CN111800525A - Gateway redundancy method and system - Google Patents
Gateway redundancy method and system Download PDFInfo
- Publication number
- CN111800525A CN111800525A CN202010931228.8A CN202010931228A CN111800525A CN 111800525 A CN111800525 A CN 111800525A CN 202010931228 A CN202010931228 A CN 202010931228A CN 111800525 A CN111800525 A CN 111800525A
- Authority
- CN
- China
- Prior art keywords
- arp
- gateway
- module
- gateway device
- record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0663—Performing the actions predefined by failover planning, e.g. switching to standby network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/084—Configuration by using pre-existing information, e.g. using templates or copying from other elements
- H04L41/0846—Configuration by using pre-existing information, e.g. using templates or copying from other elements based on copy from other elements
Abstract
The invention discloses a gateway redundancy method and a system, wherein the method comprises the following steps: the first gateway equipment receives and extracts a source IP and a source mac of the ARP message; searching all ARP records in a first local ARP table to determine whether a source IP of an ARP message exists; if not, newly adding an ARP record to the first local ARP table, and adding a source IP and a source mac of the ARP message to the ARP record; if yes, checking whether the ARP record has a mac address same as the source mac of the ARP message, and if not, replacing the source mac of the ARP message with the mac address of the ARP record; and if the BFD state between the first gateway equipment and the second gateway equipment is an active state, sending the arp record newly added or replaced by the mac address to the second gateway equipment. The invention makes ARP message information synchronous in real time and makes ARP tables between devices keep the same.
Description
Technical Field
The present invention relates to the field of gateway redundancy technologies, and in particular, to a gateway redundancy method and system.
Background
The popularization of the internet and the wave of cloud computing make people increasingly unable to leave the network environment. With the rapid development of the mobile internet, various applications and services are layered endlessly, application developers, service providers and the like need to implement their projects or products rapidly, in a conventional IDC data center, it is generally necessary to arrange their own server devices or rent other person server devices, and also to build a complex network by themselves, which necessarily requires a lot of time and a process that is very error-prone, and also difficult to expand and implement disaster recovery.
In a classical network, a user is very lack of network management capability on the cloud, the user has a virtual server of the classical network, the user only has the capability of communicating with a public network, and at most, security groups can perform some security control capabilities, but the network management capabilities such as network segment planning, subnet division, route management, public network access management by using NAT and the like are almost not available or very weak.
As a future development direction of cloud computing and virtualized networks, networking and service deployment will become simpler and more convenient, and for a cloud computing center, after a user uses a virtual network, a gateway is a first functional point for providing user services, and the stability of the gateway plays a most critical role in a system.
Currently, gateway active/standby redundancy is generally realized in the industry through a VRRP (virtual router redundancy protocol) mode, and the mode has three obvious defects: firstly, the VRRP deployment mode is complicated and is not easy to manage, and the VRRP only works with the main equipment, so that idle equipment is wasted; secondly, VRRP carries out state communication among the devices in a multicast synchronization mode and has certain requirements on a network; thirdly, if the state synchronization fails to lead to the simultaneous activation of a plurality of gateways, a certain influence will be caused to the user network.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a gateway redundancy method and system, wherein real-time synchronization of ARP message information can keep the same ARP tables between two devices, when a certain device goes offline, re-convergence on the network is not required, and the network is hardly affected, and a device fault can be found and the faulty device goes offline in milliseconds through BFD detection, and the flow can be rapidly adjusted by actively changing the port state of the switch, so that the flow cannot be sent to the offline device.
In order to solve the technical problems, the invention provides the following technical scheme: a gateway redundancy method, comprising the steps of:
s3, after receiving the ARP message sent by the VM virtual machine, the first gateway equipment extracts the source IP and the source mac of the ARP message through the first ARP table module;
s4, the first ARP table module searches whether all ARP records in the first local ARP table have the source IP of the ARP message; if all the ARP records in the first local ARP table do not have the source IP of the ARP message, newly adding one ARP record to the first local ARP table, adding the source IP and the source mac of the ARP message to the ARP record, and entering the next step; if one ARP record of the first local ARP table has the source IP of the ARP message, checking whether the ARP record has a mac address which is the same as the source mac of the ARP message, if so, stopping processing the ARP record, if not, replacing the source mac of the ARP message with the mac address of the ARP record, and entering the next step;
s5, the BFD detection module detects whether the BFD state between the first gateway device and the second gateway device is an active state; if the BFD state between the first gateway equipment and the second gateway equipment is the inactive state, no processing is carried out; if the BFD status between the first gateway device and the second gateway device is active, the first gateway device sends the ARP record newly added in step S4 to the second gateway device, and the second ARP table module of the second gateway device stores the ARP record in the second local ARP table of the second ARP table module; or the first gateway device sends the ARP record with the mac address replaced in step S4 to the second gateway device, and the second ARP table module of the second gateway device stores the ARP record in the second local ARP table of the second ARP table module.
Preferably, the step S3 further includes step S2, when the virtual gateway module of the first gateway device needs to acquire the MAC address of the VM virtual machine, and the VM virtual machine needs to respond to the virtual gateway module of the first gateway device, the VM virtual machine sends an ARP packet as a response to the first gateway device through the switch;
or, when the VM virtual machine needs to acquire the MAC address of the virtual gateway module of the first gateway device, the VM virtual machine automatically sends an ARP packet as a request and sends the ARP packet to the first gateway device.
Preferably, step S1 is further included before step S2, where the LACP convergence module controls the first gateway device and the switch to implement interface convergence, controls the second gateway device and the switch to implement interface convergence, and controls the first gateway device, the second gateway device, and the switch to implement interface convergence between each two devices.
Preferably, the step S4 is specifically: the first ARP table module searches whether all ARP records in a first local ARP table have the source IP of the ARP message; if all the ARP records in the first local ARP table do not have the source IP of the ARP message, newly adding an ARP record to the first local ARP table, adding the source IP and the source mac of the ARP message to the ARP record, setting a learning flag leran _ flag for the ARP message by the first ARP table module, setting the value of the leran _ flag to be 1, and entering the next step;
if one ARP record of the first local ARP table has the source IP of the ARP message, checking whether the ARP record has a mac address identical to the source mac of the ARP message, if so, stopping processing the ARP record, and the first ARP table module sets a learning flag lern _ flag for the ARP message, and sets the value of the lern _ flag to 0; if the ARP record does not have a mac address identical to the ARP message source mac, replacing the source mac of the ARP message with the mac address of the ARP record, setting a learning flag lern _ flag for the ARP message by the first ARP table module, setting the value of the lern _ flag to 1, and proceeding to the next step;
the step S5 specifically includes: the first gateway equipment continuously receives ARP messages sent by the VM virtual machine, the first ARP table module detects whether the value of a spare _ flag of the ARP messages is 1 or not, if not, the step S2 is returned, if yes, the source mac or the source IP of the ARP messages needs to be synchronously sent to the second gateway equipment, the first gateway equipment sends a synchronous message to the BFD detection module, and the BFD detection module detects whether the BFD state between the first gateway equipment and the second gateway equipment is an active state or not; if the BFD state between the first gateway equipment and the second gateway equipment is the inactive state, no processing is carried out; if the BFD status between the first gateway device and the second gateway device is active, the first gateway device sends the ARP record newly added in step S4 to the second gateway device, and the second ARP table module of the second gateway device stores the ARP record in the second local ARP table of the second ARP table module; or the first gateway device sends the ARP record with the mac address replaced in step S4 to the second gateway device, and the second ARP table module of the second gateway device stores the ARP record in the second local ARP table of the second ARP table module.
Preferably, in step S5, the first gateway device sends the ARP record newly added in step S4 to a second controller module of the second gateway device through the first controller module, the second controller module forwards the ARP record to the second ARP table module, and the second ARP table module stores the ARP record in a second local ARP table of the second ARP table module;
the first gateway device sends the ARP record with the mac address replaced in step S4 to a second controller module of the second gateway device through the first controller module, the second controller module forwards the ARP record to the second ARP table module, and the second ARP table module stores the ARP record in a second local ARP table of the second ARP table module.
The invention also aims to provide a gateway redundancy system, which comprises a computing virtualization resource pool, a switch, an LACP aggregation module, a first gateway device, a second gateway device, a BFD detection module and a public network gateway module, wherein the first gateway device comprises a first ARP table module and a virtual gateway module, the second gateway device comprises a second ARP table module, the first ARP table module comprises a first local ARP table, and the second ARP table module comprises a second local ARP table; the computing virtualization resource comprises a plurality of VM virtual machines;
the computing virtualization resource pool, the switch, the LACP aggregation module, the first gateway equipment and the public network gateway module are sequentially connected; the computing virtualization resource pool, the switch, the LACP aggregation module, the second gateway equipment and the public network gateway module are sequentially connected; the first gateway equipment is connected with the second gateway equipment through the BFD detection module;
the LACP convergence module is used for: the LACP convergence module controls the first gateway equipment and the switch to realize interface convergence, controls the second gateway equipment and the switch to realize interface convergence, and controls the first gateway equipment, the second gateway equipment and the switch to realize interface convergence between every two equipment;
the public network gateway module is used for: forwarding the traffic of the first gateway device and the second gateway device to the public network, or forwarding the traffic of the public network to the first gateway device and the second gateway;
the VM virtual machine of the compute virtualized resource pool is to: when the virtual gateway module of the first gateway device needs to acquire the MAC address of the VM virtual machine, the VM virtual machine is used for responding to the virtual gateway module of the first gateway device and sending an ARP message serving as a response to the first gateway device through the switch; when the VM virtual machine needs to acquire the MAC address of the virtual gateway module of the first gateway device, the VM virtual machine is used for actively sending an ARP message serving as a request and sending the ARP message to the first gateway device;
the first gateway device is used for receiving the ARP message sent by the VM virtual machine and forwarding the ARP message to the first ARP table module;
the first ARP table module is used for extracting a source IP and a source mac of an ARP message, searching whether all ARP records in a first local ARP table have the source IP of the ARP message, and if all ARP records in the first local ARP table do not have the source IP of the ARP message, the first ARP table module is used for newly adding an ARP record to the first local ARP table and adding the source IP and the source mac of the ARP message to the ARP record; if one ARP record of the first local ARP table has the source IP of the ARP message, the first ARP table module is configured to check whether the ARP record has a mac address that is the same as the mac address of the ARP message source, and if so, stop processing the ARP record; if the ARP record does not have a mac address identical to the source mac of the ARP message, the first ARP table module is used for replacing the source mac of the ARP message with the mac address of the ARP record;
the BFD detection module is used for detecting whether a BFD state between the first gateway device and the second gateway device is an active state; if the BFD state between the first gateway device and the second gateway device is an active state, the first gateway device is used for sending the newly added ARP record or the ARP record with the mac address replaced to the second gateway device, and a second ARP table module of the second gateway device is used for storing the ARP record in a second local ARP table of the second ARP table module; and if the BFD state between the first gateway equipment and the second gateway equipment is the inactive state, the first gateway equipment stops processing the ARP message.
Preferably, the first gateway device further includes a first controller module, and the second gateway device further includes a second controller module;
the first controller module is to: if the BFD state between the first gateway device and the second gateway device is an active state, the first controller module is used for sending the newly added arp record or the arp record with the mac address replaced to the second controller module; and the second controller module is used for sending the ARP record to the second ARP table module.
After the technical scheme is adopted, the invention at least has the following beneficial effects: the invention realizes the mode of cross-equipment convergence by using LACP, combines with the mode of BFD detection equipment state and synchronizes ARP message information by the controller module, so that all the deployed equipment can join in work, the defect that a VRRP redundancy protocol can only provide service by single equipment is overcome, and the ARP message information is synchronized in real time so that ARP tables among the equipment can be kept the same; under any load balancing method of the LACP of the switch, no matter which equipment the data message is forwarded to, the data message can be effectively forwarded, and the stability of the system is improved.
Drawings
Fig. 1 is a flowchart illustrating steps of a gateway redundancy method according to the present invention.
Fig. 2 is a block diagram of a gateway redundancy system according to the present invention.
Detailed Description
It should be noted that, in the present application, the embodiments and features of the embodiments may be combined with each other without conflict, and the present application is further described in detail with reference to the drawings and specific embodiments.
Example 1
Generally, in the LACP convergence technology, there are many gateway devices, and a message entering from a gateway of an external network is randomly transmitted to a switch through a port of one of the gateway devices, or a message is sent out from a vm virtual machine to the external network gateway, and is also randomly transmitted to the external network gateway through a port of one of the gateway devices; therefore, for the local ARP table in each gateway device, the recorded information (e.g., source IP and source mac) should be consistent, and therefore, the two gateway devices should keep learning messages and transmitting related message information and saving the information. In this embodiment, two gateway devices are used for illustration, and the method is not limited to only the two gateway devices, but two gateway devices in all the gateway devices are provided with the gateway devices.
As shown in fig. 1, this embodiment discloses a gateway redundancy method, which specifically includes the following steps:
s1, the LACP convergence module controls the first gateway device and the switch to realize interface convergence, controls the second gateway device and the switch to realize interface convergence, and controls the first gateway device, the second gateway device and the switch to realize interface convergence; in general, the LACP convergence module is a computing virtualization resource pool, a switch, a first gateway device, a second gateway device, a BFD detection module and a public network gateway module acting in a gateway redundancy system, and the LACP convergence module implements a cross-device convergence function for each device or module;
wherein, 1) according to the IEEE 802.3ad provisions on LACP device convergence standards: multiple PORTs of a device are accessed into the same switch to realize convergence, LACPDU (link convergence control protocol data unit for short) needs to be exchanged between the device and the switch, the LACP protocol specifies that a convergence group is uniquely identified by using system priority, system ID (MAC) and operation KEY, and different PORTs in the same convergence group are identified by PORT ID;
2) according to the standard regulation of IEEE 802.3ad, when two devices respectively access one of the PORTs to the same switch to realize cross-device convergence, as long as the system priority, system ID (mac), and operation KEY in LACPDU interacted between the two devices and the switch are ensured to be the same, then the two devices identify their own PORTs in the convergence group by using different PORT IDs, the cross-device convergence can be realized through LACP, and the system priority, system ID (mac), and operation KEY of the two devices are ensured to be the same and PORT IDs are different, which can be realized through manual setting or device information synchronization;
3) through the configuration of the LACP convergence module, the first gateway equipment and the second gateway equipment belong to the same convergence group;
the LACP convergence module is used, so that a cross-device convergence mode is realized;
s2, when the virtual gateway module of the first gateway device needs to acquire the MAC address of the VM virtual machine and the VM virtual machine needs to respond to the virtual gateway module of the first gateway device, the VM virtual machine sends an ARP message as a response to the first gateway device through the switch;
or when the VM virtual machine needs to acquire the MAC address of the virtual gateway module of the first gateway device, the VM virtual machine automatically sends an ARP message as a request and sends the ARP message to the first gateway device;
the most difference here is whether the VM virtual machine is actively requested or passively requested; if the virtual gateway module actively requests to acquire the MAC address of the virtual gateway module, an ARP request message is sent to the first gateway device, namely, the VM virtual machine actively sends an ARP message as a request and sends the ARP message to the first gateway device; if the MAC address of the virtual gateway module is passively requested to be acquired, an ARP response message is sent to the first gateway device, namely, the VM virtual machine sends an ARP message serving as a response to the first gateway device through the switch;
the ARP request message and the ARP response message are both ARP messages with source IP and source Mac;
s3, after receiving the ARP message sent by the VM virtual machine, the first gateway equipment extracts the source IP (sip) and the source mac (smac) of the ARP message through the first ARP table module;
s4, the first ARP table module searches whether all ARP records in the first local ARP table have the source IP of the ARP message; if all the ARP records in the first local ARP table do not have the source IP of the ARP message, newly adding an ARP record to the first local ARP table, adding the source IP and the source mac of the ARP message to the ARP record, setting a learning flag leran _ flag for the ARP message by the first ARP table module, setting the value of the leran _ flag to be 1, and entering the next step;
if one ARP record of the first local ARP table has the source IP of the ARP message, checking whether the ARP record has a mac address identical to the source mac of the ARP message, if so, stopping processing the ARP record, and the first ARP table module sets a learning flag lern _ flag for the ARP message, and sets the value of the lern _ flag to 0; if the ARP record does not have a mac address identical to the ARP message source mac, replacing the source mac of the ARP message with the mac address of the ARP record, setting a learning flag lern _ flag for the ARP message by the first ARP table module, setting the value of the lern _ flag to 1, and proceeding to the next step;
setting a learning flag, namely, a learn _ flag, and setting learn _ flag =1 or learn _ flag =0 for the ARP packet, so as to more quickly screen out which source IPs and source macs of the ARP packet need to be sent to the second gateway device in the next step by the first ARP table module;
s5, the first gateway device continuously receives ARP messages sent by the VM, the first ARP table module detects whether the value of the spare _ flag of the ARP messages is 1, if not, the step S2 is returned, if yes, the source mac or the source IP of the ARP messages needs to be synchronized to the second gateway device, the first gateway device sends a synchronization message to the BFD detection module, and the BFD detection module detects whether the BFD state between the first gateway device and the second gateway device is an active state; if the BFD state between the first gateway equipment and the second gateway equipment is the inactive state, no processing is carried out; if the BFD status between the first gateway device and the second gateway device is active, the first gateway device sends the ARP record newly added in step S4 to the second gateway device, and the second ARP table module of the second gateway device stores the ARP record in the second local ARP table of the second ARP table module; or the first gateway device sends the ARP record with the mac address replaced in step S4 to the second gateway device, and the second ARP table module of the second gateway device stores the ARP record in the second local ARP table of the second ARP table module;
the first gateway device sends the ARP record newly added in step S4 to a second controller module of a second gateway device through the first controller module, the second controller module forwards the ARP record to the second ARP table module, and the second ARP table module stores the ARP record in a second local ARP table of the second ARP table module;
the first gateway device sends the ARP record with the mac address replaced in step S4 to a second controller module of the second gateway device through the first controller module, the second controller module forwards the ARP record to the second ARP table module, and the second ARP table module stores the ARP record in a second local ARP table of the second ARP table module.
So far, the mutual learning between the first gateway device and the second gateway device is completed. Here, the ARP message is transmitted to the first gateway device or the second gateway device at the beginning in the same manner as described above.
In the steps, a cross-device convergence mode is realized through an LACP convergence module, the state of the equipment is detected through BFD, and the ARP message information is synchronized through a controller module, so that all deployed equipment can be added to work, the defect that a VRRP redundancy protocol can only provide service for single equipment is overcome, and the ARP message information is synchronized in real time, so that ARP tables among the equipment can be kept the same; under any load balancing method of the LACP of the switch, no matter which equipment the data message is forwarded to, the data message can be effectively forwarded, and the stability of the system is improved.
Among the above, ARP — Address Resolution Protocol (Address Resolution Protocol);
VRRP- -Virtual routing Redundancy Protocol (Virtual Router Redundancy Protocol);
BFD — Bidirectional Forwarding Detection mechanism (Bidirectional Forwarding Detection);
LACP- -Link Aggregation Control Protocol (Link Aggregation Control Protocol).
Example 2
As shown in fig. 2, this embodiment discloses a gateway redundancy system, which includes a computational virtualization resource pool, a switch, an LACP aggregation module, a first gateway device, a second gateway device, a BFD detection module, and a public network gateway module, where the first gateway device includes a first ARP table module and a virtual gateway module, the second gateway device includes a second ARP table module, the first ARP table module includes a first local ARP table, and the second ARP table module includes a second local ARP table; the computing virtualization resource comprises a plurality of VM virtual machines;
the computing virtualization resource pool, the switch, the LACP aggregation module, the first gateway equipment and the public network gateway module are sequentially connected; the computing virtualization resource pool, the switch, the LACP aggregation module, the second gateway equipment and the public network gateway module are sequentially connected; the first gateway equipment is connected with the second gateway equipment through the BFD detection module;
the LACP convergence module is used for: the LACP convergence module controls the first gateway equipment and the switch to realize interface convergence, controls the second gateway equipment and the switch to realize interface convergence, and controls the first gateway equipment, the second gateway equipment and the switch to realize interface convergence between every two equipment;
the public network gateway module is used for: forwarding the traffic of the first gateway device and the second gateway device to the public network, or forwarding the traffic of the public network to the first gateway device and the second gateway;
the VM virtual machine of the compute virtualized resource pool is to: when the virtual gateway module of the first gateway device needs to acquire the MAC address of the VM virtual machine, the VM virtual machine is used for responding to the virtual gateway module of the first gateway device and sending an ARP message serving as a response to the first gateway device through the switch; when the VM virtual machine needs to acquire the MAC address of the virtual gateway module of the first gateway device, the VM virtual machine is used for actively sending an ARP message serving as a request and sending the ARP message to the first gateway device;
the first gateway device is used for receiving the ARP message sent by the VM virtual machine and forwarding the ARP message to the first ARP table module;
the first ARP table module is used for extracting a source IP and a source mac of an ARP message, searching whether all ARP records in a first local ARP table have the source IP of the ARP message, and if all ARP records in the first local ARP table do not have the source IP of the ARP message, the first ARP table module is used for newly adding an ARP record to the first local ARP table and adding the source IP and the source mac of the ARP message to the ARP record; if one ARP record of the first local ARP table has the source IP of the ARP message, the first ARP table module is configured to check whether the ARP record has a mac address that is the same as the mac address of the ARP message source, and if so, stop processing the ARP record; if the ARP record does not have a mac address identical to the source mac of the ARP message, the first ARP table module is used for replacing the source mac of the ARP message with the mac address of the ARP record;
the BFD detection module is used for detecting whether a BFD state between the first gateway device and the second gateway device is an active state; if the BFD state between the first gateway device and the second gateway device is an active state, the first gateway device is used for sending the newly added ARP record or the ARP record with the mac address replaced to the second gateway device, and a second ARP table module of the second gateway device is used for storing the ARP record in a second local ARP table of the second ARP table module; and if the BFD state between the first gateway equipment and the second gateway equipment is the inactive state, the first gateway equipment stops processing the ARP message.
The first gateway device further comprises a first controller module, and the second gateway device further comprises a second controller module;
the first controller module is to: if the BFD state between the first gateway device and the second gateway device is an active state, the first controller module is used for sending the newly added arp record or the arp record with the mac address replaced to the second controller module; and the second controller module is used for sending the ARP record to the second ARP table module.
Further, the first gateway device further includes three network ports, which are network port em1, network port em2 and network port em 3; similarly, the second gateway device also has three network ports, network port em11, network port em12 and network port em 13;
the BFD detection module is connected with the network port em1 and the network port em 11; the first gateway device is connected with the public network gateway module through a network port em3 and connected with the LACP convergence module through a network port em 2; the second gateway device is connected to the public network gateway module through the network port em13, and is connected to the LACP convergence module through the network port em 12.
Example 3
The invention is illustrated on the basis of examples 1 and 2 by way of a specific example.
Example (c): suppose there is a virtual network 192.168.1.0/24 at this time
A gateway: 192.168.1.1
vm1:192.168.1.2
1. vm1 default gateway set to 192.168.1.1;
2. when vm1 needs to access an external network, a data packet needs to be transmitted to a gateway, and the mac address of the gateway needs to be known at the moment;
3. vm1 issues an arp request to learn the gateway address;
4. the Arp request is distributed to the first gateway equipment by the switch;
5. after receiving the arp request, the first gateway device records ip and mac of vm1 to a local arp table and replies arp to vm 1;
6. sending the newly learned ip and mac to the right device;
7. and the right device receives the arp synchronization and records the ip and the mac into a local arp table.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that various equivalent changes, modifications, substitutions and alterations can be made herein without departing from the principles and spirit of the invention, the scope of which is defined by the appended claims and their equivalents.
Claims (7)
1. A gateway redundancy method, comprising the steps of:
s3, after receiving the ARP message sent by the VM virtual machine, the first gateway equipment extracts the source IP and the source mac of the ARP message through the first ARP table module;
s4, the first ARP table module searches whether all ARP records in the first local ARP table have the source IP of the ARP message; if all the ARP records in the first local ARP table do not have the source IP of the ARP message, newly adding one ARP record to the first local ARP table, adding the source IP and the source mac of the ARP message to the ARP record, and entering the next step; if one ARP record of the first local ARP table has the source IP of the ARP message, checking whether the ARP record has a mac address which is the same as the source mac of the ARP message, if so, stopping processing the ARP record, if not, replacing the source mac of the ARP message with the mac address of the ARP record, and entering the next step;
s5, the BFD detection module detects whether the BFD state between the first gateway device and the second gateway device is an active state; if the BFD state between the first gateway equipment and the second gateway equipment is the inactive state, no processing is carried out; if the BFD status between the first gateway device and the second gateway device is active, the first gateway device sends the ARP record newly added in step S4 to the second gateway device, and the second ARP table module of the second gateway device stores the ARP record in the second local ARP table of the second ARP table module; or the first gateway device sends the ARP record with the mac address replaced in step S4 to the second gateway device, and the second ARP table module of the second gateway device stores the ARP record in the second local ARP table of the second ARP table module.
2. The gateway redundancy method of claim 1, wherein the step S3 is preceded by the step S2 of sending, by the VM virtual machine, an ARP packet as a response to the first gateway device through the switch when the virtual gateway module of the first gateway device needs to obtain the MAC address of the VM virtual machine and the VM virtual machine needs to respond to the virtual gateway module of the first gateway device;
or, when the VM virtual machine needs to acquire the MAC address of the virtual gateway module of the first gateway device, the VM virtual machine automatically sends an ARP packet as a request and sends the ARP packet to the first gateway device.
3. The gateway redundancy method of claim 2, wherein the step S2 is preceded by a step S1, in which the LACP convergence module controls the first gateway device and the switch to implement interface convergence therebetween, controls the second gateway device and the switch to implement interface convergence therebetween, and controls the first gateway device, the second gateway device, and the switch to implement interface convergence therebetween.
4. The gateway redundancy method according to claim 2 or 3, wherein the step S4 specifically is: the first ARP table module searches whether all ARP records in a first local ARP table have the source IP of the ARP message; if all the ARP records in the first local ARP table do not have the source IP of the ARP message, newly adding an ARP record to the first local ARP table, adding the source IP and the source mac of the ARP message to the ARP record, setting a learning flag leran _ flag for the ARP message by the first ARP table module, setting the value of the leran _ flag to be 1, and entering the next step;
if one ARP record of the first local ARP table has the source IP of the ARP message, checking whether the ARP record has a mac address identical to the source mac of the ARP message, if so, stopping processing the ARP record, and the first ARP table module sets a learning flag lern _ flag for the ARP message, and sets the value of the lern _ flag to 0; if the ARP record does not have a mac address identical to the ARP message source mac, replacing the source mac of the ARP message with the mac address of the ARP record, setting a learning flag lern _ flag for the ARP message by the first ARP table module, setting the value of the lern _ flag to 1, and proceeding to the next step;
the step S5 specifically includes: the first gateway equipment continuously receives ARP messages sent by the VM virtual machine, the first ARP table module detects whether the value of a spare _ flag of the ARP messages is 1 or not, if not, the step S2 is returned, if yes, the source mac or the source IP of the ARP messages needs to be synchronously sent to the second gateway equipment, the first gateway equipment sends a synchronous message to the BFD detection module, and the BFD detection module detects whether the BFD state between the first gateway equipment and the second gateway equipment is an active state or not; if the BFD state between the first gateway equipment and the second gateway equipment is the inactive state, no processing is carried out; if the BFD status between the first gateway device and the second gateway device is active, the first gateway device sends the ARP record newly added in step S4 to the second gateway device, and the second ARP table module of the second gateway device stores the ARP record in the second local ARP table of the second ARP table module; or the first gateway device sends the ARP record with the mac address replaced in step S4 to the second gateway device, and the second ARP table module of the second gateway device stores the ARP record in the second local ARP table of the second ARP table module.
5. The gateway redundancy method of claim 4, wherein in step S5, the first gateway device sends the ARP record newly added in step S4 to the second controller module of the second gateway device through the first controller module, the second controller module forwards the ARP record to the second ARP table module, and the second ARP table module stores the ARP record in the second local ARP table of the second ARP table module;
the first gateway device sends the ARP record with the mac address replaced in step S4 to a second controller module of the second gateway device through the first controller module, the second controller module forwards the ARP record to the second ARP table module, and the second ARP table module stores the ARP record in a second local ARP table of the second ARP table module.
6. A gateway redundancy system is characterized by comprising a computing virtualization resource pool, a switch, an LACP aggregation module, a first gateway device, a second gateway device, a BFD detection module and a public network gateway module, wherein the first gateway device comprises a first ARP table module and a virtual gateway module, the second gateway device comprises a second ARP table module, the first ARP table module comprises a first local ARP table, and the second ARP table module comprises a second local ARP table; the computing virtualization resource comprises a plurality of VM virtual machines;
the computing virtualization resource pool, the switch, the LACP aggregation module, the first gateway equipment and the public network gateway module are sequentially connected; the computing virtualization resource pool, the switch, the LACP aggregation module, the second gateway equipment and the public network gateway module are sequentially connected; the first gateway equipment is connected with the second gateway equipment through the BFD detection module;
the LACP convergence module is used for: the LACP convergence module controls the first gateway equipment and the switch to realize interface convergence, controls the second gateway equipment and the switch to realize interface convergence, and controls the first gateway equipment, the second gateway equipment and the switch to realize interface convergence between every two equipment; the public network gateway module is used for: forwarding the traffic of the first gateway device and the second gateway device to the public network, or forwarding the traffic of the public network to the first gateway device and the second gateway;
the VM virtual machine of the compute virtualized resource pool is to: when the virtual gateway module of the first gateway device needs to acquire the MAC address of the VM virtual machine, the VM virtual machine is used for responding to the virtual gateway module of the first gateway device and sending an ARP message serving as a response to the first gateway device through the switch; when the VM virtual machine needs to acquire the MAC address of the virtual gateway module of the first gateway device, the VM virtual machine is used for actively sending an ARP message serving as a request and sending the ARP message to the first gateway device;
the first gateway device is used for receiving the ARP message sent by the VM virtual machine and forwarding the ARP message to the first ARP table module;
the first ARP table module is used for extracting a source IP and a source mac of an ARP message, searching whether all ARP records in a first local ARP table have the source IP of the ARP message, and if all ARP records in the first local ARP table do not have the source IP of the ARP message, the first ARP table module is used for newly adding an ARP record to the first local ARP table and adding the source IP and the source mac of the ARP message to the ARP record; if one ARP record of the first local ARP table has the source IP of the ARP message, the first ARP table module is configured to check whether the ARP record has a mac address that is the same as the mac address of the ARP message source, and if so, stop processing the ARP record; if the ARP record does not have a mac address identical to the source mac of the ARP message, the first ARP table module is used for replacing the source mac of the ARP message with the mac address of the ARP record;
the BFD detection module is used for detecting whether a BFD state between the first gateway device and the second gateway device is an active state; if the BFD state between the first gateway device and the second gateway device is an active state, the first gateway device is used for sending the newly added ARP record or the ARP record with the mac address replaced to the second gateway device, and a second ARP table module of the second gateway device is used for storing the ARP record in a second local ARP table of the second ARP table module; and if the BFD state between the first gateway equipment and the second gateway equipment is the inactive state, the first gateway equipment stops processing the ARP message.
7. The gateway redundancy system of claim 6, wherein the first gateway device further comprises a first controller module, and the second gateway device further comprises a second controller module;
the first controller module is to: if the BFD state between the first gateway device and the second gateway device is an active state, the first controller module is used for sending the newly added arp record or the arp record with the mac address replaced to the second controller module; and the second controller module is used for sending the ARP record to the second ARP table module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010931228.8A CN111800525A (en) | 2020-09-07 | 2020-09-07 | Gateway redundancy method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010931228.8A CN111800525A (en) | 2020-09-07 | 2020-09-07 | Gateway redundancy method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111800525A true CN111800525A (en) | 2020-10-20 |
Family
ID=72834173
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010931228.8A Pending CN111800525A (en) | 2020-09-07 | 2020-09-07 | Gateway redundancy method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111800525A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070636A (en) * | 2021-11-22 | 2022-02-18 | 迈普通信技术股份有限公司 | Security control method, security control device, switch, server and network system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102857588A (en) * | 2012-09-17 | 2013-01-02 | 杭州华三通信技术有限公司 | Processing method and apparatus for address resolution protocol ARP information |
| CN104270231A (en) * | 2014-09-05 | 2015-01-07 | 烽火通信科技股份有限公司 | System and method for realizing double-node interconnected pseudo-wire |
| CN107277187A (en) * | 2017-06-07 | 2017-10-20 | 烽火通信科技股份有限公司 | The system and method for ARP Hot Spare Fast synchronizations |
| CN107948041A (en) * | 2017-11-22 | 2018-04-20 | 锐捷网络股份有限公司 | The method and apparatus for building the more gateways living of VXLAN centralizations |
| CN108574614A (en) * | 2017-03-10 | 2018-09-25 | 华为技术有限公司 | A kind of message processing method, equipment and network system |
| CN111404732A (en) * | 2020-03-05 | 2020-07-10 | 广东睿江云计算股份有限公司 | NAT gateway disaster recovery implementation method and system thereof |
-
2020
- 2020-09-07 CN CN202010931228.8A patent/CN111800525A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102857588A (en) * | 2012-09-17 | 2013-01-02 | 杭州华三通信技术有限公司 | Processing method and apparatus for address resolution protocol ARP information |
| CN104270231A (en) * | 2014-09-05 | 2015-01-07 | 烽火通信科技股份有限公司 | System and method for realizing double-node interconnected pseudo-wire |
| CN108574614A (en) * | 2017-03-10 | 2018-09-25 | 华为技术有限公司 | A kind of message processing method, equipment and network system |
| CN107277187A (en) * | 2017-06-07 | 2017-10-20 | 烽火通信科技股份有限公司 | The system and method for ARP Hot Spare Fast synchronizations |
| CN107948041A (en) * | 2017-11-22 | 2018-04-20 | 锐捷网络股份有限公司 | The method and apparatus for building the more gateways living of VXLAN centralizations |
| CN111404732A (en) * | 2020-03-05 | 2020-07-10 | 广东睿江云计算股份有限公司 | NAT gateway disaster recovery implementation method and system thereof |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070636A (en) * | 2021-11-22 | 2022-02-18 | 迈普通信技术股份有限公司 | Security control method, security control device, switch, server and network system |
| CN114070636B (en) * | 2021-11-22 | 2023-08-11 | 迈普通信技术股份有限公司 | Security control method and device, switch, server and network system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11336973B2 (en) | Optical line terminal OLT device virtualization method and related device | |
| US8339940B2 (en) | Multi-active detection method and stack member device | |
| WO2019094522A1 (en) | Method and system of a high availability enhancements to a computer network | |
| CN111638957B (en) | Method for realizing cluster sharing type public cloud load balance | |
| CN104104570A (en) | Aggregation processing method in IRF (Intelligent Resilient Framework) system and device | |
| CN112615778B (en) | Message forwarding method, device, router, storage medium and system | |
| CN102263704A (en) | Topology construction method and device supporting layer 2 interconnection of data centers | |
| CN110519075B (en) | SDN-based communication system and method for physical host and virtual cloud host | |
| US20180359171A1 (en) | Automatic network topology detection for merging two isolated networks | |
| CN107306215B (en) | Data processing method, system and node | |
| WO2020259121A1 (en) | Method, apparatus and system for implementing traffic switching | |
| CN111786882B (en) | Route processing method and device | |
| WO2020114017A1 (en) | Data center traffic exchange method and apparatus, device and storage medium | |
| US20160205033A1 (en) | Pool element status information synchronization method, pool register, and pool element | |
| CN111404732B (en) | NAT gateway disaster recovery implementation method and system thereof | |
| US9465703B2 (en) | Edge virtual bridging station with primary and secondary physical network cards | |
| CN105281951A (en) | Double-main-device conflict detection method for VSU system, and network equipment | |
| CN115174468A (en) | Route synchronization method, cross-device link aggregation group, electronic device and medium | |
| WO2011110134A2 (en) | Method, device and broadband access server system for load share | |
| CN113839862A (en) | Method, system, terminal and storage medium for synchronizing ARP information between MCLAG neighbors | |
| CN111800327B (en) | Traffic sharing method and equipment of VXLAN (virtual extensible local area network) | |
| CN111800525A (en) | Gateway redundancy method and system | |
| CN110661710B (en) | Message transmission method and device of virtualization system | |
| US10924397B2 (en) | Multi-VRF and multi-service insertion on edge gateway virtual machines | |
| CN114268581B (en) | Method for realizing high availability and load sharing of network equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201020 |