CN114143283B - Tunnel self-adaptive configuration method and device, central terminal equipment and communication system - Google Patents
Tunnel self-adaptive configuration method and device, central terminal equipment and communication system Download PDFInfo
- Publication number
- CN114143283B CN114143283B CN202111419544.8A CN202111419544A CN114143283B CN 114143283 B CN114143283 B CN 114143283B CN 202111419544 A CN202111419544 A CN 202111419544A CN 114143283 B CN114143283 B CN 114143283B
- Authority
- CN
- China
- Prior art keywords
- tunnel
- address
- public network
- interface
- establishing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000004891 communication Methods 0.000 title claims abstract description 18
- 238000013507 mapping Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 description 14
- 230000003044 adaptive effect Effects 0.000 description 13
- 101000785712 Homo sapiens Zinc finger protein 282 Proteins 0.000 description 12
- 102100026417 Zinc finger protein 282 Human genes 0.000 description 12
- 238000012795 verification Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000005538 encapsulation Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000005641 tunneling Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The application provides a tunnel self-adaptive configuration method, a tunnel self-adaptive configuration device, central terminal equipment and a communication system. The method comprises the following steps: receiving a Next Hop Resolution Protocol (NHRP) message representing a request for establishing a tunnel from a local interface; judging whether the local interface is a legal interface for establishing a tunnel; when the local interface is a legal interface, determining a first public network address for establishing a tunnel with the target equipment based on the NHRP message; the first public network address is a public network IP address of the central terminal device, and the target device is a device for sending the NHRP message. By the method, the controllability of tunnel establishment can be enhanced, some backup links are effectively removed, so that the links and the tunnels have unique corresponding relations, and further accurate scheduling of service traffic on the links is facilitated.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a tunnel adaptive configuration method and apparatus, a central device, and a communications system.
Background
SD-WAN (Software Defined Wide Area Network ) is a service formed by applying SDN (Software Defined Network ) technology to a wide area network scenario. Such services are used to connect enterprise networks, data centers, internet applications, and cloud services over a wide geographic range.
Implementing the SD-WAN scheme requires constructing an Overlay network, thereby forming an Underlay network and an Overlay two-layer network, where the Overlay network is constructed using a tunneling technique, and common tunneling techniques include IPsec VPN (Internet Protocol Security Virtual Private Network, virtual private network technology based on internet security protocol), GRE (Generic Routing Encapsulation, general routing encapsulation), DVPN (dynamic virtual private network ), VXLAN (Virtual Extensible Local Area Network, virtual extensible local area network), and the like. Among them, connection and resource utilization of various links are core capabilities of SD-WAN networks, and common link types include MSTP (Multi-Service Transport Platform, multi-service delivery platform) private line, MPLS VPN (MPLS Virtual Private Network, multiprotocol label switching virtual private network technology) private line, internet (Internet), LTE (Long Term Evolution ), and the like.
In the current process of building an Overlay network, under the condition that MSTP links are used for deployment of branch equipment and central terminal equipment, service flow between the branch equipment and the central terminal equipment can reach through either a direct link or a backup link, and the links cannot be solidified after a message enters the Overlay tunnel, so that accurate scheduling of the service flow on the links is not facilitated.
Disclosure of Invention
The embodiment of the application aims to provide a tunnel self-adaptive configuration method, a device, central terminal equipment and a communication system, so as to enhance the controllable capability of tunnel establishment, ensure the unique corresponding relation between a link and the tunnel and further facilitate accurate scheduling of service traffic on the link.
The application is realized in the following way:
in a first aspect, an embodiment of the present application provides a tunnel adaptive configuration method, applied to a central device, where the method includes: receiving a Next Hop Resolution Protocol (NHRP) message representing a request for establishing a tunnel from a local interface; judging whether the local interface is a legal interface for establishing a tunnel or not; when the local interface is the legal interface, determining a first public network address for establishing a tunnel with target equipment based on the NHRP message; the first public network address is a public network IP address of the central terminal device, and the target device is a device for sending the NHRP message.
In the embodiment of the application, the central terminal equipment determines which local interfaces are legal interfaces in advance, and then the establishment of the tunnel is carried out only when the NHRP message for requesting the establishment of the tunnel is received from the legal interfaces. By the method, the controllability of tunnel establishment can be enhanced, some backup links are effectively removed, so that the links and the tunnels have unique corresponding relations, and further accurate scheduling of service traffic on the links is facilitated.
With reference to the foregoing technical solution provided in the first aspect, in some possible implementation manners, when the local interface is the legal interface, determining, based on the NHRP packet, a first public network address for establishing a tunnel with a target device includes: when the local interface is the legal interface, judging whether the IP address corresponding to the local interface belongs to a preset public network address for establishing a tunnel; and when the IP address corresponding to the local interface belongs to the public network address for establishing the tunnel in the preset mode, determining a first public network address for establishing the tunnel with the target equipment based on the NHRP message.
In the embodiment of the application, the public network address belonging to the preset tunnel establishment is also pre-configured in the central terminal equipment, namely, the tunnel establishment is only carried out when the IP address corresponding to the local interface belongs to the public network address of the preset tunnel establishment. By the method, the accuracy and the operability of the tunnel establishment process can be ensured, meanwhile, the public network IP address can be determined through the central terminal equipment by configuring the public network address for presetting the tunnel establishment process, a developer does not need to specify the public network IP address corresponding to the central terminal equipment and each target equipment in advance, and the configuration difficulty of the deployment of the central terminal equipment is simplified.
With reference to the foregoing technical solution of the first aspect, in some possible implementation manners, the determining, based on the NHRP packet, a first public network address for establishing a tunnel with the target device includes: acquiring a destination IP address in the NHRP message; comparing the destination IP address with the preset destination public network address for establishing the tunnel respectively; and when the preset destination public network address for establishing the tunnel comprises the destination IP address, determining the destination IP address as a first public network address for establishing the tunnel with the target equipment.
In the embodiment of the application, in the process of determining the first public network address for establishing the tunnel with the target equipment, whether the target IP address in the NHRP message is the same as the target address in the preset target public network address for establishing the tunnel or not is verified, namely whether the NHRP message is wrong or not is verified, and the first public network address for establishing the tunnel with the target equipment is determined only by the NHRP message, so that the tunnel establishment accuracy can be further ensured.
With reference to the technical solution provided in the first aspect, a tunnel interface address is also pre-configured in the central device; before determining the first public network address for establishing the tunnel with the target device based on the NHRP message, the method further comprises: acquiring a destination tunnel interface address in the NHRP message; and determining that the destination tunnel interface address is the same as the tunnel interface address configured by the destination tunnel interface address.
In the embodiment of the application, after receiving the NHRP message, the central terminal equipment verifies whether the destination tunnel interface address in the NHRP message is matched through the pre-configured tunnel interface address. When the self-configured tunnel interface address is not matched with the destination tunnel interface address in the NHRP message, the message transmission error of the target device is indicated, the establishment of a subsequent tunnel is not needed at this time, and the subsequent verification is only carried out when the self-configured tunnel interface address is matched with the destination tunnel interface address in the NHRP message. By the method, verification efficiency can be improved, and the process of determining the first public network address for establishing the tunnel with the target equipment and the like is still executed when the tunnel interface address configured by the method is not matched with the destination tunnel interface address in the NHRP message.
With reference to the foregoing technical solution of the first aspect, in some possible implementation manners, after determining, based on the NHRP packet, a first public network address for establishing a tunnel with a target device, the method further includes: acquiring a source IP address and a source tunnel interface address in the NHRP message; the source IP address is a public network IP address of the target equipment, and the source tunnel interface address is a tunnel interface address configured by the target equipment; and adding the source tunnel interface address, the first public network address and the source IP address into a preset mapping table.
In the embodiment of the application, the mapping relation between the central terminal equipment and the tunnels established by all the target equipment is conveniently tidied through the preset mapping table, and the subsequent central terminal equipment is also convenient to directly determine the corresponding links according to the preset mapping table.
In a second aspect, an embodiment of the present application provides a tunnel adaptive configuration apparatus, applied to a central device, where the apparatus includes: the receiving module is used for receiving a Next Hop Resolution Protocol (NHRP) message representing a request for establishing a tunnel from the local interface; the judging module is used for judging whether the local interface is a legal interface for establishing a tunnel; the determining module is used for determining a first public network address for establishing a tunnel with the target equipment based on the NHRP message when the local interface is the legal interface; the first public network address is a public network IP address of the central terminal device, and the target device is a device for sending the NHRP message.
With reference to the foregoing technical solution provided in the second aspect, in some possible implementation manners, the determining module is further configured to determine, when the local interface is the legal interface, whether an IP address corresponding to the local interface belongs to a public network address preset to establish a tunnel; and when the IP address corresponding to the local interface belongs to the public network address for establishing the tunnel in the preset mode, determining a first public network address for establishing the tunnel with the target equipment based on the NHRP message.
In a third aspect, an embodiment of the present application provides a central device, including: the device comprises a processor and a memory, wherein the processor is connected with the memory; the memory is used for storing programs; the processor is configured to invoke a program stored in the memory to perform a method as provided by the embodiments of the first aspect described above and/or in combination with some possible implementations of the embodiments of the first aspect described above.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs a method as provided by the embodiments of the first aspect described above and/or in connection with some possible implementations of the embodiments of the first aspect described above.
In a fifth aspect, an embodiment of the present application provides a communication system, including a central end device and a branch device communicatively connected to the central end device; the central side device is configured to perform a method as provided by the embodiments of the first aspect described above and/or by some possible implementations in combination with the embodiments of the first aspect described above.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a network topology diagram of a communication system according to an embodiment of the present application.
Fig. 2 is a block diagram of a central device according to an embodiment of the present application.
Fig. 3 is a flowchart of steps of a tunnel adaptive configuration method according to an embodiment of the present application.
Fig. 4 is a block diagram of a tunnel adaptive configuration device according to an embodiment of the present application.
Icon: 100-central end equipment; 110-a processor; 120-memory; 200-a tunnel adaptive configuration device; 201-a receiving module; 202-a judging module; 203-a determination module.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application.
Referring to fig. 1, an embodiment of the present application provides a communication system, which includes a central device and a branch device communicatively connected to the central device. The HUB devices shown in FIG. 1 include HUB-1 and HUB-2, and the branch devices include Spoke-1, spoke-2, spoke-3, and Spoke-4. The number of central end devices and branch devices shown in fig. 1 is merely exemplary and not limiting of the present application.
Assuming that the existing tunnel establishment mode is adopted, a tunnel can be established between HUB-1 and Spoke-1 (link can be formed through the tunnel) and Spoke-1, spoke-2 and HUB-2 respectively, for example, a tunnel can be established between HUB-1 and Spoke-1, and a tunnel can be established between HUB-1 and Spoke-2. The embodiment of the application further ensures that a link is established between HUB-1 and Spoke-1 according to a preset service path by configuring the central terminal equipment, namely, the link and the tunnel have a unique corresponding relation in the mode. The specific procedure of the tunnel adaptive configuration method will be described later. The description will not be given here.
In a specific application, the central device may refer to a rack-mounted device, such as a rack-mounted routing device or a rack-mounted gateway. Whereas the branch devices refer to the usual routing devices and gateways. The central terminal equipment and the branch equipment are distinguished through different functions, the central terminal equipment can be used as the central equipment in a communication system to realize data forwarding, and the central terminal equipment can be simultaneously connected into a plurality of branch equipment. By way of example, a hub device may refer to a rack-mounted gateway in city a, while a branch device refers to a gateway of office website A1 in city a. The same central terminal device can be simultaneously connected with a plurality of branch devices, such as office network point A1, office network point A2, office network point A3 and office network point A4 in city A, and all the routing devices of city A are connected with the rack-mounted routing device of city A. The number of branch devices accessed by the same central end device can be configured according to requirements, such as 20, 50, 300, etc.
In addition, in the embodiment of the application, the tunnel established between the central terminal equipment and the branch equipment is a dynamic tunnel.
Structurally, the central end device 100 described above may include a processor 110 and a memory 120.
The processor 110 is electrically connected to the memory 120, either directly or indirectly, to enable data transmission or interaction, for example, the elements may be electrically connected to each other via one or more communication buses or signal lines. The tunnel adaptation configuration means comprise at least one software module which may be stored in the memory 120 in the form of software or Firmware (Firmware) or cured in an Operating System (OS) of the central side device 100. The processor 110 is configured to execute executable modules stored in the memory 120, such as software functional modules and computer programs included in the tunnel adaptive configuration device, to implement the tunnel adaptive configuration method. The processor 110 may execute the computer program after receiving the execution instructions.
The processor 110 may be an integrated circuit chip with signal processing capability. The processor 110 may also be a general purpose processor, for example, a central processing unit (Central Processing Unit, CPU), digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), discrete gate or transistor logic, discrete hardware components, and may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application. Further, the general purpose processor may be a microprocessor or any conventional processor or the like.
The Memory 120 may be, but is not limited to, random access Memory (Random Access Memory, RAM), read Only Memory (ROM), programmable Read Only Memory (Programmable Read-Only Memory, PROM), erasable programmable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), and electrically erasable programmable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM). The memory 120 is used for storing a program, and the processor 110 executes the program after receiving an execution instruction.
It should be noted that the structure shown in fig. 2 is only illustrative, and the center-end device 100 provided in the embodiment of the present application may further have fewer or more components than those shown in fig. 2, or may have a different configuration from that shown in fig. 2. In addition, the components shown in fig. 2 may be implemented by software, hardware, or a combination thereof.
Accordingly, the above-mentioned branch device may also include a processor and a memory, and the structure thereof may refer to the structure of the central end device 100, which is not described in detail herein.
Referring to fig. 3, fig. 3 is a flowchart illustrating steps of a tunnel adaptive configuration method according to an embodiment of the present application, where the method is applied to the central device 100 shown in fig. 2. It should be noted that, the tunnel adaptive configuration method provided by the embodiment of the present application is not limited by the order shown in fig. 3 and the following steps, and the method includes: step S101 to step S103.
Step S101: a message is received from the local interface characterizing the NHRP (Next Hop Resolution Protocol ) for requesting establishment of the tunnel.
The NHRP message is a message sent by the target equipment and used for requesting to establish a tunnel. The target device may be, but is not limited to, a branch device in the communication system and other hub devices in the communication system.
Each interface of the central device corresponds to a public network IP address, as shown in fig. 1, and the public network IP addresses corresponding to the interfaces of the central device HUB-1 are IP2, IP6 and IP9 respectively. The interfaces corresponding to the three interfaces can all receive the message sent by the target equipment, and the tunnel self-adaptive configuration method is only executed when one interface receives the message sent by the target equipment and used for requesting to establish the tunnel.
The following description will take the target device as a branch device in the communication system as an example.
It should be noted that the branching device needs to be configured in advance. The configuration information includes a destination tunnel interface address, a destination IP address, a source tunnel interface address (i.e., a tunnel interface address of itself), and a source IP address (i.e., a public network IP address of itself). The tunnel mode in the embodiment of the application is a dynamic tunnel. In the process of establishing the tunnel, the tunnel can be established through the four addresses. After the branch device configures the information, the branch device may send an NHRP message to the central device to request to establish a tunnel.
Taking fig. 1 as an example, the information that the branch device Spoke-1 is configured in advance includes: a destination Tunnel interface address (Tunnel 1), a destination IP address (IP 2), a source Tunnel interface address (Tunnel 2), and a source IP address (IP 1).
Step S102: and judging whether the local interface is a legal interface for establishing a tunnel.
The central device may divide the local interface into legal interfaces that can establish a tunnel in advance and illegal interfaces that cannot establish a tunnel. It should be noted that, after the central device divides the illegal interfaces which cannot establish the tunnel in the local interfaces in advance, the rest of the local interfaces are legal interfaces which can establish the tunnel.
As an alternative implementation manner, the tunnel interface address (i.e. the tunnel interface address of the central terminal device) and the first network segment are pre-configured in the central terminal device, and the mode of the tunnel is a dynamic tunnel when configured.
Taking fig. 1 as an example, the HUB device HUB-1 configures its own Tunnel interface address as Tunnel1.
The IP address corresponding to the first network segment is an invalid IP address. After the central device obtains the NHRP message sent by the branch device, it determines whether the IP address corresponding to the local interface that receives the message belongs to the first network segment, and only when the IP address corresponding to the local interface does not belong to the first network segment, the local interface is a legal interface for establishing a tunnel, at this time, step S103 is executed. When the IP address corresponding to the local interface belongs to the first network segment, the local interface is an illegal interface which can not establish a tunnel, and the NHRP message is discarded at the moment, so that the establishment of the tunnel is not carried out.
Step S103: determining a first public network address for establishing a tunnel with the target equipment based on the NHRP message; the first public network address is a public network IP address of the central terminal device.
When the local interface is a legal interface for establishing a tunnel, the first public network address for establishing the tunnel with the target equipment can be directly determined based on the NHRP message.
Continuing taking the IP address shown in fig. 1 as an example, the public network IP addresses corresponding to the three interfaces of the central device are IP2, IP6 and IP9 respectively. IP9 belongs to the preconfigured first network segment, while IP2 and IP6 do not belong to the preconfigured first network segment. When the public network IP addresses corresponding to the local interfaces of the central terminal equipment for receiving the NHRP messages are IP2 and IP6, the first public network address for establishing the tunnel with the target equipment is determined directly based on the NHRP messages. And when the public network address corresponding to the local interface of the NHRP message received by the central terminal equipment is IP9, the establishment of the tunnel is not carried out, the central terminal equipment determines that the message is an invalid message, and the message is discarded. Therefore, the establishment of the tunnel between the central terminal device HUB-1 and the central terminal device HUB-2 can be effectively removed, and traffic flow between the HUB-1 and the Spoke-1 is prevented from being transferred as an intermediate node through the Spoke-2 and the HUB-2.
It will be appreciated that, at configuration time, multiple first network segments may be configured simultaneously, with IP9 being exemplary of the first configured network segment A1 and IP6 being the first configured network segment A2. And when the public network IP address corresponding to the local interface of the NHRP message received by the central terminal equipment is IP2, determining the destination public network address of the tunnel directly based on the NHRP message. And when the public network address corresponding to the local interface of the central terminal equipment for receiving the NHRP message is IP6 or IP9, the tunnel is not established, and the central terminal equipment determines that the message is an invalid message.
Furthermore, in some embodiments, IP6 and IP9 may belong together with a first network segment.
The specific process for determining the destination public network address of the tunnel based on the NHRP message comprises the following steps: and acquiring a destination IP address in the NHRP message, and determining the destination IP address as a first public network address for establishing a tunnel with the target equipment when the destination IP address in the NHRP message is matched with the IP address corresponding to the local interface of the message received by the central terminal equipment.
The IP address corresponding to the local interface of the central device receiving the NHRP packet is IP2, and when the destination IP address is also IP2, the central device determines that the first public network address for establishing a tunnel with the target device is IP2.
In summary, in the embodiment of the present application, the central device determines which local interfaces are legal interfaces in advance, and then establishes a tunnel only when an NHRP message for requesting to establish a tunnel is received from the legal interfaces. By the method, the controllability of tunnel establishment can be enhanced, some backup links are effectively removed, so that the links and the tunnels have unique corresponding relations, and further accurate scheduling of service traffic on the links is facilitated.
Optionally, the step S103 may specifically further include: when the local interface is a legal interface, judging whether an IP address corresponding to the local interface belongs to a public network address for presetting and establishing a tunnel; when the IP address corresponding to the local interface belongs to the public network address for establishing the tunnel in the preset mode, determining a first public network address for establishing the tunnel with the target equipment based on the NHRP message.
That is, the central device configures a public network address for presetting a tunnel establishment, so that the tunnel is reasonably and accurately established according to the configuration.
As an implementation manner, the central device may configure a second network segment, where an IP address corresponding to the second network segment is a public network address preset to establish a tunnel.
Continuing taking the IP address shown in fig. 1 as an example, the IP addresses corresponding to the three interfaces of the central device are IP2, IP6 and IP9, respectively. It is assumed that only IP2 of the three public network IP addresses belongs to the second network segment which is pre-configured, IP9 belongs to the first network segment which is pre-configured, and IP6 neither belongs to the first network segment nor to the second network segment. When the public network IP address corresponding to the local interface of the NHRP message received by the central terminal equipment is IP2, the public network address of the destination of the tunnel is determined directly based on the NHRP message as the public network IP address does not belong to the first network segment and belongs to the second network segment. When the public network IP address corresponding to the local interface of the NHRP message received by the central terminal equipment is IP9, the NHRP message is determined to be an invalid message in the first judgment because the public network IP address belongs to the first network segment. When the public network IP address corresponding to the local interface of the NHRP message received by the central terminal equipment is IP6, the second judgment is carried out because the public network IP address does not belong to the first network segment, and the NHRP message is determined to be an invalid message because the public network IP address does not belong to the second network segment.
It can be seen that, in the embodiment of the present application, the public network address belonging to the preset tunnel establishment is also pre-configured in the central device, that is, the tunnel is established only if the IP address corresponding to the local interface belongs to the public network address of the preset tunnel establishment. By the method, the accuracy and the operability of the tunnel establishment process can be ensured, meanwhile, the public network IP address can be determined through the central terminal equipment by configuring the public network address for presetting the tunnel establishment process, a developer does not need to specify the public network IP address corresponding to the central terminal equipment and each target equipment in advance, and the configuration difficulty of the deployment of the central terminal equipment is simplified.
Correspondingly, the determining, based on the NHRP packet, the first public network address for establishing the tunnel with the target device may specifically include: acquiring a destination IP address in an NHRP message; comparing the destination IP address with a preset destination public network address for establishing a tunnel respectively; when the tunnel interface IP address set contains the destination IP address, the destination IP address is determined as a first public network address for establishing a tunnel with the target device.
That is, after the NHRP message is obtained, the destination IP address in the NHRP message is extracted, and then the destination IP address is respectively compared with the destination public network address of the preset tunnel, and the subsequent tunnel configuration is performed only when the destination public network address of the preset tunnel is included, and when the destination IP address is not included in the destination public network address of the preset tunnel, the message is determined to be wrong, and the tunnel is not established.
Illustratively, the destination public network address preset to establish the tunnel includes IP2 and IP6. After the central terminal equipment acquires the NHRP message, extracting a target IP address in the NHRP message, and determining the target IP address as a first public network address if the target IP address is IP2 or IP6. If the destination IP address is neither IP2 nor IP6, determining that the message is wrong, and not establishing a tunnel.
It can be seen that, in the embodiment of the present application, in the process of determining the first public network address for establishing a tunnel with the target device, it is a priori verified whether the destination IP address in the NHRP message is the same as the destination address in the preset destination public network address for establishing a tunnel, that is, it is verified whether the NHRP message has errors, and only if the NHRP message has errors, the first public network address is determined, so that the accuracy of tunnel establishment can be further ensured.
Optionally, since the tunnel interface address is also pre-configured in the central side device, before step S103, the method further includes: acquiring a destination tunnel interface address in an NHRP message; and determining that the destination tunnel interface address is the same as the tunnel interface address configured by the destination tunnel interface address.
Taking fig. 1 as an example, the Tunnel interface address configured by the HUB-1 is Tunnel1. After the central terminal device acquires the NHRP message, it acquires the destination Tunnel interface address in the NHRP message, judges whether the destination Tunnel interface address is Tunnel1, if the destination Tunnel interface address is Tunnel1, it continues to execute step S103, if the destination Tunnel interface address is not Tunnel1, it indicates that the message is wrong, and the message is wrong, so that the establishment of the subsequent Tunnel is not performed.
It can be seen that, in the embodiment of the present application, after receiving the NHRP message, the central device verifies whether the destination tunnel interface address in the NHRP message is matched through the pre-configured tunnel interface address. When the self-configured tunnel interface address is not matched with the destination tunnel interface address in the NHRP message, the message transmission error of the target device is indicated, the establishment of a subsequent tunnel is not needed at this time, and the subsequent verification is only carried out when the self-configured tunnel interface address is matched with the destination tunnel interface address in the NHRP message. By the method, verification efficiency can be improved, and the process of determining the first public network address for establishing the tunnel with the target equipment and the like is still executed when the tunnel interface address configured by the method is not matched with the destination tunnel interface address in the NHRP message.
Optionally, after determining the first public network address for establishing the tunnel with the target device based on the NHRP message, the method further includes: acquiring a source IP address and a source tunnel interface address in an NHRP message; the source IP address is a public network IP address of the target equipment, and the source tunnel interface address is a tunnel interface address of the target equipment; and adding the source tunnel interface address, the first public network address and the source IP address into a preset mapping table.
Wherein, the preset mapping table is a consultable table one.
List one
Continuing with the example of FIG. 1, a mapping relationship of the tunnel established between the second behavior center device HUB-1 and the branch device Spoke-1 in Table 1. In Table one, a mapping relationship of tunnels is established between HUB-1 and Spoke-3.
In the embodiment of the application, the mapping relation between the central terminal equipment and the tunnels established by all the branch equipment is conveniently tidied through the preset mapping table, and the subsequent central terminal equipment is also convenient to directly determine the corresponding links according to the preset mapping table.
The tunnel which is built comprises a first public network address, a second public network address, a first tunnel interface address and a second tunnel interface address. The first public network address is a public network IP address of the central terminal equipment; the second public network address is the public network IP address of the target device, the first tunnel interface address is the tunnel interface address of the central terminal device, and the second tunnel interface address is the tunnel interface address of the target device.
It should be noted that, the tunnel adaptive configuration method provided in the embodiment of the present application focuses on the configuration of the public network IP address corresponding to each interface of the central device, and determines the first public network address for establishing the tunnel with the target device through the configuration information. After the first public network address is determined, the central terminal device and the target device perform subsequent interaction (such as multiple handshaking) to complete establishment of the tunnel. Since the subsequent interaction process is well known in the art, it is not described in the present application.
Referring to fig. 4, based on the same inventive concept, an embodiment of the present application further provides a tunnel adaptive configuration apparatus 200 configured in a central device, where the apparatus includes: a receiving module 201, a judging module 202 and a determining module 203.
A receiving module 201, configured to receive, from the local interface, a next hop resolution protocol NHRP packet that characterizes a tunnel establishment request.
A judging module 202, configured to judge whether the local interface is a legal interface for establishing a tunnel.
A determining module 203, configured to determine, based on the NHRP packet, a first public network address for establishing a tunnel with a target device when the local interface is the legal interface; the first public network address is a public network IP address of the central terminal device, and the target device is a device for sending the NHRP message.
Optionally, the determining module 203 is further configured to determine, when the local interface is the legal interface, whether an IP address corresponding to the local interface belongs to a public network address for presetting tunnel establishment; and when the IP address corresponding to the local interface belongs to the public network address for establishing the tunnel in the preset mode, determining a first public network address for establishing the tunnel with the target equipment based on the NHRP message.
Optionally, the determining module 203 is further specifically configured to obtain a destination IP address in the NHRP packet; comparing the destination IP address with the preset destination public network address for establishing the tunnel respectively; and when the preset destination public network address for establishing the tunnel comprises the destination IP address, determining the destination IP address as a first public network address for establishing the tunnel with the target equipment.
Optionally, a tunnel interface address is also pre-configured in the central terminal equipment; the apparatus also includes a verification module. The verification module is used for acquiring a destination tunnel interface address in the NHRP message before the first public network address for establishing a tunnel with the target device is determined based on the NHRP message; and determining that the destination tunnel interface address is the same as the tunnel interface address configured by the destination tunnel interface address.
Optionally, the device further includes a configuration module, configured to obtain a source IP address and a source tunnel interface address in the NHRP packet after determining, based on the NHRP packet, a first public network address for establishing a tunnel with a target device; the source IP address is a public network IP address of the target equipment, and the source tunnel interface address is a tunnel interface address configured by the target equipment; and adding the source tunnel interface address, the first public network address and the source IP address into a preset mapping table.
It should be noted that, since it will be clearly understood by those skilled in the art, for convenience and brevity of description, the specific working processes of the systems, apparatuses and units described above may refer to the corresponding processes in the foregoing method embodiments, which are not repeated herein.
Based on the same inventive concept, the embodiments of the present application also provide a computer-readable storage medium having stored thereon a computer program which, when executed, performs the method provided in the above embodiments.
The storage media may be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
Further, the units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Furthermore, functional modules in various embodiments of the present application may be integrated together to form a single portion, or each module may exist alone, or two or more modules may be integrated to form a single portion.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and variations will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (10)
1. The tunnel self-adaptive configuration method is characterized by being applied to central terminal equipment, wherein the central terminal equipment needs to be pre-configured with legal tunnel interface addresses and public network addresses for establishing tunnels; the method comprises the following steps:
receiving a Next Hop Resolution Protocol (NHRP) message representing a request for establishing a tunnel from a local interface;
judging whether the local interface is a legal interface for establishing a tunnel or not;
when the local interface is the legal interface, determining a first public network address for establishing a tunnel with target equipment based on the NHRP message; the first public network address is a public network IP address of the central terminal device, and the target device is a device for sending the NHRP message.
2. The method of claim 1, wherein the determining, based on the NHRP message, a first public network address to establish a tunnel with a target device when the local interface is the legitimate interface comprises:
when the local interface is the legal interface, judging whether the IP address corresponding to the local interface belongs to a preset public network address for establishing a tunnel;
and when the IP address corresponding to the local interface belongs to the public network address for establishing the tunnel in the preset mode, determining a first public network address for establishing the tunnel with the target equipment based on the NHRP message.
3. The method of claim 2, wherein the determining a first public network address to establish a tunnel with the target device based on the NHRP message comprises:
acquiring a destination IP address in the NHRP message;
comparing the destination IP address with the preset destination public network address for establishing the tunnel respectively; and when the preset destination public network address for establishing the tunnel comprises the destination IP address, determining the destination IP address as a first public network address for establishing the tunnel with the target equipment.
4. The method of claim 1, wherein the central end device also pre-prepares a tunnel interface address; before determining the first public network address for establishing the tunnel with the target device based on the NHRP message, the method further comprises:
acquiring a destination tunnel interface address in the NHRP message;
and determining that the destination tunnel interface address is the same as the tunnel interface address configured by the destination tunnel interface address.
5. The method of claim 4, wherein after determining the first public network address to establish a tunnel with the target device based on the NHRP message, the method further comprises:
acquiring a source IP address and a source tunnel interface address in the NHRP message; the source IP address is a public network IP address of the target equipment, and the source tunnel interface address is a tunnel interface address configured by the target equipment;
and adding the source tunnel interface address, the first public network address and the source IP address into a preset mapping table.
6. The tunnel self-adaptive configuration device is characterized by being configured in central terminal equipment, wherein the central terminal equipment needs to be pre-configured with legal tunnel interface addresses and public network addresses for establishing tunnels; the device comprises:
the receiving module is used for receiving a Next Hop Resolution Protocol (NHRP) message representing a request for establishing a tunnel from the local interface;
the judging module is used for judging whether the local interface is a legal interface for establishing a tunnel;
the determining module is used for determining a first public network address for establishing a tunnel with the target equipment based on the NHRP message when the local interface is the legal interface; the first public network address is a public network IP address of the central terminal device, and the target device is a device for sending the NHRP message.
7. The apparatus of claim 6, wherein the determining module is further configured to determine, when the local interface is the legal interface, whether an IP address corresponding to the local interface belongs to a public network address preset to establish a tunnel; and when the IP address corresponding to the local interface belongs to the public network address for establishing the tunnel in the preset mode, determining a first public network address for establishing the tunnel with the target equipment based on the NHRP message.
8. A center-side device, comprising: the device comprises a processor and a memory, wherein the processor is connected with the memory;
the memory is used for storing programs;
the processor is configured to execute a program stored in the memory, and to perform the method according to any one of claims 1-5.
9. A computer-readable storage medium, characterized in that a computer program is stored thereon, which, when being run by a computer, performs the method according to any of claims 1-5.
10. A communication system comprising a central end device and a branch device communicatively connected to the central end device;
the central end device is configured to perform the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111419544.8A CN114143283B (en) | 2021-11-26 | 2021-11-26 | Tunnel self-adaptive configuration method and device, central terminal equipment and communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111419544.8A CN114143283B (en) | 2021-11-26 | 2021-11-26 | Tunnel self-adaptive configuration method and device, central terminal equipment and communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114143283A CN114143283A (en) | 2022-03-04 |
| CN114143283B true CN114143283B (en) | 2023-10-24 |
Family
ID=80388672
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111419544.8A Active CN114143283B (en) | 2021-11-26 | 2021-11-26 | Tunnel self-adaptive configuration method and device, central terminal equipment and communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114143283B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115037717A (en) * | 2022-04-26 | 2022-09-09 | 上海地面通信息网络股份有限公司 | Communication method, relay node, branch node and communication system |
| CN115396367B (en) * | 2022-07-06 | 2023-07-21 | 北京百度网讯科技有限公司 | Traffic scheduling method and device, electronic equipment and storage medium |
| CN115065576B (en) * | 2022-08-17 | 2022-11-04 | 广州赛讯信息技术有限公司 | VXLAN tunnel establishment method, device, network system and storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007076692A1 (en) * | 2005-12-31 | 2007-07-12 | Huawei Technologies Co., Ltd. | Method, system and device for bearing vpls service in ip backbone network |
| CN102045233A (en) * | 2009-10-22 | 2011-05-04 | 杭州华三通信技术有限公司 | Method and device for controlling message forwarding in network communication |
| CN102045249A (en) * | 2009-10-22 | 2011-05-04 | 杭州华三通信技术有限公司 | Method and equipment for forwarding message in network communication |
| CN103986638A (en) * | 2014-05-27 | 2014-08-13 | 杭州华三通信技术有限公司 | Method and device for binding multiple public network links for ADVPN tunnel |
| WO2014139646A1 (en) * | 2013-03-13 | 2014-09-18 | Alcatel Lucent | Communication in a dynamic multipoint virtual private network |
| CN104427010A (en) * | 2013-08-30 | 2015-03-18 | 杭州华三通信技术有限公司 | NAT (network address translation) method and device applied to DVPN (dynamic virtual private network) |
| JP2017028393A (en) * | 2015-07-17 | 2017-02-02 | Necエンジニアリング株式会社 | Communication system, communication device, and vpn construction method |
| CN108512755A (en) * | 2017-02-24 | 2018-09-07 | 华为技术有限公司 | A kind of learning method and device of routing iinformation |
| CN111416762A (en) * | 2020-02-28 | 2020-07-14 | 联想(北京)有限公司 | Method, device, system and storage medium for establishing network tunnel |
| CN112187611A (en) * | 2020-09-30 | 2021-01-05 | 瑞斯康达科技发展股份有限公司 | Method, storage medium and device for establishing service tunnel |
| CN113489811A (en) * | 2021-07-30 | 2021-10-08 | 迈普通信技术股份有限公司 | IPv6 flow processing method and device, electronic equipment and computer readable storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9319300B2 (en) * | 2008-12-09 | 2016-04-19 | Glue Networks, Inc. | Systems and methods for determining endpoint configurations for endpoints of a virtual private network (VPN) and deploying the configurations to the endpoints |
| US9825777B2 (en) * | 2015-06-23 | 2017-11-21 | Cisco Technology, Inc. | Virtual private network forwarding and nexthop to transport mapping scheme |
-
2021
- 2021-11-26 CN CN202111419544.8A patent/CN114143283B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007076692A1 (en) * | 2005-12-31 | 2007-07-12 | Huawei Technologies Co., Ltd. | Method, system and device for bearing vpls service in ip backbone network |
| CN102045233A (en) * | 2009-10-22 | 2011-05-04 | 杭州华三通信技术有限公司 | Method and device for controlling message forwarding in network communication |
| CN102045249A (en) * | 2009-10-22 | 2011-05-04 | 杭州华三通信技术有限公司 | Method and equipment for forwarding message in network communication |
| WO2014139646A1 (en) * | 2013-03-13 | 2014-09-18 | Alcatel Lucent | Communication in a dynamic multipoint virtual private network |
| CN104427010A (en) * | 2013-08-30 | 2015-03-18 | 杭州华三通信技术有限公司 | NAT (network address translation) method and device applied to DVPN (dynamic virtual private network) |
| CN103986638A (en) * | 2014-05-27 | 2014-08-13 | 杭州华三通信技术有限公司 | Method and device for binding multiple public network links for ADVPN tunnel |
| JP2017028393A (en) * | 2015-07-17 | 2017-02-02 | Necエンジニアリング株式会社 | Communication system, communication device, and vpn construction method |
| CN108512755A (en) * | 2017-02-24 | 2018-09-07 | 华为技术有限公司 | A kind of learning method and device of routing iinformation |
| CN111416762A (en) * | 2020-02-28 | 2020-07-14 | 联想(北京)有限公司 | Method, device, system and storage medium for establishing network tunnel |
| CN112187611A (en) * | 2020-09-30 | 2021-01-05 | 瑞斯康达科技发展股份有限公司 | Method, storage medium and device for establishing service tunnel |
| CN113489811A (en) * | 2021-07-30 | 2021-10-08 | 迈普通信技术股份有限公司 | IPv6 flow processing method and device, electronic equipment and computer readable storage medium |
Non-Patent Citations (3)
| Title |
|---|
| DYNAMIC IPsec VPN ARCHITECTURE FOR PRIVATE CLOUD SERVICES;QUAN-DENG GOu, YI-HE LIU;《IEEE》;全文 * |
| 基于IPSec和GRE的VPN实验仿真;王丽娜;刘炎;何军;;实验室研究与探索(09);全文 * |
| 基于NHRP协议的下一跳解析客户端设计与实现;张晶;《中国优秀硕士学位论文全文数据库》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114143283A (en) | 2022-03-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11050586B2 (en) | Inter-cloud communication method and related device, and inter-cloud communication configuration method and related device | |
| CN114143283B (en) | Tunnel self-adaptive configuration method and device, central terminal equipment and communication system | |
| CN108574616B (en) | Method, equipment and system for processing route | |
| EP2731313B1 (en) | Distributed cluster processing system and message processing method thereof | |
| JP6494150B2 (en) | Routing rule acquisition method, device, and system | |
| EP3691185B1 (en) | Method for processing message, device, and system | |
| US20150237002A1 (en) | Centralized Configuration with Dynamic Distributed Address Management | |
| US11451509B2 (en) | Data transmission method and computer system | |
| CN103580980A (en) | Automatic searching and automatic configuration method and device of VN | |
| CN109474495B (en) | Tunnel detection method and device | |
| WO2022001669A1 (en) | Method for establishing vxlan tunnel, and related device | |
| WO2021139304A1 (en) | Method and device for multi-cloud interconnection | |
| WO2020073908A1 (en) | Method and device for sending routing information | |
| WO2020057445A1 (en) | Communication system, method, and device | |
| WO2020173424A1 (en) | Message processing method, and gateway device | |
| WO2022143818A1 (en) | Fault processing method, control plane network element, steering decision-making network element and related device | |
| WO2020029928A1 (en) | Method for establishing bgp session and sending interface address and alias, and network device | |
| CN104869118B (en) | A kind of method and system for realizing DDoS defence based on dynamic tunneling technique | |
| CN108900422B (en) | Multicast forwarding method and device and electronic equipment | |
| CN111865751B (en) | Centralized gateway deployment method and device, centralized gateway and electronic equipment | |
| KR20190039596A (en) | A method for synchronizing topology information in an SFC network, | |
| EP3720078B1 (en) | Anima network information processing method, device, and system | |
| CN109462537B (en) | Cross-network intercommunication method and device | |
| CN112994928A (en) | Virtual machine management method, device and system | |
| CN109417513B (en) | System and method for dynamically detecting opposite terminal in software defined network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |