CN111726289A - Multi-stage HUB node mode interconnection and intercommunication routing method based on DMVPN framework - Google Patents
Multi-stage HUB node mode interconnection and intercommunication routing method based on DMVPN framework Download PDFInfo
- Publication number
- CN111726289A CN111726289A CN201911213658.XA CN201911213658A CN111726289A CN 111726289 A CN111726289 A CN 111726289A CN 201911213658 A CN201911213658 A CN 201911213658A CN 111726289 A CN111726289 A CN 111726289A
- Authority
- CN
- China
- Prior art keywords
- node
- spoke
- nhrp
- hub
- dmvpn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000005516 engineering process Methods 0.000 claims abstract description 6
- 230000002776 aggregation Effects 0.000 claims description 9
- 238000004220 aggregation Methods 0.000 claims description 9
- 238000005538 encapsulation Methods 0.000 claims description 7
- 230000000977 initiatory effect Effects 0.000 claims description 4
- 230000006870 function Effects 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 2
- 230000004044 response Effects 0.000 claims description 2
- 230000000694 effects Effects 0.000 claims 2
- 238000004891 communication Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 3
- 239000003999 initiator Substances 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/16—Multipoint routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/20—Hop count for routing purposes, e.g. TTL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/24—Multipath
- H04L45/245—Link aggregation, e.g. trunking
Abstract
The invention provides a multi-stage HUB node mode interconnection and intercommunication routing method based on a DMVPN framework, which comprises the steps of constructing a multi-HUB/SPOKE environment in the Internet, and constructing a network with a tree structure as a main part and a mesh structure as an auxiliary part by adopting an mGRE technology; communication security is guaranteed through IPSEC; the method comprises the steps that under the multi-level 5-level HUB topology, services which are managed by different HUBs are directly communicated without passing through HUB nodes between the SPOKE and the SPOKE which are managed by the different HUBs through an NHRP protocol; the method is based on that under a DMVPN framework (MGRE + NHRP + IPSEC), a multi-level HUB hierarchical topological environment (SPOKE … HUB … SUBCOREHUBn [ n >0] … COREHUB) is deployed to carry out NHRP protocol extension, an opennhrp module for realizing the NHRP protocol by an open source is improved, an extensionsPart field in the NHRP protocol is defined by RFC, SPOKE subnet routes are converged to an upper layer by layer, meanwhile, a 10-reduction routing protocol (EIGRP/OSPF/BGP and the like) is optimized and cut, and the problem that services under different HUB nodes do not pass through the HUB nodes and any SPOKE is interconnected and communicated to the SPOKE nodes is solved. In actual deployment, the HUB/subOREHUBn/COREHUB is deployed as a single-port bypass transit device, and the SPOKE is deployed as a multi-port (internal and external network) gateway device.
Description
Technical Field
The invention relates to the technical field of network security and data communication, in particular to a multi-stage HUB node mode interconnection and intercommunication routing method based on a DMVPN framework.
Background
A multi-stage HUB node mode interconnection and intercommunication routing method based on a DMVPN framework. The technical composition is as follows:
DMVPN:MGRE+NHRP+IPSEC;
MGRE: the encapsulation technology of the tunnel is solved;
NHRP: the communication technology of the multipoint network is solved;
IPSEC (Internet Protocol Security, Internet Security Protocol): an encryption/NAT traversal technique for tunnels is provided.
The existing DMVPN technology well realizes the interconnection and intercommunication of SPOKE-SPOKE between lower SPOKE nodes under a HUB center. However, if the network environment is complex, the SPOKE-SPOKE interconnection among a plurality of different HUBs needs to be realized, most of the network environment needs to be realized through HUB-HUB transfer, the load of forwarding flow is added to the HUBs, and the current universal DMVPN based on the linux system does not solve the problem in the scenario.
Disclosure of Invention
The invention provides a multi-stage HUB node mode interconnection and intercommunication routing method based on a DMVPN framework, which optimizes an aggregation route through NHRP protocol Extensions Part private extension in a DMVPN environment to achieve the SPOKE-SPOKE interconnection and intercommunication functions under different HUB nodes.
The method comprises the following specific steps:
(1) in the multi-stage HUB node mode based on the DMVPN architecture, the SPOKE node is configured to be in a gateway mode, and the rest multi-stage HUB nodes are only configured to be in a bypass mode (see figure 2);
(2) when registering reporting in a multi-level HUB node mode based on a DMVPN architecture, a subordinate node adds an extension item to an NHRP protocol encapsulation message of an open source NHRP module, including the node itself and open source NHRP module configuration subnet address field information reported by the subordinate node recorded in a buffer to report to a superior node (see fig. 1);
(3) in a multi-level HUB node mode based on a DMVPN framework, an open source NHRP module upper node receives subnet address field information of an addition expansion item of a lower node in an NHRP protocol encapsulation message, reserves the subnet address field information to a corresponding buffer area, updates subnet address field routing information reported by the lower node, collects and recalculates a convergence network segment route covering all reported subnet network segments through subnet network segments, and sends the convergence network segment route to the lower node (see figure 3);
(4) in a multi-level HUB node mode based on a DMVPN framework, a lower node of an open source NHRP module receives address field information of an aggregation network segment added by a higher node in an NHRP protocol encapsulation message, updates an effective aggregation network segment route and triggers heartbeat detection (see figure 3);
(5) in a multi-level HUB node mode based on a DMVPN architecture, SPOKE nodes under different HUB nodes realize a service flow according to a third stage of a standard DMVPN (see fig. 4):
firstly, because the aggregation routing of a lower node to a higher node is supported through the expansion of an open source NHRP module, the flow between SPOKE is always sent to the higher node firstly and is replaced by the higher node, and the flow is iterated in sequence until the SPOKE node at the opposite end;
secondly, the NHRP redirection can dynamically optimize the node route, so that when the upper node route is converged, the NHRP lower node redirection is returned according to the NHRP protocol information, and the optimal next hop is informed to be the virtual tunnel address of the SPOKE at the opposite end (although the next hop for route learning is the upper node);
and thirdly, when the SPOKE node receives the NHRP redirection information and obtains the optimal next hop which is the opposite SPOKE node, the node immediately sends an NHRP analysis request to an NHRP server (an upper node). The superior node forwards the NHRP analysis request to the superior node until the NHRP analysis request is forwarded to the destination node;
after receiving the NHRP analysis request sent by the node initiating the SPOKE, the opposite end SPOKE node adds an accurate route (the accurate route is a priority aggregation route) of the opposite end SPOKE node, and actively triggers and establishes an IPSec tunnel with the node initiating the SPOKE;
after the IPSec tunnel is established, the SPOKE node at the opposite end directly sends back an NHRP analysis response to the starting SPOKE node in the tunnel;
and sixthly, the subsequent flow among the nodes can be directly transmitted in the IPSec tunnel of the SPOKE-SPOKE established in the step 4.
The beneficial effects of the invention are as follows:
(1) the NHRP protocol is expanded, the SPOKE node routing configuration is simplified in a convergence routing mode, dynamic routing protocols such as OSPF/BGP and the like are not used, and system resources are saved;
(2) in the multi-stage HUB node mode, the route does not need to be manually configured, and the open-source NHRP module realizes automatic route configuration, so that the maintenance amount is greatly reduced;
(3) in the multi-stage HUB node mode, the SPOKE-SPOKE service under different HUB nodes reduces the flow forwarding burden of the HUB nodes.
Drawings
Fig. 1 is a schematic diagram of route synchronization of a multi-stage HUB node mode interconnection and interworking routing method based on a DMVPN architecture.
Fig. 2 is a network topology diagram of the multi-stage HUB node mode interconnection and interworking routing method based on the DMVPN architecture of the present invention.
Fig. 3 is a flowchart of a multi-stage HUB node mode interconnection and interworking routing method based on the DMVPN architecture according to the present invention.
Fig. 4 is a schematic diagram of NHRP interaction of the multi-stage HUB node mode interconnection and interworking routing method based on the DMVPN architecture of the present invention.
Detailed Description
The invention will be described in connection with the drawings and illustrative examples, with the aim of understanding the nature of the technical innovation and the efficiency of its objects achieved.
Fig. 2 illustrates an example network topology in accordance with the present invention. The actual setup procedure is as follows:
A. in the example, the SPOKE node is configured in a gateway mode, and the other multi-stage HUB nodes are only configured in a bypass mode;
B. all nodes configure a tunnel interface according to a DMVPN mode and use a mode of MGRE in the interface (each node has an interconnected public network address), and no other special configuration exists;
IPSEC configures the same algorithm and negotiation parameters without other special configurations;
NHRP parameter, need special configuration;
1, SPOKE configures and registers HUB center address and subnet net segment;
HUB configures COREHUB or SUBCOREHUBn central address, namely, HUB and SPOKE are used;
configuring COREHUB central address by SUBCOREHUBn, namely, using the SUBCOREHUBn as HUB and SPOKE;
configuring COREHUB into HUB mode, not adding and configuring registered NHRP HUB central address, only making HUB;
E. replacing the original open source NHRP module by an NHRP module supporting the NHRP expanded routing function;
F. starting the MGRE/NHRP module/IPSEC module;
G. from the initiator SPOKE LAN terminal PC, ping the opposite SPOKE LAN terminal PC operation (SPOKE under different HUBs);
H. and at the SPOKE local area network terminal PC of the initiator, using the IP address of the SPOKE local area network terminal PC of the traceroute opposite terminal to verify whether the SPOKE-SPOKE is directly connected or not and whether the transfer is carried out by the HUB or not.
Interpretation of related terms:
dmvpn (dynamic Multipoint vpn), dynamic Multipoint virtual private network;
hub (hub node), central node for converging SPOKE;
mgre (multipoint GRE), multipoint GRE;
nhrp (next Hop Resolution protocol), next Hop Resolution protocol;
ipsec (internet Protocol security), internet security Protocol;
a subcorehub node (subcorehub node);
corebiub (core HUB node), primary core HUB node.
The above-mentioned embodiments are merely illustrative of the preferred embodiments of the present invention, and do not limit the scope of the present invention, and various modifications and improvements of the technical solution of the present invention by those skilled in the art should fall within the protection scope defined by the claims of the present invention without departing from the spirit of the present invention.
Claims (5)
1. A multi-stage HUB node mode interconnection and intercommunication routing method based on DMVPN architecture is characterized in that: the method comprises the following specific steps:
(1) in a multi-stage HUB node mode based on a DMVPN framework, the SPOKE node is configured to be in a gateway mode, and the other multi-stage HUB nodes are only configured to be in a bypass mode;
(2) when registering reporting in a multi-level HUB node mode based on a DMVPN framework, adding an extension item in an NHRP protocol encapsulation message of an open source NHRP module by a lower node, wherein the extension item comprises the node and the information of the subnet address field configured by the open source NHRP module reported by the lower node recorded in a buffer zone and reported to a higher node;
(3) in a multi-level HUB node mode based on a DMVPN framework, an open source NHRP module upper node receives subnet address field information of an addition expansion item of a lower node in an NHRP protocol encapsulation message, reserves the subnet address field information to a corresponding buffer area, updates subnet address field routing information reported by the lower node, and simultaneously collects and recalculates a convergence network segment route covering all reported subnet network segments through subnet network segments and sends the convergence network segment route to the lower node;
(4) in a multi-level HUB node mode based on a DMVPN framework, a lower node of an open source NHRP module receives address field information of an aggregation network segment added by an upper node in an NHRP protocol encapsulation message, updates an effective aggregation network segment route and triggers heartbeat detection;
(5) in a multi-stage HUB node mode based on a DMVPN framework, SPOKE nodes under different HUB nodes realize a service flow according to a third stage of standard DMVPN:
firstly, because the aggregation routing of a lower node to a higher node is supported through the expansion of an open source NHRP module, the flow between SPOKE is always sent to the higher node firstly and is replaced by the higher node, and the flow is iterated in sequence until the SPOKE node at the opposite end;
secondly, the NHRP redirection can dynamically optimize the node route, so that when the upper node route is converged, the NHRP lower node redirection is returned according to the NHRP protocol information, and the optimal next hop is informed to be the virtual tunnel address of the SPOKE at the opposite end (although the next hop for route learning is the upper node);
thirdly, when the SPOKE node receives the NHRP redirection information and obtains the optimal next hop which is the opposite SPOKE node, the node immediately sends an NHRP analysis request to an NHRP server (a superior node), and the superior node forwards the NHRP analysis request to the superior node until the NHRP analysis request is forwarded to the destination node;
after receiving the NHRP analysis request sent by the node initiating the SPOKE, the opposite end SPOKE node adds an accurate route (the accurate route is a priority aggregation route) of the opposite end SPOKE node, and actively triggers and establishes an IPSec tunnel with the node initiating the SPOKE;
after the IPSec tunnel is established, the SPOKE node at the opposite end directly sends back an NHRP analysis response to the starting SPOKE node in the tunnel;
and sixthly, the subsequent flow among the nodes can be directly transmitted in the IPSec tunnel of the SPOKE-SPOKE established in the step 4.
2. The DMVPN architecture-based multi-level HUB node mode interworking routing method according to claim 1, wherein the step (1): in the technology, under the environment of DMVPN architecture multi-level HUB nodes, SPOKE nodes are configured in a gateway mode, and other multi-level HUB nodes are only configured in a bypass mode.
3. The DMVPN architecture based multi-stage HUB node mode interworking routing method according to claim 1, wherein the step (2): the node collects self and reports the subnet address information configured by the open source NHRP module registered to the node to report to the upper node, and the upper node takes effect on the subnet forwarding route.
4. The DMVPN architecture based multi-stage HUB node mode interworking routing method according to claim 1, wherein the step (3): the node collects the self and reports the subnet address information configured by the open source NHRP module registered to the node, calculates a new convergent network segment route covering all the subnets by summarizing and merging the subnet network segments, and sends the new convergent network segment route to the lower node registered to the node, and the lower node takes the convergent network segment route into effect.
5. The DMVPN architecture-based multi-level HUB node mode interworking routing method according to claim 1, wherein the steps (2)/(3)/(4): the technology is that in the multi-stage HUB node environment of DMVPN framework, SPOKE node subnet net section and convergence routing function private extension are added in the standard NHRP protocol extension part.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911213658.XA CN111726289B (en) | 2019-12-02 | 2019-12-02 | Multistage HUB node mode interconnection routing method based on DMVPN architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911213658.XA CN111726289B (en) | 2019-12-02 | 2019-12-02 | Multistage HUB node mode interconnection routing method based on DMVPN architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111726289A true CN111726289A (en) | 2020-09-29 |
| CN111726289B CN111726289B (en) | 2024-01-30 |
Family
ID=72563955
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911213658.XA Active CN111726289B (en) | 2019-12-02 | 2019-12-02 | Multistage HUB node mode interconnection routing method based on DMVPN architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111726289B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101521621A (en) * | 2008-02-29 | 2009-09-02 | 上海博达数据通信有限公司 | Method for realizing secure communication of any two ends of the internet in DMVPN |
| US20090304003A1 (en) * | 2008-05-27 | 2009-12-10 | Olivier Huynh Van | Global Virtual VPN |
| US20170230199A1 (en) * | 2016-02-04 | 2017-08-10 | Cisco Technology, Inc., A Corporation Of California | Dynamic Network Service Overlay Establishment in Hub-and-Spoke Packet Switching Networks |
| CN109314705A (en) * | 2016-07-14 | 2019-02-05 | 英特尔公司 | Use the systems, devices and methods for extensive scalable Dynamic Multipoint Virtual private network of group encryption keys |
-
2019
- 2019-12-02 CN CN201911213658.XA patent/CN111726289B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101521621A (en) * | 2008-02-29 | 2009-09-02 | 上海博达数据通信有限公司 | Method for realizing secure communication of any two ends of the internet in DMVPN |
| US20090304003A1 (en) * | 2008-05-27 | 2009-12-10 | Olivier Huynh Van | Global Virtual VPN |
| US20170230199A1 (en) * | 2016-02-04 | 2017-08-10 | Cisco Technology, Inc., A Corporation Of California | Dynamic Network Service Overlay Establishment in Hub-and-Spoke Packet Switching Networks |
| CN109314705A (en) * | 2016-07-14 | 2019-02-05 | 英特尔公司 | Use the systems, devices and methods for extensive scalable Dynamic Multipoint Virtual private network of group encryption keys |
Non-Patent Citations (2)
| Title |
|---|
| 史志杰;: "多区域分布式网络互连的设计与实现", 晋城职业技术学院学报, no. 02 * |
| 黄子安;王新蕾;: "MPLS VPN和DMVPN的混合应用通信方案", 福建电脑, no. 06 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111726289B (en) | 2024-01-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10523560B2 (en) | Service level agreement based next-hop selection | |
| US10454812B2 (en) | Service level agreement based next-hop selection | |
| CN107637031B (en) | Path computation element central controller for network traffic | |
| US8260922B1 (en) | Technique for using OER with an ECT solution for multi-homed sites | |
| US8874709B2 (en) | Automatic subnet creation in networks that support dynamic ethernet-local area network services for use by operation, administration, and maintenance | |
| CN110635935B (en) | Using multiple EVPN routes for respective service interfaces of a user interface | |
| US8693323B1 (en) | System and method for managing communications in an access network | |
| US6493349B1 (en) | Extended internet protocol virtual private network architectures | |
| US7801030B1 (en) | Technique for using OER with an ECT solution for multi-homed spoke-to-spoke sites | |
| US7619966B2 (en) | Hybrid virtual private LAN extensions | |
| CN100566284C (en) | VPN (virtual private network) and router wherein | |
| US20070115990A1 (en) | Method of providing an encrypted multipoint VPN service | |
| WO2015131560A1 (en) | Segment routing identifier allocation method and segment routing node | |
| CN102055665B (en) | OSPF point-to-multipoint over broadcast or NBMA mode | |
| US9264971B2 (en) | VPNv4 route control for LTE X2 son using unique route targets | |
| CN104378297A (en) | Message forwarding method and device | |
| KR20140027455A (en) | Centralized system for routing ethernet packets over an internet protocol network | |
| JP2013526813A (en) | Method and apparatus for MPLS MAC-VPN MPLS label allocation | |
| US11799716B2 (en) | Core isolation for logical tunnels stitching multi-homed EVPN and L2 circuit | |
| US11290394B2 (en) | Traffic control in hybrid networks containing both software defined networking domains and non-SDN IP domains | |
| CN109788018B (en) | Cross-domain service intercommunication method, network equipment and storage medium | |
| CN108601055B (en) | Method and system for deploying L3 VPN in L TE mobile backhaul network | |
| Ibáñez et al. | Fast Path Ethernet Switching: On-demand, efficient transparent bridges for data center and campus networks | |
| US10291524B2 (en) | Dynamic tunnel establishment in a mesh network | |
| CN111726289A (en) | Multi-stage HUB node mode interconnection and intercommunication routing method based on DMVPN framework |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |