CN115277535B - VPN routing processing method and device, electronic equipment and readable storage medium - Google Patents
VPN routing processing method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN115277535B CN115277535B CN202211213277.3A CN202211213277A CN115277535B CN 115277535 B CN115277535 B CN 115277535B CN 202211213277 A CN202211213277 A CN 202211213277A CN 115277535 B CN115277535 B CN 115277535B
- Authority
- CN
- China
- Prior art keywords
- target
- vpn
- attribute value
- route
- extended community
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/12—Shortest path evaluation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/50—Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the application provides a VPN routing processing method and device, electronic equipment and a readable storage medium, and relates to the technical field of communication. The method comprises the following steps: if it is determined that a first target import extended community attribute value which is the same as the export extended community attribute value exists in each target import extended community attribute value of the local PE, determining a first target data set from the local PE; taking VPN examples corresponding to each example identifier in the first target data set as first target VPN examples; and processing at least one of the first VPN route and each first target VPN instance according to the message source and the route type of the first VPN route. According to the embodiment of the application, the VPN instances in the local PE and the imported extended community attribute values of the VPN instances are not required to be traversed, the time consumption of the whole process is low, and the occupation rate of a CPU can be effectively reduced.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a VPN routing processing method and apparatus, an electronic device, and a readable storage medium.
Background
In the existing BGP system, a local PE comprises each VPN instance of a local CE connected with the local PE, and the insertion or deletion of a VPN route of a reachable route type into the VPN instance involves two situations, wherein one situation is that after the local PE learns the route from the local CE, the local PE generates the VPN route, and the VPN route is inserted into or deleted from the VPN instance of the local PE; the other is that after receiving the VPN route sent by the opposite end PE, the local PE inserts or deletes the VPN route to each VPN instance included in the local PE.
When a route is inserted or deleted, for any VPN instance, the VPN route is inserted or deleted only if an export extended community attribute value of the VPN route is the same as an import extended community attribute value of the VPN instance, one VPN instance normally has a plurality of import extended community attribute values, the number of VPN instances in a BGP system is also large, in the process of inserting or deleting the route, the insertion into all VPN instances is attempted, so that traversal of all VPN instances and at least one import extended community attribute value of each VPN instance is required, only when the import extended community attribute value same as the export extended community attribute value of the VPN route is matched or all import extended community attribute values of the VPN instance are traversed, traversal of the import extended community attribute value of the VPN instance is stopped, the whole process needs to determine whether each VPN instance can be inserted or deleted only after each import extended community attribute value of each VPN instance is matched, a large amount of time is spent, cpu of the device is high, the insertion into the device is slow, and other services on the device are influenced for a long time.
Disclosure of Invention
Embodiments of the present application provide a processing method and apparatus for a VPN route, an electronic device, a computer-readable storage medium, and a computer program product, which can solve the problem that it takes long time to insert a VPN route into a VPN instance. The technical scheme is as follows:
according to a first aspect of the embodiments of the present application, a processing method for VPN routing is provided, which is applied to a local service provider network edge device PE, and the method includes:
receiving and updating an update message, wherein the update message comprises a message source, at least one first VPN route, a route type of each first VPN route and at least one derived extended community attribute value corresponding to each first VPN route;
for each export extended community attribute value of each first VPN route, if it is determined that a first target import extended community attribute value identical to the export extended community attribute value exists in each target import extended community attribute value of the local PE, determining a first target dataset of which the dataset identifier is the first target import extended community attribute value from a dataset prestored in the local PE; each data set comprises an instance identifier of at least one VPN instance, and the at least one VPN instance comprises the same target import extended community attribute value;
taking VPN examples corresponding to each example identifier in the first target data set as first target VPN examples;
and processing at least one of the first VPN route and each first target VPN instance according to the message source and the route type of the first VPN route.
In a possible implementation manner, after receiving the update message, the method further includes:
if the first target import extended community attribute value which is the same as the export extended community attribute value does not exist in the local PE, the message source is the opposite-end PE, and the route type of the first VPN route is the reachable type, discarding the first VPN route, and storing the export extended community attribute value as the neighbor import extended community attribute value of the opposite-end PE in the local PE.
In one possible implementation manner, processing at least one of the first VPN route and each first destination VPN instance according to the message source and the route type of the first VPN route includes:
if the route type of the first VPN route is a reachable type, inserting the first VPN route into each first target VPN example;
if the route type of the first VPN route is an unreachable type and the message source is a local CE, deleting the first VPN route in the update message and the first VPN route in each first target VPN instance;
and if the route type of the first VPN route is an unreachable type and the source of the message is an opposite-end PE, deleting the first VPN route in the update message, the first VPN route in each first target VPN instance and a neighbor import extended group attribute value corresponding to the opposite-end PE.
In a possible implementation manner, before receiving the update message, the method further includes:
creating a data set corresponding to each target import extended community attribute value in a local PE; the data set identification of the data set imports an extended community attribute value for the corresponding target;
in response to an operation of newly adding an import extended community attribute value of a second target VPN instance in a local PE, creating a new import extended community attribute value for the second target VPN instance;
if it is determined that a second target data set exists in the local PE, wherein the data set identifier is a new second target data set of the imported extended community attribute value, an instance identifier of a second target VPN instance is added to the second target data set.
In one possible implementation, after adding the instance identifier of the second target VPN instance to the second target data set, the method further includes:
taking VPN examples corresponding to other example identifications except the example identification of the second target VPN example in the second target data set as third target VPN examples;
for each third target VPN instance, if it is determined that a second VPN route with an extended community attribute value as a new imported extended community attribute value exists in the third target VPN instance and the second VPN route does not exist in the second target VPN instance, the second VPN route is inserted into the second target VPN instance.
In one possible implementation manner, after creating a new import extended community attribute value for the second target VPN instance, the method further includes:
if it is determined that a second target dataset with the dataset identification as the new imported extended community attribute value does not exist in the local PE, the second target dataset is created in the local PE, and the instance identification of the second target VPN instance is added to the second target dataset.
In one possible implementation manner, after determining that there is no second data set in the local PE, where the data set identifier is a new second data set of the imported extended community attribute value, the method further includes:
traversing the stored neighbor import extended community attribute values of each opposite terminal PE, if determining that a target neighbor import extended community attribute value identical to a new import extended community attribute value exists in each neighbor import extended community attribute value, taking the opposite terminal PE corresponding to the target neighbor import extended community attribute value as a target opposite terminal PE, and sending a refresh message to the opposite terminal PE;
the refresh message is used for indicating the target opposite end PE to resend the update message containing the third VPN route; the export extended community attribute value of the third VPN route is the same as the new import extended community attribute value, and the route type of the third VPN route is a reachable type.
In one possible implementation manner, after creating a data set corresponding to each target import extended community attribute value in the local PE, the method further includes:
deleting a second target import extended community attribute value of a third target VPN instance in response to an operation of deleting the second target import extended community attribute value of the third target VPN instance in the local PE;
and if the fourth VPN route exists in the third target VPN instance and the export extended community attribute value of the fourth VPN route is the same as the import extended community attribute value of the second target, deleting the fourth VPN route in the third target VPN instance.
In one possible implementation manner, in response to the operation of deleting the second target import extended community attribute value of the third target VPN instance in the local PE, the method further includes:
deleting the instance identifier of the third target VPN instance in a third target data set comprising the instance identifier of the third target VPN instance to obtain an updated third target data set; and if the updated third target data set is determined to be an empty table, deleting the updated third target data set.
According to a second aspect of the embodiments of the present application, there is provided a processing apparatus for VPN routing, which is applied to a local PE, and the apparatus includes:
the receiving module is used for receiving and updating an update message, wherein the update message comprises a message source, at least one first VPN route, a route type of each first VPN route and at least one derived extended community attribute value corresponding to each first VPN route;
a first target dataset obtaining module, configured to, for each export extended community attribute value of each first VPN route, determine, if it is determined that a first target import extended community attribute value that is the same as the export extended community attribute value exists in each target import extended community attribute value of the local PE, a first target dataset whose dataset identifier is a first target dataset of the target import extended community attribute value from a dataset pre-stored in the local PE; each data set comprises an instance identifier of at least one VPN instance, and the at least one VPN instance comprises the same target import extended community attribute value;
a first target VPN instance determining module, configured to use a VPN instance corresponding to each instance identifier in the first target data set as a first target VPN instance;
and the processing module is used for processing at least one of the first VPN route and each first target VPN instance according to the message source and the route type of the first VPN route.
According to a fourth aspect of embodiments herein, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method as provided by the first aspect.
According to a fifth aspect of embodiments herein, there is provided a computer program product comprising computer instructions stored in a computer-readable storage medium, which, when read by a processor of a computer device from the computer-readable storage medium, cause the processor to execute the computer instructions, so that the computer device performs the steps of implementing the method as provided in the first aspect.
The technical scheme provided by the embodiment of the application has the following beneficial effects:
before inserting or deleting the VPN route, a data set corresponding to each target import extended community attribute value in the local PE is established, the data set identifier of the data set is the corresponding target import extended community attribute value, each data set comprises an instance identifier of at least one VPN instance, and the at least one VPN instance comprises the same target import extended community attribute value; when the first VPN route is inserted or deleted, a first target import extended group attribute value which is the same as an export extended attribute value of the first VPN route is determined from the local PE, a first target dataset in which a dataset identifier is a first target import extended group attribute value is determined from a pre-stored dataset, a first VPN instance corresponding to each instance identifier in the first target dataset is used as a first target VPN instance, each first target VPN instance is a VPN instance in which the first VPN route can be directly inserted or deleted, traversing of each VPN instance in the local PE and each import extended group attribute value of each VPN instance is not needed, time consumption in the whole process is low, and occupation ratio of a CPU can be effectively reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic flowchart of a processing method for a VPN route according to an embodiment of the present application;
fig. 2 is a schematic diagram of BGP networking provided in an embodiment of the present application;
fig. 3 is a schematic diagram of a data set corresponding to each target import extended community attribute value provided in an embodiment of the present application;
fig. 4 is a schematic structural diagram of a processing device for VPN routing according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described below in conjunction with the drawings in the present application. It should be understood that the embodiments set forth below in connection with the drawings are exemplary descriptions for explaining technical solutions of the embodiments of the present application, and do not limit the technical solutions of the embodiments of the present application.
As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, information, data, steps, operations, elements, and/or components, but do not preclude the presence or addition of other features, information, data, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. The term "and/or" as used herein indicates at least one of the items defined by the term, e.g., "a and/or B" may be implemented as "a", or as "B", or as "a and B".
To make the objects, technical solutions and advantages of the present application more clear, the following detailed description of the embodiments of the present application will be made with reference to the accompanying drawings.
The terms referred to in this application will first be introduced and explained:
BGP (Border Gateway Protocol), called exterior Gateway routing Protocol, enables loop-free inter-domain routing between autonomous systems.
The BGP-4 protocol has 5 messages: open (setup), update (update), notification (notification), keepalive (keep alive), and route-refresh (route refresh).
The Open message is used for negotiating BGP parameters, including version numbers and other information. After a TCP session is established between two routers, open information is exchanged to confirm whether a neighbor relation can be formed or not, wherein the open information is the first information sent after the TCP is established;
update message: the method is used for exchanging routing information among BGP neighbors, wherein the routing information comprises withdrawn routing information, reachable routing information and other routing attributes, and the LSU messages are similar to the LSU messages in OSPF.
keepalive message: the method is used for keeping BGP neighbor relation, periodic exchange and judgment of reachability among peers, and is similar to a Hello message in OSPF.
notification message: and (4) error notification, namely when errors are found in the operation of the BGP, the BGP spaker sends a notification message to cut off BGP neighbors.
route-refresh message (hereinafter referred to as refresh message): the method is used for refreshing the BGP routing table after the routing strategy is changed, requesting the BGP peer to resend the routing information, and only BGP equipment supporting Route-refresh capability can send and respond the message.
VPN (Virtual Private Network), which is a Private Network (intranet) built by encryption on a public Network basis, is a full name Virtual Private Network.
A VPN Instance (VPN Instance) is a specialized entity that a PE creates and maintains for directly connected sites, each site having its own independent VPN Instance on the PE. Generally, a VPN instance is referred to as a VPN virtual route Forwarding table (VRF).
The extended community attribute (RT), also called Target attribute, includes an Export extended community attribute (IRT) and an Import extended community attribute (Import Target, ERT), which are respectively used for the Import and Export policies of the VPN Route, that is, the extended community attribute is used to control what kind of routes can be sent and accepted in this VPN instance, and the extended community attribute has global uniqueness and can only be used by one VPN.
Exporting the extended community attribute, which is also called outbound extended community attribute or export target attribute, and setting corresponding values for the export extended community attribute for the routing setting before the local PE distributes the VPN-IPv4 routing learned from the Site directly connected with the local PE to other PEs; in subsequent embodiments, the value to which the extended community attribute corresponds is referred to as the derived extended community attribute value.
When receiving a VPN-IPv4 route issued by an opposite end PE, a local PE checks whether the export extended community attribute of the VPN-IPv4 route is matched with the import extended community attribute of each VPN instance on the local PE, and for any VPN instance in the local PE, the VPN-IPv4 route is inserted into the VPN instance only if the export extended community attribute of the VPN-IPv4 route is the same as one import extended community attribute of the VPN instance (one VPN instance has a plurality of import extended community attributes, and the VPN instance is characterized by receiving VPN-IPv4 routes sent by a plurality of sites). In subsequent embodiments, the value to which the imported extended community attribute corresponds is referred to as the imported extended community attribute value.
MPLS L3VPN is a PE-based L3VPN technology in a service provider VPN solution that uses BGP to publish VPN routes over the service provider backbone and MPLS to forward VPN messages over the service provider backbone.
The MPLS L3VPN networking mode is flexible and good in expandability, and can conveniently support MPLS QoS and MPLS TE, so that the method is increasingly applied.
The MPLS L3VPN model consists of three parts: customer network edge device CE, service provider network edge device PE and backbone router P in the service provider network.
CE (Customer Edge) device: the customer network edge device has an interface directly connected with the SP (Service Provider). The CE may be a router or a switch, or may be a host. The CE does not "perceive" the existence of VPNs nor does it need to support MPLS. The CE device is usually a router, and when the CE establishes an adjacency with a directly connected PE, the CE distributes the VPN route of the site to the PE, and learns the route of the remote VPN from the PE. BGP/IGP switched routing is used between CEs and PEs, or static routing may be used.
PE (Provider Edge) device: the service provider network edge device is an edge device of the service provider network and is directly connected with the CE of the user. In an MPLS network, all processing of VPN routes occurs at the PE. After learning the local VPN route from CE, PE exchanges VPN route with other PE through BGP. The PE router maintains only the routes of the VPNs to which it is directly connected and does not maintain the routes of all VPNs in the service provider network.
P (Provider) router: backbone routers in the service provider network are not directly connected to the CEs. The P device only needs to have basic MPLS forwarding capability. The P-router maintains routes only to the PEs and does not need to know any VPN routes.
In the BGP system, all processing of VPN instances takes place on the PE, a VPN instance is created on the PE for a VNP instance corresponding to each CE connected to the PE, the VPN instance maintains a logically separate routing table for each CE, the VPN instance includes routes of the CEs bound to the VPN instance, each VPN instance has a corresponding extended community attribute value, and each extended community attribute value includes an imported extended community attribute value and an exported extended community attribute value.
For route insertion, after receiving a relevant message of a CE, a PE creates an extended community attribute value for each VPN route in the message, determines whether other VPN instances except the VPN instance bound to the CE can insert the VPN route, and sends the route to other PEs, and the other PEs also determine whether the VPN route can be inserted into each VPN instance owned by the PE. For each VPN route, only when the export extended community attribute value of the VPN route is matched with the import extended community attribute value of a certain VPN instance, the VPN route is inserted into the VPN instance, so that different VPNs are formed, and mutual access and isolation of the VPNs are realized.
In the process of inserting the route, the insertion into all VPN instances is attempted, so that it is necessary to traverse all VPN instances in the local PE and the import extended community attribute value included in each VPN instance to determine whether each import extended community attribute value of each VPN instance matches the export extended community attribute value of the VPN route, which takes a lot of time in the whole process, resulting in a high cpu occupancy of the device for a long time, and a slow route insertion, which affects other services on the device.
The routing method, apparatus, electronic device, computer-readable storage medium, and computer program product provided in the present application aim to solve the above technical problems in the prior art.
The technical solutions of the embodiments of the present application and the technical effects produced by the technical solutions of the present application are explained below by describing several exemplary embodiments. It should be noted that the following embodiments may be referred to, referred to or combined with each other, and the description of the same terms, similar features, similar implementation steps, etc. in different embodiments is not repeated.
An embodiment of the present application provides a processing method for a VPN route, which is applied to a local PE, and as shown in fig. 1, the method includes:
step S101, receiving an update message, wherein the update message comprises a message source, at least one first VPN route, a route type of each first VPN route and at least one export extended community attribute value corresponding to each first VPN route.
The processing method of the VPN route provided by the embodiment of the application is applied to a local PE, the local PE receives a VPN route of a local CE directly connected with the local PE and an update packet sent by an opposite-end PE, the update packet is used for switching routes between BGP neighbors, and each update packet can carry a plurality of reachable VPN routes and/or a plurality of unreachable VPN routes.
An update message can announce a type of reachable VPN routes with the same path attribute, the VPN routes are placed in an NLRI (Network Layer accessibility information) field, and the reachable type VPN routes are used for announcing updatable VPN routes; meanwhile, the update message may also carry multiple unreachable type VPN routes, where the unreachable type VPN route is a route to be revoked, and the revoked route is placed in a withdrawroutes field for notifying the route to be revoked.
Of course, in BGP networking, to enable support of multiple network layer protocols, MP-BGP defines two new path attributes:
MP _ REACH _ NLRI (Multiprotocol readable NLRI, multiprotocol Reachable NLRI): the routing table is used for carrying reachable routing prefixes and next hop address information of various network layer protocols so as to issue the routing to a neighbor, namely, the routing type corresponding to the routing in the MP _ REACH _ NLRI is a reachable type;
MP _ unread _ NLRI (Multiprotocol unacable NLRI): the method is used for carrying unreachable route prefix information of various network layer protocols so as to withdraw the route, namely, the route type corresponding to the route in the MP _ UNREACH _ NLRI is an unreachable type.
The local PE of the embodiment of the application comprises a plurality of CEs directly connected with the CEs, each CE is provided with a corresponding binding VPN instance, and information included in each VPN instance comprises a label forwarding table, an IP routing table, an interface bound with the VPN instance and management information of the VPN instance. The management information of the VPN instance includes RD (Route Distinguisher), route filtering policy, member interface list, and the like.
After receiving the update message, the embodiment of the application analyzes the update message to obtain a message source, at least one first VPN route, a route type of each first VPN route, and at least one derived extended group attribute value corresponding to each VPN route.
In the embodiment of the present application, a first VPN route may have a source of a VPN-IPv4 route packet as an opposite-end PE or a local CE, where the local PE includes at least one local CE directly connected to the local PE, and the local PE may learn a route from the local CE (the route may be at least one of a static route, an RIP route, and an OSPF route), and convert the learned route into a VPN-IPv4 route; the opposite end PE and the local PE, which are not directly connected and include a backbone router P therebetween, may also receive a VPN route from the opposite end CE. Whether it is an opposite-end PE or a local CE, it can be called a neighbor of the local PE.
As shown in fig. 2, which exemplarily shows a BGP networking schematic diagram provided by the embodiment of the present application, including service provider network edge devices PE1, PE2, and PE3, and customer network edge devices CE1, CE2, CE3, CE4, and CE5, where PE1, PE2, and PE3 are all directly connected to a backbone router P in a service provider network, PE1 is directly connected to CE1, CE2, and CE3, and a BGP multi-instance neighbor is established between PE1 and CE1, CE2, and CE3 in an MPLS L3VPN networking, and CE1, CE2, and CE3 are local CEs of PE 1; establishing a bgp multi-instance neighbor by the PE2 and the CE4, wherein the CE4 is a local CE of the PE 2; PE3 and CE5 build a bgp multi-instance neighbor, and CE5 is local CE of PE 3.
A vpnv4 neighbor is established between each two of PE1, PE2 and PE3, each two of PE are opposite-end PE, namely for PE1, PE2 and PE3 can be called as opposite-end PE of PE 1; for PE2, PE1 and PE3 can be called opposite ends PE of PE 2; for PE3, PE1 and PE2 can be referred to as opposite ends PE of PE 3.
In this embodiment of the present application, the route type of the first VPN route includes a reachable type or an unreachable type, the reachable type is also an update type, the first VPN route of the reachable type may be inserted into a corresponding VPN instance, the unreachable type is also a withdrawal type, and the first VPN route of the unreachable type may be deleted from the corresponding VPN instance.
In this embodiment of the present application, each VPN route carries at least one export extended community attribute value, taking a reachable VPN route as an example, if the VPN route has two export extended community attribute values, which are 100 and 200, respectively, it is characterized that the VPN route may be inserted into a VPN instance in which the import extended community attribute value includes 100.
Step S102, for each export extended community attribute value of each first VPN route, if it is determined that a first target import extended community attribute value with the same export extended community attribute value exists in each target import extended community attribute value of the local PE, determining a first target data set with a data set identifier as the first target import extended community attribute value from a data set pre-stored in the local PE; each data set includes an instance identification of at least one VPN instance, and the at least one VPN instance each includes the same target import extended community attribute value.
In a BGP network, a local PE comprises at least one local CE directly connected with the local PE, each local CE has a corresponding VPN instance in the local PE, the VPN instance comprises a plurality of VPN routes, the VPN instance comprises at least one import extended community attribute value, and the export extended community attribute value of the VPN instance which can accept the insertion of the VPN route is required to be the same as one import extended community attribute value of the VPN instance.
In the embodiment of the present application, a corresponding data set is established in the local PE for each target import extended community attribute value included in the local PE, where the data set includes an instance identifier of at least one VPN instance, and at least one VPN instance includes the same target import extended community attribute value, and the data set identifier of the data set is the corresponding target import extended community attribute value.
In particular, the data set in the embodiment of the present application may be a data table, a data set, or other units that can store data, and the embodiment of the present application does not limit this.
After receiving at least one first VPN route, the embodiment of the application may implement policy filtering for the at least one first VPN route, filter the at least one first VPN route according to a preset route filtering policy, and filter out the at least one first VPN route that meets the preset route filtering policy, where the preset route filtering policy specifies a route identifier RD that cannot communicate with two devices, and after implementing the route filtering policy, the embodiment of the application may implement optimization based on a preset optimization rule, and insert or delete the first VPN route that is prioritized in advance.
For each export extended community attribute value of each first VPN route, traversing each target import extended community attribute value in the local PE, and determining whether a first target import extended community attribute value identical to the export extended community attribute value exists in each target import extended community attribute value, if it is determined that a first target import extended community attribute value identical to the export extended community attribute value exists in each target import extended community attribute value, determining a first target dataset whose dataset identifier is the first target import extended community attribute value from a dataset pre-stored in the local PE, where a VPN instance corresponding to each instance identifier stored in the first target dataset is a VPN instance into which the first VPN route can be inserted or deleted.
Step S103, taking the VPN instance corresponding to each instance identifier in the first target data set as the first target VPN instance.
In the embodiment of the present application, the VPN instance corresponding to each instance identifier stored in the first target data set is used as the first target VPN instance, and the first VPN route may be inserted into each first target VPN instance or deleted from each first target VPN instance.
And step S104, processing at least one of the first VPN route and each first target VPN example according to the message source and the route type of the first VPN route.
For each first destination VPN instance, the embodiment of the present application may process at least one of the first VPN route and each first destination VPN instance according to a message source and a route type of the first VPN route, where the processing at least one of the first VPN route and each first destination VPN instance includes inserting the first VPN route into the first destination VPN instance or deleting the first VPN route from the first destination VPN instance.
Specifically, assume that 3VPN instances are included in the local PE: VPN instance 1, VPN instance 2 and VPN instance 3, wherein the importing of the extended community attribute value of VPN instance 1 comprises: 100:1,200: 1,300: 1, example identification of VPN example 1 is 001; the importing extended community attribute values for VPN instance 2 includes: 100:1,200: 1, example identification of VPN example 2 is 002; the import extended community attribute values for VPN instance 3 include: 200:1,300: an example of 1,vpn example 3 is identified as 003.
Continuing with the above example, as shown in fig. 3, it exemplarily shows that a data set corresponding to each target import extended community attribute value is established in the local PE, and the target import extended community attribute value 100:1 the data set identification of the corresponding data set is 100:1, the instance identifiers contained in the data set are: 001 and 002, characterizing VPN instance 1 and VPN instance 2 each include a target import extended community attribute value of 100:1.
target import extended community attribute value 200:1 the data set identification of the corresponding data set is 200:1, the instance identifiers contained in the data set are: 001. 002 and 003, characterizing VPN instance 1, VPN instance 2, and VPN instance 3 each include a target import extended community attribute value of 200:1.
target import extended community attribute value 300:1 the dataset identification for the dataset is 300:1, the instance identifiers contained in the data set are: 001 and 003, characterizing VPN instance 1 and VPN instance 3 each include a target import extended community attribute value of 300:1.
continuing from the above example, if the derived extended community attribute value of a certain first VPN route included in the received update message is 200, the local PE has a first target derived extended community attribute value of 200, which is the same as the derived extended community attribute value of the first VPN route, and the first target dataset id of the dataset id is 200, the example ids included in the first target dataset are 001, 002, and 003, and it is characterized that the VPN example 1, the VPN example 2, and the VPN example 3 all include the first target derived extended community attribute value of 200:1, the first VPN route may be inserted into or deleted from VPN instance 1, VPN instance 2 and VPN instance 3.
Before inserting or deleting the VPN route, a data set corresponding to each target import extended community attribute value in the local PE is established, the data set identifier of the data set is the corresponding target import extended community attribute value, each data set comprises an instance identifier of at least one VPN instance, and the at least one VPN instance comprises the same target import extended community attribute value; when the first VPN route is inserted or deleted, a first target import extended community attribute value which is the same as an export extended attribute value of the first VPN route is determined from the local PE, a first target dataset of which a dataset identifier is the first target import extended community attribute value is determined from a prestored dataset, and a first VPN instance corresponding to each instance identifier in the first target dataset is used as a first target VPN instance, each first target VPN instance is a VPN instance in which the first VPN route can be directly inserted or deleted.
The embodiment of the present application provides a possible implementation manner, and after receiving the update message, the method further includes:
if the fact that the first target import extended group attribute value which is the same as the export extended group attribute value does not exist in the local PE is determined, the message source is the opposite-end PE, and the route type of the first VPN route is the reachable type, the first VPN route is abandoned, and the export extended group attribute value is stored in the local PE as the neighbor import extended group attribute value of the opposite-end PE.
For a first VPN route sent by a local CE, the first VPN route is learned by the local PE from the local CE to a VPN route, and there is always a corresponding VPN instance for the VPN route to be inserted into or deleted from.
However, for a VPN route sent by an opposite-end PE and having a route type of reachable, a first target import extended community attribute value that is the same as an export extended community attribute value may not exist in the local PE, in this case, the first VPN route is directly discarded, and the import extended community attribute value is stored as a neighbor import extended community attribute value of the opposite-end PE, and if a new import extended community attribute is created for a certain VPN instance in the local PE in a subsequent process and the new import extended community attribute value is the same as the neighbor import extended community attribute value of a certain opposite-end PE, a refresh message may be sent to the opposite-end PE to instruct the opposite-end PE to resend a VPN route having an export extended community attribute value that is the same as the new import extended community attribute value and having a route type of reachable.
In the embodiment of the present application, a possible implementation manner is provided, where processing at least one of a first VPN route and each first target VPN instance according to a message source and a route type of the first VPN route includes:
if the route type of the first VPN route is a reachable type, inserting the first VPN route into each first target VPN instance;
if the route type of the first VPN route is an unreachable type and the source of the message is a local CE, deleting the first VPN route in the update message and the first VPN route in each first target VPN instance;
and if the route type of the first VPN route is an unreachable type and the message source is an opposite end PE, deleting the first VPN route in the update message, the first VPN route in each first target VPN instance and a neighbor import extended group attribute value corresponding to the opposite end PE.
In the embodiment of the present application, the local PE may receive the update message sent by the local CE or the peer PE, that is, the source of the message is the peer PE or the local CE, and both the peer PE and the local CE may be referred to as a neighbor of the local PE.
If the source of the first VPN route is a local CE, the first VPN route is learned by the local PE from the local CE, the first VPN route is directly inserted into a VPN instance directly bound to the local CE, and an extended community attribute value of the VPN route is automatically generated at the local PE, where the extended community attribute value includes an imported extended community attribute value and an exported extended community attribute value, where the exported extended community attribute values may be multiple values, and the VPN route may have multiple recipients. Notably, the insertion or deletion of the first VPN route from the local CE in embodiments of the present application occurs after the extended community attribute value for that VPN route is generated.
For any first VPN route, if it is determined that a first target import extended community attribute value identical to an export extended community attribute value exists in each target import extended community attribute value of the local PE, determining a first target data set of which the data set identifier is the first target import extended community attribute value from a data set pre-stored in the local PE; taking VPN examples corresponding to each example identifier in the first target data set as first target VPN examples;
if the route type of the first VPN route is a reachable type, the first VPN route can be directly inserted into each first target VPN instance no matter whether the message source is a local CE or an opposite end PE;
if the route type of the first VPN route is an unreachable type and the message source is a local CE, deleting the first VPN route and deleting the first VPN route in each first target VPN instance;
and if the route type of the first VPN route is an unreachable type and the message source is an opposite-end PE, deleting the first VPN route, the first VPN route in each first target VPN instance and a neighbor import extended group attribute value corresponding to the opposite-end PE.
A possible implementation manner is provided in the embodiment of the present application, before receiving the update message, the method further includes:
creating a data set corresponding to each target import extended community attribute in a local PE; the data set identification of the data set imports an extended community attribute value for the corresponding target;
in response to an operation of newly adding an import extended community attribute value of a second target VPN instance in the local PE, creating a new import extended community attribute value for the second target VPN instance;
if it is determined that a second target data set exists in the local PE, wherein the data set identifier is a new second target data set of the imported extended community attribute value, an instance identifier of a second target VPN instance is added to the second target data set.
In the embodiment of the present application, a data set corresponding to each target import extended community attribute value in the local PE is created in advance before the local PE receives an update message, a data set identifier of each data set is a corresponding target import extended community attribute value, an instance identifier of at least one VPN instance is stored in each data set, and the import extended community attributes of the at least one VPN instance all include the same target import extended community attribute value.
After the operation of newly adding the target import extended community attribute value of the second target VPN instance is detected, the embodiment of the application responds to the operation and creates a new import extended community attribute value for the second target VPN instance. It should be noted that, in this step, a new import extended community attribute value may be created for the second target VPN instance already existing in the local PE, or a second target VPN instance is newly added to the local PE, and an import extended community attribute value of the second target VPN instance is a new import extended community attribute value.
In this embodiment of the present application, after creating a new import extended community attribute value for a second target VPN instance, it is further required to determine whether a second target dataset exists in the local PE, where the dataset identifier is the new import extended community attribute value, and if the second target dataset exists in the local PE, the local PE indicates that the new import extended community attribute value is not a new target import extended community attribute value, and the local PE has a target import extended community attribute value that is the same as the new import extended community attribute value.
After determining that the data set identifier exists in the local PE as the new second target data set into which the extended community attribute value is imported, the embodiment of the present application adds the instance identifier of the second target VPN instance to the second target data set.
A possible implementation manner is provided in the embodiment of the present application, and after adding the instance identifier of the second target VPN instance to the second target data set, the method further includes:
taking VPN examples corresponding to other example identifications except the example identification of the second target VPN example in the second target data set as third target VPN examples;
for each third target VPN instance, if it is determined that a second VPN route in which the extended community attribute value is a new imported extended community attribute value exists in the third target VPN instance and the second VPN route does not exist in the second target VPN instance, the second VPN route is inserted into the second target VPN instance.
In the embodiment of the application, when the instance identifier of the second target VPN instance is added to the second target data set, VPN instances corresponding to other instance identifiers in the second target data set need to be triggered to perform route insertion to the second target VPN instance.
Specifically, VPN instances corresponding to other instance identifiers in the second target data set except the instance identifier of the second target VPN instance are used as third target VPN instances, and for each third target VPN instance, if it is determined that a second VPN route with an extended community attribute value as a new imported extended community attribute value exists in the third target VPN instance and a second VPN route does not exist in the second target VPN instance, the second VPN route is inserted into the second target VPN instance, so that the second target VPN instance does not miss any pluggable VPN route.
In an embodiment of the present application, a possible implementation manner is provided, where after creating a new import extended community attribute value by a second target VPN instance, the method further includes:
if it is determined that a second target dataset with the dataset identifier as a new imported extended community attribute value does not exist in the local PE, the second target dataset is created in the local PE, and the instance identifier of the second target VPN instance is added to the second target dataset.
In the embodiment of the present application, after traversing each data set identifier in the local PE, if it is determined that there is no second target data set whose data set identifier is a new import extended community attribute value, it indicates that the new import extended community attribute value is a new target import extended community attribute value for the local PE, and the local PE does not include the new import extended community attribute value, and there is no second target data set corresponding to the new import extended community attribute value, so that a second target data set needs to be created in the local PE, and an instance identifier of a second target VPN instance is added to the second target data set.
The embodiment of the present application provides a possible implementation manner, where after determining that there is no second data set identified by a data set as a new import extended community attribute value in the local PE, the method further includes:
traversing the stored neighbor import extended community attribute values of each opposite terminal PE, if determining that a target neighbor import extended community attribute value identical to a new import extended community attribute value exists in each neighbor import extended community attribute value, taking the opposite terminal PE corresponding to the target neighbor import extended community attribute value as a target opposite terminal PE, and sending a refresh message to the target opposite terminal PE;
the refresh message is used for indicating the target opposite end PE to resend the update message containing the third VPN route; the export extended community attribute value of the third VPN route is the same as the new import extended community attribute value, and the route type of the third VPN route is a reachable type.
If it is determined that the second dataset identified as the new import extended community attribute value with the dataset does not exist in the local PE, it indicates that the first VPN route cannot be inserted into each VPN instance if the first VPN route whose export community attribute value is the new import extended community attribute value exists in the update message that the local PE has received once.
After a new import extended group attribute value is created for a second target VPN instance, if it is determined that a second dataset identified by a dataset as a new import extended group attribute value does not exist in a local PE, traversing the stored neighbor import extended group attribute values of each peer PE, determining whether a target neighbor import extended group attribute value identical to the new import extended group attribute value exists in each neighbor import extended group attribute value, and if so, indicating that a first VPN route having an export group attribute value as the new import extended group attribute value exists in an update message that the local PE has received once, but the first VPN route is discarded because a VPN instance does not exist at that time for the first VPN instance to insert.
After determining that a target neighbor import extended group attribute value identical to a new import extended group attribute value exists in each neighbor import extended group attribute value, the embodiment of the application takes an opposite end PE corresponding to the target neighbor import extended group attribute value as a target opposite end PE, and sends a refresh message to the opposite end PE, wherein the refresh message is used for indicating the target opposite end PE to resend an update message containing a third VPN route; the derived extended community attribute value of the third VPN route is the same as the new imported extended community attribute value and the route type of the third VPN route is a reachable type, the third VPN route may be reinserted into the second target VPN instance.
In the embodiment of the application, after a new import extended group attribute value appears in a certain VPN instance, a refresh message is not sent to each opposite-end PE immediately, but a target import extended group attribute value in the local PE is determined to be the new extended group attribute value, and a target neighbor import extended group attribute value identical to the new import extended group attribute value exists in the neighbor import extended group attribute value, the opposite-end PE corresponding to the target neighbor import extended group attribute value is used as a target opposite-end PE, and the refresh message is sent to the target opposite-end PE, so that the refresh message is sent according to actual needs, and interaction times between the opposite-end PEs are reduced.
In an embodiment of the present application, a possible implementation manner is provided, where after a data set corresponding to each target import extended community attribute value is created in a local PE, the method further includes:
deleting a second target import extended community attribute value of a third target VPN instance in response to an operation of deleting the second target import extended community attribute value of the third target VPN instance in the local PE;
and if the fourth VPN route exists in the third target VPN example and the attribute value of the export extended community of the fourth VPN route is the same as the attribute value of the import extended community of the second target, deleting the fourth VPN route in the third target VPN example.
In the embodiment of the present application, when detecting an operation of deleting a second target import extended community attribute value of a third target VPN instance in a local PE, in response to the operation, the operation may be to delete an existing second target import extended community attribute value of the third target VPN instance, or delete the third target VPN instance, and at the same time, delete the second target import extended community attribute value corresponding to the third target VPN instance.
Deleting a second target import extended community attribute value of a third target VPN instance in response to an operation of deleting the second target import extended community attribute value of the third target VPN instance in the local PE;
after deleting the second target import extended community attribute value of the third target VPN instance, it is further determined whether a fourth VPN route having the same export extended community attribute value as the second target import extended community attribute value exists in the third target VPN instance, and if so, the fourth VPN route also needs to be deleted in the third target VPN instance along with the deletion of the second target import extended community attribute value.
A possible implementation manner is provided in this embodiment of the present application, where in response to an operation of deleting a second target import extended community attribute value of a third target VPN instance in a local PE, the method further includes:
deleting the instance identifier of the third target VPN instance in a third target data set comprising the instance identifier of the third target VPN instance to obtain an updated third target data set;
and if the updated third target data set is determined to be an empty table, deleting the updated third target data set.
In response to the operation of deleting the second target import extended community attribute value of the third target VPN instance in the local PE, the embodiment of the present application needs to delete the instance identifier of the third target VPN instance in the third target dataset including the instance identifier of the third target VPN instance because the third target VPN instance and the VPN route in which the export extended community attribute value cannot be inserted as the second target import extended community attribute value, so as to obtain the updated third target dataset.
After obtaining the updated third target data set, it is further determined whether the updated third target data set is an empty table, and if the updated third target data set is an empty table, it indicates that there is no target import extended community attribute value in the local PE that is the second target import extended community attribute value, so the updated third target data set also needs to be deleted.
An embodiment of the present application provides a processing apparatus of a VPN route, which is applied to a local PE, and as shown in fig. 4, the processing apparatus 40 of the VPN route may include:
a receiving module 410, configured to receive an update packet, where the update packet includes a packet source, at least one first VPN route, a route type of each first VPN route, and at least one derived extended community attribute value corresponding to each first VPN route;
a first target dataset obtaining module 420, configured to, for each export extended community attribute value of each first VPN route, determine, if it is determined that a first target import extended community attribute value that is the same as the export extended community attribute value exists in each target import extended community attribute value of the local PE, that a dataset identifier is a first target dataset of the target import extended community attribute value from a dataset pre-stored in the local PE; each data set comprises an instance identifier of at least one VPN instance, and the at least one VPN instance comprises the same target import extended community attribute value;
a first target VPN instance determining module 430, configured to use a VPN instance corresponding to each instance identifier in the first target data set as a first target VPN instance;
the processing module 440 is configured to process at least one of the first VPN route and each first destination VPN instance according to the message source and the route type of the first VPN route.
Before inserting or deleting the VPN route, a data set corresponding to each target import extended community attribute value in the local PE is established, the data set identifier of the data set is the corresponding target import extended community attribute value, each data set comprises an instance identifier of at least one VPN instance, and the at least one VPN instance comprises the same target import extended community attribute value; when the first VPN route is inserted or deleted, a first target import extended community attribute value which is the same as an export extended attribute value of the first VPN route is determined from the local PE, a first target dataset of which a dataset identifier is the first target import extended community attribute value is determined from a prestored dataset, and a first VPN instance corresponding to each instance identifier in the first target dataset is used as a first target VPN instance, each first target VPN instance is a VPN instance in which the first VPN route can be directly inserted or deleted.
The apparatus of the embodiment of the present application may execute the method provided by the embodiment of the present application, and the implementation principle is similar, the actions executed by the modules in the apparatus of the embodiments of the present application correspond to the steps in the method of the embodiments of the present application, and for the detailed functional description of the modules of the apparatus, reference may be specifically made to the description in the corresponding method shown in the foregoing, and details are not repeated here.
The embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory, where the processor executes the computer program to implement the steps of the processing method for VPN routing, and compared with the related art, the steps of: before inserting or deleting the VPN route, a data set corresponding to each target import extended community attribute value in the local PE is established, the data set identifier of the data set is the corresponding target import extended community attribute value, each data set comprises an instance identifier of at least one VPN instance, and the at least one VPN instance comprises the same target import extended community attribute value; when the first VPN route is inserted or deleted, a first target import extended community attribute value which is the same as an export extended attribute value of the first VPN route is determined from the local PE, a first target dataset of which a dataset identifier is the first target import extended community attribute value is determined from a prestored dataset, and a first VPN instance corresponding to each instance identifier in the first target dataset is used as a first target VPN instance, each first target VPN instance is a VPN instance in which the first VPN route can be directly inserted or deleted.
In an alternative embodiment, an electronic device is provided, as shown in fig. 5, the electronic device 5000 shown in fig. 5 includes: a processor 5001 and a memory 5003. Wherein the processor 5001 is coupled to the memory 5003, such as via bus 5002. Optionally, the electronic device 5000 may further include a transceiver 5004, and the transceiver 5004 may be used for data interaction between the electronic device and other electronic devices, such as transmission of data and/or reception of data. It should be noted that the transceiver 5004 is not limited to one in practical application, and the structure of the electronic device 5000 is not limited to the embodiment of the present application.
The Processor 5001 may be a CPU (Central Processing Unit), general-purpose Processor, DSP (Digital Signal Processor), ASIC (Application Specific Integrated Circuit), FPGA (Field Programmable Gate Array), or other Programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or execute the various illustrative logical blocks, modules, and circuits described in connection with the disclosure herein. The processor 5001 may also be a combination of processors implementing computing functionality, e.g., a combination comprising one or more microprocessors, a combination of DSPs and microprocessors, or the like.
The Memory 5003 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic disk storage medium, other magnetic storage devices, or any other medium that can be used to carry or store computer programs and that can be Read by a computer, without limitation.
The memory 5003 is used for storing computer programs for executing the embodiments of the present application, and is controlled by the processor 5001 for execution. The processor 5001 is configured to execute computer programs stored in the memory 5003 to implement the steps shown in the foregoing method embodiments.
The electronic device package may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle-mounted terminal (e.g., a car navigation terminal), etc., and a stationary terminal such as a digital TV, a desktop computer, etc., among others. The electronic device shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
Embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, and when being executed by a processor, the computer program may implement the steps and corresponding contents of the foregoing method embodiments. Compared with the prior art, the method can realize that: before inserting or deleting the VPN route, a data set corresponding to each target import extended community attribute value in the local PE is established, the data set identifier of the data set is the corresponding target import extended community attribute value, each data set comprises an instance identifier of at least one VPN instance, and the at least one VPN instance comprises the same target import extended community attribute value; when the first VPN route is inserted or deleted, a first target import extended community attribute value which is the same as an export extended attribute value of the first VPN route is determined from the local PE, a first target dataset of which a dataset identifier is the first target import extended community attribute value is determined from a prestored dataset, and a first VPN instance corresponding to each instance identifier in the first target dataset is used as a first target VPN instance, each first target VPN instance is a VPN instance in which the first VPN route can be directly inserted or deleted.
It should be noted that the computer readable medium of the present disclosure may be a computer readable signal medium or a computer readable medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
Embodiments of the present application further provide a computer program product, which includes a computer program, and when the computer program is executed by a processor, the steps and corresponding contents of the foregoing method embodiments may be implemented. Compared with the prior art, the method can realize that: before inserting or deleting the VPN route, a data set corresponding to each target import extended community attribute value in the local PE is established, the data set identifier of the data set is the corresponding target import extended community attribute value, each data set comprises an instance identifier of at least one VPN instance, and the at least one VPN instance comprises the same target import extended community attribute value; when the first VPN route is inserted or deleted, a first target import extended group attribute value which is the same as an export extended attribute value of the first VPN route is determined from the local PE, a first target dataset in which a dataset identifier is a first target import extended group attribute value is determined from a pre-stored dataset, a first VPN instance corresponding to each instance identifier in the first target dataset is used as a first target VPN instance, each first target VPN instance is a VPN instance in which the first VPN route can be directly inserted or deleted, traversing of each VPN instance in the local PE and each import extended group attribute value of each VPN instance is not needed, time consumption in the whole process is low, and occupation ratio of a CPU can be effectively reduced.
The terms "first," "second," "third," "fourth," "1," "2," and the like in the description and claims of this application and in the preceding drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used are interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in other sequences than described or illustrated herein.
It should be understood that, although each operation step is indicated by an arrow in the flowchart of the embodiment of the present application, the implementation order of the steps is not limited to the order indicated by the arrow. In some implementation scenarios of the embodiments of the present application, the implementation steps in the flowcharts may be performed in other sequences as desired, unless explicitly stated otherwise herein. In addition, some or all of the steps in each flowchart may include multiple sub-steps or multiple stages based on an actual implementation scenario. Some or all of these sub-steps or stages may be performed at the same time, or each of these sub-steps or stages may be performed at different times. In a scenario where execution times are different, an execution sequence of the sub-steps or the phases may be flexibly configured according to requirements, which is not limited in the embodiment of the present application.
The above are only optional embodiments of partial implementation scenarios in the present application, and it should be noted that, for those skilled in the art, other similar implementation means based on the technical idea of the present application are also within the scope of protection of the embodiments of the present application without departing from the technical idea of the present application.
Claims (11)
1. A processing method of Virtual Private Network (VPN) routing is applied to a local service Provider (PE) network edge device and comprises the following steps:
receiving an update message, wherein the update message comprises a message source, at least one first VPN route, a route type of each first VPN route and at least one derived extended group attribute value corresponding to each first VPN route;
for each export extended community attribute value of each first VPN route, if it is determined that a first target import extended community attribute value identical to the export extended community attribute value exists in each target import extended community attribute value of the local PE, determining a first target dataset whose dataset identifier is the first target import extended community attribute value from a dataset prestored in the local PE; each data set comprises an instance identification of at least one VPN instance, and the at least one VPN instance comprises the same target import extended community attribute value;
taking VPN instances corresponding to the instance identifications in the first target data set as first target VPN instances;
processing at least one of the first VPN route and each first target VPN instance according to the message source and the route type of the first VPN route;
if it is determined that the first target import extended community attribute value which is the same as the export extended community attribute value does not exist in the local PE, the message source is an opposite-end PE, and the route type of the first VPN route is a reachable type, discarding the first VPN route, and storing the export extended community attribute value as a neighbor import extended community attribute value of the opposite-end PE in the local PE.
2. The method of claim 1, wherein said processing at least one of said first VPN route and each of said first destination VPN instances according to said packet source and said first VPN route's route type comprises:
if the route type of the first VPN route is a reachable type, inserting the first VPN route into each first target VPN instance;
if the routing type of the first VPN route is an unreachable type and the source of the message is a local user network edge (CE), deleting the first VPN route in the update message and the first VPN route in each first target VPN instance;
if the route type of the first VPN route is an unreachable type and the source of the packet is an opposite-end PE, deleting the first VPN route in the update packet, the first VPN route in each first target VPN instance, and a neighbor import extended group attribute value corresponding to the opposite-end PE.
3. The method according to any one of claims 1-2, wherein before receiving the update message, the method further comprises:
creating a data set corresponding to each target import extended community attribute value in the local PE; the dataset identification of the dataset imports an extended community attribute value for the corresponding target;
in response to an operation of newly adding an import extended community attribute value of a second target VPN instance in the local PE, creating a new import extended community attribute value for the second target VPN instance;
and if the data set identifier existing in the local PE is determined to be a second target data set of the new imported extended community attribute value, adding the instance identifier of the second target VPN instance to the second target data set.
4. The method as recited in claim 3, wherein said adding an instance identification of said second target VPN instance to said second target data set further comprises:
taking VPN instances corresponding to other instance identifications except the instance identification of the second target VPN instance in the second target data set as third target VPN instances;
for each third target VPN instance, if it is determined that the extended community attribute value exists in the third target VPN instance as the second VPN route of the new imported extended community attribute value and the second VPN route does not exist in the second target VPN instance, inserting the second VPN route into the second target VPN instance.
5. The method of claim 3, wherein after creating a new import extended community attribute value for said second target VPN instance, further comprising:
if it is determined that a second target dataset with a dataset identifier as the new imported extended community attribute value does not exist in the local PE, creating the second target dataset in the local PE, and adding an instance identifier of the second target VPN instance to the second target dataset.
6. The method according to claim 5, wherein said determining that there is no second data set in the local PE whose data set is identified as the new imported extended community attribute value further comprises:
traversing the stored neighbor import extended community attribute values of each opposite terminal PE, if determining that a target neighbor import extended community attribute value identical to the new import extended community attribute value exists in each neighbor import extended community attribute value, taking the opposite terminal PE corresponding to the target neighbor import extended community attribute value as a target opposite terminal PE, and sending a refresh message to the target opposite terminal PE;
the refresh message is used for indicating the target opposite end PE to resend an update message containing a third VPN route; the export extended community attribute value of the third VPN route is the same as the new import extended community attribute value, and the route type of the third VPN route is a reachable type.
7. The method according to claim 3, wherein after creating the data set corresponding to each target import extended community attribute value in the local PE, further comprising:
in response to the operation of deleting the second target import extended community attribute value of the third target VPN instance in the local PE, deleting the second target import extended community attribute value of the third target VPN instance;
and if it is determined that a fourth VPN route exists in the third target VPN instance and the derived extended community attribute value of the fourth VPN route is the same as the second target introduced extended community attribute value, deleting the fourth VPN route in the third target VPN instance.
8. The method according to claim 7, wherein said operation of importing an extended community attribute value in response to deleting a second target of a third target VPN instance in said local PE further comprises:
deleting the instance identifier of the third target VPN instance in a third target data set comprising the instance identifier of the third target VPN instance to obtain an updated third target data set;
and if the updated third target data set is determined to be an empty table, deleting the updated third target data set.
9. A processing apparatus of a VPN route, applied to a local PE, comprising:
a receiving module, configured to receive an update message, where the update message includes a message source, at least one first VPN route, a route type of each first VPN route, and at least one derived extended group attribute value corresponding to each first VPN route;
a first target dataset obtaining module, configured to, for each export extended community attribute value of each first VPN route, determine, if it is determined that a first target import extended community attribute value identical to the export extended community attribute value exists in each target import extended community attribute value of a local PE, a first target dataset whose dataset identifier is a first target dataset of the target import extended community attribute value from a dataset pre-stored in the local PE; each data set comprises an instance identification of at least one VPN instance, and the at least one VPN instance comprises the same target import extended community attribute value;
a first target VPN instance determining module, configured to use a VPN instance corresponding to each instance identifier in the first target data set as a first target VPN instance;
a processing module, configured to process at least one of the first VPN route and each of the first target VPN instances according to the packet source and the route type of the first VPN route;
the processing module is further configured to discard the first VPN route if it is determined that the local PE does not have the first target import extended group attribute value that is the same as the export extended group attribute value, the packet source is an opposite-end PE, and the route type of the first VPN route is a reachable type, and store the export extended group attribute value in the local PE as a neighbor import extended group attribute value of the opposite-end PE.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory, characterized in that the processor executes the computer program to implement the steps of the method of any of claims 1-8.
11. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211213277.3A CN115277535B (en) | 2022-09-30 | 2022-09-30 | VPN routing processing method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211213277.3A CN115277535B (en) | 2022-09-30 | 2022-09-30 | VPN routing processing method and device, electronic equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115277535A CN115277535A (en) | 2022-11-01 |
| CN115277535B true CN115277535B (en) | 2022-12-16 |
Family
ID=83758156
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211213277.3A Active CN115277535B (en) | 2022-09-30 | 2022-09-30 | VPN routing processing method and device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277535B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534210A (en) * | 2009-04-22 | 2009-09-16 | 杭州华三通信技术有限公司 | A method and equipment for setting priority of multicast IP messages |
| CN106059882A (en) * | 2016-05-05 | 2016-10-26 | 杭州华三通信技术有限公司 | Route insertion method and device |
| CN107547378A (en) * | 2017-09-28 | 2018-01-05 | 新华三技术有限公司 | A kind of VPN route learnings method and apparatus |
| CN107666397A (en) * | 2016-07-29 | 2018-02-06 | 丛林网络公司 | The method and pe router that multicast group leaves request are transmitted between pe router |
| CN108183858A (en) * | 2017-12-26 | 2018-06-19 | 新华三技术有限公司 | A kind of routing introducing method and device |
| CN110324226A (en) * | 2018-03-30 | 2019-10-11 | 瞻博网络公司 | Improve the aliasing behavior of more host site flows in ether Virtual Private Network network |
| CN111200549A (en) * | 2018-11-16 | 2020-05-26 | 华为技术有限公司 | Method and device for acquiring routing information |
| CN112751767A (en) * | 2019-10-30 | 2021-05-04 | 华为技术有限公司 | Routing information transmission method and device and data center internet |
| WO2021219010A1 (en) * | 2020-04-30 | 2021-11-04 | 中国电信股份有限公司 | Route control method and apparatus, system and border gateway protocol peer |
| CN113904981A (en) * | 2021-09-15 | 2022-01-07 | 锐捷网络股份有限公司 | Routing information processing method and device, electronic equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8750099B2 (en) * | 2011-12-16 | 2014-06-10 | Cisco Technology, Inc. | Method for providing border gateway protocol fast convergence on autonomous system border routers |
-
2022
- 2022-09-30 CN CN202211213277.3A patent/CN115277535B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534210A (en) * | 2009-04-22 | 2009-09-16 | 杭州华三通信技术有限公司 | A method and equipment for setting priority of multicast IP messages |
| CN106059882A (en) * | 2016-05-05 | 2016-10-26 | 杭州华三通信技术有限公司 | Route insertion method and device |
| CN107666397A (en) * | 2016-07-29 | 2018-02-06 | 丛林网络公司 | The method and pe router that multicast group leaves request are transmitted between pe router |
| CN107547378A (en) * | 2017-09-28 | 2018-01-05 | 新华三技术有限公司 | A kind of VPN route learnings method and apparatus |
| CN108183858A (en) * | 2017-12-26 | 2018-06-19 | 新华三技术有限公司 | A kind of routing introducing method and device |
| CN110324226A (en) * | 2018-03-30 | 2019-10-11 | 瞻博网络公司 | Improve the aliasing behavior of more host site flows in ether Virtual Private Network network |
| CN111200549A (en) * | 2018-11-16 | 2020-05-26 | 华为技术有限公司 | Method and device for acquiring routing information |
| CN112751767A (en) * | 2019-10-30 | 2021-05-04 | 华为技术有限公司 | Routing information transmission method and device and data center internet |
| WO2021219010A1 (en) * | 2020-04-30 | 2021-11-04 | 中国电信股份有限公司 | Route control method and apparatus, system and border gateway protocol peer |
| CN113904981A (en) * | 2021-09-15 | 2022-01-07 | 锐捷网络股份有限公司 | Routing information processing method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115277535A (en) | 2022-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112511444B (en) | Multicast traffic transmission method, device, communication node and storage medium | |
| US20160134591A1 (en) | VPN Implementation Processing Method and Device for Edge Device | |
| US9191318B1 (en) | Transitioning between communication protocols between networks | |
| CN110798403B (en) | Communication method, communication device and communication system | |
| CN112511418A (en) | Message indicating method, device, equipment and storage medium | |
| CN114978978A (en) | Computing resource scheduling method and device, electronic equipment and medium | |
| CN112511995B (en) | Message interaction method, device, equipment and storage medium | |
| CN102202004A (en) | Routing error processing method and device and routing equipment | |
| CN113904981B (en) | Routing information processing method and device, electronic equipment and storage medium | |
| EP3461079B1 (en) | Path establishment method and device, and network node | |
| CN115277535B (en) | VPN routing processing method and device, electronic equipment and readable storage medium | |
| CN111147376B (en) | Route updating method, device, equipment and medium | |
| CN113328943B (en) | Route matching method, information sending method and device | |
| CN113556283B (en) | Route management method and tunnel endpoint equipment | |
| CN112910771B (en) | Connection establishment method, device, equipment and storage medium | |
| CN113395206B (en) | Route determining method, device and network equipment | |
| CN112838985B (en) | Heterogeneous network communication method, system and controller | |
| CN109921989B (en) | BGP logical topology generation method and equipment | |
| CN115118544B (en) | Communication method, device and system | |
| WO2023050981A1 (en) | Allocation method and apparatus for virtual private network service identifier, and message processing method and apparatus | |
| WO2023098703A1 (en) | Path notification method, topology algorithm combination generation method, path calculation method, data transmission method, electronic device, and computer-readable storage medium | |
| US10924395B2 (en) | Seamless multipoint label distribution protocol (mLDP) transport over a bit index explicit replication (BIER) core | |
| WO2022257773A1 (en) | Routing detection method, device, system, and storage medium | |
| CN116743649A (en) | Method, device, medium and equipment for expanding message segment | |
| CN117938748A (en) | Method, device and related equipment for notifying information of computing force node |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |