to which the first port belongs;
after the two-layer network device receives the gratuitous ARP message sent by the first leaf node of the ethernet virtual private network EVPN through the first port, the method further includes:
searching whether a second port belonging to the VLAN indicated by the VLAN identification information exists in a local port;
and if so, determining that a second port which belongs to the same two-layer broadcast domain as the first port exists in the two-layer network equipment.
With reference to the third aspect, in a second possible implementation manner, the first leaf node further includes a third port, where the third port is connected to the first port correspondingly and is configured with a virtual switch instance VSI;
the method for receiving the gratuitous ARP message sent by the first leaf node of the Ethernet virtual private network EVPN by the two-layer network equipment through the first port specifically comprises the following steps:
and the two-layer network equipment receives the free ARP message sent by the third port through the first port.
In a fourth aspect, the present application provides a loop detection apparatus at an ethernet virtual private network EVPN, the apparatus comprising:
the system comprises a sending unit, a receiving unit and a processing unit, wherein the sending unit is used for receiving a free ARP message sent by a two-layer network device through a local first port, the free ARP message comprises an ARP head, and the ARP head comprises a first IP address;
a first judging unit, configured to judge whether the first IP address is the same as a second IP address of the first leaf node;
a second determining unit, configured to determine whether the first IP address is the EVPN distributed gateway address if the first IP address is the EVPN distributed gateway address;
and the sending unit is also used for sending the loop alarm information if the loop alarm information is true.
With reference to the fourth aspect, in a first possible implementation manner, the EVPN further includes a second leaf node; the first IP address is the IP address of the second leaf node.
With reference to the first possible implementation manner of the fourth aspect, in a second possible implementation manner, the layer-two network device includes a second port, and the second port is correspondingly connected to the first port;
the sending unit is specifically configured to receive, through the first port, a gratuitous ARP packet sent by the second port.
With reference to the second possible implementation manner of the fourth aspect, in a third possible implementation manner, the second leaf node includes a third port, and the layer-two network device further includes a fourth port, where the third port is connected to the fourth port correspondingly, and the third port is configured with a virtual switch instance VSI;
the free ARP message is sent to the fourth port by the second leaf node through the third port;
and when the second port which belongs to the same two-layer broadcast domain with the third port exists in the two-layer network equipment, the free ARP message is sent to the first port by the two-layer network equipment through the second port.
With reference to the fourth aspect, in a fourth possible implementation manner, the sending unit is further configured to send address collision warning information if the address collision warning information is not sent.
In a fifth aspect, the present application provides a loop detection apparatus, the apparatus being in an ethernet virtual private network EVPN, the EVPN further including a first leaf node and a two-layer network device, the apparatus comprising:
a sending unit, configured to send a gratuitous ARP packet to a second port included in the layer-two network device through a local first port, where the gratuitous ARP packet includes an ARP header, and a destination IP included in the ARP header is an IP address of the apparatus;
and the free ARP message is used for sending the free ARP message to the first leaf node through the third port when the second layer network equipment has the third port which belongs to the same two-layer broadcast domain as the second port, so that the first leaf node judges whether a loop exists in the EVPN according to the target IP.
With reference to the fifth aspect, in a first possible implementation manner, the first port is configured with a virtual switch instance VSI.
With reference to the fifth aspect, in a second possible implementation manner, the EVPN further includes a ridge node, a VXLAN tunnel is established between the ridge node and the first leaf node, and a VXLAN tunnel is established between the first leaf node and the second leaf node; the device further comprises:
and the forbidding unit is used for forbidding the VXLAN tunnel to forward the gratuitous ARP message.
In a sixth aspect, the present application provides a loop detection apparatus, the apparatus comprising:
a receiving unit, configured to receive a gratuitous ARP packet sent by a first leaf node in an ethernet virtual private network EVPN through a first port, where the gratuitous ARP packet includes an ARP header, and a destination IP included in the ARP header is an IP address of the first leaf node;
and the sending unit is used for sending the free ARP message to a second leaf node in the EVPN network through a second port when the device has the second port which belongs to the same two-layer broadcast domain as the first port, so that the second leaf node judges whether a loop exists in the EVPN according to the target IP.
With reference to the sixth aspect, in a first possible implementation manner, the gratuitous ARP packet further includes VLAN identification information, where the VLAN identification information is used to indicate a VLAN to which the first port belongs;
the device further comprises:
a searching unit, configured to search, in a local port, whether a second port that belongs to the VLAN indicated by the VLAN identification information exists;
and if the second port exists, the determining unit is used for determining that a second port which belongs to the same two-layer broadcast domain as the first port exists in the two-layer network equipment.
With reference to the sixth aspect, in a second possible implementation manner, the first leaf node further includes a third port, where the third port is connected to the first port correspondingly and is configured with a virtual switch instance VSI;
the sending unit is specifically configured to receive the gratuitous ARP packet sent by the third port through the first port.
In a seventh aspect, the present application provides an electronic device comprising a processor and a machine-readable storage medium, the machine-readable storage medium storing machine-executable instructions capable of being executed by the processor, the processor being caused by the machine-executable instructions to perform the method provided in the first, second, and third aspects of the present application.
In an eighth aspect, the present application provides a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to perform the methods provided in the first, second, and third aspects of the present application.
Therefore, by applying the loop detection method and the device provided by the application, after a first leaf node in an EVPN networking receives a free ARP message sent by a two-layer network device connected with the first leaf node, a first IP address included in the free ARP message is compared with a second IP address of the first leaf node, and if the IP addresses are the same and the IP addresses are EVPN distributed gateway addresses, the first leaf node determines that a loop exists in the EVPN networking, and generates and sends loop alarm information. The problems that in the prior art, each device in an EVPN networking needs to be additionally provided with an enabled loop detection function, and a large number of loop detection messages flood in an EVPN core network are solved. The method and the device realize that each device in the EVPN group network does not need to be additionally provided with an enabling loop detection function, avoid flooding of a large number of loop detection messages in the EVPN core network, and save precious bandwidth resources of the core network.
Drawings
FIG. 1 is a schematic diagram of EVPN networking loop detection in the prior art;
fig. 2 is a flowchart of a loop detection method according to an embodiment of the present application;
fig. 3 is a schematic diagram of an EVPN distributed gateway networking provided in an embodiment of the present application;
fig. 4 is a schematic diagram of EVPN distributed gateway networking loop detection provided in an embodiment of the present application;
fig. 5 is a structural diagram of a loop detection device according to an embodiment of the present application;
fig. 6 is a structural diagram of another loop detection apparatus provided in an embodiment of the present application;
fig. 7 is a structural diagram of another loop detection device according to an embodiment of the present application;
fig. 8 is a hardware structure diagram of another loop detection apparatus according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the corresponding listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The loop detection method provided in the embodiments of the present application is described in detail below. Referring to fig. 2, fig. 2 is a flowchart illustrating a loop detection method according to an embodiment of the present disclosure. The method is applied to EVPN networking. The loop detection method provided by the embodiment of the application can comprise the following steps.
Fig. 3 shows EVPN distributed gateway networking provided in the embodiment of the present application, and fig. 3 is an EVPN distributed gateway networking diagram shown in the embodiment of the present application. Currently, in a networking scheme of an EVPN distributed gateway, each leaf is set as a gateway of a device to which the leaf is accessed, and each leaf sets the same gateway IP address and MAC address. For example, in FIG. 3, all leaf are distributed gateways, IP addresses are 10.0.0.1/24, MAC addresses are 0-0-1, each leaf has access to at least one host, and the hosts are all under the same two-layer network (address: 10.0.0.0/24).
Step 201, a first leaf node sends a gratuitous ARP message to a second port included in a layer-two network device through a local first port.
Specifically, when a new leaf, such as leaf5, is added to the EVPN networking, as shown in fig. 4, fig. 4 is a schematic diagram of loop detection of the EVPN distributed gateway networking according to the embodiment of the present application. leaf5 generates a gratuitous ARP message first, and sends the gratuitous ARP message to a layer two network device through a first local port (not shown in fig. 1).
It should be noted that the first port is a port in the leaf corresponding to the connected host side, and the port is configured with a virtual switch instance VSI. In the embodiment of the present application, both port1 in leaf5 and port2 in leaf6 may be the first port. The following examples are illustrated by way of example of port1 in leaf 5.
In this embodiment, the gratuitous ARP packet includes an Ethernet (Ethernet) header and an ARP header as shown in table 1 below, where the Ethernet header includes a source MAC address and a destination MAC address, the source MAC address is a distributed gateway MAC address, for example, 0-0-1, and the destination MAC address is a broadcast address, for example, a full f address. The ARP header comprises a source MAC address, a destination MAC address and a source IP and a destination IP, wherein the source MAC address is a distributed gateway MAC address, for example, 0-0-1, and the destination MAC address is 0-0-0; the source IP address is a distributed gateway IP address, e.g., 10.0.0.1, and the destination IP address is a distributed gateway IP address, e.g., 10.0.0.1.
TABLE 1 MAC and IP information carried by gratuitous ARP messages
Ethernet header source MAC address Distributed gateway MAC (e.g. 0-0-1)
Ethernet header destination MAC address Broadcast address (ffff-ffff-ffff)
ARP header source MAC address Distributed gateway MAC (e.g. 0-0-1)
ARP header Source IP Address Distributed gateway IP (e.g. 10.0.0.1)
ARP header destination MAC address 0-0-0
ARP header destination IP address Distributed gateway IP (e.g. 10.0.0.1)
Step 202, when the layer-two network device has a third port belonging to the same layer-two broadcast domain as the second port, the layer-two network device sends a free ARP message to the second leaf node in the EVPN network through the third port.
Specifically, as shown in fig. 4, after a layer-two network device receives a gratuitous ARP packet through a second port (e.g., port7 in the figure), the layer-two network device determines whether a third port that belongs to the same layer-two broadcast domain as the second port (i.e., port7) exists.
Further, in this embodiment of the present application, the gratuitous ARP packet further includes VLAN identification information, where the VLAN identification information is used to indicate a VLAN to which the first port belongs.
In the local port, the two-layer network equipment searches whether a second port belonging to the VLAN indicated by the VLAN identification information exists; if so, the layer-two network device determines that a third port belonging to the same layer-two broadcast domain as the second port exists in the layer-two network device.
If a third port (e.g., port8 in the figure) belonging to the same two-layer broadcast domain as port7 exists in the two-layer network device, the two-layer network device sends the free ARP message to a second leaf node (e.g., leaf6 in the figure) in the EVPN network through port 8.
In this embodiment of the present application, after determining that there is a port8 that belongs to the same two-layer broadcast domain as the port7, the two-layer network device searches a locally stored routing table, determines a port2 that is leaf6 and is correspondingly connected to the port8, and at this time, the two-layer network device sends a free ARP packet to the port2 through the port 8.
Port7 and port8 are two different layers of ports.
And step 203, the second leaf node receives the free ARP message.
Specifically, as shown in fig. 4, the second leaf node (e.g., leaf6 in the figure) receives the gratuitous ARP packet through the fourth port (e.g., port2 in the figure), and sends the gratuitous ARP packet to the local CPU for processing.
In this embodiment, after receiving the message, the port2 determines that the received message is a free ARP message according to the outer header and the inner header of the message in table 1, and then sends the free ARP message to the CPU of the second leaf node for processing.
Step 204, the second leaf node determines whether the first IP address in the ARP header included in the gratuitous ARP packet is the same as the second IP address of the second leaf node, and if so, step 205 is executed.
Specifically, as described in step 203, port2 receives the gratuitous ARP packet and sends the gratuitous ARP packet to the CPU for processing.
After receiving the message, the CPU determines that the received message is a gratuitous ARP message according to the outer and inner headers of the message in table 1, and at this time, the CPU obtains a destination IP address (which may also be referred to as a first IP address) from the ARP header included in the gratuitous ARP message. Meanwhile, the CPU also acquires an IP address (also referred to as a second IP address) of the own machine (i.e., the second leaf node).
The CPU determines whether the first IP address is the same as the second IP address, and if so, the CPU performs step 205; if not, the CPU discards the free ARP message and ends the process.
Step 205, if the addresses are the same, the first leaf node determines whether the first IP address is the EVPN distributed gateway address, and if so, step 206 is executed.
Specifically, according to the judgment in step 204, if the two are the same, the CPU continues to judge whether the first IP address is the EVPN distributed gateway address of the second leaf node, and if so, the CPU executes step 206; if not, the CPU executes step 207.
And step 206, if yes, the first leaf node sends loop alarm information.
Specifically, according to the judgment in step 205, if yes, the CPU determines that a loop exists in the EVPN networking, and the CPU generates and transmits loop alarm information; if not, the CPU executes step 207.
Step 207, if not, the first leaf node sends address conflict warning information.
Specifically, according to the judgment in step 205, if not, the CPU determines that no loop exists in the EVPN network, but the IP addresses of other leaves are the same as the IP address of the leaf of the CPU in the EVPN network, and the CPU generates and transmits the address conflict warning message.
Further, the CPU may multiplex the notification message in the prior art to carry the loop warning information or the address collision warning information. For example, a notification message for generating an alarm or using a trap in a Simple Network Management Protocol (SNMP) is multiplexed.
Therefore, by applying the loop detection method provided by the embodiment of the present application, after a first leaf node in an EVPN networking receives a gratuitous ARP message sent by a two-layer network device connected to the first leaf node, a first IP address included in the gratuitous ARP message is compared with a second IP address of the first leaf node, and if the IP addresses are the same and the IP address is an EVPN distributed gateway address, the first leaf node determines that a loop exists in the EVPN networking, and generates and sends loop alarm information. The problems that in the prior art, each device in an EVPN networking needs to be additionally provided with an enabled loop detection function, and a large number of loop detection messages flood in an EVPN core network are solved. The method and the device realize that each device in the EVPN group network does not need to be additionally provided with an enabling loop detection function, avoid flooding of a large number of loop detection messages in the EVPN core network, and save precious bandwidth resources of the core network.
Optionally, in this embodiment of the present application, as shown in fig. 3, the networking scheme of the EVPN distributed gateway further includes a spine (spine) node, a physical link connection has been established between the spine and each leaf in the networking, and a VXLAN tunnel has been established between each leaf, and the method further includes: and the first leaf node forbids the VXLAN tunnel to forward the free ARP message. Through the process, a large number of loop detection messages can be prevented from flooding in the EVPN core network, and precious bandwidth resources of the core network are saved.
Specifically, taking the leaf5 as an example, as shown in fig. 4, a physical link is connected between the leaf5 and spine, and a VXLAN tunnel is established between the leaf5 and the leaf 6. At this time, the leaf5 only sends the gratuitous ARP message through the port1, and forbids forwarding the gratuitous ARP message through the VXLAN tunnel between the leaf6, thereby avoiding flooding of the gratuitous ARP message in the EVPN core network and saving the bandwidth resources of the core network.
Alternatively, in the embodiment of the present application, as shown in fig. 4, after the leaf5 completes the loop detection, the loop detection may be set periodically, for example, the loop detection period is set to X hours, Y days, and the like. Further, if the leaf5 is a device newly added to the EVPN networking, after the leaf5 is online, it may also periodically send a gratuitous ARP through the port1, so that after the leaf5 is online, the problem of hanging down the host loop can still be detected.
Furthermore, as shown in fig. 4, when the spine and the leaf are connected by a physical link, a gratuitous ARP packet may also be sent through the port connected with the leaf according to the requirement of the user, so as to implement loop detection in the EVPN network.
Based on the same inventive concept, the embodiment of the application also provides a message processing device corresponding to the loop detection method. Referring to fig. 5, fig. 5 is a ring detection apparatus in an ethernet virtual private network EVPN according to an exemplary embodiment of the present application, including:
a sending unit 510, configured to receive a gratuitous ARP packet sent by a layer two network device through a local first port, where the gratuitous ARP packet includes an ARP header, and the ARP header includes a first IP address;
a first determining unit 520, configured to determine whether the first IP address is the same as a second IP address of the first leaf node;
a second determining unit 530, configured to determine whether the first IP address is the EVPN distributed gateway address if the first IP address is the EVPN distributed gateway address;
the sending unit 510 is further configured to send loop alarm information if yes.
Optionally, the EVPN further comprises a second leaf node; the first IP address is the IP address of the second leaf node.
Optionally, the layer-two network device includes a second port, and the second port is correspondingly connected to the first port;
the sending unit 510 is specifically configured to receive, through the first port, a gratuitous ARP packet sent by the second port.
Optionally, the second leaf node includes a third port, and the layer-two network device further includes a fourth port, where the third port is connected to the fourth port correspondingly, and the third port is configured with a virtual switch instance VSI;
the free ARP message is sent to the fourth port by the second leaf node through the third port;
and when the second port which belongs to the same two-layer broadcast domain with the third port exists in the two-layer network equipment, the free ARP message is sent to the first port by the two-layer network equipment through the second port.
Optionally, the sending unit 510 is further configured to send address collision warning information if the address collision warning information is not received.
Based on the same inventive concept, the embodiment of the application also provides a message processing device corresponding to the loop detection method. Referring to fig. 6, fig. 6 shows another loop detection apparatus in an ethernet virtual private network EVPN, which further includes a first leaf node and a layer-two network device, according to an exemplary embodiment of the present application, including:
a sending unit 610, configured to send a gratuitous ARP packet to a second port included in the layer-two network device through a local first port, where the gratuitous ARP packet includes an ARP header, and a destination IP included in the ARP header is an IP address of the apparatus;
and the free ARP message is used for sending the free ARP message to the first leaf node through the third port when the second layer network equipment has the third port which belongs to the same two-layer broadcast domain as the second port, so that the first leaf node judges whether a loop exists in the EVPN according to the target IP.
Optionally, the first port has configured a virtual switch instance VSI.
Optionally, the EVPN further comprises a ridge node, a VXLAN tunnel has been established between the ridge node and the first leaf node, and a VXLAN tunnel has been established between the first leaf node and the second leaf node; the device further comprises:
the disabling unit 620 is configured to disable the VXLAN tunnel from forwarding the gratuitous ARP packet.
Based on the same inventive concept, the embodiment of the application also provides a message processing device corresponding to the loop detection method. Referring to fig. 7, fig. 7 shows a loop detecting apparatus according to an exemplary embodiment of the present application, the apparatus including:
a receiving unit 710, configured to receive a gratuitous ARP packet sent by a first leaf node in an ethernet virtual private network EVPN through a first port, where the gratuitous ARP packet includes an ARP header, and a destination IP included in the ARP header is an IP address of the first leaf node;
a sending unit 720, configured to send the gratuitous ARP packet to a second leaf node in the EVPN network through a second port when the apparatus has the second port that belongs to the same two-layer broadcast domain as the first port, so that the second leaf node determines, according to the destination IP, whether a loop exists in the EVPN.
Optionally, the gratuitous ARP packet further includes VLAN identification information, where the VLAN identification information is used to indicate a VLAN to which the first port belongs;
the device further comprises:
a searching unit 730, configured to search, in the local port, whether a second port that belongs to the VLAN indicated by the VLAN identification information exists;
a determining unit 740, configured to determine that a second port belonging to the same layer two broadcast domain as the first port exists in the layer two network device, if the second port exists.
Optionally, the first leaf node further includes a third port, where the third port is connected to the first port and is configured with a virtual switch instance VSI;
the sending unit 720 is specifically configured to receive the gratuitous ARP packet sent by the third port through the first port.
Therefore, by applying the loop detection method provided by the application, after a first leaf node in the EVPN networking receives a gratuitous ARP message sent by a two-layer network device connected with the first leaf node, a first IP address included in the gratuitous ARP message is compared with a second IP address of the first leaf node, and if the IP addresses are the same and the IP addresses are EVPN distributed gateway addresses, the first leaf node determines that a loop exists in the EVPN networking, and generates and sends loop alarm information. The problems that in the prior art, each device in an EVPN networking needs to be additionally provided with an enabled loop detection function, and a large number of loop detection messages flood in an EVPN core network are solved. The method and the device realize that each device in the EVPN group network does not need to be additionally provided with an enabling loop detection function, avoid flooding of a large number of loop detection messages in the EVPN core network, and save precious bandwidth resources of the core network.
Based on the same inventive concept, the present application further provides another loop detection apparatus, as shown in fig. 8, including a processor 810, a transceiver 820, and a machine-readable storage medium 830, where the machine-readable storage medium 830 stores machine-executable instructions capable of being executed by the processor 810, and the processor 810 is caused by the machine-executable instructions to perform the loop detection method provided by the present application.
Any of the loop detection devices shown in fig. 5-7 can be implemented by using the hardware structure of the loop detection device shown in fig. 8.
The computer-readable storage medium 830 may include a RAM (Random Access Memory) and a NVM (Non-volatile Memory), such as at least one disk Memory. Alternatively, the computer-readable storage medium 830 may be at least one memory device located remotely from the processor 810.
The Processor 810 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), etc.; the Integrated Circuit can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In embodiments of the present application, the processor 810 is caused by machine-executable instructions stored in the machine-readable storage medium 830 by reading the machine-executable instructions to enable the processor 810 itself and the call transceiver 820 to perform the loop detection methods described in embodiments of the present application.
Additionally, embodiments of the present application provide a machine-readable storage medium 830, the machine-readable storage medium 830 storing machine-executable instructions that, when invoked and executed by the processor 810, cause the processor 810 itself and the invoking transceiver 820 to perform the loop detection methods described in embodiments of the present application.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
For the embodiments of the loop detection apparatus and the machine-readable storage medium, the contents of the related methods are substantially similar to those of the foregoing embodiments, so that the description is relatively simple, and for the relevant points, reference may be made to the partial description of the embodiments of the methods.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims (14)

1. A loop detection method applied to a first leaf node at an ethernet virtual private network EVPN, the method comprising:
the first leaf node receives a free ARP message sent by a layer two network device through a local first port, wherein the free ARP message comprises an ARP head, and the ARP head comprises a first IP address;
the first leaf node determining whether the first IP address is the same as a second IP address of the first leaf node;
if the first IP address is the EVPN distributed gateway address, the first leaf node judges whether the first IP address is the EVPN distributed gateway address;
if yes, the first leaf node sends loop alarm information.
2. The method of claim 1, wherein said EVPN further comprises a second leaf node; the first IP address is the IP address of the second leaf node.
3. The method of claim 2, wherein the layer two network device includes a second port, and wherein the second port is connected to the first port;
the first leaf node receives a free ARP message sent by a layer two network device through a local first port, and specifically includes:
and the first leaf node receives a gratuitous ARP message sent by the second port through the first port.
4. The method of claim 3, wherein the second leaf node comprises a third port, wherein the layer-two network device further comprises a fourth port, wherein the third port is connected to the fourth port and is configured with a Virtual Switch Instance (VSI);
the free ARP message is sent to the fourth port by the second leaf node through the third port;
and when the second port which belongs to the same two-layer broadcast domain with the third port exists in the two-layer network equipment, the free ARP message is sent to the first port by the two-layer network equipment through the second port.
5. The method of claim 1, further comprising:
if not, the first leaf node sends address conflict warning information.
6. A loop detection method applied to a first leaf node, the first leaf node being in an ethernet virtual private network, EVPN, the EVPN further comprising a second leaf node and a two-layer network device, the method comprising:
the first leaf node sends a free ARP message to a second port included in the two-layer network equipment through a local first port, the free ARP message comprises an ARP header, and a target IP included in the ARP header is an IP address of the first leaf node;
and the free ARP message is used for sending the free ARP message to the second leaf node through the third port when the second layer network equipment has the third port which belongs to the same two-layer broadcast domain as the second port, so that the second leaf node judges whether a loop exists in the EVPN according to the target IP.
7. The method of claim 6, wherein the first port has been configured with a Virtual Switch Instance (VSI).
8. The method of claim 6, wherein a VXLAN tunnel has been established between the first leaf node and the second leaf node; the method further comprises the following steps:
and the first leaf node forbids the VXLAN tunnel to forward the gratuitous ARP message.
9. A loop detection method is applied to two-layer network equipment, and the method comprises the following steps:
the method comprises the steps that the two-layer network equipment receives a free ARP message sent by a first leaf node of an Ethernet Virtual Private Network (EVPN) through a first port, wherein the free ARP message comprises an ARP head, and a target IP included in the ARP head is an IP address of the first leaf node;
when the second port which belongs to the same two-layer broadcast domain with the first port exists in the two-layer network equipment, the two-layer network equipment sends the free ARP message to a second leaf node in the EVPN network through the second port, so that the second leaf node judges whether a loop exists in the EVPN according to the target IP.
10. The method of claim 9, wherein the gratuitous ARP message further includes VLAN identification information indicating a VLAN to which the first port belongs;
after the two-layer network device receives the gratuitous ARP message sent by the first leaf node of the ethernet virtual private network EVPN through the first port, the method further includes:
searching whether a second port belonging to the VLAN indicated by the VLAN identification information exists in a local port;
and if so, determining that a second port which belongs to the same two-layer broadcast domain as the first port exists in the two-layer network equipment.
11. The method of claim 9, wherein the first leaf node further comprises a third port, wherein the third port is connected to correspond to the first port and wherein the third port has a Virtual Switch Instance (VSI) configured thereto;
the method for receiving the gratuitous ARP message sent by the first leaf node of the Ethernet virtual private network EVPN by the two-layer network equipment through the first port specifically comprises the following steps:
and the two-layer network equipment receives the free ARP message sent by the third port through the first port.
12. A loop detection apparatus, wherein the apparatus is in an ethernet virtual private network EVPN, the apparatus comprising:
the system comprises a sending unit, a receiving unit and a processing unit, wherein the sending unit is used for receiving a free ARP message sent by a two-layer network device through a local first port, the free ARP message comprises an ARP head, and the ARP head comprises a first IP address;
a first judging unit, configured to judge whether the first IP address is the same as a second IP address of the first leaf node;
a second determining unit, configured to determine whether the first IP address is the EVPN distributed gateway address if the first IP address is the EVPN distributed gateway address;
and the sending unit is also used for sending the loop alarm information if the loop alarm information is true.
13. A loop detection apparatus, wherein the apparatus is in an ethernet virtual private network EVPN, wherein the EVPN further comprises a first leaf node and a two-layer network device, the apparatus comprising:
a sending unit, configured to send a gratuitous ARP packet to a second port included in the layer-two network device through a local first port, where the gratuitous ARP packet includes an ARP header, and a destination IP included in the ARP header is an IP address of the apparatus;
and the free ARP message is used for sending the free ARP message to the first leaf node through the third port when the second layer network equipment has the third port which belongs to the same two-layer broadcast domain as the second port, so that the first leaf node judges whether a loop exists in the EVPN according to the target IP.
14. A loop detection device, the device comprising:
a receiving unit, configured to receive a gratuitous ARP packet sent by a first leaf node in an ethernet virtual private network EVPN through a first port, where the gratuitous ARP packet includes an ARP header, and a destination IP included in the ARP header is an IP address of the first leaf node;
and the sending unit is used for sending the free ARP message to a second leaf node in the EVPN network through a second port when the device has the second port which belongs to the same two-layer broadcast domain as the first port, so that the second leaf node judges whether a loop exists in the EVPN according to the target IP.
CN202010048030.5A 2020-01-16 2020-01-16 Loop detection method and device Active CN111245700B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010048030.5A CN111245700B (en) 2020-01-16 2020-01-16 Loop detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010048030.5A CN111245700B (en) 2020-01-16 2020-01-16 Loop detection method and device

Publications (2)

Publication Number Publication Date
CN111245700A true CN111245700A (en) 2020-06-05
CN111245700B CN111245700B (en) 2022-02-22

Family

ID=70864156

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010048030.5A Active CN111245700B (en) 2020-01-16 2020-01-16 Loop detection method and device

Country Status (1)

Country Link
CN (1) CN111245700B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291160A (en) * 2020-09-23 2021-01-29 浪潮思科网络科技有限公司 BUM message suppression method, device and medium
CN115333974A (en) * 2022-08-10 2022-11-11 杭州云合智网技术有限公司 VSI-based loop detection method and device in DRNI network

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103607317A (en) * 2013-10-21 2014-02-26 华为技术有限公司 Two-layer loop detection method, two-layer loop detection device and communication system
US20150350043A1 (en) * 2013-01-23 2015-12-03 Telefonaktiebolaget L M Ericsson (Publ) Methods and arrangements for checking connectivity and detecting connectivity failure
CN105791048A (en) * 2016-03-01 2016-07-20 上海斐讯数据通信技术有限公司 Loopback detection method and device and network equipment containing the device
CN106453026A (en) * 2016-11-04 2017-02-22 锐捷网络股份有限公司 Logic loop detection method and apparatus based on VXLAN
CN106506378A (en) * 2016-11-10 2017-03-15 杭州迪普科技股份有限公司 The update method of mac address table and device
CN106549821A (en) * 2015-09-23 2017-03-29 华为技术有限公司 A kind of network loop detection method and controller
US20170230277A1 (en) * 2016-02-04 2017-08-10 Cisco Technology, Inc. Loop detection and prevention
CN107566263A (en) * 2016-06-30 2018-01-09 丛林网络公司 The method and the network equipment that layer 3 for EVPN link failures is assembled

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150350043A1 (en) * 2013-01-23 2015-12-03 Telefonaktiebolaget L M Ericsson (Publ) Methods and arrangements for checking connectivity and detecting connectivity failure
CN103607317A (en) * 2013-10-21 2014-02-26 华为技术有限公司 Two-layer loop detection method, two-layer loop detection device and communication system
CN106549821A (en) * 2015-09-23 2017-03-29 华为技术有限公司 A kind of network loop detection method and controller
US20170230277A1 (en) * 2016-02-04 2017-08-10 Cisco Technology, Inc. Loop detection and prevention
CN105791048A (en) * 2016-03-01 2016-07-20 上海斐讯数据通信技术有限公司 Loopback detection method and device and network equipment containing the device
CN107566263A (en) * 2016-06-30 2018-01-09 丛林网络公司 The method and the network equipment that layer 3 for EVPN link failures is assembled
CN106453026A (en) * 2016-11-04 2017-02-22 锐捷网络股份有限公司 Logic loop detection method and apparatus based on VXLAN
CN106506378A (en) * 2016-11-10 2017-03-15 杭州迪普科技股份有限公司 The update method of mac address table and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈烨: "基于BGP协议的EVPN实现与研究", 《中国优秀硕士学位论文全文数据库 (信息科技辑)》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291160A (en) * 2020-09-23 2021-01-29 浪潮思科网络科技有限公司 BUM message suppression method, device and medium
CN112291160B (en) * 2020-09-23 2022-03-01 浪潮思科网络科技有限公司 BUM message suppression method, device and medium
CN115333974A (en) * 2022-08-10 2022-11-11 杭州云合智网技术有限公司 VSI-based loop detection method and device in DRNI network
CN115333974B (en) * 2022-08-10 2023-08-11 杭州云合智网技术有限公司 Loop detection method and device based on VSI in DRNI network

Also Published As

Publication number Publication date
CN111245700B (en) 2022-02-22

Similar Documents

Publication Publication Date Title
EP3471347B1 (en) Vxlan packet processing method, device and system
CN106878166B (en) Route notification method and device
US20190116220A1 (en) Neighbor Discovery for IPV6 Switching Systems
JP6820423B2 (en) Loop failure handling method and switch
EP2985959B1 (en) Progressive mac address learning
CN106878048B (en) Fault processing method and device
US10567279B2 (en) Egress node protection for broadcast, unknown unicast, or multicast traffic in EVPN topologies
US10263808B2 (en) Deployment of virtual extensible local area network
EP2643940B1 (en) Method of shrinking a data loss window in a packet network device
CN107612808B (en) Tunnel establishment method and device
US9001644B2 (en) Ethernet virtual private network system for providing fast protection for access rings
WO2016101646A1 (en) Access method and apparatus for ethernet virtual network
US20090238179A1 (en) Destination mac aging of entries in a layer 2 (l2) forwarding table
EP2852108B1 (en) Method and device for clearing media access control forwarding table items
CN109218456B (en) Method and device for processing aging time of MAC address table
CN111245700B (en) Loop detection method and device
CN112887139B (en) Message processing method and device
CN107547373B (en) Message forwarding method, device, equipment and machine readable storage medium
CN108881013A (en) Control method, system, SDN controller and the access device of gateway mode
CN107911495B (en) MAC address synchronization method and VTEP
CN108306825B (en) Equivalent forwarding table item generation method and VTEP device
US20230269186A1 (en) Packet Sending Method, Device, and System
US10063675B2 (en) Performing duplicate address detection for an integrated routing and bridging device
US20230164070A1 (en) Packet sending method, device, and system
CN112367238B (en) Message processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant