CN114500162A - SD-WAN (secure digital-to-Wide area network) system and data forwarding method - Google Patents
SD-WAN (secure digital-to-Wide area network) system and data forwarding method Download PDFInfo
- Publication number
- CN114500162A CN114500162A CN202011144467.5A CN202011144467A CN114500162A CN 114500162 A CN114500162 A CN 114500162A CN 202011144467 A CN202011144467 A CN 202011144467A CN 114500162 A CN114500162 A CN 114500162A
- Authority
- CN
- China
- Prior art keywords
- network
- user
- data packet
- target
- vpn gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 84
- 238000013507 mapping Methods 0.000 claims abstract description 6
- 238000005538 encapsulation Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 13
- 238000004806 packaging method and process Methods 0.000 claims description 8
- 239000000284 extract Substances 0.000 claims description 7
- 238000000605 extraction Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 13
- 230000008569 process Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 6
- 230000006855 networking Effects 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 239000000047 product Substances 0.000 description 2
- 238000003032 molecular docking Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/044—Network management architectures or arrangements comprising hierarchical management structures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an SD-WAN system and a data forwarding method, wherein the SD-WAN system comprises a user branch network, a PON access network, a VPN gateway, an OTN network, cloud data center access equipment and a user cloud VPC network; the PON access network is connected between the user branch network and the VPN gateway; the VPN gateway comprises a VPN gateway connected between a PON access network and an OTN network and a VPN gateway connected between cloud data center access equipment and the OTN network, and is used for maintaining the global ID of a user branch network, a forwarding table between the user branch network and the user cloud VPC network, a forwarding table between the user branch networks and the mapping relation with the user cloud VPC network ID, and sending a user data packet to a target VPN gateway according to the forwarding table; the OTN is used for providing matched connection pipeline resources for the user data packets. The invention can provide end-to-end QoS guarantee.
Description
Technical Field
The embodiment of the invention relates to the technical field of transmission, in particular to an SD-WAN system and a data forwarding method.
Background
In the cloud computing era, operators are faced with network and business transformation. The cloud network cooperation is not only an evolution target and a development trend of the next generation telecommunication network, but also becomes one of core capabilities of differentiated competition of mobile internet information services. Cloud computing and cloud network infrastructure are made simultaneously as the name suggests, and supplement each other. "cloud" refers to a cloud computing data center, cloud service; the "network" refers to a cloud network infrastructure, and includes not only a cloud data center local area network, but also a network between an enterprise or an enterprise data center and a cloud data center, and a network between cloud data centers, especially the latter two, which are called "cloud connection". Providing secure, reliable and good-experience access and interconnection and interworking networks for cloud computing becomes an important development strategy for internet service provider technologies and products oriented by 'cloud priority'. Based on SDN (Software Defined networking) technology, flow planning, Segmented Routing (SR) and other technologies, the method realizes low-cost, high-performance and flexible scheduling of east-west flow among cloud data centers, deploys and provides enterprise cloud backbone networks, Wide Area Network (WAN) gateway technology, products and services, realizes seamless docking of enterprise customer networks and clouds, and provides high-safety, high-reliability and high-performance cloud connection pipelines for users.
In an existing SD-WAN (Software-Defined Wide Area Network) scheme, a Network is divided into two layers, a bottom layer is an operator Network, and an upper layer is a user data Network, and the bottom layer Network of the scheme cannot provide Quality of Service (QoS) guarantee for upper layer user data.
In another existing SD-WAN scheme, user data is loaded on an operator IP (Internet Protocol) network, and an underlying IP network can sense a user. The scheme provides QoS guarantee for upper layer user data at an IP network layer, but different user data cannot be sensed by an access network and a bottom layer transmission network which really bear the user data, so that end-to-end service QoS guarantee cannot be provided for a user cloud private line.
Disclosure of Invention
The embodiment of the invention provides an SD-WAN system and a data forwarding method, which are used for solving the problem that the existing SD-WAN scheme cannot provide end-to-end service QoS guarantee.
In order to solve the technical problem, the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides an SD-WAN system, including:
the system comprises a user branch network, a PON access network, a VPN gateway, an OTN network and a cloud data center network;
wherein:
the cloud data center network comprises cloud data center access equipment and a user cloud VPC network;
the PON access network is connected between the user branch network and the VPN gateway;
the VPN gateway comprises a VPN gateway connected between the PON access network and the OTN network and a VPN gateway connected between the cloud data center access equipment and the OTN network, and is used for maintaining the global ID of a user branch network, a forwarding table between the user branch network and the user cloud VPC network, and the mapping relation between the forwarding table and the user cloud VPC network ID, and sending a user data packet of the user branch network or the user cloud VPC network to a target VPN gateway according to the maintained forwarding table;
the cloud data center access equipment is connected between the user cloud VPC network and the VPN gateway;
and the OTN is connected with the VPN gateway and is used for providing matched connection pipeline resources for the user data packet.
In a second aspect, an embodiment of the present invention provides an SD-WAN system, including:
a user branch network, a PON access network, a VPN gateway and an OTN network;
wherein:
the PON access network is connected between the user branch network and the VPN gateway;
the VPN gateway is connected between the PON access network and the OTN and used for maintaining the global ID of the user branch network and a forwarding table between the user branch networks and sending a user data packet of the user branch network to a target VPN gateway according to the maintained forwarding table;
and the OTN is connected with the VPN gateway and is used for providing matched connection pipeline resources for the user data packet.
In a third aspect, an embodiment of the present invention provides a data forwarding method, applied to a source VPN gateway, including:
the method comprises the steps that a VxLAN data packet sent by a source PON access network is received by a source VPN gateway, the VxLAN data packet carries a user data packet and a VNI, the user data packet is a data packet sent to a target user branch network or a user cloud VPC network by a source user branch network, and the VNI is used for identifying a tenant ID;
the source VPN gateway extracts the VNI, the user data packet and a target address of the user data packet from the VxLAN data packet;
the source VPN gateway inquires a global ID and an OTN network resource association identifier of a target user branch network or a user cloud VPC network in a forwarding table between user branch networks or a forwarding table between the user branch networks and the user cloud VPC network based on the VNI and the target address, and the forwarding table stores the corresponding relation of the VNI, the global ID of the target user branch network or the user cloud VPC network and the OTN network resource association identifier;
the source VPN gateway adds the OTN network resource correlation identifier to the user data packet and encapsulates the user data packet to obtain an encapsulated user data packet;
the source VPN gateway sends the encapsulated user data packet to an OTN network;
and when the source VPN gateway sends the encapsulated user data packet to a port of the OTN equipment connected with the target VPN gateway, the OTN equipment replaces the VLAN ID of the user data packet with the VLAN ID of the target user branch network or the user cloud VPC network.
Optionally, the global ID of the target user branch network or the user cloud VPC network includes: a MAC address or port of a target VPN gateway, and a VLAN ID of the target customer branch network or customer cloud VPC network.
Optionally, the target address is a target MAC address or a target IP address of the user branch network or the user cloud VPC network.
In a fourth aspect, an embodiment of the present invention provides a data forwarding method, applied to a target VPN, including:
the target VPN gateway receives a user data packet sent by an OTN network;
the target VPN gateway inquires VNI in a forwarding table among user branch networks based on VLAN ID of a target user branch network of the user data packet and an input port of the user data packet, wherein the VNI is used for identifying tenant ID, and the corresponding relation among the VNI, the global ID of the user branch network and OTN network resource association identification is stored in the forwarding table among the user branch networks; the global ID of the target user branch network comprises: the MAC address or port of the target VPN gateway, and the VLAN ID of the target user branch network;
the target VPN gateway determines ONU equipment in a target PON access network where the target user branch network is located according to the VNI;
the target VPN gateway encapsulates the user data packet into a VxLAN data packet;
and the target VPN gateway sends the VxLAN data packet to the ONU equipment.
Optionally, the determining, by the target VPN gateway according to the VNI, the ONU device in the target PON access network where the target user branch network is located includes:
and the VPN gateway inquires a user branch network spatial information table according to the VNI and determines ONU equipment in a target PON access network where the target user branch network is located, wherein the user branch network spatial information table stores the VNI, the VLAN ID of the user branch network, the corresponding relation of a target address and the IP address of the ONU equipment.
In a fifth aspect, an embodiment of the present invention provides a data forwarding method, applied to a target VPN gateway, including:
the target VPN gateway receives a user data packet sent by an OTN network;
the target VPN gateway inquires the global ID of the target user cloud VPC network in a global ID matching information table of the user branch network and the user cloud VPC network based on the VLAN ID of the user branch network of the user data packet, wherein the matching information table stores the corresponding relation of the global ID of the user branch network, the VLAN ID of the user branch network and the global ID of the user cloud VPC network;
the target VPN gateway encapsulates the user data packet based on the global ID of the target user cloud VPC network;
and the target VPN gateway sends the encapsulated user data packet to cloud data center access equipment of the target user cloud VPC network.
Optionally, the global ID of the user cloud VPC network is a VNI or a VLAN ID.
In a sixth aspect, an embodiment of the present invention provides a data forwarding method, applied to a source VPN gateway, including:
the source VPN gateway receives a user data packet sent by cloud data center equipment;
the source VPN gateway extracts the global ID of the source user cloud VPC network from the user data packet;
the source VPN gateway inquires the VLAN ID of a target user branch network and the global ID of the target user branch network in a global ID matching information table of the user branch network and the user cloud VPC network based on the global ID of the source user cloud VPC network, and the matching information table stores the corresponding relation of the global ID of the user branch network, the VLAN ID of the user branch network and the global ID of the user cloud VPC network;
the source VPN gateway encapsulates the user data packet based on the VLAN ID of the target user branch network;
the source VPN gateway inquires OTN network resource association identification in a forwarding table of a user branch network and a user cloud VPC network according to the global ID of the target user branch network, wherein the corresponding relation of VNI, the global ID of the user branch network and the OTN network resource association identification is stored in the forwarding table of the user branch network and the user cloud VPC network;
the source VPN gateway adds the OTN network resource correlation identifier to the encapsulated user data packet, and encapsulates the user data packet to obtain an encapsulated user data packet;
and the source VPN gateway sends the encapsulated user data packet to an OTN network.
In a seventh aspect, an embodiment of the present invention provides a VPN gateway, including:
the system comprises a receiving module, a network management module and a network management module, wherein the receiving module is used for receiving a VxLAN data packet sent by a source PON access network, the VxLAN data packet carries a user data packet and a VNI, the user data packet is a data packet sent by a source user branch network to a target user branch network or a user cloud VPC network, and the VNI is used for identifying a tenant ID;
the extraction module is used for extracting the VNI, the user data packet and the target address of the user data packet from the VxLAN data packet;
the query module is used for querying a global ID and an OTN network resource association identifier of a target user branch network or a user cloud VPC network in a forwarding table between user branch networks or a forwarding table between the user branch networks and the user cloud VPC network based on the VNI and the target address, wherein the forwarding table stores the corresponding relation of the VNI, the global ID of the target user branch network or the user cloud VPC network and the OTN network resource association identifier;
an encapsulation module, configured to add the OTN network resource association identifier to the user data packet, and encapsulate the user data packet to obtain an encapsulated user data packet;
and the sending module is used for sending the encapsulated user data packet to an OTN network.
In an eighth aspect, an embodiment of the present invention provides a VPN gateway, including:
the receiving module is used for receiving a user data packet sent by the OTN;
the query module is used for querying a VNI in a forwarding table among the user branch networks based on the VLAN ID of the target user branch network of the user data packet and an input port of the user data packet, wherein the VNI is used for identifying a tenant ID, and the forwarding table among the user branch networks stores the corresponding relation among the VNI, the global ID of the user branch networks and the OTN network resource association identification; the global ID of the target user branch network comprises: the MAC address or port of the target VPN gateway, and the VLAN ID of the target user branch network;
the determining module is used for determining ONU equipment in a target PON access network where the target user branch network is located according to the VNI;
the packaging module is used for packaging the user data packet into a VxLAN data packet;
and the sending module is used for sending the VxLAN data packet to the ONU equipment.
In a ninth aspect, an embodiment of the present invention provides a VPN gateway, including:
the receiving module is used for receiving a user data packet sent by the OTN;
the query module is used for querying the global ID of the target user cloud VPC network in a global ID of the user branch network and global ID matching information table of the user cloud VPC network based on the VLAN ID of the user branch network of the user data packet, and the matching information table stores the corresponding relation between the global ID of the user branch network, the VLAN ID of the user branch network and the global ID of the user cloud VPC network;
the packaging module is used for packaging the user data packet based on the global ID of the target user cloud VPC network;
and the sending module is used for sending the encapsulated user data packet to the cloud data center access equipment of the target user cloud VPC network.
In a tenth aspect, an embodiment of the present invention provides a VPN gateway, including:
the receiving module is used for receiving a user data packet sent by the cloud data center access equipment;
the extraction module is used for extracting the global ID of the source user cloud VPC network from the user data packet;
the first query module is used for querying the VLAN ID of the target user branch network and the global ID of the target user branch network in a global ID matching information table of the user branch network and the user cloud VPC network based on the global ID of the source user cloud VPC network, and the matching information table stores the corresponding relation among the global ID of the user branch network, the VLAN ID of the user branch network and the global ID of the user cloud VPC network;
a first encapsulation module, configured to encapsulate the user data packet based on the VLAN ID of the target user branch network;
the second query module is used for querying the OTN network resource association identifier in a user branch network forwarding table according to the global ID of the target user branch network, and the user branch network forwarding table stores the corresponding relation among the VNI, the global ID of the user branch network and the OTN network resource association identifier;
a second encapsulation module, configured to add the OTN network resource association identifier to an encapsulated user data packet, and encapsulate the user data packet to obtain an encapsulated user data packet;
and the sending module is used for sending the encapsulated user data packet to the OTN.
In an eleventh aspect, an embodiment of the present invention provides a VPN gateway, including: a processor, a memory and a program stored on the memory and executable on the processor, the program, when executed by the processor, implementing the steps of the data forwarding method of the third aspect; or, the program implements the steps of the data forwarding method according to the fourth aspect when executed by the processor; or, the program implements the steps of the data forwarding method according to the fifth aspect when executed by the processor; alternatively, the program implements the steps of the data forwarding method according to the sixth aspect when executed by the processor.
In a twelfth aspect, an embodiment of the present invention provides a readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the data forwarding method according to the third aspect described above; or, the computer program, when executed by a processor, implements the steps of the data forwarding method of the fourth aspect; or, the computer program, when executed by a processor, implements the steps of the data forwarding method of the fifth aspect; alternatively, the computer program realizes the steps of the data forwarding method according to the above sixth aspect when executed by a processor.
The embodiment of the invention has the following advantages:
"end-to-end" QoS guarantee:
from the network outlet, the user data can be perceived by the access network, and simultaneously, the user data can also be perceived by the bottom-layer OTN network, so that the end-to-end QoS guarantee can be provided.
2. Reducing the operation and maintenance complexity of SD-WAN
Different from the traditional technical scheme that binding of ports and VLAN IDs is adopted and user global identity identification association between different devices is transmitted and maintained in different network devices, the embodiment of the invention adopts the technical scheme of VNI and global MAC + VLAN ID to globally identify the user identity, only the user branch network global ID or the user cloud VPC network global ID needs to be configured and maintained on a VPN gateway, a large amount of port + VLAN ID data does not need to be configured on access devices with wider number and OTN network access ring devices, and the port + VLAN ID data is irrelevant to hardware ports of the devices; the huge maintenance workload caused by the port change of the access equipment in the network operation and maintenance and upgrading process in the prior art is avoided, and errors are easy to occur.
3. Higher user data forwarding cost performance
Compared with the IP-based underlay SD-WAN technical scheme, the scheme of the embodiment of the invention reduces the overhead of an IP head and UDP/TCP and improves the forwarding efficiency of user data.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is an architecture diagram of an SD-WAN system according to one embodiment of the present invention;
FIG. 2 is an architecture diagram of an SD-WAN system according to another embodiment of the present invention;
fig. 3 is a schematic flowchart of an uplink data forwarding method between a user branch network and a user branch network according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a VxLAN encapsulated packet according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a data structure of a user branch network forwarding table according to an embodiment of the present invention;
fig. 6 is a schematic data structure diagram of a user data packet encapsulated by a VPN gateway according to an embodiment of the present invention;
fig. 7 is a flowchart illustrating a downlink data forwarding method between a user branch network and a user branch network according to an embodiment of the present invention;
fig. 8 is an ONU local user branch network spatial information table in the L2VPN networking mode;
fig. 9 is an ONU local user branch network spatial information table in the L3VPN networking mode;
fig. 10 is a schematic flowchart of an uplink data forwarding method between a user branch network and a user cloud VPC network according to an embodiment of the present invention;
fig. 11 is a schematic flowchart of a downlink data forwarding method between a user branch network and a user cloud VPC network according to an embodiment of the present invention;
fig. 12 is a table of matching information between the global ID of the user branch network and the global ID of the user cloud VPC network according to the embodiment of the present invention;
fig. 13 is a schematic flowchart of an uplink data forwarding method between a user cloud VPC network and a user branch network according to an embodiment of the present invention;
fig. 14 is a schematic flowchart of a downlink data forwarding method between a user cloud VPC network and a user branch network according to an embodiment of the present invention;
FIG. 15 is a generic solution for IP-based underlay SD-WAN solution and user data encapsulation under the solution;
FIG. 16 shows an underlay SD-WAN solution and a general solution for user data encapsulation under the solution according to an embodiment of the present invention;
fig. 17 is a schematic structural diagram of a VPN gateway according to an embodiment of the present invention;
fig. 18 is a schematic structural diagram of a VPN gateway according to another embodiment of the present invention;
fig. 19 is a schematic structural diagram of a VPN gateway according to yet another embodiment of the present invention;
fig. 20 is a schematic structural diagram of a VPN gateway according to yet another embodiment of the present invention;
fig. 21 is a schematic structural diagram of a VPN gateway according to yet another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a diagram illustrating an architecture of an SD-WAN system according to an embodiment of the present invention, the SD-WAN system includes: a user branch Network, a PON (Passive Optical Network ) access Network, a VPN gateway, an OTN (Optical Transport Network) Network, and a cloud data center Network;
wherein:
the Cloud data center network comprises Cloud data center access equipment and a user Cloud VPC (Virtual Private Cloud) network;
the PON access network is connected between the user branch network and the VPN gateway;
the VPN gateway comprises a VPN gateway connected between the PON access network and the OTN network and a VPN gateway connected between the cloud data center access equipment and the OTN network, and is used for maintaining the global ID of a user branch network, a forwarding table between the user branch network and the user cloud VPC network, and the mapping relation between the forwarding table and the user cloud VPC network ID, and sending a user data packet of the user branch network or the user cloud VPC network to a target VPN gateway according to the maintained forwarding table;
the cloud data center access equipment is connected between the user cloud VPC network and the VPN gateway;
the OTN is connected with the VPN gateway and is used for providing matched connection pipeline resources for user data packets between the user branch network and the user cloud VPC network or the user data packets between the user branch networks.
In the embodiment of the invention, an underlay SD-WAN system of a pure two-layer network technology is realized based on a PON access network and an OTN network, user data can be perceived by the access network and can also be perceived by the OTN network at the bottom layer, so that end-to-end QoS guarantee can be provided for the user data, the user does not need to know any detail of any cloud data center network, the method is completely like equipment accessing a local Ethernet network, no modification technical requirement is required for a user branch network, and the cost and complexity of using a cloud private line by the user are greatly reduced.
Referring to fig. 2, an embodiment of the present invention may further provide an SD-WAN system, including:
a user branch network, a PON access network, a VPN gateway and an OTN network;
wherein:
the PON access network is connected between the user branch network and the VPN gateway;
the VPN gateway is connected between the PON access network and the OTN and used for maintaining the global ID of the user branch network and a forwarding table between the user branch networks and sending a user data packet of the user branch network to a target VPN gateway according to the maintained forwarding table;
and the OTN is connected with the VPN gateway and is used for providing matched connection pipeline resources for the user data packet.
In the embodiment of the invention, an underlay SD-WAN system of a pure two-layer network technology is realized based on a PON access network and an OTN network, user data can be perceived by the access network and simultaneously can also be perceived by the bottom OTN network, thereby providing end-to-end QoS guarantee for the user data.
In the above embodiment, optionally, the user branch network includes an enterprise headquarters network and an enterprise branch network, and is connected to the OTN network through a PON access network.
In the foregoing embodiment, optionally, the PON access Network includes an ONU (Optical Network Unit) device and an OLT (Optical Line Terminal) device.
In the above embodiment, optionally, the VPN gateway connected between the PON access network and the OTN network may be deployed in an operator network, and the VPN gateway connected between the cloud data center network and the OTN network may be deployed in the operator network or may be deployed in the cloud data center network.
In the above embodiment, optionally, the OTN network is configured to connect the user branch network and the user branch network or connect the user branch network and the cloud data center network together, and provide matched connection pipeline resources between the user branch network and the user branch network, or between the user branch network and the user cloud VPC network, so as to provide a connection service with QoS guarantee.
In the above embodiment, the cloud data center network is used to provide a cloud "VPC" service for a user, and the user branch network needs to ensure the user branch network or the user cloud VPC network intercommunication between different places through a connection service with QoS guarantee, so that the user experience with local area network intercommunication is achieved.
The following illustrates a data forwarding method applied to the SD-WAN system.
First, a method for forwarding uplink data between the user branch network and the user branch network in the SD-WAN system, for example, forwarding uplink data between different user branch networks belonging to the same tenant, will be described below.
Referring to fig. 3, an embodiment of the present invention provides a method for forwarding data between subscriber branch networks, where the method is used to send subscriber data from one subscriber branch network to another subscriber branch network, and the method includes the following steps:
step 21: a source user branch network sends a user data packet to a source PON access network;
in the embodiment of the present invention, a user branch network that sends user data is referred to as a source user branch network, a PON access network to which the source user branch network belongs is referred to as a source PON access network, and a VPN gateway between the source PON access network and the OTN network is referred to as a source VPN gateway.
The user branch network receiving the user data is called a target user branch network, the PON access network to which the target user branch network belongs is called a target PON access network, and the VPN gateway between the target PON access network and the OTN is called a target VPN gateway.
In the embodiment of the present invention, the source user branch network and the target user branch network belong to the same tenant (or called as a user).
Step 22: the source PON access Network encapsulates the user data packet by using a VxLAN (Virtual eXtensible LAN) to obtain a VxLAN data packet, the VxLAN data packet carries the user data packet and a VNI (VxLAN Network Identifier), the VNI is a globally unique tenant ID used for identifying, and the tenant belongs to the source user branch Network and the target user branch Network.
Optionally, the user data packet is encapsulated by using a VxLAN by an ONU device belonging to a source user branch network in the source PON access network, so as to obtain a VxLAN data packet.
In the embodiment of the present invention, referring to fig. 4, the VxLAN packet includes: a VxLAN encapsulation part and a user data packet part, wherein the VxLAN encapsulation part comprises an external MAC (media Access Control) header, an external IP header, a VxLAN port and a VxLAN header (8B), and the user data packet part comprises: a user MAC header, a user IP header, and a data payload. The MAC address in the outer MAC header includes the MAC address of the ONU device and the MAC address of the source VPN gateway. The IP address in the outer IP header includes the IP address of the ONU device and the IP address of the source VPN gateway. The VxLAN head carries VNIs, and when the number of tenants is increased to a certain scale, reserved bits can be expanded. The User Datagram is encapsulated in a UDP (User Datagram Protocol) Datagram. The user MAC header in the user data packet comprises MAC addresses of the source user branch network and the target user branch network. The user IP header of the user data packet comprises the IP addresses of the source user branch network and the target user branch network.
Step 23: the source PON access network sends the VxLAN data packet to a source VPN gateway;
the following steps 24-25 are all data forwarding methods executed by the source VPN gateway:
step 24:
24 a: a source VPN gateway receives a VxLAN data packet sent by a source PON access network, and extracts a VNI, a user data packet and a target address of the user data packet from the VxLAN data packet, wherein the target address is a target MAC address or a target IP address of a target user branch network;
24 b: based on the extracted VNI and the target address, the source VPN gateway queries a global ID of the target user branch network and an OTN network resource association identifier in a forwarding table between user branch networks, wherein the global ID of the target user branch network comprises: a MAC address or port of a target VPN gateway, and a VLAN (Virtual Local Area Network) ID of the target user's branch Network; the VLAN ID of the customer drop network is a unique identifier assigned to the customer drop network.
The network resource association identifier is a network resource association identifier which is distributed by the bottom layer OTN for the intercommunication among the user branch networks, and can be a VLAN ID, so that the association or the mapping of the user data flow to the bottom layer network resource is realized.
Referring to fig. 5, fig. 5 is a schematic diagram of a data structure of a forwarding table between user branch networks according to an embodiment of the present invention, where the data structure includes: the spatial information of the user branch network, the global ID of the user branch network and the network resource association identifier, wherein the spatial information of the user branch network comprises: the VNI, the user VLAN, the IP address space and the MAC address space, and the global ID of the user branch network comprises: the VPN gateway MAC address or port, and, the VLAN ID of the target user's branch network.
24 c: the source VPN gateway adds the OTN network resource correlation identifier to the user data packet, and encapsulates the user data packet by adopting an Ethernet encapsulation format to obtain an encapsulated user data packet; referring to fig. 6, fig. 6 is a schematic diagram of a data structure of a user data packet encapsulated by a source VPN gateway.
Step 25: and the source VPN gateway sends the encapsulated user data packet to the OTN network.
A method for forwarding downlink data between the user branch network and the user branch network is described below.
Referring to fig. 7, an embodiment of the present invention provides a method for forwarding data between subscriber branch networks, where the method is used to send subscriber data from one subscriber branch network to another subscriber branch network, and the method includes the following steps:
the following steps 26-27 are data forwarding methods performed by the OTN network:
step 26:
step 26 a: a source OTN device of the OTN network connected with a source VPN gateway receives an encapsulated user data packet sent by the source VPN gateway, searches a corresponding connecting pipeline resource according to an OTN network resource association identifier of the encapsulated user data packet, and transmits the user data packet between the OTN devices by adopting the connecting pipeline resource;
step 26 b: after a target OTN device of the OTN network connected with a target VPN receives a user data packet, replacing an OTN network resource association identifier of the user data packet with a VLAN ID of a target user branch network;
step 27: and the target OTN equipment of the OTN network sends the user data packet to the target VPN gateway.
Step 28:
step 28 a: a target VPN gateway receives a user data packet sent by an OTN network, and queries a VNI from a forwarding table (please refer to fig. 5) between user branch networks based on a VLAN ID of a target user branch network of the user data packet and an ingress port of the user data packet;
step 28 b: the target VPN gateway determines ONU equipment in a PON access network where the target user branch network is located according to the VNI, and encapsulates the user data packet by using VxLAN to obtain a VxLAN data packet;
in the embodiment of the present invention, the ONU device may be determined by using the ONU local user branch network spatial information shown in fig. 8 or fig. 9. Fig. 8 is an ONU local user branch network spatial information table in the L2VPN networking mode, and fig. 9 is an ONU local user branch network spatial information table in the L3VPN networking mode.
Step 29: the target VPN gateway sends the encapsulated VxLAN data packet to the determined ONU equipment;
step 210: and the ONU equipment de-encapsulates the VxLAN data packet to obtain a user data packet and forwards the user data packet to a target user branch network.
The following describes a method for forwarding uplink data between a user branch network and a user cloud VPC network.
Referring to fig. 10, an embodiment of the present invention provides a data forwarding method between a customer branch network and a customer cloud VPC network, for sending customer data from a customer branch network to the customer cloud VPC network, where the method includes the following steps:
step 31: a source user branch network sends a user data packet to a source PON access network;
in the embodiment of the present invention, a user branch network that sends user data is referred to as a source user branch network, a PON access network to which the source user branch network belongs is referred to as a source PON access network, and a VPN gateway between the source PON access network and the OTN network is referred to as a source VPN gateway.
The user cloud VPC network receiving the user data is called a target user cloud VPC network, the cloud data center access equipment to which the target user cloud VPC network belongs is called target cloud data center access equipment, and a VPN gateway between the target cloud data center access equipment and the OTN network is called a target VPN gateway.
The source user branch network may be an enterprise branch network or an enterprise headquarters network.
Step 32: the source PON access network encapsulates the user data packets by using VxLAN to obtain VxLAN data packets, the VxLAN data packets carry the user data packets and VNIs, the VNIs are global unique tenant (or user) IDs used for identifying tenants, and the tenants are tenants to which the source user branch network belongs.
Optionally, the user data packet is encapsulated by using a VxLAN by an ONU device belonging to a source user branch network in the source PON access network, so as to obtain a VxLAN data packet.
Step 33: the source PON access network sends the VxLAN data packet to a source VPN gateway;
the structure of the VxLAN data packet can be seen in fig. 4, and is different from the user data transmission between the user branched networks, in this case, the user MAC header of the user data packet includes the MAC addresses of the source user branched network and the target user cloud VPC network. And the user IP header in the user data packet comprises the IP addresses of the source user branch network and the target user cloud VPC network.
The following steps 34 to 35 are all data forwarding methods executed by the source VPN gateway:
step 34:
34 a: a source VPN gateway receives a VxLAN data packet sent by a source PON access network, and extracts a VNI, a user data packet and a target address of the user data packet from the VxLAN data packet, wherein the target address is a target MAC address or a target IP address of a target user cloud VPC network;
34 b: based on the extracted VNI and the target address, the source VPN gateway queries a global ID and an OTN network resource association identifier of a target user cloud VPC network in a user branch network and user cloud VPC network forwarding table, wherein the global ID of the target user cloud VPC network comprises: the MAC address or port of the target VPN gateway, and the VLAN ID of the target user cloud VPC network;
the OTN network resource association identifier is a network resource association identifier which is distributed by the bottom layer OTN network for the intercommunication of the user branch network and the user cloud VPC network, can be a VLAN identifier, and realizes the association or mapping of the user data stream to the bottom layer network resource.
34 c: and the source VPN gateway adds the OTN network resource correlation identifier to the user data packet, and encapsulates the user data packet by adopting an Ethernet encapsulation format to obtain an encapsulated user data packet.
Step 35: and the source VPN gateway sends the encapsulated user data packet to the OTN network.
A method for forwarding downlink data between the user branch network and the user cloud VPC network is described below.
Referring to fig. 11, an embodiment of the present invention provides a data forwarding method between a customer branch network and a customer cloud VPC network, for sending customer data from a customer branch network to the customer cloud VPC network, where the method includes the following steps:
step 36:
step 36 a: a source OTN device of the OTN network connected with a source VPN gateway receives an encapsulated user data packet sent by the source VPN gateway, searches a corresponding connecting pipeline resource according to an OTN network resource association identifier of the encapsulated user data packet, and transmits the user data packet between the OTN devices by adopting the connecting pipeline resource;
step 36 b: after a target OTN device of the OTN network connected with a target VPN gateway receives a user data packet, replacing a network resource association identifier of the user data packet with a VLAN ID of a target user cloud VPC network;
step 37: and the target OTN equipment of the OTN network sends the user data packet to the target VPN gateway.
Step 38:
step 38 a: the target VPN gateway receives a user data packet sent by the OTN, inquires a matching information table (please refer to fig. 12) of the global ID of the user branch network and the global ID of the user cloud VPC network according to the global ID of the source user branch network of the user data packet, and determines the global ID of the target user cloud VPC network corresponding to the global ID of the source user branch network, wherein the global ID of the user cloud VPC network is VNI or VLAN;
the VNI or VLAN of the user cloud VPC network is the ID of the user cloud VPC network in the cloud data center network, and the tenant VNI is the global ID distributed by an operator for the user branch network.
Step 38 b: aiming at a VxLAN intercommunication scene, a target VPN gateway serving as a VTEP (VXLAN Tunnel End Point) Point encapsulates a user data packet into a VxLAN data packet, and a VNI of the VxLAN data packet uses an inquired VNI;
step 38 c: aiming at a VLAN intercommunication scene, modifying the VLAN ID of a user data packet into a VLAN ID corresponding to a matched target user cloud VPC network;
step 39: the target VPN gateway sends the user data packet to target cloud data center access equipment;
step 310: and the target cloud data center access equipment forwards the user data packet to a target user cloud VPC network.
The following describes a method for forwarding uplink data between user data packets sent by a user cloud VPC network and a user branch network.
Referring to fig. 13, an embodiment of the present invention provides a data forwarding method between a customer branch network and a customer cloud VPC network, where the method is used to send a customer data packet from the customer cloud VPC network to the customer branch network, and the method includes the following steps:
step 41: the source user cloud VPC network sends a user data packet to source cloud data center access equipment;
step 42: the source cloud data center access equipment sends the user data packet to a source VPN gateway;
step 43:
step 43 a: the source VPN gateway extracts the global ID of the source user cloud VPC network from the user data packet, wherein the global ID is VNI or VLAN ID;
step 43 b: the source VPN gateway inquires the global ID of a target user branch network and the VLAN ID of the target user branch network corresponding to the global ID of the source user cloud VPC network from the global ID of the user branch network and the cloud VPC global ID matching information table according to the global ID of the source user cloud VPC network;
step 43 c: the source VPN gateway adds the VLAN ID of the target user branch network in the user data packet; inquiring OTN network resource association identification from a user branch network and a user cloud VPC network forwarding table according to the inquired global ID of the target user branch network, and adding the OTN network resource association identification to a user data packet;
step 44: the source VPN gateway sends the user data packets to the OTN network.
The following describes a method for forwarding downlink data between user data packets sent by a user cloud VPC network and a user branch network.
Referring to fig. 14, an embodiment of the present invention provides a data forwarding method between a customer branch network and a customer cloud VPC network, where the method is used to send customer data from the customer cloud VPC network to the customer branch network, and the method includes the following steps:
the following steps 46-47 are data forwarding methods performed for an OTN network:
step 46:
step 46 a: a source OTN device of the OTN network connected with a source VPN gateway receives a user data packet sent by the source VPN gateway, searches corresponding connecting pipeline resources according to the OTN network resource correlation identification of the user data packet, and transmits the user data packet between the OTN devices by adopting the connecting pipeline resources;
step 46 b: after a target OTN device of the OTN network connected with a target VPN gateway receives a user data packet, replacing a network resource association identifier of the user data packet with a VLAN ID of a target user branch network;
step 47: and the target OTN equipment of the OTN network sends the user data packet to the target VPN gateway.
And 48:
step 48 a: the target VPN gateway inquires VNI in a user branch network forwarding table based on the VLAN ID of a target user branch network of the user data packet and an input port of the user data packet, wherein the VNI is used for identifying a tenant ID, and the user branch network forwarding table stores the corresponding relation of the VNI, the global ID of the user branch network and the OTN network resource association identification; the global ID of the target user branch network comprises: the MAC address or port of the target VPN gateway, and the VLAN ID of the target user branch network; the VPN gateway determines ONU equipment in a target PON access network where the target user branch network is located according to the VNI;
and step 48 b: the target VPN gateway encapsulates the user data packet into a VxLAN data packet;
step 49: the target VPN gateway sends the encapsulated VxLAN data packet to ONU equipment in a target PON access network;
step 410: and the ONU equipment de-encapsulates the VxLAN data packet and sends the de-encapsulated user data packet to a target user branch network.
The above SD-WAN system has the following advantages:
"end-to-end" QoS guarantee:
from the network outlet, the user data can be perceived by the access network, and simultaneously the user data can also be perceived by the bottom-layer OTN network, so that different user branch networks in the same tenant can be identified, and different QoS guarantees can be provided.
2. Reducing the operation and maintenance complexity of SD-WAN
Different from the traditional technical scheme that binding of ports and VLAN IDs is adopted and user global identity identification association between different devices is transmitted and maintained in different network devices, the embodiment of the invention adopts the technical scheme of VNI and global MAC + VLAN ID to globally identify the user identity, only the user branch network global ID needs to be configured and maintained on a VPN gateway, a large amount of port + VLAN ID data does not need to be configured on access devices with wider number and OTN network access ring devices, and the port and VLAN ID data is irrelevant to hardware ports of the devices; the huge maintenance workload caused by the change of the port of the access equipment in the network operation and maintenance and upgrading process in the prior art is avoided, and mistakes are easily made.
3. Higher user data forwarding cost performance
Fig. 15 is an IP-based underlay SD-WAN technical solution and a general solution for user data encapsulation under the technical solution, and fig. 16 is an underlay SD-WAN technical solution and a general solution for user data encapsulation under the technical solution according to an embodiment of the present invention. As can be seen by comparison, the user data of the IP-based underlay SD-WAN technical scheme introduces overhead of 56-100 bytes more than that of the scheme of the embodiment of the invention. The statistics of the data packets of the existing network show that 70% of the flow of the existing network is short data packets below 100B, so that the forwarding efficiency of the scheme of the embodiment of the invention is improved by at least 56% compared with the IP-based underslay SD-WAN technical scheme.
Referring to fig. 17, an embodiment of the present invention further provides a VPN gateway 170, including:
a receiving module 171, configured to receive a VxLAN data packet sent by a source PON access network, where the VxLAN data packet carries a user data packet and a VNI, the user data packet is a data packet sent by the source user branch network to a target user branch network or a user cloud VPC network, and the VNI is used to identify a tenant ID;
an extracting module 172, configured to extract the VNI, the user data packet, and a target address of the user data packet from the VxLAN data packet;
the query module 173 is configured to query, based on the VNI and the target address, a global ID and an OTN network resource association identifier of the target user branch network or the user cloud VPC network in a user branch network forwarding table, where a corresponding relationship between the VNI, the global ID of the target user branch network or the user cloud VPC network, and the OTN network resource association identifier is stored in the user branch network forwarding table;
an encapsulating module 174, configured to add the OTN network resource association identifier to the user data packet, and encapsulate the user data packet to obtain an encapsulated user data packet;
a sending module 175, configured to send the encapsulated user data packet to an OTN network.
Optionally, the global ID of the target user branch network or the user cloud VPC network includes: a MAC address or port of a target VPN gateway, and a VLAN ID of the target customer branch network or customer cloud VPC network.
Optionally, the target address is a target MAC address or a target IP address of the user branch network or the user cloud VPC network.
Referring to fig. 18, an embodiment of the present invention further provides a VPN gateway 180, including:
a receiving module 181, configured to receive a user data packet sent by an OTN network;
an inquiring module 182, configured to inquire, based on a VLAN ID of a target user branch network of the user data packet and an ingress port of the user data packet, a VNI in a user branch network forwarding table, where the VNI is used to identify a tenant ID, and a corresponding relationship between the VNI, a global ID of the user branch network, and an OTN network resource association identifier is stored in the user branch network forwarding table; the global ID of the target user branch network comprises: the MAC address or port of the target VPN gateway, and the VLAN ID of the target user branch network;
a determining module 183, configured to determine, according to the VNI, an ONU device in a target PON access network where the target user branch network is located;
an encapsulating module 184, configured to encapsulate the user data packet into a VxLAN data packet;
a sending module 185, configured to send the VxLAN packet to the ONU device.
Optionally, the determining module 183 is configured to query a user branch network spatial information table according to the VNI, and determine the ONU device in the target PON access network where the target user branch network is located, where the user branch network spatial information table stores the VNI, the VLAN ID of the user branch network, and a corresponding relationship between the target address and the ONU device IP address.
Referring to fig. 19, an embodiment of the present invention further provides a VPN gateway 190, including:
a receiving module 191, configured to receive a user data packet sent by an OTN network;
the query module 192 is configured to query, based on the VLAN ID of the source user branch network of the user data packet, the global ID of the target user cloud VPC network in a global ID matching information table of the user branch network and the user cloud VPC network, where the matching information table stores the corresponding relationship between the global ID of the user branch network, the VLAN ID of the user branch network, and the global ID of the user cloud VPC network;
an encapsulating module 193, configured to encapsulate the user data packet based on a global ID of the target user cloud VPC network;
and a sending module 194, configured to send the encapsulated user data packet to a cloud data center access device of the target user cloud VPC network.
Optionally, the global ID of the user cloud VPC network is a VNI or a VLAN ID.
Referring to fig. 20, an embodiment of the present invention further provides a VPN gateway 200, including:
a receiving module 201, configured to receive a user data packet sent by a cloud data center access device;
an extracting module 202, configured to extract a global ID of a source user cloud VPC network from the user data packet;
a first query module 203, configured to query, based on the global ID of the source user cloud VPC network, a VLAN ID of a target user branch network and a global ID of the target user branch network in a global ID matching information table of a user branch network and a user cloud VPC network, where the matching information table stores a corresponding relationship between the global ID of the user branch network, the VLAN ID of the user branch network, and the global ID of the user cloud VPC network;
a first encapsulating module 204, configured to encapsulate the user data packet based on the VLAN ID of the target user branch network;
a second query module 205, configured to query, according to the global ID of the target user branch network, an OTN network resource association identifier in a user branch network forwarding table, where a corresponding relationship between a VNI, the global ID of the user branch network, and the OTN network resource association identifier is stored in the user branch network forwarding table;
a second encapsulation module 206, configured to add the OTN network resource association identifier to the encapsulated user data packet, and encapsulate the user data packet to obtain an encapsulated user data packet;
a sending module 207, configured to send the encapsulated user data packet to an OTN network.
Referring to fig. 21, an embodiment of the present invention further provides a VPN gateway 210, which includes a processor 211, a memory 212, and a computer program stored in the memory 212 and capable of running on the processor 211, where the computer program, when executed by the processor 211, implements each process of the foregoing data forwarding method embodiment, and can achieve the same technical effect, and details are not repeated here to avoid repetition.
The embodiment of the present invention further provides a readable storage medium, where a computer program is stored on the readable storage medium, and when executed by a processor, the computer program implements each process of the foregoing data forwarding method embodiment, and can achieve the same technical effect, and is not described herein again to avoid repetition. The readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (16)
1. An SD-WAN system, comprising:
the system comprises a user branch network, a PON access network, a VPN gateway, an OTN network and a cloud data center network;
wherein:
the cloud data center network comprises cloud data center access equipment and a user cloud VPC network;
the PON access network is connected between the user branch network and the VPN gateway;
the VPN gateway comprises a VPN gateway connected between the PON access network and the OTN network and a VPN gateway connected between the cloud data center access equipment and the OTN network, and is used for maintaining the global ID of a user branch network, a forwarding table between the user branch network and the user cloud VPC network, and the mapping relation between the forwarding table and the user cloud VPC network ID, and sending a user data packet of the user branch network or the user cloud VPC network to a target VPN gateway according to the maintained forwarding table;
the cloud data center access equipment is connected between the user cloud VPC network and the VPN gateway;
and the OTN is connected with the VPN gateway and is used for providing matched connection pipeline resources for the user data packet.
2. An SD-WAN system, comprising:
a user branch network, a PON access network, a VPN gateway and an OTN network;
wherein:
the PON access network is connected between the user branch network and the VPN gateway;
the VPN gateway is connected between the PON access network and the OTN and used for maintaining the global ID of the user branch network and a forwarding table between the user branch networks and sending a user data packet of the user branch network to a target VPN gateway according to the maintained forwarding table;
and the OTN is connected with the VPN gateway and is used for providing matched connection pipeline resources for the user data packet.
3. A data forwarding method is applied to a source VPN gateway, and is characterized by comprising the following steps:
the method comprises the steps that a VxLAN data packet sent by a source PON access network is received by a source VPN gateway, the VxLAN data packet carries a user data packet and a VNI, the user data packet is a data packet sent to a target user branch network or a user cloud VPC network by a source user branch network, and the VNI is used for identifying a tenant ID;
the source VPN gateway extracts the VNI, the user data packet and a target address of the user data packet from the VxLAN data packet;
the source VPN gateway inquires a global ID and an OTN network resource association identifier of a target user branch network or a user cloud VPC network in a forwarding table between user branch networks or a forwarding table between the user branch networks and the user cloud VPC network based on the VNI and the target address, and the forwarding table stores the corresponding relation of the VNI, the global ID of the target user branch network or the user cloud VPC network and the OTN network resource association identifier;
the source VPN gateway adds the OTN network resource correlation identifier to the user data packet and encapsulates the user data packet to obtain an encapsulated user data packet;
the source VPN gateway sends the encapsulated user data packet to an OTN network;
and when the source VPN gateway sends the encapsulated user data packet to a port of the OTN equipment connected with the target VPN gateway, the OTN equipment replaces the VLAN ID of the user data packet with the VLAN ID of the target user branch network or the user cloud VPC network.
4. The data forwarding method of claim 3, wherein the global ID of the target customer branch network or customer cloud VPC network comprises: a MAC address or port of a target VPN gateway, and a VLAN ID of the target customer branch network or customer cloud VPC network.
5. The data forwarding method of claim 3 wherein the destination address is a destination MAC address or a destination IP address of a customer branch network or a customer cloud VPC network.
6. A data forwarding method is applied to a target VPN gateway, and is characterized by comprising the following steps:
the target VPN gateway receives a user data packet sent by an OTN network;
the target VPN gateway inquires VNI in a forwarding table among user branch networks based on VLAN ID of a target user branch network of the user data packet and an input port of the user data packet, wherein the VNI is used for identifying tenant ID, and the corresponding relation among the VNI, the global ID of the user branch network and OTN network resource association identification is stored in the forwarding table among the user branch networks; the global ID of the target user branch network comprises: the MAC address or port of the target VPN gateway, and the VLAN ID of the target user branch network;
the target VPN gateway determines ONU equipment in a target PON access network where the target user branch network is located according to the VNI;
the target VPN gateway encapsulates the user data packet into a VxLAN data packet;
and the target VPN gateway sends the VxLAN data packet to the ONU equipment.
7. The data forwarding method of claim 6, wherein the determining, by the target VPN gateway according to the VNI, the ONU device in the target PON access network where the target user branch network is located comprises:
and the VPN gateway inquires a user branch network spatial information table according to the VNI and determines ONU equipment in a target PON access network where the target user branch network is located, wherein the user branch network spatial information table stores the VNI, the VLAN ID of the user branch network, the corresponding relation of a target address and the IP address of the ONU equipment.
8. A data forwarding method is applied to a target VPN gateway, and is characterized by comprising the following steps:
the target VPN gateway receives a user data packet sent by an OTN network;
the target VPN gateway inquires the global ID of the target user cloud VPC network in a global ID matching information table of the user branch network and the user cloud VPC network based on the VLAN ID of the user branch network of the user data packet, wherein the matching information table stores the corresponding relation of the global ID of the user branch network, the VLAN ID of the user branch network and the global ID of the user cloud VPC network;
the target VPN gateway encapsulates the user data packet based on the global ID of the target user cloud VPC network;
and the target VPN gateway sends the encapsulated user data packet to cloud data center access equipment of the target user cloud VPC network.
9. The data forwarding method of claim 8 wherein the global ID of the user cloud VPC network is a VNI or a VLAN ID.
10. A data forwarding method is applied to a source VPN gateway, and is characterized by comprising the following steps:
the source VPN gateway receives a user data packet sent by cloud data center equipment;
the source VPN gateway extracts the global ID of the source user cloud VPC network from the user data packet;
the source VPN gateway inquires the VLAN ID of a target user branch network and the global ID of the target user branch network in a global ID matching information table of the user branch network and the user cloud VPC network based on the global ID of the source user cloud VPC network, and the matching information table stores the corresponding relation of the global ID of the user branch network, the VLAN ID of the user branch network and the global ID of the user cloud VPC network;
the source VPN gateway encapsulates the user data packet based on the VLAN ID of the target user branch network;
the source VPN gateway inquires OTN network resource association identification in a forwarding table of a user branch network and a user cloud VPC network according to the global ID of the target user branch network, wherein the corresponding relation of VNI, the global ID of the user branch network and the OTN network resource association identification is stored in the forwarding table of the user branch network and the user cloud VPC network;
the source VPN gateway adds the OTN network resource correlation identifier to the encapsulated user data packet, and encapsulates the user data packet to obtain an encapsulated user data packet;
and the source VPN gateway sends the encapsulated user data packet to an OTN network.
11. A VPN gateway, comprising:
the system comprises a receiving module, a network management module and a network management module, wherein the receiving module is used for receiving a VxLAN data packet sent by a source PON access network, the VxLAN data packet carries a user data packet and a VNI, the user data packet is a data packet sent by a source user branch network to a target user branch network or a user cloud VPC network, and the VNI is used for identifying a tenant ID;
the extraction module is used for extracting the VNI, the user data packet and the target address of the user data packet from the VxLAN data packet;
the query module is used for querying a global ID and an OTN network resource association identifier of a target user branch network or a user cloud VPC network in a forwarding table between user branch networks or a forwarding table between the user branch networks and the user cloud VPC network based on the VNI and the target address, wherein the forwarding table stores the corresponding relation of the VNI, the global ID of the target user branch network or the user cloud VPC network and the OTN network resource association identifier;
an encapsulation module, configured to add the OTN network resource association identifier to the user data packet, and encapsulate the user data packet to obtain an encapsulated user data packet;
and the sending module is used for sending the encapsulated user data packet to an OTN network.
12. A VPN gateway, comprising:
the receiving module is used for receiving a user data packet sent by the OTN;
the query module is used for querying a VNI in a forwarding table among the user branch networks based on the VLAN ID of the target user branch network of the user data packet and an input port of the user data packet, wherein the VNI is used for identifying a tenant ID, and the forwarding table among the user branch networks stores the corresponding relation among the VNI, the global ID of the user branch networks and the OTN network resource association identification; the global ID of the target user branch network comprises: the MAC address or port of the target VPN gateway, and the VLAN ID of the target user branch network;
the determining module is used for determining ONU equipment in a target PON access network where the target user branch network is located according to the VNI;
the packaging module is used for packaging the user data packet into a VxLAN data packet;
and the sending module is used for sending the VxLAN data packet to the ONU equipment.
13. A VPN gateway, comprising:
the receiving module is used for receiving a user data packet sent by the OTN;
the query module is used for querying the global ID of the target user cloud VPC network in a global ID matching information table of the user branch network and the user cloud VPC network based on the VLAN ID of the user branch network of the user data packet, wherein the matching information table stores the corresponding relation between the global ID of the user branch network, the VLAN ID of the user branch network and the global ID of the user cloud VPC network;
the packaging module is used for packaging the user data packet based on the global ID of the target user cloud VPC network;
and the sending module is used for sending the encapsulated user data packet to the cloud data center access equipment of the target user cloud VPC network.
14. A VPN gateway, comprising:
the receiving module is used for receiving a user data packet sent by the cloud data center access equipment;
the extraction module is used for extracting the global ID of the source user cloud VPC network from the user data packet;
the first query module is used for querying the VLAN ID of the target user branch network and the global ID of the target user branch network in a global ID matching information table of the user branch network and the user cloud VPC network based on the global ID of the source user cloud VPC network, and the matching information table stores the corresponding relation among the global ID of the user branch network, the VLAN ID of the user branch network and the global ID of the user cloud VPC network;
a first encapsulation module, configured to encapsulate the user data packet based on the VLAN ID of the target user branch network;
the second query module is used for querying the OTN network resource association identifier in a user branch network forwarding table according to the global ID of the target user branch network, and the user branch network forwarding table stores the corresponding relation among the VNI, the global ID of the user branch network and the OTN network resource association identifier;
a second encapsulation module, configured to add the OTN network resource association identifier to an encapsulated user data packet, and encapsulate the user data packet to obtain an encapsulated user data packet;
and the sending module is used for sending the encapsulated user data packet to the OTN.
15. A VPN gateway, comprising: a processor, a memory and a program stored on the memory and executable on the processor, which program, when executed by the processor, carries out the steps of the data forwarding method according to any one of claims 3 to 5; or the program, when executed by the processor, implements the steps of the data forwarding method of claim 6 or 7; or the program, when executed by the processor, implements the steps of the data forwarding method of claim 8 or 9; alternatively, the program realizes the steps of the data forwarding method of claim 10 when executed by the processor.
16. A readable storage medium, characterized in that the readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the data forwarding method according to any one of claims 3 to 5; or, the computer program realizes the steps of the data forwarding method as claimed in claim 6 or 7 when executed by a processor; or, the computer program realizes the steps of the data forwarding method as claimed in claim 8 or 9 when executed by a processor; alternatively, the computer program realizes the steps of the data forwarding method as claimed in claim 10 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011144467.5A CN114500162A (en) | 2020-10-23 | 2020-10-23 | SD-WAN (secure digital-to-Wide area network) system and data forwarding method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011144467.5A CN114500162A (en) | 2020-10-23 | 2020-10-23 | SD-WAN (secure digital-to-Wide area network) system and data forwarding method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114500162A true CN114500162A (en) | 2022-05-13 |
Family
ID=81470212
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011144467.5A Pending CN114500162A (en) | 2020-10-23 | 2020-10-23 | SD-WAN (secure digital-to-Wide area network) system and data forwarding method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114500162A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150063351A1 (en) * | 2013-08-27 | 2015-03-05 | Cisco Technology, Inc. | Inter-domain network tenant identifier |
| US20150381495A1 (en) * | 2014-06-30 | 2015-12-31 | Nicira, Inc. | Methods and systems for providing multi-tenancy support for single root i/o virtualization |
| CN107222449A (en) * | 2016-03-21 | 2017-09-29 | 华为技术有限公司 | Communication means, equipment and system based on the regular agreement of stream |
| CN108768817A (en) * | 2018-05-22 | 2018-11-06 | 腾讯科技(深圳)有限公司 | A kind of virtualization network constructing system, data packet sending method |
| CN110557316A (en) * | 2018-05-30 | 2019-12-10 | 中国电信股份有限公司 | Message transmission method, system, device and computer readable storage medium |
| WO2020081947A1 (en) * | 2018-10-19 | 2020-04-23 | Futurewei Technologies, Inc. | Secure sd-wan port information distribution |
| US20200213154A1 (en) * | 2018-12-28 | 2020-07-02 | Alibaba Group Holding Limited | Overlay network routing using a programmable switch |
| US20200213224A1 (en) * | 2018-12-28 | 2020-07-02 | Alibaba Group Holding Limited | Multi-tenant isolation using programmable switch |
-
2020
- 2020-10-23 CN CN202011144467.5A patent/CN114500162A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150063351A1 (en) * | 2013-08-27 | 2015-03-05 | Cisco Technology, Inc. | Inter-domain network tenant identifier |
| US20150381495A1 (en) * | 2014-06-30 | 2015-12-31 | Nicira, Inc. | Methods and systems for providing multi-tenancy support for single root i/o virtualization |
| CN107222449A (en) * | 2016-03-21 | 2017-09-29 | 华为技术有限公司 | Communication means, equipment and system based on the regular agreement of stream |
| CN108768817A (en) * | 2018-05-22 | 2018-11-06 | 腾讯科技(深圳)有限公司 | A kind of virtualization network constructing system, data packet sending method |
| CN110557316A (en) * | 2018-05-30 | 2019-12-10 | 中国电信股份有限公司 | Message transmission method, system, device and computer readable storage medium |
| WO2020081947A1 (en) * | 2018-10-19 | 2020-04-23 | Futurewei Technologies, Inc. | Secure sd-wan port information distribution |
| US20200213154A1 (en) * | 2018-12-28 | 2020-07-02 | Alibaba Group Holding Limited | Overlay network routing using a programmable switch |
| US20200213224A1 (en) * | 2018-12-28 | 2020-07-02 | Alibaba Group Holding Limited | Multi-tenant isolation using programmable switch |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109194660B (en) | Network access method and device of mobile terminal | |
| CN110557316B (en) | Message transmission method, system, device and computer readable storage medium | |
| US20180205575A1 (en) | Broadband access | |
| CN109861899B (en) | Virtual home gateway and implementation method, home network center and data processing method | |
| CN110087102B (en) | State query method, device and storage medium | |
| EP2901630B1 (en) | Method operating in a fixed access network and user equipments | |
| CN103944826A (en) | Entry aggregation method in SPBM (shortest path bridging MAC mode) network and equipment | |
| CN104010049A (en) | Ethernet IP message packaging method based on SDN and network isolation and DHCP implementing method based on SDN | |
| US20220239629A1 (en) | Business service providing method and system, and remote acceleration gateway | |
| CN102694738B (en) | Virtual private network (VPN) gateway and method for forwarding messages at VPN gateway | |
| CN113452593B (en) | Method and device for coexistence of OLT VXLAN and multiple slices | |
| CN109787873B (en) | Many-to-many network access communication method and device | |
| CN102571375B (en) | Multicast forwarding method and device as well as network device | |
| CN111092863A (en) | Method, client, server, device and medium for accessing internet website | |
| KR101140453B1 (en) | Circuit emulation over an ip interworking virtual leased line | |
| CN107733765B (en) | Mapping method, system and related equipment | |
| CN111404797B (en) | Control method, SDN controller, SDN access point, SDN gateway and CE | |
| CN117811875A (en) | Household intercommunication network access method and device | |
| CN110557319A (en) | Message processing method and device based on video network | |
| CN116488958A (en) | Gateway processing method, virtual access gateway, virtual service gateway and related equipment | |
| CN107547467B (en) | Circuit authentication processing method, system and controller | |
| CN113973045B (en) | Message transmission method and device | |
| CN110740087A (en) | Message transmission method, terminal, gateway device, electronic device and storage medium | |
| CN114500162A (en) | SD-WAN (secure digital-to-Wide area network) system and data forwarding method | |
| US20040258056A1 (en) | Provider connection system, packet exchange apparatus thereof, dns server, packet exchange method, and computer program thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |