CN112311569A - DMVPN control method, network device, communication system and storage medium - Google Patents
DMVPN control method, network device, communication system and storage medium Download PDFInfo
- Publication number
- CN112311569A CN112311569A CN201910691465.9A CN201910691465A CN112311569A CN 112311569 A CN112311569 A CN 112311569A CN 201910691465 A CN201910691465 A CN 201910691465A CN 112311569 A CN112311569 A CN 112311569A
- Authority
- CN
- China
- Prior art keywords
- central node
- node
- standby
- main
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 77
- 238000000034 method Methods 0.000 title claims abstract description 66
- 230000008569 process Effects 0.000 claims abstract description 27
- 238000013507 mapping Methods 0.000 claims description 65
- 230000002452 interceptive effect Effects 0.000 claims description 28
- 230000003993 interaction Effects 0.000 claims description 21
- 238000012790 confirmation Methods 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 13
- 239000000284 extract Substances 0.000 claims description 7
- 230000006855 networking Effects 0.000 abstract description 32
- 230000003068 static effect Effects 0.000 description 29
- 238000010586 diagram Methods 0.000 description 4
- 230000000977 initiatory effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 239000003999 initiator Substances 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 101150111571 mreg gene Proteins 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0668—Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
Abstract
Embodiments of the present invention provide a DMVPN control method, a network device, a communication system, and a storage medium, where when a failure occurs in a primary central node, a backup central node provides services for a branch node and/or a central node in a DMVPN network, and in some implementation processes, after the failure occurs in the primary central node, communication can be ensured by the backup central node, so that stability of DMVPN networking communication is improved.
Description
Technical Field
The embodiments of the present invention relate to, but are not limited to, the field of communications, and in particular, but not limited to, a DMVPN control method, a network device, a communication system, and a storage medium.
Background
A DMVPN (Dynamic multi-point Virtual Private Network) is a Network that dynamically establishes a VPN Tunnel. The DMVPN Network includes hub nodes (central nodes) and spoke nodes (branch nodes), and uses NHRP (Next Hop Resolution Protocol) technology to resolve an opposite-end address of a VPN (Virtual Private Network) tunnel to be established, and uses mreg (multipoint Generic Routing Encapsulation) tunnel port to establish a multipoint GRE over IPSec (Internet Protocol Security) VPN tunnel, so as to implement communication between the central nodes and the branch nodes and between the branch nodes.
In the DMVPN networking, communication between nodes usually needs to pass through a central node, and if the central node fails, communication interruption and network paralysis can be caused, which reduces the stability of DMVPN networking communication.
Disclosure of Invention
The embodiment of the invention provides a DMVPN control method, network equipment, a communication system and a storage medium, and mainly solves the technical problem that the existing DMVPN communication stability is low.
To solve the foregoing technical problem, an embodiment of the present invention provides a method for controlling a DMVPN, including:
and when the main central node fails, the standby central node provides service for the branch nodes and/or the central nodes in the DMVPN network.
An embodiment of the present invention further provides a network device, including: the system comprises a first processor, a first memory and a first communication bus;
the first communication bus is used for realizing connection communication between the first processor and the first memory;
the first processor is configured to execute one or more computer programs stored in the first memory to implement the steps of the central node in a DMVPN control method.
An embodiment of the present invention further provides a network device, including: the second processor, the second memory and the second communication bus;
the second communication bus is used for realizing connection communication between the second processor and the second memory;
the second processor is configured to execute one or more computer programs stored in the second memory to implement the steps of the branch node in the DMVPN control method
An embodiment of the present invention further provides a storage medium, where the storage medium stores one or more computer programs, and the one or more computer programs are executable by one or more processors to implement the steps of the central node or the branch node in the DMVPN control method.
The invention has the beneficial effects that:
according to the DMVPN control method, the network equipment, the communication system and the storage medium provided by the embodiment of the invention, when the main central node fails, the standby central node provides services for the branch nodes and/or the central node in the DMVPN network, and in some implementation processes, after the main central node fails, the communication can be ensured through the standby central node, so that the stability of the DMVPN networking communication is improved.
Additional features and corresponding advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a flowchart of a DMVPN control method according to a first embodiment of the present invention;
fig. 2 is a flowchart of election of a main central node and a standby central node according to a first embodiment of the present invention;
fig. 3 is a detailed flowchart of a DMVPN control method according to a second embodiment of the present invention.
Fig. 4 is a schematic diagram of a DMVPN architecture according to a second embodiment of the present invention;
FIG. 5 is a diagram illustrating a packaging and encryption process according to a second embodiment of the present invention;
fig. 6 is a schematic structural diagram of a network device according to a fourth embodiment of the present invention;
fig. 7 is a schematic structural diagram of another network device according to a fourth embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention are described in detail below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The first embodiment is as follows:
in the prior art, after a central node in a DMVPN networking fails, communication is interrupted and a network is broken down, so that the reliability of DMVPN networking communication is reduced. In order to solve the problem, an embodiment of the present invention provides a DMVPN control method, and referring to fig. 1, fig. 1 is a flowchart of a DMVPN control method provided in an embodiment of the present invention, where the method includes:
s101, when the main central node fails, the standby central node provides service for branch nodes and/or central nodes in the DMVPN network.
In the embodiment of the present invention, the DMVPN networking includes at least two central nodes, where a node in a working state of a master central node is a master central node, and a node in a working state of a standby central node is a standby central node, and it should be noted that one central node may be the master central node or the standby central node based on a difference in working state. When the master central node is in a normal working state, the master central node is used for providing service for communication in the DMVPN networking, namely, the master central node is used for providing service for communication between branch nodes and/or central nodes in the DMVPN networking, and at the moment, the standby central node can be in an idle state in order to save resources. When the main central node fails, the main central node can not provide service for communication in the DMVPN networking any more, so that the standby central node provides service for communication in the DMVPN networking, namely the standby central node provides service for communication of branch nodes and/or central nodes in the DMVPN network, so that the DMVPN networking communication is ensured to be normal, and the reliability of the DMVPN networking communication is improved. It should be understood that the service provided for the communication in the DMVPN networking includes, but is not limited to, providing communication services such as forwarding of data, and whether the main central node or the standby central node, the object of providing the communication service includes, but is not limited to, a branch node, a central node, and the like.
In the embodiment of the invention, the main central node can send the keep-alive messages to the standby central node periodically. If the standby central node does not receive the message sent by the main central node within the preset time period, the failure of the main central node is judged, and the service is provided for the communication in the DMVPN network.
In the embodiment of the present invention, each central node may determine whether it is a main central node or a standby central node based on the configuration information. Or, each central node may further select a main central node and a standby central node based on a preset election rule, where the preset election rule includes, but is not limited to, that the address identifier of the main central node is greater than the address identifier of the standby central node, or that the address identifier of the main central node is smaller than the address identifier of the standby central node. For example, referring to fig. 2, when the preset election rule is that the address identifier of the main central node is greater than the address identifier of the standby central node, the election process of the main central node and the standby central node includes:
s201, the first central node sends an interaction message to the second central node.
In the embodiment of the invention, the first central node and the second central node are central nodes in the DMVPN networking and are not the same central node.
The first central node is an election initiator, and the first central node can determine that the first central node is the election initiator based on the received election initiation command, send an interaction message to the second central node, and start election of the main central node and the standby central node.
It should be noted that the interactive message and the subsequent interactive message both include information such as an address identifier of the sender. For example, if the first central node sends an interaction packet to the second central node, the first central node is a sender, and therefore the interaction packet includes the address identifier of the first central node. The Address identifier may be at least one of an IP Address (e.g., a direct interface Address, etc.), a mac (Media Access Control) Address (e.g., a device loopback Address, etc.), and the like. When the interactive message includes the device loopback address, the first central node and the second central node need to communicate with each other through an IGP (Interior Gateway Protocol) basic route, so as to ensure that the route is accessible.
S202, the second central node sends an interaction message to the first central node.
And after receiving the interactive message sent by the first central node, the second central node sends the interactive message to the first central node. It should be understood that the interactive message sent by the second central node to the first central node also includes the address identifier of the sender, where the sender of the interactive message is the second central node, and therefore includes the address identifier of the second central node.
S203, the first central node judges whether the address identifier of the local terminal is larger than the address identifier of the second central node.
If yes, turning to S204; if not, go to S206.
After receiving the interactive message sent by the second central node, the first central node extracts the address identifier of the second central node from the interactive message, compares the address identifier with the address identifier corresponding to the local terminal, judges whether the address identifier of the first central node is larger than the address identifier of the second central node, if yes, turns to S204; if not, go to S206. For example, assuming that the interaction message includes a direct connection port address, the first central node extracts the direct connection port address of the second central node from the interaction message sent to the first central node by the second central node, compares the direct connection port address of the local terminal with the direct connection port address of the second central node, and switches to S204 when the direct connection port address of the first central node is greater than the direct connection port address of the second central node; and S206 is switched to when the address of the direct connection port of the first central node is smaller than the address of the direct connection port of the second central node.
S204, the first central node sets the working state of the first central node as the working state of the main central node, and sends a confirmation message to the second central node.
When the address identifier of the first central node is greater than the address identifier of the second central node, the first central node sets the working state of the first central node to be the working state of the main central node, that is, at this time, the first central node is the main central node. And the first central node sends a confirmation message to the second central node. At least one of a group ID number of the sender, an address identifier, and the like may be included in the acknowledgement message, where the address identifier includes, but is not limited to, at least one of an IP address and a mac address (device address). That is, the acknowledgement message from the first hub node to the second hub node includes at least one of the group ID number, address identification, etc. of the first hub node.
S205, the second central node sets the working state of the second central node as the working state of the standby central node.
After receiving the acknowledgement message sent by the first central node, the second central node sets its own working state as the working state of the standby central node, that is, at this time, the second central node is the standby central node.
S206, the first central node sends the interaction message to the second central node.
When the address identifier of the first central node is smaller than the address identifier of the first central node, the first central node sends the interaction message to the second central node.
And S207, the second central node sets the working state as the working state of the main central node and sends a confirmation message to the first central node.
After receiving the interaction message, the second central node can directly set the working state of the second central node as the working state of the main central node, and sends a confirmation message to the first central node. Or, the second central node may also obtain the address identifier of the first central node from the interactive message sent by the first central node, compare the address identifier with the address identifier of the second central node, set the working state of the second central node to the working state of the main central node when the address identifier of the second central node is greater than the address identifier of the first central node, and send the confirmation message to the first central node. It should be noted that the sender of the acknowledgement packet is the second central node, and therefore, the sender may include at least one of a group ID number, an address identifier and the like of the second central node, where the address identifier includes, but is not limited to, at least one of an IP address, a mac address (device address) and the like.
S208, the first central node sets the working state as the working state of the standby central node.
After receiving the confirmation message sent by the second central node, the first central node sets the working state of the first central node as the standby central node, that is, at this time, the first central node is the standby central node.
In the embodiment of the present invention, the first central node and the second central node belong to the same networking, and therefore, it is necessary to determine whether the first central node and the second central node are in the same networking. Whether the first central node and the second central reception belong to the same networking can be judged based on whether the group ID numbers of the first central node and the second central node are consistent, and of course, whether the first central node and the second central reception belong to the same networking can also be judged based on other information. The determination process may be performed by the first central node or the second central node. For example, the interactive message in the election process may include a group ID number of the sender, and in S202, after receiving the interactive message sent by the first central node, the second central node extracts the group ID number of the first central node, compares the group ID number with its own group ID number, and sends the interactive message to the first central node if the group ID number of the first central node is consistent with the own group ID number. Or, in S203, after receiving the interaction packet sent by the second central node, the first central node extracts the group ID number of the second central node from the interaction packet, compares the group ID number with its own group ID number, and if the group ID number of the first central node is consistent with the own group ID number, determines whether the address identifier of the first central node is greater than the address identifier of the second central node, that is, when the group ID number of the first central node at the home terminal is consistent with the group ID number of the second central node and the address identifier of the home terminal is greater than the address identifier of the second central node, sets the working state as the working state of the main central node, and sends the confirmation packet to the second central node.
For the election process when the preset election rule is that the address identifier of the main central node is smaller than the address identifier of the standby central node, the above-mentioned election process when the preset election rule is that the address identifier of the main central node is larger than the address identifier of the standby central node may be referred to, and details are not repeated here.
In the embodiment of the invention, after the main central node or the standby central node is selected, if the identification information of the main central node or the standby central node changes, the central node with the changed identification information can be used as the first central node, and the election process of the main central node and the elected central node is restarted to re-determine the main central node and the standby central node. Wherein, the identification information may be at least one of an IP address, a group ID number, a mac address, etc. of the central node. For example, after the IP address of the main central node changes, the main central node may serve as a first central node to send an interaction packet to a second central node (a standby central node), so as to start an election process of the main central node and the standby central node, and re-determine the main central node and the standby central node.
In the embodiment of the invention, after the election of the main center node and the standby center node is completed, all branch nodes in the DMVPN network respectively send registration requests to the main center node and the standby center node to complete the registration on the main center node and the standby center node. After receiving a registration request sent by a branch node, a main center node updates an NHRP mapping table of the main center node based on the registration request; and after receiving the registration request sent by the branch node, the standby center node updates the NHRP mapping table of the standby center node based on the registration request. The NHRP mapping table comprises a mapping relation between a tunnel address and a next hop address.
In the embodiment of the present invention, the branch node may send registration requests to the main central node and the standby central node, respectively, based on the configured main/standby routing table and the NHRP main/standby mapping table. The main and standby route tables comprise routes of a main central node and routes of standby central nodes, and outlets of the main and standby routes point to tunnel interfaces of the main and standby central nodes respectively; the NHRP master-slave mapping table comprises a mapping relation between a tunnel address of a master central node and a next hop address and a mapping relation between a tunnel address of a slave central node and the next hop address. The active/standby routing tables may be implemented based on a static routing protocol (i.e., active/standby static routing tables) or based on a dynamic routing protocol (i.e., active/standby dynamic routing tables). The NHRP master/slave mapping table may be dynamic (i.e., the NHRP dynamic master/slave mapping table) or static (i.e., the NHRP static master/slave mapping table).
And after the main central node fails, the branch node communicates with the outside through the standby central node based on the configured standby routing table and the NHRP standby mapping table. That is, the branch node finds the route of the standby center node based on the main/standby route table, finds the next hop address corresponding to the center node based on the NHRP main/standby mapping table, encapsulates and encrypts the data, and sends the data to the standby center node.
In the embodiment of the present invention, the master/slave routing table and/or the NHRP master/slave mapping table may include switchback configuration information, where the switchback configuration information may include whether to switch back configuration information and/or switchback waiting time. After the main central node is recovered, the branch node may determine whether to switch back to the main central node based on the back-switch configuration information, that is, determine whether to switch back to communicate with the outside through the main central node from the current communication with the outside through the standby central node. If the master/slave routing table or the NHRP master/slave mapping table comprises the switching-back configuration information, and the switching-back configuration information is switching-back, the branch node is switched back to communicate with the outside through the master central node after the master central node is recovered; if the back-cut configuration information is that the back-cut is not performed, the branch nodes continue to communicate with the outside through the standby central node after the main central node is recovered. If the master-slave routing table and the NHRP master-slave mapping table both include the switching-back configuration information, when the switching-back configuration information in the master-slave routing table and the NHRP master-slave mapping table is switching-back, the branch node is switched back to communicate with the outside through the master central node after the master central node is recovered; in other cases, even if the main central node recovers, the branch node continues to communicate with the outside through the standby central node.
In the embodiment of the invention, if the back-cut configuration information does not include the back-cut waiting time, after the main central node is recovered, the branch node immediately performs back-cut when determining the back-cut based on whether the back-cut configuration information exists; if the back-off configuration information includes the back-off waiting time, after the main central node recovers, the branch node may determine the back-off time based on the back-off waiting time, that is, when determining that the back-off is required, the branch node waits for the back-off waiting time and then performs the back-off. The back-cut waiting time can be flexibly set according to actual needs, for example, set to 1 second, 10 seconds, and the like.
According to the DMVPN control method provided by the embodiment of the invention, when the main central node fails, the standby central node provides services for the branch nodes and/or the central nodes in the DMVPN network, and in some implementation processes, after the main central node fails, the communication can be ensured through the standby central node, so that the stability of the DMVPN networking communication is improved.
Example two:
for better understanding of the present invention, an embodiment of the present invention provides a DMVPN control method based on the first embodiment, please refer to fig. 3, where the method includes:
s301, the first central node receives an election initiating command.
In the embodiment of the invention, the DMVPN networking comprises two central nodes and n (n is an integer greater than or equal to 1) branch nodes, wherein the two central nodes are respectively a first central node and a second central node, and the first central node is connected with the second central node. After receiving the election initiating command, the first central node goes to S302.
S302, the first central node sends an interaction message to the second central node.
And after receiving the election initiating command, the first central node sends an interactive message to the second central node so as to start the election process of the main central node and the standby central node. Wherein, the interactive message includes the address identifier and the group ID number of the first central node. Wherein, the address identification is at least one of IP address, mac address and the like.
S303, the second central node sends the interaction message to the first central node.
And after receiving the interactive message sent by the first central node, the second central node sends the interactive message to the first central node, wherein the interactive message sent by the second central node comprises the address identifier and the group ID number of the second central node. The address identification is at least one of an IP address, a mac address, and the like. It should be noted that the address identifiers in each interactive message may be the same address identifier.
S304, the first central node judges whether the group ID number of the first central node is consistent with the group ID number of the second central node.
If yes, go to S305; if not, the process is ended
After receiving the interactive message sent by the second central node, the first central node extracts the group ID number and the address identifier of the second central node from the interactive message, compares the group ID number of the second central node with the group ID number of the first central node, and judges whether the group ID number and the address identifier are consistent. If yes, go to S305; if not, the process is finished.
S305, the first central node judges whether the address identification of the first central node is larger than the address identification of the second central node.
If yes, turning to S306; if not, go to S308.
When the group ID numbers of the first central node and the second central node are consistent, the first central node and the second central node belong to the same group network, the first central node continuously compares the address identification of the first central node with the address identification of the second central node, judges whether the address identification of the first central node is larger than the address identification of the second central node, and if yes, goes to S306; if not, go to S308. For example, if the interactive message includes a direct connection port address of the sender, determining whether the direct connection port address of the first central node is greater than the direct connection port address of the second central node, and if so, turning to S306; if not, go to S308.
S306, the first central node sets the working state as the working state of the main central node and sends a confirmation message to the second central node.
When the address identification of the first central node is larger than that of the second central node, the first central node sets the working state of the first central node as the working state of the main central node, provides communication service for the branch nodes and sends a confirmation message to the second central node. That is, at this time, the first center node is the master center node. The acknowledgement message includes the group ID number and the address identifier of the sender, that is, the acknowledgement message includes the group ID number and the address identifier of the first central node.
S307, the second central node sets the working state of the second central node as the working state of the standby central node.
After receiving the confirmation message sent by the first central node, the second central node sets the working state of the second central node as the working state of the standby central node, that is, the second central node is the standby central node.
S308, the first central node sends the interaction message to the second central node.
And when the address identifier of the first central node is smaller than the address identifier of the second central node, the first central node sends an interaction message to the second central node, wherein the interaction message comprises the address identifier and the group ID number of the first central node.
S309, the second central node compares the address identifications of the first central node and the second central node.
After receiving the interactive message sent by the first central node, the second central node extracts the address identifier of the first central node from the interactive message and compares the address identifier with the corresponding address identifier of the second central node.
And S310, when the address identification of the second central node is larger than that of the first central node, the second central node sets the working state as the working state of the main central node and sends a confirmation message to the first central node.
And when judging that the address identifier of the second central node is larger than that of the first central node, the second central node sets the working state of the second central node as the working state of the main central node and sends a confirmation message to the first central node. That is, at this time, the second center node is the master center node. The acknowledgement message here may include a group ID number and an address identifier of the second central node, where the address identifier is at least one of an IP address, a mac address, and the like.
S311, the first central node sets the working state of the first central node to be the working state of the standby central node.
After receiving the confirmation message sent by the second central node, the first central node sets the working state of the first central node to be the working state of the standby central node, that is, at this time, the first central node is the standby central node.
After the main central node and the standby central node are elected, if the information such as the IP address, the group ID number and the like of the main central node or the standby central node changes, the central node with the changed information is used as the first central node in the election process of S302-S311, the election process is initiated, and the main central node and the auxiliary central node are determined again.
S312, the main center node sends keep-alive messages to the standby center node periodically.
After the election of the main central node and the standby central node is completed, the main central node periodically sends keep-alive messages to the standby central node, for example, 3 keep-alive messages can be sent every period, the period can be set to 10 seconds, and one message is sent every 3 seconds.
S313, the branch node sends registration requests to the main central node and the standby central node based on the main and standby static routing tables and the NHRP static main and standby mapping tables.
After the main center node and the standby center node complete the election, the branch node sends registration requests to the main center node and the standby center node respectively based on the configured main and standby static routing tables and the NHRP static main and standby mapping tables, and registration on the main center node and the standby center node is completed. The NHRP static active-standby mapping table comprises a mapping relation between the tunnel address of the main central node and the next hop address and a mapping relation between the tunnel address of the standby central node and the next hop address.
And S314, the main central node and the standby central node update respective NHRP mapping tables based on the registration request.
After receiving the registration request sent by the branch node, the main central node updates its NHRP mapping table to store the information of the branch node. After receiving the registration request sent by the branch node, the standby center node updates its NHRP mapping table to store the information of the branch node. The NHRP mapping table includes a mapping relationship between a tunnel address and a next hop address.
S315, when the main center node fails, the standby center node provides communication service for the branch node based on the NHRP mapping table, and the branch node communicates with the outside through the standby center node based on the standby static routing table and the NHRP static standby mapping table.
In the embodiment of the invention, in a preset time period, if the standby central node does not receive the keep-alive message sent by the main central node, the main central node is judged to have a fault, the standby central node provides communication service for the branch node based on the NHRP mapping table stored by the standby central node, and the branch node communicates with the outside through the standby central node based on the main and standby static routing tables and the NHRP static main and standby mapping table. For example, if the main center node sends 3 keep-alive messages to the standby center node every period, and a period is 10 seconds, the preset time can be set to 10 seconds, and within 10 seconds, if the standby center node does not receive the keep-alive messages, the standby center node provides communication service for the branch nodes based on the NHRP mapping table stored by the standby center node.
And S316, after the main central node is recovered, the branch node determines whether to perform the back cut based on the back cut configuration information.
The main and standby static routing tables and the NHRP static main and standby mapping tables comprise switching-back configuration information, the switching-back configuration information comprises whether the switching-back configuration information exists, and after the main central node is recovered, the branch nodes communicate with the outside through the main central node again when the switching-back configuration information in the main and standby static routing tables and the NHRP static main and standby mapping tables is switched back.
For better understanding, an example is described herein. Referring to fig. 4, the DMVPN networking includes two central nodes and 2 branch nodes, which are a first central node 401 and a second central node 402, respectively, and the first central node 401 is connected to the second central node 402. The group ID numbers of the first central node 401 and the second central node 402 are the same, and the address of the direct connection port of the first central node 401 is greater than the address of the direct connection port of the second central node 402, so that the first central node 401 is a master central node, and the second central node 402 is a standby central node. The active/standby routing tables configured in the first branch node 403 and the second branch node 404 are shown in table 1, and include a GRE tunnel address and a network address of the main center node, a GRE tunnel address and a network address of the standby center node, and the NHRP static active/standby mapping table is shown in table 2, and includes an NBMA (Non-Broadcast multiple access ) address corresponding to the GRE tunnel address of the main center node 401, and an NBMA address corresponding to the GRE tunnel address of the standby center node 402. The branch node sends a registration request to the main center node 401 and the standby center node 402 respectively to complete registration based on the main and standby static routing tables and the NHRP static main and standby mapping tables, and after receiving the registration request, the main center node 401 and the standby center node 402 update their NHRP mapping tables, at this time, the NHRP mapping tables of the main center node 401 and the standby center node 402 are as shown in table 3, and include GRE tunnel addresses and corresponding NBMA addresses of the first branch node 403 and the second branch node 404. When the main central node normally works, the first branch node 403 and the second branch node 404 find the tunnel address of the main central node 401 from the main/standby routing table, search the static main/standby mapping table of the NHRP, perform next-hop analysis, then package and encrypt the data, and send the data to the main central node 401, and the main central node 401 processes the received data; when the main central node 401 sends a failure, the first branch node 403 and the second branch node 404 find the tunnel address of the standby central node 402 from the standby static routing table, search the NHRP static standby mapping table, perform next-hop resolution, then package and IPSEC encrypt the data, and send the data to the standby central node 402, and the standby central node 402 processes the received data. After the main central node 401 is recovered, the first branch node 403 and the second branch node 404 may communicate with the outside again based on the main central node based on the switchback configuration information in the main/standby static routing table and the NHRP static main/standby mapping table. The process of encapsulating and encrypting data can be seen in fig. 5.
TABLE 1
TABLE 2
TABLE 3
According to the DMVPN control method provided by the embodiment of the invention, when the main central node fails, the standby central node provides services for the branch nodes in the DMVPN network, and in some implementation processes, after the main central node fails, the standby central node can ensure communication, so that the stability of DMVPN networking communication is improved.
Example three;
the embodiment of the invention is based on the first embodiment and the second embodiment. A communication system is provided, comprising a main central node, a standby central node and a branch node, wherein the standby central node provides service for the central node and/or the branch node in the DMVPN network when the main central node fails.
In the embodiment of the present invention, the communication system includes at least two center nodes, where a node in the working state of the main center node is a main center node, and a node in the working state of the standby center node is a standby center node, and it should be noted that one center node may be the main center node or the standby center node based on the difference in the working state. When the master central node is in a normal working state, the master central node is used for providing service for communication in the DMVPN networking, namely, the master central node is used for providing service for communication between branch nodes and/or central nodes in the DMVPN networking, and at the moment, the standby central node can be in an idle state in order to save resources. When the main central node fails, the main central node can not provide service for communication in the DMVPN networking any more, so that the standby central node provides service for communication in the DMVPN networking, namely the standby central node provides service for communication of branch nodes and/or central nodes in the DMVPN network, so that the DMVPN networking communication is ensured to be normal, and the reliability of the DMVPN networking communication is improved. It should be understood that providing services for communications in a DMVPN networking includes, but is not limited to, providing communication services such as forwarding of data. It should be understood that the objects that provide communication services, whether the main central node or the standby central node, include, but are not limited to, branch nodes, central nodes, and the like.
In the embodiment of the invention, the main central node can send the keep-alive messages to the standby central node periodically. If the standby central node does not receive the message sent by the main central node within the preset time period, the failure of the main central node is judged, and the service is provided for the communication in the DMVPN network.
In the embodiment of the present invention, each central node may determine whether it is a main central node or a standby central node based on the configuration information. Or, each central node may further select a main central node and a standby central node based on a preset election rule, where the preset election rule includes, but is not limited to, that the address identifier of the main central node is greater than the address identifier of the standby central node, or that the address identifier of the main central node is smaller than the address identifier of the standby central node. When the preset election rule is that the address identifier of the main central node is greater than the address identifier of the standby central node, the election process of the main central node and the standby central node may refer to embodiment one, and details are not described here.
In the embodiment of the invention, after the main central node or the standby central node is selected, if the identification information of the main central node or the standby central node changes, the central node with the changed identification information can be used as the first central node, and the election process of the main central node and the elected central node is restarted to re-determine the main central node and the standby central node. Wherein, the identification information may be at least one of an IP address, a group ID number, a mac address, etc. of the central node. For example, after the main central node fails, the main central node may serve as a first central node to send an interaction packet to a second central node (a standby central node), so as to start an election process of the main central node and the standby central node, and re-determine the main central node and the standby central node.
In the embodiment of the invention, the communication system also comprises a branch node, and after the election of the main center node and the standby center node is completed, the branch node respectively sends registration requests to the main center node and the standby center node to complete the registration on the main center node and the standby center node. After receiving a registration request sent by a branch node, a main center node updates an NHRP mapping table of the main center node based on the registration request; and after receiving the registration request sent by the branch node, the standby center node updates the NHRP mapping table of the standby center node based on the registration request. The NHRP mapping table comprises a mapping relation between a tunnel address and a next hop address.
In the embodiment of the present invention, the branch node may send registration requests to the main central node and the standby central node, respectively, based on the configured main/standby routing table and the NHRP main/standby mapping table. The main and standby route tables comprise routes of a main central node and routes of standby central nodes, and outlets of the main and standby routes point to tunnel interfaces of the main and standby central nodes respectively; the NHRP master-slave mapping table comprises a mapping relation between a tunnel address of a master central node and a next hop address and a mapping relation between a tunnel address of a slave central node and the next hop address. The active/standby routing tables may be implemented based on a static routing protocol (i.e., active/standby static routing tables) or based on a dynamic routing protocol (i.e., active/standby dynamic routing tables). The NHRP master/slave mapping table may be dynamic (i.e., the NHRP dynamic master/slave mapping table) or static (i.e., the NHRP static master/slave mapping table).
And after the main central node fails, the branch node communicates with the outside through the standby central node based on the configured standby routing table and the NHRP standby mapping table. That is, the branch node finds the route of the standby center node based on the main/standby route table, finds the next hop address corresponding to the center node based on the NHRP main/standby mapping table, encapsulates and encrypts the data, and sends the data to the standby center node.
In the embodiment of the present invention, the master/slave routing table and/or the NHRP master/slave mapping table may include switchback configuration information, where the switchback configuration information may include whether to switch back configuration information and/or switchback waiting time. After the main central node is recovered, the branch node may determine whether to switch back to the main central node based on the back-switch configuration information, that is, determine whether to switch back to communicate with the outside through the main central node from the current communication with the outside through the standby central node. If the master/slave routing table or the NHRP master/slave mapping table comprises the switching-back configuration information, and the switching-back configuration information is switching-back, the branch node is switched back to communicate with the outside through the master central node after the master central node is recovered; if the back-cut configuration information is that the back-cut is not performed, the branch nodes continue to communicate with the outside through the standby central node after the main central node is recovered. If the master-slave routing table and the NHRP master-slave mapping table both include the switching-back configuration information, when the switching-back configuration information in the master-slave routing table and the NHRP master-slave mapping table is switching-back, the branch node is switched back to communicate with the outside through the master central node after the master central node is recovered; in other cases, even if the main central node recovers, the branch node continues to communicate with the outside through the standby central node.
In the embodiment of the invention, if the back-cut configuration information does not include the back-cut waiting time, after the main central node is recovered, the branch node immediately performs back-cut when determining the back-cut based on whether the back-cut configuration information exists; if the back-off configuration information includes the back-off waiting time, after the main central node recovers, the branch node may determine the back-off time based on the back-off waiting time, that is, when determining that the back-off is required, the branch node waits for the back-off waiting time and then performs the back-off. The back-cut waiting time can be flexibly set according to actual needs, for example, set to 1 second, 10 seconds, and the like.
According to the communication system provided by the embodiment of the invention, when the main central node fails, the standby central node provides services for the branch nodes and/or the central nodes in the DMVPN network, and in some implementation processes, after the main central node fails, the communication can be ensured through the standby central node, so that the stability of the DMVPN networking communication is improved.
Example four:
an embodiment of the present invention further provides a network device, please refer to fig. 6, including: a first processor 601, a first memory 602, and a first communication bus 603; the first communication bus 603 is used for realizing connection communication between the first processor 601 and the first memory 602; the first processor 601 is configured to execute one or more computer programs stored in the first memory 602 to implement at least one step of the central node in the DMVPN control method according to the first embodiment and the second embodiment. It should be noted that, according to different working states, a network device is a master center node device when in the master center node working state; when the standby center node is in the working state, the standby center node is standby center node equipment.
An embodiment of the present invention further provides a network device, please refer to fig. 7, including: a second processor 701, a second memory 702, and a second communication bus 703; the second communication bus 703 is used for realizing connection communication between the second processor 701 and the second memory 702; the second processor 701 is configured to execute one or more computer programs stored in the second memory 702 to implement at least one step of a branch node in the DMVPN control method according to the first embodiment and the second embodiment.
Embodiments of the present invention also provide a storage medium including volatile or nonvolatile, removable or non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, computer program modules or other data. Computer-readable storage media include, but are not limited to, RAM (Random Access Memory), ROM (Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), flash Memory or other Memory technology, CD-ROM (Compact disk Read-Only Memory), Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer.
The storage medium stores one or more computer programs, which are executable by one or more processors to implement the steps of the central node or the branch node in the DMVPN control method according to the first embodiment or the second embodiment.
According to the network equipment and the storage medium provided by the embodiment of the invention, when the main central node fails, the standby central node provides services for the branch nodes and/or the central nodes in the DMVPN network, and in some implementation processes, after the main central node fails, the communication can be ensured through the standby central node, so that the stability of the DMVPN networking communication is improved.
It will be apparent to those skilled in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software (which may be implemented in computer program code executable by a computing device), firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit.
In addition, communication media typically embodies computer readable instructions, data structures, computer program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to one of ordinary skill in the art. Thus, the present invention is not limited to any specific combination of hardware and software.
The foregoing is a more detailed description of embodiments of the present invention, and the present invention is not to be considered limited to such descriptions. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.
Claims (11)
1. A DMVPN control method of a dynamic multipoint virtual private network, the DMVPN control method comprises:
and when the main central node fails, the standby central node provides service for the branch nodes and/or the central nodes in the DMVPN network.
2. The DMVPN control method of claim 1, further comprising a master hub node and an alternate hub node election process, the master hub node and alternate hub node election process comprising:
the method comprises the steps that a first central node sends an interaction message comprising a home terminal address identifier to a second central node, wherein the address identifier comprises a direct interface address and/or a device loopback address;
after receiving the interactive message sent by the first central node, the second central node sends the interactive message including the home terminal address identifier to the first central node;
when the address identifier of the local end of the first central node is larger than the address identifier of the second central node, the first central node sets the working state as the working state of the main central node and sends a confirmation message to the second central node;
and after receiving the confirmation message sent by the first central node, the second central node sets the working state as the working state of the standby central node.
3. The DMVPN control method of claim 2, further comprising:
when the address identifier of the home terminal is smaller than the address identifier of the first central node, the first central node sends an interactive message including the address identifier of the home terminal to the second central node;
when the address identifier of the second central node is larger than that of the first central node, the second central node sets the working state as the working state of the main central node and sends a confirmation message to the first central node;
and after receiving the confirmation message sent by the first central node, the first central node sets the working state as the working state of the standby central node.
4. The DMVPN control method according to claim 2, wherein the interaction message further includes a group ID number of the sender;
the method further comprises the following steps:
the first central node extracts the address identification and the group ID number of the second central node from the interactive message sent by the second central node, and when the group ID number of the local end is consistent with the group ID number of the second central node and the address identification of the local end is larger than the address identification of the second central node, the working state is set to be the working state of the main central node, and a confirmation message is sent to the second central node.
5. The DMVPN control method of claim 2, further comprising:
and after the identification information of the main central node or the standby central node is changed, the central node with the changed identification information is used as the first central node to reselect the main central node and the standby central node, wherein the identification information comprises at least one of an IP address, a group ID number and a mac address.
6. The DMVPN control method of claim 1, further comprising:
the main central node sends keep-alive messages to the standby central node periodically;
and when the standby central node does not receive the keep-alive message within a preset time period, judging that the main central node fails, and providing service for branch nodes and/or central nodes in the DMVPN network.
7. The DMVPN control method according to any of the claims 1-6, further comprising:
the branch node sends registration requests to the main central node and the standby central node respectively based on a configured main and standby route table and an NHRP main and standby mapping table to complete registration on the main central node and the standby central node, wherein the main and standby route table comprises a route of the main central node and a route of the standby central node, and the NHRP main and standby mapping table comprises a mapping relation between a tunnel address of the main central node and a next hop address and a mapping relation between a tunnel address of the standby central node and the next hop address;
the main central node updates an NHRP mapping table of the main central node based on the registration request;
and the standby center node updates the NHRP mapping table of the standby center node based on the registration request.
8. The DMVPN control method according to claim 7, wherein the active-standby routing table and/or the NHRP active-standby mapping table includes a switch-back configuration information, and the switch-back configuration information includes a switch-back configuration information and/or a switch-back waiting time, and the method further includes:
after the main central node recovers, the branch node determines whether the back-cut is carried out by communicating with the outside through the standby central node or not to communicate with the outside through the main central node based on the back-cut configuration information, and determines the back-cut time based on the back-cut waiting time.
9. A network device, comprising: the system comprises a first processor, a first memory and a first communication bus;
the first communication bus is used for realizing connection communication between the first processor and the first memory;
the first processor is configured to execute one or more computer programs stored in the first memory to implement the steps of the central node in a DMVPN control method according to any of claims 1 to 8.
10. A network device, comprising: the second processor, the second memory and the second communication bus;
the second communication bus is used for realizing connection communication between the second processor and the second memory;
the second processor is configured to execute one or more computer programs stored in the second memory to implement the steps of the branch node in the DMVPN control method according to any of the claims 1 to 8.
11. A storage medium storing one or more computer programs executable by one or more processors to perform the steps of the central node or the branch nodes in a DMVPN control method according to any one of claims 1 to 8.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910691465.9A CN112311569A (en) | 2019-07-29 | 2019-07-29 | DMVPN control method, network device, communication system and storage medium |
| PCT/CN2020/093800 WO2021017619A1 (en) | 2019-07-29 | 2020-06-01 | Dmvpn control method, network device, communication system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910691465.9A CN112311569A (en) | 2019-07-29 | 2019-07-29 | DMVPN control method, network device, communication system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112311569A true CN112311569A (en) | 2021-02-02 |
Family
ID=74230006
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910691465.9A Pending CN112311569A (en) | 2019-07-29 | 2019-07-29 | DMVPN control method, network device, communication system and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112311569A (en) |
| WO (1) | WO2021017619A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113630276A (en) * | 2021-08-16 | 2021-11-09 | 迈普通信技术股份有限公司 | Main/standby switching control method and device and DVPN network system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102333075A (en) * | 2010-06-30 | 2012-01-25 | 丛林网络公司 | The many service VPN networking clients that dynamic fault shifts that have that are used for mobile device |
| US20160098327A1 (en) * | 2014-10-02 | 2016-04-07 | Cisco Technology, Inc. | Bypassing failed hub devices in hub-and-spoke telecommunication networks |
| CN106027313A (en) * | 2016-06-30 | 2016-10-12 | 上海携程商务有限公司 | Disaster tolerance system and method of network link based on VPN (Virtual Private Network) |
| CN108092889A (en) * | 2017-12-27 | 2018-05-29 | 上海地面通信息网络股份有限公司 | A kind of end-to-end multilink multinode Full automatic redundant route stand-by system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101106454A (en) * | 2007-08-17 | 2008-01-16 | 杭州华三通信技术有限公司 | Method and device for originating Internet secret key exchange and negotiation |
| US9319300B2 (en) * | 2008-12-09 | 2016-04-19 | Glue Networks, Inc. | Systems and methods for determining endpoint configurations for endpoints of a virtual private network (VPN) and deploying the configurations to the endpoints |
| US20180019976A1 (en) * | 2016-07-14 | 2018-01-18 | Intel Corporation | System, Apparatus And Method For Massively Scalable Dynamic Multipoint Virtual Private Network Using Group Encryption Keys |
-
2019
- 2019-07-29 CN CN201910691465.9A patent/CN112311569A/en active Pending
-
2020
- 2020-06-01 WO PCT/CN2020/093800 patent/WO2021017619A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102333075A (en) * | 2010-06-30 | 2012-01-25 | 丛林网络公司 | The many service VPN networking clients that dynamic fault shifts that have that are used for mobile device |
| US20160098327A1 (en) * | 2014-10-02 | 2016-04-07 | Cisco Technology, Inc. | Bypassing failed hub devices in hub-and-spoke telecommunication networks |
| CN106027313A (en) * | 2016-06-30 | 2016-10-12 | 上海携程商务有限公司 | Disaster tolerance system and method of network link based on VPN (Virtual Private Network) |
| CN108092889A (en) * | 2017-12-27 | 2018-05-29 | 上海地面通信息网络股份有限公司 | A kind of end-to-end multilink multinode Full automatic redundant route stand-by system |
Non-Patent Citations (1)
| Title |
|---|
| 陈遥;杜知名;: "双中心双云的DMVPN设计" * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113630276A (en) * | 2021-08-16 | 2021-11-09 | 迈普通信技术股份有限公司 | Main/standby switching control method and device and DVPN network system |
| CN113630276B (en) * | 2021-08-16 | 2024-04-09 | 迈普通信技术股份有限公司 | Main-standby switching control method and device and DVPN network system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021017619A1 (en) | 2021-02-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20240048472A1 (en) | System and method for next hop bgp routing in a network | |
| CN106936939B (en) | Message processing method, related device and NVO3 network system | |
| EP2109962B1 (en) | Triple-tier anycast addressing | |
| EP1763204B1 (en) | System and method for redundant switches taking into account learning bridge functionality | |
| EP2993838B1 (en) | Methods for setting a member identity of gateway device and corresponding management gateway devices | |
| US20200244485A1 (en) | Packet processing method, device, and system | |
| CN108718278B (en) | Message transmission method and device | |
| WO2021043086A1 (en) | Method, device and system for establishing sbfd session | |
| US20130198558A1 (en) | Dual Adjacency Between Edge Devices at a Network Site | |
| CN108600074B (en) | Method and device for forwarding multicast data message | |
| JP4946803B2 (en) | Packet relay method and apparatus | |
| CN108600069B (en) | Link switching method and device | |
| US11736393B2 (en) | Leveraging multicast listener discovery for discovering hosts | |
| CN108173757B (en) | Port state setting method and device | |
| CN113438174B (en) | Message forwarding method and device | |
| CN112422307A (en) | Method, equipment and system for coexistence of EVPN and VPLS | |
| EP4191966A1 (en) | Method and device for processing data message, storage medium, and electronic device | |
| CN113162779B (en) | Multi-cloud interconnection method and equipment | |
| CN115277305A (en) | Network management method, device, equipment and machine readable storage medium | |
| CN113489640B (en) | Message forwarding method, device and gateway system | |
| CN113615132A (en) | Fast flooding topology protection | |
| CN110391987B (en) | Method, apparatus and computer readable medium for selecting a designated forwarder from a carrier edge device set | |
| CN112311569A (en) | DMVPN control method, network device, communication system and storage medium | |
| EP3996334A1 (en) | Method and device for packet forwarding | |
| JP7103408B2 (en) | Multicast traffic transmission method, related equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |