CN111343071A - Tunnel establishment method and device, load balancing equipment and storage medium - Google Patents
Tunnel establishment method and device, load balancing equipment and storage medium Download PDFInfo
- Publication number
- CN111343071A CN111343071A CN202010202565.3A CN202010202565A CN111343071A CN 111343071 A CN111343071 A CN 111343071A CN 202010202565 A CN202010202565 A CN 202010202565A CN 111343071 A CN111343071 A CN 111343071A
- Authority
- CN
- China
- Prior art keywords
- tunnel
- session
- lns
- lac
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
Abstract
The application provides a tunnel establishment method, a tunnel establishment device, load balancing equipment and a storage medium. The method comprises the following steps: receiving a first tunnel negotiation message sent by a two-layer tunnel protocol access concentrator (LAC); the first Tunnel negotiation message is used for negotiating first Tunnel information, and the first Tunnel information comprises a first Tunnel identifier (Tunnel ID); sending the first Tunnel negotiation message to a first LNS in a plurality of layer two tunneling protocol network servers (LNS), so that when the first LNS and the LAC negotiate successfully, a first Tunnel is established between the first LNS and the LAC based on a first Tunnel ID which negotiates successfully; and sending a second Tunnel negotiation message to at least one second LNS except the first LNS among the LNS, where the second Tunnel negotiation message is used to negotiate second Tunnel information, and the second Tunnel information includes a second Tunnel ID, so that when the negotiation between the second LNS and the LAC is successful, a second Tunnel is established between the second LNS and the LAC based on the successfully negotiated second Tunnel ID.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a tunnel establishment method and apparatus, a load balancing device, and a storage medium.
Background
The two-Layer tunnel Protocol (abbreviated as L2TP) establishes a Point-to-Point L2TP tunnel on a public network, encapsulates a Point-to-Point Protocol (abbreviated as PPP) data frame and transmits the encapsulated PPP data frame through an L2TP tunnel, so that a remote user (such as an enterprise outside agency and a business trip personnel) can access the public network through the PPP tunnel and communicate with an enterprise internal network through an L2TP tunnel to access enterprise internal network resources, thereby providing a safe, economic and effective way for the remote user to access a private enterprise network.
The L2TP tunnel involves two endpoints: the L2TP Access Concentrator (LAC) and L2TP Network Server (LNS), and the L2TP tunnel is a virtual point-to-point connection between the LAC and the LNS. A user side is accessed to an LAC at a second layer, and then the LAC carries out tunnel encapsulation on a PPP message and transmits the PPP message to an LNS through an L2TP tunnel; the LNS will also tunnel PPP messages for tunneling through L2TP to the LAC.
There are two types of connections between one LNS and LAC pair: one is a Tunnel (Tunnel) connection, there may be multiple L2TP tunnels in a pair LAC and LNS; the other is a Session (Session) connection, which is multiplexed over the tunnel connection to indicate each PPP Session procedure carried in the tunnel connection. After the tunnel connection and the session connection are established, the messages with the same tunnel identifier and different session identifiers are transmitted in the same tunnel based on different sessions; the messages with the same tunnel identifier and the same session identifier are transmitted in the same tunnel based on the same session.
Currently, in order to Balance the messages between the LAC and the LNS, L2TP often combines Load balancing (Load Balance, abbreviated as LB) techniques, such as: an LB device is arranged between the LAC and the LNS, a tunnel is established between the LAC and one of the LNS, then a plurality of conversations are established on the tunnel, and the subsequent messages matched with the tunnel and the plurality of conversations are transmitted in the tunnel.
However, because the LB device is further disposed between the LAC and the LNS, a message sent by the LAC to the LNS needs to be relayed through the LB device, and the LB device shares messages of different sessions to different LNSs based on a scheduling algorithm, but the LAC establishes a tunnel with only one of the LNSs, so that messages shared to other LNSs are discarded.
Disclosure of Invention
In order to solve the above problems, the present application provides a tunnel establishment method, a tunnel establishment device, a load balancing device, and a storage medium.
In a first aspect, the present application provides a tunnel establishment method based on a two-layer tunneling protocol L2TP, applied to a load balancing LB device, the method including:
receiving a first tunnel negotiation message sent by a two-layer tunnel protocol access concentrator (LAC); the first tunnel negotiation message is used for negotiating first tunnel information, and the first tunnel information comprises a first tunnel identifier Tunnel ID;
sending the first Tunnel negotiation message to a first LNS in a plurality of layer two tunneling protocol network servers (LNS), so that when the first LNS and the LAC negotiate successfully, a first Tunnel is established between the first LNS and the LAC based on a first Tunnel ID which negotiates successfully;
and sending a second Tunnel negotiation message to at least one second LNS except the first LNS among the LNS, where the second Tunnel negotiation message is used to negotiate second Tunnel information, and the second Tunnel information includes a second Tunnel ID, so that when the negotiation between the second LNS and the LAC is successful, a second Tunnel is established between the second LNS and the LAC based on the successfully negotiated second Tunnel ID.
Optionally, after the first tunnel is established between the first LNS and the LAC, the method further includes:
receiving a first Session negotiation message sent by the LAC, wherein the first Session negotiation message is used for negotiating first Session information, and the first Session information comprises a first Session identification Session ID and a first Tunnel ID;
and sending the first Session negotiation message to the first LNS, so that when the first LNS and the LAC negotiate successfully, a first Session is established between the first LNS and the LAC based on a first Session ID and the first Tunnel ID which negotiate successfully.
Optionally, the method further includes:
receiving a first message, wherein the first message comprises a first Session ID and a first Tunnel ID;
and transmitting the first message in the first tunnel by using a Session table of the first Session based on the first Session ID and the first Tunnel ID.
Optionally, after the second tunnel is established between the second LNS and the LAC, the method further includes:
receiving a second Session negotiation message sent by the LAC, wherein the second Session negotiation message is used for negotiating second Session information, and the second Session information comprises a second Session identifier Session ID and a second Tunnel ID;
and sending the second Session negotiation message to the second LNS, so that when the negotiation between the second LNS and the LAC is successful, a second Session is established between the second LNS and the LAC based on a second Session ID and the second tunnel ID which are successfully negotiated.
Optionally, the method further includes:
receiving a second message, wherein the second message comprises a second Session ID and a second Tunnel ID;
and transmitting the second message in the second tunnel by using a Session table of the second Session based on the second Session ID and the second Tunnel ID.
Optionally, when at least one of the following conditions is met, the sending of the second tunnel negotiation packet to at least one second LNS, except the first LNS, in the plurality of LNSs is executed:
the number of the received data messages in the preset time is larger than the preset number,
The total byte number of the received data message in the preset time is larger than the preset byte number,
Receiving the first tunnel negotiation message,
And selecting the second LNS to process the message based on a scheduling algorithm.
In a second aspect, the present application provides a tunnel establishment apparatus based on a two-layer tunneling protocol L2TP, applied to a load balancing LB device, the apparatus including:
a receiving unit, configured to receive a first tunnel negotiation packet sent by a second-layer tunneling protocol access concentrator (LAC); the first tunnel negotiation message is used for negotiating first tunnel information, and the first tunnel information comprises a first tunnel identifier Tunnel ID;
a sending unit, configured to send the first tunnel negotiation packet to a first LNS in multiple layer two tunneling protocol network servers LNS, so that when the first LNS and an LAC negotiate successfully, a first tunnel is established between the first LNS and the LAC based on a first tunnel id that is negotiated successfully;
the sending unit is further configured to send a second Tunnel negotiation packet to at least one second LNS, except for the first LNS, in the multiple LNS, where the second Tunnel negotiation packet is used to negotiate second Tunnel information, and the second Tunnel information includes a second Tunnel ID, so that when the negotiation between the second LNS and the LAC is successful, a second Tunnel is established between the second LNS and the LAC based on the second Tunnel ID that is successfully negotiated.
Alternatively to this, the first and second parts may,
the receiving unit is further configured to receive a first Session negotiation packet sent by the LAC, where the first Session negotiation packet is used to negotiate first Session information, and the first Session information includes a first Session identifier Session ID and a first tunnel ID;
the sending unit is further configured to send the first Session negotiation packet to the first LNS, so that when the first LNS and the LAC negotiate successfully, a first Session is established between the first LNS and the LAC based on a first Session ID and the first tunnel ID that negotiate successfully.
Alternatively to this, the first and second parts may,
the receiving unit is further configured to receive a first packet, where the first packet includes a first Session ID and a first tunnel ID;
the sending unit is further configured to transmit the first packet in the first Tunnel by using the Session table of the first Session based on the first Session ID and the first Tunnel ID.
Alternatively to this, the first and second parts may,
the receiving unit is further configured to receive a second Session negotiation packet sent by the LAC, where the second Session negotiation packet is used to negotiate second Session information, and the second Session information includes a second Session identifier Session ID and a second tunnel ID;
the sending unit is further configured to send the second Session negotiation packet to the second LNS, so that when the second LNS and the LAC negotiate successfully, a second Session is established between the second LNS and the LAC based on a second Session ID and the second Tunnel ID that negotiate successfully.
Alternatively to this, the first and second parts may,
the receiving unit is further configured to receive a second packet, where the second packet includes a second Session ID and a second Tunnel ID;
the sending unit is further configured to transmit the second packet in the second Tunnel by using the Session table of the second Session based on the second Session ID and the second Tunnel ID.
Optionally, when at least one of the following conditions is satisfied, the sending unit executes the sending of the second tunnel negotiation packet to at least one second LNS of the plurality of LNSs except the first LNS:
the number of the received data messages in the preset time is larger than the preset number,
The total byte number of the received data message in the preset time is larger than the preset byte number,
Receiving the first tunnel negotiation message,
And selecting the second LNS to process the message based on a scheduling algorithm.
In a third aspect, the present application provides a load balancing LB device comprising a processor CPU and a machine-readable storage medium storing machine-executable instructions executable by the CPU, the CPU being caused by the machine-executable instructions to: implementing the steps of the method of any one of the first aspect.
In a fourth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of any of the first aspects.
Compared with the prior art, in the scheme provided in the embodiment of the present application, when receiving the tunnel negotiation message sent by the LAC, the LB device may send the tunnel negotiation message to a first LNS selected from the plurality of LNSs, and may also actively send the tunnel negotiation message to other LNSs except the first LNS in the plurality of LNSs, so that the LAC may establish a tunnel with the other LNSs. After the tunnel is established, the session can be established on the tunnel and the message can be transmitted. Therefore, when the LB device distributes the message to other LNS processing except the first LNS based on the scheduling algorithm, the other LNS can successfully process the message. In the embodiment of the application, for a message that one tunnel of an L2TP protocol carries multiple sessions and the session must attach to the tunnel, the load balancing device may direct the message to be correctly load-shared to multiple LNS devices, so as to relieve the pressure of a single LNS device.
Drawings
Fig. 1 is a schematic diagram of a networking provided in an embodiment of the present application;
fig. 2 is a schematic diagram of a tunnel establishment method according to an embodiment of the present application;
fig. 3 is a schematic diagram of a tunnel establishment method according to another embodiment of the present application;
fig. 4 is a schematic diagram of a tunnel establishment method according to another embodiment of the present application;
fig. 5 is a schematic diagram of a tunnel establishment apparatus according to an embodiment of the present application;
fig. 6 is a schematic diagram of a load balancing device according to an embodiment of the present application.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The inventor finds that the prior art has the following problems: because the LB device is further disposed between the LAC and the LNS, a message sent by the LAC to the LNS needs to be relayed through the LB device, and the LB device shares messages of different sessions to different LNSs based on a scheduling algorithm, but the LAC establishes a tunnel with only one of the LNSs, so that messages shared to other LNSs are discarded.
The networking of an application scenario is shown in fig. 1, and an LB device is disposed between an LNS and an LAC. In fig. 1, an LAC sends a tunnel negotiation message to an LNS, an LB device sends a tunnel negotiation message to one LNS (e.g., LNS1) in LNS1-LNS3 based on a scheduling algorithm, and after negotiation, a tunnel is established between LNS1 and LAC. The LAC then establishes multiple sessions with LNS1, and subsequent messages matching the tunnel and the multiple sessions will be transmitted in the tunnel. However, the LB device, based on a scheduling algorithm, will often allocate the packets matching different sessions to different LNS, which results in the LNS not tunneling with the LAC discarding the packets.
For example: in fig. 1, a tunnel between LNS1 and LAC carries three Session connections, namely, Session1-Session3, and based on a scheduling algorithm, an LB device allocates a packet matching Session1 to LNS1, allocates a packet matching Session2 to LNS2, and allocates a packet matching Session3 to LNS 3. However, since LNS2 and LNS3 do not establish a tunnel with the LAC, messages matching Session2 and Session3 will be discarded.
In order to solve the proposed problem, an embodiment of the present application provides a tunnel establishment method based on a two-layer tunneling protocol L2 TP. Referring to fig. 2, the tunnel establishment method provided in the embodiment of the present application is applied to the LB device, and the method includes 202 and 206.
202. Receiving a first tunnel negotiation message sent by a two-layer tunnel protocol access concentrator (LAC); the first Tunnel negotiation message is used for negotiating first Tunnel information, and the first Tunnel information includes a first Tunnel identifier Tunnel ID.
In this embodiment of the present application, the tunnel negotiation packet transmitted between the LAC and the LNS at least includes: the method comprises the steps of requesting an SCCRQ message by control connection, responding an SCCRP message by control connection, closing a StopCCN message by control connection, establishing an SCCCN message by control connection and establishing a ZLB message by zero-length message. The specific explanation of each message is as follows.
A Control Connection Request (hereinafter, referred to as Start-Control-Connection-Request, abbreviated as SCCRQ) message is used to Request an opposite end to establish a Control Connection, and the Tunnel ID carried in the SCCRQ message is 0. With reference to fig. 1, the SCCRQ message may be sent by the LAC.
And a Control Connection response (SCCRP) message, which is called as Start-Control-Connection-Reply (SCCRP) for telling the opposite end, where the local end receives the SCCRQ message of the opposite end and allows the establishment of a Control Connection, where the Tunnel ID carried in the SCCRP message is a value after negotiation, and then the Tunnel ID applied in the established Tunnel is the Tunnel ID carried in the SCCRP message. Assume that the TunnelID is 1. Referring to fig. 1, an SCCRP message may be sent by the LNS.
A Control Connection close (Stop-Control-Connection-Notification, abbreviated as stopcn) message for notifying the opposite end to remove the Control Connection, the home end has cleared all session connections and will close the tunnel interface, and the Stop cn carries the reason for removing the Control Connection at the sending end. With reference to fig. 1, the StopCCN message may be sent by the LAC.
A Control Connection establishment (SCCCN) message is used to tell the opposite end that the local end has received the SCCRP message of the opposite end, and the local end has completed the establishment of the tunnel. In conjunction with fig. 1, SCCCN messages may be sent by the LAC.
A Zero-Length message (abbreviated as ZLB) message, if there is no message to be sent in the queue of the local terminal, sending ZLB to the opposite terminal. Sending ZLB also means receiving stopcn or CDN during the session connection and control connection tear down. ZLB has only L2TP header, no load part. With reference to fig. 1, the LNS sends ZLB messages.
In this step, the first tunnel negotiation packet may be an SCCRQ packet or an SCCCN packet.
204. And sending a first tunnel negotiation message to a first LNS in the multiple layer two tunneling protocol network servers (LNS), so that when the first LNS and the LAC negotiate successfully, a first tunnel is established between the first LNS and the LAC based on a first Tunnel ID which negotiates successfully.
The step is a process of establishing a first tunnel between the LAC and the first LNS, and the process of establishing the tunnel refers to related technologies, and related tunnel negotiation messages are transferred and sent to the target device through the LB device. In one example, in conjunction with fig. 1, the process of establishing a tunnel is as follows.
The LAC sends an SCCRQ message. LB equipment receives SCCRQ message, and forwards the SCCRQ message to LNS1 based on scheduling algorithm.
LNS1 returns an SCCRP message. The LB equipment receives the SCCRP message and forwards the SCCRP message to the LAC.
And the LAC sends an SCCCN message. LB equipment receives SCCCN message and forwards the SCCCN message to LNS 1.
LNS1 sends ZLB messages. And the LB equipment receives the ZLB message and forwards the ZLB message to the LAC.
Through the above process, a tunnel is established between the LAC and LNS 1.
206. And sending a second Tunnel negotiation message to at least one second LNS except the first LNS in the plurality of LNSs, wherein the second Tunnel negotiation message is used for negotiating second Tunnel information, and the second Tunnel information comprises a second Tunnel ID, so that when the negotiation between the second LNS and the LAC is successful, a second Tunnel is established between the second LNS and the LAC based on the successfully negotiated second Tunnel ID.
The second tunnel negotiation message is a duplicate of the first tunnel negotiation message.
When receiving a first tunnel negotiation message sent by the LAC, the LB device actively sends a second tunnel negotiation message to at least one second LNS in the plurality of LNSs so as to establish a second tunnel different from the first tunnel between the LAC and the second LNS. And if the LB equipment allocates the message to the second LNS for processing based on the scheduling algorithm, the second LNS can successfully process the message.
It should be appreciated that to avoid Tunnel collisions, the second Tunnel ID for which the second Tunnel negotiation is successful is not the same as the first Tunnel ID for which the first Tunnel negotiation is successful.
Further, the number of second LNSs may be specifically set as needed. In one embodiment, the at least a second LNS may be all LSNs of the plurality of LNSs except the first LNS. In another embodiment, the at least a second LNS may be a portion of LSNs of the plurality of LNSs other than the first LNS.
In the solution provided in this embodiment, when receiving the tunnel negotiation packet sent by the LAC, the LB device may send the tunnel negotiation packet to a first LNS selected from the plurality of LNSs, and may also actively send the tunnel negotiation packet to other LNSs except the first LNS in the plurality of LNSs, so that the LAC may establish a tunnel with the other LNSs. After the tunnel is established, the session can be established on the tunnel and the message can be transmitted. Therefore, when the LB device distributes the message to other LNS processing except the first LNS based on the scheduling algorithm, the other LNS can successfully process the message. In the embodiment of the application, for a message that one tunnel of an L2TP protocol carries multiple sessions and the session must attach to the tunnel, the load balancing device may direct the message to be correctly load-shared to multiple LNS devices, so as to relieve the pressure of a single LNS device.
In some embodiments, when the LB apparatus determines that at least one of the following conditions is satisfied, the sending of the second tunnel negotiation packet to at least one second LNS of the plurality of LNSs other than the first LNS is performed, where the conditions include:
the number of the received data messages in the preset time is larger than the preset number,
The total byte number of the received data message in the preset time is larger than the preset byte number,
Receiving a first tunnel negotiation message,
And selecting the second LNS to process the message based on a scheduling algorithm.
In connection with the foregoing embodiments, after the tunnel is established, a session may also be established over the tunnel. As shown in fig. 3, after the first tunnel is established between the first LNS and the LAC, a process of establishing a session is further included.
2051. And receiving a first Session negotiation message sent by the LAC, wherein the first Session negotiation message is used for negotiating first Session information, and the first Session information comprises a first Session identification Session ID and a first Tunnel ID.
In this embodiment of the present application, the session negotiation packet at least includes: a session establishment request ICRQ message, a response ICRP message and a confirmation ICCN message. Each message is specifically explained as follows.
A session establishment Request (abbreviated as ICRQ) message, which is used to initiate a session connection Request. The ICRQ message carries a Session ID and a Tunnel ID, wherein the Session ID is 0, and the Tunnel ID is negotiated Tunnel ID. Taking the foregoing embodiment as an example, the Session ID carried in the ICRQ message is 0, and the Tunnel ID is 1.
An acknowledgement (ICRP) message is used to respond to the session connection request. The ICRP message carries a Session ID and a Tunnel ID, wherein the carried Tunnel ID is the negotiated Tunnel ID, the carried Session ID is a value after negotiation, and the applied Session ID is the Session ID carried in the ICRP message. If the Session ID is 1, the Session ID carried by ICRP is 1 and the Tunnel ID is 1.
An acknowledgement (abbreviated ICCN) message, which indicates that a session connection has been established.
In one embodiment, the first session negotiation packet may be an ICRQ packet or an ICCN packet.
2052. And sending a first Session negotiation message to the first LNS, so that when the first LNS and the LAC negotiate successfully, a first Session is established between the first LNS and the LAC based on the successfully negotiated first Session ID and first Tunnel ID.
In this embodiment, the LB device relays a related session negotiation packet. The process of session establishment is similar to a tunnel:
firstly, LAC initiates a session establishment request ICRQ message, LB equipment sends the ICRQ message to a first LNS;
the first LNS returns a response ICRP message after receiving the request, and the LB equipment sends the ICRP message to the LAC;
after receiving the response, the LAC returns an ICCN confirmation message, and the LB equipment sends the ICCN message to the first LNS;
and establishing the session.
After the Session in the first Tunnel is established, the packet matching the first Tunnel ID and the first Session ID may be transmitted in the first Tunnel based on the Session table of the first Session. The specific process is as follows:
receiving a first message, wherein the first message comprises a first Session ID and a first Tunnel ID;
and transmitting the first message in the first Tunnel by using the Session table of the first Session based on the first Session ID and the first Tunnel ID.
Similarly, after the second tunnel is established between the second LNS and the LAC, a session may also be established over the tunnel. As shown in fig. 4, 2061 and 2072 are also included.
2071. And receiving a second Session negotiation message sent by the LAC, wherein the second Session negotiation message is used for negotiating second Session information, and the second Session information comprises a second Session identifier Session ID and a second Tunnel ID.
This process can be seen in 2051, and is not described herein.
2072. And sending a second Session negotiation message to the second LNS, so that when the negotiation between the second LNS and the LAC is successful, a second Session is established between the second LNS and the LAC based on the successfully negotiated second Session ID and second Tunnel ID.
This process can be seen in reference to 2052, which is not described herein.
After the Session in the second Tunnel is established, the packet matching the second Tunnel ID and the second Session ID may be transmitted in the second Tunnel based on the Session table of the second Session. The specific process is as follows:
receiving a second message, wherein the second message comprises a second Session ID and a second Tunnel ID;
and transmitting a second message in the second tunnel by using the Session table of the second Session based on the second Session ID and the second Tunnel ID.
To sum up, the LB device in the embodiment of the present application first selects an LNS device (first LNS) according to the scheduling algorithm, transmits the first tunnel negotiation packet LAC and the first LNS, and negotiates an L2TP tunnel. Meanwhile, in order to avoid the situation that subsequent messages based on the same tunnel but carrying multiple sessions are sent to different LNSs, but because the LNS does not establish a tunnel with the LAC, and the messages are discarded, the LB device may copy and send the first tunnel message to other LNS devices except the first LNS as a proxy, so that the LAC establishes an L2TP tunnel with the other LNS devices.
After the tunnel between each LNS and LAC is successfully established, the subsequent messages based on multiple sessions can be processed by load sharing on multiple LNSs. The message of the subsequent different sessions can not be sent to a plurality of LNSs, but the message is discarded.
Referring to fig. 5, an embodiment of the present application provides a tunnel establishment apparatus based on a two-layer tunneling protocol L2TP, which is applied to a load balancing LB device, and the apparatus includes: receiving section 501 and transmitting section 502.
A receiving unit 501, configured to receive a first tunnel negotiation packet sent by a second layer tunneling protocol access concentrator LAC; the first tunnel negotiation message is used for negotiating first tunnel information, and the first tunnel information includes a first tunnel identifier tunnel id.
A sending unit 502, configured to send a first tunnel negotiation packet to a first LNS in the multiple layer two tunneling protocol network servers LNS, so that when the first LNS and the LAC negotiate successfully, a first tunnel is established between the first LNS and the LAC based on a first tunnel id that is negotiated successfully.
The sending unit 502 is further configured to send a second tunnel negotiation packet to at least one second LNS, except for the first LNS, in the multiple LNS, where the second tunnel negotiation packet is used to negotiate second tunnel information, and the second tunnel information includes a second tunnel id, so that when the negotiation between the second LNS and the LAC is successful, a second tunnel is established between the second LNS and the LAC based on the second tunnel id that is successfully negotiated.
Alternatively to this, the first and second parts may,
a receiving unit 501, configured to receive a first session negotiation packet sent by the LAC, where the first session negotiation packet is used to negotiate first session information, and the first session information includes a first session identifier SessionID and a first tunnel id;
the sending unit 502 is further configured to send a first Session negotiation packet to the first LNS, so that when the first LNS and the LAC negotiate successfully, a first Session is established between the first LNS and the LAC based on the first Session ID and the first Tunnel ID that negotiate successfully.
Alternatively to this, the first and second parts may,
the receiving unit 501 is further configured to receive a first message, where the first message includes a first Session ID and a first tunnel ID;
the sending unit 502 is further configured to transmit the first packet in the first tunnel by using the Session table of the first Session based on the first Session ID and the first tunnel ID.
Alternatively to this, the first and second parts may,
the receiving unit 501 is further configured to receive a second Session negotiation packet sent by the LAC, where the second Session negotiation packet is used to negotiate second Session information, and the second Session information includes a second Session identifier Session ID and a second Tunnel ID;
the sending unit 502 is further configured to send a second Session negotiation packet to the second LNS, so that when the negotiation between the second LNS and the LAC is successful, a second Session is established between the second LNS and the LAC based on the successfully negotiated second Session ID and second Tunnel ID.
Alternatively to this, the first and second parts may,
the receiving unit 501 is further configured to receive a second message, where the second message includes a second Session ID and a second tunnel ID;
the sending unit 502 is further configured to transmit a second packet in the second Tunnel by using the Session table of the second Session based on the second Session ID and the second Tunnel ID.
Optionally, when at least one of the following conditions is satisfied, the sending unit executes sending a second tunnel negotiation packet to at least one second LNS, except for the first LNS, in the multiple LNSs:
the number of the received data messages in the preset time is larger than the preset number,
The total byte number of the received data message in the preset time is larger than the preset byte number,
Receiving a first tunnel negotiation message,
And selecting the second LNS to process the message based on a scheduling algorithm.
Referring to fig. 6, an embodiment of the present application further provides a load balancing LB apparatus, including a processor 610, a transceiver 620, and a machine-readable storage medium 630, where the machine-readable storage medium 630 stores machine-executable instructions capable of being executed by the processor 610, and the processor 610 is caused by the machine-executable instructions to perform a processing method of the method provided by the embodiment of the present application.
An embodiment of the present application further provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps of any one of the foregoing methods.
The implementation process of the functions and actions of each unit in the above device/apparatus is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the apparatus/device embodiments, as they correspond substantially to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus/device are merely schematic, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (14)
1. A tunnel establishment method based on a two-layer tunneling protocol L2TP is applied to a load balancing LB device, and comprises the following steps:
receiving a first tunnel negotiation message sent by a two-layer tunnel protocol access concentrator (LAC); the first Tunnel negotiation message is used for negotiating first Tunnel information, and the first Tunnel information comprises a first Tunnel identifier (Tunnel ID);
sending the first Tunnel negotiation message to a first LNS in a plurality of layer two tunneling protocol network servers (LNS), so that when the first LNS and the LAC negotiate successfully, a first Tunnel is established between the first LNS and the LAC based on a first Tunnel ID which negotiates successfully;
and sending a second Tunnel negotiation message to at least one second LNS except the first LNS among the LNS, where the second Tunnel negotiation message is used to negotiate second Tunnel information, and the second Tunnel information includes a second Tunnel ID, so that when the negotiation between the second LNS and the LAC is successful, a second Tunnel is established between the second LNS and the LAC based on the successfully negotiated second Tunnel ID.
2. The method of claim 1, wherein after establishing the first tunnel between the first LNS and the LAC, further comprising:
receiving a first Session negotiation message sent by the LAC, wherein the first Session negotiation message is used for negotiating first Session information, and the first Session information comprises a first Session identification (Session ID) and a first Tunnel ID;
and sending the first Session negotiation message to the first LNS, so that when the first LNS and the LAC negotiate successfully, a first Session is established between the first LNS and the LAC based on a first Session ID and the first Tunnel ID which negotiate successfully.
3. The method of claim 2, further comprising:
receiving a first message, wherein the first message comprises a first Session ID and a first Tunnel ID;
and transmitting the first message in the first Tunnel by using a Session table of the first Session based on the first Session ID and the first Tunnel ID.
4. A method according to any of claims 1-3, further comprising, after establishing a second tunnel between the second LNS and the LAC:
receiving a second Session negotiation message sent by the LAC, wherein the second Session negotiation message is used for negotiating second Session information, and the second Session information comprises a second Session identifier Session ID and a second Tunnel ID;
and sending the second Session negotiation message to the second LNS, so that when the negotiation between the second LNS and the LAC is successful, a second Session is established between the second LNS and the LAC based on a second Session ID and the second Tunnel ID which are successfully negotiated.
5. The method of claim 4, further comprising:
receiving a second message, wherein the second message comprises a second Session ID and a second Tunnel ID;
and transmitting the second message in the second Tunnel by using a Session table of the second Session based on the second Session ID and the second Tunnel ID.
6. The method of claim 1, wherein said sending a second tunnel negotiation packet to at least a second LNS of the plurality of LNSs other than the first LNS is performed when at least one of the following conditions is met:
the number of the received data messages in the preset time is larger than the preset number,
The total byte number of the received data message in the preset time is larger than the preset byte number,
Receiving the first tunnel negotiation message,
And selecting the second LNS to process the message based on a scheduling algorithm.
7. A tunnel establishment apparatus based on a two-layer tunneling protocol L2TP, applied to a load balancing LB device, the apparatus comprising:
a receiving unit, configured to receive a first tunnel negotiation packet sent by a second-layer tunneling protocol access concentrator (LAC); the first Tunnel negotiation message is used for negotiating first Tunnel information, and the first Tunnel information comprises a first Tunnel identifier (Tunnel ID);
a sending unit, configured to send the first Tunnel negotiation packet to a first LNS in multiple layer two tunneling protocol network servers LNS, so that when the first LNS and an LAC negotiate successfully, a first Tunnel is established between the first LNS and the LAC based on a first Tunnel ID that is successfully negotiated;
the sending unit is further configured to send a second Tunnel negotiation packet to at least one second LNS, except for the first LNS, in the multiple LNS, where the second Tunnel negotiation packet is used to negotiate second Tunnel information, and the second Tunnel information includes a second Tunnel ID, so that when the negotiation between the second LNS and the LAC is successful, a second Tunnel is established between the second LNS and the LAC based on the second Tunnel ID that is successfully negotiated.
8. The apparatus of claim 7, wherein:
the receiving unit is further configured to receive a first Session negotiation packet sent by the LAC, where the first Session negotiation packet is used to negotiate first Session information, and the first Session information includes a first Session identifier Session ID and a first tunnel ID;
the sending unit is further configured to send the first Session negotiation packet to the first LNS, so that when the first LNS and the LAC negotiate successfully, a first Session is established between the first LNS and the LAC based on a first Session ID and the first Tunnel ID that negotiate successfully.
9. The apparatus of claim 8, wherein:
the receiving unit is further configured to receive a first packet, where the first packet includes a first Session ID and a first Tunnel ID;
the sending unit is further configured to transmit the first packet in the first Tunnel by using the Session table of the first Session based on the first Session ID and the first Tunnel ID.
10. The apparatus according to any one of claims 7-9, wherein:
the receiving unit is further configured to receive a second Session negotiation packet sent by the LAC, where the second Session negotiation packet is used to negotiate second Session information, and the second Session information includes a second Session identifier Session ID and a second tunnel ID;
the sending unit is further configured to send the second Session negotiation packet to the second LNS, so that when the second LNS and the LAC negotiate successfully, a second Session is established between the second LNS and the LAC based on a second Session ID and the second Tunnel ID that negotiate successfully.
11. The apparatus of claim 10, wherein:
the receiving unit is further configured to receive a second packet, where the second packet includes a second Session ID and a second Tunnel ID;
the sending unit is further configured to transmit the second packet in the second Tunnel by using the Session table of the second Session based on the second Session ID and the second Tunnel ID.
12. The apparatus of claim 7, wherein the sending unit performs the sending of the second tunnel negotiation packet to at least a second LNS of the LNSs except the first LNS when at least one of the following conditions is satisfied:
the number of the received data messages in the preset time is larger than the preset number,
The total byte number of the received data message in the preset time is larger than the preset byte number,
Receiving the first tunnel negotiation message,
And selecting the second LNS to process the message based on a scheduling algorithm.
13. A load balancing LB device comprising a processor CPU and a machine readable storage medium storing machine executable instructions executable by the CPU, the CPU being caused by the machine executable instructions to: the steps of implementing the method of any one of claims 1 to 6.
14. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010202565.3A CN111343071B (en) | 2020-03-20 | 2020-03-20 | Tunnel establishment method and device, load balancing equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010202565.3A CN111343071B (en) | 2020-03-20 | 2020-03-20 | Tunnel establishment method and device, load balancing equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111343071A true CN111343071A (en) | 2020-06-26 |
| CN111343071B CN111343071B (en) | 2022-02-22 |
Family
ID=71184300
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010202565.3A Active CN111343071B (en) | 2020-03-20 | 2020-03-20 | Tunnel establishment method and device, load balancing equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111343071B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112511401A (en) * | 2020-11-19 | 2021-03-16 | 锐捷网络股份有限公司 | Network connection method, device, equipment and medium |
| CN114268473A (en) * | 2021-12-10 | 2022-04-01 | 北京天融信网络安全技术有限公司 | Method, system, terminal and storage medium for defending DDOS attack by IKEv1 protocol main mode |
| CN115001701A (en) * | 2022-05-17 | 2022-09-02 | 中国电信股份有限公司 | Method and device for authorization authentication, storage medium and electronic equipment |
| CN115190132A (en) * | 2022-06-30 | 2022-10-14 | 上海量讯电子商务有限公司 | L2TP load scheduling method, device and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1630251A (en) * | 2003-12-16 | 2005-06-22 | 华为技术有限公司 | Method for realizing tunnel load balancing in communication network |
| US6917592B1 (en) * | 2001-01-22 | 2005-07-12 | 3Com Corporation | LNS high availability and load balancing with LNS-to-LNS state offloading |
| CN102111326A (en) * | 2009-12-25 | 2011-06-29 | 杭州华三通信技术有限公司 | Method, system and device for realizing mobility in layer 2 tunnel protocol virtual private network |
| CN102394889A (en) * | 2011-11-15 | 2012-03-28 | 迈普通信技术股份有限公司 | Network server access method and access system |
| CN106130926A (en) * | 2016-08-30 | 2016-11-16 | 杭州迪普科技有限公司 | A kind of processing method and processing device of message |
| CN106209906A (en) * | 2016-08-24 | 2016-12-07 | 迈普通信技术股份有限公司 | A kind of Layer 2 Tunneling Protocol L2TP message transmitting method and endpoint of a tunnel equipment |
-
2020
- 2020-03-20 CN CN202010202565.3A patent/CN111343071B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6917592B1 (en) * | 2001-01-22 | 2005-07-12 | 3Com Corporation | LNS high availability and load balancing with LNS-to-LNS state offloading |
| CN1630251A (en) * | 2003-12-16 | 2005-06-22 | 华为技术有限公司 | Method for realizing tunnel load balancing in communication network |
| CN102111326A (en) * | 2009-12-25 | 2011-06-29 | 杭州华三通信技术有限公司 | Method, system and device for realizing mobility in layer 2 tunnel protocol virtual private network |
| CN102394889A (en) * | 2011-11-15 | 2012-03-28 | 迈普通信技术股份有限公司 | Network server access method and access system |
| CN106209906A (en) * | 2016-08-24 | 2016-12-07 | 迈普通信技术股份有限公司 | A kind of Layer 2 Tunneling Protocol L2TP message transmitting method and endpoint of a tunnel equipment |
| CN106130926A (en) * | 2016-08-30 | 2016-11-16 | 杭州迪普科技有限公司 | A kind of processing method and processing device of message |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112511401A (en) * | 2020-11-19 | 2021-03-16 | 锐捷网络股份有限公司 | Network connection method, device, equipment and medium |
| CN114268473A (en) * | 2021-12-10 | 2022-04-01 | 北京天融信网络安全技术有限公司 | Method, system, terminal and storage medium for defending DDOS attack by IKEv1 protocol main mode |
| CN115001701A (en) * | 2022-05-17 | 2022-09-02 | 中国电信股份有限公司 | Method and device for authorization authentication, storage medium and electronic equipment |
| CN115001701B (en) * | 2022-05-17 | 2023-10-31 | 中国电信股份有限公司 | Method and device for authorization authentication, storage medium and electronic equipment |
| CN115190132A (en) * | 2022-06-30 | 2022-10-14 | 上海量讯电子商务有限公司 | L2TP load scheduling method, device and system |
| CN115190132B (en) * | 2022-06-30 | 2024-01-19 | 上海量讯物联技术有限公司 | L2TP load scheduling method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111343071B (en) | 2022-02-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111343071B (en) | Tunnel establishment method and device, load balancing equipment and storage medium | |
| US7653075B2 (en) | Processing communication flows in asymmetrically routed networks | |
| CN107566437B (en) | Information transmission method and device | |
| EP3174261B1 (en) | Multilink fusion method, server and client | |
| CN103475655B (en) | A kind of method realizing IPSecVPN main/slave link switching at runtime | |
| KR20150009517A (en) | System and method for reducing a call establishment time | |
| CN102868609B (en) | A kind of MTU machinery of consultation and data terminal | |
| CN106453356B (en) | The bilateral acceleration transmission method of wireless network and system | |
| CN113726795B (en) | Message forwarding method and device, electronic equipment and readable storage medium | |
| CN111865940B (en) | Transmission optimization method and device | |
| CN101778425A (en) | Method for dynamically balancing broadband access server load in wireless local area network | |
| EP1634424B1 (en) | Methods and apparatuses for optimizing resource management in cdma2000 wireless ip networks | |
| CN115189920A (en) | Cross-network domain communication method and related device | |
| CN109104744A (en) | Utilize data transmission, reception and the communication means of WIFI management frame | |
| US7225236B1 (en) | Load balancing between LNSs using virtual LNS with minimal LAC configuration | |
| JP2009164948A (en) | Communication system, server, terminal, packet transfer method, and program | |
| CN104796887A (en) | Method and device for safely exchanging information | |
| CN104009961B (en) | A kind of pppoe session mark distributing method and equipment | |
| CN105897665B (en) | Method for realizing TCP transmission in satellite network environment and corresponding gateway | |
| GB2592315A (en) | Methods and systems for sending packets through a plurality of tunnels | |
| JP5664320B2 (en) | Relay device, packet relay method, and communication system | |
| CN103023741A (en) | Method for processing faults of virtual private network (VPN) device | |
| JP2009055418A (en) | Communicating system, relay device, terminal, relay processing method, and its program | |
| CN103516601B (en) | Route transmission method and apparatus and system | |
| CN108900584A (en) | The data transmission method and system of content distributing network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |