CN112689032A - Data processing method, device and storage medium - Google Patents
Data processing method, device and storage medium Download PDFInfo
- Publication number
- CN112689032A CN112689032A CN202110256822.6A CN202110256822A CN112689032A CN 112689032 A CN112689032 A CN 112689032A CN 202110256822 A CN202110256822 A CN 202110256822A CN 112689032 A CN112689032 A CN 112689032A
- Authority
- CN
- China
- Prior art keywords
- mac address
- virtual mac
- subnet interface
- subnet
- data packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
A data processing method, equipment and storage medium, the method is applied to any one of a plurality of pieces of equipment which are backed up each other; the method comprises the following steps: when a subnet interface receives and/or sends a data packet, processing the data packet according to the effective virtual local area network address MAC address of the subnet interface in the current equipment; the virtual MAC address for which the subnet interface takes effect includes: the virtual MAC address of the subnet interface in the current equipment and the virtual MAC address of the subnet interface in the equipment taken over by the current equipment; one subnet interface has N different virtual MAC addresses, which are respectively used as the virtual MAC addresses of the subnet interfaces in N devices which are backups of each other; n is an integer greater than or equal to 2.
Description
Technical Field
The present disclosure relates to computer technology, and more particularly, to a data processing method, apparatus, and storage medium.
Background
At present, in a commonly used method for processing data with multiple machine MAC Address consistency, one is defined in VRRP (Virtual Router Redundancy Protocol), and one Virtual Router uses the same Virtual MAC (Media Access Control MAC Media Access Control Address) Address; the other method is that under the cluster environment, subnet interfaces with the same name on a plurality of devices use the same virtual MAC address.
Disclosure of Invention
The application provides a data processing method, equipment and a storage medium, which can realize that no matter the service on a subnet interface is taken over by any equipment in a plurality of equipment, only the virtual MAC address which takes effect by the subnet interface is used, thereby ensuring the consistency of the MAC addresses of a plurality of machines, reducing the expenses of network deployment and equipment configuration and improving the adaptability of the virtual MAC address in a more complex network environment.
The present disclosure provides a data processing method, which is applied to any one of a plurality of devices which are backed up with each other; the data processing method is characterized by comprising the following steps:
when a subnet interface receives and/or sends a data packet, processing the data packet according to the effective virtual local area network address MAC address of the subnet interface in the current equipment;
the virtual MAC address for which the subnet interface takes effect includes: the virtual MAC address of the subnet interface in the current equipment and the virtual MAC address of the subnet interface in the equipment taken over by the current equipment;
one subnet interface has N different virtual MAC addresses, which are respectively used as the virtual MAC addresses of the subnet interfaces in N devices which are backups of each other; n is an integer greater than or equal to 2.
In an exemplary embodiment, when taking over other devices, each subnet interface in the other devices respectively performs the following operations: and taking over the floating IP on the subnet interface, and adding the virtual MAC address corresponding to the floating IP into the virtual MAC address which is valid by the subnet interface in the current equipment.
In an exemplary embodiment, the virtual MAC address includes 6 bytes, the first and second bytes represent a private protocol number of the security device redundancy backup, the third byte represents an interface type, the fourth byte represents an interface ID, the fifth byte represents a device ID within the cluster, and the sixth byte represents a cluster ID.
In an exemplary embodiment, when a subnet interface receives and/or transmits a data packet, processing the data packet according to a virtual MAC address validated by the subnet interface in a current device includes:
when the subnet interface receives the data packet, judging whether the destination MAC address of the data packet is the same as the MAC address of the network card of the current equipment, and if so, submitting the data packet to a network layer for processing;
if not, judging whether the target MAC address is the same as the virtual MAC address which takes effect by the subnet interface in the current equipment, if so, submitting the data packet to a network layer for processing, and if not, discarding the data packet.
In an exemplary embodiment, when a subnet interface receives and/or transmits a data packet, processing the data packet according to a virtual MAC address validated by the subnet interface in a current device includes:
when a subnet interface needs to send a data packet, filling a link layer message header of the data packet to be sent;
and if the source IP address is the floating IP in the plurality of devices which are mutually backed up, replacing the source MAC address in the message header of the link layer with the virtual MAC address corresponding to the floating IP.
In an exemplary embodiment, the virtual MAC address corresponding to the floating IP is the virtual MAC address of the subnet interface where the floating IP is located in the device to which the floating IP is bound.
In an exemplary embodiment, a subnet interface has N different virtual MAC addresses belonging to a virtual MAC address group; the virtual MAC address group is generated at the time of registration of the subnet interface.
In an exemplary embodiment, the N virtual MAC addresses in a virtual MAC address group differ only in device identification.
The present disclosure also provides a data processing apparatus comprising a memory and a processor; the storage is used for storing a program for data processing, and the processor is used for reading and executing the program for data processing and executing the method in any one of the above embodiments.
The present disclosure also provides a storage medium having stored therein a program for data processing, the program being arranged to perform the method of any of the above embodiments when executed.
Compared with the prior art, the data processing method provided by the embodiment of the application is characterized in that on a plurality of devices which are mutually backed up, when a subnet interface receives and/or sends a data packet, the data packet is processed according to the effective virtual local area network address MAC address of the subnet interface in the current device; the virtual MAC address for which the subnet interface takes effect includes: the virtual MAC address of the subnet interface in the current equipment and the virtual MAC address of the subnet interface in the equipment taken over by the current equipment; one subnet interface has N different virtual MAC addresses, which are respectively used as the virtual MAC addresses of the subnet interfaces in N devices which are backups of each other; n is an integer greater than or equal to 2. According to the embodiment of the application, the virtual MAC address corresponding to the taken-over service can be directly used by the taken-over equipment when the failed equipment needs to take over the service on the plurality of pieces of equipment which are mutually backups. By adopting the data processing method, different virtual MAC addresses can be generated for each subnet interface of different equipment, and the service only uses the virtual MAC belonging to the interface no matter the current equipment subnet interface takes over by any one of a plurality of pieces of equipment which are backups of each other, so that the consistency of multi-machine MAC addresses is ensured, the expenses of network deployment and equipment configuration are reduced, and the adaptability of the virtual MAC in a more complex network environment is improved.
Other aspects will be apparent upon reading and understanding the attached drawings and detailed description.
Drawings
FIG. 1 is a flow chart of a data processing method according to an embodiment of the present application;
FIG. 2 is a flow diagram of virtual MAC identification in some example embodiments;
FIG. 3 is a flow diagram of virtual MAC replacement in some example embodiments;
FIG. 4 is a diagram of a virtual MAC address structure in some example embodiments;
fig. 5 is a flow diagram of automatic generation of a virtual MAC in some example embodiments.
Detailed Description
The present application describes embodiments, but the description is illustrative rather than limiting and it will be apparent to those of ordinary skill in the art that many more embodiments and implementations are possible within the scope of the embodiments described herein. Although many possible combinations of features are shown in the drawings and discussed in the detailed description, many other combinations of the disclosed features are possible. Any feature or element of any embodiment may be used in combination with or instead of any other feature or element in any other embodiment, unless expressly limited otherwise.
The present application includes and contemplates combinations of features and elements known to those of ordinary skill in the art. The embodiments, features and elements disclosed in this application may also be combined with any conventional features or elements to form a unique inventive concept as defined by the claims. Any feature or element of any embodiment may also be combined with features or elements from other inventive aspects to form yet another unique inventive aspect, as defined by the claims. Thus, it should be understood that any of the features shown and/or discussed in this application may be implemented alone or in any suitable combination. Accordingly, the embodiments are not limited except as by the appended claims and their equivalents. Furthermore, various modifications and changes may be made within the scope of the appended claims.
Further, in describing representative embodiments, the specification may have presented the method and/or process as a particular sequence of steps. However, to the extent that the method or process does not rely on the particular order of steps set forth herein, the method or process should not be limited to the particular sequence of steps described. Other orders of steps are possible as will be understood by those of ordinary skill in the art. Therefore, the particular order of the steps set forth in the specification should not be construed as limitations on the claims. Further, the claims directed to the method and/or process should not be limited to the performance of their steps in the order written, and one skilled in the art can readily appreciate that the sequences may be varied and still remain within the spirit and scope of the embodiments of the present application.
Currently, in a commonly used multi-machine MAC address consistency method, the VRRP protocol defines a master router and one or more backup routers as a virtual router. The master control router is responsible for ARP analysis and IP data packet forwarding, the backup router is in a standby state, when the master control router fails for some reason, the backup router can be upgraded to the master control router after instant time delay, and the switching is very quick and does not need to change IP addresses and MAC addresses, so that the system is transparent to the end user system.
A virtual router is based on a subnet interface, and includes a Virtual Router Identifier (VRID) and one or more virtual IP addresses, and virtual MAC addresses corresponding to the virtual IP addresses. A virtual router appears as a unique virtual MAC to the outside in the address format "00-00-5E-00-01- [ VRID ]", with VRIDs ranging from 0 to 255. The master control router is responsible for responding to the ARP request by using the virtual MAC; regardless of the handover, unique and consistent IP and MAC addresses are guaranteed to the terminal device, thereby reducing the impact of the handover on the terminal device.
In a cluster environment of a security device, there are generally two operating modes, a master-slave mode and a master-master mode. In the active/standby mode, all forwarding services are operated on the primary device, and the standby device does not process any forwarding service. When the main equipment fails, new main equipment is reselected from the cluster, the equipment takes over all forwarding services, and the original main equipment is switched into standby equipment; in the master mode, different forwarding services are respectively operated on multiple devices, and when one device fails, all forwarding services on the failed device are managed by the appointed other devices, and the failed device does not process any forwarding service any more. Each takeover forwarding traffic is based on a subnet interface that includes one or more floating IP addresses, which typically correspond to the next hop routes of the upstream and downstream switches, and virtual MAC addresses corresponding to the floating IPs. One subnet interface uses a plurality of virtual addresses, most security manufacturers can generate a virtual MAC for each subnet interface of the equipment, and all subnet interfaces with the same name on the security equipment which are backups of each other in the cluster can generate the same virtual MAC.
Aiming at the technical realization of virtual MAC in VRRP protocol, a virtual router presents a unique virtual MAC address to the outside, if a plurality of safety devices which do hot backup are switched in the whole state, a virtual router is required to be configured for each subnet interface of the safety devices, and the virtual router comprises a Virtual Router Identifier (VRID), one or more virtual IP addresses and one virtual MAC. This not only increases the complexity of the configuration and maintenance costs, but also makes it difficult to adapt to a complex network environment.
Aiming at the virtual MAC implementation mode of most security manufacturers in a cluster environment, each subnet interface generates a virtual MAC, and subnet interfaces with the same name on all security devices which are backups of each other in the cluster can generate the same virtual MAC.
The embodiment of the application provides a data processing method, which is applied to any one of a plurality of devices which are backed up with each other; as shown in fig. 1, the data processing method includes:
s110, when a subnet interface receives and/or sends a data packet, processing the data packet according to the effective virtual local area network address MAC address of the subnet interface in the current equipment;
the virtual MAC address for which the subnet interface takes effect includes: the virtual MAC address of the subnet interface in the current equipment and the virtual MAC address of the subnet interface in the equipment taken over by the current equipment;
one subnet interface has N different virtual MAC addresses, which are respectively used as the virtual MAC addresses of the subnet interfaces in N devices which are backups of each other; n is an integer greater than or equal to 2.
In this embodiment, because the virtual MAC addresses used by the same subnet interface in different devices are different, the virtual MAC addresses corresponding to the floating IP on the subnet interface in different devices are different, and the virtual MAC address corresponding to the floating IP is the virtual MAC address of the subnet interface in the bound device. That is, regardless of which device the floating IP is taken over by, the corresponding virtual MAC address remains unchanged.
In the embodiment of the application, a plurality of floating IPs can be provided on one subnet interface, and in the master-master mode, the services of the plurality of floating IPs are respectively processed in different devices, that is, different devices are respectively bound; for example, the subnet interface X has a floating IP1 and a floating IP2, the device 1 binds to the floating IP1 on the subnet interface X, and the device 2 binds to the floating IP2 on the subnet interface X. The binding relationship is not changed by taking over, such as device 2 failing, device 1 takes over device 2, that is, taking over floating IP2 on device 2, but floating IP2 is still bound to device 2.
In this embodiment, the data processing method further includes:
s120 (not shown in fig. 1), when taking over other devices, respectively performing the following operations on each subnet interface in the other devices: and taking over the floating IP on the subnet interface, and adding the virtual MAC address corresponding to the floating IP into the virtual MAC address which is valid by the subnet interface in the current equipment.
In this embodiment, when taking over other devices, there are two cases, one is to take over other devices for the first time, for example, for subnet interface X, one is that device 2 fails, device 1 takes over device 2, and VMAC2 also becomes the effective virtual MAC in device 1. Another case is that other devices are not taken over for the first time, such as device 2 fails, device 1 takes over device 2; when the device 1 also fails and the device 3 takes over the device 1, the device 3 does not only take over the VMAC1 in the failed device 1 but also the VMAC 2.
In some exemplary embodiments, the processing, when the subnet interface receives and/or transmits a data packet, the data packet according to the virtual MAC address validated by the subnet interface in the current device includes:
when the subnet interface receives the data packet, judging whether the destination MAC address of the data packet is the same as the MAC address of the network card of the current equipment, and if so, submitting the data packet to a network layer for processing;
if not, judging whether the target MAC address is the same as the virtual MAC address which takes effect by the subnet interface in the current equipment, if so, submitting the data packet to a network layer for processing, and if not, discarding the data packet.
In this embodiment, it is described below that, in this example, the data packet is processed according to the virtual MAC address valid for the subnet interface in the current device, and when the subnet interface receives the data packet, the working principle executed by the subnet interface is that a virtual MAC address comparison operation (i.e., a virtual MAC address identification process) is executed when the data packet is received, where the virtual MAC address identification process includes:
when the security device receives the data packet, it needs to check the link layer header, and if the destination MAC of the data packet is the same as any of the virtual MAC addresses of the ingress interface, the data packet should be handed over to the network layer for processing.
Taking a dual machine as an example, the virtual MAC identification process is shown in fig. 2, where a virtual MAC address generated on a subnet interface includes two virtual MACs; after the interface receives the packet, when checking the link layer message header, comparing whether the destination MAC and the network card MAC of the data packet are the same, if the destination MAC and the network card MAC are the same, considering the data packet as a local message, and uploading the local message to a network layer for processing; when the two are different, the target MAC of the data packet is compared with the virtual MAC which is currently in effect on the current equipment interface, and whether the two are the same or not is judged; when the two are different, the message is regarded as a non-local message and discarded; and when the target MAC of the data packet is the same as the virtual MAC which is currently in effect on the current equipment interface, the data packet is regarded as a local message and is handed to a network layer for processing.
For example: when the current device 1 and the peer device 2 both work in a normal state, at this time, if the destination MAC of the packet is the same as the VMAC1 on the subnet interface, the packet should continue to be handed over to the network layer for processing on the device 1. After a period of time, device 1 takes over the forwarding service of device 2 due to the failure of device 2. At this point, at device 1, if the destination MAC of the packet is the same as VMAC1 or VMAC2 on the subnet interface, the packet should continue to be handed over to the network layer for processing.
In some exemplary embodiments, the processing, when the subnet interface receives and/or transmits a data packet, the data packet according to the virtual MAC address validated by the subnet interface in the current device includes: when a subnet interface needs to send a data packet, filling a link layer message header of the data packet to be sent; and if the source IP address is the floating IP in the plurality of devices which are mutually backed up, replacing the source MAC address in the message header of the link layer with the virtual MAC address corresponding to the floating IP.
In some exemplary embodiments, the virtual MAC address corresponding to the floating IP is the virtual MAC address of the subnet interface where the floating IP is located in the device to which the floating IP is bound.
In this embodiment, the following describes an operation principle, that is, a virtual MAC replacement process, when a subnet interface needs to send a data packet, in this example, the data packet is processed according to a virtual MAC address valid in the current device, where the virtual MAC address replacement process includes:
when the security device sends out a data packet, the virtual MAC replacement flow is as shown in fig. 3: sending a data packet on an output interface, namely a subnet interface, and filling a link layer message header; judging whether the source IP address of the message is a floating IP in the hot standby group; when the IP address is a floating IP in the hot standby group, the source MAC address is replaced by a virtual MAC address; when the IP is not the floating IP in the hot standby group, the flow is ended. In this flow, in order to ensure that the floating IP on each device in the cluster always represents a unique and consistent IP and MAC address to the outside, the source MAC of the link layer header should not use the physical MAC address of the egress interface, but should be replaced with the virtual MAC that is currently in effect on the egress interface, i.e., in the subnet interface virtual MAC address group.
Taking a dual machine as an example, the virtual MAC address group generated on the outgoing interface, i.e. the subnet interface, includes two virtual MACs, and which one is used to replace the source MAC depends on which device the floating IP is bound to. The virtual MAC of the device interface bound to the floating IP itself is always replaced regardless of which device the floating IP is taken over by.
For example: floating IP1 is bound to the current device 1 and floating IP2 is bound to the peer device 2. The device 1 and the opposite terminal device 2 both work in a normal state, at this time, the source IP address sent out by the device 1 is a message of floating IP1, and the source MAC is replaced by VMAC 1; the source IP address sent on device 2 is a message of floating IP2, and the source MAC is replaced with VMAC 2. After a period of time, device 1 takes over floating IP2 due to device 2 failing. At this time, on device 1, if the originating message source IP address is floating IP1, then VMAC1 is used instead; if the source IP address of the message being sent is a floating IP2, then VMAC2 is used instead.
In this embodiment, the data processing method is adopted, so that different virtual MAC addresses can be generated for each subnet interface of different devices, and it can be ensured that no matter which device takes over the service on the subnet interface of the current device, the service only uses the virtual MAC belonging to the subnet interface, and no matter how the working state of multiple machines changes, the floating IP on each device in the cluster always presents a unique and consistent IP and MAC address to the outside.
In some exemplary embodiments, the virtual MAC address includes 6 bytes, the first and second bytes represent a private protocol number of the redundant backup of the security device, the third byte represents an interface type, the fourth byte represents an interface ID, the fifth byte represents a device ID within the cluster, and the sixth byte represents a cluster ID.
In this embodiment, the MAC address, i.e. the ethernet address or the physical address, is used to uniquely identify a network card in the network, and has a length of 48 bits (6 bytes), which is usually expressed as 12 16-ary numbers.
A method for consistency of multi-machine MAC address of safety equipment is disclosed, the structure of generated virtual MAC address is the same as standard MAC address, and the meaning of each byte is redefined. The first two bytes are the private protocol number of the redundant backup of the security device, the third byte represents the interface type, the fourth byte represents the interface ID, the fifth byte represents the device ID within the cluster, and the sixth byte represents the cluster ID.
The structure of the virtual MAC address is shown in fig. 4. The third byte and the fourth byte ensure the uniqueness of the virtual MAC address on the current equipment and ensure that the values of the two bytes are the same in the virtual MAC addresses generated by interfaces with the same name between backup equipment. And the sixth byte ensures that the virtual MAC addresses of the subnet interfaces with the same name on each device are different in the same cluster. The fifth byte ensures that virtual MAC addresses generated by equipment interfaces in different clusters are different under the condition that a plurality of clusters are deployed in the same network.
In some exemplary embodiments, the virtual MAC address corresponding to the floating IP is the virtual MAC address of the subnet interface where the floating IP is located in the device to which the floating IP is bound.
In some exemplary embodiments, a subnet interface has N different virtual MAC addresses belonging to a virtual MAC address group; the virtual MAC address group is generated at the time of registration of the subnet interface.
In some exemplary embodiments, the N virtual MAC addresses in one virtual MAC address group differ only in device identification.
In the embodiment of the application, a method for consistency of MAC addresses of multiple machines of security equipment is provided for a function of hot backup of the security equipment among the multiple machines in a cluster environment, and the method is used for reducing the technical scheme that the state switching of the security equipment in a cluster affects an upstream switch and a downstream switch.
In the embodiment of the application, the MAC address is used to uniquely mark a network card in the network. On multiple devices which are backed up with each other, subnet interfaces with the same name can generate a virtual MAC address group which comprises multiple different virtual MAC addresses. In the virtual MAC address group, one address belongs to the subnet interface on the current device, and other addresses respectively belong to interfaces with the same name on the backup device. Only the virtual MAC address belonging to the device itself is validated on each subnet interface.
The automatic generation process of the virtual MAC is described as an example, as shown in fig. 5: as shown in fig. 5, the virtual MAC is automatically generated, a private protocol number is filled, the ID of the card slot where the network card is located is filled, the ID of the network card is filled, the ID of the device in the HA hot backup group is filled, and the virtual MAC address generation is finished.
During the interface registration process, a plurality of virtual MAC addresses are automatically generated for each subnet interface, and the plurality of virtual MAC addresses can form a virtual MAC address group.
Taking a dual-machine example, a security device dual-machine hot-standby group includes two devices, so a virtual MAC address group generated on each subnet interface includes two virtual MACs, one is a virtual MAC of a current device interface, and the other is a virtual MAC of an interface with the same name of an opposite device. In the two virtual MACs, only "device IDs in a cluster" are different, and are respectively "1" and "2", and other bits are completely the same. For convenience of expression, the two virtual MACs are defined below as VMAC1 and VMAC2, respectively.
In the dual-computer hot-standby group, for the ARP request of the floating IP, no matter which device takes over the floating IP, the virtual MAC response of the interface on the device bound by the floating IP is always used, and the unique and consistent IP and MAC addresses are ensured to be provided for upstream and downstream devices.
For example: floating IP1 is bound to the current device 1 and floating IP2 is bound to the peer device 2. Device 1 takes over floating IP2 due to device 2 failing. At this time, on device 1, for floating IP1, VMAC1 is used to respond to ARP requests; for the floating IP2 to take over, VMAC2 must be used to respond to ARP requests. On device 2, neither the ARP requests of floating IP1 nor floating IP2 respond.
Compared with the existing virtual MAC technology, the present embodiment has the advantages of:
1. in the virtual MAC generating method of this embodiment, one MAC address is bound to one network card, but not to one virtual router, so that the virtual MAC in this embodiment can be generally applied to various network environments;
2. the virtual MAC generation method of this embodiment ensures that, in a cluster environment, the security device can use the virtual MAC even when operating in the master operating mode, and ensures that each forwarding service is expressed as a unique IP and MAC correspondence to the outside.
3. In this embodiment, the data packet is processed, and when the subnet interface needs to send the data packet, a virtual MAC replacement principle is adopted, so that the virtual MAC is not only used in the ARP response message, but also applicable to other messages sent by the device, which ensures that the floating IP of the device can support other devices that can be taken over to perform local services besides being used as the gateway next hop of the upstream and downstream switches.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
Claims (10)
1. A data processing method is applied to any one of a plurality of devices which are backed up with each other; the data processing method is characterized by comprising the following steps:
when a subnet interface receives and/or sends a data packet, processing the data packet according to the effective virtual media access control address MAC address of the subnet interface in the current equipment;
the virtual MAC address for which the subnet interface takes effect includes: the virtual MAC address of the subnet interface in the current equipment and the virtual MAC address of the subnet interface in the equipment taken over by the current equipment;
one subnet interface has N different virtual MAC addresses, which are respectively used as the virtual MAC addresses of the subnet interfaces in N devices which are backups of each other; n is an integer greater than or equal to 2.
2. The data processing method of claim 1, further comprising:
when taking over other devices, each subnet interface in the other devices respectively performs the following operations: and taking over the floating IP on the subnet interface, and adding the virtual MAC address corresponding to the floating IP into the virtual MAC address which is valid by the subnet interface in the current equipment.
3. The data processing method of claim 1,
the virtual MAC address comprises 6 bytes, the first and second bytes represent the private protocol number of the redundant backup of the security device, the third byte represents the interface type, the fourth byte represents the interface ID, the fifth byte represents the device ID in the cluster, and the sixth byte represents the cluster ID.
4. The data processing method according to claim 1, wherein the processing the data packet according to the virtual MAC address validated by the subnet interface in the current device when the subnet interface receives and/or transmits the data packet comprises:
when the subnet interface receives the data packet, judging whether the destination MAC address of the data packet is the same as the MAC address of the network card of the current equipment, and if so, submitting the data packet to a network layer for processing;
if not, judging whether the target MAC address is the same as the virtual MAC address which takes effect by the subnet interface in the current equipment, if so, submitting the data packet to a network layer for processing, and if not, discarding the data packet.
5. The data processing method according to claim 1, wherein the processing the data packet according to the virtual MAC address validated by the subnet interface in the current device when the subnet interface receives and/or transmits the data packet comprises:
when a subnet interface needs to send a data packet, filling a link layer message header of the data packet to be sent;
and if the source IP address is the floating IP in the plurality of devices which are mutually backed up, replacing the source MAC address in the message header of the link layer with the virtual MAC address corresponding to the floating IP.
6. The data processing method according to claim 2 or 5, characterized by:
the virtual MAC address corresponding to the floating IP is the virtual MAC address of the subnet interface of the floating IP in the device bound by the floating IP.
7. The data processing method according to claim 2 or 5, characterized by: one subnet interface has N different virtual MAC addresses belonging to one virtual MAC address group; the set of virtual MAC addresses is generated upon registration of the subnet interface.
8. The data processing method of claim 7, wherein: the N virtual MAC addresses in one virtual MAC address group differ only in device identification.
9. A data processing apparatus, the apparatus comprising a memory and a processor; wherein the memory is used for storing a program for data processing, and the processor is used for reading and executing the program for data processing to execute the method of any one of claims 1-8.
10. A storage medium, characterized in that a program for data processing is stored in the storage medium, which program is arranged to carry out the method of any one of claims 1-8 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110256822.6A CN112689032A (en) | 2021-03-10 | 2021-03-10 | Data processing method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110256822.6A CN112689032A (en) | 2021-03-10 | 2021-03-10 | Data processing method, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112689032A true CN112689032A (en) | 2021-04-20 |
Family
ID=75458314
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110256822.6A Pending CN112689032A (en) | 2021-03-10 | 2021-03-10 | Data processing method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112689032A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286884A (en) * | 2008-05-15 | 2008-10-15 | 杭州华三通信技术有限公司 | Method for implementing non-status multi-host backup and proxy gateway |
| US20100254255A1 (en) * | 2002-10-18 | 2010-10-07 | Foundry Networks, Inc. | Redundancy support for network address translation (nat) |
| CN102333027A (en) * | 2011-06-17 | 2012-01-25 | 杭州华三通信技术有限公司 | Traffic load sharing realization method based on virtual router redundancy protocol extend (VRRPE) backup group and realization apparatus thereof |
| CN104780097A (en) * | 2014-01-15 | 2015-07-15 | 中国联合网络通信集团有限公司 | Method for hot standby under non-fully-connected network topology condition and first router equipment |
| CN110572318A (en) * | 2019-09-29 | 2019-12-13 | 迈普通信技术股份有限公司 | Main/standby switching method and router |
-
2021
- 2021-03-10 CN CN202110256822.6A patent/CN112689032A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100254255A1 (en) * | 2002-10-18 | 2010-10-07 | Foundry Networks, Inc. | Redundancy support for network address translation (nat) |
| CN101286884A (en) * | 2008-05-15 | 2008-10-15 | 杭州华三通信技术有限公司 | Method for implementing non-status multi-host backup and proxy gateway |
| CN102333027A (en) * | 2011-06-17 | 2012-01-25 | 杭州华三通信技术有限公司 | Traffic load sharing realization method based on virtual router redundancy protocol extend (VRRPE) backup group and realization apparatus thereof |
| CN104780097A (en) * | 2014-01-15 | 2015-07-15 | 中国联合网络通信集团有限公司 | Method for hot standby under non-fully-connected network topology condition and first router equipment |
| CN110572318A (en) * | 2019-09-29 | 2019-12-13 | 迈普通信技术股份有限公司 | Main/standby switching method and router |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7358538B2 (en) | Methods and network devices for forwarding packets | |
| US20210084009A1 (en) | Route generation method and device | |
| EP2109962B1 (en) | Triple-tier anycast addressing | |
| EP1798895B1 (en) | A method and network element for forwarding data | |
| EP3694145B1 (en) | Method and device for sending messages | |
| EP2870737A1 (en) | Packet forwarding optimization with virtual machine mobility | |
| JP2006020318A (en) | Method and device for providing quick end-to-end fail-over in a packet-switching communication network | |
| US7801150B1 (en) | Multiple media access control (MAC) addresses | |
| CN1965540A (en) | Method and apparatus for detecting support for a protocol defining supplemental headers | |
| WO2018166308A1 (en) | Distributed nat dual-system hot backup traffic switching system and method | |
| CN110011941B (en) | Message forwarding method and device | |
| JP4405941B2 (en) | Line redundancy method and relay apparatus used therefor | |
| CN112152920B (en) | Method and device for realizing table entry backup | |
| EP4020904B1 (en) | Packet transmission method, device, and system | |
| EP4020905A1 (en) | Packet transmission method, device, and system | |
| CN104243304A (en) | Data processing method, device and system of locally-connected topological structure | |
| CN115051947B (en) | Communication state switching method, port configuration method, communication system and medium | |
| CN112689032A (en) | Data processing method, device and storage medium | |
| KR100775768B1 (en) | VRRP Router and Switchover Method Between VRRP Routers | |
| US20220400075A1 (en) | Failure detection and mitigation in an mc-lag environment | |
| CN112737946B (en) | Route advertising method, device, storage medium and system for IPv6 network | |
| CN113973072A (en) | Message sending method, equipment and system | |
| US8327016B1 (en) | Device communications over unnumbered interfaces | |
| US20230037171A1 (en) | Stateful management of state information across edge gateways | |
| CN111835544A (en) | Monitoring method and system of virtual router based on user mode protocol stack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210420 |