CN114301737B - Network configuration method, device, network equipment and computer readable storage medium - Google Patents
Network configuration method, device, network equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN114301737B CN114301737B CN202111642264.3A CN202111642264A CN114301737B CN 114301737 B CN114301737 B CN 114301737B CN 202111642264 A CN202111642264 A CN 202111642264A CN 114301737 B CN114301737 B CN 114301737B
- Authority
- CN
- China
- Prior art keywords
- tunnel
- opposite
- rule
- network device
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000005538 encapsulation Methods 0.000 claims abstract description 84
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012856 packing Methods 0.000 abstract 1
- 238000012545 processing Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 9
- 238000012217 deletion Methods 0.000 description 8
- 230000037430 deletion Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 208000033748 Device issues Diseases 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 230000004069 differentiation Effects 0.000 description 1
- 230000003116 impacting effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a network configuration method, a network configuration device, network equipment and a computer readable storage medium. The method comprises the following steps: when a tunnel is established between the equipment and opposite-end network equipment, a first decapsulation rule corresponding to the tunnel is issued to an exchange chip of the equipment; when the first decapsulation rule is sent to the exchange chip of the device, a first notification message representing that the first decapsulation rule is issued is sent to the opposite-end network device, so that the opposite-end network device obtains the first encapsulation rule corresponding to the tunnel according to the first notification message. The unpacking rule is issued to the exchange chip of the equipment, and then the opposite terminal network equipment is informed to issue the packing rule. Therefore, the message transmitted by the opposite-end network equipment can be directly analyzed and forwarded by the equipment by utilizing the decapsulation rule, so that the tunnel message cannot impact the CPU of the equipment, and the data is prevented from being discarded.
Description
Technical Field
The present application relates to the field of data communications technologies, and in particular, to a network configuration method, a device, a network device, and a computer readable storage medium.
Background
In the large two-layer technology VXLAN (Virtual eXtensible Local Area Network ), the VXLAN encapsulates a data packet sent by a virtual machine in UDP (User Datagram Protocol, user data packet protocol), encapsulates the data packet by using an IP/MAC address of a physical network as an outer layer header, only represents encapsulated parameters to the physical network, and the encapsulated packet is transmitted in a three-layer physical network, and then decapsulates after reaching a destination device, and the outer layer UDP header is stripped and then forwarded to a corresponding virtual machine, thereby achieving the purpose of two-layer interworking through the three-layer network.
When two devices each have a virtual machine to continuously send traffic through the VXLAN tunnel, and when a down (disconnection) or up (connection) occurs in a link between the two devices, the VXLAN tunnel is re-established. In the process of establishing, both devices respectively send configuration data of the VXLAN tunnel. During the configuration process, there are situations where the device is not ready to receive data but has received data, at which time the device's processor resources are occupied and the received data is discarded.
Disclosure of Invention
An object of an embodiment of the present application is to provide a network configuration method, apparatus, network device, and computer readable storage medium, which can ensure that a network device sends data to the network device when the network device is ready to receive data, and avoid discarding the data.
In order to achieve the above object, an embodiment of the present application is achieved by:
in a first aspect, an embodiment of the present application provides a network configuration method, applied to a network device, where the method includes:
when a tunnel is established between the equipment and opposite-end network equipment, a first decapsulation rule corresponding to the tunnel is issued to a switching chip of the equipment, wherein the first decapsulation rule is used for the equipment to decapsulate a message sent by the opposite-end network equipment through the tunnel; and when the first decapsulation rule is sent to the exchange chip of the device, sending a first notification message representing that the first decapsulation rule is completed to the opposite-end network device, so that the opposite-end network device obtains a first encapsulation rule corresponding to the tunnel according to the first notification message, wherein the first encapsulation rule is used for encapsulating a message to be transmitted to the device through the tunnel by the opposite-end network device.
In the above embodiment, when the tunnel is established between the device and the peer network device, the decapsulation rule is issued to the switching chip of the device, and then the peer network device is notified to issue the encapsulation rule. Therefore, the message transmitted by the opposite-end network equipment can be directly analyzed and forwarded by the equipment by utilizing the decapsulation rule, so that the message cannot impact the CPU of the equipment, and the data is prevented from being discarded. That is, it can avoid that the opposite terminal network device does not issue the unpacking rule because the opposite terminal network device issues the unpacking rule, so that the opposite terminal network device is not ready to receive the message, and cannot analyze the message transmitted by the opposite terminal network device, and the message needs to be sent to the CPU of the opposite terminal network device, so that the message impacts the CPU, and the CPU resource is occupied.
With reference to the first aspect, in some optional embodiments, the method further includes:
and when receiving a second notification message sent by the opposite-end network device, issuing a second encapsulation rule corresponding to the tunnel to the exchange chip of the device, wherein the second notification message characterizes that the exchange chip of the opposite-end network device has acquired a second decapsulation rule corresponding to the tunnel, the second encapsulation rule is used for encapsulating a message to be transmitted to the opposite-end network device through the tunnel by the device, and the second decapsulation rule is used for decapsulating the message sent by the device by the opposite-end network device.
In the above embodiment, when the tunnel is established between the device and the peer network device, the decapsulation rule is issued to the switch chip of the peer network device, and then the device is notified to issue the encapsulation rule. Therefore, the message transmitted by the device can be directly analyzed and forwarded by the opposite-end network device by utilizing the decapsulation rule, so that the message cannot impact the CPU of the opposite-end network device, and the data is prevented from being discarded.
With reference to the first aspect, in some optional embodiments, the method further includes:
deleting the second encapsulation rule from the exchange chip of the device when receiving an instruction for deleting the tunnel;
and sending a third notification message representing that the second encapsulation rule is deleted to the opposite-end network equipment so that the opposite-end network equipment deletes the second decapsulation rule.
With reference to the first aspect, in some optional embodiments, the method further includes:
and deleting the first decapsulation rule from the exchange chip of the device when receiving a fourth known message which is sent by the opposite-end network device and characterizes that the first encapsulation rule is deleted.
With reference to the first aspect, in some optional embodiments, sending, to the peer network device, a first notification message that characterizes that the first decapsulation rule delivery has been completed includes:
and sending the first notification message which characterizes the completion of the first decapsulation rule to the opposite-end network equipment through a BGP protocol.
In a second aspect, the present application further provides a network configuration method, applied to a network device, where the method includes:
when a tunnel is established between the equipment and opposite-end network equipment, receiving a notification message sent by the opposite-end network equipment, wherein the notification message characterizes that a switching chip of the opposite-end network equipment has acquired a decapsulation rule corresponding to the tunnel, and the decapsulation rule is used for the opposite-end network equipment to decapsulate a message sent by the equipment through the tunnel;
and issuing a packaging rule corresponding to the tunnel to the exchange chip of the equipment, wherein the packaging rule is used for the equipment to package the message to be transmitted to the opposite-end network equipment through the tunnel.
In a third aspect, the present application further provides a network configuration device, provided in a network device, where the device includes:
the device comprises a first sending unit, a second sending unit and a second sending unit, wherein the first sending unit is used for sending a first unpacking rule corresponding to a tunnel to a switching chip of the device when the tunnel is established between the device and opposite-end network equipment, and the first unpacking rule is used for unpacking a message sent by the opposite-end network equipment through the tunnel by the device;
and the second sending unit is used for sending a first notification message which characterizes that the first decapsulation rule is completed and is issued to the opposite-end network equipment when the first decapsulation rule is sent to the switching chip of the device, so that the opposite-end network equipment obtains a first encapsulation rule corresponding to the tunnel according to the first notification message, wherein the first encapsulation rule is used for the opposite-end network equipment to encapsulate the message to be transmitted to the device through the tunnel.
In a fourth aspect, the present application further provides a network configuration apparatus, provided in a network device, where the apparatus includes:
a receiving unit, configured to receive a notification message sent by an opposite-end network device when a tunnel is established between the device and the opposite-end network device, where the notification message characterizes that a switching chip of the opposite-end network device has acquired a decapsulation rule corresponding to the tunnel, where the decapsulation rule is used for the opposite-end network device to decapsulate a message sent by the device through the tunnel;
and the sending unit is used for sending the encapsulation rule corresponding to the tunnel to the exchange chip of the equipment, wherein the encapsulation rule is used for the equipment to encapsulate the message to be transmitted to the opposite-end network equipment through the tunnel.
In a fifth aspect, the present application also provides a network device comprising a processor and a memory coupled to each other, the memory storing a computer program which, when executed by the processor, causes the network device to perform the method of the first aspect or the method of the second aspect.
In a sixth aspect, the present application also provides a computer readable storage medium having stored therein a computer program which, when run on a computer, causes the computer to perform the method of the first aspect or the second aspect.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of communication connection of a network device according to an embodiment of the present application.
Fig. 2 is a flow chart of a network configuration method according to an embodiment of the present application.
Fig. 3 is a block diagram of a network configuration device according to an embodiment of the present application.
Fig. 4 is a second block diagram of a network configuration device according to an embodiment of the present application.
Icon: 10-a network device; 20-a network device; 300-network configuration means; 310-a first transmitting unit; 320-a second transmitting unit; 400-network configuration means; 410-a receiving unit; 420-transmitting unit.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application. It should be noted that the terms "first," "second," and the like are used merely to distinguish between descriptions and should not be construed as indicating or implying relative importance.
The applicant finds that in the process of establishing the VXLAN tunnel between two devices, the two devices respectively issue configuration data of the VXLAN tunnel, in the configuration issuing process, there is a case that one device a issues an encapsulation table first and the other device B issues a decapsulation table later, and the device a issued with the encapsulation table first transmits a message encapsulation to the opposite device B. Since the opposite terminal device B does not issue the decapsulation table at this time, the message cannot be decapsulated, if the message just hits the IP address on the interface of the device B, the message needs to be sent to the CPU of the device B for processing, and since the device B does not issue the decapsulation table, the message is discarded. The message impacts the CPU to cause the device B to issue the decapsulation table to be slow, and the time for impacting the CPU of the device B to be longer is caused by the slow issue item, so that vicious circle is caused, the convergence time after the link between the devices is oscillated is long, and the flow data transmission is affected.
In view of the above problems, the applicant of the present application proposes the following examples to solve the above problems. The following embodiments and features of the embodiments may be combined with each other without conflict.
Referring to fig. 1, a network device 10 and a network device 20 may be connected through a VXLAN tunnel, and data interaction may be performed through the tunnel.
The application provides a network device which can comprise a processing module and a storage module. The storage module stores a computer program which, when executed by the processing module, enables the network device to perform the steps of the network configuration method described below. The network device performing the method may be any one of the network device 10 or the network device 20.
Of course, the network device may also include other modules, for example, the network device may also include a communication module for establishing a communication connection between the network device and other devices through a network, and transceiving data through the network. The network device may be various switches.
Referring to fig. 2, the present application further provides a network configuration method, which may be executed or implemented by a network device, where the method may include the following steps:
step S110, when a tunnel is established between the opposite terminal network equipment and the opposite terminal network equipment, a first decapsulation rule corresponding to the tunnel is issued to a switching chip of the opposite terminal network equipment, wherein the first decapsulation rule is used for the opposite terminal network equipment to decapsulate a message sent by the opposite terminal network equipment through the tunnel;
step S120, when the first decapsulation rule is sent to the switch chip of the device, a first notification message indicating that the first decapsulation rule has been issued is sent to the peer network device, so that the peer network device obtains, according to the first notification message, a first encapsulation rule corresponding to the tunnel, where the first encapsulation rule is used for the peer network device to encapsulate a packet to be transmitted to the device through the tunnel.
In the above embodiment, when the tunnel is established between the device and the peer network device, the decapsulation rule is issued to the switching chip of the device, and then the peer network device is notified to issue the encapsulation rule. Therefore, the message transmitted by the opposite-end network equipment can be directly analyzed and forwarded by the equipment by utilizing the decapsulation rule, so that the message cannot impact the CPU of the equipment, and the data is prevented from being discarded. That is, it can avoid that the opposite terminal network device does not issue the unpacking rule because the opposite terminal network device issues the unpacking rule, so that the opposite terminal network device is not ready to receive the message, and cannot analyze the message transmitted by the opposite terminal network device, and the message needs to be sent to the CPU of the opposite terminal network device, so that the message impacts the CPU, and the CPU resource is occupied.
The steps of the method will be described in detail below, as follows:
prior to step S110, the network device may dynamically generate a corresponding encapsulation rule or decapsulation rule, and store it in a local storage module. The encapsulation rule is used for encapsulating the message to be transmitted through the tunnel, and the decapsulation rule is used for decapsulating the message to be transmitted through the tunnel. The decapsulation rules corresponding to different tunnels differ from the content of the encapsulation rules, and thus the decapsulation rules and the encapsulation rules may be associated with the identities of the tunnels. The manner of generating the encapsulation rules or the decapsulation rules is well known to those skilled in the art, and will not be described here.
In the tunnel establishment process, a CPU on the network device may issue the corresponding encapsulation rule or decapsulation rule to the switching chip of the network device itself according to the corresponding sequence, so as to validate the configuration of the encapsulation rule or decapsulation rule.
In step S110, the present device and the peer network device refer to two network devices connected through a VXLAN tunnel. If tunnels are established between the device and N network devices, N opposite-end network devices exist, and N is an integer greater than or equal to 1. Wherein the different tunnels have unique tunnel IDs (Identity Document, identities) to facilitate differentiation.
For example, referring again to fig. 1, when a VXLAN tunnel is established between the network device 10 and the network device 20 at the opposite end through BGP (Border Gateway Protocol ) EVPN (Ethernet Virtual Private Network, ethernet virtual private network), the tunnel has a unique tunnel ID.
If the source IP of the VXLAN tunnel is the IP address of the network device 20 and the destination IP is the IP address of the network device 10, the network device 10 is used as the data receiving end, and the network device 20 is used as the data transmitting end. At this time, the CPU of the network device 10 searches for a decapsulation rule corresponding to the tunnel based on the tunnel ID, and then issues the decapsulation rule to the switch chip in the network device 10, where the decapsulation rule is a first decapsulation rule, and is used for decapsulating, by the network device 10, a message sent by the network device 20 at the opposite end through the tunnel.
Understandably, the first decapsulation rule is configuration data for decapsulating the tunnel packet, and may be flexibly determined according to practical situations. For example, the first decapsulation rule is a decapsulation table, where the decapsulation table includes, but is not limited to, data such as source IP (IP of the network device 20 that is the transmitting end), destination IP (IP address of the network device 10 that is the receiving end), and VNID, where VNID refers to the ID of VXLAN.
In step S120, when the first decapsulation rule is issued to the switch chip of the device, it indicates that the device may decapsulate the message transmitted by the peer network device, that is, the device is ready to receive the message transmitted by the peer network device through the tunnel. At this time, the device may send a first notification message to the peer network device to notify the peer network device that the device is ready to receive the message.
After receiving the first notification message, the opposite-end network device can find the encapsulation rule corresponding to the tunnel based on the tunnel ID (the source IP and the destination IP can be regarded as a tunnel ID) from the prestored rules by the CPU of the opposite-end network device itself as the first encapsulation rule, and then issue the first encapsulation rule to the exchange chip of itself, so as to make the first encapsulation rule effective.
After receiving the first encapsulation rule, the exchange chip of the opposite-end network device encapsulates the message to be transmitted to the device by using the first encapsulation rule, and then transmits the message to the device through a tunnel.
It can be understood that the first encapsulation rule is configuration data for encapsulating the message to be tunneled, and can be flexibly determined according to practical situations. For example, the first encapsulation rule is an encapsulation table, which includes, but is not limited to, data such as source IP (IP of the network device 20 that is the transmitting end), destination IP (IP address of the network device 10 that is the receiving end), and VNID.
Referring again to fig. 1, if the first decapsulation rule is issued to the switch chip of the network device 10, it indicates that the network device 10 may decapsulate the message transmitted by the network device 20, i.e., the network device 10 is ready to receive the message transmitted by the network device 20 through the tunnel. At this time, the network device 10 transmits a first notification message to the network device 20 to inform the network device 20 that the network device 10 is ready to receive the message.
After the network device 20 receives the first notification message, the CPU on the network device 20 issues the first encapsulation rule corresponding to the tunnel to the switch chip of the network device 20, so as to validate the first encapsulation rule. After receiving the first encapsulation rule, the switch chip of the network device 20 encapsulates the message to be tunneled to the network device 10 by using the first encapsulation rule, and then tunnels the message to the network device 10. After the network device 10 receives the message, the first decapsulation rule may be used to decapsulate the message, so as to implement parsing processing of the message. In this way, the network device 10 issues the decapsulation rule first, and the network device 20 issues the encapsulation rule later, so that it can be ensured that the message sent by the network device 20 can be normally received and processed by the network device 10, and the message cannot be discarded because the decapsulation rule is not issued yet, so that the data transmission is not affected.
In this embodiment, step S120 may include: and sending the first notification message which characterizes the completion of the first decapsulation rule to the opposite-end network equipment through a BGP protocol.
The BGP protocol is understandably a distance vector routing protocol that enables routing between autonomous systems AS (Autonomous System) to be reachable and selects the best route. For example, when the tunnel between the network device 10 and the network device 20 is not completely established (for example, the network device 20 has not issued the encapsulation table yet), the two devices may perform data transmission through BGP protocol, for example, the network device 10 sends a notification message to the network device 20 through BGP protocol, so that the network device 20 issues the encapsulation table to its own switch chip after receiving the notification message.
As an alternative embodiment, the method may further comprise:
step S210, when a tunnel is established between the device and the opposite-end network device, receiving a second notification message sent by the opposite-end network device, wherein the second notification message characterizes that a switching chip of the opposite-end network device has acquired a second decapsulation rule corresponding to the tunnel, and the second decapsulation rule is used for the opposite-end network device to decapsulate a message sent by the device through the tunnel;
step S220, issuing a second encapsulation rule corresponding to the tunnel to the exchange chip of the device, where the second encapsulation rule is used for the device to encapsulate the message to be transmitted to the peer network device through the tunnel.
In step S210 and step S220, the device is used as a data transmitting end, and the peer network device is used as a data receiving end. In step S110 and step S120, the device is used as a data receiving end, and the peer network device is used as a data transmitting end. Of course, in other embodiments, the roles of the present device (or the peer network device) may be one or both. For example, the device may be used as only a data receiving end, only a data transmitting end, or both a data receiving end and a data transmitting end.
In step S210, the functional role of the second decapsulation rule is similar to that of the first decapsulation rule, except that in the second decapsulation rule, the source IP and the destination IP are exchanged with the source IP and the destination IP in the first decapsulation rule.
For example, referring to fig. 1 again, between the network device 10 and the network device 20, it is assumed that the source IP of the VXLAN tunnel is the IP address of the network device 10, and the destination IP is the IP address of the network device 20, where the network device 20 serves as a data receiving end and the network device 10 serves as a data transmitting end. At this time, the CPU of the network device 20 searches the decapsulation rule corresponding to the tunnel based on the tunnel ID to serve as a second decapsulation rule, and then issues the second decapsulation rule to the switch chip in the network device 20, so that the network device 20 decapsulates the message sent by the network device 10 at the opposite end through the tunnel.
Illustratively, the second decapsulation rule is a decapsulation table, which includes, but is not limited to, source IP (IP of the network device 10 that is the transmitting end), destination IP (IP address of the network device 20 that is the receiving end), and VNID.
After the network device 20 issues the second decapsulation rule to its own switch chip in step S220, a notification message may be sent to the network device 10 through BGP protocol to inform the network device 10 that the network device 20 is ready to receive a message. Then, the network device 10 sends the encapsulation rule corresponding to the tunnel as a second encapsulation rule to the switching chip of the network device 10 itself. Therefore, by firstly issuing the encapsulation rule and then issuing the decapsulation rule, when the equipment for receiving the message is ready to receive the message, the message is sent to the equipment, the reliability of message transmission is improved, the situation that the receiving end is not ready to cause tunnel message to impact the CPU of the equipment, delay of tunnel establishment is caused, and the message is discarded is avoided.
Based on the design, even if VXLAN service oscillates (namely, down and up occur in a VXLAN tunnel), CPU resources of the equipment cannot be consumed endlessly, the VXLAN service can be recovered more quickly, data transmission can be recovered in time, data loss is avoided, and user experience is improved.
It should be noted that, step S210 and step S220 may occur before step S110, or may occur after step S110 or after step S120, and may be flexibly determined according to practical situations.
As an alternative embodiment, the method may further comprise:
deleting the second encapsulation rule from the exchange chip of the device when receiving an instruction for deleting the tunnel;
and sending a third notification message representing that the second encapsulation rule is deleted to the opposite-end network equipment so that the opposite-end network equipment deletes the second decapsulation rule.
For example, referring again to fig. 1, assuming that the switch chip of the network device 10 stores the second encapsulation rule, and the switch chip of the network device 20 stores the second decapsulation rule, when the source IP needs to be deleted as the IP address of the network device 10 and the destination IP is a tunnel of the IP address of the network device 20 (the device restarts or the administrator inputs the deletion instruction), the network device 10 may receive the instruction for deleting the tunnel. Network device 10 may then delete the second encapsulation rule first and then inform network device 20 via BGP protocol to delete the second decapsulation rule in the network device 20's own switch chip.
Based on the above design, the reliability of tunnel deletion can be improved, and the situation that the network device 20 deletes the decapsulation rule first, but the network device 10 does not delete the encapsulation rule yet can continue to send the message to the network device 20 through the tunnel, and the network device 20 cannot parse the message because of deleting the decapsulation rule, so that the message is discarded, and the tunnel message also impacts the CPU of the network device 20 can be avoided.
As an alternative embodiment, the method may further comprise:
and deleting the first decapsulation rule from the exchange chip of the device when receiving a fourth known message which is sent by the opposite-end network device and characterizes that the first encapsulation rule is deleted.
For example, referring again to fig. 1, assuming that the switch chip of the network device 10 stores the first decapsulation rule, and the switch chip of the network device 20 stores the first encapsulation rule, when the source IP needs to be deleted as the IP address of the network device 20 and the destination IP is a tunnel of the IP address of the network device 10 (the device restarts or the administrator inputs a deletion instruction), the network device 20 may receive the instruction for deleting the tunnel. Network device 20 may then delete the first encapsulation rule and then inform network device 10 via BGP protocol to delete the first decapsulation rule in the network device 10's own switch chip.
Based on the design, in the process of deleting the tunnel, the deletion of the encapsulation rule and then the deletion of the decapsulation rule are required to be ensured, so that the reliability of tunnel deletion can be improved.
It should be noted that, when the present device has N peer network devices, in the process of establishing tunnels between the present device and the N peer network devices, the issuing/deleting of the encapsulation rule and the decapsulation rule is similar to the issuing/deleting of the encapsulation rule and the decapsulation rule between the network device 10 and the network device 20.
For example, the network device a may notify a Route Reflector (RR) of a BGP private message that has completed the release of the decapsulation rule, and then notify the Route Reflector of the message to all BGP neighbors (such as the network device B, the network device C, and the network device D) that need to establish the VXLAN tunnel. The BGP neighbor issues the encapsulation rule to the own exchange chip, so that the establishment and deletion of the VXLAN tunnels between a plurality of network devices and the network device A can also be operated by adopting the mechanism, the condition that tunnel messages impact the CPU of the device can be avoided, and the reliability of data forwarding is improved.
Referring to fig. 3, an embodiment of the present application further provides a network configuration apparatus 300, which may be disposed in the network device 10 or the network device 20, for executing each step in the method. The network configuration means comprise at least one software function module which may be stored in a memory module in the form of software or Firmware (Firmware) or cured in a network device Operating System (OS). The processing module is configured to execute executable modules stored in the storage module, such as software functional modules and computer programs included in the network configuration device.
The network configuration device 300 may include a first sending unit 310 and a second sending unit 320, where the functional roles of the units may be as follows:
a first sending unit 310, configured to, when a tunnel is established between the device and an opposite-end network device, send a first decapsulation rule corresponding to the tunnel to a switching chip of the device, where the first decapsulation rule is used for the device to decapsulate a packet sent by the opposite-end network device through the tunnel;
and the second sending unit 320 is configured to send, when the first decapsulation rule is sent to the switch chip of the device, a first notification message indicating that the first decapsulation rule has been issued is sent to the peer network device, so that the peer network device obtains, according to the first notification message, a first encapsulation rule corresponding to the tunnel, where the first encapsulation rule is used for the peer network device to encapsulate a packet to be transmitted to the device through the tunnel.
Optionally, the network configuration device 300 may further include a receiving unit. When a tunnel is established between the device and the opposite-end network device, the receiving unit is configured to receive a second notification message sent by the opposite-end network device, where the second notification message characterizes that a switching chip of the opposite-end network device has acquired a second decapsulation rule corresponding to the tunnel, and the second decapsulation rule is used for the opposite-end network device to decapsulate a message sent by the device through the tunnel; the first sending unit 310 is further configured to send a second encapsulation rule corresponding to the tunnel to the exchange chip of the device, where the second encapsulation rule is used for the device to encapsulate a packet to be transmitted to the peer network device through the tunnel.
Optionally, the network configuration device 300 may further include a deletion unit. The deleting unit is used for deleting the second encapsulation rule from the exchange chip of the equipment when receiving the instruction for deleting the tunnel; the second sending unit 320 is further configured to send a third notification message indicating that the second encapsulation rule has been deleted to the peer network device, so that the peer network device deletes the second decapsulation rule.
Optionally, the deleting unit may be further configured to delete the first decapsulation rule from the switch chip of the present device when receiving a fourth known message sent by the peer network device and indicating that the first encapsulation rule has been deleted.
Optionally, the second sending unit is configured to send, to the peer network device, the first notification message that characterizes that the first decapsulation rule has been issued by the first decapsulation rule through BGP protocol.
Referring to fig. 4, an embodiment of the present application further provides a network configuration apparatus 400, which may be disposed in the network device 10 or the network device 20, for performing each step in the method. The network configuration means comprise at least one software function module which may be stored in a memory module in the form of software or Firmware (Firmware) or cured in a network device Operating System (OS). The processing module is configured to execute executable modules stored in the storage module, such as software functional modules and computer programs included in the network configuration device.
The network configuration device 400 may include a receiving unit 410 and a transmitting unit 420, where the functional roles of the units may be as follows:
a receiving unit 410, configured to receive a notification message sent by an opposite-end network device when a tunnel is established between the device and the opposite-end network device, where the notification message characterizes that a switching chip of the opposite-end network device has acquired a decapsulation rule corresponding to the tunnel, where the decapsulation rule is used for the opposite-end network device to decapsulate a message sent by the device through the tunnel;
and the sending unit 420 is configured to send an encapsulation rule corresponding to the tunnel to the exchange chip of the device, where the encapsulation rule is used for the device to encapsulate a packet to be transmitted to the peer network device through the tunnel.
In this embodiment, the processing module may be an integrated circuit chip with signal processing capability. The processing module may be a general purpose processor. For example, the processor may be a central processing unit, a digital signal processor (Digital Signal Processing, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a Field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the application.
The memory module may be, but is not limited to, random access memory, read only memory, programmable read only memory, erasable programmable read only memory, electrically erasable programmable read only memory, and the like. In this embodiment, the storage module may be used to store a decapsulation table, an encapsulation table, and the like. Of course, the storage module may also be used to store a program, and the processing module executes the program after receiving the execution instruction.
It should be noted that, for convenience and brevity of description, specific working processes of the network device described above may refer to corresponding processes of each step in the foregoing method, and will not be described in detail herein.
The embodiment of the application also provides a computer readable storage medium. The computer-readable storage medium has stored therein a computer program which, when run on a computer, causes the computer to perform the network configuration method as described in the above embodiments.
From the foregoing description of the embodiments, it will be apparent to those skilled in the art that the present application may be implemented in hardware, or by means of software plus a necessary general hardware platform, and based on this understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disc, a mobile hard disk, etc.), and includes several instructions for causing a computer device (may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective implementation scenario of the present application.
In summary, in the present solution, when the tunnel is established between the device and the peer network device, the decapsulation rule is issued to the switch chip of the device, and then the peer network device is notified to issue the encapsulation rule. Therefore, the message transmitted by the opposite-end network equipment can be directly analyzed and forwarded by the equipment by utilizing the decapsulation rule, so that the message cannot impact the CPU of the equipment, and the data is prevented from being discarded. That is, it can avoid that the opposite terminal network device does not issue the unpacking rule because the opposite terminal network device issues the unpacking rule, so that the opposite terminal network device is not ready to receive the message, and cannot analyze the message transmitted by the opposite terminal network device, and the tunnel message needs to be sent to the CPU of the opposite terminal network device, so that the message impacts the CPU, and the CPU resource is occupied.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus, system and method may be implemented in other manners as well. The above-described apparatus, system, and method embodiments are merely illustrative, for example, flow charts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. In addition, functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and variations will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (10)
1. A network configuration method, applied to a network device, the method comprising:
when a tunnel is established between the equipment and opposite-end network equipment, the equipment transmits a first decapsulation rule corresponding to the tunnel to a switching chip of the equipment, wherein the first decapsulation rule is used for the equipment to decapsulate a message sent by the opposite-end network equipment through the tunnel;
when the first decapsulation rule is issued to the exchange chip of the device, a first notification message representing that the first decapsulation rule has been issued is sent to the opposite terminal network device, so that the opposite terminal network device obtains a first encapsulation rule corresponding to the tunnel according to the first notification message, wherein the first encapsulation rule is used for encapsulating a message to be transmitted to the device through the tunnel by the opposite terminal network device.
2. The method according to claim 1, wherein the method further comprises:
and when receiving a second notification message sent by the opposite-end network device, issuing a second encapsulation rule corresponding to the tunnel to the exchange chip of the device, wherein the second notification message characterizes that the exchange chip of the opposite-end network device has acquired a second decapsulation rule corresponding to the tunnel, the second encapsulation rule is used for encapsulating a message to be transmitted to the opposite-end network device through the tunnel by the device, and the second decapsulation rule is used for decapsulating the message sent by the device by the opposite-end network device.
3. The method according to claim 2, wherein the method further comprises:
deleting the second encapsulation rule from the exchange chip of the device when receiving an instruction for deleting the tunnel;
and sending a third notification message representing that the second encapsulation rule is deleted to the opposite-end network equipment so that the opposite-end network equipment deletes the second decapsulation rule.
4. The method according to claim 1, wherein the method further comprises:
and deleting the first decapsulation rule from the exchange chip of the device when receiving a fourth known message which is sent by the opposite-end network device and characterizes that the first encapsulation rule is deleted.
5. The method of claim 1, wherein sending a first notification message to the peer network device that characterizes the first decapsulation rule delivery has been completed comprises:
and sending the first notification message which characterizes the completion of the first decapsulation rule to the opposite-end network equipment through a BGP protocol.
6. A network configuration method, applied to a network device, the method comprising:
when a tunnel is established between the equipment and opposite-end network equipment, receiving a notification message sent by the opposite-end network equipment, wherein the notification message characterizes that a switching chip of the opposite-end network equipment has acquired a decapsulation rule corresponding to the tunnel, and the decapsulation rule is used for the opposite-end network equipment to decapsulate a message sent by the equipment through the tunnel;
the equipment transmits the encapsulation rule corresponding to the tunnel to the exchange chip of the equipment, wherein the encapsulation rule is used for the equipment to encapsulate the message to be transmitted to the opposite-end network equipment through the tunnel.
7. A network configuration apparatus, characterized by being provided in a network device, the apparatus comprising:
the device comprises a first sending unit, a second sending unit and a second sending unit, wherein the first sending unit is used for sending a first unpacking rule corresponding to a tunnel to a switching chip of the device when the tunnel is established between the device and opposite-end network equipment, and the first unpacking rule is used for unpacking a message sent by the opposite-end network equipment through the tunnel by the device;
and the second sending unit is used for sending a first notification message which characterizes that the first decapsulation rule is completed and is issued to the opposite-end network equipment when the first decapsulation rule is sent to the switching chip of the device, so that the opposite-end network equipment obtains a first encapsulation rule corresponding to the tunnel according to the first notification message, wherein the first encapsulation rule is used for the opposite-end network equipment to encapsulate the message to be transmitted to the device through the tunnel.
8. A network configuration apparatus, characterized by being provided in a network device, the apparatus comprising:
a receiving unit, configured to receive a notification message sent by an opposite-end network device when a tunnel is established between the device and the opposite-end network device, where the notification message characterizes that a switching chip of the opposite-end network device has acquired a decapsulation rule corresponding to the tunnel, where the decapsulation rule is used for the opposite-end network device to decapsulate a message sent by the device through the tunnel;
and the sending unit is used for sending the encapsulation rule corresponding to the tunnel to the exchange chip of the equipment, wherein the encapsulation rule is used for the equipment to encapsulate the message to be transmitted to the opposite-end network equipment through the tunnel.
9. A network device comprising a processor and a memory coupled to each other, the memory storing a computer program that, when executed by the processor, causes the network device to perform the method of any one of claims 1-5 or to perform the method of claim 6.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program which, when run on a computer, causes the computer to perform the method according to any of claims 1-5 or to perform the method according to claim 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111642264.3A CN114301737B (en) | 2021-12-29 | 2021-12-29 | Network configuration method, device, network equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111642264.3A CN114301737B (en) | 2021-12-29 | 2021-12-29 | Network configuration method, device, network equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114301737A CN114301737A (en) | 2022-04-08 |
| CN114301737B true CN114301737B (en) | 2023-10-24 |
Family
ID=80971905
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111642264.3A Active CN114301737B (en) | 2021-12-29 | 2021-12-29 | Network configuration method, device, network equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114301737B (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1933487A (en) * | 2006-10-18 | 2007-03-21 | 杭州华为三康技术有限公司 | Method, device and system for assuring correct execution |
| CN102377646A (en) * | 2010-08-12 | 2012-03-14 | 盛科网络(苏州)有限公司 | Forwarding chip, network switching system and multicast implementation method |
| CN104243299A (en) * | 2013-06-14 | 2014-12-24 | 中兴通讯股份有限公司 | Tunnel processing method and system, control surface equipment and forwarding surface equipment |
| CN104601432A (en) * | 2014-12-31 | 2015-05-06 | 杭州华三通信技术有限公司 | Method and device for transmitting message |
| CN104601496A (en) * | 2014-12-23 | 2015-05-06 | 杭州华三通信技术有限公司 | GRE (Generic Routing Encapsulation) head encapsulation table item generation method and device |
| CN104702479A (en) * | 2015-03-10 | 2015-06-10 | 杭州华三通信技术有限公司 | Tunnel building method and device in Software Defined Network (SDN) |
| CN104871497A (en) * | 2013-11-20 | 2015-08-26 | 华为技术有限公司 | Flow table processing method and apparatus |
| CN105009544A (en) * | 2014-01-23 | 2015-10-28 | 华为技术有限公司 | Tunnel processing method for packet, switching device and control device |
| CN105763416A (en) * | 2016-04-27 | 2016-07-13 | 杭州华三通信技术有限公司 | Data transmission method and controller |
| CN106302248A (en) * | 2016-08-31 | 2017-01-04 | 杭州华三通信技术有限公司 | A kind of neighbours' method for building up and device |
| CN107948077A (en) * | 2018-01-11 | 2018-04-20 | 迈普通信技术股份有限公司 | The retransmission method and device of a kind of data message |
| CN108075991A (en) * | 2016-11-18 | 2018-05-25 | 新华三技术有限公司 | Message forwarding method and device |
| CN111741072A (en) * | 2020-05-27 | 2020-10-02 | 清华大学 | Low-bandwidth high-security data transmission method based on equipment virtualization |
| CN111884903A (en) * | 2020-07-15 | 2020-11-03 | 迈普通信技术股份有限公司 | Service isolation method and device, SDN network system and routing equipment |
| CN112637225A (en) * | 2020-12-28 | 2021-04-09 | 厦门市美亚柏科信息股份有限公司 | Data sending method, data receiving method, client and server |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120099591A1 (en) * | 2010-10-26 | 2012-04-26 | Dell Products, Lp | System and Method for Scalable Flow Aware Network Architecture for Openflow Based Network Virtualization |
| US10038766B2 (en) * | 2016-05-06 | 2018-07-31 | Cisco Technology, Inc. | Partial reassembly and fragmentation for decapsulation |
| US11627080B2 (en) * | 2019-01-18 | 2023-04-11 | Vmware, Inc. | Service insertion in public cloud environments |
-
2021
- 2021-12-29 CN CN202111642264.3A patent/CN114301737B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1933487A (en) * | 2006-10-18 | 2007-03-21 | 杭州华为三康技术有限公司 | Method, device and system for assuring correct execution |
| CN102377646A (en) * | 2010-08-12 | 2012-03-14 | 盛科网络(苏州)有限公司 | Forwarding chip, network switching system and multicast implementation method |
| CN104243299A (en) * | 2013-06-14 | 2014-12-24 | 中兴通讯股份有限公司 | Tunnel processing method and system, control surface equipment and forwarding surface equipment |
| CN104871497A (en) * | 2013-11-20 | 2015-08-26 | 华为技术有限公司 | Flow table processing method and apparatus |
| CN105009544A (en) * | 2014-01-23 | 2015-10-28 | 华为技术有限公司 | Tunnel processing method for packet, switching device and control device |
| CN104601496A (en) * | 2014-12-23 | 2015-05-06 | 杭州华三通信技术有限公司 | GRE (Generic Routing Encapsulation) head encapsulation table item generation method and device |
| CN104601432A (en) * | 2014-12-31 | 2015-05-06 | 杭州华三通信技术有限公司 | Method and device for transmitting message |
| CN104702479A (en) * | 2015-03-10 | 2015-06-10 | 杭州华三通信技术有限公司 | Tunnel building method and device in Software Defined Network (SDN) |
| CN105763416A (en) * | 2016-04-27 | 2016-07-13 | 杭州华三通信技术有限公司 | Data transmission method and controller |
| CN106302248A (en) * | 2016-08-31 | 2017-01-04 | 杭州华三通信技术有限公司 | A kind of neighbours' method for building up and device |
| CN108075991A (en) * | 2016-11-18 | 2018-05-25 | 新华三技术有限公司 | Message forwarding method and device |
| CN107948077A (en) * | 2018-01-11 | 2018-04-20 | 迈普通信技术股份有限公司 | The retransmission method and device of a kind of data message |
| CN111741072A (en) * | 2020-05-27 | 2020-10-02 | 清华大学 | Low-bandwidth high-security data transmission method based on equipment virtualization |
| CN111884903A (en) * | 2020-07-15 | 2020-11-03 | 迈普通信技术股份有限公司 | Service isolation method and device, SDN network system and routing equipment |
| CN112637225A (en) * | 2020-12-28 | 2021-04-09 | 厦门市美亚柏科信息股份有限公司 | Data sending method, data receiving method, client and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114301737A (en) | 2022-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20160285820A1 (en) | Method for processing address resolution protocol message, switch, and controller | |
| KR101938623B1 (en) | Openflow communication method, system, controller, and service gateway | |
| US11134009B2 (en) | Packet processing method and apparatus | |
| CN111130982B (en) | Message forwarding method and device, gateway equipment and readable storage medium | |
| CN109936492B (en) | Method, device and system for transmitting message through tunnel | |
| CN112491701B (en) | Message forwarding method and device | |
| US11800587B2 (en) | Method for establishing subflow of multipath connection, apparatus, and system | |
| CN112333094B (en) | Data transmission processing method and device, network equipment and readable storage medium | |
| CN106878072B (en) | Message transmission method and device | |
| CN103986638A (en) | Method and device for binding multiple public network links for ADVPN tunnel | |
| CN110784436B (en) | Method and apparatus for maintaining an internet protocol security tunnel | |
| CN108289044B (en) | Data forwarding method, link state method for determining static route and network equipment | |
| CN105471725A (en) | Routing method and routing device for traversing autonomous system | |
| CN113162779B (en) | Multi-cloud interconnection method and equipment | |
| KR20140124116A (en) | Apparatus and method for optimizing data-path in mobile communication network | |
| CN112217685B (en) | Tunnel detection method, terminal device, system, computer device and storage medium | |
| CN114301737B (en) | Network configuration method, device, network equipment and computer readable storage medium | |
| CN112887312B (en) | Slow protocol message processing method and related device | |
| JP2023529639A (en) | Packet processing methods, devices and systems | |
| CN110224916B (en) | Message processing method and device and message packaging method, device and system | |
| CN102821051B (en) | PMTU change method in generic routing encapsulation tunnel | |
| CN115801675A (en) | Message processing method and related device | |
| CN107579932B (en) | Data transmission method, equipment and storage medium | |
| US12015544B1 (en) | Backup route for network devices in multihoming configuration | |
| CN114553633A (en) | Tunnel negotiation method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |