CN115865847A - Method, equipment and storage medium for automatically establishing VTEP of VXLAN - Google Patents
Method, equipment and storage medium for automatically establishing VTEP of VXLAN Download PDFInfo
- Publication number
- CN115865847A CN115865847A CN202211694305.8A CN202211694305A CN115865847A CN 115865847 A CN115865847 A CN 115865847A CN 202211694305 A CN202211694305 A CN 202211694305A CN 115865847 A CN115865847 A CN 115865847A
- Authority
- CN
- China
- Prior art keywords
- vxlan
- message
- equipment
- mac address
- vtep
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a VTEP method for automatically establishing VXLAN, wherein three-layer network switching equipment exists between VXLAN equipment; the sending end VXLAN equipment fills a destination address in an Ethernet message header of a VXLAN message into an MAC address of three-layer network switching equipment when sending, sends the message to the three-layer network switching equipment, and then sends the message to the receiving end VXLAN equipment by the three-layer network switching equipment, after the receiving end VXLAN equipment receives the VXLAN message, a source IP in the Ethernet message, a source IP in the VXLAN message and a source MAC address of the VXLAN message are bound to be VTEP, and when the VXLAN is packaged by the receiving end VXLAN equipment, the MAC address of a VXLAN tunnel node is determined according to the MAC address in the VTEP. The invention enables the VXLAN technology to be applied to any scene and provides network security communication service for the communication message.
Description
Technical Field
The invention relates to the field of communication, in particular to a method, equipment and a storage medium for automatically establishing a VTEP of VXLAN based on MAC address, which can enable the VXLAN technology to be applied to a non-link reachable environment.
Background
In the present network environment, the working efficiency and competitiveness of each enterprise organization headquarters and each branch are improved by establishing a three-layer network topology, but multicast and broadcast information in the established three-layer network topology is limited, and the multicast and broadcast information cannot be effectively sent to each office area of the enterprise organization, and the problem can be solved by establishing a large two-layer network by using a VXLAN technology.
Meanwhile, in terms of security, information transmitted by a user through a public network or a private network can be stolen, modified and forged at any time in the transmission process, so that the security and the reliability of the information are reduced.
Disclosure of Invention
Aiming at the problems in the prior art, the method, the equipment and the storage medium for automatically establishing the VTEP of the VXLAN based on the MAC address are provided, the determination of the MAC address of the tunnel node is completed through the binding of the MAC address on the basis of the VXLAN technology, and the method can be ensured to be applicable to any VXLAN environment.
The technical scheme adopted by the invention is as follows: a VTEP method for automatically establishing VXLAN is applied between VXLAN devices which are mutual VXLAN tunnel nodes, and three-layer network switching devices exist between the VXLAN devices; the sending end VXLAN equipment fills a destination address in an Ethernet message header of a VXLAN message into an MAC address of three-layer network switching equipment when sending, sends the message to the three-layer network switching equipment, and then sends the message to the receiving end VXLAN equipment by the three-layer network switching equipment, after the receiving end VXLAN equipment receives the VXLAN message, a source IP in the Ethernet message, a source IP in the VXLAN message and a source MAC address of the VXLAN message are bound to be VTEP, and when the VXLAN is packaged by the receiving end VXLAN equipment, the MAC address of a VXLAN tunnel node is determined according to the MAC address in the VTEP.
Further, the sending end VXLAN device configures a VXLAN default MAC address as the MAC address of the connected three-layer network switching device, and when the MAC address of the receiving end VXLAN device is not inquired, the default MAC address is directly filled in the VXLAN message.
Further, VXLAN messages transmitted between VXLAN devices are encrypted and protected by adopting the over-secret IPSec VPN technology.
Further, the three-layer network switching device comprises a router, a NAT device and a gateway.
The invention also provides electronic equipment which comprises a memory and a processor, wherein the memory stores a computer program which can be loaded by the processor and executes the corresponding VTEP method for automatically establishing VXLAN.
The present invention also provides a computer readable storage medium having stored thereon computer program instructions for implementing the above-described process corresponding to the VTEP method for automatically establishing VXLAN when executed by a processor.
Compared with the prior art, the beneficial effects of adopting the technical scheme are as follows:
1. the invention completes the binding of VXLAN message based on MAC address to form VTEP, so that when the VXLAN device packages VXLAN message, the MAC address of VXLAN tunnel node is determined according to the MAC address in VTEP, and the MAC address of VXLAN tunnel node is not inquired in the system. Meanwhile, the problem that the existing VXLAN technology cannot be abnormal in the non-link reachable scene can be solved.
2. The IPSec VPN safety communication technology based on GM/T0022 IPSec VPN technical specification is adopted to provide network safety communication service for communication messages between VXLAN tunnel nodes and guarantee the safety, reliability and unacknowledgeable property of data in the transmission process.
Drawings
Fig. 1 is a schematic diagram of the method for automatically establishing VTEP of VXLAN based on MAC address according to the present invention.
Fig. 2 is a schematic diagram of VXLAN technology in a direct connection scenario.
Fig. 3 is a schematic diagram of a VXLAN technology in a scenario where a two-layer network packet forwarding device exists.
Fig. 4 is a schematic diagram of VXLAN in a non-direct connection scenario.
FIG. 5 is a diagram illustrating secure communication according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar modules or modules having the same or similar functionality throughout. The embodiments described below with reference to the accompanying drawings are illustrative and are only for the purpose of explaining the present application and are not to be construed as limiting the present application. On the contrary, the embodiments of the application include all changes, modifications and equivalents coming within the spirit and terms of the claims appended hereto.
Example 1
The method for automatically establishing VTEP of VXLAN based on MAC address proposed in this embodiment is implemented based on VXLAN technology, and before introducing this method, this embodiment will briefly describe VXLAN.
As shown in fig. 2, VXLAN is a tunneling technique, and establishes a two-layer ethernet network tunnel on the basis of a three-layer network, thereby implementing a two-layer interconnection across regions. VXLAN takes the encapsulation format of encapsulating the original ethernet packet in a UDP packet. The original two-layer data frame, together with the VXLAN header, is encapsulated in a UDP packet.
In the figure, VXLAN1 equipment and VXLAN2 equipment configure mutually VXLAN tunnel nodes, if a working machine 20.1.1.1 in an area a sends a message, the VXLAN1 equipment is packaged into a VXLAN message and sends the VXLAN message to VXLAN2 equipment, the VXLAN2 equipment receives the VXLAN message and then resolves the VXLAN message, a source IP of the equipment in an original ethernet message and a source IP of the VXLAN message are bound into a VTEP, and then the resolved and received original ethernet message is sent to a service network.
When the VXLAN equipment seals and converts VXLAN messages, according to the configured IP address of the VXLAN tunnel node, the VXLAN equipment firstly acquires the MAC address corresponding to the IP address of the VXLAN tunnel node, if the VXLAN equipment only has the configured IP address of the VXLAN tunnel node and cannot acquire the corresponding MAC address in a system, the VXLAN equipment cannot find the address of the next-hop equipment to which the VXLAN messages are to be sent, and the VXLAN equipment cannot seal the VXLAN messages.
As shown in fig. 2, VXLAN1 device and VXLAN2 device are directly connected, and VXLAN1 device and VXLAN2 device can get their MAC addresses, so VXLAN messages can normally communicate in this environment.
As shown in fig. 3, the VXLAN1 device and the VXLAN2 device are connected through a two-layer network message forwarding apparatus, and this scenario can also complete the normal operation of the standard VTEP auto-learning function of VXLAN, that is, VTEP can be automatically established between the VXLAN1 device and the VXLAN2 device, the VXLAN1 device can query the MAC address of the VXLAN2 device through the system, and the VXLAN2 device can query the MAC address of the VXLAN1 device through the system, thereby completing the encapsulation of the VXLAN message.
However, as shown in fig. 4, the VXLAN1 device and the VXLAN2 device are not directly connected, a NAT device or a routing device exists in a link between the VXLAN1 device and the VXLAN2 device, and the VXLAN1 device and the VXLAN2 device cannot find their MAC addresses, so that the VXLAN messages cannot normally communicate in this environment.
Based on this, the scenario in fig. 4 of this embodiment proposes a method for automatically establishing VTEP of VXLAN based on MAC address, which can complete VXLAN technology in a non-link reachable scenario. The specific scheme is as follows:
as shown in fig. 1, a VTEP method for automatically establishing VXLAN is applied between VXLAN devices that are VXLAN tunnel nodes for each other, and three-layer network switching devices exist between the VXLAN devices; the sending end VXLAN equipment fills a destination address in an Ethernet message header of a VXLAN message into an MAC address of three-layer network switching equipment when sending, sends the message to the three-layer network switching equipment, and then sends the message to the receiving end VXLAN equipment by the three-layer network switching equipment, after the receiving end VXLAN equipment receives the VXLAN message, a source IP in the Ethernet message, a source IP in the VXLAN message and a source MAC address of the VXLAN message are bound to be VTEP, and when the VXLAN is packaged by the receiving end VXLAN equipment, the MAC address of a VXLAN tunnel node is determined according to the MAC address in the VTEP.
In this embodiment, a new MAC address binding is added on the basis of establishing a VTEP based on a VXLAN tunnel node source IP and a source IP of a device in an original ethernet packet in the VXLAN technology, and a default VXLAN tunnel node MAC address configuration function is added at the same time, that is, a VXLAN default MAC address is configured in a sending-end VXLAN device as a MAC address of a connected three-layer network switching device, and when a MAC address of a receiving-end VXLAN device is not queried, the default MAC address is directly filled in the VXLAN packet. It can be guaranteed that the method can be applied to any VXLAN environment.
As shown in fig. 5, in this embodiment, a national security IPSec VPN technology implemented based on GM/T0022 IPSec VPN specification is used for communication between VXLAN devices to provide security protection of a network layer, so as to ensure security, reliability, and non-legibility of data during transmission.
The present embodiment specifically describes a method for automatically establishing VTEP of VXLAN based on MAC address based on the scenario shown in fig. 1:
in this scenario, there are three-layer network switching devices between VXLAN gateways, then the VTEP auto-learning function of VXLAN would not be able to be used normally. That is, VTEP cannot be automatically established between the VXLAN1 device and the VXLAN2 device, the VXLAN1 device cannot query the MAC address of the VXLAN2 device through the system, and the VXLAN2 device cannot query the MAC address of the VXLAN1 device through the system, so that encapsulation of the VXLAN message cannot be completed.
If the method provided by the embodiment is adopted, the encapsulation and communication of the VXLAN message can be normally completed in the environment. Specifically, the method comprises the following steps:
VXLAN1 equipment and VXLAN2 equipment are configured with VXLAN tunnel nodes which are mutually, VXLAN default MAC address is configured in the VXLAN1 equipment as MAC address of three-layer network switching equipment, the VXLAN1 equipment can not inquire the MAC address of the VXLAN2 equipment when sending, the destination MAC address in the Ethernet message head of VXLAN message is filled in as MAC address of the three-layer network switching equipment, the VXLAN message is sent to the three-layer network switching equipment and then sent to the VXLAN2 equipment by the three-layer network switching equipment through the network, after the VXLAN2 equipment receives the VXLAN message of the VXLAN1 equipment, the source IP of the equipment in the original Ethernet message, the source IP of the VXLAN message and the source MAC address of the VXLAN message are bound into a VTEP, when the subsequent VXLAN2 equipment packages the VXLAN message, the MAC address of the VXLAN tunnel node is determined according to the MAC address in the VTEP, and the MAC address of the VXLAN tunnel node is not inquired in the system any more.
Meanwhile, the communication between VXLAN devices adopts the national secret IPSec VPN technology realized based on GM/T0022 IPSec VPN technical specification to provide the security protection of a network layer.
In this embodiment, the three-layer network switching device includes a router, a NAT device, a gateway, and the like.
By adopting the method provided by the embodiment, when three-layer network switching equipment exists between VXLAN equipment links and VXLAN equipment cannot get the MAC address of the VXLAN tunnel node, the MAC address of the default VXLAN tunnel node can be configured, when the VXLAN equipment cannot inquire the MAC address of the VXLAN tunnel node, the configured MAC address of the default VXLAN tunnel node is used, the destination MAC addresses of all Ethernet headers of VXLAN messages are filled in as the MAC address of the default VXLAN tunnel node, and the normal transmission of VXLAN messages is ensured.
In actual application deployment, the product applying the method is directly deployed at the boundary of an internal network of an enterprise, and the method is simple and convenient.
The embodiment can solve the problem that the existing VXLAN technology cannot be abnormal in functions in a non-link reachable scene, so that the VXLAN technology can be applied to any scene, and meanwhile, the IPSec VPN safety communication technology is adopted, network safety communication service is provided for communication messages among VXLAN tunnel nodes, and the safety, reliability and non-authentification of data in the transmission process are guaranteed.
Example 2
The embodiment also provides an electronic device, which includes a memory and a processor, where the memory stores a computer program that can be loaded by the processor and executes the VTEP method for automatically establishing VXLAN described in embodiment 1.
Example 3
The present embodiment also provides a computer readable storage medium, on which computer program instructions are stored, and the program instructions are executed by a processor to implement the process corresponding to the VTEP method for automatically establishing VXLAN described in embodiment 1.
It should be noted that, in the description of the embodiments of the present invention, unless otherwise explicitly specified or limited, the terms "disposed" and "connected" should be interpreted broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; may be directly connected or indirectly connected through an intermediate. The specific meanings of the above terms in the present invention can be understood in specific cases by those skilled in the art; the drawings in the embodiments are provided to clearly and completely describe the technical solutions in the embodiments of the present invention, and it is obvious that the described embodiments are a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.
Claims (6)
1. A VTEP method for automatically establishing VXLAN is characterized in that the method is applied between VXLAN devices which are mutual VXLAN tunnel nodes, and three-layer network switching devices exist between the VXLAN devices; the sending end VXLAN equipment fills a destination address in an Ethernet message header of a VXLAN message into an MAC address of three-layer network switching equipment when sending, sends the message to the three-layer network switching equipment, and then sends the message to the receiving end VXLAN equipment by the three-layer network switching equipment, after the receiving end VXLAN equipment receives the VXLAN message, a source IP in the Ethernet message, a source IP in the VXLAN message and a source MAC address of the VXLAN message are bound to be VTEP, and when the VXLAN is packaged by the receiving end VXLAN equipment, the MAC address of a VXLAN tunnel node is determined according to the MAC address in the VTEP.
2. The method for automatically establishing a VTEP of VXLAN as claimed in claim 1, wherein the sending end VXLAN device configures a VXLAN default MAC address as the MAC address of a connected three-layer network switching device, and directly fills the default MAC address in the VXLAN message when the MAC address of the VXLAN tunnel node is not queried.
3. The method of claim 1, wherein VXLAN packets transmitted between VXLAN devices are encrypted and protected using a dense IPSec VPN technique.
4. The method of automatically establishing a VTEP of VXLAN according to claim 1, wherein said three-layer network switching device comprises a router, a NAT device, and a gateway.
5. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program that can be loaded by the processor and which corresponds to the method of automatically establishing a VTEP of VXLAN as claimed in any of claims 1-4.
6. A computer readable storage medium having stored thereon computer program instructions for implementing the procedures of any one of claims 1-4 corresponding to the VTEP method for automatically establishing VXLAN when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211694305.8A CN115865847A (en) | 2022-12-28 | 2022-12-28 | Method, equipment and storage medium for automatically establishing VTEP of VXLAN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211694305.8A CN115865847A (en) | 2022-12-28 | 2022-12-28 | Method, equipment and storage medium for automatically establishing VTEP of VXLAN |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115865847A true CN115865847A (en) | 2023-03-28 |
Family
ID=85655377
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211694305.8A Pending CN115865847A (en) | 2022-12-28 | 2022-12-28 | Method, equipment and storage medium for automatically establishing VTEP of VXLAN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115865847A (en) |
-
2022
- 2022-12-28 CN CN202211694305.8A patent/CN115865847A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101465844B (en) | Method, system and equipment for traversing firewall | |
| EP2777217B1 (en) | Protocol for layer two multiple network links tunnelling | |
| US10044841B2 (en) | Methods and systems for creating protocol header for embedded layer two packets | |
| WO2008092357A1 (en) | A method and device for establishing a pseudo wire tunnel and transmitting message using it | |
| CN110752979B (en) | Tunnel transmission method, device and network equipment of message | |
| WO2011054263A1 (en) | Access method and access system for layer 3 virtual private networks(vpn) | |
| CN105553810A (en) | Method and device for forwarding special line service packet | |
| CN105471827A (en) | Message transmission method and device | |
| CN115314467A (en) | Data communication system and method based on distribution network differential protection | |
| CN108306755B (en) | Method and system for establishing management channel | |
| CN113472913A (en) | Communication method and device | |
| CN101465858B (en) | Method for implementing private network penetration of monitoring business, network appliance and server | |
| WO2020228130A1 (en) | Communication method and system for network management server and network element of communication device | |
| CN105703997B (en) | A kind of tunnel control method and device | |
| CN116488958A (en) | Gateway processing method, virtual access gateway, virtual service gateway and related equipment | |
| CN115865847A (en) | Method, equipment and storage medium for automatically establishing VTEP of VXLAN | |
| CN112910791B (en) | Diversion system and method thereof | |
| WO2022001937A1 (en) | Service transmission method and apparatus, network device, and storage medium | |
| CN110224916A (en) | The processing method of message, the packaging method of device and message, device and system | |
| CN111614539B (en) | Service data processing method and device and communication transmission equipment | |
| CN111866865B (en) | Data transmission method, 5G private network establishment method and system | |
| CN102611603A (en) | Method and device for establishing static MPLS (Multi-Protocol Label Switch) tunnel forwarding table and transmitting data | |
| CN107835126B (en) | Message forwarding method and system | |
| CN107579932A (en) | A kind of data transmission method, equipment and storage medium | |
| US11870685B2 (en) | Packet capsulation method and packet capsulation device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |