CN112702254A - Message processing method and device and electronic equipment - Google Patents
Message processing method and device and electronic equipment Download PDFInfo
- Publication number
- CN112702254A CN112702254A CN202011514634.0A CN202011514634A CN112702254A CN 112702254 A CN112702254 A CN 112702254A CN 202011514634 A CN202011514634 A CN 202011514634A CN 112702254 A CN112702254 A CN 112702254A
- Authority
- CN
- China
- Prior art keywords
- message
- forwarded
- identifier
- scl
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
Abstract
The application provides a message processing method, a message processing device and electronic equipment, and relates to the technical field of communication. The method matches the identifier corresponding to the message through the ACL list item, so that VXLAN tunnel information can be indirectly matched through the matching identifier, and the aim of correspondingly processing the message by utilizing the ACL list item can be fulfilled.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for processing a packet, and an electronic device.
Background
The rise of cloud computing has promoted the development of Network virtualization, and a series of new technologies are generated, wherein Virtual eXtensible Local Area Network (VXLAN) is the most widely used Network virtualization technology in the current cloud computing data center Network.
VXLAN adopts MAC in UDP method to encapsulate, encapsulate VXLAN head and complete UDP head outside the load Ethernet message, the encapsulated UDP head contains IP head, can pass through the route and forward on the existing IP network, have realized the ability of the three-layer network of two-layer network overlay (overlay).
In the prior art, some processing on a message by using an Access Control List (ACL) is a common means, but for traffic entering a VXLAN network, the ACL cannot be matched with related information of the VXLAN network, because the ACL cannot be matched with the information before encapsulation or after decapsulation in the process of encapsulating or decapsulating the message, and thus the ACL cannot be matched with the information, and further cannot correspondingly process the part of the message through the ACL.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method and an apparatus for processing a message, and an electronic device, so as to solve the problem that in the prior art, an ACL cannot be matched with these pieces of information, and thus the ACL cannot perform corresponding processing on the part of the message.
In a first aspect, an embodiment of the present application provides a message processing method, which is applied to a VTEP device in a VXLAN network, and the method includes:
acquiring an identifier corresponding to a message to be forwarded, wherein the identifier is used for representing VXLAN tunnel information corresponding to the message to be forwarded, and the message to be forwarded is a message to be encapsulated or a decapsulated message;
searching an ACL table item matched with the identifier in a pre-configured ACL;
and executing corresponding actions in the matched ACL list items on the message to be forwarded.
In the implementation process, the identifier corresponding to the message is matched through the ACL, so that VXLAN tunnel information can be indirectly matched through the matching identifier, and the aim of correspondingly processing the message by using the ACL can be fulfilled.
Optionally, the identifier is used for marking the message to be forwarded according to a service classification list SCL entry. Therefore, the message can be rapidly marked by utilizing the SCL table entry, so that the VXLAN tunnel information can be matched through the ACL table entry without changing the processing logic of the switching chip.
Optionally, when the packet to be forwarded is a packet to be encapsulated, before the obtaining the identifier corresponding to the packet to be forwarded, the method further includes:
acquiring message information of the message to be forwarded;
searching an SCL table item matched with the message information in a preconfigured SCL;
and executing a corresponding target action in the matched SCL table item on the message to be forwarded, wherein the target action is used for marking the corresponding identifier for the message to be forwarded.
In the implementation process, before the message is encapsulated, the identifier corresponding to the message mark is used for representing the VXLAN tunnel information encapsulated by the message by using the SCL table entry, so that the ACL table entry can indirectly match the VXLAN tunnel information by matching the identifier under the condition of not changing the existing processing flow of the switching chip, and the aim of correspondingly processing the message by using the ACL table entry can be fulfilled.
Optionally, the matched SCL entry includes a message receiving port number and a VLAN identifier. Therefore, the matching of the messages can be conveniently realized, and the messages are correspondingly marked.
Optionally, when the packet to be forwarded is a decapsulated packet, before the obtaining the identifier corresponding to the packet to be forwarded, the method further includes:
acquiring message information of an original message before decapsulation corresponding to the message to be forwarded, wherein the message information comprises VXLAN tunnel information for transmitting the original message;
searching an SCL table item matched with the message information in a preconfigured SCL;
executing a corresponding target action in the matched SCL table item on the original message, wherein the target action is used for marking the corresponding identifier for the message to be forwarded;
and de-encapsulating the original message to obtain the message to be forwarded.
In the implementation process, before the message is decapsulated, the identifier corresponding to the message tag is used for representing the VXLAN tunnel information encapsulated by the message by using the SCL table entry, so that the ACL table entry can indirectly match the VXLAN tunnel information by matching the identifier without changing the existing processing flow of the switch chip, and the purpose of correspondingly processing the message through the ACL table entry can be realized.
Optionally, the matched SCL entry includes VXLAN tunnel information. Therefore, the VXLAN tunnel information can be accurately matched.
Optionally, when the VXLAN tunnel information includes at least two, the identifier includes a plurality of segments, each segment includes a plurality of bits, and the values of different segments are used to represent different VXLAN tunnel information; and/or the VXLAN tunnel information comprises at least one of a virtual forwarding and routing (VRF), a VNI identification and a tunnel IP address; and/or the corresponding action comprises one of: statistics, QoS, mirroring, drop, pass, redirect.
Optionally, when the corresponding action is the statistics, the method further includes:
obtaining a statistical result; and troubleshooting the transmission process of the message according to the statistical result. Therefore, troubleshooting can be realized according to the statistical result, and troubleshooting means are enriched.
In a second aspect, an embodiment of the present application provides a message processing apparatus, which operates in a VTEP device in a VXLAN network, and the apparatus includes:
the device comprises an identification acquisition module, a forwarding module and a forwarding module, wherein the identification acquisition module is used for acquiring an identification corresponding to a message to be forwarded, the identification is used for representing VXLAN tunnel information corresponding to the message to be forwarded, and the message to be forwarded is a message to be encapsulated or a decapsulated message;
the ACL matching module is used for searching an ACL table item matched with the identifier in a preconfigured access control list ACL;
and the message processing module is used for executing corresponding actions in the matched ACL list items on the message to be forwarded.
Optionally, the identifier is used for marking the message to be forwarded according to a service classification list SCL entry.
Optionally, when the packet to be forwarded is a packet to be encapsulated, the apparatus further includes:
a message information obtaining module, configured to obtain message information of the message to be forwarded;
an SCL matching module, configured to search, in a preconfigured SCL, an SCL table entry matching the message information;
and the message marking module is used for executing a corresponding target action in the matched SCL table item on the message to be forwarded, wherein the target action is used for marking the identifier corresponding to the message to be forwarded.
Optionally, the matched SCL entry includes a message receiving port number and a VLAN identifier.
Optionally, when the packet to be forwarded is a decapsulated packet, the apparatus further includes:
a message information obtaining module, configured to obtain message information of an original message before decapsulation corresponding to the message to be forwarded, where the message information includes VXLAN tunnel information for transmitting the original message;
an SCL matching module, configured to search, in a preconfigured SCL, an SCL table entry matching the message information;
a message marking module, configured to execute a corresponding target action in the matched SCL table entry on the original message, where the target action is used to mark the identifier corresponding to the message to be forwarded;
and the decapsulation module is used for decapsulating the original message to obtain the message to be forwarded.
Optionally, the matched SCL entry includes VXLAN tunnel information.
Optionally, when the VXLAN tunnel information includes at least two, the identifier includes a plurality of segments, each segment includes a plurality of bits, and the values of different segments are used to represent different VXLAN tunnel information; and/or the VXLAN tunnel information comprises at least one of a virtual forwarding and routing (VRF), a VNI identification and a tunnel IP address; and/or the target action comprises one of: statistics, QoS, mirroring, drop, pass, redirect.
Optionally, when the target action is the statistic, the apparatus further includes:
the troubleshooting module is used for acquiring a statistical result; and troubleshooting the transmission process of the message according to the statistical result.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor and a memory, where the memory stores computer-readable instructions, and when the computer-readable instructions are executed by the processor, the steps in the method as provided in the first aspect are executed.
In a fourth aspect, embodiments of the present application provide a readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, performs the steps in the method as provided in the first aspect.
Additional features and advantages of the present application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the present application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic diagram of a VXLAN message format according to an embodiment of the present application;
fig. 2 is a schematic diagram of a part of a related process flow in a processing flow of a switch chip according to an embodiment of the present application;
fig. 3 is a flowchart of a message processing method according to an embodiment of the present application;
fig. 4 is a block diagram of a structure of a message processing apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device for executing a message processing method according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
The process flow of the message encapsulation processing of the exchange chip is that the message is encapsulated after the Service Classification List (SCL) matching and the ACL matching are firstly carried out on the message; the decapsulation processing of the message is to perform SCL matching on the message, then perform ACL matching after decapsulating the message, and in this case, the ACL cannot be matched to the relevant tunnel information forwarded by the message (a combination of a source IP address and a destination IP address represents one tunnel information and can indicate a path and a direction of a flow, and after the source IP address and the destination IP address are exchanged, another tunnel information is represented due to different directions), so that the corresponding processing of such a message by the ACL cannot be performed.
Therefore, in order to solve the above problem, an embodiment of the present application provides a message processing method, where an identifier corresponding to a message to be encapsulated or decapsulated is matched by an ACL, and since the identifier is used to characterize VXLAN tunnel information of the message, matching the corresponding identifier by the ACL may match the VXLAN tunnel information, so as to implement processing on such a message through the ACL.
Before the embodiments of the present application are described, a brief description of a VXLAN network will be provided.
In the VXLAN network, a message is encapsulated by adopting an MAC in UDP method, a VXLAN header and a complete UDP header are encapsulated outside a load ethernet message, the encapsulated UDP header includes an IP header and can be forwarded through a route on the existing IP network, so that the capability of a two-layer network to cover a three-layer network is realized, and the format of the VXLAN message is shown in fig. 1. VXLAN Tunnel End Point (VTEP) equipment is used as a Tunnel End Point in a VXLAN network to complete encapsulation and decapsulation of a packet, for convenience of description, the VTEP equipment is called as access equipment, a switching chip in the access equipment executes a packet processing method, other equipment in the VXLAN network is called as intermediate equipment, an interface where the access equipment is connected with a server is called as an ingress interface, and an interface where the access equipment is connected with the intermediate equipment is called as a Tunnel portal.
The packet encapsulation refers to a process of encapsulating the VXLAN header by an encapsulation rule when a payload ethernet packet enters from an access port of the access device, and the decapsulation refers to a process of stripping the VXLAN header by a decapsulation rule when the packet enters from a tunnel port of the access device. In the processing process of the switching chip, the processing flow of the ACL table is before encapsulation, and after the decapsulation flow, the encapsulation actually edits the message at the outlet, so the ACL does not analyze the VXLAN header information of the encapsulated message, thereby causing that the traffic ACL entering the access device cannot be matched with the related information of the VXLAN network.
Part of the related flow in the processing flow of the switch chip is shown in fig. 2, the decapsulation and encapsulation rule processing is the same as the SCL processing position, the encapsulation message editing is completed in the subsequent flow, and the decapsulation message editing is performed after SCL matching.
Referring to fig. 3, fig. 3 is a flowchart of a message processing method according to an embodiment of the present application, where the method is applied to a VTEP device in a VXLAN network, and the method includes the following steps:
step S110: and acquiring an identifier corresponding to the message to be forwarded, wherein the identifier is used for representing VXLAN tunnel information corresponding to the message to be forwarded.
If the message to be forwarded is a message received from the ingress interface, the message needs to be sent out from the tunnel port and then forwarded out through the tunnel, at this time, the message to be forwarded is a message to be encapsulated, and the message to be forwarded needs to be encapsulated before forwarding, for example, VXLAN tunnel information is encapsulated, and the VXLAN tunnel information includes information such as an IP header, a UDP header, and a VXLAN header. And if the message to be forwarded is a message with VXLAN encapsulation received from a tunnel port of the VTEP equipment, before ACL matching is carried out, carrying out decapsulation processing on the message to obtain the decapsulated message.
In some embodiments, the identifier marks the packet to be forwarded according to the SCL entry, and the identifier may represent the VXLAN tunnel related information of the packet to be forwarded. Because the SCL table item can identify the message characteristics, the message is quickly marked by using the SCL table item, so that the information matched with the VXLAN tunnel through the ACL table item can be realized without changing the processing logic of the switching chip.
Step S120: and searching an ACL table item matched with the identifier in a pre-configured ACL.
Because the identifier represents the related information of the VXLAN tunnel of the message to be forwarded, the ACL matching identifier is equal to the related information of the VXLAN tunnel matched with the message to be forwarded, namely, the VXLAN tunnel message is identified through the ACL.
Step S130: and executing corresponding actions in the matched ACL list items on the message to be forwarded.
And the action item of the ACL table item is used for indicating that corresponding action is executed when the message is matched with the ACL table item. The corresponding action may be set according to actual requirements, if the number of the packets to be forwarded needs to be counted, the corresponding action may be counted, and if the identifier matches with a certain ACL entry, 1 may be added to the original number counted. The corresponding action can also be discarding, passing, redirecting, QoS, mirroring, etc., and if the identifier matches with a certain ACL entry, the corresponding discarding, passing, redirecting, QoS, mirroring, etc. action in the ACL entry is executed for the message to be forwarded.
In some embodiments, after performing the corresponding statistical action on the packet by matching the ACL entries, troubleshooting can be performed on the transmission process of the packet based on the statistical result. For example, after a period of time, a statistical result for the to-be-forwarded messages is obtained, where the statistical result may be the number of received to-be-forwarded messages, when troubleshooting is performed, the statistical result may be compared with the number of messages sent by the server, and if the statistical number in the statistical result is smaller than the number of messages, it is determined that there may be a failure in data transmission between the server and the VTEP device, or sometimes network transmission is unstable, so that the VTEP device does not receive the messages sent by the server.
It should be noted that the message to be forwarded is one of the messages, and other messages that need to be encapsulated can be processed according to the above steps, so that matching of the ACL to the tunnel information of the message can be realized, and the message is correspondingly processed based on the tunnel information.
In the implementation process, the identifier corresponding to the message is matched through the ACL, so that VXLAN tunnel information can be indirectly matched through the matching identifier, and the aim of correspondingly processing the message by using the ACL can be fulfilled.
In some embodiments, in order to implement matching of ACL to VXLAN tunnel information without changing the existing processing flow of the switch chip, when the message to be forwarded is a message to be encapsulated, the identifier corresponding to the tag of the message to be forwarded may be marked by an SCL before the identifier corresponding to the message to be forwarded is acquired, and the implementation process thereof is as follows:
acquiring message information of a message to be forwarded;
searching an SCL table item matched with the message information in a preconfigured SCL;
and executing a corresponding target action in the matched SCL table item on the message to be forwarded, wherein the target action is used for marking a corresponding identifier for the message to be forwarded.
The message information may include information such as an MAC address, a port address, and a destination MAC address of the message to be forwarded, and the message information may also be information for distinguishing each different message.
After receiving the message to be forwarded, the VTEP device may analyze the message to be forwarded to obtain message information carried in the message to be forwarded.
The SCL is similar to the ACL, but in the processing flow of the switch chip, the SCL matching is performed first, and then the ACL matching is performed. The SCL may also include a match item and an action item. And the VTEP equipment also stores an encapsulation rule table and a decapsulation rule table, which are used for the VTEP equipment to encapsulate or decapsulate the message, wherein the encapsulation rule table stores corresponding encapsulation information, and the decapsulation rule table also stores corresponding decapsulation information. When configuring the SCL table, the information to be encapsulated and the information to be decapsulated may be used as matching items in the SCL table, so that after obtaining the message information, the message information may be matched with the message information to be matched in the matching items in the SCL table.
The action item included in the SCL entry is used to indicate the identifier corresponding to the message tag matched with the matching item, and the identifier is used to represent the VXLAN tunnel information of the message to be forwarded, i.e. the encapsulation information of the message to be forwarded. Therefore, the identifier can be used for representing the VXLAN tunnel information of the message, so that the VXLAN tunnel information can be matched equivalently through the matching identifier when the subsequent matching is carried out through the ACL table.
When the message information matches the message information to be matched in the matching item in the SCL table, the message to be forwarded is marked with the identifier indicated in the matched SCL table, for example, which VXLAN tunnel information corresponds to which identifier can be preset when the SCL table is configured, so that according to requirements, if the message of which VXLAN tunnel information needs to be processed, the target action in the action item in the SCL table is configured according to the corresponding identifier, so that the target action can be used as the identifier corresponding to the message to be forwarded.
It should be noted that, in the present application, the action of marking the identifier corresponding to the to-be-forwarded message is not to modify the to-be-forwarded message so that the to-be-forwarded message carries the identifier, but is equivalent to marking an internal chip processing identifier for the to-be-forwarded message, so that when the ACL matches the to-be-forwarded message, the ACL matches the internal chip processing identifier corresponding to the to-be-forwarded message.
If the target action is other actions except discarding, that is, the message to be forwarded can be forwarded normally, the message to be forwarded can be encapsulated after the corresponding target action is executed on the message to be forwarded, that is, VXLAN tunnel information is encapsulated in the message to be forwarded to obtain an encapsulated message, and then the encapsulated message is transmitted through a corresponding tunnel.
In the implementation process, before the message is encapsulated, the identifier corresponding to the message mark by using the SCL table entry is used for representing the VXLAN tunnel information corresponding to the message and the encapsulation, so that the ACL table entry can be indirectly matched with the VXLAN tunnel information through the matching identifier under the condition of not changing the existing processing flow of the switching chip, and the aim of correspondingly processing the message by using the ACL table entry can be achieved.
In some embodiments, when the SCL entry is matched, the matching is performed on the inner layer in the message to be forwarded, so that before the message to be forwarded is encapsulated, the message information included in the message to be forwarded includes a message receiving port number and a VLAN identifier.
For example, if an encapsulation rule has been configured in the VTEP device and indicates that the VNI 100 is encapsulated as a packet with VLAN10, when the VTEP device receives an instruction that needs to count the flow of the VNI 100, the VTEP device may first query whether the VNI 100 has a corresponding identifier, if so, configure the corresponding SCL entry according to the identifier, and if not, allocate the corresponding identifier to the VNI 100 and then configure the SCL entry. If the VTEP device has only one ingress interface, a SCL entry may be issued, and the content in the matching entry is the port number (i.e., the message receiving port number) of the ingress interface and the VLAN10, so that the messages received from the ingress interface may be matched, and then the matched messages are marked with the corresponding identifiers.
In other embodiments, when the message to be forwarded is a decapsulated message, the identifier corresponding to the message to be forwarded may be marked by an SCL table entry before the identifier corresponding to the message to be forwarded is acquired, and the implementation process is as follows:
acquiring message information of an original message before decapsulation corresponding to the message to be forwarded, wherein the message information comprises VXLAN tunnel information for transmitting the original message;
searching an SCL table item matched with the message information in a preconfigured SCL;
executing a corresponding target action in the matched SCL table item on the original message, wherein the target action is used for marking the corresponding identifier for the message to be forwarded;
and de-encapsulating the original message to obtain the message to be forwarded.
The matching of the SCL in the decapsulation process is similar to the matching of the SCL in the encapsulation process, where the original message is a message acquired by the VTEP equipment from the tunnel portal, and the message acquired from the tunnel portal is a encapsulated message encapsulated with VXLAN tunnel information, that is, the original message is a message transmitted from a tunnel corresponding to the VXLAN tunnel information.
After obtaining the original message, the VTEP device parses the original message to obtain message information therein, where the message information may include information carried by the original message itself, that is, inner layer information before encapsulation.
In the decapsulation process, the processing logic of the switch chip performs SCL matching first, then decapsulates, and then performs ACL matching, so that in order to enable ACL to match the encapsulation information of a message, the SCL table entry further includes an action item, and a target action in the action item is used to indicate an identifier corresponding to a label of a message (when the message is labeled, the original message may be labeled, and after the original message is decapsulated, the identifier is equivalent to the identifier labeled for the message to be forwarded) matched with the matching item.
In addition, the decapsulation operation means removing the encapsulation header carried by the original message, that is, removing the outer layer information of the message, so that the encapsulation information of the message cannot be matched with the subsequent ACL entry, and therefore, after the message to be forwarded is marked, the subsequent ACL entry can be matched with the encapsulation information through the matching identifier.
In the implementation process, before the message is decapsulated, the identifier corresponding to the message tag is used for representing the VXLAN tunnel information encapsulated by the message by using the SCL table entry, so that the ACL table entry can indirectly match the VXLAN tunnel information by matching the identifier without changing the existing processing flow of the switch chip, and the purpose of correspondingly processing the message through the ACL table entry can be realized.
In some embodiments, since the message is not decapsulated when the SCL regulation table is matched, the message information to be matched in the matching entry includes VXLAN tunnel information, i.e., outer layer information, when the SCL regulation table is configured.
For example, if the number of messages of the VNI 100 needs to be counted, the decapsulation rule is to receive the VNI 100 from the tunnel a and the tunnel B, and when the SCL table entry is configured, two SCL table entries may be issued, where the message information to be matched in the matching entry included in the two SCL table entries includes the IP addresses of the VNI 100 and the tunnel a, and the message information to be matched in the matching entry in the other table entry includes the IP addresses of the VNI 100 and the tunnel B.
In some embodiments, the VXLAN tunnel information refers to information that needs to be encapsulated when a packet to be forwarded is transmitted through a tunnel, and may include at least one of a Virtual Forwarding and Routing (VRF), a VXLAN Identifier (VNI) Identifier, and a tunnel IP address. Of course, in practical applications, it may also include other information.
In some embodiments, in order to implement configuration of an SCL entry, a corresponding relationship between each VXLAN tunnel information and an identifier may be generated and maintained in a VTEP device, so that when an SCL entry is configured, an instruction for executing a corresponding target action on a message encapsulated with the VXLAN tunnel information may be received first, then the identifier corresponding to the VXLAN tunnel information is queried according to the instruction, then an action item in the SCL entry is configured according to the identifier, and the SCL entry is configured.
It can be understood that, the network administrator may trigger the configuration instruction on the VTEP device, for example, the network administrator may input a corresponding target action for a message transmitted in a certain tunnel in the VTEP device, that is, identify to execute the target action on the message transmitted in the tunnel, and then trigger the configuration instruction, and after receiving the configuration instruction, the VTEP device may obtain VXLAN tunnel information of the tunnel and the corresponding target action. The VTEP device may assign a corresponding identifier to each VXLAN tunnel information, and then store a corresponding relationship between each VXLAN tunnel information and the identifier, so that the identifier corresponding to the VXLAN tunnel information corresponding to the message to be forwarded may be found according to the corresponding relationship.
In the implementation process, the SCL table entry is configured in advance according to the identifier, so that the corresponding identifier can be marked for the message by using the SCL table entry.
In some embodiments, if the identifier corresponding to the VXLAN tunnel information of the message to be forwarded is not queried in the above correspondence, the identifier corresponding to the VXLAN tunnel information of the message to be forwarded may be obtained first, and then the correspondence between the VXLAN tunnel information and the identifier may be created.
For example, an unused identifier may be allocated to the VXLAN tunnel information as an identifier corresponding to the VXLAN tunnel information, and then a corresponding relationship between the VXLAN tunnel information and the identifier may be established. And configuring the content in the action item in the SCL table according to the identification, and then configuring the SCL table.
In the implementation process, the SCL entry can be accurately configured by creating the corresponding relationship between the VXLAN tunnel information and the identifier.
In some embodiments, in order to reduce the space occupied by the identifier in the SCL entry, when the VXLAN tunnel information includes at least two, the corresponding identifier includes a plurality of segments, each segment includes a plurality of bits, and the values of different segments are used to represent different VXLAN tunnel information.
For example, when a certain VXLAN tunnel message includes a VNI and a tunnel IP address, a plurality of bits of the identifier may be split into two segments, for example, the first n bits of the value are used to represent the VNI, and the last m bits of the value are used to represent the tunnel IP address. The length of the specific bit can be freely allocated according to actual requirements, the splitting mode is determined by actual scenes, if at most 200 VNIs are used in a certain scene, only 8 bits are needed, and the rest bits can be used for representing the tunnel IP address. When the ACL table items are matched, the matching can be sequentially carried out according to the bit positions divided in advance.
In addition, if the space occupied by the identifier is not required, a single identifier can be set for each transmission tunnel message, so that the ACL table items can be matched without dividing according to bits when being matched, and the probability of mismatching can be reduced.
In the embodiment of the application, during the process of encapsulating or decapsulating the message, the identifier corresponding to the message label can be identified by using the SCL before encapsulating or decapsulating the message, so that the ACL can indirectly match the VXLAN tunnel information by matching the identifier without changing the existing processing flow of the switch chip, and the purpose of correspondingly processing the message can be achieved.
Referring to fig. 4, fig. 4 is a block diagram of a message processing apparatus 100 according to an embodiment of the present disclosure, where the apparatus 100 may be a module, a program segment, or a code on an electronic device. It should be understood that the apparatus 100 corresponds to the above-mentioned embodiment of the method of fig. 3, and can perform various steps related to the embodiment of the method of fig. 3, and the specific functions of the apparatus 100 can be referred to the above description, and the detailed description is appropriately omitted here to avoid redundancy.
Optionally, the apparatus 100 comprises:
an identifier obtaining module 110, configured to obtain an identifier corresponding to a to-be-forwarded message, where the identifier is used to represent VXLAN tunnel information corresponding to the to-be-forwarded message, and the to-be-forwarded message is a to-be-encapsulated message or a decapsulated message;
an ACL matching module 120, configured to search an ACL entry matching the identifier in a preconfigured access control list ACL;
and the message processing module 130 is configured to execute a corresponding action in the matched ACL entry for the message to be forwarded.
Optionally, the identifier is used for marking the message to be forwarded according to a service classification list SCL entry.
Optionally, when the packet to be forwarded is a packet to be encapsulated, the apparatus 100 further includes:
a message information obtaining module, configured to obtain message information of the message to be forwarded;
an SCL matching module, configured to search, in a preconfigured SCL, an SCL table entry matching the message information;
and the message marking module is used for executing a corresponding target action in the matched SCL table item on the message to be forwarded, wherein the target action is used for marking the identifier corresponding to the message to be forwarded.
Optionally, the matched SCL entry includes a message receiving port number and a VLAN identifier.
Optionally, when the packet to be forwarded is a decapsulated packet, the apparatus 100 further includes:
a message information obtaining module, configured to obtain message information of an original message before decapsulation corresponding to the message to be forwarded, where the message information includes VXLAN tunnel information for transmitting the original message;
an SCL matching module, configured to search, in a preconfigured SCL, an SCL table entry matching the message information;
a message marking module, configured to execute a corresponding target action in the matched SCL table entry on the original message, where the target action is used to mark the identifier corresponding to the message to be forwarded;
and the decapsulation module is used for decapsulating the original message to obtain the message to be forwarded.
Optionally, the matched SCL entry includes VXLAN tunnel information.
Optionally, when the VXLAN tunnel information includes at least two, the identifier includes a plurality of segments, each segment includes a plurality of bits, and the values of different segments are used to represent different VXLAN tunnel information; and/or the VXLAN tunnel information comprises at least one of a virtual forwarding and routing (VRF), a VNI identification and a tunnel IP address; and/or the target action comprises one of: statistics, QoS, mirroring, drop, pass, redirect.
Optionally, when the target action is the statistic, the apparatus 100 further includes:
the troubleshooting module is used for acquiring a statistical result; and troubleshooting the transmission process of the message according to the statistical result.
It should be noted that, for the convenience and brevity of description, the specific working procedure of the above-described apparatus may refer to the corresponding procedure in the foregoing method embodiment, and the description is not repeated herein.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device for executing a message processing method according to an embodiment of the present application, where the electronic device may be the VTEP device, and the electronic device may include: at least one processor 210, such as a CPU, at least one communication interface 220, at least one memory 230, and at least one communication bus 240. Wherein the communication bus 240 is used for realizing direct connection communication of these components. In the embodiment of the present application, the communication interface 220 of the device is used for performing signaling or data communication with other node devices. Memory 230 may be a high-speed RAM memory or a non-volatile memory (e.g., at least one disk memory). Memory 230 may optionally be at least one memory device located remotely from the aforementioned processor. The memory 230 stores computer readable instructions, which when executed by the processor 210, cause the electronic device to perform the method process of fig. 3.
It will be appreciated that the configuration shown in fig. 5 is merely illustrative and that the electronic device may include more or fewer components than shown in fig. 5 or may have a different configuration than shown in fig. 5. The components shown in fig. 5 may be implemented in hardware, software, or a combination thereof.
Embodiments of the present application provide a readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, performs the method processes performed by an electronic device in the method embodiment shown in fig. 3.
The present embodiments disclose a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the above-described method embodiments, for example, comprising: acquiring an identifier corresponding to a message to be forwarded, wherein the identifier is used for representing VXLAN tunnel information corresponding to the message to be forwarded, and the message to be forwarded is a message to be encapsulated or a decapsulated message; searching an ACL table item matched with the identifier in a pre-configured ACL; and executing corresponding actions in the matched ACL table items.
To sum up, the embodiments of the present application provide a method and an apparatus for processing a message, and an electronic device, where an identifier corresponding to a message is matched through an ACL entry, so that VXLAN tunnel information can be indirectly matched through matching the identifier, and a purpose of performing corresponding processing on such a message by using the ACL entry can be achieved.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. A message processing method is applied to a VTEP device in a VXLAN network, and comprises the following steps:
acquiring an identifier corresponding to a message to be forwarded, wherein the identifier is used for representing VXLAN tunnel information corresponding to the message to be forwarded, and the message to be forwarded is a message to be encapsulated or a decapsulated message;
searching an ACL table item matched with the identifier in a pre-configured ACL;
and executing corresponding actions in the matched ACL list items on the message to be forwarded.
2. The method of claim 1, wherein the identifier is used for marking the packet to be forwarded according to a Service Classification List (SCL) entry.
3. The method according to claim 2, wherein when the packet to be forwarded is a packet to be encapsulated, before the obtaining the identifier corresponding to the packet to be forwarded, the method further comprises:
acquiring message information of the message to be forwarded;
searching an SCL table item matched with the message information in a preconfigured SCL;
and executing a corresponding target action in the matched SCL table item on the message to be forwarded, wherein the target action is used for marking the corresponding identifier for the message to be forwarded.
4. The method of claim 3, wherein the matching SCL entry comprises a message receiving port number and a VLAN identification.
5. The method according to claim 2, wherein when the packet to be forwarded is a decapsulated packet, before the obtaining the identifier corresponding to the packet to be forwarded, the method further comprises:
acquiring message information of an original message before decapsulation corresponding to the message to be forwarded, wherein the message information comprises VXLAN tunnel information for transmitting the original message;
searching an SCL table item matched with the message information in a preconfigured SCL;
executing a corresponding target action in the matched SCL table item on the original message, wherein the target action is used for marking the corresponding identifier for the message to be forwarded;
and de-encapsulating the original message to obtain the message to be forwarded.
6. The method of claim 5, wherein the matching SCL entry comprises VXLAN tunnel information.
7. The method according to any of claims 1-6, wherein when said VXLAN tunnel information comprises at least two, said tag comprises a plurality of segments, each segment comprising a plurality of bits, the values of the different segments being used to represent different VXLAN tunnel information; and/or
The VXLAN tunnel information comprises at least one of a virtual forwarding and routing (VRF), a VNI identification and a tunnel IP address; and/or
The corresponding action comprises one of: statistics, QoS, mirroring, drop, pass, redirect.
8. The method of claim 7, wherein when the corresponding action is the statistics, further comprising:
obtaining a statistical result;
and troubleshooting the transmission process of the message according to the statistical result.
9. A message processing apparatus, operable with a VTEP device in a VXLAN network, the apparatus comprising:
the device comprises an identification acquisition module, a forwarding module and a forwarding module, wherein the identification acquisition module is used for acquiring an identification corresponding to a message to be forwarded, the identification is used for representing VXLAN tunnel information corresponding to the message to be forwarded, and the message to be forwarded is a message to be encapsulated or a decapsulated message;
the ACL matching module is used for searching an ACL table item matched with the identifier in a preconfigured access control list ACL;
and the message processing module is used for executing corresponding actions in the matched ACL list items on the message to be forwarded.
10. An electronic device comprising a processor and a memory, the memory storing computer readable instructions that, when executed by the processor, perform the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011514634.0A CN112702254B (en) | 2020-12-18 | 2020-12-18 | Message processing method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011514634.0A CN112702254B (en) | 2020-12-18 | 2020-12-18 | Message processing method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112702254A true CN112702254A (en) | 2021-04-23 |
| CN112702254B CN112702254B (en) | 2022-05-17 |
Family
ID=75507768
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011514634.0A Active CN112702254B (en) | 2020-12-18 | 2020-12-18 | Message processing method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112702254B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113452594A (en) * | 2021-06-28 | 2021-09-28 | 新华三信息安全技术有限公司 | Inner layer message matching method and device of tunnel message |
| CN115987889A (en) * | 2022-12-26 | 2023-04-18 | 迈普通信技术股份有限公司 | Virtual network communication method, device, computer equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100165985A1 (en) * | 2008-12-29 | 2010-07-01 | Cisco Technology, Inc. | Service Selection Mechanism In Service Insertion Architecture Data Plane |
| CN104410541A (en) * | 2014-11-18 | 2015-03-11 | 盛科网络(苏州)有限公司 | Method and device for counting VXLAN inner layer virtual machine flux on intermediate switch |
| CN104539561A (en) * | 2014-12-29 | 2015-04-22 | 盛科网络(苏州)有限公司 | Chip debugging method and device based on message processing information |
| CN106101011A (en) * | 2016-08-22 | 2016-11-09 | 杭州华三通信技术有限公司 | A kind of message processing method and device |
| CN108063718A (en) * | 2017-12-18 | 2018-05-22 | 迈普通信技术股份有限公司 | Message processing method, device and electronic equipment |
| CN108293020A (en) * | 2015-12-04 | 2018-07-17 | 思科技术公司 | The exclusive service forwarding of infrastructure |
| CN108667709A (en) * | 2018-05-18 | 2018-10-16 | 新华三技术有限公司 | A kind of message forwarding method and device |
| CN109728992A (en) * | 2018-11-27 | 2019-05-07 | 盛科网络(苏州)有限公司 | Method, apparatus, storage medium and the electronic device in distribution forwarding domain |
-
2020
- 2020-12-18 CN CN202011514634.0A patent/CN112702254B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100165985A1 (en) * | 2008-12-29 | 2010-07-01 | Cisco Technology, Inc. | Service Selection Mechanism In Service Insertion Architecture Data Plane |
| CN104410541A (en) * | 2014-11-18 | 2015-03-11 | 盛科网络(苏州)有限公司 | Method and device for counting VXLAN inner layer virtual machine flux on intermediate switch |
| CN104539561A (en) * | 2014-12-29 | 2015-04-22 | 盛科网络(苏州)有限公司 | Chip debugging method and device based on message processing information |
| CN108293020A (en) * | 2015-12-04 | 2018-07-17 | 思科技术公司 | The exclusive service forwarding of infrastructure |
| CN106101011A (en) * | 2016-08-22 | 2016-11-09 | 杭州华三通信技术有限公司 | A kind of message processing method and device |
| CN108063718A (en) * | 2017-12-18 | 2018-05-22 | 迈普通信技术股份有限公司 | Message processing method, device and electronic equipment |
| CN108667709A (en) * | 2018-05-18 | 2018-10-16 | 新华三技术有限公司 | A kind of message forwarding method and device |
| CN109728992A (en) * | 2018-11-27 | 2019-05-07 | 盛科网络(苏州)有限公司 | Method, apparatus, storage medium and the electronic device in distribution forwarding domain |
Non-Patent Citations (2)
| Title |
|---|
| ANDREA BONETTI,NIKOLAY IGNATOVSKI,SIDNEY FERNANDEZ: "Providing an IEC 61850 Counterpart of the Trusty Multimeter - Approaching the Maintenance Procedures for IEC 61850 Substations", 《2019 1ST GLOBAL POWER, ENERGY AND COMMUNICATION CONFERENCE (GPECOM)》 * |
| 陈昌奇,吴军平: "ACL功能在MDU设备中研究与实现", 《电子设计工程》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113452594A (en) * | 2021-06-28 | 2021-09-28 | 新华三信息安全技术有限公司 | Inner layer message matching method and device of tunnel message |
| CN113452594B (en) * | 2021-06-28 | 2022-07-22 | 新华三信息安全技术有限公司 | Inner layer message matching method and device of tunnel message |
| CN115987889A (en) * | 2022-12-26 | 2023-04-18 | 迈普通信技术股份有限公司 | Virtual network communication method, device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112702254B (en) | 2022-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11929945B2 (en) | Managing network traffic in virtual switches based on logical port identifiers | |
| US10320664B2 (en) | Cloud overlay for operations administration and management | |
| CN111512601B (en) | Segmented routing network processing of packets | |
| US10404605B2 (en) | Packet processing method, device and computer storage medium | |
| CN112702330B (en) | Lightweight in-band network telemetry method and device for Overlay network and storage medium | |
| CN110071878B (en) | Message flow statistical method and device and electronic equipment | |
| CN109617995B (en) | Management system and method for VPC (virtual private network) internal container of tenant cluster and electronic equipment | |
| CN112702254B (en) | Message processing method and device and electronic equipment | |
| US10182125B2 (en) | Server, physical switch and communication system | |
| CN108063718B (en) | Message processing method and device and electronic equipment | |
| US20190007368A1 (en) | DHCP in Layer-3 Overlay with Anycast Address Support and Network Address Transparency | |
| CN112822104A (en) | Data message processing method, device, storage medium and system | |
| EP3920512A1 (en) | Transmission method and device for message | |
| CN108259297B (en) | Message processing method and device | |
| CN111404797B (en) | Control method, SDN controller, SDN access point, SDN gateway and CE | |
| CN108737239B (en) | Message forwarding method and device | |
| CN113765809A (en) | BIER multicast traffic statistical method, device and system | |
| EP4329248A1 (en) | Packet forwarding method and apparatus, network device, and storage medium | |
| CN112866208B (en) | Table item configuration method, message processing method, device, equipment and storage medium | |
| EP4254834A1 (en) | Message transmission method and apparatus, and device, storage medium and system | |
| CN110932968B (en) | Flow forwarding method and device | |
| CN114827057A (en) | Communication method and communication system | |
| CN111865805A (en) | Multicast GRE message processing method and system | |
| CN111092772A (en) | Network service processing method, device and system | |
| CN115150308B (en) | Flow statistics method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |