CN111988439A - ARP request suppression system, method, equipment and storage medium - Google Patents
ARP request suppression system, method, equipment and storage medium Download PDFInfo
- Publication number
- CN111988439A CN111988439A CN201910425783.0A CN201910425783A CN111988439A CN 111988439 A CN111988439 A CN 111988439A CN 201910425783 A CN201910425783 A CN 201910425783A CN 111988439 A CN111988439 A CN 111988439A
- Authority
- CN
- China
- Prior art keywords
- arp
- virtual machine
- virtual
- configuration information
- suppressor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Abstract
The invention discloses an ARP request suppression system, in the system, an ARP suppressor is deployed in a forwarding plane of a data center, an SDN controller is deployed in a control plane of the data center, the SDN controller sends a virtual machine configuration information table to the ARP suppressor after obtaining the virtual machine configuration information table, the ARP suppressor determines a second virtual machine to be accessed by a first virtual machine when receiving an ARP request message sent by a virtual switch, a mapping table item of the second virtual machine is inquired in the virtual machine configuration information table, an ARP response message is generated, and the ARP response message is returned to the first virtual machine through the virtual switch, so that the first virtual machine obtains an MAC address of the second virtual machine. By applying the technical scheme provided by the embodiment of the invention, the ARP request can be effectively inhibited, the congestion of the forwarding plane and the control plane channel is avoided, and the response speed can be improved. The invention also discloses an ARP request inhibition method, equipment and a storage medium, and has corresponding technical effects.
Description
Technical Field
The present invention relates to the field of computer application technologies, and in particular, to a system, a method, a device, and a storage medium for ARP request suppression.
Background
With the rapid development of computer technology, the application range of the virtualization network is more and more extensive. In a virtualized network environment, when one virtual machine is to communicate with another virtual machine, if there is no Media Access Control (MAC) Address of the other virtual machine, it is necessary to first acquire the MAC Address of the other virtual machine through the broadcast of an Address Resolution Protocol (ARP) request. As the network scale of VXLAN (Virtual eXtensible local area network) is large, a large amount of broadcast will generate more traffic and waste more bandwidth. Thus making the problem of how to suppress ARP requests more and more interesting.
Currently, ARP request suppression for VXLAN is implemented based on an SDN (Network Defined Software) framework. The SDN controller collects the whole network topology information, when a certain virtual machine has an ARP request, the ARP request of a forwarding surface is reported to the SDN controller of a control surface, the SDN controller automatically answers the ARP request to the virtual machine of the forwarding surface according to the collected whole network topology information, and ARP broadcasting is not needed.
The method has certain defects that all ARP requests are sent to a control plane by a forwarding plane, ARP responses are sent to the forwarding plane by the control plane, and when the number of the ARP requests is large, the channels of the forwarding plane and the control plane are easy to be congested, so that the response speed is too slow, and the normal work of the VXLAN network is influenced.
Disclosure of Invention
An object of the present invention is to provide an ARP request suppression system, method, device, and storage medium to effectively perform ARP request suppression and improve response speed.
In order to solve the technical problems, the invention provides the following technical scheme:
an ARP request suppression system comprises an ARP suppressor and a plurality of virtual switches, wherein the ARP suppressor is deployed in a forwarding plane of a first data center, and an SDN controller is deployed in a control plane of the first data center, and each virtual switch corresponds to one or more virtual machines; wherein the content of the first and second substances,
the SDN controller is used for sending a virtual machine configuration information table to the ARP suppressor after the virtual machine configuration information table is obtained;
a first virtual switch in the plurality of virtual switches is configured to generate an ARP request message according to a received ARP request message of the first virtual machine; sending the ARP request message to the ARP suppressor; when an ARP response message returned by the ARP suppressor is received, forwarding the ARP response message to the first virtual machine;
the ARP suppressor is used for determining a second virtual machine to be accessed by the first virtual machine according to the received ARP request message; inquiring a mapping table item of the second virtual machine in the virtual machine configuration information table, and generating the ARP response message; sending the ARP reply message to the first virtual switch.
In one embodiment of the present invention,
and the first virtual switch is further used for updating a first configuration information table of the first virtual switch according to the ARP response message when the ARP response message returned by the ARP suppressor is received.
In one embodiment of the present invention,
the first virtual switch is further configured to, when receiving the ARP request packet of the first virtual machine, query whether a mapping table entry of the second virtual machine exists in the first configuration information table, and if not, execute the step of generating an ARP request message.
In one embodiment of the present invention,
the first virtual switch is further configured to generate an ARP reply packet and return the ARP reply packet to the first virtual machine when it is determined that the mapping table entry of the second virtual machine exists in the first configuration information table.
In one embodiment of the present invention, the system further comprises at least one backup suppressor of said ARP suppressors, said ARP suppressor being synchronized with information in each of said backup suppressors;
the SDN controller is further configured to select one standby inhibitor to take over the work of the ARP inhibitor and notify all virtual switches of the first data center when the failure of the ARP inhibitor is monitored.
In a specific embodiment of the present invention, the data center further includes a virtual private device deployed in a control plane of the first data center, the first data center is connected to at least one second data center through the virtual private device, and the first data center and each of the second data centers have the same structure;
the SDN controller is further configured to obtain, by the virtual dedicated device, virtual machine configuration information of each second data center, update the virtual machine configuration information table based on the obtained virtual machine configuration information, and send the updated virtual machine configuration information table to the ARP inhibitor.
An ARP request suppression method is applied to an ARP suppressor deployed in a forwarding plane of a first data center, wherein a plurality of virtual switches are also deployed in the forwarding plane of the first data center, each virtual switch corresponds to one or more virtual machines, and the ARP suppressor obtains a virtual machine configuration information table sent by an SDN controller deployed in a control plane of the first data center in advance; the method comprises the following steps:
receiving an ARP request message sent by a first virtual switch, wherein the ARP request message is generated by the first virtual switch according to the received ARP request message of a first virtual machine;
Determining a second virtual machine to be accessed by the first virtual machine according to the ARP request message;
inquiring the mapping table item of the second virtual machine in the virtual machine configuration information table, and generating an ARP response message;
sending the ARP reply message to the first virtual switch to emulate, by the first virtual switch, that the second virtual machine forwards the ARP reply message to the first virtual machine.
In one embodiment of the present invention, the method further comprises:
receiving virtual machine configuration information of other data centers sent by the SDN controller, and updating the virtual machine configuration information table stored by the SDN controller.
An ARP request suppression device is applied to an ARP suppressor deployed in a forwarding plane of a first data center, wherein a plurality of virtual switches are also deployed in the forwarding plane of the first data center, each virtual switch corresponds to one or more virtual machines, and the ARP suppressor obtains a virtual machine configuration information table sent by an SDN controller deployed in a control plane of the first data center in advance; the method comprises the following steps:
a memory for storing a computer program;
a processor for implementing the steps of the ARP request suppression method when executing the computer program.
A computer-readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the ARP request suppression method described above.
By applying the technical scheme provided by the embodiment of the invention, the ARP suppressor is deployed in a forwarding plane of a data center, the SDN controller is deployed in a control plane of the data center, the SDN controller obtains a virtual machine configuration information table and then sends the virtual machine configuration information table to the ARP suppressor, when the ARP suppressor receives an ARP request message sent by any one virtual switch, the ARP suppressor determines a second virtual machine to be accessed by a first virtual machine corresponding to the ARP request message, inquires a mapping table item of the second virtual machine in the virtual machine configuration information table, generates an ARP response message, and returns the ARP response message to the first virtual machine through the virtual switch, so that the first virtual machine obtains the MAC address of the second virtual machine, and sends a message to the second virtual machine based on the MAC address. The ARP request message and the ARP response message are both completed on a forwarding plane of the data center, ARP request suppression can be effectively carried out, the message transmission does not need to pass through channels of the forwarding plane and a control plane, congestion of the channels of the forwarding plane and the control plane can be avoided, the response speed can be improved, and the influence on the normal work of the VXLAN network is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic structural diagram of an ARP request suppression system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a cross-cluster structure of an ARP request suppression system in an embodiment of the present invention;
FIG. 3 is a flowchart illustrating an ARP request suppression method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an ARP request suppression device according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a schematic structural diagram of an ARP request suppression system according to an embodiment of the present invention includes an ARP suppressor 110 and a plurality of virtual switches deployed in a forwarding plane of a first data center, and an SDN controller 120 deployed in a control plane of the first data center, where each virtual switch corresponds to one or more virtual machines. As in fig. 1, virtual switch 1 corresponds to virtual machine 1, and virtual switch 2 corresponds to virtual machine 2 and virtual machine 3.
The SDN controller 120 is configured to send the virtual machine configuration information table to the ARP suppressor 110 after obtaining the virtual machine configuration information table;
the first virtual switch in the virtual switches is used for generating an ARP request message according to the received ARP request message of the first virtual machine; sending the ARP request message to ARP suppressor 110; when receiving an ARP response message returned by the ARP suppressor 110, forwarding the ARP response message to the first virtual machine;
an ARP suppressor 110, configured to determine, according to the received ARP request message, a second virtual machine to be accessed by the first virtual machine; inquiring a mapping table item of a second virtual machine in the virtual machine configuration information table, and generating an ARP response message; an ARP reply message is sent to the first virtual switch.
In the embodiment of the present invention, the first data center may refer to any data center to be subjected to ARP request suppression. A data center may include a forwarding plane, i.e., a data plane, and a control plane. The ARP suppressor is deployed in a forwarding plane of the data center, the SDN controller is deployed in a control plane of the data center, and the SDN controller and the ARP suppressor can communicate with each other by using a set communication protocol. The virtual switches of the data center are located in a forwarding plane, and one data center can be deployed with a plurality of virtual switches, and each virtual switch corresponds to one or more virtual machines. The virtual switch of the data center may specifically be a distributed virtual switch (DvSwitch). The communication Protocol used between the SDN controller and the ARP suppressor may be NETCONF (Network Configuration Protocol), OVSDB (OpenvSwitch Database), OpenFlow Protocol, or the like, and different protocols may be supported according to different devices.
In practical application, the relevant information of the virtual machine can be statically configured through a RestAPI (REST style network interface, which is described by REST and is an interactive form of a client and a server in a network) interface to obtain a virtual machine configuration information table, namely, an FDB (Forwarding database) table, and the virtual machine configuration information table is issued to the SDN controller. The virtual machine configuration information table includes mapping table entries of each virtual machine of the data center, as shown in table 1:
| VTEP1 | VXLAN1 | VLAN1 | IP1 | MAC1 |
| VTEP2 | VXLAN1 | VLAN1 | IP2 | MAC2 |
| VTEP2 | VXLAN1 | VLAN1 | IP3 | MAC3 |
TABLE 1
The first row is a mapping table entry of a virtual machine with an IP address of IP1 and a MAC address of MAC1, and the virtual machine corresponds to VXLAN1 and a VTEP1 endpoint of a VLAN1 network;
the second row is a mapping table entry for a virtual machine with IP address IP2 and MAC address MAC2, which corresponds to a VXLAN2, VTEP2 endpoint of a VLAN2 network.
VLAN (Virtual Local Area Network) is a group of logical devices and users, which are not limited by physical location, and can be organized according to factors such as function, department and application, and communicate with each other as in the same Network segment, so it is called Virtual Local Area Network. VXLAN is a network virtualization technology, is based on IP network and adopts two-layer VPN technology of "MAC in UDP" encapsulation form, is an extension to VLAN. The VTEP (VXLAN Tunnel End Point ) is encapsulated in NVE (Network visual Entities) and used for encapsulating and decapsulating VXLAN messages.
After the SDN controller obtains the virtual machine configuration information table, the SDN controller may send the virtual machine configuration information table to the ARP inhibitor using a set communication protocol. In this way, all the virtual machine configuration information of the first data center is saved in the ARP suppressor.
When any virtual machine of the data center has a communication demand for other virtual machines, the ARP request message can be sent. The first virtual machine is any one virtual machine of the first data center, and the first virtual machine can send an ARP request message when the first virtual machine has a communication demand with the second virtual machine. The ARP request message will reach the first virtual switch corresponding to the first virtual machine.
After receiving the ARP request message of the first virtual machine, the first virtual switch may generate an ARP request message according to the ARP request message. The ARP request message carries the IP address information of the second virtual machine to be accessed by the first virtual machine. The first virtual switch receives the ARP request of the first virtual machine, can know the IP address of the second virtual machine to be accessed by the first virtual machine, and can generate an ARP request message in combination with information such as VXLAN, VLAN, VTEP and the like corresponding to the first virtual machine. The ARP request message comprises VXLAN, VLAN and VETP corresponding to the first virtual machine and IP address information of a second virtual machine to be accessed by the first virtual machine.
The first virtual switch further sends the generated ARP request message to an ARP suppressor.
After receiving the ARP request message sent by the first virtual machine, the ARP suppressor can determine, according to the ARP request message, a second virtual machine to be accessed by the first virtual machine, and obtain an IP address of the second virtual machine. According to the IP address of the second virtual machine, the mapping table entry of the second virtual machine can be inquired in the virtual machine configuration information table, and the ARP response message is generated based on the obtained mapping table entry of the second virtual machine. The ARP reply message may include VXLAN, VLAN, VTEP, and MAC address corresponding to the second virtual machine, i.e., the related information of the first virtual machine.
The ARP suppressor, after generating the ARP reply message, may send the ARP reply message to the first virtual switch.
After receiving the ARP reply message returned by the ARP inhibitor, the first virtual switch may forward the ARP reply message to the first virtual machine. Specifically, the first virtual switch may simulate the second virtual machine to return an ARP reply message to the first virtual machine, and notify the first virtual machine of a MAC address corresponding to an IP address of the second virtual machine to which the first virtual machine is to access.
By applying the system provided by the embodiment of the invention, the ARP suppressor is deployed in a forwarding plane of a data center, the SDN controller is deployed in a control plane of the data center, the SDN controller obtains a virtual machine configuration information table and then sends the virtual machine configuration information table to the ARP suppressor, and when the ARP suppressor receives an ARP request message sent by any one virtual switch, the ARP suppressor determines a second virtual machine to be accessed by a first virtual machine corresponding to the ARP request message, inquires a mapping table item of the second virtual machine in the virtual machine configuration information table, generates an ARP response message, and returns the ARP response message to the first virtual machine through the virtual switch, so that the first virtual machine obtains the MAC address of the second virtual machine, and sends a message to the second virtual machine based on the MAC address. The ARP request message and the ARP response message are both completed on a forwarding plane of the data center, ARP request suppression can be effectively carried out, the message transmission does not need to pass through channels of the forwarding plane and a control plane, congestion of the channels of the forwarding plane and the control plane can be avoided, the response speed can be improved, and the influence on the normal work of the VXLAN network is avoided.
In an embodiment of the present invention, the first virtual switch is further configured to, when receiving an ARP reply message returned by the ARP inhibitor, update its first configuration information table according to the ARP reply message.
In the embodiment of the invention, each virtual switch of the data center can obtain the configuration information table corresponding to the virtual switch through communication with the ARP suppressor. The configuration information table in the first virtual switch is a first configuration information table, and the first configuration information table includes mapping table entries of the virtual machines corresponding to the first virtual switch.
When the first virtual switch receives the ARP request packet of the first virtual machine, it may first query whether a mapping table entry of the second virtual machine exists in the first configuration information table. If the MAC address exists, an ARP response message can be directly generated and returned to the first virtual machine, so that the first virtual machine can obtain the MAC address of the second virtual machine. If not, an ARP request message can be generated and sent to the ARP suppressor to obtain an ARP reply message returned by the ARP suppressor.
When the first virtual switch receives the ARP reply message returned by the ARP inhibitor, the first virtual switch may extract the mapping table entry of the second virtual machine from the ARP reply message according to the ARP reply message, add the mapping table entry of the second virtual machine to the first configuration information table, and update its own first configuration information table. That is, the first configuration information table includes the mapping table entry of each virtual machine corresponding to the first virtual switch, and also includes the mapping table entry of the virtual machine extracted from the ARP reply message.
If the first configuration information table has the mapping table item of the virtual machine requested by the ARP request message, the ARP response message can be directly generated and returned to the sender of the ARP request message, the interaction between the virtual switch and the ARP suppressor is not needed, and the response speed can be improved.
In one embodiment of the invention, the system may further include at least one backup suppressor of the ARP suppressors, the ARP suppressor being synchronized with information in each backup suppressor;
and the SDN controller is further used for selecting one standby suppressor when the failure of the ARP suppressor is monitored, taking over the work of the ARP suppressor and informing all the switches of the first data center.
In the embodiment of the invention, one or more standby suppressors can be configured for the ARP suppressor, and the SDN controller simultaneously issues the virtual machine configuration information table to each standby suppressor when issuing the virtual machine configuration information table to the ARP suppressor so as to synchronize the ARP suppressor with the information in each standby suppressor. When a new standby suppressor is added, information synchronization may be performed by communicating with other standby suppressors, ARP suppressors, or SDN controllers.
Initially, the SDN controller may designate an ARP suppressor as a main suppressor, and when it is monitored that the ARP suppressor fails, may select a standby suppressor to take over the operation of the ARP suppressor, and the selected standby suppressor continues to operate as the main suppressor. Specifically, the selection may be random or may be performed according to a preset priority. Meanwhile, the SDN controller needs to notify all virtual switches of the first data center that a current master inhibitor of each virtual switch has changed. So that each virtual switch sends an ARP request message to the current master inhibitor.
By configuring the ARP suppressor with a standby suppressor, the high availability of the system can be increased.
In one embodiment of the present invention, the system may further include a virtual private device deployed in a control plane of a first data center, the first data center being connected to at least one second data center through the virtual private device, the first data center and each second data center having the same structure;
the SDN controller is further configured to obtain virtual machine configuration information of each second data center through the virtual private device, update the virtual machine configuration information table based on the obtained virtual machine configuration information, and send the updated virtual machine configuration information table to the ARP suppressor.
In the embodiment of the present invention, the control plane of the data center may deploy virtual private equipment. The various data centers may be interconnected by virtual private equipment. Specifically, the first data center may be connected to at least one second data center through a virtual private device, and the first data center and each second data center have the same structure.
After obtaining the virtual machine configuration information of the first data center where the SDN controller is located, the SDN controller may send the virtual machine configuration information of the first data center to another second data center through a virtual dedicated device. The virtual machine configuration information of each second data center may also be obtained by the virtual private apparatus. The SDN controller can update the virtual machine configuration information table based on the obtained virtual machine configuration information, and sends the updated virtual machine configuration information table to the ARP suppressor. In practical applications, only the update information may be transmitted. In this way, the ARP inhibitor can obtain the virtual machine configuration information of the first data center in which the ARP inhibitor is located, and can also obtain the virtual machine configuration information of other second data centers connected with the first data center.
It should be noted that the second data center may be a plurality of different data centers. The Virtual Private device may be an EVPN (Ethernet Virtual Private Network) device, as shown in fig. 2. Namely, the EVPN device is used as a VXLAN control plane between clusters, and all virtual machine configuration information in the clusters is learned.
In the embodiment of the invention, the ARP suppressor is deployed on a forwarding plane, so that ARP request suppression is realized, and ARP flooding is prevented. The ARP suppressor is communicated with the EVPN equipment through an SDN controller, the SDN controller is a distribution point of all virtual machine configuration information, decoupling of the ARP suppressor and the EVPN equipment is achieved, and flexibility is brought to other functions of a network.
Taking fig. 2 as an example, a multi-cluster ARP suppression process will be described. In fig. 2, the data center 1 and the data center 2 have the same structure, the mapping table entry of each virtual machine of the data center 1 is shown in table 1, and the mapping table entry of each virtual machine of the data center 2 is shown in table 2:
| VTEP3 | VXLAN2 | VLAN2 | IP4 | MAC4 |
| VTEP3 | VXLAN2 | VLAN2 | IP5 | MAC5 |
| VTEP4 | VXLAN2 | VLAN2 | IP6 | MAC6 |
TABLE 2
An SDN controller 1 in a data center 1 issues information in a table 1 to EVPN1 equipment, EVPN1 equipment sends corresponding information to EVPN2 equipment of a data center 2, EVPN2 equipment learns virtual machine configuration information sent by EVPN1 equipment of an opposite end and notifies the EVPN2 equipment of the data center 2, the SDN controller 2 stores the virtual machine configuration information sent by EVPN2 equipment of the local end and issues the virtual machine configuration information to an ARP suppressor 2, and meanwhile, the SDN controller 2 also issues the virtual machine configuration information of the data center 2 to the ARP suppressor 2, so that the virtual machine configuration information of the local end and the virtual machine configuration information of the opposite end are stored in the ARP suppressor 2. Similarly, the ARP suppressor 1 in the data center 1 may obtain the local virtual machine configuration information and the peer virtual machine configuration information. For any ARP suppressor, when receiving the ARP request message, the ARP suppressor can query corresponding information based on a virtual machine configuration information table stored in the ARP suppressor, and then return an ARP response message.
Corresponding to the above system embodiment, an ARP request suppression method is further provided in an embodiment of the present invention, and is applied to an ARP suppressor deployed in a forwarding plane of a first data center, where a plurality of virtual switches are also deployed in the forwarding plane of the first data center, each virtual switch corresponds to one or more virtual machines, and the ARP suppressor obtains in advance a virtual machine configuration information table sent by an SDN controller deployed in a control plane of the first data center.
Referring to fig. 3, the method may include the steps of:
s310: receiving an ARP request message sent by a first virtual switch, wherein the ARP request message is generated by the first virtual switch according to the received ARP request message of the first virtual machine;
s320: determining a second virtual machine to be accessed by the first virtual machine according to the ARP request message;
s330: inquiring a mapping table item of a second virtual machine in the virtual machine configuration information table, and generating an ARP response message;
s340: the ARP reply message is sent to the first virtual switch to emulate, by the first virtual switch, a second virtual machine to forward the ARP reply message to the first virtual machine.
The method provided by the embodiment of the invention is applied, the ARP suppressor is deployed in a forwarding plane of a data center, the SDN controller is deployed in a control plane of the data center, the SDN controller sends the virtual machine configuration information table to the ARP suppressor after obtaining the virtual machine configuration information table, the ARP suppressor determines a second virtual machine to be accessed by a first virtual machine corresponding to an ARP request message when receiving the ARP request message sent by any virtual switch, the mapping table item of the second virtual machine is inquired in the virtual machine configuration information table, an ARP response message is generated, and the ARP response message is returned to the first virtual machine through the virtual switch, so that the first virtual machine obtains the MAC address of the second virtual machine, and a message is sent to the second virtual machine based on the MAC address. The ARP request message and the ARP response message are both completed on a forwarding plane of the data center, ARP request suppression can be effectively carried out, the message transmission does not need to pass through channels of the forwarding plane and a control plane, congestion of the channels of the forwarding plane and the control plane can be avoided, the response speed can be improved, and the influence on the normal work of the VXLAN network is avoided.
In one embodiment of the present invention, the method may further comprise the steps of:
receiving virtual machine configuration information of other data centers sent by the SDN controller, and updating a virtual machine configuration information table stored by the SDN controller.
Corresponding to the above method embodiment, an embodiment of the present invention further provides an ARP request suppression device, which is applied to an ARP suppressor deployed in a forwarding plane of a first data center, where the forwarding plane of the first data center is also deployed with a plurality of virtual switches, each virtual switch corresponds to one or more virtual machines, and the ARP suppressor obtains an SDN controller deployed in a control plane of the first data center in advance; as shown in fig. 4, the apparatus includes:
a memory 410 for storing a computer program;
a processor 420 for implementing the steps of the ARP request suppression method when executing a computer program.
Corresponding to the above method embodiments, the present invention further provides a computer readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the ARP request suppression method described above.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The principle and the implementation of the present invention are explained in the present application by using specific examples, and the above description of the embodiments is only used to help understanding the technical solution and the core idea of the present invention. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
Claims (10)
1. An ARP request suppression system is characterized by comprising an ARP suppressor and a plurality of virtual switches, wherein the ARP suppressor is deployed in a forwarding plane of a first data center, and an SDN controller is deployed in a control plane of the first data center, and each virtual switch corresponds to one or more virtual machines respectively; wherein the content of the first and second substances,
The SDN controller is used for sending a virtual machine configuration information table to the ARP suppressor after the virtual machine configuration information table is obtained;
a first virtual switch in the plurality of virtual switches is configured to generate an ARP request message according to a received ARP request message of the first virtual machine; sending the ARP request message to the ARP suppressor; when an ARP response message returned by the ARP suppressor is received, forwarding the ARP response message to the first virtual machine;
the ARP suppressor is used for determining a second virtual machine to be accessed by the first virtual machine according to the received ARP request message; inquiring a mapping table item of the second virtual machine in the virtual machine configuration information table, and generating the ARP response message; sending the ARP reply message to the first virtual switch.
2. The system of claim 1,
and the first virtual switch is further used for updating a first configuration information table of the first virtual switch according to the ARP response message when the ARP response message returned by the ARP suppressor is received.
3. The system of claim 2,
The first virtual switch is further configured to, when receiving the ARP request packet of the first virtual machine, query whether a mapping table entry of the second virtual machine exists in the first configuration information table, and if not, execute the step of generating an ARP request message.
4. The system of claim 3,
the first virtual switch is further configured to generate an ARP reply packet and return the ARP reply packet to the first virtual machine when it is determined that the mapping table entry of the second virtual machine exists in the first configuration information table.
5. The system of claim 1, further comprising at least one backup suppressor of said ARP suppressors, said ARP suppressor being synchronized with information in each of said backup suppressors;
the SDN controller is further configured to select one standby inhibitor to take over the work of the ARP inhibitor and notify all virtual switches of the first data center when the failure of the ARP inhibitor is monitored.
6. The system according to any one of claims 1 to 5, further comprising a virtual private facility deployed in a control plane of the first data center, the first data center being connected to at least one second data center through the virtual private facility, the first data center and each of the second data centers being structurally identical;
The SDN controller is further configured to obtain, by the virtual dedicated device, virtual machine configuration information of each second data center, update the virtual machine configuration information table based on the obtained virtual machine configuration information, and send the updated virtual machine configuration information table to the ARP inhibitor.
7. An ARP request suppression method is applied to an ARP suppressor deployed in a forwarding plane of a first data center, wherein a plurality of virtual switches are also deployed in the forwarding plane of the first data center, each virtual switch corresponds to one or more virtual machines, and the ARP suppressor obtains a virtual machine configuration information table sent by an SDN controller deployed in a control plane of the first data center in advance; the method comprises the following steps:
receiving an ARP request message sent by a first virtual switch, wherein the ARP request message is generated by the first virtual switch according to the received ARP request message of a first virtual machine;
determining a second virtual machine to be accessed by the first virtual machine according to the ARP request message;
inquiring the mapping table item of the second virtual machine in the virtual machine configuration information table, and generating an ARP response message;
Sending the ARP reply message to the first virtual switch to emulate, by the first virtual switch, that the second virtual machine forwards the ARP reply message to the first virtual machine.
8. The method of claim 7, further comprising:
receiving virtual machine configuration information of other data centers sent by the SDN controller, and updating the virtual machine configuration information table stored by the SDN controller.
9. An ARP request suppression device is applied to an ARP suppressor deployed in a forwarding plane of a first data center, wherein a plurality of virtual switches are further deployed in the forwarding plane of the first data center, each virtual switch corresponds to one or more virtual machines, and the ARP suppressor obtains a virtual machine configuration information table sent by an SDN controller deployed in a control plane of the first data center in advance; the method comprises the following steps:
a memory for storing a computer program;
a processor for implementing the steps of the ARP request suppression method according to any of claims 7 to 8 when executing said computer program.
10. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the ARP request suppression method according to any of the claims 7 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910425783.0A CN111988439B (en) | 2019-05-21 | 2019-05-21 | ARP request suppression system, method, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910425783.0A CN111988439B (en) | 2019-05-21 | 2019-05-21 | ARP request suppression system, method, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111988439A true CN111988439A (en) | 2020-11-24 |
| CN111988439B CN111988439B (en) | 2023-07-14 |
Family
ID=73436229
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910425783.0A Active CN111988439B (en) | 2019-05-21 | 2019-05-21 | ARP request suppression system, method, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111988439B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113489812A (en) * | 2021-09-08 | 2021-10-08 | 军事科学院系统工程研究院网络信息研究所 | IP address similarity-based address resolution protocol flooding range suppression method and device |
| CN114172762A (en) * | 2021-10-31 | 2022-03-11 | 广东浪潮智慧计算技术有限公司 | Communication method, device, system and readable storage medium |
| CN116055398A (en) * | 2022-12-29 | 2023-05-02 | 天翼云科技有限公司 | Forwarding method and system node of VXLAN cluster system |
| CN114172762B (en) * | 2021-10-31 | 2024-04-26 | 广东浪潮智慧计算技术有限公司 | Communication method, device, system and readable storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104022953A (en) * | 2013-02-28 | 2014-09-03 | 杭州华三通信技术有限公司 | Message forwarding method and device based on Open Flow |
| US20150071289A1 (en) * | 2013-09-11 | 2015-03-12 | Electronics And Telecommunications Research Institute | System and method for address resolution |
| CN104541481A (en) * | 2013-08-20 | 2015-04-22 | 华为技术有限公司 | Method for processing user message and forwarding plane device |
| US20150326524A1 (en) * | 2013-01-24 | 2015-11-12 | Krishna Mouli TANKALA | Address resolution in software-defined networks |
| US20160072705A1 (en) * | 2014-09-05 | 2016-03-10 | Kt Corporation | Method and device for processing address resolution protocol in software-defined networking environment |
| CN105635138A (en) * | 2015-12-28 | 2016-06-01 | 华为技术有限公司 | Method and apparatus for preventing ARP attacks |
| CN106789640A (en) * | 2016-11-10 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | A kind of priority classification methods, devices and systems based on SDN |
| WO2017152563A1 (en) * | 2016-03-10 | 2017-09-14 | 中兴通讯股份有限公司 | Sdn layer-2 forwarding method and system |
| CN107800628A (en) * | 2016-09-07 | 2018-03-13 | 华为技术有限公司 | Data forwarding device and data forwarding method in software defined network |
| CN109039790A (en) * | 2018-10-24 | 2018-12-18 | 深信服科技股份有限公司 | A kind of inter-cluster communication method and relevant apparatus |
| CN109257265A (en) * | 2018-08-10 | 2019-01-22 | 锐捷网络股份有限公司 | One kind floods suppressing method, VXLAN bridge, gateway and system |
-
2019
- 2019-05-21 CN CN201910425783.0A patent/CN111988439B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150326524A1 (en) * | 2013-01-24 | 2015-11-12 | Krishna Mouli TANKALA | Address resolution in software-defined networks |
| CN104022953A (en) * | 2013-02-28 | 2014-09-03 | 杭州华三通信技术有限公司 | Message forwarding method and device based on Open Flow |
| CN104541481A (en) * | 2013-08-20 | 2015-04-22 | 华为技术有限公司 | Method for processing user message and forwarding plane device |
| US20150071289A1 (en) * | 2013-09-11 | 2015-03-12 | Electronics And Telecommunications Research Institute | System and method for address resolution |
| US20160072705A1 (en) * | 2014-09-05 | 2016-03-10 | Kt Corporation | Method and device for processing address resolution protocol in software-defined networking environment |
| CN105635138A (en) * | 2015-12-28 | 2016-06-01 | 华为技术有限公司 | Method and apparatus for preventing ARP attacks |
| WO2017152563A1 (en) * | 2016-03-10 | 2017-09-14 | 中兴通讯股份有限公司 | Sdn layer-2 forwarding method and system |
| CN107800628A (en) * | 2016-09-07 | 2018-03-13 | 华为技术有限公司 | Data forwarding device and data forwarding method in software defined network |
| CN106789640A (en) * | 2016-11-10 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | A kind of priority classification methods, devices and systems based on SDN |
| CN109257265A (en) * | 2018-08-10 | 2019-01-22 | 锐捷网络股份有限公司 | One kind floods suppressing method, VXLAN bridge, gateway and system |
| CN109039790A (en) * | 2018-10-24 | 2018-12-18 | 深信服科技股份有限公司 | A kind of inter-cluster communication method and relevant apparatus |
Non-Patent Citations (2)
| Title |
|---|
| 李翔;: "基于VXLAN和SDN的云数据中心解决方案", 电子科学技术 * |
| 魏亚清;王慧斌;田玮;田小燕;: "一种基于SDN的分布式ARP代理方法", 光通信研究 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113489812A (en) * | 2021-09-08 | 2021-10-08 | 军事科学院系统工程研究院网络信息研究所 | IP address similarity-based address resolution protocol flooding range suppression method and device |
| CN114172762A (en) * | 2021-10-31 | 2022-03-11 | 广东浪潮智慧计算技术有限公司 | Communication method, device, system and readable storage medium |
| CN114172762B (en) * | 2021-10-31 | 2024-04-26 | 广东浪潮智慧计算技术有限公司 | Communication method, device, system and readable storage medium |
| CN116055398A (en) * | 2022-12-29 | 2023-05-02 | 天翼云科技有限公司 | Forwarding method and system node of VXLAN cluster system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111988439B (en) | 2023-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11398921B2 (en) | SDN facilitated multicast in data center | |
| US10516590B2 (en) | External health checking of virtual private cloud network environments | |
| KR101177203B1 (en) | Mapless global traffic load balancing via anycast | |
| CN109561033B (en) | Method and device for multicast replication in Overlay network | |
| CN108964940B (en) | Message sending method and device and storage medium | |
| EP3069471B1 (en) | Optimized multicast routing in a clos-like network | |
| EP2654250A2 (en) | Virtual local area network identity transformation method and apparatus | |
| US20220200844A1 (en) | Data processing method and apparatus, and computer storage medium | |
| US11153269B2 (en) | On-node DHCP implementation for virtual machines | |
| CN111182022A (en) | Data transmission method and device, storage medium and electronic device | |
| CN104980368A (en) | Bandwidth guarantee method and apparatus in software defined network (SDN) | |
| US9525624B2 (en) | Virtual router redundancy protocol for scalable distributed default routing gateway | |
| CN111988439A (en) | ARP request suppression system, method, equipment and storage medium | |
| CN107276846B (en) | Gateway disaster tolerance method, device and storage medium | |
| CN101404594B (en) | Hot backup performance test method and apparatus, communication equipment | |
| CN106921553B (en) | Method and system for realizing high availability in virtual network | |
| Wang et al. | A novel floodless service discovery mechanism designed for software-defined networking | |
| CN105122776B (en) | Address acquiring method and network virtualization edge device | |
| JP5686188B2 (en) | Route search program and information processing apparatus | |
| CN109842692A (en) | VxLAN switch, system and method for obtaining host information in physical network | |
| CN109088767B (en) | Route updating method and device | |
| CN111884950B (en) | Data transmission method, target switch, designated switch and switch system | |
| CN111092777B (en) | Method and device for learning forwarding table item | |
| CN106878051A (en) | A kind of multi-computer back-up implementation method and device | |
| Wohlbold | Load Balancing and Failover for Isolated, Multi-Tenant Layer 2 Virtual Private Networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |